Get:1 http://changelogs.ubuntu.com iucode-tool 1.5.1-1ubuntu0.1 Changelog [11.2 kB] iucode-tool (1.5.1-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: heap buffer overflow on -tr loader - debian/patches/CVE-2017-0357.patch: check al in intel_microcode.c. - CVE-2017-0357 -- Marc Deslauriers Wed, 25 Jan 2017 14:03:35 -0500 iucode-tool (1.5.1-1) unstable; urgency=medium * New upstream release + several fixes for the "downgrade mode", including one for a bug that would cause iucode_tool to enter an infinite loop + document downgrade mode limitations in the manpage + other minor fixes -- Henrique de Moraes Holschuh Sat, 13 Feb 2016 20:21:12 -0200 iucode-tool (1.5-1) unstable; urgency=medium * New upstream release + There is a new option to write out microcodes, capable of writing out every revision of every microcode: --write-all-named-to. All other write out options will only output a single revision of a microcode + iucode_tool(8): fix parameter name of --write-named-to. + iucode_tool(8): add two examples for the recovery loader (-tr) -- Henrique de Moraes Holschuh Fri, 16 Oct 2015 23:41:35 -0300 iucode-tool (1.4-1) unstable; urgency=medium * New upstream release + Implement a microcode recover mode (-tr) for the binary loader, which searches for valid microcode(s) inside a generic (binary) data file of unknown format + Report empty data files using ENOENT instead of EINVAL in the low-level loader functions. This is can happen to non-empty files in the -tr and -td loaders, as well as when reading an empty file from stdin, FIFO, pipe, character device, etc. + Notify the user when we fail to find any microcode in a data file when the low-level loader returns ENOENT, and continue processing in that case + In -vv mode, print a message before reading a file, and also when skipping empty files or reading a directory + Fix spelling of default-firmware-dir option in configure, thanks to Timo Gurr for the report and fix + Replace "deselect" with "unselect" in the manpage text -- Henrique de Moraes Holschuh Sat, 03 Oct 2015 13:34:12 -0300 iucode-tool (1.3-1) unstable; urgency=medium * New upstream release + Make it safe to call iucode_tool with stdout and/or stderr closed + Ignore multiple attempts to read microcode data from stdin, as all data will have been read by the first attempt + Document in the manpage the arbritray maximum limit of 1GiB worth of binary data per microcode data file. The other limits are too large to bother documenting + Microcode data file loader fixes and enhancements: + Improve IO error detection + Print the line number when reporting .dat parsing errors + Allow comments after valid data for .dat files, previously they had to be on a line of their own + Rework the .dat parser to make it less convoluted, and optimize it for the exact .dat file layout Intel has been using in the last 15 years + Minor build fixes -- Henrique de Moraes Holschuh Sun, 24 May 2015 19:31:23 -0300 iucode-tool (1.2.1-1) experimental; urgency=low * New upstream release + Upstream moved to https://gitlab.com/iucode-tool + Manpage fixes and updates + Flush stdout properly to not mix output with stderr + Improve command line parser error messages * control: update URL fields for the new upstream location -- Henrique de Moraes Holschuh Sun, 29 Mar 2015 20:53:03 -0300 iucode-tool (1.2-2) experimental; urgency=low * control: enable building on x32 (closes: #777232) * debian/copyright: update copyright notices -- Henrique de Moraes Holschuh Tue, 17 Feb 2015 20:34:12 -0200 iucode-tool (1.2-1) experimental; urgency=low * New upstream release + Documentation updates + iucode_tool: use the cpuid instruction directly to implement --scan-system. This fixes an scalability issue in systems with many processors. * Target experimental due to Debian jessie freeze -- Henrique de Moraes Holschuh Sat, 14 Feb 2015 13:39:16 -0200 iucode-tool (1.1.1-1) unstable; urgency=medium * New upstream release + Fix issues found by the Coverity static checker: + CID 72165: An off-by-one error caused an out-of-bounds write to a buffer while loading large microcode data files in ascii format + CID 72163: The code could attempt to close an already closed file descriptor in certain conditions when processing directories + CID 72161: Stop memory leak in error path when loading microcode data files + CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues that could not cause problems at runtime * debian/control: bump standards version to 3.9.6 -- Henrique de Moraes Holschuh Tue, 28 Oct 2014 17:02:42 -0200 iucode-tool (1.1-1) unstable; urgency=medium * New upstream release + Don't output duplicates for microcodes with extended signatures to the same file or to the kernel + When writing an early initramfs, pad its trailer with zeros to the next 1024-byte boundary. This is done so that the next initramfs segment will be better aligned, just in case. The entire cpio medatada overhead is now exactly 1024 bytes + Manpage style fixes: use iucode_tool consistently, groff formatting + Refuse to load ridiculously large data files (limit set to 1GiB) * debian/lintian-override: override hyphen-used-as-minus-sign as iucode-tool(8) now uses proper groff hyphens, but not in a way the lintian test can detect. * debian/rules: remove autoconf-1.14 autogenerated files on clean -- Henrique de Moraes Holschuh Fri, 12 Sep 2014 08:54:33 -0300 iucode-tool (1.0.3-1) unstable; urgency=medium * New upstream release + Properly check microcode metadata date to be valid packed BCD in strict mode + Do not assume a non-zero microcode Total Size field to be valid, it is valid only when the Data Size field is non-zero. Fortunately, Intel always set reserved fields to zero on released microcode, so this bug was never (and is unlikely to ever be) triggered + Linux kernel bug workaround: when generating the early initramfs archive, append NULs to the microcode data file name to pad the start of the microcode data inside the initramfs archive to a 16-byte boundary. Document this issue on the manpage, the workaround is only effective if the start of our early initramfs cpio segment is 16-byte aligned in the final initramfs archive + Fix several cosmetic and minor code issues + Manpage fixes and enhancements * debian/control: add debian/master branch information to Vcs-Git field * debian/control: bump standards-version to 3.9.5 -- Henrique de Moraes Holschuh Tue, 12 Aug 2014 08:22:07 -0300 iucode-tool (1.0.2-1) unstable; urgency=low * New upstream maintenance release + Mention iucode-tool's new home at gitorious in documentation + Warn user when --scan-system fails due to errors such as a lack of permission to access the cpuid devices + Use the libc optimized memcmp() to compare microcode + Minor manpage updates + --strict-checks now verifies that the microcode update date is not utterly insane * debian/control: update for new upstream location at Gitorious -- Henrique de Moraes Holschuh Sat, 10 May 2014 18:35:36 -0300 iucode-tool (1.0.1-1) unstable; urgency=low * New upstream maintenance release + Fix several cosmetic code issues + Manpage updates + Make it clear that the output order of microcodes is not stabilized + Make it clear that iucode_tool always break links when writing a data file, and that it doesn't replace files atomically, so they can get corrupted/lost if iucode-tool is interrupted while writing + Reword several notes for better readability + Use openat() when loading from a directory and when creating files in a directory. Thus, iucode-tool will read/write to the same directory even while racing another process that is trying to rename it while iucode-tool is already running -- Henrique de Moraes Holschuh Sat, 14 Dec 2013 21:01:41 -0200 iucode-tool (1.0-1) unstable; urgency=low * New upstream release + Add verbose title to manpage iucode_tool(8) + Add support to write an early initramfs archive for Linux v3.9 * install iucode-tool symlinks to iucode_tool (closes: #689128) -- Henrique de Moraes Holschuh Sat, 25 May 2013 13:40:57 -0300 iucode-tool (0.9-1) unstable; urgency=low * New upstream release + Document missing -W, --write-named option in iucode_tool(8) manpage (closes: #687963) + Print the number of unique signatures in verbose mode + Add loose date-based filtering (--loose-date-filtering option), which is useful when trying to select microcode for very old processors + Skip empty files and directories instead of aborting with an error + Add an option to default to an empty selection (-s!) + Ensure that microcodes with the same metadata have the same opaque data (payload) when in --strict-checks mode (default) * Update debian/copyright to match upstream's -- Henrique de Moraes Holschuh Thu, 28 Mar 2013 23:48:48 -0300 iucode-tool (0.8.3-1) unstable; urgency=low * New upstream release + Fix regression introduced in 0.8.2 that caused all microcodes to be selected by --scan-system on a box with unsupported processors (e.g. non-Intel) + Update README: Intel has some microcode update information in some public processor specification update documents -- Henrique de Moraes Holschuh Sun, 26 Aug 2012 18:38:54 -0300 iucode-tool (0.8.2-1) unstable; urgency=low * New upstream release + Update documentation and manpages for the new microcode update interface in Linux v3.6. + Fail safe when --scan-system cannot access the cpuid driver: instead of not selecting anything, still select all microcodes if no other microcode selection option was used (closes: #683178) * debian/control: add X-Vcs-* fields -- Henrique de Moraes Holschuh Sun, 29 Jul 2012 10:06:35 -0300 iucode-tool (0.8.1-1) unstable; urgency=low * New upstream release + inform user with an error message if cpuid driver is missing, and --scan-system was requested + manpage updates -- Henrique de Moraes Holschuh Tue, 24 Jul 2012 11:53:05 -0300 iucode-tool (0.8-1) unstable; urgency=low * Initial public release (closes: #611133) + Reduced functionality release, we need the tool in the archive for bootstrapping, as it will become a build-dependency of the intel-microcode package -- Henrique de Moraes Holschuh Thu, 07 Jun 2012 12:57:37 -0300 Fetched 11.2 kB in 0s (103 kB/s)