From 3534858d61ecf0c2ba597874e8cf8fe572cd50aeb09dc23fd69cfa47ade17d64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Tue, 28 Mar 2017 21:05:07 +0000 Subject: [PATCH 01/12] Accepting request 483192 from home:jengelh:branches:network:ldap - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get libldap inserted into their process image. [rh#1370065, boo#996551] OBS-URL: https://build.opensuse.org/request/show/483192 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=172 --- baselibs.conf | 2 ++ openldap2.changes | 7 +++++++ openldap2.spec | 14 ++++++++++++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/baselibs.conf b/baselibs.conf index 3b434dc..83913f7 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,4 +1,6 @@ libldap-2_4-2 + targettype 32bit provides "libldap-2.4.so.2" + targettype 64bit provides "libldap-2.4.so.2()(64bit)" provides "openldap2-client- = " obsoletes "openldap2-client- <= " openldap2-devel diff --git a/openldap2.changes b/openldap2.changes index b047d67..df81bce 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Mar 23 15:06:27 UTC 2017 - jengelh@inai.de + +- Make libldap equivalent to libldap_r (like Debian) to avoid + crashes in threaded programs which unknowingly get libldap + inserted into their process image. [rh#1370065, boo#996551] + ------------------------------------------------------------------- Sat Feb 18 22:11:29 UTC 2017 - kukuk@suse.com diff --git a/openldap2.spec b/openldap2.spec index 691d84f..0038fdb 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -185,8 +185,8 @@ OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify. %package devel Summary: Libraries, Header Files and Documentation for OpenLDAP -Group: Development/Libraries/C and C++ # bug437293 +Group: Development/Libraries/C and C++ %ifarch ppc64 Obsoletes: openldap2-devel-64bit %endif @@ -214,6 +214,11 @@ for development. Summary: OpenLDAP Client Libraries Group: Productivity/Networking/LDAP/Clients Recommends: libldap-data >= %{version_main} +%ifarch x86_64 sparc64 ppc64 s390x +Provides: libldap-2.4.so.2()(64bit) +%else +Provides: libldap-2.4.so.2 +%endif %description -n libldap-2_4-2 This package contains the OpenLDAP client libraries. @@ -386,7 +391,7 @@ install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/ install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap -rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` +find doc/guide '(' ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d ')' -delete rm -rf doc/guide/release %define DOCDIR %{_defaultdocdir}/%{name} @@ -423,6 +428,11 @@ rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la +# Make ldap_r the only copy in the system [rh#1370065] +rm -f "%{buildroot}/%{_libdir}"/libldap-2.4.so* +ln -fs libldap_r-2.4.so.2 "%{buildroot}/%{_libdir}/libldap-2.4.so.2" +ln -fs libldap_r.so "%{buildroot}/%{_libdir}/libldap.so" + %pre getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap || : getent passwd ldap >/dev/null || /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || : From 146741f94136638635cf0f02187e7edb6f1f034c1904875f4689af3546ee3e18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Thu, 30 Mar 2017 11:33:14 +0000 Subject: [PATCH 02/12] Accepting request 483798 from home:jengelh:branches:network:ldap - Work around ldconfig removing files [boo#1031464] - Do not ignore failure to create user/groups OBS-URL: https://build.opensuse.org/request/show/483798 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=173 --- openldap2.changes | 6 ++++++ openldap2.spec | 15 ++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index df81bce..c3cc33e 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Mar 29 20:56:33 UTC 2017 - jengelh@inai.de + +- Work around ldconfig removing files [boo#1031464] +- Do not ignore failure to create user/groups + ------------------------------------------------------------------- Thu Mar 23 15:06:27 UTC 2017 - jengelh@inai.de diff --git a/openldap2.spec b/openldap2.spec index 0038fdb..c99400a 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -430,12 +430,12 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la # Make ldap_r the only copy in the system [rh#1370065] rm -f "%{buildroot}/%{_libdir}"/libldap-2.4.so* -ln -fs libldap_r-2.4.so.2 "%{buildroot}/%{_libdir}/libldap-2.4.so.2" ln -fs libldap_r.so "%{buildroot}/%{_libdir}/libldap.so" +ln -s libldap_r-2.4.so.2 "%{buildroot}/%{_libdir}/libldap-2.4.so.2" %pre -getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap || : -getent passwd ldap >/dev/null || /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || : +getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap +getent passwd ldap >/dev/null || /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then touch %{_rundir}/enable_slapd_service fi @@ -463,6 +463,15 @@ fi %postun %service_del_postun slapd.service +%triggerun -n libldap-2_4-2 -- libldap-2_4-2 +if [ "$1" -eq 2 ]; then + # The %%postun from prior libldap versions calls ldconfig, which + # remembers libldap-2.4.so.2 as a symlink and will remove it, defeating + # rpm file tracking :-( + # Restore it. + ln -fs libldap_r-2.4.so.2 "%{_libdir}/libldap-2.4.so.2" +fi + %files %defattr(-,root,root) %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openldap From 09f2c84a56a67a98a99418c2e498fa06ec78b57f7ca24142ddc690bb357b642d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Fri, 7 Apr 2017 18:03:31 +0000 Subject: [PATCH 03/12] Accepting request 486529 from home:jengelh:branches:network:ldap - Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112. OBS-URL: https://build.opensuse.org/request/show/486529 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=174 --- openldap2.changes | 6 ++++++ openldap2.spec | 2 -- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index c3cc33e..3a4b50c 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 7 16:47:24 UTC 2017 - jengelh@inai.de + +- Drop binutils requirement; the code using /usr/bin/strings has + been dropped in openSUSE:Factory/openldap2 revision 112. + ------------------------------------------------------------------- Wed Mar 29 20:56:33 UTC 2017 - jengelh@inai.de diff --git a/openldap2.spec b/openldap2.spec index c99400a..7fcb6e6 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -83,8 +83,6 @@ Requires: libldap-2_4-2 = %{version_main} Recommends: cyrus-sasl Conflicts: openldap PreReq: %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep -# For /usr/bin/strings -Requires(pre): binutils %description OpenLDAP is a client and server reference implementation of the From 787c8bf6cff6b6bc2d0dcbb551ec3ca1f9cfc54c92080b5bde1d56167841c58f Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Sat, 29 Apr 2017 09:21:48 +0000 Subject: [PATCH 04/12] Accepting request 491547 from home:stroeder:branches:network:ldap added overlay addpartial to package openldap2-contrib OBS-URL: https://build.opensuse.org/request/show/491547 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=175 --- openldap2.changes | 5 +++++ openldap2.spec | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index 3a4b50c..03ce3aa 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Apr 27 10:08:31 UTC 2017 - michael@stroeder.com + +- added overlay addpartial to package openldap2-contrib + ------------------------------------------------------------------- Fri Apr 7 16:47:24 UTC 2017 - jengelh@inai.de diff --git a/openldap2.spec b/openldap2.spec index 7fcb6e6..81e3439 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -150,6 +150,7 @@ Requires: openldap2 = %{version_main} %description contrib Various overlays found in contrib/: +addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup @@ -302,7 +303,7 @@ export STRIP="" make depend make %{?_smp_mflags} # Build selected contrib overlays -for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 do make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" done @@ -347,7 +348,7 @@ make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" " # Additional symbolic link to slapd executable in /usr/sbin/ ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd # Install selected contrib overlays -for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 do make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install done @@ -581,6 +582,7 @@ fi %files contrib %defattr(-,root,root) +%{_libdir}/openldap/addpartial.* %{_libdir}/openldap/allowed.* %{_libdir}/openldap/allop.* %{_libdir}/openldap/autogroup.* From 31fe523df6ade2d4b8f3aa1c4d22f50813c0ec752482840d231ec9e01caaece7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Fri, 2 Jun 2017 09:23:02 +0000 Subject: [PATCH 05/12] Accepting request 500558 from home:stroeder:branches:network:ldap update to 2.4.45 OBS-URL: https://build.opensuse.org/request/show/500558 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=176 --- 0010-Enforce-minimum-DH-size-of-1024.patch | 24 -------------- ...-use-system-wide-cert-dir-by-default.patch | 33 ------------------- openldap-2.4.44.tgz | 3 -- openldap-2.4.45.tgz | 3 ++ openldap2.changes | 7 ++++ openldap2.spec | 6 +--- 6 files changed, 11 insertions(+), 65 deletions(-) delete mode 100644 0010-Enforce-minimum-DH-size-of-1024.patch delete mode 100644 0012-use-system-wide-cert-dir-by-default.patch delete mode 100644 openldap-2.4.44.tgz create mode 100644 openldap-2.4.45.tgz diff --git a/0010-Enforce-minimum-DH-size-of-1024.patch b/0010-Enforce-minimum-DH-size-of-1024.patch deleted file mode 100644 index db4b18c..0000000 --- a/0010-Enforce-minimum-DH-size-of-1024.patch +++ /dev/null @@ -1,24 +0,0 @@ -The patch was authored by Marcus Meissner on 2015-07-13 -to address weak DH size vulnerability. - ---- openldap-2.4.26.orig/libraries/libldap/tls_o.c -+++ openldap-2.4.26/libraries/libldap/tls_o.c -@@ -1190,7 +1190,6 @@ jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7t - -----END DH PARAMETERS-----\n"; - - static const struct dhinfo tlso_dhpem[] = { -- { 512, tlso_dhpem512, sizeof(tlso_dhpem512) }, - { 1024, tlso_dhpem1024, sizeof(tlso_dhpem1024) }, - { 2048, tlso_dhpem2048, sizeof(tlso_dhpem2048) }, - { 4096, tlso_dhpem4096, sizeof(tlso_dhpem4096) }, -@@ -1205,6 +1204,9 @@ tlso_tmp_dh_cb( SSL *ssl, int is_export, - DH *dh = NULL; - int i; - -+ /* for Logjam, rev up the minimum DH group size to 1024 bit */ -+ if (key_length < 1024) key_length = 1024; -+ - /* Do we have params of this length already? */ - LDAP_MUTEX_LOCK( &tlso_dh_mutex ); - for ( p = tlso_dhparams; p; p=p->next ) { - diff --git a/0012-use-system-wide-cert-dir-by-default.patch b/0012-use-system-wide-cert-dir-by-default.patch deleted file mode 100644 index 78e64ee..0000000 --- a/0012-use-system-wide-cert-dir-by-default.patch +++ /dev/null @@ -1,33 +0,0 @@ -The TLS configuration deliberately hid the error in case that user specified CA locations -cannot be read, by loading CAs from default locations; and when user does not specify CA -locations, the CAs from default locations are not read at all. - -This patch corrects the behaviour so that CAs from default location are used if user does -not specify a CA location, and user is informed of the error if CAs cannot be loaded from -the user specified location. - -Howard Guo 2016-11-10 - -diff -rupN openldap-2.4.41/libraries/libldap/tls_o.c openldap-2.4.41-patched/libraries/libldap/tls_o.c ---- openldap-2.4.41/libraries/libldap/tls_o.c 2015-06-21 02:19:58.000000000 +0200 -+++ openldap-2.4.41-patched/libraries/libldap/tls_o.c 2016-11-10 15:10:32.784147041 +0100 -@@ -253,10 +253,16 @@ tlso_ctx_init( struct ldapoptions *lo, s - return -1; - } - -- if (lo->ldo_tls_cacertfile != NULL || lo->ldo_tls_cacertdir != NULL) { -+ if ( lo->ldo_tls_cacertfile == NULL && lo->ldo_tls_cacertdir == NULL ) { -+ if ( !SSL_CTX_set_default_verify_paths( ctx ) ) { -+ Debug( LDAP_DEBUG_ANY, "TLS: " -+ "could not use default certificate paths", 0, 0, 0 ); -+ tlso_report_error(); -+ return -1; -+ } -+ } else { - if ( !SSL_CTX_load_verify_locations( ctx, -- lt->lt_cacertfile, lt->lt_cacertdir ) || -- !SSL_CTX_set_default_verify_paths( ctx ) ) -+ lt->lt_cacertfile, lt->lt_cacertdir ) ) - { - Debug( LDAP_DEBUG_ANY, "TLS: " - "could not load verify locations (file:`%s',dir:`%s').\n", diff --git a/openldap-2.4.44.tgz b/openldap-2.4.44.tgz deleted file mode 100644 index 57ce079..0000000 --- a/openldap-2.4.44.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400 -size 5658830 diff --git a/openldap-2.4.45.tgz b/openldap-2.4.45.tgz new file mode 100644 index 0000000..0af5b2a --- /dev/null +++ b/openldap-2.4.45.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cdd6cffdebcd95161a73305ec13fc7a78e9707b46ca9f84fb897cd5626df3824 +size 5672845 diff --git a/openldap2.changes b/openldap2.changes index 03ce3aa..ba8af10 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Jun 2 07:26:42 UTC 2017 - michael@stroeder.com + +- Upgrade to upstream 2.4.45 release +- removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch + and 0012-use-system-wide-cert-dir-by-default.patch + ------------------------------------------------------------------- Thu Apr 27 10:08:31 UTC 2017 - michael@stroeder.com diff --git a/openldap2.spec b/openldap2.spec index 81e3439..4facabd 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -17,7 +17,7 @@ %define run_test_suite 0 -%define version_main 2.4.44 +%define version_main 2.4.45 %if %{suse_version} >= 1310 && %{suse_version} != 1315 %define _rundir /run/slapd @@ -56,9 +56,7 @@ Patch6: 0006-No-Build-date-and-time-in-binaries.dif Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch -Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch Patch11: 0011-openldap-re24-its7796.patch -Patch12: 0012-use-system-wide-cert-dir-by-default.patch Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz Source201: %{name_ppolicy_check_module}.Makefile Source202: %{name_ppolicy_check_module}.conf @@ -254,9 +252,7 @@ gzip -k %{S:203} %patch7 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 %patch11 -p1 -%patch12 -p1 cp %{SOURCE5} . # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/ From 3f601cf55f72a8911f647c16e595fc9828c7302c8221c2ba17d1a93946aa9cc7 Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Tue, 6 Jun 2017 13:48:11 +0000 Subject: [PATCH 06/12] - There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list ------------------------------------------------------------------e OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=177 --- openldap2.changes | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/openldap2.changes b/openldap2.changes index ba8af10..6a08fad 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,4 +1,21 @@ ------------------------------------------------------------------- +Tue Jun 6 13:47:18 UTC 2017 - hguo@suse.com + +- There is no change made about the package itself, this is only + copying over some changelog texts from SLE package: +- bug#976172 owned by hguo@suse.com: openldap2 - missing + /usr/share/doc/packages/openldap2/guide/admin/guide.html +- bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: + openldap2: slapd crash in valueReturnFilter cleanup +- [fate#319300](https://fate.suse.com/319300) +- [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) +- bug#905959 owned by hguo@suse.com: L3-Question: Are multiple + "Connection 0" in a Multi Master setup normal ? +- [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) +- bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: + openldap2: slapd crashes on search with deref control and empty attr list + +------------------------------------------------------------------e Fri Jun 2 07:26:42 UTC 2017 - michael@stroeder.com - Upgrade to upstream 2.4.45 release From 39fedbb3343f75422cfc2f6424485c5cc0a000e56c956a315582d6596876f2aa Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Wed, 7 Jun 2017 09:33:31 +0000 Subject: [PATCH 07/12] - Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405) OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=178 --- openldap2.changes | 6 ++++++ openldap2.spec | 7 ------- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index 6a08fad..11f5064 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jun 7 09:32:52 UTC 2017 - hguo@suse.com + +- Remove legacy daemon control that was used to migrate from SLE 11 + to 12. (bsc#1038405) + ------------------------------------------------------------------- Tue Jun 6 13:47:18 UTC 2017 - hguo@suse.com diff --git a/openldap2.spec b/openldap2.spec index 4facabd..5c87e85 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -431,9 +431,6 @@ ln -s libldap_r-2.4.so.2 "%{buildroot}/%{_libdir}/libldap-2.4.so.2" %pre getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap getent passwd ldap >/dev/null || /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap -if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then - touch %{_rundir}/enable_slapd_service -fi %service_add_pre slapd.service %post @@ -442,11 +439,7 @@ if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf fi %{fillup_only -n openldap ldap} -%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER} %service_add_post slapd.service -if [ -f %{_rundir}/enable_slapd_service ]; then - /usr/bin/systemctl --quiet enable slapd -fi %post -n libldap-2_4-2 -p /sbin/ldconfig From 90b761d030b7f45b0f7ef1225637dc6bb0b3034b6f376c25d37b0b4e1040527d Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Tue, 4 Jul 2017 08:52:54 +0000 Subject: [PATCH 08/12] Accepting request 506983 from home:jengelh:branches:network:ldap - Remove all non-r libldap links so OBS has a clearer picture of rebuilds. [boo sr#501631] OBS-URL: https://build.opensuse.org/request/show/506983 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=179 --- openldap2.changes | 6 ++++++ openldap2.spec | 21 ++++----------------- 2 files changed, 10 insertions(+), 17 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index 11f5064..81b11a4 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jun 29 08:27:17 UTC 2017 - jengelh@inai.de + +- Remove all non-r libldap links so OBS has a clearer picture of + rebuilds. [boo sr#501631] + ------------------------------------------------------------------- Wed Jun 7 09:32:52 UTC 2017 - hguo@suse.com diff --git a/openldap2.spec b/openldap2.spec index 5c87e85..3972104 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -211,11 +211,6 @@ for development. Summary: OpenLDAP Client Libraries Group: Productivity/Networking/LDAP/Clients Recommends: libldap-data >= %{version_main} -%ifarch x86_64 sparc64 ppc64 s390x -Provides: libldap-2.4.so.2()(64bit) -%else -Provides: libldap-2.4.so.2 -%endif %description -n libldap-2_4-2 This package contains the OpenLDAP client libraries. @@ -358,7 +353,6 @@ install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so* chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so* -chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so* install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif # Install ppolicy check module @@ -423,10 +417,12 @@ rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la -# Make ldap_r the only copy in the system [rh#1370065] +# Make ldap_r the only copy in the system [rh#1370065], +# and provide only libldap.so for `gcc -lldap`, and otherwise +# not have any links [boo sr#501631] rm -f "%{buildroot}/%{_libdir}"/libldap-2.4.so* ln -fs libldap_r.so "%{buildroot}/%{_libdir}/libldap.so" -ln -s libldap_r-2.4.so.2 "%{buildroot}/%{_libdir}/libldap-2.4.so.2" +#ln -s libldap_r-2.4.so.2 "%{buildroot}/%{_libdir}/libldap-2.4.so.2" %pre getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap @@ -451,15 +447,6 @@ fi %postun %service_del_postun slapd.service -%triggerun -n libldap-2_4-2 -- libldap-2_4-2 -if [ "$1" -eq 2 ]; then - # The %%postun from prior libldap versions calls ldconfig, which - # remembers libldap-2.4.so.2 as a symlink and will remove it, defeating - # rpm file tracking :-( - # Restore it. - ln -fs libldap_r-2.4.so.2 "%{_libdir}/libldap-2.4.so.2" -fi - %files %defattr(-,root,root) %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openldap From 14ca9919c78767b1cdc0726924bd84e144f302db074dd310de2f3679bdf43ee0 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 4 Jul 2017 11:59:21 +0000 Subject: [PATCH 09/12] . OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=180 --- openldap-r-only.diff | 24 ++++++++++++++++++++++++ openldap2.changes | 6 ++++++ openldap2.spec | 2 ++ 3 files changed, 32 insertions(+) create mode 100644 openldap-r-only.diff diff --git a/openldap-r-only.diff b/openldap-r-only.diff new file mode 100644 index 0000000..40b03a9 --- /dev/null +++ b/openldap-r-only.diff @@ -0,0 +1,24 @@ +From: Jan Engelhardt +Date: 2017-07-04 13:53:32.386698982 +0200 + +Build all own programs exclusively with libldap_r and not libldap. + +References: http://bugzilla.redhat.com/1370065 +References: http://bugzilla.opensuse.org/996551 +--- + build/top.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: openldap-2.4.45/build/top.mk +=================================================================== +--- openldap-2.4.45.orig/build/top.mk ++++ openldap-2.4.45/build/top.mk +@@ -171,7 +171,7 @@ LDAP_LIBLUNICODE_A = $(LDAP_LIBDIR)/libl + LDAP_LIBLUTIL_A = $(LDAP_LIBDIR)/liblutil/liblutil.a + + LDAP_L = $(LDAP_LIBLUTIL_A) \ +- $(LDAP_LIBLDAP_LA) $(LDAP_LIBLBER_LA) ++ $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_LIBREWRITE_A) \ + $(LDAP_LIBLUTIL_A) $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + diff --git a/openldap2.changes b/openldap2.changes index 81b11a4..8473e05 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jul 4 11:58:58 UTC 2017 - jengelh@inai.de + +- Add openldap-r-only.diff so that openldap2's own tools also + link against libldap_r rather than libldap. + ------------------------------------------------------------------- Thu Jun 29 08:27:17 UTC 2017 - jengelh@inai.de diff --git a/openldap2.spec b/openldap2.spec index 3972104..88259e7 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -57,6 +57,7 @@ Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch11: 0011-openldap-re24-its7796.patch +Patch12: openldap-r-only.diff Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz Source201: %{name_ppolicy_check_module}.Makefile Source202: %{name_ppolicy_check_module}.conf @@ -248,6 +249,7 @@ gzip -k %{S:203} %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 cp %{SOURCE5} . # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/ From 16253831a4b5ccee736b3d5c031c2e18f76fb4b805f1d91e0c1a6ade7d89327a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 4 Jul 2017 12:00:10 +0000 Subject: [PATCH 10/12] osc copypac from project:network:ldap package:openldap2 revision:179 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=181 --- openldap-r-only.diff | 24 ------------------------ openldap2.changes | 6 ------ openldap2.spec | 2 -- 3 files changed, 32 deletions(-) delete mode 100644 openldap-r-only.diff diff --git a/openldap-r-only.diff b/openldap-r-only.diff deleted file mode 100644 index 40b03a9..0000000 --- a/openldap-r-only.diff +++ /dev/null @@ -1,24 +0,0 @@ -From: Jan Engelhardt -Date: 2017-07-04 13:53:32.386698982 +0200 - -Build all own programs exclusively with libldap_r and not libldap. - -References: http://bugzilla.redhat.com/1370065 -References: http://bugzilla.opensuse.org/996551 ---- - build/top.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: openldap-2.4.45/build/top.mk -=================================================================== ---- openldap-2.4.45.orig/build/top.mk -+++ openldap-2.4.45/build/top.mk -@@ -171,7 +171,7 @@ LDAP_LIBLUNICODE_A = $(LDAP_LIBDIR)/libl - LDAP_LIBLUTIL_A = $(LDAP_LIBDIR)/liblutil/liblutil.a - - LDAP_L = $(LDAP_LIBLUTIL_A) \ -- $(LDAP_LIBLDAP_LA) $(LDAP_LIBLBER_LA) -+ $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) - SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_LIBREWRITE_A) \ - $(LDAP_LIBLUTIL_A) $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) - diff --git a/openldap2.changes b/openldap2.changes index 8473e05..81b11a4 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Tue Jul 4 11:58:58 UTC 2017 - jengelh@inai.de - -- Add openldap-r-only.diff so that openldap2's own tools also - link against libldap_r rather than libldap. - ------------------------------------------------------------------- Thu Jun 29 08:27:17 UTC 2017 - jengelh@inai.de diff --git a/openldap2.spec b/openldap2.spec index 88259e7..3972104 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -57,7 +57,6 @@ Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch11: 0011-openldap-re24-its7796.patch -Patch12: openldap-r-only.diff Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz Source201: %{name_ppolicy_check_module}.Makefile Source202: %{name_ppolicy_check_module}.conf @@ -249,7 +248,6 @@ gzip -k %{S:203} %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 cp %{SOURCE5} . # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/ From 6bb69eda08d6d96d0782a656cca89c3e131801783f2825b0c81e42f54e54be72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Mon, 17 Jul 2017 19:02:36 +0000 Subject: [PATCH 11/12] Accepting request 509862 from home:stroeder:branches:network:ldap