Backport fix to work with python-ldap 3.4.2 (#2112243)

0001-Don-t-use-deprecated-python-ldap-options-4082.patch

@@ -0,0 +1,33 @@
+From f5e0b815e65b06b1ed86ae265adce0d91ed0efce Mon Sep 17 00:00:00 2001
+From: Christian Heimes <cheimes@redhat.com>
+Date: Fri, 29 Jul 2022 11:18:11 +0200
+Subject: [PATCH] Don't use deprecated python-ldap options (#4082)
+
+- `OPT_X_TLS` is deprecated since python-ldap 3.3.0 and was removed in
+  3.4.2.
+- `OPT_X_TLS_DEMAND` is not a valid option key.
+
+`ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)` is
+sufficient to enforce cert validation.
+
+Closes: #4081
+---
+ base/server/python/pki/server/deployment/__init__.py | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
+index 5359d6b0d..213588cac 100644
+--- a/base/server/python/pki/server/deployment/__init__.py
++++ b/base/server/python/pki/server/deployment/__init__.py
+@@ -188,8 +188,6 @@ class PKIDeployer:
+             ds_protocol = 'ldaps'
+             ds_port = self.mdict['pki_ds_ldaps_port']
+             # ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
+-            ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
+-            ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
+             ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
+                             self.mdict['pki_ds_secure_connection_ca_pem_file'])
+             ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
+-- 
+2.37.1
+

dogtag-pki.spec

@@ -14,7 +14,7 @@ Name:             dogtag-pki
 # Downstream release number:
 # - development/stabilization (unsupported): 0.<n> where n >= 1
 # - GA/update (supported): <n> where n >= 1
-%global           release_number 1
+%global           release_number 2
 
 # Development phase:
 # - development (unsupported): alpha<n> where n >= 1
@@ -30,7 +30,7 @@ URL:              https://www.dogtagpki.org
 # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
 License:          GPLv2 and LGPLv2
 Version:          %{major_version}.%{minor_version}.%{update_version}
-Release:          %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.1
+Release:          %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
 
 # To create a tarball from a version tag:
 # $ git archive \
@@ -39,6 +39,11 @@ Release:          %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timesta
 #     -o pki-<version>.tar.gz \
 #     <version tag>
 Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?phase:-}%{?phase}/pki-%{version}%{?phase:-}%{?phase}.tar.gz
+# https://bugzilla.redhat.com/show_bug.cgi?id=2112243
+# https://github.com/dogtagpki/pki/issues/4081
+# https://github.com/dogtagpki/pki/pull/4082
+# Fix with python-ldap 3.4.2
+Patch0: 0001-Don-t-use-deprecated-python-ldap-options-4082.patch
 
 # To create a patch for all changes since a version tag:
 # $ git format-patch \
@@ -1258,6 +1263,9 @@ fi
 
 ################################################################################
 %changelog
+* Fri Jul 29 2022 Adam Williamson <awilliam@redhat.com> - 11.2.0-2
+- Backport fix to work with python-ldap 3.4.2 (#2112243)
+
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 11.2.0-1.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild