Bug#990319: unblock: intel-microcode/3.20210608.2
Control: clone -1 -2 Control: reassign -2 release-notes Control: retitle -2 release-notes: doocument intel-microcode update regression potential On 2021-06-25 12:17:14 -0300, Henrique de Moraes Holschuh wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package intel-microcode > > I would like to unblock the intel-microcode update currently in > unstable, so that it will be available in Debian 11. > > Please note that the current plans are that a Debian 10 (buster) > security update, intel-microcode/3.20210608.2~deb10u1, will be delivered > to Debian stable in the next couple days through debian-security, in > which case the version currently in Debian 11 "bullseye" would be > *OLDER* than what would be available in buster-security and unstable. > > Also, please be warned that this update has the potential to cause > regressions when compared to the previous version of the intel-microcode > package. But do read the text below for the full rationale. The regression potential seems worth adding to the release notes. Cloning and reassigning accordingly. Cheers > > > Potential regressions: > > intel-microcode/3.20210608.2 restores a *LOT* of security updates to > Skylake D0/R0, but it might cause boot problems on systems that have too > old a microcode update *in BIOS*. I have been asking around to check if > this still happens on the new microcode, but I haven't heard from anyone > affected yet. > > Ubuntu and upstream reports about this: > https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 > https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1882890 > > intel-microcode/3.20210608.2 can also cause Intel WiFi connection issues > on systems with Intel Wireless *on-board* and a specific family of > processors (CoffeLake signature 0x906ea). There is hope that a newer > release of iwlwifi-firmware (which is being arranged by the Debian > security team, since it is *also* a security update to mitigate some of > FragAttack) works around this issue. > > Upstream report: > https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56 > > > Rationale for issuing it as a security-update to Debian buster, and the > Debian bollseye unblock request: > > I have talked it over with the stable security team, and they're fully > aware of the above regression potential. We considered several possible > scenarios (including *not* updating the affected processors), and the > security team prefers that we *do* issue the full microcode update, but > warn users of the potential issues. > > The reason behind this decision is simple: we were forced to withold > relevant operational and security updates from a much larger set of > users, to avoid regressions on a much smaller set of users, and have > done so for quite a while already. This situation cannot continue > indefinitely. > > Anyway, once the buster-security update to > intel-microcode/3.20210608.2~deb10u1 is out, switching bullseye to > intel-microcode/3.20210608.2 is *NOT* going to add any regressions > compared to Debian stable + security updates. > > I am filling this bug report before the security update is distributed > just in case. > > IMPORTANT: I do recommend that we wait for at least 10 more days before > possibly unblocking the migration of intel-microcode/3.20210608.2 to > bullseye, anyway. That will allow for feedback from the security > update to be acted upon. > > > Here's the git diffstat (git diff attached, as usual): > README.md | 14 ++-- > changelog | 59 > debian/changelog | 71 > intel-ucode-with-caveats/06-4f-01 |binary > intel-ucode/06-3f-02 |binary > intel-ucode/06-3f-04 |binary > intel-ucode/06-4e-03 |binary > intel-ucode/06-55-03 |binary > intel-ucode/06-55-04 |binary > intel-ucode/06-55-05 |binary > intel-ucode/06-55-06 |binary > intel-ucode/06-55-07 |binary > intel-ucode/06-55-0b |binary > intel-ucode/06-56-03 |binary > intel-ucode/06-56-04 |binary > intel-ucode/06-56-05 |binary > intel-ucode/06-5c-09 |binary > intel-ucode/06-5c-0a |binary > intel-ucode/06-5e-03 |binary > intel-ucode/06-5f-01 |binary > intel-ucode/06-6a-05 |binary > intel-ucode/06-6a-06 |binary > intel-ucode/06-7a-01 |binary > intel-ucode/06-7a-08 |binary > intel-ucode/06-7e-05 |binary > intel-ucode/06-86-04 |binary > intel-ucode/06-86-05 |binary > intel-ucode/06-8a-01 |binary > intel-ucode/06-8c-01 |binary > intel-ucode/06-8c-02
Processed: Re: Bug#990319: unblock: intel-microcode/3.20210608.2
