From 4766b531909d727240b9198f7d4564af80f21139 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Tue, 29 Oct 2024 15:24:05 +0100
Subject: [PATCH] ipa-4.12.2-3 - Resolves: RHEL-61642 Uninstall ACME separately
 during PKI uninstallation

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
---
 ...etermine-which-ACME-uninstaller-to-u.patch | 34 +++++++++++++++++++
 freeipa.spec                                  | 20 ++++++-----
 2 files changed, 46 insertions(+), 8 deletions(-)
 create mode 100644 0021-Small-fixup-to-determine-which-ACME-uninstaller-to-u.patch

diff --git a/0021-Small-fixup-to-determine-which-ACME-uninstaller-to-u.patch b/0021-Small-fixup-to-determine-which-ACME-uninstaller-to-u.patch
new file mode 100644
index 0000000..e96338f
--- /dev/null
+++ b/0021-Small-fixup-to-determine-which-ACME-uninstaller-to-u.patch
@@ -0,0 +1,34 @@
+From 9a2de23eb5e00efa72189c4a86d9db1fab52c2ca Mon Sep 17 00:00:00 2001
+From: Rob Crittenden <rcritten@redhat.com>
+Date: Thu, 24 Oct 2024 11:49:17 -0400
+Subject: [PATCH] Small fixup to determine which ACME uninstaller to use
+
+The conditional was <= 11.5.0 which it should have been
+< 11.6.0 to allow for small updates to the 11.5.0 branch.
+
+Fixes: https://pagure.io/freeipa/issue/9673
+Fixes: https://pagure.io/freeipa/issue/9674
+
+Signed-off-by: Rob Crittenden <rcritten@redhat.com>
+Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
+Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
+---
+ ipaserver/install/dogtaginstance.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
+index 4b0f4d274b0c33140ed6f939f1a3fd8b75930ff9..58421a1d8859e5dd1357e07fd605e84e49048951 100644
+--- a/ipaserver/install/dogtaginstance.py
++++ b/ipaserver/install/dogtaginstance.py
+@@ -311,7 +311,7 @@ class DogtagInstance(service.Service):
+                 return
+             elif (
+                 pki.util.Version("11.0.0") <= pki_version
+-                <= pki.util.Version("11.5.0")
++                < pki.util.Version("11.6.0")
+             ):
+                 args = ['pki-server', 'acme-remove']
+             else:
+-- 
+2.47.0
+
diff --git a/freeipa.spec b/freeipa.spec
index c1bca9d..024a682 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -224,7 +224,7 @@
 
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        2%{?rc_version:.%rc_version}%{?dist}
+Release:        3%{?rc_version:.%rc_version}%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 License:        GPL-3.0-or-later
@@ -268,6 +268,7 @@ Patch0017:      0017-ipa-migrate-man-page-fix-typos-and-errors.patch
 Patch0018:      0018-ipatests-Test-for-ipa-hbac-rule-duplication.patch
 Patch0019:      0019-ipatests-refactor-password-file-handling-in-TestHSMI.patch
 Patch0020:      0020-ipatests-2FA-test-cases.patch
+Patch0021:      0021-Small-fixup-to-determine-which-ACME-uninstaller-to-u.patch
 Patch1001:      1001-Change-branding-to-IPA-and-Identity-Management.patch
 %endif
 %endif
@@ -1883,15 +1884,18 @@ fi
 %endif
 
 %changelog
+* Tue Oct 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-3
+- Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation
+
 * Mon Oct 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-2
 - Related: RHEL-59788 Rebase Samba to the latest 4.21.x release
-- Fixes: RHEL-61642 Uninstall ACME separately during PKI uninstallation
-- Fixes: RHEL-56963 SSSD offline causing test-adtrust-install failure
-- Fixes: RHEL-56473 Include latest fixes in python3-ipatests packages
-- Fixes: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode
-- Fixes: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges
-- Fixes: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode
-- Fixes: RHEL-4915 Last expired OTP token would be considered as still assigned to the user
+- Resolves: RHEL-61642 Uninstall ACME separately during PKI uninstallation
+- Resolves: RHEL-56963 SSSD offline causing test-adtrust-install failure
+- Resolves: RHEL-56473 Include latest fixes in python3-ipatests packages
+- Resolves: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode
+- Resolves: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges
+- Resolves: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode
+- Resolves: RHEL-4915 Last expired OTP token would be considered as still assigned to the user
 
 * Wed Aug 21 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-1
 - Resolves: RHEL-54546 Covscan issues: Resource Leak