diff options
| -rw-r--r-- | pki/CMakeLists.txt | 13 | ||||
| -rw-r--r-- | pki/base/console/build.xml | 2 | ||||
| -rw-r--r-- | pki/base/console/src/CMakeLists.txt | 11 | ||||
| -rwxr-xr-x | pki/scripts/compose_pki_core_packages | 2 | ||||
| -rw-r--r-- | pki/specs/pki-console.spec | 52 | ||||
| -rw-r--r-- | pki/specs/pki-core.spec | 326 | ||||
| -rw-r--r-- | pki/specs/pki-kra.spec | 140 | ||||
| -rw-r--r-- | pki/specs/pki-migrate.spec | 72 | ||||
| -rw-r--r-- | pki/specs/pki-ocsp.spec | 136 | ||||
| -rw-r--r-- | pki/specs/pki-ra.spec | 59 | ||||
| -rw-r--r-- | pki/specs/pki-tks.spec | 130 | ||||
| -rw-r--r-- | pki/specs/pki-tps.spec | 172 |
12 files changed, 1044 insertions, 71 deletions
diff --git a/pki/CMakeLists.txt b/pki/CMakeLists.txt index 719cd0ac..97ab8b6b 100644 --- a/pki/CMakeLists.txt +++ b/pki/CMakeLists.txt @@ -5,14 +5,23 @@ cmake_minimum_required(VERSION 2.6.0) # global needed variables set(APPLICATION_NAME ${PROJECT_NAME}) + +set(APPLICATION_VERSION_MAJOR "9") +set(APPLICATION_VERSION_MINOR "0") +set(APPLICATION_VERSION_PATCH "0") + if (BUILD_IPA_PKI_THEME) set(APPLICATION_FLAVOR_IPA_PKI_THEME TRUE) + # override APPLICATION VERSION + set(APPLICATION_VERSION_PATCH "1") elseif (BUILD_DOGTAG_PKI_THEME) set(APPLICATION_FLAVOR_DOGTAG_PKI_THEME TRUE) elseif (BUILD_REDHAT_PKI_THEME) set(APPLICATION_FLAVOR_REDHAT_PKI_THEME TRUE) elseif (BUILD_PKI_CORE) set(APPLICATION_FLAVOR_PKI_CORE TRUE) + # override APPLICATION VERSION + set(APPLICATION_VERSION_PATCH "1") elseif (BUILD_PKI_KRA) set(APPLICATION_FLAVOR_PKI_KRA TRUE) elseif (BUILD_PKI_OCSP) @@ -61,10 +70,6 @@ else () set(APPLICATION_FLAVOR_PKI_CONSOLE TRUE) endif () -set(APPLICATION_VERSION_MAJOR "9") -set(APPLICATION_VERSION_MINOR "0") -set(APPLICATION_VERSION_PATCH "0") - set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}") # where to look first for cmake modules diff --git a/pki/base/console/build.xml b/pki/base/console/build.xml index 5a7257d3..e657126a 100644 --- a/pki/base/console/build.xml +++ b/pki/base/console/build.xml @@ -22,6 +22,7 @@ <property name="jss.home" value="${jni-jar.home}${dirsec}"/> <property name="jss.jar" value="${jss.home}/jss4.jar"/> + <property name="osutil.jar" value="${jni-jar.home}/osutil.jar"/> <property name="ldapjdk.jar" value="${jar.home}/ldapjdk.jar"/> <property name="base.jar" value="${jar.home}/idm-console-base.jar"/> <property name="mcc.jar" value="${jar.home}/idm-console-mcc.jar"/> @@ -32,6 +33,7 @@ <path id="classpath"> <pathelement location="${jss.jar}"/> + <pathelement location="${osutil.jar}"/> <pathelement location="${ldapjdk.jar}"/> <pathelement location="${pki-nsutil.jar}"/> <pathelement location="${base.jar}"/> diff --git a/pki/base/console/src/CMakeLists.txt b/pki/base/console/src/CMakeLists.txt index c4e9c3c3..ec58e9dc 100644 --- a/pki/base/console/src/CMakeLists.txt +++ b/pki/base/console/src/CMakeLists.txt @@ -69,6 +69,14 @@ find_file(JSS_JAR /usr/share/java ) +find_file(OSUTIL_JAR + NAMES + osutil.jar + PATHS + /usr/lib/java + /usr/share/java +) + # identify java sources set(pki-console_java_SRCS @@ -598,7 +606,8 @@ set(CMAKE_JAVA_INCLUDE_PATH ${BASE_JAR} ${LDAPJDK_JAR} ${MMC_JAR} ${MMC_EN_JAR} ${NMCLF_JAR} ${NMCLF_EN_JAR} ${PKI_NSUTIL_JAR} - ${JSS_JAR}) + ${JSS_JAR} + ${OSUTIL_JAR}) # set version diff --git a/pki/scripts/compose_pki_core_packages b/pki/scripts/compose_pki_core_packages index 3837d3b9..c4a1405c 100755 --- a/pki/scripts/compose_pki_core_packages +++ b/pki/scripts/compose_pki_core_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_CORE="pki-core" -PKI_CORE_VERSION="9.0.0" +PKI_CORE_VERSION="9.0.1" ## diff --git a/pki/specs/pki-console.spec b/pki/specs/pki-console.spec index 980cf8de..c0561ea4 100644 --- a/pki/specs/pki-console.spec +++ b/pki/specs/pki-console.spec @@ -1,7 +1,3 @@ -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - Name: pki-console Version: 9.0.0 Release: 1%{?dist} @@ -20,12 +16,14 @@ BuildRequires: java-devel >= 1:1.6.0 BuildRequires: jpackage-utils BuildRequires: jss >= 4.2.6-12 BuildRequires: ldapjdk +BuildRequires: osutil BuildRequires: pki-util Requires: idm-console-framework Requires: java >= 1:1.6.0 Requires: jss >= 4.2.6-12 Requires: ldapjdk +Requires: osutil Requires: pki-console-theme Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -63,7 +61,7 @@ cd build %install %{__rm} -rf %{buildroot} cd build -%{__make} install DESTDIR=%{buildroot} +%{__make} install DESTDIR=%{buildroot} INSTALL="install -p" %files @@ -75,5 +73,47 @@ cd build %changelog * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 -- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) +- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0 +- Bugzilla Bug #607380 - CC: Make sure Java Console can configure + all security relevant config items +- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned + by Reason Code - onlySomeReasons ? +- Bugzilla Bug #518241 - pkiconsole does not launch when CA is configured + with ECC +- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple + Certificates from the Same Request +- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing + e.c. support +- Bugzilla Bug #638377 - Generate PKI UI components which exclude + a GUI interface +- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) +- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature +- Bugzilla Bug #662201 - Console: View button for log messages + is not functional. +- Bugzilla Bug #649343 - Publishing queue should recover from CA crash. +- Bugzilla Bug #663546 - Disable the functionalities that are not exposed + in the console +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- Bugzilla Bug #642741 - CS build uses deprecated functions + +* Wed Apr 21 2010 Andrew Wnuk <awnuk@redhat.com> 1.3.2-1 +- Bugzilla Bug #493765 - console renewal fix for ca, ocsp, and ssl certificates + +* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 +- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards + compatibility (rename jar files as appropriate) + +* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4 +- removed BuildRequires dogtag-pki-console-ui + +* Wed Jan 06 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Bugzilla Bug #553487 - Review Request: pki-console +- The Dogtag PKI Console +- Take ownership of directories + +* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 +- Removed 'with exceptions' from License + +* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/specs/pki-core.spec b/pki/specs/pki-core.spec index 115d4f31..7403b063 100644 --- a/pki/specs/pki-core.spec +++ b/pki/specs/pki-core.spec @@ -1,6 +1,6 @@ Name: pki-core -Version: 9.0.0 -Release: 3%{?dist} +Version: 9.0.1 +Release: 1%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -140,7 +140,6 @@ Group: System Environment/Base Requires: openldap-clients Requires: nss Requires: nss-tools -Requires: pki-setup = %{version}-%{release} %description -n pki-native-tools These platform-dependent PKI executables are used to help make @@ -306,7 +305,6 @@ Requires: java >= 1:1.6.0 Requires: pki-ca-theme >= 9.0.0 Requires: pki-common = %{version}-%{release} Requires: pki-selinux = %{version}-%{release} -Requires: pki-setup = %{version}-%{release} Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts @@ -451,6 +449,7 @@ fi %{_bindir}/setpin %{_bindir}/sslget %{_bindir}/tkstool +%dir %{_datadir}/pki %{_datadir}/pki/native-tools/ @@ -551,6 +550,325 @@ fi %changelog +* Tue Jan 18 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1 +- Allow 'pki-native-tools' to be installed independently of 'pki-setup' +- Removed explicit 'pki-setup' requirement from 'pki-ca' + (since it already requires 'pki-common') +- 'pki-setup' +- Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group +- Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP + and TKS. +- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port + fowarding for agent services +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from + OpenLDAP instead of the Mozldap +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 +- Bugzilla Bug #661514 - CMAKE build system requires rules to make + javadocs +- Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, + pkicreate fails Fedora 14 and above +- Bugzilla Bug #23346 - Two conflicting ACL list definitions in source + repository +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- 'pki-symkey' +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #644056 - CS build contains warnings +- 'pki-native-tools' +- template change +- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from + OpenLDAP instead of the Mozldap +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #644056 - CS build contains warnings +- 'pki-util' +- Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical + cannot be set to true +- Bugzilla Bug #224945 - javadocs has missing descriptions, contains + empty packages +- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. +- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte + senderNonce in all signed SCEP responses. +- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade + attack in SCEP +- Bugzilla Bug #621334 - Provide an option to set default hash algorithm + for signing SCEP response messages. +- Bugzilla Bug #635033 - At installation wizard selecting key types other + than CA's signing cert will fail +- Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and + CS interface +- Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse + ASN.1 encoding/decoding is broken +- Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 + encoding/decoding is incomplete +- Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 + encoding/decoding is incomplete +- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit + policy extension to 5 only +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #661514 - CMAKE build system requires rules to make + javadocs +- Bugzilla Bug #658188 - remove remaining references to tomcat5 +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- Bugzilla Bug #223319 - Certificate Status inconsistency between token + db and CA +- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory + During CRL Generation +- 'pki-java-tools' +- Bugzilla Bug #224945 - javadocs has missing descriptions, contains + empty packages +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #661514 - CMAKE build system requires rules to make + javadocs +- Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to + 5000 bytes +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- 'pki-common' +- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review +- Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable + started before configuration completed +- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit + logs in the java subsystems +- Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 + policy mappings (seem hardcoded) +- Bugzilla Bug #224945 - javadocs has missing descriptions, contains + empty packages +- Bugzilla Bug #548699 - subCA's admin certificate should be generated by + itself +- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA +- Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile + caAgentServerCert (null cert_request) +- Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited + number of times +- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml + as part of CC interface review +- Bugzilla Bug #629677 - TPS: token enrollment fails. +- Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN + in a SCEP request +- Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection + pools not reliable - improve connections or discovery +- Bugzilla Bug #629769 - password decryption logs plain text password +- Bugzilla Bug #583823 - CC: Auditing issues found as result of + CC - interface review +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #586700 - OCSP Server throws fatal error while using + OCSP console for renewing SSL Server certificate. +- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. +- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte + senderNonce in all signed SCEP responses. +- Bugzilla Bug #607380 - CC: Make sure Java Console can configure all + security relevant config items +- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be + generated on TKS instead of TPS. +- Bugzilla Bug #489342 - + com.netscape.cms.servlet.common.CMCOutputTemplate.java + doesn't support EC +- Bugzilla Bug #630121 - OCSP responder lacking option to delete or + disable a CA that it serves +- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 +- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade + attack in SCEP +- Bugzilla Bug #621334 - Provide an option to set default hash algorithm + for signing SCEP response messages. +- Bugzilla Bug #635033 - At installation wizard selecting key types other + than CA's signing cert will fail +- Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated + for SCEP signing and encryption. +- Bugzilla Bug #223336 - ECC: unable to clone a ECC CA +- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned + by Reason Code - onlySomeReasons ? +- Bugzilla Bug #637330 - CC feature: Key Management - provide signature + verification functions (JAVA subsystems) +- Bugzilla Bug #223313 - should do random generated IV param + for symmetric keys +- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port + fowarding for agent services +- Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory +- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on + ECC curve names (not on key sizes). +- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple + Certificates from the Same Request +- Bugzilla Bug #648757 - expose and use updated cert verification + function in JSS +- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection + of signature algorithm; and for ECC curves +- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing + e.c. support +- Bugzilla Bug #651040 - cloning shoud not include sslserver +- Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to + CS.cfg files imcomplete when the cert is stored on a hsm +- Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . +- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports + to talk to CA and complete configuration in DonePanel +- Bugzilla Bug #642359 - CC Feature - need to verify certificate when it + is added +- Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires + auditing +- Bugzilla Bug #489385 - references to rhpki +- Bugzilla Bug #499494 - change CA defaults to SHA2 +- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit + policy extension to 5 only +- Bugzilla Bug #649910 - Console: an auditor or agent can be added to + an administrator group. +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) +- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets + as expected +- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for + validity +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 +- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with + Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. +- Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an + error to TPS even if certificate in question is already revoked. +- Bugzilla Bug #663546 - Disable the functionalities that are not exposed + in the console +- Bugzilla Bug #661514 - CMAKE build system requires rules to make + javadocs +- Bugzilla Bug #658188 - remove remaining references to tomcat5 +- Bugzilla Bug #649343 - Publishing queue should recover from CA crash. +- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and + pkiCA, obsolete 2252 and 2256 +- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- Bugzilla Bug #661142 - Verification should fail when + a revoked certificate is added +- Bugzilla Bug #642741 - CS build uses deprecated functions +- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error +- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time + interface is no longer available through console +- 'pki-selinux' +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - + selinux changes +- 'pki-ca' +- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review +- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit + logs in the java subsystems +- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA +- Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of + CC interface doc review +- Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with + admin privilege throws error "You are not authorized to perform this + operation". +- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml + as part of CC interface review +- Bugzilla Bug #583823 - CC: Auditing issues found as result of + CC - interface review +- Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws + 'Internal Server Error'. +- Bugzilla Bug #586700 - OCSP Server throws fatal error while using + OCSP console for renewing SSL Server certificate. +- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. +- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte + senderNonce in all signed SCEP responses. +- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be + generated on TKS instead of TPS. +- Bugzilla Bug #630121 - OCSP responder lacking option to delete or + disable a CA that it serves +- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 +- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade + attack in SCEP +- Bugzilla Bug #621334 - Provide an option to set default hash algorithm + for signing SCEP response messages. +- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned + by Reason Code - onlySomeReasons ? +- Bugzilla Bug #637330 - CC feature: Key Management - provide signature + verification functions (JAVA subsystems) +- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port + fowarding for agent services +- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on + ECC curve names (not on key sizes). +- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple + Certificates from the Same Request +- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection + of signature algorithm; and for ECC curves +- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA + release -- DRM and TKS do not seem to have CRL checking enabled +- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help + correctly set up CC environment +- Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in + certificates (RFC 4262) +- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports + to talk to CA and complete configuration in DonePanel +- Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object + signing support in RHCS +- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) +- Bugzilla Bug #489385 - references to rhpki +- Bugzilla Bug #499494 - change CA defaults to SHA2 +- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit + policy extension to 5 only +- Bugzilla Bug #649910 - Console: an auditor or agent can be added to + an administrator group. +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets + as expected +- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for + validity +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke + certs in TPS +- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature +- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with + Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. +- Bugzilla Bug #649343 - Publishing queue should recover from CA crash. +- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and + pkiCA, obsolete 2252 and 2256 +- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source + repository +- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- Bugzilla Bug #661142 - Verification should fail when + a revoked certificate is added +- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key + usage +- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time + interface is no longer available through console +- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory + During CRL Generation +- 'pki-silent' +- Bugzilla Bug #627309 - pkisilent subca configuration fails. +- Bugzilla Bug #640091 - pkisilent panels need to match with changed java + subsystems +- Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM + Clone. +- Bugzilla Bug #643053 - pkisilent DRM configuration fails +- Bugzilla Bug #583754 - pki-silent needs an option to configure signing + algorithm for CA certificates +- Bugzilla Bug #489385 - references to rhpki +- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI + interface +- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) +- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module + Panel up to before Security Domain Panel +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #588323 - Failed to enable cipher 0xc001 +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, + signing algorithm +- Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords + with special characters +- Bugzilla Bug #642741 - CS build uses deprecated functions + * Thu Jan 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-3 - Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" diff --git a/pki/specs/pki-kra.spec b/pki/specs/pki-kra.spec index 50bfd7f5..cf6b6ea1 100644 --- a/pki/specs/pki-kra.spec +++ b/pki/specs/pki-kra.spec @@ -1,7 +1,3 @@ -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - Name: pki-kra Version: 9.0.0 Release: 1%{?dist} @@ -95,7 +91,7 @@ cd build %install %{__rm} -rf %{buildroot} cd build -%{__make} install DESTDIR=%{buildroot} +%{__make} install DESTDIR=%{buildroot} INSTALL="install -p" %pre @@ -123,19 +119,143 @@ fi %defattr(-,root,root,-) %doc base/kra/LICENSE %{_initrddir}/pki-krad -%{_javadir}/pki/ -%dir %{_datadir}/pki +%{_javadir}/pki/pki-kra-%{version}.jar +%{_javadir}/pki/pki-kra.jar %dir %{_datadir}/pki/kra %{_datadir}/pki/kra/conf/ %{_datadir}/pki/kra/setup/ %{_datadir}/pki/kra/webapps/ -%dir %{_localstatedir}/lock/pki %dir %{_localstatedir}/lock/pki/kra -%dir %{_localstatedir}/run/pki %dir %{_localstatedir}/run/pki/kra %changelog * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 -- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) +- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0 +- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs + in the java subsystems +- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml + as part of CC interface review +- Bugzilla Bug #583823 - CC: Auditing issues found as result of + CC - interface review +- Bugzilla Bug #607380 - CC: Make sure Java Console can configure + all security relevant config items +- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be + generated on TKS instead of TPS. +- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable + a CA that it serves +- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1 +- Bugzilla Bug #637330 - CC feature: Key Management - provide signature + verification functions (JAVA subsystems) +- Bugzilla Bug #223313 - should do random generated IV param + for symmetric keys +- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and + port fowarding for agent services +- Bugzilla Bug #631179 - Administrator is not allowed to remove + ocsp signing certificate using console +- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of + signature algorithm; and for ECC curves +- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing + e.c. support +- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- + DRM and TKS do not seem to have CRL checking enabled +- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help + correctly set up CC environment +- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports + to talk to CA and complete configuration in DonePanel +- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) +- Bugzilla Bug #489385 - references to rhpki +- Bugzilla Bug #649910 - Console: an auditor or agent can be added to + an administrator group. +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #638377 - Generate PKI UI components which exclude + a GUI interface +- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets + as expected +- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for + validity +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #499494 - change CA defaults to SHA2 +- Bugzilla Bug #649343 - Publishing queue should recover from CA crash. +- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and + pkiCA, obsolete 2252 and 2256 +- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source + repository +- Bugzilla Bug #663546 - Disable the