From 17c015c9099b4e57fbcb13a7388c24dfe77df684 Mon Sep 17 00:00:00 2001 From: Guillaume Le Vaillant Date: Mon, 3 Feb 2020 16:49:32 +0100 Subject: gnu: sbcl-graph: Fix build. Rename the asd files so that they have the same name as the ASDF system definitions. * gnu/packages/lisp-xyz.scm (sbcl-graph)[arguments]: Use 'graph-test.asd' instead of 'graph.test.asd' for test-asd-file. (sbcl-graph-dot)[arguments]: Use 'graph-dot.asd' instead of 'graph.dot.asd' for test-asd-file. (sbcl-graph-json)[arguments]: Use 'graph-json.asd' instead of 'graph.json.asd' for test-asd-file. * gnu/packages/patches/sbcl-graph-asdf-definitions.patch: Update accordingly. --- gnu/packages/patches/sbcl-graph-asdf-definitions.patch | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/sbcl-graph-asdf-definitions.patch b/gnu/packages/patches/sbcl-graph-asdf-definitions.patch index a528ccfcc6..ec17949675 100644 --- a/gnu/packages/patches/sbcl-graph-asdf-definitions.patch +++ b/gnu/packages/patches/sbcl-graph-asdf-definitions.patch @@ -24,11 +24,11 @@ index 193b6e3..56afc8f 100644 -(register-system-packages "femlisp-matlisp" '(:fl.matlisp)) + cl-heap) + :components ((:file "graph"))) -diff --git a/graph.dot.asd b/graph.dot.asd +diff --git a/graph-dot.asd b/graph-dot.asd new file mode 100644 index 0000000..12aec7e --- /dev/null -+++ b/graph.dot.asd ++++ b/graph-dot.asd @@ -0,0 +1,8 @@ +(defsystem :graph-dot + :depends-on (alexandria @@ -38,11 +38,11 @@ index 0000000..12aec7e + cl-ppcre + graph) + :components ((:file "dot"))) -diff --git a/graph.json.asd b/graph.json.asd +diff --git a/graph-json.asd b/graph-json.asd new file mode 100644 index 0000000..e7d091f --- /dev/null -+++ b/graph.json.asd ++++ b/graph-json.asd @@ -0,0 +1,8 @@ +(defsystem :graph-json + :depends-on (alexandria @@ -52,11 +52,11 @@ index 0000000..e7d091f + yason + graph) + :components ((:file "json"))) -diff --git a/graph.test.asd b/graph.test.asd +diff --git a/graph-test.asd b/graph-test.asd new file mode 100644 index 0000000..1e811e1 --- /dev/null -+++ b/graph.test.asd ++++ b/graph-test.asd @@ -0,0 +1,10 @@ +(defsystem :graph-test + :depends-on (alexandria -- cgit v1.2.3 From ca5e404f9a1ff81a38a32578c9c3a6c866482a9a Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 2 Feb 2020 16:35:33 -0500 Subject: gnu: QEMU: Fix CVE-2020-1711. * gnu/packages/patches/qemu-CVE-2020-1711.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/virtualization.scm (qemu)[source]: Use it. --- gnu/packages/patches/qemu-CVE-2020-1711.patch | 69 +++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 gnu/packages/patches/qemu-CVE-2020-1711.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/qemu-CVE-2020-1711.patch b/gnu/packages/patches/qemu-CVE-2020-1711.patch new file mode 100644 index 0000000000..32d04f61dd --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2020-1711.patch @@ -0,0 +1,69 @@ +Fix CVE-2020-1711: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1711 + +Patch copied from upstream source repository: + +https://git.qemu.org/?p=qemu.git;a=commitdiff;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc + +From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001 +From: Felipe Franciosi +Date: Thu, 23 Jan 2020 12:44:59 +0000 +Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) + +When querying an iSCSI server for the provisioning status of blocks (via +GET LBA STATUS), Qemu only validates that the response descriptor zero's +LBA matches the one requested. Given the SCSI spec allows servers to +respond with the status of blocks beyond the end of the LUN, Qemu may +have its heap corrupted by clearing/setting too many bits at the end of +its allocmap for the LUN. + +A malicious guest in control of the iSCSI server could carefully program +Qemu's heap (by selectively setting the bitmap) and then smash it. + +This limits the number of bits that iscsi_co_block_status() will try to +update in the allocmap so it can't overflow the bitmap. + +Fixes: CVE-2020-1711 +Cc: qemu-stable@nongnu.org +Signed-off-by: Felipe Franciosi +Signed-off-by: Peter Turschmid +Signed-off-by: Raphael Norwitz +Signed-off-by: Kevin Wolf +--- + block/iscsi.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/block/iscsi.c b/block/iscsi.c +index 2aea7e3f13..cbd57294ab 100644 +--- a/block/iscsi.c ++++ b/block/iscsi.c +@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + struct scsi_get_lba_status *lbas = NULL; + struct scsi_lba_status_descriptor *lbasd = NULL; + struct IscsiTask iTask; +- uint64_t lba; ++ uint64_t lba, max_bytes; + int ret; + + iscsi_co_init_iscsitask(iscsilun, &iTask); +@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + } + + lba = offset / iscsilun->block_size; ++ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size; + + qemu_mutex_lock(&iscsilun->mutex); + retry: +@@ -764,7 +765,7 @@ retry: + goto out_unlock; + } + +- *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size; ++ *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes); + + if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED || + lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) { +-- +2.25.0 + -- cgit v1.2.3