diff --git a/SOURCES/0032-idviews-use-cached-ipaOriginalUid-value-when-resolvi.patch b/SOURCES/0032-idviews-use-cached-ipaOriginalUid-value-when-resolvi.patch
new file mode 100644
index 0000000..410c5f3
--- /dev/null
+++ b/SOURCES/0032-idviews-use-cached-ipaOriginalUid-value-when-resolvi.patch
@@ -0,0 +1,51 @@
+From fef36da6e8d5f6f057a80c7b9bca0eae2ed2c367 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 9 Jun 2022 18:29:59 +0300
+Subject: [PATCH] idviews: use cached ipaOriginalUid value when resolving ID
+ override anchor
+
+For ID overrides 'ipaOriginalUid' value should be the human-readable
+version of the ID override anchor. Since we would have it already set in
+the ID override entry, prefer using it instead of looking up the
+override anchor.
+
+This should speed up significantly operations which list all ID
+overrides in the view, like Web UI views.
+
+Fixes: https://pagure.io/freeipa/issue/9178
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ ipaserver/plugins/idviews.py | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py
+index 018c1f6056f514c5c99e6b47c7d78c2c7165bf55..7dc298a14ec7d7cce85f631e00675fea93800493 100644
+--- a/ipaserver/plugins/idviews.py
++++ b/ipaserver/plugins/idviews.py
+@@ -746,8 +746,12 @@ class baseidoverride(LDAPObject):
+
+ def convert_anchor_to_human_readable_form(self, entry_attrs, **options):
+ if not options.get('raw'):
+- anchor = entry_attrs.single_value['ipaanchoruuid']
++ if 'ipaoriginaluid' in entry_attrs:
++ originaluid = entry_attrs.single_value['ipaoriginaluid']
++ entry_attrs.single_value['ipaanchoruuid'] = originaluid
++ return
+
++ anchor = entry_attrs.single_value['ipaanchoruuid']
+ if anchor:
+ try:
+ object_name = resolve_anchor_to_object_name(
+@@ -991,7 +995,7 @@ class idoverrideuser(baseidoverride):
+ original_uid = resolve_anchor_to_object_name(self.backend,
+ self.override_object,
+ anchor)
+- entry_attrs['ipaOriginalUid'] = original_uid
++ entry_attrs['ipaoriginaluid'] = original_uid
+
+ except (errors.NotFound, errors.ValidationError):
+ # Anchor could not be resolved, this means we had to specify the
+--
+2.37.3
+
diff --git a/SOURCES/0033-ipa-otptoken-sync-return-error-when-sync-fails.patch b/SOURCES/0033-ipa-otptoken-sync-return-error-when-sync-fails.patch
new file mode 100644
index 0000000..06f1bad
--- /dev/null
+++ b/SOURCES/0033-ipa-otptoken-sync-return-error-when-sync-fails.patch
@@ -0,0 +1,78 @@
+From 5458c241af90f0fd7e06b5aac40171da7f08d038 Mon Sep 17 00:00:00 2001
+From: Florence Blanc-Renaud <flo@redhat.com>
+Date: Wed, 28 Sep 2022 12:39:07 +0200
+Subject: [PATCH] ipa otptoken-sync: return error when sync fails
+
+The command ipa otptoken-sync does not properly handle
+errors happening during the synchronization step.
+
+- Even if an error is detected (such as invalid password
+provided), the command exits with return code = 0. An
+error message is displayed but the exit code should be 1.
+
+- When an invalid token is provided, the token is not
+synchronized but the error is not reported back to the
+ipa otptoken-sync command.
+
+The first issue can be fixed by raising an exception when
+the HTTP response contains an header with an error.
+The second issue is fixed by returning LDAP_INVALID_CREDENTIALS
+to ldap bind with the sync control if synchronization fails.
+
+Fixes: https://pagure.io/freeipa/issue/9248
+
+Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 3 +++
+ ipaclient/plugins/otptoken.py | 13 ++++++++-----
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
+index ee5be3eba02b219f13e8771ce8ba6d510f1c397b..edf45df5957117771418f574cb1babab7ebaf0ed 100644
+--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
++++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
+@@ -1502,6 +1502,9 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
+ }
+ }
+
++ /* Reset rc to make sure errors are reported*/
++ rc = LDAP_INVALID_CREDENTIALS;
++
+ /* Authenticate the user. */
+ ret = ipapwd_authenticate(dn, entry, credentials);
+ if (ret) {
+diff --git a/ipaclient/plugins/otptoken.py b/ipaclient/plugins/otptoken.py
+index 14dee751c8f36a676c9115fbed0db1eca9ba0f1c..3f389c46be2feedf0bb7cb95bd451bf0e6fe6333 100644
+--- a/ipaclient/plugins/otptoken.py
++++ b/ipaclient/plugins/otptoken.py
+@@ -22,6 +22,7 @@ import sys
+
+ from ipaclient.frontend import MethodOverride
+ from ipalib import api, Str, Password, _
++from ipalib import errors
+ from ipalib.messages import add_message, ResultFormattingError
+ from ipalib.plugable import Registry
+ from ipalib.frontend import Local
+@@ -180,11 +181,13 @@ class otptoken_sync(Local):
+ status['result'][self.header] = rsp.info().get(self.header, 'unknown')
+ rsp.close()
+
++ if status['result'][self.header] != "ok":
++ msg = {'error': 'Error contacting server!',
++ 'invalid-credentials': 'Invalid Credentials!',
++ }.get(status['result'][self.header], 'Unknown Error!')
++ raise errors.ExecutionError(
++ message=_("Unable to synchronize token: %s") % msg)
+ return status
+
+ def output_for_cli(self, textui, result, *keys, **options):
+- textui.print_plain({
+- 'ok': 'Token synchronized.',
+- 'error': 'Error contacting server!',
+- 'invalid-credentials': 'Invalid Credentials!',
+- }.get(result['result'][self.header], 'Unknown Error!'))
++ textui.print_plain('Token synchronized.')
+--
+2.37.3
+
diff --git a/SOURCES/0034-ipatests-add-negative-test-for-otptoken-sync.patch b/SOURCES/0034-ipatests-add-negative-test-for-otptoken-sync.patch
new file mode 100644
index 0000000..6d0ef2d
--- /dev/null
+++ b/SOURCES/0034-ipatests-add-negative-test-for-otptoken-sync.patch
@@ -0,0 +1,110 @@
+From 1bfea5967bb909e1b1bdc3267368e1465f7c9345 Mon Sep 17 00:00:00 2001
+From: Florence Blanc-Renaud <flo@redhat.com>
+Date: Wed, 28 Sep 2022 12:45:52 +0200
+Subject: [PATCH] ipatests: add negative test for otptoken-sync
+
+Scenario: call ipa otptoken-sync with
+- an invalid password
+- an invalid first token (containing non-digits)
+- an invalid sequence of tokens
+
+The test expects a return code = 1.
