Dear security team,
I have prepared an update for amd64-microcode for Debian Stretch, which
fixes CVE-2017-5715. Please see an attached debdiff.
This is the newer upstream release, which fixes CVE-2017-5715.
Also I want to ask anybody to test this package on the hardware with
amd-processor to escape regressions. The pre-built package is available
here [1]. But it looks like this version is working for Ubuntu already [2].
Please, let me know, whether I may proceed with the upload.
[1] https://people.debian.org/~gladk/amd64-microcode_stretch/
[2] https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/1853614
Thanks,
Anton
diff -Nru amd64-microcode-3.20160316.3/debian/changelog
amd64-microcode-3.20181128.1+deb9u1/debian/changelog
--- amd64-microcode-3.20160316.3/debian/changelog 2016-11-30
02:54:53.0 +0100
+++ amd64-microcode-3.20181128.1+deb9u1/debian/changelog2020-03-12
20:29:09.0 +0100
@@ -1,3 +1,72 @@
+amd64-microcode (3.20181128.1+deb9u1) stretch-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * New upstream release.
+ * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+(since version 3.20180515.1).
+
+ -- Anton Gladky Thu, 12 Mar 2020 20:29:09 +0100
+
+amd64-microcode (3.20181128.1) unstable; urgency=medium
+
+ * New microcode update packages from AMD upstream:
++ New Microcodes:
+ sig 0x00800f82, patch id 0x0800820b, 2018-06-20
+ * README: update for new release
+
+ -- Henrique de Moraes Holschuh Sat, 15 Dec 2018 18:42:12
-0200
+
+amd64-microcode (3.20180524.1) unstable; urgency=high
+
+ * New microcode update packages from AMD upstream:
++ Re-added Microcodes:
+ sig 0x00610f01, patch id 0x06001119, 2012-07-13
+ * This update avoids regressing sig 0x610f01 processors on systems with
+outdated firmware by adding back exactly the same microcode patch that was
+present before [for these processors]. It does not implement Spectre-v2
+mitigation for these processors.
+ * README: update for new release
+
+ -- Henrique de Moraes Holschuh Fri, 25 May 2018 15:38:22
-0300
+
+amd64-microcode (3.20180515.1) unstable; urgency=high
+
+ * New microcode update packages from AMD upstream:
++ New Microcodes:
+ sig 0x00800f12, patch id 0x08001227, 2018-02-09
++ Updated Microcodes:
+ sig 0x00600f12, patch id 0x0600063e, 2018-02-07
+ sig 0x00600f20, patch id 0x06000852, 2018-02-06
++ Removed Microcodes:
+ sig 0x00610f01, patch id 0x06001119, 2012-07-13
+ * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
+plus other unspecified fixes/updates.
+ * README, debian/copyright: update for new release
+
+ -- Henrique de Moraes Holschuh Sat, 19 May 2018 13:51:06
-0300
+
+amd64-microcode (3.20171205.2) unstable; urgency=medium
+
+ * debian/control: update Vcs-* fields for salsa.debian.org
+
+ -- Henrique de Moraes Holschuh Fri, 04 May 2018 07:51:40
-0300
+
+amd64-microcode (3.20171205.1) unstable; urgency=high
+
+ * New microcode updates (closes: #886382):
+sig 0x00800f12, patch id 0x08001213, 2017-12-05
+Thanks to SuSE for distributing these ahead of AMD's official release!
+ * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+ * README: describe source for faml17h microcode update
+ * Upload to unstable to match IBPB microcode support on Intel in Debian
+unstable.
+ * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
+backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
+"x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
+it will not be applied to the processor.
+
+ -- Henrique de Moraes Holschuh Mon, 08 Jan 2018 12:19:57
-0200
+
amd64-microcode (3.20160316.3) unstable; urgency=medium
* initramfs: Make the early initramfs reproducible (closes: #845194)
diff -Nru amd64-microcode-3.20160316.3/debian/control
amd64-microcode-3.20181128.1+deb9u1/debian/control
--- amd64-microcode-3.20160316.3/debian/control 2016-11-30 02:53:04.0
+0100
+++ amd64-microcode-3.20181128.1+deb9u1/debian/control 2018-12-15
03:43:55.0 +0100
@@ -5,8 +5,8 @@
Uploaders: Giacomo Catenazzi
Build-Depends: debhelper (>= 9)
Standards-Version: 3.9.8
-Vcs-Git: git://git.debian.org/users/hmh/amd64-microcode.git
-Vcs-Browser: http://git.debian.org/?p=users/hmh/amd64-microcode.git
+Vcs-Git: https://salsa.debian.org/hmh/amd64-microcode.git
+Vcs-Browser: https://salsa.debian.org/hmh/amd64-microcode
XS-Autobuild: yes
Package: amd64-microcode
diff -Nru amd64-microcode-3.20160316.3/debian/copyright
amd64-microcode-3.20181128.1+deb9u1/debian/copyright
--- amd64-microcode-3.20160316.3/debian/copyright 2016-11-30
02:53:04.0 +0100
+++ amd64-microcode-3.20181128.1+deb9u1/debian/copyright2018-12-15
03:43:55.0 +0100
@@ -2,8 +2,9 @@
Sun Jun 10 10:54:36 BRT 2012
It was downloaded from http://www.amd6