[pki-core/f15] Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
kwright
kwright at fedoraproject.org
Tue Mar 13 00:51:38 UTC 2012
commit f15412938dbe14c72fdeb7af6d519d4925e85780
Author: Kevin Wright <kwright at redhat.com>
Date: Mon Mar 12 17:51:33 2012 -0700
Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
with DOGTAG_9_BRANCH SVN repository . . .
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #784387 - Configuration wizard does not provide option
to issue ECC credentials for admin during ECC CA configuration.
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA
and DRM
- Bugzilla Bug #771768 - "Agent-Authenticated File Signing" alters
file digest for "logo_header.gif"
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till "ECC phase 4" is implemented
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till "ECC phase 4" is implemented
- 'pki-silent'
- Bugzilla Bug #801840 - pki_silent.template missing opening brace for
ca_external variable
.gitignore | 1 +
clog | 51 +++++++++++++++----------
pki-core-selinux-Dogtag-9-f16.patch | 23 +++++++++++
pki-core-selinux-Dogtag-9-f17.patch | 35 +++++++++++++++++
pki-core.spec | 70 ++++++++++++++++++++++++++++++++++-
sources | 2 +-
6 files changed, 158 insertions(+), 24 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 8cdd08a..722ed4c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@
/pki-core-9.0.15.tar.gz
/pki-core-9.0.16.tar.gz
/pki-core-9.0.17.tar.gz
+/pki-core-9.0.18.tar.gz
diff --git a/clog b/clog
index 5dd0c4b..d182aad 100644
--- a/clog
+++ b/clog
@@ -1,21 +1,30 @@
-'pki-setup'
-'pki-symkey'
-'pki-native-tools'
-Bugzilla Bug #771357 - sslget does not work after FEDORA-2011-17400
-update, breaking FreeIPA install
-'pki-util'
-'pki-java-tools'
-Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the
-middle of an ldif entry.
-'pki-common'
-Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1 displays
-issuedcerts and cert_Info params as base 64 blobs.
-Bugzilla Bug #756133 - Some DRM components are not referring properly
-to DRM's request and key records.
-Bugzilla Bug #758505 - DRM's request list breaks after migration of
-request records with big IDs.
-Bugzilla Bug #768138 - Make sure that paging works correctly in CA and
-DRM
-'pki-selinux'
-'pki-ca'
-'pki-silent'
+Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
+
+ with DOGTAG_9_BRANCH SVN repository . . .
+- 'pki-setup'
+- 'pki-symkey'
+- 'pki-native-tools'
+- 'pki-util'
+- Bugzilla Bug #784387 - Configuration wizard does not provide option
+ to issue ECC credentials for admin during ECC CA configuration.
+- 'pki-java-tools'
+- 'pki-common'
+- Bugzilla Bug #768138 - Make sure that paging works correctly in CA
+ and DRM
+- Bugzilla Bug #771768 - "Agent-Authenticated File Signing" alters
+ file digest for "logo_header.gif"
+- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
+ problem for handling non-dual ECC
+- Bugzilla Bug #223358 - new profile for ECC key generation
+- Bugzilla Bug #787806 - RSA should be default selection for transport
+ key till "ECC phase 4" is implemented
+- 'pki-selinux'
+- 'pki-ca'
+- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
+ problem for handling non-dual ECC
+- Bugzilla Bug #223358 - new profile for ECC key generation
+- Bugzilla Bug #787806 - RSA should be default selection for transport
+ key till "ECC phase 4" is implemented
+- 'pki-silent'
+- Bugzilla Bug #801840 - pki_silent.template missing opening brace for
+ ca_external variable
diff --git a/pki-core-selinux-Dogtag-9-f16.patch b/pki-core-selinux-Dogtag-9-f16.patch
new file mode 100644
index 0000000..03e38be
--- /dev/null
+++ b/pki-core-selinux-Dogtag-9-f16.patch
@@ -0,0 +1,23 @@
+diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
+index 0709176..9a35184 100644
+--- a/pki/base/selinux/src/pki.if
++++ b/pki/base/selinux/src/pki.if
+@@ -193,7 +193,7 @@ template(`pki_ca_template',`
+ corenet_tcp_connect_ldap_port($1_t)
+
+ # tomcat connects to ephemeral ports on shutdown
+- corenet_tcp_connect_all_unreserved_ports($1_t)
++ corenet_tcp_connect_all_ephemeral_ports($1_t)
+
+ optional_policy(`
+ #This is broken in selinux-policy we need java_exec defined, Will add to policy
+diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
+index 7f6e657..dab02d4 100644
+--- a/pki/base/selinux/src/pki.te
++++ b/pki/base/selinux/src/pki.te
+@@ -1,4 +1,4 @@
+-policy_module(pki,9.0.2)
++policy_module(pki,9.0.3)
+
+ attribute pki_ca_config;
+ attribute pki_ca_executable;
diff --git a/pki-core-selinux-Dogtag-9-f17.patch b/pki-core-selinux-Dogtag-9-f17.patch
new file mode 100644
index 0000000..e99ec06
--- /dev/null
+++ b/pki-core-selinux-Dogtag-9-f17.patch
@@ -0,0 +1,35 @@
+diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
+index 0709176..20dfc17 100644
+--- a/pki/base/selinux/src/pki.if
++++ b/pki/base/selinux/src/pki.if
