diff options
Diffstat (limited to 'net-misc/vde')
-rw-r--r-- | net-misc/vde/Manifest | 1 | ||||
-rw-r--r-- | net-misc/vde/files/vde-2.3.2-format-security.patch | 18 | ||||
-rw-r--r-- | net-misc/vde/files/vde-2.3.2-openssl-1.1.0.patch | 92 | ||||
-rw-r--r-- | net-misc/vde/files/vde.conf-r1 | 15 | ||||
-rw-r--r-- | net-misc/vde/files/vde.init-r1 | 44 | ||||
-rw-r--r-- | net-misc/vde/vde-2.3.2-r5.ebuild | 71 |
6 files changed, 241 insertions, 0 deletions
diff --git a/net-misc/vde/Manifest b/net-misc/vde/Manifest new file mode 100644 index 0000000..748442a --- /dev/null +++ b/net-misc/vde/Manifest @@ -0,0 +1 @@ +DIST vde2-2.3.2.tar.bz2 600527 SHA256 cbea9b7e03097f87a6b5e98b07890d2275848f1fe4b9fcda77b8994148bc9542 SHA512 51be75fde5a526b988060f25322a8b20289b1677db2e3aa6dbee55875c1d7af564f9d8d201a0a4a1a842471cce06f29fcd83e55a5ff7acfdc36a8349cb2f3cc6 WHIRLPOOL dde513400eb725fe683c01110628ec9d2c3e415f0907d4f62d9bf09e2ec8ad14c4ad6437e428680a680118eb4297132f938b5cf71123480bf59c8f37eb0fee53 diff --git a/net-misc/vde/files/vde-2.3.2-format-security.patch b/net-misc/vde/files/vde-2.3.2-format-security.patch new file mode 100644 index 0000000..d1cfaa5 --- /dev/null +++ b/net-misc/vde/files/vde-2.3.2-format-security.patch @@ -0,0 +1,18 @@ +--- a/src/common/cmdparse.c 2017-09-20 18:47:31.662856695 -0400 ++++ b/src/common/cmdparse.c 2017-09-20 18:48:54.008852141 -0400 +@@ -284,13 +284,13 @@ + int i; + for (i=0;i<argc;i++) { + if (i) fprintf(mf," "); +- fprintf(mf,argv[i]); ++ fprintf(mf,"%s",argv[i]); + } + } else { + int num=atoi(t); + while (*t >='0' && *t <= '9') t++; + if (num < argc) +- fprintf(mf,argv[num]); ++ fprintf(mf,"%s",argv[num]); + } + } else + fprintf(mf,"%c",*t); diff --git a/net-misc/vde/files/vde-2.3.2-openssl-1.1.0.patch b/net-misc/vde/files/vde-2.3.2-openssl-1.1.0.patch new file mode 100644 index 0000000..227312e --- /dev/null +++ b/net-misc/vde/files/vde-2.3.2-openssl-1.1.0.patch @@ -0,0 +1,92 @@ +--- a/src/vde_cryptcab/cryptcab.c 2011-11-23 16:41:17.000000000 +0000 ++++ b/src/vde_cryptcab/cryptcab.c 2017-03-20 22:54:20.452975075 +0000 +@@ -22,7 +22,7 @@ + exit(1); + } + +-static EVP_CIPHER_CTX ctx; ++static EVP_CIPHER_CTX *ctx; + static int ctx_initialized = 0; + static int encryption_disabled = 0; + static int nfd; +@@ -30,6 +30,10 @@ + static struct vde_open_args open_args={.port=0,.group=NULL,.mode=0700}; + static int verbose = 0; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#define EVP_CIPHER_CTX_reset(x) EVP_CIPHER_CTX_cleanup(x) ++#endif ++ + void vc_printlog(int priority, const char *format, ...) + { + va_list arg; +@@ -103,19 +107,21 @@ + } + + if (!ctx_initialized) { +- EVP_CIPHER_CTX_init (&ctx); ++ ctx = EVP_CIPHER_CTX_new (); ++ if (!ctx) ++ return -1; + ctx_initialized = 1; + } + +- EVP_EncryptInit (&ctx, EVP_bf_cbc (), p->key, p->iv); +- if (EVP_EncryptUpdate (&ctx, dst, &olen, src, len) != 1) ++ EVP_EncryptInit (ctx, EVP_bf_cbc (), p->key, p->iv); ++ if (EVP_EncryptUpdate (ctx, dst, &olen, src, len) != 1) + { + fprintf (stderr,"error in encrypt update\n"); + olen = -1; + goto cleanup; + } + +- if (EVP_EncryptFinal (&ctx, dst + olen, &tlen) != 1) ++ if (EVP_EncryptFinal (ctx, dst + olen, &tlen) != 1) + { + fprintf (stderr,"error in encrypt final\n"); + olen = -1; +@@ -124,7 +130,7 @@ + olen += tlen; + + cleanup: +- EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_reset(ctx); + return olen; + } + +@@ -138,19 +144,21 @@ + } + + if (!ctx_initialized) { +- EVP_CIPHER_CTX_init (&ctx); ++ ctx = EVP_CIPHER_CTX_new (); ++ if (!ctx) ++ return -1; + ctx_initialized = 1; + } + +- EVP_DecryptInit (&ctx, EVP_bf_cbc (), p->key, p->iv); +- if (EVP_DecryptUpdate (&ctx, dst, &olen, src, len) != 1) ++ EVP_DecryptInit (ctx, EVP_bf_cbc (), p->key, p->iv); ++ if (EVP_DecryptUpdate (ctx, dst, &olen, src, len) != 