File spectre-meltdown-checker.changes of Package spectre-meltdown-checker

Overview Repositories Revisions Requests Users Attributes Meta

File spectre-meltdown-checker.changes of Package spectre-meltdown-checker

-------------------------------------------------------------------
Wed Aug 30 15:39:04 UTC 2023 - Marcus Meissner <meissner@suse.com>

- updated to 0.46
  This release mainly focuses on the detection of the new Zenbleed
  (CVE-2023-20593) vulnerability, among few other changes that were in
  line waiting for a release:

- feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)
  - feat: add the linux-firmware repository as another source for CPU microcode versions
  - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2
  - fix: docker: adding missing utils (#433)
  - feat: add support for Guix System kernel
  - fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443)
  - fix: a /devnull file was mistakenly created on the filesystem
  - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)

-------------------------------------------------------------------
Fri Apr  1 11:42:03 UTC 2022 - Marcus Meissner <meissner@suse.com>

- updated to 0.45
  - arm64: phytium: Add CPU Implementer Phytium
  - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
  - chore: ensure vars are set before being dereferenced (set -u compat)
  - chore: fix indentation
  - chore: fwdb: update to v220+i20220208
  - chore: only attempt to load msr and cpuid module once
  - chore: read_cpuid: use named constants
  - chore: readme: framapic is gone, host the screenshots on GitHub
  - chore: replace 'Vulnerable to' by 'Affected by' in the hw section
  - chore: speculative execution -> transient execution
  - chore: update fwdb to v222+i20220208
  - chore: update Intel Family 6 models
  - chore: wording: model not vulnerable -> model not affected
  - doc: add an FAQ entry about CVE support
  - doc: add an FAQ.md and update the README.md accordingly
  - doc: more FAQ and README
  - doc: readme: make the FAQ entry more visible
  - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied
  - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
  - feat: add subleaf != 0 support for read_cpuid
  - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)
  - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
  - feat: hw check: add IPRED, RRSBA, BHI features check
  - feat: implement detection for MCEPSC under BSD
  - feat: set default TMPDIR for Android (#415)
  - fix: extract_kernel: don't overwrite kernel_err if already set
  - fix: has_vmm false positive with pcp
  - fix: is_ucode_blacklisted: fix some model names
  - fix: mcedb: v191 changed the MCE table format
  - fix: refuse to run under MacOS and ESXi
  - fix: retpoline: detection on 5.15.28+ (#420)
  - fix: variant4: added case where prctl ssbd status is tagged as 'unknown'

-------------------------------------------------------------------
Fri May  7 14:56:38 UTC 2021 - Marcus Meissner <meissner@suse.com>

- updated to 0.44 (bsc#1189477)
  - feat: add support for SRBDS related vulnerabilities
  - feat: add zstd kernel decompression (#370)
  - enh: arm: add experimental support for binary arm images
  - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode
  - fix: fwdb: remove Intel extract tempdir on exit
  - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278)
  - fix: fwdb: use the commit date as the intel fwdb version
  - fix: fwdb: update Intel's repository URL
  - fix: arm64: cve-2017-5753: kernels 4.19+ use a different nospec macro
  - fix: on CPU parse info under FreeBSD
  - chore: github: add check run on pull requests
  - chore: fwdb: update to v165.20201021+i20200616

-------------------------------------------------------------------
Fri Jan 24 11:52:18 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

- Fix typo (s/Require:/Requires:/).

