Browse Source

updated 2 packages

glibc-2.33-4

openldap-2.4.58-1
Tomohiro "Tomo-p" KATO 3 years ago
parent
commit
20711e6a3a
2 changed files with 33 additions and 27 deletions
  1. 9 3
      g/glibc/glibc-vl.spec
  2. 24 24
      o/openldap/openldap-vl.spec

+ 9 - 3
g/glibc/glibc-vl.spec

@@ -8,7 +8,7 @@ Summary: The GNU libc libraries
 Summary(ja): GNU libc ライブラリ
 Summary(ja): GNU libc ライブラリ
 Name: glibc
 Name: glibc
 Version: %{glibcversion}
 Version: %{glibcversion}
-Release: 3%{?_dist_release}%{?with_systemd:.systemd}
+Release: 4%{?_dist_release}%{?with_systemd:.systemd}
 Group: system
 Group: system
 Vendor: Project Vine
 Vendor: Project Vine
 Distribution: Vine Linux
 Distribution: Vine Linux
@@ -35,7 +35,7 @@ Source11: SUPPORTED
 Source1000: rpm-old-changelog.txt
 Source1000: rpm-old-changelog.txt
 
 
 # patched form upstream
 # patched form upstream
-Patch0: glibc-2.33-20210409.patch
+Patch0: glibc-2.33-20210601.patch
 
 
 # patches from Fedora
 # patches from Fedora
 #Patch1: glibc-post_upgrade.patch
 #Patch1: glibc-post_upgrade.patch
@@ -63,6 +63,8 @@ Patch29: glibc-fedora-nsswitch.patch
 #Patch10001: glibc-2.18-vine-build-env.patch
 #Patch10001: glibc-2.18-vine-build-env.patch
 
 
 # security
 # security
+Patch20000: CVE-2021-33574_1.patch
+Patch20001: CVE-2021-33574_2.patch
 
 
 %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
 %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
 
 
@@ -102,7 +104,7 @@ Patch29: glibc-fedora-nsswitch.patch
 # passed to -r.
 # passed to -r.
 %undefine __brp_ldconfig
 %undefine __brp_ldconfig
 
 
-Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Obsoletes: glibc-profile < 2.4
 Obsoletes: glibc-profile < 2.4
 Provides: ldconfig
 Provides: ldconfig
 # The dynamic linker supports DT_GNU_HASH
 # The dynamic linker supports DT_GNU_HASH
@@ -1967,6 +1969,10 @@ rm -f *.filelist*
 %endif
 %endif
 
 
 %changelog
 %changelog
+* Thu Jun 03 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.33-4
+- updated Patch0.
+- imported Patch20000 and 20001 from upstream to fix CVE-2021-33574.
+
 * Sat Apr 10 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.33-3
 * Sat Apr 10 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.33-3
 - updated Patch0.
 - updated Patch0.
 - built with gcc-10.3.
 - built with gcc-10.3.

+ 24 - 24
o/openldap/openldap-vl.spec

@@ -9,8 +9,8 @@
 Summary: The configuration files, libraries and documentation for OpenLDAP.
 Summary: The configuration files, libraries and documentation for OpenLDAP.
 Summary(ja): OpenLDAP の設定ファイル,ライブラリ,ドキュメント.
 Summary(ja): OpenLDAP の設定ファイル,ライブラリ,ドキュメント.
 Name: openldap
 Name: openldap
-Version: 2.4.57
-Release: 2%{?_dist_release}%{?with_systemd:.systemd}
+Version: 2.4.58
+Release: 1%{?_dist_release}%{?with_systemd:.systemd}
 Group: system
 Group: system
 Vendor: Project Vine
 Vendor: Project Vine
 Distribution: Vine Linux
 Distribution: Vine Linux
@@ -52,7 +52,6 @@ Patch91: check-password.patch
 # Vine Patches
 # Vine Patches
 
 
 # security fixes
 # security fixes
-Patch2000: CVE-2021-27212.patch
 
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: autoconf, automake, libtool >= 2.2.6a
 BuildRequires: autoconf, automake, libtool >= 2.2.6a
@@ -230,7 +229,6 @@ autoreconf -fiv ||:
 %patch24 -p1
 %patch24 -p1
 
 
 # security
 # security
-%patch2000 -p1
 
 
 # build smbk5pwd with other overlays
 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@@ -419,17 +417,7 @@ rmdir %{buildroot}%{_localstatedir}/openldap-data
 rm -rf $RPM_BUILD_ROOT
 rm -rf $RPM_BUILD_ROOT
 
 
 
 
-%post
-/sbin/ldconfig
-
-%postun
-#update only on package erase
-if [ $1 == 0 ]; then
-    /sbin/ldconfig
-fi
-
 %pre servers
 %pre servers
-
 # create ldap user and group
 # create ldap user and group
 getent group ldap &>/dev/null || groupadd -r -g 55 ldap
 getent group ldap &>/dev/null || groupadd -r -g 55 ldap
 getent passwd ldap &>/dev/null || \
 getent passwd ldap &>/dev/null || \
@@ -449,7 +437,6 @@ fi
 exit 0
 exit 0
 
 
 %post servers
 %post servers
-/sbin/ldconfig -n %{_libdir}/openldap
 %if %{with systemd}
 %if %{with systemd}
 %systemd_post slapd.service
 %systemd_post slapd.service
 %endif
 %endif
@@ -523,7 +510,6 @@ fi
 %endif
 %endif
 
 
 %postun servers
 %postun servers
-/sbin/ldconfig ${_libdir}/openldap
 %if %{with systemd}
 %if %{with systemd}
 %systemd_postun_with_restart slapd.service
 %systemd_postun_with_restart slapd.service
 %else
 %else
@@ -532,11 +518,7 @@ if [ $1 -ge 1 ] ; then
 fi
 fi
 %endif
 %endif
 
 
-%post devel -p /sbin/ldconfig
-%postun devel -p /sbin/ldconfig
-
 %triggerin servers -- libdb
 %triggerin servers -- libdb
-
 # libdb upgrade (setup for %%triggerun)
 # libdb upgrade (setup for %%triggerun)
 if [ $2 -eq 2 ]; then
 if [ $2 -eq 2 ]; then
 	# we are interested in minor version changes (both versions of libdb are installed at this moment)
 	# we are interested in minor version changes (both versions of libdb are installed at this moment)
@@ -546,13 +528,26 @@ if [ $2 -eq 2 ]; then
 		rm -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb
 		rm -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb
 	fi
 	fi
 fi
 fi
-
 exit 0
 exit 0
 
 
-
 %triggerun servers -- libdb
 %triggerun servers -- libdb
-
 # libdb upgrade (finish %%triggerin)
 # libdb upgrade (finish %%triggerin)
+%if %{with systemd}
+if [ -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb ]; then
+	
+	if /bin/systemctl --quiet is-active slapd.service; then
+		/bin/systemctl stop slapd.service
+		start=1
+	else
+		start=0
+	fi
+
+	%{_libexecdir}/openldap/upgrade-db.sh &>/dev/null
+	rm -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb
+
+	[ $start -eq 1 ] && /bin/systemctl start slapd.service &>/dev/null
+fi
+%else
 running=`/sbin/service ldap status >/dev/null; echo $?`
 running=`/sbin/service ldap status >/dev/null; echo $?`
 
 
 if [ -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb ]; then
 if [ -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb ]; then
@@ -568,7 +563,7 @@ if [ -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb ]; then
 
 
 	[ $start -eq 1 ] && /sbin/service ldap condrestart > /dev/null 2>&1 || :
 	[ $start -eq 1 ] && /sbin/service ldap condrestart > /dev/null 2>&1 || :
 fi
 fi
-
+%endif
 exit 0
 exit 0
 
 
 %files
 %files
@@ -690,6 +685,11 @@ exit 0
 
 
 
 
 %changelog
 %changelog
+* Thu Jun 03 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.4.58-1
+- new upstream release.
+- dropped ldconfig scriptlets.
+- dropped Patch2000: fixed in upstream.
+
 * Thu Mar 04 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.4.57-2
 * Thu Mar 04 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.4.57-2
 - imported Patch2000 from rawhide to fix CVE-2021-27212.
 - imported Patch2000 from rawhide to fix CVE-2021-27212.