|
@@ -10,7 +10,7 @@ Summary: The configuration files, libraries and documentation for OpenLDAP.
|
|
|
Summary(ja): OpenLDAP の設定ファイル,ライブラリ,ドキュメント.
|
|
|
Name: openldap
|
|
|
Version: 2.4.57
|
|
|
-Release: 1%{?_dist_release}%{?with_systemd:.systemd}
|
|
|
+Release: 2%{?_dist_release}%{?with_systemd:.systemd}
|
|
|
Group: system
|
|
|
Vendor: Project Vine
|
|
|
Distribution: Vine Linux
|
|
@@ -43,9 +43,6 @@ Patch17: openldap-allop-overlay.patch
|
|
|
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585
|
|
|
Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
|
|
|
# ldapi sasl fix pending upstream inclusion
|
|
|
-Patch20: openldap-ldapi-sasl.patch
|
|
|
-Patch22: openldap-openssl-ITS7595-Add-EC-support-1.patch
|
|
|
-Patch23: openldap-openssl-ITS7595-Add-EC-support-2.patch
|
|
|
Patch24: openldap-openssl-manpage-defaultCA.patch
|
|
|
|
|
|
# check-password module specific patches
|
|
@@ -55,6 +52,7 @@ Patch91: check-password.patch
|
|
|
# Vine Patches
|
|
|
|
|
|
# security fixes
|
|
|
+Patch2000: CVE-2021-27212.patch
|
|
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
|
|
BuildRequires: autoconf, automake, libtool >= 2.2.6a
|
|
@@ -220,7 +218,8 @@ customized LDAP clients.
|
|
|
|
|
|
pushd openldap-%{version}
|
|
|
|
|
|
-AUTOMAKE=/bin/true autoreconf -fi
|
|
|
+#AUTOMAKE=/bin/true autoreconf -fiv
|
|
|
+autoreconf -fiv ||:
|
|
|
|
|
|
%patch0 -p1
|
|
|
%patch2 -p1
|
|
@@ -228,14 +227,10 @@ AUTOMAKE=/bin/true autoreconf -fi
|
|
|
%patch5 -p1
|
|
|
%patch17 -p1
|
|
|
%patch19 -p1
|
|
|
-#%patch20 -p1
|
|
|
-#%patch22 -p1
|
|
|
-#%patch23 -p1
|
|
|
%patch24 -p1
|
|
|
|
|
|
# security
|
|
|
-# %patch1000 -p1 -b .CVE-2015-1545
|
|
|
-# %patch1001 -p1 -b .CVE-2015-1546
|
|
|
+%patch2000 -p1
|
|
|
|
|
|
# build smbk5pwd with other overlays
|
|
|
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
|
@@ -260,8 +255,9 @@ pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version}
|
|
|
%patch91 -p1
|
|
|
popd
|
|
|
|
|
|
+
|
|
|
%build
|
|
|
-export CFLAGS="-fpie %{optflags} -Wl,-z,relro,-z,now,--as-needed -DLDAP_CONNECTIONLESS"
|
|
|
+export CFLAGS="-fpie %{optflags} -Wl,-z,relro,-z,now,--as-needed -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS"
|
|
|
export LDFLAGS="-pie"
|
|
|
|
|
|
pushd openldap-%{version}
|
|
@@ -313,6 +309,7 @@ make LDAP_INC="-I../openldap-%{version}/include \
|
|
|
-I../openldap-%{version}/build-servers/include"
|
|
|
popd
|
|
|
|
|
|
+
|
|
|
%install
|
|
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
|
|
mkdir -p %{buildroot}%{_libdir}/
|
|
@@ -417,9 +414,11 @@ rm -f %{buildroot}%{_libdir}/*.la # because we do not want files in %{_libdir}/
|
|
|
rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example
|
|
|
rmdir %{buildroot}%{_localstatedir}/openldap-data
|
|
|
|
|
|
+
|
|
|
%clean
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
+
|
|
|
%post
|
|
|
/sbin/ldconfig
|
|
|
|
|
@@ -691,6 +690,9 @@ exit 0
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
+* Thu Mar 04 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.4.57-2
|
|
|
+- imported Patch2000 from rawhide to fix CVE-2021-27212.
|
|
|
+
|
|
|
* Sat Jan 30 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.4.57-1
|
|
|
- new upstream release.
|
|
|
|