SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pki-setup-9.0.3-49.el6.noarch.rpm :
Mon Mar 14 13:00:00 2016 Ade Lee 9.0.3-49
- Resolves #1290535 - Check for incompatible Java at startup (pkisilent)

Thu Mar 10 13:00:00 2016 Ade Lee 9.0.3-48
- Resolves #1306989 - Crash seen with pki-common pkg during IPA server install
- Resolves #1290535 - Check for incompatible Java at startup
- Resolves #1313207 - ca.subsystem.certreq missing from CS.cfg

Wed Jan 27 13:00:00 2016 Endi S. Dewata 9.0.3-47
- Resolves #1256039 - Fixed incorrect patch for fixing missing subsystem user on external CA case.

Tue Jan 19 13:00:00 2016 Endi S. Dewata 9.0.3-46
- Resolves #1282977 - IPA installation fails with external PKI CA

Mon Jan 4 13:00:00 2016 Matthew Harmsen 9.0.3-45
- Resolves #1290535 - Check for incompatible Java at startup

Fri Dec 4 13:00:00 2015 Endi S. Dewata 9.0.3-44
- Resolves #1256039 - Fixed missing subsystem user on external CA case.
- Removed unused backup files (.p
*) generated by the patches.

Wed May 27 14:00:00 2015 Endi S. Dewata 9.0.3-43
- Resolves #1225589 - unable to create rhel 7.1 replica from rhel 6 replica CA because subsystem user does not exist

Mon May 18 14:00:00 2015 Jack Magne 9.0.3-42
- Resolves #1221900 - pki-core: cross-site scripting flaw in the dogtag administration page (port 9180, port 9444) [rhel-6.7]

Mon Apr 20 14:00:00 2015 Endi S. Dewata 9.0.3-41
- Resolves #1212557 - ipa-server-install fails when configuring CA

Wed Feb 11 13:00:00 2015 Matthew Harmsen 9.0.3-40
- Resolves #1171848 - IPA - port 9443 (pki-core) is vulnerable to SSLv3 POODLE
(based upon upstream changes provided by cfu and alee)

Wed Feb 4 13:00:00 2015 Matthew Harmsen 9.0.3-39
- Resolves #1144608 - pki-core failed to build with cmake-2.8.12.2-4.el6
- Resolves #1037248 - pki-core FTBFS if \"-Werror=format-security\" flag is used
- Resolves #1243 - Outdated selinux-policy dependency in Dogtag 9

Wed Sep 24 14:00:00 2014 Matthew Harmsen 9.0.3-38
- Resolves #1144188 - TPS tests: RPM rebuild failure due to wildcard imports

Wed Jul 30 14:00:00 2014 Ade Lee 9.0.3-37
- Resolves #1123811 - IPA PKI clone certificate renewal produces AVC

Thu Jun 26 14:00:00 2014 Ade Lee 9.0.3-36
- Resolves #1109181 - certmonger cannot start tracking PKI certificates due
to AVC

Fri Jun 20 14:00:00 2014 Ade Lee 9.0.3-35
- Resolves #1024462 - IPA admin cert is created with SHA1 signing algorithm,
should be SHA256

Fri Jun 20 14:00:00 2014 Matthew Harmsen 9.0.3-34
- Resolves #1096142 - Added \'jakarta-commons-io\' build and runtime dependencies

Tue May 20 14:00:00 2014 Matthew Harmsen 9.0.3-33
- Resolves #1051382 - IPA Replica installation fails when using an external CA
- Test patch to filter out invalid XML and provide additional debugging
information
- Resolves #1083170 - Prevent LDAP Attributes from being affected by Locale
- Resolves #1096142 - IPA replica setup fails during CA setup with
\"unable to parse xml\"
- Resolves #1061442 - RFE - ipa-server should keep backup of CS.cfg
- Resolves #1055080 - Giant /var/log/pki-ca/debug

Thu Aug 29 14:00:00 2013 Ade Lee 9.0.3-32
- Resolves #999055 - AVC denials during ipa server and replica installs
- Resolves #998715 - Package Sanity Test Failures

Fri Aug 9 14:00:00 2013 Ade Lee 9.0.3-31
- Resolves #887305 - /var/run/pki/ca has wrong selinux context
- Resolves #895702 - pki-cad restart avc denial

Tue Jan 22 13:00:00 2013 Ade Lee 9.0.3-30
- Resolves #902474 - upgrading IPA from 2.2 to 3.0 sees certmonger errors

Mon Jan 7 13:00:00 2013 Ade Lee 9.0.3-29
- Resolves #891985 - Increase FreeIPA root CA validity

Fri Dec 14 13:00:00 2012 Andrew Wnuk 9.0.3-28
- Resolves #885790 - Multiple cross-site scripting flaws
by displaying CRL or processing profile

Fri Oct 19 14:00:00 2012 Ade Lee 9.0.3-27
- Resolves #867640 - ipa-replica-install Configuration of CA failed
by REVERTING #819111 - Non-existent container breaks replication

Fri Sep 28 14:00:00 2012 Ade Lee 9.0.3-26
- Resolves #844459 - Increase audit cert renewal range to 2 years (mharmsen)
- Resolves #841663 - serial number incorrectly cast from BigInt to integer in
installation wizard (mharmsen)
- Resolves #858864 - create/ identify a mechanism for clients to determine that
the pki subsystem is up (alee)

Tue May 8 14:00:00 2012 Ade Lee 9.0.3-25
- Resolves #819111 - Non-existent container breaks replication

Fri Mar 16 13:00:00 2012 Ade Lee 9.0.3-24
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes

Mon Mar 5 13:00:00 2012 Ade Lee 9.0.3-23
- Resolves #769388 - pki-silent does not properly escape command-line arguments
(fixed in Git repo)

Mon Mar 5 13:00:00 2012 Matthew Harmsen 9.0.3-22
- Resolves #745677 - Firefox Launcher on Panel being modified for all users.
(fixed in Git repo)

Tue Jan 17 13:00:00 2012 Ade Lee 9.0.3-21
- Resolves #771790 - sslget does not work after FEDORA-2011-17400 update,
breaking FreeIPA install (fixed in Git repo)

Fri Aug 26 14:00:00 2011 Andrew Wnuk 9.0.3-20
- Resolves #737179 - Need script to upgrade proxy configuration, r2249

Fri Aug 26 14:00:00 2011 Andrew Wnuk 9.0.3-19
- Resolves #730801 - Coverity issues in native-tools area, r2182

Tue Aug 23 14:00:00 2011 Andrew Wnuk 9.0.3-18
- Resolves #730801 - Coverity issues in native-tools area, r2163

Tue Aug 23 14:00:00 2011 Ade Lee 9.0.3-17
- Resolves #712931 - CS requires too many ports to be open in the FW, r2161

Mon Aug 22 14:00:00 2011 Andrew Wnuk 9.0.3-16
- Resolves #717643 - Fopen without NULL check and other Coverity issues

Mon Aug 22 14:00:00 2011 Andrew Wnuk 9.0.3-15
- Resolves #717643 - Fopen without NULL check and other Coverity issues

Mon Aug 15 14:00:00 2011 Ade Lee 9.0.3-14
- Resolves #700522 - pki tomcat6 instances currently running unconfined,
allow server to come up when selinux disabled, r2149

Thu Aug 4 14:00:00 2011 Ade Lee 9.0.3-13
- Resolves #698796: Race conditions during IPA installation, r2103 (alee)
- Resolves #708075 - Clone installation does not work over NAT, r2104 (alee)
- Resolves #726785 - If replication fails while setting up a clone it
will wait forever, r2106 (alee)
- Resolves #691076 - pkiremove removes the registry entry for all instances
on a machine, r2112 (mharmsen)
- Resolves #693835 - /var/log/tomcat6/catalina.out owned by pkiuser, r2118
(mharmsen)
- Resolves #729126 - Increase default validity from 6mo to 2yrs in IPA
profile, r2125 (awnuk)
- Resolves #728651 - CS8 64 bit pkicreate script uses wrong library name
for, r2126 (mharmsen)
- Resolves #700522 - pki tomcat6 instances currently running unconfined,
r2128 (alee)

Wed Aug 3 14:00:00 2011 Ade Lee 9.0.3-12
- Resolves #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps, r2097

Fri Jul 22 14:00:00 2011 Andrew Wnuk 9.0.3-11
- Resolves #722634 - Add client usage flag to caIPAserviceCert, r2074

Tue Mar 22 13:00:00 2011 Matthew Harmsen 9.0.3-10
- Resolves #688251 - Dogtag installation under IPA takes too much
time - SELinux policy compilation, r1908

Wed Mar 9 13:00:00 2011 Matthew Harmsen 9.0.3-9
- Resolves: bug 645097
- update to the pki-core-9.0.3-r1886.patch file

Wed Mar 9 13:00:00 2011 Matthew Harmsen 9.0.3-8
- Resolves 645097
- Resolves #683172 - pkisilent needs to provide option to set
nsDS5ReplicaTransportInfo to TLS in replication agreements
when creating a clone, r1886