+
+Related: https://pagure.io/freeipa/issue/9248
+Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ ipatests/test_integration/test_otp.py | 77 +++++++++++++++++++++++++++
+ 1 file changed, 77 insertions(+)
+
+diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py
+index 036b8d12c7e8d872204a31fa6b7ed0e151bed86b..32b41b79ad8bf44a298b28c259351d5a71a7e9ea 100644
+--- a/ipatests/test_integration/test_otp.py
++++ b/ipatests/test_integration/test_otp.py
+@@ -184,6 +184,83 @@ class TestOTPToken(IntegrationTest):
+
+ del_otptoken(master, otpuid)
+
++ @pytest.fixture
++ def desynchronized_hotp(self):
++ """ Create an hotp token for user """
++ tasks.kinit_admin(self.master)
++ otpuid, hotp = add_otptoken(self.master, USER, otptype="hotp")
++
++ # skipping too many OTP fails
++ otp1 = hotp.generate(10).decode("ascii")
++ kinit_otp(self.master, USER, password=PASSWORD, otp=otp1, success=False)
++ # Now the token is desynchronized
++ yield (otpuid, hotp)
++
++ del_otptoken(self.master, otpuid)
++
++ def test_otptoken_sync_incorrect_password(self, desynchronized_hotp):
++ """ Test if sync fails when incorrect password is provided """
++ otpuid, hotp = desynchronized_hotp
++
++ otp2 = hotp.generate(20).decode("ascii")
++ otp3 = hotp.generate(21).decode("ascii")
++
++ # Try to sync with a wrong password
++ result = self.master.run_command(
++ ["ipa", "otptoken-sync", "--user", USER, otpuid],
++ stdin_text=f"invalidpwd\n{otp2}\n{otp3}\n", raiseonerr=False
++ )
++ assert result.returncode == 1
++ assert "Invalid Credentials!" in result.stderr_text
++
++ # Now sync with the right values
++ self.master.run_command(
++ ["ipa", "otptoken-sync", "--user", USER, otpuid],
++ stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n"
++ )
++
++ def test_otptoken_sync_incorrect_first_value(self, desynchronized_hotp):
++ """ Test if sync fails when incorrect 1st token value is provided """
++ otpuid, hotp = desynchronized_hotp
++
++ otp2 = "12345a"
++ otp3 = hotp.generate(20).decode("ascii")
++ otp4 = hotp.generate(21).decode("ascii")
++
++ # Try to sync with a wrong first value (contains non-digit)
++ result = self.master.run_command(
++ ["ipa", "otptoken-sync", "--user", USER, otpuid],
++ stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n", raiseonerr=False
++ )
++ assert result.returncode == 1
++ assert "Invalid Credentials!" in result.stderr_text
++
++ # Now sync with the right values
++ self.master.run_command(
++ ["ipa", "otptoken-sync", "--user", USER, otpuid],
++ stdin_text=f"{PASSWORD}\n{otp3}\n{otp4}\n"
++ )
++
++ def test_otptoken_sync_incorrect_second_value(self, desynchronized_hotp):
++ """ Test if sync fails when incorrect 2nd token value is provided """
++ otpuid, hotp = desynchronized_hotp
++
++ otp2 = hotp.generate(20).decode("ascii")
++ otp3 = hotp.generate(21).decode("ascii")
++ # Try to sync with wrong order
++ result = self.master.run_command(
++ ["ipa", "otptoken-sync", "--user", USER, otpuid],
++ stdin_text=f"{PASSWORD}\n{otp3}\n{otp2}\n", raiseonerr=False
++ )
++ assert result.returncode == 1
++ assert "Invalid Credentials!" in result.stderr_text
++
++ # Now sync with the right order
++ self.master.run_command(
++ ["ipa", "otptoken-sync", "--user", USER, otpuid],
++ stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n"
++ )
++
+ def test_totp(self):
+ master = self.master
+
+--
+2.37.3
+
diff --git a/SOURCES/0035-ipatests-python2-does-not-support-f-strings.patch b/SOURCES/0035-ipatests-python2-does-not-support-f-strings.patch
new file mode 100644
index 0000000..bdcada3
--- /dev/null
+++ b/SOURCES/0035-ipatests-python2-does-not-support-f-strings.patch
@@ -0,0 +1,86 @@
+From bd555a05d0598b3ab65a50bcff431c2e00652b87 Mon Sep 17 00:00:00 2001
