Re: Debian openssh option review: considering splitting out GSS-API key exchange

2024-04-04 Thread Henrique de Moraes Holschuh 
On Tue, Apr 2, 2024, at 07:04, Marco d'Itri wrote:
> On Apr 02, Colin Watson  wrote:
>
>> At the time, denyhosts was popular, but it was removed from Debian
>> several years ago.  I remember that, when I dealt with that on my own
>> systems, fail2ban seemed like the obvious replacement, and my impression
>> is that it's pretty widely used nowadays; it's very pluggable but it
>> normally works by adding firewall rules.  Are there any similar popular
>> systems left that rely on editing /etc/hosts.deny?
> Yes, people. I object to removing TCP wrappers support since the patch 
> is tiny and it supports use cases like DNS-based ACLs which cannot be 
> supported by L3 firewalls.

If libwrap is bringing in complex libs, maybe we could reduce the attack 
surface on libwrap itself?  It would be nice to have a variant that only links 
to the libc and that's it...

And that benefits everything that links to TCP wrappers...

I also like to have the (old-school) standard extra layer of protection that 
libwrap can provide. I'd like to find a way to keep it useful for sshd.

-- 
  Henrique de Moraes Holschuh

Re: xz backdoor

2024-03-30 Thread Henrique de Moraes Holschuh 
On Sat, Mar 30, 2024, at 05:49, Jonathan Carter wrote:

> Another big question for me is whether I should really still 
> package/upload/etc from an unstable machine. It seems that it may be 

I have been using stable or old stable + pbuilder for this.  Test runs of the 
results might need a VM though, when stable + container is not enough.

-- 
  Henrique de Moraes Holschuh

Re: Populating non-free firmware?

2022-12-31 Thread Henrique de Moraes Holschuh 
On Sun, Dec 25, 2022, at 15:21, Jonathan Carter wrote:
> So if we're going with maintainers-are-going-to-do-the-uploads, then 
> taking a cursory glance at what's left that seems important is:
>
>   - firmware-sof-signed (maintainer: Mark Pearson)
>   - intel-microcode (maintainer: Henrique de Moraes Holschuh)
>   - amd64-microcode (maintainer: Henrique de Moraes Holschuh)

Please email me directly when it is time to do such upload changing the archive 
section.

I assume we (maintainers) don't need to do the usual dance of opening a bug to 
change the Dak override file for the package section ?  There is no point to 
any uploads before that file is updated AFAIK.

-- 
  Henrique de Moraes Holschuh

Re: Bug#987980: ITP: infamous-plugins -- Infamous Plugins is a collection of open-source LV2 plugins

2021-05-03 Thread Henrique de Moraes Holschuh 
Hello Fernando,

On Mon, May 3, 2021, at 03:32, Fernando Toledo wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Fernando Toledo 
> 
> * Package name: infamous-plugins

Please consider a prefix for the source package and binary package name, maybe 
lv2- or lv2-audio- or something else more suitable...

After all, lv2 is not the only thing with infamous plugins out there ;-)

-- 
  Henrique de Moraes Holschuh

Re: Bug#982945: ITP: asyncfuture -- Enhanced Qfuture (Qt) interface

2021-02-18 Thread Henrique de Moraes Holschuh 
Wookey,

>   Description : Enhanced Qfuture (Qt) interface
> 
>  AsyncFuture is designed to enhance the QFuture function, removing..

Maybe this should be prefixed with qt- since it is qt-specific and otherwise 
somewhat a generic naming?


-- 
  Henrique de Moraes Holschuh

Re: Making Debian available

2021-01-25 Thread Henrique de Moraes Holschuh 
On Mon, Jan 25, 2021, at 16:34, Andrei POPESCU wrote:
> On Lu, 25 ian 21, 19:35:25, Thomas Lange wrote:
> > Another very odd thing I found.
> > 
> > On https://www.debian.org/CD/faq/
> > there's no hint about images including non-free firmware. No hint
> > about firmware at all. And then this FAQ
> > 
> > 
> > Where is the CD image with non-free?
> >   .
> > Sometimes, someone is kind enough to create unofficial non-free CDs. If you 
> > cannot find any links on this website, you can try asking on the debian-cd 
> > mailing list.
> > 
> > 
> > So we do not tell our users that we (the CD team I guess) already
> > create these very usefull images including non-free firmware. And then
> > we tell the users to search the link themselves. Not very friendly.
> 
> As far as I recall that entry refers to CDs with the entire non-free 
> component of the archive, not just firmware packages (which were seldom 
> or even inexistent at the time the FAQ was written).

That's correct.  It is not about non-free firmware, but rather the non-free 
distribution as a whole.

That FAQ entry neither explains things well enough, nor is it very helpful.  It 
could use an update...

Heck, I am not even sure the installer could use anything in that non-free CD 
set to actually load non-free firmware at *install time* (as opposed to 
installing it to be available on the final system after a reboot) without a lot 
of manual intervention...

-- 
  Henrique de Moraes Holschuh

Re: Release status of i386 for Bullseye and long term support for 3 years?

2021-01-21 Thread Henrique de Moraes Holschuh 
On Sat, Dec 12, 2020, at 13:09, Adrian Bunk wrote:
> 3. Computers that do support MMX and SSE2, but do not support 64bit.

The "Centrino" Pentium-M that you can find on a reasonably lot of still-working 
ThinkPads (the T4x series and similar X/R series of the time), for example.  
Note that this is "family 6" Pentium-M processors, not "family 15" Pentium4-M.

I wouldn't mind the "i386" port baseline bumped up to i686-with-SSE2 (and MMX), 
with gcc configured accordingly: I recall some reports that telling gcc to use 
SSE2 really improved several workloads.  But I am fine keeping the status-quo 
of current i686 baseline as well: requiring SSE2 would kick out a non-trivial 
number of non-Intel processor models, I think we went over this the last time a 
"i386" baseline bump was considered.

-- 
  Henrique de Moraes Holschuh

Re: Pybliographer

2020-09-01 Thread Henrique de Moraes Holschuh 

On Sat, Aug 29, 2020, at 13:11, Ted To wrote:
> Is there any chance of reviving pybliographer?  I understand that it was 
> removed because it relied on old, unsupported Gnome libraries.  But the 
> current version (1.4.0) has removed python-gnome2, python-gnome2-vfs, and 
> python-glade2 dependencies and instead uses pygtk and gettext 
> (https://pybliographer.org/cgi-bin/moin.cgi/News/2018-04-03).  While there 
> are alternatives like jabref and kbibtex, I prefer not to install the java 
> and KDE dependencies.


I recommend you file a RFP bug as described here :
https://wiki.debian.org/RFP

And include the explanation above.

--
  Henrique de Moraes Holschuh

Re: freepats (was: Re: Intend to remove obsolete debhelper compat levels 5 and 6 before the release of bookworm (bullseye + 1)

2020-07-19 Thread Henrique de Moraes Holschuh 
On Sat, 11 Jul 2020, Henrique de Moraes Holschuh wrote:
> On Sat, 11 Jul 2020, Niels Thykier wrote:
> > This is a heads up about my intention to remove debhelper compat levels
> > 5 and 6.  This is also an intention to do a MFB for this removal now at
> 
> ...
> 
> >freepats
> I will clean it up (switch it to new-style dh) and orphan it.  It is

Done that, and uploaded to unstable.  freepats now uses dh and debhelper
compat level 12.  You can remove freepats from your list.

FWIW, Freepats has been orphaned (#965344) with this upload.  Obviously,
if there are any problems with the cleanup upload, I will deal with it.

-- 
  Henrique Holschuh

freepats (was: Re: Intend to remove obsolete debhelper compat levels 5 and 6 before the release of bookworm (bullseye + 1)

2020-07-11 Thread Henrique de Moraes Holschuh 
On Sat, 11 Jul 2020, Niels Thykier wrote:
> This is a heads up about my intention to remove debhelper compat levels
> 5 and 6.  This is also an intention to do a MFB for this removal now at

...

> Henrique de Moraes Holschuh 
>freepats

Oh wow, I haven't looked at this package seriously for over a decade.

I will clean it up (switch it to new-style dh) and orphan it.  It is
*not* dead upstream but it needs someone that groks .sf2, .pat and
actively uses one of the MIDI renderers enough to actually tweak
soundfonts/patchbanks.

If anyone that likes to tinker around with MIDI wants this package,
please say so: it saves me the effort of orphaning it.

Active upstream is at:
http://freepats.zenvoid.org/index.html
http://freepats.zenvoid.org/SoundSets/general-midi.html

-- 
  Henrique Holschuh

Re: Bug#964265: ITP: exfatprogs -- tools to create, check and label exFAT filesystems

2020-07-05 Thread Henrique de Moraes Holschuh 
On Sun, 05 Jul 2020, Andrei POPESCU wrote:
> On Sb, 04 iul 20, 19:56:45, s...@stormbind.net wrote:
> > While fuse-exfat can be coinstalled at any moment exfat-utils and
> > exfatprogs will for now conflict with each other.
> 
> Isn't this the typical use-case for alternatives?

It depends.  Are the CLIs involved compatible?

-- 
  Henrique Holschuh

Re: moving mg from salsa to github?

2020-02-16 Thread Henrique de Moraes Holschuh 
On Sat, 15 Feb 2020, Harald Dunkel wrote:
> I am maintainer for mg, currently on salsa. Problem is, upstream
> doesn't release tar balls anymore, but moved the code to github.
> No tags.
> 
> How can I tell Salsa? Should I drop the upstream and pristine-tar
> branches on Salsa and integrate the repository on github? Would
> you suggest to move the debian part to github instead?

intel-microcode went through this same problem, although it had nothing
to do with salsa.  Suddenly:

1. I had a debian-side upstream branch with full upstream history based
on tarballs that I had built based on tarball-only releases over the
years (make that a decade).

2. I had a new upstream-side upstream branch that would soon accumulate
history, based on their brand new github repo.

And they were two entirely separate trees, of course.  No common origin
commit.

I fixed that using a carefully planned, manually adjusted merge (read
the MERGE STRATEGIES part of the manpage for "git merge", especially the
"ours" and "theirs" of the recursive merge).

That gave me an unified tree that would allow git to do the right thing
as far as future merges, diffs and cherry-picks were concerned.

Obviously, I ensured everything relevant from *both* side of the merges
was present on the merge commit result (and dropped whatever I didn't
want).  The result tree contents MUST be semanthically compatible with
the history it creates, or things will go sour really fast.

>From them on, I just merge from github upstream on a topic branch,
adjust whatever is needed, and then merge the topic branch to master.

Please look at the intel-microcode's history *graph* to undestand what I
mean.  It is on salsa:
https://salsa.debian.org/hmh/intel-microcode

As for tarballs, it really depends.  I'd either generate those using git
based on the upstream's upstream branch, or use the ones from a tagged
github release from upstream, if one exists.

-- 
  Henrique Holschuh

Accepted amd64-microcode 3.20191218.1 (source amd64) into unstable

2019-12-20 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 20 Dec 2019 18:36:27 -0300
Source: amd64-microcode
Binary: amd64-microcode
Architecture: source amd64
Version: 3.20191218.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 amd64-microcode - Processor microcode firmware for AMD CPUs
Changes:
 amd64-microcode (3.20191218.1) unstable; urgency=medium
 .
   * New microcode update packages from AMD upstream:
 + Removed Microcode updates (known to cause issues):
   sig 0x00830f10, patch id 0x08301025, 2019-07-11
   * README: update for new release
Checksums-Sha1:
 190d3af38db4c7779d9616668ed6fff5393675f7 1683 amd64-microcode_3.20191218.1.dsc
 db1638143fdaa3d3696332cd9a6e6cb354c77bbb 34624 
amd64-microcode_3.20191218.1.tar.xz
 9a5eeb5d47db82ef02ab4f96266636e932d9dd0d 5870 
amd64-microcode_3.20191218.1_amd64.buildinfo
 12d05b223873c6467b1202d51ecc0a0479f29be1 35508 
amd64-microcode_3.20191218.1_amd64.deb
Checksums-Sha256:
 11c9261389f9b1dc04ce4f52a11757cb02a7e5c9660702674b316c91dbbc608a 1683 
amd64-microcode_3.20191218.1.dsc
 f469b79348097c5f04641b67a39d0ee5a2a1916c9556281626c04f2275d4132d 34624 
amd64-microcode_3.20191218.1.tar.xz
 4e1be683ec41a969197c794bae713da6e14523b8816e70d05a92bac97cd9f2e3 5870 
amd64-microcode_3.20191218.1_amd64.buildinfo
 4ce20a1a75b56d3547b42c166518366630921f09caf22c7e74fb877f0b0294bb 35508 
amd64-microcode_3.20191218.1_amd64.deb
Files:
 62c96925e2c8e3815cae47cf677eb38c 1683 non-free/admin standard 
amd64-microcode_3.20191218.1.dsc
 9d405a808b12fea37c671cee9aba8f77 34624 non-free/admin standard 
amd64-microcode_3.20191218.1.tar.xz
 9957b0027f0754a70420b43ada02cf77 5870 non-free/admin standard 
amd64-microcode_3.20191218.1_amd64.buildinfo
 4b71a03fbc95e4dde43cf7ac9c51f891 35508 non-free/admin standard 
amd64-microcode_3.20191218.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl39QWgACgkQsZwaZk2P
+bH+1Q//YAMTafyI7Y54Ei0fU58EOpzu8pVgCFYYiHzxkpJgkfc2+ZRhc3Dk3+Bn
g6x9EXvp+H8Q0evY99/dxdkZ9S3YowZIwGNcadM59a/1xfbP7I48KiQKp9qjr6iI
w+5awKev3DufqBPZP/YdJMjvYqkU4VrjRUjoZKXR5hlmKzcim0RVIj1DX/dYF8Dc
Ct/vLymJ/HqhqlXKOGgN5fSNd6mrbNj8CO/bZgfwZzCsktbxiVfYyMiajy4eXbYX
FrmjqtBS1C4Lf9ZAqtBJKC8AYNlUdYRP027MRLwDZEj63cqm7lKIYp7j8cbzGwPg
I8z/eibh/yI1jCeFLDSRHxRRsA6YBJNXbEzmwJREx2XWK4qYMjoNpv5KXrDwk87L
TIvG3AZOoa0OqcmkIbe62EGvZOmVPIjFemWEH992wAl18UVcgQOceffr56bICZvL
k7e1eiVsqctTZlPRcBWUnH5wXcwG1zotAwpR0orMEtvKGP/61ILDa3Y3zEJNviSA
8ucEWh90XW2W6w1hbAujya2HIl+nM6UJGzD/9I5tppF3UswZhq2TDLsA+unmsI91
iryurhyVs5CaRUxPuAXUwhDYPdIBD4CvgW8GXiEw31GnLg/jltk0nwdPfrozAXnS
BIyvnRPYqcwXnowagQlba/q6oVn152lqbYw7jeqruOspTPYwDa4=
=89lU
-END PGP SIGNATURE-

Re: Vital fix to console-common stuck in testing for three months

2019-12-15 Thread Henrique de Moraes Holschuh 
On Mon, 16 Dec 2019, Oskar Berggren wrote:
> This was reported in August 2019 as a grave bug:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935096
> 
> It was fixed early September in 0.7.91 and migrated to testing 2019-09-13:
> https://tracker.debian.org/pkg/console-common
> 
> Sadly, this fix has not yet made it into stable. Is something holding this
> up, or has it just been forgotten?

Fixes only make it to -stable when the maintainer (or another DD)
actually acts on it, prepares a stable upload (s-p-u), and talks to the
stable release manager team to get it approved.

Alastair, are you planning a s-p-u with a fix for 935096?

-- 
  Henrique Holschuh

Accepted intel-microcode 3.20191115.2 (source amd64) into unstable

2019-12-10 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 10 Dec 2019 23:10:19 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20191115.2
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 946515
Changes:
 intel-microcode (3.20191115.2) unstable; urgency=medium
 .
   * Microcode rollbacks (closes: #946515, LP#1854764):
 sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x264, size 33792
   * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
 Xeon processors with signature 0x50654.
 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
Checksums-Sha1:
 918996d2876ad5b9fba1e839b678c4d8f94fcda8 1789 intel-microcode_3.20191115.2.dsc
 43e1e25babbb6d8b1d64704334e1db4bd34b2c93 3130948 
intel-microcode_3.20191115.2.tar.xz
 f2eef76fb76b5a1df4e43ac27b38500b56c917b6 5905 
intel-microcode_3.20191115.2_amd64.buildinfo
 488e185376d6185a2157c6369461b6a2baf8 2427420 
intel-microcode_3.20191115.2_amd64.deb
Checksums-Sha256:
 6a6a826dc6078c6a895b0c60caab25f9809df8b1eac101e67a69be9d92bd8fe1 1789 
intel-microcode_3.20191115.2.dsc
 d86bbd3d3a49f392c7a0fa13611d4ffd17843f0f851c88921ac2003fe59712d8 3130948 
intel-microcode_3.20191115.2.tar.xz
 c0989af722dce0937c1ca2cc447065c35902d6344387beee0f1a32e89b919918 5905 
intel-microcode_3.20191115.2_amd64.buildinfo
 62fdf3321a0871aa51f887cf65dec06126dfe7c2c0d98e4783d3187165062c8e 2427420 
intel-microcode_3.20191115.2_amd64.deb
Files:
 15abcfc38882b85a8475e24709e0f759 1789 non-free/admin standard 
intel-microcode_3.20191115.2.dsc
 0ec32d042500d4b5b8c7c460394ffde9 3130948 non-free/admin standard 
intel-microcode_3.20191115.2.tar.xz
 40eede4a20aa8e8c69a73fc85e5e43fb 5905 non-free/admin standard 
intel-microcode_3.20191115.2_amd64.buildinfo
 6b3c0065e539c9e81474fa12350c297d 2427420 non-free/admin standard 
intel-microcode_3.20191115.2_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl3wUhgACgkQsZwaZk2P
+bGG8hAAjmLDUMR/HAmaJFdJaLZoZXRlUM5u5geDDJ7tdtl7y5+9unEnpMWN7f2R
cmIOuSD4ngr5V8ZY5Xgn7sBTL9EGDWmB1FTQqgrDXMTPbtW5+GJyMV5ZRG6wWfS0
+/waZ/7ADR5PJNXHx/ym9Hln7TO/MhxlxBpeI6qNUeLvVuWHyAUDKwdVi6RLXlIi
qDX8xSGxZ8Af23gxmwO10nnFR0VxqPpdVScd3vcxZCGbAa25JJ+jAvRCryf5nvgl
lTN2M9domh6ny+B1rEQ6VfvNCT0TpQMLhyr4W47LF/gmgAjtYZUd/dbST7T5+YSu
/MjcqiLXMbO5v3wYc/COP77eRiHcf8PYgO67mF7XtoRpeA1FL0xJtwQImqh/xKNx
vMa2jgjn8S0hy4d4DMivwmHPqGmh3mBAS79y49WuL1Jk34+NEA54W/6fCbPIW/wT
uJzAWmy4mProGWZIFUBbDlnDT4U6nS+XKUfMWpXloKPZynBpXwrne5FdXWsTEnK2
HWCHLbuPbnN8P8nExGPNdsLhCCffGeVhwzJPSLGYRnMpqUYT4JZ6BSjrYjcYOcEN
CjPW5SSNRuZKvxw1fk/OA67RvO7aGQy0kyHDbwfPq+IzU10rHRInZmECJx0cMyRo
0zwLRJZWDTpq8k8i2sKB8oElDgKNT4WXg1bNu/zF96jy9vWPNlE=
=+7y7
-END PGP SIGNATURE-

Accepted intel-microcode 3.20191115.1 (source amd64) into unstable

2019-11-16 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 16 Nov 2019 23:14:58 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20191115.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20191115.1) unstable; urgency=high
 .
   * New upstream microcode datafile 20191115
 + Updated Microcodes:
   sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
   sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
   sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
   sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
   sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
   sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
   sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
   sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
   sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
   sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
   sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
   sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
   sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
Checksums-Sha1:
 a9648d95d5b0a4e7ecc5d494890bc0d147e36e4d 1789 intel-microcode_3.20191115.1.dsc
 3b93b0c683224255b430e9bf40418ee8486dd9ea 3107316 
intel-microcode_3.20191115.1.tar.xz
 eca85e2f87e5bc6ee767195b37cb1eb66cfdcab6 5873 
intel-microcode_3.20191115.1_amd64.buildinfo
 b661d3cf0ee2f7af02f2d580f93174c97fd0fcad 2428236 
intel-microcode_3.20191115.1_amd64.deb
Checksums-Sha256:
 587dcf07397e9ea86ce2a06a04cf2148d430e1b6fb1afd7f9ce60610c6f0364a 1789 
intel-microcode_3.20191115.1.dsc
 29310e83c93a06433edc823fc68ec6e6e616a1f74a30f085d925bf7526bf937f 3107316 
intel-microcode_3.20191115.1.tar.xz
 4cdb696f889660e0574c0db871c59a0c5053eb3dc2dbec973b1c4f6f8e142f94 5873 
intel-microcode_3.20191115.1_amd64.buildinfo
 8cf15064e18b8d13efc7c14660e1b322e1a8629179b42c376b67589bcd538fc8 2428236 
intel-microcode_3.20191115.1_amd64.deb
Files:
 e1b7acd6148798eeb3805123eb7c3e91 1789 non-free/admin standard 
intel-microcode_3.20191115.1.dsc
 a22f4833bcd63f1a4ffa4c08ee230a6e 3107316 non-free/admin standard 
intel-microcode_3.20191115.1.tar.xz
 4fb686f07bbb35ebc87c3eac535f82a2 5873 non-free/admin standard 
intel-microcode_3.20191115.1_amd64.buildinfo
 499ca407947e9dd11618d41e1d169203 2428236 non-free/admin standard 
intel-microcode_3.20191115.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl3QygEACgkQsZwaZk2P
+bFVTg/9GOF06/gklT/jL+qonuA8nsKPkH8J6+tx3HAjXQD4GFJejn4pKkG6LinY
8zrLv+XHMNo9cVDgT1wevOG+Nlo9j0KdHAj4R298T3WPN4e5AGXKHoo0MyYf2mys
hlmUaj34hk83t8f7KPCiyIumiVfo8NHLyW0a8rscbSsvrLJ1gXba7xfCZY4PbzCa
AEfPna4IECM/rhtEGgiB3+Ljnr1AdTkHi0QXht7QcHQhyKFdIHEv8jE96D5jp+/T
q4/qWpBnrUZWvN3VDPIi8mBpkCTxb5d/S+kAXb1eHNzjVvF5JLwuke97GeriTAf4
z1tlZcKpQFAKx+65mdnwgpOkIEn09KLkkXl4KNl/SGmQt9o7LFHlwamLA5wiOQlf
IGeu+P7KG0oISx8Su5txjwgQeaMelPRWvuNUWOlU/ud58bXJLUrJthr7ip6Rv2cM
qoav9Kk9qq2IrVCL8afGFhBrCAcUGFwYgKToK7kv6aPuLO3YBxZsf4sF9W8/hDZu
i3kGxRYQEIdN6M7TtIvkutkkhD2lSgwSiky2d+Xht7gVEbnkKhCJYjj9LIgoi7u7
WVtnVUhTfV2ff1X5GpphtNvzYrcVdlzR9RRkaCI5GTEBiywRrAzZqy4pPdzLcch7
ohyjiRdy48QcHd1KDrqusL7DdxKgcaAyaTDoI8m+a3OJoLmKSuM=
=TbQw
-END PGP SIGNATURE-

Accepted intel-microcode 3.20191113.1 (source amd64) into unstable

2019-11-14 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 15 Nov 2019 00:43:54 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20191113.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20191113.1) unstable; urgency=high
 .
   * New upstream microcode datafile 20191113
 + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
   Adds microcode update for CFL-S (Coffe Lake Desktop)
   INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
 + Updated Microcodes (previously removed):
   sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
Checksums-Sha1:
 be0636b01a18bcf90f9ed3c3450d9a81d16b1d4e 1789 intel-microcode_3.20191113.1.dsc
 78450822fea8ebbf9f7ddf19ac2879dac5212a8e 3094052 
intel-microcode_3.20191113.1.tar.xz
 60d17015975905de840d709cca754e929cd1b787 5873 
intel-microcode_3.20191113.1_amd64.buildinfo
 c6dd1c5c4d7e219caf422b9cc9d29b67a0a3b9bb 2424796 
intel-microcode_3.20191113.1_amd64.deb
Checksums-Sha256:
 157135235054bdc39ca023e4b54e5989386324bb5a764b85197c7588e5d085d2 1789 
intel-microcode_3.20191113.1.dsc
 80192b3f65fc4300a300cd592990ebb1d0cdcedaa0f859841b60402dc57ec8e1 3094052 
intel-microcode_3.20191113.1.tar.xz
 861f9ecca8b7883001e91d5e079ee9bfc29357247eb45b0df3fd3caf8edb14b5 5873 
intel-microcode_3.20191113.1_amd64.buildinfo
 78636e5841cf7db5d1ce73d6555b69a952aa3a342135edad2d0e731800f840bd 2424796 
intel-microcode_3.20191113.1_amd64.deb
Files:
 39375943339ea9f6b1b7b41c8c21c50d 1789 non-free/admin standard 
intel-microcode_3.20191113.1.dsc
 47245da6abde3c123268477c37a0ffd9 3094052 non-free/admin standard 
intel-microcode_3.20191113.1.tar.xz
 0f1ce221d4cc432e644a9981fb974cbd 5873 non-free/admin standard 
intel-microcode_3.20191113.1_amd64.buildinfo
 5da454c92360a95d9674d90a2478f3cb 2424796 non-free/admin standard 
intel-microcode_3.20191113.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl3OJ8cACgkQsZwaZk2P
+bGHKQ//YyASs/PDPWSfzl3oWcd3sMlrrTc1WonacD7w2zJn4FyYWTYwP4DK1eMy
YJOjqxKqn00OBjLpB4ilCRkZC3tC42VLEHF5asFCiUc/hM+hgHRaTHdVx8k86MnH
LzFOZWgEO4xjFwJQO/BSATtShioA3lCv3C89fsD3Zp5rTZ+ArTDV+LEi45TofxOB
ZUc3fqcYrVN4SK3giPUHqzLzOyNGlxsEerAG5vfoIj5Wmw20Hu3u4C863L5dc+rv
wUq+qJnT63chc2w32ZVwVU6ZyQhG0aUj70nSsbkMbSofQZVm4NforxsVww47uBDb
RzGmYdAj/9lyJQkS4QXRmktFXFA49O26UqkQwdl6aF9xuAEY6/DjRvHwTvxpE6/D
nke4WA++MtRwjNRPxzM28QV0Ad/gPcDaiJ6zciwrpUT7DoYEe4oB1AxnZg+RQxWk
10+nqU4e59a+HYHFVRVpBKhMEapEoD2aV+hF7Mc7PAuXyrHBVyYbG17vBGnXsQOL
JW5hElY/bzNMV4Y3E1bzBkMw+iohpRc0xYTR9AqnUOoXnUS0EuMVtSScoQ0A8Ok2
qNe8WL1NO3pIYrMv8LD53BMkDC54YvS4hAunaZ/Ec+ckQBtu4rW1U4bn1xHhpJ0W
YV8cWkfGG/Sh+4T0Lyssce299l6fp/ulN3znwClMglzKypQwfiQ=
=h0QA
-END PGP SIGNATURE-

Accepted intel-microcode 3.20191112.1 (source amd64) into unstable

2019-11-12 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 12 Nov 2019 23:21:54 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20191112.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20191112.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20191112
 + SECURITY UPDATE
   - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
   - Implements TA Indirect Sharing mitigation, and improves the
 MDS mitigation (VERW)
   - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
 CVE-2019-11139
   - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
 + CRITICAL ERRATA FIXES
   - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
 Ice Lake), causes a 0-3% typical perforance hit (can be as bad
 as 10%).  But ensures the processor will actually jump where it
 should, so don't even *dream* of not applying this fix.
   - Fixes AVX SHUF* instruction implementation flaw erratum
 + Removed Microcodes:
   sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
 + New Microcodes:
   sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
   sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x42c, size 51200
   sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
   sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
   sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
   sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
 + Updated Microcodes:
   sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
   sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x265, size 34816
   sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x52c, size 51200
   sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
   sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
   sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
   sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
   sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
   sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
   sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
   sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
   sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
   sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
   sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
 + Updated Microcodes (previously removed):
   sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
Checksums-Sha1:
 34281bfde6a5b55b5542e4b6b8390916c99838e6 1789 intel-microcode_3.20191112.1.dsc
 5bdcbbcca7e98ac5bcb17d3d657e0c8ca4ad64d7 2994048 
intel-microcode_3.20191112.1.tar.xz
 565dd445b4cc8ca0a74f36b8d5dddce967947fb5 5873 
intel-microcode_3.20191112.1_amd64.buildinfo
 eac4c620210a08d742424a8518fcb064211ec6e2 2325592 
intel-microcode_3.20191112.1_amd64.deb
Checksums-Sha256:
 5a7ae2ecc7c70fd50cca2e018e510ab660e6f19a132cbe5227e4ce070d6a23b7 1789 
intel-microcode_3.20191112.1.dsc
 45ad3697ee81ce3f2bb57ba8a950bce52d34a42e2a5a5c2de90a1bb5daa9b7e5 2994048 
intel-microcode_3.20191112.1.tar.xz
 9e61471b694358e6cf76fdbc9d32ce95ea407ae1ba0b1efb820524bca06ad1bf 5873 
intel-microcode_3.20191112.1_amd64.buildinfo
 057165893de5a2e9825f215192c1840ee4f91c1861b9e4b962b6bbfc9cd96190 2325592 
intel-microcode_3.20191112.1_amd64.deb
Files:
 c57d9bf64096064a983bc8a5ad0bd2e1 1789 non-free/admin standard 
intel-microcode_3.20191112.1.dsc
 2c3ac646fab99edb2bf869b10b8d1679 2994048 non-free/admin standard 
intel-microcode_3.20191112.1.tar.xz
 02a33392ed2e6b2e048698a16a4f1e36 5873 non-free/admin standard 
intel-microcode_3.20191112.1_amd64.buildinfo
 736f622f852b01760e7ba6ec4958700e 2325592 non-free/admin standard 
intel-microcode_3.20191112.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl3Lbm8ACgkQsZwaZk2P
+bEf/g/5Af8MAI7GWOf0nSbsZUB+zoGpMn1vTnOqCq2HuYlOEjKrsNF76Qtgzy16
dM9OV0VXRUNuHngmj8uuUT5riUoSKhM4sBYaR1NZbVXgJl5QlfB/mBL+37EiOr3y
jp72OoTFJYQlx5RVkya3lv4wLKdFbtS/NyhwMUz57UY1aJUVd1fEe0xo7zNXNlcM
a+hKegCDj2Lbt+ig3XhelTo1XJEqu5HNVUsYoIhmzLKiqmLU/mz6h6nhfd5P1gtF
DcPsk/33/FUh7BuA9Sw8WCYoUujNlOFma3Gox50+1WURK5zjAG15une0VaV6I9K7
ArZPxj8FED5qTJZRl/aibXYGsT8GGX3LEFJBp/ybbXjCq53E704Y99iR3MyWui8V
1hc6iT3FMrPt9PDwLHD2bFVOKMvc54bfcm3EDa6UvEfKgqoNWw1Wbf20/W77DKYH
lKaRVMt7bAHPrMBOFdhgqzXzD5nsm0dOnrhPoY1chEtn/DDvmJfZ5G806w/kwCqS
1ZJEjP85XkqLTtt+7gmSAnX6vQwyLwyhixIbAoWObVYCVSc0f8owRjNPQU0JehlY
nqZyuCLFppKL1UfU20D5KbyHd/wsixCWGV9pSVXh0eRq0mkUQMKUtcohUHMx7YPY

Accepted amd64-microcode 3.20191021.1 (source amd64) into unstable

2019-10-22 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 22 Oct 2019 21:00:17 -0300
Source: amd64-microcode
Binary: amd64-microcode
Architecture: source amd64
Version: 3.20191021.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 amd64-microcode - Processor microcode firmware for AMD CPUs
Changes:
 amd64-microcode (3.20191021.1) unstable; urgency=medium
 .
   * New microcode update packages from AMD upstream:
 + New Microcodes:
   sig 0x00830f10, patch id 0x08301025, 2019-07-11
 + Updated Microcodes:
   sig 0x00800f12, patch id 0x08001250, 2019-04-16
   sig 0x00800f82, patch id 0x0800820d, 2019-04-16
   * README: update for new release
Checksums-Sha1:
 a78e751a9d58d39b5d0965a102eb7691c1137b57 1683 amd64-microcode_3.20191021.1.dsc
 8e3868a934af0e3154828f70dc88363be69a2c18 35704 
amd64-microcode_3.20191021.1.tar.xz
 94a07564ee63ff75cc51344a30469aa744855579 5827 
amd64-microcode_3.20191021.1_amd64.buildinfo
 afed5cd624b867b0c05ae6f52651784311e3e51b 36540 
amd64-microcode_3.20191021.1_amd64.deb
Checksums-Sha256:
 d844b3b2bf6e212aa6988c89de38eb7ad7328dd8ecb3766e703ffd9eeccdb51d 1683 
amd64-microcode_3.20191021.1.dsc
 3c289cf6f8a761e1232de17f47bb4e05a9d2739ad8e6ccb643f71ddc08ba61f2 35704 
amd64-microcode_3.20191021.1.tar.xz
 831e733c70959c8cbee12d9c5a842262862196e3f87bd0733fccba1c23b0b27c 5827 
amd64-microcode_3.20191021.1_amd64.buildinfo
 575c3a1a689c2e52fe83037bb1f9bcd9fa720c239df87b02365bf42f18065b09 36540 
amd64-microcode_3.20191021.1_amd64.deb
Files:
 6ccf2e6d251f2aec52843df3d7622c4b 1683 non-free/admin standard 
amd64-microcode_3.20191021.1.dsc
 09b3026401374938b3facbced3ad8265 35704 non-free/admin standard 
amd64-microcode_3.20191021.1.tar.xz
 ab9fbc846e0249ffc11b854cfc67f1ee 5827 non-free/admin standard 
amd64-microcode_3.20191021.1_amd64.buildinfo
 3f00458c69f370c8ab5a04fb2fd5b5ce 36540 non-free/admin standard 
amd64-microcode_3.20191021.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl2vsqkACgkQsZwaZk2P
+bEbMQ/8DzVZhZ2fP+0b5w504eSm3PKEe8hRAUYzhro2DAKTx5h+regboZ3mpE9s
OvPzW4AQMU78rIewH9+Lbh/vW8eNM2Kup0L5ID0RGYM5M0+iPDgiK6r45mcDbGi0
eudHFsbl+gO3wfM5x0KWMeICjjBkzvYV0VsA6xtbIQ0puuSdK46NYluEUGDlUDqA
PQVOJDvIwol44CWvrL2vvYqMkUJZFzsrW/ILDuOp3ef6Ndp3bERX02lgHV5dlEIw
tpgWXsz0tcInUd9tdlBApR00L8ouCG9NYIFLw8F3LnztlP0By9lk305/OhLZnMru
LUP9cBUzizISG3ZfQOPnPBq6PV3AAC606uIfQ4mDGb3ozl5zRQisylwldljvPgiO
lj7aA2pAbqVAZnO+ztz52+Pjstb1OpctHboTfOra8IAW5+PAuZ2juXfS+Ktoou6V
AVHgO8P9NkBM5OvjqQUqSdvx4GrJqSqqHNHxH+4fQIqebNfcIbdEU3JFHxf6qnSO
u38SZaVwIiC8MKK8AnIZ7jGeSY7UYiBdZjrYeSvbAijsUuLJOJQYS6mnEhkkrOYn
erlZTPp6jT2OOYkDys5X7EbodcRLaP1igQ382oxw7TpCHnnhZQtRtgbL0PGdHdaI
4NH9sEI/0RRWNvA7VMw4wdb3jx8iTTZj01Afxmz0BTeQDY23vdQ=
=IyJE
-END PGP SIGNATURE-

Accepted intel-microcode 3.20190918.1 (source amd64) into unstable

2019-09-18 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 19 Sep 2019 00:38:50 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20190918.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20190918.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20190918
 + SECURITY UPDATE
   *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
   the set of processors being updated.
 + Updated Microcodes:
   sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
   sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
   sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
   sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb38, size 30720
   sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x264, size 33792
   sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x52b, size 51200
   sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
   sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x719, size 24576
   sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf17, size 24576
   sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe0f, size 19456
Checksums-Sha1:
 0498ce8f16e7a2555e6af3715bee2a248fa5bfc4 1789 intel-microcode_3.20190918.1.dsc
 4d1b33ba6d6906c50c755db13a3a1d24424103a9 2611444 
intel-microcode_3.20190918.1.tar.xz
 6e8a067886a28f5074de0db641a34784840573ad 5457 
intel-microcode_3.20190918.1_amd64.buildinfo
 dc3ceee0ae4a5d9e552966a379927548c940669a 1944508 
intel-microcode_3.20190918.1_amd64.deb
Checksums-Sha256:
 79e1a0c73969e9a561451e271ac01fdee798e1f24b2202b631b8da287319be9b 1789 
intel-microcode_3.20190918.1.dsc
 b7ecb5dd30d71e9b3c2ab184693a876171392e0d80d138c3560c662e5f2a2247 2611444 
intel-microcode_3.20190918.1.tar.xz
 f1d365d0f29b1e5356126fead3d4192ce3f5fefa0221a3278c5ca0ae033144e4 5457 
intel-microcode_3.20190918.1_amd64.buildinfo
 30eec8030845c3c4b76e0b7a5aa43a527b417122e1b29262241f74c5955d8a51 1944508 
intel-microcode_3.20190918.1_amd64.deb
Files:
 ebe8076359ff3830c99ebc6a2358c790 1789 non-free/admin standard 
intel-microcode_3.20190918.1.dsc
 08a4111a629fac5d4228dc7a620dc570 2611444 non-free/admin standard 
intel-microcode_3.20190918.1.tar.xz
 b563e3a5888f9b27f899584b3503534c 5457 non-free/admin standard 
intel-microcode_3.20190918.1_amd64.buildinfo
 d53da4380732418ff54a8f9e7becd0df 1944508 non-free/admin standard 
intel-microcode_3.20190918.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl2C+jUACgkQsZwaZk2P
+bG/qg/+KaoTd1BXQA+Y2kpGPxbUVS6n+PHBwcndKwlaIcJccRJ3CgcoILX1cyhr
6PZ50JG7mNzu7i9NQTy+OjuyLa0oTGfZMRlKDKv1ZxLSkoulkDMk1hUjzTJM9BNy
VxvqzrEk9jESjiIdQMNm8gfWYYDxHU9iGcyXuG04wqQwQ9dVbiuRW8qal5OYBSlS
upFqjT9TKm99kVxvU19KQ+pzxl/EOMGad+KrG2AmM99DJcnHfWNYy4IvjhIhEP9h
A2yTiWevtK8dJOhQ59kiv4O0ahHxnO73rMaSqAe8zk2ynAZb29rteRjwBhWCjigl
7F5QfB15izqvYy9IjyJjqmzYnHOkhg3BAKJ39QgjbE4n5yaQBVvfsXxjTcH8XRDR
w9wWYTkFhvqW79XU0fnq3DL+PVDMUG9l3JINulxTrz7jnrwRYTLceSZ46Y0h4ie9
7TTbzxB99icaftJO8lUVEo3jDHKOXbXUAVuEX1bPuZEnyE637+iW7m4kIVSLfD0o
XWrTgejJdCcxwqt6zBu8nCcaacQn9Ngz0PsS/ulFBhPdl5rjCCGmowKWSZWM7d/4
kW7bM1qLB3u9iTQvWeWuv0ZSP0UbD9sraf8ne4elI3KxmjS6J+OIbFgEgJiq4skX
9CYdQ4SDPOizKnXPXr1nsN6EKjdEJWfJG8BrJamKrDed2OicQ9w=
=uBWo
-END PGP SIGNATURE-

Re: Programs contain ads - acceptable for packaging for Debian?

2019-06-20 Thread Henrique de Moraes Holschuh 
On Thu, 20 Jun 2019, Samuel Thibault wrote:
> Bagas Sanjaya, le jeu. 20 juin 2019 20:16:08 +0700, a ecrit:
> > On 20/06/19 20.11, W. Martin Borgert wrote:
> > > Quoting Bagas Sanjaya :
> > > > Such ads is displayed only when users have Internet connection, and
> > > > there is no way to patch ZZZ in order to remove ads (or we have to
> > > > buy "pro" version which doesn't contain ads and adds more features).
> > > 
> > > So it's not free software anyway and does not belong to Debian main.
> > > It might be suitable for non-free, but I wonder whether it's worth
> > > the trouble to package it.
> > > 
> > Is it implied that all programs which contain ads are non-free and not
> > suitable for Debian main?
> > 
> > But ZZZ hypothetical package licensed under DFSG-compliant license (such as
> > GPL).
> 
> The concern here is "there is no way to patch ZZZ in order to". If there
> is no way to make the program do what you want, it is not free.

And if there is a [legal, license-compliant] way, but it would raise
major stink with upstream, we don't package it either even if it is
DFSG-compliant.

Not everything that complies to the DFSG is *desirable* in Debian, you
can alwasy package it for your own use, obviously, but don't upload it.

NOTE: unobtrusive, static, non-obnoxious "please donate" messages in a
splash screen at program startup are *NOT* the same as "ad displaying":
we pretty much tolerate such static requests for contributions from
upstream without any fuss.  For one, they're not a security risk, and
also not a privacy risk, unlike anything that downloads advertisements
when it can.

NOTE2: if upstream is fine with the full removal of the advertising
engine and the license allows it then it would be ok to remove it and
upload to Debian with the advertisement engine removed.

-- 
  Henrique Holschuh

Accepted intel-microcode 3.20190618.1 (source amd64) into unstable

2019-06-19 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 19 Jun 2019 09:05:54 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20190618.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20190618.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20190618
 + SECURITY UPDATE
   Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
   CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
   for Sandybridge server and Core-X processors
 + Updated Microcodes:
   sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
   sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
   * Add some missing (minor) changelog entries to 3.20190514.1
   * Reformat 3.20190514.1 changelog entry to match rest of changelog
Checksums-Sha1:
 e9f3b2e18778068ca38c3b29482a9788f2fecb4d 1789 intel-microcode_3.20190618.1.dsc
 2f39125a3960fb36c4492a4b2e4af7ec81190994 2603696 
intel-microcode_3.20190618.1.tar.xz
 ad44d5f01325e1d8cf22a50ae6c4fb156afdeb4f 5714 
intel-microcode_3.20190618.1_amd64.buildinfo
 00d4345e67fe0509e26971563ed577e7a9cfd4b0 1938364 
intel-microcode_3.20190618.1_amd64.deb
Checksums-Sha256:
 3bdd7b6ce5e7521003f201777b17074c24bc9494c34a35fce86b636464a50e2f 1789 
intel-microcode_3.20190618.1.dsc
 0026ade98745205841fbab5d298c5efe6c571438f55619aeb1f2686f95a0f4b8 2603696 
intel-microcode_3.20190618.1.tar.xz
 90f569017493e8da0f1d0225a15ec07a038589f8268a48cb42076f03c4a21b98 5714 
intel-microcode_3.20190618.1_amd64.buildinfo
 f447d0f2f5e9850cfb36fb5a25533d61c6e3459d07130fd1ffb66476d3b6c89d 1938364 
intel-microcode_3.20190618.1_amd64.deb
Files:
 8b0dae101af71afd7fc710c61b3255d9 1789 non-free/admin standard 
intel-microcode_3.20190618.1.dsc
 583fdf59b7024606dd3fca29d16956d8 2603696 non-free/admin standard 
intel-microcode_3.20190618.1.tar.xz
 5d546df4180ee64898a41375278f5218 5714 non-free/admin standard 
intel-microcode_3.20190618.1_amd64.buildinfo
 43a6ef56dab3c809dc7ad20185be19a3 1938364 non-free/admin standard 
intel-microcode_3.20190618.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl0KKBAACgkQsZwaZk2P
+bGpPg/9HrZbxdUAzRB9/R1N78FaCMM6xNDQKApxmu4rt+I1ZE/IQeI5N8c4fhZm
ShZRgY+V2FJWoxUQvXiVQd+HBTBxJtabAdBfg3KleE+bAjxmMscMUrKy2EDe1aDZ
w+gQWtptKf1x+FI38sR/ovG5kvBJEI+9uL6NXY+EWake/UGsIErhTo8MJlQqKOO5
LEBjgIRhN447Xe9Ax/jS2pDY14a8sMMx6UZdVkgCQf6l/q9ywpP2dh5wPE/7bh0B
oAdV7Trz0CvvI8PHn1u9rbrvGDFYD6bNsxI2M8PYQQSjKS3q+MERtsRFcZyQZjKF
pT/mHGJz65RGLWEA4dilwPbIj+7R5z9MuFeUGe5dmwoZSyvhZvdvOtx8CYvJnQvA
FK/5EpMhSav9hxt/zcAgwWfOMZyiO2SM6+VTGCwZq9vyPtPrVP166rliDOwRg50o
be/YQq7hYqSRSEoUHZ/82wwiKaShr9NZQsEqtqPvFiX40vrQOoM+Vq1XKh+JdrjO
xSNde5kCShXr840R/6YvaIKShP/Aqq7ptWXyswukKBRoprlB95vjj9uid2F4oLpC
OsGK+adGAng0bJmekWsdwGKte2bEGuCKw490yOxyRJEGtkG1p0V8MKhdM8gzF2HM
6NP7F5pG+q5Ea2Wt2GOgIUoi52nZvucIHH9CmoFf9pA6eaqHc7w=
=xjkq
-END PGP SIGNATURE-

Re: Official non-official Debian backporting versioning scheme

2019-05-21 Thread Henrique de Moraes Holschuh 
On Tue, 21 May 2019, Scott Kitterman wrote:
> In Debian we use version-revision (where revision is sometimes complex for 
> backports and stable updates).  If you use version-~revision where revision 
> is 
> some thing similar to, but different than that used for security updates, 
> stable updates, or backports, you could be reasonably assured that your non-
> official version would also sort to a lower revision than the same upstream 
> version from any official repository.

Currently, we do version-revision for packages (unstable),
version-revision~bpo for backports, version-revision+debXuY /
version-revision~debXuY for security and stable-updates (sort higher
than backports, lower than unstable/testing).

If there isn't any reason to mind colisions with backports, just use
~bpo.  It is not like it makes sense to have two "official" (be it
official official or official unofficial :-p ) backports of the same
package.  Whomever comes ladter can just use ~bpoXu2 to superseed the
first backport (~bpoXu1).

That said, there's always "~~bpoXuY", which will sort lower than
anything we use officially.  But you'd need to go around setting bugs as
fixed in version-revision~~ if you integrate with the BTS, etc.

-- 
  Henrique Holschuh

Accepted intel-microcode 3.20190514.1 (source amd64) into unstable

2019-05-14 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 14 May 2019 21:49:08 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20190514.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20190514.1) unstable; urgency=high
 .
   * New upstream microcode datafile 20190514
   * SECURITY UPDATE
 Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
   * New Microcodes:
 sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
 sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
 sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
 sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
 sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
 sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x521, size 47104
   * Updated Microcodes:
 sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
 sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
 sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
 sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
 sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
 sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
 sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
 sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
 sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
 sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
 sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
 sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
 sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb36, size 30720
 sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x25e, size 32768
 sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
 sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x717, size 24576
 sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf15, size 23552
 sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe0d, size 19456
 sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
 sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
 sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
 sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
 sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
 sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
 sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
 sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
 sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
 sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
 sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
 sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
 sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
 sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
 sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
Checksums-Sha1:
 9d8eacce78890cb1945bc52fd2cab26b6ee011e3 1789 intel-microcode_3.20190514.1.dsc
 438904e2f3f82e690127dcc660333e246455e28b 2608708 
intel-microcode_3.20190514.1.tar.xz
 930608d175318427282bed3234c9ca90563219fa 5636 
intel-microcode_3.20190514.1_amd64.buildinfo
 5fcba328dd58369ebe93e7056b438bbae516f17a 1939160 
intel-microcode_3.20190514.1_amd64.deb
Checksums-Sha256:
 7f4b68090823f6fe9fbf406870dbba8e5b83f19892d0a27d1cd594dc1860599c 1789 
intel-microcode_3.20190514.1.dsc
 3bead7f29ce9619553e62db7d44438d9143c596cf68ad30ebdc1631af782e377 2608708 
intel-microcode_3.20190514.1.tar.xz
 1abfb725a1d34fbb45db794a193f6b0949c5c95f23caee585cdac9e20a45e108 5636 
intel-microcode_3.20190514.1_amd64.buildinfo
 177f8928b3cebd47b9b0a698e9c69ddfac213489f2432ea98dc60b848861ca9a 1939160 
intel-microcode_3.20190514.1_amd64.deb
Files:
 c9b8692c31755a7ffef443f9db2815e9 1789 non-free/admin standard 
intel-microcode_3.20190514.1.dsc
 cf33472e3b36349eaa56c0d4b04e6c08 2608708 non-free/admin standard 
intel-microcode_3.20190514.1.tar.xz
 ef1e66121ceea57ecf28baf983b3fda7 5636 non-free/admin standard 
intel-microcode_3.20190514.1_amd64.buildinfo
 89c8bb92858b1f51feea3689e34645dd 1939160 non-free/admin standard 
intel-microcode_3.20190514.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlzbcz4ACgkQsZwaZk2P
+bE1bxAAkKZNioyAQYP4LgL1IMrDimM3Kqzq4ecNzNZ2OF+N4v8/0z0lRSun0ce3
wPtlcR4EuRj4bcxT54QdyLhiy1gUwODwcl/+IU3tQiXQPhcVl0v0HNdLeYilJQGC
ePafh1YuotH8vGmDhTGjvP/4Cef2C7ZzOA2YOne

Re: Golang >= 1.12 in Buster?

2019-04-16 Thread Henrique de Moraes Holschuh 
On Mon, 15 Apr 2019, Thomas Goirand wrote:
> On 4/15/19 9:24 AM, Hideki Yamane wrote:
> > On Sun, 14 Apr 2019 21:11:09 +0200
> > "Dr. Tobias Quathamer"  wrote:
> >> I think it's the right decision of the release team to stick with golang
> >> 1.11 for buster. The previous migration from golang 1.10 to 1.11 took us
> >> about four weeks until we had fixed all packages with new FTBFS bugs.
> > 
> >  Can we migrate that from backports -> proposed-updates -> point release?
> 
> Since when do we use backports as a mean to reach Stable?

Well, it can certainly be used as a way to get extra exposure before
proposing a stable-update.  But that's it, AFAIK.

-- 
  Henrique Holschuh

Re: DDs brasileiros(as) na DebConf19

2019-04-05 Thread Henrique de Moraes Holschuh 
On Fri, Apr 5, 2019, at 13:29, Paulo Henrique de Lima Santana wrote: 
> Como está a expectativa para vir para a DebConf19?

Ainda indefinida :(

Mas é certo que não poderei ir ao debcamp.

-- 
  Henrique de Moraes Holschuh

Accepted intel-microcode 3.20190312.1 (source amd64) into unstable

2019-03-16 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 16 Mar 2019 21:07:54 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20190312.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20190312.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20190312
 + Removed Microcodes:
   sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
 + New Microcodes:
   sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
   sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
   sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
   sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
   sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
 + Updated Microcodes:
   sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
   sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
   sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x25a, size 33792
   sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
   sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x716, size 23552
   sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf14, size 23552
   sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe0c, size 19456
   sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
   sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
   sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
   sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
   sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
   sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
   sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
   sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328
Checksums-Sha1:
 64a5647a08e02d29f83f97ee8d10906dae48b876 1785 intel-microcode_3.20190312.1.dsc
 e6209d6ab833368c6a40b165d3e16214b02b4594 2436008 
intel-microcode_3.20190312.1.tar.xz
 d87521ec11a8f5dcf43d3e6d6ce1a3003aa1120f 5632 
intel-microcode_3.20190312.1_amd64.buildinfo
 988a4f6bd0cc9442560aa66972d41dbd6be24e47 1765020 
intel-microcode_3.20190312.1_amd64.deb
Checksums-Sha256:
 a5212eed6b64f0e1ea9a4477679a6a8394317533426382dc4baff7507d5627f0 1785 
intel-microcode_3.20190312.1.dsc
 e4df67cf1a8ac57cf9e15da2a5cdee1f42c2889372de91c55b97f8fbe3cd2b75 2436008 
intel-microcode_3.20190312.1.tar.xz
 cd88e6f541345c59732d3111fd32ab5c2a7c21b19e2c311f160d918dbf3e505e 5632 
intel-microcode_3.20190312.1_amd64.buildinfo
 b95da8ea09995acee2beca97bf8b52ee84368fff5dbffc9179bb25b65a019d7a 1765020 
intel-microcode_3.20190312.1_amd64.deb
Files:
 c9400e317cd856036e1deaf34f987889 1785 non-free/admin standard 
intel-microcode_3.20190312.1.dsc
 eede23f7ae0ca1b27d6d4f2dc95c7c78 2436008 non-free/admin standard 
intel-microcode_3.20190312.1.tar.xz
 7d7a758743c4a810863feefb27fd6530 5632 non-free/admin standard 
intel-microcode_3.20190312.1_amd64.buildinfo
 c0b9ba9ee8913c61c0f7827a4deaa1eb 1765020 non-free/admin standard 
intel-microcode_3.20190312.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlyNk/wACgkQsZwaZk2P
+bEXDBAAqaKwLOiiZamyajeaHJbVpSc1SO28x/75sNVyWGpErxFL7gnB7x629Bye
0Nz3Zrs/UXihasFm55RVbtKEoSOfFopdqrZAYABy7U9DWhxMbGCOPtEwAFnE6eO4
fqiAu3GqZ1ncAL8vpqSRB3gFmh70Jw7LqBrDI0xnWImmlab89WTb54DVGJMydYgr
DXHW64XCkR8GGaOiDRdUfIJiY0LoaFPjo7cwS9KPFu1tGULKNnnXWUFWy6lERTKF
sYLoxpO/h5EnE41YjPMaKFD0F6eeemxGtWRBqJ7quCYsm8y4KvxJBh1qqEg+EPIa
Ay16iPN77/ABGfpF8fXJurrml/MPXxIEkMI6XvV3dr6XCSvrTyOCnqv4f8MR2lVV
kamnRhUY2MidghwMv3dK/KdTgOGnVjFt0RDOfvxTBqsTM1pHiwKdCwAYZTyVTX6y
r4X8SdpxQBiEou7OdUCL/pOoLdI90dg3q0j+sb7Pdfo5/wBsPVJXeuJ3tUqimTHh
v+6ECRaX6MYMBGmZG0XYzzjLP/XZ07CdwJAyq3Zq6ESbzHUXx4bmIzLXsbYieBLS
DqO5l/fLS8prcWF3fcaXMSVrD4ZwSHOhwXbQeMPuieTCP1PQL/ijoRdeLPOPP7N2
iC+ksNVeMrsPTRS6Ptc3KQXLTyvphuPnF0Dl5JFBxft2lRF/4XI=
=sbxE
-END PGP SIGNATURE-

Accepted amd64-microcode 3.20181128.1 (source amd64) into unstable

2018-12-15 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 15 Dec 2018 18:42:12 -0200
Source: amd64-microcode
Binary: amd64-microcode
Architecture: source amd64
Version: 3.20181128.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 amd64-microcode - Processor microcode firmware for AMD CPUs
Changes:
 amd64-microcode (3.20181128.1) unstable; urgency=medium
 .
   * New microcode update packages from AMD upstream:
 + New Microcodes:
   sig 0x00800f82, patch id 0x0800820b, 2018-06-20
   * README: update for new release
Checksums-Sha1:
 aeb5d5c3fad57e1f05021c577339416e25577a18 1683 amd64-microcode_3.20181128.1.dsc
 2a4bd7d129e543976962a7c8c1e8e06ca59d91b9 34592 
amd64-microcode_3.20181128.1.tar.xz
 5fd5b90c24edb363b2f1ee3d0a41262b882690d7 5598 
amd64-microcode_3.20181128.1_amd64.buildinfo
 824122c64291d4b6779f1ddc56fa15c8c58eeeb8 35152 
amd64-microcode_3.20181128.1_amd64.deb
Checksums-Sha256:
 744a1d33c4771d3522dcc765a6b65a3e5b61b1fc2b1c1b7560be009317ba9ed3 1683 
amd64-microcode_3.20181128.1.dsc
 dad6449e7e0221d454e866148f1a0d8746619e06847fd4583eac8f8f8293644f 34592 
amd64-microcode_3.20181128.1.tar.xz
 c893de2cad1db0f85935a8d81d7b42f7d46756db7d41401ad77e2a1690e4a04d 5598 
amd64-microcode_3.20181128.1_amd64.buildinfo
 8fe7486048d9fd7d7ecfb476dc31dd573b3a06c9a7d0a4e72367402861d13077 35152 
amd64-microcode_3.20181128.1_amd64.deb
Files:
 10fe4882c83e86a5f7694d7f9c609bec 1683 non-free/admin standard 
amd64-microcode_3.20181128.1.dsc
 524421da9f31a9cf73a0edb4d07f60f9 34592 non-free/admin standard 
amd64-microcode_3.20181128.1.tar.xz
 fa1af21f530da7d5be2e6e3f76857d41 5598 non-free/admin standard 
amd64-microcode_3.20181128.1_amd64.buildinfo
 4c802497ab8f05da8ed7168f506e5cec 35152 non-free/admin standard 
amd64-microcode_3.20181128.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlwVbxAACgkQsZwaZk2P
+bHkkg//dacJP0iTZyE49bJ6Yu6QtReIXAInhL+YtSNapvq12RNdrKqtvV6s38JZ
l2InLM3ViPukqf7uVdhCIbcl9OY53OvS4tAl05Hz2cY0oIv3FeCckCI0WBVl75Zt
m1K3GNOHdYxxzz0Fi4XjYiUNF2FrW21uurpQ2wb8rBvrb4VmdGgtVcgxY8Jfw59l
iSs9UuD4HtcpkLRWznIh6WPsogUBhofEjU8unCZh3Asaef0Qf4CBbt/VpLKQwS2N
6UJnO9yh9tDmQ66reiGJDoLJuefKhy9/PV+/lTIWBrPjkND7R74GAJOLIDpnVktM
UUA3Phgbq+NKSfppfrjvmkdSGcMq6F6Xy3ii8pBE+GL8cGSIw71H5go2gb2+CSWj
iCeea98aMXmnip4rBygI0qJxj4lf9DWDkLvaH6QY+7CjQjrUVnfQtB0t5SQtnAnQ
787SQn70mrL34208UJIkc1V7662z5oob2Bkn/I5HaZIvN0+DKSbJbOUD15kEOVGe
f6jhD3/Lx3dWwC4BQUAmCQLEeuW4OLuCC5cQOjh0vtIJNXErqp9mydbeJrZgkfgV
wzkwM5ZItmlmSTn4t8S6/8NLDdmod/iK791AxAiv5lMH73UbR9QOPPAyyIxqk9v8
0Hbe5WDWdwPY2F3eZ/TFVGKnl+LrBixG2zWqIrQvbzm9AdbM+aw=
=d961
-END PGP SIGNATURE-

Accepted intel-microcode 3.20180807a.2 (source amd64) into unstable

2018-10-23 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 23 Oct 2018 19:52:40 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180807a.2
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 907402
Changes:
 intel-microcode (3.20180807a.2) unstable; urgency=medium
 .
   * Makefile: unblacklist 0x206c2 (Westmere EP)
 According to pragyansri.pa...@intel.com, on message to LP#1795594
 on 2018-10-09, we can ship 0x206c2 updates without restrictions.
 Also, there are no reports in the field about this update causing
 issues (closes: #907402) (LP: #1795594)
Checksums-Sha1:
 c0dc2c8a0ca22b196d865db603391b34a355cb8a 1789 intel-microcode_3.20180807a.2.dsc
 8bc3650ab301b0e16bffcb9617f975da36198a94 1974492 
intel-microcode_3.20180807a.2.tar.xz
 7eb7015af6ffbda4249804ca06d1e055c951b5bc 5780 
intel-microcode_3.20180807a.2_amd64.buildinfo
 6c1424c0a586bf52d3205a8466a86870ac91413d 1305552 
intel-microcode_3.20180807a.2_amd64.deb
Checksums-Sha256:
 a0483970951804f0762be3ada995b60633c635779e4892e794b2f86eedc9f242 1789 
intel-microcode_3.20180807a.2.dsc
 4136fd6dbb1f21ee7f57f26f5fb52608cfc4d335d7990216554e05940dd3021c 1974492 
intel-microcode_3.20180807a.2.tar.xz
 a1cf896a72e8e92031711518c220190a0f7db92c16f59238e1c856d070567230 5780 
intel-microcode_3.20180807a.2_amd64.buildinfo
 5d115dcb90ad2d75747bad7c81fd708b9579127e50ffab25ec26b432490bc251 1305552 
intel-microcode_3.20180807a.2_amd64.deb
Files:
 f12336c5e958224107b89874bf020196 1789 non-free/admin standard 
intel-microcode_3.20180807a.2.dsc
 28506d537e989388986472128eacfb4c 1974492 non-free/admin standard 
intel-microcode_3.20180807a.2.tar.xz
 fd9b141a6cff745660902e53f3354d99 5780 non-free/admin standard 
intel-microcode_3.20180807a.2_amd64.buildinfo
 993aac10eac709cfe74022db1a472ef0 1305552 non-free/admin standard 
intel-microcode_3.20180807a.2_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlvPxsYACgkQsZwaZk2P
+bGUMQ/8DIq0/em3SxMMaqOInY7pB8CMK7/4kk0fOfeiOEsnEypjjV5g+msGL84x
YzzEOHOe4uSdzQ/8fz3cCr2no8tLRHi8eSUfj6432i5gBvy0nfB5YqXLDyg/rp3E
T/1J6xRs3F+0AeBq6+UN45Zml1MsxduXZwJfi+5lnR9kilagB6q3IrFSZg6PM3qb
05aAfam7nU4AcbQCvDfFeabLUymlZSzOEbOO7TU2CxnCOQtP1r84onqqcscgJbgO
Q224HER1L1CIjivMwLMittuKUzZW6kCz6ELsJeFAX9zeNfFWPBUY0APEwSFXldF9
1m5hCz/BjoojkNbiln3r6AjDC3eWheCD7cd8/IGPOHBnCcFzg5v0Aa3XuJnbry9Z
DCdGJUZnzSKggl2s+kKEGE6m2YH26dj1comm7/xgcklLz3DQx5Ka5LRMvvJ7NmNL
5WtoOzR87nTAv2AOoQDjQd0iY18noI9U5uC7h8g/CSix8+G9J6RQYuGHVBIALyoX
CEHJqJgu72zUh9eMUH0xhs9nBHwMW8EbbSabdPmKkhu5VyZ1RC8uN10SsghSjDvp
Q6KXduNrCisaAd9I9gePrw9k91TjDRMOu82U8CaCuUIbuaNdV88hBte9osePOSjJ
Z63njkVvcWkMnHRmvMK/cAQLT6Pszt7gqUhIUruAqKw3gGG4Rbs=
=YzVC
-END PGP SIGNATURE-

Accepted intel-microcode 3.20180807a.1 (source amd64) into unstable

2018-08-24 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 24 Aug 2018 08:53:53 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180807a.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 903135 903141 906158 906160
Changes:
 intel-microcode (3.20180807a.1) unstable; urgency=high
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20180807a
 (closes: #906158, #906160, #903135, #903141)
 + New Microcodes:
   sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
   sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
   sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
   sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
   sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
 + Updated Microcodes:
   sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
   sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
   sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
   sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
   sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
   sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
   sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
   sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
   sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
   sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
   sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
   sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
   sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
   sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
   sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x713, size 22528
   sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf12, size 22528
   sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
   sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
   sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
   sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
   sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
   sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
   sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
   sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
 + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
   Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
 + Implements SSBD support (Spectre v4 mitigation),
   Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
   Intel SA-00115, CVE-2018-3639, CVE-2018-3640
 + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
   processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
   Intel SA-0088, CVE-2017-5753, CVE-2017-5754
   * source: update symlinks to reflect id of the latest release, 20180807a
   * debian/intel-microcode.docs: ship license and releasenote upstream files.
   * debian/changelog: update entry for 3.20180703.1 with L1TF information
 .
   [ Julian Andres Klode ]
   * initramfs: include all microcode for MODULES=most.
 Default to early instead of auto, and install all of the microcode,
 not just the one matching the current CPU, if MODULES=most is set
 in the initramfs-tools config (LP: #1778738)
Checksums-Sha1:
 e8345eba5ca27879bd3c7039352a0fc07eb574af 1789 intel-microcode_3.20180807a.1.dsc
 6641e0f872818c063efcffed37ae4d11c4e83964 1976648 
intel-microcode_3.20180807a.1.tar.xz
 e3f61dce161aab23b2cfbfad73682f266ea5d2d8 5896 
intel-microcode_3.20180807a.1_amd64.buildinfo
 dcc70fb7b4cb2f55d20eb29499f9b6bbb21a532b 1294196 
intel-microcode_3.20180807a.1_amd64.deb
Checksums-Sha256:
 acb159c8f55318ba300d54978d2e0975a2bfefcba90036bc126a13769aee6fee 1789 
intel-microcode_3.20180807a.1.dsc
 1a7cb96d5c6a4abac2936236223d9bea79d7442dc1cfe9b712ff8e35374f0f9f 1976648 
intel-microcode_3.20180807a.1.tar.xz
 814429089af608f70cd2e092616ef41c3bc44348dbee0d549cc30c4035bf9d02 5896 
intel-microcode_3.20180807a.1_amd64.buildinfo
 493279b2868a0d6410c5983f93d8f6be043621336ac0c17e4909902d66530726 1294196 
intel-microcode_3.20180807a.1_amd64.deb
Files:
 23b387fd159873824c347dc372378f34 1789 non-free/admin standard 
intel-microcode_3.20180807a.1.dsc
 14b52370a1269cfc3a9d113644549f55 1976648 non-free/admin standard 
intel-microcode_3.20180807a.1.tar.xz
 1a84c1161b028a472a70906066797b25 5896 non-free/admin standard 
intel-microcode_3.20180807a.1_amd64.buildinfo
 5fd78ce0bdeade88fb2c91de3f808468 129419

Re: salsa.debian.org maintenance (GitLab 11.1.4 upgrade, external storage migration)

2018-08-13 Thread Henrique de Moraes Holschuh 
On Mon, 13 Aug 2018, Alexander Wirt wrote:
> We don't rely on it. There will be a backup on debian infastructure so that
> we will be able to change to different providers at every time.

...

> But using gce allows us to to support use cases different use case than just
> git (like lfs, build artificats, build logs and so on) without consuming IO
> on debian infrastructure (we are already seeing IO problems on high traffic). 
> 
> Hope that helps

It does.  Thank you very much for doing this!

-- 
  Henrique Holschuh

Bug#904917: general: Gnome randomly crash and restart to login.

2018-07-29 Thread Henrique de Moraes Holschuh 
On Sun, 29 Jul 2018, Riccardo Gagliarducci wrote:
> on Lenovo laptop ideapad 520 Gnome randomly crash and, after some seconds of

Are you using the latest version of the ideapad 520 firmware (BIOS/UEFI
and EC) ?  If not, please upgrade it.

-- 
  Henrique Holschuh

Re: Research survey: Impact of Microsoft Acquisition of GitHub

2018-07-13 Thread Henrique de Moraes Holschuh 
On Fri, 13 Jul 2018, Dominik George wrote:
> > I don't think categorizing these things as spam is the right thing to do
> > -- although ignoring them most of the time is.
> 
> If they don't care enough about privacy and free software before doing a
> survey in a privacy and free software community using privacy and free
> software ignorant tools, it is spam.

That is just your bias (happens to be mine, too).  If their sampling
space is unbiased, a lot of the people in it won't agree with it being a
problem, though.

Unfortunately, the choice of survey tools will bias who will participate
on the survey, so it *is* indeed relevant to the survey results.  But to
unbias it you'd need tools that are neutral on almost every aspect (and
that includes usability by the survey-taking participants, for example).

-- 
  Henrique Holschuh

Accepted intel-microcode 3.20180703.2 (source amd64) into unstable

2018-07-05 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 05 Jul 2018 14:26:36 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180703.2
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20180703.2) unstable; urgency=medium
 .
   * source: fix badly named symlink that resulted in most microcode
 updates not being shipped in the binary package.  Oops!
Checksums-Sha1:
 4dccca77ca6d9bb711943d6e3fe8b4609012cde5 1785 intel-microcode_3.20180703.2.dsc
 0ae639137cf5909bded429725fd027d3fdd45add 1835980 
intel-microcode_3.20180703.2.tar.xz
 9d775ad76eac0e5b852450dd1df7e557fb0099f9 5806 
intel-microcode_3.20180703.2_amd64.buildinfo
 d5ec73079c63ae67b3a73728e73c4e2d5ef64f8e 1164104 
intel-microcode_3.20180703.2_amd64.deb
Checksums-Sha256:
 a0622c329651a3eec7ffb82e53f467d72200a3541dbf6b01d6cc29e64bcdb7b7 1785 
intel-microcode_3.20180703.2.dsc
 26dfaa47100ce3d06f968edefa7539da10de7b96d5d8e26ee8174a040ee5cdae 1835980 
intel-microcode_3.20180703.2.tar.xz
 a29eb88c5adb27c377e0158aa593b705745423161a2840063f92ec53b693 5806 
intel-microcode_3.20180703.2_amd64.buildinfo
 29f6c751355f92f5247023471cd176bd3f539dc8f78c0a5ac3698ad114ce5f9f 1164104 
intel-microcode_3.20180703.2_amd64.deb
Files:
 ca3b6af5b4b7ce0c32f7f070c88f1528 1785 non-free/admin standard 
intel-microcode_3.20180703.2.dsc
 563f0a0b865ed857b542d68ce0f40eab 1835980 non-free/admin standard 
intel-microcode_3.20180703.2.tar.xz
 27e86d59227c22c7418fd86ba1dcc0b1 5806 non-free/admin standard 
intel-microcode_3.20180703.2_amd64.buildinfo
 aa996fa5a23ea8cc52c1bb07a49bf07a 1164104 non-free/admin standard 
intel-microcode_3.20180703.2_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAls+VXoACgkQsZwaZk2P
+bEhfg/+MIAqc9FfkEfZ3OTid8RotEtz0fzgZlY6UpWMdPJb5UNIQOq7/NEFOAA0
e/9kTOdpf6QyEI4WUBgKy1jRSMwpfd8gdlc9tw8WParNE+UUEh0LDZhUDJLlqGp8
BxpDQYGi2/cglFhsovFi3SNlJX83A5jNTJy47BsUJwbeLg/uh9TGW69wtO/L9Qve
ty82eRQibylnKLHHDNoVcOdVFLuI3Jt+myVw8ijtw29f8ks8mB2qVQa0p5WInSDv
tRIhCTHJz5tB8yikgyMvMAg4S+hWXKq0IYwNf2ju/GVrp2fKpNLwSVE0gX5viE1V
+VkmSulA8U3DKm0VlJhGrkxtIJsMrpDyEMSefIBFXoqBLlCVQnrQiLsjo0x0SUUG
rwRXP67OKOGMTslUhjgATdnXNpLGSQhlTWJjB28pR34yjfqayfiGoV1dFqTtfzDw
kREmu4qJlIPrp5iDgWHKNs61e5xlZYixzKdn8aKQ1M1Az3bTUonL5AnP8+JrFvIy
WXfXkvG0Aj2WDs1V2Zl5HP58r62HMzE/o3CjufxojEPf3VIPsS3J+J35IPWrhKIg
anZ37IbhqnIoY8aT4jRd8xyb+O6+qpgwHIWLbZ/Hu0+pqcM6RA0ak8AGYNNqrodk
YMtYRxBjq0sxIg/BmoZbIO/gZ9pWPOP7GLZ2bgvIHnkFiF/th+M=
=7dAj
-END PGP SIGNATURE-

Accepted intel-microcode 3.20180703.1 (source amd64) into unstable

2018-07-05 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 05 Jul 2018 10:03:53 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180703.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh 
Changed-By: Henrique de Moraes Holschuh 
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 903018
Changes:
 intel-microcode (3.20180703.1) unstable; urgency=medium
 .
   * New upstream microcode data file 20180703 (closes: #903018)
 + Updated Microcodes:
   sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
   sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
   sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
   sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
   sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
   sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
   sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb2e, size 28672
   sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x24d, size 31744
   sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe0a, size 18432
 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
 + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
   Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
   Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
   server dies.
   * source: update symlinks to reflect id of the latest release, 20180703
Checksums-Sha1:
 fca99b0bb0eb805f919150c1a872ef032095b74f 1785 intel-microcode_3.20180703.1.dsc
 e2e43a1bf16a746102e49048ec752570d24b5fae 1836376 
intel-microcode_3.20180703.1.tar.xz
 5d93326278f907937ce9925b19297cfd7d349ca2 5803 
intel-microcode_3.20180703.1_amd64.buildinfo
 7a2af3b26297da1b32cbd9140a35a85bcb4fe909 274236 
intel-microcode_3.20180703.1_amd64.deb
Checksums-Sha256:
 c1c0a3cc57b1d293cb0556968b18aa21ce29742d1ec5a217c8b0d8371c5fbfa9 1785 
intel-microcode_3.20180703.1.dsc
 e70047f9399cb091b01d39eb812714d9fb4a400fb2b3f72540dc3b132b75a31a 1836376 
intel-microcode_3.20180703.1.tar.xz
 50cb1418b04cc8ec5105f610e4563cdcbdafbfbd380e1d0fa1ec12a726c6c758 5803 
intel-microcode_3.20180703.1_amd64.buildinfo
 de3fefdea12e6a2347c9e0010028d4982b8fa9ebecdbdf045283d3dcf46a88f9 274236 
intel-microcode_3.20180703.1_amd64.deb
Files:
 1d329941459517a66134ef41dd4438db 1785 non-free/admin standard 
intel-microcode_3.20180703.1.dsc
 f02075fe9907f82cd8ba90ce5329c809 1836376 non-free/admin standard 
intel-microcode_3.20180703.1.tar.xz
 d32de5f34ba946b68738ebfb04ca26d4 5803 non-free/admin standard 
intel-microcode_3.20180703.1_amd64.buildinfo
 9b9219a8f408cb51b30e9afc70276bb2 274236 non-free/admin standard 
intel-microcode_3.20180703.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAls+GPgACgkQsZwaZk2P
+bHMQw/+N64n/rzGkMkJ/oDzwwjpBRL6a/CUBDG6sWPmYLsA//zr3UAu9FQiJjMU
ZiJASAgSYFUjp/Ae5WgFGRlrysmGM59dhBXP3zffPVrg6fFfzVG4lwA2QtX4TTmi
IDa6nunTKfi/wIn/NqsvzHRb58klvy+49cGs5iGSO01Sxm4K6VrXh8ctizZge8dq
gciyPvq5K5bBi2FUsuUf2KZCSNbafm35Ou3PM61o1Fkc/a1oVPpbZP0K9SZXMRX9
c6/kmVK/uU1AkGwXJVkZb6nRpKAAeVUzLfr+A6uyrGBBBvb4zH4K+1UfyQfN+7h6
sztFERMkmBcNEbLN9Q/DsgKdl0nOy/EnQWjrtmqEP1dPwqo+vWh+5hEagqN6TTen
WX/WXiXM0pxVAnGQ+2NLiz01bNTnFJIw8naJJ6odHd1l6pkmhbpgVDYAmiJd55Y8
A1uJc4AzTj4XjODvuA3OPzToY50YkDPMBSrxkBj1vhsg3J0kgLXYD1OfV+ATVHJc
AjlkTELSzcvMzjhdUynNM3hiCldem7kOdC68kiJiGohBWfunFewW51DaacaXvKVG
j2kTJw1f0eMbNDhAUK9fxqdbRGTtxZu/p3kzwe9ofInolUUDcMp6v0Hw1QMdCKwG
50aRjFbYneON1c97x3zDb5pSiWa7oCBfuGGlboV8IGflE4l7pTo=
=Pq8o
-END PGP SIGNATURE-

Accepted amd64-microcode 3.20180524.1 (source amd64) into unstable

2018-05-25 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 25 May 2018 15:38:22 -0300
Source: amd64-microcode
Binary: amd64-microcode
Architecture: source amd64
Version: 3.20180524.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 amd64-microcode - Processor microcode firmware for AMD CPUs
Changes:
 amd64-microcode (3.20180524.1) unstable; urgency=high
 .
   * New microcode update packages from AMD upstream:
 + Re-added Microcodes:
   sig 0x00610f01, patch id 0x06001119, 2012-07-13
   * This update avoids regressing sig 0x610f01 processors on systems with
 outdated firmware by adding back exactly the same microcode patch that was
 present before [for these processors].  It does not implement Spectre-v2
 mitigation for these processors.
   * README: update for new release
Checksums-Sha1:
 c61692fa6cd32c3400ab6f72d13510e5d0013300 1683 amd64-microcode_3.20180524.1.dsc
 f220130933c98de6b5ec3091a8b0aa52fec1f122 33712 
amd64-microcode_3.20180524.1.tar.xz
 931bc367ed6d3157241d960a1d21eb7d079568e7 5733 
amd64-microcode_3.20180524.1_amd64.buildinfo
 7243679e04df0d593ed524c504dc22ad62c962b7 34428 
amd64-microcode_3.20180524.1_amd64.deb
Checksums-Sha256:
 12b3a3ca000739aa28aab2e519ba5b1851658ccabf7136184ab5b7c236279e9c 1683 
amd64-microcode_3.20180524.1.dsc
 7c389c357c242e7161f6872bf4e12011a71e4c0683f06fb1bcfad650a78bf0a9 33712 
amd64-microcode_3.20180524.1.tar.xz
 8a50cf1ebb0f398a38281e62281971f36b29649869e066de732a82ba29e19a8f 5733 
amd64-microcode_3.20180524.1_amd64.buildinfo
 42f812f14e5d858afc0ff938620f855e61408f9c8ebcb266184ec56224a0401f 34428 
amd64-microcode_3.20180524.1_amd64.deb
Files:
 cb5185e1ed6efcf41cdc931b9c725325 1683 non-free/admin standard 
amd64-microcode_3.20180524.1.dsc
 7b532e9939963a78c6002401c86a4cfc 33712 non-free/admin standard 
amd64-microcode_3.20180524.1.tar.xz
 4c70a9d2e92a4e541787aecc1cd282aa 5733 non-free/admin standard 
amd64-microcode_3.20180524.1_amd64.buildinfo
 6060393c6d9cf1b66dbb52e9ebafc5bb 34428 non-free/admin standard 
amd64-microcode_3.20180524.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlsIY6IACgkQsZwaZk2P
+bEWwBAAlU1SB2VYNIOZ3eEkYHXCOYULrFHjXWnEormfnmKjNHqgNL8p6K6t67YH
kbV+voF7cVKdz9wecacOiAYGQrBorNVZupIttH5+Po5U018Jzlof7BqLiKLgdrA+
AW1PQ/0yYMduhD1FlA0yEKB/dzDkLpT/1kSZk+lEoVOLbm/kb97Y94j6Yc5gOI66
+O8rmMuc0tiJNqmHkGWe+/X60p9lZPVZ45k7BZQ5clfjABeI5jnwzcdKHiwba9dc
Eiu2uMi+7UVncajVCFplcAxZa+yiadzmVnXTPRVx6ms71846aq2stpAZUUouXkaK
3Hw6RvJZcziBQ+H4LlZGPCTh0c+V0bHRzZlkbYr1e6TCkAplaX8m6zgc4SdXVjnC
9cP+F+D6ba22rF33OB5Irs4M/mD92kGoQWMrEgW9/l7SJ/qHasdLO348+mTkcK3/
Vp/mc/QZSQOkd3hE6FEqDEP2vJ4aT7eK86cS2gc8KzW2JHxzkf75lkCnQFbOchZb
DLNHWEIv2LERwqWRs2fKIwYbIZp592V1Weg1qd/zRMaGTqSPV5BN5LP5hPe+HC0g
9G8uR+aEl5m3XJblpNuencbN5cIi87pEt9ztBYAGE8bde322Ow6vmmg56PiVQbam
QgEhz0JYIMlAS0OXvb4x0PA4Xll2FD05s6b/scmvGzt+AksXKzg=
=mTkW
-END PGP SIGNATURE-

Accepted amd64-microcode 3.20180515.1 (amd64 i386 source) into unstable

2018-05-19 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 19 May 2018 13:51:06 -0300
Source: amd64-microcode
Binary: amd64-microcode
Architecture: amd64 i386 source
Version: 3.20180515.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description: 
 amd64-microcode - Processor microcode firmware for AMD CPUs
Changes:
 amd64-microcode (3.20180515.1) unstable; urgency=high
 .
   * New microcode update packages from AMD upstream:
 + New Microcodes:
   sig 0x00800f12, patch id 0x08001227, 2018-02-09
 + Updated Microcodes:
   sig 0x00600f12, patch id 0x0600063e, 2018-02-07
   sig 0x00600f20, patch id 0x06000852, 2018-02-06
 + Removed Microcodes:
   sig 0x00610f01, patch id 0x06001119, 2012-07-13
   * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
 plus other unspecified fixes/updates.
   * README, debian/copyright: update for new release
Checksums-Sha1: 
 5c53ec4fb9addfcd311f82e0e4635fb3ac26 1683 amd64-microcode_3.20180515.1.dsc
 a8fb44d18d45c20ab961cb051006d6923fc42422 30880 
amd64-microcode_3.20180515.1.tar.xz
 c673656d06be5ac3d9f36c710a52a776e0f1b7ad 5616 
amd64-microcode_3.20180515.1_amd64.buildinfo
 2ee85b35e3500f33654fa03ec8ebfd4ee82d40ec 31568 
amd64-microcode_3.20180515.1_amd64.deb
 97d40bad6705c3861d30ac797c9f1ea9aa80c8b9 4417 
amd64-microcode_3.20180515.1_i386.buildinfo
 b15041cbd9d10e1a63e448946842c6bbc8be964e 31568 
amd64-microcode_3.20180515.1_i386.deb
Checksums-Sha256: 
 f0e9e9e14e49a0ca174f1cd0f97100b15efc91995ed7d130d5cfd5a7df7c1c27 1683 
amd64-microcode_3.20180515.1.dsc
 a6a70826a090e823aab84f681edb6e74a97c315649da1016fd563b8cc217bb9e 30880 
amd64-microcode_3.20180515.1.tar.xz
 bca816627c6b6e5be78e93146d351bdc09690c7fcc14747aa62123aa33bf62a5 5616 
amd64-microcode_3.20180515.1_amd64.buildinfo
 b998007ab349ff9d46c5ba877c45f413b5ac10658cbb6500772a2048ca464c2b 31568 
amd64-microcode_3.20180515.1_amd64.deb
 026106cd56eef1ba432f17850c576d3008feb4cf9df99ba90e709034fd611c14 4417 
amd64-microcode_3.20180515.1_i386.buildinfo
 297d70d8d32d5bd93e96c3ea50c6358bc9eeacfe24dc0c678b007a111d84b088 31568 
amd64-microcode_3.20180515.1_i386.deb
Files: 
 d5b2cf7c19aba986249bd983a0ba5448 1683 non-free/admin standard 
amd64-microcode_3.20180515.1.dsc
 55b548478112c4a18f2344aa4ba70633 30880 non-free/admin standard 
amd64-microcode_3.20180515.1.tar.xz
 f4ca18efe0ec005dcccbdeeb00efb793 5616 non-free/admin standard 
amd64-microcode_3.20180515.1_amd64.buildinfo
 89b1cc4e4556dd2f0b16efae4893d7bc 31568 non-free/admin standard 
amd64-microcode_3.20180515.1_amd64.deb
 324d3d095c3fb92f8b56bf01fb68941c 4417 non-free/admin standard 
amd64-microcode_3.20180515.1_i386.buildinfo
 50e1117aed550efa3a1d828717b67e09 31568 non-free/admin standard 
amd64-microcode_3.20180515.1_i386.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlsAV2MACgkQsZwaZk2P
+bHWmxAAkhfnKoZjPexi75cZc5xw+2y6gR3XvMVjW8SumLMx2+Wq8qCvGzbyCajW
nRVJObCAjgytwvcKc3JvXY4eryBpI+lrgelRt1ABqJPcNMPQ0AJTdTlMsm7ofEr+
jja/0djAXvUVCILatEZlyXHxeIKQJSKLi/VSvst1lgnmN65nOR41IrkPJahBGUcX
GRc3gfVYzZHMZjdaMsuqFwGd/1tZJo6ITFOpmoeSjaIF5WEhdsE9VESqpsW/YPia
NcpIjT7Xx0f82dQ1+oi8JfIdID4uYeCKGPKPJS3yULjhQv6s8uveqMacbMJYBApK
7SLb4vqv3fwmMzdjB8NteFTBdpvO3GaCrcKEzQ9dK3AkqLxGVgUIVmKarLnDQSSM
BK1DPTjWHEHIzo+oEoAu2sovrNAtQhQGmQZv6R04BGv/ZGUSHz1wa4AUv4DOB/Fj
1IupW2tLLrFMk2bq62iaJQQV4qVJHRbpd92NqH5y0Yver2Z3AQEN1wvLh2XdI0qV
Y0UzOsBAl2CjZQ6Xd8fR1l7kGejF8QBDPUa4tvrZLUXicimTcQ6IBigm5Z/MSpny
yQKm7858UK0+7MrvBbXZQuKeW1mld6RMNQ4ErVUvpPXMdHJRVoOnbOoTmATKK7jh
LaYBvgs/z0AU4yZzhZPkEc0e60didgVJqburyWqpQl0tYSZRd0w=
=on1X
-END PGP SIGNATURE-

Accepted amd64-microcode 3.20171205.2 (source amd64) into unstable

2018-05-04 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 04 May 2018 07:51:40 -0300
Source: amd64-microcode
Binary: amd64-microcode
Architecture: source amd64
Version: 3.20171205.2
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 amd64-microcode - Processor microcode firmware for AMD CPUs
Changes:
 amd64-microcode (3.20171205.2) unstable; urgency=medium
 .
   * debian/control: update Vcs-* fields for salsa.debian.org
Checksums-Sha1:
 a5a68af670e399ce5722036174d72fe0a58d77ee 1683 amd64-microcode_3.20171205.2.dsc
 7575a8169fbeb35beb2de256b7301cb4a8143568 32608 
amd64-microcode_3.20171205.2.tar.xz
 96c6a0af5d5a15cb47459f7b0e0b59d1bcd50a94 5644 
amd64-microcode_3.20171205.2_amd64.buildinfo
 bc65aa72b66d7b496af1bb1e69b58d32f3deb42e 33588 
amd64-microcode_3.20171205.2_amd64.deb
Checksums-Sha256:
 e22eceea461d5b248028f6c259554c44d1de25669eacd14f150eaa0e08d1bb33 1683 
amd64-microcode_3.20171205.2.dsc
 cec08e96697b63f3744b4d818f4748ea2e692b13aeb44c2b7c6aab06078fd7cb 32608 
amd64-microcode_3.20171205.2.tar.xz
 ca2b1561013c54459924b6d80b8d358a9d2af1b3ad2f9d2b35cb3fdac1441944 5644 
amd64-microcode_3.20171205.2_amd64.buildinfo
 3622ee373e87c9d3478c1022772a40a9c7b2cc0b55c2e53b06835c8bceca6d10 33588 
amd64-microcode_3.20171205.2_amd64.deb
Files:
 932b932c037fd9fe2b8f25e0b5d65fcc 1683 non-free/admin standard 
amd64-microcode_3.20171205.2.dsc
 5422d6624eca47bc783838e119e4bed3 32608 non-free/admin standard 
amd64-microcode_3.20171205.2.tar.xz
 14e6e0da49be690716d75eff0e06feb2 5644 non-free/admin standard 
amd64-microcode_3.20171205.2_amd64.buildinfo
 71d8c04217c05843b806d06d91b8828f 33588 non-free/admin standard 
amd64-microcode_3.20171205.2_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlrsPFwACgkQsZwaZk2P
+bELwA/8DdWZX2r0PRao32vRDUDAQ787mili/3shsxS7CGStuWcqjuHDR9YApJFe
nehBSN66EXL+j9/U3dgKPA8cYna8z5sIHGBVjztg4gAVERmWR+HHNasxTXsPBhYb
bSXY9DDBUYYa7qT9j2Q0APgkQ1V5NGgXSF2vY8uXyc8z2ITo/BdVQShieVvZ+pBK
ocT1NrGfSwPSh439/kK2a6MU01rLC4J2fpNi5AM5I6K3F4eX6et2rqNgOA3jZc6F
D7Srk1nmKDaYsgH3NgG8RpFyrpL0gbEKqaH5fQVx6J6KAVD5+v0BbhfJzXF+uL35
8UFyp7iWyKKKFMHrH4eJ8yf9vMbZyKo5gCNSY2MLEuSXBbvpyupFzeY5XXN9DJcZ
zSWfAFYH1EhE9qJ9ZGfpESmUrjoosDAdLd+OiaT/4Y5ofOKOgTYZq/KInQv4Bq1S
MTKL77XNN2MF7sKkIYom+nnGvgdgIDpnhzB4xnf8eypIYjCbE3qEzaXTh9GjxhQA
fFj7hjZKPPhPZzQhPPRNsIUqjS7yAVG8boApFJ0E7++Ih/35BPLU4Fglruq7lqHx
im93C8k1EWYsUd6hy79Kbs2gbPGr/jVUMms7vybi8dgNZT66N62k7tamCw9sA0Nw
b65jze/bqoREskktq001nshxjWdSkLFxftkolu9dThe/5kOv2q8=
=mWky
-END PGP SIGNATURE-

Accepted intel-microcode 3.20180425.1 (source amd64) into unstable

2018-05-02 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 02 May 2018 16:48:44 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180425.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 895878 897443
Changes:
 intel-microcode (3.20180425.1) unstable; urgency=medium
 .
   * New upstream microcode data file 20180425 (closes: #897443, #895878)
 + Updated Microcodes:
   sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb2c, size 27648
   sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
 + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
 + Note that sig 0x000604f1 has been blacklisted from late-loading
   since Debian release 3.20171117.1.
   * source: remove undesired list files from microcode directories
   * source: switch to microcode-.d/ since Intel dropped .dat
 support.
Checksums-Sha1:
 2105f298930e3de30340af8845be876a7fa05e7b 1785 intel-microcode_3.20180425.1.dsc
 5b79a7aa00e744912e09a144079ecb502cb2c83d 1835868 
intel-microcode_3.20180425.1.tar.xz
 d47385cf71ad40b8fad6c08511d7abe96a3c9766 5752 
intel-microcode_3.20180425.1_amd64.buildinfo
 7e1954e91f1da7e80a3528097fec4e994470f33b 1157704 
intel-microcode_3.20180425.1_amd64.deb
Checksums-Sha256:
 3cbb7c4bf8524225cdd2a402264eba76ab336e74a028beb878b7dce885885032 1785 
intel-microcode_3.20180425.1.dsc
 eba08f2d04effcd5627a842e6453c0086a70c217382604811b45912723c94b47 1835868 
intel-microcode_3.20180425.1.tar.xz
 fc4135a39c0c6f8406938f30f0451cebb8af13ff06cc45dfbb66dff5171419f5 5752 
intel-microcode_3.20180425.1_amd64.buildinfo
 705fba392358ceeb21804627b0a0e9becdba3ecdf8e06f9b55db3d0e89883dbb 1157704 
intel-microcode_3.20180425.1_amd64.deb
Files:
 a8243736b84c4f84b19146eed5e698a9 1785 non-free/admin standard 
intel-microcode_3.20180425.1.dsc
 3dbf36cd013b7f924aaaf50e220a3bfe 1835868 non-free/admin standard 
intel-microcode_3.20180425.1.tar.xz
 62d6e08c74a99db810c1eeffd1ef6044 5752 non-free/admin standard 
intel-microcode_3.20180425.1_amd64.buildinfo
 eac9a93964a6fe362b26503e8a4a0c9f 1157704 non-free/admin standard 
intel-microcode_3.20180425.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlrqSboACgkQsZwaZk2P
+bHophAAhZAXr8tAFOPoINAkaDbIWjhL8tzyAHIbgjFG5CXKT52CTq0QJNiffgBv
0bD3ARJ/aEaKwC3kefYU+Ds0uEh64jrjatrXbgiKb0io+1yPj8ihtjkeCUlxSJ9T
cz24wCfzQWnsopRoRtT1oOzlIo9qlWR/4otVk02L1G1EJQj8mFSR9AlQU5rkdxbG
ITz+VEw5UDIfRBsAb/WRuCIb5nU9sZoN+4ccpa4HqLReIoFsrzfbIfEXJEgSBA7M
qrsr7FxzbopPnpEdgHGZ+G7QOo0gUKA0fWjI02gtOfDwq5WCklL8GFbWdTGLyUp7
hwu4Bd0tEwG8qGkE2T05NDgmWPzJRcqYZxEpcq6Zut9YqLFCcJrkqdA5GkCenR2u
NPPiGexbhGP4YOlwqr9/WaJHIDN0bMr4b0kZh3SvrJeT/sJa02tAOOoSSf3iFzj/
yWVr/Dwb23wVLMARHdjiuMN49lDitx+5gtkeb0M3Ahk75K3cDK9mRlhDWvYnDnh8
NLJPvbfifBpLJyi3714jrY10GJpq4oVMiyRKPJYZLkn4ovRaBg/md0Yuwa0oBd+w
oATcHbpPsCeIaziltm0qxp9DV+zjrn2JBizHYLQZ6+Ebz2/fwcjEGmWkCEfH0jSv
mz2h/IXbj3aVyrCRkBw96WCmfaiYz1yRxpSPWQVAWv1xv+E7A2c=
=Kre8
-END PGP SIGNATURE-

Accepted intel-microcode 3.20180312.1 (amd64 i386 source) into unstable

2018-03-14 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 14 Mar 2018 09:21:24 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: amd64 i386 source
Version: 3.20180312.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 886367
Description: 
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20180312.1) unstable; urgency=medium
 .
   * New upstream microcode data file 20180312 (closes: #886367)
 + New Microcodes:
   sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
   sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe09, size 18432
 + Updated Microcodes:
   sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
   sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
   sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
   sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
   sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
   sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
   sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
   sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
   sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
   sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
   sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
   sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
   sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
   sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
   sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x243, size 28672
   sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
   sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x712, size 22528
   sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf11, size 22528
   sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
   sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
   sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
   sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
   sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
   sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
 + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
   Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
   Coffee Lake
 + Missing production updates:
   + Broadwell-E/EX Xeons (sig 0x406f1)
   + Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
 Gemini Lake, Denverton
   * Update past changelog entries with new information:
 Intel already had all necessary semanthics in LFENCE, so the
 Spectre-related Intel microcode changes did not need to enhance LFENCE.
   * debian/control: update Vcs-* fields for the move to salsa.debian.org
Checksums-Sha1: 
 36303a2dd2c5bc0a99a94050005ca5bf0f9b9e28 1785 intel-microcode_3.20180312.1.dsc
 887418b291f9bf9451c0215ccf681427bacefdea 1685068 
intel-microcode_3.20180312.1.tar.xz
 ed434bdc0851ff7d48c423f2ad92267c45625054 5605 
intel-microcode_3.20180312.1_amd64.buildinfo
 1f273d8ebb062af49b7e5a3afcf04ca765e4e1a7 1156188 
intel-microcode_3.20180312.1_amd64.deb
 020f8c159f1e5a709dd833f9887fd7057be905a3 4396 
intel-microcode_3.20180312.1_i386.buildinfo
 47c3beafab17c1d09c575b08fc9f090beff61a44 1297124 
intel-microcode_3.20180312.1_i386.deb
Checksums-Sha256: 
 6d7571739e07a37404a6ecf690fc2ab582211e7417d3719ddcff124f4101da9b 1785 
intel-microcode_3.20180312.1.dsc
 6ccb295d23961c7b96a69280e30fdce939e1d905147b22b8428886b173812d52 1685068 
intel-microcode_3.20180312.1.tar.xz
 12b0887d082e2405a5e6cdb9a7429a01859b12d273c8c142e55a6d7a1c1dcb0f 5605 
intel-microcode_3.20180312.1_amd64.buildinfo
 efc8856211b247307efe69d0e2b39385eecf7ca23c3e812701bf3387e20bf31b 1156188 
intel-microcode_3.20180312.1_amd64.deb
 5b5f40c396432031103ec70ac6863a45f2b04447e3179bd7082afced3c3386a8 4396 
intel-microcode_3.20180312.1_i386.buildinfo
 7164d7762d80cce70df7d6f23cd925e598892763957805afb536841171f47994 1297124 
intel-microcode_3.20180312.1_i386.deb
Files: 
 b60be497151b2719fc5d296ce6d0394c 1785 non-free/admin standard 
intel-microcode_3.20180312.1.dsc
 46ffd844248ab31fcaa27d89e58cd8c8 1685068 non-free/admin standard 
intel-microcode_3.20180312.1.tar.xz
 6d74443b776365baad453c14bf3e32b1 5605 non-free/admin standard 
intel-microcode_3.20180312.1_amd64.buildinfo
 507c36b14bba3e8de4ee1f3951eee997 1156188 non-free/admin standard 
intel-microcode_3.20180312.1_amd64.deb
 b3b72217cdbd4e0e0f602235b6e9a5e6 4396 non-free/admin standard 
intel-microcode_3.20180312.1_i386.buildinfo
 8be9ffae0ca75b34c38bd22919b5c17b 1297124 non-free/admin sta

Re: Systemd dependencies

2018-02-26 Thread Henrique de Moraes Holschuh 
On Mon, 26 Feb 2018, Roberto C. Sánchez wrote:
> On Mon, Feb 26, 2018 at 11:53:27AM +0100, Bastian Blank wrote:
> > On Mon, Feb 26, 2018 at 11:13:03AM +0100, Michael Meskes wrote:
> > > > However I really would start one step before.  What exactly do you
> > > > think
> > > > a service dependency on "mail-transport-agent" does provide you?
> > > Actually it's the other way round. I need my program, clamsmtp, to
> > > start before postfix. I haven't checked with the other MTAs to be
> > > honest. So I guess I could try only adding postfix and see if somebody
> > > reports a problem.
> > 
> > No, this is no reason to introduce such sequence points.  You don't even
> > know that the MTA runs on the same system.
> > 
> Unless it is designed to only interact with an MTA running on the same
> system.

In which case, if it is postfix, you could just ignore it.  It knows to
try again any transports that fail, it knows to do controlled backoff
and all that jazz, does so by default, and has sane defaults even.

But it will pester you in the logs about it, though.

-- 
  Henrique Holschuh

Accepted autotools-dev 20180224.1 (source all) into unstable

2018-02-24 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Feb 2018 13:00:57 -0300
Source: autotools-dev
Binary: autotools-dev
Architecture: source all
Version: 20180224.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 autotools-dev - Update infrastructure for config.{guess,sub} files
Closes: 891281
Changes:
 autotools-dev (20180224.1) unstable; urgency=medium
 .
   * Sync to upstream git 2018-02-24
 [commit bd9626458c30d7faec17d7dfbd85a80617b10007]
 + Add detection of x32 ABI for x86_64-*-linux-gnu (closes: #891281)
   * debian/control: update vcs-* for salsa.debian.org
   * debian/control: bump standards-version to 4.1.3 (no changes needed)
Checksums-Sha1:
 7c4031daa620481029aaa7081e5435981401c0d9 1643 autotools-dev_20180224.1.dsc
 ade5b5862278b17bf0a03fe07916185a2ba2253e 68256 autotools-dev_20180224.1.tar.xz
 4d2adb854b588c70022f26417c0eb20fca350719 76988 autotools-dev_20180224.1_all.deb
 201b823c113dc447b8f812d7b4504fb7da7ff6ab 5522 
autotools-dev_20180224.1_amd64.buildinfo
Checksums-Sha256:
 795f558377bf6c90280c293b2711afc094cd1bf6ae486a395e1361ffd242cd2f 1643 
autotools-dev_20180224.1.dsc
 355a4d8461dfedebd2c5194603197712a10f71e20de73a35ab6e90b7acf3e837 68256 
autotools-dev_20180224.1.tar.xz
 ebf87f4b8c6c7442751ffc317ca7b07065a83cf078a957582e5e0fd5a07d35df 76988 
autotools-dev_20180224.1_all.deb
 960ae0e8c38875060b76d07ea2327ad6a549633eb1ebdd90411465678e1ba3ba 5522 
autotools-dev_20180224.1_amd64.buildinfo
Files:
 b5ac9715d745457d2ef79d0d56788962 1643 devel optional 
autotools-dev_20180224.1.dsc
 bd75af5f9da01c1acc3424937c4aed5b 68256 devel optional 
autotools-dev_20180224.1.tar.xz
 71687fc13d6d93626d575811223c71c7 76988 devel optional 
autotools-dev_20180224.1_all.deb
 2a0da15d1f78adbd3ee9d8a17672a7cc 5522 devel optional 
autotools-dev_20180224.1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIyBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlqRjzsACgkQ/hG/posV
jpiAaw/4gmKuqoXHJdY2jP1B5ECqd0VldSMXw9mSQgJYXvExY29z/8v13BBQaZjC
9Wx/OGmhrjxIyPjd9c1zxrAhayPv8KT6l59F5PdLMvAIFkX9EUjTWNLhUGNGsuzR
ILiAHZ5PdKpjCqPgRYhP7iPzOdnyzOzqdVTt7ZlQnWKmIoEm86l8O3d6GDhfDn6B
2TnWNrUaDqE+wDlsOoQUi5Ku/U3KUeAuhP277R8blCsz5OBb7tGb9Gmpa6M+b/Nx
/Rx0zvRicijU/OUtQpfOP8b1LUsF5N9qs+ldQQ2qMRH10HuG8bz8JgnJcivsevhY
QhgY4kCwpNwXY/HWM4QDms0Kmc1BNv4bMuJIHVXmMsv9kP2P0uGk0/C7o11/m7YY
K7X4uAznrJL9IF59skepPhzcUC9ilKFBcUK9Pd3HV+UOfbnkcvuca07RpHXeD241
7BqySWokRPXQrRz1lTCc2jaqrmvEetcszZHs7VrLflMy/57jlg75o/p88EgAJxxw
FaBNH7lt8DaFuNAW8rywwbDTRuoEftV5eIX5jru0HWhdF54Wu3vUBnBV4Lk5/Jvd
kse71a4s2j8R1Gnf+HLg8gH1mPmQcydM0sGMgwVp6+cD6oGph35v2CkhEz/tB8rg
vgc8yoS/WmUjOGqCfUN3xsc3fr/YcuigQ9vXuVJaMqHUqlptuA==
=H7XG
-END PGP SIGNATURE-

Re: Debian part of a version number when epoch is bumped

2018-02-14 Thread Henrique de Moraes Holschuh 
On Wed, 14 Feb 2018, Vincent Bernat wrote:
>  ❦ 14 février 2018 12:53 +0100, Wouter Verhelst  :
> >> > Would it hurt to take those epoch bumps into Debian?
> >> 
> >> Depends on what you mean by hurt. I see epochs being used w/o much
> >> tought or care, on many situations where they are not supposed to be
> >> used, and they are permanent stigmas.
> >
> > I wonder where this representation of "epoch" as a "stigma" comes from.
> > They're a part of a version number. They're as much a stigma as the "57"
> > in "libavcodec57". What's the big deal? Just use it if you need to, and
> > be done with it.
> >
> > There's really really really nothing wrong with using an epoch. If some
> > of our (or someone else's) infrastructure has issues dealing with them,
> > then that's a bug in the infrastructure and we should fix it. But nobody
> > should be afraid of using an epoch when the upstream version number
> > changes incompatibly, because *that's what they're for*.
> 
> It's not only an infrastructure problem. If you Depends on X (>= 1.8),
> this will be true with X 1:1.6 as well.

Only if your program is severely buggy.

Hint: either it matches dpkg --compare-versions exactly, or it is a
severe bug.

-- 
  Henrique Holschuh

Accepted iucode-tool 2.3.1-1 (source amd64) into unstable

2018-02-05 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 05 Feb 2018 22:42:31 -0200
Source: iucode-tool
Binary: iucode-tool
Architecture: source amd64
Version: 2.3.1-1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 iucode-tool - Intel processor microcode tool
Changes:
 iucode-tool (2.3.1-1) unstable; urgency=medium
 .
   * New upstream bugfix release:
 + iucode_tool: fix filter by revision parser on i686
Checksums-Sha1:
 8ceedfa150f0d0246501f6a6e3db3358157992ba 2235 iucode-tool_2.3.1-1.dsc
 da93d9de6f7085c69fdd3d8e90b17e7f10c9f310 153380 iucode-tool_2.3.1.orig.tar.xz
 df8374df23d830e0e6c5e6106997834808aec671 833 iucode-tool_2.3.1.orig.tar.xz.asc
 7046d9cf13d119b291fe1dbc9588b892dcd632b8 19780 
iucode-tool_2.3.1-1.debian.tar.xz
 14c784aeba5909f5ca3e96978c7f208c41904f2e 48156 
iucode-tool-dbgsym_2.3.1-1_amd64.deb
 d88c09859bcff8f82310360e842b5ce64f847bd5 5671 
iucode-tool_2.3.1-1_amd64.buildinfo
 c03cacfc03b6f550ea26b033fd950b140b60aae4 62444 iucode-tool_2.3.1-1_amd64.deb
Checksums-Sha256:
 2aaa329d650e4f32e8d7dee1676512390149ace21327f6800d6a4822b4657e0c 2235 
iucode-tool_2.3.1-1.dsc
 12b88efa4d0d95af08db05a50b3dcb217c0eb2bfc67b483779e33d498ddb2f95 153380 
iucode-tool_2.3.1.orig.tar.xz
 deb2d13a0a367e815f173a77cfc399c731175115383780ef1b4102fcf8208f8e 833 
iucode-tool_2.3.1.orig.tar.xz.asc
 919465e8b79727b1bead9faa893cc5d01468e0a2cc4d3fdb2eac8e06e793702b 19780 
iucode-tool_2.3.1-1.debian.tar.xz
 8ca20020dde02622605a11289b1ead3449a82d4abd2a89c97fbac549adcf2240 48156 
iucode-tool-dbgsym_2.3.1-1_amd64.deb
 93314d04b8544c25915bb4ec54d2ffb7f22d5978e3abbb0a1e472aaa76fedefa 5671 
iucode-tool_2.3.1-1_amd64.buildinfo
 78d5e1bff6cbccfb696b805ea0c29022eeb4cde4a130511e5bccca3fb1a15a73 62444 
iucode-tool_2.3.1-1_amd64.deb
Files:
 26204f56108983004fe9e56a80867094 2235 contrib/utils optional 
iucode-tool_2.3.1-1.dsc
 63b33cc0ea1f8c73b443412abbf39d6f 153380 contrib/utils optional 
iucode-tool_2.3.1.orig.tar.xz
 d685f91543a6cac0b18981e7361ff98b 833 contrib/utils optional 
iucode-tool_2.3.1.orig.tar.xz.asc
 96c9b6533c1e19096b2268fbd67814bb 19780 contrib/utils optional 
iucode-tool_2.3.1-1.debian.tar.xz
 dfc3262dd179212dd6201dfd32176398 48156 contrib/debug optional 
iucode-tool-dbgsym_2.3.1-1_amd64.deb
 b4dbbebb6bf572b8193f3fe8968b2a0f 5671 contrib/utils optional 
iucode-tool_2.3.1-1_amd64.buildinfo
 7e2b50acf2d30d1d70b8f0fb7a97543f 62444 contrib/utils optional 
iucode-tool_2.3.1-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlp4+5EACgkQ/hG/posV
jpjBMxAApdYQCmqMFrbztceJb/190H85MIQEmTf8CzRg+xHtLkUrM+1FVHTay82b
ymweEZ3fMQfz0LA9QwtcYMNxDE++Y7P7EzEuz0zVAQoyTr1T+Ko09283VA7WaQ0p
DZqKlRwP4wBXtH5Ohb9vyuZj8Ej6llNuo57KmMlXx/4PSpYbGNb/ye/so007vyPR
ottIvUatDWSmhmItjNr3umgwjz9IsJTOFGOKC/MUTeWeHBewn6mAmm3USj07qbvx
hrFASUvVxxoC9Q30Jbdju9MBThFsEDyKEhFhFuqejsTxM6cUarDpVQ9F1pNyzD8R
P8WHUoEPTeBQt0t4gQpEjayaJGGnuYCqaYvFbL7ltuqKR66KNAkemWGnArqt7+H4
gVOV/1sxty3ki1boU5eTTI6RZb7zjxN/sd0CtPfUx93B1XilRnk6yYO3/jdl8KPs
rbv4UEPVu5v+OWEfWhTqCSrn4MrNpqXSMIuZV9m1NdgGduypuaqrquThNqSpeUVf
W2EHFdkSRTArztJDySLupgtU38He/U66uNOED7rxB/R4uqZUgIx4hzDRjCuAatNe
qeiNNC3QCFUIwxs8gdphDZVStVhb6RniDVHntlEkPqG/k1FAgQyt9JHN0S3puKMF
J4kRiS5i3q+obYLj/SScyRgP865qNNvFzZIhQrMwEd7j1gcCNkk=
=sq3Y
-END PGP SIGNATURE-

Accepted iucode-tool 2.3-1 (source amd64) into unstable

2018-01-28 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 28 Jan 2018 13:46:14 -0200
Source: iucode-tool
Binary: iucode-tool
Architecture: source amd64
Version: 2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 iucode-tool - Intel processor microcode tool
Changes:
 iucode-tool (2.3-1) unstable; urgency=medium
 .
   * New upstream release:
 + Support revision-based matching in microcode update filters
 + Support exact --scan-system as a runtime option (before, it was a
   compile-time option and disabled in Debian builds)
Checksums-Sha1:
 c6f94f8e803d7be12e133cc906ba525b6a49d902 1965 iucode-tool_2.3-1.dsc
 c5c1bd4df12b6e02890a5d57f8328313bb806913 153220 iucode-tool_2.3.orig.tar.xz
 4c32bdc747e063da3ea81793b2ee6f26f6770c57 19740 iucode-tool_2.3-1.debian.tar.xz
 28a44fef75d74f83f586cb0e7cc1b01da6e6b13b 48124 
iucode-tool-dbgsym_2.3-1_amd64.deb
 36969a16ce0c35bd11996398d7788486f5395f02 5692 iucode-tool_2.3-1_amd64.buildinfo
 02d0f41a3b8838d748e5c06f2c8658a6d3a26d77 62364 iucode-tool_2.3-1_amd64.deb
Checksums-Sha256:
 ecd076af30b68a15bfaeaf059f7432a6fc3220d36f0f37844d0345c1591efc20 1965 
iucode-tool_2.3-1.dsc
 02826643315760f985bc806797dd0832e7561e58e8aaccec3049cbf54029a4f2 153220 
iucode-tool_2.3.orig.tar.xz
 ff0edb3e8599cad3a3f9e6b1b39aa26bc86c97d2373a81011c8de85371f49f40 19740 
iucode-tool_2.3-1.debian.tar.xz
 1f555ee360e966f709266c4a28759e1bf4fdbd0af10453d27f3a9d96ef9383b8 48124 
iucode-tool-dbgsym_2.3-1_amd64.deb
 58d2f2ae804e1cf766d435f6dbb884cb954d58e026b01d9666d715ffa7a94c1a 5692 
iucode-tool_2.3-1_amd64.buildinfo
 643782f1e04491f2e4337c0eeeb682d859051e152bdebd406f54dbf45675592f 62364 
iucode-tool_2.3-1_amd64.deb
Files:
 6b164a22164a3cf15bae5645a68a9b66 1965 contrib/utils optional 
iucode-tool_2.3-1.dsc
 8f6ca9f09b6bd24e09be42c348c31d72 153220 contrib/utils optional 
iucode-tool_2.3.orig.tar.xz
 4dfc0ae27410433e93128c5a0ce4974e 19740 contrib/utils optional 
iucode-tool_2.3-1.debian.tar.xz
 bbb4867160d6d3fd70f9a59695682976 48124 contrib/debug optional 
iucode-tool-dbgsym_2.3-1_amd64.deb
 1227cd34967e4528992b0c5262d5603b 5692 contrib/utils optional 
iucode-tool_2.3-1_amd64.buildinfo
 c5893425833969f717697da031aa1503 62364 contrib/utils optional 
iucode-tool_2.3-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlpt91oACgkQ/hG/posV
jpiPqBAAlpVmDo5Tg1FkeG4lWGSWpnSXs5yrkGT+a7V3h4q95VYBRSNc0hULZhnA
OQvv1WiD6X6Z5hsf39adowNJsk3KnnVhHbKMkNRkQwcIA4cvfuf71e14joMRw+iE
dkjvA7MPZx1UhsSypkcWbJy6AllRezE0/ZConZ81vcUSSleR66uTqYbnKWko6tRB
bLS+7Yi64QQ0KvTtmssx5bwneOc8MQFQEmPNw9K5YztV+JwBHbLyQlDykf+GuLCT
EfoG629vPqI5xV8Vm3eqbTEtVQbTs8JjIhsdUvzBXxfzmusSnwMyekn4ornF8jyh
4HSrSd/EvcDhqsZ96ooJ60chdx0u5LUsAk2caajZX2YqXntTatgEZ1InF1LohlrT
kNWo1YUJQtB6v59bv86j0UWtIfKa6LcARZWuPSfZ6CXC2Ss4ETVbYoCvr/LkJOi5
HbtdH+7/KZQcy5Y1Qlu8CjAfcr2eIZpUT+r33cB6slwkp5eyNPTrnCNboWo/wl4L
874ke0RAovbXnL1IxfZodbiHiYPrelevDbMifMy1823S8ceuMIwcFznbhCtgc2P0
gFbrlYUZ0HsvogUb2s5zMZdhRvljDasf5eiKLfBrnyVSa3dIHC/rRpCfj8SaieEQ
dBcIXlB99IH93amm3I87rMwBya2WJumPZbVBvjMBOzkdir6toZ8=
=wH95
-END PGP SIGNATURE-

Accepted intel-microcode 3.20180108.1+really20171117.1 (source amd64) into unstable

2018-01-22 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 22 Jan 2018 23:01:59 -0200
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180108.1+really20171117.1
Distribution: unstable
Urgency: critical
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 886998
Changes:
 intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
 .
   * Revert to release 20171117, as per Intel instructions issued to
 the public in 2018-01-22 (closes: #886998)
   * This effectively removes IBRS/IBPB/STIPB microcode support for
 Spectre variant 2 mitigation.
Checksums-Sha1:
 2ecfe6036525207dea082973949a538fb027af0d 1865 
intel-microcode_3.20180108.1+really20171117.1.dsc
 0dae4e35e418c31f0f8918dc156e959720f95e21 1801480 
intel-microcode_3.20180108.1+really20171117.1.tar.xz
 bdc109d548b74f7aea64ae1f17703f2f1ffbeb61 5665 
intel-microcode_3.20180108.1+really20171117.1_amd64.buildinfo
 210553661c42faae406f4edfedacdf0c804b0e7e 1270444 
intel-microcode_3.20180108.1+really20171117.1_amd64.deb
Checksums-Sha256:
 a7df931b02fa66df34106c1d4ff96b39921309b07fac2452b3112eeb29b87bcc 1865 
intel-microcode_3.20180108.1+really20171117.1.dsc
 376c988faedbee9ddfdfed6073fba65fbd3504a7fab4c3fe1d7e141e8e417126 1801480 
intel-microcode_3.20180108.1+really20171117.1.tar.xz
 04040e9355771e3f9c75a995107f9938f9e6fd304ea41ba351eddc77cbead848 5665 
intel-microcode_3.20180108.1+really20171117.1_amd64.buildinfo
 57a22d3dd3379149fc550f371874bfa864f6d2f264665379e8fc8c85bd90e6f0 1270444 
intel-microcode_3.20180108.1+really20171117.1_amd64.deb
Files:
 04360f77e2fe481ecce632f214cea4b8 1865 non-free/admin standard 
intel-microcode_3.20180108.1+really20171117.1.dsc
 c5d6395ae7719dabd161739b6aa21cef 1801480 non-free/admin standard 
intel-microcode_3.20180108.1+really20171117.1.tar.xz
 2a6ca1e54e22d5e16fae1f908edf4918 5665 non-free/admin standard 
intel-microcode_3.20180108.1+really20171117.1_amd64.buildinfo
 d99a8480e9d1405749b5b1ae4bc5c232 1270444 non-free/admin standard 
intel-microcode_3.20180108.1+really20171117.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlpmifIACgkQ/hG/posV
jpgfPw/8CMVJPItsxGqebnznKCmN5UXvxkSiGTpivUyzZoik8Nmh6259ukF1iIvv
kYHnFoxTpYNbWMrCBD9KnCAxIARmru1G1jK1K6kytxHroYseBKgE2fsvcSsqcN5/
lctedHZj0cwNqhRN2p8ROuw9Di3/ZukcyyxICAj0W8CyYHfdNfBpXw1hnJ0gp0Bx
TDjZ4DUhScLQ9W6nOr3YkiAB2VSIDM2w8TAPgrtQnuNUYyHQmnajuaI/1U7tjsrB
Huj/rS0lUzkoLzm7yp9OPpEOmdKcUtKEcyk63v5oiqf4eNCeg1yGg0QPr6ET/p49
J2IOYBAopUja60CmmF1fveXAuaBwPvvibvOZ+GNmt52E4ybnvs2MK5Bd4KwRhA82
ZMks7lP8Dr56Zl0GsDwKBfVhgvVAlXNOyFhzDJnQlhpRCcWKlVTI1b5yDnoO4+vm
C6YqBf/4Jh1YmPI6og8lKVtcU0jUxVKSnxTNOYfJz2T2qb3yvfMmS8ZV9PbUBpa5
nwLWJcLGVQYlOiNEhFaP8oV2dI4Ip7plHjT6m6SorhCSisz4B6nPcpDyNhFZ2Mue
SaRhicv+gtCMLruvY4UYt9JYlzo7dQUAcnANZjaNu7l6nF5jZxB7FCA9WqmcaTbd
3uleOMd2VGAO5uN4evnuaWRA1bbizlN9fkgve/T4FKnyCEEXkyQ=
=fP+B
-END PGP SIGNATURE-

Accepted intel-microcode 3.20180108.1 (source amd64) into unstable

2018-01-10 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 10 Jan 2018 00:23:44 -0200
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180108.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 886367 886368
Changes:
 intel-microcode (3.20180108.1) unstable; urgency=high
 .
   * New upstream microcode data file 20180108 (closes: #886367)
 + Updated Microcodes:
   sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
   sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
   sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
   sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
   sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
   sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
   sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
   sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
   sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
   sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x23c, size 27648
   sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
   sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x711, size 22528
   sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
   sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
   sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
   sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
   sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
   sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
   sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
 + Implements IBRS/IBPB support and enhances LFENCE: mitigation
   against Spectre (CVE-2017-5715)
 + Very likely fixes several other errata on some of the processors
   * supplementary-ucode-CVE-2017-5715.d/: remove.
 + Downgraded microcodes:
   sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb21, size 26624
   sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
 + This removes IBRS/IBPB support for these two platforms when compared
   with the previous (and unofficial) release, 20171215.  We don't know
   why Intel declined to include these microcode updates (as well as
   several others) in the release.
   * source: remove superseded upstream data file: 20171117
   * README.Debian, copyright: update download URLs (closes: #886368)
Checksums-Sha1:
 8d00166d61fa9eecebbf6a2debfc8b7a51d73b1d 1797 intel-microcode_3.20180108.1.dsc
 dc528817c12ceaac31945e9e07e12b77a8680828 1615120 
intel-microcode_3.20180108.1.tar.xz
 8c5ca0a2779f5cf86ad3dfd402009c68f6141d18 5522 
intel-microcode_3.20180108.1_amd64.buildinfo
 ffeb56100abc5eaa2cc2c66558df703b0c2dbb3d 1100968 
intel-microcode_3.20180108.1_amd64.deb
Checksums-Sha256:
 487d607018b5d4080b8369af0fb2ed3813eaa0dd1ebe9c49da256fca3d1f1cf8 1797 
intel-microcode_3.20180108.1.dsc
 7a1a8bbbc6520be14e99fab40581c471861e8d731593447dfc9e9bd6b630712d 1615120 
intel-microcode_3.20180108.1.tar.xz
 83d349a463e0cd989dc5e00899653b4abf7106252f2e0487c2fe3c7f903641fe 5522 
intel-microcode_3.20180108.1_amd64.buildinfo
 38e5d729480b79b662bbbfef17df226bca4a58c487ace607ba277ecb673be1be 1100968 
intel-microcode_3.20180108.1_amd64.deb
Files:
 5aee72317b2b6d73c98d5edc64be6183 1797 non-free/admin standard 
intel-microcode_3.20180108.1.dsc
 d6c4722b969acdc8f33fa039470cacce 1615120 non-free/admin standard 
intel-microcode_3.20180108.1.tar.xz
 e8a917a05400df234632693bce092b3c 5522 non-free/admin standard 
intel-microcode_3.20180108.1_amd64.buildinfo
 265b2c7034830584eaca8c2ce1220c1c 1100968 non-free/admin standard 
intel-microcode_3.20180108.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlpVe/gACgkQ/hG/posV
jphktg/+MAFRa1/u0m+UlorpH1mEECjY6gzUmL26ORzxule2MTftXvMeO2I7QNNx
55VDqdwSftJjpYY9fEo7BPSMZoPTCh/Lkz9UgVPYsFO3rSycVa+BR3Ke9wtP3VoI
SKY+CVp+jssn696kb0uJyTVOYOx3j+SFDFF08fazxQoewt85N6pZ6adW7W8ZDYPv
5fODMvq44Qi232pwHi0Aj9AS+7thvW7uSrY1VlyriJi9rGk/yBtMEjOfCuhKVpNr
zBBFzSeNl5bJ6feHaMYzBUvjnQkmPg82HKsMi1zjT31fPOdiShe5gnOJTK/VLlpx
z47Cf2XmPOXju5fC5CHh9Ged+WVfB8aCWk1hKl9M+FqTItax5tnSJKbyf07Iuh8q
XXowTKM7DqdlG4fA9KKiZT4btIZt0B8dmg0W1Hj5FsV+8f3fEeZJFv0ErWFSrucP
Vn4YzxdZo3xWok1LpesrAZJ2NR2cJx7u3ySE5PNL4ZSZbY+qyr4Ovdu8JDb+bQlU
eBYMTUVhR8nImi8byZ3aCNnVZDMpA2CpnX4YrQ8A6TMcZsBr8IpQMQtFI7vLngrn
qpyoVFSiB3EYsr4i8rt8fQTO24pvBtfhIxCm/TY83DlIR1D6Fcks+Y3/NBrUFz2/
rqMHfu6deWvsRaPqmsX1EXTCbyP2C02nszi9CoRBFrV1COP6AY8=
=twwv
-END PGP SIGNATURE-

Accepted amd64-microcode 3.20171205.1 (source amd64) into unstable

2018-01-10 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 08 Jan 2018 12:19:57 -0200
Source: amd64-microcode
Binary: amd64-microcode
Architecture: source amd64
Version: 3.20171205.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 amd64-microcode - Processor microcode firmware for AMD CPUs
Closes: 886382
Changes:
 amd64-microcode (3.20171205.1) unstable; urgency=high
 .
   * New microcode updates (closes: #886382):
 sig 0x00800f12, patch id 0x08001213, 2017-12-05
 Thanks to SuSE for distributing these ahead of AMD's official release!
   * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
   * README: describe source for faml17h microcode update
   * Upload to unstable to match IBPB microcode support on Intel in Debian
 unstable.
   * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
 backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
 "x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
 it will not be applied to the processor.
Checksums-Sha1:
 ea1c935c8439710b746c32888b66a78e99e23ccd 1695 amd64-microcode_3.20171205.1.dsc
 fc2ece2b1c5a042f56304c6709c2c0add5dcb9aa 32584 
amd64-microcode_3.20171205.1.tar.xz
 25962539ebbfe4d04c118ba026ffc83dd004346c 5492 
amd64-microcode_3.20171205.1_amd64.buildinfo
 55efcf98ad106a71ecebf4902421d9cbd4b620fc 33552 
amd64-microcode_3.20171205.1_amd64.deb
Checksums-Sha256:
 bf20678e4e523f759fed3564d4f417fa72889e874e723d0d56ed354cf9ae58df 1695 
amd64-microcode_3.20171205.1.dsc
 a38bc072f535a3d3c1bf4e9e545197aa5114e979e94ef7e4a67e615df2f853a7 32584 
amd64-microcode_3.20171205.1.tar.xz
 35e8621dbc699ad6aa250e0dc190fcb88e654d3766115279d91cb35abb8e9049 5492 
amd64-microcode_3.20171205.1_amd64.buildinfo
 74d02f74e8b9cb356b60c698074e934f6ea8584ab9745d105d2f6c59af08ccc4 33552 
amd64-microcode_3.20171205.1_amd64.deb
Files:
 0eba85b5d311cdf41fa7098849c176e6 1695 non-free/admin standard 
amd64-microcode_3.20171205.1.dsc
 08f313b93f291ace283d90964059f55b 32584 non-free/admin standard 
amd64-microcode_3.20171205.1.tar.xz
 212afb96ba51f15abf162e51be76d024 5492 non-free/admin standard 
amd64-microcode_3.20171205.1_amd64.buildinfo
 5d24b0d531d7ed697619181c8f039d91 33552 non-free/admin standard 
amd64-microcode_3.20171205.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlpT7lUACgkQ/hG/posV
jpgLHQ/9H0KE5L7xjtC1qLFr+TGUHJNoo0rYj/wkCj0wCV1DABBCArTQBH63GFtf
xLTp/ClfhU98GAh3hlh6CzSULfFH4GMY1s+gJ9K/K9tcPUQ51bwdpsw7nWSSU6hr
8vTo99CHX2gsLnz6Lb8mfTdX/QLJ6RYJUS3f+KAOdGt3Sy7rDEz7bvs+icreZQaO
5ChVTXidyAPFsjUPbHa7pBcGpdyYjCEt9pk/tUD/29acVGFqTcgzVPyG+vJIpRFm
7UE8fznuH/oFjuMf08QSyFj++PZx9LjY8Y+OML1ncMyWZ+mUIGotUKKAUoZpC4u3
DqevzPLSYtfRGQ+4TbqbDE2/CHhRl66+2IOcSJ9w1P7Y8KV+0ygFcC/bzbEpNany
7lHzUx5b3w6tjU1YgZXktgoeP6zCn1IA83MUvbKJgaZdVwkQAmYDIY0oqU76+ykE
oUyuVqW0IwGjeiyg61vgP0u6CWvfCVWcCIOL0xQ4NmzAuXITle89FZdD7Tftek0z
YTRe0O6LlopdN1IzlujUR21AXrprKB2tMO+NqKnHS8+8SffP6CWf5wFxkhLukgc7
NfPct8bOUlKtyxLP5mDTG7GpfyEVrjAkH8XyC+y8IMfwlaycDkIM8P8IGbH+S2rQ
SjRpGxc9aXeWqy/UbvrPwfTfch/fkthjoFUKcCC393J8xl9a8P4=
=Dooq
-END PGP SIGNATURE-

Accepted intel-microcode 3.20171215.1 (source amd64) into unstable

2018-01-04 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2018 23:04:38 -0200
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20171215.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 886367
Changes:
 intel-microcode (3.20171215.1) unstable; urgency=high
 .
   * Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
 New upstream microcodes to partially address CVE-2017-5715
 + Updated Microcodes:
   sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
   sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
   sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
   sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
   sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
   sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb25, size 27648
   sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x23a, size 27648
   sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
   sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
   sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
   * Implements IBRS and IBPB support via new MSR (Spectre variant 2
 mitigation, indirect branches).  Support is exposed through cpuid(7).EDX.
   * LFENCE terminates all previous instructions (Spectre variant 2
 mitigation, conditional branches).
Checksums-Sha1:
 c474a75e175c04553cf6cf4a5f1164789117f4ff 1797 intel-microcode_3.20171215.1.dsc
 02ef58073ad7e3adbb841e8acd98610aa6d5cb5e 2177512 
intel-microcode_3.20171215.1.tar.xz
 d7d6f83f656fa33b05cf017132aded03f1e9d7b9 5522 
intel-microcode_3.20171215.1_amd64.buildinfo
 e4380986b6fb7e023684d4c206229bf852482148 1279728 
intel-microcode_3.20171215.1_amd64.deb
Checksums-Sha256:
 055a7f5f01644d6793c595f6b90875344ee79a0d4ab1078b7a1aec5c358e59d7 1797 
intel-microcode_3.20171215.1.dsc
 eca8efc0a6dc456a8723204477e229577c1079fa5c1a10b6ba95d11e261ffa4d 2177512 
intel-microcode_3.20171215.1.tar.xz
 ffc513983adc997cc938fd30685b8ee56c4257bdce2dd94fa92866cedc3e8017 5522 
intel-microcode_3.20171215.1_amd64.buildinfo
 78929ffb1de5db97468d0cb9d7bab8e3642e69af1c4c099056faadd9d419f68a 1279728 
intel-microcode_3.20171215.1_amd64.deb
Files:
 26745f6401d7fe5f63d398793676d5f3 1797 non-free/admin standard 
intel-microcode_3.20171215.1.dsc
 67c3e15bacf2171245243ee0cfde6f1c 2177512 non-free/admin standard 
intel-microcode_3.20171215.1.tar.xz
 869872d5035d458122f325f4318b61eb 5522 non-free/admin standard 
intel-microcode_3.20171215.1_amd64.buildinfo
 9dfc25b786ece3adb849ee570fc14636 1279728 non-free/admin standard 
intel-microcode_3.20171215.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlpOz74ACgkQ/hG/posV
jpjg+RAApwUKVdy7gfGrDgHejvzFU8Uvg1/1R40YyKWeJ5hnik5soyIhEtnFj4nC
JoFKf+jSRgmzx7JdUubWfpeJsyxgR/HcUjwf8PzDjCzMWbkz5K8U9MPinsf5ngC8
clLFhPO4r17CBVV8MiWy0vAnaL1zalmUtAG23SvIsBRrJWs41mP1D9Yud1kzILwE
s3hXsTXnKpQxwxqsV1+ze1ZhJvDd3AEXhblXatRKcy7Wvg2w8QXkwpBF7RqZ5CxL
KSHwZJlVwA0a4LmM/v7W5gRcGh7lY0AqhqViA3Tns5U4V5NOSPV3/ApSZgSWUWRG
DihJh2BIR/2K8vrHX2H5YJi1pq9c+S/dGFlpXDF6omrCexTfBoAQRVNMmw11xFjI
3gPfHGB2kggNS8vkrM2Z6X4o48y24zfBacmg2terM/0ITfI/sW2W5s63ltP05qya
CAj7MWDIYcaifR6SqyL0ofv8zaCG0jwTb+hrshXbihPbjJxiYN5yWlK+5VgqhP+3
6oPSO09Mt5meERBUWGq+SFA+S1diKv/Zu6Ak+uut6j2LivqkBVrf4L1BGt8LHHXB
FgLaI2+zH2IgeQWFGETWUlA33Xd3lABlROtpLmqDMShrw651t8qnuV7IPu8sV4sY
UhfUNNY9Lu44NDM36ctIX9BQluaaaXTvPpZ99T7hp0X/filQl9U=
=cSdS
-END PGP SIGNATURE-

Accepted autotools-dev 20171216.1 (source all) into unstable

2017-12-16 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 16 Dec 2017 13:05:22 -0200
Source: autotools-dev
Binary: autotools-dev
Architecture: source all
Version: 20171216.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 autotools-dev - Update infrastructure for config.{guess,sub} files
Closes: 879509 884458
Changes:
 autotools-dev (20171216.1) unstable; urgency=medium
 .
   * Sync to upstream git 2017-12-16
 [commit f5641da650f5b82367a70983762bbf0e9db0a891]
 + Add or fix support for some non-Linux platforms (closes: #884458)
   * Acknowledge NMU 20161112.1+nmu1 (closes: #879509),
 thanks to: Niels Thykier.
Checksums-Sha1:
 afe8979a57d032833a2a0be5e0fb95a32fd0b4c1 1655 autotools-dev_20171216.1.dsc
 c66347632cc5bd83458c84ac86335692397350f4 67188 autotools-dev_20171216.1.tar.xz
 a49f1d0922195ee37906804fb35f6523f596d636 75920 autotools-dev_20171216.1_all.deb
 8a6b5304d04d48dd036637e16b2ccbba1849c679 5460 
autotools-dev_20171216.1_amd64.buildinfo
Checksums-Sha256:
 79c644f3d06efd476083f8c68b2b23f4fd1c12b85d8816d6d029683e12ed93d3 1655 
autotools-dev_20171216.1.dsc
 c5327639b386eceeb84709b826e625d80c0a7255f9344ff39104297f21d6ecd3 67188 
autotools-dev_20171216.1.tar.xz
 b535cc9dfbae94f57bbfdb3e9706e7057cbbc267283544a2b34ca94f059b2788 75920 
autotools-dev_20171216.1_all.deb
 b165dcf627930425386080133aee8ba07199a5b8c516bd905e698d81ce54d2ba 5460 
autotools-dev_20171216.1_amd64.buildinfo
Files:
 e4c25ba8e233f322f31e44152111ccfa 1655 devel optional 
autotools-dev_20171216.1.dsc
 97b21e8f1abd93076cf78d0198ec6136 67188 devel optional 
autotools-dev_20171216.1.tar.xz
 0b0c773e636685fa7d8dc979016a223a 75920 devel optional 
autotools-dev_20171216.1_all.deb
 808ffbdf332e6d4f57fd6e88d1e9cf46 5460 devel optional 
autotools-dev_20171216.1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlo1OgUACgkQ/hG/posV
jpgGvxAAifIohhjMmWFHpYODIkGh+yvq0p+yhXRVoYSCkqi+bta6XvPHudAcghlu
63dLIo7vNo5+NoPct3/TWQC5CIyZ7qC+SOKGAPr56r6Yl6nAmKWg5UwDteZjKW/F
FDI/kFRvQF0ewvmaRBb2s4mwAxbJJ14IpejHS6WxVlBOmsNF8bCYIbyrV9wvKJiA
eUENZHt/xAceZjXPh6JLM+ATEL3lMT9+bGlrkM5k+6lsJ9TpFqmAWWIUV6HTeQ/9
FSwNvooslZ/kpuj+e66rYrQjsdC7SgK4pcVNFR0DbnPZrICxLfwJet7z/J2aB+s8
C3FTPb9iXFs2IMeTrUMpt0cA+aCRFgZY3EURQfe4NsYGHSPMN7b+8WXprxYf46rL
w0AOVYgytuyF9TqC5vPap3qRet/DomplMwOcyVhga5iNb4zgWyXHBMCH9D4Zh5CL
iMY6yKG8R+13Nz64ay0oHPI1rwGoPCacr92Cn1KOjEJNr0vfHScN2biGvwFLuuQq
P3TEh4FP81O11Rh0zlKsaIgYyBVXYpM7TkBUZ0KHSbPaSo0OP2kAWxFEpcq52FrJ
uBpZ1eVYWDk/PWrhozxEVZlRjiCFMLdZfhkQGppxZV5pzvMHrFoP4nTM19zsv/1z
XLecnBsty9PXoOjzF9IGWFJvQ+XKdvHN45APeptNOFOGM9bLKSA=
=TZIu
-END PGP SIGNATURE-

Accepted intel-microcode 3.20171117.1 (source amd64) into unstable

2017-11-18 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2017 18:55:09 -0200
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20171117.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20171117.1) unstable; urgency=medium
 .
   * New upstream microcode data file 20171117
 + New Microcodes:
   sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
   sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
   sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
   sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
 + Updated Microcodes:
   sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x235, size 26624
   sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
   * source: remove superseded upstream data file: 20170707.
   * source: remove unneeded intel-ucode/ directory for 20171117.
   * debian/control: bump standards version to 4.1.1 (no changes)
   * Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
   * README.source: fix IUC_EXCLUDE example and minor issues.
   * Makefile, README.souce: support loading ucode from directories.
   * debian/rules: switch to dh mode (debhelper v9)
   * ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
 loading.
Checksums-Sha1:
 15def54eb88c5a6c2afd49730e4c3709347d70e2 1797 intel-microcode_3.20171117.1.dsc
 9571f4625c03a3c1d2333664b0251002ad9b1b94 1798180 
intel-microcode_3.20171117.1.tar.xz
 3fec6735807256ee9008c389c22e706df2250774 5526 
intel-microcode_3.20171117.1_amd64.buildinfo
 8f62e0e558a08f07073d58d21ef48ed14276896a 1269688 
intel-microcode_3.20171117.1_amd64.deb
Checksums-Sha256:
 18672d56b089fc0f76d6c4df83a07dec412d7670125d6f79290925d1f512a8e7 1797 
intel-microcode_3.20171117.1.dsc
 430127361699205a0fbf7c5e6d399feff702292d8862472a46bcc1e24a8660a3 1798180 
intel-microcode_3.20171117.1.tar.xz
 a42f0d27bdef39e48d8fdf277091328e73babaac0b5ce8fa2521ba16bcbd941e 5526 
intel-microcode_3.20171117.1_amd64.buildinfo
 fa9fb4d3e01d016565c351a2d764d18a33752cf498f43ff2d63fd3bd813f3e69 1269688 
intel-microcode_3.20171117.1_amd64.deb
Files:
 07c7c8f484b4aad44a8b43f80a1f326f 1797 non-free/admin standard 
intel-microcode_3.20171117.1.dsc
 66d97d00588ec8aebf811efdee03a630 1798180 non-free/admin standard 
intel-microcode_3.20171117.1.tar.xz
 114324b2eacd47233f9d7da7462e6a3a 5526 non-free/admin standard 
intel-microcode_3.20171117.1_amd64.buildinfo
 55c576cee08481c321f505e18a5a0ff7 1269688 non-free/admin standard 
intel-microcode_3.20171117.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAloQrQQACgkQ/hG/posV
jpgDnA/+OtUs5dYIM04Dub1NdpIYuick2TK9gvQpWjtKD49ehatfY+Wwv2ZAQIb8
q57+dXx0RA4/svLa1K1Ugy2VgKKHRuSAD+T7LqTlfcfOe7J6D+LWPu0YWVeN7Aqr
GI46i2nfzy1PBbf5qYzcLjyGKgS45nlb2Cq/17HAO7sQLToznIBSNqKWvhn4yT8s
WjTxU2003U6Tyb2juHJ5//381Uz9xfk9czehYVifOzYpCID81hwHIhfljI3oLphH
cekugbAmVxsjXm3IRPeOBZOI6P7DTEyD6V5O4Aob3apQz4xDjHG4iLPZiZcxcn+l
HvyvoMED3hEZzJgNA58SMdc4fBOU5QKyq7aYRblp0fsTrzZGWfZiJD8XhptwPgm2
9f3vpABwz9reFtWemw1+9C+4r+dt0m380LezBGwthrRL8sv1KceqZ+h2tr5Tmz9j
H9t1WGpmcmoouArQrkKuwMeX5IdhU7cOkEB3G2tLIlV23cmJCNYZLhM1i+W/patV
8cInwLZP5BZcA3tvILBKWbZ+oKTPh2+SHulvbgxfbhzTKityUqi1fFU2x4kZoNI2
vTGsEwd4ffq1R4GSlBzgfc9ulFgeSdazBp9Rf2q+8k5oaqsdA3m0nZOp/i+afX7u
0SDWlYsmAZCFxN86Xyf9AptmLCWw/vA8SlPMz0zSP/VGtofaazM=
=OzOQ
-END PGP SIGNATURE-

Re: Summary of the 2038 BoF at DC17

2017-09-01 Thread Henrique de Moraes Holschuh 
On Sat, 02 Sep 2017, Steve McIntyre wrote:
> Massive numbers of libraries are going to need updates, possibly more
> than people realise. Anything embedding a time_t will obviously need
> changing. However, many more structures will embed a timeval or
> timespec and they're also broken. Almost anything that embeds
> libc-exposed timing functions will need updating.

Let's not forget about several archive formats, too, such as cpio.  They
have to be extended/replaced.

-- 
  Henrique Holschuh

Accepted iucode-tool 2.2-1 (source amd64) into unstable

2017-08-28 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 28 Aug 2017 15:47:46 -0300
Source: iucode-tool
Binary: iucode-tool
Architecture: source amd64
Version: 2.2-1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 iucode-tool - Intel processor microcode tool
Changes:
 iucode-tool (2.2-1) unstable; urgency=medium
 .
   * New upstream release:
 + README: update for mixed dat and bin Intel releases
 + README: add an example of microcode with multiple sigs
 + iucode_tool: fix microcode count when selecting extended signatures
 + build tooling changes
   * debian/docs: ship upstream NEWS file.
   * debian/control: build-depend on newer automake.
 Upstream now requires automake 1.13 or newer.
   * debian/copyright: add licenses for m4/
   * debian/copyright: use https for format URL
   * debian/{watch,upstream/signing-key.asc}: support upstream signature 
checking
   * debian/control: bump standards version to 4.1.0
Checksums-Sha1:
 805688fe53bd33c5ffe5c8af0a38dfd444833ad9 1965 iucode-tool_2.2-1.dsc
 99885a64a73a8983e8b07e61759ccff6e4b29c61 149896 iucode-tool_2.2.orig.tar.xz
 a74e951a871018461b2151fc21f14c9a2b508dd2 19660 iucode-tool_2.2-1.debian.tar.xz
 c3337abe26df16e334a030d2459a49921bfa822f 42828 
iucode-tool-dbgsym_2.2-1_amd64.deb
 8250eb2b971a7c5c18fd1d133ba7d0ad39540826 5624 iucode-tool_2.2-1_amd64.buildinfo
 e99f5079a920d453dd1751e3c833c9e9c95c3929 58314 iucode-tool_2.2-1_amd64.deb
Checksums-Sha256:
 b451127e6fd3df4b01720ace1a08b7230c47139846bdd6bb3628b848b7c54dac 1965 
iucode-tool_2.2-1.dsc
 9810daf925b8a9ca244adc4e1916bcab65601c9ebe87e91c2281f78055982971 149896 
iucode-tool_2.2.orig.tar.xz
 b3295bcdbf028af26dc1d76fdf790bf044b6aed7427a78a3789a490c4e7b5904 19660 
iucode-tool_2.2-1.debian.tar.xz
 bc1e83b1037da89e316a9065a1f9f737f6b74b3850af7af00df854eb9ada3460 42828 
iucode-tool-dbgsym_2.2-1_amd64.deb
 a669f8d3552e6a98cd452fe436a32ced7c676a6e259a5d8d406c3c5294dc31f8 5624 
iucode-tool_2.2-1_amd64.buildinfo
 28ee5c7579bf5671320b9cad8ac9a104dc153d9593a67f4d83f94c57cc6c0859 58314 
iucode-tool_2.2-1_amd64.deb
Files:
 55303814af8c22e7879d13e8f2553003 1965 contrib/utils optional 
iucode-tool_2.2-1.dsc
 f6cc22c89b66e4f1ff87af36197cdfaa 149896 contrib/utils optional 
iucode-tool_2.2.orig.tar.xz
 c43c1a040cadb4ae4f1e0d2d4a02b931 19660 contrib/utils optional 
iucode-tool_2.2-1.debian.tar.xz
 1b5ec2b1e42a4c8fa3f9d064cf9fe996 42828 contrib/debug extra 
iucode-tool-dbgsym_2.2-1_amd64.deb
 4629a8584f7beb002190cdd9392d52b8 5624 contrib/utils optional 
iucode-tool_2.2-1_amd64.buildinfo
 5d5e2306509b324a6cef21c259efa801 58314 contrib/utils optional 
iucode-tool_2.2-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEq7GuO+cOOhDUp+2l/hG/posVjpgFAlmkahQACgkQ/hG/posV
jph1LA/+OcOSusvW2FSI5RrAEkli+GqeKQWeb+T7p6mHx2Va1JyRcfbD7J3rD9tG
HaRZ2WVkyymv0RnbNNZCfloKGcfInwYnyNLO12vHXyjDZibDeCumsh5sys+mHiYM
u7CxaqoCJKPB3dXOv4EvBJpIe5IYaL5Srz0qLPZEWVYJj2nwza61Bz6wyQgeiops
HMMJiZ8fraW57xO9bCTLWN5rphlTwetI4xoV/SaCMCy0JLllYT2s22p9HrE1iSgK
1LCN1JMc/qSRF2hb9gmEknOhSojVkHSh4OYdYiqyMq5Jv5lJEkcMwd/FIDF4RZij
gIjsKzJqUcQPEGvfJ2z8wovV9F4KYheOghUl9S7VdotuuT9GjTijGn6FBAhbEYAg
HSleV3CeLHd04npwL065Q0JLsebhQokOSZnbztSM2VwAl/IZV+EWMa5xpkzIOzwZ
PO8PvBXJ7wEgFgV747an5Fyec8TvCHvylalgpdx3ZiwlgahCJtAm5gQr8MwA/uE5
GOBPMCwEa2z9tToL497XPhCB1CSxlrQ3s3iyC0etI9v5U4gZFBGz3xDG/J9MDQ3+
VVAO8gKwzmh9cUng/3yF+tTzI6qfTRydNBD5KEMDcfhn9scDTP287Ry12QwUVXZj
YpF4MqQ7GNv5v+QbOkkErv+BV2gExIqL6G5f96qa3wNpk2mQ2sM=
=f5Fu
-END PGP SIGNATURE-

Re: X facts about Debian - some fact checking and looking for ideas.

2017-08-28 Thread Henrique de Moraes Holschuh 
On Mon, 28 Aug 2017, shirish शिरीष wrote:
> It would be helpful if somebody has one of the 1996 packages snapshots
> and can share how the changelogs were at that point of time. That
> might give a bit of reference as to how things were and if there were
> any changes between them and now.

http://archive.debian.org/debian/pool/main/libc/libc/

Will give you glibc 5, from 1998, but the packaging is from 1999.  It
already had separate changelogs.

> Also the crucial question if whether this idea came in Debian first
> and then flowed to other distributions or was it was first used in
> Redhat and then came to Debian would be interesting in itself.

Sorry, I have no idea about that.  But it is such an obvious thing to do
once you have "distro versions" (which RedHat *already had*), that I'd
bet the dual changelogs came from whomever started with distro-specific
versioning first.

Take a look at early slackware, it is the oldest you can still find.

http://futurist.se/gldt/

-- 
  Henrique Holschuh

Re: Call for volunteers: FTP Team

2017-08-17 Thread Henrique de Moraes Holschuh 
On Thu, 17 Aug 2017, Joerg Jaspert wrote:
> On 14767 March 1977, Jonathan Carter wrote:
> >> it has been quite a while since the last call for volunteers, so here is
> >> an update: Yeah, we still need people, and we want you. Well, that is,
> >> if you are a Debian Developer, for this. If you are not and want to
> >> help, read the last paragraph please.
> > If someone hypothetically joins, are they allowed to rename the FTP team
> > to something that doesn't include "FTP"?
> 
> GopherTeam?

archive team, really.  But where's the fun in that?

funmasters, maybe?  it is only a two-letter change...

-- 
  Henrique Holschuh

Intel Skylake/Kaby Lake Hyper-threading bug update

2017-07-23 Thread Henrique de Moraes Holschuh 
TL;DR: Intel has issued public microcode updates in 2017-07-07, fixing
the hyper-threading errata on every affected processor.  These updates
have been included in the stable and oldstable point releases from
2017-07-22.

The microcode updates in the "intel-microcode" packages with the base
version of 3.20170707.1 fix the hyper-threading defect on every known-
affected Intel processor, including Kaby Lake and all variants of
Skylake.

