Univention Bugzilla – Bug 48161
firmware-nonfree: Multiple issues (4.2)
Last modified: 2018-11-29 12:34:14 CET
New Debian firmware-nonfree 20161130-4~deb8u1 fixes: This update addresses the following issues: * The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. (CVE-2016-0801) * A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814. (CVE-2017-0561) * Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. (CVE-2017-9417) * Reinstallation of the pairwise key in the 4-way handshake (CVE-2017-13077) * Reinstallation of the group key in the 4-way handshake (CVE-2017-13078) * Reinstallation of the integrity group key in the 4-way handshake (CVE-2017-13079) * Reinstallation of the group key in the group key handshake (CVE-2017-13080) * Reinstallation of the integrity group key in the group key handshake (CVE-2017-13081)
--- mirror/ftp/4.0/unmaintained/4.0-0/source/firmware-nonfree_0.43.7.201409121415.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/firmware-nonfree_20161130-4~deb8u1.dsc @@ -1,6 +1,336 @@ -0.43.7.201409121415 [Fri, 12 Sep 2014 14:15:01 +0200] Univention builddaemon <buildd@univention.de>: - - * UCS auto build. No patches were applied to the original source package +20161130-4~deb8u1 [Thu, 25 Oct 2018 00:57:47 +0100] Ben Hutchings <ben@decadent.org.uk>: + + * Rebuild for jessie: + - Use linux-support-4.9.0-0.bpo.8 + * Re-add firmware that may be needed under older kernel versions: + - bnx2x: firmware version 7.8.17.0 + - iwlwifi: firmware ABI 7 and 8 + - ti-connectivity: TI WL18xx default configuration + +20161130-4 [Sat, 13 Oct 2018 20:27:06 +0100] Ben Hutchings <ben@decadent.org.uk>: + + * debian/bin/gencontrol.py: Set encoding to UTF-8 globally + * Add back firmware-{adi,ralink} as transitional packages (Closes: #907320) + * debian/control: Point Vcs URLs to Salsa + * Update to linux-support 4.9.0-8 + * firmware-brcm80211: Update Broadcom wifi firmware to fix security issues + (Closes: #869639): + - BCM4339 (CVE-2016-0801) + - BCM4354 (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417, CVE-2017-13077, + CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081) + - BCM4356-PCIe (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417, + CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, + CVE-2017-13081) + - BCM43340 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, + CVE-2017-13081) (also fixes issues when operating in 5GHz band) + - BCM43362 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, + CVE-2017-13081) + - BCM43430 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, + CVE-2017-13081) + +20161130-3~bpo8+1 [Thu, 15 Jun 2017 03:27:21 +0100] Ben Hutchings <ben@decadent.org.uk>: + + * Rebuild for jessie-backports: + - Use linux-support 4.9.0-0.bpo.3 + - debian/bin/gencontrol.py: Copy copyright files as binary, not default- + encoded text + +20161130-3 [Tue, 06 Jun 2017 00:56:25 +0100] Ben Hutchings <ben@decadent.org.uk>: + + * misc-nonfree: Include Intel OPA Gen1 firmware (Closes: #862458) + * misc-nonfree: Add Intel "Broxton" GuC firmware version 8.7 and + Intel "Kabylake" GuC firmware version 9.14 (Closes: #854695) + * iwlwifi: Fix DDC file format for Intel Bluetooth 8260/8265 + (Closes: #854907) + * amd-graphics: Add radeon/si58_mc.bin (Closes: #856853) + * Revert "ipw2x00: Downgrade Intel Pro 2200/2915 firwmare to version 3.0" + (Closes: #833551) + * Update to linux-support 4.9.0-1 + +20161130-2~bpo8+1 [Sun, 15 Jan 2017 12:35:57 +0100] Héctor Orón Martínez <zumbi@debian.org>: + + * Rebuild for jessie-backports. + - Bump kernel version for bpo, 4.8.0-0.bpo.2 + +20161130-2 [Wed, 14 Dec 2016 03:59:09 +0000] Ben Hutchings <ben@decadent.org.uk>: + + * debian/control: Add XS-Autobuild field + * misc-nonfree: Replace Nvidia firmware symlinks with copies, to avoid a + bug in initramfs-tools (Closes: #847343) + +20161130-1 [Sat, 03 Dec 2016 21:20:01 +0000] Ben Hutchings <ben@decadent.org.uk>: + + * New upstream version + - Upstream version is commit 87941021a622c882b1921df85d6115940a4e568a, + dated 2016-11-30 + - amd-graphics: Update SMC microcode for Radeon HD 7790/7800/7900/ + 8500/8600/8700/8770/8950 series, R9 290 series, "Fiji", "Polaris", + and "Topaz" chips + - amd-graphics: Update UVD microcode for "Carrizo" chips to version + 1.87, for "Fiji" chips to version 1.87.12, for "Stoney" chips to + version 1.38.15, and for "Tonga" chips to version 1.65.10 + - amd-graphics: Update VCE microcode for "Fiji" and "Topaz" chips to + version 52.8.3 + - intel-sound: Update "Bay Trail" SST DSP firmware to version + 01_0C_00_01 + - iwlwifi: Update Intel Wireless Bluetooth firmware patch for + 3160 (B6) to version 39, for 7260 (B6) to version 39, and for + 7265 (C0) to version 59 + - iwlwifi: Update Intel Wireless Bluetooth configuration and firmware + for 8260 to version REL0351, and for 8264 to version REL0082 + * amd-graphics: Include SMC microcode for newer Radeon HD, "Tonga" and + "Iceland" chips (Closes: #838858) + * misc-nonfree: Include Nvidia GM200, GM204, GM206, GM20B and GP100 + signed firmware (Closes: #823637, #826996) + * atheros: Include Bluetooth firmware for QCA61x4 (thanks to Mario + Limonciello) (Closes: #841092) + * misc-nonfree: Include Intel "Kabylake" DMC firmware and Intel + "Skylake" GuC firmware version 6.1 (Closes: #838476, #842762) + * brcm80211: Include Broadcom BCM43430 firmware + * libertas: Include Marvell Avastar 88W8997 firmware + * libertas: Update descriptions of supported chips + * realtek: Include Realtek RTL8822B Bluetooth config and firmware, + RTl8192EU firmare and RTl8723BU firmware + * Use debhelper compatibility level 9 + * debian/control: Update Standards-Version to 3.9.8; no changes needed + * copyright: Fix structured copyright files to follow the machine- + readable debian/copyright format version 1.0 + * Update to linux-support 4.8.0-1 + +20160824-1 [Sun, 18 Sep 2016 04:15:29 +0100] Ben Hutchings <ben@decadent.org.uk>: + + * New upstream version + - Upstream version is commit 7534e191256629a20c02e04d5f6d0439c48de80a + dated 2016-08-24 + - iwlwifi: Update Bluetooth firmware for Intel Wireless 3160, 7260, 7265 + and 8260 + - amd-graphics: Update firmware for "Bonaire", "Carrizo", "Fiji", "Hawaii", + "Kabini", "Kaveri", "Mullins", "Stoney", "Tonga" and "Topaz" chips + - amd-graphics: Revert change to "Kaveri" MEC firmware included in + version 20151207-1 + - atheros: Update Qualcomm Atheros QCA6174 rev 2.1 and QCA988X firmware + - misc-nonfree: Update Ralink RT2760/RT2790/RT2860/RT2890/RT3090 and + RT2870/RT3070/RT3071/RT3072 firmware + - misc-nonfree: Update Chelsio T4 and T5 firmware + - intel-sound: Update Intel "Cherry Trail"/"Braswell" SST DSP firmware + - misc-nonfree: Update Intel "Broxton" and "Skylake" DMC firmware + * Update to linux-support 4.7.0-1 + * iwlwifi: Include new firmware for Intel Wireless 3160, 7260 and 7265 + (ABI 17); 7265D (ABI 17, 21 and 22); 3168, 8000C and 8265 (ABI 21 and 22) + (Closes: #808792, #823402, #833355, #833876) + * amdgpu: Include new firmware for "Polaris" chips (Closes: #838038) + * qlogic: Include new QLogic QL45000 series firmware + * brcm80211: Include Broadcom BCM4366 firmware + * misc-nonfree: Include Sensoray 2255 firmware for use with the s2255drv + driver + * ti-connectivity: Update licence text + * ti-connectivity: Include new TI WL18xx firmware (ABI 4) (Closes: #816350) + * ti-connectivity: Include "ti-connectivity/TIInit_7.2.31.bts" for use with + the st_drv driver + * atheros: Include