+From: Florence Blanc-Renaud <flo@redhat.com>
+Date: Thu, 29 Sep 2022 16:10:10 +0200
+Subject: [PATCH] ipatests: python2 does not support f-strings
+
+Adapt the code in ipatests/test_integration/test_otp.py to python2
+
+Related: https://pagure.io/freeipa/issue/9248
+Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ ipatests/test_integration/test_otp.py | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py
+index 32b41b79ad8bf44a298b28c259351d5a71a7e9ea..1df4d46a2551835ceb8fea8c70255afcb95b54f3 100644
+--- a/ipatests/test_integration/test_otp.py
++++ b/ipatests/test_integration/test_otp.py
+@@ -30,6 +30,7 @@ except ImportError:
+ PASSWORD = "DummyPassword123"
+ USER = "opttestuser"
+ ARMOR = "/tmp/armor"
++OTP_SYNC_INPUT="{}\n{}\n{}\n"
+ logger = logging.getLogger(__name__)
+
+
+@@ -208,7 +209,8 @@ class TestOTPToken(IntegrationTest):
+ # Try to sync with a wrong password
+ result = self.master.run_command(
+ ["ipa", "otptoken-sync", "--user", USER, otpuid],
+- stdin_text=f"invalidpwd\n{otp2}\n{otp3}\n", raiseonerr=False
++ stdin_text=OTP_SYNC_INPUT.format("invalidpwd", otp2, otp3),
++ raiseonerr=False
+ )
+ assert result.returncode == 1
+ assert "Invalid Credentials!" in result.stderr_text
+@@ -216,7 +218,7 @@ class TestOTPToken(IntegrationTest):
+ # Now sync with the right values
+ self.master.run_command(
+ ["ipa", "otptoken-sync", "--user", USER, otpuid],
+- stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n"
++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp2, otp3)
+ )
+
+ def test_otptoken_sync_incorrect_first_value(self, desynchronized_hotp):
+@@ -230,7 +232,8 @@ class TestOTPToken(IntegrationTest):
+ # Try to sync with a wrong first value (contains non-digit)
+ result = self.master.run_command(
+ ["ipa", "otptoken-sync", "--user", USER, otpuid],
+- stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n", raiseonerr=False
++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp2, otp3),
++ raiseonerr=False
+ )
+ assert result.returncode == 1
+ assert "Invalid Credentials!" in result.stderr_text
+@@ -238,7 +241,7 @@ class TestOTPToken(IntegrationTest):
+ # Now sync with the right values
+ self.master.run_command(
+ ["ipa", "otptoken-sync", "--user", USER, otpuid],
+- stdin_text=f"{PASSWORD}\n{otp3}\n{otp4}\n"
++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp3, otp4)
+ )
+
+ def test_otptoken_sync_incorrect_second_value(self, desynchronized_hotp):
+@@ -250,7 +253,8 @@ class TestOTPToken(IntegrationTest):
+ # Try to sync with wrong order
+ result = self.master.run_command(
+ ["ipa", "otptoken-sync", "--user", USER, otpuid],
+- stdin_text=f"{PASSWORD}\n{otp3}\n{otp2}\n", raiseonerr=False
++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp3, otp2),
++ raiseonerr=False
+ )
+ assert result.returncode == 1
+ assert "Invalid Credentials!" in result.stderr_text
+@@ -258,7 +262,7 @@ class TestOTPToken(IntegrationTest):
+ # Now sync with the right order
+ self.master.run_command(
+ ["ipa", "otptoken-sync", "--user", USER, otpuid],
+- stdin_text=f"{PASSWORD}\n{otp2}\n{otp3}\n"
++ stdin_text=OTP_SYNC_INPUT.format(PASSWORD, otp2, otp3)
+ )
+
+ def test_totp(self):
+--
+2.37.3
+
diff --git a/SOURCES/0036-Fix-otptoken_sync-plugin.patch b/SOURCES/0036-Fix-otptoken_sync-plugin.patch
new file mode 100644
index 0000000..931081a
--- /dev/null
+++ b/SOURCES/0036-Fix-otptoken_sync-plugin.patch
@@ -0,0 +1,55 @@
+From bfe2e6a96570102d3485200c476510b5b0d6f9ba Mon Sep 17 00:00:00 2001
+From: Christian Heimes <cheimes@redhat.com>
+Date: Thu, 28 Nov 2019 11:44:27 +0100
+Subject: [PATCH] Fix otptoken_sync plugin
+
+The plugin had two bugs:
+
+For one it did not work under Python 3 because urlencode() returns a string
+but HTTPSHandler expects bytes as data argument.
