Processed: Re: Bug#1032847: unblock: intel-microcode/3.20230214.1

2023-03-15 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 -moreinfo
Bug #1032847 [release.debian.org] unblock: intel-microcode/3.20230214.1
Removed tag(s) moreinfo.

-- 
1032847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032847
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1032847: unblock: intel-microcode/3.20230214.1

2023-03-15 Thread Tobias Frost 
Control: tag -1 -moreinfo
> 
> On Sun, Mar 12, 2023 at 06:56:21PM +0100, Tobias Frost wrote:
> > I've uploaded intel-microcode to DELAYED/5, ETA will be Mar 17 ~18:00 CET
> > Please unblock package intel-microcode once it hits unstable.
> 
> Please remove the moreinfo tag from this bug when it's ready to review.

It's now in unstable.

-- 
tobi

Processed: Re: Bug#1032847: unblock: intel-microcode/3.20230214.1

2023-03-15 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 moreinfo
Bug #1032847 [release.debian.org] unblock: intel-microcode/3.20230214.1
Added tag(s) moreinfo.

-- 
1032847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032847
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1032847: unblock: intel-microcode/3.20230214.1

2023-03-15 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Sun, Mar 12, 2023 at 06:56:21PM +0100, Tobias Frost wrote:
> I've uploaded intel-microcode to DELAYED/5, ETA will be Mar 17 ~18:00 CET
> Please unblock package intel-microcode once it hits unstable.

Please remove the moreinfo tag from this bug when it's ready to review.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1032847: unblock: intel-microcode/3.20230214.1

2023-03-14 Thread Salvatore Bonaccorso 
Hi Tobi,

On Sun, Mar 12, 2023 at 06:56:21PM +0100, Tobias Frost wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: intel-microc...@packages.debian.org, t...@security.debian.org
> Control: affects -1 + src:intel-microcode
> 
> I've uploaded intel-microcode to DELAYED/5, ETA will be Mar 17 ~18:00 CET
> Please unblock package intel-microcode once it hits unstable.
> 
> The upload updates intel microcodes to target (See #1031334)
>- INTEL-SA-00700: CVE-2022-21216
>- INTEL-SA-00730: CVE-2022-33972
>- INTEL-SA-00738: CVE-2022-33196
>- INTEL-SA-00767: CVE-2022-38090
> 
> the CVEs are information disclosure via local access vulnerbilities and
> potential privilege escalations.
> 
> I plan to provide updated packages for bullseye (security team in CC).
> As well as LTS (buster) and ELTS (stretch an jessie) as part of the freexian 
> LTS/ELTS project)
> 
> To keep the fixes consistent, I'd like to let them flow from sid -> jessie…

Thanks that is a good appraoch, make sure to handle back the
non-free-firmware -> non-free situation.

I talked with Henrique, and feel this covers my initial thinking as
well: The update for bullseye can go trough the next point release
(should not be too distant, and have the update as well accepted
early enough there to be exposed further a bit for testing by
interested parties).

In fact, INTE-SA-0700 might be the most important one, but still would
not warrant a DSA. Two are SGX related which affect intel-microcode
but not that relevant in Debian context (for the affected suites). And
for INTEL-SA-0738 Henrique told me the situation is similar with some
other updates we had in past, the update will not take entirely unless
loaded by the firmware, it is about early or late loading. Henrique
might comment better on this, if he finds time.

In any case an update in bullseye owuld be welcome, but we should
rather not push this via a DSA, but batch it in point release update
(I know this is unfortunately not an option for LTS and ELTS, which do
not have point release concept possible).

Regards,
Salvatore

Bug#1032847: unblock: intel-microcode/3.20230214.1

2023-03-12 Thread Tobias Frost 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: intel-microc...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:intel-microcode

I've uploaded intel-microcode to DELAYED/5, ETA will be Mar 17 ~18:00 CET
Please unblock package intel-microcode once it hits unstable.

The upload updates intel microcodes to target (See #1031334)
   - INTEL-SA-00700: CVE-2022-21216
   - INTEL-SA-00730: CVE-2022-33972
   - INTEL-SA-00738: CVE-2022-33196
   - INTEL-SA-00767: CVE-2022-38090

the CVEs are information disclosure via local access vulnerbilities and
potential privilege escalations.

I plan to provide updated packages for bullseye (security team in CC).
As well as LTS (buster) and ELTS (stretch an jessie) as part of the freexian 
LTS/ELTS project)

To keep the fixes consistent, I'd like to let them flow from sid -> jessie…

[ Tests ]
I've tested that the package works on Intel hardware that I have access to.


[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock intel-microcode/3.20230214.1

-- 
tobi
diff -Nru intel-microcode-3.20221108.2/debian/changelog 
intel-microcode-3.20230214.1/debian/changelog
--- intel-microcode-3.20221108.2/debian/changelog   2023-02-17 
01:12:52.0 +0100
+++ intel-microcode-3.20230214.1/debian/changelog   2023-03-12 
18:16:50.0 +0100
@@ -1,3 +1,52 @@
+intel-microcode (3.20230214.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * New upstream microcode datafile 20230214
+- Includes Fixes for: (Closes: #1031334)
+   - INTEL-SA-00700: CVE-2022-21216
+   - INTEL-SA-00730: CVE-2022-33972
+   - INTEL-SA-00738: CVE-2022-33196
+   - INTEL-SA-00767: CVE-2022-38090
+  * New Microcodes:
+sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
+sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
+sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
+sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
+sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
+  * Updated Microcodes:
+sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
+sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
+sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
+sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
+sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
+sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
+sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
+sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
+sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
+sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
+sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
+sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
+sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
+sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
+sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
+sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
+sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x2424, size 20480
+sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
+sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
+sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
+sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c
+
+ -- Tobias Frost   Sun, 12 Mar 2023 18:16:50 +0100
+
 intel-microcode (3.20221108.2) unstable; urgency=medium
 
   * Move source and binary from non-free/admin to non-free-firmware/admin
Binary files /tmp/qNbFv9J1ty/intel-microcode-3.20221108.2/intel-ucode/06-55-03 
and /tmp/Ekjb2KZejs/intel-microcode-3.20230214.1/intel-ucode/06-55-03 differ
Binary files /tmp/qNbFv9J1ty/intel-microcode-3.20221108.2/intel-ucode/06-55-06 
and /tmp/Ekjb2KZejs/intel-microcode-3.20230214.1/intel-ucode/06-55-06 differ
Binary files /tmp/qNbFv9J1ty/intel-microcode-3.20221108.2/intel-ucode/06-55-07 
and /tmp/Ekjb2KZejs/intel-microcode-3.20230214.1/intel-ucode/06-55-07 differ
Binary files /tmp/qNbFv9J1ty/intel-microcode-3.20221108.2/intel-ucode/06-55-0b