Updated intel-microcode packages are already available for oldstable,
stable, testing, unstable, jessie-backports-sloppy and
stretch-backports.

For more details and instructions, please refer to:
https://wiki.debian.org/Microcode


FAQ about the "hyper-threading defect":

Q. Does the Intel "microcode update" that fixes the defect remove
   hyper-threading support?

A. The updated microcode *fixes* hyper-threading, it does *not* remove
   hyper-threading support.


Upgraded microcode information related to these errata:

Skylake D0/R0 (mobile/desktop), signatures 0x406e3, 0x506e3:
Known to be fixed in microcode revision 0xb9/0xba and later.  Public fix
available in linux microcode 20170511 and later.

Skylake H0 (server/HEDT/X-series), signature 0x50654:
Known to be fixed in microcode revision 0x222 and later, and it
might have been fixed since revision 0x21a.  Public fix available in
linux microcode 20170707 and later.

Kaby Lake H0/B0 (mobile/desktop), signatures 0x806e9, 0x906e9 (pf mask 0x22):
Known to be fixed in microcode revision 0x5d/0x5e and later.  Public fix
available in linux microcode 20170707 and later.

Kaby Lake X-series, signature 0x906e9 (pf mask 0x08):
These processors are *NOT* affected when installed in a *supported*
motherboard configuration (i.e. one that had its firmware updated to be
compatible with Kaby Lake X-series).  The launch production microcode
already has the fix (believed to be microcode revision 0x5d or later
based on the processor flags mask).

Kaby Lake Y0: signature 0x806ea:
Known to be fixed in microcode revision 0x65/0x66 and later, and it
might have been fixed since revision 0x5d/0x5e. Public fix available in
linux microcode 20170707 and later.


References from the original advisory:

https://caml.inria.fr/mantis/view.php?id=7452
http://metadata.ftp-master.debian.org/changelogs/non-free/i/intel-microcode/unstable_changelog
https://www.intel.com/content/www/us/en/processors/core/desktop-6th-gen-core-family-spec-update.html
https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html
https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html
https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v5-spec-update.html
https://www.intel.com/content/www/us/en/products/processors/core/6th-gen-x-series-spec-update.html

New references:

The two new references below contain material that was not known to the
Debian maintainers or to the Debian project:

https://medium.com/ahrefs/skylake-bug-a-detective-story-ab1ad2beddcd
http://gallium.inria.fr/blog/intel-skylake-bug/

-- 
  Henrique Holschuh

Re: Naming of network devices - how to improve it in buster

2017-07-15 Thread Henrique de Moraes Holschuh 
On Sat, 15 Jul 2017, Adam Borowski wrote:
> > This will match any interface that has MAC address 01:23:45:67:89:ab,
> > and will use the "foo" stanzas to configure it.
> 
> Awesome!  This sounds like the best solution so far.

It is indeed Very Cool, but it might not solve one little thing:
iptables firewalling.

Is that a way to trigger an ifrename using this, so that the network
device ends up being named "foo" ?

-- 
  Henrique Holschuh

Re: Naming of network devices - how to improve it in buster

2017-07-14 Thread Henrique de Moraes Holschuh 
On Fri, 14 Jul 2017, Tom H wrote:
> > I've never seen the kernel vary the order it enumerates a PCI bus.

It doesn't, the last time it changed was on 2.4->2.6.

OTOH, *driver probe* ordering can and does change, especially when
device probes are being done in parallel.  It is best to not get bus
enumeration (and even device endpoint enumeration) confused with device
*registration* by kernel drivers.

> For PCI Express; for all I know, other technologies might enumerate
> differently or change the enumeration method with different driver
> versions.

Most buses are stable as far as enumeration goes: we don't have HBAs and
endpoints being renumbered across boots at all for PCI and PCIe and even
USB.

But bus device enumeration is separate from device register ordering.

> Per driver. There's no guarantee that the kernel will load the drivers
> in the same order at boot. There was even a (specific) note in one of

Indeed.  Unless you add modules for which you care about the load order
to /etc/modules.  Those are staticaly loaded first (obeying dependencies
by depmod, though) even by the initramfs.  It has been supported for a
decade or more.

That *still* won't help for some drivers, where parallel *device* probes
are done AND device answer speed mandates which one will register first.
This does *not* apply to PCI/PCIe NICs handled by the same kernel
driver, but it very likely applies to USB for example.

> The classic naming scheme for network interfaces applied by the kernel
> is to simply assign names beginning with "eth0", "eth1", ... to all
> interfaces as they are probed by the drivers. As the driver probing is

Unfortunately, this is incorrect.

MOST PCI/PCIe NICs indeed use "ethX", etc.  But the naming scheme really
is device driver-specific, and the "default" name used by a driver is
considered part of the kernel stable ABI, and cannot be changed on the
kernel side unless it is done opt-in at kernel config time (kconfig) or
at boot time (kernel command line, device tree, etc).

That said, most consumer devices nowadays are handled by drivers that
will use either ethX or wlanX by default.

> generally not predictable for modern technology this means that as soon
> as multiple network interfaces are available the assignment of the names
> "eth0", "eth1" and so on is generally not fixed anymore and it might
> very well happen that "eth0" on one boot ends up being "eth1" on the
> next.

Correct, in the general case.

-- 
  Henrique Holschuh

Re: Naming of network devices - how to improve it in buster

2017-07-12 Thread Henrique de Moraes Holschuh 
On Wed, 12 Jul 2017, Michael Biebl wrote:
> Am 12.07.2017 um 18:58 schrieb Matt Zagrabelny:
> > On Wed, Jul 12, 2017 at 11:47 AM, Michael Biebl  > > wrote:
> > 
> > Am 12.07.2017 um 17:35 schrieb Marc Haber:
> > > My finger memory will still type tcpdump -i eth0 before the brain can
> > > intervene ten years from now.
> > 
> > thankfully tcpdump (and lots of other tools) have nice shell completion.
> > tcpdump -i  works great her.
> > 
> > 
> > Agreed. However, I'd still rather deal with names like /dev/sda and eth0
> > than /dev/disk/by-id/ata-SanDisk_SSD_U100_252GB_122339300522 and en.
> > 
> > It is kind of like using people's first names as opposed to their Social
> > Security Number (in US) or other form of national identification. I know
> > when I can use the name Matt and I know who it refers to, even if
> > another Matt enters the room. I'm comfortable with eth0 being the name,
> > even when another interface appears.
> > 
> > I completely understand, and largely agree with, the need for persistent
> > naming - but I think we are selling ourselves and our users short by not
> > pressing harder for network interface aliases. It seems to be too useful
> > of a solution for this problem.
> 
> Indeed, the best solution would be to never rename the interfaces and
> simply create aliases / symlinks. Then again, I'm no kernel hacker so I
> have no idea if that would be feasible.

ip link set dev eth0 alias foo0

But don't expect everything to work right with this: it is the same
mechanism that was used for adding "extra IP addresses" when using
braindamaged crap from a decade ago (old ifconfig), so I very much bet
there are going to be stuff misbehaving...

The obvious thing would be to just tell the kernel to change namespaces
in the first place (kconfig + command line), and have userspace aware of
the kernel namespace using sysfs.  Just beware the kernel default would
be "unspecified" (and not "eth*", etc) because this is not central
policy in the kernel at all).  I have never understood why this wasn't
done, since it is absolutely trivial to implement, even if it is a lot
of busywork (you have to patch each !@#$ network driver).  But you could
clean up a _LOT_ of crap kernel side while at it, AND create both a
central point for naming this stuff AND better device grouping, so it
would be worth the trouble.  And it would be opt-in, default N, and
detectable from userspace, so that it would not regress anything not
prepared for it.

-- 
  Henrique Holschuh

Accepted intel-microcode 3.20170707.1 (source amd64) into unstable

2017-07-09 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 08 Jul 2017 19:04:27 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20170707.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20170707.1) unstable; urgency=high
 .
   * New upstream microcode datafile 20170707
 + New Microcodes:
   sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x222, size 25600
   sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
   sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
   sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
 + This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
   SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
   Lake and Skylake processors: Skylake D0/R0 were fixed since the
   previous upstream release (20170511).  This new release adds the
   fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
 + Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
   (0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
   * source: remove unneeded intel-ucode/ directory
   * source: remove superseded upstream data file: 20170511
Checksums-Sha1:
 118e4c7ed4d25954d754cf6682109c0f1874465b 1783 intel-microcode_3.20170707.1.dsc
 06458204ca27809dcf098dcae271ef356e12ffc0 1483328 
intel-microcode_3.20170707.1.tar.xz
 2b8d3704a0f4d3053bc253d2d3da01d5a1720352 4622 
intel-microcode_3.20170707.1_amd64.buildinfo
 cc1fc080259d25f3a83387f493cbfc37b8017848 997706 
intel-microcode_3.20170707.1_amd64.deb
Checksums-Sha256:
 b80f21aec05f51cd32874ed6dc0e5ef589c2aa620d18970595278506b829baf1 1783 
intel-microcode_3.20170707.1.dsc
 58a2b0afa5ac6c86050230ae8133b88cd549e78743d3838dc057755a5bf5f0d1 1483328 
intel-microcode_3.20170707.1.tar.xz
 947a9d43c05de6ae3d33415ee6cc14bd7d6d3de17f85837f964634074e6d658e 4622 
intel-microcode_3.20170707.1_amd64.buildinfo
 5f9697f06f79dab4ea3ae37c186b0945583b17ad34f9c7c4c86f91bc374991b4 997706 
intel-microcode_3.20170707.1_amd64.deb
Files:
 cad861cf519b249117358fd50170a0fa 1783 non-free/admin standard 
intel-microcode_3.20170707.1.dsc
 9b37c9d638f3ef627dbc6a26a29851af 1483328 non-free/admin standard 
intel-microcode_3.20170707.1.tar.xz
 eac547e178e92da2f52f15384b1314a8 4622 non-free/admin standard 
intel-microcode_3.20170707.1_amd64.buildinfo
 1dd0d18f926286556214abb250fd7737 997706 non-free/admin standard 
intel-microcode_3.20170707.1_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJZYXEyAAoJEP4Rv6aLFY6YuV8P/Rgi0y5s484qnquvKBBX0kfv
23fH59N6GSV8+ELQT6Ft60hOSi6chLzqGGu8/D7LLhI4rwx9tWAngnRAhHNXpTL6
TEsjGUZdgW09J4AELK1kym8tm9basQkiRCTinGjlaRUYk0ASQpbozqlSHVgJ3r4p
OeZZmfgdefN7blTfiWdDjSHrUq44Pt5YsMQLFO50ZBWviEK1kI8ArnaVpfYi3BwZ
NUBm1i4ttJNGjbl234bnzlkk/LUZP91O1+YeHRUd28jxtw85lCmJXysD0WBFZXgu
dPQ/1OjPpyvtQfw+hePzDKEsLR0qMdbdqRJUL9KPJfjoWgRmrc/uWDVrcHgUXqB4
S0eFSWtr5SXaZ090Y2ZUkFimfhW0LqnWjsnfyuTsGhMA3rXMMLF2O/+7gm0Q/Fl0
A5DrtPfZlefQppLdpdLOMuQr6VlfpzoPd2wr7vcCabrfmplfDfy68Hy8G7Ls/eRg
5C0LWDz7p6HtuOq18tOzaXVbJlgd2iGGO6UWxg4lqp1+t+sIfcRnDjUzqkGsTqS3
/MQJ9YMXATjAokoK7B+oCTnCC9ku2EdqiDV2TKCwcfpqHeGEGVpub0iql1nSXB2O
EaVhf7hmRfSaBaoeOp0s8ZFCxGKGgX/C//uLQydIR+H8A7PctGlISBF9y50uWRDG
kGCZOjCWoO3h3E8U4jo1
=1JaY
-END PGP SIGNATURE-

Re: Corruption in CPU

2017-06-27 Thread Henrique de Moraes Holschuh 
On Tue, 27 Jun 2017, Armin Avdic wrote:
> Hello, I saw your article on corrupted data and I have reason to believe
> that the bad code goes as far back to Intel Pentium D processors, in my

The Intel Pentium D is a very old processor, and its hyper-threading is
very different from the recent processors.  It cannot be the same
defect.

> investigation I have seen that when hyperthreading is disabled the cpu acts
> ok no corrupted data or corrupted downloads however when enabled the
> corrupted data starts showing up and changing md5 completely.

We do ship some public microcode updates for several Pentium D
processors, but they're really old updates.  There is no guarantee that
they will fix your issue.

Note that it could be a problem elsewhere.  Those are old processors, in
old motherboards, with old system components (memory, power supplies,
etc).  And the current software (kernel, etc) is not often tested on
them anymore, so it could be a software problem, too.

If you want to try, please install intel-microcode as described in
https://wiki.debian.org/Microcode

Pentium D specification updates ("defect list"):
https://www.intel.com/content/www/us/en/support/processors/desktop-processors/07016.html
http://www.intel.com/content/dam/support/us/en/documents/processors/pentiumd/sb/310307.pdf
http://www.intel.com/content/dam/support/us/en/documents/processors/pentiumd/sb/306832.pdf

-- 
  Henrique Holschuh

Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

2017-06-27 Thread Henrique de Moraes Holschuh 
(updated perl script, it now needs the "liblist-moreutils-perl" package)

On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> > This warning advisory is relevant for users of systems with the Intel
> > processors code-named "Skylake" and "Kaby Lake".  These are: the 6th and
> > 7th generation Intel Core processors (desktop, embedded, mobile and
> > HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
> > well as select Intel Pentium processor models.
> 
> Attached, you will find a perl script that can help detect if your
> system is affected or not.  Many thanks to Uwe Kleine-König for
> suggesting, and writing this script.

Uwe Kleine-König was kind enough to update the perl script to fix the
broken hyper-threading detection.  The new version is attached.

NOTE: You may need to install the liblist-moreutils-perl package for the
script to work.

-- 
  Henrique Holschuh
#!/usr/bin/perl
# Copyright 2017 Uwe Kleine-König
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License version 2 as published by the
# Free Software Foundation.

use List::MoreUtils 'uniq';

open(my $cpuinfo, ") {
	if (/^$/) {
		push @cpus, { %cpu };
		undef %cpu;
	}
	
	$cpu{'cpunum'} = $1 if /^processor\s*:\s(.*)/;
	$cpu{'vendor'} = $1 if /^vendor_id\s*:\s(.*)/;
	$cpu{'family'} = $1 if /^cpu family\s*:\s(.*)/;
	$cpu{'model'} = $1 if /^model\s*:\s(.*)/;
	$cpu{'stepping'} = $1 if /^stepping\s*:\s(.*)/;
	$cpu{'microcode'} = $1 if /^microcode\s*:\s(.*)/;
	$cpu{'core id'} = $1 if /^core id\s*:\s(.*)/;
}

my $num_cpus = @cpus;
my $num_cores = uniq map { $_->{'core id'} } @cpus;

foreach (@cpus) {
	print "cpu " . $_->{cpunum} . ": ";
	if ($_->{'vendor'} eq "GenuineIntel" and $_->{'family'} == 6) {
		my $model = $_->{'model'};
		if ($model == 78 or $model == 94) {
			if ($_->{'stepping'} eq "3") {
my $microcoderev = $_->{'microcode'};
print "Your CPU is affected, ";
if (hex($microcoderev) >= 0xb9) {
	print "but your microcode is new enough\n";
} elsif ($num_cpus == $num_cores) {
	print "but hyper threading is off, which works around the problem\n";
} else {
	print "you should install the latest intel-microcode\n";
}
			} else {
print "You may need a BIOS/UEFI update (unknown Skylake-Y/H/U/S stepping)\n";
			}
		} elsif ($model == 85 or $model == 142 or $model == 158) {
			print "You may need a BIOS/UEFI update (Kaby Lake, or Skylake-X processor)\n";
			print "Note: Kaby Lake X-series processors (i7-7740X, etc) are not affected\n";
		} else {
			print "You're likely not affected\n";
		}
	} else {
		print "You're not affected\n";
	}
}

Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

2017-06-26 Thread Henrique de Moraes Holschuh 
(updates, hopefully the last ones...)

On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> Fast-forward a few months, and Mark Shinwell noticed the mention of a
> possible fix for a microcode defect with unknown hit-ratio in the
> intel-microcode package changelog.  He matched it to the issues the
> OCaml community were observing, verified that the microcode fix indeed
> solved the OCaml issue, and contacted the Debian maintainer about it.

There are a few factual incorrections in the advisory text, which were
entirely my fault, and for which I apologise.  The corrections are
below:

1. It was one of the OCaml bug reporters (by the handle of ygrek) who
   first noticed that the 20170511 microcode update could be relevant,
   and not Mark Shinwell.

2. Various other bug reporters and OCaml developers, some under request
   from Mark and some by their own volition, helped out and devoted
   substantial time to investigating the issue.

I apologise to those involved: to "ygrek" for misreading the bug report
and attributing to Mark Shinwell the correlation between the SKL150
erratum description and the OCaml compiler issue report; and to all
members of the OCaml community that worked on the issue both in the bug
report and behind the scenes, for not explicitly crediting their effort.

The original OCaml bug report is listed in the references section at the
end of the advisory (and also in this update).

> Related processor signatures and microcode revisions:
> Skylake   : 0x406e3, 0x506e3 (fixed in revision 0xb9/0xba and later,
>   public fix in linux microcode 20170511)
> Skylake   : 0x50654  (no information, erratum listed)
> Kaby Lake : 0x806e9, 0x906e9 (defect still exists in revision 0x48,
>   fix available as a BIOS/UEFI update)

The recently launched "Kaby Lake-X" processors (signature 0x906e9,
socket LGA2066) are documented by Intel as *NOT* being affected by the
KBL095 defect.  This information comes from table 16 of the latest
revision of the "7th gen. Core Family specification update" (which is
listed in the references section).

Please note that the "7th gen. Core i7 X-series processors" (Kaby
Lake-X) both support hyper-threading and share the processor signature
(family, model number and stepping) with "Kaby Lake-H/S" processors.
The tests in the advisory (and also the perl script) will *incorrectly*
report Kaby Lake-X processors as affected.

References:
https://caml.inria.fr/mantis/view.php?id=7452
http://metadata.ftp-master.debian.org/changelogs/non-free/i/intel-microcode/unstable_changelog
https://www.intel.com/content/www/us/en/processors/core/desktop-6th-gen-core-family-spec-update.html
https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html
https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html
https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v5-spec-update.html
https://www.intel.com/content/www/us/en/products/processors/core/6th-gen-x-series-spec-update.html

-- 
  Henrique Holschuh

Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

2017-06-26 Thread Henrique de Moraes Holschuh 
On Mon, 26 Jun 2017, Holger Levsen wrote:
> Are there any other public bug reports which got fixed by this, or is the
> ocaml issue the only known issue which gets fixed by installing this microcode
> update?

As far as I know, so far OCaml is the only one that was verified to be
caused by the SKL150 erratum.

I got some comments about the advisory after it was published.  According
to a couple of those, the code pattern that triggers SKL150 is one that
is usually avoided [by compilers and hand-optimized assembly] due to
performance reasons.  Apparently, it is explicitly documented as being
slow by Intel optimization manuals.

That may well mean the pattern is rare enough that nothing else in
Debian is affected.

-- 
  Henrique Holschuh

Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

2017-06-25 Thread Henrique de Moraes Holschuh 
Minor update on the issue:

The check command provided in the advisory to test for hyper-threading
doesn't work: it will always report hyper-theading as enabled.  A better
command is provided below.

Note: this also means the perl script will give some false-positives.
I apologise for the inconvenience.


On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> Once you know your processor model name, you can check the two lists
> below:
> 
>   * List of Intel processors code-named "Skylake":
> http://ark.intel.com/products/codename/37572/Skylake
> 
>   * List of Intel processors code-named "Kaby Lake":
> http://ark.intel.com/products/codename/82879/Kaby-Lake
> 
> Some of the processors in these two lists are not affected because they
> lack hyper-threading support.  Run the command below in a command line
> shell (e.g. xterm), and it will output a message if hyper-threading is
> supported/enabled:
> 
>   grep -q '^flags.*[[:space:]]ht[[:space:]]' /proc/cpuinfo && \
>   echo "Hyper-threading is supported"

The above test (using "grep") does not work, and will always report that
hyper-threading is enabled.

Please use the "lscpu" utility from the util-linux package in a command
line shell (e.g.  xterm):

lscpu

If the lscpu output reports: "Thread(s) per core: 2", that means
hyper-threading is enabled and supported.

If the lscpu output reports: "Thread(s) per core: 1", that means
hyper-threading either disabled or not supported.  In this case, the
specific defect mentioned in the advisory will not trigger.

-- 
  Henrique Holschuh

Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

2017-06-25 Thread Henrique de Moraes Holschuh 
For the record: the email with the perl script doesn't contain malware.

The "malware" alert came from an extremely badly configured system that
violates every best practice in the field: it sends email to every
original recipient (and not just to local users), and it FORGES its
headers to look like it was sent by the original sender.

-- 
  Henrique Holschuh


signature.asc
Description: Digital signature

Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

2017-06-25 Thread Henrique de Moraes Holschuh 
On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> This warning advisory is relevant for users of systems with the Intel
> processors code-named "Skylake" and "Kaby Lake".  These are: the 6th and
> 7th generation Intel Core processors (desktop, embedded, mobile and
> HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
> well as select Intel Pentium processor models.

Attached, you will find a perl script that can help detect if your
system is affected or not.  Many thanks to Uwe Kleine-König for
suggesting, and writing this script.

-- 
  Henrique Holschuh
#!/usr/bin/perl
# Copyright 2017 Uwe Kleine-König
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License version 2 as published by the
# Free Software Foundation.

open(my $cpuinfo, ") {
	if (/^$/) {
		print "cpu $cpunum: ";
		if ($vendor eq "GenuineIntel" and $family == 6) {
			if ($model == 78 or $model == 94) {
if ($stepping eq "3") {
	print "Your CPU is affected, ";
	if (hex($microcoderev) >= 0xb9) {
		print "but your microcode is new enough\n";
	} elsif ($hyperthreading ne "on") {
		print "but hyper threading is off, which works around the problem\n";
	} else {
		print "you should install the latest intel-microcode\n";
	}
} else {
	print "You may need a BIOS/UEFI update (unknown Skylake-Y/H/U/S stepping)\n";
}
			} elsif ($model == 85 or $model == 142 or $model == 158) {
print "You may need a BIOS/UEFI update (Kaby Lake, or Skylake-X processor)\n";
			} else {
print "You're likely not affected\n";
			}
		} else {
			print "You're not affected\n";
		}

		$cpunum = undef;
		$vendor = undef;
		$family = undef;
		$stepping = undef;
		$microcoderev = undef;
		$hyperthreading = undef;

		next;
	}

	$cpunum = $1 if /^processor\s*:\s(.*)/;
	$vendor = $1 if /^vendor_id\s*:\s(.*)/;
	$family = $1 if /^cpu family\s*:\s(.*)/;
	$model = $1 if /^model\s*:\s(.*)/;
	$stepping = $1 if /^stepping\s*:\s(.*)/;
	$microcoderev = $1 if /^microcode\s*:\s(.*)/;

	if (/^flags\s*:/) {
		if (/^flags\s*:.*\bht\b/) {
			$hyperthreading = "on";
		} else {
			$hyperthreading = "off";
		}
	}
}

[WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

2017-06-25 Thread Henrique de Moraes Holschuh 
This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake".  These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.

TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem.  Read this advisory for instructions about an Intel-provided
fix.


SO, WHAT IS THIS ALL ABOUT?
---

This advisory is about a processor/microcode defect recently identified
on Intel Skylake and Intel Kaby Lake processors with hyper-threading
enabled.  This defect can, when triggered, cause unpredictable system
behavior: it could cause spurious errors, such as application and system
misbehavior, data corruption, and data loss.

It was brought to the attention of the Debian project that this defect
is known to directly affect some Debian stable users (refer to the end
of this advisory for details), thus this advisory.

Please note that the defect can potentially affect any operating system
(it is not restricted to Debian, and it is not restricted to Linux-based
systems).  It can be either avoided (by disabling hyper-threading), or
fixed (by updating the processor microcode).

Due to the difficult detection of potentially affected software, and the
unpredictable nature of the defect, all users of the affected Intel
processors are strongly urged to take action as recommended by this
advisory.


DO I HAVE AN INTEL SKYLAKE OR KABY LAKE PROCESSOR WITH HYPER-THREADING?
---

The earliest of these Intel processor models were launched in September
2015.  If your processor is older than that, it will not be an Skylake
or Kaby Lake processor and you can just ignore this advisory.

If you don't know the model name of your processor(s), the command below
will tell you their model names.  Run it in a command line shell (e.g.
xterm):

grep name /proc/cpuinfo | sort -u

Once you know your processor model name, you can check the two lists
below:

  * List of Intel processors code-named "Skylake":
http://ark.intel.com/products/codename/37572/Skylake

  * List of Intel processors code-named "Kaby Lake":
http://ark.intel.com/products/codename/82879/Kaby-Lake

Some of the processors in these two lists are not affected because they
lack hyper-threading support.  Run the command below in a command line
shell (e.g. xterm), and it will output a message if hyper-threading is
supported/enabled:

  grep -q '^flags.*[[:space:]]ht[[:space:]]' /proc/cpuinfo && \
echo "Hyper-threading is supported"

Alternatively, use the processor lists above to go to that processor's
information page, and the information on hyper-threading will be there.

If your processor does not support hyper-threading, you can ignore this
advisory.


WHAT SHOULD I DO IF I DO HAVE SUCH PROCESSORS?
--

Kaby Lake:

Users of systems with Intel Kaby Lake processors should immediately
*disable* hyper-threading in the BIOS/UEFI configuration.  Please
consult your computer/motherboard's manual for instructions, or maybe
contact your system vendor's support line.

The Kaby Lake microcode updates that fix this issue are currently only
available to system vendors, so you will need a BIOS/UEFI update to get
it.  Contact your system vendor: if you are lucky, such a BIOS/UEFI
update might already be available, or undergoing beta testing.

You want your system vendor to provide a BIOS/UEFI update that fixes
"Intel processor errata KBL095, KBW095 or the similar one for my Kaby
Lake processor".

We strongly recommend that you should not re-enable hyper-threading
until you install a BIOS/UEFI update with this fix.


Skylake:

Users of systems with Intel Skylake processors may have two choices:

1. If your processor model (listed in /proc/cpuinfo) is 78 or 94, and
   the stepping is 3, install the non-free "intel-microcode" package
   with base version 3.20170511.1, and reboot the system.  THIS IS
   THE RECOMMENDED SOLUTION FOR THESE SYSTEMS, AS IT FIXES OTHER
   PROCESSOR ISSUES AS WELL.

   Run this command in a command line shell (e.g. xterm) to know the
   model numbers and steppings of your processor.  All processors must
   be either model 78 or 94, and stepping 3, for the intel-microcode fix
   to work:

 grep -E 'model|stepping' /proc/cpuinfo | sort -u

   If you get any lines with a model number that is neither 78 or 94, or
   the stepping is not 3, you will have to disable hyper-threading as
   described on choice 2, below.

   Refer to the section "INSTALLING THE MICROCODE UPDATES FROM NON-FREE"
   for instructions on how to install the intel-microcode package.

2. For other

Accepted iucode-tool 2.1.2-2 (source amd64) into unstable

2017-06-18 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 18 Jun 2017 22:46:47 -0300
Source: iucode-tool
Binary: iucode-tool
Architecture: source amd64
Version: 2.1.2-2
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 iucode-tool - Intel processor microcode tool
Changes:
 iucode-tool (2.1.2-2) unstable; urgency=medium
 .
   * Upload to unstable
Checksums-Sha1:
 7b07f547a0de2320d4c806ceb723a376b686ec43 1962 iucode-tool_2.1.2-2.dsc
 5735a0b7a26208c9522bb0c5096a1835340090cf 8620 iucode-tool_2.1.2-2.debian.tar.xz
 362f672b932487e662ef516bc4e275e24a18fb51 42946 
iucode-tool-dbgsym_2.1.2-2_amd64.deb
 5867cddfe6cf834e70b6247f2367b2e590ef79b3 4743 
iucode-tool_2.1.2-2_amd64.buildinfo
 1d48dd6c16e9a3c4020891667d8167f601d9f89a 53682 iucode-tool_2.1.2-2_amd64.deb
Checksums-Sha256:
 740edf36d59fb6a74ee247cf40941dbd975734fb4573d8cb84ea95d5cc417c30 1962 
iucode-tool_2.1.2-2.dsc
 24e93ec42761b4c96b3c06a725cd5f5f9b0cc1194abf6a9fef397149416dd0fa 8620 
iucode-tool_2.1.2-2.debian.tar.xz
 fade1fba92aa4bee6b2a787d875c8cf2738087c023ba4bfaf7f5ccafd782f590 42946 
iucode-tool-dbgsym_2.1.2-2_amd64.deb
 7af0d0a11fa6c75a17c848b017da180bf2e56674b6e534e8a8f911eacc3e2220 4743 
iucode-tool_2.1.2-2_amd64.buildinfo
 c4d2109bbd6da7e9a96c34faf642ebe6ea3b1604dabfcce9388c42ad0b552e80 53682 
iucode-tool_2.1.2-2_amd64.deb
Files:
 6748492ef8d81befc6e918b69e885f65 1962 contrib/utils optional 
iucode-tool_2.1.2-2.dsc
 e8543edf9245b683f802f2cb3457da1e 8620 contrib/utils optional 
iucode-tool_2.1.2-2.debian.tar.xz
 d2d48d281d8ae90377e55a12308608f8 42946 contrib/debug extra 
iucode-tool-dbgsym_2.1.2-2_amd64.deb
 0a89f1ff07a5539662d0bbeb763ae6e6 4743 contrib/utils optional 
iucode-tool_2.1.2-2_amd64.buildinfo
 5d44498485f95f274d3c1ec913e5ce21 53682 contrib/utils optional 
iucode-tool_2.1.2-2_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJZRzBYAAoJEP4Rv6aLFY6YKasP/iVK6DhmUVL6FshL/Qigyvi9
lVAhfRARWushThak7L3MjypnRHyhVAlsqrCVfGGK7+xfT44k3I8CTWpGlyXuplKZ
+ExdlqplQXAETAZezZGrpgjp9AA93m2jiLrNbZe0SRj4fz3XzYc35g6fH7qa//Iy
CW5g+AYqrQFoZSB3BJobejt7GxCy4DfsSFn7qq2ea7oHH25wvHuKWm3yUMyFZoPx
pG3M0aO2hH2vIahoPGFNSGzB9v7l/gm/iJvN087X5xZsV8vps7PDPvsVJ1NY7Ufx
eB4oZ3gCZu/YO71FVXYL71YVCX0ixtZo0fqe68X2mMEwJJ8BkAOZjgdF43vZQ+JC
6qYE+8nk4SlnY6K7DLYjKFTQ+TC7yHhnIEN6M06lyckFPV/PU4YFzIQmYZBM74kW
yx9gJ6TyVjkTmpj+FStMI7DgN/qbx00TyCdJlSDSjK3p2hZc7rmvo4UFtTMEHj10
Rl/qITaqqjvItwLJANzd+vJHfYmxZYqmbbrQHaOVjaFLYKWpL9+vioxuQHVur9TP
l0DCuI3KfyT1wBdpTzdewjAlt1hwffhpB+SlkOOqfln2WCmtrAOr9dQYCies4P31
BuxnPZkjNAjLWaBQW4mvCDHFa3PJwMYG5d8MNDxnyQXf7WKUZgW6WSXFMndxT1m5
PuZHDxCqDjj6lI/pz6eK
=RLQ9
-END PGP SIGNATURE-

Re: Please add lzip support in the repository

2017-06-16 Thread Henrique de Moraes Holschuh 
On Fri, 16 Jun 2017, Adrian Bunk wrote:
> On Thu, Jun 15, 2017 at 08:36:48PM -0300, Henrique de Moraes Holschuh wrote:
> >...
> > We pretty much need Debian packages to be 100% correct in the first
> > place, they are not going to be subject to lossy recovery from
> > corruption (which is where lzip is supposed to be much better than xz):
> > we need to replace any that is even slightly corrupt with a fully
> > correct copy.
> > 
> > So, it would make more sense to have a par2 (or create a modern version
> > of it, actually) ECC layer on top of the compression layer, at which
> > point we can use one of the already supported compression formats.
> >...
> 
> A digital signature is an ECC layer.

ECC as in eliptic-curve crypto?  That's useless for repair.

It should have been obvious by context, especially since I even
mentioned "par2", but it was ECC as in Error-Correcting Code.

https://en.wikipedia.org/wiki/Error-correcting_code

-- 
  Henrique Holschuh

Re: Please add lzip support in the repository

2017-06-15 Thread Henrique de Moraes Holschuh 
On Thu, 15 Jun 2017, mariabi...@gmail.com wrote:
> PS: lzip version available in Debian is 1.16, but the last one is 1.19. Maybe 
> it's time to update! :)

lzip 1.19 is available just in Debian experimental, because we are in
final-countdown nearly-absolute freeze: we will release the next Debian
stable this weekend, with lzip 1.18.

lzip 1.19 should be uploaded to Debian unstable sometime after we
release, at its debian maintainer discretion.

-- 
  Henrique Holschuh

Re: Please add lzip support in the repository

2017-06-15 Thread Henrique de Moraes Holschuh 

On Thu, 15 Jun 2017, Christoph Biedl wrote:
> Also I doubt the reduced disk space and network bandwitdth usage of any
> new kid on the block (there's also zstd) really justifies the work
> needed to implement the support in the many tools that deal with the
> files. I might be convinced otherwise.

I agree with almost everything you said, but the whole point of using
lzip instead of xz would be for a less fragile on-disk format, not
performance (be it speed, memory usage, or compression ratio).

And I don't think we actually benefit any from a less fragile compressed
container format for Debian *packages* (source or binary).

We pretty much need Debian packages to be 100% correct in the first
place, they are not going to be subject to lossy recovery from
corruption (which is where lzip is supposed to be much better than xz):
we need to replace any that is even slightly corrupt with a fully
correct copy.

So, it would make more sense to have a par2 (or create a modern version
of it, actually) ECC layer on top of the compression layer, at which
point we can use one of the already supported compression formats.

And the same is also very likely true for data you hold dear.  par2 ECC
information will allow you to recover from much worse file damage than
lzip's better format ever could.

Now, if a lot of upstream tarballs start to be natively avaiable in .gz
and .lzip format (no .xz), *then* it becomes interesting to at least
support lzip for source packages.

-- 
  Henrique Holschuh

Re: Too many Recommends (in particular on mail-transport-agent)

2017-06-12 Thread Henrique de Moraes Holschuh 
On Mon, 12 Jun 2017, Anthony DeRobertis wrote:
> Of course—for the under 100K being saved here, only Rube Goldberg would
> approve.

It is a bit less than 1MiB saved on an AMD system when you purge
intel-microcode, but even that is likely to not be considered worth the
cost of the extra (empty) cpu-microcode-all package.

Besides, it is not like these packages waste valuable resources when
installed on a system they don't support, either: by default, once
installed, they detect the processor vendor and go inactive when it
doesn't match the one they are for.

That said, if anyone provides a compelling reason to switch to the
cpu-microcode-all + virtual cpu-microcode scheme (as in: give examples
of how the behavior changes on widely used package managers), and gets
the buy-in from the firmware-nonfree package, I will deploy it for
amd64-microcode and intel-microcode.

-- 
  Henrique Holschuh

Re: DEP 15: Reserved namespace for DD-approved non-maintainer changes

2017-06-11 Thread Henrique de Moraes Holschuh 
On Sun, 11 Jun 2017, Sean Whitton wrote:
> Henrique de Moraes Holschuh <h...@debian.org> writes:
> 
> > Not just that.  If it is for NMUs, one also has to ensure it matches
> > what got uploaded (regardless of method: NMU patch, PR, branch...).
> 
> I'm not sure what you're getting at here -- this DEP is for changes that
> *aren't* to be uploaded as part of an NMU.

The (thread?) naming is unfortunate, then.  Anyway, if it does not
involve NMUs, my comment does not apply.

-- 
  Henrique Holschuh

Re: DEP 15: Reserved namespace for DD-approved non-maintainer changes

2017-06-09 Thread Henrique de Moraes Holschuh 
On Fri, 09 Jun 2017, Tollef Fog Heen wrote:
> > Per the DEP:
> > 
> > > it is very useful for a maintainer to know that a change has been
> > > approved by someone who has been trusted by the project with the
> > > technical ability to NMU the package
> > 
> > This would be much more cumbersome to achieve with PRs.
> 
> I'm not sure why this is very useful.  It can, in some cases, be a
> useful data point, but in general, as the maintainer, I'll want to
> review the patch in the same way no matter whether it came from somebody
> with a key in the keyring or not.

Not just that.  If it is for NMUs, one also has to ensure it matches
what got uploaded (regardless of method: NMU patch, PR, branch...).

-- 
  Henrique Holschuh

Re: Switch default installation image link?

2017-06-06 Thread Henrique de Moraes Holschuh 
On Tue, 06 Jun 2017, Adam Borowski wrote:
> No one installs i386 new -- machines that are non-amd64-capable are:
> * mainstream machines from 2004 and earlier

That date is incorrect.  I can't give you a precise date, but the
Thinkpad T43 with a 32-bit Centrino Pentium-M was **launched** in
April/2005.

And I am pretty sure there were several 32-bit only processors after the
Pentium-M, including several Atom-based systems that either didn't
support, or had 64-bit mode disabled in BIOS because it was just too
damn slow.

So, no earlier than 2008.

-- 
  Henrique Holschuh

Re: Too many Recommends (in particular on mail-transport-agent)

2017-06-02 Thread Henrique de Moraes Holschuh 
On Fri, 02 Jun 2017, Anthony DeRobertis wrote:
> On 06/01/2017 01:00 PM, Henrique de Moraes Holschuh wrote:
> >Anything on the top three priorities (critical, alert and emergency) is
> >supposed to be displayed immediately to all logged-in users (including
> >remote ones), no matter what.
> 
> Only LOG_EMERG does that, at least on my machine and I'm pretty sure that's
> the default rsyslog config. Unfortunately, a RAID member failure is only
> legitimately LOG_ALERT. Sort of a moot point though...

Hmm, true.  I misrecalled this detail and failed to check it to be
correct before posting.

We should consider changing that to at least include ALERT as well.

> >>It would be great it we had an alert program to use instead of email
> >KDE displays high-priority system alerts as high priority notifications
> >by default (maybe some of it because of the default configuration of
> >rsyslog).
> 
> Running KDE here, so familiar with them. The first problem with those is
> they automatically vanish after a few seconds. They remain around, if you
> pull up the alert notifier, but that little (1) in the systray is easy to
> miss.

Yes.  I just tested it in Debian stable with "logger -p EMERG
this_is_only_a_test".

It would be far better if KDE used the (!) pictogram at least for ALERT
and EMERG priorities, but it seems to be getting the messages from the
ttys instead of from journald or the syslog daemon.  I did not test this
throughoutly, though.

And yes, I stand corrected. It does not display ALERT or CRIT priorities
by default, only EMERG.  Which is Not Good Enough as far as I am
concerned.

> Second problem is that only works if you're logged in. Even on a typical
> desktop where the main user is the admin, it's not safe to assume a that
> user will always be logged in:

Well, yes.  Remote syslog (wherever deployed) will receive the messages
quasi-real-time, though.  And the messages *are* going to be recorded on
the journal and /var/log/syslog.

Whether someone will read the logs or not, well... it is the same issue
with notifications over local email to root: one has to assume the
system has been properly configured as an Unix workstation (and thus it
has local email routing that goes somewhere it will be read).

I am for doing the three by default: email (for stuff like mdadm),
proper syslog or journald (for everything), and proper desktop-
environment notifications for whomever is logged in.

>  * Turn on machine, go grab coffee or tea while it's booting. Disk
>failure occurs before you get back and log in.

In the older days, you'd have the messages on the login tty, even if it
screwed up the graphical screen (Solaris and Sun-OS style ;p).

Or you'd have a xconsole window open, even on the xdm screen (which I
never tried to do, I wonder if this was a local xdm change...)

-- 
  Henrique Holschuh

Re: Too many Recommends (in particular on mail-transport-agent)

2017-06-01 Thread Henrique de Moraes Holschuh 
On Thu, 01 Jun 2017, Anthony DeRobertis wrote:
> On May 31, 2017 3:51:33 AM EDT, Simon McVittie 
>  wrote:
> >Can't it report this via the system log? (syslog, systemd-journald)
> 
> The kernel already does, but of course the system log has a lot of
> messages, every several seconds on some systems. And the systemd
> journal can be even worse, volume-wise. 

The kernel log, syslog, and the journal... all of them have the idea of
message priorities.

Anything on the top three priorities (critical, alert and emergency) is
supposed to be displayed immediately to all logged-in users (including
remote ones), no matter what.

> It would be great it we had an alert program to use instead of email

KDE displays high-priority system alerts as high priority notifications
by default (maybe some of it because of the default configuration of
rsyslog).

rsyslog will forcefully write high-priority messages to all ttys, local
and remote, by default.

If your DE doesn't display system alerts by default, it is a fight you
might want to take... file bugs!

> discussed before... If we had one, it'd be relatively easy to have
> mdadm, smartmontools, etc. use it. 

We have had this working for the better part of two decades, through
syslog.  We also have had an extremely good daemon to take care of it
for nearly half that time: rsyslog.  And rsyslog is configured to do the
right thing by default.

Since journald can plug to syslog just fine, and does so by default in
Debian, it also does the right thing by default at least in Debian.

What we *might* not do by default is to force all the DEs to display
these alerts out-of-the-box.  I haven't tested all main DEs for this, so
I wouldn't know.

> >> OTOH, seems weird for Dracut to recommend mdadm. Surely a system
> >> booting from RAID would already have it installed?
> >
> >dracut defaults to creating a general-purpose initramfs that is not
> >meant to hard-code anything and can be used to boot "most" hardware 
> 
> I'm not really familiar with Dracut, but I'll note that needing mdadm
> is almost always a property of the OS install being booted, not of the
> hardware it's running on. So not including mdadm doesn't make the
> particular install any less portable, though it does make the
> initramfs less general to booting arbitrary installs.

Correct.

The initramfs-tools does not depend or recommend mdadm.  However,
initramfs-tools is modular and its mdadm support is supplied by the
mdadm package.

Dracut isn't modular, and its mdadm support is built-in.  This is a key
difference.

One needs to actually read dracut's source code to know how it would
behave in all boundary conditions related to mdadm support, in which
case it might only suggest or not even mention mdadm.  It probably is
safe, but the point is that someone has to check it first.

-- 
  Henrique Holschuh

Re: Too many Recommends (in particular on mail-transport-agent)

2017-05-31 Thread Henrique de Moraes Holschuh 
On Wed, 31 May 2017, Adam Borowski wrote:
> Thus, axing this dependency or degrading it to Suggests would be probably a
> good idea.  And there's hundreds if not thousands of Recommends of this kind
> that need to be looked at -- this example is just more prominent as it
> affects every Debian system.
> 
> (I'm not filing bugs yet as it's better to have a consensus first before
> mass-filing.)

It is being done on a per-case basis, isn't it?  Like you described the
libuid versus uuid-runtime?

So, it is not a mass-filing, and it is OK.  Just file the bugs one by
one, with your reasoning, and tag them with usertags if you want to
control them as an unit or something.

A mass-filing for this (the exact oposite of studying each recommends in
a case-by-case basis) _IS_ going to cause imense pushback.  I recommend
against it ;-)

-- 
  Henrique Holschuh

Accepted intel-microcode 3.20170511.1 (amd64 i386 source) into unstable

2017-05-15 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 15 May 2017 15:12:25 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: amd64 i386 source
Version: 3.20170511.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 862606
Description: 
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20170511.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20170511
 + Updated Microcodes:
   sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
   sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
   sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
   sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
   sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
   sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
   sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
   sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
   sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb21, size 26624
   sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
 + This release fixes undisclosed errata on the desktop, mobile and
   server processor models from the Haswell, Broadwell, and Skylake
   families, including even the high-end multi-socket server Xeons
 + Likely fix the TSC-Deadline LAPIC errata (BDF89, SKL142 and
   similar) on several processor families
 + Fix erratum BDF90 on Xeon E7v4, E5v4(?) (closes: #862606)
 + Likely fix serious or critical Skylake errata: SKL138/144,
   SKL137/145, SLK149
 * Likely fix nightmare-level Skylake erratum SKL150.  Fortunately,
   either this erratum is very-low-hitting, or gcc/clang/icc/msvc
   won't usually issue the affected opcode pattern and it ends up
   being rare.
   SKL150 - Short loops using both the AH/BH/CH/DH registers and
   the corresponding wide register *may* result in unpredictable
   system behavior.  Requires both logical processors of the same
   core (i.e. sibling hyperthreads) to be active to trigger, as
   well as a "complex set of micro-architectural conditions"
   * source: remove unneeded intel-ucode/ directory
 Since release 20170511, upstream ships the microcodes both in .dat
 format, and as Linux-style split /lib/firmware/intel-ucode files.
 It is simpler to just use the .dat format file for now, so remove
 the intel-ucode/ directory. Note: before removal, it was verified
 that there were no discrepancies between the two microcode sets
 (.dat and intel-ucode/)
   * source: remove superseded upstream data file: 20161104
Checksums-Sha1: 
 9eb22c726c6dc2f91fd8ac1fcb05ce4da85afbfe 1783 intel-microcode_3.20170511.1.dsc
 3f4897a172953ddfe9c795eeab3a61b1437911aa 1167628 
intel-microcode_3.20170511.1.tar.xz
 517c226b3c9fd40d8c55d60311a3a5a46c6b0d1c 4564 
intel-microcode_3.20170511.1_amd64.buildinfo
 d6f492faabfd0e6290d0cfbe39220613fa97f563 701056 
intel-microcode_3.20170511.1_amd64.deb
 07b73d565f44198d1e886c5265e2a938f701f597 4251 
intel-microcode_3.20170511.1_i386.buildinfo
 421e8055cc8af12ba66bc2c5737b3eeea18dbe2f 842094 
intel-microcode_3.20170511.1_i386.deb
Checksums-Sha256: 
 349e63665336dea3eb12e3362db7a2e76a1c4529edc8fbe61fbf62a82f87abc2 1783 
intel-microcode_3.20170511.1.dsc
 09705f7c52c1b9dcb017dac2d9fc77e28c764fc520c9e55739952fff8795458a 1167628 
intel-microcode_3.20170511.1.tar.xz
 527a2d698293b66ec9b7da64b94984acc611bde712fb0f73646640173b6a2a7f 4564 
intel-microcode_3.20170511.1_amd64.buildinfo
 128baacadcc684130dc794714490948fbbbf9047a2399a22080ebc872be12a6f 701056 
intel-microcode_3.20170511.1_amd64.deb
 e9410ddecc6e27e5c5b283d75401540d01d333ab6fdf59050387a246abb5ae9e 4251 
intel-microcode_3.20170511.1_i386.buildinfo
 a68eaecbcf56af0f124768c7c37ab7977f51262c549baa49a7ad1946a1928210 842094 
intel-microcode_3.20170511.1_i386.deb
Files: 
 ef62df27e4cad10c016df85c5dacac95 1783 non-free/admin standard 
intel-microcode_3.20170511.1.dsc
 8f218818df62040a608a1bd2886c4413 1167628 non-free/admin standard 
intel-microcode_3.20170511.1.tar.xz
 a649d63fce50e6a914ea41dc70bd6a03 4564 non-free/admin standard 
intel-microcode_3.20170511.1_amd64.buildinfo
 1fcf71e032b7de760aec79d5df2e3982 701056 non-free/admin standard 
intel-microcode_3.20170511.1_amd64.deb
 f2a95f15e220d30d3de3964006e2d6a6 4251 non-free/admin standard 
intel-microcode_3.20170511.1_i386.buildinfo
 4176863ef1ad3a51fa887911b6617de1 842094 non-free/admin standard 
intel-microcode_3.20170511.1_i386.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJZGfFyAAoJEP4Rv6aLFY6Y/JsQAIrW18t3bWHREMExAK43R+IS
71ovS4etoW5IB3+s86O0liEGyN4PtaMYauaW/Lo+iZA2bGqH3m178hWTk8Zp7V9e
w6Q6iUt6qJ3MxbXWiM4d02OpaHRwLguzOXTdt1HX4E+wl16Z0pP2QwAt9X

Re: Machine Parsable Release Information Specification

2017-05-05 Thread Henrique de Moraes Holschuh 
On Fri, 05 May 2017, Benjamin Drung wrote:
> I am sending this mail to the development list of the distributions
> CentOS, Debian, Fedora, openSUSE and Ubuntu. I am working for
> ProfitBricks and we provide public images in our cloud for these
> distributions.
> 
> Currently I know no way to retrieve the release information about
> new/updated ISO and disk images in a machine parsable and secure way.
> Instead I have to visit the websites and collect the information
> manually.
> 
> My idea is to create a (simple) image release information specification
> and let every distribution provide one release file which accessible
> via https or gpg signed. I created an initial draft of the spec:
> https://github.com/bdrung/image-release-spec
> 
> Your thoughts? Does it make sense? Is the information already provided
> somewhere else?

Attempting to preempt the creation of a Massive Cross-post Thread from
Hell...

PLEASE open an issue or pull request at the above mentioned github
project to discuss and suggests changes to that specification, instead
of doing it over four *very large* mailing lists.

Thank you ;-)


PS: I am reading said spec right now.  If I have any comments, I will
either register an issue, or submit a pull request with proposed
changes...

-- 
  Henrique Holschuh

Re: policy for shipping sysctl.d snippets in packages?

2017-04-23 Thread Henrique de Moraes Holschuh 
On Sun, 23 Apr 2017, Evgeni Golov wrote:
> Both, procps and systemd support (/usr)?/lib/sysctl.d/*.conf, however only
> one package (systemd-coredump) uses it, all others drop files in
> /etc/sysctl.d.

Please drop it in /etc, debhelper/dh should mark it as conffile and
everything will work.

Alternatively, use ufc (refer to ucf(1) and its documentation if you are
not used to ucf.  Help is also available at debian-mentors@l.d.o), and
handle it as a configuration file in /etc managed through ucf and
package maintainer scripts.

> Some packages also trigger "sysctl -q -p " in their postinst, but
> most do not.

What to do here is decided on a case-by-case basis, I suppose.

> My gut feeling is that droping the file to /usr/lib and allowing the admin
> to override it later via /etc. And then load it in postinst.

Drop it in /etc where it belongs, and let the maintainer to modify or
override (by deleting, even).

Leave the /usr/lib overriden by /etc thing alone.

> But this does not account for the fact that this specific tunable may be
> already overriden in another sysctl.d file and the package would reset
> it to a lower value?

Yes.  If you use ucf instead of the builtin dpkg conffile management,
you can do something much better:


1. read current levels (using sysctl, not directly).

2. if they are above the default, don't change the state of the system:
   if your config file is there, let ucf handle its update normally.  if
   your config file is *NOT* there, assume deleted and help ucf a little
   (ucf can do this by itself most of the time: we have always handled
   deletion of config files in /etc as an action to be preserved, but
   *not* at first install)

3. if they are at a dangerous level, install your config file to /etc
   normally, using ucf.  And document that the user needs to reboot
   somewhere.

The above is a rough idea.  You are likely to also have to have
different paths for initial install and upgrade/downgrade.  And if you
actually activate the new sysctl, you might not be able to do (1) that
way should it would break indepondence (and complexity would go up a
great deal).

-- 
  Henrique Holschuh

Re: changelog practice, unfinalised vs UNRELEASED vs ~version

2017-03-27 Thread Henrique de Moraes Holschuh 
On Tue, Feb 14, 2017, at 19:42, Ian Jackson wrote:
> Simon McVittie writes ("Re: changelog practice, unfinalised vs UNRELEASED
> vs ~version"):
> > On Mon, 13 Feb 2017 at 09:42:32 +1100, Ben Finney wrote:
> > > I don't see how this complaint is any different from the need to merge,
> > > for example, changes to API documentation and test cases that accompany
> > > a functional change.
> > 
> > It's the difference between "sometimes conflicts" and "always conflicts".
> 
> This is a very real problem for debian/changelog, but mergechangelogs
> helps a lot.  In any case as I say I'm not trying to mandate the

Usable VCSes have pluggable merge drivers, and there are such drivers
for both GNU-style ChangeLog, and debian/changelog[1].  IME, they "just
work".  So, yeah, one *can* have the chagelog-update-along-with-change
workflow sanely most of the time nowadays.  

I would never use such an workflow unless forced, as I believe the
"proper commit log Tao" is better in the long run, and when your commit
logs are proper (and quite verbose), the natural workflow [2] asks for
changelog-updating commits before release (or maybe at the tip of every
ready-for-integration branch, etc), but...

[1] refer to dpkg-mergechangelogs(1) for the git driver for
debian/changelog, for example.

[2] as in "less busywork" while hacking, and no weird (and possibly
maintenance-hell-creating) disparity from commit log contents to in-tree
changelog contents.

-- 
  Henrique de Moraes Holschuh <h...@debian.org>

Re: Fwd: [Bug 1671099] [NEW] GNOME Software catalog entry missing for Runescape

2017-03-08 Thread Henrique de Moraes Holschuh 
On Wed, 08 Mar 2017, Carlos Donizete Froes wrote:
> Minha pergunta é, sera que a politica do Ubuntu não esta mais aceitando mais
> este formato de imagem .xpm e no Debian também não poderei, tendo que passar
> para formato .png ?

Debian não considera AppStream ou GNOME software catalog como críticos.

Isso dito, é absolutamente trivial[1] converter de .xpm para .png no
pacote, e instalar o .png junto com, ou no lugar do .xpm, então porque
não alterar o pacote para que ele faça isso?


[1] uma das 1000 maneiras possíveis para se fazer isso é adicionar um
build-depends no imagemagick ou equivalente, "convert foo.xpm foo.png",
e instalar o png no lugar do xpm, ou junto com o xpm.

-- 
  Henrique Holschuh

Accepted iucode-tool 2.1.2-1 (source amd64) into experimental

2017-02-18 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 15 Feb 2017 20:53:55 -0200
Source: iucode-tool
Binary: iucode-tool
Architecture: source amd64
Version: 2.1.2-1
Distribution: experimental
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 iucode-tool - Intel processor microcode tool
Changes:
 iucode-tool (2.1.2-1) experimental; urgency=medium
 .
   * New upstream release:
 + iucode_tool: compare payloads of similar (not just duplicate) MCUs
 + iucode_tool: skip small files as if empty in the -tr loader
   * Target experimental due to the freeze for the Debian "stretch" release
Checksums-Sha1:
 16fad74d166f1dc4c64892ec628ed4799d623af9 1962 iucode-tool_2.1.2-1.dsc
 50e93e8f22a083a973b482316abda254429c3fa7 143352 iucode-tool_2.1.2.orig.tar.xz
 5b615ab09f5c1d47430dd57ca77a331aed461e43 8596 iucode-tool_2.1.2-1.debian.tar.xz
 0a37f9fc6d9c5cd6e321c826985b6147be149ace 42912 
iucode-tool-dbgsym_2.1.2-1_amd64.deb
 29e273c673fa2b5cfdb762178436f3abc23599ae 4683 
iucode-tool_2.1.2-1_amd64.buildinfo
 027b5a47fafa89452fa219c20362421339b4558b 53674 iucode-tool_2.1.2-1_amd64.deb
Checksums-Sha256:
 8f948aa0f856a7acac7a2d8cc186b4c8bd9f2e4cb8a1f94d34c4a34de5d8eb10 1962 
iucode-tool_2.1.2-1.dsc
 01f1c02ba6935e0ac8440fb594c2ef57ce4437fcbce539e3ef329f55a6fd71ab 143352 
iucode-tool_2.1.2.orig.tar.xz
 ec7d5edfcb20ed39b049fc4e00f6f21805db20143615d2d512d0080760da5bdf 8596 
iucode-tool_2.1.2-1.debian.tar.xz
 d28b4503d8fb16cb4d441904a5d36197620483943586789ab2aac7cbaa562415 42912 
iucode-tool-dbgsym_2.1.2-1_amd64.deb
 3b5a3960543eabbab951e81fc76eef0dee0446652c5463d97f7b89282dab0944 4683 
iucode-tool_2.1.2-1_amd64.buildinfo
 2abdb53780f9e6e10d5467238602d9a95518dc3b859c98e2097cb8c2e5667e93 53674 
iucode-tool_2.1.2-1_amd64.deb
Files:
 d06e69a3aadc386ebf4445358175d330 1962 contrib/utils optional 
iucode-tool_2.1.2-1.dsc
 c6f131a0b69443f5498782a2335973fa 143352 contrib/utils optional 
iucode-tool_2.1.2.orig.tar.xz
 6ed1c86a24c397f187f98492bec42977 8596 contrib/utils optional 
iucode-tool_2.1.2-1.debian.tar.xz
 8fca3e8eb4a0ebdbe12d1a3111cf84a2 42912 contrib/debug extra 
iucode-tool-dbgsym_2.1.2-1_amd64.deb
 8bfe687dd48e55549f7ac8b348d4ac44 4683 contrib/utils optional 
iucode-tool_2.1.2-1_amd64.buildinfo
 fc27194e29e7229d724feecd803b394f 53674 contrib/utils optional 
iucode-tool_2.1.2-1_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJYpN2HAAoJEP4Rv6aLFY6Y0EMP/2FaXImWGhSd+3jE1Vk9feFf
RF0ZzOULX6LTe/Zzuq2ls8dAM3MP4PDnT/pT7nqAJYZ4RiKYI67fvETakpvmgYGt
EgdxFgG1zclmJi0IxfF7KC4479YZkPEkScYHgD0uirYZL0XeyJDY24+WcO5D9Giy
3kgjLHsT7pTg8aZyRMLHpkr3oJ2vBUl6fG2UutQNwcbdZw/Kbs1TxJ2R+qK0CYEc
sEaYDGkPoZcv3MTbiMZ8QZqgYIgH3P7FphGmmHl8ixcoqgKS+UF1TFkwQTiLCFHL
0zNIZVxDzDhHj055erDz5i7Jr3Wv9k97+erGGDxX1IBjSZyBcutPU3FsdEH9HOoy
3Tu4QLhwOPVdYeotEEkZIeEe36G59g5SNuTT0l/VUjzHgVCI2JmzVU9ES5SFfA/6
9r8vbfG9tPPxd2mVzIBuKsgfA942EfzZDeVRsuj7krrtILOKU7iiXHd0xV4ZMKXE
X8ooNN660uD3632XkjcelVSqsJJoHhCfa3LVZQauDKpBByi5GmvlVDSC9Llv3d0M
2Ce05EAA0Sxvtc2a0C6dSmebmlRcjFAVdl+Wl9KBh+v4TdJT4/Il+5Ncjl+K9rf+
0E6ODbdmYdlt78XOKMmUnsI0My2rE+/2kt9BRYsUqD5UtBjEuqERkESfxqo5lhxn
MWypbSFEm3IvlLHJolvS
=PLtf
-END PGP SIGNATURE-

Re: manpages.debian.org has been modernized!

2017-01-18 Thread Henrique de Moraes Holschuh 
On Wed, 18 Jan 2017, Michael Stapelberg wrote:
> https://manpages.debian.org has been modernized! We have just launched
> a major update to our manpage repository. What used to be served via a
> CGI script is now a statically generated website, and therefore
> blazingly fast.

Oooh, nice! A big thank you for all involved!

> Much like the Debian package tracker, manpages.debian.org includes
> packages from Debian oldstable, oldstable-backports, stable,
> stable-backports, testing and unstable. New manpages should make their
> way onto manpages.debian.org within a few hours.

Maybe you could consider adding the manpages from packages in contrib as
well?  Unlike non-free, the licenses in contrib are all compatible with
the DFSG, so they must not have any license restrictions that would get
in the way...

-- 
  Henrique Holschuh

Accepted iucode-tool 2.1.1-1 (source amd64) into unstable

2017-01-13 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 13 Jan 2017 10:36:00 -0200
Source: iucode-tool
Binary: iucode-tool
Architecture: source amd64
Version: 2.1.1-1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 iucode-tool - Intel processor microcode tool
Changes:
 iucode-tool (2.1.1-1) unstable; urgency=high
 .
   * New upstream release:
 + Fix heap buffer overflow on -tr loader (CVE-2017-0357)
   * debian/copyright: update for new upstream release
Checksums-Sha1:
 1da3ea301f97ddb477e362264990362855ac5271 1962 iucode-tool_2.1.1-1.dsc
 1c40ea337fbc788bfa9329416540fae666ba0326 143204 iucode-tool_2.1.1.orig.tar.xz
 b28cb74fc301e6cb1ef8d590e865cfbcff3b89f3 8504 iucode-tool_2.1.1-1.debian.tar.xz
 ba4427d66fc1d884342e6cfb928e43c7ee142252 43034 
iucode-tool-dbgsym_2.1.1-1_amd64.deb
 7f0a8059f4ad9920e1b121817efe22b02752880c 4643 
iucode-tool_2.1.1-1_amd64.buildinfo
 4d855e422196638979a2e1b0a016362f5cdcfb52 53264 iucode-tool_2.1.1-1_amd64.deb
Checksums-Sha256:
 5bb64093322d9d491ffce5a22dcd754141e06c4dd6bbcab5cfe251c68b48cca9 1962 
iucode-tool_2.1.1-1.dsc
 8f94ec73f5d4d1a6801aaa894fa1c6544d9b27aec16e1a00e18e8241c7e0f6ba 143204 
iucode-tool_2.1.1.orig.tar.xz
 b68a68a10d2985afa5ec8c6463627883e82a147f3cbcc22a3197d3a31ef2bb01 8504 
iucode-tool_2.1.1-1.debian.tar.xz
 5ca072d7bc56365c18ffbc79a6a2e36cf664c034e5ab3d76a2a82810510147c2 43034 
iucode-tool-dbgsym_2.1.1-1_amd64.deb
 8e8256b28831834c44724664ed7319e04d0d7ad1d19ca47e479345e2fa0019d1 4643 
iucode-tool_2.1.1-1_amd64.buildinfo
 e253d8620f27974d70ba79b9bb14d9213e180d7e296bd40fbed6034aab86adb4 53264 
iucode-tool_2.1.1-1_amd64.deb
Files:
 bf65e31276c79c0dd9e60e5b0bc69ba0 1962 contrib/utils optional 
iucode-tool_2.1.1-1.dsc
 306d20b43da847812af4bf973f46045d 143204 contrib/utils optional 
iucode-tool_2.1.1.orig.tar.xz
 3668cfdc506d44884074b63edb28627e 8504 contrib/utils optional 
iucode-tool_2.1.1-1.debian.tar.xz
 3add555caeccade1a76323810f8d 43034 contrib/debug extra 
iucode-tool-dbgsym_2.1.1-1_amd64.deb
 c535e761bd62e6ce193b396a2f01434c 4643 contrib/utils optional 
iucode-tool_2.1.1-1_amd64.buildinfo
 cf6630cf305625dec2f98f0a94a2d19a 53264 contrib/utils optional 
iucode-tool_2.1.1-1_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJYeM6UAAoJEP4Rv6aLFY6Yyo0P/1pec4Dykb1UZYnFHXgjk9QT
Nt9g+HzyAaNFnjLaF0p77AtVw30CBBLYWmWR/9HkdQJv0WwC8X573+OlIhKk4cAg
1aDi4P58OduahuKooLhkAiHPqyDmDOQLDckgdRptwdGQQIyhpxQZqIqhxLyqDPW0
0aW1L/nfLdPppw5kMItRczQnEp5GpBQnkqWPTakDWwOhifhorwGIcwHGiVYjZGm3
27FCbo5x7xFNfJbsQRljsRO3QRPPt7Nw2P5wkggBVFiFZ2xX4dV1C0aqY2rBwPQu
ZwwnG0DVzIFlPB8xaw9xK0gGR7iGtNs/TGCiZc9GbI7qUEfHqgwLT/Unqb7ZuJVp
hoq0CdRV5zU3tPWi3Y6tKblTK4bGUfjd+972NWpV3RKZKs7XQqya8d9986hPMHbf
R5z79YFPB8JZXyZpGQEQSC+HkNev2NSfYUj93W9D115oNAb5I/NqY8HAMXk5AZyu
luqfs80vNoOZgkXQPRyOcyBoRzgp7mOipvIoY3giXh0pHu/P4Hfm1ob+vE8/4XnU
5ALnhPfi7b4fHx1z0DkiKTtC9keHqLhsFranczbnQKFYHp2iT8wnWx9Bp36piww6
LHMpUZONjEezGLIIK6G1o5tDZDQ+3RBpY+tgG8xcO0IyyheJ+SR1NbeDONitt0ux
3LONbzyUqS2j4OC0adLk
=WB7C
-END PGP SIGNATURE-

Re: Debian Member - Talk

2016-12-15 Thread Henrique de Moraes Holschuh 






On Wed, Dec 14, 2016, at 19:36, jéssica Ishiba wrote:

> Meu nome é Jéssica e sou estudante de Comunicação Social na
> Universidade de São Paulo - USP.
> 

> Entro em contato pois a proposta do meu trabalho de conclusão de curso
> consiste em estudar a cultura e atividade da comunidade hacker.
> 

> Gostaria de saber se poderiam indicar algum membro da comunidade
> Debian para trocar uma ideia sobre o assunto (pode ser presencial ou
> online).


O projeto Debian foi estudado por uma Antropóloga alguns anos atrás:
Gabriella Coleman.  Acho que vale à pena entrar em contato com ela para
obter uma visão geral no âmbito internacional...


--

  Henrique de Moraes Holschuh <h...@debian.org>

Accepted amd64-microcode 3.20160316.3 (source amd64) into unstable

2016-11-30 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 29 Nov 2016 23:54:53 -0200
Source: amd64-microcode
Binary: amd64-microcode
Architecture: source amd64
Version: 3.20160316.3
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 amd64-microcode - Processor microcode firmware for AMD CPUs
Closes: 845194
Changes:
 amd64-microcode (3.20160316.3) unstable; urgency=medium
 .
   * initramfs: Make the early initramfs reproducible (closes: #845194)
   * rules: switch to simplified dh-based build (debhelper v9)
Checksums-Sha1:
 03ed905f3859d4c820d2f06fff672dffb0e254ed 1681 amd64-microcode_3.20160316.3.dsc
 495f315ecd044a4f33e3dbdcdd8cf479a3272d63 30360 
amd64-microcode_3.20160316.3.tar.xz
 459895af5d51d6148952f93d27c80271aa33929d 4446 
amd64-microcode_3.20160316.3_amd64.buildinfo
 f90a3027b515adf397afd3a5facf09c6afe61bab 31116 
amd64-microcode_3.20160316.3_amd64.deb
Checksums-Sha256:
 c317333a9bc89ec111e7075b37dd6fc5e8de2ddfd233a223620df92c8ef3fddb 1681 
amd64-microcode_3.20160316.3.dsc
 650693df889b95b83ebbc91f7e08cbbb983674d8718dc31fd1ebafd7a76b677f 30360 
amd64-microcode_3.20160316.3.tar.xz
 e2199182323db479f98cd1f559eec8acf0d87206687d78cecdded873e3c745d1 4446 
amd64-microcode_3.20160316.3_amd64.buildinfo
 f7bddaf712ffaa833ff65ef94bdd86720d55c2c56ae982c3db58181bbe70f147 31116 
amd64-microcode_3.20160316.3_amd64.deb
Files:
 e5b438021aa70c0006856f6a0635dd73 1681 non-free/admin standard 
amd64-microcode_3.20160316.3.dsc
 0dc6fab6a7650cd5866a2ccea7f66b24 30360 non-free/admin standard 
amd64-microcode_3.20160316.3.tar.xz
 f910c5274abf248894dca37af24243a3 4446 non-free/admin standard 
amd64-microcode_3.20160316.3_amd64.buildinfo
 7056e449d8bac87d85a4e434379d0e6e 31116 non-free/admin standard 
amd64-microcode_3.20160316.3_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJYPjIFAAoJEP4Rv6aLFY6YglEP/3wbJdoqtysRjJCqxOaxqxni
eKNz6D8q9QqpWinOx3PxAf+eTQT6xP8vmTAPvHzOvpmb2fPtLjFeZLVf9yNHKlrG
HUnGLngWvS+FaK4YTuQvfVsDT0N03/t81W6vnRrXTn8GfGTkt/iXGh9nIIGsCEAT
0OQXPFK7wi7QRqjypD+T8gprGWetgC9J+QnwbmCbweLxh2ATwELX/6GExbimbzsx
9cdmKet9UextJoTe0EEL5RqwDRgWPPpD07QigRQiSjTe5AQXh/+rkLHZ6fW8pRRu
Kr09OcfBKmgmHI3uKKBHjAXNX6R/6u+XdPardk/JLNcfzcSbq0ulpNc1aHxHnuB7
efrPSdTYrmRIaZDENG2JTsZIOnZYLu4E5mMmdQS2IkR5PhkN3joSmd/UXkXxi4wK
ztnDJDcRDPTVT04iYMa+mBNd/78hoXRS82L0J1dZpqirL7LH0U2diPaRVm6so56t
9VIslkXhHYKO9sjh+0v+BYqKm7kc2cgQ/YQx0+7mmhuJTMHoRbu+xnc/jbr8zvET
d7sCq03mPXstjLSTjtDD43p+t7B2dMNmDk+xZhjyNyNSBOEMag0FaObXzJQ0fSoq
jddkUJCCqzK4UJE/gKmTOGq6eZtbqAzb2/G+Qp8cMUMTwaE1F0A1bmanJSTLV9ev
LFAIkTOVQcOL2Hpjlofz
=ScmT
-END PGP SIGNATURE-

Re: Installing missing conffiles (was Re: dpkg no longer installs conffiles??)

2016-11-30 Thread Henrique de Moraes Holschuh 
On Wed, 30 Nov 2016, Guillem Jover wrote:
> On Tue, 2016-11-29 at 19:18:41 +0100, Simon Richter wrote:
> > To force reinstallation of configuration files, invoke dpkg with the
> > "--force-confmiss" option when installing. This will only restore
> > missing configuration files, but not overwrite changed ones. If some
> > configuration files were damaged, you can use "--force-confnew" to
> > unpack all configuration files; your old files can be found with a
> > ".dpkg-old" suffix then.
> 
> This is I guess, an extended misconception, --force-confmiss will only
> install missing conffiles if they are missing AND the conffile changes
> in the new package relative to the one installed (as documented in the
> man page).
> 
> What you probably want is --force-confask --force-confmiss.

Please document this as an example in the manpage?

-- 
  Henrique Holschuh

Re: Difference in behaviour between pbuilder and sbuild

2016-11-28 Thread Henrique de Moraes Holschuh 
On Mon, Nov 28, 2016, at 11:09, Johannes Schauer wrote:
> If you really somehow export DH_ALWAYS_EXCLUDE somewhere, then the reason

Then that package is subtly broken :-)

When one needs DH_ALWAYS_EXCLUDE for a build to work, that's fine: it is
there to be used...  but it has to be set and exported inside
debian/rules.

-- 
  Henrique de Moraes Holschuh <h...@debian.org>

Re: OpenSSL 1.1.0

2016-11-24 Thread Henrique de Moraes Holschuh 
On Thu, 24 Nov 2016, Adrian Bunk wrote:
> On Wed, Nov 23, 2016 at 11:50:12PM -0200, Henrique de Moraes Holschuh wrote:
> > On Thu, 24 Nov 2016, Kurt Roeckx wrote:
> >...
> > > > So, if Qt *ever* exposes its use of openssl anywere in its APIs, it
> > > > might not be safe.   If it doesn't (i.e. at most you have a qt flag that
> > > > says "use SSL", etc), then it should be fine.
> > > 
> > > It seems to be doing this in qtbase5-private-dev. Not sure if
> > > there are actually any users of it.
> > 
> > If it does, all reverse *build* dependencies would need to be inspected,
> > then.
> > 
> > AFAIK, that means they must not link to anything that could link to a
> > different libssl than the one used by qt5.  If they do, everything needs
> > to be inspected down to the details to ensure nothing will ever leak
> > openssl contextes and data structures across a library boundary
> > (including the application).
> 
> If inspection is not easily possible, then adding a dependency on 
> libssl1.0-dev to qtbase5-private-dev should be sufficient to
> ensure that this is not leaked to a different OpenSSL version.

How so? 

Consider the flattened tree (app is the root, - denotes a branch).

A - B - App -  C - D

Where A and D are two versions of openssl. B and C are libs (suppose B
comes from qtbase5-private-dev) from different source packages.

-- 
  Henrique Holschuh

Re: OpenSSL 1.1.0

2016-11-23 Thread Henrique de Moraes Holschuh 
On Thu, 24 Nov 2016, Kurt Roeckx wrote:
> I've always had the impression that there are or used to be
> probems using using dlopen()/dlsym(). Maybe related to some things
> like RTDL_GLOBAL that causes the symbol lookup to go to the wrong
> library. Do you know of any problems related to that?

AFAIK, OpenSSL itself -- at least as packaged by Debian -- should not
get confused about where its *own* static globals are.  And any globals
it might export would also be fully ELF-symbol-versioned from what I can
see (objdump -tT).

If RTDL_GLOBAL is borking ELF symbol versioning, all bets are off.

Note: I have no idea what happens if you throw libssl.a into the mix
with a different version of libssl.so.  This kind of hell-born
braindamage can happen due to glibc nss modules, for example.

> Note that QT is one of those that uses dlopen()/dlsym() when
> calling openssl functions (for license reasons).

No comment I could make about this would be acceptable in polite
company.  Or in impolite company.  Or even during a sailor-class-cursing
competition.

> > So, if Qt *ever* exposes its use of openssl anywere in its APIs, it
> > might not be safe.   If it doesn't (i.e. at most you have a qt flag that
> > says "use SSL", etc), then it should be fine.
> 
> It seems to be doing this in qtbase5-private-dev. Not sure if
> there are actually any users of it.

If it does, all reverse *build* dependencies would need to be inspected,
then.

AFAIK, that means they must not link to anything that could link to a
different libssl than the one used by qt5.  If they do, everything needs
to be inspected down to the details to ensure nothing will ever leak
openssl contextes and data structures across a library boundary
(including the application).

-- 
  Henrique Holschuh

Re: OpenSSL 1.1.0

2016-11-21 Thread Henrique de Moraes Holschuh 
On Mon, Nov 21, 2016, at 11:06, Jan Niehusmann wrote:
> On Mon, Nov 21, 2016 at 11:11:09AM +0100, Tino Mettler wrote:
> > At the end I noticed that Qt will stay at 1.0 (by glancing into the
> > changelog of the relevant upload) which means that my package also has
> > to to stay at 1.0 and the whole excitement resulted in just a changed
> > build-dep.
> 
> I'm not so sure about this any more:
> 
> In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018 Stepan
> Golosunov wrote that according to his understanding of dlsym(3), it
> should be fine to link a program with OpenSSL 1.1 and Qt at the same
> time, even though Qt links to OpenSSL 1.0.
> 
> Can somebody who knows OpenSSL, Qt and dlopen/dlsym well enough confirm
> that?

The linking is fine, I believe even any eventual globals (if any) will
be correctly handled in Debian nowadays.  What causes extremely nasty
issues is layering violations causing openssl data structures to leak
from something linked to one version of the library, to something else
linked to another version of the library.

 If, at any point, internal data structures from openssl are exposed, or
 OpenSSL contextes are passed between two libraries, or a library and an
 application, *they must all be from the same openssl*.

This is not something the linker or dlopen/dlsym can enforce.  And you
need to manually inspect the code to be sure... usually.

So, if Qt *ever* exposes its use of openssl anywere in its APIs, it
might not be safe.   If it doesn't (i.e. at most you have a qt flag that
says "use SSL", etc), then it should be fine.

-- 
  Henrique de Moraes Holschuh <h...@debian.org>

Re: libc recently more aggressive about pthread locks in stable ?

2016-11-17 Thread Henrique de Moraes Holschuh 
On Thu, Nov 17, 2016, at 12:12, Adrian Bunk wrote:
> On Thu, Nov 17, 2016 at 11:38:46AM -0200, Henrique de Moraes Holschuh
> wrote:
> > On Thu, Nov 17, 2016, at 09:50, Adrian Bunk wrote:
> > > But we do already have > 1 year of widespread testing by users
> > > running unstable/testing on machines with TSX enabled.
> > > 
> > > So for unstable/stretch this does not seem to be a huge problem.
> > > 
> > > These are normal bugs that should be found and fixed if possible,
> > > just like passing a pointer in an int or many other kinds of bugs.
> > > 
> > > Or do I miss anything here?
> > 
> > I am not sure we have that much user coverage, given the blacklisting we
> > did in glibc.
> >...
> 
> Skylake is not blacklisted anywhere, I assume?

Not by us, at least.  The processor model, firmware or microcode might
limit the availability of Intel TSX.

But it took quite a while for out-of-the-box Skylake BIOSes (i.e.
installed to the motherboard in the factory) to actually run Linux well
enough to finish a Debian install run (!).  Actually, it took a while
for it to do so even when the user updated the BIOS from the motherboard
vendor site before attempting to install Debian...

-- 
  Henrique de Moraes Holschuh <h...@debian.org>

Re: libc recently more aggressive about pthread locks in stable ?

2016-11-17 Thread Henrique de Moraes Holschuh 
On Thu, Nov 17, 2016, at 09:50, Adrian Bunk wrote:
> But we do already have > 1 year of widespread testing by users
> running unstable/testing on machines with TSX enabled.
> 
> So for unstable/stretch this does not seem to be a huge problem.
> 
> These are normal bugs that should be found and fixed if possible,
> just like passing a pointer in an int or many other kinds of bugs.
> 
> Or do I miss anything here?

I am not sure we have that much user coverage, given the blacklisting we
did in glibc.  Maybe a search for lock elision bug reports in relevant
Ubuntu releases would help... I think their glibc packages are close
enough to ours that they would have the same issues we do.

The current blacklist in Jessie's glibc is:
((model == 63 && stepping <= 2) || (model == 60 && stepping <= 3) ||
(model == 69 && stepping <= 1) || (model == 70 && stepping <= 1) ||
(model == 61 && stepping <= 4) || (model == 71 && stepping <= 1) ||
(model == 86 && stepping <= 2) ))

Which should be (ignoring ES/QS steppings, which were also blacklisted):

Haswell:
Signature: 0x306f2, main model: Haswell-E (Xeon E5v3, Core Extreme 4th
gen)
Signature: 0x306c3, main model: Haswell-DT (desktop Core 4th gen)
Signature: 0x40651, main model: Haswell low power (mobile Core  4th gen)
Signature: 0x40661, main model: Haswell "Crystal Well") (Core 4th gen
with eDRAM)

So, almost all of Haswell is blacklisted. The known exception is Xeon
E7v3 (signature 0x306f4), which was not blacklisted because apparently
either Intel TSX works well enough there, or it is never reported as
enabled in the first place.

Broadwell:
Signature: 0x306d4, main model: Broadwell (desktop and mobile Core 5th
gen)
Signature: 0x40671, main model: Broadwell "Brystal Well" (Core 5th gen
with eDRAM, also Xeon E3v4)
Signature: 0x50662, main model: Broadwell-DE (Xeon D-1500, stepping V1)
-- due to BDE42.

Note that newer steppings of Broadwell-DE are not blacklisted (0x50663:
stepping V2, 0x50664: stepping Y0 -- BDE85 fixed by up-to-date
microcode).   Also, Broadwell-EN/EP/EX (Core Extreme 5th gen,  Xeon E5v4
and E7v4) are not blacklisted, either.

-- 
  Henrique de Moraes Holschuh <h...@debian.org>

Re: libc recently more aggressive about pthread locks in stable ?

2016-11-17 Thread Henrique de Moraes Holschuh 
On Thu, Nov 17, 2016, at 09:11, Lucas Nussbaum wrote:
> On 17/11/16 at 08:31 -0200, Henrique de Moraes Holschuh wrote:
> > The deal with *current* Debian stable is that, if the breakage is too
> > widespread, we simply might not be able to do the right thing (fix the
> > real bugs).
> 
> Based on the number of bugs uncovered by my archive rebuild, I'm really
> not sure that this class of bugs is widespread, and requires to be
> special-cased. Relying on users to report problems, and then fix them
> is probably enough.

The rebuild was helpful, but it depends on the application/library
regression test suite to detect any application locking issues.  Not
every package has those, or runs those during build :-(

-- 
  Henrique de Moraes Holschuh <h...@debian.org>

Re: libc recently more aggressive about pthread locks in stable ?

2016-11-17 Thread Henrique de Moraes Holschuh 
On Sun, Nov 13, 2016, at 14:42, Lucas Nussbaum wrote:
> On 12/11/16 at 18:51 -0200, Henrique de Moraes Holschuh wrote:
> > Thanks for trying a build run with TSX enabled.
> > 
> > On Sat, 12 Nov 2016, Lucas Nussbaum wrote:
> > > I did an archive rebuild on Amazon EC2 using m4.16xlarge instances, that
> > > use a CPU with TSX enabled.
> > 
> > What microcode revision is that Xeon E5-2686 running?
> 
> microcode: CPU0 sig=0x406f1, pf=0x1, revision=0xb14

This is quite outdated, and it is in fact below the minimum recommended
revision for Linux use (as defined by "whatever Intel is distributing in
the latest Linux public microcode distribution" [1]).  I wouldn't trust
it for general production work, unless we're talking a distributed
application built upon resilient nodes and resilient inter-node result
cross-checking.  Kinda cloudy, I suppose :-)

Note that I don't think at all that it invalidates any results you got
about buildability under TSX.  It is just a reminder of yet another
reason to never trust the cloud too much.

It is also a reminder to ensure all of our (Debian) boxes are running
the latest relevant firmware update level and have the intel-microcode
package from stable non-free installed.

[1] Which is, as of 2016-11-04:
sig 0x000406f1, pf_mask 0xef, 2016-10-07, rev 0xb1f, size 25600

In a couple months[2], it will migrate to Debian stable, which currently
has:
sig 0x000406f1, pf_mask 0xef, 2016-06-06, rev 0xb1d, size 25600

[2] I enforce an one month quarantine in Debian testing before I even
submit a stable p-u request, and that one will typically sit in s-p-u
for a while (after it is approved) until the next stable point release
is out. Anyone that needs it earlier can get it from stable-backports. I
should upload the stable backport of intel-microcode 3.20161104-1 before
this weekend.

-- 
  Henrique de Moraes Holschuh <h...@debian.org>

Re: libc recently more aggressive about pthread locks in stable ?

2016-11-17 Thread Henrique de Moraes Holschuh 
On Wed, Nov 9, 2016, at 06:26, Lucas Nussbaum wrote:
> On 08/11/16 at 16:01 -0200, Henrique de Moraes Holschuh wrote:
> > I fear it might be bad, but
> > I would love to be pleasantly surprised that people did get libpthreads
> > locking right most of the time...
> 
> I wonder if it has been considered to "fix" glibc so that the misuses
> that are tolerated without TSX are also tolerated with TSX? Or is that
> impossible?

AFAIK, the hardware cannot be programed to tolerate this kind of
programming error.  And I don't think that's a bad thing. Locking bugs
are already subtle enough when the whole deal is fully visible to
software and depends only on trivial atomic operations on machine word
sizes (32-bit on ia32/amd64). Hidden by hardware transactional memory,
they would go from subtle and difficult to debug straight into utterly
nasty hellbug land if the hardware was too permissive about misuse.

One can handle the SIGSEGV and attempt to recover, I suppose -- which is
painful enough to get right, and that assumes such a thing is possible
at all in the first place: we are talking about a threaded application
here -- but that is so very slow, that it is simply not worth it as far
as I am concerned.  Not that I think it would be desirable to do so in
the first place: locking bugs are best fixed, not papered over.

This is an area where KISS is absolutely required, too.  Handling that
SIGSEGV to trigger a safe whole-application exit while saving user data
is one thing, attempting to resume execution from a signal raised while
inside an transactional state that has been aborted(!) is quite another.
 This is NOT the kind of thing I would ever trust current and future
processors to always get right.  It reeks of an errata minefield one
should never enter willing.

The deal with *current* Debian stable is that, if the breakage is too
widespread, we simply might not be able to do the right thing (fix the
real bugs).  IMHO, this is not a valid excuse to paper over the breakage
for unstable (or even the next stable, as far as I am concerned.  I'd
rather delay the release, although it is _not_ clear at this time that
such a thing would be needed).   It is not really about Intel TSX, it is
about broken locking that was *already* causing hard-to-debug issues in
many cases (I believe Ian said ghostscript was already showing hard to
debug hangs in this thread), and Intel TSX happened to expose.

-- 
  Henrique de Moraes Holschuh <h...@debian.org>

Accepted autotools-dev 20161112.1 (source all) into unstable

2016-11-12 Thread Henrique de Moraes Holschuh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 12 Nov 2016 18:18:52 -0200
Source: autotools-dev
Binary: autotools-dev
Architecture: source all
Version: 20161112.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Description:
 autotools-dev - Update infrastructure for config.{guess,sub} files
Changes:
 autotools-dev (20161112.1) unstable; urgency=medium
 .
   * Sync to upstream git 2016-11-12
 [commit daabcd0839d1fbce591bc54d779773b916e4ec62]
 + mips64el:Linux:*:*
 + riscv32:Linux:*:*, riscv64:Linux:*:*
 + Add or fix support for some non-Linux platforms
   * debian/control, compat: switch to debhelper level 9
Checksums-Sha1:
 0ab59ee8474da8f53ff909f96ef55aedc7388dde 1641 autotools-dev_20161112.1.dsc
 dae0edc294a9936f8c7430c3a466983542d65c95 65304 autotools-dev_20161112.1.tar.xz
 47c957a89299e2993524bce9d62f3a1dc3ae3ebd 4348 
autotools-dev_20161112.1_20161112T203205z-3f1287b5.buildinfo
 5af0d2cfa2a7a3184e4bb5bde483667133f58728 73406 autotools-dev_20161112.1_all.deb
Checksums-Sha256:
 2d55f69103b6d15043541c396ac3abd4e0d1b1d2c13a4d137f3fea277fccb21c 1641 
autotools-dev_20161112.1.dsc
 7c9405da28bbb4fc1d6d6ab9229920760b9120e5619c57cebfe594a555fd9894 65304 
autotools-dev_20161112.1.tar.xz
 f53bab25f53fd4f1b1a001229bc209e1888967004b25107124a8db17b3ae7ea9 4348 
autotools-dev_20161112.1_20161112T203205z-3f1287b5.buildinfo
 647e58e0b1d748759f52340b6d5425f04cfedc00492629cbcde937d27e42ef86 73406 
autotools-dev_20161112.1_all.deb
Files:
 1c107d570309a4d2374abdaf0fa5fdaf 1641 devel optional 
autotools-dev_20161112.1.dsc
 b919a9b8f38354b8e4c115344021fa10 65304 devel optional 
autotools-dev_20161112.1.tar.xz
 3f1287b5f954d7b6369f706f92185f55 4348 devel optional 
autotools-dev_20161112.1_20161112T203205z-3f1287b5.buildinfo
 9a0e77153e1284268de9b9b773ef795d 73406 devel optional 
autotools-dev_20161112.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJYJ3yGAAoJEP4Rv6aLFY6YI2YQAMMBysFMNBVi70TJLE3hlYL5
kaMdu/mOoxMvgLwFvkyFAB3yoJspXG5G8zLs3nO1g0+ZAVp8RtoUE5UOE4hyZWcU
Ti3qhBG46miaDL/7/j3Abo9Fjsv03PZdo7rxl2g2O41OGpwEKoK0YK8EnXqeT/TN
TYH7nMGN/UYDV028j2C0Bueof/POsWsiCp5Y0X0BoVtfuyz+xi87oPbeFyq5fXrE
xWb5ybTtA4pabQm0FDWPi2Q7YKz/8sPcooC0yLAGq6/50lt/THz8wWKYmut2Rnx4
907IrIsgbU0+L8hCQSEO6Ql3roAY1Vt+8GVCmtIiT63PfpB4A0eFmrOZqBmxGQk9
fPomlQw1BqSKSlcSmKaVM6oHPTAv3NKp56ZbxyBV+9veRhVNlY930DjSTsDkJJKW
Ms+v6eGJev+UThtlW8x5ucKpEoS4M7fB6OMRMZu0uEvHt5bo4VD027VMS7Y8w0OR
qMvwwN1o+c0NSWjSAu+pYVp1KWEtmSOkduxV564y9L6VAOCA3BX1vYf2CT87wngy
+YgLY4X1ZbIf/Zc6liyfQZs2Iv49Cel+0d/9ler2+KgT9YQvCWgSBFZIyNlDePi5
4c4VRnPmQBLatRHBdO2acDEM9mDmGqXOx/uMMJrfnkEVdpOInBdIZU82on/VyQAo
vsGdUHadfJ24JooPh4XF
=Qw/h
-END PGP SIGNATURE-

  1   2   3   4   5   6   7   8   9   10   >