;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Federico Beffa ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2017, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2019 Brett Gilio ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu packages chez) #:use-module (gnu packages) #:use-module ((guix licenses) #:select (gpl2+ gpl3+ lgpl2.0+ lgpl2.1+ asl2.0 bsd-3 expat public-domain)) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (gnu packages compression) #:use-module (gnu packages ncurses) #:use-module (gnu packages ghostscript) #:use-module (gnu packages linux) #:use-module (gnu packages netpbm) #:use-module (gnu packages tex) #:use-module (gnu packages compression) #:use-module (gnu packages image) #:use-module (gnu packages xorg) #:use-module (ice-9 match) #:use-module (srfi srfi-1)) (define nanopass (let ((version "1.9")) (origin (method git-fetch) (uri (git-reference (url "https://github.com/nanopass/nanopass-framework-scheme.git") (commit (str{ "CVE_data_type" : "CVE", "CVE_data_format" : "MITRE", "CVE_data_version" : "4.0", "CVE_data_numberOfCVEs" : "9826", "CVE_data_timestamp" : "2019-10-17T07:00Z", "CVE_Items" : [ { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2019-0001", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/106541", "name" : "106541", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://kb.juniper.net/JSA10900", "name" : "https://kb.juniper.net/JSA10900", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" } ] }, { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*" } ] }, { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*" } ] }, { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:*:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s3:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s4:*:*:*:*:*:*" } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-15T21:29Z", "lastModifiedDate" : "2019-10-09T23:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2019-0005", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/106665", "name" : "106665", "refsource" : "BID", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://kb.juniper.net/JSA10905", "name" : "https://kb.juniper.net/JSA10905", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d40:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d42:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d43:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d44:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d45:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d46:*:*:*:*:*:*" } ] }, { "operator" : "OR", "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" } ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*" } ] }, { "operator" : "OR", "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" } ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*" } ] }, { "operator" : "OR", "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" } ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d230:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d234:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d590:*:*:*:*:*:*" } ] }, { "operator" : "OR", "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" } ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*" } ] }, { "operator" : "OR", "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" } ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*" }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" } ] }, {