From 7f90b3f11e744a0d39210fe5f4d24896b4a44fed Mon Sep 17 00:00:00 2001
From: xinghe <xinghe2@h-partners.com>
Date: Mon, 5 Sep 2022 16:46:33 +0800
Subject: [PATCH] remove runpath of samba's binary files

---
 samba.spec | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 75 insertions(+), 1 deletion(-)

diff --git a/samba.spec b/samba.spec
index eabf11c..d7c19ac 100644
--- a/samba.spec
+++ b/samba.spec
@@ -49,7 +49,7 @@
 
 Name:           samba
 Version:        4.11.12
-Release:        16
+Release:        17
 
 Summary:        A suite for Linux to interoperate with Windows
 License:        GPLv3+ and LGPLv3+
@@ -288,6 +288,7 @@ BuildRequires: pam-devel perl-interpreter perl-generators perl(Archive::Tar) per
 BuildRequires: readline-devel rpcgen rpcsvc-proto-devel sed libtasn1-devel libtasn1-tools xfsprogs-devel xz zlib-devel >= 1.2.3
 
 
+BuildRequires: chrpath
 BuildRequires: pkgconfig(libsystemd)
 
 %if %{with_vfs_glusterfs}
@@ -876,6 +877,56 @@ install -m 0755 packaging/NetworkManager/30-winbind-systemd \
 install -d -m 0755 %{buildroot}%{_libdir}/krb5/plugins/libkrb5
 touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
 
+# remove rpath and runpath
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/*.so*
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/*.so*
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/pdb/*.so*
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/vfs/*.so*
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/wbclient/*.so*
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/auth/*.so*
+
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/nss_info/*.so*
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/idmap/*.so*
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/security/*.so*
+
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/rpcclient
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbclient
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/regshell
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/nmblookup
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/samba-regedit
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/regtree
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbspool
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/mvxattr
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/dbwrap_tool
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbcquotas
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/dumpmscat
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/cifsdd
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/sharesec
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/regdiff
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbget
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/oLschema2ldif
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbtree
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbcacls
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/regpatch
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbcontrol
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/pdbedit
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/net
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbpasswd
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/profiles
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/testparm
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/smbstatus
+
+chrpath -d $RPM_BUILD_ROOT%{_sbindir}/eventlogadm
+chrpath -d $RPM_BUILD_ROOT%{_sbindir}/smbd
+chrpath -d $RPM_BUILD_ROOT%{_sbindir}/nmbd
+
+chrpath -d $RPM_BUILD_ROOT%{_sbindir}/winbindd
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/wbinfo
+chrpath -d $RPM_BUILD_ROOT%{_bindir}/ntlm_auth
+
+mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d
+echo "%{_libdir}/samba" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf
+
 %if ! %with_dc
 for i in \
     %{_libdir}/samba/libdfs-server-ad-samba4.so \
@@ -971,6 +1022,7 @@ TDB_NO_FSYNC=1 %make_build test FAIL_IMMEDIATELY=1
 %post
 %systemd_post smb.service
 %systemd_post nmb.service
+/sbin/ldconfig
 
 %preun
 %systemd_preun smb.service
@@ -979,6 +1031,7 @@ TDB_NO_FSYNC=1 %make_build test FAIL_IMMEDIATELY=1
 %postun
 %systemd_postun_with_restart smb.service
 %systemd_postun_with_restart nmb.service
+/sbin/ldconfig
 
 %pre common
 getent group printadmin >/dev/null || groupadd -r printadmin || :
@@ -1086,6 +1139,8 @@ if [ $1 -eq 0 ]; then
     fi
 fi
 
+%ldconfig_scriptlets libwbclient
+
 #endif with_libwbclient
 %endif
 
@@ -1095,12 +1150,14 @@ fi
 /usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || :
 
 %post winbind
+/sbin/ldconfig
 %systemd_post winbind.service
 
 %preun winbind
 %systemd_preun winbind.service
 
 %postun winbind
+/sbin/ldconfig
 %systemd_postun_with_restart winbind.service
 
 %postun winbind-krb5-locator
@@ -1120,6 +1177,7 @@ if [ $1 -eq 0 ]; then
 fi
 
 %ldconfig_scriptlets winbind-modules
+%ldconfig_scriptlets winbind-clients
 
 %if %with_clustering_support
 %post -n ctdb
@@ -1133,6 +1191,7 @@ fi
 %systemd_postun_with_restart ctdb.service
 %endif
 
+%ldconfig_scriptlets common-tools
 
 ### SAMBA
 %files
@@ -1217,6 +1276,7 @@ fi
 %{_libdir}/samba/libshares-samba4.so
 %{_libdir}/samba/libsmbpasswdparser-samba4.so
 %{_libdir}/samba/libxattr-tdb-samba4.so
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %files client
 %doc source3/client/README.smbspool
@@ -1343,6 +1403,7 @@ fi
 %{_libdir}/samba/libutil-reg-samba4.so
 %{_libdir}/samba/libutil-setid-samba4.so
 %{_libdir}/samba/libutil-tdb-samba4.so
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %if ! %with_libwbclient
 %{_libdir}/samba/libwbclient.so.*
@@ -1384,6 +1445,7 @@ fi
 %{_libdir}/samba/pdb/ldapsam.so
 %{_libdir}/samba/pdb/smbpasswd.so
 %{_libdir}/samba/pdb/tdbsam.so
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %files common-tools
 %{_bindir}/net
@@ -1392,6 +1454,7 @@ fi
 %{_bindir}/smbcontrol
 %{_bindir}/smbpasswd
 %{_bindir}/testparm
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %if %{with_dc}
 %files dc
@@ -1650,6 +1713,7 @@ fi
 %if %with_libsmbclient
 %files -n libsmbclient
 %{_libdir}/libsmbclient.so.*
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %files -n libsmbclient-devel
 %{_includedir}/samba-4.0/libsmbclient.h
@@ -1662,6 +1726,7 @@ fi
 %files -n libwbclient
 %{_libdir}/samba/wbclient/libwbclient.so.*
 %{_libdir}/samba/libwinbind-client-samba4.so
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %files -n libwbclient-devel
 %{_includedir}/samba-4.0/wbclient.h
@@ -2377,6 +2442,7 @@ fi
 
 ### WINBIND
 %files winbind
+%config(noreplace) /etc/ld.so.conf.d/*
 %{_libdir}/samba/idmap
 %{_libdir}/samba/nss_info
 %{_libdir}/samba/libnss-info-samba4.so
@@ -2387,6 +2453,7 @@ fi
 %{_prefix}/lib/NetworkManager
 
 %files winbind-clients
+%config(noreplace) /etc/ld.so.conf.d/*
 %{_bindir}/ntlm_auth
 %{_bindir}/wbinfo
 %{_libdir}/samba/krb5/winbind_krb5_localauth.so
@@ -2396,6 +2463,7 @@ fi
 %{_libdir}/samba/krb5/winbind_krb5_locator.so
 
 %files winbind-modules
+%config(noreplace) /etc/ld.so.conf.d/*
 %{_libdir}/libnss_winbind.so*
 %{_libdir}/libnss_wins.so*
 %{_libdir}/security/pam_winbind.so
@@ -3267,6 +3335,12 @@ fi
 %{_mandir}/man*
 
 %changelog
+* Mon Sep 05 2022 xinghe <xinghe2@h-partners.com> - 4.11.12-17
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:remove runpath of samba's binary files
+
 * Mon Sep 05 2022 xinghe <xinghe2@h-partners.com> - 4.11.12-16
 - Type:bugfix
 - CVE:NA
-- 
Gitee