intel-microcode (3.20251111.1) unstable; urgency=high

  * New upstream microcode datafile 20251111 (closes: #1120589)
    - Fixes for unspecified functional issues on several Intel, Intel
      Core and Intel Xeon processor models.
    - Fixes errata RPL070/ADL083/LNL047/ALR054/SPR154/EMR147:
      REP SCASB, REP CMPSB may return incorrect results when racing
      memory access with another core or thread, on Raptor Lake, Arrow
      Lake, Lunar Lake, 4th/5th gen Xeon Scalable and maybe other
      processor models
  * New microcodes:
    + sig 0x000a06e1, pf_mask 0x97, 2025-06-27, rev 0x1000273, size 1635328
  * Updated microcodes:
    + sig 0x000806f8, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
    + sig 0x000806f7, pf_mask 0x87, 2025-05-29, rev 0x2b000650
    + sig 0x000806f6, pf_mask 0x87, 2025-05-29, rev 0x2b000650
    + sig 0x000806f5, pf_mask 0x87, 2025-05-29, rev 0x2b000650
    + sig 0x000806f4, pf_mask 0x87, 2025-05-29, rev 0x2b000650
    + sig 0x000806f8, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
    + sig 0x000806f6, pf_mask 0x10, 2025-05-29, rev 0x2c000410
    + sig 0x000806f5, pf_mask 0x10, 2025-05-29, rev 0x2c000410
    + sig 0x000806f4, pf_mask 0x10, 2025-05-29, rev 0x2c000410
    + sig 0x00090672, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
    + sig 0x00090675, pf_mask 0x07, 2025-10-12, rev 0x003d
    + sig 0x000b06f2, pf_mask 0x07, 2025-10-12, rev 0x003d
    + sig 0x000b06f5, pf_mask 0x07, 2025-10-12, rev 0x003d
    + sig 0x000b06f6, pf_mask 0x07, 2025-10-12, rev 0x003d
    + sig 0x000b06f7, pf_mask 0x07, 2025-10-12, rev 0x003d
    + sig 0x000906a3, pf_mask 0x80, 2025-10-12, rev 0x043a, size 224256
    + sig 0x000906a4, pf_mask 0x80, 2025-10-12, rev 0x043a
    + sig 0x000906a4, pf_mask 0x40, 2025-06-13, rev 0x000b, size 119808
    + sig 0x000a06d1, pf_mask 0x95, 2025-07-23, rev 0x10003f0, size 1670144
    + sig 0x000a06d1, pf_mask 0x20, 2025-08-29, rev 0xa000124, size 1642496
    + sig 0x000a06f3, pf_mask 0x01, 2025-07-30, rev 0x3000382, size 1534976
    + sig 0x000b0671, pf_mask 0x32, 2025-10-08, rev 0x0132, size 219136
    + sig 0x000b0674, pf_mask 0x32, 2025-10-08, rev 0x0132
    + sig 0x000b06a2, pf_mask 0xe0, 2025-10-08, rev 0x6133, size 224256
    + sig 0x000b06a3, pf_mask 0xe0, 2025-10-08, rev 0x6133
    + sig 0x000b06a8, pf_mask 0xe0, 2025-10-08, rev 0x6133
    + sig 0x000b06d1, pf_mask 0x80, 2025-08-28, rev 0x0125, size 80896
    + sig 0x000b06e0, pf_mask 0x19, 2025-05-16, rev 0x001e, size 139264
    + sig 0x000c0662, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
    + sig 0x000c06a2, pf_mask 0x82, 2025-06-30, rev 0x011a
    + sig 0x000c0652, pf_mask 0x82, 2025-06-30, rev 0x011a
    + sig 0x000c0664, pf_mask 0x82, 2025-06-30, rev 0x011a
    + sig 0x000c06f2, pf_mask 0x87, 2025-05-29, rev 0x210002c0, size 564224
    + sig 0x000c06f1, pf_mask 0x87, 2025-05-29, rev 0x210002c0
  * source: update symlinks to reflect id of the latest release, 20251111

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 13 Nov 2025 12:48:02 -0300

intel-microcode (3.20250812.1) unstable; urgency=medium

  [ Henrique de Moraes Holschuh ]
  * New upstream microcode datafile 20250812 (closes: #1110983, #1112168)
    - Mitgations for INTEL-SA-01249 (processor Stream Cache):
      CVE-2025-20109: Improper Isolation or Compartmentalization in the
      stream cache mechanism for some Intel Processors may allow an
      authenticated user to potentially enable escalation of privilege via
      local access.  Intel also disclosed that several processors models
      had already received this mitigation on the previous microcode
      release, 20250512.
    - Mitigations for INTEL-SA-01308:
      CVE-2025-22840: Sequence of processor instructions leads to
      unexpected behavior for some Intel Xeon 6 Scalable processors may
      allow an authenticated user to potentially enable escalation of
      privilege via local access.
    - Mitigations for INTEL-SA-01310 (OOBM services module):
      CVE-2025-22839: Insufficient granularity of access control in the
      OOB-MSM for some Intel Xeon 6 Scalable processors may allow a
      privileged user to potentially enable escalation of privilege via
      adjacent access.
    - Mitigations for INTEL-SA-01311 (Intel TDX):
      CVE-2025-22889: Improper handling of overlap between protected
      memory ranges for some Intel Xeon 6 processors with Intel TDX may
      allow a privileged user to potentially enable escalation of
      privilege via local access.
    - Mitigations for INTEL-SA-01313:
      CVE-2025-20053: Improper buffer restrictions for some Intel Xeon
      Processor firmware with SGX enabled may allow a privileged user to
      potentially enable escalation of privilege via local access.
      CVE-2025-21090: Missing reference to active allocated resource for
      some Intel Xeon processors may allow an authenticated user to
      potentially enable denial of service via local access.
      CVE-2025-24305: Insufficient control flow management in the Alias
      Checking Trusted Module (ACTM) firmware for some Intel Xeon
      processors may allow a privileged user to potentially enable
      escalation of privilege via local access.
    - Mitigations for INTEL-SA-01367 (Intel SGX, TDX):
      CVE-2025-26403: Out-of-bounds write in the memory subsystem for some
      Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow
      a privileged user to potentially enable escalation of privilege via
      local access.
      CVE-2025-32086: Improperly implemented security check for standard
      in the DDRIO configuration for some Intel Xeon 6 Processors when
      using Intel SGX or Intel TDX may allow a privileged user to
      potentially enable escalation of privilege via local access.
    - Fixes for unspecified functional issues on several Intel Core and
      Intel Xeon processor models.
  * Updated microcodes:
    sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
    sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
    sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896
    sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643
    sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643
    sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643
    sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643
    sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664
    sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401
    sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401
    sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401
    sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
    sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072
    sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400
    sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880
    sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256
    sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129
    sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129
    sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896
    sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112
    sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119
    sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119
    sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119
    sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224
    sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3
  * update entry for 3.20250512.1 with new information
  * source: update symlinks to reflect id of the latest release, 20250812

  [ Ben Hutchings ]
  * debian/tests/initramfs: Update to work with forky's initramfs-tools.
    In version 0.149 of initramfs-tools, unmkinitramfs was changed to no
    longer create early/ and main/ subdirectories.  Update the microcode
    file check to work with both old and new behaviours.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 13 Sep 2025 18:30:55 -0300

intel-microcode (3.20250512.1) unstable; urgency=high

  * New upstream microcode datafile 20250512 (closes: #1105172)
    - Mitigations for INTEL-SA-01153 (ITS: Indirect Target Selection):
      CVE-2024-28956: Processor may incompletely mitigate Branch Target
      Injection due to indirect branch predictions that are not fully
      constrained by eIBRS nor by the IBPB barrier.  Part of the "Training
      Solo" set of vulnerabilities.
    - Mitigations for INTEL-SA-01244:
      CVE-2025-20103: Insufficient resource pool in the core management
      mechanism for some Intel Processors may allow an authenticated user
      to potentially enable denial of service via local access.
      CVE-2025-20054: Uncaught exception in the core management mechanism
      for some Intel Processors may allow an authenticated user to
      potentially enable denial of service via local access.
    - Mitigations for INTEL-SA-01247:
      CVE-2024-43420, CVE-2025-20623: Exposure of sensitive information
      caused by shared microarchitectural predictor state that influences
      transient execution for some Intel Atom and some Intel Core
      processors (10th Generation) may allow an authenticated user to
      potentially enable information disclosure via local access.
      CVE-2024-45332 (Branch Privilege Injection): Exposure of sensitive
      information caused by shared microarchitectural predictor state that
      influences transient execution in the indirect branch predictors for
      some Intel Processors may allow an authenticated user to potentially
      enable information disclosure via local access.
    - Mitigations for INTEL-SA-01322:
      CVE-2025-24495 (Training Solo): Incorrect initialization of resource
      in the branch prediction unit for some Intel Core Ultra Processors
      may allow an authenticated user to potentially enable information
      disclosure via local access (IBPB bypass)
      CVE-2025-20012 (Training Solo): Incorrect behavior order for some
      Intel Core Ultra Processors may allow an unauthenticated user to
      potentially enable information disclosure via physical access.
    - Improved fix for the Vmin Shift Instability for the Intel Core 13th
      and 14th gen processors under low-activity scenarios (sig 0xb0671).
      This microcode update is supposed to be delivered as a system
      firmware update, but according to Intel it should be effective when
      loaded by the operating system if the system firmware has revision
      0x12e.
    - Mitgations for INTEL-SA-01249 (processor Stream Cache):
      CVE-2025-20109: Improper Isolation or Compartmentalization in the
      stream cache mechanism for some Intel Processors may allow an
      authenticated user to potentially enable escalation of privilege via
      local access.  This information was disclosed by Intel for release
      20250812.
    - Fixes for unspecified functional issues on several processor models
  * New microcodes or new extended signatures:
    sig 0x000a06d1, pf_mask 0x95, 2025-02-07, rev 0x10003a2, size 1664000
    sig 0x000a06d1, pf_mask 0x20, 2025-02-07, rev 0xa0000d1, size 1635328
    sig 0x000b0650, pf_mask 0x80, 2025-03-18, rev 0x000a, size 136192
    sig 0x000b06d1, pf_mask 0x80, 2025-03-18, rev 0x011f, size 79872
    sig 0x000c0662, pf_mask 0x82, 2025-03-20, rev 0x0118, size 90112
    sig 0x000c06a2, pf_mask 0x82, 2025-03-20, rev 0x0118
    sig 0x000c0652, pf_mask 0x82, 2025-03-20, rev 0x0118
    sig 0x000c0664, pf_mask 0x82, 2025-03-20, rev 0x0118
  * Updated microcodes:
    sig 0x00050657, pf_mask 0xbf, 2024-12-12, rev 0x5003901, size 39936
    sig 0x0005065b, pf_mask 0xbf, 2024-12-12, rev 0x7002b01, size 30720
    sig 0x000606a6, pf_mask 0x87, 2025-01-07, rev 0xd000404, size 309248
    sig 0x000606c1, pf_mask 0x10, 2025-01-07, rev 0x10002d0, size 300032
    sig 0x000706a8, pf_mask 0x01, 2024-12-05, rev 0x0026, size 76800
    sig 0x000706e5, pf_mask 0x80, 2025-01-07, rev 0x00ca, size 115712
    sig 0x000806c1, pf_mask 0x80, 2024-12-01, rev 0x00bc, size 112640
    sig 0x000806c2, pf_mask 0xc2, 2024-12-01, rev 0x003c, size 99328
    sig 0x000806d1, pf_mask 0xc2, 2024-12-11, rev 0x0056, size 105472
    sig 0x000806ec, pf_mask 0x94, 2024-11-17, rev 0x0100, size 106496
    sig 0x000806f8, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872
    sig 0x000806f7, pf_mask 0x87, 2025-01-28, rev 0x2b000639
    sig 0x000806f6, pf_mask 0x87, 2025-01-28, rev 0x2b000639
    sig 0x000806f5, pf_mask 0x87, 2025-01-28, rev 0x2b000639
    sig 0x000806f4, pf_mask 0x87, 2025-01-28, rev 0x2b000639
    sig 0x000806f8, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7, size 624640
    sig 0x000806f6, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
    sig 0x000806f5, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
    sig 0x000806f4, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
    sig 0x00090672, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304
    sig 0x00090675, pf_mask 0x07, 2024-12-12, rev 0x003a
    sig 0x000b06f2, pf_mask 0x07, 2024-12-12, rev 0x003a
    sig 0x000b06f5, pf_mask 0x07, 2024-12-12, rev 0x003a
    sig 0x000b06f6, pf_mask 0x07, 2024-12-12, rev 0x003a
    sig 0x000b06f7, pf_mask 0x07, 2024-12-12, rev 0x003a
    sig 0x000906a3, pf_mask 0x80, 2024-12-12, rev 0x0437, size 224256
    sig 0x000906a4, pf_mask 0x80, 2024-12-12, rev 0x0437
    sig 0x000906a4, pf_mask 0x40, 2024-12-06, rev 0x000a, size 119808
    sig 0x000906ed, pf_mask 0x22, 2024-11-14, rev 0x0104, size 106496
    sig 0x000a0652, pf_mask 0x20, 2024-11-14, rev 0x0100, size 97280
    sig 0x000a0653, pf_mask 0x22, 2024-11-14, rev 0x0100, size 98304
    sig 0x000a0655, pf_mask 0x22, 2024-11-14, rev 0x0100, size 97280
    sig 0x000a0660, pf_mask 0x80, 2024-11-14, rev 0x0102, size 98304
    sig 0x000a0661, pf_mask 0x80, 2024-11-14, rev 0x0100, size 97280
    sig 0x000a0671, pf_mask 0x02, 2024-12-01, rev 0x0064, size 108544
    sig 0x000a06a4, pf_mask 0xe6, 2025-02-13, rev 0x0024, size 140288
    sig 0x000a06f3, pf_mask 0x01, 2025-02-10, rev 0x3000341, size 1542144
    sig 0x000b0671, pf_mask 0x32, 2025-03-17, rev 0x012f, size 219136
    sig 0x000b0674, pf_mask 0x32, 2025-03-17, rev 0x012f
    sig 0x000b06a2, pf_mask 0xe0, 2025-01-15, rev 0x4128, size 224256
    sig 0x000b06a3, pf_mask 0xe0, 2025-01-15, rev 0x4128
    sig 0x000b06a8, pf_mask 0xe0, 2025-01-15, rev 0x4128
    sig 0x000b06e0, pf_mask 0x19, 2024-12-06, rev 0x001d, size 139264
    sig 0x000c06f2, pf_mask 0x87, 2025-03-14, rev 0x210002a9, size 563200
    sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9
  * Removed microcodes (ES/QS steppings):
    sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
    sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9 [EXCLUDED]
  * Makefile: exclude QS/ES steppings 0x50656, 0xc06f1.
  * Makefile: add targets to create split F-M-S /lib/firmware dir
  * debian/rules: use new intel-ucode-{fw,fw64} Makefile targets
    Removes from the binary package the F-M-S files for extended signatures
    that were excluded by IUC_EXCLUDE.
  * source: update symlinks to reflect id of the latest release, 20250512

