diff options
author | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2012-10-12 11:58:19 +0000 |
---|---|---|
committer | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2012-10-12 11:58:19 +0000 |
commit | 9767d62aa07d8e715dd5f58a582fb23ac2d2df75 (patch) | |
tree | 04827fd9575c382a9c7f4a5d38dc8b5b375be716 | |
parent | 885315f8b4eb5e670aedec00f1f7e853b96ab84b (diff) |
lldpd: bump to v0.6.1, enable privilege separation and chrooting
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33729 3c298f89-4303-0410-b956-a3cf2f4a3e73
4 files changed, 18 insertions, 45 deletions
diff --git a/package/network/services/lldpd/Makefile b/package/network/services/lldpd/Makefile index 0e62e3533..2a9954cff 100644 --- a/package/network/services/lldpd/Makefile +++ b/package/network/services/lldpd/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lldpd -PKG_VERSION:=0.6.0 +PKG_VERSION:=0.6.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd -PKG_MD5SUM:=77279577e3b6d85a33dc0afe7c960b27 +PKG_MD5SUM:=d2f9ae67e0bcce0206a3a501a81d0738 PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> @@ -43,8 +43,9 @@ endef define Package/lldpd/install $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/liblldpctl.so* $(1)/usr/lib/ $(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd $(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd endef @@ -53,4 +54,9 @@ define Package/lldpd/conffiles /etc/config/lldpd endef +CONFIGURE_ARGS += \ + --with-privsep-user=lldp \ + --with-privsep-group=lldp \ + --with-privsep-chroot=/var/run/lldp + $(eval $(call BuildPackage,lldpd)) diff --git a/package/network/services/lldpd/files/lldpd.init b/package/network/services/lldpd/files/lldpd.init index 5d3428388..0ef64e08e 100644 --- a/package/network/services/lldpd/files/lldpd.init +++ b/package/network/services/lldpd/files/lldpd.init @@ -26,6 +26,12 @@ start() { [ $enable_sonmp -gt 0 ] && append args '-s' [ $enable_edp -gt 0 ] && append args '-e' + user_exists lldp 121 || user_add lldp 121 129 + group_exists lldp 129 || group_add lldp 129 + + mkdir -p /var/run/lldp + chown lldp:lldp /var/run/lldp + service_start /usr/sbin/lldpd $args \ ${lldp_class:+ -M $lldp_class} @@ -37,4 +43,5 @@ start() { stop() { service_stop /usr/sbin/lldpd + rm -f /var/run/lldpd.socket /var/run/lldpd.pid } diff --git a/package/network/services/lldpd/patches/001-no-multiuser.patch b/package/network/services/lldpd/patches/001-no-multiuser.patch deleted file mode 100644 index 5f216c428..000000000 --- a/package/network/services/lldpd/patches/001-no-multiuser.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- a/src/priv.c -+++ b/src/priv.c -@@ -518,12 +518,14 @@ priv_init(char *chrootdir) - fatal("[priv]: unable to create socket pair for privilege separation"); - - /* Get users */ -+ /* - if ((user = getpwnam(PRIVSEP_USER)) == NULL) - fatal("[priv]: no " PRIVSEP_USER " user for privilege separation"); - uid = user->pw_uid; - if ((group = getgrnam(PRIVSEP_GROUP)) == NULL) - fatal("[priv]: no " PRIVSEP_GROUP " group for privilege separation"); - gid = group->gr_gid; -+ */ - - /* Spawn off monitor */ - if ((monitored = fork()) < 0) -@@ -534,17 +536,17 @@ priv_init(char *chrootdir) - if (RUNNING_ON_VALGRIND) - LLOG_WARNX("[priv]: running on valgrind, keep privileges"); - else { -- if (chroot(chrootdir) == -1) -- fatal("[priv]: unable to chroot"); -- if (chdir("/") != 0) -+ /*if (chroot(chrootdir) == -1) -+ fatal("[priv]: unable to chroot");*/ -+ if (chdir("/tmp") != 0) - fatal("[priv]: unable to chdir"); - gidset[0] = gid; -- if (setresgid(gid, gid, gid) == -1) -+ /*if (setresgid(gid, gid, gid) == -1) - fatal("[priv]: setresgid() failed"); - if (setgroups(1, gidset) == -1) - fatal("[priv]: setgroups() failed"); - if (setresuid(uid, uid, uid) == -1) -- fatal("[priv]: setresuid() failed"); -+ fatal("[priv]: setresuid() failed");*/ - } - remote = pair[0]; - close(pair[1]); diff --git a/package/network/services/lldpd/patches/002-no-stack-protector.patch b/package/network/services/lldpd/patches/002-no-stack-protector.patch index 0a0c6fbb6..dc861bac6 100644 --- a/package/network/services/lldpd/patches/002-no-stack-protector.patch +++ b/package/network/services/lldpd/patches/002-no-stack-protector.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -48,7 +48,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat]) +@@ -62,7 +62,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat]) AX_CFLAGS_GCC_OPTION([-Wformat-security]) AX_CFLAGS_GCC_OPTION([-Wcast-align]) AX_CFLAGS_GCC_OPTION([-Winline]) |