functionalities that are not exposed + in the console +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- Bugzilla Bug #661142 - Verification should fail when + a revoked certificate is added +- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage +- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time + interface is no longer available through console +- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During + CRL Generation + +* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.4-1 +- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls +- Bugzilla Bug #527593 - More robust signature digest alg, + like SHA256 instead of SHA1 for ECC +- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing + algorithm +- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true +- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn per + RFC 2616 +- Bugzilla Bug #498299 - Should not be able to change the status manually + on a token marked as permanently lost or destroyed +- Bugzilla Bug #554892 - configurable frequency signed audit +- Bugzilla Bug #500700 - tps log rotation +- Bugzilla Bug #562893 - tps shutdown if audit logs full +- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical +- Bugzilla Bug #556152 - ACL changes to CA and OCSP +- Bugzilla Bug #556167 - ACL changes to CA and OCSP +- Bugzilla Bug #581004 - add more audit logging to the TPS +- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move + to a client-auth port +- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm +- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes + tps crash +- Bugzilla Bug #581004 - add more audit logs +- Bugzilla Bug #595871 - CC: TKS needed audit message changes +- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result. +- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit +- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert + on the token. +- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need + to do both GenerateNewKey and RecoverLast operation for encryption key. +- Bugzilla Bug #498299 - fix case where no transitions available +- Bugzilla Bug #595391 - session domain table to be moved to ldap +- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups) +- Bugzilla Bug #472597 - Disable policy code,UI +- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description + References Fedora + +* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.3-1 +- Bugzilla Bug 584917- Can not access CA Configuration Web UI after + CA installation + +* Mon Mar 22 2010 Christina Fu <cfu@redhat.com> 1.3.2-1 +- Bugzilla Bug #522343 Add asynchronous key recovery mode + +* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2 +- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency + for CA, KRA, OCSP, and TKS . . . + +* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 +- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards + compatibility (rename jar files as appropriate) + +* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4 +- Removed BuildRequires: dogtag-pki-kra-ui + +* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895) +- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . . +- Bugzilla Bug #553842 - New Package for Dogtag PKI: pki-kra + +* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 +- Removed 'with exceptions' from License + +* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/specs/pki-migrate.spec b/pki/specs/pki-migrate.spec index 979f03f0..e61f72b5 100644 --- a/pki/specs/pki-migrate.spec +++ b/pki/specs/pki-migrate.spec @@ -1,7 +1,3 @@ -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - Name: pki-migrate Version: 9.0.0 Release: 1%{?dist} @@ -61,7 +57,7 @@ cd build %install %{__rm} -rf %{buildroot} cd build -%{__make} install DESTDIR=%{buildroot} +%{__make} install DESTDIR=%{buildroot} INSTALL="install -p" %files @@ -73,5 +69,69 @@ cd build %changelog * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 -- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) +- Updated Dogtag 1.3.x --> Dogtag 2.0.0 (internal) --> Dogtag 9.0.0 + +* Mon Jul 13 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-17 +- Bugzilla Bug #511136 - Integrate EULA file into RHCS +- Release Candidate 4 build + +* Wed Jul 08 2009 Kevin Wright <kwright@redhat.com> 8.0.0-16 +- Bugzilla Bug #510352 - Release Candidate 3 build + +* Thu Jul 02 2009 Kevin Wright <kwright@redhat.com> 8.0.0-15 +- Bugzilla Bug #509447 - Release Candidate 2 build + +* Thu Jun 25 2009 Kevin Wright <kwright@redhat.com> 8.0.0-14 +- Bugzilla Bug #508179 - Remove base_phase ".beta" tag + +* Fri Jun 05 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-13 +- Bugzilla Bug #499496 - pki-migrate package should include only the tools + we support + +* Mon May 18 2009 Ade Lee <alee@redhat.com> 8.0.0-12 +- Bugzilla Bug #493717 - migration scripts required for TPS groups + +* Mon May 04 2009 Kevin Wright <kwright@redhat.com> 8.0.0-11 +- Bugzilla Bug #499030 - Beta 2 Release + +* Fri Mar 27 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-10 +- Bugzilla Bug #492502 - Redefine "base_phase" from ".alpha" to ".beta" + +* Sat Feb 28 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-9 +- Bugzilla Bug #487896 - Introduce optional 'base_phase' release tag to + denote ".alpha", ".beta", etc. + +* Tue Feb 17 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-8 +- Bugzilla Bug #485790 - Need changes made to spec files in various packages + to be able to build in koji/brew + +* Fri Jan 30 2009 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-7 +- Bugzilla Bug #253615 - RFE: migration tool needs to be written for the + serialization changes - Allowed 63ToTxt binaries to be published + +* Sat Nov 29 2008 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-6 +- Aligned RHEL 5, RHEL 4, and Solaris 9 "base_release" numbers +- Bugzilla Bug #445402 - Changed "base_url" from + "http://www.redhat.com/software/rha/certificate" to + "http://www.redhat.com/certificate_system" + +* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-5 +- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed +- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 +- Changed "java-sdk" to "java-devel" for consistency + +* Tue Oct 14 2008 Ade Lee <alee@redhat.com> 8.0.0-4 +- bugzilla bug #223361 - added 80 migration scripts + +* Fri Jun 08 2007 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-3 +- bugzilla bug #243480 - added legacy upgrade path + +* Tue Jun 05 2007 Matthew Harmsen <mharmsen@redhat.com> 8.0.0-2 +- bugzilla bug #242575 - Made numerous changes to spec file. + +* Mon May 21 2007 Kevin McCarthy <kmccarth@redhat.com> 8.0.0-1 +- Bump to version 8.0. + +* Thu Apr 05 2007 Thomas Kwan <nkwan@redhat.com> 1.0.0-1 +- Fixed change log to use the correct version diff --git a/pki/specs/pki-ocsp.spec b/pki/specs/pki-ocsp.spec index 1391b92b..0a300106 100644 --- a/pki/specs/pki-ocsp.spec +++ b/pki/specs/pki-ocsp.spec @@ -1,7 +1,3 @@ -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - Name: pki-ocsp Version: 9.0.0 Release: 1%{?dist} @@ -102,7 +98,7 @@ cd build %install %{__rm} -rf %{buildroot} cd build -%{__make} install DESTDIR=%{buildroot} +%{__make} install DESTDIR=%{buildroot} INSTALL="install -p" %pre @@ -130,19 +126,139 @@ fi %defattr(-,root,root,-) %doc base/ocsp/LICENSE %{_initrddir}/pki-ocspd -%{_javadir}/pki/ -%dir %{_datadir}/pki +%{_javadir}/pki/pki-ocsp-%{version}.jar +%{_javadir}/pki/pki-ocsp.jar %dir %{_datadir}/pki/ocsp %{_datadir}/pki/ocsp/conf/ %{_datadir}/pki/ocsp/setup/ %{_datadir}/pki/ocsp/webapps/ -%dir %{_localstatedir}/lock/pki %dir %{_localstatedir}/lock/pki/ocsp -%dir %{_localstatedir}/run/pki %dir %{_localstatedir}/run/pki/ocsp %changelog * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 -- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) +- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0 +- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs + in the java subsystems +- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml + as part of CC interface review +- Bugzilla Bug #583823 - CC: Auditing issues found as result of + CC - interface review +- Bugzilla Bug #586700 - OCSP Server throws fatal error while using + OCSP console for renewing SSL Server certificate. +- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be + generated on TKS instead of TPS. +- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable + a CA that it serves +- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 +- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1 +- Bugzilla Bug #637330 - CC feature: Key Management - provide signature + verification functions (JAVA subsystems) +- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and + port fowarding for agent services +- Bugzilla Bug #631179 - Administrator is not allowed to remove + ocsp signing certificate using console +- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of + signature algorithm; and for ECC curves +- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- + DRM and TKS do not seem to have CRL checking enabled +- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help + correctly set up CC environment +- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports + to talk to CA and complete configuration in DonePanel +- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) +- Bugzilla Bug #489385 - references to rhpki +- Bugzilla Bug #649910 - Console: an auditor or agent can be added to + an administrator group. +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #638377 - Generate PKI UI components which exclude + a GUI interface +- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets + as expected +- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for + validity +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #499494 - change CA defaults to SHA2 +- Bugzilla Bug #649343 - Publishing queue should recover from CA crash. +- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and + pkiCA, obsolete 2252 and 2256 +- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source + repository +- Bugzilla Bug #663546 - Disable the functionalities that are not exposed + in the console +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- Bugzilla Bug #661142 - Verification should fail when + a revoked certificate is added +- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time + interface is no longer available through console +- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During + CRL Generation + +* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.3-1 +- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls +- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256 + instead of SHA1 for ECC +- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing + algorithm +- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true +- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn + per RFC 2616 +- Bugzilla Bug #498299 - Should not be able to change the status manually + on a token marked as permanently lost or destroyed +- Bugzilla Bug #554892 - configurable frequency signed audit +- Bugzilla Bug #500700 - tps log rotation +- Bugzilla Bug #562893 - tps shutdown if audit logs full +- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical +- Bugzilla Bug #556152 - ACL changes to CA and OCSP +- Bugzilla Bug #556167 - ACL changes to CA and OCSP +- Bugzilla Bug #581004 - add more audit logging to the TPS +- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move + to a client-auth port +- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm +- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps + crash +- Bugzilla Bug #581004 - add more audit logs +- Bugzilla Bug #595871 - CC: TKS needed audit message changes +- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result. +- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit +- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert + on the token. +- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need + to do both GenerateNewKey and RecoverLast operation for encryption key. +- Bugzilla Bug #498299 - fix case where no transitions available +- Bugzilla Bug #595391 - session domain table to be moved to ldap +- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups) +- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description + References Fedora + +* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.2-2 +- Bugzilla Bug 584917- Can not access CA Configuration Web UI + after CA installation + +* Wed Apr 21 2010 Andrew Wnuk <awnuk@redhat.com> 1.3.2-1 +- Bugzilla Bug #493765 - console renewal fix for ca, ocsp, and ssl + certificates + +* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2 +- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency + for CA, KRA, OCSP, and TKS . . . + +* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 +- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards + compatibility (rename jar files as appropriate) + +* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4 +- BuildRequires: dogtag-pki-ocsp-ui + +* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895) +- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . . +- Bugzilla Bug #553844 - New Package for Dogtag PKI: pki-ocsp + +* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 +- Removed 'with exceptions' from License + +* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 - Bugzilla Bug #X +- Packaging for Fedora Dogtag diff --git a/pki/specs/pki-ra.spec b/pki/specs/pki-ra.spec index 49e9b8d1..b8f9e634 100644 --- a/pki/specs/pki-ra.spec +++ b/pki/specs/pki-ra.spec @@ -1,7 +1,3 @@ -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - Name: pki-ra Version: 9.0.0 Release: 1%{?dist} @@ -104,7 +100,7 @@ cd build %install %{__rm} -rf %{buildroot} cd build -%{__make} install DESTDIR=%{buildroot} +%{__make} install DESTDIR=%{buildroot} INSTALL="install -p" %pre @@ -132,20 +128,65 @@ fi %defattr(-,root,root,-) %doc base/ra/LICENSE %{_initrddir}/pki-rad -%dir %{_datadir}/pki %dir %{_datadir}/pki/ra %{_datadir}/pki/ra/conf/ %{_datadir}/pki/ra/docroot/ %{_datadir}/pki/ra/lib/ %{_datadir}/pki/ra/scripts/ %{_datadir}/pki/ra/setup/ -%dir %{_localstatedir}/lock/pki %dir %{_localstatedir}/lock/pki/ra -%dir %{_localstatedir}/run/pki %dir %{_localstatedir}/run/pki/ra %changelog * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 -- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) +- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0 +- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs + in the java subsystems +- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports + to talk to CA and complete configuration in DonePanel +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #638377 - Generate PKI UI components which exclude + a GUI interface +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #499494 - change CA defaults to SHA2 + +* Thu Apr 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 +- Bugzilla Bug #564131 - Config wizard : all subsystems - done panel text + needs correction + +* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-6 +- Bugzilla Bug #566060 - Add 'pki-native-tools' as a runtime dependency + for RA, and TPS . . . + +* Fri Jan 29 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-5 +- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . +- Applied filters for unwanted perl provides and requires +- Restored "perl-DBD-SQLite" runtime dependency + +* Tue Jan 26 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4 +- Bugzilla Bug #553850 - Review Request: pki-ra - Dogtag Registration Authority +- Per direction from the Fedora community, + removed the following explicit "Requires": + perl-DBI + perl-HTML-Parser + perl-HTML-Tagset + perl-Parse-RecDescent + perl-URI + perl-XML-NamespaceSupport + perl-XML-Parser + perl-XML-Simple + +* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into pkicreate . . . +- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model +- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . +- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . +- Bugzilla Bug #553850 - Review Request: pki-ra - Dogtag Registration Authority + +* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 +- Removed 'with exceptions' from License + +* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Fedora Packaging Changes diff --git a/pki/specs/pki-tks.spec b/pki/specs/pki-tks.spec index 73ef7322..a9d12a03 100644 --- a/pki/specs/pki-tks.spec +++ b/pki/specs/pki-tks.spec @@ -1,7 +1,3 @@ -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - Name: pki-tks Version: 9.0.0 Release: 1%{?dist} @@ -96,7 +92,7 @@ cd build %install %{__rm} -rf %{buildroot} cd build -%{__make} install DESTDIR=%{buildroot} +%{__make} install DESTDIR=%{buildroot} INSTALL="install -p" %pre @@ -124,19 +120,133 @@ fi %defattr(-,root,root,-) %doc base/tks/LICENSE %{_initrddir}/pki-tksd -%{_javadir}/pki/ -%dir %{_datadir}/pki +%{_javadir}/pki/pki-tks-%{version}.jar +%{_javadir}/pki/pki-tks.jar %dir %{_datadir}/pki/tks %{_datadir}/pki/tks/conf/ %{_datadir}/pki/tks/setup/ %{_datadir}/pki/tks/webapps/ -%dir %{_localstatedir}/lock/pki %dir %{_localstatedir}/lock/pki/tks -%dir %{_localstatedir}/run/pki %dir %{_localstatedir}/run/pki/tks %changelog * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 -- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) +- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0 +- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs + in the java subsystems +- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml + as part of CC interface review +- Bugzilla Bug #583823 - CC: Auditing issues found as result of + CC - interface review +- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be + generated on TKS instead of TPS. +- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable + a CA that it serves +- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1 +- Bugzilla Bug #637330 - CC feature: Key Management - provide signature + verification functions (JAVA subsystems) +- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and + port fowarding for agent services +- Bugzilla Bug #631179 - Administrator is not allowed to remove + ocsp signing certificate using console +- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of + signature algorithm; and for ECC curves +- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- + DRM