Build changes made in preparation for automated nightly builds; no official source tarballs were released for any spec files included in this check-in.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1757 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

12 files changed, 1044 insertions, 71 deletions

diff --git a/pki/CMakeLists.txt b/pki/CMakeLists.txt
index 719cd0ac..97ab8b6b 100644
--- a/pki/CMakeLists.txt
+++ b/pki/CMakeLists.txt
@@ -5,14 +5,23 @@ cmake_minimum_required(VERSION 2.6.0)
 
 # global needed variables
 set(APPLICATION_NAME ${PROJECT_NAME})
+
+set(APPLICATION_VERSION_MAJOR "9")
+set(APPLICATION_VERSION_MINOR "0")
+set(APPLICATION_VERSION_PATCH "0")
+
 if (BUILD_IPA_PKI_THEME)
     set(APPLICATION_FLAVOR_IPA_PKI_THEME TRUE)
+    # override APPLICATION VERSION
+    set(APPLICATION_VERSION_PATCH "1")
 elseif (BUILD_DOGTAG_PKI_THEME)
     set(APPLICATION_FLAVOR_DOGTAG_PKI_THEME TRUE)
 elseif (BUILD_REDHAT_PKI_THEME)
     set(APPLICATION_FLAVOR_REDHAT_PKI_THEME TRUE)
 elseif (BUILD_PKI_CORE)
     set(APPLICATION_FLAVOR_PKI_CORE TRUE)
+    # override APPLICATION VERSION
+    set(APPLICATION_VERSION_PATCH "1")
 elseif (BUILD_PKI_KRA)
     set(APPLICATION_FLAVOR_PKI_KRA TRUE)
 elseif (BUILD_PKI_OCSP)
@@ -61,10 +70,6 @@ else ()
     set(APPLICATION_FLAVOR_PKI_CONSOLE TRUE)
 endif ()
 
-set(APPLICATION_VERSION_MAJOR "9")
-set(APPLICATION_VERSION_MINOR "0")
-set(APPLICATION_VERSION_PATCH "0")
-
 set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")
 
 # where to look first for cmake modules
diff --git a/pki/base/console/build.xml b/pki/base/console/build.xml
index 5a7257d3..e657126a 100644
--- a/pki/base/console/build.xml
+++ b/pki/base/console/build.xml
@@ -22,6 +22,7 @@
 
     <property name="jss.home" value="${jni-jar.home}${dirsec}"/>
     <property name="jss.jar" value="${jss.home}/jss4.jar"/>
+    <property name="osutil.jar" value="${jni-jar.home}/osutil.jar"/>
     <property name="ldapjdk.jar" value="${jar.home}/ldapjdk.jar"/>
     <property name="base.jar" value="${jar.home}/idm-console-base.jar"/>
     <property name="mcc.jar" value="${jar.home}/idm-console-mcc.jar"/>
@@ -32,6 +33,7 @@
 
     <path id="classpath">
         <pathelement location="${jss.jar}"/>
+        <pathelement location="${osutil.jar}"/>
         <pathelement location="${ldapjdk.jar}"/>
         <pathelement location="${pki-nsutil.jar}"/>
         <pathelement location="${base.jar}"/>
diff --git a/pki/base/console/src/CMakeLists.txt b/pki/base/console/src/CMakeLists.txt
index c4e9c3c3..ec58e9dc 100644
--- a/pki/base/console/src/CMakeLists.txt
+++ b/pki/base/console/src/CMakeLists.txt
@@ -69,6 +69,14 @@ find_file(JSS_JAR
         /usr/share/java
 )
 
+find_file(OSUTIL_JAR
+    NAMES
+        osutil.jar
+    PATHS
+        /usr/lib/java
+        /usr/share/java
+)
+
 
 # identify java sources
 set(pki-console_java_SRCS
@@ -598,7 +606,8 @@ set(CMAKE_JAVA_INCLUDE_PATH
     ${BASE_JAR} ${LDAPJDK_JAR} ${MMC_JAR}
     ${MMC_EN_JAR} ${NMCLF_JAR} ${NMCLF_EN_JAR}
     ${PKI_NSUTIL_JAR}
-    ${JSS_JAR})
+    ${JSS_JAR}
+    ${OSUTIL_JAR})
 
 
 # set version
diff --git a/pki/scripts/compose_pki_core_packages b/pki/scripts/compose_pki_core_packages
index 3837d3b9..c4a1405c 100755
--- a/pki/scripts/compose_pki_core_packages
+++ b/pki/scripts/compose_pki_core_packages
@@ -31,7 +31,7 @@ PKI_PWD=`pwd`
 ##
 
 PKI_CORE="pki-core"
-PKI_CORE_VERSION="9.0.0"
+PKI_CORE_VERSION="9.0.1"
 
 
 ##
diff --git a/pki/specs/pki-console.spec b/pki/specs/pki-console.spec
index 980cf8de..c0561ea4 100644
--- a/pki/specs/pki-console.spec
+++ b/pki/specs/pki-console.spec
@@ -1,7 +1,3 @@
-###############################################################################
-###                       P A C K A G E   H E A D E R                       ###
-###############################################################################
-
 Name:             pki-console
 Version:          9.0.0
 Release:          1%{?dist}
@@ -20,12 +16,14 @@ BuildRequires:    java-devel >= 1:1.6.0
 BuildRequires:    jpackage-utils
 BuildRequires:    jss >= 4.2.6-12
 BuildRequires:    ldapjdk
+BuildRequires:    osutil
 BuildRequires:    pki-util
 
 Requires:         idm-console-framework
 Requires:         java >= 1:1.6.0
 Requires:         jss >= 4.2.6-12
 Requires:         ldapjdk
+Requires:         osutil
 Requires:         pki-console-theme
 
 Source0:          http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
@@ -63,7 +61,7 @@ cd build
 %install
 %{__rm} -rf %{buildroot}
 cd build
-%{__make} install DESTDIR=%{buildroot}
+%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
 
