2016-06-04, iucode_tool v1.6.1

  * iucode_tool: append microcode bundles to linked list in O(1)
  * iucode_tool: stop allocating twice the required memory for a bundle
  * iucode_tool: don't close input files twice
    load_intel_microcode() would cause fds to be closed twice.  iucode_tool
    is not multi-threaded and isn't otherwise affected by this bug, but
    unfortunately there is a free() call between the first and second
    close().  When running iucode_tool under some sort of malloc
    instrumentation insane enough to open file descriptiors on free()
    inside the instrumented process' context, or indirectly linked to a
    multi-threaded glibc module/plugin that could do the same, bad things
    could happen.
  * iucode_tool(8): minor fix to a comment
  * iucode_tool(8): update Linux notes for up to v4.6
  * iucode_tool: constify argp parser information

2016-05-14, iucode_tool v1.6

  * iucode_tool: fix failsafe for --enable-cpuid-device
    Further fixes for --scan-system when iucode_tool is compiled with the
    non-default configure/build-time option --enable-cpuid-device mode.
    Do not disable the failsafe mode when either /dev/cpu/*/cpuid cannot be
    opened, or an unexpected error happens during the cpuid scan.  Note that
    we still consider the scan result valid when there are offline nodes.
    Also, adjust the error and status/debug messages so that proper feedback
    (through a warning) is given to the user when the scan fails.
  * iucode_tool: report out-of-memory error during cpuid scan
  * iucode_tool(8): document warning when downgrade mode fails
  * iucode_tool: warn of shadowed microcode in downgrade mode
    Warn when downgrading is impossible due to pf_mask shadowing: this
    happens when a pf_mask set loaded earlier has a higher microcode
    revision than a pf_mask subset loaded later for the same signature.
  * iucode_tool: introduce print_warn()
    Note: this changes the single "WARNING" in iucode_tool to "warning"
  * iucode_tool: don't snprintf just to printf something
  * iucode_tool: silence gcc warnings in -flto mode
  * iucode_tool: use pfm for pf_mask in structures
  * iucode_tool: fix another downgrade+loose date filter corner case
    Fix a corner case for the second pass of the loose date filter in
    downgrade mode: while late-merging an earlier microcode (in load order)
    whose pf_mask is either the same as, or a superset of, a later microcode
    (in load order) but with a same-or-higher revision, it would erroneusly
    remove the later microcode (i.e. act as if download mode was not
    active).

2016-04-30, iucode_tool v1.5.2

  * README: update technical details and correct two mistakes
    Mixed-stepping configurations are possible, and there was an off-by-one
    error in the platform flags mask table.
  * iucode_tool(8): fix manpage text for --scan-system
    Fix the iucode_tool(8) manpage text to not imply we will scan every
    processor in the system, as that depends on configure (compile-time)
    options, and it isn't the default behavior since version 1.2.
  * iucode_tool: don't assume single signature for multi-socket
    When not scanning every processor using the kernel cpuid device, add all
    possible steppings for the signature of the running processor.

2016-02-13, iucode_tool v1.5.1

  * update copyright dates to 2016
  * iucode_tool: drop incorrect use of likely() in uclist_merge_signature()
  * iucode_tool(8): document downgrade mode limitations
  * iucode_tool: fix unimportant memory leaks for valgrind
    Fix two memory leaks at the program exit path for valgrind builds. This
    ensures "valgrind --leak-check=full --show-leak-kinds=all" output has no
    known false positives. For non-valgrind builds, we simply don't bother to
    free any heap memory in the exit path, as it would be just a waste of CPU
    cycles.
  * iucode_tool: look harder for superseded entries
    When we replace an entry that has the same pf_mask, it is necessary to
    look for entries that became obsolete.  In non-downgrade mode, we might
    have skipped a few revisions, and might have merged microcode that is a
    proper subset, but has an intermediary revision between ours and the
    one we're replacing.  In downgrade mode, the revision doesn't matter so
    it is even easier to have proper subset entries around that became
    obsolete.
  * iucode_tool: discard late outdated merge for loose date filter
    When in downgrade mode, during the second pass of the loose date
    filter, we would merge microcode that is a proper subset (and has the
    same revision) of already merged microcode.  This is harmless, but it
    would waste space in the output.  It is unlikely that this bug would
    ever happen with real microcode updates.
  * iucode_tool: fix downgrade mode when loose date-filtering
    Downgrade mode was broken for the loose mode of date filtering.  Due to
    this bug, a microcode selected by the loose date filter might be
    preferred over one that was loaded later.
  * iucode_tool: fix infinite loop bug on non-disjoint pf_masks
    In the specific case where two microcodes for the same cpu signature
    had non-disjoint pf_masks, and neither pf_mask was contained in the
    other, the code would loop forever when it attempted to add the second
    microcode to the list of selected microcodes.  Fortunately, Intel never
    published a public microcode update that could trigger this codepath.
    This issue exists in every released version of iucode_tool to date.
  * iucode_tool: cosmetic changes to load_intel_microcode()
  * iucode_tool: make uclist_add_signature() slightly faster
    Change uclist_add_signature() to stop looking for duplicates at the
    first match.  This is slightly faster when processing several files
    with many duplicates, but it changes same-sig same-revision internal
    ordering from earliest first to latest first.  This change to the
    sorting order only change the order in which do_write_named() will
    create the per-microcode data files.  Also, trigger microcode opaque
    data comparison on the pointer to the duplicate being non-NULL, instead
    of testing for res == EEXIST. Note that this is not fixing an existing
    bug, the old code was correct.
  * iucode_tool: cosmetic fixes for uclist_add_signature()

