summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>2012-10-12 11:58:19 +0000
committerjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>2012-10-12 11:58:19 +0000
commit9767d62aa07d8e715dd5f58a582fb23ac2d2df75 (patch)
tree04827fd9575c382a9c7f4a5d38dc8b5b375be716
parent885315f8b4eb5e670aedec00f1f7e853b96ab84b (diff)
lldpd: bump to v0.6.1, enable privilege separation and chrooting
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33729 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/network/services/lldpd/Makefile14
-rw-r--r--package/network/services/lldpd/files/lldpd.init7
-rw-r--r--package/network/services/lldpd/patches/001-no-multiuser.patch40
-rw-r--r--package/network/services/lldpd/patches/002-no-stack-protector.patch2
4 files changed, 18 insertions, 45 deletions
diff --git a/package/network/services/lldpd/Makefile b/package/network/services/lldpd/Makefile
index 0e62e3533..2a9954cff 100644
--- a/package/network/services/lldpd/Makefile
+++ b/package/network/services/lldpd/Makefile
@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=lldpd
-PKG_VERSION:=0.6.0
+PKG_VERSION:=0.6.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd
-PKG_MD5SUM:=77279577e3b6d85a33dc0afe7c960b27
+PKG_MD5SUM:=d2f9ae67e0bcce0206a3a501a81d0738
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
@@ -43,8 +43,9 @@ endef
define Package/lldpd/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/liblldpctl.so* $(1)/usr/lib/
$(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd
$(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd
endef
@@ -53,4 +54,9 @@ define Package/lldpd/conffiles
/etc/config/lldpd
endef
+CONFIGURE_ARGS += \
+ --with-privsep-user=lldp \
+ --with-privsep-group=lldp \
+ --with-privsep-chroot=/var/run/lldp
+
$(eval $(call BuildPackage,lldpd))
diff --git a/package/network/services/lldpd/files/lldpd.init b/package/network/services/lldpd/files/lldpd.init
index 5d3428388..0ef64e08e 100644
--- a/package/network/services/lldpd/files/lldpd.init
+++ b/package/network/services/lldpd/files/lldpd.init
@@ -26,6 +26,12 @@ start() {
[ $enable_sonmp -gt 0 ] && append args '-s'
[ $enable_edp -gt 0 ] && append args '-e'
+ user_exists lldp 121 || user_add lldp 121 129
+ group_exists lldp 129 || group_add lldp 129
+
+ mkdir -p /var/run/lldp
+ chown lldp:lldp /var/run/lldp
+
service_start /usr/sbin/lldpd $args \
${lldp_class:+ -M $lldp_class}
@@ -37,4 +43,5 @@ start() {
stop() {
service_stop /usr/sbin/lldpd
+ rm -f /var/run/lldpd.socket /var/run/lldpd.pid
}
diff --git a/package/network/services/lldpd/patches/001-no-multiuser.patch b/package/network/services/lldpd/patches/001-no-multiuser.patch
deleted file mode 100644
index 5f216c428..000000000
--- a/package/network/services/lldpd/patches/001-no-multiuser.patch
+++ /dev/null
@@ -1,40 +0,0 @@
---- a/src/priv.c
-+++ b/src/priv.c
-@@ -518,12 +518,14 @@ priv_init(char *chrootdir)
- fatal("[priv]: unable to create socket pair for privilege separation");
-
- /* Get users */
-+ /*
- if ((user = getpwnam(PRIVSEP_USER)) == NULL)
- fatal("[priv]: no " PRIVSEP_USER " user for privilege separation");
- uid = user->pw_uid;
- if ((group = getgrnam(PRIVSEP_GROUP)) == NULL)
- fatal("[priv]: no " PRIVSEP_GROUP " group for privilege separation");
- gid = group->gr_gid;
-+ */
-
- /* Spawn off monitor */
- if ((monitored = fork()) < 0)
-@@ -534,17 +536,17 @@ priv_init(char *chrootdir)
- if (RUNNING_ON_VALGRIND)
- LLOG_WARNX("[priv]: running on valgrind, keep privileges");
- else {
-- if (chroot(chrootdir) == -1)
-- fatal("[priv]: unable to chroot");
-- if (chdir("/") != 0)
-+ /*if (chroot(chrootdir) == -1)
-+ fatal("[priv]: unable to chroot");*/
-+ if (chdir("/tmp") != 0)
- fatal("[priv]: unable to chdir");
- gidset[0] = gid;
-- if (setresgid(gid, gid, gid) == -1)
-+ /*if (setresgid(gid, gid, gid) == -1)
- fatal("[priv]: setresgid() failed");
- if (setgroups(1, gidset) == -1)
- fatal("[priv]: setgroups() failed");
- if (setresuid(uid, uid, uid) == -1)
-- fatal("[priv]: setresuid() failed");
-+ fatal("[priv]: setresuid() failed");*/
- }
- remote = pair[0];
- close(pair[1]);
diff --git a/package/network/services/lldpd/patches/002-no-stack-protector.patch b/package/network/services/lldpd/patches/002-no-stack-protector.patch
index 0a0c6fbb6..dc861bac6 100644
--- a/package/network/services/lldpd/patches/002-no-stack-protector.patch
+++ b/package/network/services/lldpd/patches/002-no-stack-protector.patch
@@ -1,6 +1,6 @@
--- a/configure.ac
+++ b/configure.ac
-@@ -48,7 +48,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
+@@ -62,7 +62,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
AX_CFLAGS_GCC_OPTION([-Wformat-security])
AX_CFLAGS_GCC_OPTION([-Wcast-align])
AX_CFLAGS_GCC_OPTION([-Winline])