openldap-2.4.57-2

o/openldap/openldap-vl.spec

@@ -10,7 +10,7 @@ Summary: The configuration files, libraries and documentation for OpenLDAP.
 Summary(ja): OpenLDAP の設定ファイル，ライブラリ，ドキュメント.
 Name: openldap
 Version: 2.4.57
-Release: 1%{?_dist_release}%{?with_systemd:.systemd}
+Release: 2%{?_dist_release}%{?with_systemd:.systemd}
 Group: system
 Vendor: Project Vine
 Distribution: Vine Linux
@@ -43,9 +43,6 @@ Patch17: openldap-allop-overlay.patch
 # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585
 Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
 # ldapi sasl fix pending upstream inclusion
-Patch20: openldap-ldapi-sasl.patch
-Patch22: openldap-openssl-ITS7595-Add-EC-support-1.patch
-Patch23: openldap-openssl-ITS7595-Add-EC-support-2.patch
 Patch24: openldap-openssl-manpage-defaultCA.patch
 
 # check-password module specific patches
@@ -55,6 +52,7 @@ Patch91: check-password.patch
 # Vine Patches
 
 # security fixes
+Patch2000: CVE-2021-27212.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: autoconf, automake, libtool >= 2.2.6a
@@ -220,7 +218,8 @@ customized LDAP clients.
 
 pushd openldap-%{version}
 
-AUTOMAKE=/bin/true autoreconf -fi
+#AUTOMAKE=/bin/true autoreconf -fiv
+autoreconf -fiv ||:
 
 %patch0 -p1
 %patch2 -p1
@@ -228,14 +227,10 @@ AUTOMAKE=/bin/true autoreconf -fi
 %patch5 -p1
 %patch17 -p1
 %patch19 -p1
-#%patch20 -p1
-#%patch22 -p1
-#%patch23 -p1
 %patch24 -p1
 
 # security
-# %patch1000 -p1 -b .CVE-2015-1545
-# %patch1001 -p1 -b .CVE-2015-1546
+%patch2000 -p1
 
 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@@ -260,8 +255,9 @@ pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version}
 %patch91 -p1
 popd
 
+
 %build
-export CFLAGS="-fpie %{optflags} -Wl,-z,relro,-z,now,--as-needed -DLDAP_CONNECTIONLESS"
+export CFLAGS="-fpie %{optflags} -Wl,-z,relro,-z,now,--as-needed -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS"
 export LDFLAGS="-pie"
 
 pushd openldap-%{version}
@@ -313,6 +309,7 @@ make LDAP_INC="-I../openldap-%{version}/include \
  -I../openldap-%{version}/build-servers/include"
 popd
 
+
 %install
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 mkdir -p %{buildroot}%{_libdir}/
@@ -417,9 +414,11 @@ rm -f %{buildroot}%{_libdir}/*.la  # because we do not want files in %{_libdir}/
 rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example
 rmdir %{buildroot}%{_localstatedir}/openldap-data
 
+
 %clean 
 rm -rf $RPM_BUILD_ROOT
 
+
 %post
 /sbin/ldconfig
 
@@ -691,6 +690,9 @@ exit 0
 
 
 %changelog
+* Thu Mar 04 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.4.57-2
+- imported Patch2000 from rawhide to fix CVE-2021-27212.
+
 * Sat Jan 30 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.4.57-1
 - new upstream release.