2015-10-16, iucode_tool v1.5

  * New --write-all-named-to option:
    + iucode_tool(8): document the new --write-all-named-to option.
    + iucode_tool: add a --write-all-named-to option, which works like
      --write-named-to, but instead of operating on selected microcode, it
      operates on every revision of every microcode.  Exact duplicates are
      skipped, keyed on INTEL_UCLE_DUPSIG.  This avoids the need to always
      enable --overwrite mode.  This is the only way to write out every
      revision of a microcode.
    + iucode_tool: add a new flag, INTEL_UCLE_DUPSIG, and use it to track
      duplicate signatures when they are added to all_microcodes.  Only the
      first copy of that exact microcode (signature+pfm+revision) will not
      have INTEL_UCLE_DUPSIG set, in *load* order, regardless of downgrade
      mode.
  * intel_microcode.c: remove lots of unlikely() use, as the premisse that
    it is most often called on valid microcode is no longer valid due to
    the recovery loader.
  * iucode_tool(8): fix parameter of --write-named-to.  The manpage text
    was incorrectly naming the parameter of the option --write-named-to to
    be a file.  It is a directory, as documented for the short version of
    the same option (-W).
  * iucode_tool(8): add two examples for the recovery loader (-tr): how to
    use it to load microcode from an early initramfs, and also how to use
    it to update an Arch-linux style separate early initramfs.
  * Changelog: correct the indentation of older Changelog entries.
  * Changelog: switch back to a "raw" changelog style.  Writing user-level
    documentation is a much better use of time than simplifying Changelogs.

2015-10-03, iucode_tool v1.4

  * Implement a microcode recover mode (-tr) for the binary loader,
    which searches for valid microcode(s) inside a generic (binary)
    data file of unknown format
    + Do not store an empty microcode bundle for further processing,
      even if the low-level loader didn't return an error status (this
      is for future-proofing, currently all of them return errors)
    + Report unaligned microcode as an internal error in the iterator
      functions as well as in intel_ucode_check_microcode(), but add
      a private function to allow for microcode checking without
      alignment restrictions
    + Add intel_ucode_scan_for_microcode() to search for valid micro-
      code(s) inside a memory buffer, regardless of alignment
    + Factor out microcode checksumming into is_zero_checksum(), and
      change it to avoid unaligned dword reads.  This avoids a long
      time gcc -O3 loop vectorizing optimization issue which is still
      present in gcc 5.2.1
  * Notify the user when we fail to find any microcode in a data file
    when the low-level loader returns ENOENT, and continue processing
    in that case
  * Report empty data files using ENOENT instead of EINVAL in the
    low-level loader functions.  This is can happen to non-empty files
    in the -tr and -td loaders, as well as when reading an empty file
    from stdin, FIFO, pipe, character device, etc.
  * In -vv mode, print a message before reading a file, and also when
    skipping empty files or reading a directory
  * Fix spelling of default-firmware-dir option in configure,
    thanks to Timo Gurr for the report and fix
  * Minor cosmetic fixes:
    + Typo fix: replace "interator" with "iterator" everywhere
    + Add comment about not closing a fd in fix_fds() should it
      be copied elsewhere, fix by Imran Zaman
    + Add comment that one must not close(fd) after fdopendir(fd)
      succeeded.  Both human programmers and static checkers get
      confused over this one and mistake it for leak
  * Replace "deselect" with "unselect" in the manpage text

2015-05-24, iucode_tool v1.3

  * Reopen stdin/stdout/stderr file descriptors using /dev/null if any
    of them are closed at program start.  Before this change, it was
    not safe to call iucode_tool with stdout and/or stderr closed
  * Ignore multiple attempts to read microcode data from stdin, as all
    data will have been read by the first attempt
  * Enforce a maximum of UINT_MAX data files.  The number of microcodes
    per data file is also limited to UINT_MAX (actually, less than that
    due to other limits).  Use "unsigned int" instead of "unsigned long
    int" for variables related to these (such as microcode group id and
    microcode id)
  * Document in the manpage the arbritray maximum limit of 1GiB worth of
    binary data per microcode data file.  The other limits are too large
    to bother documenting
  * Microcode data file loader fixes and enhancements:
    + Detect and report stream IO errors while reading .dat files
    + Detect and report IO errors from fdstat() at the beginning
      of the binary microcode loader
    + Print the line number when reporting .dat parsing errors
    + Allow comments after valid data for .dat files, previously they
      had to be on a line of their own
    + Rework the .dat parser to make it less convoluted, and optimize it
      for the exact .dat file layout Intel has been using in the last 15
      years
  * Minor build fixes
    + Silence unused parameter warning on --disable-cpuid-device build
    + Silence unused function warning on --disable-valgrind-build build
    + configure.ac: minor updates: add AC_COPYRIGHT; move AC_PREREQ
      before AC_INIT; remove commented-out AM_MAINTAINER_MODE
  * Reorder fields to pack some structs on 64 bits
  * Reorder some struct fields for better cache locality

2015-03-29, iucode_tool v1.2.1

  * Update README and NEWS to mention the new project home
    location at GitLab, due to gitorious.org's planned shutdown
    at the end of 2015-05
  * Manpage fixes and enhancements:
    + Minor typography/groff fixes
    + Format long examples into multi-line format
    + Add examples for --scan-system, -s and --write-earlyfw
    + Minor changes to the other examples
    + Document iucode_tool use of stdout and stderr
    + Document that iucode_tool ignores the loader version microcode
      metadata field entirely
    + Document the use of the "0x" and "0" prefixes to denote hexadecimal
      and octal bases for the signature and pf_mask parameters of the -s
      option
  * Flush stdout before writing to stderr.  We want stdout/stderr output
    to be correctly interleaved when buffering is in effect due to stdout
    redirecton
  * Flush stdout right after do_process_microcodes() is called, so that
    iucode_tool will output the result of --list and --list-all at that
    point in time
  * Minor argp parser fixes
    + Don't include EOL in argp_error() strings
    + Surround incorrect parameters with single quotes in parser error
      messages
  * Report internal errors (EINVAL) from uclist_add_signature() as
    such.  While at it, cosmetic fix the same error message for
    uclist_merge_signature()

2015-02-14, iucode_tool v1.2

  * Documentation updates:
    + README: correct the /lib/firmware example to not remove execute
      permissions from the /lib/firmware/intel-ucode directory, and
      enhance the text to make it clear those are examples of fixing the
      permissions and may need to be adjusted
    + README: enhance the README text and update it to the post-Haswell
      microcode update reality.  Also, add a table of pf flags and
      masks, to make the text easier to understand and stop using tabs
      for the layout
    + iucode_tool(8): update Linux notes to match reality as of kernel
      3.18.  Also reword and improve the overall text
  * iucode_tool: use the cpuid instruction (via gcc's cpuid.h) directly
    to implement --scan-system.  This assumes there is only one
    signature per x86/x86-64 system, which is a safe assumption at this
    time.  One can have processors with distinct pf flags and the same
    signature in a x86/x86-64 multi-processor system, so --scan-system
    will match any pf_mask.  When compile-time configured with
    --enable-cpuid-device (disabled by default), iucode-tool will use
    the cpuid instruction directly and also scan every processor using
    the kernel cpuid device.  This fixes an scalability issue in systems
    with many processors

2014-10-28, iucode_tool v1.1.1

  * Fix issues found by the Coverity static checker:
    + CID 72165: An off-by-one error caused an out-of-bounds write to a
      buffer while loading large microcode data files in ascii format
      (will not be triggered by the data files currently issued by Intel)
    + CID 72163: The code could attempt to close an already closed file
      descriptor in certain conditions when processing directories
    + CID 72161: Stop memory leak in error path when loading microcode
      data files
    + CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues
      that could not cause problems at runtime.

