From 38e4126e68d6a867854fcc18ef9844b73aa60736 Mon Sep 17 00:00:00 2001
From: Julien Rische <jrische@redhat.com>
Date: Wed, 12 Jun 2024 14:14:20 +0200
Subject: [PATCH] ipa-4.12.1-1

- CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
  Resolves: RHEL-32233
- CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
  Resolves: RHEL-40881

Signed-off-by: Julien Rische <jrische@redhat.com>
---
 .gitignore   | 2 ++
 freeipa.spec | 6 +++++-
 sources      | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 2d90848..be5c7c7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -134,3 +134,5 @@
 /freeipa-4.11.1.tar.gz.asc
 /freeipa-4.12.0.tar.gz
 /freeipa-4.12.0.tar.gz.asc
+/freeipa-4.12.1.tar.gz.asc
+/freeipa-4.12.1.tar.gz
diff --git a/freeipa.spec b/freeipa.spec
index bf6b96b..5639d69 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -192,7 +192,7 @@
 
 # Work-around fact that RPM SPEC parser does not accept
 # "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
-%define IPA_VERSION 4.12.0
+%define IPA_VERSION 4.12.1
 # Release candidate version -- uncomment with one percent for RC versions
 #%%global rc_version
 %define AT_SIGN @
@@ -1854,6 +1854,10 @@ fi
 %endif
 
 %changelog
+* Wed Jun 12 2024 Julien Rische <jrische@redhat.com> - 4.12.1-1
+- Resolves: RHEL-32233 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
+- Resolves: RHEL-40881 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
+
 * Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1
 - Resolves: RHEL-39144 Rebase ipa to the latest 4.12 version for RHEL 10
 - Resolves: RHEL-30537 ipa: freeipa: argument injection into the username field of the /ipa/session/login_password requests
diff --git a/sources b/sources
index 1d416e7..f6b9bfd 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (freeipa-4.12.0.tar.gz) = 1e95250a6892e85b4782a1f2451a99d21c90ce82db2be369d9e0e1706575229d4539b20f8dd2b97da0d6f73f4fb59168ab6e05eb2fe185b4bb854f42c1e7fd29
-SHA512 (freeipa-4.12.0.tar.gz.asc) = 896170fee005acc3cf46b22053d9f0f0e75f0af31af5c9fbd993674dc26549e479ea3468412ff35f947f7cf42bb7b9bf96f1ead21d754eec92a27b30d731dbe1
+SHA512 (freeipa-4.12.1.tar.gz) = a419c4251a55a69f90e6e3d2a514d6ba9e0609573bd5dbc9ff446c95b09164831233987c8cb70d3c2b53dae9b6600f3efd50c976007637cf18e6679e51f2c2f9
+SHA512 (freeipa-4.12.1.tar.gz.asc) = 759de997443d608bb26e684c5de8678cb01d15077a2506ee4cc6102f1b5255a3ffd4bf25fb4a07578e590eb72b44e9f6b42645eac1f6f451d652f36271d3a806