Fedora 15 Update: pki-core-9.0.11-1.fc15

updates at fedoraproject.org updates at fedoraproject.org
Tue Aug 23 04:37:44 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-10665
2011-08-11 22:40:54
--------------------------------------------------------------------------------

Name        : pki-core
Product     : Fedora 15
Version     : 9.0.11
Release     : 1.fc15
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - PKI Core Components
Description :
==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains fundamental packages required by Certificate System,
and consists of the following components:

  * pki-setup
  * pki-symkey
  * pki-native-tools
  * pki-util
  * pki-util-javadoc
  * pki-java-tools
  * pki-java-tools-javadoc
  * pki-common
  * pki-common-javadoc
  * pki-selinux
  * pki-ca
  * pki-silent

which comprise the following PKI subsystems:

  * Certificate Authority (CA)

For deployment purposes, Certificate System requires ONE AND ONLY ONE
of the following "Mutually-Exclusive" PKI Theme packages:

  * ipa-pki-theme    (IPA deployments)
  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)

--------------------------------------------------------------------------------
Update Information:

'pki-setup'
Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
'pki-symkey'
'pki-native-tools'
'pki-util'
'pki-java-tools'
Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by
renumbering "cn=<value>" (mharmsen)
'pki-common'
Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
(jmagne, awnuk)
Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
Bugzilla Bug #708075 - Clone installation does not work over NAT
(alee)
Bugzilla Bug #726785 - If replication fails while setting up a clone
it will wait forever (alee)
Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
'pki-selinux'
Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
'pki-ca'
Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
in IPA profile (awnuk)
'pki-silent'
Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 10 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.11-1
- 'pki-setup'
-      Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
       time - remove the inefficient sleeps (alee)
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
-      Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by
       renumbering "cn=<value>" (mharmsen)
- 'pki-common'
-      Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
       (jmagne, awnuk)
-      Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
       time - remove the inefficient sleeps (alee)
-      Bugzilla Bug #708075 - Clone installation does not work over NAT
       (alee)
-      Bugzilla Bug #726785 - If replication fails while setting up a clone
       it will wait forever (alee)
-      Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
-      Bugzilla Bug #700505 - pki tomcat6 instances currently running
       unconfined (alee)
- 'pki-selinux'
-      Bugzilla Bug #700505 - pki tomcat6 instances currently running
       unconfined (alee)
- 'pki-ca'
-      Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
       in IPA profile (awnuk)
- 'pki-silent'
-      Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
       time - remove the inefficient sleeps (alee)
* Fri Jul 22 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.10-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
-      Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
       using an ECC CA to generate ECC certs from CRMF. (jmagne)
-      Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
       for any component value which is equal to its default value (alee)
- 'pki-java-tools'
- 'pki-common'
-      Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
       throws Token not found error. (jmagne)
-      Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
       using an ECC CA to generate ECC certs from CRMF. (jmagne)
-      Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
       for any component value which is equal to its default value (alee)
-      Bugzilla Bug #722989 - Registering an agent when a subsystem is
       created - does not log AUTHZ_SUCCESS event. (alee)
- 'pki-selinux'
- 'pki-ca'
-      Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
       (awnuk)
- 'pki-silent'
* Thu Jul 14 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.9-1
- Updated release of 'jss'
- Updated release of 'tomcatjss' for Fedora 15
- 'pki-setup'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
       (jdennis)
-      Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-symkey'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-native-tools'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #717765 - TPS configuration: logging into security domain
       from tps does not work with clientauth=want. (alee)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-util'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-java-tools'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
-      Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
       processing) (mharmsen)
-      Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-common'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #695403 - Editing signedaudit or transaction, system
       logs throws 'Invalid protocol' for OCSP subsystems (alee)
-      Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
-      Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
       populated in the CA signedAudit messages (alee)
-      Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
-      Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
       populated in the CA signedAudit messages (jmagne)
-      Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
-      Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
       SubjectID=$Unidentified$ fails audit evaluation (jmagne)
-      Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
       subsequent SCEP requests. (awnuk)
-      Bugzilla Bug #661142 - Verification should fail when a revoked
       certificate is added. (jmagne)
-      Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
       for modify/add (alee)
-      Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
-      Bugzilla Bug #707607 - Published certificate summary has list of
       non-published certificates with succeeded status (jmagne)
-      Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
       for tps and ca on server shutdown (jmagne)
-      Bugzilla Bug #697939 - DRM signed audit log message - operation should
       be read instead of modify (jmagne)
-      Bugzilla Bug #718427 - When audit log is full, server continue to
       function. (alee)
-      Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
       CA's signedaudit log when a directory based user enrollment is
       performed (jmagne)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-selinux'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #720503 - RA and TPS require additional SELinux
       permissions to run in "Enforcing" mode (alee)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-ca'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
       (jdennis)
-      Bugzilla Bug #699837 - service command is not fully backwards
       compatible with Dogtag pki subsystems (mharmsen)
-      Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
       administrator group. (jmagne)
-      Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
       for modify/add (alee)
-      Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
       pages (alee)
-      Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
       for a revocation invoked by EE user (awnuk)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-silent'
-      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
       (mharmsen)
-      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
* Wed May 25 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.8-2
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
-     Added 'DRMTool.cfg' configuration file to inventory
- 'pki-common'
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
* Wed May 25 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.8-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
-     Bugzilla Bug #532548 - Tool to do DRM re-key
- 'pki-common'
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-core' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list