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 17 May 2025 01:35:08 -0300

intel-microcode (3.20250211.1) unstable; urgency=medium

  * New upstream microcode datafile 20250211 (closes: #1095805)
    - Mitigations for INTEL-SA-01166 (CVE-2024-31068)
      Improper Finite State Machines (FSMs) in Hardware Logic for some Intel
      Processors may allow privileged user to potentially enable denial of
      service via local access.
    - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
      Improper access control in the EDECCSSA user leaf function for some
      Intel Processors with Intel SGX may allow an authenticated user to
      potentially enable denial of service via local access.  Intel disclosed
      that some 9th Generation Intel Core processor models were already fixed
      by a previous microcode update.
    - Mitigations for INTEL-SA-01139 (CVE-2023-43758, CVE-2023-34440,
      CVE-2024-24582, CVE-2024-29214, CVE-2024-28127, CVE-2024-39279,
      CVE-2024-31157, CVE-2024-28047)
      Improper input validation, insufficient granularity of access control,
      and improper initialization issues in UEFI firmware for some Intel
      processors may allow escalation of privilege, denial of service, or
      information disclosure.  An UEFI firmware update is needed for complete
      mitigation.
    - Mitigations for INTEL-SA-01228 (CVE-2024-39355)
      Improper handling of physical or environmental conditions in some 13th
      and 14th Generation Intel Core Processors may allow an authenticated
      user to enable denial of service via local access.  An UEFI firmware
      update may be required for complete mitigation.
    - Mitigations for INTEL-SA-01194 (CVE-2024-37020)
      Sequence of processor instructions leads to unexpected behavior in the
      Intel DSA V1.0 for some Intel Xeon Processors may allow an authenticated
      user to potentially enable denial of service via local access.
    - Fixes for unspecified functional issues on several processor models
  * New microcodes or new extended signatures:
    sig 0x000a06f3, pf_mask 0x01, 2024-11-22, rev 0x3000330, size 1533952
    sig 0x000b06f6, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
    sig 0x000b06f7, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
    sig 0x000b0674, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
  * Updated microcodes:
    sig 0x000606a6, pf_mask 0x87, 2024-08-02, rev 0xd0003f5, size 308224
    sig 0x000606c1, pf_mask 0x10, 2024-08-08, rev 0x10002c0, size 300032
    sig 0x000806f8, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824
    sig 0x000806f7, pf_mask 0x87, 2024-07-30, rev 0x2b000620
    sig 0x000806f6, pf_mask 0x87, 2024-07-30, rev 0x2b000620
    sig 0x000806f5, pf_mask 0x87, 2024-07-30, rev 0x2b000620
    sig 0x000806f4, pf_mask 0x87, 2024-07-30, rev 0x2b000620
    sig 0x000806f8, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592
    sig 0x000806f6, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
    sig 0x000806f5, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
    sig 0x000806f4, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
    sig 0x00090672, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
    sig 0x00090675, pf_mask 0x07, 2024-08-01, rev 0x0038
    sig 0x000b06f2, pf_mask 0x07, 2024-08-01, rev 0x0038
    sig 0x000b06f5, pf_mask 0x07, 2024-08-01, rev 0x0038
    sig 0x000906a3, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232
    sig 0x000906a4, pf_mask 0x80, 2024-08-01, rev 0x0436
    sig 0x000906a4, pf_mask 0x40, 2024-07-29, rev 0x0009, size 119808
    sig 0x000906ea, pf_mask 0x22, 2024-07-28, rev 0x00fa, size 105472
    sig 0x000906ed, pf_mask 0x22, 2024-07-31, rev 0x0102, size 106496
    sig 0x000a0671, pf_mask 0x02, 2024-08-01, rev 0x0063, size 108544
    sig 0x000b0671, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
    sig 0x000b06a2, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160
    sig 0x000b06a3, pf_mask 0xe0, 2024-07-31, rev 0x4124
    sig 0x000b06a8, pf_mask 0xe0, 2024-07-31, rev 0x4124
    sig 0x000b06e0, pf_mask 0x19, 2024-09-06, rev 0x001c, size 138240
    sig 0x000c06f2, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128
    sig 0x000c06f1, pf_mask 0x87, 2024-07-30, rev 0x21000291
  * source: update symlinks to reflect id of the latest release, 20250211
  * Update changelog for 3.20240813.1 with new information

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 16 Feb 2025 18:34:38 -0300

intel-microcode (3.20241112.1) unstable; urgency=medium

  * New upstream microcode datafile 20241112 (closes: #1086483)
    - Mitigations for INTEL-SA-01101 (CVE-2024-21853)
      Improper Finite State Machines (FSMs) in the Hardware logic in some
      4th and 5th Generation Intel Xeon Processors may allow an authorized
      user to potentially enable denial of service via local access.
    - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
      Potential security vulnerabilities in some Intel Xeon processors
      using Intel SGX may allow escalation of privilege.  Intel disclosed
      that some processor models were already fixed by a previous
      microcode update.
    - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
      Improper finite state machines (FSMs) in hardware logic in some
      Intel Processors may allow an privileged user to potentially enable a
      denial of service via local access.
    - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
      A potential security vulnerability in the Running Average Power Limit
      (RAPL) interface for some Intel Processors may allow information
      disclosure.  Added mitigations for more processor models.
  * Updated Microcodes:
    sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800
    sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603
    sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603
    sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603
    sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603
    sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256
    sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037
    sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037
    sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037
    sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232
    sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435
    sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240
    sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160
    sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123
    sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123
    sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128
    sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283
  * source: update symlinks to reflect id of the latest release, 20241112
  * Update changelog for 3.20240910.1 and 3.20240813.1 with new information:
    INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models,
    and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for
    some processor models.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 14 Nov 2024 15:37:40 -0300

intel-microcode (3.20241029.1) UNRELEASED; urgency=medium

  * New upstream microcode datafile 20241029
    - Not relevant for operating system microcode updates
    - Only when loaded from firmware, this update fixes the critical,
      potentially hardware-damaging errata RPL061: Incorrect Internal
      Voltage Request on Raptor Lake (Core 13th/14th gen) Intel
      processors.
  * Updated Microcodes:
    sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 14 Nov 2024 14:49:03 -0300

intel-microcode (3.20240910.1) unstable; urgency=medium

  * New upstream microcode datafile 20240910 (closes: #1081363)
    - Mitigations for INTEL-SA-01097 (CVE-2024-24968)
      Improper finite state machines (FSMs) in hardware logic in some
      Intel Processors may allow an privileged user to potentially enable a
      denial of service via local access.
    - Fixes for unspecified functional issues on several processor models
    - The processor voltage limit issue on Core 13rd/14th gen REQUIRES A
      FIRMWARE UPDATE.  It is present in this release for sig 0xb0671, but
      THE VOLTAGE ISSUE FIX ONLY WORKS WHEN THE MICROCODE UPDATE IS LOADED
      THROUGH THE FIT TABLE IN FIRMWARE.  Contact your system vendor for a
      firmware update that includes the appropriate microcode update for
      your processor.
  * Updated Microcodes:
    sig 0x00090672, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256
    sig 0x00090675, pf_mask 0x07, 2024-02-22, rev 0x0036
    sig 0x000b06f2, pf_mask 0x07, 2024-02-22, rev 0x0036
    sig 0x000b06f5, pf_mask 0x07, 2024-02-22, rev 0x0036
    sig 0x000906a3, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208
    sig 0x000906a4, pf_mask 0x80, 2024-02-22, rev 0x0434
    sig 0x000a06a4, pf_mask 0xe6, 2024-06-17, rev 0x001f, size 137216
    sig 0x000b0671, pf_mask 0x32, 2024-07-18, rev 0x0129, size 215040
    sig 0x000b06a2, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160
    sig 0x000b06a3, pf_mask 0xe0, 2024-02-22, rev 0x4122
    sig 0x000b06a8, pf_mask 0xe0, 2024-02-22, rev 0x4122
    sig 0x000b06e0, pf_mask 0x19, 2024-03-25, rev 0x001a, size 138240
  * Update changelog for 3.20240813.1 with new information
  * Update changelog for 3.20240514.1 with new information
  * source: update symlinks to reflect id of the latest release, 20240910

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 21 Sep 2024 16:40:07 -0300

intel-microcode (3.20240813.2) unstable; urgency=high

  * Merge changes from intel-microcode/3.20240531.1+nmu1, which were left out
    from 3.20240813.1 by an oversight, regressing merged-usr. Closes: #1060200

