Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
spectre-meltdown-checker
spectre-meltdown-checker.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File spectre-meltdown-checker.changes of Package spectre-meltdown-checker
------------------------------------------------------------------- Wed Aug 30 15:39:04 UTC 2023 - Marcus Meissner <meissner@suse.com> - updated to 0.46 This release mainly focuses on the detection of the new Zenbleed (CVE-2023-20593) vulnerability, among few other changes that were in line waiting for a release: - feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593) - feat: add the linux-firmware repository as another source for CPU microcode versions - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2 - fix: docker: adding missing utils (#433) - feat: add support for Guix System kernel - fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443) - fix: a /devnull file was mistakenly created on the filesystem - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430) ------------------------------------------------------------------- Fri Apr 1 11:42:03 UTC 2022 - Marcus Meissner <meissner@suse.com> - updated to 0.45 - arm64: phytium: Add CPU Implementer Phytium - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig - chore: ensure vars are set before being dereferenced (set -u compat) - chore: fix indentation - chore: fwdb: update to v220+i20220208 - chore: only attempt to load msr and cpuid module once - chore: read_cpuid: use named constants - chore: readme: framapic is gone, host the screenshots on GitHub - chore: replace 'Vulnerable to' by 'Affected by' in the hw section - chore: speculative execution -> transient execution - chore: update fwdb to v222+i20220208 - chore: update Intel Family 6 models - chore: wording: model not vulnerable -> model not affected - doc: add an FAQ entry about CVE support - doc: add an FAQ.md and update the README.md accordingly - doc: more FAQ and README - doc: readme: make the FAQ entry more visible - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208 - feat: add subleaf != 0 support for read_cpuid - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371) - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected - feat: hw check: add IPRED, RRSBA, BHI features check - feat: implement detection for MCEPSC under BSD - feat: set default TMPDIR for Android (#415) - fix: extract_kernel: don't overwrite kernel_err if already set - fix: has_vmm false positive with pcp - fix: is_ucode_blacklisted: fix some model names - fix: mcedb: v191 changed the MCE table format - fix: refuse to run under MacOS and ESXi - fix: retpoline: detection on 5.15.28+ (#420) - fix: variant4: added case where prctl ssbd status is tagged as 'unknown' ------------------------------------------------------------------- Fri May 7 14:56:38 UTC 2021 - Marcus Meissner <meissner@suse.com> - updated to 0.44 - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression (#370) - enh: arm: add experimental support for binary arm images - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode - fix: fwdb: remove Intel extract tempdir on exit - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) - fix: fwdb: use the commit date as the intel fwdb version - fix: fwdb: update Intel's repository URL - fix: arm64: cve-2017-5753: kernels 4.19+ use a different nospec macro - fix: on CPU parse info under FreeBSD - chore: github: add check run on pull requests - chore: fwdb: update to v165.20201021+i20200616 ------------------------------------------------------------------- Fri Jan 24 11:52:18 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org> - Fix typo (s/Require:/Requires:/). ------------------------------------------------------------------- Thu Jan 16 16:32:47 UTC 2020 - Marcus Meissner <meissner@suse.com> - added requires binutils, as the script calls "readelf" ------------------------------------------------------------------- Wed Dec 11 07:37:50 UTC 2019 - Marcus Meissner <meissner@suse.com> - version 0.43 - feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don't check kernel image if not available - fix: silence useless error from grep (fixes #322) - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316) - fix: mocking value for read_msr - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme - chore: fwdb: update to v130.20191104+i20191027 - chore: add GitHub check workflow - upstream tarball no longer includes license, use the gpl 3 standalone html for it ------------------------------------------------------------------- Wed Jun 26 06:54:42 UTC 2019 - Pavol Cupka <palica@liguros.net> - version 0.42 * add FreeBSD MDS mitigation detection * add mocking functionality to help debugging, dump data to mock the behavior of your CPU with --dump-mock-data * AMD, ARM and CAVIUM are not vulnerable to MDS * RDCL_NO bit wasn't taking precedence for L1TF check on some newer Intel CPUs * The MDS_NO bit on newer Intel CPUs is now recognized and used * remove libvirtd from hypervisor detection to avoid false positives (#278) * under BSD, the data returned when reading MSR was incorrectly formatted * update builtin MCEdb from v110 to v111 ------------------------------------------------------------------- Fri May 24 08:29:21 UTC 2019 - Marcus Meissner <meissner@suse.com> - noarch does not work on older distros, removed ------------------------------------------------------------------- Thu May 16 08:01:35 UTC 2019 - Pavol Cupka <palica@liguros.net> - version 0.41 * add support for the 4 MDS CVEs * add Spectre and Meltdown mitigation detection for Hygon CPU * for SSBD, report whether the mitigation is active * and other fixes and enhancements ------------------------------------------------------------------- Wed Mar 27 08:02:00 UTC 2019 - Jan Engelhardt <jengelh@inai.de> - Use Source URL. Remove services, just run `osc service lr download_files` for updating. ------------------------------------------------------------------- Wed Mar 27 06:50:08 UTC 2019 - Marcus Meissner <meissner@suse.com> - disable the services, just run "osc service disabledrun" for upadating. ------------------------------------------------------------------- Sun Oct 14 15:21:50 UTC 2018 - sean@suspend.net - version 0.40 * add support for L1TF CVEs (aka Foreshadow and Foreshadow-NG) * add summary of vulnerabilities at the end of script execution ------------------------------------------------------------------- Fri Jul 27 09:18:43 UTC 2018 - jengelh@inai.de - Compact and wrap description. ------------------------------------------------------------------- Wed May 30 13:28:57 UTC 2018 - meissner@suse.com - version 0.37 * lots of improvements * spectre v4 and v3a added ------------------------------------------------------------------- Mon Jan 15 07:56:12 UTC 2018 - adrian@suse.de - update to version 0.31 * meltdown: detecting Xen PV, reporting as not vulnerable * is_cpu_vulnerable: add check for old Atoms * ibrs: check for spec_ctrl_ibrs in cpuinfo ------------------------------------------------------------------- Sat Jan 13 16:05:06 UTC 2018 - adrian@suse.de - update to version 0.29 * AMD updates ------------------------------------------------------------------- Fri Jan 12 08:39:58 UTC 2018 - adrian@suse.de - initial package of version 0.27
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor