I've just masked net-misc/vde because it has an open security bug, and no one to fix it: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2ac0708d552db304ffeb6c217694420a4a8bb13 Can you please drop your "vde" USE flag and dependency on vde? Eventually it will be necessary to remove the package. Thanks!
I'm a Gentoo user and I use qemu with net-misc/vde. What should I do to ensure they are still available?
(In reply to Denis Lisov from comment #1) > I'm a Gentoo user and I use qemu with net-misc/vde. What should I do to > ensure they are still available? There's an open security bug that needs addressed, but unfortunately the bug is private because the issue is not fixed yet. The short version is: anyone in the qemu group can gain root on your machine via the vde init script. I've actually already posted a fixed init script, but there's no one to review/test it. The net-misc package has a proxy-maintainer, but so far I haven't been able to get in touch with him. Maybe he can review the changes and get that bug fixed; otherwise, we would need a new maintainer. Is VDE still necessary for anything? I don't personally use it myself, but jmbsvicetto (also listed in metadata.xml) suggested that it might be obsolete these days, which is why I went ahead and masked it.
Created attachment 489672 [details] vde.init-r1
Created attachment 489674 [details] vde.confd-r1 This isn't really an appropriate place for them, but whatever. Here are my proposed init script and conf.d files.
(In reply to Michael Orlitzky from comment #2) > (In reply to Denis Lisov from comment #1) > > I'm a Gentoo user and I use qemu with net-misc/vde. What should I do to > > ensure they are still available? > > Is VDE still necessary for anything? I don't personally use it myself, but > jmbsvicetto (also listed in metadata.xml) suggested that it might be > obsolete these days, which is why I went ahead and masked it. Michael....I'm not sure if it's strictly "needed", however, I also have a home based qemu/kvm setup based around it. It would be nice to keep the functionality around especially if all we're talking is an init script issue which apparently has a known fix. I ran into this issue updating my machines tonight. Didn't catch it on the first one. Thankful that I didn't blindly restart the VM. Fortunately, I caught it before running it through on my major machine.
I would like to keep the vde use flag in place for a little while, if you don't mind. It seems there are a couple of users.
NP-Hardass got the fixed init script working, so we can forget about this.