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 17 Aug 2024 11:31:32 -0300

intel-microcode (3.20240813.1) unstable; urgency=medium

  * New upstream microcode datafile 20240813 (closes: #1078742)
    - Mitigations for INTEL-SA-01083 (CVE-2024-24853)
      Incorrect behavior order in transition between executive monitor and SMI
      transfer monitor (STM) in some Intel Processors may allow a privileged
      user to potentially enable escalation of privilege via local access.
    - Mitigations for INTEL-SA-01118 (CVE-2024-25939)
      Mirrored regions with different values in 3rd Generation Intel Xeon
      Scalable Processors may allow a privileged user to potentially enable
      denial of service via local access.
    - Mitigations for INTEL-SA-01100 (CVE-2024-24980)
      Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
      Xeon Processors may allow a privileged user to potentially enable
      escalation of privilege via local access.
    - Mitigations for INTEL-SA-01038 (CVE-2023-42667)
      Improper isolation in the Intel Core Ultra Processor stream cache
      mechanism may allow an authenticated user to potentially enable
      escalation of privilege via local access.  Intel disclosed that some
      processor models were already fixed by the previous microcode update.
    - Mitigations for INTEL-SA-01046 (CVE-2023-49141)
      Improper isolation in some Intel Processors stream cache mechanism may
      allow an authenticated user to potentially enable escalation of
      privilege via local access.  Intel disclosed that some processor models
      were already fixed by the previous microcode update.
    - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
      Potential security vulnerabilities in some Intel Xeon processors
      using Intel SGX may allow escalation of privilege.  Intel released this
      information during the full disclosure for the 20241112 update.
      Processor signatures 0x606a6 and 0x606c1.
    - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
      A potential security vulnerability in the Running Average Power Limit
      (RAPL) interface for some Intel Processors may allow information
      disclosure. Intel released this information during the full disclosure
      for the 20240910 update.  Processor signatures 0x5065b, 0x606a6,
      0x606c1.
    - Fix for unspecified functional issues on several processor models
    - Fix for errata TGL068/ADL075/ICL088/... "Processor may hang during a
      microcode update".  It is not clear which processors were fixed by this
      release, or by one of the microcode updates from 2024-05.
    - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
      Improper access control in the EDECCSSA user leaf function for some
      Intel Processors with Intel SGX may allow an authenticated user to
      potentially enable denial of service via local access.  Intel released
      this information during the full disclosure for the 20250211 update.
      Processor signature 0x906ec (9th Generation Intel Core processor).
  * Updated microcodes:
    sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
    sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
    sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
    sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
    sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
    sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
    sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
    sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
    sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
    sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
    sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
    sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
    sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
    sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
    sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
    sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
    sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
    sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
    sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
    sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
    sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
    sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
    sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
    sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
    sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
  * source: update symlinks to reflect id of the latest release, 20240813
  * postinst, postrm: switch to dpkg-trigger to run update-initramfs

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 15 Aug 2024 14:41:50 -0300

intel-microcode (3.20240531.1+nmu1) unstable; urgency=medium

  * Non-maintainer upload.
  * Install aliased files into /usr (DEP17 M2) (Closes: #1060200)
  * Add superficial autopkgtest for initramfs hook.

 -- Chris Hofstaedtler <zeha@debian.org>  Mon, 03 Jun 2024 22:45:50 +0200

intel-microcode (3.20240531.1) unstable; urgency=medium

  * New upstream microcode datafile 20240531
    * Fix unspecified functional issues on Pentium Silver N/J5xxx,
      Celeron N/J4xxx
    * Updated Microcodes:
      sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
  * source: update symlinks to reflect id of the latest release, 20240531

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 01 Jun 2024 11:49:47 -0300

intel-microcode (3.20240514.1) unstable; urgency=medium

  * New upstream microcode datafile 20240514 
    * Mitigations for INTEL-SA-01051 (CVE-2023-45733)
      Hardware logic contains race conditions in some Intel Processors may
      allow an authenticated user to potentially enable partial information
      disclosure via local access.
    * Mitigations for INTEL-SA-01052 (CVE-2023-46103)
      Sequence of processor instructions leads to unexpected behavior in
      Intel Core Ultra Processors may allow an authenticated user to
      potentially enable denial of service via local access.
    * Mitigations for INTEL-SA-01036 (CVE-2023-45745,  CVE-2023-47855)
      Improper input validation in some Intel TDX module software before
      version 1.5.05.46.698 may allow a privileged user to potentially enable
      escalation of privilege via local access.
    * Mitigations for INTEL-SA-01046 (CVE-2023-49141)
      Improper isolation in some Intel Processors stream cache mechanism may
      allow an authenticated user to potentially enable escalation of
      privilege via local access (time-travel entry, added after Intel
      released this information during the full disclosure for the 20240813
      update)
    * Mitigations for INTEL-SA-01046 (CVE-2023-49141)
      Improper isolation in some Intel Processors stream cache mechanism may
      allow an authenticated user to potentially enable escalation of
      privilege via local access (time-travel entry, added after Intel
      released this information during the full disclosure for the 20240813
      update).  Processor signatures 0x806f4-0x806f8, 0xb0671, 0x90672, and
      0x90675
    * Mitigations for INTEL-SA-01100 (CVE-2024-24980) for the Intel
      Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
      Xeon Processors may allow a privileged user to potentially enable
      escalation of privilege via local access (time-travel entry, added after
      Intel released this information during the full disclosure for the
      20240813 update).  Processor signatures 0xc06f1 and 0xc06f2.
    * Fix for unspecified functional issues on 4th gen and 5th gen Xeon
      Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
      Core i3 N-series processors.
    * Updated microcodes:
      sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
      sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
      sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
      sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
      sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
      sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
      sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
      sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
      sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
      sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
      sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
      sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
      sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
      sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
      sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
      sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
      sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
      sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
      sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
      sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
  * source: update symlinks to reflect id of the latest release, 20240514

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 16 May 2024 21:40:52 -0300

intel-microcode (3.20240312.1) unstable; urgency=medium

  * New upstream microcode datafile 20240312 (closes: #1066108)
    - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
      Protection mechanism failure of bus lock regulator for some Intel
      Processors may allow an unauthenticated user to potentially enable
      denial of service via network access.
    - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
      Non-transparent sharing of return predictor targets between contexts in
      some Intel Processors may allow an authorized user to potentially
      enable information disclosure via local access.  Affects SGX as well.
    - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
      Information exposure through microarchitectural state after transient
      execution from some register files for some Intel Atom Processors and
      E-cores of Intel Core Processors may allow an authenticated user to
      potentially enable information disclosure via local access.  Enhances
      VERW instruction to clear stale register buffers.  Affects SGX as well.
      Requires kernel update to be effective.
    - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
      Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
      Processors when using Intel SGX or Intel TDX may allow a privileged
      user to potentially enable escalation of privilege via local access.
      NOTE: effective only when loaded by firmware.  Allows SMM firmware to
      attack SGX/TDX.
    - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
      Incorrect calculation in microcode keying mechanism for some Intel
      Xeon D Processors with Intel SGX may allow a privileged user to
      potentially enable information disclosure via local access.
  * Fixes for other unspecified functional issues on many processors
  * Updated microcodes:
    sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
    sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
    sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
    sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
    sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
    sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
    sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
    sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
    sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
    sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
    sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
    sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
    sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
    sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
    sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
    sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
    sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
    sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
    sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
    sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
    sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
    sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
    sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
    sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
    sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
    sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
    sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
    sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
    sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
    sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
  * New microcodes:
    sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
    sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
    sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
    sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
  * source: update symlinks to reflect id of the latest release, 20240312
  * changelog, debian/changelog: fix typos

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 12 Mar 2024 20:28:17 -0300

intel-microcode (3.20231114.1) unstable; urgency=medium

  * New upstream microcode datafile 20231114 (closes: #1055962)
    Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
    Sequence of processor instructions leads to unexpected behavior for some
    Intel(R) Processors, may allow an authenticated user to potentially enable
    escalation of privilege and/or information disclosure and/or denial of
    service via local access.
    Note: "reptar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
    Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
    0x01) were already mitigated by a previous microcode update.
  * Fixes for unspecified functional issues
  * Updated microcodes:
    sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
    sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
    sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
    sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
    sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
    sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
    sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
    sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
    sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
    sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
    sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
    sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
  * Updated 2023-08-08 changelog entry with reptar information
  * source: update symlinks to reflect id of the latest release, 20231114

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 16 Nov 2023 08:09:43 -0300

intel-microcode (3.20230808.1) unstable; urgency=high

  * New upstream microcode datafile 20230808 (closes: #1043305)
    * Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
      INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
    * Mitigations for "reptar" on a few processors, refer to the 2023-11-14
      entry for details.  This information was disclosed in 2023-11-14.
    * Updated microcodes:
      sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
      sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032
      sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912
      sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912
      sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720
      sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984
      sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664
      sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616
      sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304
      sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424
      sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496
      sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496
      sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496
      sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416
      sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
      sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
      sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
      sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
      sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184
      sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271
      sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271
      sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271
      sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160
      sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e
      sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e
      sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e
      sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136
      sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c
      sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544
      sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448
      sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496
      sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472
      sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496
      sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280
      sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
      sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
      sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280
      sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256
      sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448
      sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944
      sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064
      sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119
      sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192
  * source: update symlinks to reflect id of the latest release, 20230808

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 08 Aug 2023 17:25:56 -0300

intel-microcode (3.20230512.1) unstable; urgency=medium

  * New upstream microcode datafile 20230512 (closes: #1036013)
    * New microcodes:
      sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712
      sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144
    * Updated microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864
      sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032
      sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888
      sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888
      sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696
      sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960
      sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664
      sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816
      sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592
      sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400
      sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472
      sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224
      sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968
      sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112
      sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a
      sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544
      sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448
      sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256
      sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280
      sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280
      sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424
      sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872
      sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
      sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
  * source: update symlinks to reflect id of the latest release, 20230512

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 16 May 2023 00:13:02 -0300

intel-microcode (3.20230214.1) unstable; urgency=medium

  * Non-maintainer upload.
  * New upstream microcode datafile 20230214
    - Includes Fixes for: (Closes: #1031334)
       - INTEL-SA-00700: CVE-2022-21216
       - INTEL-SA-00730: CVE-2022-33972
       - INTEL-SA-00738: CVE-2022-33196
       - INTEL-SA-00767: CVE-2022-38090
  * New Microcodes:
    sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
    sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
  * Updated Microcodes:
    sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
    sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
    sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
    sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
    sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
    sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
    sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
    sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
    sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
    sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
    sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
    sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
    sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
    sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c

 -- Tobias Frost <tobi@debian.org>  Sun, 12 Mar 2023 18:16:50 +0100

intel-microcode (3.20221108.2) unstable; urgency=medium

  * Move source and binary from non-free/admin to non-free-firmware/admin
    following the 2022 General Resolution about non-free firmware.