 
 %files
@@ -75,5 +73,47 @@ cd build
 
 %changelog
 * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
+- Bugzilla Bug #607380 - CC: Make sure Java Console can configure
+  all security relevant config items
+- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
+  by Reason Code - onlySomeReasons ?
+- Bugzilla Bug #518241 - pkiconsole does not launch when CA is configured
+  with ECC
+- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
+  Certificates from the Same Request
+- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
+  e.c. support
+- Bugzilla Bug #638377 - Generate PKI UI components which exclude
+  a GUI interface
+- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
+- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature 
+- Bugzilla Bug #662201 - Console: View button for log messages
+  is not functional.
+- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
+- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
+  in the console
+- Bugzilla Bug #656733 - Standardize jar install location and jar names
+- Bugzilla Bug #642741 - CS build uses deprecated functions
+
+* Wed Apr 21 2010 Andrew Wnuk <awnuk@redhat.com> 1.3.2-1
+- Bugzilla Bug #493765 - console renewal fix for ca, ocsp, and ssl certificates 
+
+* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards
+  compatibility (rename jar files as appropriate)
+
+* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4
+- removed BuildRequires dogtag-pki-console-ui
+
+* Wed Jan 06 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Bugzilla Bug #553487 - Review Request: pki-console
+- The Dogtag PKI Console
+- Take ownership of directories
+
+* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
+- Removed 'with exceptions' from License
+
+* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1
+- Bugzilla Bug #X - Packaging for Fedora Dogtag
 
diff --git a/pki/specs/pki-core.spec b/pki/specs/pki-core.spec
index 115d4f31..7403b063 100644
--- a/pki/specs/pki-core.spec
+++ b/pki/specs/pki-core.spec
@@ -1,6 +1,6 @@
 Name:             pki-core
-Version:          9.0.0
-Release:          3%{?dist}
+Version:          9.0.1
+Release:          1%{?dist}
 Summary:          Certificate System - PKI Core Components
 URL:              http://pki.fedoraproject.org/
 License:          GPLv2
@@ -140,7 +140,6 @@ Group:            System Environment/Base
 Requires:         openldap-clients
 Requires:         nss
 Requires:         nss-tools
-Requires:         pki-setup = %{version}-%{release}
 
 %description -n   pki-native-tools
 These platform-dependent PKI executables are used to help make
@@ -306,7 +305,6 @@ Requires:         java >= 1:1.6.0
 Requires:         pki-ca-theme >= 9.0.0
 Requires:         pki-common = %{version}-%{release}
 Requires:         pki-selinux = %{version}-%{release}
-Requires:         pki-setup = %{version}-%{release}
 Requires(post):   chkconfig
 Requires(preun):  chkconfig
 Requires(preun):  initscripts
@@ -451,6 +449,7 @@ fi
 %{_bindir}/setpin
 %{_bindir}/sslget
 %{_bindir}/tkstool
+%dir %{_datadir}/pki
 %{_datadir}/pki/native-tools/
 
