summaryrefslogtreecommitdiff
path: root/net-misc/vde/files
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/vde/files')
-rw-r--r--net-misc/vde/files/vde-2.3.2-format-security.patch18
-rw-r--r--net-misc/vde/files/vde-2.3.2-openssl-1.1.0.patch92
-rw-r--r--net-misc/vde/files/vde.conf-r115
-rw-r--r--net-misc/vde/files/vde.init-r144
4 files changed, 169 insertions, 0 deletions
diff --git a/net-misc/vde/files/vde-2.3.2-format-security.patch b/net-misc/vde/files/vde-2.3.2-format-security.patch
new file mode 100644
index 0000000..d1cfaa5
--- /dev/null
+++ b/net-misc/vde/files/vde-2.3.2-format-security.patch
@@ -0,0 +1,18 @@
+--- a/src/common/cmdparse.c 2017-09-20 18:47:31.662856695 -0400
++++ b/src/common/cmdparse.c 2017-09-20 18:48:54.008852141 -0400
+@@ -284,13 +284,13 @@
+ int i;
+ for (i=0;i<argc;i++) {
+ if (i) fprintf(mf," ");
+- fprintf(mf,argv[i]);
++ fprintf(mf,"%s",argv[i]);
+ }
+ } else {
+ int num=atoi(t);
+ while (*t >='0' && *t <= '9') t++;
+ if (num < argc)
+- fprintf(mf,argv[num]);
++ fprintf(mf,"%s",argv[num]);
+ }
+ } else
+ fprintf(mf,"%c",*t);
diff --git a/net-misc/vde/files/vde-2.3.2-openssl-1.1.0.patch b/net-misc/vde/files/vde-2.3.2-openssl-1.1.0.patch
new file mode 100644
index 0000000..227312e
--- /dev/null
+++ b/net-misc/vde/files/vde-2.3.2-openssl-1.1.0.patch
@@ -0,0 +1,92 @@
+--- a/src/vde_cryptcab/cryptcab.c 2011-11-23 16:41:17.000000000 +0000
++++ b/src/vde_cryptcab/cryptcab.c 2017-03-20 22:54:20.452975075 +0000
+@@ -22,7 +22,7 @@
+ exit(1);
+ }
+
+-static EVP_CIPHER_CTX ctx;
++static EVP_CIPHER_CTX *ctx;
+ static int ctx_initialized = 0;
+ static int encryption_disabled = 0;
+ static int nfd;
+@@ -30,6 +30,10 @@
+ static struct vde_open_args open_args={.port=0,.group=NULL,.mode=0700};
+ static int verbose = 0;
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++#define EVP_CIPHER_CTX_reset(x) EVP_CIPHER_CTX_cleanup(x)
++#endif
++
+ void vc_printlog(int priority, const char *format, ...)