Processing control commands: > clone -1 -2 Bug #990319 [release.debian.org] unblock: intel-microcode/3.20210608.2 Bug 990319 cloned as bug 990462 > reassign -2 release-notes Bug #990462 [release.debian.org] unblock: intel-microcode/3.20210608.2 Bug reassigned from package 'release.debian.org' to 'release-notes'. Ignoring request to alter found versions of bug #990462 to the same values previously set Ignoring request to alter fixed versions of bug #990462 to the same values previously set > retitle -2 release-notes: doocument intel-microcode update regression > potential Bug #990462 [release-notes] unblock: intel-microcode/3.20210608.2 Changed Bug title to 'release-notes: doocument intel-microcode update regression potential' from 'unblock: intel-microcode/3.20210608.2'. -- 990319: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990319 990462: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990462 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#990319: unblock: intel-microcode/3.20210608.2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package intel-microcode I would like to unblock the intel-microcode update currently in unstable, so that it will be available in Debian 11. Please note that the current plans are that a Debian 10 (buster) security update, intel-microcode/3.20210608.2~deb10u1, will be delivered to Debian stable in the next couple days through debian-security, in which case the version currently in Debian 11 "bullseye" would be *OLDER* than what would be available in buster-security and unstable. Also, please be warned that this update has the potential to cause regressions when compared to the previous version of the intel-microcode package. But do read the text below for the full rationale. Potential regressions: intel-microcode/3.20210608.2 restores a *LOT* of security updates to Skylake D0/R0, but it might cause boot problems on systems that have too old a microcode update *in BIOS*. I have been asking around to check if this still happens on the new microcode, but I haven't heard from anyone affected yet. Ubuntu and upstream reports about this: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1882890 intel-microcode/3.20210608.2 can also cause Intel WiFi connection issues on systems with Intel Wireless *on-board* and a specific family of processors (CoffeLake signature 0x906ea). There is hope that a newer release of iwlwifi-firmware (which is being arranged by the Debian security team, since it is *also* a security update to mitigate some of FragAttack) works around this issue. Upstream report: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56 Rationale for issuing it as a security-update to Debian buster, and the Debian bollseye unblock request: I have talked it over with the stable security team, and they're fully aware of the above regression potential. We considered several possible scenarios (including *not* updating the affected processors), and the security team prefers that we *do* issue the full microcode update, but warn users of the potential issues. The reason behind this decision is simple: we were forced to withold relevant operational and security updates from a much larger set of users, to avoid regressions on a much smaller set of users, and have done so for quite a while already. This situation cannot continue indefinitely. Anyway, once the buster-security update to intel-microcode/3.20210608.2~deb10u1 is out, switching bullseye to intel-microcode/3.20210608.2 is *NOT* going to add any regressions compared to Debian stable + security updates. I am filling this bug report before the security update is distributed just in case. IMPORTANT: I do recommend that we wait for at least 10 more days before possibly unblocking the migration of intel-microcode/3.20210608.2 to bullseye, anyway. That will allow for feedback from the security update to be acted upon. Here's the git diffstat (git diff attached, as usual): README.md | 14 ++-- changelog | 59 debian/changelog | 71 intel-ucode-with-caveats/06-4f-01 |binary intel-ucode/06-3f-02 |binary intel-ucode/06-3f-04 |binary intel-ucode/06-4e-03 |binary intel-ucode/06-55-03 |binary intel-ucode/06-55-04 |binary intel-ucode/06-55-05 |binary intel-ucode/06-55-06 |binary intel-ucode/06-55-07 |binary intel-ucode/06-55-0b |binary intel-ucode/06-56-03 |binary intel-ucode/06-56-04 |binary intel-ucode/06-56-05 |binary intel-ucode/06-5c-09 |binary intel-ucode/06-5c-0a |binary intel-ucode/06-5e-03 |binary intel-ucode/06-5f-01 |binary intel-ucode/06-6a-05 |binary intel-ucode/06-6a-06 |binary intel-ucode/06-7a-01 |binary intel-ucode/06-7a-08 |binary intel-ucode/06-7e-05 |binary intel-ucode/06-86-04 |binary intel-ucode/06-86-05 |binary intel-ucode/06-8a-01 |binary intel-ucode/06-8c-01 |binary intel-ucode/06-8c-02 |binary intel-ucode/06-8d-01 |binary intel-ucode/06-8e-09 |binary intel-ucode/06-8e-0a |binary intel-ucode/06-8e-0b |binary intel-ucode/06-8e-0c |binary intel-ucode/06-96-01 |binary intel-ucode/06-9c-00 |binary intel-ucode/06-9e-09 |binary intel-ucode/06-9e-0a |binary intel-ucode/06-9e-0b |binary intel-ucode/06-9e-0c |binary intel-ucode/06-9e-0d |binary