 -- Cyril Brulebois <kibi@debian.org>  Fri, 17 Feb 2023 01:12:52 +0100

intel-microcode (3.20221108.1) unstable; urgency=medium

  * New upstream microcode datafile 20221108
    * New Microcodes:
      sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720
      sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800
    * Updated Microcodes:
      sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664
      sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592
      sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400
      sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472
      sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480
      sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112
      sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026
      sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026
      sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026
      sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088
      sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424
      sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448
      sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256
      sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280
      sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256
      sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280
      sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256
      sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 03 Dec 2022 17:21:08 -0300

intel-microcode (3.20220809.1) unstable; urgency=medium

  * New upstream microcode datafile 20220809
    * Fixes INTEL-SA-00657, CVE-2022-21233
      Stale data from APIC leaks SGX memory (AEPIC leak)
    * Fixes unspecified errata (functional issues) on Xeon Scalable
    * Updated Microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
      sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
      sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
      sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
      sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
      sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
      sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
      sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
      sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
  * source: update symlinks to reflect id of the latest release, 20220809

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 19 Aug 2022 14:21:20 -0300

intel-microcode (3.20220510.1) unstable; urgency=medium

  * New upstream microcode datafile 20220510
    * Fixes INTEL-SA-000617, CVE-2022-21151:
      Processor optimization removal or modification of security-critical
      code may allow an authenticated user to potentially enable information
      disclosure via local access (closes: #1010947)
    * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
      Atom E3900
    * New Microcodes:
      sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
      sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
      sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
      sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
      sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
      sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    * Updated Microcodes:
      sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
      sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
      sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
      sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
      sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
      sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
      sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
      sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
      sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
      sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
      sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
      sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
      sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
      sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
      sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
      sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
      sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
      sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
      sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
      sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
      sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
      sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
      sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
      sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
      sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
      sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
      sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
      sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
      sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
      sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
      sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424
  * source: update symlinks to reflect id of the latest release, 20220510

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 15 May 2022 20:09:05 -0300

intel-microcode (3.20220419.1) unstable; urgency=medium

  * New upstream microcode datafile 20220419
    * Fixes errata APLI-11 in Atom E3900 series processors
    * Updated Microcodes:
      sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384
  * source: update symlinks to reflect id of the latest release, 20220419

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 21 Apr 2022 17:25:05 -0300

intel-microcode (3.20220207.1) unstable; urgency=medium

  * upstream changelog: new upstream datafile 20220207
    * Mitigates (*only* when loaded from UEFI firmware through the FIT)
      CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
      debug port, on Pentium, Celeron and Atom processors with signatures
      0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
      https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
    * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
      may cause a system hang, on many processors.
    * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
      to improper sanitization of shared resources (fast-store forward
      predictor), on many processors.
    * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
      Atom Processors may allow information disclosure or denial of service
      via network access.
    * Fixes critical errata (functional issues) on many processors
    * Adds a MSR switch to enable RAPL filtering (default off, once enabled
      it can only be disabled by poweroff or reboot).  Useful to protect
      SGX and other threads from side-channel info leak.  Improves the
      mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
      processors.
    * Disables TSX in more processor models.
    * Fixes issue with WBINDV on multi-socket (server) systems which could
      cause resets and unpredictable system behavior.
    * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
      Lake) processors, to control a fix for (hopefully rare) unpredictable
      processor behavior when HyperThreading is enabled.  This MSR switch
      is enabled by default on *server* processors.  On other processors,
      it needs to be explicitly enabled by an updated UEFI/BIOS (with added
      configuration logic).  An updated operating system kernel might also
      be able to enable it.  When enabled, this fix can impact performance.
    * Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
      sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
      sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
      sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
      sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
      sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
      sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
      sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
      sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
      sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
      sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
      sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
      sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
      sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
      sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
      sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
      sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
      sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
      sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
      sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
      sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
      sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
      sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
      sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
      sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
      sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
      sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
      sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
    * Removed Microcodes:
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
  * update .gitignore and debian/.gitignore.
    Add some missing items from .gitignore and debian/.gitignore.
  * ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
    When the BIOS microcode is older than revision 0x7f (and perhaps in some
    other cases as well), the latest microcode updates for 0x406e3 and
    0x506e3 must be applied using the early update method.  Otherwise, the
    system might hang.  Also: there must not be any other intermediate
    microcode update attempts [other than the one done by the BIOS itself],
    either.  It must go from the BIOS microcode update directly to the
    latest microcode update.
  * source: update symlinks to reflect id of the latest release, 20220207

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 25 Feb 2022 05:36:55 -0300

intel-microcode (3.20210608.2) unstable; urgency=high

  * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
    debian/changelog (3.20210608.1).

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 23 Jun 2021 13:42:19 -0300

intel-microcode (3.20210608.1) unstable; urgency=high

  * New upstream microcode datafile 20210608 (closes: #989615)
    * Implements mitigations for CVE-2020-24511 CVE-2020-24512
      (INTEL-SA-00464), information leakage through shared resources,
      and timing discrepancy sidechannels
    * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
      Domain-bypass transient execution vulnerability in some Intel Atom
      Processors, affects Intel SGX.
    * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel
      VT-d privilege escalation
    * Fixes critical errata on several processors
    * New Microcodes:
      sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
      sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
      sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
      sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
      sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
      sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
      sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
    * Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
      sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
      sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
      sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
      sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
      sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
      sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
      sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
      sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
      sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
      sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
      sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
      sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
      sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
      sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
      sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
      sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
  * source: update symlinks to reflect id of the latest release, 20210608

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 08 Jun 2021 22:37:57 -0300

intel-microcode (3.20210216.1) unstable; urgency=medium

  * New upstream microcode datafile 20210216
    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
      and Cascade Lake Server (B0/B1) when using an active JTAG
      agent like In Target Probe (ITP), Direct Connect Interface
      (DCI) or a Baseboard Management Controller (BMC) to take the
      CPU JTAG/TAP out of reset and then returning it to reset.
    * This issue is related to the INTEL-SA-00381 mitigation.
    * Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
  * source: update symlinks to reflect id of the latest release, 20210216

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 17 Feb 2021 11:26:06 -0300

intel-microcode (3.20201118.1) unstable; urgency=medium

  * New upstream microcode datafile 20201118
    * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
      processors.  Note that Debian already had removed this specific falty
      microcode update on the 3.20201110.1 release
    * Add a microcode update for the Pentium Silver N/J5xxx and Celeron
      N/J4xxx which didn't make it to release 20201110, fixing security issues
      (INTEL-SA-00381, INTEL-SA-00389)
    * Updated Microcodes:
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    * Removed Microcodes:
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 27 Dec 2020 15:59:32 -0300

intel-microcode (3.20201110.1) unstable; urgency=medium

  * New upstream microcode datafile 20201110 (closes: #974533)
    * Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
      aka INTEL-SA-00381: AVX register information leakage;
      Fast-Forward store predictor information leakage
    * Implements mitigation for CVE-2020-8695, Intel SGX information
      disclosure via RAPL, aka INTEL-SA-00389
    * Fixes critical errata on several processor models
    * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
      for Skylake-U/Y, Skylake Xeon E3
    * New Microcodes
      sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
      sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
      sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
      sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
    * Updated Microcodes
      sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
      sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
      sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
      sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
      sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
      sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
      sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
      sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
      sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
      sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
      sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
      sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
      sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
      sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
      sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
      sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
  * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
    INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
    FOR 0x806c1 TIGER LAKE PROCESSORS by this package update.  Contact your
    system vendor for a firmware update, or wait fo a possible fix in a future
    Intel microcode release.
  * source: update symlinks to reflect id of the latest release, 20201110
  * source: ship new upstream documentation (security.md, releasenote.md)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 12 Nov 2020 15:03:36 -0300

intel-microcode (3.20200616.1) unstable; urgency=high

  * New upstream microcode datafile 20200616
    + Downgraded microcodes (to a previously shipped revision):
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
  * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
  * This update *removes* the SRBDS mitigations from the above processors
  * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 28 Jun 2020 18:38:57 -0300

intel-microcode (3.20200609.2) unstable; urgency=medium

  * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
    * Microcode rollbacks (closes: LP#1883002)
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
    * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
    * Avoid hangs on boot on (some?) Skylake-U/Y processors,
      https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
  * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
    just in case.  Note that Debian does not do late loading by itself.
    Refer to LP#1883002 for the report, 0x806ec hangs upon late load.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 11 Jun 2020 08:55:07 -0300

intel-microcode (3.20200609.1) unstable; urgency=high

  * SECURITY UPDATE
    * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
      on the processor model
    * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
      L1DCES mitigations, plus mitigations described in the changelog entry
      for package release 3.20191112.1.
    * Expect some performance impact, the mitigations are enabled by
      default.  A Linux kernel update will be issued that allows one to
      selectively disable the mitigations.
  * New upstream microcode datafile 20200609
    * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
      Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
    * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
      (VRDS), INTEL-SA-00329
    * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
      (L1DCES), INTEL-SA-00329
    * Known to fix the regression introduced in release 2019-11-12 (sig
      0x50564, rev. 0x2000065), which would cause several systems with
      Skylake Xeon, Skylake HEDT processors to hang while rebooting
    * Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
      sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
      sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
      sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
      sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
      sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
      sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
      sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
      sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
      sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
  * Restores the microcode-level fixes that were reverted by release
    3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 09 Jun 2020 17:16:46 -0300

intel-microcode (3.20200520.1) unstable; urgency=medium

  * New upstream microcode datafile 20200520
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 21 May 2020 11:44:00 -0300

intel-microcode (3.20200508.1) unstable; urgency=medium

  * New upstream microcode datafile 20200508
    + Updated Microcodes:
      sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
    * Likely fixes several critical errata on IceLake-U/Y causing system
      hangs

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 09 May 2020 23:30:43 -0300

intel-microcode (3.20191115.2) unstable; urgency=medium

  * Microcode rollbacks (closes: #946515, LP#1854764):
    sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
  * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
    Xeon processors with signature 0x50654.
    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 10 Dec 2019 23:10:19 -0300

intel-microcode (3.20191115.1) unstable; urgency=high

  * New upstream microcode datafile 20191115
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
      sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 16 Nov 2019 23:14:58 -0300

intel-microcode (3.20191113.1) unstable; urgency=high

  * New upstream microcode datafile 20191113
    + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
      Adds microcode update for CFL-S (Coffe Lake Desktop)
      INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
    + Updated Microcodes (previously removed):
      sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 15 Nov 2019 00:43:54 -0300

intel-microcode (3.20191112.1) unstable; urgency=medium

  * New upstream microcode datafile 20191112
    + SECURITY UPDATE
      - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
      - Implements TA Indirect Sharing mitigation, and improves the
        MDS mitigation (VERW)
      - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
        CVE-2019-11139
      - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
    + CRITICAL ERRATA FIXES
      - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
        Ice Lake), causes a 0-3% typical perforance hit (can be as bad
        as 10%).  But ensures the processor will actually jump where it
        should, so don't even *dream* of not applying this fix.
      - Fixes AVX SHUF* instruction implementation flaw erratum
    + Removed Microcodes:
      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    + New Microcodes:
      sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
      sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
      sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
      sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
      sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
      sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
      sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
      sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
      sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
      sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
      sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
    + Updated Microcodes (previously removed):
      sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 12 Nov 2019 23:21:54 -0300

intel-microcode (3.20190918.1) unstable; urgency=medium

  * New upstream microcode datafile 20190918
    + SECURITY UPDATE
      *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
      the set of processors being updated.
    + Updated Microcodes:
      sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
      sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
      sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
      sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
      sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
      sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
      sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
      sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
      sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
      sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 19 Sep 2019 00:38:50 -0300

intel-microcode (3.20190618.1) unstable; urgency=medium

  * New upstream microcode datafile 20190618
    + SECURITY UPDATE
      Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
      CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
      for Sandybridge server and Core-X processors
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
  * Add some missing (minor) changelog entries to 3.20190514.1
  * Reformat 3.20190514.1 changelog entry to match rest of changelog

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 19 Jun 2019 09:05:54 -0300

intel-microcode (3.20190514.1) unstable; urgency=high

  * New upstream microcode datafile 20190514
    + SECURITY UPDATE
      Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
      CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
    + New Microcodes:
      sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
      sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
      sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
      sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
      sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
      sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
    + Updated Microcodes:
      sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
      sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
      sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
      sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
      sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
      sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
      sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
      sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
      sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
      sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
      sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
      sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
      sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
      sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
      sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
      sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
      sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
      sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
      sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
      sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
      sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
      sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
      sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
      sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
      sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
      sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
      sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
      sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
      sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
      sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
  * README.Debian, control: update download/homepage URLs
  * copyright: update download URL and date range
  * source: update symlinks to reflect id of the latest release, 20190514

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 14 May 2019 21:49:08 -0300

intel-microcode (3.20190312.1) unstable; urgency=medium

  * New upstream microcode datafile 20190312
    + Removed Microcodes:
      sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
    + New Microcodes:
      sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
      sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
      sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
      sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
      sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
    + Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
      sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
      sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792
      sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
      sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552
      sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552
      sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456
      sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
      sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
      sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
      sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
      sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
      sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
      sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
      sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 16 Mar 2019 21:07:54 -0300

intel-microcode (3.20180807a.2) unstable; urgency=medium

  * Makefile: unblacklist 0x206c2 (Westmere EP)
    According to pragyansri.pathi@intel.com, on message to LP#1795594
    on 2018-10-09, we can ship 0x206c2 updates without restrictions.
    Also, there are no reports in the field about this update causing
    issues (closes: #907402) (LP: #1795594)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 23 Oct 2018 19:52:40 -0300

intel-microcode (3.20180807a.1) unstable; urgency=high

  [ Henrique de Moraes Holschuh ]
  * New upstream microcode datafile 20180807a
    (closes: #906158, #906160, #903135, #903141)
    + New Microcodes:
      sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
      sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
      sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
      sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
      sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
    + Updated Microcodes:
      sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
      sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
      sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
      sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
      sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
      sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
      sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
      sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
      sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
      sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
      sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
      sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
      sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
      sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
      sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
      sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
      sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
      sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
      sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
      sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
      sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
      sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
      sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
    + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
      Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
    + Implements SSBD support (Spectre v4 mitigation),
      Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
      Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
      processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
      Intel SA-0088, CVE-2017-5753, CVE-2017-5754
  * source: update symlinks to reflect id of the latest release, 20180807a
  * debian/intel-microcode.docs: ship license and releasenote upstream files.
  * debian/changelog: update entry for 3.20180703.1 with L1TF information

  [ Julian Andres Klode ]
  * initramfs: include all microcode for MODULES=most.
    Default to early instead of auto, and install all of the microcode,
    not just the one matching the current CPU, if MODULES=most is set
    in the initramfs-tools config (LP: #1778738)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 24 Aug 2018 08:53:53 -0300

intel-microcode (3.20180703.2) unstable; urgency=medium

  * source: fix badly named symlink that resulted in most microcode
    updates not being shipped in the binary package.  Oops!

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 05 Jul 2018 14:26:36 -0300

intel-microcode (3.20180703.1) unstable; urgency=medium

  * New upstream microcode data file 20180703 (closes: #903018)
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640,
      Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
    + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation),
      SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.
  * source: update symlinks to reflect id of the latest release, 20180703

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 05 Jul 2018 10:03:53 -0300

intel-microcode (3.20180425.1) unstable; urgency=medium

  * New upstream microcode data file 20180425 (closes: #897443, #895878)
    + Updated Microcodes:
      sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + Note that sig 0x000604f1 has been blacklisted from late-loading
      since Debian release 3.20171117.1.
  * source: remove undesired list files from microcode directories
  * source: switch to microcode-<id>.d/ since Intel dropped .dat
    support.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 02 May 2018 16:48:44 -0300

intel-microcode (3.20180312.1) unstable; urgency=medium

  * New upstream microcode data file 20180312 (closes: #886367)
    + New Microcodes:
      sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
      sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
    + Updated Microcodes:
      sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
      sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
      sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
      sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
      sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
      sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
      sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
      sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
      sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
      sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
      sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
      sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
      sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
      sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
      sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
      sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
      sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
      sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
      sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
      sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
      Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
      Coffee Lake
    + Missing production updates:
      + Broadwell-E/EX Xeons (sig 0x406f1)
      + Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
        Gemini Lake, Denverton
  * Update past changelog entries with new information:
    Intel already had all necessary semanthics in LFENCE, so the
    Spectre-related Intel microcode changes did not need to enhance LFENCE.
  * debian/control: update Vcs-* fields for the move to salsa.debian.org

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 14 Mar 2018 09:21:24 -0300

intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical

  * Revert to release 20171117, as per Intel instructions issued to
    the public in 2018-01-22 (closes: #886998)
  * This effectively removes IBRS/IBPB/STIPB microcode support for
    Spectre variant 2 mitigation.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 22 Jan 2018 23:01:59 -0200

intel-microcode (3.20180108.1) unstable; urgency=high

  * New upstream microcode data file 20180108 (closes: #886367)
    + Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
      sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
      sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
      sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
      sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
      sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
      sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
      sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
      sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
      sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
      sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
      sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
      sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
      sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
      sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
      sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
      sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
    + Implements IBRS/IBPB support: mitigation against Spectre (CVE-2017-5715)
    + Very likely fixes several other errata on some of the processors
  * supplementary-ucode-CVE-2017-5715.d/: remove.
    + Downgraded microcodes:
      sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
      sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
    + Recall related to bug #886998
  * source: remove superseded upstream data file: 20171117
  * README.Debian, copyright: update download URLs (closes: #886368)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 10 Jan 2018 00:23:44 -0200

intel-microcode (3.20171215.1) unstable; urgency=high

  * Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
    New upstream microcodes to partially address CVE-2017-5715
    + Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
      sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
      sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
      sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
      sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
      sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
      sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
      sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
      sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
  * Implements IBRS and IBPB support via new MSR (Spectre variant 2
    mitigation, indirect branches).  Support is exposed through cpuid(7).EDX.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 04 Jan 2018 23:04:38 -0200

intel-microcode (3.20171117.1) unstable; urgency=medium

  * New upstream microcode data file 20171117
    + New Microcodes:
      sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
      sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
      sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
      sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
    + Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
      sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
  * source: remove superseded upstream data file: 20170707.
  * source: remove unneeded intel-ucode/ directory for 20171117.
  * debian/control: bump standards version to 4.1.1 (no changes)
  * Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
  * README.source: fix IUC_EXCLUDE example and minor issues.
  * Makefile, README.souce: support loading ucode from directories.
  * debian/rules: switch to dh mode (debhelper v9)
  * ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
    loading.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 18 Nov 2017 18:55:09 -0200

intel-microcode (3.20170707.1) unstable; urgency=high

  * New upstream microcode datafile 20170707
    + New Microcodes:
      sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
      sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
      sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
      sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
    + This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
      SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
      Lake and Skylake processors: Skylake D0/R0 were fixed since the
      previous upstream release (20170511).  This new release adds the
      fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
    + Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
      (0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
  * source: remove unneeded intel-ucode/ directory
  * source: remove superseded upstream data file: 20170511

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 08 Jul 2017 19:04:27 -0300

intel-microcode (3.20170511.1) unstable; urgency=medium

  * New upstream microcode datafile 20170511
    + Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
      sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
      sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
      sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
      sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
      sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
      sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
      sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
      sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
    + This release fixes undisclosed errata on the desktop, mobile and
      server processor models from the Haswell, Broadwell, and Skylake
      families, including even the high-end multi-socket server Xeons
    + Likely fix the TSC-Deadline LAPIC errata (BDF89, SKL142 and
      similar) on several processor families
    + Fix erratum BDF90 on Xeon E7v4, E5v4(?) (closes: #862606)
    + Likely fix serious or critical Skylake errata: SKL138/144,
      SKL137/145, SLK149
    * Likely fix nightmare-level Skylake erratum SKL150.  Fortunately,
      either this erratum is very-low-hitting, or gcc/clang/icc/msvc
      won't usually issue the affected opcode pattern and it ends up
      being rare.
      SKL150 - Short loops using both the AH/BH/CH/DH registers and
      the corresponding wide register *may* result in unpredictable
      system behavior.  Requires both logical processors of the same
      core (i.e. sibling hyperthreads) to be active to trigger, as
      well as a "complex set of micro-architectural conditions"
  * source: remove unneeded intel-ucode/ directory
    Since release 20170511, upstream ships the microcodes both in .dat
    format, and as Linux-style split /lib/firmware/intel-ucode files.
    It is simpler to just use the .dat format file for now, so remove
    the intel-ucode/ directory. Note: before removal, it was verified
    that there were no discrepancies between the two microcode sets
    (.dat and intel-ucode/)
  * source: remove superseded upstream data file: 20161104

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 15 May 2017 15:12:25 -0300

intel-microcode (3.20161104.1) unstable; urgency=medium

  * New upstream microcode datafile 20161104
    + New Microcodes:
      sig 0x00050663, pf_mask 0x10, 2016-10-12, rev 0x700000d, size 20480
      sig 0x00050664, pf_mask 0x10, 2016-06-02, rev 0xf00000a, size 21504
    + Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2016-10-07, rev 0x0039, size 32768
      sig 0x000406f1, pf_mask 0xef, 2016-10-07, rev 0xb00001f, size 25600
    + Removed Microcodes:
      sig 0x000106e4, pf_mask 0x09, 2013-07-01, rev 0x0003, size 6144
    + This update fixes critical errata on Broadwell-DE V2/Y0 (Xeon
      D-1500 family), including one that can crash VMWare ESXi 6 with
      #PF (VMWare KB2146388), and could affect Linux as well.  This same
      issue was fixed for the E5v4 Xeons in release 20160607
    + This update fixes undisclosed (and likely critical) errata on
      Broadwell-E Core i7-68xxK/69xxK/6950X, Broadwell-EP/EX B0/R0/M0
      Xeon E5v4 and Xeon E7v4, and Haswell-EP Xeon E5v3
    + This release deletes the microcode update for the Jasper Forest
      embedded Xeons (Xeon EC35xx/LC35xx/EC35xx/LC55xx), for undisclosed
      reasons.  The deleted microcode is outdated when compared with the
      updates for the other Nehalem Xeons
  * Makefile: always exclude microcode sig 0x206c2 just in case
    Intel is quite clear in the Intel SA-00030 advisory text that recent
    revisions (0x14 and later?) of the 0x206c2 microcode updates must be
    installed along with updated SINIT ACM on vPro systems (i.e. through
    an UEFI/BIOS firmware update).  This is a defensive change so that we
    don't ship such a microcode update in the future by mistake
  * source: remove partially superseded upstream data file: 20160714
  * source: remove superseded upstream data file: 20101123
  * changelog: replace "pf mask" with "pf_mask"
  * control, compat: switch debhelper compatibility level to 9
  * control: bump standards-version, no changes required

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 09 Nov 2016 20:35:57 -0200

intel-microcode (3.20160714.1) unstable; urgency=medium

  * New upstream microcode datafile 20160714
    + Updated Microcodes:
      sig 0x000306f4, pf mask 0x80, 2016-06-07, rev 0x000d, size 15360
      sig 0x000406e3, pf mask 0xc0, 2016-06-22, rev 0x009e, size 97280
      sig 0x000406f1, pf mask 0xef, 2016-06-06, rev 0xb00001d, size 25600
      sig 0x000506e3, pf mask 0x36, 2016-06-22, rev 0x009e, size 97280
    + This release hopefully fixes a hang when updating the microcode on
      some Skylake-U D-1/Skylake-Y D-1 (sig 0x406e3, pf 0x80) systems
  * source: remove superseded upstream data file: 20160607

