%global _hardened_build 1

%global systemctl_bin /usr/bin/systemctl

%global check_password_version 1.1

%global so_ver 2

%global so_ver_compat 2

%bcond_with servers

# When you change "Version: " to the new major version, remember to change this value too

%global major_version 2.6

# Disable automatic .la file removal

%global __brp_remove_la_files %nil

Name: openldap

Version: 2.6.2

Release: 3%{?dist}

Summary: LDAP support libraries

License: OpenLDAP

URL: http://www.openldap.org/

Source0: https://openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz

Source1: slapd.service

Source2: slapd.tmpfiles

Source3: slapd.ldif

Source4: ldap.conf

Source5: UPGRADE_INSTRUCTIONS

Source10: https://github.com/ltb-project/openldap-ppolicy-check-password/archive/v%{check_password_version}/openldap-ppolicy-check-password-%{check_password_version}.tar.gz

Source50: libexec-functions

Source52: libexec-check-config.sh

# Patches for 2.6

Patch0: openldap-manpages.patch

Patch1: openldap-reentrant-gethostby.patch

Patch3: openldap-smbk5pwd-overlay.patch

Patch4: openldap-ai-addrconfig.patch

Patch5: openldap-allop-overlay.patch

# fix back_perl problems with lt_dlopen()

# might cause crashes because of symbol collisions

# the proper fix is to link all perl modules against libperl

# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585

Patch6: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch

# System-wide default for CA certs

Patch7: openldap-openssl-manpage-defaultCA.patch

Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch

Patch9: openldap-Revert-ITS-8618-Remove-deprecated-h-and-p.patch

# check-password module specific patches

Patch90: check-password-makefile.patch

Patch91: check-password.patch

BuildRequires: cyrus-sasl-devel

BuildRequires: gcc

BuildRequires: glibc-devel

BuildRequires: groff

BuildRequires: krb5-devel

BuildRequires: libtool-ltdl-devel

BuildRequires: libevent-devel

BuildRequires: make

BuildRequires: openssl-devel

BuildRequires: perl(ExtUtils::Embed)

BuildRequires: perl-devel

BuildRequires: perl-generators

BuildRequires: perl-interpreter

BuildRequires: unixODBC-devel

BuildRequires: systemd

BuildRequires: libdb-devel

BuildRequires: cracklib-devel

%description

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access

Protocol) applications and development tools. LDAP is a set of

protocols for accessing directory services (usually phone book style

information, but other information is possible) over the Internet,

similar to the way DNS (Domain Name System) information is propagated

over the Internet. The openldap package contains configuration files,

libraries, and documentation for OpenLDAP.

%package devel

Summary: LDAP development libraries and header files

Requires: openldap%{?_isa} = %{version}-%{release}

Requires: cyrus-sasl-devel%{?_isa}

%description devel

The openldap-devel package includes the development libraries and

header files needed for compiling applications that use LDAP

(Lightweight Directory Access Protocol) internals. LDAP is a set of

protocols for enabling directory services over the Internet. Install

this package only if you plan to develop or will need to compile

customized LDAP clients.

%package compat

Summary: Package providing legacy non-threaded libldap

Requires: openldap%{?_isa} = %{version}-%{release}

# since libldap is manually linked from libldap_r, the provides is not generated automatically

%ifarch armv7hl i686

Provides: libldap-2.4.so.%{so_ver_compat}

Provides: libldap_r-2.4.so.%{so_ver_compat}

Provides: liblber-2.4.so.%{so_ver_compat}

Provides: libslapi-2.4.so.%{so_ver_compat}

%else

Provides: libldap-2.4.so.%{so_ver_compat}()(%{__isa_bits}bit)

Provides: libldap_r-2.4.so.%{so_ver_compat}()(%{__isa_bits}bit)

Provides: liblber-2.4.so.%{so_ver_compat}()(%{__isa_bits}bit)

Provides: libslapi-2.4.so.%{so_ver_compat}()(%{__isa_bits}bit)

%endif

%description compat

The openldap-compat package contains shared libraries named as libldap-2.4.so,

libldap_r-2.4.so, liblber-2.4.so and libslapi-2.4.so.

The libraries are just links to the current version shared libraries,

and are available for compatibility reasons.

%if %{with servers}

%package servers

Summary: LDAP server

License: OpenLDAP

Requires: openldap%{?_isa} = %{version}-%{release}

%{?systemd_requires}

Requires(pre): shadow-utils

# migrationtools (slapadd functionality):

Provides: ldif2ldbm

%description servers

OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access

Protocol) applications and development tools. LDAP is a set of

protocols for accessing directory services (usually phone book style

information, but other information is possible) over the Internet,

similar to the way DNS (Domain Name System) information is propagated

over the Internet. This package contains the slapd server and related files.

# endif with servers

%endif

%package clients

Summary: LDAP client utilities

Requires: openldap%{?_isa} = %{version}-%{release}

%description clients

OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access

Protocol) applications and development tools. LDAP is a set of

protocols for accessing directory services (usually phone book style

information, but other information is possible) over the Internet,

similar to the way DNS (Domain Name System) information is propagated

over the Internet. The openldap-clients package contains the client

programs needed for accessing and modifying OpenLDAP directories.

%prep

%setup -q -c -a 0 -a 10

pushd openldap-%{version}

%patch0 -p1

%patch1 -p1

%patch3 -p1

%patch4 -p1

%patch5 -p1

%patch6 -p1

%patch7 -p1

%patch8 -p1

%patch9 -p1

# build smbk5pwd with other overlays

ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays

mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd

# build allop with other overlays

ln -s ../../../contrib/slapd-modules/allop/allop.c servers/slapd/overlays

mv contrib/slapd-modules/allop/README contrib/slapd-modules/allop/README.allop

mv contrib/slapd-modules/allop/slapo-allop.5 doc/man/man5/slapo-allop.5

mv servers/slapd/back-perl/README{,.back_perl}

# fix documentation encoding

for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do

  iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8"

  mv "$filename.utf8" "$filename"

done

popd

pushd openldap-ppolicy-check-password-%{check_password_version}

%patch90 -p1

%patch91 -p1

popd

%build

%set_build_flags

# enable experimental support for LDAP over UDP (LDAP_CONNECTIONLESS)

export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -Wl,-z,now -DLDAP_CONNECTIONLESS"

pushd openldap-%{version}

%configure \

	--enable-debug \

	--enable-dynamic \

	--enable-versioning \

	\

	--enable-dynacl \

	--enable-cleartext \

	--enable-crypt \

	--enable-lmpasswd \

	--enable-spasswd \

	--enable-modules \

	--enable-perl \

	--enable-rewrite \

	--enable-rlookups \

	--enable-slapi \

	--disable-slp \

	\

	--enable-backends=mod \

	--enable-bdb=yes \

	--enable-hdb=yes \

	--enable-mdb=yes \

	--enable-monitor=yes \

	--disable-ndb \

	--disable-sql \

	--disable-wt \

	\

	--enable-overlays=mod \

	\

	--disable-static \

	\

	--enable-balancer=mod \

        \

	--with-cyrus-sasl \

	--without-fetch \

	--with-threads \

	--with-pic \

	--with-gnu-ld \

	\

	--libexecdir=%{_libdir}

%make_build

popd

pushd openldap-ppolicy-check-password-%{check_password_version}

%make_build LDAP_INC="-I../openldap-%{version}/include \

 -I../openldap-%{version}/servers/slapd \

 -I../openldap-%{version}/build-servers/include"

popd

%install

mkdir -p %{buildroot}%{_libdir}/

pushd openldap-%{version}

%make_install STRIP_OPTS=""

popd

# install check_password module

pushd openldap-ppolicy-check-password-%{check_password_version}

mv check_password.so check_password.so.%{check_password_version}

ln -s check_password.so.%{check_password_version} %{buildroot}%{_libdir}/openldap/check_password.so

install -m 755 check_password.so.%{check_password_version} %{buildroot}%{_libdir}/openldap/

