[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][master] 2 commits: control: Bump dependency on jss, ldapjdk, tomcatjss.

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Mon Nov 21 09:55:18 GMT 2022 


Timo Aaltonen pushed to branch master at FreeIPA packaging / dogtag-pki


Commits:
26b3c438 by Timo Aaltonen at 2022-11-21T11:01:52+02:00
control: Bump dependency on jss, ldapjdk, tomcatjss.

- - - - -
dbcc02ac by Timo Aaltonen at 2022-11-21T11:54:50+02:00
dont-use-deprecated-python-ldap-options.diff: Drop constants removed in python-ldap 3.4.

- - - - -


4 changed files:

- debian/changelog
- debian/control
- + debian/patches/dont-use-deprecated-python-ldap-options.diff
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -5,6 +5,9 @@ dogtag-pki (11.0.6-1) UNRELEASED; urgency=medium
   * control: Fix pki-base-java to depend on default-jre-headless instead
     of a versioned one, it shouldn't be necessary to hardcode it
     anymore. (Closes: #1024462)
+  * control: Bump dependency on jss, ldapjdk, tomcatjss.
+  * dont-use-deprecated-python-ldap-options.diff: Drop constants removed
+    in python-ldap 3.4.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Thu, 28 Jul 2022 17:48:35 +0300
 


=====================================
debian/control
=====================================
@@ -26,15 +26,15 @@ Build-Depends:
  libjackson2-databind-java,
  libjaxb-java,
  libjaxp1.3-java,
- libjss-java (>= 5.0.0),
- libldap-java (>= 5.0.0),
+ libjss-java (>= 5.2.0),
+ libldap-java (>= 5.2.0),
  libldap2-dev,
  libnspr4-dev,
  libnss3-dev,
  libresteasy3.0-java (>= 3.0.26-3~),
  libslf4j-java,
  libtomcat9-java,
- libtomcatjss-java (>= 8.0.0-2~),
+ libtomcatjss-java (>= 8.2.0),
  libxalan2-java,
  libxerces2-java,
  libxml-commons-external-java,
@@ -115,8 +115,8 @@ Depends:
  libhttpcore-java,
  libjaxp1.3-java,
  libjettison-java,
- libjss-java (>= 5.0.0),
- libldap-java (>= 5.0.0),
+ libjss-java (>= 5.2.0),
+ libldap-java (>= 5.2.0),
  libresteasy3.0-java (>= 3.0.26-3~),
  libslf4j-java,
  libstax-java,
@@ -193,7 +193,7 @@ Depends:
  libjs-jquery,
  libjs-underscore,
  libsymkey-java (= ${source:Version}),
- libtomcatjss-java (>= 8.0.0-2~),
+ libtomcatjss-java (>= 8.2.0),
  libxml-commons-external-java,
  libxml-commons-resolver1.1-java,
  openssl,


=====================================
debian/patches/dont-use-deprecated-python-ldap-options.diff
=====================================
@@ -0,0 +1,28 @@
+commit f5e0b815e65b06b1ed86ae265adce0d91ed0efce
+Author: Christian Heimes <cheimes at redhat.com>
+Date:   Fri Jul 29 11:18:11 2022 +0200
+
+    Don't use deprecated python-ldap options (#4082)
+    
+    - `OPT_X_TLS` is deprecated since python-ldap 3.3.0 and was removed in
+      3.4.2.
+    - `OPT_X_TLS_DEMAND` is not a valid option key.
+    
+    `ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)` is
+    sufficient to enforce cert validation.
+    
+    Closes: #4081
+
+diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
+index 5359d6b0d..213588cac 100644
+--- a/base/server/python/pki/server/deployment/__init__.py
++++ b/base/server/python/pki/server/deployment/__init__.py
+@@ -188,8 +188,6 @@ class PKIDeployer:
+             ds_protocol = 'ldaps'
+             ds_port = self.mdict['pki_ds_ldaps_port']
+             # ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
+-            ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
+-            ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
+             ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
+                             self.mdict['pki_ds_secure_connection_ca_pem_file'])
+             ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)


=====================================
debian/patches/series
=====================================
@@ -1,4 +1,5 @@
 # upstreamed
+dont-use-deprecated-python-ldap-options.diff
 
 # not upstreamable
 fix-include-paths.diff



View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/cc2c15cb73cbf691dbe4545c4c1a629263f564cf...dbcc02acc40ff0a2c6e04e4d18a5768ae220b649

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/cc2c15cb73cbf691dbe4545c4c1a629263f564cf...dbcc02acc40ff0a2c6e04e4d18a5768ae220b649
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20221121/72554ea9/attachment-0001.htm>

More information about the Pkg-freeipa-devel mailing list