Fedora 15 Update: pki-core-9.0.16-1.fc15
updates at fedoraproject.org
updates at fedoraproject.org
Fri Nov 25 02:14:38 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15140
2011-10-31 20:56:17
--------------------------------------------------------------------------------
Name : pki-core
Product : Fedora 15
Version : 9.0.16
Release : 1.fc15
URL : http://pki.fedoraproject.org/
Summary : Certificate System - PKI Core Components
Description :
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains fundamental packages required by Certificate System,
and consists of the following components:
* pki-setup
* pki-symkey
* pki-native-tools
* pki-util
* pki-util-javadoc
* pki-java-tools
* pki-java-tools-javadoc
* pki-common
* pki-common-javadoc
* pki-selinux
* pki-ca
* pki-silent
which comprise the following PKI subsystems:
* Certificate Authority (CA)
For deployment purposes, Certificate System requires ONE AND ONLY ONE
of the following "Mutually-Exclusive" PKI Theme packages:
* ipa-pki-theme (IPA deployments)
* dogtag-pki-theme (Dogtag Certificate System deployments)
* redhat-pki-theme (Red Hat Certificate System deployments)
--------------------------------------------------------------------------------
Update Information:
'pki-setup'
'pki-symkey'
'pki-native-tools'
'pki-util'
Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
'pki-java-tools'
'pki-common'
Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
the in-place upgrade( CS 8.0->8.1) (cfu)
'pki-selinux'
'pki-ca'
Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
(rawhide) . . . (mharmsen)
Bugzilla Bug #749945 - Installation error reported during CA, DRM,
OCSP, and TKS package installation . . . (mharmsen)
'pki-silent'
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 28 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.16-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
the in-place upgrade( CS 8.0->8.1) (cfu)
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
(rawhide) . . . (mharmsen)
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
OCSP, and TKS package installation . . . (mharmsen)
- 'pki-silent'
* Thu Sep 22 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.15-1
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- 'pki-setup'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
- 'pki-symkey'
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- 'pki-native-tools'
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- 'pki-util'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737218 - Incorrect request attribute name matching
ignores request attributes during request parsing. (awnuk)
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- 'pki-selinux'
- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
- 'pki-ca'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- 'pki-silent'
- Bugzilla Bug #739201 - pkisilent does not take arch into account
as Java packages migrated to arch-dependent directories (mharmsen)
* Fri Sep 9 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.14-1
- 'pki-setup'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-symkey'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-java-tools'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-common'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- 'pki-silent'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
* Tue Sep 6 2011 Ade Lee <alee at redhat.com> 9.0.13-1
- 'pki-setup'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- 'pki-ca'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- 'pki-common'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
* Tue Aug 23 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.12-1
- 'pki-setup'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- 'pki-symkey'
- 'pki-native-tools'
- Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
issues (awnuk)
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- 'pki-util'
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #700522 - pki tomcat6 instances currently running
unconfined, allow server to come up when selinux disabled (alee)
- Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
correctly when subsystem cloned (using hsm) (alee)
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- 'pki-selinux'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- 'pki-ca'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- 'pki-silent'
* Wed Aug 10 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.11-1
- 'pki-setup'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
- Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by
renumbering "cn=<value>" (mharmsen)
- 'pki-common'
- Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
(jmagne, awnuk)
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- Bugzilla Bug #708075 - Clone installation does not work over NAT
(alee)
- Bugzilla Bug #726785 - If replication fails while setting up a clone
it will wait forever (alee)
- Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- 'pki-selinux'
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- 'pki-ca'
- Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
in IPA profile (awnuk)
- 'pki-silent'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
* Fri Jul 22 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.10-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
throws Token not found error. (jmagne)
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- Bugzilla Bug #722989 - Registering an agent when a subsystem is
created - does not log AUTHZ_SUCCESS event. (alee)
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
(awnuk)
- 'pki-silent'
* Thu Jul 14 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.9-1
- Updated release of 'jss'
- Updated release of 'tomcatjss' for Fedora 15
- 'pki-setup'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-symkey'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-native-tools'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #717765 - TPS configuration: logging into security domain
from tps does not work with clientauth=want. (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-util'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-java-tools'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
processing) (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-common'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system
logs throws 'Invalid protocol' for OCSP subsystems (alee)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (alee)
- Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (jmagne)
- Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
- Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
SubjectID=$Unidentified$ fails audit evaluation (jmagne)
- Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
subsequent SCEP requests. (awnuk)
- Bugzilla Bug #661142 - Verification should fail when a revoked
certificate is added. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
- Bugzilla Bug #707607 - Published certificate summary has list of
non-published certificates with succeeded status (jmagne)
- Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
for tps and ca on server shutdown (jmagne)
- Bugzilla Bug #697939 - DRM signed audit log message - operation should
be read instead of modify (jmagne)
- Bugzilla Bug #718427 - When audit log is full, server continue to
function. (alee)
- Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
CA's signedaudit log when a directory based user enrollment is
performed (jmagne)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-selinux'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #720503 - RA and TPS require additional SELinux
permissions to run in "Enforcing" mode (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-ca'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #699837 - service command is not fully backwards
compatible with Dogtag pki subsystems (mharmsen)
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
administrator group. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
pages (alee)
- Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
for a revocation invoked by EE user (awnuk)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-silent'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
* Wed May 25 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.8-2
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
- Added 'DRMTool.cfg' configuration file to inventory
- 'pki-common'
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
* Wed May 25 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.8-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
- Bugzilla Bug #532548 - Tool to do DRM re-key
- 'pki-common'
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pki-core' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list