+
+The primary key field name is not available in client plugins. Just pass
+the token name and let server code convert the name to DN.
+
+Fixes: https://pagure.io/freeipa/issue/7804
+Signed-off-by: Christian Heimes <cheimes@redhat.com>
+Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ ipaclient/plugins/otptoken.py | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/ipaclient/plugins/otptoken.py b/ipaclient/plugins/otptoken.py
+index 3f389c46be2feedf0bb7cb95bd451bf0e6fe6333..e2dcb04a66648276b3f5dd033d048ab6df611b42 100644
+--- a/ipaclient/plugins/otptoken.py
++++ b/ipaclient/plugins/otptoken.py
+@@ -27,7 +27,6 @@ from ipalib.messages import add_message, ResultFormattingError
+ from ipalib.plugable import Registry
+ from ipalib.frontend import Local
+ from ipalib.util import create_https_connection
+-from ipapython.dn import DN
+ from ipapython.version import API_VERSION
+
+ import locale
+@@ -162,13 +161,13 @@ class otptoken_sync(Local):
+ sync_uri = urllib.parse.urlunparse(segments)
+
+ # Prepare the query.
+- query = {k: v for k, v in kwargs.items()
+- if k in {x.name for x in self.takes_options}}
++ options = {x.name for x in self.takes_options}
++ query = {k: v for k, v in kwargs.items() if k in options}
+ if args and args[0] is not None:
+- obj = self.api.Object.otptoken
+- query['token'] = DN((obj.primary_key.name, args[0]),
+- obj.container_dn, self.api.env.basedn)
++ # sync_token converts token name to token DN
++ query['token'] = args[0]
+ query = urllib.parse.urlencode(query)
++ query = query.encode('utf-8')
+
+ # Sync the token.
+ # pylint: disable=E1101
+--
+2.37.3
+
diff --git a/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch b/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch
index 30398c9..73d9e4c 100644
--- a/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch
+++ b/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch
@@ -1,4 +1,4 @@
-From 1487b30fc127c54098ebb796847f72a98b2d9c22 Mon Sep 17 00:00:00 2001
+From 30f0bf5c45dfa3febbad283a248d942839957c11 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 14 Mar 2017 15:48:07 +0000
Subject: [PATCH] Change branding to IPA and Identity Management
@@ -1106,5 +1106,5 @@ index 643215985e932cae6e8d954596194032655b25d4..68baa0174ed88ede3f42092fb68150b5
""") + _("""
To enable the binddn run the following command to set the password:
--
-2.34.3
+2.37.3
diff --git a/SOURCES/1002-Package-copy-schema-to-ca.py.patch b/SOURCES/1002-Package-copy-schema-to-ca.py.patch
index f2f5ca2..d6b46fb 100644
--- a/SOURCES/1002-Package-copy-schema-to-ca.py.patch
+++ b/SOURCES/1002-Package-copy-schema-to-ca.py.patch
@@ -1,4 +1,4 @@
-From 0c5a4fa341964fd8c08cd7bfa7b2cc2ee2c839e4 Mon Sep 17 00:00:00 2001
+From eeebacdeaf864935f30221fdaa11ee56f07b7090 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 14 Mar 2017 16:07:15 +0000
Subject: [PATCH] Package copy-schema-to-ca.py
@@ -40,5 +40,5 @@ index 922185c4b948fa7a5d1bcab6b2be3b34e99f66d4..8fead26f50cb4f045db6d60f9ca71dd9
--
-2.34.3
+2.37.3
diff --git a/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch b/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch
index 0cbf698..df8851a 100644
