Fedora 15 Update: pki-core-9.0.20-1.fc15
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jun 1 17:06:29 UTC 2012
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-7539
2012-05-10 03:37:08
--------------------------------------------------------------------------------
Name : pki-core
Product : Fedora 15
Version : 9.0.20
Release : 1.fc15
URL : http://pki.fedoraproject.org/
Summary : Certificate System - PKI Core Components
Description :
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains fundamental packages required by Certificate System,
and consists of the following components:
* pki-setup
* pki-symkey
* pki-native-tools
* pki-util
* pki-util-javadoc
* pki-java-tools
* pki-java-tools-javadoc
* pki-common
* pki-common-javadoc
* pki-selinux
* pki-ca
* pki-silent
which comprise the following PKI subsystems:
* Certificate Authority (CA)
For deployment purposes, Certificate System requires ONE AND ONLY ONE
of the following "Mutually-Exclusive" PKI Theme packages:
* ipa-pki-theme (IPA deployments)
* dogtag-pki-theme (Dogtag Certificate System deployments)
* redhat-pki-theme (Red Hat Certificate System deployments)
--------------------------------------------------------------------------------
Update Information:
Bugzilla Bug #819111 - non-existent container ou=cmsusers breaks replication
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 7 2012 Andrew Wnuk <awnuk at redhat.com> 9.0.20-1
- New official build
* Mon May 7 2012 Ade Lee <alee at redhat.com> 9.0.19-4
- Bugzilla Bug #819111 - non-existent container breaks replication
* Mon Apr 16 2012 Ade Lee <alee at redhat.com> 9.0.19-3
- Bugzilla Bug #813075 - selinux denial for file size access
* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.19-2
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
* Fri Mar 16 2012 Ade Lee <alee at redhat.com> 9.0.19-1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
- Corrected patch selected for selinux f17 rules
* Fri Mar 9 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.18-1
- Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
with DOGTAG_9_BRANCH SVN repository . . .
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #784387 - Configuration wizard does not provide option
to issue ECC credentials for admin during ECC CA configuration.
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA
and DRM
- Bugzilla Bug #771768 - "Agent-Authenticated File Signing" alters
file digest for "logo_header.gif"
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till "ECC phase 4" is implemented
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till "ECC phase 4" is implemented
- 'pki-silent'
- Bugzilla Bug #801840 - pki_silent.template missing opening brace for
ca_external variable
* Fri Mar 2 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-4
- For 'mock' purposes, removed platform-specific logic from around
the 'patch' files so that ALL 'patch' files will be included in
the SRPM.
* Tue Feb 28 2012 Ade Lee <alee at redhat.com> 9.0.17-3
- 'pki-selinux'
- Added platform-dependent patches for SELinux component
- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
* Wed Feb 22 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-2
- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes
in fundamental path structure in Fedora 17
- 'pki-setup'
- Hard-code Perl dependencies to protect against bugs such as
Bugzilla Bug #772699 - Adapt perl and python fileattrs to
changed file 5.10 magics
- 'pki-selinux'
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
* Thu Jan 5 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- Bugzilla Bug #771357 - sslget does not work after FEDORA-2011-17400
update, breaking FreeIPA install
- 'pki-util'
- 'pki-java-tools'
- Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the
middle of an ldif entry.
- 'pki-common'
- Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1 displays
issuedcerts and cert_Info params as base 64 blobs.
- Bugzilla Bug #756133 - Some DRM components are not referring properly
to DRM's request and key records.
- Bugzilla Bug #758505 - DRM's request list breaks after migration of
request records with big IDs.
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA and
DRM
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
* Fri Oct 28 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.16-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
the in-place upgrade( CS 8.0->8.1) (cfu)
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
(rawhide) . . . (mharmsen)
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
OCSP, and TKS package installation . . . (mharmsen)
- 'pki-silent'
* Thu Sep 22 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.15-1
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- 'pki-setup'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
- 'pki-symkey'
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- 'pki-native-tools'
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- 'pki-util'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737218 - Incorrect request attribute name matching
ignores request attributes during request parsing. (awnuk)
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- 'pki-selinux'
- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
- 'pki-ca'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- 'pki-silent'
- Bugzilla Bug #739201 - pkisilent does not take arch into account
as Java packages migrated to arch-dependent directories (mharmsen)
* Fri Sep 9 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.14-1
- 'pki-setup'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-symkey'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-java-tools'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-common'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- 'pki-silent'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
* Tue Sep 6 2011 Ade Lee <alee at redhat.com> 9.0.13-1
- 'pki-setup'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- 'pki-ca'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- 'pki-common'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
* Tue Aug 23 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.12-1
- 'pki-setup'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- 'pki-symkey'
- 'pki-native-tools'
- Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
issues (awnuk)
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- 'pki-util'
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #700522 - pki tomcat6 instances currently running
unconfined, allow server to come up when selinux disabled (alee)
- Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
correctly when subsystem cloned (using hsm) (alee)
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- 'pki-selinux'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- 'pki-ca'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- 'pki-silent'
* Wed Aug 10 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.11-1
- 'pki-setup'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
- Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by
renumbering "cn=<value>" (mharmsen)
- 'pki-common'
- Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
(jmagne, awnuk)
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- Bugzilla Bug #708075 - Clone installation does not work over NAT
(alee)
- Bugzilla Bug #726785 - If replication fails while setting up a clone
it will wait forever (alee)
- Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- 'pki-selinux'
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- 'pki-ca'
- Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
in IPA profile (awnuk)
- 'pki-silent'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
* Fri Jul 22 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.10-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
throws Token not found error. (jmagne)
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- Bugzilla Bug #722989 - Registering an agent when a subsystem is
created - does not log AUTHZ_SUCCESS event. (alee)
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
(awnuk)
- 'pki-silent'
* Thu Jul 14 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.9-1
- Updated release of 'jss'
- Updated release of 'tomcatjss' for Fedora 15
- 'pki-setup'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-symkey'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-native-tools'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #717765 - TPS configuration: logging into security domain
from tps does not work with clientauth=want. (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-util'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-java-tools'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
processing) (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-common'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system
logs throws 'Invalid protocol' for OCSP subsystems (alee)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (alee)
- Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (jmagne)
- Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
- Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
SubjectID=$Unidentified$ fails audit evaluation (jmagne)
- Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
subsequent SCEP requests. (awnuk)
- Bugzilla Bug #661142 - Verification should fail when a revoked
certificate is added. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
- Bugzilla Bug #707607 - Published certificate summary has list of
non-published certificates with succeeded status (jmagne)
- Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
for tps and ca on server shutdown (jmagne)
- Bugzilla Bug #697939 - DRM signed audit log message - operation should
be read instead of modify (jmagne)
- Bugzilla Bug #718427 - When audit log is full, server continue to
function. (alee)
- Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
CA's signedaudit log when a directory based user enrollment is
performed (jmagne)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-selinux'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #720503 - RA and TPS require additional SELinux
permissions to run in "Enforcing" mode (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-ca'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #699837 - service command is not fully backwards
compatible with Dogtag pki subsystems (mharmsen)
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
administrator group. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
pages (alee)
- Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
for a revocation invoked by EE user (awnuk)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- 'pki-silent'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
* Wed May 25 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.8-2
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
- Added 'DRMTool.cfg' configuration file to inventory
- 'pki-common'
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
* Wed May 25 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.8-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- 'pki-java-tools'
- Bugzilla Bug #532548 - Tool to do DRM re-key
- 'pki-common'
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #819111 - non-existent container ou=cmsusers breaks replication
https://bugzilla.redhat.com/show_bug.cgi?id=819111
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pki-core' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list