File spectre-meltdown-checker.changes of Package spectre-meltdown-checker.13588
-------------------------------------------------------------------
Wed Dec 11 07:37:50 UTC 2019 - Marcus Meissner <meissner@suse.com>
- version 0.43
- feat: implement TAA detection (CVE-2019-11135 bsc#1139073)
- feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665)
- feat: taa: add TSX_CTRL MSR detection in hardware info
- feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database
- feat: use --live with --kernel/--config/--map to override file detection in live mode
- enh: rework the vuln logic of MDS with --paranoid (fixes #307)
- enh: explain that Enhanced IBRS is better for performance than classic IBRS
- enh: kernel: autodetect customized arch kernels from cmdline
- enh: kernel decompression: better tolerance against missing tools
- enh: mock: implement reading from /proc/cmdline
- fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a
- fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes)
- fix: lockdown: detect locked down mode in vanilla 5.4+ kernels
- fix: sgx: on locked down kernels, fallback to CPUID bit for detection
- fix: fwdb: builtin version takes precedence if the local cached version is older
- fix: pteinv: don't check kernel image if not available
- fix: silence useless error from grep (fixes #322)
- fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316)
- fix: mocking value for read_msr
- chore: rename mcedb cmdline parameters to fwdb, and change db version scheme
- chore: fwdb: update to v130.20191104+i20191027
- chore: add GitHub check workflow
- upstream tarball no longer includes license, use the gpl 3 standalone html for it
-------------------------------------------------------------------
Wed Jun 26 06:54:42 UTC 2019 - Pavol Cupka <palica@liguros.net>
- version 0.42
* add FreeBSD MDS mitigation detection
* add mocking functionality to help debugging, dump data to mock the behavior of your CPU with --dump-mock-data
* AMD, ARM and CAVIUM are not vulnerable to MDS
* RDCL_NO bit wasn't taking precedence for L1TF check on some newer Intel CPUs
* The MDS_NO bit on newer Intel CPUs is now recognized and used
* remove libvirtd from hypervisor detection to avoid false positives (#278)
* under BSD, the data returned when reading MSR was incorrectly formatted
* update builtin MCEdb from v110 to v111
-------------------------------------------------------------------
Fri May 24 08:29:21 UTC 2019 - Marcus Meissner <meissner@suse.com>
- noarch does not work on older distros, removed
-------------------------------------------------------------------
Thu May 16 08:01:35 UTC 2019 - Pavol Cupka <palica@liguros.net>
- version 0.41
* add support for the 4 MDS CVEs
* add Spectre and Meltdown mitigation detection for Hygon CPU
* for SSBD, report whether the mitigation is active
* and other fixes and enhancements
-------------------------------------------------------------------
Wed Mar 27 08:02:00 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Use Source URL. Remove services, just run `osc service lr
download_files` for updating.
-------------------------------------------------------------------
Wed Mar 27 06:50:08 UTC 2019 - Marcus Meissner <meissner@suse.com>
- disable the services, just run "osc service disabledrun" for upadating.
-------------------------------------------------------------------
Sun Oct 14 15:21:50 UTC 2018 - sean@suspend.net
- version 0.40
* add support for L1TF CVEs (aka Foreshadow and Foreshadow-NG)
* add summary of vulnerabilities at the end of script execution
-------------------------------------------------------------------
Fri Jul 27 09:18:43 UTC 2018 - jengelh@inai.de
- Compact and wrap description.
-------------------------------------------------------------------
Wed May 30 13:28:57 UTC 2018 - meissner@suse.com
- version 0.37
* lots of improvements
* spectre v4 and v3a added
-------------------------------------------------------------------
Mon Jan 15 07:56:12 UTC 2018 - adrian@suse.de
- update to version 0.31
* meltdown: detecting Xen PV, reporting as not vulnerable
* is_cpu_vulnerable: add check for old Atoms
* ibrs: check for spec_ctrl_ibrs in cpuinfo
-------------------------------------------------------------------
Sat Jan 13 16:05:06 UTC 2018 - adrian@suse.de
- update to version 0.29
* AMD updates
-------------------------------------------------------------------
Fri Jan 12 08:39:58 UTC 2018 - adrian@suse.de
- initial package of version 0.27