# install -m 644 README %{buildroot}%{_libdir}/openldap

install -d -m 755 %{buildroot}%{_sysconfdir}/openldap

cat > %{buildroot}%{_sysconfdir}/openldap/check_password.conf <

# OpenLDAP pwdChecker library configuration

#useCracklib 1

#minPoints 3

#minUpper 0

#minLower 0

#minDigit 0

#minPunct 0

EOF

mv README{,.check_pwd}

popd

# setup directories for TLS certificates

mkdir -p %{buildroot}%{_sysconfdir}/openldap/certs

# setup data and runtime directories

mkdir -p %{buildroot}%{_sharedstatedir}

mkdir -p %{buildroot}%{_localstatedir}

install -m 0700 -d %{buildroot}%{_sharedstatedir}/ldap

install -m 0755 -d %{buildroot}%{_localstatedir}/run/openldap

# setup autocreation of runtime directories on tmpfs

mkdir -p %{buildroot}%{_tmpfilesdir}

install -m 0644 %SOURCE2 %{buildroot}%{_tmpfilesdir}/slapd.conf

# install default ldap.conf (customized)

rm %{buildroot}%{_sysconfdir}/openldap/ldap.conf

install -m 0644 %SOURCE4 %{buildroot}%{_sysconfdir}/openldap/ldap.conf

# setup maintainance scripts

mkdir -p %{buildroot}%{_libexecdir}

install -m 0755 -d %{buildroot}%{_libexecdir}/openldap

install -m 0644 %SOURCE50 %{buildroot}%{_libexecdir}/openldap/functions

install -m 0755 %SOURCE52 %{buildroot}%{_libexecdir}/openldap/check-config.sh

# remove build root from config files and manual pages

perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_sysconfdir}/openldap/*.conf

perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_mandir}/*/*.*

# we don't need the default files -- RPM handles changes

rm %{buildroot}%{_sysconfdir}/openldap/*.default

# install an init script for the servers

mkdir -p %{buildroot}%{_unitdir}

install -m 0644 %SOURCE1 %{buildroot}%{_unitdir}/slapd.service

# move slapd out of _libdir

mv %{buildroot}%{_libdir}/slapd %{buildroot}%{_sbindir}/

# setup tools as symlinks to slapd

for X in acl add auth cat dn index modify passwd test schema ; do

  rm %{buildroot}%{_sbindir}/slap$X

  ln -s slapd %{buildroot}%{_sbindir}/slap$X

done

# re-symlink unversioned libraries, so ldconfig is not confused

pushd %{buildroot}%{_libdir}

v=%{version}

version=$(echo ${v%.[0-9]*})

for lib in liblber libldap libslapi; do

        rm -f ${lib}.so

        ln -s ${lib}.so.%{so_ver} ${lib}.so

done

for lib in $(ls | grep libldap); do

    IFS='.'

    read -r -a libsplit <<< "$lib"

    if [[ -z "${libsplit[3]}" && -n "${libsplit[2]}" ]]

    then

        so_ver_short_2_4="%{so_ver_compat}"

    elif [ -n "${libsplit[3]}" ]

    then

        so_ver_full_2_4="%{so_ver_compat}.${libsplit[3]}.${libsplit[4]}"

    fi

    unset IFS

done

# Copy libldap to libldap_r for both 2.4 and 2.6+ versions, make a versioned lib link

# We increase it by 2 because libldap-2.4 has the 'so.2' major version on 2.4.59 (one of the last versions which is EOL)

gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.${so_ver_short_2_4}" -Wl,--no-as-needed -Wl,-z,now \

       -Wl,-soname -Wl,libldap-2.4.so.${so_ver_short_2_4} -L "%{buildroot}%{_libdir}" -lldap

gcc -shared -o "%{buildroot}%{_libdir}/libldap_r-2.4.so.${so_ver_short_2_4}" -Wl,--no-as-needed -Wl,-z,now \

       -Wl,-soname -Wl,libldap_r-2.4.so.${so_ver_short_2_4} -L "%{buildroot}%{_libdir}" -lldap

gcc -shared -o "%{buildroot}%{_libdir}/liblber-2.4.so.${so_ver_short_2_4}" -Wl,--no-as-needed -Wl,-z,now \

       -Wl,-soname -Wl,liblber-2.4.so.${so_ver_short_2_4} -L "%{buildroot}%{_libdir}" -llber

gcc -shared -o "%{buildroot}%{_libdir}/libslapi-2.4.so.${so_ver_short_2_4}" -Wl,--no-as-needed -Wl,-z,now \

       -Wl,-soname -Wl,libslapi-2.4.so.${so_ver_short_2_4} -L "%{buildroot}%{_libdir}" -lslapi

ln -s libldap-2.4.so.{${so_ver_short_2_4},${so_ver_full_2_4}}

ln -s libldap_r-2.4.so.{${so_ver_short_2_4},${so_ver_full_2_4}}

ln -s liblber-2.4.so.{${so_ver_short_2_4},${so_ver_full_2_4}}

ln -s libslapi-2.4.so.{${so_ver_short_2_4},${so_ver_full_2_4}}

cp libldap.so.${so_ver_full_2_4} libldap_r.so.${so_ver_full_2_4}

ln -s libldap_r.so.{${so_ver_full_2_4},${so_ver_short_2_4}}

ln -s libldap_r.so.${so_ver_full_2_4} libldap_r.so

popd

# tweak permissions on the libraries to make sure they're correct

chmod 0755 %{buildroot}%{_libdir}/lib*.so*

chmod 0644 %{buildroot}%{_libdir}/lib*.*a

chmod 0644 %{buildroot}%{_libdir}/openldap/*.la

# slapd.conf(5) is obsoleted since 2.3, see slapd-config(5)

mkdir -p %{buildroot}%{_datadir}

install -m 0755 -d %{buildroot}%{_datadir}/openldap-servers

install -m 0644 %SOURCE3 %{buildroot}%{_datadir}/openldap-servers/slapd.ldif

install -m 0644 %SOURCE5 %{buildroot}%{_datadir}/openldap-servers/UPGRADE_INSTRUCTIONS

install -m 0700 -d %{buildroot}%{_sysconfdir}/openldap/slapd.d

rm %{buildroot}%{_sysconfdir}/openldap/slapd.conf

rm %{buildroot}%{_sysconfdir}/openldap/slapd.ldif

# move doc files out of _sysconfdir

mv %{buildroot}%{_sysconfdir}/openldap/schema/README README.schema

# remove files which we don't want packaged

rm %{buildroot}%{_libdir}/*.la  # because we do not want files in %{_libdir}/openldap/ removed, yet

%ldconfig_scriptlets

%if %{with servers}

%pre servers

# create ldap user and group

getent group ldap &>/dev/null || groupadd -r -g 55 ldap

getent passwd ldap &>/dev/null || \

	useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap

exit 0

%post servers

%systemd_post slapd.service

# If it's not upgrade - we remove the UPGRADE_INSTRUCTIONS

if [ $1 -lt 2 ] ; then

    rm %{_datadir}/openldap-servers/UPGRADE_INSTRUCTIONS

fi

# generate configuration if necessary

if [[ ! -f %{_sysconfdir}/openldap/slapd.d/cn=config.ldif && \

      ! -f %{_sysconfdir}/openldap/slapd.conf

   ]]; then

      # if there is no configuration available, generate one from the defaults

      mkdir -p %{_sysconfdir}/openldap/slapd.d/ &>/dev/null || :

      /usr/sbin/slapadd -F %{_sysconfdir}/openldap/slapd.d/ -n0 -l %{_datadir}/openldap-servers/slapd.ldif

      chown -R ldap:ldap %{_sysconfdir}/openldap/slapd.d/

      %{systemctl_bin} try-restart slapd.service &>/dev/null

fi

# restart after upgrade

if [ $1 -ge 1 ]; then

    %{systemctl_bin} condrestart slapd.service &>/dev/null || :

fi

exit 0

%preun servers

%systemd_preun slapd.service

%postun servers

%systemd_postun_with_restart slapd.service

# endif with servers

%endif

%files

%doc openldap-%{version}/ANNOUNCEMENT

%doc openldap-%{version}/CHANGES

%license openldap-%{version}/COPYRIGHT

%license openldap-%{version}/LICENSE

%doc openldap-%{version}/README

%dir %{_sysconfdir}/openldap

%dir %{_sysconfdir}/openldap/certs

%config(noreplace) %{_sysconfdir}/openldap/ldap.conf

%dir %{_libexecdir}/openldap/

%{_libdir}/liblber.so.*

%{_libdir}/libldap.so.*

%{_libdir}/libldap_r.so.*

%{_libdir}/libslapi.so.*

%{_mandir}/man5/ldif.5*

%{_mandir}/man5/ldap.conf.5*

%if %{with servers}

%files servers

%doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd

%doc openldap-%{version}/doc/guide/admin/*.html

%doc openldap-%{version}/doc/guide/admin/*.png

%doc openldap-%{version}/servers/slapd/back-perl/SampleLDAP.pm

%doc openldap-%{version}/servers/slapd/back-perl/README.back_perl

%doc openldap-ppolicy-check-password-%{check_password_version}/README.check_pwd

%doc README.schema

%config(noreplace) %dir %attr(0750,ldap,ldap) %{_sysconfdir}/openldap/slapd.d

%config(noreplace) %{_sysconfdir}/openldap/schema

%config(noreplace) %{_sysconfdir}/openldap/check_password.conf

%{_tmpfilesdir}/slapd.conf

%dir %attr(0700,ldap,ldap) %{_sharedstatedir}/ldap

%dir %attr(-,ldap,ldap) %{_localstatedir}/run/openldap

%{_unitdir}/slapd.service

%{_datadir}/openldap-servers/

%{_libdir}/openldap/accesslog*

%{_libdir}/openldap/allop*

%{_libdir}/openldap/auditlog*

%{_libdir}/openldap/autoca*

%{_libdir}/openldap/back_asyncmeta*

%{_libdir}/openldap/back_dnssrv*

%{_libdir}/openldap/back_ldap*

%{_libdir}/openldap/back_meta*

%{_libdir}/openldap/back_null*

%{_libdir}/openldap/back_passwd*

%{_libdir}/openldap/back_relay*

%{_libdir}/openldap/back_sock*

%{_libdir}/openldap/check_password*

%{_libdir}/openldap/collect*

%{_libdir}/openldap/constraint*

%{_libdir}/openldap/dds*

%{_libdir}/openldap/deref*

%{_libdir}/openldap/dyngroup*

%{_libdir}/openldap/dynlist*

%{_libdir}/openldap/home*

%{_libdir}/openldap/lloadd*

%{_libdir}/openldap/memberof*

%{_libdir}/openldap/otp*

%{_libdir}/openldap/pcache*

%{_libdir}/openldap/ppolicy*

%{_libdir}/openldap/refint*

%{_libdir}/openldap/remoteauth*

%{_libdir}/openldap/retcode*

%{_libdir}/openldap/rwm*

%{_libdir}/openldap/seqmod*

%{_libdir}/openldap/smbk5pwd*

%{_libdir}/openldap/sssvlv*

%{_libdir}/openldap/syncprov*

%{_libdir}/openldap/translucent*

%{_libdir}/openldap/unique*

%{_libdir}/openldap/valsort*

%{_libexecdir}/openldap/functions

%{_libexecdir}/openldap/check-config.sh

%{_sbindir}/sl*

%{_mandir}/man8/*

%{_mandir}/man5/lloadd.conf.5*

%{_mandir}/man5/slapd*.5*

%{_mandir}/man5/slapo-*.5*

%{_mandir}/man5/slappw-argon2.5*

# obsolete configuration

%ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf

%else

%exclude %{_datadir}/openldap-servers/

%exclude %{_libdir}/openldap/

%exclude %{_libexecdir}/openldap/check-config.sh

%exclude %{_libexecdir}/openldap/functions

%exclude %{_mandir}/man5/slapd*.5*

%exclude %{_mandir}/man5/slapo-*.5*

%exclude %{_mandir}/man5/lloadd.conf.5*

%exclude %{_mandir}/man5/slappw-argon2.5*

%exclude %{_mandir}/man8/*

%exclude %{_sbindir}/sl*

%exclude %{_sysconfdir}/openldap/check_password.conf

%exclude %{_sysconfdir}/openldap/schema

%exclude %{_tmpfilesdir}/slapd.conf

%exclude %{_unitdir}/slapd.service

# endif with servers

%endif

%files clients

%{_bindir}/*

%{_mandir}/man1/*

%files devel

%doc openldap-%{version}/doc/drafts openldap-%{version}/doc/rfc

%{_libdir}/liblber.so

%{_libdir}/libldap.so

%{_libdir}/libldap_r.so

%{_libdir}/libslapi.so

%{_includedir}/*

%{_libdir}/pkgconfig/lber.pc

%{_libdir}/pkgconfig/ldap.pc

%{_mandir}/man3/*

%files compat

%{_libdir}/libldap-2.4*.so.*

%{_libdir}/libldap_r-2.4*.so.*

%{_libdir}/liblber-2.4*.so.*

%{_libdir}/libslapi-2.4*.so.*

%changelog

* Fri Aug 5 2022 Simon Pichugin <spichugi@redhat.com> - 2.6.2-3

- Add export symbols related to LDAP_CONNECTIONLESS

  Related: rhbz#2115465

* Mon Jun 27 2022 Simon Pichugin <spichugi@redhat.com> - 2.6.2-2

- Change STRIP to STRIP_OPTS

  Related: rhbz#2094159

* Wed Jun  1 2022 Simon Pichugin <spichugi@redhat.com> - 2.6.2-1

- Update to new major release OpenLDAP 2.6.2

- The client tools parameters '-h' and '-p' are officially deprecated,

  please, use '-H' parameter instead.

  Related: rhbz#2094159

* Fri Apr 22 2022 Igor Raits <igor.raits@gmail.com> - 2.4.59-5

- Pull systemd only from server subpackage 

* Wed Dec 15 2021 Viktor Ashirov <vashirov@redhat.com> - 2.4.59-4

- Add "with servers" conditional

  Related: rhbz#2030665

* Thu Sep 23 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.59-3

- Enable BIND_NOW for the linked library too. Related: rhbz#2002747

* Wed Sep 22 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.59-2

- Enable BIND_NOW to prevent GOT overwrite attacks.

- Ignore badfuncs error in rpminspect because it's a false positive

  Related: rhbz#2002747

* Tue Sep 14 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.59-1

- Rebase openldap to 2.4.59 Related: rhbz#2002747

* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.57-8

- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags

  Related: rhbz#1991688

* Mon Jul 12 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.57-7

- Fix Channel Binding tests Related: rhbz#1967853

* Thu Jun 24 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.57-6

- Fix slapd.tmpfiles complaints. Related: rhbz#1969853

- Use https:// for source Related: rhbz#1973597

* Tue Jun 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.57-5

- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065

* Fri Jun  4 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.57-4

- Backport Channel Binding support. Related: rhbz#1967853

- Fix coverity issues. Related: rhbz#1938829

* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.57-3

- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.57-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Tue Jan 19 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.57-1

- Rebase to version 2.4.57 (#1917583)

* Thu Nov 26 2020 Simon Pichugin <spichugi@redhat.com> - 2.4.56-4

- Use gcc to link libldap_r to libldap (#1537260)