+@@ -206,6 +206,20 @@ template(`pki_ca_template',`
+ optional_policy(`
+ unconfined_domain($1_script_t)
+ ')
++
++ # tomcat6 init scripts do runuser and touch lockfile
++ allow $1_t self:capability { setuid chown setgid fowner audit_write dac_override };
++ allow $1_t self:netlink_audit_socket { nlmsg_relay create read write };
++ consoletype_exec($1_t)
++ fs_read_hugetlbfs_files($1_t)
++ hostname_exec($1_t)
++ kernel_read_kernel_sysctls($1_t)
++
++ # java (mislabeled as lib_t?) calls build_classpath
++ libs_exec_lib_files($1_t)
++
++ selinux_get_enforce_mode($1_t)
++
+ ')
+
+ ########################################
+diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
+index 7f6e657..dab02d4 100644
+--- a/pki/base/selinux/src/pki.te
++++ b/pki/base/selinux/src/pki.te
+@@ -1,4 +1,4 @@
+-policy_module(pki,9.0.2)
++policy_module(pki,9.0.3)
+
+ attribute pki_ca_config;
+ attribute pki_ca_executable;
diff --git a/pki-core.spec b/pki-core.spec
index 4b50d94..c127d29 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -1,5 +1,5 @@
Name: pki-core
-Version: 9.0.17
+Version: 9.0.18
Release: 1%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
@@ -48,6 +48,9 @@ BuildRequires: tomcatjss >= 2.0.0
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+Patch0: %{name}-selinux-Dogtag-9-f16.patch
+Patch1: %{name}-selinux-Dogtag-9-f17.patch
+
%if 0%{?rhel}
ExcludeArch: ppc ppc64 s390 s390x
%endif
@@ -116,6 +119,8 @@ Group: System Environment/Base
BuildArch: noarch
+Requires: perl(File::Slurp)
+Requires: perl(XML::LibXML)
Requires: perl-Crypt-SSLeay
Requires: policycoreutils
Requires: openldap-clients
@@ -439,6 +444,15 @@ This package is a part of the PKI Core used by the Certificate System.
%setup -q
+%if 0%{?fedora} >= 17
+%patch0 -p2 -b .f17
+%else
+%if 0%{?fedora} >= 16
+%patch0 -p2 -b .f16
+%endif
+%endif
+
+
%clean
%{__rm} -rf %{buildroot}
@@ -446,7 +460,7 @@ This package is a part of the PKI Core used by the Certificate System.
%build
%{__mkdir_p} build
cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_CORE:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} ..
+%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_CORE:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} ..
%{__make} VERBOSE=1 %{?_smp_mflags}
@@ -721,6 +735,58 @@ fi
%changelog
+* Fri Mar 9 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.18-1
+- Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
+ with DOGTAG_9_BRANCH SVN repository . . .
+- 'pki-setup'
+- 'pki-symkey'
+- 'pki-native-tools'
+- 'pki-util'
+- Bugzilla Bug #784387 - Configuration wizard does not provide option
+ to issue ECC credentials for admin during ECC CA configuration.
+- 'pki-java-tools'
+- 'pki-common'
+- Bugzilla Bug #768138 - Make sure that paging works correctly in CA
+ and DRM
+- Bugzilla Bug #771768 - "Agent-Authenticated File Signing" alters
+ file digest for "logo_header.gif"
+- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
+ problem for handling non-dual ECC
+- Bugzilla Bug #223358 - new profile for ECC key generation
+- Bugzilla Bug #787806 - RSA should be default selection for transport
+ key till "ECC phase 4" is implemented
+- 'pki-selinux'
+- 'pki-ca'
+- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
+ problem for handling non-dual ECC
+- Bugzilla Bug #223358 - new profile for ECC key generation
+- Bugzilla Bug #787806 - RSA should be default selection for transport
+ key till "ECC phase 4" is implemented
+- 'pki-silent'
+- Bugzilla Bug #801840 - pki_silent.template missing opening brace for
+ ca_external variable
+
+* Fri Mar 2 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-4
+- For 'mock' purposes, removed platform-specific logic from around
+ the 'patch' files so that ALL 'patch' files will be included in
+ the SRPM.
+
+* Tue Feb 28 2012 Ade Lee <alee at redhat.com> 9.0.17-3
+- 'pki-selinux'
+- Added platform-dependent patches for SELinux component
+- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
+- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
+
+* Wed Feb 22 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-2
+- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes
+ in fundamental path structure in Fedora 17
+- 'pki-setup'
+- Hard-code Perl dependencies to protect against bugs such as
+ Bugzilla Bug #772699 - Adapt perl and python fileattrs to
+ changed file 5.10 magics
+- 'pki-selinux'
+- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
+
* Thu Jan 5 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-1
- 'pki-setup'
- 'pki-symkey'
diff --git a/sources b/sources
index 9d70a5b..359874a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2526fcf4bc38b45eeb36168c750c4316 pki-core-9.0.17.tar.gz
+80b9c6206aab91db13d2fb16798b2968 pki-core-9.0.18.tar.gz
More information about the scm-commits
mailing list