Control: tags -1 - moreinfo On 2023-12-02 18:52:39, Adam D. Barratt wrote: > There doesn't appear to be a debdiff attached.
What is wrong with me.
diff -Nru needrestart-3.6/debian/changelog needrestart-3.6/debian/changelog --- needrestart-3.6/debian/changelog 2023-05-31 10:47:03.000000000 -0400 +++ needrestart-3.6/debian/changelog 2023-11-15 15:05:37.000000000 -0500 @@ -1,3 +1,9 @@ +needrestart (3.6-4+deb12u1) bookworm; urgency=medium + + * fix microcode check regression on AMD CPUs (Closes: #1013285) + + -- Antoine Beaupré <[email protected]> Wed, 15 Nov 2023 15:05:37 -0500 + needrestart (3.6-4) unstable; urgency=medium * Remove leftover conffile 30-pacman with 3.6-4. diff -Nru needrestart-3.6/debian/patches/05-fix-AMD-ucode-checking-in-non-debug-mode.patch needrestart-3.6/debian/patches/05-fix-AMD-ucode-checking-in-non-debug-mode.patch --- needrestart-3.6/debian/patches/05-fix-AMD-ucode-checking-in-non-debug-mode.patch 1969-12-31 19:00:00.000000000 -0500 +++ needrestart-3.6/debian/patches/05-fix-AMD-ucode-checking-in-non-debug-mode.patch 2023-11-15 15:05:37.000000000 -0500 @@ -0,0 +1,33 @@ +From b073fb6d9969597173daa8c511a85bae9b03ed37 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <[email protected]> +Date: Wed, 15 Nov 2023 15:20:37 -0500 +Subject: [PATCH] fix AMD ucode checking in non-debug mode + +It looks like the assignment when the ucode exist was not +done *unless* `debug` (`-v`) was set. Therefore, all AMD microcode +checks were returning UNKNOWN, including in Nagios checks, unless the +`-v` ("verbose", but actually `debug`) was passed. + +Closes: #249 +--- + perl/lib/NeedRestart/uCode/AMD.pm | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/perl/lib/NeedRestart/uCode/AMD.pm b/perl/lib/NeedRestart/uCode/AMD.pm +index 638e68d..6daad8f 100644 +--- a/perl/lib/NeedRestart/uCode/AMD.pm ++++ b/perl/lib/NeedRestart/uCode/AMD.pm +@@ -185,8 +185,8 @@ sub nr_ucode_check_real { + if ( exists( $_ucodes->{cpuid}->{$cpuid} ) ) { + my $prid = $_ucodes->{cpuid}->{$cpuid}; + if ( exists( $_ucodes->{prid}->{$prid} ) ) { +- $vars{AVAIL} = sprintf( "0x%08x", $_ucodes->{prid}->{$prid} ), +- print STDERR "$LOGPREF #$info->{processor} found ucode $vars{AVAIL}\n" if ($debug); ++ $vars{AVAIL} = sprintf( "0x%08x", $_ucodes->{prid}->{$prid} ); ++ print STDERR "$LOGPREF #$info->{processor} found ucode $vars{AVAIL}\n" if ($debug); + } + } + +-- +2.39.2 + diff -Nru needrestart-3.6/debian/patches/06-uCode-fix-uninitialized-value-in-logging-of-processo.patch needrestart-3.6/debian/patches/06-uCode-fix-uninitialized-value-in-logging-of-processo.patch --- needrestart-3.6/debian/patches/06-uCode-fix-uninitialized-value-in-logging-of-processo.patch 1969-12-31 19:00:00.000000000 -0500 +++ needrestart-3.6/debian/patches/06-uCode-fix-uninitialized-value-in-logging-of-processo.patch 2023-11-15 15:05:37.000000000 -0500 @@ -0,0 +1,30 @@ +From e85bfe33b595b88cc8052a7815d13612ecc2a841 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stefan=20B=C3=BChler?= <[email protected]> +Date: Sun, 28 May 2023 17:42:28 +0200 +Subject: [PATCH] [uCode] fix uninitialized value in logging of processor index + +This got broken in f8c2609f8d5a0e10bd988497b8ea9815a7bb2fa8. + +Before that it would have effectively logged +`$processors{$pid}->{processor}`, but the `processor` entry +is also the key in `%processors`, i.e. equals `$pid`. +--- + perl/lib/NeedRestart/uCode.pm | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/perl/lib/NeedRestart/uCode.pm b/perl/lib/NeedRestart/uCode.pm +index 6251339..db81375 100644 +--- a/perl/lib/NeedRestart/uCode.pm ++++ b/perl/lib/NeedRestart/uCode.pm +@@ -148,7 +148,7 @@ sub nr_ucode_check { + } + $ui->progress_step; + +- my $nstate = compare_ucode_versions( $debug, $processors{processor}, @nvars ); ++ my $nstate = compare_ucode_versions( $debug, $pid, @nvars ); + if ( $nstate > $state ) { + ( $state, @vars ) = ( $nstate, @nvars ); + } +-- +2.39.2 + diff -Nru needrestart-3.6/debian/patches/07-mark-unavailable-firmware-as-CURRENT.patch needrestart-3.6/debian/patches/07-mark-unavailable-firmware-as-CURRENT.patch --- needrestart-3.6/debian/patches/07-mark-unavailable-firmware-as-CURRENT.patch 1969-12-31 19:00:00.000000000 -0500 +++ needrestart-3.6/debian/patches/07-mark-unavailable-firmware-as-CURRENT.patch 2023-11-15 15:05:37.000000000 -0500 @@ -0,0 +1,61 @@ +From 0e1ffe8025416a918ddf169f2d858762733d7238 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <[email protected]> +Date: Tue, 21 Nov 2023 10:59:32 -0500 +Subject: [PATCH] mark unavailable firmware as CURRENT + +This changes the policy of reporting missing firmware updates as +"UNKNOWN". Now, if there's no available firmware, we report +"current". That fixes needrestart on platforms that do not have +firmware support (#220) or platforms that *are* supported but for +which a CPU is to new to have an updated firmware available (#149). + +It does *not* create a new "unavailable" status (#274) as this maps +poorly in Nagios reporting, but that is an option that was considered +here as well. + +Closes: #149 +Closes: #274 +Closes: #220 +--- + perl/lib/NeedRestart/uCode.pm | 23 ++++++++++++++++++----- + 1 file changed, 18 insertions(+), 5 deletions(-) + +diff --git a/perl/lib/NeedRestart/uCode.pm b/perl/lib/NeedRestart/uCode.pm +index db81375..71144b8 100644 +--- a/perl/lib/NeedRestart/uCode.pm ++++ b/perl/lib/NeedRestart/uCode.pm +@@ -52,13 +52,26 @@ my $LOGPREF = '[ucode]'; + sub compare_ucode_versions { + my ($debug, $processor, %vars) = @_; + +- unless ( exists( $vars{CURRENT} ) && exists( $vars{AVAIL} ) ) { +- print STDERR +- "$LOGPREF #$processor did not get current microcode version\n" +- if ( $debug && !exists( $vars{CURRENT} ) ); ++ # if no firmware is available for the current CPU, that's ++ # considered up to date. the rationale here is that if we warn on ++ # this, we're actually going to warn for certain new CPUs that ++ # have an up-to-date, built-in firmware without any update. that, ++ # in turn, creates alert fatigue and makes operators more likely ++ # to ignore warnings. ++ unless ( exists( $vars{AVAIL} ) ) { + print STDERR + "$LOGPREF #$processor did not get available microcode version\n" +- if ( $debug && !exists( $vars{AVAIL} ) ); ++ if ( $debug ); ++ return NRM_CURRENT; ++ } ++ # from here on, there is a microcode file available ++ # ++ # if we can't find a microcode firmware for the current CPU, ++ # *that* is a problem. ++ unless ( exists( $vars{CURRENT} ) ) { ++ print STDERR ++ "$LOGPREF #$processor did not get current microcode version\n" ++ if ( $debug); + + return NRM_UNKNOWN; + } +-- +2.39.2 + diff -Nru needrestart-3.6/debian/patches/series needrestart-3.6/debian/patches/series --- needrestart-3.6/debian/patches/series 2023-05-31 10:47:03.000000000 -0400 +++ needrestart-3.6/debian/patches/series 2023-11-15 15:05:37.000000000 -0500 @@ -2,3 +2,6 @@ 02-bash-term-in-posix-shell.diff 03-ignore-serial-getty.diff 04-vm-detection.diff +05-fix-AMD-ucode-checking-in-non-debug-mode.patch +06-uCode-fix-uninitialized-value-in-logging-of-processo.patch +07-mark-unavailable-firmware-as-CURRENT.patch
