diff -Nru amd64-microcode-3.20171205.1/debian/changelog amd64-microcode-3.20180524.1~ubuntu0.18.04.2/debian/changelog --- amd64-microcode-3.20171205.1/debian/changelog 2018-01-08 14:19:57.000000000 +0000 +++ amd64-microcode-3.20180524.1~ubuntu0.18.04.2/debian/changelog 2018-06-26 14:32:22.000000000 +0000 @@ -1,3 +1,53 @@ +amd64-microcode (3.20180524.1~ubuntu0.18.04.2) bionic; urgency=medium + + * Default to 'early' instead of 'auto' in the initramfs-tools hook + when building with MODULES=most (LP: #1778738) + + -- Julian Andres Klode Tue, 26 Jun 2018 16:32:22 +0200 + +amd64-microcode (3.20180524.1~ubuntu0.18.04.1) bionic-security; urgency=medium + + * SECURITY UPDATE: Add Spectre Variant 2 protection for family 17h AMD + processors (CVE-2017-5715) + - Backport to bionic. + + -- Steve Beattie Tue, 29 May 2018 15:16:39 -0700 + +amd64-microcode (3.20180524.1) unstable; urgency=high + + * New microcode update packages from AMD upstream: + + Re-added Microcodes: + sig 0x00610f01, patch id 0x06001119, 2012-07-13 + * This update avoids regressing sig 0x610f01 processors on systems with + outdated firmware by adding back exactly the same microcode patch that was + present before [for these processors]. It does not implement Spectre-v2 + mitigation for these processors. + * README: update for new release + + -- Henrique de Moraes Holschuh Fri, 25 May 2018 15:38:22 -0300 + +amd64-microcode (3.20180515.1) unstable; urgency=high + + * New microcode update packages from AMD upstream: + + New Microcodes: + sig 0x00800f12, patch id 0x08001227, 2018-02-09 + + Updated Microcodes: + sig 0x00600f12, patch id 0x0600063e, 2018-02-07 + sig 0x00600f20, patch id 0x06000852, 2018-02-06 + + Removed Microcodes: + sig 0x00610f01, patch id 0x06001119, 2012-07-13 + * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support, + plus other unspecified fixes/updates. + * README, debian/copyright: update for new release + + -- Henrique de Moraes Holschuh Sat, 19 May 2018 13:51:06 -0300 + +amd64-microcode (3.20171205.2) unstable; urgency=medium + + * debian/control: update Vcs-* fields for salsa.debian.org + + -- Henrique de Moraes Holschuh Fri, 04 May 2018 07:51:40 -0300 + amd64-microcode (3.20171205.1) unstable; urgency=high * New microcode updates (closes: #886382): diff -Nru amd64-microcode-3.20171205.1/debian/control amd64-microcode-3.20180524.1~ubuntu0.18.04.2/debian/control --- amd64-microcode-3.20171205.1/debian/control 2016-11-30 01:53:04.000000000 +0000 +++ amd64-microcode-3.20180524.1~ubuntu0.18.04.2/debian/control 2018-06-26 13:45:18.000000000 +0000 @@ -1,12 +1,13 @@ Source: amd64-microcode Section: non-free/admin Priority: standard -Maintainer: Henrique de Moraes Holschuh +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Henrique de Moraes Holschuh Uploaders: Giacomo Catenazzi Build-Depends: debhelper (>= 9) Standards-Version: 3.9.8 -Vcs-Git: git://git.debian.org/users/hmh/amd64-microcode.git -Vcs-Browser: http://git.debian.org/?p=users/hmh/amd64-microcode.git +Vcs-Git: https://salsa.debian.org/hmh/amd64-microcode.git +Vcs-Browser: https://salsa.debian.org/hmh/amd64-microcode XS-Autobuild: yes Package: amd64-microcode diff -Nru amd64-microcode-3.20171205.1/debian/copyright amd64-microcode-3.20180524.1~ubuntu0.18.04.2/debian/copyright --- amd64-microcode-3.20171205.1/debian/copyright 2016-11-30 01:53:04.000000000 +0000 +++ amd64-microcode-3.20180524.1~ubuntu0.18.04.2/debian/copyright 2018-05-25 18:30:30.000000000 +0000 @@ -2,8 +2,9 @@ Sun Jun 10 10:54:36 BRT 2012 It was downloaded from http://www.amd64.org/support/microcode.html up to -version 20120910 (now: http://www.amd64.org/microcode.html). It was built from -the linux-firmware git tree at for version 20131007 onwards. +version 20120910 (now: http://www.amd64.org/microcode.html). For version +20131007 onwards, it was built from the linux-firmware git repository at: +https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/ Debian only distributes the AMD64 microcode file in its unaltered form. @@ -13,7 +14,7 @@ Upstream Copyright: - Copyright (C) 2010-2014 Advanced Micro Devices, Inc., + Copyright (C) 2010-2018 Advanced Micro Devices, Inc. All rights reserved. Upstream License: diff -Nru amd64-microcode-3.20171205.1/debian/initramfs.hook amd64-microcode-3.20180524.1~ubuntu0.18.04.2/debian/initramfs.hook --- amd64-microcode-3.20171205.1/debian/initramfs.hook 2016-11-30 01:53:04.000000000 +0000 +++ amd64-microcode-3.20180524.1~ubuntu0.18.04.2/debian/initramfs.hook 2018-06-26 13:45:52.000000000 +0000 @@ -32,7 +32,11 @@ } AUCODE_FW_DIR=/lib/firmware/amd-ucode -AMD64UCODE_INITRAMFS=auto +if [ "$MODULES" = "most" ]; then + AMD64UCODE_INITRAMFS=early +else + AMD64UCODE_INITRAMFS=auto +fi [ -r ${AMD64UCODE_CONFIG} ] && . ${AMD64UCODE_CONFIG} [ -z "${AMD64UCODE_INITRAMFS}" ] && AMD64UCODE_INITRAMFS=no diff -Nru amd64-microcode-3.20171205.1/LICENSE.amd-ucode amd64-microcode-3.20180524.1~ubuntu0.18.04.2/LICENSE.amd-ucode --- amd64-microcode-3.20171205.1/LICENSE.amd-ucode 2016-11-30 01:53:04.000000000 +0000 +++ amd64-microcode-3.20180524.1~ubuntu0.18.04.2/LICENSE.amd-ucode 2018-05-19 16:45:14.000000000 +0000 @@ -1,4 +1,4 @@ -Copyright (C) 2010-2014 Advanced Micro Devices, Inc., All rights reserved. +Copyright (C) 2010-2018 Advanced Micro Devices, Inc., All rights reserved. Permission is hereby granted by Advanced Micro Devices, Inc. ("AMD"), free of any license fees, to any person obtaining a copy of this Binary files /tmp/tmpjnf66i/ZhqW0uZFxG/amd64-microcode-3.20171205.1/microcode_amd_fam15h.bin and /tmp/tmpjnf66i/FJmNhPGcj1/amd64-microcode-3.20180524.1~ubuntu0.18.04.2/microcode_amd_fam15h.bin differ diff -Nru amd64-microcode-3.20171205.1/microcode_amd_fam15h.bin.asc amd64-microcode-3.20180524.1~ubuntu0.18.04.2/microcode_amd_fam15h.bin.asc --- amd64-microcode-3.20171205.1/microcode_amd_fam15h.bin.asc 2016-11-30 01:53:04.000000000 +0000 +++ amd64-microcode-3.20180524.1~ubuntu0.18.04.2/microcode_amd_fam15h.bin.asc 2018-05-25 18:30:42.000000000 +0000 @@ -1,11 +1,11 @@ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 -iQEcBAABAgAGBQJW6d1MAAoJEOS+UznzKK5zSxkH+gJLffKGRM9BHe0D0/fkb0Gs -FZVp0eUNREOQoYwHJq9Ms1RebaZJkaUnd8SXCODJrqxDsxqUgunUtP6Qfh3Ru6fV -n0wgFVISKSQVLDP+I/ANFbWA2KhV5e4LuLQp5cDSItv6916kmNlM5kxtJ5QBrNXu -kr5bNReYgYTl7PSoCPuPfVILToG0ltZQMdKI1GImRCMVrYjGMbv8EyUC3r8ZbChG -Lv6K0AsULA81lXBAW0JYlxu6cNv1MJ3mxttwCswaJNcd+Y11ZQA8r2sjJoWbNSlS -nsDPLsUKE/RsW9MlMxiI2Jqo9PrZz923bu/cWMU1FPp+cJII0T7idWGUTVhQjc8= -=MTxP +iQEcBAABAgAGBQJbB09SAAoJEOS+UznzKK5z8kAIAK1In82D88fGFbhluAl13UFu +rs8BhXKL2w7B2KAspBNTmYpIQnfvVDrZzn6t6nqssuJ4bnWH8sf0mC/w5dSQLG4M +WdpDd+qkdkDGJFlbl3zkr14Q7ZCQPV44pT7BOF07VPflOeQQjRWug9cdyqRIfO4n +XGR5wvBOJZ2BlriRkYagQHn6iB/UJWXodmTr8CRGIHTApQg6K0NPNvmbwa/W5Z9X +bS6eniACMfFDH7NXG2uTpFiGa3DYbDyNZiZeM7Uv3BFxtAOGY8vTFghtRyk0qxAl +o6d8fT6ozkTUxE40Lgb6MegDJPwJ+uDfB7jKVPnYsbDAp6K7L8k/7PQQQRJ69Pc= +=k2EA -----END PGP SIGNATURE----- Binary files /tmp/tmpjnf66i/ZhqW0uZFxG/amd64-microcode-3.20171205.1/microcode_amd_fam17h.bin and /tmp/tmpjnf66i/FJmNhPGcj1/amd64-microcode-3.20180524.1~ubuntu0.18.04.2/microcode_amd_fam17h.bin differ diff -Nru amd64-microcode-3.20171205.1/microcode_amd_fam17h.bin.asc amd64-microcode-3.20180524.1~ubuntu0.18.04.2/microcode_amd_fam17h.bin.asc --- amd64-microcode-3.20171205.1/microcode_amd_fam17h.bin.asc 1970-01-01 00:00:00.000000000 +0000 +++ amd64-microcode-3.20180524.1~ubuntu0.18.04.2/microcode_amd_fam17h.bin.asc 2018-05-25 17:30:19.000000000 +0000 @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJa+7YMAAoJEOS+UznzKK5zGvIH/jDlOORyc1hk1rubB1Txh3C7 +yq7BJwaMotOHZqNzCHuIAGCSCuUrN/HJ465deJXGuRFDbl+Ywt/AHKBMN4RglyO6 +JoM2zZwkgVpLzqJyNwedzGpAxPT/dT1daDDWRyd66cz98iEVNlYS4Wc92aXteYdq +qzxidXi1MmN8+Iycl7L5MYV12jysrssIYmiVe974Rb9y+84tJVCohAONl/N6m9PX +VJuW6d5uch3NNLVo4ZFZIx53E3JiyB4nI0JU2C2dj4S7XDP5T17kxBvUNwbgtxBV +xdTuT6ITu7bGxderze3iPkkAzCgemgLF+sKFbXLDnnHch3YfFMWskuE4TEwMAZU= +=Ae/7 +-----END PGP SIGNATURE----- diff -Nru amd64-microcode-3.20171205.1/README amd64-microcode-3.20180524.1~ubuntu0.18.04.2/README --- amd64-microcode-3.20171205.1/README 2018-01-08 14:19:57.000000000 +0000 +++ amd64-microcode-3.20180524.1~ubuntu0.18.04.2/README 2018-05-25 18:30:42.000000000 +0000 @@ -1,43 +1,94 @@ This amd64-microcode release was based on the linux-firmware tree. +The linux-firmware tree can be found in kernel.org. -From: Sherry Hurwitz -Subject: [PATCH 1/1] linux-firmware: Update AMD microcode patch firmware -Date: 2016-03-17 06:56:11 GMT +commit 7518922bd5b98b137af7aaf3c836f5a498e91609 +Author: Sherry Hurwitz +Date: Thu May 24 20:57:59 2018 -0500 - linux-firmware: Update AMD microcode patch firmware + Update AMD cpu microcode for family 15h + + * Processor Revision ID 0x00610f01 was accidently not included in the previous + submitted microcode container file. + * Update the Version for family 15h microcode .bin file + + Key Name = AMD Microcode Signing Key (for signing microcode container files only) + Key ID = F328AE73 + Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73 + + Signed-off-by: Sherry Hurwitz + Signed-off-by: Josh Boyer + +commit 77101513943ef198e2050667c87abf19e6cbb1d8 +Author: Sherry Hurwitz +Date: Wed May 16 18:10:48 2018 -0500 + + linux-firmware: Update AMD cpu microcode + + * Add AMD cpu microcode for processor family 17h + * Update AMD cpu microcode for processor family 15h + * Update the AMD cpu microcode license copyright + * Add a Version for both microcode family 15h and 17h + + Key Name = AMD Microcode Signing Key (for signing microcode container files only) + Key ID = F328AE73 + Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73 + + Signed-off-by: Sherry Hurwitz + Signed-off-by: Josh Boyer + +commit 5f8ca0c1db6106a2d6d7e85eee778917ff03c3de +Author: Sherry Hurwitz +Date: Thu Mar 17 01:56:11 2016 -0500 + linux-firmware: Update AMD microcode patch firmware + For AMD Family 15h Processors to fix bugs in prior microcode patch file: amd-ucode/microcode_amd_fam15h.bin md5sum: 2384ef1d8ec8ca3930b62d82ea5a3813 - + Version: 2016_03_16 - + Signed-off-by: Sherry Hurwitz + Signed-off-by: Kyle McMartin commit 8ac569dd3ca3ca685bd47ee86c1eeb6050864db3 Author: Sherry Hurwitz Date: Thu Nov 6 19:38:26 2014 -0600 linux-firmware: Update AMD microcode patch firmware files - + For AMD Family 15h Processors file: amd-ucode/microcode_amd_family15h.bin md5sum: ee3f0f46936aa1788dc31ca3487e0ff3 - + For AMD Family 16h Processors file: amd-ucode/microcode_amd_family16h.bin md5sum: 6a47a6393c52ddfc0b5b044efc076a77 - + Version: 2014_10_28 Signed-off-by: Sherry Hurwitz Signed-off-by: Kyle McMartin -LICENSE.amd-ucode | 2 +- -amd-ucode/microcode_amd_fam15h.bin |binary -amd-ucode/microcode_amd_fam15h.bin.asc | 16 ++++++++-------- -amd-ucode/microcode_amd_fam16h.bin |binary -amd-ucode/microcode_amd_fam16h.bin.asc | 11 +++++++++++ -6 files changed, 23 insertions(+), 10 deletions(-) +commit 31f6b3076bab3c4b65f67fdb232f4579ed828b4f +Author: Suravee Suthikulpanit +Date: Wed Jul 10 19:42:56 2013 -0500 + + linux-firmware: Add AMD microcode patch firmware files + + For AMD Families 10h ~ 14h Processors + file: amd-ucode/microcode_amd.bin + md5sum: 55ae79b82cbfddcf7142058be3c9ec2d + + For AMD Family 15h Processors + file: amd-ucode/microcode_amd_fam15h.bin + md5sum: 122ac7e56442c2b7c28eb26978b2d57c + + Version: 07_10_2013 + + Signed-off-by: Sherry Hurwitz + Signed-off-by: Suravee Suthikulpanit + [bwh: Include version in WHENCE and GPG signatures as separate files] + Signed-off-by: Ben Hutchings The microcode update for family 17h came from SuSE, and depends on specific kernel support for family 17h to be applied. It implements IBPB support