From a5a36145b2bb725df2c5cf171745f27c20e42e7ce035958bfe29d6168b5455ab Mon Sep 17 00:00:00 2001
From: Steve Kowalik <steven@wedontsleep.org>
Date: Fri, 24 Oct 2025 14:09:54 +1100
Subject: [PATCH] - Update to 3.4.5

  * Security fixes:
    + CVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce str input in
      ldap.filter.escape_filter_chars with escape_mode=1; ensure proper
      escaping. (bsc#1251912)
    + CVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in
      ldap.dn.escape_dn_chars to \00 per RFC 4514. (bsc#1251913)
  * Fixes:
    + ReconnectLDAPObject now properly reconnects on UNAVAILABLE,
      CONNECT_ERROR and TIMEOUT exceptions (previously only SERVER_DOWN),
      fixing reconnection issues especially during server restarts
    + Fixed syncrepl.py to use named constants instead of raw decimal values
      for result types
    + Fixed error handling in SearchNoOpMixIn to prevent a undefined variable
      error
- Switch to building with pip, wheel and the pyproject macros.
- Fix filename due to new setuptools.
---
 python-ldap-3.4.4.tar.gz |  3 ---
 python-ldap.changes      | 21 +++++++++++++++++++++
 python-ldap.spec         | 14 ++++++++------
 python_ldap-3.4.5.tar.gz |  3 +++
 4 files changed, 32 insertions(+), 9 deletions(-)
 delete mode 100644 python-ldap-3.4.4.tar.gz
 create mode 100644 python_ldap-3.4.5.tar.gz

diff --git a/python-ldap-3.4.4.tar.gz b/python-ldap-3.4.4.tar.gz
deleted file mode 100644
index ab36b77..0000000
--- a/python-ldap-3.4.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7edb0accec4e037797705f3a05cbf36a9fde50d08c8f67f2aef99a2628fab828
-size 377889
diff --git a/python-ldap.changes b/python-ldap.changes
index 0c4562e..fa8d0a4 100644
--- a/python-ldap.changes
+++ b/python-ldap.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Fri Oct 24 03:09:41 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 3.4.5:
+  * Security fixes:
+    + CVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce str input in
+      ldap.filter.escape_filter_chars with escape_mode=1; ensure proper
+      escaping. (bsc#1251912)
+    + CVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in
+      ldap.dn.escape_dn_chars to \00 per RFC 4514. (bsc#1251913)
+  * Fixes:
+    + ReconnectLDAPObject now properly reconnects on UNAVAILABLE,
+      CONNECT_ERROR and TIMEOUT exceptions (previously only SERVER_DOWN),
+      fixing reconnection issues especially during server restarts
+    + Fixed syncrepl.py to use named constants instead of raw decimal values
+      for result types
+    + Fixed error handling in SearchNoOpMixIn to prevent a undefined variable
+      error
+- Switch to building with pip, wheel and the pyproject macros.
+- Fix filename due to new setuptools.
+
 -------------------------------------------------------------------
 Tue Aug  5 05:27:36 UTC 2025 - William Brown <william.brown@suse.com>
 
diff --git a/python-ldap.spec b/python-ldap.spec
index 7367ca3..17494eb 100644
--- a/python-ldap.spec
+++ b/python-ldap.spec
@@ -18,18 +18,20 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-ldap
-Version:        3.4.4
+Version:        3.4.5
 Release:        0
 Summary:        Python LDAP interface
 License:        Python-2.0
 Group:          Development/Libraries/Python
 URL:            https://www.python-ldap.org/
-Source0:        https://files.pythonhosted.org/packages/source/p/python-ldap/python-ldap-%{version}.tar.gz
+Source0:        https://files.pythonhosted.org/packages/source/p/python-ldap/python_ldap-%{version}.tar.gz
 Patch0:         0001-Use-reentrant-libldap.patch
 BuildRequires:  %{python_module devel}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pyasn1 >= 0.3.7}
 BuildRequires:  %{python_module pyasn1-modules >= 0.1.5}
 BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  cyrus-sasl-devel >= 2.1
 BuildRequires:  fdupes
 BuildRequires:  krb5-devel
@@ -51,14 +53,14 @@ for that purpose.  Additionally the package contains modules for other
 LDAP-related stuff (e.g. processing LDIF, LDAPURLs, LDAPv3 schema, etc.).
 
 %prep
-%autosetup -p1
+%autosetup -p1 -n python_ldap-%{version}
 cp Build/setup.cfg.suse-linux setup.cfg
 
 %build
-CFLAGS="%{optflags}" %python_build
+CFLAGS="%{optflags}" %pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitearch}
 
 %check
@@ -68,7 +70,7 @@ PATH=/sbin:/usr/sbin:/usr/local/bin:/usr/bin:/bin %pyunittest_arch discover -v -
 %license LICENCE
 %doc README Demo CHANGES TODO
 %{python_sitearch}/ldap
-%{python_sitearch}/python_ldap-%{version}*info
+%{python_sitearch}/python_ldap-%{version}.dist-info
 %{python_sitearch}/slapdtest
 %{python_sitearch}/ldapurl.py
 %{python_sitearch}/ldif.py
diff --git a/python_ldap-3.4.5.tar.gz b/python_ldap-3.4.5.tar.gz
new file mode 100644
index 0000000..5f2a14c
--- /dev/null
+++ b/python_ldap-3.4.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b2f6ef1c37fe2c6a5a85212efe71311ee21847766a7d45fcb711f3b270a5f79a
+size 388482