--- a/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch
+++ b/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch
@@ -1,4 +1,4 @@
-From 7531be93bf9c67b8c0137b87f70c47afa157f342 Mon Sep 17 00:00:00 2001
+From f96e4f5e24998cec67417d6401c36116e19fc253 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 22 Jun 2016 13:53:46 +0200
Subject: [PATCH] Revert "Increased mod_wsgi socket-timeout"
@@ -24,5 +24,5 @@ index 912a63c2240e0681dfbeeac223a902b15b304716..c5fc518f803d379287043b405efeb46d
WSGIImportScript /usr/share/ipa/wsgi.py process-group=ipa application-group=ipa
WSGIScriptAlias /ipa /usr/share/ipa/wsgi.py
--
-2.34.3
+2.37.3
diff --git a/SOURCES/1004-Remove-csrgen.patch b/SOURCES/1004-Remove-csrgen.patch
index 7d4b284..8600207 100644
--- a/SOURCES/1004-Remove-csrgen.patch
+++ b/SOURCES/1004-Remove-csrgen.patch
@@ -1,4 +1,4 @@
-From 85b0a51d4ffc2c22a13dca3f29e569357922bd47 Mon Sep 17 00:00:00 2001
+From 84addcb2cbdd327947a6c5849f31ac2a06177443 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 16 Mar 2017 09:44:21 +0000
Subject: [PATCH] Remove csrgen
@@ -403,5 +403,5 @@ index 79111ab686b4fe25227796509b3cd3fcb54af728..00000000000000000000000000000000
@@ -1 +0,0 @@
-{{ options|join(";") }}
--
-2.34.3
+2.37.3
diff --git a/SOURCES/1005-Removing-filesystem-encoding-check.patch b/SOURCES/1005-Removing-filesystem-encoding-check.patch
index 9ea1ff2..ec4d5bf 100644
--- a/SOURCES/1005-Removing-filesystem-encoding-check.patch
+++ b/SOURCES/1005-Removing-filesystem-encoding-check.patch
@@ -1,4 +1,4 @@
-From abc706d992c4b5b73eeab41ec1a02931371ca7f9 Mon Sep 17 00:00:00 2001
+From b4fc9155939f8ac9e356a9a3601f1625bade1d16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tibor=20Dudl=C3=A1k?= <tdudlak@redhat.com>
Date: Fri, 10 Aug 2018 13:16:38 +0200
Subject: [PATCH] Removing filesystem encoding check
@@ -126,5 +126,5 @@ index b660532bd6e8db964b8287845ed1b5ebbcb43b9b..60309c58f250a263c8c3d13b0b47773b
IPA_NOT_CONFIGURED = b'IPA is not configured on this system'
IPA_CLIENT_NOT_CONFIGURED = b'IPA client is not configured on this system'
--
-2.34.3
+2.37.3
diff --git a/SPECS/ipa.spec b/SPECS/ipa.spec
index 97e4cf5..08a259e 100644
--- a/SPECS/ipa.spec
+++ b/SPECS/ipa.spec
@@ -103,7 +103,7 @@
Name: ipa
Version: %{IPA_VERSION}
-Release: 5%{?dist}.11
+Release: 5%{?dist}.12
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -111,9 +111,9 @@ License: GPLv3+
URL: http://www.freeipa.org/
Source0: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
# RHEL spec file only: START: Change branding to IPA and Identity Management
-#Source1: header-logo.png
-#Source2: login-screen-background.jpg
-#Source4: product-name.png
+Source1: header-logo.png
+Source2: login-screen-background.jpg
+Source4: product-name.png
# RHEL spec file only: END: Change branding to IPA and Identity Management
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -149,6 +149,11 @@ Patch0028: 0028-extdom-return-LDAP_NO_SUCH_OBJECT-if-domains-differ.patch
Patch0029: 0029-Fix-cert_request-for-KDC-cert.patch
Patch0030: 0030-SMB-switch-IPA-domain-controller-role.patch
Patch0031: 0031-WebUI-Add-confirmation-dialog-for-changing-default-u.patch
