SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pki-ca-9.0.27-1.fc17.noarch.rpm :
Wed Jun 26 14:00:00 2013 Andrew Wnuk 9.0.27-1
- Bugzilla Bug #976788 - pki-ca 9.0.26 add new required option, -client_token_name
update
- Bugzilla Bug #961522 - Added directory and pin enrollment profile
- Bugzilla Bug #883122 - Added UTF8 to default encoding order

Tue Jun 25 14:00:00 2013 Jack Magne 9.0.26-2
- Bugzilla Bug #976788 - pki-ca 9.0.26 add new required option, -client_token_name

Fri May 24 14:00:00 2013 Andrew Wnuk 9.0.26-1
- Bugzilla Bug #912554 - [RFE] Random certificate serial numbers
- Bugzilla Bug #958310 - [RFE] Randomized certificate validity
- Bugzilla Bug #919556 - [RFE] Option to include nextUpdate as an offset
to thisUpdate
- Bugzilla Bug #839426 - [RFE] ECC CRL support for OCSP
- Trac Ticket #362 - [RFE] CMC ECC
- Bugzilla Bug #810967 - [RFE] ECC support for pkisilent
- Bugzilla Bug #861467 - [RFE] AD authentication plug-in update
- Bugzilla Bug #891985 - Extended default CA validity
- Bugzilla Bug #951501 - Corrected JavaScript issue with big numbers
- Bugzilla Bug #955784 - Corrected JavaScript inability to handle big numbers
- Bugzilla Bug #913313 - CA system certificates with random serial numbers
- Bugzilla Bug #920816 - Cloning of CA with random serial number enabled
- Bugzilla Bug #922264 - Allow for safe clone restart during configuration change
- Bugzilla Bug #922121 - Cloning improvement for random certificate serial numbers

Tue Dec 11 13:00:00 2012 Andrew Wnuk 9.0.25-1
- Bugzilla Bug #861467 - Directory authenticated user certificate enrollments
fail when anonymous access disabled.
- Bugzilla Bug #884829 - Multiple cross-site scripting flaws

Tue Oct 30 13:00:00 2012 Andrew Wnuk 9.0.24-1
- New official build
- Used GetStatus servlet to provide startup status - (alee)
- Audit Cert Renewal - Bugzilla Bug #843979 (mharmsen)
- time based searches - Bugzilla Bug #854420 (awnuk)
- TMS ECC infrastructure - ticket #304 (cfu)

Fri Sep 7 14:00:00 2012 Matthew Harmsen 9.0.23-1
- TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks
in an instance (support for non-default instance names) (mharmsen)
- Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to
internal db in cert status thread. (jmagne)

Wed Aug 22 14:00:00 2012 Ade Lee 9.0.22-1
- Reverted selinux changes that broke f16 selinux policy.
- Reapplied those changes as a modified patch to f17 build.

Fri Jul 20 14:00:00 2012 Ade Lee 9.0.21-1
- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag

Mon May 7 14:00:00 2012 Andrew Wnuk 9.0.20-1
- New official build

Mon May 7 14:00:00 2012 Ade Lee 9.0.19-4
- Bugzilla Bug #819111 - non-existent container breaks replication

Mon Apr 16 14:00:00 2012 Ade Lee 9.0.19-3
- Bugzilla Bug #813075 - selinux denial for file size access

Tue Apr 10 14:00:00 2012 Christina Fu 9.0.19-2
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived

Fri Mar 16 13:00:00 2012 Ade Lee 9.0.19-1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
- Corrected patch selected for selinux f17 rules

Fri Mar 9 13:00:00 2012 Matthew Harmsen 9.0.18-1
- Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
with DOGTAG_9_BRANCH SVN repository . . .
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #784387 - Configuration wizard does not provide option
to issue ECC credentials for admin during ECC CA configuration.
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA
and DRM
- Bugzilla Bug #771768 - \"Agent-Authenticated File Signing\" alters
file digest for \"logo_header.gif\"
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till \"ECC phase 4\" is implemented
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till \"ECC phase 4\" is implemented
- \'pki-silent\'
- Bugzilla Bug #801840 - pki_silent.template missing opening brace for
ca_external variable

Fri Mar 2 13:00:00 2012 Matthew Harmsen 9.0.17-4
- For \'mock\' purposes, removed platform-specific logic from around
the \'patch\' files so that ALL \'patch\' files will be included in
the SRPM.

Tue Feb 28 13:00:00 2012 Ade Lee 9.0.17-3
- \'pki-selinux\'
- Added platform-dependent patches for SELinux component
- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)

Wed Feb 22 13:00:00 2012 Matthew Harmsen 9.0.17-2
- Add \'-DSYSTEMD_LIB_INSTALL_DIR\' override flag to \'cmake\' to address changes
in fundamental path structure in Fedora 17
- \'pki-setup\'
- Hard-code Perl dependencies to protect against bugs such as
Bugzilla Bug #772699 - Adapt perl and python fileattrs to
changed file 5.10 magics
- \'pki-selinux\'
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess

Thu Jan 5 13:00:00 2012 Matthew Harmsen 9.0.17-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- Bugzilla Bug #771357 - sslget does not work after FEDORA-2011-17400
update, breaking FreeIPA install
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the
middle of an ldif entry.
- \'pki-common\'
- Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1 displays
issuedcerts and cert_Info params as base 64 blobs.
- Bugzilla Bug #756133 - Some DRM components are not referring properly
to DRM\'s request and key records.
- Bugzilla Bug #758505 - DRM\'s request list breaks after migration of
request records with big IDs.
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA and
DRM
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'

Fri Oct 28 14:00:00 2011 Matthew Harmsen 9.0.16-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
the in-place upgrade( CS 8.0->8.1) (cfu)
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
(rawhide) . . . (mharmsen)
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
OCSP, and TKS package installation . . . (mharmsen)
- \'pki-silent\'

Thu Sep 22 14:00:00 2011 Matthew Harmsen 9.0.15-1
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-setup\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
- \'pki-symkey\'
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- \'pki-native-tools\'
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-util\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737218 - Incorrect request attribute name matching
ignores request attributes during request parsing. (awnuk)
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- \'pki-selinux\'
- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
- \'pki-ca\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-silent\'
- Bugzilla Bug #739201 - pkisilent does not take arch into account
as Java packages migrated to arch-dependent directories (mharmsen)

Fri Sep 9 14:00:00 2011 Matthew Harmsen 9.0.14-1
- \'pki-setup\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-symkey\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-java-tools\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-common\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-silent\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .

Tue Sep 6 14:00:00 2011 Ade Lee 9.0.13-1
- \'pki-setup\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-ca\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-common\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)

Tue Aug 23 14:00:00 2011 Matthew Harmsen 9.0.12-1
- \'pki-setup\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-symkey\'
- \'pki-native-tools\'
- Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
issues (awnuk)
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- \'pki-util\'
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #700522 - pki tomcat6 instances currently running
unconfined, allow server to come up when selinux disabled (alee)
- Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
correctly when subsystem cloned (using hsm) (alee)
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-selinux\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-ca\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-silent\'

Wed Aug 10 14:00:00 2011 Matthew Harmsen 9.0.11-1
- \'pki-setup\'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #724861 - DRMTool: fix duplicate \"dn:\" records by
renumbering \"cn=\" (mharmsen)
- \'pki-common\'
- Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
(jmagne, awnuk)
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- Bugzilla Bug #708075 - Clone installation does not work over NAT
(alee)
- Bugzilla Bug #726785 - If replication fails while setting up a clone
it will wait forever (alee)
- Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- \'pki-selinux\'
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- \'pki-ca\'
- Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
in IPA profile (awnuk)
- \'pki-silent\'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)

Fri Jul 22 14:00:00 2011 Matthew Harmsen 9.0.10-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
throws Token not found error. (jmagne)
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- Bugzilla Bug #722989 - Registering an agent when a subsystem is
created - does not log AUTHZ_SUCCESS event. (alee)
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
(awnuk)
- \'pki-silent\'