Postpone Jan's libldap_r symlink patch for now. Added a local patch for OpenLDAP's back-sock. OBS-URL: https://build.opensuse.org/request/show/509862 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=182 --- ...et-back-sock-generate-increment-line.patch | 28 +++++++++++++ baselibs.conf | 2 - openldap2.changes | 39 +++++-------------- openldap2.spec | 12 ++---- 4 files changed, 41 insertions(+), 40 deletions(-) create mode 100644 0013-ITS-8692-let-back-sock-generate-increment-line.patch diff --git a/0013-ITS-8692-let-back-sock-generate-increment-line.patch b/0013-ITS-8692-let-back-sock-generate-increment-line.patch new file mode 100644 index 0000000..7fbb1f0 --- /dev/null +++ b/0013-ITS-8692-let-back-sock-generate-increment-line.patch @@ -0,0 +1,28 @@ +From 6c37844c5c52b95aff5e4e547cda8a7258e92a35 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20Str=C3=B6der?= +Date: Wed, 12 Jul 2017 20:18:22 +0200 +Subject: [PATCH] ITS#8692 let back-sock generate increment: line in case of + LDAP_MOD_INCREMENT (see RFC 4525, section 3) + +--- + servers/slapd/back-sock/modify.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/servers/slapd/back-sock/modify.c b/servers/slapd/back-sock/modify.c +index c35d31bc6..9342d2702 100644 +--- a/servers/slapd/back-sock/modify.c ++++ b/servers/slapd/back-sock/modify.c +@@ -85,6 +85,10 @@ sock_back_modify( + case LDAP_MOD_REPLACE: + fprintf( fp, "replace: %s\n", mod->sm_desc->ad_cname.bv_val ); + break; ++ ++ case LDAP_MOD_INCREMENT: ++ fprintf( fp, "increment: %s\n", mod->sm_desc->ad_cname.bv_val ); ++ break; + } + + if( mod->sm_values != NULL ) { +-- +2.13.2 + diff --git a/baselibs.conf b/baselibs.conf index 83913f7..3b434dc 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,6 +1,4 @@ libldap-2_4-2 - targettype 32bit provides "libldap-2.4.so.2" - targettype 64bit provides "libldap-2.4.so.2()(64bit)" provides "openldap2-client- = " obsoletes "openldap2-client- <= " openldap2-devel diff --git a/openldap2.changes b/openldap2.changes index 81b11a4..9410524 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,16 +1,20 @@ ------------------------------------------------------------------- -Thu Jun 29 08:27:17 UTC 2017 - jengelh@inai.de +Wed Jul 12 18:52:42 UTC 2017 - michael@stroeder.com -- Remove all non-r libldap links so OBS has a clearer picture of - rebuilds. [boo sr#501631] +- Upgrade to upstream 2.4.45 release +- removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch + and 0012-use-system-wide-cert-dir-by-default.patch +- added 0013-ITS-8692-let-back-sock-generate-increment-line.patch + for supporting modify increment operations with back-sock +- added overlay addpartial to package openldap2-contrib -------------------------------------------------------------------- +-------------------------------------------------------------------- Wed Jun 7 09:32:52 UTC 2017 - hguo@suse.com - Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405) -------------------------------------------------------------------- +-------------------------------------------------------------------- Tue Jun 6 13:47:18 UTC 2017 - hguo@suse.com - There is no change made about the package itself, this is only @@ -27,37 +31,12 @@ Tue Jun 6 13:47:18 UTC 2017 - hguo@suse.com - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list -------------------------------------------------------------------e -Fri Jun 2 07:26:42 UTC 2017 - michael@stroeder.com - -- Upgrade to upstream 2.4.45 release -- removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch - and 0012-use-system-wide-cert-dir-by-default.patch - -------------------------------------------------------------------- -Thu Apr 27 10:08:31 UTC 2017 - michael@stroeder.com - -- added overlay addpartial to package openldap2-contrib - ------------------------------------------------------------------- Fri Apr 7 16:47:24 UTC 2017 - jengelh@inai.de - Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112. -------------------------------------------------------------------- -Wed Mar 29 20:56:33 UTC 2017 - jengelh@inai.de - -- Work around ldconfig removing files [boo#1031464] -- Do not ignore failure to create user/groups - -------------------------------------------------------------------- -Thu Mar 23 15:06:27 UTC 2017 - jengelh@inai.de - -- Make libldap equivalent to libldap_r (like Debian) to avoid - crashes in threaded programs which unknowingly get libldap - inserted into their process image. [rh#1370065, boo#996551] - ------------------------------------------------------------------- Sat Feb 18 22:11:29 UTC 2017 - kukuk@suse.com diff --git a/openldap2.spec b/openldap2.spec index 3972104..d9acef4 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -57,6 +57,7 @@ Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch11: 0011-openldap-re24-its7796.patch +Patch13: 0013-ITS-8692-let-back-sock-generate-increment-line.patch Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz Source201: %{name_ppolicy_check_module}.Makefile Source202: %{name_ppolicy_check_module}.conf @@ -182,8 +183,8 @@ OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify. %package devel Summary: Libraries, Header Files and Documentation for OpenLDAP -# bug437293 Group: Development/Libraries/C and C++ +# bug437293 %ifarch ppc64 Obsoletes: openldap2-devel-64bit %endif @@ -248,6 +249,7 @@ gzip -k %{S:203} %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch13 -p1 cp %{SOURCE5} . # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/ @@ -353,6 +355,7 @@ install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so* chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so* +chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so* install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif # Install ppolicy check module @@ -417,13 +420,6 @@ rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la -# Make ldap_r the only copy in the system [rh#1370065], -# and provide only libldap.so for `gcc -lldap`, and otherwise -# not have any links [boo sr#501631] -rm -f "%{buildroot}/%{_libdir}"/libldap-2.4.so* -ln -fs libldap_r.so "%{buildroot}/%{_libdir}/libldap.so" -#ln -s libldap_r-2.4.so.2 "%{buildroot}/%{_libdir}/libldap-2.4.so.2" - %pre getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap getent passwd ldap >/dev/null || /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap From cbf9f027df571549722dd2b5a500f02e3ba91028bad7ec176e00ab06598186a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Thu, 20 Jul 2017 14:49:37 +0000 Subject: [PATCH 12/12] Accepting request 511673 from home:stroeder:branches:network:ldap added overlay trace to package openldap2-contrib OBS-URL: https://build.opensuse.org/request/show/511673 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=183 --- openldap2.changes | 5 +++++ openldap2.spec | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index 9410524..14496ba 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jul 20 14:19:47 UTC 2017 - michael@stroeder.com + +- added overlay trace to package openldap2-contrib + ------------------------------------------------------------------- Wed Jul 12 18:52:42 UTC 2017 - michael@stroeder.com diff --git a/openldap2.spec b/openldap2.spec index d9acef4..0f9c263 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -161,6 +161,7 @@ nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) +trace traces overlay invocation %package doc Summary: OpenLDAP Documentation @@ -296,11 +297,10 @@ export STRIP="" make depend make %{?_smp_mflags} # Build selected contrib overlays -for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace do make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" done -# One more level up needed because of passwd/sha2 # slapo-smbk5pwd only for Samba password hashes make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB="" @@ -341,7 +341,7 @@ make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" " # Additional symbolic link to slapd executable in /usr/sbin/ ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd # Install selected contrib overlays -for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace do make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install done @@ -566,6 +566,7 @@ fi %{_libdir}/openldap/denyop.* %{_libdir}/openldap/cloak.* %{_libdir}/openldap/smbk5pwd.* +%{_libdir}/openldap/trace.* %files client %defattr(-,root,root)