 
@@ -551,6 +550,325 @@ fi
 
 
 %changelog
+* Tue Jan 18 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1
+- Allow 'pki-native-tools' to be installed independently of 'pki-setup'
+- Removed explicit 'pki-setup' requirement from 'pki-ca'
+  (since it already requires 'pki-common')
+- 'pki-setup'
+-     Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group
+-     Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP
+      and TKS.
+-     Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
+      fowarding for agent services
+-     Bugzilla Bug #632425 - Port to tomcat6
+-     Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
+      OpenLDAP instead of the Mozldap
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13
+-     Bugzilla Bug #661514 - CMAKE build system requires rules to make
+      javadocs
+-     Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*,
+      pkicreate fails Fedora 14 and above
+-     Bugzilla Bug #23346 - Two conflicting ACL list definitions in source
+      repository
+-     Bugzilla Bug #656733 - Standardize jar install location and jar names
+- 'pki-symkey'
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #644056 - CS build contains warnings
+- 'pki-native-tools'
+-     template change
+-     Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
+      OpenLDAP instead of the Mozldap
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #644056 - CS build contains warnings
+- 'pki-util'
+-     Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical
+      cannot be set to true
+-     Bugzilla Bug #224945 - javadocs has missing descriptions, contains
+      empty packages
+-     Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
+-     Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
+      senderNonce in all signed SCEP responses.
+-     Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
+      attack in SCEP
+-     Bugzilla Bug #621334 - Provide an option to set default hash algorithm
+      for signing SCEP response messages.
+-     Bugzilla Bug #635033 - At installation wizard selecting key types other
+      than CA's signing cert will fail
+-     Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and
+      CS interface
+-     Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse
+      ASN.1 encoding/decoding is broken
+-     Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1
+      encoding/decoding is incomplete
+-     Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1
+      encoding/decoding is incomplete
+-     Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
+      policy extension to 5 only
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #661514 - CMAKE build system requires rules to make
+      javadocs
+-     Bugzilla Bug #658188 - remove remaining references to tomcat5
+-     Bugzilla Bug #656733 - Standardize jar install location and jar names
+-     Bugzilla Bug #223319 - Certificate Status inconsistency between token
+      db and CA
+-     Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
+      During CRL Generation
+- 'pki-java-tools'
+-     Bugzilla Bug #224945 - javadocs has missing descriptions, contains
+      empty packages
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #661514 - CMAKE build system requires rules to make
+      javadocs
+-     Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to
+      5000 bytes
+-     Bugzilla Bug #656733 - Standardize jar install location and jar names
+- 'pki-common'
+-     Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
+-     Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable
+      started before configuration completed
+-     Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
+      logs in the java subsystems
+-     Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5
+      policy mappings (seem hardcoded)
+-     Bugzilla Bug #224945 - javadocs has missing descriptions, contains
+      empty packages
+-     Bugzilla Bug #548699 - subCA's admin certificate should be generated by
+      itself
+-     Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
+-     Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile
+      caAgentServerCert (null cert_request)
+-     Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited
+      number of times
+-     Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
+      as part of CC interface review
+-     Bugzilla Bug #629677 - TPS: token enrollment fails.
+-     Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN
+      in a SCEP request
+-     Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection
+      pools not reliable - improve connections or discovery
+-     Bugzilla Bug #629769 - password decryption logs plain text password
+-     Bugzilla Bug #583823 - CC: Auditing issues found as result of
+      CC - interface review
+-     Bugzilla Bug #632425 - Port to tomcat6
+-     Bugzilla Bug #586700 - OCSP Server throws fatal error while using
+      OCSP console for renewing SSL Server certificate.
+-     Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
+-     Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
+      senderNonce in all signed SCEP responses.
+-     Bugzilla Bug #607380 - CC: Make sure Java Console can configure all
+      security relevant config items
+-     Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
+      generated on TKS instead of TPS.
+-     Bugzilla Bug #489342 -
+      com.netscape.cms.servlet.common.CMCOutputTemplate.java
+      doesn't support EC
+-     Bugzilla Bug #630121 - OCSP responder lacking option to delete or
+      disable a CA that it serves
+-     Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
+-     Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
+      attack in SCEP
+-     Bugzilla Bug #621334 - Provide an option to set default hash algorithm
+      for signing SCEP response messages.
+-     Bugzilla Bug #635033 - At installation wizard selecting key types other
+      than CA's signing cert will fail
+-     Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated
+      for SCEP signing and encryption.
+-     Bugzilla Bug #223336 - ECC: unable to clone a ECC CA
+-     Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
+      by Reason Code - onlySomeReasons ?
+-     Bugzilla Bug #637330 - CC feature: Key Management - provide signature
+      verification functions (JAVA subsystems)
+-     Bugzilla Bug #223313 - should do random generated IV param
+      for symmetric keys
+-     Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
+      fowarding for agent services
+-     Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory
+-     Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
+      ECC curve names (not on key sizes).
+-     Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
+      Certificates from the Same Request
+-     Bugzilla Bug #648757 - expose and use updated cert verification
+      function in JSS
+-     Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
+      of signature algorithm; and for ECC curves
+-     Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
+      e.c. support
+-     Bugzilla Bug #651040 - cloning shoud not include sslserver
+-     Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to
+      CS.cfg files imcomplete when the cert is stored on a hsm
+-     Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . .
+-     Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
+      to talk to CA and complete configuration in DonePanel
+-     Bugzilla Bug #642359 - CC Feature - need to verify certificate when it
+      is added
+-     Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires
+      auditing
+-     Bugzilla Bug #489385 - references to rhpki
+-     Bugzilla Bug #499494 - change CA defaults to SHA2
+-     Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
+      policy extension to 5 only
+-     Bugzilla Bug #649910 - Console: an auditor or agent can be added to
+      an administrator group.
+-     Bugzilla Bug #632425 - Port to tomcat6
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
+-     Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
+      as expected
+-     Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
+      validity
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
+-     Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
+      Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
+-     Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an
+      error to TPS even if certificate in question is already revoked.
+-     Bugzilla Bug #663546 - Disable the functionalities that are not exposed
+      in the console
+-     Bugzilla Bug #661514 - CMAKE build system requires rules to make
+      javadocs
+-     Bugzilla Bug #658188 - remove remaining references to tomcat5
+-     Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
+-     Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
+      pkiCA, obsolete 2252 and 2256
+-     Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
+-     Bugzilla Bug #656733 - Standardize jar install location and jar names
+-     Bugzilla Bug #661142 - Verification should fail when
+      a revoked certificate is added
+-     Bugzilla Bug #642741 - CS build uses deprecated functions
+-     Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error
+-     Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
+      interface is no longer available through console
+- 'pki-selinux'
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer -
+      selinux changes
+- 'pki-ca'
+-     Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
+-     Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
+      logs in the java subsystems
+-     Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
+-     Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of
+      CC interface doc review
+-     Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with
+      admin privilege throws error "You are not authorized to perform this
+      operation".
+-     Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
+      as part of CC interface review
+-     Bugzilla Bug #583823 - CC: Auditing issues found as result of
+      CC - interface review
+-     Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws
+      'Internal Server Error'.
+-     Bugzilla Bug #586700 - OCSP Server throws fatal error while using
+      OCSP console for renewing SSL Server certificate.
+-     Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
+-     Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
+      senderNonce in all signed SCEP responses.
+-     Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
+      generated on TKS instead of TPS.
+-     Bugzilla Bug #630121 - OCSP responder lacking option to delete or
+      disable a CA that it serves
+-     Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
+-     Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
+      attack in SCEP
+-     Bugzilla Bug #621334 - Provide an option to set default hash algorithm
+      for signing SCEP response messages.
+-     Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
+      by Reason Code - onlySomeReasons ?
+-     Bugzilla Bug #637330 - CC feature: Key Management - provide signature
+      verification functions (JAVA subsystems)
+-     Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
+      fowarding for agent services
+-     Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
+      ECC curve names (not on key sizes).
+-     Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
+      Certificates from the Same Request
+-     Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
+      of signature algorithm; and for ECC curves
+-     Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA
+      release -- DRM and TKS do not seem to have CRL checking enabled
+-     Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
+      correctly set up CC environment
+-     Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in
+      certificates (RFC 4262)
+-     Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
+      to talk to CA and complete configuration in DonePanel
+-     Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object
+      signing support in RHCS
+-     Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
+-     Bugzilla Bug #489385 - references to rhpki
+-     Bugzilla Bug #499494 - change CA defaults to SHA2
+-     Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
+      policy extension to 5 only
+-     Bugzilla Bug #649910 - Console: an auditor or agent can be added to
+      an administrator group.
+-     Bugzilla Bug #632425 - Port to tomcat6
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
+      as expected
+-     Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
+      validity
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke
+      certs in TPS
+-     Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature 
+-     Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
+      Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
+-     Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
+-     Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
+      pkiCA, obsolete 2252 and 2256
+-     Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
+      repository
+-     Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
+-     Bugzilla Bug #656733 - Standardize jar install location and jar names
+-     Bugzilla Bug #661142 - Verification should fail when
+      a revoked certificate is added
+-     Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key
+      usage
+-     Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
+      interface is no longer available through console
+-     Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
+      During CRL Generation
+- 'pki-silent'
+-     Bugzilla Bug #627309 - pkisilent subca configuration fails.
+-     Bugzilla Bug #640091 - pkisilent panels need to match with changed java
+      subsystems
+-     Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM
+      Clone.
+-     Bugzilla Bug #643053 - pkisilent DRM configuration fails
+-     Bugzilla Bug #583754 - pki-silent needs an option to configure signing
+      algorithm for CA certificates
+-     Bugzilla Bug #489385 - references to rhpki
+-     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
+      interface
+-     Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
+-     Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module
+      Panel up to before Security Domain Panel
+-     Bugzilla Bug #643206 - New CMake based build system for Dogtag
+-     Bugzilla Bug #588323 - Failed to enable cipher 0xc001
+-     Bugzilla Bug #656733 - Standardize jar install location and jar names
+-     Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves,
+      signing algorithm
+-     Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords
+      with special characters
+-     Bugzilla Bug #642741 - CS build uses deprecated functions
+
 * Thu Jan 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-3
 - Bugzilla Bug #668839 - Review Request: pki-core
 -   Removed empty "pre" from "pki-ca"
diff --git a/pki/specs/pki-kra.spec b/pki/specs/pki-kra.spec
index 50bfd7f5..cf6b6ea1 100644
--- a/pki/specs/pki-kra.spec
+++ b/pki/specs/pki-kra.spec
@@ -1,7 +1,3 @@
-###############################################################################
-###                       P A C K A G E   H E A D E R                       ###
-###############################################################################
-
 Name:             pki-kra
 Version:          9.0.0
 Release:          1%{?dist}
@@ -95,7 +91,7 @@ cd build
 %install
 %{__rm} -rf %{buildroot}
 cd build
-%{__make} install DESTDIR=%{buildroot}
+%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
 