Thu Jul 14 14:00:00 2011 Matthew Harmsen 9.0.9-1
- Updated release of \'jss\'
- Updated release of \'tomcatjss\' for Fedora 15
- \'pki-setup\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-symkey\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-native-tools\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #717765 - TPS configuration: logging into security domain
from tps does not work with clientauth=want. (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-util\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-java-tools\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
processing) (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-common\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system
logs throws \'Invalid protocol\' for OCSP subsystems (alee)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (alee)
- Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (jmagne)
- Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
- Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
SubjectID=$Unidentified$ fails audit evaluation (jmagne)
- Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
subsequent SCEP requests. (awnuk)
- Bugzilla Bug #661142 - Verification should fail when a revoked
certificate is added. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
- Bugzilla Bug #707607 - Published certificate summary has list of
non-published certificates with succeeded status (jmagne)
- Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
for tps and ca on server shutdown (jmagne)
- Bugzilla Bug #697939 - DRM signed audit log message - operation should
be read instead of modify (jmagne)
- Bugzilla Bug #718427 - When audit log is full, server continue to
function. (alee)
- Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
CA\'s signedaudit log when a directory based user enrollment is
performed (jmagne)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-selinux\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #720503 - RA and TPS require additional SELinux
permissions to run in \"Enforcing\" mode (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-ca\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #699837 - service command is not fully backwards
compatible with Dogtag pki subsystems (mharmsen)
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
administrator group. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
pages (alee)
- Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
for a revocation invoked by EE user (awnuk)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-silent\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)

Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-2
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Added \'DRMTool.cfg\' configuration file to inventory
- \'pki-common\'
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'

Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #532548 - Tool to do DRM re-key
- \'pki-common\'
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'

Tue Apr 26 14:00:00 2011 Matthew Harmsen 9.0.7-1
- \'pki-setup\'
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- Bugzilla Bug #694569 - parameter used by pkiremove not updated
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs
throws \'Invalid protocol\' for OCSP subsystems
- Bugzilla Bug #694569 - parameter used by pkiremove not updated
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages
- Bugzilla Bug #694143 - CA Agent not returning specified request
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages
- Bugzilla Bug #698885 - Race conditions during IPA installation
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- Bugzilla Bug #699837 - service command is not fully backwards compatible
with Dogtag pki subsystems
- \'pki-silent\'

Mon Apr 11 14:00:00 2011 Matthew Harmsen 9.0.6-2
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.

Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.6-1
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
- Bugzilla Bug #693327 - Missing requires: tomcatjss
- \'pki-setup\'
- Bugzilla Bug #690626 - pkiremove removes the registry entry for
all instances on a machine
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port
throws file not found exception.
- \'pki-common\'
- Bugzilla Bug #692990 - Audit log messages needed to match CC doc:
DRM Recovery audit log messages
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'

Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.5-2
- Bugzilla Bug #693327 - Missing requires: tomcatjss

Fri Mar 25 13:00:00 2011 Matthew Harmsen 9.0.5-1
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
- Require \"jss >= 4.2.6-15\" as a build and runtime requirement
- Require \"tomcatjss >= 2.1.1\" as a build and runtime requirement
for Fedora 15 and later platforms
- \'pki-setup\'
- Bugzilla Bug #688287 - Add \"deprecation\" notice regarding using
\"shared ports\" in pkicreate -help . . .
- Bugzilla Bug #688251 - Dogtag installation under IPA takes
too much time - SELinux policy compilation
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple
extensions
- \'pki-common\'
- Bugzilla Bug #683581 - CA configuration with ECC(Default
EC curve-nistp521) CA fails with \'signing operation failed\'
- Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled
on the EE port
- \'pki-selinux\'
- Bugzilla Bug #684871 - ldaps selinux link change
- \'pki-ca\'
- Bugzilla Bug #683581 - CA configuration with ECC(Default
EC curve-nistp521) CA fails with \'signing operation failed\'
- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
- Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port
throws file not found exception.(profile and CS.cfg only)
- \'pki-silent\'

Thu Mar 17 13:00:00 2011 Matthew Harmsen 9.0.4-1
- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha)
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
instance
- Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found
- \'pki-setup\'
- Bugzilla Bug #678157 - uninitialized variable warnings from Perl
- Bugzilla Bug #679574 - Velocity fails to load all dependent classes
- Bugzilla Bug #680420 - xml-commons-apis.jar dependency
- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s
classpath
- Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library
name for SafeNet LunaSA
- \'pki-common\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- Bugzilla Bug #678715 - netstat loop fixes needed
- Bugzilla Bug #673609 - CC: authorize() call needs to be added to
getStats servlet
- \'pki-selinux\'
- Bugzilla Bug #674195: SELinux error message thrown during token
enrollment
- \'pki-ca\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- Bugzilla Bug #673609 - CC: authorize() call needs to be added to
getStats servlet
- Bugzilla Bug #676330 - init script cannot start service
- \'pki-silent\'
- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s
classpath

