SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pki-base-10.2.5-6.el7.noarch.rpm :
Mon Sep 21 14:00:00 2015 Dogtag Team 10.2.5-6
- Bugzilla Bug #1258630 - Upgraded CA lacks ca.sslserver.certreq
in CS.cfg [edewata]
- Bugzilla Bug #1258634 - CA fails to authenticate to KRA for
archival [edewata]

Wed Aug 12 14:00:00 2015 Dogtag Team 10.2.5-5
- Bugzilla Bug #1253045 - handle_exceptions() raises JSONDecodeError [cheimes]
\'pki-core-handle-JSON-decode-error.patch\'
- modified for RHEL 7.2 by removing changes to \'.gitignore\',
\'tests/python/test_pki.py\', and \'tox.ini\' [mharmsen]
- Bugzilla Bug #1253047 - issues in cloning from dogtag 9 to 10 [alee]
\'pki-core-fix-exception-when-talking-to-Dogtag-9-systems.patch\'

Wed Jul 15 14:00:00 2015 Dogtag Team 10.2.5-4
- Bugzilla Bug #1143067 - The pkiuser user/group should be created in
rpm %pre, and ideally with fixed uid/gid [cheimes]

Mon Jul 6 14:00:00 2015 Dogtag Team 10.2.5-3
- Dogtag 10.2.5-3 patch for RHEL 7.2 Re-base
- git format-patch cc97f8628b23f8ea75308bb97a31307cb4f162b9^..
ac5447a8e0bac5112882be700a17a9274e322adc --stdout > pki-core-rhel-7-2.patch
- remove e5c4e87ac5ce881efa160352ce87ad81026f3446 (QE test)
- Contents of \'pki-core-rhel-7-2.patch\':
- PKI TRAC Ticket #1249 - Misleading self test log message [edewata]
- PKI TRAC Ticket #1444 - pkispawn: installation aborts when HSM contains
empty slots [edewata]
- PKI TRAC Ticket #995 - Provide more info on how to use --input with pki
cert-find in the man page [edewata]
- PKI TRAC Ticket #1122 - Need to describe paging options in \'pki\' man page
[edewata]
- Cleaned up SystemConfigService.validateRequest() [edewata]
- Cleaned up SystemConfigService.configureClone() [edewata]
- PKI TRAC Ticket #1438 - pkispawn: SSL_ForceHandshake issue for non-CA on
HSM on both shared and nonshared tomcat instances [cfu]
- PKI TRAC Ticket #1442 - Ability to toggle profile usablity in Web vs CLI
tools [jmagne]
- PKI TRAC Ticket #1441 - Lack of Interactive Installation Support
(Cloning, Subordinates, Externals, HSMs, ECC) [mharmsen]
- PKI TRAC Ticket #1446 - Unable to select ECC Curves from EE [jmagne]
- Fixed pki help CLI [edewata]
- Fixed NPE in key-archive CLI [edewata]
- PKI TRAC Ticket #891 - Missing fail-over code in HttpConnection [edewata]
- PKI TRAC Ticket #1447 - pkispawn: findCertByNickname fails to find cert in
creating shared tomcat subsystems on HSM [cfu]
- PKI TRAC Ticket #1425 - pkispawn CA with HSM - if the config file has
pki_client related params the dir is not created and the admin cert p12
file is stored nowhere [mharmsen]
- PKI TRAC Ticket #1358 - Retrying failed OCSP clone results duplicate
replecation id and a failure [jmagne]
- PKI TRAC Ticket #1462 - profile update in raw format accepts bad config
[ftweedal]
- PKI TRAC Ticket #1449 - pki cert-find could be time consuming: add VLV
index for new installations [edewata]

Sat Jun 20 14:00:00 2015 Dogtag Team 10.2.5-2
- Remove ExcludeArch directive

Fri Jun 19 14:00:00 2015 Dogtag Team 10.2.5-1
- Update release number for release build

Fri May 29 14:00:00 2015 Dogtag Team 10.2.4-2
- Fixed issues found during testing previous build
- Update release number for release build

Tue May 26 14:00:00 2015 Dogtag Team 10.2.4-1
- Update release number for release build

Tue May 12 14:00:00 2015 Dogtag Team 10.2.4-0.2
- Updated nuxwdog and tomcatjss requirements (alee)

Thu Apr 23 14:00:00 2015 Dogtag Team 10.2.4-0.1
- Updated version number to 10.2.4-0.1
- Added nuxwdog systemd files

Thu Apr 23 14:00:00 2015 Dogtag Team 10.2.3-1
- Update release number for release build

Thu Apr 9 14:00:00 2015 Dogtag Team 10.2.3-0.1
- Reverted version number back to 10.2.3-0.1
- Added support for Tomcat 8.

Mon Apr 6 14:00:00 2015 Dogtag Team 10.3.0-0.1
- Updated version number to 10.3.0-0.1

Wed Mar 18 13:00:00 2015 Dogtag Team 10.2.3-0.1
- Updated version number to 10.2.3-0.1

Tue Mar 17 13:00:00 2015 Dogtag Team 10.2.2-1
- Update release number for release build

Mon Jan 19 13:00:00 2015 Dogtag Team 10.2.1-1
- Change resteasy dependencies for F22+
- Added CLIs to simplify generating user certificates
- Added enhancements to KRA Python API
- Added a man page for pki ca-profile commands.
- Added python api docs
- Update release number for release build
- Updated Resteasy and Jackson dependencies.

Tue Dec 16 13:00:00 2014 Matthew Harmsen - 10.2.0-6
- Bugzilla Bug #1160435 - Remove obsolete packages from CS 9.0
- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2
- PKI TRAC Ticket #1205 - Outdated selinux-policy dependency.
- Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime
dependencies

Tue Dec 2 13:00:00 2014 Matthew Harmsen - 10.2.0-5
- Bugzilla Bug #1165351 - Errata TPS test fails due to dependent packages not
found (mharmsen)
- PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen)
- Bugzilla Bug #1151147 - issuerDN encoding correction (cfu)

Mon Nov 24 13:00:00 2014 Christina Fu 10.2.0-4
- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade
- up the release number to 4

Wed Oct 1 14:00:00 2014 Ade Lee 10.2.0-3
- Disable pylint dependency for RHEL builds
- Added jakarta-commons-httpclient requirements
- Added tomcat version for RHEL build
- Added resteasy-base-client for RHEL build

Wed Sep 24 14:00:00 2014 Matthew Harmsen - 10.2.0-2
- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec

Wed Sep 3 14:00:00 2014 Dogtag Team 10.2.0-1
- Update release number for release build

Wed Sep 3 14:00:00 2014 Matthew Harmsen - 10.2.0-0.10
- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps

Fri Aug 29 14:00:00 2014 Matthew Harmsen - 10.2.0-0.9
- Merged jmagneAATTredhat.com\'s spec file changes from the stand-alone
\'pki-tps-client\' package needed to build/run the native \'tpsclient\'
command line utility into this \'pki-core\' spec file under the \'tps\' package.
- Original tps libararies must be built to support this native utility.
- Modifies tps package from \'noarch\' into \'architecture-specific\' package

Wed Aug 27 14:00:00 2014 Matthew Harmsen - 10.2.0-0.8
- PKI TRAC Ticket #1127 - Remove \'pki-ra\', \'pki-setup\', and \'pki-silent\'
packages . . .

Sun Aug 17 14:00:00 2014 Fedora Release Engineering - 10.2.0-0.5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

Wed Aug 13 14:00:00 2014 Jack Magne - 10.2.0-0.7
- Respin to include the applet files with the rpm install. No change
to spec file needed.

Tue Jul 15 14:00:00 2014 Matthew Harmsen - 10.2.0-0.6
- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires --
drop dependency on java-atk-wrapper
- Removed \'java-atk-wrapper\' dependency from \'pki-server\'

Wed Jul 2 14:00:00 2014 Matthew Harmsen - 10.2.0-0.5
- PKI TRAC Ticket #832 - Remove legacy \'systemctl\' files . . .

Tue Jul 1 14:00:00 2014 Ade Lee - 10.2.0-0.4
- Update rawhide build

Sat Jun 7 14:00:00 2014 Fedora Release Engineering - 10.2.0-0.3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

Fri Mar 28 13:00:00 2014 Michael Simacek - 10.2.0-0.2
- Use Requires: java-headless rebuild (#1067528)

Fri Nov 22 13:00:00 2013 Dogtag Team 10.2.0-0.1
- Added option to build without server packages.
- Replaced Jettison with Jackson.
- Added python-nss build requirement
- Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python
- TRAC Ticket #840 - pkispawn requires policycoreutils-python
- Updated requirements for resteasy
- Added template files for archive, retrieve and generate key
requests to the client package.

Fri Nov 15 13:00:00 2013 Ade Lee 10.1.0-1
- Trac Ticket 788 - Clean up spec files
- Update release number for release build
- Updated requirements for resteasy

Sun Nov 10 13:00:00 2013 Ade Lee 10.1.0-0.14
- Change release number for beta build

Thu Nov 7 13:00:00 2013 Ade Lee 10.1.0-0.13
- Updated requirements for tomcat

Fri Oct 4 14:00:00 2013 Ade Lee 10.1.0-0.12
- Removed additional /var/run, /var/lock references.

Fri Oct 4 14:00:00 2013 Ade Lee 10.1.0-0.11
- Removed delivery of /var/lock and /var/run directories for fedora 20.

Wed Aug 14 14:00:00 2013 Endi S. Dewata 10.1.0-0.10
- Moved Tomcat-based TPS into pki-core.

Wed Aug 14 14:00:00 2013 Abhishek Koneru 10.1.0.0.9
- Listed new packages required during build, due to issues reported
by pylint.
- Packages added: python-requests, python-ldap, libselinux-python,
policycoreutils-python

Fri Aug 9 14:00:00 2013 Abhishek Koneru 10.1.0.0.8
- Added pylint scan to the build process.

Mon Jul 22 14:00:00 2013 Endi S. Dewata 10.1.0-0.7
- Added man pages for upgrade tools.

Wed Jul 17 14:00:00 2013 Endi S. Dewata 10.1.0-0.6
- Cleaned up the code to install man pages.

Tue Jul 16 14:00:00 2013 Endi S. Dewata 10.1.0-0.5
- Reorganized deployment tools.

Tue Jul 9 14:00:00 2013 Ade Lee 10.1.0-0.4
- Bugzilla Bug 973224 - resteasy-base must be split into subpackages
to simplify dependencies

Fri Jun 14 14:00:00 2013 Endi S. Dewata 10.1.0-0.3
- Updated dependencies to Java 1.7.

Wed Jun 5 14:00:00 2013 Matthew Harmsen 10.1.0-0.2
- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page
- TRAC Ticket 610 - Document limitation in using GUI install
- TRAC Ticket 629 - Package ownership of \'/usr/share/pki/etc/\' directory

Tue May 7 14:00:00 2013 Ade Lee 10.1.0-0.1
- Change release number for 10.1 development

Mon May 6 14:00:00 2013 Endi S. Dewata 10.0.2-5
- Fixed incorrect JNI_JAR_DIR.

Sat May 4 14:00:00 2013 Ade Lee 10.0.2-4
- TRAC Ticket 605 Junit internal function used in TestRunner,
breaks F19 build

Sat May 4 14:00:00 2013 Ade Lee 10.0.2-3
- TRAC Ticket 604 Added fallback methods for pkispawn tests

Mon Apr 29 14:00:00 2013 Endi S. Dewata 10.0.2-2
- Added default pki.conf in /usr/share/pki/etc
- Create upgrade tracker on install and remove it on uninstall

Fri Apr 26 14:00:00 2013 Ade Lee 10.0.2-1
- Change release number for official release.

Thu Apr 25 14:00:00 2013 Ade Lee 10.0.2-0.8
- Added %pretrans script for f19
- Added java-atk-wrapper dependency

Wed Apr 24 14:00:00 2013 Endi S. Dewata 10.0.2-0.7
- Added pki-server-upgrade script and pki.server module.
- Call upgrade scripts in %post for pki-base and pki-server.

Tue Apr 23 14:00:00 2013 Endi S. Dewata 10.0.2-0.6
- Added dependency on commons-io.

Mon Apr 22 14:00:00 2013 Ade Lee 10.0.2-0.5
- Add /var/log/pki and /var/lib/pki directories

Tue Apr 16 14:00:00 2013 Endi S. Dewata 10.0.2-0.4
- Run pki-upgrade on post server installation.

Mon Apr 15 14:00:00 2013 Endi S. Dewata 10.0.2-0.3
- Added dependency on python-lxml.

Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.2-0.2
- Added pki-upgrade script.

Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.2-0.1
- Updated version number to 10.0.2-0.1.

Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.1-9
- Renamed base/deploy to base/server.
- Moved pki.conf into pki-base.
- Removed redundant pki/server folder declaration.

Tue Mar 19 13:00:00 2013 Ade Lee 10.0.1-8
- Removed jython dependency

Mon Mar 11 13:00:00 2013 Endi S. Dewata 10.0.1-7
- Added minimum python-requests version.

Fri Mar 8 13:00:00 2013 Matthew Harmsen 10.0.1-6
- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar

Thu Mar 7 13:00:00 2013 Endi S. Dewata 10.0.1-5
- Added dependency on python-requests.
- Reorganized Python module packaging.

Thu Mar 7 13:00:00 2013 Endi S. Dewata 10.0.1-4
- Added dependency on python-ldap.

Mon Mar 4 13:00:00 2013 Matthew Harmsen 10.0.1-3
- TRAC Ticket #517 - Clean up theme dependencies
- TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .

Fri Mar 1 13:00:00 2013 Matthew Harmsen 10.0.1-2
- Removed runtime dependency on \'pki-server-theme\' to resolve
Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme

Tue Jan 15 13:00:00 2013 Ade Lee 10.0.1-1
- TRAC Ticket 214 - Missing error description for duplicate user
- TRAC Ticket 213 - Add nonces for cert revocation
- TRAC Ticket 367 - pkidestroy does not remove connector
- TRAC Ticket #430 - License for 3rd party code
- Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP
- Fix spec file to allow f17 to work with latest tomcatjss
- TRAC Ticket 466 - Increase root CA validity to 20 years
- TRAC Ticket 469 - Fix tomcatjss issue in spec files
- TRAC Ticket 468 - pkispawn throws exception
- TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes
- TRAC Ticket 271 - Dogtag 10: Fix \'status\' command in \'pkidaemon\' . . .
- TRAC Ticket 437 - Make admin cert p12 file location configurable
- TRAC Ticket 393 - pkispawn fails when selinux is disabled
- Punctuation and formatting changes in man pages
- Revert to using default config file for pkidestroy
- Hardcode setting of resteasy-lib for instance
- TRAC Ticket 436 - Interpolation for pki_subsystem
- TRAC Ticket 433 - Interpolation for paths
- TRAC Ticket 435 - Identical instance id and instance name
- TRAC Ticket 406 - Replace file dependencies with package dependencies

Wed Jan 9 13:00:00 2013 Matthew Harmsen 10.0.0-5
- TRAC Ticket #430 - License for 3rd party code

Fri Jan 4 13:00:00 2013 Matthew Harmsen 10.0.0-4
- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and
dogtag-pki.spec . . .
- TRAC Ticket #468 - pkispawn throws exception

Wed Dec 12 13:00:00 2012 Ade Lee 10.0.0-3
- Replaced file dependencies with package dependencies

Mon Dec 10 13:00:00 2012 Ade Lee 10.0.0-2
- Updated man pages

Fri Dec 7 13:00:00 2012 Ade Lee 10.0.0-1
- Update to official release for rc1

Thu Dec 6 13:00:00 2012 Matthew Harmsen 10.0.0-0.56.b3
- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy.
- Added place-holders for \'pki.1\' and \'pki_default.cfg.5\' man pages.

Thu Dec 6 13:00:00 2012 Endi S. Dewata 10.0.0-0.55.b3
- Added system-wide configuration /etc/pki/pki.conf.
- Removed redundant lines in %files.

Tue Dec 4 13:00:00 2012 Endi S. Dewata 10.0.0-0.54.b3
- Moved default deployment configuration to /etc/pki.

Mon Nov 19 13:00:00 2012 Ade Lee 10.0.0-0.53.b3
- Cleaned up spec file to provide only support rhel 7+, f17+
- Added resteasy-base dependency for rhel 7
- Update cmake version

Mon Nov 12 13:00:00 2012 Ade Lee 10.0.0-0.52.b3
- Update release to b3

Fri Nov 9 13:00:00 2012 Endi S. Dewata 10.0.0-0.51.b2
- Removed dependency on CA, KRA, OCSP, TKS theme packages.

Thu Nov 8 13:00:00 2012 Endi S. Dewata 10.0.0-0.50.b2
- Renamed pki-common-theme to pki-server-theme.

Thu Nov 8 13:00:00 2012 Matthew Harmsen 10.0.0-0.49.b2
- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to
\'pki-server\'

Mon Oct 29 13:00:00 2012 Ade Lee 10.0.0-0.48.b2
- Update release to b2

Wed Oct 24 14:00:00 2012 Matthew Harmsen 10.0.0-0.47.b1
- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .

Tue Oct 23 14:00:00 2012 Ade Lee 10.0.0-0.46.b1
- Added Obsoletes for pki-selinux

Tue Oct 23 14:00:00 2012 Ade Lee 10.0.0-0.45.b1
- Remove build of pki-selinux for f18, use system policy instead

Fri Oct 12 14:00:00 2012 Ade Lee 10.0.0-0.44.b1
- Update required tomcatjss version
- Added net-tools dependency

Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.43.b1
- Update selinux-policy version to fix error from latest policy changes

Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.42.b1
- Fix typo in selinux policy versions

Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.41.b1
- Added build requires for correct version of selinux-policy-devel

Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.40.b1
- Update release to b1

Fri Oct 5 14:00:00 2012 Endi S. Dewata 10.0.0-0.40.a2
- Merged pki-silent into pki-server.

Fri Oct 5 14:00:00 2012 Endi S. Dewata 10.0.0-0.39.a2
- Renamed \"shared\" folder to \"server\".

Fri Oct 5 14:00:00 2012 Ade Lee 10.0.0-0.38.a2
- Added required selinux versions for new policy.

Tue Oct 2 14:00:00 2012 Endi S. Dewata 10.0.0-0.37.a2
- Added Provides to packages replacing obsolete packages.

Mon Oct 1 14:00:00 2012 Ade Lee 10.0.0-0.36.a2
- Update release to a2

Sun Sep 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.36.a1
- Modified CMake to use RPM version number

Tue Sep 25 14:00:00 2012 Endi S. Dewata 10.0.0-0.35.a1
- Added VERSION file

Mon Sep 24 14:00:00 2012 Endi S. Dewata 10.0.0-0.34.a1
- Merged pki-setup into pki-server

Thu Sep 13 14:00:00 2012 Ade Lee 10.0.0-0.33.a1
- Added Conflicts for IPA 2.X
- Added build requires for zip to work around mock problem

Wed Sep 12 14:00:00 2012 Matthew Harmsen 10.0.0-0.32.a1
- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances
upon RPM \"update\" . . .
- TRAC Ticket #317 - Dogtag 10: Move \"pkispawn\"/\"pkidestroy\"
from /usr/bin to /usr/sbin . . .

Wed Sep 12 14:00:00 2012 Endi S. Dewata 10.0.0-0.31.a1
- Fixed pki-server to include everything in shared dir.

Tue Sep 11 14:00:00 2012 Endi S. Dewata 10.0.0-0.30.a1
- Added build dependency on redhat-rpm-config.

Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.29.a1
- Merged Javadoc packages.

Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.28.a1
- Added pki-tomcat.jar.

Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.27.a1
- Moved webapp creation code into pkispawn.

Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.26.a1
- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.

Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.25.a1
- Merged pki-native-tools and pki-java-tools into pki-tools.
- Modified pki-server to depend on pki-tools.

Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.24.a1
- Split pki-common into pki-base and pki-server.
- Merged pki-util into pki-base.
- Merged pki-deploy into pki-server.

Thu Aug 16 14:00:00 2012 Matthew Harmsen 10.0.0-0.23.a1
- Updated release of \'tomcatjss\' to rely on Tomcat 7 for Fedora 17
- Changed Dogtag 10 build-time and runtime requirements for \'pki-deploy\'
- Altered PKI Package Dependency Chain (top-to-bottom):
pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common

Mon Aug 13 14:00:00 2012 Endi S. Dewata 10.0.0-0.22.a1
- Added pki-client.jar.

Fri Jul 27 14:00:00 2012 Endi S. Dewata 10.0.0-0.21.a1
- Merged pki-jndi-realm.jar into pki-cmscore.jar.

Tue Jul 24 14:00:00 2012 Matthew Harmsen 10.0.0-0.20.a1
- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully
via mock on Fedora 17 . . .

Wed Jul 11 14:00:00 2012 Matthew Harmsen 10.0.0-0.19.a1
- Moved \'pki-jndi-real.jar\' link from \'tomcat6\' to \'tomcat\' (Tomcat 7)

Thu Jun 14 14:00:00 2012 Matthew Harmsen 10.0.0-0.18.a1
- Updated release of \'tomcatjss\' to rely on Tomcat 7 for Fedora 18

Tue May 29 14:00:00 2012 Endi S. Dewata 10.0.0-0.17.a1
- Added CLI for REST services

Fri May 18 14:00:00 2012 Matthew Harmsen 10.0.0-0.16.a1
- Integration of Tomcat 7
- Addition of centralized \'pki-tomcatd\' systemd functionality to the
PKI Deployment strategy
- Removal of \'pki_flavor\' attribute

Mon Apr 16 14:00:00 2012 Ade Lee 10.0.0-0.15.a1
- BZ 813075 - selinux denial for file size access

Thu Apr 5 14:00:00 2012 Christina Fu 10.0.0-0.14.a1
- Bug 745278 - [RFE] ECC encryption keys cannot be archived

Tue Mar 27 14:00:00 2012 Endi S. Dewata 10.0.0-0.13.a1
- Replaced candlepin-deps with resteasy

Fri Mar 23 13:00:00 2012 Endi S. Dewata 10.0.0-0.12.a1
- Added option to build without Javadoc

Fri Mar 16 13:00:00 2012 Ade Lee 10.0.0-0.11.a1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
- Corrected patch selected for selinux f17 rules

Wed Mar 14 13:00:00 2012 Matthew Harmsen 10.0.0-0.10.a1
- Corrected \'junit\' dependency check

Mon Mar 12 13:00:00 2012 Matthew Harmsen 10.0.0-0.9.a1
- Initial attempt at PKI deployment framework described in
\'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment\'.

Fri Mar 9 13:00:00 2012 Jack Magne 10.0.0-0.8.a1
- Added support for pki-jndi-realm in tomcat6 in pki-common
and pki-kra.
- Ticket #69.

Fri Mar 2 13:00:00 2012 Matthew Harmsen 10.0.0-0.7.a1
- For \'mock\' purposes, removed platform-specific logic from around
the \'patch\' files so that ALL \'patch\' files will be included in
the SRPM.

Wed Feb 29 13:00:00 2012 Endi S. Dewata 10.0.0-0.6.a1
- Removed dependency on OSUtil.

Tue Feb 28 13:00:00 2012 Ade Lee 10.0.0-0.5.a1
- \'pki-selinux\'
- Added platform-dependent patches for SELinux component
- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)

Thu Feb 23 13:00:00 2012 Endi S. Dewata 10.0.0-0.4.a1
- Added dependency on Apache Commons Codec.

Wed Feb 22 13:00:00 2012 Matthew Harmsen 10.0.0-0.3.a1
- Add \'-DSYSTEMD_LIB_INSTALL_DIR\' override flag to \'cmake\' to address changes
in fundamental path structure in Fedora 17
- \'pki-setup\'
- Hard-code Perl dependencies to protect against bugs such as
Bugzilla Bug #772699 - Adapt perl and python fileattrs to
changed file 5.10 magics
- \'pki-selinux\'
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess

Mon Feb 20 13:00:00 2012 Matthew Harmsen 10.0.0-0.2.a1
- Integrated \'pki-kra\' into \'pki-core\'
- Integrated \'pki-ocsp\' into \'pki-core\'
- Integrated \'pki-tks\' into \'pki-core\'
- Bugzilla Bug #788787 - added \'junit\'/\'junit4\' build-time requirements

Wed Feb 1 13:00:00 2012 Nathan Kinder 10.0.0-0.1.a1
- Updated package version number

Mon Jan 16 13:00:00 2012 Ade Lee 9.0.16-3
- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup

Mon Nov 28 13:00:00 2011 Endi S. Dewata 9.0.16-2
- Added JUnit tests

Fri Oct 28 14:00:00 2011 Matthew Harmsen 9.0.16-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
the in-place upgrade( CS 8.0->8.1) (cfu)
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
(rawhide) . . . (mharmsen)
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
OCSP, and TKS package installation . . . (mharmsen)
- \'pki-silent\'

Thu Sep 22 14:00:00 2011 Matthew Harmsen 9.0.15-1
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-setup\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
- \'pki-symkey\'
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- \'pki-native-tools\'
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-util\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737218 - Incorrect request attribute name matching
ignores request attributes during request parsing. (awnuk)
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- \'pki-selinux\'
- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
- \'pki-ca\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-silent\'
- Bugzilla Bug #739201 - pkisilent does not take arch into account
as Java packages migrated to arch-dependent directories (mharmsen)

Fri Sep 9 14:00:00 2011 Matthew Harmsen 9.0.14-1
- \'pki-setup\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-symkey\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-java-tools\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-common\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-silent\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .

Tue Sep 6 14:00:00 2011 Ade Lee 9.0.13-1
- \'pki-setup\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-ca\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-common\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)

Tue Aug 23 14:00:00 2011 Matthew Harmsen 9.0.12-1
- \'pki-setup\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-symkey\'
- \'pki-native-tools\'
- Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
issues (awnuk)
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- \'pki-util\'
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #700522 - pki tomcat6 instances currently running
unconfined, allow server to come up when selinux disabled (alee)
- Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
correctly when subsystem cloned (using hsm) (alee)
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-selinux\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-ca\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-silent\'

Wed Aug 10 14:00:00 2011 Matthew Harmsen 9.0.11-1
- \'pki-setup\'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #724861 - DRMTool: fix duplicate \"dn:\" records by
renumbering \"cn=\" (mharmsen)
- \'pki-common\'
- Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
(jmagne, awnuk)
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- Bugzilla Bug #708075 - Clone installation does not work over NAT
(alee)
- Bugzilla Bug #726785 - If replication fails while setting up a clone
it will wait forever (alee)
- Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- \'pki-selinux\'
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- \'pki-ca\'
- Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
in IPA profile (awnuk)
- \'pki-silent\'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)

Fri Jul 22 14:00:00 2011 Matthew Harmsen 9.0.10-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
throws Token not found error. (jmagne)
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- Bugzilla Bug #722989 - Registering an agent when a subsystem is
created - does not log AUTHZ_SUCCESS event. (alee)
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
(awnuk)
- \'pki-silent\'

Thu Jul 14 14:00:00 2011 Matthew Harmsen 9.0.9-1
- Updated release of \'jss\'
- Updated release of \'tomcatjss\' for Fedora 15
- \'pki-setup\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-symkey\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-native-tools\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #717765 - TPS configuration: logging into security domain
from tps does not work with clientauth=want. (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-util\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-java-tools\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
processing) (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-common\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system
logs throws \'Invalid protocol\' for OCSP subsystems (alee)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (alee)
- Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (jmagne)
- Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
- Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
SubjectID=$Unidentified$ fails audit evaluation (jmagne)
- Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
subsequent SCEP requests. (awnuk)
- Bugzilla Bug #661142 - Verification should fail when a revoked
certificate is added. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
- Bugzilla Bug #707607 - Published certificate summary has list of
non-published certificates with succeeded status (jmagne)
- Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
for tps and ca on server shutdown (jmagne)
- Bugzilla Bug #697939 - DRM signed audit log message - operation should
be read instead of modify (jmagne)
- Bugzilla Bug #718427 - When audit log is full, server continue to
function. (alee)
- Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
CA\'s signedaudit log when a directory based user enrollment is
performed (jmagne)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-selinux\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #720503 - RA and TPS require additional SELinux
permissions to run in \"Enforcing\" mode (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-ca\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #699837 - service command is not fully backwards
compatible with Dogtag pki subsystems (mharmsen)
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
administrator group. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
pages (alee)
- Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
for a revocation invoked by EE user (awnuk)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-silent\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)

Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-2
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Added \'DRMTool.cfg\' configuration file to inventory
- \'pki-common\'
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'

Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #532548 - Tool to do DRM re-key
- \'pki-common\'
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'

Tue Apr 26 14:00:00 2011 Matthew Harmsen 9.0.7-1
- \'pki-setup\'
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- Bugzilla Bug #694569 - parameter used by pkiremove not updated
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs
throws \'Invalid protocol\' for OCSP subsystems
- Bugzilla Bug #694569 - parameter used by pkiremove not updated
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages
- Bugzilla Bug #694143 - CA Agent not returning specified request
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages
- Bugzilla Bug #698885 - Race conditions during IPA installation
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- Bugzilla Bug #699837 - service command is not fully backwards compatible
with Dogtag pki subsystems
- \'pki-silent\'

Mon Apr 11 14:00:00 2011 Matthew Harmsen 9.0.6-2
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.

Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.6-1
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
- Bugzilla Bug #693327 - Missing requires: tomcatjss
- \'pki-setup\'
- Bugzilla Bug #690626 - pkiremove removes the registry entry for
all instances on a machine
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port
throws file not found exception.
- \'pki-common\'
- Bugzilla Bug #692990 - Audit log messages needed to match CC doc:
DRM Recovery audit log messages
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'

Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.5-2
- Bugzilla Bug #693327 - Missing requires: tomcatjss

Fri Mar 25 13:00:00 2011 Matthew Harmsen 9.0.5-1
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
- Require \"jss >= 4.2.6-15\" as a build and runtime requirement
- Require \"tomcatjss >= 2.1.1\" as a build and runtime requirement
for Fedora 15 and later platforms
- \'pki-setup\'
- Bugzilla Bug #688287 - Add \"deprecation\" notice regarding using
\"shared ports\" in pkicreate -help . . .
- Bugzilla Bug #688251 - Dogtag installation under IPA takes
too much time - SELinux policy compilation
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple
extensions
- \'pki-common\'
- Bugzilla Bug #683581 - CA configuration with ECC(Default
EC curve-nistp521) CA fails with \'signing operation failed\'
- Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled
on the EE port
- \'pki-selinux\'
- Bugzilla Bug #684871 - ldaps selinux link change
- \'pki-ca\'
- Bugzilla Bug #683581 - CA configuration with ECC(Default
EC curve-nistp521) CA fails with \'signing operation failed\'
- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
- Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port
throws file not found exception.(profile and CS.cfg only)
- \'pki-silent\'

Thu Mar 17 13:00:00 2011 Matthew Harmsen 9.0.4-1
- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha)
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
instance
- Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found
- \'pki-setup\'
- Bugzilla Bug #678157 - uninitialized variable warnings from Perl
- Bugzilla Bug #679574 - Velocity fails to load all dependent classes
- Bugzilla Bug #680420 - xml-commons-apis.jar dependency
- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s
classpath
- Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library
name for SafeNet LunaSA
- \'pki-common\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- Bugzilla Bug #678715 - netstat loop fixes needed
- Bugzilla Bug #673609 - CC: authorize() call needs to be added to
getStats servlet
- \'pki-selinux\'
- Bugzilla Bug #674195: SELinux error message thrown during token
enrollment
- \'pki-ca\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- Bugzilla Bug #673609 - CC: authorize() call needs to be added to
getStats servlet
- Bugzilla Bug #676330 - init script cannot start service
- \'pki-silent\'
- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s
classpath

Wed Feb 9 13:00:00 2011 Matthew Harmsen 9.0.3-2
- \'pki-common\'
- Bugzilla Bug #676051 - IPA installation failing - Fails to create CA
instance
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
instance

Fri Feb 4 13:00:00 2011 Matthew Harmsen 9.0.3-1
- \'pki-common\'
- Bugzilla Bug #674894 - ipactl restart : an annoy output line
- Bugzilla Bug #675179 - ipactl restart : an annoy output line

Thu Feb 3 13:00:00 2011 Matthew Harmsen 9.0.2-1
- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes
- \'pki-setup\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
- \'pki-common\'
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
\"Manual User Dual-Use Certificate Enrollment\"
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection
error.
- Bugzilla Bug #504056 - Completed SCEP requests are assigned to the
\"begin\" state instead of \"complete\".
- Bugzilla Bug #504055 - SCEP requests are not properly populated
- Bugzilla Bug #564207 - Searches for completed requests in the agent
interface returns zero entries
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
\"Manual User Dual-Use Certificate Enrollment\" -
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
- Bugzilla Bug #672920 - CA console: adding policy to a profile throws
\'Duplicate policy\' error in some cases.
- Bugzilla Bug #673199 - init script returns control before web apps have
started
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
subsystem instances
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #504013 - sscep request is rejected due to authentication
error if submitted through one time pin router certificate enrollment.
- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
information
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
subsystem instances
- \'pki-silent\'
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package

Wed Feb 2 13:00:00 2011 Matthew Harmsen 9.0.1-3
- Bugzilla Bug #656661 - Please Update Spec File to use \'ghost\' on files
in /var/run and /var/lock

Thu Jan 20 13:00:00 2011 Matthew Harmsen 9.0.1-2
- \'pki-symkey\'
- Bugzilla Bug #671265 - pki-symkey jar version incorrect
- \'pki-common\'
- Bugzilla Bug #564207 - Searches for completed requests in the agent
interface returns zero entries

Tue Jan 18 13:00:00 2011 Matthew Harmsen 9.0.1-1
- Allow \'pki-native-tools\' to be installed independently of \'pki-setup\'
- Removed explicit \'pki-setup\' requirement from \'pki-ca\'
(since it already requires \'pki-common\')
- \'pki-setup\'
- Bugzilla Bug #223343 - pkicreate: should add \'pkiuser\' to nfast group
- Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP
and TKS.
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
OpenLDAP instead of the Mozldap
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #665388 - jakarta-
* jars have been renamed to apache-
*,
pkicreate fails Fedora 14 and above
- Bugzilla Bug #23346 - Two conflicting ACL list definitions in source
repository
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- \'pki-symkey\'
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #644056 - CS build contains warnings
- \'pki-native-tools\'
- template change
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
OpenLDAP instead of the Mozldap
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #644056 - CS build contains warnings
- \'pki-util\'
- Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical
cannot be set to true
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #635033 - At installation wizard selecting key types other
than CA\'s signing cert will fail
- Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and
CS interface
- Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse
ASN.1 encoding/decoding is broken
- Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1
encoding/decoding is incomplete
- Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1
encoding/decoding is incomplete
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #658188 - remove remaining references to tomcat5
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #223319 - Certificate Status inconsistency between token
db and CA
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
During CRL Generation
- \'pki-java-tools\'
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to
5000 bytes
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- \'pki-common\'
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
- Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable
started before configuration completed
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
logs in the java subsystems
- Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5
policy mappings (seem hardcoded)
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #548699 - subCA\'s admin certificate should be generated by
itself
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
- Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile
caAgentServerCert (null cert_request)
- Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited
number of times
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #629677 - TPS: token enrollment fails.
- Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN
in a SCEP request
- Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection
pools not reliable - improve connections or discovery
- Bugzilla Bug #629769 - password decryption logs plain text password
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
CC - interface review
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
OCSP console for renewing SSL Server certificate.
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #607380 - CC: Make sure Java Console can configure all
security relevant config items
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
generated on TKS instead of TPS.
- Bugzilla Bug #489342 -
com.netscape.cms.servlet.common.CMCOutputTemplate.java
doesn\'t support EC
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
disable a CA that it serves
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #635033 - At installation wizard selecting key types other
than CA\'s signing cert will fail
- Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated
for SCEP signing and encryption.
- Bugzilla Bug #223336 - ECC: unable to clone a ECC CA
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
by Reason Code - onlySomeReasons ?
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
verification functions (JAVA subsystems)
- Bugzilla Bug #223313 - should do random generated IV param
for symmetric keys
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
ECC curve names (not on key sizes).
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
Certificates from the Same Request
- Bugzilla Bug #648757 - expose and use updated cert verification
function in JSS
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
of signature algorithm; and for ECC curves
- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
e.c. support
- Bugzilla Bug #651040 - cloning shoud not include sslserver
- Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to
CS.cfg files imcomplete when the cert is stored on a hsm
- Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . .
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
to talk to CA and complete configuration in DonePanel
- Bugzilla Bug #642359 - CC Feature - need to verify certificate when it
is added
- Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires
auditing
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #499494 - change CA defaults to SHA2
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
an administrator group.
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
as expected
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
validity
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
- Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an
error to TPS even if certificate in question is already revoked.
- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
in the console
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #658188 - remove remaining references to tomcat5
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
pkiCA, obsolete 2252 and 2256
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #661142 - Verification should fail when
a revoked certificate is added
- Bugzilla Bug #642741 - CS build uses deprecated functions
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
interface is no longer available through console
- \'pki-selinux\'
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer -
selinux changes
- \'pki-ca\'
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
logs in the java subsystems
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
- Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of
CC interface doc review
- Bugzilla Bug #621602 - pkiconsole: Click on \'Publishing\' option with
admin privilege throws error \"You are not authorized to perform this
operation\".
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
CC - interface review
- Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws
\'Internal Server Error\'.
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
OCSP console for renewing SSL Server certificate.
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
generated on TKS instead of TPS.
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
disable a CA that it serves
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
by Reason Code - onlySomeReasons ?
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
verification functions (JAVA subsystems)
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
ECC curve names (not on key sizes).
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
Certificates from the Same Request
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
of signature algorithm; and for ECC curves
- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA
release -- DRM and TKS do not seem to have CRL checking enabled
- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
correctly set up CC environment
- Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in
certificates (RFC 4262)
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
to talk to CA and complete configuration in DonePanel
- Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object
signing support in RHCS
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #499494 - change CA defaults to SHA2
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
an administrator group.
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
as expected
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
validity
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke
certs in TPS
- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
pkiCA, obsolete 2252 and 2256
- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
repository
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #661142 - Verification should fail when
a revoked certificate is added
- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key
usage
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
interface is no longer available through console
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
During CRL Generation
- \'pki-silent\'
- Bugzilla Bug #627309 - pkisilent subca configuration fails.
- Bugzilla Bug #640091 - pkisilent panels need to match with changed java
subsystems
- Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM
Clone.
- Bugzilla Bug #643053 - pkisilent DRM configuration fails
- Bugzilla Bug #583754 - pki-silent needs an option to configure signing
algorithm for CA certificates
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module
Panel up to before Security Domain Panel
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #588323 - Failed to enable cipher 0xc001
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves,
signing algorithm
- Bugzilla Bug #658641 - pkisilent doesn\'t not properly handle passwords
with special characters
- Bugzilla Bug #642741 - CS build uses deprecated functions

Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-3
- Bugzilla Bug #668839 - Review Request: pki-core
- Removed empty \"pre\" from \"pki-ca\"
- Consolidated directory ownership
- Corrected file ownership within subpackages
- Removed all versioning from NSS and NSPR packages

Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-2
- Bugzilla Bug #668839 - Review Request: pki-core
- Added component versioning comments
- Updated JSS from \"4.2.6-10\" to \"4.2.6-12\"
- Modified installation section to preserve timestamps
- Removed sectional comments

Wed Dec 1 13:00:00 2010 Matthew Harmsen 9.0.0-1
- Initial revision. (kwrightAATTredhat.com & mharmsenAATTredhat.com)


  
ICM