+Patch0032: 0032-idviews-use-cached-ipaOriginalUid-value-when-resolvi.patch
+Patch0033: 0033-ipa-otptoken-sync-return-error-when-sync-fails.patch
+Patch0034: 0034-ipatests-add-negative-test-for-otptoken-sync.patch
+Patch0035: 0035-ipatests-python2-does-not-support-f-strings.patch
+Patch0036: 0036-Fix-otptoken_sync-plugin.patch
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
Patch1002: 1002-Package-copy-schema-to-ca.py.patch
Patch1003: 1003-Revert-Increased-mod_wsgi-socket-timeout.patch
@@ -405,10 +410,7 @@ Requires: oddjob
Requires: gssproxy >= 0.7.0-2
# 1.15.2: FindByNameAndCertificate (https://pagure.io/SSSD/sssd/issue/3050)
Requires: sssd-dbus >= 1.15.2
-
-%if 0%{?centos} == 0
Requires: system-logos >= 70.7.0
-%endif
Provides: %{alt_name}-server = %{version}
Conflicts: %{alt_name}-server
@@ -965,9 +967,9 @@ cp -r %{_builddir}/freeipa-%{version} %{_builddir}/freeipa-%{version}-python3
# with_python3
# RHEL spec file only: START: Change branding to IPA and Identity Management
-#cp %SOURCE1 install/ui/images/header-logo.png
-#cp %SOURCE2 install/ui/images/login-screen-background.jpg
-#cp %SOURCE4 install/ui/images/product-name.png
+cp %SOURCE1 install/ui/images/header-logo.png
+cp %SOURCE2 install/ui/images/login-screen-background.jpg
+cp %SOURCE4 install/ui/images/product-name.png
# RHEL spec file only: END: Change branding to IPA and Identity Management
@@ -991,8 +993,7 @@ find \
%configure --with-vendor-suffix=-%{release} \
%{enable_server_option} \
%{with_ipatests_option} \
- %{linter_options} \
- --with-ipaplatform=rhel
+ %{linter_options}
%make_build
@@ -1013,8 +1014,7 @@ find \
%configure --with-vendor-suffix=-%{release} \
%{enable_server_option} \
%{with_ipatests_option} \
- %{linter_options} \
- --with-ipaplatform=rhel
+ %{linter_options}
popd
%endif
# with_python3
@@ -1101,11 +1101,9 @@ ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-tes
# remove files which are useful only for make uninstall
find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;
-%if 0%{?centos} == 0
# RHEL spec file only: START: Replace login-screen-logo.png with a symlink
ln -sf %{_datadir}/pixmaps/fedora-gdm-logo.png %{buildroot}%{_usr}/share/ipa/ui/images/login-screen-logo.png
# RHEL spec file only: END: Replace login-screen-logo.png with a symlink
-%endif
%find_lang %{gettext_domain}
@@ -1762,8 +1760,14 @@ fi
%changelog
-* Tue Jun 28 2022 CentOS Sources <bugs@centos.org> - 4.6.8-5.el7.centos.11
-- Roll in CentOS Branding
+* Wed Oct 5 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.12
+- Resolves: 2084223 - 'ipa idview-show idviewname' & IPA WebUI takes longer time to return the results
+ - idviews: use cached ipaOriginalUid value when resolving ID override
+- Resolves: 2124369 - OTP token sync always returns OK even with random numbers
+ - ipa otptoken-sync: return error when sync fails
+ - ipatests: add negative test for otptoken-sync
+ - ipatests: python2 does not support f-strings
+ - Fix otptoken_sync plugin
* Tue May 10 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.11
- Resolves: 2082272 - [RFE] Require confirmation to change "Default host group" in IdM automember rules