Wed Feb 9 13:00:00 2011 Matthew Harmsen 9.0.3-2
- \'pki-common\'
- Bugzilla Bug #676051 - IPA installation failing - Fails to create CA
instance
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
instance

Fri Feb 4 13:00:00 2011 Matthew Harmsen 9.0.3-1
- \'pki-common\'
- Bugzilla Bug #674894 - ipactl restart : an annoy output line
- Bugzilla Bug #675179 - ipactl restart : an annoy output line

Thu Feb 3 13:00:00 2011 Matthew Harmsen 9.0.2-1
- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes
- \'pki-setup\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
- \'pki-common\'
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
\"Manual User Dual-Use Certificate Enrollment\"
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection
error.
- Bugzilla Bug #504056 - Completed SCEP requests are assigned to the
\"begin\" state instead of \"complete\".
- Bugzilla Bug #504055 - SCEP requests are not properly populated
- Bugzilla Bug #564207 - Searches for completed requests in the agent
interface returns zero entries
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
\"Manual User Dual-Use Certificate Enrollment\" -
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
- Bugzilla Bug #672920 - CA console: adding policy to a profile throws
\'Duplicate policy\' error in some cases.
- Bugzilla Bug #673199 - init script returns control before web apps have
started
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
subsystem instances
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #504013 - sscep request is rejected due to authentication
error if submitted through one time pin router certificate enrollment.
- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
information
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
subsystem instances
- \'pki-silent\'
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package

Wed Feb 2 13:00:00 2011 Matthew Harmsen 9.0.1-3
- Bugzilla Bug #656661 - Please Update Spec File to use \'ghost\' on files
in /var/run and /var/lock

Thu Jan 20 13:00:00 2011 Matthew Harmsen 9.0.1-2
- \'pki-symkey\'
- Bugzilla Bug #671265 - pki-symkey jar version incorrect
- \'pki-common\'
- Bugzilla Bug #564207 - Searches for completed requests in the agent
interface returns zero entries

Tue Jan 18 13:00:00 2011 Matthew Harmsen 9.0.1-1
- Allow \'pki-native-tools\' to be installed independently of \'pki-setup\'
- Removed explicit \'pki-setup\' requirement from \'pki-ca\'
(since it already requires \'pki-common\')
- \'pki-setup\'
- Bugzilla Bug #223343 - pkicreate: should add \'pkiuser\' to nfast group
- Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP
and TKS.
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
OpenLDAP instead of the Mozldap
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #665388 - jakarta-
* jars have been renamed to apache-
*,
pkicreate fails Fedora 14 and above
- Bugzilla Bug #23346 - Two conflicting ACL list definitions in source
repository
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- \'pki-symkey\'
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #644056 - CS build contains warnings
- \'pki-native-tools\'
- template change
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
OpenLDAP instead of the Mozldap
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #644056 - CS build contains warnings
- \'pki-util\'
- Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical
cannot be set to true
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #635033 - At installation wizard selecting key types other
than CA\'s signing cert will fail
- Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and
CS interface
- Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse
ASN.1 encoding/decoding is broken
- Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1
encoding/decoding is incomplete
- Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1
encoding/decoding is incomplete
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #658188 - remove remaining references to tomcat5
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #223319 - Certificate Status inconsistency between token
db and CA
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
During CRL Generation
- \'pki-java-tools\'
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to
5000 bytes
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- \'pki-common\'
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
- Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable
started before configuration completed
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
logs in the java subsystems
- Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5
policy mappings (seem hardcoded)
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #548699 - subCA\'s admin certificate should be generated by
itself
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
- Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile
caAgentServerCert (null cert_request)
- Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited
number of times
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #629677 - TPS: token enrollment fails.
- Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN
in a SCEP request
- Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection
pools not reliable - improve connections or discovery
- Bugzilla Bug #629769 - password decryption logs plain text password
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
CC - interface review
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
OCSP console for renewing SSL Server certificate.
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #607380 - CC: Make sure Java Console can configure all
security relevant config items
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
generated on TKS instead of TPS.
- Bugzilla Bug #489342 -
com.netscape.cms.servlet.common.CMCOutputTemplate.java
doesn\'t support EC
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
disable a CA that it serves
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #635033 - At installation wizard selecting key types other
than CA\'s signing cert will fail
- Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated
for SCEP signing and encryption.
- Bugzilla Bug #223336 - ECC: unable to clone a ECC CA
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
by Reason Code - onlySomeReasons ?
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
verification functions (JAVA subsystems)
- Bugzilla Bug #223313 - should do random generated IV param
for symmetric keys
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
ECC curve names (not on key sizes).
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
Certificates from the Same Request
- Bugzilla Bug #648757 - expose and use updated cert verification
function in JSS
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
of signature algorithm; and for ECC curves
- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
e.c. support
- Bugzilla Bug #651040 - cloning shoud not include sslserver
- Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to
CS.cfg files imcomplete when the cert is stored on a hsm
- Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . .
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
to talk to CA and complete configuration in DonePanel
- Bugzilla Bug #642359 - CC Feature - need to verify certificate when it
is added
- Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires
auditing
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #499494 - change CA defaults to SHA2
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
an administrator group.
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
as expected
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
validity
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
- Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an
error to TPS even if certificate in question is already revoked.
- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
in the console
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #658188 - remove remaining references to tomcat5
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
pkiCA, obsolete 2252 and 2256
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #661142 - Verification should fail when
a revoked certificate is added
- Bugzilla Bug #642741 - CS build uses deprecated functions
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
interface is no longer available through console
- \'pki-selinux\'
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer -
selinux changes
- \'pki-ca\'
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
logs in the java subsystems
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
- Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of
CC interface doc review
- Bugzilla Bug #621602 - pkiconsole: Click on \'Publishing\' option with
admin privilege throws error \"You are not authorized to perform this
operation\".
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
CC - interface review
- Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws
\'Internal Server Error\'.
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
OCSP console for renewing SSL Server certificate.
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
generated on TKS instead of TPS.
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
disable a CA that it serves
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
by Reason Code - onlySomeReasons ?
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
verification functions (JAVA subsystems)
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
ECC curve names (not on key sizes).
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
Certificates from the Same Request
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
of signature algorithm; and for ECC curves
- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA
release -- DRM and TKS do not seem to have CRL checking enabled
- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
correctly set up CC environment
- Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in
certificates (RFC 4262)
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
to talk to CA and complete configuration in DonePanel
- Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object
signing support in RHCS
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #499494 - change CA defaults to SHA2
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
an administrator group.
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
as expected
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
validity
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke
certs in TPS
- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
pkiCA, obsolete 2252 and 2256
- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
repository
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #661142 - Verification should fail when
a revoked certificate is added
- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key
usage
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
interface is no longer available through console
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
During CRL Generation
- \'pki-silent\'
- Bugzilla Bug #627309 - pkisilent subca configuration fails.
- Bugzilla Bug #640091 - pkisilent panels need to match with changed java
subsystems
- Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM
Clone.
- Bugzilla Bug #643053 - pkisilent DRM configuration fails
- Bugzilla Bug #583754 - pki-silent needs an option to configure signing
algorithm for CA certificates
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module
Panel up to before Security Domain Panel
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #588323 - Failed to enable cipher 0xc001
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves,
signing algorithm
- Bugzilla Bug #658641 - pkisilent doesn\'t not properly handle passwords
with special characters
- Bugzilla Bug #642741 - CS build uses deprecated functions

Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-3
- Bugzilla Bug #668839 - Review Request: pki-core
- Removed empty \"pre\" from \"pki-ca\"
- Consolidated directory ownership
- Corrected file ownership within subpackages
- Removed all versioning from NSS and NSPR packages

Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-2
- Bugzilla Bug #668839 - Review Request: pki-core
- Added component versioning comments
- Updated JSS from \"4.2.6-10\" to \"4.2.6-12\"
- Modified installation section to preserve timestamps
- Removed sectional comments

Wed Dec 1 13:00:00 2010 Matthew Harmsen 9.0.0-1
- Initial revision. (kwrightAATTredhat.com & mharmsenAATTredhat.com)


  
ICM