@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=lldpd
PKG_VERSION:=1.0.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://media.luffy.cx/files/lldpd
@@ -30,7 +30,7 @@ define Package/lldpd
SUBMENU:=Routing and Redirection
TITLE:=Link Layer Discovery Protocol daemon
URL:=https://vincentbernat.github.io/lldpd/
- DEPENDS:=+libevent2 +USE_GLIBC:libbsd +LLDPD_WITH_JSON:libjson-c +LLDPD_WITH_SNMP:libnetsnmp
+ DEPENDS:=+libcap +libevent2 +USE_GLIBC:libbsd +LLDPD_WITH_JSON:libjson-c +LLDPD_WITH_SNMP:libnetsnmp
USERID:=lldp=121:lldp=129
MENU:=1
endef
deleted file mode 100644
@@ -1,17 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -246,7 +246,13 @@ PKG_CHECK_MODULES([check], [check >= 0.9
-
- # Third-party libraries
- lldp_CHECK_LIBEVENT
--lldp_CHECK_LIBCAP
-+
-+#libcap is not a core package so disable this capability
-+#lldp_CHECK_LIBCAP
-+libcap_LIBS=
-+libcap_CFLAGS=
-+AC_SUBST([libcap_LIBS])
-+AC_SUBST([libcap_CFLAGS])
-
- # Compatibility with pkg.m4 < 0.27
- m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR],
Now that libcap is in OpenWrt base, we can drop our custom patch to disable libcap support and have lldpd depend on it instead. This will allow the monitor process to drop its privileges instead of running as root, improving security. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> --- package/network/services/lldpd/Makefile | 4 ++-- .../lldpd/patches/001-disable_libcap.patch | 17 ----------------- 2 files changed, 2 insertions(+), 19 deletions(-) delete mode 100644 package/network/services/lldpd/patches/001-disable_libcap.patch