* Fri Nov 20 2020 Simon Pichugin <spichugi@redhat.com> - 2.4.56-3

- Fix 32-bit libraries build (#1537260)

* Fri Nov 20 2020 Simon Pichugin <spichugi@redhat.com> - 2.4.56-2

- Drop non-threaded libldap (#1537260)

* Wed Nov 18 2020 Simon Pichugin <spichugi@redhat.com> - 2.4.56-1

- Rebase to version 2.4.56 (#1896508)

* Mon Nov 02 2020 Simon Pichugin <spichugi@redhat.com> - 2.4.55-1

- Rebase to version 2.4.55 (#1891622)

* Tue Oct 13 2020 Simon Pichugin <spichugi@redhat.com> - 2.4.54-1

- Rebase to version 2.4.54 (#1887581)

* Thu Sep 10 2020 Simon Pichugin <spichugi@redhat.com> - 2.4.53-1

- Rebase to version 2.4.53 (#1868240)

* Thu Sep 03 2020 Simon Pichugin <spichugi@redhat.com> - 2.4.52-1

- Rebase to version 2.4.52 (#1868240)

* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.50-4

- Second attempt - Rebuilt for

  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.50-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.50-2

- Perl 5.32 rebuild

* Wed Jun 17 2020 Matus Honek <mhonek@redhat.com> - 2.4.50-1

- Rebase to version 2.4.50 (#1742285)

* Tue Jun 16 2020 Tom Stellard <tstellar@redhat.com> - 2.4.47-5

- Spec file cleanups

- Add BuildRequres: gcc [1]

- make_build [2] and make_install [3]

- [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/#_buildrequires_and_requires

- [2] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make

- [3] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_why_the_makeinstall_macro_should_not_be_used

* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.47-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.47-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.47-2

- Perl 5.30 rebuild

* Wed Feb 13 2019 Matus Honek <mhonek@redhat.com> - 2.4.47-1

- Rebase to upstream version 2.4.47

* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.46-13

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.4.46-12

- Rebuilt for libcrypt.so.2 (#1666033)

* Mon Dec 17 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-11

- Reference default system-wide CA certificates in manpages (#1611591)

* Tue Oct 16 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-10

- Revert "Fix: Cannot use SSL3 anymore"

* Mon Oct 08 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-9

- Backport upstream fixes for ITS 7595 - add OpenSSL EC support (#1623495)

* Tue Aug 14 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-8

- Fix: Cannot use SSL3 anymore (#1592431)

* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.46-7

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri Jul  6 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-6

- Build with LDAP_USE_NON_BLOCKING_TLS (#1594928)

- Remove unused leftover MozNSS Compat. Layer references (cont.) (#1557967)

* Fri Jul 06 2018 Petr Pisar <ppisar@redhat.com> - 2.4.46-5

- Perl 5.28 rebuild

* Wed Jul  4 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-4

- Remove unused leftover MozNSS Compat. Layer references (#1557967)

* Wed Jul  4 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-3

- MozNSS Compat. Layer: Make log messages more clear (#1598103)

- MozNSS Compat. Layer: Fix memleaks reported by valgrind (#1595203)

* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.46-2

- Perl 5.28 rebuild

- MozNSS Compat. Layer: Fix typos, and spelling in the README file header (#1564161)

* Tue Mar 27 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-1

- Rebase to version OpenLDAP 2.4.46 (#1559652)

* Mon Mar  5 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-14

- Utilize system-wide crypto-policies (#1483979)

* Thu Mar  1 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-13

- fix: openldap does not use Fedora build flags

  + makes use of redhat-rpm-config package

- Drop superfluous back-sql linking patch

* Wed Feb 28 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-12

- MozNSS Compat. Layer: fix: libldap tlsmc continues even after it fails to extract CA certificates (#1550110)

* Wed Feb 21 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-11

- TLS: Use system trusted CA store by default (#1270678, #1537259)

* Sun Feb 11 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-10

- Complete change: Disable TLSMC in F29+

* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.4.45-9