|
|
|
|
Changelog for pki-tools-10.0.3-2.fc19.x86_64.rpm :
Mon Jun 10 14:00:00 2013 Ade Lee 10.0.3-2 - TRAC Ticket 646 - PKCS12Export fails on F19 - Bugzilla Bug 961522 - allows key to be exported
Thu Jun 6 14:00:00 2013 Ade Lee 10.0.3-1 - Change release number for official release.
Wed Jun 5 14:00:00 2013 Matthew Harmsen 10.0.3-0.2 - TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of \'/usr/share/pki/etc/\' directory
Tue May 7 14:00:00 2013 Ade Lee 10.0.3-0.1 - Roll release to next version.
Mon May 6 14:00:00 2013 Endi S. Dewata 10.0.2-5 - Fixed incorrect JNI_JAR_DIR.
Sat May 4 14:00:00 2013 Ade Lee 10.0.2-4 - TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build
Sat May 4 14:00:00 2013 Ade Lee 10.0.2-3 - TRAC Ticket 604 Added fallback methods for pkispawn tests
Mon Apr 29 14:00:00 2013 Endi S. Dewata 10.0.2-2 - Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall
Fri Apr 26 14:00:00 2013 Ade Lee 10.0.2-1 - Change release number for official release.
Thu Apr 25 14:00:00 2013 Ade Lee 10.0.2-0.8 - Added %pretrans script for f19 - Added java-atk-wrapper dependency
Wed Apr 24 14:00:00 2013 Endi S. Dewata 10.0.2-0.7 - Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.
Tue Apr 23 14:00:00 2013 Endi S. Dewata 10.0.2-0.6 - Added dependency on commons-io.
Mon Apr 22 14:00:00 2013 Ade Lee 10.0.2-0.5 - Add /var/log/pki and /var/lib/pki directories
Tue Apr 16 14:00:00 2013 Endi S. Dewata 10.0.2-0.4 - Run pki-upgrade on post server installation.
Mon Apr 15 14:00:00 2013 Endi S. Dewata 10.0.2-0.3 - Added dependency on python-lxml.
Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.2-0.2 - Added pki-upgrade script.
Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.2-0.1 - Updated version number to 10.0.2-0.1.
Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.1-9 - Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.
Tue Mar 19 13:00:00 2013 Ade Lee 10.0.1-8 - Removed jython dependency
Mon Mar 11 13:00:00 2013 Endi S. Dewata 10.0.1-7 - Added minimum python-requests version.
Fri Mar 8 13:00:00 2013 Matthew Harmsen 10.0.1-6 - Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar
Thu Mar 7 13:00:00 2013 Endi S. Dewata 10.0.1-5 - Added dependency on python-requests. - Reorganized Python module packaging.
Thu Mar 7 13:00:00 2013 Endi S. Dewata 10.0.1-4 - Added dependency on python-ldap.
Mon Mar 4 13:00:00 2013 Matthew Harmsen 10.0.1-3 - TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .
Fri Mar 1 13:00:00 2013 Matthew Harmsen 10.0.1-2 - Removed runtime dependency on \'pki-server-theme\' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme
Tue Jan 15 13:00:00 2013 Ade Lee 10.0.1-1 - TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix \'status\' command in \'pkidaemon\' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies
Wed Jan 9 13:00:00 2013 Matthew Harmsen 10.0.0-5 - TRAC Ticket #430 - License for 3rd party code
Fri Jan 4 13:00:00 2013 Matthew Harmsen 10.0.0-4 - TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception
Wed Dec 12 13:00:00 2012 Ade Lee 10.0.0-3 - Replaced file dependencies with package dependencies
Mon Dec 10 13:00:00 2012 Ade Lee 10.0.0-2 - Updated man pages
Fri Dec 7 13:00:00 2012 Ade Lee 10.0.0-1 - Update to official release for rc1
Thu Dec 6 13:00:00 2012 Matthew Harmsen 10.0.0-0.56.b3 - TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for \'pki.1\' and \'pki_default.cfg.5\' man pages.
Thu Dec 6 13:00:00 2012 Endi S. Dewata 10.0.0-0.55.b3 - Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.
Tue Dec 4 13:00:00 2012 Endi S. Dewata 10.0.0-0.54.b3 - Moved default deployment configuration to /etc/pki.
Mon Nov 19 13:00:00 2012 Ade Lee 10.0.0-0.53.b3 - Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version
Mon Nov 12 13:00:00 2012 Ade Lee 10.0.0-0.52.b3 - Update release to b3
Fri Nov 9 13:00:00 2012 Endi S. Dewata 10.0.0-0.51.b2 - Removed dependency on CA, KRA, OCSP, TKS theme packages.
Thu Nov 8 13:00:00 2012 Endi S. Dewata 10.0.0-0.50.b2 - Renamed pki-common-theme to pki-server-theme.
Thu Nov 8 13:00:00 2012 Matthew Harmsen 10.0.0-0.49.b2 - TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to \'pki-server\'
Mon Oct 29 13:00:00 2012 Ade Lee 10.0.0-0.48.b2 - Update release to b2
Wed Oct 24 14:00:00 2012 Matthew Harmsen 10.0.0-0.47.b1 - TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
Tue Oct 23 14:00:00 2012 Ade Lee 10.0.0-0.46.b1 - Added Obsoletes for pki-selinux
Tue Oct 23 14:00:00 2012 Ade Lee 10.0.0-0.45.b1 - Remove build of pki-selinux for f18, use system policy instead
Fri Oct 12 14:00:00 2012 Ade Lee 10.0.0-0.44.b1 - Update required tomcatjss version - Added net-tools dependency
Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.43.b1 - Update selinux-policy version to fix error from latest policy changes
Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.42.b1 - Fix typo in selinux policy versions
Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.41.b1 - Added build requires for correct version of selinux-policy-devel
Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.40.b1 - Update release to b1
Fri Oct 5 14:00:00 2012 Endi S. Dewata 10.0.0-0.40.a2 - Merged pki-silent into pki-server.
Fri Oct 5 14:00:00 2012 Endi S. Dewata 10.0.0-0.39.a2 - Renamed \"shared\" folder to \"server\".
Fri Oct 5 14:00:00 2012 Ade Lee 10.0.0-0.38.a2 - Added required selinux versions for new policy.
Tue Oct 2 14:00:00 2012 Endi S. Dewata 10.0.0-0.37.a2 - Added Provides to packages replacing obsolete packages.
Mon Oct 1 14:00:00 2012 Ade Lee 10.0.0-0.36.a2 - Update release to a2
Sun Sep 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.36.a1 - Modified CMake to use RPM version number
Tue Sep 25 14:00:00 2012 Endi S. Dewata 10.0.0-0.35.a1 - Added VERSION file
Mon Sep 24 14:00:00 2012 Endi S. Dewata 10.0.0-0.34.a1 - Merged pki-setup into pki-server
Thu Sep 13 14:00:00 2012 Ade Lee 10.0.0-0.33.a1 - Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem
Wed Sep 12 14:00:00 2012 Matthew Harmsen 10.0.0-0.32.a1 - TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM \"update\" . . . - TRAC Ticket #317 - Dogtag 10: Move \"pkispawn\"/\"pkidestroy\" from /usr/bin to /usr/sbin . . .
Wed Sep 12 14:00:00 2012 Endi S. Dewata 10.0.0-0.31.a1 - Fixed pki-server to include everything in shared dir.
Tue Sep 11 14:00:00 2012 Endi S. Dewata 10.0.0-0.30.a1 - Added build dependency on redhat-rpm-config.
Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.29.a1 - Merged Javadoc packages.
Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.28.a1 - Added pki-tomcat.jar.
Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.27.a1 - Moved webapp creation code into pkispawn.
Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.26.a1 - Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.
Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.25.a1 - Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.
Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.24.a1 - Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.
Thu Aug 16 14:00:00 2012 Matthew Harmsen 10.0.0-0.23.a1 - Updated release of \'tomcatjss\' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for \'pki-deploy\' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common
Mon Aug 13 14:00:00 2012 Endi S. Dewata 10.0.0-0.22.a1 - Added pki-client.jar.
Fri Jul 27 14:00:00 2012 Endi S. Dewata 10.0.0-0.21.a1 - Merged pki-jndi-realm.jar into pki-cmscore.jar.
Tue Jul 24 14:00:00 2012 Matthew Harmsen 10.0.0-0.20.a1 - PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .
Wed Jul 11 14:00:00 2012 Matthew Harmsen 10.0.0-0.19.a1 - Moved \'pki-jndi-real.jar\' link from \'tomcat6\' to \'tomcat\' (Tomcat 7)
Thu Jun 14 14:00:00 2012 Matthew Harmsen 10.0.0-0.18.a1 - Updated release of \'tomcatjss\' to rely on Tomcat 7 for Fedora 18
Tue May 29 14:00:00 2012 Endi S. Dewata 10.0.0-0.17.a1 - Added CLI for REST services
Fri May 18 14:00:00 2012 Matthew Harmsen 10.0.0-0.16.a1 - Integration of Tomcat 7 - Addition of centralized \'pki-tomcatd\' systemd functionality to the PKI Deployment strategy - Removal of \'pki_flavor\' attribute
Mon Apr 16 14:00:00 2012 Ade Lee 10.0.0-0.15.a1 - BZ 813075 - selinux denial for file size access
Thu Apr 5 14:00:00 2012 Christina Fu 10.0.0-0.14.a1 - Bug 745278 - [RFE] ECC encryption keys cannot be archived
Tue Mar 27 14:00:00 2012 Endi S. Dewata 10.0.0-0.13.a1 - Replaced candlepin-deps with resteasy
Fri Mar 23 13:00:00 2012 Endi S. Dewata 10.0.0-0.12.a1 - Added option to build without Javadoc
Fri Mar 16 13:00:00 2012 Ade Lee 10.0.0-0.11.a1 - BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules
Wed Mar 14 13:00:00 2012 Matthew Harmsen 10.0.0-0.10.a1 - Corrected \'junit\' dependency check
Mon Mar 12 13:00:00 2012 Matthew Harmsen 10.0.0-0.9.a1 - Initial attempt at PKI deployment framework described in \'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment\'.
Fri Mar 9 13:00:00 2012 Jack Magne 10.0.0-0.8.a1 - Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.
Fri Mar 2 13:00:00 2012 Matthew Harmsen 10.0.0-0.7.a1 - For \'mock\' purposes, removed platform-specific logic from around the \'patch\' files so that ALL \'patch\' files will be included in the SRPM.
Wed Feb 29 13:00:00 2012 Endi S. Dewata 10.0.0-0.6.a1 - Removed dependency on OSUtil.
Tue Feb 28 13:00:00 2012 Ade Lee 10.0.0-0.5.a1 - \'pki-selinux\' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
Thu Feb 23 13:00:00 2012 Endi S. Dewata 10.0.0-0.4.a1 - Added dependency on Apache Commons Codec.
Wed Feb 22 13:00:00 2012 Matthew Harmsen 10.0.0-0.3.a1 - Add \'-DSYSTEMD_LIB_INSTALL_DIR\' override flag to \'cmake\' to address changes in fundamental path structure in Fedora 17 - \'pki-setup\' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - \'pki-selinux\' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
Mon Feb 20 13:00:00 2012 Matthew Harmsen 10.0.0-0.2.a1 - Integrated \'pki-kra\' into \'pki-core\' - Integrated \'pki-ocsp\' into \'pki-core\' - Integrated \'pki-tks\' into \'pki-core\' - Bugzilla Bug #788787 - added \'junit\'/\'junit4\' build-time requirements
Wed Feb 1 13:00:00 2012 Nathan Kinder 10.0.0-0.1.a1 - Updated package version number
Mon Jan 16 13:00:00 2012 Ade Lee 9.0.16-3 - Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup
Mon Nov 28 13:00:00 2011 Endi S. Dewata 9.0.16-2 - Added JUnit tests
Fri Oct 28 14:00:00 2011 Matthew Harmsen 9.0.16-1 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - \'pki-silent\'
Thu Sep 22 14:00:00 2011 Matthew Harmsen 9.0.15-1 - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - \'pki-setup\' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - \'pki-symkey\' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - \'pki-native-tools\' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - \'pki-util\' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - \'pki-selinux\' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - \'pki-ca\' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - \'pki-silent\' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)
Fri Sep 9 14:00:00 2011 Matthew Harmsen 9.0.14-1 - \'pki-setup\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-symkey\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-native-tools\' - \'pki-util\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-java-tools\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-common\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - \'pki-silent\' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
Tue Sep 6 14:00:00 2011 Ade Lee 9.0.13-1 - \'pki-setup\' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - \'pki-ca\' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - \'pki-common\' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)
Tue Aug 23 14:00:00 2011 Matthew Harmsen 9.0.12-1 - \'pki-setup\' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - \'pki-symkey\' - \'pki-native-tools\' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - \'pki-util\' - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - \'pki-selinux\' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - \'pki-ca\' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - \'pki-silent\'
Wed Aug 10 14:00:00 2011 Matthew Harmsen 9.0.11-1 - \'pki-setup\' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #724861 - DRMTool: fix duplicate \"dn:\" records by renumbering \"cn=\" (mharmsen) - \'pki-common\' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - \'pki-selinux\' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - \'pki-ca\' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - \'pki-silent\' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)
Fri Jul 22 14:00:00 2011 Matthew Harmsen 9.0.10-1 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - \'pki-silent\'
Thu Jul 14 14:00:00 2011 Matthew Harmsen 9.0.9-1 - Updated release of \'jss\' - Updated release of \'tomcatjss\' for Fedora 15 - \'pki-setup\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-symkey\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-native-tools\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-util\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-java-tools\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-common\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws \'Invalid protocol\' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA\'s signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-selinux\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in \"Enforcing\" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-ca\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - \'pki-silent\' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-2 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Added \'DRMTool.cfg\' configuration file to inventory - \'pki-common\' - \'pki-selinux\' - \'pki-ca\' - \'pki-silent\'
Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-1 - \'pki-setup\' - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #532548 - Tool to do DRM re-key - \'pki-common\' - \'pki-selinux\' - \'pki-ca\' - \'pki-silent\'
Tue Apr 26 14:00:00 2011 Matthew Harmsen 9.0.7-1 - \'pki-setup\' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - \'pki-common\' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws \'Invalid protocol\' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - \'pki-silent\'
Mon Apr 11 14:00:00 2011 Matthew Harmsen 9.0.6-2 - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.6-1 - Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - \'pki-setup\' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port throws file not found exception. - \'pki-common\' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - \'pki-selinux\' - \'pki-ca\' - \'pki-silent\'
Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.5-2 - Bugzilla Bug #693327 - Missing requires: tomcatjss
Fri Mar 25 13:00:00 2011 Matthew Harmsen 9.0.5-1 - Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require \"jss >= 4.2.6-15\" as a build and runtime requirement - Require \"tomcatjss >= 2.1.1\" as a build and runtime requirement for Fedora 15 and later platforms - \'pki-setup\' - Bugzilla Bug #688287 - Add \"deprecation\" notice regarding using \"shared ports\" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - \'pki-common\' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with \'signing operation failed\' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - \'pki-selinux\' - Bugzilla Bug #684871 - ldaps selinux link change - \'pki-ca\' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with \'signing operation failed\' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port throws file not found exception.(profile and CS.cfg only) - \'pki-silent\'
Thu Mar 17 13:00:00 2011 Matthew Harmsen 9.0.4-1 - Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - \'pki-setup\' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - \'pki-common\' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - \'pki-selinux\' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - \'pki-ca\' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - \'pki-silent\' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s classpath
Wed Feb 9 13:00:00 2011 Matthew Harmsen 9.0.3-2 - \'pki-common\' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance
Fri Feb 4 13:00:00 2011 Matthew Harmsen 9.0.3-1 - \'pki-common\' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line
Thu Feb 3 13:00:00 2011 Matthew Harmsen 9.0.2-1 - Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - \'pki-setup\' - Bugzilla Bug #673638 - Installation within IPA hangs - \'pki-symkey\' - \'pki-native-tools\' - \'pki-util\' - \'pki-java-tools\' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by \'netscape.security.provider\' package - \'pki-common\' - Bugzilla Bug #672291 - CA is not publishing certificates issued using \"Manual User Dual-Use Certificate Enrollment\" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the \"begin\" state instead of \"complete\". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using \"Manual User Dual-Use Certificate Enrollment\" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by \'netscape.security.provider\' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws \'Duplicate policy\' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - \'pki-selinux\' - \'pki-ca\' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - \'pki-silent\' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by \'netscape.security.provider\' package
Wed Feb 2 13:00:00 2011 Matthew Harmsen 9.0.1-3 - Bugzilla Bug #656661 - Please Update Spec File to use \'ghost\' on files in /var/run and /var/lock
Thu Jan 20 13:00:00 2011 Matthew Harmsen 9.0.1-2 - \'pki-symkey\' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - \'pki-common\' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries
Tue Jan 18 13:00:00 2011 Matthew Harmsen 9.0.1-1 - Allow \'pki-native-tools\' to be installed independently of \'pki-setup\' - Removed explicit \'pki-setup\' requirement from \'pki-ca\' (since it already requires \'pki-common\') - \'pki-setup\' - Bugzilla Bug #223343 - pkicreate: should add \'pkiuser\' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta- * jars have been renamed to apache- *, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - \'pki-symkey\' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - \'pki-native-tools\' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - \'pki-util\' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA\'s signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - \'pki-java-tools\' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - \'pki-common\' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA\'s admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn\'t support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA\'s signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - \'pki-selinux\' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - \'pki-ca\' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on \'Publishing\' option with admin privilege throws error \"You are not authorized to perform this operation\". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws \'Internal Server Error\'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - \'pki-silent\' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn\'t not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions
Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-3 - Bugzilla Bug #668839 - Review Request: pki-core - Removed empty \"pre\" from \"pki-ca\" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages
Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-2 - Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from \"4.2.6-10\" to \"4.2.6-12\" - Modified installation section to preserve timestamps - Removed sectional comments
Wed Dec 1 13:00:00 2010 Matthew Harmsen 9.0.0-1 - Initial revision. (kwrightAATTredhat.com & mharmsenAATTredhat.com)
|
|
|