 
 %pre
@@ -123,19 +119,143 @@ fi
 %defattr(-,root,root,-)
 %doc base/kra/LICENSE
 %{_initrddir}/pki-krad
-%{_javadir}/pki/
-%dir %{_datadir}/pki
+%{_javadir}/pki/pki-kra-%{version}.jar
+%{_javadir}/pki/pki-kra.jar
 %dir %{_datadir}/pki/kra
 %{_datadir}/pki/kra/conf/
 %{_datadir}/pki/kra/setup/
 %{_datadir}/pki/kra/webapps/
-%dir %{_localstatedir}/lock/pki
 %dir %{_localstatedir}/lock/pki/kra
-%dir %{_localstatedir}/run/pki
 %dir %{_localstatedir}/run/pki/kra
 
 
 %changelog
 * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
+- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
+  in the java subsystems
+- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
+  as part of CC interface review
+- Bugzilla Bug #583823 - CC: Auditing issues found as result of
+  CC - interface review
+- Bugzilla Bug #607380 - CC: Make sure Java Console can configure
+  all security relevant config items
+- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
+  generated on TKS instead of TPS.
+- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable
+  a CA that it serves
+- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1
+- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
+  verification functions (JAVA subsystems)
+- Bugzilla Bug #223313 - should do random generated IV param
+  for symmetric keys
+- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and
+  port fowarding for agent services
+- Bugzilla Bug #631179 - Administrator is not allowed to remove
+  ocsp signing certificate using console
+- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of
+  signature algorithm; and for ECC curves
+- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
+  e.c. support
+- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release --
+  DRM and TKS do not seem to have CRL checking enabled
+- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
+  correctly set up CC environment
+- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
+  to talk to CA and complete configuration in DonePanel
+- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
+- Bugzilla Bug #489385 - references to rhpki
+- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
+  an administrator group.
+- Bugzilla Bug #632425 - Port to tomcat6
+- Bugzilla Bug #638377 - Generate PKI UI components which exclude
+  a GUI interface
+- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
+  as expected
+- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
+  validity
+- Bugzilla Bug #643206 - New CMake based build system for Dogtag
+- Bugzilla Bug #499494 - change CA defaults to SHA2
+- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
+- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
+  pkiCA, obsolete 2252 and 2256
+- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
+  repository
+- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
+  in the console
+- Bugzilla Bug #656733 - Standardize jar install location and jar names
+- Bugzilla Bug #661142 - Verification should fail when
+  a revoked certificate is added
+- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage
+- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
+  interface is no longer available through console
+- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During
+  CRL Generation
+
+* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.4-1
+- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls
+- Bugzilla Bug #527593 - More robust signature digest alg,
+  like SHA256 instead of SHA1 for ECC
+- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
+  algorithm
+- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
+- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn per
+  RFC 2616
+- Bugzilla Bug #498299 - Should not be able to change the status manually
+  on a token marked as permanently lost or destroyed
+- Bugzilla Bug #554892 - configurable frequency signed audit
+- Bugzilla Bug #500700 - tps log rotation
+- Bugzilla Bug #562893 - tps shutdown if audit logs full
+- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
+- Bugzilla Bug #556152 - ACL changes to CA and OCSP
+- Bugzilla Bug #556167 - ACL changes to CA and OCSP
+- Bugzilla Bug #581004 - add more audit logging to the TPS
+- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move
+  to a client-auth port
+- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
+- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes
+  tps crash
+- Bugzilla Bug #581004 - add more audit logs
+- Bugzilla Bug #595871 - CC: TKS needed audit message changes
+- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
+- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
+- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
+  on the token.
+- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
+  to do both GenerateNewKey and RecoverLast operation for encryption key.
+- Bugzilla Bug #498299 - fix case where no transitions available
+- Bugzilla Bug #595391 - session domain table to be moved to ldap
+- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups)
+- Bugzilla Bug #472597 - Disable policy code,UI
+- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description
+  References Fedora
+
+* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.3-1
+- Bugzilla Bug 584917- Can not access CA Configuration Web UI after
+  CA installation
+
+* Mon Mar 22 2010 Christina Fu <cfu@redhat.com> 1.3.2-1
+- Bugzilla Bug #522343 Add asynchronous key recovery mode
+
+* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2
+- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency
+  for CA, KRA, OCSP, and TKS . . .
+
+* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards
+  compatibility (rename jar files as appropriate)
+
+* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4
+- Removed BuildRequires: dogtag-pki-kra-ui
+
+* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
+- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . .
+- Bugzilla Bug #553842 - New Package for Dogtag PKI: pki-kra
+
+* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
+- Removed 'with exceptions' from License
+
+* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1
+- Bugzilla Bug #X - Packaging for Fedora Dogtag 
 
diff --git a/pki/specs/pki-migrate.spec b/pki/specs/pki-migrate.spec
index 979f03f0..e61f72b5 100644
--- a/pki/specs/pki-migrate.spec
+++ b/pki/specs/pki-migrate.spec
@@ -1,7 +1,3 @@
-###############################################################################
-###                       P A C K A G E   H E A D E R                       ###
-###############################################################################
-
 Name:             pki-migrate
 Version:          9.0.0
 Release:          1%{?dist}
@@ -61,7 +57,7 @@ cd build
 %install
 %{__rm} -rf %{buildroot}
 cd build
-%{__make} install DESTDIR=%{buildroot}
+%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
 