+ {
+ va_list arg;
+@@ -103,19 +107,21 @@
+ }
+
+ if (!ctx_initialized) {
+- EVP_CIPHER_CTX_init (&ctx);
++ ctx = EVP_CIPHER_CTX_new ();
++ if (!ctx)
++ return -1;
+ ctx_initialized = 1;
+ }
+
+- EVP_EncryptInit (&ctx, EVP_bf_cbc (), p->key, p->iv);
+- if (EVP_EncryptUpdate (&ctx, dst, &olen, src, len) != 1)
++ EVP_EncryptInit (ctx, EVP_bf_cbc (), p->key, p->iv);
++ if (EVP_EncryptUpdate (ctx, dst, &olen, src, len) != 1)
+ {
+ fprintf (stderr,"error in encrypt update\n");
+ olen = -1;
+ goto cleanup;
+ }
+
+- if (EVP_EncryptFinal (&ctx, dst + olen, &tlen) != 1)
++ if (EVP_EncryptFinal (ctx, dst + olen, &tlen) != 1)
+ {
+ fprintf (stderr,"error in encrypt final\n");
+ olen = -1;
+@@ -124,7 +130,7 @@
+ olen += tlen;
+
+ cleanup:
+- EVP_CIPHER_CTX_cleanup(&ctx);
++ EVP_CIPHER_CTX_reset(ctx);
+ return olen;
+ }
+
+@@ -138,19 +144,21 @@
+ }
+
+ if (!ctx_initialized) {
+- EVP_CIPHER_CTX_init (&ctx);
++ ctx = EVP_CIPHER_CTX_new ();
++ if (!ctx)
++ return -1;
+ ctx_initialized = 1;
+ }
+
+- EVP_DecryptInit (&ctx, EVP_bf_cbc (), p->key, p->iv);
+- if (EVP_DecryptUpdate (&ctx, dst, &olen, src, len) != 1)
++ EVP_DecryptInit (ctx, EVP_bf_cbc (), p->key, p->iv);
++ if (EVP_DecryptUpdate (ctx, dst, &olen, src, len) != 1)
+ {
+ fprintf (stderr,"error in decrypt update\n");
+ olen = -1;
+ goto cleanup;
+ }
+
+- if (EVP_DecryptFinal (&ctx, dst + olen, &tlen) != 1)
++ if (EVP_DecryptFinal (ctx, dst + olen, &tlen) != 1)
+ {
+ fprintf (stderr,"error in decrypt final\n");
+ olen = -1;
+@@ -159,7 +167,7 @@
+ olen += tlen;
+
+ cleanup:
+- EVP_CIPHER_CTX_cleanup(&ctx);
++ EVP_CIPHER_CTX_reset (ctx);
+ return olen;
+ }
+
diff --git a/net-misc/vde/files/vde.conf-r1 b/net-misc/vde/files/vde.conf-r1
new file mode 100644
index 0000000..856bde8
--- /dev/null
+++ b/net-misc/vde/files/vde.conf-r1
@@ -0,0 +1,15 @@
+# load the tun module
+VDE_MODPROBE_TUN="yes"
+
+# virtual tap networking device to be used for vde
+VDE_TAP="tap0"
+
+# The group that will have access to the VDE control socket.
+VDE_GROUP="qemu"
+
+# VDE socket location (default: /run/${RC_SVCNAME}.ctl)
+VDE_SOCKET=""
+
+# Additional options passed to the vde_switch daemon.
+#VDE_OPTS=""
+VDE_OPTS="" \ No newline at end of file
diff --git a/net-misc/vde/files/vde.init-r1 b/net-misc/vde/files/vde.init-r1
new file mode 100644
index 0000000..0934c51
--- /dev/null
+++ b/net-misc/vde/files/vde.init-r1
@@ -0,0 +1,44 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/bin/vde_switch"
+pidfile="/run/${RC_SVCNAME}.pid"
+
+depend() {
+ after net.${VDE_TAP}
+}
+
+start_pre() {
+ [ "${VDE_MODPROBE_TUN}" = "yes" ] || return 0
+ modprobe tun
+}
+
+# We have to use start() because the shortform uses --pidfile for s-s-d --start
+# which causes s-s-d to check the pid file before it exists
+start() {
+ VDE_SOCKET="${VDE_SOCKET:-/run/${RC_SVCNAME}.ctl}"
+
+ ebegin "Starting ${SVC_NAME}"
+
+ start-stop-daemon --start --exec ${command} -- \
+ --pidfile=${pidfile} \
+ --tap=${VDE_TAP} \
+ --group=${VDE_GROUP} \
+ --mode=660 \
+ --dirmode=770 \
+ --sock=${VDE_SOCKET} \
+ --daemon \
+ ${VDE_OPTS}
+ ewaitfile 10 "${VDE_SOCKET}"
+
+ eend $? "Failed to start ${RC_SVCNAME}"
+}
+
+stop_post() {
+ [ "${VDE_MODPROBE_TUN}" = "yes" ] && modprobe --quiet --remove tun
+
+ # Don't fail to stop the service if the "tun" module in use
+ # and the above "modprobe -r" command fails.
+ return 0
+}