firmware for Atheros AR3012 rev 31010100 and Qualcomm + Atheros QCA4019, QCA9377, QCA9887, QCA9888, and QCA9984 adapters, and + new board configurations for Qualcomm Atheros QCA6174 adapters + (Closes: #800820, #832925) + * misc-nonfree: Include Terratec H5 DRX-K firmware for use with the + em28xx-dvb driver + * iwlwifi: Include Intel Wireless 8264 Bluetooth firmware + * misc-nonfree: Include Comtrol RocketPort 2 firmware for use with the + rp2 driver + * misc-nonfree: Include MOXA UPort firmware for use with the mxuport and + ti_usb_3410_5052 drivers + * intel-sound: Include Intel "Broxton", "Kabylake", and "Skylake" SST DSP + firmware + * atheros: Suppress lintian warning for reference to GPL where the runtime + exception has been used + +20160110-1~bpo8+1 [Wed, 24 Feb 2016 10:44:02 +0100] Héctor Orón Martínez <zumbi@debian.org>: + + * Rebuild for jessie-backports. + - Bump kernel version to 4.3.0-0.bpo.1 + +20160110-1 [Sun, 10 Jan 2016 21:34:11 +0000] Ben Hutchings <ben@decadent.org.uk>: + + * New upstream version + - Upstream version is commit 73b07a93ed6c0cdb2f96dae8387b04cbb7b75643, + dated 2016-01-10 + - libertas: Marvell PCIE8897 and SD8897 firmware updated to version + 15.68.7.p53 + - libertas: Marvell USB8797 firmware updated to version 14.68.29.p49 + - misc-nonfree: Intel QAT DH895xCC firmware updated + - atheros: Clarified licensing terms for the current ath9k_htc firmware + * Add AppStream metadata to all packages containing firmware blobs + * genorig.py: Make orig tarballs really reproducible: + - Override umask while extracting/exporting files + - Override user and group names in tarball + * libertas: Include SD8801 and USB8801 firmware for use with the mwifiex_sdio + and mwifiex_usb drivers + * misc-nonfree: Include Intel QAT C3xxx and C62x firmware for use with the + intel_qat driver + * brcm80211: Include Broadcom BCM4350 rev 5+ firmware for use with the + brcmfmac driver + * qlogic: Include QLogic QL45000 series firmware version 8.7.3.0 for use with + the qed driver + * Update to linux-support 4.3.0-1 + +20151207-1 [Mon, 07 Dec 2015 02:39:46 +0000] Ben Hutchings <ben@decadent.org.uk>: + + * New upstream version + - Upstream version is commit bbe4917c054eb0a73e250c6363341e3bf6725839 + dated 2015-12-07 + - brcm80211: Broadcom BCM4356 firmware updated + - iwlwifi: Bluetooth firmware patches updated as noted in the package + description + - qlogic: QLogic ISP2422, ISP2432[M], SP222, SP232 and ISP2532 firmware + updated to version 8.03.00 + - brcm80211: Broadcom BCM43602 firmware updated: + + fixing WoWLAN + + fixing problems with hibernate + + support for dma error checking + * ipw2x00: Downgrade Intel Pro 2200/2915 firwmare to version 3.0 + (Closes: #591775, #615112, #729542) + * debian/README.source: Update for the conversion to a non-native package + * atheros: Include Atheros AR7010 and AR9271 firmware version 1.4.0 + * iwlwifi: Include Intel Wireless 3160, 7260, 7265, 7265D and 8000C + firmware version 16.242414.0 (Closes: #802970, #803920) + - The version numbering scheme has changed to put the ABI version first + * iwlwifi: Exclude obsolete firmware (ABIs 7, 8, 10, 13) + * bnx2x: Include Broadcom NetXtreme II 10Gb 57710, 57711 and 57712 firmware + version 7.13.1.0 (for Linux 4.5 onward) + * bnx2x: Exclude obsolete firmware (version 7.8.17.0) + * bnx2: Exclude obsolete firmware (version 5.0.0.j3) + * amd-graphics: Include microcode for "Stoney" chip supported by the amdgpu + driver and new microcode for several other chips + * misc-nonfree: Include Intel "Skylake" video interface firmware + version 1.23, replacing earlier versions + * brcm80211: Include Broadcom BCM4350 firmware, BCM43602 AP-mode firmware + and BCM4371 firmware + * qlogic: Include QLogic QL45000 series firmware for use with the qed driver + * misc-nonfree: Include MediaTek MT7601U firmware + +20151018-2 [Mon, 19 Oct 2015 18:23:20 +0100] Ben Hutchings <ben@decadent.org.uk>: + + * amd-graphics, misc-nonfree: Add Breaks and Replaces relations to older + firmware-linux-nonfree, to support upgrades (Closes: #802336, #802337) + * misc-nonfree: Change Conflicts relation with firmware-{adi,ralink} to + Breaks + +20151018-1 [Sun, 18 Oct 2015 21:27:47 +0100] Ben Hutchings <ben@decadent.org.uk>: + + [ Ben Hutchings ] + * Convert to a non-native package with linux-firmware.git as upstream + (Closes: #790061) + - Upstream version is commit 66d3d8d7607c9a3a7d083f81990f6523f5842065, + dated 2015-10-18 + - iwlwifi: Bluetooth firmware patches updated as noted in the package + description + * realtek: Remove RTL8192SU/rtl8192sfw.bin, which has not been needed since + r8192s_usb was replaced by r8172u (Closes: #793874) + * Adjust for migration to git: + - Add .gitignore file + - debian/control: Update Vcs-* fields + * samsung: Add copyright holder to copyright file + * debian/control: Update Standards-Version to 3.9.6; no changes needed + * Update to linux-support 4.1.0-2 + * debian/control: Drop Frederik Schüler and dann frazier from Uploaders + * debian/bin: Use Python 3 (as assumed by linux-support-4.2.0-1) + * check_upstream.py: Report possibly undistributable files that are not + excluded + * check_upstream.py: Recognise GPLv3 and GPL dual-licenced files + * check_upstream.py: Reimplement check for unpackaged firmware + * debian/control: Set the upstream homepage URL to the current cgit page + for linux-firmware.git (except for ipw2x00 and ivtv packages) + * linux-nonfree: Split into firmware-{amd-graphics,misc-nonfree} packages + * amd-graphics: Include Radeon HD 7900 series VCE microcode (Closes: #800090) + * amd-graphics: Include microcode for "Carrizo", "Fiji", "Tonga" and "Topaz" + chips supported by the amdgpu driver + * misc-nonfree: Update Chelsio T4 and T5 firmware to version 1.14.4.0 + * atheros: Include firmware for Atheros AR3012 rev 11020100 and for + Qualcomm Atheros QCA988X, QCA9XX0 and QCA6174 adapters supported by the + ath10k driver (Closes: #724970) + * bnx2x: Include Broadcom NetXtreme II 10Gb 57710, 57711 and 57712 firmware + version 7.12.30.0 (for Linux 4.3 onward) + * brcm80211: Include firmware for many more chips supported by the + brcmfmac driver (Closes: #795303, #800440) + * qlogic: Convert copyright file to structured format + * qlogic: Include firmware for QLogic (formerly Brocade) Fibre Channel + adapters and Converged Network Adapters supported by the bfa and bna + drivers (Closes: #620066) + * iwlwifi: Include firmware for Intel Wireless 8000C and 8260, Bluetooth + firmware patch for Intel Wireless 7265 (D1), and firmware versions + 25.17.12.0 (ABI 12) and 25.30.13.0 (ABI 13) for Intel Wireless 3160, + 7260, 7265 and 7265D (Closes: #769633, #793544) + * misc-nonfree: Include firmware for Abilis Systems AS102 DVB front-end, + Creative CA0132 audio codec, Chelsio T4 10GBASE-T adapters, Micronas + GO7007SB video encoder, Intel "Skylake" and "Broxton" video + interfaces, MediaTek MT7630/MT7650 Bluetooth adapters, Nvidia Tegra + GPU and XHCI interfaces, and Intel QAT DH895xCC crypto-accelerators + * adi, ralink: Merge into the firmware-misc-nonfree package + * Add firmware-siano package containing firmware for Siano Mobile Digital + TV receivers supported by the smsmdtv driver + * Add firmware-intel-sound package containing firmware for Intel SST sound + DSPs supported by the snd-soc-sst-acpi or snd-intel-sst-acpi driver + (Closes: #774914) + * myricom: Include Myri-10G firmware variants supporting big RX rings + * libertas: Include firmware for SD8887, USB8766 and USB8897 + * Add firmware-cavium package containing firmware for Cavium LiquidIO + Ethernet cards + * realtek: Include firmware for various Bluetooth adapters (Closes: #801514) + * qlogic, samsung: Suppress lintian warning about reference to GNU GPL + + [ maximilian attems ] + * iwlwifi: Update Intel Wireless 3160, 7260, 7265 and 7265D firmware version + 25.30.14.0 (ABI 14) + * iwlwifi: Add Intel Wireless 8260 firmware version 25.30.14.0 (ABI 14) + * Update to linux-support 4.2.0-1 + +0.44 [Mon, 11 May 2015 20:25:28 +0100] Ben Hutchings <ben@decadent.org.uk>: + + [ Raphaël Hertzog ] + * Switch to linux-support-3.16.0-4. + + [ Sophie Brun ] + * iwlwifi: Add Intel Wireless 3160, 7260 7265 and 7265D firmware version + 23.11.10.0 (ABI 10) + * iwlwifi: Update Intel Wireless 3160, 7260 and 7265 firmware to version + 25.228.9.0 (ABI 9) + * realtek: Add RTL8192EE, RTL8723AU rev A with-Bluetooth and RTL8821AE + WoWLAN firmware for use with the rtl8192ee, r8723au and rtl8821ae drivers + * realtek: Update RTL8192CE/RTL8188CE, RTL8192CE/RTL8188CE B-cut and + RTL8192DE firmware + * realtek: Add RTL8107E-1, RTL8107E-2, RTL8168H-1 and RTL8168H-2 firmware + * qlogic: Update QLogic ISP2422, ISP2432[M], SP222, SP232 and ISP2532 + firmware to version 7.03.00 + * linux-nonfree: Update Chelsio T4 and T5 firmware to version 1.12.25.0 + * bnx2x: Add Broadcom NetXtreme II 10Gb 57710, 57711 and 57712 firmware + version 7.10.51.0 + * linux-nonfree: Add dvb-* firmwares. Xceive 4000 tuner firmware version + 1.4.1, Xceive 5000c tuner firmware version 4.1.30.7, DiBcom dib9135 DVB-T + USB firmware and DiBcom dib9135 DVB-T USB firmware + * linux-nonfree: Add UVD microcode for Radeon R600, RS780 and RV770 + * linux-nonfree: Add Radeon firmwares for kernel 3.17 and newer for HD 7790/ + 8770/8950, HD 8500M series and R5 M200, R9 290 series, HD 8100/8200/8300/ + 8400, R5/R7 IGP 200, "Mullins"/"Beema", HD 8500/8600/8700 series, HD 7800 + series, HD 7900 series, HD 7700 series + * brcm80211: Add BCM43236 and BCM43143 USB firmware for use with brcmfmac + driver + * iwlwifi: Update Intel Wireless Bluetooth firmware patches; add Intel + Wireless 3160 (B6) and 7265 (B0) Bluetooth firmware patches + + [ Ben Hutchings ] + * Switch to linux-support-4.0.0-1 + * iwlwifi: Update Intel Wireless 3160, 7260 7265 and 7265D firmware to + version 23.15.10.0 (ABI 10) + * linux-nonfree: Update Radeon R5/R7 IGP 200 series MEC microcode to + version 396 + * realtek: Update RTL8107E-1, RTL8107E-2, RTL8168H-1 and RTL8168H-2 firmware + to version 0.0.2 + * iwlwifi: Update Intel Wireless Bluetooth firmware patches again + * atheros: Update Atheros AR7010 and AR9271 firmware to version 1.3.1 + * libertas: Update Marvell PCIE8897, SD8787, SD8897 and USB8797 firmware + * brcm80211: Update Broadcom BCM4354 firmware to version 7.35.79.57 + * atheros: Update Atheros AR3012 rev 01020201 patch to version 170 + * ti-connectivity: Remove TI WL18xx default configuration, as TI now + recommends letting the driver use its built-in defaults 0.43 [Mon, 16 Jun 2014 00:49:44 +0100] Ben Hutchings <ben@decadent.org.uk>: <http://10.200.17.11/4.2-5/#1090447131971802153>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts The licences of firmware-ipw2x00 and firmware-ivtv require interactive confirmation, which breaks PIUpaRTs. [4.2-5] 4bb2a57d19 Bug #48161: firmware-nonfree 20161130-4~deb8u1 doc/errata/staging/firmware-nonfree.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) [4.2-5] 79313418c4 Bug #48161: firmware-nonfree 20161130-4~deb8u1 doc/errata/staging/firmware-nonfree.yaml | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+)
<http://errata.software-univention.de/ucs/4.2/549.html>