Fri Mar 4 13:00:00 2011 Matthew Harmsen 9.0.3-7
- Resolves 645097

Fri Mar 4 13:00:00 2011 Matthew Harmsen 9.0.3-6
- Resolves #682021 - pkisilent needs xml-commons-apis.jar in it\'s classpath

Wed Mar 2 13:00:00 2011 Matthew Harmsen 9.0.3-5
- Resolves 645097

Wed Mar 2 13:00:00 2011 Matthew Harmsen 9.0.3-4
- Resolves #681367 - xml-commons-apis.jar dependency, r1875

Mon Feb 21 13:00:00 2011 Matthew Harmsen 9.0.3-3
- Resolves #676873 - Rebase pki-core again to pick the latest features and fixes
- Resolves #676048 - Installation within IPA hangs, r1846
- Resolves #679173 - uninitialized variable warnings from Perl, r1860
- Resolves #679174 - netstat loop fixes needed, r1862
- Resolves #679580 - Velocity fails to load all dependent classes, r1864

Wed Feb 9 13:00:00 2011 Matthew Harmsen 9.0.3-2
- \'pki-common\'
- Bugzilla Bug #676051 - IPA installation failing - Fails to create CA
instance
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
instance

Fri Feb 4 13:00:00 2011 Matthew Harmsen 9.0.3-1
- \'pki-common\'
- Bugzilla Bug #674894 - ipactl restart : an annoy output line
- Bugzilla Bug #675179 - ipactl restart : an annoy output line

Thu Feb 3 13:00:00 2011 Matthew Harmsen 9.0.2-1
- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes
- \'pki-setup\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
- \'pki-common\'
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
\"Manual User Dual-Use Certificate Enrollment\"
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection
error.
- Bugzilla Bug #504056 - Completed SCEP requests are assigned to the
\"begin\" state instead of \"complete\".
- Bugzilla Bug #504055 - SCEP requests are not properly populated
- Bugzilla Bug #564207 - Searches for completed requests in the agent
interface returns zero entries
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
\"Manual User Dual-Use Certificate Enrollment\" -
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
- Bugzilla Bug #672920 - CA console: adding policy to a profile throws
\'Duplicate policy\' error in some cases.
- Bugzilla Bug #673199 - init script returns control before web apps have
started
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
subsystem instances
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #504013 - sscep request is rejected due to authentication
error if submitted through one time pin router certificate enrollment.
- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
information
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
subsystem instances
- \'pki-silent\'
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package

Wed Feb 2 13:00:00 2011 Matthew Harmsen 9.0.1-3
- Bugzilla Bug #656661 - Please Update Spec File to use \'ghost\' on files
in /var/run and /var/lock

Thu Jan 20 13:00:00 2011 Matthew Harmsen 9.0.1-2
- \'pki-symkey\'
- Bugzilla Bug #671265 - pki-symkey jar version incorrect
- \'pki-common\'
- Bugzilla Bug #564207 - Searches for completed requests in the agent
interface returns zero entries

