BZ Bug 545935 - Add new client-auth ee port to address CVE-2009-3555

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1012 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2010-03-10 03:13:40 +0000
committer: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2010-03-10 03:13:40 +0000
commit: 669d5fc9e2e6e0d6cdf544b0ed5e20b4ce58f88c (patch)
tree: 24315e5598e5c11aff5ccdee1f207225143fc5c6
parent: fd1be05b56c61642243aabfbf43875435f7bdf97 (diff)
download: pki-669d5fc9e2e6e0d6cdf544b0ed5e20b4ce58f88c.tar.gz
pki-669d5fc9e2e6e0d6cdf544b0ed5e20b4ce58f88c.tar.xz
pki-669d5fc9e2e6e0d6cdf544b0ed5e20b4ce58f88c.zip
11 files changed, 34 insertions, 14 deletions
diff --git a/pki/dogtag/ca-ui/build_dogtag b/pki/dogtag/ca-ui/build_dogtag
index 8b16b371d..2a1388d05 100755
--- a/pki/dogtag/ca-ui/build_dogtag
+++ b/pki/dogtag/ca-ui/build_dogtag
@@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki"
 export PKI_PRODUCT_PREFIX
 PKI_PRODUCT="ca-ui"
 export PKI_PRODUCT
-PKI_VERSION="1.3.0"
+PKI_VERSION="1.3.1"
 export PKI_VERSION
 
 # Set Dogtag helper variables
diff --git a/pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec b/pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec
index 104cf1862..08f92b799 100644
--- a/pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec
+++ b/pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec
@@ -1,6 +1,6 @@
 Name:           dogtag-pki-ca-ui
-Version:        1.3.0
-Release:        4%{?dist}
+Version:        1.3.1
+Release:        1%{?dist}
 Summary:        Dogtag Certificate System - Certificate Authority User Interface
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -50,6 +50,10 @@ rm -rf %{buildroot}
 %{_datadir}/pki/
 
 %changelog
+* Tue Mar 9 2010 Ade Lee <alee@redhat.com> 1.3.1-1
+- Bugzilla Bug #545935 -  Add new client-auth ee port to address CVE-2009-3555
+  TLS: MITM attacks via session renegotiation
+
 * Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4
 - Bugzilla Bug #522208 -  New Package for Dogtag PKI: dogtag-pki-ca-ui
 - Removed "Requires:  bash"
diff --git a/pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template b/pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
index cbb5532d2..0ae48729e 100644
--- a/pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
+++ b/pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
@@ -234,7 +234,7 @@ function setCRMFRequest()
   var uri = 'profileSubmit';
   if (typeof(authName) != "undefined") {
     if (authIsSSLClientRequired == 'true') {
-      uri = 'profileSubmitSSLClient';
+      uri = 'https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE]/profileSubmitSSLClient';
     }
   }
   if (navigator.appName == "Microsoft Internet Explorer") {
diff --git a/pki/dogtag/ca/build_dogtag b/pki/dogtag/ca/build_dogtag
index e190eb5c4..6c8fc6557 100755
--- a/pki/dogtag/ca/build_dogtag
+++ b/pki/dogtag/ca/build_dogtag
@@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki"
 export PKI_PRODUCT_PREFIX
 PKI_PRODUCT="ca"
 export PKI_PRODUCT
-PKI_VERSION="1.3.2"
+PKI_VERSION="1.3.3"
 export PKI_VERSION
 
 # Set Dogtag helper variables
diff --git a/pki/dogtag/ca/pki-ca.spec b/pki/dogtag/ca/pki-ca.spec
index 54a0733ac..f0d67e8b2 100644
--- a/pki/dogtag/ca/pki-ca.spec
+++ b/pki/dogtag/ca/pki-ca.spec
@@ -1,6 +1,6 @@
 Name:           pki-ca
-Version:        1.3.2
-Release:        2%{?dist}
+Version:        1.3.3
+Release:        1%{?dist}
 Summary:        Dogtag Certificate System - Certificate Authority
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -103,6 +103,10 @@ fi
 %{_localstatedir}/run/*
 
 %changelog
+* Tue Mar 9 2010 Ade Lee <alee@redhat.com> 1.3.3-1
+- Bugzilla Bug #545935 -  Add new client-auth ee port to address CVE-2009-3555 
+  TLS: MITM attacks via session renegotiation
+
 * Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.2-2
 - Bugzilla Bug #566059 -  Add 'pki-console' as a runtime dependency
   for CA, KRA, OCSP, and TKS . . .
diff --git a/pki/dogtag/common/build_dogtag b/pki/dogtag/common/build_dogtag
index da0dcdd50..4062ab616 100755
--- a/pki/dogtag/common/build_dogtag
+++ b/pki/dogtag/common/build_dogtag
@@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki"
 export PKI_PRODUCT_PREFIX
 PKI_PRODUCT="common"
 export PKI_PRODUCT
-PKI_VERSION="1.3.2"
+PKI_VERSION="1.3.3"
 export PKI_VERSION
 