1) + { + fprintf (stderr,"error in decrypt update\n"); + olen = -1; + goto cleanup; + } + +- if (EVP_DecryptFinal (&ctx, dst + olen, &tlen) != 1) ++ if (EVP_DecryptFinal (ctx, dst + olen, &tlen) != 1) + { + fprintf (stderr,"error in decrypt final\n"); + olen = -1; +@@ -159,7 +167,7 @@ + olen += tlen; + + cleanup: +- EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_reset (ctx); + return olen; + } + diff --git a/net-misc/vde/files/vde.conf-r1 b/net-misc/vde/files/vde.conf-r1 new file mode 100644 index 0000000..856bde8 --- /dev/null +++ b/net-misc/vde/files/vde.conf-r1 @@ -0,0 +1,15 @@ +# load the tun module +VDE_MODPROBE_TUN="yes" + +# virtual tap networking device to be used for vde +VDE_TAP="tap0" + +# The group that will have access to the VDE control socket. +VDE_GROUP="qemu" + +# VDE socket location (default: /run/${RC_SVCNAME}.ctl) +VDE_SOCKET="" + +# Additional options passed to the vde_switch daemon. +#VDE_OPTS="" +VDE_OPTS=""
\ No newline at end of file diff --git a/net-misc/vde/files/vde.init-r1 b/net-misc/vde/files/vde.init-r1 new file mode 100644 index 0000000..0934c51 --- /dev/null +++ b/net-misc/vde/files/vde.init-r1 @@ -0,0 +1,44 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/bin/vde_switch" +pidfile="/run/${RC_SVCNAME}.pid" + +depend() { + after net.${VDE_TAP} +} + +start_pre() { + [ "${VDE_MODPROBE_TUN}" = "yes" ] || return 0 + modprobe tun +} + +# We have to use start() because the shortform uses --pidfile for s-s-d --start +# which causes s-s-d to check the pid file before it exists +start() { + VDE_SOCKET="${VDE_SOCKET:-/run/${RC_SVCNAME}.ctl}" + + ebegin "Starting ${SVC_NAME}" + + start-stop-daemon --start --exec ${command} -- \ + --pidfile=${pidfile} \ + --tap=${VDE_TAP} \ + --group=${VDE_GROUP} \ + --mode=660 \ + --dirmode=770 \ + --sock=${VDE_SOCKET} \ + --daemon \ + ${VDE_OPTS} + ewaitfile 10 "${VDE_SOCKET}" + + eend $? "Failed to start ${RC_SVCNAME}" +} + +stop_post() { + [ "${VDE_MODPROBE_TUN}" = "yes" ] && modprobe --quiet --remove tun + + # Don't fail to stop the service if the "tun" module in use + # and the above "modprobe -r" command fails. + return 0 +} diff --git a/net-misc/vde/vde-2.3.2-r5.ebuild b/net-misc/vde/vde-2.3.2-r5.ebuild new file mode 100644 index 0000000..04e0397 --- /dev/null +++ b/net-misc/vde/vde-2.3.2-r5.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) + +inherit ltprune python-single-r1 user + +MY_P="${PN}2-${PV}" + +DESCRIPTION="Virtual distributed ethernet emulator for emulators like qemu, bochs, and uml" +SRC_URI="mirror://sourceforge/vde/${MY_P}.tar.bz2" +HOMEPAGE="http://vde.sourceforge.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86" +IUSE="pcap python selinux ssl libressl static-libs" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +COMMON_DEPS="pcap? ( net-libs/libpcap ) + python? ( ${PYTHON_DEPS} ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + )" +DEPEND="${COMMON_DEPS}" +RDEPEND="${COMMON_DEPS} + selinux? ( sec-policy/selinux-vde )" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}/${P}-format-security.patch", + "${FILESDIR}/${P}-openssl-1.1.0.patch" +) + +pkg_setup() { + # default group already used in kqemu + enewgroup qemu + + python-single-r1_pkg_setup +} + +src_configure() { + econf \ + $(use_enable pcap) \ + $(use_enable python) \ + $(use_enable ssl cryptcab) \ + $(use_enable static-libs static) +} + +src_compile() { + emake -j1 +} + +src_install() { + default + prune_libtool_files + + newinitd "${FILESDIR}"/vde.init-r1 vde + newconfd "${FILESDIR}"/vde.conf-r1 vde +} + +pkg_postinst() { + einfo "To start vde automatically add it to the default runlevel:" + einfo "# rc-update add vde default" + einfo "You need to setup tap0 in /etc/conf.d/net" + einfo "To use it as an user be sure to set a group in /etc/conf.d/vde" +} |