Tue Jan 18 13:00:00 2011 Matthew Harmsen 9.0.1-1
- Allow \'pki-native-tools\' to be installed independently of \'pki-setup\'
- Removed explicit \'pki-setup\' requirement from \'pki-ca\'
(since it already requires \'pki-common\')
- \'pki-setup\'
- Bugzilla Bug #223343 - pkicreate: should add \'pkiuser\' to nfast group
- Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP
and TKS.
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
OpenLDAP instead of the Mozldap
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #665388 - jakarta-
* jars have been renamed to apache-
*,
pkicreate fails Fedora 14 and above
- Bugzilla Bug #23346 - Two conflicting ACL list definitions in source
repository
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- \'pki-symkey\'
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #644056 - CS build contains warnings
- \'pki-native-tools\'
- template change
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
OpenLDAP instead of the Mozldap
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #644056 - CS build contains warnings
- \'pki-util\'
- Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical
cannot be set to true
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #635033 - At installation wizard selecting key types other
than CA\'s signing cert will fail
- Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and
CS interface
- Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse
ASN.1 encoding/decoding is broken
- Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1
encoding/decoding is incomplete
- Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1
encoding/decoding is incomplete
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #658188 - remove remaining references to tomcat5
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #223319 - Certificate Status inconsistency between token
db and CA
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
During CRL Generation
- \'pki-java-tools\'
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to
5000 bytes
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- \'pki-common\'
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
- Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable
started before configuration completed
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
logs in the java subsystems
- Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5
policy mappings (seem hardcoded)
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #548699 - subCA\'s admin certificate should be generated by
itself
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
- Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile
caAgentServerCert (null cert_request)
- Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited
number of times
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #629677 - TPS: token enrollment fails.
- Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN
in a SCEP request
- Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection
pools not reliable - improve connections or discovery
- Bugzilla Bug #629769 - password decryption logs plain text password
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
CC - interface review
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
OCSP console for renewing SSL Server certificate.
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #607380 - CC: Make sure Java Console can configure all
security relevant config items
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
generated on TKS instead of TPS.
- Bugzilla Bug #489342 -
com.netscape.cms.servlet.common.CMCOutputTemplate.java
doesn\'t support EC
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
disable a CA that it serves
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #635033 - At installation wizard selecting key types other
than CA\'s signing cert will fail
- Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated
for SCEP signing and encryption.
- Bugzilla Bug #223336 - ECC: unable to clone a ECC CA
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
by Reason Code - onlySomeReasons ?
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
verification functions (JAVA subsystems)
- Bugzilla Bug #223313 - should do random generated IV param
for symmetric keys
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
ECC curve names (not on key sizes).
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
Certificates from the Same Request
- Bugzilla Bug #648757 - expose and use updated cert verification
function in JSS
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
of signature algorithm; and for ECC curves
- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
e.c. support
- Bugzilla Bug #651040 - cloning shoud not include sslserver
- Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to
CS.cfg files imcomplete when the cert is stored on a hsm
- Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . .
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
to talk to CA and complete configuration in DonePanel
- Bugzilla Bug #642359 - CC Feature - need to verify certificate when it
is added
- Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires
auditing
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #499494 - change CA defaults to SHA2
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
an administrator group.
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
as expected
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
validity
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
- Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an
error to TPS even if certificate in question is already revoked.
- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
in the console
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #658188 - remove remaining references to tomcat5
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
pkiCA, obsolete 2252 and 2256
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #661142 - Verification should fail when
a revoked certificate is added
- Bugzilla Bug #642741 - CS build uses deprecated functions
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
interface is no longer available through console
- \'pki-selinux\'
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer -
selinux changes
- \'pki-ca\'
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
logs in the java subsystems
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
- Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of
CC interface doc review
- Bugzilla Bug #621602 - pkiconsole: Click on \'Publishing\' option with
admin privilege throws error \"You are not authorized to perform this
operation\".
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
CC - interface review
- Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws
\'Internal Server Error\'.
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
OCSP console for renewing SSL Server certificate.
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
generated on TKS instead of TPS.
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
disable a CA that it serves
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
by Reason Code - onlySomeReasons ?
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
verification functions (JAVA subsystems)
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
ECC curve names (not on key sizes).
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
Certificates from the Same Request
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
of signature algorithm; and for ECC curves
- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA
release -- DRM and TKS do not seem to have CRL checking enabled
- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
correctly set up CC environment
- Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in
certificates (RFC 4262)
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
to talk to CA and complete configuration in DonePanel
- Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object
signing support in RHCS
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #499494 - change CA defaults to SHA2
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
an administrator group.
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
as expected
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
validity
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke
certs in TPS
- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
pkiCA, obsolete 2252 and 2256
- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
repository
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #661142 - Verification should fail when
a revoked certificate is added
- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key
usage
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
interface is no longer available through console
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
During CRL Generation
- \'pki-silent\'
- Bugzilla Bug #627309 - pkisilent subca configuration fails.
- Bugzilla Bug #640091 - pkisilent panels need to match with changed java
subsystems
- Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM
Clone.
- Bugzilla Bug #643053 - pkisilent DRM configuration fails
- Bugzilla Bug #583754 - pki-silent needs an option to configure signing
algorithm for CA certificates
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module
Panel up to before Security Domain Panel
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #588323 - Failed to enable cipher 0xc001
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves,
signing algorithm
- Bugzilla Bug #658641 - pkisilent doesn\'t not properly handle passwords
with special characters
- Bugzilla Bug #642741 - CS build uses deprecated functions

Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-3
- Bugzilla Bug #668839 - Review Request: pki-core
- Removed empty \"pre\" from \"pki-ca\"
- Consolidated directory ownership
- Corrected file ownership within subpackages
- Removed all versioning from NSS and NSPR packages

Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-2
- Bugzilla Bug #668839 - Review Request: pki-core
- Added component versioning comments
- Updated JSS from \"4.2.6-10\" to \"4.2.6-12\"
- Modified installation section to preserve timestamps
- Removed sectional comments

Wed Dec 1 13:00:00 2010 Matthew Harmsen 9.0.0-1
- Initial revision. (kwrightAATTredhat.com & mharmsenAATTredhat.com)


 
ICM