lldpd: bump to v0.6.1, enable privilege separation and chrooting

SVN-Revision: 33729

package/network/services/lldpd/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lldpd
-PKG_VERSION:=0.6.0
+PKG_VERSION:=0.6.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd
-PKG_MD5SUM:=77279577e3b6d85a33dc0afe7c960b27
+PKG_MD5SUM:=d2f9ae67e0bcce0206a3a501a81d0738
 
 PKG_MAINTAINER:=Jo-Philipp Wich <[email protected]>
 
@@ -43,8 +43,9 @@ endef
 define Package/lldpd/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/lib $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/liblldpctl.so* $(1)/usr/lib/
 	$(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd
 	$(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd
 endef
@@ -53,4 +54,9 @@ define Package/lldpd/conffiles
 /etc/config/lldpd
 endef
 
+CONFIGURE_ARGS += \
+	--with-privsep-user=lldp \
+	--with-privsep-group=lldp \
+	--with-privsep-chroot=/var/run/lldp
+
 $(eval $(call BuildPackage,lldpd))

package/network/services/lldpd/files/lldpd.init

@@ -26,6 +26,12 @@ start() {
 	[ $enable_sonmp -gt 0 ] && append args '-s'
 	[ $enable_edp -gt 0 ] && append args '-e'
 
+        user_exists  lldp 121 || user_add  lldp 121 129
+        group_exists lldp 129 || group_add lldp 129
+
+	mkdir -p /var/run/lldp
+	chown lldp:lldp /var/run/lldp
+
 	service_start /usr/sbin/lldpd $args \
 		${lldp_class:+ -M $lldp_class}
 
@@ -37,4 +43,5 @@ start() {
 
 stop() {
 	service_stop /usr/sbin/lldpd
+	rm -f /var/run/lldpd.socket /var/run/lldpd.pid
 }

package/network/services/lldpd/patches/001-no-multiuser.patch

@@ -1,40 +0,0 @@
---- a/src/priv.c
-+++ b/src/priv.c
-@@ -518,12 +518,14 @@ priv_init(char *chrootdir)
- 		fatal("[priv]: unable to create socket pair for privilege separation");
- 
- 	/* Get users */
-+	/*
- 	if ((user = getpwnam(PRIVSEP_USER)) == NULL)
- 		fatal("[priv]: no " PRIVSEP_USER " user for privilege separation");
- 	uid = user->pw_uid;
- 	if ((group = getgrnam(PRIVSEP_GROUP)) == NULL)
- 		fatal("[priv]: no " PRIVSEP_GROUP " group for privilege separation");
- 	gid = group->gr_gid;
-+	*/
- 
- 	/* Spawn off monitor */
- 	if ((monitored = fork()) < 0)
-@@ -534,17 +536,17 @@ priv_init(char *chrootdir)
- 		if (RUNNING_ON_VALGRIND)
- 			LLOG_WARNX("[priv]: running on valgrind, keep privileges");
- 		else {
--			if (chroot(chrootdir) == -1)
--				fatal("[priv]: unable to chroot");
--			if (chdir("/") != 0)
-+			/*if (chroot(chrootdir) == -1)
-+				fatal("[priv]: unable to chroot");*/
-+			if (chdir("/tmp") != 0)
- 				fatal("[priv]: unable to chdir");
- 			gidset[0] = gid;
--			if (setresgid(gid, gid, gid) == -1)
-+			/*if (setresgid(gid, gid, gid) == -1)
- 				fatal("[priv]: setresgid() failed");
- 			if (setgroups(1, gidset) == -1)
- 				fatal("[priv]: setgroups() failed");
- 			if (setresuid(uid, uid, uid) == -1)
--				fatal("[priv]: setresuid() failed");
-+				fatal("[priv]: setresuid() failed");*/
- 		}
- 		remote = pair[0];
- 		close(pair[1]);

package/network/services/lldpd/patches/002-no-stack-protector.patch

@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -48,7 +48,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
+@@ -62,7 +62,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
  AX_CFLAGS_GCC_OPTION([-Wformat-security])
  AX_CFLAGS_GCC_OPTION([-Wcast-align])
  AX_CFLAGS_GCC_OPTION([-Winline])