 
 %files
@@ -73,5 +69,69 @@ cd build
 
 %changelog
 * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 (internal) --> Dogtag 9.0.0
+
+* Mon Jul 13 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-17
+- Bugzilla Bug #511136 - Integrate EULA file into RHCS
+- Release Candidate 4 build
+
+* Wed Jul 08 2009 Kevin Wright <kwright@redhat.com> 8.0.0-16
+- Bugzilla Bug #510352 - Release Candidate 3 build
+
+* Thu Jul 02 2009 Kevin Wright <kwright@redhat.com> 8.0.0-15
+- Bugzilla Bug #509447 - Release Candidate 2 build
+
+* Thu Jun 25 2009 Kevin Wright <kwright@redhat.com> 8.0.0-14
+- Bugzilla Bug #508179 - Remove base_phase ".beta" tag
+
+* Fri Jun 05 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-13
+- Bugzilla Bug #499496 - pki-migrate package should include only the tools
+  we support
+
+* Mon May 18 2009 Ade Lee <alee@redhat.com> 8.0.0-12
+- Bugzilla Bug #493717 - migration scripts required for TPS groups
+
+* Mon May 04 2009 Kevin Wright <kwright@redhat.com> 8.0.0-11
+- Bugzilla Bug #499030 - Beta 2 Release
+
+* Fri Mar 27 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-10
+- Bugzilla Bug #492502 - Redefine "base_phase" from ".alpha" to ".beta"
+
+* Sat Feb 28 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-9
+- Bugzilla Bug #487896 - Introduce optional 'base_phase' release tag to
+  denote ".alpha", ".beta", etc.
+
+* Tue Feb 17 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-8
+- Bugzilla Bug #485790 - Need changes made to spec files in various packages
+  to be able to build in koji/brew
+
+* Fri Jan 30 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-7
+- Bugzilla Bug #253615 - RFE: migration tool needs to be written for the
+  serialization changes - Allowed 63ToTxt binaries to be published
+
+* Sat Nov 29 2008 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-6
+- Aligned RHEL 5, RHEL 4, and Solaris 9 "base_release" numbers
+- Bugzilla Bug #445402 - Changed "base_url" from
+  "http://www.redhat.com/software/rha/certificate" to
+  "http://www.redhat.com/certificate_system"
+
+* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-5
+- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed
+- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0
+- Changed "java-sdk" to "java-devel" for consistency
+
+* Tue Oct 14 2008 Ade Lee <alee@redhat.com> 8.0.0-4
+- bugzilla bug #223361 - added 80 migration scripts
+
+* Fri Jun 08 2007 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-3
+- bugzilla bug #243480 - added legacy upgrade path
+
+* Tue Jun 05 2007 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-2
+- bugzilla bug #242575 - Made numerous changes to spec file.
+
+* Mon May 21 2007 Kevin McCarthy <kmccarth@redhat.com> 8.0.0-1
+- Bump to version 8.0.
+
+* Thu Apr 05 2007 Thomas Kwan <nkwan@redhat.com> 1.0.0-1
+- Fixed change log to use the correct version
 
diff --git a/pki/specs/pki-ocsp.spec b/pki/specs/pki-ocsp.spec
index 1391b92b..0a300106 100644
--- a/pki/specs/pki-ocsp.spec
+++ b/pki/specs/pki-ocsp.spec
@@ -1,7 +1,3 @@
-###############################################################################
-###                       P A C K A G E   H E A D E R                       ###
-###############################################################################
-
 Name:             pki-ocsp
 Version:          9.0.0
 Release:          1%{?dist}
@@ -102,7 +98,7 @@ cd build
 %install
 %{__rm} -rf %{buildroot}
 cd build
-%{__make} install DESTDIR=%{buildroot}
+%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
 
 
 %pre
@@ -130,19 +126,139 @@ fi
 %defattr(-,root,root,-)
 %doc base/ocsp/LICENSE
 %{_initrddir}/pki-ocspd
-%{_javadir}/pki/
-%dir %{_datadir}/pki
+%{_javadir}/pki/pki-ocsp-%{version}.jar
+%{_javadir}/pki/pki-ocsp.jar
 %dir %{_datadir}/pki/ocsp
 %{_datadir}/pki/ocsp/conf/
 %{_datadir}/pki/ocsp/setup/
 %{_datadir}/pki/ocsp/webapps/
-%dir %{_localstatedir}/lock/pki
 %dir %{_localstatedir}/lock/pki/ocsp
-%dir %{_localstatedir}/run/pki
 %dir %{_localstatedir}/run/pki/ocsp
 
 
 %changelog
 * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
+- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
+  in the java subsystems
+- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
+  as part of CC interface review
+- Bugzilla Bug #583823 - CC: Auditing issues found as result of
+  CC - interface review
+- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
+  OCSP console for renewing SSL Server certificate.
+- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
+  generated on TKS instead of TPS.
+- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable
+  a CA that it serves
+- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
+- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1
+- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
+  verification functions (JAVA subsystems)
+- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and
+  port fowarding for agent services
+- Bugzilla Bug #631179 - Administrator is not allowed to remove
+  ocsp signing certificate using console
+- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of
+  signature algorithm; and for ECC curves
+- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release --
+  DRM and TKS do not seem to have CRL checking enabled
+- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
+  correctly set up CC environment
+- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
+  to talk to CA and complete configuration in DonePanel
+- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
+- Bugzilla Bug #489385 - references to rhpki
+- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
+  an administrator group.
+- Bugzilla Bug #632425 - Port to tomcat6
+- Bugzilla Bug #638377 - Generate PKI UI components which exclude
+  a GUI interface
+- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
+  as expected
+- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
+  validity
+- Bugzilla Bug #643206 - New CMake based build system for Dogtag
+- Bugzilla Bug #499494 - change CA defaults to SHA2
+- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
+- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
+  pkiCA, obsolete 2252 and 2256
+- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
+  repository
+- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
+  in the console
+- Bugzilla Bug #656733 - Standardize jar install location and jar names
+- Bugzilla Bug #661142 - Verification should fail when
+  a revoked certificate is added
+- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
+  interface is no longer available through console
+- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During
+  CRL Generation
+
+* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.3-1
+- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls
+- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256
+  instead of SHA1 for ECC
+- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
+  algorithm
+- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
+- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn
+  per RFC 2616
+- Bugzilla Bug #498299 - Should not be able to change the status manually
+  on a token marked as permanently lost or destroyed
+- Bugzilla Bug #554892 - configurable frequency signed audit
+- Bugzilla Bug #500700 - tps log rotation
+- Bugzilla Bug #562893 - tps shutdown if audit logs full
+- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
+- Bugzilla Bug #556152 - ACL changes to CA and OCSP
+- Bugzilla Bug #556167 - ACL changes to CA and OCSP
+- Bugzilla Bug #581004 - add more audit logging to the TPS
+- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move
+  to a client-auth port
+- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
+- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps
+  crash
+- Bugzilla Bug #581004 - add more audit logs
+- Bugzilla Bug #595871 - CC: TKS needed audit message changes
+- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
+- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
+- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
+  on the token.
+- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
+  to do both GenerateNewKey and RecoverLast operation for encryption key.
+- Bugzilla Bug #498299 - fix case where no transitions available
+- Bugzilla Bug #595391 - session domain table to be moved to ldap
+- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups)
+- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description
+  References Fedora
+
+* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.2-2
+- Bugzilla Bug 584917- Can not access CA Configuration Web UI
+  after CA installation
+
+* Wed Apr 21 2010 Andrew Wnuk <awnuk@redhat.com> 1.3.2-1
+- Bugzilla Bug #493765 - console renewal fix for ca, ocsp, and ssl
+  certificates
+
+* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2
+- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency
+  for CA, KRA, OCSP, and TKS . . .
+
+* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards
+  compatibility (rename jar files as appropriate)
+
+* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4
+- BuildRequires: dogtag-pki-ocsp-ui
+
+* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
+- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . .
+- Bugzilla Bug #553844 - New Package for Dogtag PKI: pki-ocsp
+
+* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
+- Removed 'with exceptions' from License
+
+* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 - Bugzilla Bug #X
+- Packaging for Fedora Dogtag
 
diff --git a/pki/specs/pki-ra.spec b/pki/specs/pki-ra.spec
index 49e9b8d1..b8f9e634 100644
--- a/pki/specs/pki-ra.spec
+++ b/pki/specs/pki-ra.spec
@@ -1,7 +1,3 @@
-###############################################################################
-###                       P A C K A G E   H E A D E R                       ###
-###############################################################################
-
 Name:             pki-ra
 Version:          9.0.0
 Release:          1%{?dist}
@@ -104,7 +100,7 @@ cd build
 %install
 %{__rm} -rf %{buildroot}
 cd build
-%{__make} install DESTDIR=%{buildroot}
+%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
 
 
 %pre
@@ -132,20 +128,65 @@ fi
 %defattr(-,root,root,-)
 %doc base/ra/LICENSE
 %{_initrddir}/pki-rad
-%dir %{_datadir}/pki
 %dir %{_datadir}/pki/ra
 %{_datadir}/pki/ra/conf/
 %{_datadir}/pki/ra/docroot/
 %{_datadir}/pki/ra/lib/
 %{_datadir}/pki/ra/scripts/
 %{_datadir}/pki/ra/setup/
-%dir %{_localstatedir}/lock/pki
 %dir %{_localstatedir}/lock/pki/ra
-%dir %{_localstatedir}/run/pki
 %dir %{_localstatedir}/run/pki/ra
 
 
 %changelog
 * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
+- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
+  in the java subsystems
+- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
+  to talk to CA and complete configuration in DonePanel
+- Bugzilla Bug #632425 - Port to tomcat6
+- Bugzilla Bug #638377 - Generate PKI UI components which exclude
+  a GUI interface
+- Bugzilla Bug #643206 - New CMake based build system for Dogtag
+- Bugzilla Bug #499494 - change CA defaults to SHA2
+
+* Thu Apr 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #564131 - Config wizard : all subsystems - done panel text
+  needs correction
+
+* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-6
+- Bugzilla Bug #566060 - Add 'pki-native-tools' as a runtime dependency
+  for RA, and TPS . . .
+
+* Fri Jan 29 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-5
+- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
+- Applied filters for unwanted perl provides and requires
+- Restored "perl-DBD-SQLite" runtime dependency
+
+* Tue Jan 26 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4
+- Bugzilla Bug #553850 - Review Request: pki-ra - Dogtag Registration Authority
+- Per direction from the Fedora community,
+  removed the following explicit "Requires":
+      perl-DBI
+      perl-HTML-Parser
+      perl-HTML-Tagset
+      perl-Parse-RecDescent
+      perl-URI
+      perl-XML-NamespaceSupport
+      perl-XML-Parser
+      perl-XML-Simple
+
+* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into pkicreate . . .
+- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
+- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Bugzilla Bug #553850 - Review Request: pki-ra - Dogtag Registration Authority
+
+* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
+- Removed 'with exceptions' from License
+
+* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1
+- Bugzilla Bug #X - Fedora Packaging Changes
 
diff --git a/pki/specs/pki-tks.spec b/pki/specs/pki-tks.spec
index 73ef7322..a9d12a03 100644
--- a/pki/specs/pki-tks.spec
+++ b/pki/specs/pki-tks.spec
@@ -1,7 +1,3 @@
-###############################################################################
-###                       P A C K A G E   H E A D E R                       ###
-###############################################################################
-
 Name:             pki-tks
 Version:          9.0.0
 Release:          1%{?dist}
@@ -96,7 +92,7 @@ cd build
 %install
 %{__rm} -rf %{buildroot}
 cd build
-%{__make} install DESTDIR=%{buildroot}
+%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
 
 
 %pre
@@ -124,19 +120,133 @@ fi
 %defattr(-,root,root,-)
 %doc base/tks/LICENSE
 %{_initrddir}/pki-tksd
-%{_javadir}/pki/
-%dir %{_datadir}/pki
+%{_javadir}/pki/pki-tks-%{version}.jar
+%{_javadir}/pki/pki-tks.jar
 %dir %{_datadir}/pki/tks
 %{_datadir}/pki/tks/conf/
 %{_datadir}/pki/tks/setup/
 %{_datadir}/pki/tks/webapps/
-%dir %{_localstatedir}/lock/pki
 %dir %{_localstatedir}/lock/pki/tks
-%dir %{_localstatedir}/run/pki
 %dir %{_localstatedir}/run/pki/tks
 
 
 %changelog
 * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
+- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
+  in the java subsystems
+- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
+  as part of CC interface review
+- Bugzilla Bug #583823 - CC: Auditing issues found as result of
+  CC - interface review
+- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
+  generated on TKS instead of TPS.
+- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable
+  a CA that it serves
+- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1
+- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
+  verification functions (JAVA subsystems)
+- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and
+  port fowarding for agent services
+- Bugzilla Bug #631179 - Administrator is not allowed to remove
+  ocsp signing certificate using console
+- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of
+  signature algorithm; and for ECC curves
+- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release --
+  DRM and TKS do not seem to have CRL checking enabled
+- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
+  correctly set up CC environment
+- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
+  to talk to CA and complete configuration in DonePanel
+- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
+- Bugzilla Bug #489385 - references to rhpki
+- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
+  an administrator group.
+- Bugzilla Bug #632425 - Port to tomcat6
+- Bugzilla Bug #638377 - Generate PKI UI components which exclude
+  a GUI interface
+- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
+  as expected
+- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
+  validity
+- Bugzilla Bug #643206 - New CMake based build system for Dogtag
+- Bugzilla Bug #499494 - change CA defaults to SHA2
+- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
+- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
+  pkiCA, obsolete 2252 and 2256
+- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
+  repository
+- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
+  in the console
+- Bugzilla Bug #656733 - Standardize jar install location and jar names
+- Bugzilla Bug #661142 - Verification should fail when
+  a revoked certificate is added
+- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
+  interface is no longer available through console
+- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During
+  CRL Generation
+
+* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.3-1
+- Bugzilla Bug #606556 - Add known session key test to TKS self test set
+- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls
+- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256
+  instead of SHA1 for ECC
+- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
+  algorithm
+- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
+- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn
+  per RFC 2616
+- Bugzilla Bug #498299 - Should not be able to change the status manually
+  on a token marked as permanently lost or destroyed
+- Bugzilla Bug #554892 - configurable frequency signed audit
+- Bugzilla Bug #500700 - tps log rotation
+- Bugzilla Bug #562893 - tps shutdown if audit logs full
+- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
+- Bugzilla Bug #556152 - ACL changes to CA and OCSP
+- Bugzilla Bug #556167 - ACL changes to CA and OCSP
+- Bugzilla Bug #581004 - add more audit logging to the TPS
+- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move
+  to a client-auth port
+- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
+- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps
+  crash
+- Bugzilla Bug #581004 - add more audit logs
+- Bugzilla Bug #595871 - CC: TKS needed audit message changes
+- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
+- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
+- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
+  on the token.
+- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
+  to do both GenerateNewKey and RecoverLast operation for encryption key.
+- Bugzilla Bug #498299 - fix case where no transitions available
+- Bugzilla Bug #595391 - session domain table to be moved to ldap
+- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups)
+- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description
+  References Fedora
+
+* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.2-1
+- Bugzilla Bug 584917- Can not access CA Configuration Web UI
+  after CA installation
+
+* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2
+- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency
+  for CA, KRA, OCSP, and TKS . . .
+
+* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards
+  compatibility (rename jar files as appropriate)
+
+* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4
+- Removed BuildRequires: dogtag-pki-tks-ui
+
+* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
+- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . .
+- Bugzilla Bug #553847 - New Package for Dogtag PKI: pki-tks
+
+* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
+- Removed 'with exceptions' from License
+
+* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1
+- Bugzilla Bug #X - Packaging for Fedora Dogtag
 
diff --git a/pki/specs/pki-tps.spec b/pki/specs/pki-tps.spec
index 0aacc47d..ec080b2c 100644
--- a/pki/specs/pki-tps.spec
+++ b/pki/specs/pki-tps.spec
@@ -1,7 +1,3 @@
-###############################################################################
-###                       P A C K A G E   H E A D E R                       ###
-###############################################################################
-
 Name:             pki-tps
 Version:          9.0.0
 Release:          1%{?dist}
@@ -18,8 +14,8 @@ BuildRequires:    apr-util-devel
 BuildRequires:    cyrus-sasl-devel
 BuildRequires:    httpd-devel >= 2.2.3
 BuildRequires:    mozldap-devel
-BuildRequires:    nspr-devel >= 4.6.99
-BuildRequires:    nss-devel >= 3.12.3.99
+BuildRequires:    nspr-devel
+BuildRequires:    nss-devel
 BuildRequires:    pcre-devel
 BuildRequires:    svrcore-devel
 BuildRequires:    zlib
@@ -173,7 +169,6 @@ fi
 %{_bindir}/tpsclient
 %{_libdir}/httpd/modules/*
 %{_libdir}/lib*
-%dir %{_datadir}/pki
 %dir %{_datadir}/pki/tps
 %{_datadir}/pki/tps/applets/
 %{_datadir}/pki/tps/cgi-bin/
@@ -183,9 +178,7 @@ fi
 %{_datadir}/pki/tps/samples/
 %{_datadir}/pki/tps/scripts/
 %{_datadir}/pki/tps/setup/
-%dir %{_localstatedir}/lock/pki
 %dir %{_localstatedir}/lock/pki/tps
-%dir %{_localstatedir}/run/pki
 %dir %{_localstatedir}/run/pki/tps
 
 
@@ -198,5 +191,164 @@ fi
 
 %changelog
 * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
+- Bugzilla Bug #620863 - saved CS.cfg files should be moved to a subdirectory
+  to avoid cluttering
+- Bugzilla Bug #607373 - add self test framework to TPS subsytem
+- Bugzilla Bug #607374 - add self test to TPS self test framework
+- Bugzilla Bug #624847 - Installed TPS cannot be started to be configured.
+- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
+  in the java subsystems
+- Bugzilla Bug #547507 - Token renewal: certs on the token is deleted when
+  one of the certs on the token is outside renewal grace period.
+- Bugzilla Bug #622535 - 64 bit host zlib uncompress operation fails when
+  reading data from token.
+- Bugzilla Bug #497931 - CS 8.0 -- Have to download and stall the trust chain
+  through ESC even if it was already installed in the browser.
+- Bugzilla Bug #579790 - errors in ESC communications can leave unusable
+  tokens and inconsistent data in TPS
+- Bugzilla Bug #631474 - Token enrollment with TPS Client fails with error
+  'Applet memory exceeded when writing out final token data'
+- Bugzilla Bug #488762 - Found HTTP TRACE method enabled on TPS
+- Bugzilla Bug #633405 - Tps client unable to perform token enrollment when
+  tried to load certificates with 2048 bit keys
+- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
+  generated on TKS instead of TPS.
+- Bugzilla Bug #574942 - TPS database has performance problems with a large
+  number of tokens
+- Bugzilla Bug #637982 - some selftest parameters are not properly substituted
+- Bugzilla Bug #637824 - TPS UI: Profile state in CS.cfg is Pending Approval
+  after agent approve and Enable
+- Bugzilla Bug #223313 - should do random generated IV param
+  for symmetric keys
+- Bugzilla Bug #628995 - TPS CC requirement: Unused predicates for revocation
+  controls for TPS enrollment profiles should be removed.
+- Bugzilla Bug #642084 - CC feature: Key Management -provide signature
+  verification functions (TPS subsystem)
+- Bugzilla Bug #646545 - TPS Agent tab: displays approve list parameter with
+  last character chopped.
+- Bugzilla Bug #532724 - Feature: ESC Security officer work station should
+  display % of operation complete for format SO card
+- Bugzilla Bug #647364 - CC: audit signing certs for JAVA subsystems fail
+  CIMC cert verification (expose updated cert verification function in JSS)
+- Bugzilla Bug #651087 - TPS UI Admin tab display 'null' string in the
+  General configuration
+- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
+  to talk to CA and complete configuration in DonePanel
+- Bugzilla Bug #632425 - Port to tomcat6
+- Bugzilla Bug #638377 - Generate PKI UI components which exclude
+  a GUI interface
+- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel
+  up to before Security Domain Panel
+- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
+  validity
+- Bugzilla Bug #643206 - New CMake based build system for Dogtag
+- Bugzilla Bug #499494 - change CA defaults to SHA2
+- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs
+  in TPS
+- Bugzilla Bug #223314 - AOL: Better activities logs
+- Bugzilla Bug #651001 - TPS does not create a password for entries in ldap.
+  This violates STIG requirements
+- Bugzilla Bug #512248 - Status mismatch for the encryption cert in tps agent
+  and CA when a temporary smart card is issued.
+- Bugzilla Bug #666902 - TPS needs to call CERT_VerifyCertificate() correctly
+- Bugzilla Bug #223319 - Certificate Status inconsistency between token db
+  and CA
+- Bugzilla Bug #669055 - TPS server does not re-start when signedAudit
+  logging is turned ON
+
+* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.2-1
+- Bugzilla Bug #601299 - tps installation does not update security domain
+- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256
+  instead of SHA1 for ECC
+- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
+  algorithm
+- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
+- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn
+  per RFC 2616
+- Bugzilla Bug #498299 - Should not be able to change the status manually
+  on a token marked as permanently lost or destroyed
+- Bugzilla Bug #554892 - configurable frequency signed audit
+- Bugzilla Bug #500700 - tps log rotation
+- Bugzilla Bug #562893 - tps shutdown if audit logs full
+- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
+- Bugzilla Bug #556152 - ACL changes to CA and OCSP
+- Bugzilla Bug #556167 - ACL changes to CA and OCSP
+- Bugzilla Bug #581004 - add more audit logging to the TPS
+- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing,
+  and move to a client-auth port
+- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
+- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps
+  crash
+- Bugzilla Bug #581004 - add more audit logs
+- Bugzilla Bug #595871 - CC: TKS needed audit message changes
+- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
+- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
+- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
+  on the token.
+- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
+  to do both GenerateNewKey and RecoverLast operation for encryption key.
+- Bugzilla Bug #498299 - fix case where no transitions available
+- Bugzilla Bug #604186 - Common Criteria: TPS: Key Recovery needs
+  to meet CC requirements
+- Bugzilla Bug #604178 - Common Criteria: TPS: cert registration needs
+  to meet CC requirements
+- Bugzilla Bug #600968 - Common Criteria: TPS: cert registration needs
+  to meet CC requirements
+- Bugzilla Bug #607381 - Common Criteria: TPS: cert registration needs
+  to meet CC requirements
+
+* Thu Apr 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #564131 - Config wizard : all subsystems - done panel text
+  needs correction
+
+* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-8
+- Bugzilla Bug #566060 - Add 'pki-native-tools' as a runtime dependency
+  for RA, and TPS . . .
+
+* Fri Jan 29 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-7
+- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System
+  Token Processing System
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Applied filters for unwanted perl provides and requires
+- Applied %{?_smp_mflags} option to 'make'
+- Removed manual 'strip' commands
+
+* Thu Jan 28 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-6
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System
+  Token Processing System
+
+* Wed Jan 27 2010 Kevin Wright <kwright@redhat.com> 1.3.0-5
+- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System
+  Token Processing System
+- Per direction from the Fedora community,
+  removed the following explicit "Requires":
+      perl-HTML-Parser
+      perl-HTML-Tagset
+      perl-Parse-RecDescent
+      perl-URI
+      perl-XML-NamespaceSupport
+      perl-XML-Parser
+      perl-XML-Simple
+
+* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4
+- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into
+  pkicreate . . .
+- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
+- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Bugzilla Bug #553852 - Review Request: pki-tps - Dogtag Certificate System
+  Token Processing System
+
+* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-3
+- Removed BuildRequires bash - Removed 'with exceptions' from License
+
+* Mon Nov 02 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-2
+- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI
+- Prepended directory path in front of setup_package
+- Take ownership of pki tps directory.
+
+* Fri Oct 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1
+- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI