- updated to 0.44 (bsc#1189477)

• Files Changed
• Browse Source

- updated to 0.46
  This release mainly focuses on the detection of the new Zenbleed
  (CVE-2023-20593) vulnerability, among few other changes that were in
  line waiting for a release:
  - feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)
  - feat: add the linux-firmware repository as another source for CPU microcode versions
  - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2
  - fix: docker: adding missing utils (#433)
  - feat: add support for Guix System kernel
  - fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443)
  - fix: a /devnull file was mistakenly created on the filesystem
  - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430) (forwarded request 1108154 from msmeissn)

• Files Changed
• Browse Source

- updated to 0.45
  - arm64: phytium: Add CPU Implementer Phytium
  - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
  - chore: ensure vars are set before being dereferenced (set -u compat)
  - chore: fix indentation
  - chore: fwdb: update to v220+i20220208
  - chore: only attempt to load msr and cpuid module once
  - chore: read_cpuid: use named constants
  - chore: readme: framapic is gone, host the screenshots on GitHub
  - chore: replace 'Vulnerable to' by 'Affected by' in the hw section
  - chore: speculative execution -> transient execution
  - chore: update fwdb to v222+i20220208
  - chore: update Intel Family 6 models
  - chore: wording: model not vulnerable -> model not affected
  - doc: add an FAQ entry about CVE support
  - doc: add an FAQ.md and update the README.md accordingly
  - doc: more FAQ and README
  - doc: readme: make the FAQ entry more visible
  - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied
  - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
  - feat: add subleaf != 0 support for read_cpuid
  - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)
  - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
  - feat: hw check: add IPRED, RRSBA, BHI features check
  - feat: implement detection for MCEPSC under BSD
  - feat: set default TMPDIR for Android (#415)
  - fix: extract_kernel: don't overwrite kernel_err if already set
  - fix: has_vmm false positive with pcp
  - fix: is_ucode_blacklisted: fix some model names
  - fix: mcedb: v191 changed the MCE table format (forwarded request 966405 from msmeissn)

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- Fix typo (s/Require:/Requires:/). (forwarded request 766868 from dimstar)

• Files Changed
• Browse Source

- version 0.43
  - feat: implement TAA detection (CVE-2019-11135 bsc#1139073)
  - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665)
  - feat: taa: add TSX_CTRL MSR detection in hardware info
  - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database
  - feat: use --live with --kernel/--config/--map to override file detection in live mode
  - enh: rework the vuln logic of MDS with --paranoid (fixes #307)
  - enh: explain that Enhanced IBRS is better for performance than classic IBRS
  - enh: kernel: autodetect customized arch kernels from cmdline
  - enh: kernel decompression: better tolerance against missing tools
  - enh: mock: implement reading from /proc/cmdline
  - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a
  - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes)
  - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels
  - fix: sgx: on locked down kernels, fallback to CPUID bit for detection
  - fix: fwdb: builtin version takes precedence if the local cached version is older
  - fix: pteinv: don't check kernel image if not available
  - fix: silence useless error from grep (fixes #322)
  - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316)
  - fix: mocking value for read_msr
  - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme
  - chore: fwdb: update to v130.20191104+i20191027
  - chore: add GitHub check workflow
- upstream tarball no longer includes license, use the gpl 3 standalone html for it

• Files Changed
• Browse Source

- version 0.42
    * add FreeBSD MDS mitigation detection
    * add mocking functionality to help debugging, dump data to mock the behavior of your CPU with --dump-mock-data
    * AMD, ARM and CAVIUM are not vulnerable to MDS
    * RDCL_NO bit wasn't taking precedence for L1TF check on some newer Intel CPUs
    * The MDS_NO bit on newer Intel CPUs is now recognized and used
    * remove libvirtd from hypervisor detection to avoid false positives (#278)
    * under BSD, the data returned when reading MSR was incorrectly formatted
    * update builtin MCEdb from v110 to v111 (forwarded request 712067 from liguros)

• Files Changed
• Browse Source

- noarch does not work on older distros, removed

• Files Changed
• Browse Source

- version 0.41
  * add support for the 4 MDS CVEs
  * add Spectre and Meltdown mitigation detection for Hygon CPU
  * for SSBD, report whether the mitigation is active
  * and other fixes and enhancements (forwarded request 703403 from liguros)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

add to factor

• Browse Source