2014-09-09, iucode_tool v1.1

  * Don't output duplicates for microcodes with extended signatures
    to the same file or to the kernel
  * When writing an early initramfs, pad its trailer with zeros to
    the next 1024-byte boundary.  This is done so that the next
    initramfs segment will be better aligned, just in case.  The
    entire cpio medatada overhead is now exactly 1024 bytes
  * Manpage style fixes: use iucode_tool consistently, groff formatting
  * Refuse to load ridiculously large data files (limit set to 1GiB)

2014-08-12, iucode_tool v1.0.3

  * Add a work-around for a Linux kernel bug on the early initramfs
    microcode update support.  The work-around appends non-standard NUL
    padding to the file name inside the cpio archive, so as to have the
    the microcode data 16-byte-aligned to the start of the file
  * Document file alignment requirements for the early initramfs
    archive.
  * Properly check microcode metadata date to be valid packed BCD in
    strict mode
  * Do not assume a non-zero microcode Total Size field to be valid, it
    is valid only when the Data Size field is non-zero.  Fortunately,
    Intel always set reserved fields to zero on released microcode, so
    this bug was never (and is unlikely to ever be) triggered
  * Fix several cosmetic and minor code issues
  * minor corrections, enhancements and style fixes to the manpage

2014-05-10, iucode_tool v1.0.2

  * Mention iucode-tool's new home at gitorious in documentation.
  * Warn user when --scan-system fails due to errors such as a lack
    of permission to access the cpuid devices
  * Use the libc optimized memcmp() to compare microcode
  * Minor manpage updates
  * --strict-checks now verifies that the microcode update date
    is not utterly insane

2013-12-14, iucode_tool v1.0.1

  * Fix several cosmetic code issues
  * Manpage updates
    + Make it clear that the output order of microcodes is not stabilized
    + Make it clear that iucode_tool always break links when writing a
      data file, and that it doesn't replace files atomically, so they
      can get corrupted/lost if iucode-tool is interrupted while writing.
    + Reword several notes for better readability
  * Use openat() when loading from a directory
  * Use openat() when creating files in a directory

2013-05-25, iucode_tool v1.0

  * Add verbose title to manpage iucode_tool(8)
  * Add support to write an early initramfs archive for Linux v3.9.
    This early initramfs archive will need to be prepended to the
    regular initramfs to allow the kernel to load the microcode
    update

2013-03-28, iucode_tool v0.9

  * Document missing -W, --write-named option in iucode_tool(8)
    manpage
  * Print the number of unique signatures in verbose mode
  * Add loose date-based filtering (--loose-date-filtering option),
    which is useful when trying to select microcode for very old
    processors
  * Skip empty files and directories instead of aborting with an
    error
  * Add an option to default to an empty selection (-s!)
  * Ensure that microcodes with the same metadata have the same
    opaque data (payload) when in --strict-checks mode (default)
  * Update copyright notices and manpage date

2012-08-26, iucode_tool v0.8.3

  * Fix regression introduced in 0.8.2 that caused all microcodes
    to be selected by --scan-system on a box with unsupported
    processors (e.g. non-Intel)
  * Update README: Intel has some microcode update information in
    some public processor specification update documents

2012-07-28, iucode_tool v0.8.2

  * Update documentation and manpages for the new microcode
    update interface in Linux v3.6.
  * Fail safe when --scan-system cannot access the cpuid driver:
    instead of not selecting anything, still select all microcodes
    if no other microcode selection option was used.
  * Move NEWS to ChangeLog

2012-07-24, iucode_tool v0.8.1

  * Updates to the iucode_tool(8) manpage, disclosing the
    need for the cpuid driver for iucode_tool --scan-system,
    and more details about the sysfs microcode reload
    interface.
  * Output an error message if --scan-system could not find
    any cpuid nodes in sysfs.

2012-06-07, iucode_tool v0.8

  * First release to the general public.  Please refer to
    the README file for the irrelevant details, and to the
    manpage for the relevant details.
