enh: CVE-2017-5715; check for unprivileged eBPF for paranoid mode

built from commit e5c6d2d905 dated 2026-04-01 20:37:54 +0000 by Stéphane Lesimple (speed47_github@speed47.net)
chore: prepare for dev-build renaming to test-build
2026-04-23 00:53:23 +02:00 · 2026-04-01 21:30:51 +00:00 · 2026-04-01 21:30:51 +00:00 · 2026-03-31 19:53:57 +02:00
2 changed files with 1 additions and 74 deletions
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -1,73 +0,0 @@
-name: CI
-
-on: [push, pull_request]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v1
-    - name: install prerequisites
-      run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool
-    - name: shellcheck
-      run: shellcheck -s sh spectre-meltdown-checker.sh
-    - name: check indentation
-      run: |
-        if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then
-          echo "Badly indented lines found:"
-          grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh
-          exit 1
-        else
-          echo "Indentation seems correct."
-        fi
-    - name: check direct execution
-      run: |
-        expected=19
-        nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
-        if [ "$nb" -ne "$expected" ]; then
-          echo "Invalid number of CVEs reported: $nb instead of $expected"
-          exit 1
-        else
-          echo "OK $nb CVEs reported"
-        fi
-    - name: check docker compose run execution
-      run: |
-        expected=19
-        docker compose build
-        nb=$(docker compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
-        if [ "$nb" -ne "$expected" ]; then
-          echo "Invalid number of CVEs reported: $nb instead of $expected"
-          exit 1
-        else
-          echo "OK $nb CVEs reported"
-        fi
-    - name: check docker run execution
-      run: |
-        expected=19
-        docker build -t spectre-meltdown-checker .
-        nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
-        if [ "$nb" -ne "$expected" ]; then
-          echo "Invalid number of CVEs reported: $nb instead of $expected"
-          exit 1
-        else
-          echo "OK $nb CVEs reported"
-        fi
-    - name: check fwdb update
-      run: |
-        nbtmp1=$(find /tmp 2>/dev/null | wc -l)
-        ./spectre-meltdown-checker.sh --update-fwdb; ret=$?
-        if [ "$ret" != 0 ]; then
-          echo "Non-zero return value: $ret"
-          exit 1
-        fi
-        nbtmp2=$(find /tmp 2>/dev/null | wc -l)
-        if [ "$nbtmp1" != "$nbtmp2" ]; then
-          echo "Left temporary files!"
-          exit 1
-        fi
-        if ! [ -e ~/.mcedb ]; then
-          echo "No .mcedb file found after updating fwdb"
-          exit 1
-        fi
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -13,7 +13,7 @@
 #
 # Stephane Lesimple
 #
-VERSION='26.21.0402467'
+VERSION='26.21.0401891'

 # --- Common paths and basedirs ---
 readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities"
Author	SHA1	Message	Date
github-actions[bot]	f9c3d19f72	enh: CVE-2017-5715; check for unprivileged eBPF for paranoid mode built from commit `e5c6d2d905` dated 2026-04-01 20:37:54 +0000 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-01 21:30:51 +00:00
github-actions[bot]	8389d9593c	chore: prepare for dev-build renaming to test-build built from commit `9497abbee2` dated 2026-03-31 19:34:52 +0200 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-01 21:30:51 +00:00
Stéphane Lesimple	3a822fdcf2	chore: master: remove obsolete workflow	2026-03-31 19:53:57 +02:00