From ec4172a2d3b197f23f1b4e5d07e9dc33734f0bae Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 5 Jan 2018 16:05:54 +0100 Subject: [PATCH 1/4] [enh] display warning and instruction to fix meltdown/spectre vulnerabilities --- src/js/yunohost/controllers/home.js | 6 ++++++ src/locales/en.json | 1 + 2 files changed, 7 insertions(+) diff --git a/src/js/yunohost/controllers/home.js b/src/js/yunohost/controllers/home.js index 052ea51f..b8a33cf1 100644 --- a/src/js/yunohost/controllers/home.js +++ b/src/js/yunohost/controllers/home.js @@ -71,6 +71,12 @@ c.flash('fail', y18n.t('error_retrieve_feed', [securityFeed])); }); + c.api("/meltdown-spectre-check", function(data) { + if (!data.safe) { + c.flash('danger', y18n.t('meltdown_spectre')); + } + }); + c.view('home'); }); }); diff --git a/src/locales/en.json b/src/locales/en.json index 8c6fe9c3..d4919263 100644 --- a/src/locales/en.json +++ b/src/locales/en.json @@ -343,6 +343,7 @@ "install_letsencrypt_cert" : "Install a Let's Encrypt certificate", "manually_renew_letsencrypt_message" : "Certificate will be automatically renewed during the last 15 days of validity. You can manually renew it if you want to. (Not recommended).", "manually_renew_letsencrypt" : "Manually renew now", + "meltdown_spectre" : "You are vulnerable to the spectre and meltdown critical security vulnerabilities. To fix that, you need to update your system then reboot it to load the new linux kernel.", "regenerate_selfsigned_cert_message" : "If you want, you can regenerate the self-signed certificate.", "regenerate_selfsigned_cert" : "Regenerate self-signed certificate", "revert_to_selfsigned_cert_message" : "If you really want to, you can reinstall a self-signed certificate. (Not recommended)", From 58eb64bfaec64453a5ac6eed65e9ac2fa3a13141 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 5 Jan 2018 16:33:51 +0100 Subject: [PATCH 2/4] [mod] move spectre/meltdown check to diagnosis --- src/js/yunohost/controllers/home.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/js/yunohost/controllers/home.js b/src/js/yunohost/controllers/home.js index b8a33cf1..6e10b72c 100644 --- a/src/js/yunohost/controllers/home.js +++ b/src/js/yunohost/controllers/home.js @@ -71,8 +71,9 @@ c.flash('fail', y18n.t('error_retrieve_feed', [securityFeed])); }); - c.api("/meltdown-spectre-check", function(data) { - if (!data.safe) { + c.api("/diagnosis", function(data) { + console.log(data); + if (data.security["spectre-meltdown"]) { c.flash('danger', y18n.t('meltdown_spectre')); } }); From bb58c524b7777b1a79f2e841efb7b7fc645551c2 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Sat, 6 Jan 2018 02:28:19 +0100 Subject: [PATCH 3/4] better wording, those aren't 100% fixed --- src/locales/en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locales/en.json b/src/locales/en.json index d4919263..ad0f3dfa 100644 --- a/src/locales/en.json +++ b/src/locales/en.json @@ -343,7 +343,7 @@ "install_letsencrypt_cert" : "Install a Let's Encrypt certificate", "manually_renew_letsencrypt_message" : "Certificate will be automatically renewed during the last 15 days of validity. You can manually renew it if you want to. (Not recommended).", "manually_renew_letsencrypt" : "Manually renew now", - "meltdown_spectre" : "You are vulnerable to the spectre and meltdown critical security vulnerabilities. To fix that, you need to update your system then reboot it to load the new linux kernel.", + "meltdown_spectre" : "You are vulnerable to the spectre and meltdown critical security vulnerabilities. To apply the security patchs, you need to update your system then reboot it to load the new linux kernel.", "regenerate_selfsigned_cert_message" : "If you want, you can regenerate the self-signed certificate.", "regenerate_selfsigned_cert" : "Regenerate self-signed certificate", "revert_to_selfsigned_cert_message" : "If you really want to, you can reinstall a self-signed certificate. (Not recommended)", From c7cc4884c50eebf9e92ccd0c787349476625a994 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Sat, 13 Jan 2018 05:25:21 +0100 Subject: [PATCH 4/4] [mod] we (debian) only handle meltdown for now --- src/js/yunohost/controllers/home.js | 4 ++-- src/locales/en.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/js/yunohost/controllers/home.js b/src/js/yunohost/controllers/home.js index 6e10b72c..8f06867c 100644 --- a/src/js/yunohost/controllers/home.js +++ b/src/js/yunohost/controllers/home.js @@ -73,8 +73,8 @@ c.api("/diagnosis", function(data) { console.log(data); - if (data.security["spectre-meltdown"]) { - c.flash('danger', y18n.t('meltdown_spectre')); + if (data.security["CVE-2017-5754"].vulnerable) { + c.flash('danger', y18n.t('meltdown')); } }); diff --git a/src/locales/en.json b/src/locales/en.json index ad0f3dfa..77c8712b 100644 --- a/src/locales/en.json +++ b/src/locales/en.json @@ -343,7 +343,7 @@ "install_letsencrypt_cert" : "Install a Let's Encrypt certificate", "manually_renew_letsencrypt_message" : "Certificate will be automatically renewed during the last 15 days of validity. You can manually renew it if you want to. (Not recommended).", "manually_renew_letsencrypt" : "Manually renew now", - "meltdown_spectre" : "You are vulnerable to the spectre and meltdown critical security vulnerabilities. To apply the security patchs, you need to update your system then reboot it to load the new linux kernel.", + "meltdown" : "You are vulnerable to the meltdown critical security vulnerability. To fix that, you need to update your system then reboot it to load the new linux kernel.", "regenerate_selfsigned_cert_message" : "If you want, you can regenerate the self-signed certificate.", "regenerate_selfsigned_cert" : "Regenerate self-signed certificate", "revert_to_selfsigned_cert_message" : "If you really want to, you can reinstall a self-signed certificate. (Not recommended)",