diff --git a/0001-Don-t-use-deprecated-python-ldap-options-4082.patch b/0001-Don-t-use-deprecated-python-ldap-options-4082.patch new file mode 100644 index 0000000..68b374e --- /dev/null +++ b/0001-Don-t-use-deprecated-python-ldap-options-4082.patch @@ -0,0 +1,33 @@ +From f5e0b815e65b06b1ed86ae265adce0d91ed0efce Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Fri, 29 Jul 2022 11:18:11 +0200 +Subject: [PATCH] Don't use deprecated python-ldap options (#4082) + +- `OPT_X_TLS` is deprecated since python-ldap 3.3.0 and was removed in + 3.4.2. +- `OPT_X_TLS_DEMAND` is not a valid option key. + +`ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)` is +sufficient to enforce cert validation. + +Closes: #4081 +--- + base/server/python/pki/server/deployment/__init__.py | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py +index 5359d6b0d..213588cac 100644 +--- a/base/server/python/pki/server/deployment/__init__.py ++++ b/base/server/python/pki/server/deployment/__init__.py +@@ -188,8 +188,6 @@ class PKIDeployer: + ds_protocol = 'ldaps' + ds_port = self.mdict['pki_ds_ldaps_port'] + # ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255) +- ldap.set_option(ldap.OPT_X_TLS_DEMAND, True) +- ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND) + ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, + self.mdict['pki_ds_secure_connection_ca_pem_file']) + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) +-- +2.37.1 + diff --git a/dogtag-pki.spec b/dogtag-pki.spec index 4de101a..c94bd38 100644 --- a/dogtag-pki.spec +++ b/dogtag-pki.spec @@ -14,7 +14,7 @@ Name: dogtag-pki # Downstream release number: # - development/stabilization (unsupported): 0. where n >= 1 # - GA/update (supported): where n >= 1 -%global release_number 1 +%global release_number 2 # Development phase: # - development (unsupported): alpha where n >= 1 @@ -30,7 +30,7 @@ URL: https://www.dogtagpki.org # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 Version: %{major_version}.%{minor_version}.%{update_version} -Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.1 +Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist} # To create a tarball from a version tag: # $ git archive \ @@ -39,6 +39,11 @@ Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timesta # -o pki-.tar.gz \ # Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?phase:-}%{?phase}/pki-%{version}%{?phase:-}%{?phase}.tar.gz +# https://bugzilla.redhat.com/show_bug.cgi?id=2112243 +# https://github.com/dogtagpki/pki/issues/4081 +# https://github.com/dogtagpki/pki/pull/4082 +# Fix with python-ldap 3.4.2 +Patch0: 0001-Don-t-use-deprecated-python-ldap-options-4082.patch # To create a patch for all changes since a version tag: # $ git format-patch \ @@ -1258,6 +1263,9 @@ fi ################################################################################ %changelog +* Fri Jul 29 2022 Adam Williamson - 11.2.0-2 +- Backport fix to work with python-ldap 3.4.2 (#2112243) + * Thu Jul 21 2022 Fedora Release Engineering - 11.2.0-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild