|
|
|
|
Changelog for pki-setup-9.0.27-1.fc17.noarch.rpm :
Wed Jun 26 14:00:00 2013 Andrew Wnuk 9.0.27-1 - Bugzilla Bug #976788 - pki-ca 9.0.26 add new required option, -client_token_name update - Bugzilla Bug #961522 - Added directory and pin enrollment profile - Bugzilla Bug #883122 - Added UTF8 to default encoding order
Tue Jun 25 14:00:00 2013 Jack Magne 9.0.26-2 - Bugzilla Bug #976788 - pki-ca 9.0.26 add new required option, -client_token_name
Fri May 24 14:00:00 2013 Andrew Wnuk 9.0.26-1 - Bugzilla Bug #912554 - [RFE] Random certificate serial numbers - Bugzilla Bug #958310 - [RFE] Randomized certificate validity - Bugzilla Bug #919556 - [RFE] Option to include nextUpdate as an offset to thisUpdate - Bugzilla Bug #839426 - [RFE] ECC CRL support for OCSP - Trac Ticket #362 - [RFE] CMC ECC - Bugzilla Bug #810967 - [RFE] ECC support for pkisilent - Bugzilla Bug #861467 - [RFE] AD authentication plug-in update - Bugzilla Bug #891985 - Extended default CA validity - Bugzilla Bug #951501 - Corrected JavaScript issue with big numbers - Bugzilla Bug #955784 - Corrected JavaScript inability to handle big numbers - Bugzilla Bug #913313 - CA system certificates with random serial numbers - Bugzilla Bug #920816 - Cloning of CA with random serial number enabled - Bugzilla Bug #922264 - Allow for safe clone restart during configuration change - Bugzilla Bug #922121 - Cloning improvement for random certificate serial numbers
Tue Dec 11 13:00:00 2012 Andrew Wnuk 9.0.25-1 - Bugzilla Bug #861467 - Directory authenticated user certificate enrollments fail when anonymous access disabled. - Bugzilla Bug #884829 - Multiple cross-site scripting flaws
Tue Oct 30 13:00:00 2012 Andrew Wnuk 9.0.24-1 - New official build - Used GetStatus servlet to provide startup status - (alee) - Audit Cert Renewal - Bugzilla Bug #843979 (mharmsen) - time based searches - Bugzilla Bug #854420 (awnuk) - TMS ECC infrastructure - ticket #304 (cfu)
Fri Sep 7 14:00:00 2012 Matthew Harmsen 9.0.23-1 - TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks in an instance (support for non-default instance names) (mharmsen) - Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to internal db in cert status thread. (jmagne)
Wed Aug 22 14:00:00 2012 Ade Lee 9.0.22-1 - Reverted selinux changes that broke f16 selinux policy. - Reapplied those changes as a modified patch to f17 build.
Fri Jul 20 14:00:00 2012 Ade Lee 9.0.21-1 - Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag
Mon May 7 14:00:00 2012 Andrew Wnuk 9.0.20-1 - New official build
Mon May 7 14:00:00 2012 Ade Lee 9.0.19-4 - Bugzilla Bug #819111 - non-existent container breaks replication
Mon Apr 16 14:00:00 2012 Ade Lee 9.0.19-3 - Bugzilla Bug #813075 - selinux denial for file size access
Tue Apr 10 14:00:00 2012 Christina Fu 9.0.19-2 - Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
Fri Mar 16 13:00:00 2012 Ade Lee 9.0.19-1 - BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules
Fri Mar 9 13:00:00 2012 Matthew Harmsen 9.0.18-1 - Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync with DOGTAG_9_BRANCH SVN repository . . . - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - Bugzilla Bug #784387 - Configuration wizard does not provide option to issue ECC credentials for admin during ECC CA configuration. - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #768138 - Make sure that paging works correctly in CA and DRM - Bugzilla Bug #771768 - \"Agent-Authenticated File Signing\" alters file digest for \"logo_header.gif\" - Bugzilla Bug #703608 - Enrollment Profile template Javascript code problem for handling non-dual ECC - Bugzilla Bug #223358 - new profile for ECC key generation - Bugzilla Bug #787806 - RSA should be default selection for transport key till \"ECC phase 4\" is implemented - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #703608 - Enrollment Profile template Javascript code problem for handling non-dual ECC - Bugzilla Bug #223358 - new profile for ECC key generation - Bugzilla Bug #787806 - RSA should be default selection for transport key till \"ECC phase 4\" is implemented - \'pki-silent\' - Bugzilla Bug #801840 - pki_silent.template missing opening brace for ca_external variable
Fri Mar 2 13:00:00 2012 Matthew Harmsen 9.0.17-4 - For \'mock\' purposes, removed platform-specific logic from around the \'patch\' files so that ALL \'patch\' files will be included in the SRPM.
Tue Feb 28 13:00:00 2012 Ade Lee 9.0.17-3 - \'pki-selinux\' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
Wed Feb 22 13:00:00 2012 Matthew Harmsen 9.0.17-2 - Add \'-DSYSTEMD_LIB_INSTALL_DIR\' override flag to \'cmake\' to address changes in fundamental path structure in Fedora 17 - \'pki-setup\' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - \'pki-selinux\' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
Thu Jan 5 13:00:00 2012 Matthew Harmsen 9.0.17-1 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - Bugzilla Bug #771357 - sslget does not work after FEDORA-2011-17400 update, breaking FreeIPA install - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the middle of an ldif entry. - \'pki-common\' - Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1 displays issuedcerts and cert_Info params as base 64 blobs. - Bugzilla Bug #756133 - Some DRM components are not referring properly to DRM\'s request and key records. - Bugzilla Bug #758505 - DRM\'s request list breaks after migration of request records with big IDs. - Bugzilla Bug #768138 - Make sure that paging works correctly in CA and DRM - \'pki-selinux\' - \'pki-ca\' - \'pki-silent\'
Fri Oct 28 14:00:00 2011 Matthew Harmsen 9.0.16-1 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - \'pki-silent\'
Thu Sep 22 14:00:00 2011 Matthew Harmsen 9.0.15-1 - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - \'pki-setup\' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - \'pki-symkey\' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - \'pki-native-tools\' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - \'pki-util\' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - \'pki-selinux\' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - \'pki-ca\' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - \'pki-silent\' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)
Fri Sep 9 14:00:00 2011 Matthew Harmsen 9.0.14-1 - \'pki-setup\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-symkey\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-native-tools\' - \'pki-util\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-java-tools\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-common\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - \'pki-silent\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
Tue Sep 6 14:00:00 2011 Ade Lee 9.0.13-1 - \'pki-setup\' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - \'pki-ca\' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - \'pki-common\' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)
Tue Aug 23 14:00:00 2011 Matthew Harmsen 9.0.12-1 - \'pki-setup\' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - \'pki-symkey\' - \'pki-native-tools\' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - \'pki-util\' - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - \'pki-selinux\' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - \'pki-ca\' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - \'pki-silent\'
Wed Aug 10 14:00:00 2011 Matthew Harmsen 9.0.11-1 - \'pki-setup\' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #724861 - DRMTool: fix duplicate \"dn:\" records by renumbering \"cn=\" (mharmsen) - \'pki-common\' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - \'pki-selinux\' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - \'pki-ca\' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - \'pki-silent\' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)
Fri Jul 22 14:00:00 2011 Matthew Harmsen 9.0.10-1 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - \'pki-silent\'
Thu Jul 14 14:00:00 2011 Matthew Harmsen 9.0.9-1 - Updated release of \'jss\' - Updated release of \'tomcatjss\' for Fedora 15 - \'pki-setup\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-symkey\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-native-tools\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-util\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-java-tools\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-common\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws \'Invalid protocol\' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA\'s signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-selinux\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in \"Enforcing\" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-ca\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-silent\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-2 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Added \'DRMTool.cfg\' configuration file to inventory - \'pki-common\' - \'pki-selinux\' - \'pki-ca\' - \'pki-silent\'
Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-1 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #532548 - Tool to do DRM re-key - \'pki-common\' - \'pki-selinux\' - \'pki-ca\' - \'pki-silent\'
Tue Apr 26 14:00:00 2011 Matthew Harmsen 9.0.7-1 - \'pki-setup\' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws \'Invalid protocol\' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - \'pki-silent\'
Mon Apr 11 14:00:00 2011 Matthew Harmsen 9.0.6-2 - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.6-1 - Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - \'pki-setup\' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port throws file not found exception. - \'pki-common\' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - \'pki-selinux\' - \'pki-ca\' - \'pki-silent\'
Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.5-2 - Bugzilla Bug #693327 - Missing requires: tomcatjss
Fri Mar 25 13:00:00 2011 Matthew Harmsen 9.0.5-1 - Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require \"jss >= 4.2.6-15\" as a build and runtime requirement - Require \"tomcatjss >= 2.1.1\" as a build and runtime requirement for Fedora 15 and later platforms - \'pki-setup\' - Bugzilla Bug #688287 - Add \"deprecation\" notice regarding using \"shared ports\" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - \'pki-common\' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with \'signing operation failed\' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - \'pki-selinux\' - Bugzilla Bug #684871 - ldaps selinux link change - \'pki-ca\' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with \'signing operation failed\' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port throws file not found exception.(profile and CS.cfg only) - \'pki-silent\'
Thu Mar 17 13:00:00 2011 Matthew Harmsen 9.0.4-1 - Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - \'pki-setup\' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - \'pki-common\' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - \'pki-selinux\' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - \'pki-ca\' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - \'pki-silent\' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s classpath
Wed Feb 9 13:00:00 2011 Matthew Harmsen 9.0.3-2 - \'pki-common\' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance
Fri Feb 4 13:00:00 2011 Matthew Harmsen 9.0.3-1 - \'pki-common\' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line
Thu Feb 3 13:00:00 2011 Matthew Harmsen 9.0.2-1 - Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - \'pki-setup\' - Bugzilla Bug #673638 - Installation within IPA hangs - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by \'netscape.security.provider\' package - \'pki-common\' - Bugzilla Bug #672291 - CA is not publishing certificates issued using \"Manual User Dual-Use Certificate Enrollment\" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the \"begin\" state instead of \"complete\". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using \"Manual User Dual-Use Certificate Enrollment\" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by \'netscape.security.provider\' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws \'Duplicate policy\' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - \'pki-silent\' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by \'netscape.security.provider\' package
Wed Feb 2 13:00:00 2011 Matthew Harmsen 9.0.1-3 - Bugzilla Bug #656661 - Please Update Spec File to use \'ghost\' on files in /var/run and /var/lock
Thu Jan 20 13:00:00 2011 Matthew Harmsen 9.0.1-2 - \'pki-symkey\' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - \'pki-common\' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries
Tue Jan 18 13:00:00 2011 Matthew Harmsen 9.0.1-1 - Allow \'pki-native-tools\' to be installed independently of \'pki-setup\' - Removed explicit \'pki-setup\' requirement from \'pki-ca\' (since it already requires \'pki-common\') - \'pki-setup\' - Bugzilla Bug #223343 - pkicreate: should add \'pkiuser\' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta- * jars have been renamed to apache- *, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - \'pki-symkey\' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - \'pki-native-tools\' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - \'pki-util\' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA\'s signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - \'pki-java-tools\' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - \'pki-common\' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA\'s admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn\'t support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA\'s signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - \'pki-selinux\' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - \'pki-ca\' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on \'Publishing\' option with admin privilege throws error \"You are not authorized to perform this operation\". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws \'Internal Server Error\'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - \'pki-silent\' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn\'t not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions
Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-3 - Bugzilla Bug #668839 - Review Request: pki-core - Removed empty \"pre\" from \"pki-ca\" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages
Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-2 - Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from \"4.2.6-10\" to \"4.2.6-12\" - Modified installation section to preserve timestamps - Removed sectional comments
Wed Dec 1 13:00:00 2010 Matthew Harmsen 9.0.0-1 - Initial revision. (kwrightAATTredhat.com & mharmsenAATTredhat.com)
|
|
|