a63c6e0 freeipa.spec: synchronize with Fedora for 389-ds and PKI versions

1 file Authored by abbra 3 years ago, Committed by frenaud 3 years ago,
    freeipa.spec: synchronize with Fedora for 389-ds and PKI versions
    
    - 389-ds fixes an information disclosure during unsuccessful LDAP BIND
      operation, CVE-2020-35518, https://github.com/389ds/389-ds-base/issues/4609
    
    - Dogtag PKI adopted to work with 389-ds with the fix,
      https://github.com/dogtagpki/pki/issues/3458
    
    FreeIPA needs to require new Dogtag and 389-ds versions on all Fedora
    and RHEL versions.
    
    RHEL 8 version is set to 1.4.3.16-12 which is the official build after
    pki-core was fixed to work with the CVE fixes.
    
    In order to avoid excessive %if/%endif conditionals in the spec file, I
    have added a short Lua table with 389-ds versions for F32-33. F34 and
    Rawhide will fallback to the same newer 389-ds 2.0.3 version. We do not
    support building on F31 or older Fedora anymore as they are EOLed
    already.
    
    Fixes: https://pagure.io/freeipa/issue/8705
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
    
        
file modified
+16 -16