-------------------------------------------------------------------
Thu Jan 16 16:32:47 UTC 2020 - Marcus Meissner <meissner@suse.com>

- added requires binutils, as the script calls "readelf"

-------------------------------------------------------------------
Wed Dec 11 07:37:50 UTC 2019 - Marcus Meissner <meissner@suse.com>

- version 0.43
  - feat: implement TAA detection (CVE-2019-11135 bsc#1139073)
  - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665)
  - feat: taa: add TSX_CTRL MSR detection in hardware info
  - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database
  - feat: use --live with --kernel/--config/--map to override file detection in live mode
  - enh: rework the vuln logic of MDS with --paranoid (fixes #307)
  - enh: explain that Enhanced IBRS is better for performance than classic IBRS
  - enh: kernel: autodetect customized arch kernels from cmdline
  - enh: kernel decompression: better tolerance against missing tools
  - enh: mock: implement reading from /proc/cmdline
  - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a
  - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes)
  - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels
  - fix: sgx: on locked down kernels, fallback to CPUID bit for detection
  - fix: fwdb: builtin version takes precedence if the local cached version is older
  - fix: pteinv: don't check kernel image if not available
  - fix: silence useless error from grep (fixes #322)
  - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316)
  - fix: mocking value for read_msr
  - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme
  - chore: fwdb: update to v130.20191104+i20191027
  - chore: add GitHub check workflow
- upstream tarball no longer includes license, use the gpl 3 standalone html for it

-------------------------------------------------------------------
Wed Jun 26 06:54:42 UTC 2019 - Pavol Cupka <palica@liguros.net>

- version 0.42
    * add FreeBSD MDS mitigation detection
    * add mocking functionality to help debugging, dump data to mock the behavior of your CPU with --dump-mock-data
    * AMD, ARM and CAVIUM are not vulnerable to MDS
    * RDCL_NO bit wasn't taking precedence for L1TF check on some newer Intel CPUs
    * The MDS_NO bit on newer Intel CPUs is now recognized and used
    * remove libvirtd from hypervisor detection to avoid false positives (#278)
    * under BSD, the data returned when reading MSR was incorrectly formatted
    * update builtin MCEdb from v110 to v111

-------------------------------------------------------------------
Fri May 24 08:29:21 UTC 2019 - Marcus Meissner <meissner@suse.com>

- noarch does not work on older distros, removed

-------------------------------------------------------------------
Thu May 16 08:01:35 UTC 2019 - Pavol Cupka <palica@liguros.net>

- version 0.41
  * add support for the 4 MDS CVEs
  * add Spectre and Meltdown mitigation detection for Hygon CPU
  * for SSBD, report whether the mitigation is active
  * and other fixes and enhancements

-------------------------------------------------------------------
Wed Mar 27 08:02:00 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

- Use Source URL. Remove services, just run `osc service lr
  download_files` for updating.

-------------------------------------------------------------------
Wed Mar 27 06:50:08 UTC 2019 - Marcus Meissner <meissner@suse.com>

- disable the services, just run "osc service disabledrun" for upadating.

-------------------------------------------------------------------
Sun Oct 14 15:21:50 UTC 2018 - sean@suspend.net

- version 0.40
  * add support for L1TF CVEs (aka Foreshadow and Foreshadow-NG)
  * add summary of vulnerabilities at the end of script execution

-------------------------------------------------------------------
Fri Jul 27 09:18:43 UTC 2018 - jengelh@inai.de

- Compact and wrap description.

-------------------------------------------------------------------
Wed May 30 13:28:57 UTC 2018 - meissner@suse.com

- version 0.37
  * lots of improvements
  * spectre v4 and v3a added

-------------------------------------------------------------------
Mon Jan 15 07:56:12 UTC 2018 - adrian@suse.de

- update to version 0.31
  * meltdown: detecting Xen PV, reporting as not vulnerable
  * is_cpu_vulnerable: add check for old Atoms
  * ibrs: check for spec_ctrl_ibrs in cpuinfo

-------------------------------------------------------------------
Sat Jan 13 16:05:06 UTC 2018 - adrian@suse.de

- update to version 0.29
  * AMD updates

-------------------------------------------------------------------
Fri Jan 12 08:39:58 UTC 2018 - adrian@suse.de

- initial package of version 0.27

Places

File spectre-meltdown-checker.changes of Package spectre-meltdown-checker

Places