Bug#930794: unblock: intel-microcode/3.20190618.1

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#930794: unblock: intel-microcode/3.20190618.1

Henrique de Moraes Holschuh
Package: release.debian.org
Severity: normal
User: [hidden email]
Usertags: unblock

Please unblock package intel-microcode

This is an update that adds the MDS mitigations for Sandybridge server
and HEDT (Core-X).  Other than those two updated microcode files, there
are just changes to text files.

It has been the subject of a security update (DSA 4447-2, and soon DLA
1789-2), please refer to

https://security-tracker.debian.org/tracker/CVE-2019-11091

for details.

diff attached (with the microcode blob changes removed for clarity).

diffstat (git, ignores rename of symlink):
 changelog            |    7 +++
 debian/changelog     |  106 +++++++++++++++++++++++++++++----------------------
 intel-ucode/06-2d-06 |binary
 intel-ucode/06-2d-07 |binary
 releasenote          |   46 ++--------------------
 5 files changed, 74 insertions(+), 85 deletions(-)


unblock intel-microcode/3.20190618.1

Thank you

--
  Henrique Holschuh

git-diff.patch.txt (12K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#930794: unblock: intel-microcode/3.20190618.1

Henrique de Moraes Holschuh
On Fri, 21 Jun 2019, Paul Gevers wrote:
> On 20-06-2019 20:05, Henrique de Moraes Holschuh wrote:
> > unblock intel-microcode/3.20190618.1
>
> Unblocked, thanks.

Thanks!

> Just one question, the reason why all the binary blobs are different in
> the package is that because the builds by Intel aren't reproducible?
> I.e. they are rebuild every time?

git tells me they're the same on the source tree, and diff -ru after a
dpkg-deb -x also told me they're the same on the binary debs...

debdiff told me they differ on the source package, but I haven't managed
to find out why.  I decided to trust dpkg-deb + diff on the generated
binaries...

For the record, this was the first time something like this happened,
but this was also the first time I tried debdiff from devscripts
2.19.5~bpo9+1.  And it also told me the data on the older packages also
differed -- but they went through older versions of debdiff just fine!
-- so I went with "this release of debdiff seems broken".

Might have something to do with the use of a symlink.

--
  Henrique Holschuh