 # Set Dogtag helper variables
diff --git a/pki/dogtag/common/pki-common.spec b/pki/dogtag/common/pki-common.spec
index f4f393a66..299aaba69 100644
--- a/pki/dogtag/common/pki-common.spec
+++ b/pki/dogtag/common/pki-common.spec
@@ -1,5 +1,5 @@
 Name:           pki-common
-Version:        1.3.2
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        Dogtag Certificate System - PKI Common Framework
 URL:            http://pki.fedoraproject.org/
@@ -108,6 +108,10 @@ rm -rf %{buildroot}
 %{_javadocdir}/%{name}-%{version}/
 
 %changelog
+* Tue Mar 9 2010 Ade Lee <alee@redhat.com> 1.3.3-1
+- Bugzilla Bug #545935 -  Add new client-auth ee port to address CVE-2009-3555 
+  TLS: MITM attacks via session renegotiation
+
 * Wed Feb 10 2010 Andrew Wnuk <awnuk@redhat.com> 1.3.2-1
 - Bugzilla Bug #516632 -  CS Incorrectly Issuing Multiple Certificates
   from the Same Request
diff --git a/pki/dogtag/selinux/build_dogtag b/pki/dogtag/selinux/build_dogtag
index e1eebca5d..434e8b92c 100755
--- a/pki/dogtag/selinux/build_dogtag
+++ b/pki/dogtag/selinux/build_dogtag
@@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki"
 export PKI_PRODUCT_PREFIX
 PKI_PRODUCT="selinux"
 export PKI_PRODUCT
-PKI_VERSION="1.3.3"
+PKI_VERSION="1.3.4"
 export PKI_VERSION
 
 # Set Dogtag helper variables
diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec
index 1086f896a..f6d10938d 100644
--- a/pki/dogtag/selinux/pki-selinux.spec
+++ b/pki/dogtag/selinux/pki-selinux.spec
@@ -1,5 +1,5 @@
 Name:           pki-selinux
-Version:        1.3.3
+Version:        1.3.4
 Release:        1%{?dist}
 Summary:        Dogtag Certificate System - PKI Selinux Policies
 URL:            https://pki.fedoraproject.org/
@@ -82,6 +82,10 @@ fi
 %{_datadir}/selinux/modules/pki.pp
 
 %changelog
+* Tue Mar 9 2010 Ade Lee <alee@redhat.com> 1.3.4-1
+- Bugzilla Bug #545935 -  Add new client-auth ee port to address CVE-2009-3555 
+  TLS: MITM attacks via session renegotiation
+
 * Fri Jan 22 2010 Ade Lee <alee@redhat.com> 1.3.3-1
 - Changed 'pki.if' to use macro instead of open() to allow epel build
 
diff --git a/pki/dogtag/setup/build_dogtag b/pki/dogtag/setup/build_dogtag
index 2b92065d5..e9c611f4e 100755
--- a/pki/dogtag/setup/build_dogtag
+++ b/pki/dogtag/setup/build_dogtag
@@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki"
 export PKI_PRODUCT_PREFIX
 PKI_PRODUCT="setup"
 export PKI_PRODUCT
-PKI_VERSION="1.3.3"
+PKI_VERSION="1.3.4"
 export PKI_VERSION
 
 # Set Dogtag helper variables
diff --git a/pki/dogtag/setup/pki-setup.spec b/pki/dogtag/setup/pki-setup.spec
index 3fce9fd6c..4400192df 100644
--- a/pki/dogtag/setup/pki-setup.spec
+++ b/pki/dogtag/setup/pki-setup.spec
@@ -1,6 +1,6 @@
 Name:           pki-setup
-Version:        1.3.3
-Release:        2%{?dist}
+Version:        1.3.4
+Release:        1%{?dist}
 Summary:        Dogtag Certificate system - PKI Instance Creation and Removal Scripts
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -52,6 +52,10 @@ rm -rf %{buildroot}
 %{_datadir}/pki/
 
 %changelog
+* Tue Mar 9 2010 Ade Lee <alee@redhat.com> 1.3.4-1
+- Bugzilla Bug #545935 -  Add new client-auth ee port to address CVE-2009-3555
+  TLS: MITM attacks via session renegotiation
+
 * Mon Feb 1 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.3-2
 - Restored "perl-Crypt-SSLeay" runtime dependency
author	alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2010-03-10 03:13:40 +0000
committer	alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2010-03-10 03:13:40 +0000
commit	669d5fc9e2e6e0d6cdf544b0ed5e20b4ce58f88c (patch)
tree	24315e5598e5c11aff5ccdee1f207225143fc5c6
parent	fd1be05b56c61642243aabfbf43875435f7bdf97 (diff)
download	pki-669d5fc9e2e6e0d6cdf544b0ed5e20b4ce58f88c.tar.gz pki-669d5fc9e2e6e0d6cdf544b0ed5e20b4ce58f88c.tar.xz pki-669d5fc9e2e6e0d6cdf544b0ed5e20b4ce58f88c.zip