edebe4d bump to v0.37
83ea78f fix: arm: also detect variant 1 mitigation when using native objdump
602b68d fix(spectrev2): explain that retpoline is possible for Skylake+ if there is RSB filling, even if IBRS is still better
97bccaa feat: rephrase IBPB warning when only retpoline is enabled in non-paranoid mode
68e619b feat: show RSB filling capability for non-Skylake in verbose mode
a6f4475 feat: make IBRS_FW blue instead of green
223f502 feat: add --paranoid to choose whether we require IBPB
c0108b9 fix(spectre2): don't explain how to fix when NOT VULNERABLE
a301613 feat: make RSB filling support mandatory for Skylake+ CPUs
59d85b3 feat: detect RSB filling capability in the kernel
baaefb0 fix: remove shellcheck warnings
d452aca fix: invalid bash syntax when ibpb_enabled or ibrs_enabled are empty
10b8d94 feat: detect latest Red Hat kernels' RO ibpb_enabled knob
8606e60 refactor: no longer display the retoline-aware compiler test when we can't tell for sure
6a48251 fix: regression in 51aeae25, when retpoline & ibpb are enabled
f4bf5e9 fix: typos
60eac1a feat: also do PTI performance check with (inv)pcid for BSD
b3cc06a fix regression introduced by 82c25dc
5553576 feat(amd/zen): re-introduce IBRS for AMD except ZEN family
e16ad80 feat(ibpb=2): add detection of SMT before concluding the system is not vulnerable
29c294e feat(bsd): explain how to mitigate variant2
5971401 refactor: IBRS_ALL & RDCL_NO are Intel-only
51e8261 refactor: separate hw checks for Intel & AMD
2a4bfad refactor: add is_amd and is_intel funcs
7e52cea feat(spectre2): refined how status of this vuln is decided and more precise explanations on how to fix
417d7aa Fix trailing whitespace and mixed indent styles;
67bf761 Fix some user facing typos with codespell -w -q3 .
0eabd26 refactor: decrease default verbosity for some tests
b77fb0f fix: don't override ibrs/ibpb results with later tests
89c2e0f fix(amd): show cpuinfo and ucode details
b88f32e feat: print raw cpuid, and fetch ucode version under BSD
7a4ebe8 refactor: rewrite read_cpuid to get more common code parts between BSD and Linux
0919f5c feat: add explanations of what to do when a vulnerability is not mitigated
de02dad feat: rework Spectre V2 mitigations detection w/ latest vanilla & Red Hat 7 kernels
07484d0 add dump of variables at end of script in debug mode
a8b557b fix(cpu): skip CPU checks if asked to (--no-hw) or if inspecting a kernel of another architecture
619b274 fix(sysfs): only check for sysfs for spectre2 when in live mode
94857c9 update readme
056ed00 feat(arm): detect spectre variant 1 mitigation
aef99d2 fix(pti): when PTI activation is unknown, don't say we're vulnerable
e2d7ed2 feat(arm): support for variant2 and meltdown mitigation detection
eeaeff8 set version to v0.36+ for master branch between releases
f5269a3 feat(bsd): add retpoline detection for BSD
f3883a3 fix(xen): adjust message for DomUs w/ sysfs
b6fd69a release: v0.36
7adb766 enh: change colors and use red only to report vulnerability
c7892e3 update README.md
aa74315 feat: speed up kernel version detection
0b8a09e fix: mis adjustments for BSD compat
b42d8f2 fix(write_msr): use /dev/zero instead of manually echoing zeroes
f191ec7 feat: add --hw-only to only show CPU microcode/cpuid/msr details
28da7a0 misc: message clarifications
ece25b9 feat: implement support for NetBSD/FreeBSD/DragonFlyBSD
889172d feat: add special extract_vmlinux mode for old RHEL kernels
37ce032 fix: bypass MSR/CPUID checks for non-x86 CPUs
701cf88 feat: more robust validation of extracted kernel image
6a94c3f feat(extract_vmlinux): look for ELF magic in decompressed blob and cut at found offset
2d99381 feat: add --prefix-arch for cross-arch kernel inspection
4961f83 fix(ucode): fix blacklist detection for some ucode versions
ecdc448 Check MSR in each CPU/Thread (#136)
12ea49f fix(kvm): properly detect PVHVM mode (fixes#163)
053f161 fix(doc): use https:// URLs in the script comment header
bda18d0 fix: pine64: re-add vmlinuz location and some error checks
2551295 doc: use https URLs
d5832dc feat: add ELF magic detection on kernel image blob for some arm64 systems
d2f4674 feat: enhance kernel image version detection for some old kernels
2f6a655 Produce output for consumption by prometheus-node-exporter
30842dd release: bump to v0.35
b4ac5fc feat(variant2): better explanation when kernel supports IBRS but CPU does not
fef380d feat(readme): add quick run section
55a6fd3 feat(variant1): better detection for Red Hat/Ubuntu patch
35c8a63 Remove the color in the title
5f914e5 fix(xen): declare Xen's PTI patch as a valid mitigation for variant3
66dce2c fix(ucode): update blacklisted ucodes list from latest Intel info
155cac2 Teach checker how to find kernels installed by systemd kernel-install
22cae60 fix(retpoline): remove the "retpoline enabled" test
eb75e51 fix(ucode): update list of blacklisted ucodes from 2018-02-08 Intel document
253e180 Update spectre-meltdown-checker.sh
5d6102a enh: show kernel version in offline mode
a2dfca6 feat: detect disrepancy between found kernel image and running kernel
36bd80d enh: speedup by not decompressing kernel on --sysfs-only
1834dd6 feat: add skylake era cpu detection routine
3d765bc enh: lazy loading of cpu informations
07afd95 feat: better cleanup routine on exit & interrupt
b7a1012 fix: ARM CPU display name & detection
6346a0d fix: --no-color workaround for android's sed
8106f91 release: bump to v0.34
b1fdf88 enh: display ucode info even when not blacklisted
4d29607 cleanup: shellcheck pass
0267659 cleanup: remove superseded atom detection code
247b176 feat: detect known speculative-execution free CPUs
bcae882 refacto: create a dedicated func to read cpuid bits
71e7109 refacto: move cpu discovery bits to a dedicated function
aa18b51 fix(variant1): smarter lfence check
b738ac4 fix: regression introduced by previous commit
799ce3e update blacklisted ucode list from kernel source
f1e18c1 doc(disclaimer): Spectre affects all software
e05ec5c feat(variant1): detect vanilla mitigation
6e544d6 fix(cpu): Pentium Exxxx are vulnerable to Meltdown
90a6596 adjust: show how to enable IBRS/IBPB in -v only
9b53635 refacto: fix shellcheck warnings for better compat
7404929 Fix printing of microcode to use cpuinfo values
bf46fd5 update: new screenshots for README.md
0798bd4 fix: report arch_capabilities as NO when no MSR
42094c4 release: v0.33
03d2dfe feat: add blacklisted Intel ucode detection
9f00ffa fix: fallback to UNKNOWN when we get -EACCES
7f0d80b xen: detect if the host is a Xen Dom0 or PV DomU (fixes#83)
d1c1f0f fix(batch): fix regression introduced by acf12a6
acf12a6 feat(cpu) add STIBP, RDCL_NO, IBRS_ALL checks
b45e40b feat(stibp): add STIBP cpuid feature check
3c1d452 fix(cpuid): fix off-by-one SPEC_CTRL bit check
53b9eda fix: don't make IBPB mandatory when it's not there
3b0ec99 fix(cosmetic): tiny msg fixes
d55bafd fix(cpu): trust is_cpu_vulnerable even w/ debugfs
147462c fix(variant3): do our checks even if sysfs is here
ddc7197 fix(retpoline): retpoline-compiler detection
e7aa3b9 feat(retpoline): check if retpoline is enabled
ff5c92f feat(sysfs): print details even with sysfs
443d9a2 feat(ibpb): now also check for IBPB on variant 2
3e454f1 fix(offline): report unknown when too few info
c8a25c5 feat: detect invalid kconfig files
4038134 fix(dmesg): detect when dmesg is truncated
0aa5857 fix(cpu): Pentium Exxxx series are not vulnerable
b3b7f63 fix(display): use text-mode compatible colors
263ef65 bump to v0.32
a1bd233 revert to a simpler check_vmlinux()
de6590c cache is_cpu_vulnerable result for performance
56d4f82 is_cpu_vulnerable: implement check for multi-arm systems
7fa2d63 check_vmlinux: when readelf doesn't work, try harder with another way
3be5e90 be smarter to find a usable echo command
995620a add pine64 vmlinuz location
193e0d8 arm: cosmetic fix for name and handle aarch64
72ef94a ARM: display a friendly name instead of empty string
ccc0453 search in /lib/modules/$(uname -r) for vmlinuz, config, System.map
14ca49a Atom N270: implement another variation
db357b8 CoreOS: remove ephemeral install of a non-used package
42a57dd add kern.log as another backend of dmesg output
5ab95f3 fix(atom): don't use a pcre regex, only an extended one
5b6e399 fix(atom): properly detect Nxxx Atom series
556951d Add Support for Slackware.
7a88aec Implement CoreOS compatibility mode (#84)
bd18323 bump to v0.31 to reflect changes
b89d67d meltdown: detecting Xen PV, reporting as not vulnerable
704e540 is_cpu_vulnerable: add check for old Atoms
d960931 verbose: add PCID check for performance impact of PTI
dcc4488 Merge pull request #80 from speed47/cpuid_spec_ctrl
32e3fe6 bump to v0.30 to reflect changes
f488947 Merge pull request #79 from andir/add-nixos
71213c1 ibrs: check for spec_ctrl_ibrs in cpuinfo
2964c4a add support for NixOS kernel
749f432 also check for spec_ctrl flag in cpuinfo
a422b53 also check for cpuinfo flag
c483a2c check spec_ctrl support using cpuid
dead005 fix: proper detail msg in vuln status
8ed7d46 Merge pull request #77 from speed47/exitcode
e5e4851 proper return codes regardless of the batch mode
git-subtree-dir: src/yunohost/vendor/spectre-meltdown-checker
git-subtree-split: edebe4dcd47cb8457d778406ed9de7670d6d8eb5