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 21 Jul 2016 19:04:09 -0300

intel-microcode (3.20160607.2) unstable; urgency=low

  * REMOVE microcode:
    sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
    (closes: #828819)
  * The Core i7-6500U and m3-6Y30 processors (Skylake-UY D-1,
    sig=0x406e3, pf=0x80) may hang while attempting an early microcode
    update to revision 0x8a, apparently due to some sort of firmware
    dependency.  On affected systems, the only way to avoid the issue is
    to get a firmware update that includes microcode revision 0x8a or
    later.  At this time, there are reports of both sucessful and failed
    updates on the m3-6Y30, and only of failed updates on the i7-6500U.
    There are no reports about Skylake-U K-1 (pf=0x40).
  + WARNING: it is unsafe to use a system based on an Intel Skylake-U/Y
    processor with microcode earlier than revision 0x8a, due to several
    critical errata that cause unpredictable behavior, data corruption,
    and other problems.  Users *must* update their firmware to get
    microcode 0x8a or newer, and keep it up-to-date.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 08 Jul 2016 22:54:26 -0300

intel-microcode (3.20160607.1) unstable; urgency=medium

  * New upstream microcode data file 20160607
    + New Microcodes:
      sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
      sig 0x000406f1, pf mask 0xef, 2016-05-20, rev 0xb00001c, size 25600
      sig 0x00050662, pf mask 0x10, 2015-12-12, rev 0x000f, size 28672
      sig 0x000506e3, pf mask 0x36, 2016-04-06, rev 0x008a, size 96256
    + Updated Microcodes:
      sig 0x000306c3, pf mask 0x32, 2016-03-16, rev 0x0020, size 22528
      sig 0x000306d4, pf mask 0xc0, 2016-04-29, rev 0x0024, size 17408
      sig 0x000306f2, pf mask 0x6f, 2016-03-28, rev 0x0038, size 32768
      sig 0x000306f4, pf mask 0x80, 2016-02-11, rev 0x000a, size 15360
      sig 0x00040651, pf mask 0x72, 2016-04-01, rev 0x001f, size 20480
      sig 0x00040661, pf mask 0x32, 2016-04-01, rev 0x0016, size 24576
      sig 0x00040671, pf mask 0x22, 2016-04-29, rev 0x0016, size 11264
  * source: remove superseded upstream data file: 20151106.
  * control: change upstream URL to a search for "linux microcode"
    Unfortunately, many of the per-processor-model feeds have not been
    updated for microcode release 20160607.  Switch to the general search
    page as the upstream URL.
  * README.Debian: fix duplicated word 'to'

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 23 Jun 2016 12:17:03 -0300

intel-microcode (3.20151106.2) unstable; urgency=medium

  * Makefile: make the build less verbose.
  * debian/changelog: fix error in past entry.
    Correct the version of the microcode that caused bug #776431,
    in the entry for version 3.20150121.1.
  * initramfs: don't force_load microcode.ko when missing.
    Detect a missing microcode.ko and don't attempt to force_load() it,
    otherwise we get spurious warnings at boot.  In verbose mode, log the
    fact that the microcode driver is modular.   For Linux 4.4 and later,
    skip the entire module loading logic, since the microcode driver cannot
    be modular for those kernels (closes: #814301).
  * initramfs: update copyright notice
  * initramfs: use iucode_tool -l for verbose mode
  * README.Debian: enhance and add recovery instructions.
    Rewrite large parts of the README.Debian document, and add recovery
    instructions (use of the "dis_ucode_ldr" kernel parameter).

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 17 Apr 2016 12:38:12 -0300

intel-microcode (3.20151106.1) unstable; urgency=medium

  * New upstream microcode data file 20151106
    + New Microcodes:
      sig 0x000306f4, pf mask 0x80, 2015-07-17, rev 0x0009, size 14336
      sig 0x00040671, pf mask 0x22, 2015-08-03, rev 0x0013, size 11264
    + Updated Microcodes:
      sig 0x000306a9, pf mask 0x12, 2015-02-26, rev 0x001c, size 12288
      sig 0x000306c3, pf mask 0x32, 2015-08-13, rev 0x001e, size 21504
      sig 0x000306d4, pf mask 0xc0, 2015-09-11, rev 0x0022, size 16384
      sig 0x000306f2, pf mask 0x6f, 2015-08-10, rev 0x0036, size 30720
      sig 0x00040651, pf mask 0x72, 2015-08-13, rev 0x001d, size 20480
    * This massive Haswell + Broadwell (and related Xeons) update fixes
      several critical errata, including the high-hitting BDD86/BDM101/
      HSM153(?) which triggers an MCE and locks the processor core
      (LP: #1509764)
    * Might fix critical errata BDD51, BDM53 (TSX-related)
  * source: remove superseded upstream data file: 20150121
  * Add support for supplementary microcode bundles:
    + README.source: update and mention supplementary microcode
    + Makefile: support supplementary microcode
      Add support for supplementary microcode bundles, which (unlike .fw
      microcode override files) can be superseded by a higher revision
      microcode from the latest regular microcode bundle.  Also, fix the
      "oldies" target to have its own exclude filter (IUC_OLDIES_EXCLUDE)
  * Add support for x32 arch:
    + README.source: mention x32
    + control,rules: enable building on x32 arch (Closes: #777356)
  * ucode-blacklist: add Broadwell and Haswell-E signatures
    Add a missing signature for Haswell Refresh (Haswell-E) to the "must
    be updated only by the early microcode update driver" list.  There is
    at least one report of one of the Broadwell microcode updates disabling
    TSX-NI, so add them as well just in case

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 09 Nov 2015 23:07:32 -0200

intel-microcode (3.20150121.1) unstable; urgency=critical

  * New upstream microcode data file 20150121
    * Downgraded microcodes (to a previously shipped revision):
      sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
    * The microcode downgrade fixes a very nasty regression on Xeon E5v3
      processors (closes: #776431)
  * critical urgency: the broken sig 0x306f2, rev 0x2d microcode shipped
    in release 20150107 caused CPU core hangs and Linux boot failures.
    The upstream fix was to downgrade it to the same microcode revision
    that was shipped in release 20140913
  * source: remove superseded upstream data file: 20150107.
  * initramfs.hook: do not mix arrays and lists.
    Avoid echo "foo $@", use echo "foo $*" instead.  This is unlikely
    to be expĺoitable, but it makes ShellCheck happier.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 28 Jan 2015 20:03:20 -0200

intel-microcode (3.20150107.1) unstable; urgency=high

  * New upstream microcode data file 20150107
    + New Microcodes:
      sig 0x000306d4, pf mask 0xc0, 2014-12-05, rev 0x0018, size 14336
    + Updated Microcodes:
      sig 0x000306f2, pf mask 0x6f, 2014-11-21, rev 0x002d, size 28672
    + High urgency: there are fast-tracked microcode updates in this
      release which imply that critical errata are being fixed
  * source: remove superseded upstream data file: 20140913

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 18 Jan 2015 00:30:11 -0200

intel-microcode (3.20140913.1) unstable; urgency=low

  * New upstream microcode data file 20140913
    + New Microcodes:
      sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
    + Updated Microcodes:
      sig 0x000306c3, pf mask 0x32, 2014-07-03, rev 0x001c, size 21504
      sig 0x00040651, pf mask 0x72, 2014-07-03, rev 0x001c, size 20480
      sig 0x00040661, pf mask 0x32, 2014-07-03, rev 0x0012, size 23552
    + WARNING: UNSAFE TO BE APPLIED AT RUNTIME (lp#1370352)
  * Microcode updates are now applied only through the early initramfs
    + Bump major version number
    + Requires Linux kernel v3.10 or later, other kernels unsupported
    + postinst: don't apply microcode update
    + kernel preinst: stop loading microcode module
    + modprobe.d: blacklist microcode module from autoloading outside
      of the initramfs.  Still load it inside the initramfs for logging
    + initramfs: always use early initramfs mode, reject kernels before
      v3.10
    + README.Debian, NEWS.Debian: update
  * add a microcode best-effort blacklist.  This is a reactive blacklist
    which renames problematic microcode data files in such a way they
    will only be used for the [early] initramfs.  Use it to blacklist
    all Haswell microcode updates
  * Allow a non-Intel box to generate an early initramfs with microcode
    for an Intel box if the /etc/default/intel-microcode defaults are
    changed:
    + postinst: always attempt to update the initramfs
    + initramfs: on auto mode, do nothing in a non-intel box. In
      forced "early" mode, attempt to run iucode-tool.  This will do
      nothing (add no microcode) unless the default configuration is
      changed in /etc/default/intel-microcode
    + default: update comments
  * source: remove superseded upstream data file: 20140624
  * README.source: remove information about lenny, oldstable
  * debian/control: bump standards vesion to 3.9.6
  * lintian-overrides: remove
  * debian/copyright: update upstream copyright dates
  * postrm: avoid use of test -a

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 19 Oct 2014 15:23:13 -0200

intel-microcode (2.20140624.1) unstable; urgency=high

  * New upstream microcode data file 20140624
    + Updated Microcodes:
      sig 0x000306a9, pf mask 0x12, 2014-05-29, rev 0x001b, size 12288
      sig 0x000306c3, pf mask 0x32, 2014-05-23, rev 0x001a, size 20480
      sig 0x000306e4, pf mask 0xed, 2014-05-29, rev 0x0428, size 13312
      sig 0x000306e7, pf mask 0xed, 2014-05-29, rev 0x070d, size 15360
      sig 0x00040651, pf mask 0x72, 2014-05-23, rev 0x0018, size 19456
      sig 0x00040661, pf mask 0x32, 2014-05-23, rev 0x0010, size 23552
    + High urgency: there are fast-tracked microcode updates in this
      release which imply that critical errata are being fixed
  * Intel strongly suggests that this CPU microcode update be applied
    to all Ivy Bridge, Haswell, and Broadwell processors (thanks to
    Canonical for the warning, refer to LP#1335156)
  * This update is reported to better fix the errata addressed by the
    20140430 update (refer to LP#1335156)
  * source: remove superseded upstream data file: 20140430

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 27 Jun 2014 16:35:12 -0300

intel-microcode (2.20140430.1) unstable; urgency=low

  * New upstream microcode data file 20140430
    + New microcodes:
      sig 0x000306e7, pf mask 0xed, 2014-04-14, rev 0x070c, size 15360
    + Updated microcodes:
      sig 0x000306e4, pf mask 0xed, 2014-04-10, rev 0x0427, size 12288
  * source: remove superseded upstream data file: 20140122

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 03 May 2014 14:21:27 -0300

intel-microcode (2.20140122.1) unstable; urgency=low

  * New upstream microcode data file 20140122
    + New Microcodes:
      sig 0x00040661, pf mask 0x32, 2013-08-21, rev 0x000f, size 23552
    + Updated Microcodes:
      sig 0x000106e5, pf mask 0x13, 2013-08-20, rev 0x0007, size 7168
      sig 0x000306c3, pf mask 0x32, 2013-08-16, rev 0x0017, size 20480
      sig 0x000306e4, pf mask 0xed, 2013-07-09, rev 0x0416, size 11264
      sig 0x00040651, pf mask 0x72, 2013-09-14, rev 0x0017, size 19456
  * source: remove superseded upstream data file: 20130906

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 01 Feb 2014 15:39:03 -0200

intel-microcode (2.20130906.1) unstable; urgency=high

  * New upstream microcode data file 20130906
    + Updated Microcodes:
      sig 0x000306c3, pf mask 0x32, 2013-08-07, rev 0x0016, size 20480
      sig 0x00040651, pf mask 0x72, 2013-08-08, rev 0x0016, size 19456
    + Updated Microcodes (recently removed):
      sig 0x000106e4, pf mask 0x09, 2013-07-01, rev 0x0003, size 6144
  * This microcode release *likely* fixes the security issues addressed by
    the 20130808 update for signature 0x106e4 (Xeon EC3500/EC5500/LC3500/
    LC5500, Jasper Forest core), which was missing from the 20130808 update
  * upstream changelog: trim down, sunrise now at 20080220, the first
    microcode pack with a license that allows redistribution
  * debian/control: recommend initramfs-tools (>= 0.113~) for backports
  * cpu-signatures.txt: Xeon nocona cores are 64-bit, ship for amd64 arch
  * source: remove superseded upstream data file: 20130808
  * postinst: fix kernel version check for blacklist
    Distro kernels have version strings that make it hard to get the real
    kernel version, so we have to blacklist by branches only.  We were
    refusing to update the kernel on postinst for users of Debian stable's
    kernel because of this issue

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 21 Sep 2013 20:35:47 -0300

intel-microcode (2.20130808.1) unstable; urgency=high

  * Reupload, high severity, no changes
  * Bump major version number.  I will need this so that I can track two
    separate branches for Wheezy: branch 1.x will target stable-updates (no
    early firmware support), while branch 2.x will target stable-backports,
    testing and unstable.  This major version bump should have been done for
    the 1.20130222.3 upload in hindsight.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 17 Aug 2013 10:56:45 -0300

intel-microcode (1.20130808.2) unstable; urgency=high

  * Reupload with high severity.  This microcode update has been documented
    by Intel to fix a severe security issue (refer to LP bug 1212497);
    This update is known to fix several nasty errata on 3rd-gen and
    4th-gen Core i3/i5/i7, and Xeon 5500 and later, including but not
    limited to:
    + AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging
      may cause system crash
    + AAK170/BT246: The upper 32 bits of CR3 may be incorrectly used
      with 32-bit paging
  * Erratum AAK167/BT248 is nasty: "If a logical processor has EPT (Extended
    Page Tables) enabled, is using 32-bit PAE paging, and accesses the
    virtual-APIC page then a complex sequence of internal processor
    micro-architectural events may cause an incorrect address translation or
    machine check on either logical processor.  This erratum may result in
    unexpected faults, an uncorrectable TLB error logged in
    IA32_MCi_STATUS.MCACOD (bits [15:0]), a guest or hypervisor crash, or
    other unpredictable system behavior"

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 16 Aug 2013 21:10:12 -0300

intel-microcode (1.20130808.1) unstable; urgency=low

  * New upstream microcode data file 20130808
    + New Microcodes:
      sig 0x000306c3, pf mask 0x32, 2013-07-02, rev 0x0012, size 19456
      sig 0x000306e4, pf mask 0xed, 2013-06-13, rev 0x0415, size 11264
      sig 0x000306e6, pf mask 0xed, 2013-06-19, rev 0x0600, size 11264
      sig 0x00040651, pf mask 0x72, 2013-07-02, rev 0x0015, size 18432
    + Updated Microcodes (removed in the past):
      sig 0x000106a5, pf mask 0x03, 2013-06-21, rev 0x0019, size 10240
    + Updated Microcodes:
      sig 0x000106a4, pf mask 0x03, 2013-06-21, rev 0x0012, size 14336
      sig 0x000106e5, pf mask 0x13, 2013-07-01, rev 0x0006, size 7168
      sig 0x00020652, pf mask 0x12, 2013-06-26, rev 0x000e, size 8192
      sig 0x00020655, pf mask 0x92, 2013-06-28, rev 0x0004, size 3072
      sig 0x000206a7, pf mask 0x12, 2013-06-12, rev 0x0029, size 10240
      sig 0x000206d7, pf mask 0x6d, 2013-06-17, rev 0x0710, size 17408
      sig 0x000206f2, pf mask 0x05, 2013-06-18, rev 0x0037, size 13312
      sig 0x000306a9, pf mask 0x12, 2013-06-13, rev 0x0019, size 12288
    + Removed Microcodes:
      sig 0x000106e4, pf mask 0x09, 2010-03-08, rev 0x0002, size 5120
  * Remove from the source package an unused upstream microcode bundle,
    which has been completely superseded by later bundles:
    microcode-20130222.dat

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 15 Aug 2013 20:18:32 -0300

intel-microcode (1.20130222.6) unstable; urgency=low

  * initramfs, postinst: don't do anything on non-Intel systems
  * initramfs, postinst: blacklist several kernel versions (closes: #716917)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 20 Jul 2013 10:46:59 -0300

intel-microcode (1.20130222.5) unstable; urgency=low

  * debian/control: depend on iucode-tool, and shorten description
  * initramfs hook: several auto mode fixes

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 03 Jul 2013 19:55:13 -0300

intel-microcode (1.20130222.4) unstable; urgency=low

  * initramfs: fix xargs error when iucode-tool is not installed
    in the early firmware update mode code path (closes: #712943)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 20 Jun 2013 22:07:04 -0300

intel-microcode (1.20130222.3) unstable; urgency=low

  * initramfs: add support for early firmware update
    Add support to update microcode during early kernel startup, requires
    Linux 3.9 or later with CONFIG_MICROCODE_INTEL_EARLY enabled.
    This also requires initramfs-tools 0.113 or later, as well as iucode-tool
    1.0 or later.  We fallback to late initramfs mode if outdated versions of
    initramfs-tools or iucode-tool are installed.
  * Update README.Debian and NEWS.Debian for early updates
  * debian/control: update recommends for early-fw support
    Recommend iucode-tool v1.0 or later and initramfs-tools 0.113, and
    update the explanation in the package description accordingly.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 19 Jun 2013 22:15:46 -0300

intel-microcode (1.20130222.2) unstable; urgency=low

  * kernel preinst: simplify and load microcode and cpuid modules
  * postinst: attempt to load microcode module (closes: #692535)
  * Makefile: Use the -s! and --loose-date-filtering facilities added to
    iucode_tool v0.9 to better implement the selection of legacy microcode,
    and to fix the support for IUC_INCLUDE, which was non-functional.
  * debian/control: build-depend on iucode-tool (>= 0.9)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 27 Mar 2013 16:39:06 -0300

intel-microcode (1.20130222.1) unstable; urgency=low

  * New upstream microcode data file 20130222 (closes: #702152)
    + Updated Microcodes:
        sig 0x000306a9, pf mask 0x12, 2013-01-09, rev 0x0017, size 11264
  * Remove from the source package an unused microcode data file, which
    was completely superseded by later ones: microcode-20120606-v2.dat

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 03 Mar 2013 16:59:35 -0300

intel-microcode (1.20120606.v2.2) unstable; urgency=medium

  * initramfs: work around initramfs-tools bug #688794.
    Use "_" in place of "+-." for the initramfs script name.  This works
    around a PANIC during boot when the initramfs was created in a system
    with noexec $TMPDIR.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 09 Oct 2012 07:43:37 -0300

intel-microcode (1.20120606.v2.1) unstable; urgency=medium

  * New upstream microcode data file 20120606-v2 (2012-10-01)
    + Updated Microcodes:
      sig 0x000206d6, pf mask 0x6d, 2012-05-22, rev 0x0619, size 16384
      sig 0x000206d7, pf mask 0x6d, 2012-05-22, rev 0x070d, size 16384
      sig 0x000306a9, pf mask 0x12, 2012-07-16, rev 0x0013, size 11264
    + Updated Microcodes (recently removed):
      sig 0x000206f2, pf mask 0x05, 2012-04-12, rev 0x0036, size 12288
  * Remove from the source package some unused upstream microcode bundles,
    which were completely superseded by later ones: microcode-20080401.dat,
    microcode-20090330.dat, microcode-20090927.dat, microcode-20100209.dat,
    microcode-20110428.dat, microcode-20111110.dat.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 08 Oct 2012 14:56:17 -0300

intel-microcode (1.20120606.6) unstable; urgency=medium

  * debian/control: conflicts with microcode.ctl (<< 1.18~0)
    microcode.ctl (1.18~0+nmu1) is a transitional package.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 02 Sep 2012 17:46:39 -0300

intel-microcode (1.20120606.5) unstable; urgency=low

  * debian/copyright: correct statement.
  * debian/control: use i686 instead of IA32 in package description.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 29 Aug 2012 19:33:14 -0300

intel-microcode (1.20120606.4) unstable; urgency=low

  * README.Debian: mention module-init-tools, not just kmod.  This
    is useful when backporting to Debian Squeeze.
  * initramfs: make sure we modprobe cpuid early.
    Provide an /etc/kernel/preinst.d hook to modprobe the cpuid module
    before an in-place kernel upgrade makes it impossible to do so at
    initramfs rebuild time.  This is only done when dev/cpuid is not yet
    available, IUCODE_TOOL_SCANCPUS is active, and iucode-tool is
    installed.  Thanks to Philipp Kern for the report.
  * NEWS.Debian: document failures with in-place kernel upgrades

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 11 Aug 2012 19:35:46 -0300

intel-microcode (1.20120606.3) unstable; urgency=low

  * initramfs: while creating the initramfs, if we need to iucode_tool
    --scan-system, attempt to modprobe cpuid if cpu/cpuid device is missing,
    and report an error if it doesn't work.  Thanks to Sebastian Andrzej
    Siewior for a good suggestion on how to fix it (closes: #683161)
  * README.Debian: add "modprobe cpuid" to example
  * debian/control: use better Vcs-browser URI that is properly
    handled by the current alioth redirector.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 29 Jul 2012 11:09:44 -0300

intel-microcode (1.20120606.2) unstable; urgency=low

  * Fix README.source to reflect that cpu-signatures.txt processing
    was moved to the toplevel Makefile
  * Update diff-latest-pack.sh to really find iucode_tool

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 21 Jul 2012 18:10:47 -0300

intel-microcode (1.20120606.1) unstable; urgency=low

  * Change to ABI 1:
    + Ship binary microcode in /lib/firmware
    + Add initramfs helpers to install and load binary microcode on boot
    + Call update-initramfs on package upgrades and removals
    + Use non-deprecated kernel interface to interact with kernel
      (sysfs+fw loader)
  * Include microcode for older processors.  This should help some
    older boxes for which microcode was not being shipped by Intel
    anymore but which still have users, with the trade-off that we
    will also ship some useless and mostly useless microcode
  * Do not ship i686-only microcode in the amd64 binary package.  We
    still ship all microcode in the i386 binary package, to support
    64bit processors running i?86 userspace transparently
  * Switch myself to maintainer, and Giacomo to uploader to better
    reflect who is responsible for any bugs this could cause...
  * Switch to the 3.0 (native) package format as it doesn't make practical
    sense to base the source package on the Intel upstream tarball anymore
    because we use all past Intel microcode releases as source
    + Use xz to compress the tarball, it does a _much_ better job than
      bzip2 and gzip for this package
    + Override lintian warning about switch to native packaging, as it was
      done on purpose.  It can be removed in the future
  * Drop CDBS, switch to classic (less obfuscated/much better documented)
    debhelper build
  * Switch to debhelper v7, which is good enough for Debian Lenny and later
    don't use a newer mode for now, to facilitate backporting
  * Document in README.source:
    + this package must be trivial to backport to oldstable and stable
      (i.e. Debian Lenny and Debian Squeeze ATM)
    + how to add new upstream microcode packs and microcode overrides
    + other relevant details related to the lack of Intel changelogs
  * Build-Depend on iucode-tool to handle binary microcode, merge
    microcode packs and overrides, and split into firmware files
  * Drop support for microcode.ctl, as it cannot handle binary
    microcode or the non-deprecated kernel interface
  * Update package short and long descriptions
  * Add a NEWS file to explain all the behaviour changes
  * Recommend iucode-tool to support optional selective microcode
    selection for the initramfs (reduces microcode size greatly)
  * Change to priority: standard.  This package should be installed in
    every Intel-based Debian system, which is unfortunately impossible
    since it is non-free, but at least mark it as such
  * add debian/diff-latest-pack.sh utility (not shipped in the binary
    package) to help produce the "upstream changelogs"
  * debian/control: add Vcs-* fields

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 13 Jul 2012 15:23:23 -0300

intel-microcode (0.20120606-1) unstable; urgency=medium

  * New upstream data file: microcode-20120606
    + New Microcodes:
      sig 0x00020661, pf mask 0x02, 2011-07-18, rev 0x0105, size 5120
      sig 0x000206d7, pf mask 0x6d, 2012-04-03, rev 0x070c, size 16384
      sig 0x000306a9, pf mask 0x12, 2012-04-12, rev 0x0012, size 11264
    + Updated Microcodes:
      sig 0x000106e5, pf mask 0x13, 2011-09-01, rev 0x0005, size 6144
      sig 0x000206a7, pf mask 0x12, 2012-04-24, rev 0x0028, size 9216
      sig 0x000206d6, pf mask 0x6d, 2012-04-18, rev 0x0618, size 16384
    + Removed Microcodes (recently updated):
      sig 0x000206f2, pf mask 0x05, 2011-08-31, rev 0x0034, size 12288
  * Fixes precise-event based sampling (PEBS) on Sandy Bridge processors
    (http://lkml.org/lkml/2012/6/7/145)

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 09 Jun 2012 00:44:12 -0300

intel-microcode (0.20111110-1) unstable; urgency=low

  * New upstream data file: microcode-20111110
    + New Microcodes:
      sig 0x000206d6, pf mask 0x6d, 2011-09-29, rev 0x060c, size 15360
    + Updated Microcodes:
      sig 0x00020652, pf mask 0x12, 2011-09-01, rev 0x000d, size 7168
      sig 0x00020655, pf mask 0x92, 2011-09-01, rev 0x0003, size 2048
      sig 0x000206a7, pf mask 0x12, 2011-10-11, rev 0x0025, size 9216
      sig 0x000206f2, pf mask 0x05, 2011-08-31, rev 0x0034, size 12288
    + Removed Microcodes (recently added):
      sig 0x00030661, pf mask 0x02, 2011-06-23, rev 0x0106, size 5120
      sig 0x00030661, pf mask 0x04, 2011-06-23, rev 0x0106, size 5120
      sig 0x00030661, pf mask 0x08, 2011-06-23, rev 0x0106, size 5120

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 24 Dec 2011 18:17:05 -0200

intel-microcode (0.20110915-1) unstable; urgency=low

  * New upstream data file: microcode-20110915
    + New Microcodes:
      sig 0x000206f2, pf mask 0x05, 2011-07-21, rev 0x0032, size 12288
      sig 0x00030661, pf mask 0x02, 2011-06-23, rev 0x0106, size 5120
      sig 0x00030661, pf mask 0x04, 2011-06-23, rev 0x0106, size 5120
      sig 0x00030661, pf mask 0x08, 2011-06-23, rev 0x0106, size 5120
    + Updated Microcodes:
      sig 0x000206a7, pf mask 0x12, 2011-07-14, rev 0x001b, size 9216

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 16 Oct 2011 13:10:43 -0200

intel-microcode (0.20110428-1) unstable; urgency=low

  * New upstream data file: microcode-20110428
    + New Microcodes:
      sig 0x000206a7, pf mask 0x12, 2011-04-07, rev 0x0017, size 8192
    + Readded Microcodes:
      sig 0x00000f12, pf mask 0x04, 2003-05-02, rev 0x002e, size 2048
    + Removed Microcodes (recently rolled back):
      sig 0x000106a5, pf mask 0x03, 2009-04-14, rev 0x0011, size 8192
  * debian/rules: install microcode*.dat, instead of microcode-*.dat

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 26 Jun 2011 18:56:57 -0300

intel-microcode (0.20101123-1) unstable; urgency=low

  * New upstream data file: microcode-20101123
    + New Microcodes:
      sig 0x000006fb, pf mask 0x20, 2010-10-03, rev 0x00ba, size 4096
    + Readded Microcodes (older revision):
      sig 0x000106a5, pf mask 0x03, 2009-04-14, rev 0x0011, size 8192
    + Updated Microcodes:
      sig 0x000006f2, pf mask 0x01, 2010-10-02, rev 0x005d, size 4096
      sig 0x000006f2, pf mask 0x20, 2010-10-02, rev 0x005c, size 4096
      sig 0x000006f6, pf mask 0x01, 2010-09-30, rev 0x00d0, size 4096
      sig 0x000006f6, pf mask 0x04, 2010-10-01, rev 0x00d2, size 4096
      sig 0x000006f6, pf mask 0x20, 2010-10-01, rev 0x00d1, size 4096
      sig 0x000006f7, pf mask 0x10, 2010-10-02, rev 0x006a, size 4096
      sig 0x000006f7, pf mask 0x40, 2010-10-02, rev 0x006b, size 4096
      sig 0x000006fa, pf mask 0x80, 2010-10-02, rev 0x0095, size 4096
      sig 0x000006fb, pf mask 0x01, 2010-10-03, rev 0x00ba, size 4096
      sig 0x000006fb, pf mask 0x04, 2010-10-03, rev 0x00bc, size 4096
      sig 0x000006fb, pf mask 0x08, 2010-10-03, rev 0x00bb, size 4096
      sig 0x000006fb, pf mask 0x10, 2010-10-03, rev 0x00ba, size 4096
      sig 0x000006fb, pf mask 0x40, 2010-10-03, rev 0x00bc, size 4096
      sig 0x000006fb, pf mask 0x80, 2010-10-03, rev 0x00ba, size 4096
      sig 0x000006fd, pf mask 0x01, 2010-10-02, rev 0x00a4, size 4096
      sig 0x000006fd, pf mask 0x20, 2010-10-02, rev 0x00a4, size 4096
      sig 0x000006fd, pf mask 0x80, 2010-10-02, rev 0x00a4, size 4096
      sig 0x00010661, pf mask 0x01, 2010-10-04, rev 0x0043, size 4096
      sig 0x00010661, pf mask 0x02, 2010-10-04, rev 0x0042, size 4096
      sig 0x00010661, pf mask 0x80, 2010-10-04, rev 0x0044, size 4096
      sig 0x00010676, pf mask 0x01, 2010-09-29, rev 0x060f, size 4096
      sig 0x00010676, pf mask 0x04, 2010-09-29, rev 0x060f, size 4096
      sig 0x00010676, pf mask 0x10, 2010-09-29, rev 0x060f, size 4096
      sig 0x00010676, pf mask 0x40, 2010-09-29, rev 0x060f, size 4096
      sig 0x00010676, pf mask 0x80, 2010-09-29, rev 0x060f, size 4096
      sig 0x00010677, pf mask 0x10, 2010-09-29, rev 0x070a, size 4096
      sig 0x0001067a, pf mask 0x11, 2010-09-28, rev 0x0a0b, size 8192
      sig 0x0001067a, pf mask 0x44, 2010-09-28, rev 0x0a0b, size 8192
      sig 0x0001067a, pf mask 0xa0, 2010-09-28, rev 0x0a0b, size 8192
      sig 0x000106d1, pf mask 0x08, 2010-09-30, rev 0x0029, size 4096
    + Removed Microcodes:
      sig 0x00000612, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
      sig 0x00000616, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
      sig 0x00000617, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
      sig 0x00000619, pf mask 0x00, 1998-02-18, rev 0x00d2, size 2048
      sig 0x00000633, pf mask 0x00, 1998-09-23, rev 0x0036, size 2048
      sig 0x00000634, pf mask 0x00, 1998-09-23, rev 0x0037, size 2048
      sig 0x00000650, pf mask 0x04, 1997-12-12, rev 0x0019, size 2048
      sig 0x00000650, pf mask 0x20, 1998-02-11, rev 0x002e, size 2048
      sig 0x00000650, pf mask 0x80, 1998-02-11, rev 0x002f, size 2048
      sig 0x00000651, pf mask 0x02, 1999-05-25, rev 0x0041, size 2048
      sig 0x00000651, pf mask 0x08, 1999-05-25, rev 0x0042, size 2048
      sig 0x00000652, pf mask 0x08, 1999-05-18, rev 0x002d, size 2048
      sig 0x00000672, pf mask 0x01, 1999-09-22, rev 0x0010, size 2048
      sig 0x00000673, pf mask 0x01, 1999-09-10, rev 0x000e, size 2048
      sig 0x00000683, pf mask 0x01, 2001-02-06, rev 0x0013, size 2048
      sig 0x00000683, pf mask 0x04, 2001-02-06, rev 0x0010, size 2048
      sig 0x00000683, pf mask 0x10, 2001-02-06, rev 0x0014, size 2048
      sig 0x000006a4, pf mask 0x04, 2000-06-16, rev 0x0001, size 2048
      sig 0x00000f12, pf mask 0x01, 2003-05-02, rev 0x002d, size 2048
      sig 0x00000f12, pf mask 0x02, 2003-05-02, rev 0x002f, size 2048
      sig 0x00000f12, pf mask 0x04, 2003-05-02, rev 0x002e, size 2048
      sig 0x00000f13, pf mask 0x04, 2003-05-08, rev 0x0005, size 2048
      sig 0x00000f24, pf mask 0x08, 2003-06-05, rev 0x0020, size 2048
      sig 0x000206c2, pf mask 0x03, 2010-09-07, rev 0x0013, size 7168

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 10 Jan 2011 23:25:18 -0200

intel-microcode (0.20100914-1) unstable; urgency=low

  * New upstream data file: microcode-20100914
    + Updated Microcodes:
      sig 0x000206c2, pf mask 0x03, 2010-09-07, rev 0x0013, size 7168
    + Removed Microcodes:
      sig 0x000006d8, pf mask 0x08, 2006-08-31, rev 0x0021, size 2048
      sig 0x000006d8, pf mask 0x20, 2004-07-22, rev 0x0020, size 2048
      sig 0x00000f65, pf mask 0x04, 2007-05-10, rev 0x000b, size 2048
      sig 0x00010661, pf mask 0x04, 2007-05-01, rev 0x0036, size 4096
      sig 0x000106a5, pf mask 0x03, 2010-03-03, rev 0x0015, size 8192
      sig 0x000206e6, pf mask 0x04, 2010-04-21, rev 0x0007, size 6144
  * Add upstream changelog, with a list of changed microcodes per release
  * Update debian/copyright to match the latest license
  * Update documentation on where and how to get an up-to-date microcode
    file directly from Intel, and how to install it
  * postinst: run the microcode.ctl initscript on install/upgrades to apply
    updated microcodes to the processor
  * Merge changes from version 0.20090927-1, which I lost in the last
    upload for some stupid reason.  The lack of 0.20090927-1 in the
    changelog upsets the BTS' version tracking, so it is more than just a
    cosmetic fix

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 26 Sep 2010 19:51:46 -0300

intel-microcode (0.20100826-1) unstable; urgency=low

  * New upstream data file: microcode-20100826 (closes: #571128)
  * debian/control: Add myself to uploaders
  * debian/control: bump standards-version to 3.9.1 (no changes required)
  * debian/control: Change homepage to the only stable URI available,
    which is that of the RSS feed
  * debian/source/format: set to 1.0, we gain nothing from the other formats

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 28 Aug 2010 11:25:34 -0300

intel-microcode (0.20090927-1) unstable; urgency=low

  * New upstream version (Closes: #549706)

 -- Giacomo Catenazzi <cate@debian.org>  Tue, 06 Oct 2009 07:42:02 +0200

intel-microcode (0.20090330-1) unstable; urgency=low

  * New upstream version. This version replaced 6 and add
    extra 3 microcode files.

 -- Giacomo Catenazzi <cate@debian.org>  Tue, 31 Mar 2009 07:54:00 +0200

intel-microcode (0.20080910-2) unstable; urgency=low

  * Revert architecture change

 -- Giacomo Catenazzi <cate@debian.org>  Mon, 13 Oct 2008 19:40:18 +0200

intel-microcode (0.20080910-1) unstable; urgency=low

  * New upstream version.
  * Set architecture to all: the data is architecture indipendent
    (and used in i386 and amd64 architectures). Note: this package
    is "non-free" (i.e. usual manual check), so it should not
    use space on CD and other medium, on non Intel architectures.

 -- Giacomo Catenazzi <cate@debian.org>  Mon, 15 Sep 2008 08:33:19 +0200

intel-microcode (0.20080401-1) unstable; urgency=low

  * New upstream version.

 -- Giacomo Catenazzi <cate@debian.org>  Fri, 25 Apr 2008 18:59:10 +0200

intel-microcode (0.20080220-1) unstable; urgency=low

  * New upstream version.

 -- Giacomo Catenazzi <cate@debian.org>  Mon, 10 Mar 2008 07:48:48 +0100

intel-microcode (0.20080131-1) unstable; urgency=low

  * Initial release. The new license is finally enough good for
    debian non-free
  * BTW packing the microcode will solve potential/theoretical
    man-in-the-middle attack (Closes: #282583)

 -- Giacomo Catenazzi <cate@debian.org>  Wed, 20 Feb 2008 19:33:10 +0100