diff --git a/openldap.spec b/openldap.spec index f500b4e..8ea9657 100644 --- a/openldap.spec +++ b/openldap.spec @@ -4,7 +4,7 @@ Summary: The configuration files, libraries, and documentation for OpenLDAP. Name: openldap Version: 2.0.27 -Release: 2 +Release: 2.8.0 License: OpenLDAP Group: System Environment/Daemons Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz @@ -32,16 +32,18 @@ Patch22: MigrationTools-36-mktemp.patch Patch23: MigrationTools-27-simple.patch Patch24: MigrationTools-26-suffix.patch Patch25: MigrationTools-44-schema.patch +Patch26: openldap-2.0.27-susesec.patch Patch100: http://sleepycat.com/update/4.1.24/patch.4.1.24.2 Patch101: http://sleepycat.com/update/4.1.24/patch.4.1.24.3 Patch102: http://sleepycat.com/update/4.1.24/patch.4.1.24.4 Patch103: http://sleepycat.com/update/4.1.24/patch.4.1.24.5 Patch104: http://sleepycat.com/update/4.1.24/patch.4.1.24.6 +Patch105: http://sleepycat.com/update/4.1.24/patch.4.1.24.7 +Patch106: http://sleepycat.com/update/4.1.24/patch.4.1.24.8 URL: http://www.openldap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildPreReq: cyrus-sasl-devel, gdbm-devel, krb5-devel, openssl-devel -BuildPreReq: pam-devel -BuildPreReq: perl, tcp_wrappers +BuildPreReq: pam-devel, perl, pkgconfig, tcp_wrappers BuildPreReq: libtool >= 1.4 Requires: cyrus-sasl, cyrus-sasl-md5, mktemp @@ -113,12 +115,15 @@ pushd MigrationTools-%{migtools_ver} %patch24 -p1 -b .suffix %patch25 -p1 -b .schema popd +%patch26 -p0 -b .susesec pushd db-%{db_version} %patch100 -p0 -b .2 %patch101 -p0 -b .3 %patch102 -p0 -b .4 %patch103 -p0 -b .5 %patch104 -p0 -b .6 +%patch105 -p0 -b .7 +%patch106 -p0 -b .8 popd mkdir build-gdbm @@ -137,6 +142,12 @@ dbdir=`pwd`/db-instroot %ifarch ia64 RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0" %endif +if pkg-config openssl ; then + OPENSSL_CPPFLAGS=`pkg-config --cflags openssl` + CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS + OPENSSL_LDFLAGS=`pkg-config --libs-only-L openssl` + LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS +fi CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS TARGET_PLATFORM=%{_target_platform} %define _target_platform --target=${TARGET_PLATFORM} @@ -159,6 +170,7 @@ cat << _EOF | sed -e 's,--host=[^ ]*,,g' -e 's,--build=[^ ]*,,g' -e 's,--target= --enable-crypt \ --enable-spasswd \ --enable-modules \ + --disable-sql \ \ --libexecdir=%{_sbindir} \ --localstatedir=/%{_var}/run \ @@ -176,26 +188,30 @@ make %{_smp_mflags} make install popd # Build one for tools which use gdbm. +CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS +LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS pushd build-gdbm build --enable-ldbm --with-ldbm-api=gdbm --disable-shared --without-kerberos popd # Build one for tools which use db. +CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS +LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS pushd build-berkeley build --enable-ldbm --with-ldbm-api=berkeley --disable-shared --without-kerberos popd # Build the servers with Kerberos support and whichever backend we want. Even # enable the bdb backend, which doesn't exist yet. +CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS +LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS pushd build-krb5 -CPPFLAGS="-I${dbdir}/include -I%{_prefix}/kerberos/include -DHAVE_KERBEROS_V" -export CPPFLAGS -LDFLAGS="-L${dbdir}/lib -L%{_prefix}/kerberos/%{_lib}" -export LDFLAGS +CPPFLAGS="$CPPFLAGS -I${dbdir}/include -I%{_prefix}/kerberos/include -DHAVE_KERBEROS_V" +LDFLAGS="$LDFLAGS -L${dbdir}/lib -L%{_prefix}/kerberos/%{_lib}" build --enable-ldbm --with-ldbm-api=%{backend} --enable-bdb --disable-shared --with-kerberos=k5only --enable-kpasswd -unset CPPFLAGS -unset LDFLAGS popd -# Build clients without Kerberos password-checking support which is only +# Build clients without Kerberos password-checking support, which is only # useful in the server anyway. +CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS +LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS pushd build-clients build --disable-ldbm --enable-shared --without-kerberos popd @@ -389,6 +405,15 @@ fi %attr(0644,root,root) %{_mandir}/man3/* %changelog +* Thu Dec 12 2002 Nalin Dahyabhai 2.0.27-2.8.0 +- rebuild for erratum + +* Thu Dec 12 2002 Nalin Dahyabhai +- incorporate fixes from SuSE's security audit, except for fixes to ITS 1963, + 1936, 2007, 2009, which were included in 2.0.26. +- add two more patches for db 4.1.24 from sleepycat's updates page +- use openssl pkgconfig data, if any is available + * Mon Nov 11 2002 Nalin Dahyabhai 2.0.27-2 - add patches for db 4.1.24 from sleepycat's updates page