and TKS do not seem to have CRL checking enabled +- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help + correctly set up CC environment +- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports + to talk to CA and complete configuration in DonePanel +- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) +- Bugzilla Bug #489385 - references to rhpki +- Bugzilla Bug #649910 - Console: an auditor or agent can be added to + an administrator group. +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #638377 - Generate PKI UI components which exclude + a GUI interface +- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets + as expected +- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for + validity +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #499494 - change CA defaults to SHA2 +- Bugzilla Bug #649343 - Publishing queue should recover from CA crash. +- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and + pkiCA, obsolete 2252 and 2256 +- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source + repository +- Bugzilla Bug #663546 - Disable the functionalities that are not exposed + in the console +- Bugzilla Bug #656733 - Standardize jar install location and jar names +- Bugzilla Bug #661142 - Verification should fail when + a revoked certificate is added +- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time + interface is no longer available through console +- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During + CRL Generation + +* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.3-1 +- Bugzilla Bug #606556 - Add known session key test to TKS self test set +- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls +- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256 + instead of SHA1 for ECC +- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing + algorithm +- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true +- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn + per RFC 2616 +- Bugzilla Bug #498299 - Should not be able to change the status manually + on a token marked as permanently lost or destroyed +- Bugzilla Bug #554892 - configurable frequency signed audit +- Bugzilla Bug #500700 - tps log rotation +- Bugzilla Bug #562893 - tps shutdown if audit logs full +- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical +- Bugzilla Bug #556152 - ACL changes to CA and OCSP +- Bugzilla Bug #556167 - ACL changes to CA and OCSP +- Bugzilla Bug #581004 - add more audit logging to the TPS +- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move + to a client-auth port +- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm +- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps + crash +- Bugzilla Bug #581004 - add more audit logs +- Bugzilla Bug #595871 - CC: TKS needed audit message changes +- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result. +- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit +- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert + on the token. +- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need + to do both GenerateNewKey and RecoverLast operation for encryption key. +- Bugzilla Bug #498299 - fix case where no transitions available +- Bugzilla Bug #595391 - session domain table to be moved to ldap +- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups) +- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description + References Fedora + +* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.2-1 +- Bugzilla Bug 584917- Can not access CA Configuration Web UI + after CA installation + +* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2 +- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency + for CA, KRA, OCSP, and TKS . . . + +* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 +- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards + compatibility (rename jar files as appropriate) + +* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4 +- Removed BuildRequires: dogtag-pki-tks-ui + +* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895) +- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . . +- Bugzilla Bug #553847 - New Package for Dogtag PKI: pki-tks + +* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 +- Removed 'with exceptions' from License + +* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/specs/pki-tps.spec b/pki/specs/pki-tps.spec index 0aacc47d..ec080b2c 100644 --- a/pki/specs/pki-tps.spec +++ b/pki/specs/pki-tps.spec @@ -1,7 +1,3 @@ -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - Name: pki-tps Version: 9.0.0 Release: 1%{?dist} @@ -18,8 +14,8 @@ BuildRequires: apr-util-devel BuildRequires: cyrus-sasl-devel BuildRequires: httpd-devel >= 2.2.3 BuildRequires: mozldap-devel -BuildRequires: nspr-devel >= 4.6.99 -BuildRequires: nss-devel >= 3.12.3.99 +BuildRequires: nspr-devel +BuildRequires: nss-devel BuildRequires: pcre-devel BuildRequires: svrcore-devel BuildRequires: zlib @@ -173,7 +169,6 @@ fi %{_bindir}/tpsclient %{_libdir}/httpd/modules/* %{_libdir}/lib* -%dir %{_datadir}/pki %dir %{_datadir}/pki/tps %{_datadir}/pki/tps/applets/ %{_datadir}/pki/tps/cgi-bin/ @@ -183,9 +178,7 @@ fi %{_datadir}/pki/tps/samples/ %{_datadir}/pki/tps/scripts/ %{_datadir}/pki/tps/setup/ -%dir %{_localstatedir}/lock/pki %dir %{_localstatedir}/lock/pki/tps -%dir %{_localstatedir}/run/pki %dir %{_localstatedir}/run/pki/tps @@ -198,5 +191,164 @@ fi %changelog * Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 -- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) +- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0 +- Bugzilla Bug #620863 - saved CS.cfg files should be moved to a subdirectory + to avoid cluttering +- Bugzilla Bug #607373 - add self test framework to TPS subsytem +- Bugzilla Bug #607374 - add self test to TPS self test framework +- Bugzilla Bug #624847 - Installed TPS cannot be started to be configured. +- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs + in the java subsystems +- Bugzilla Bug #547507 - Token renewal: certs on the token is deleted when + one of the certs on the token is outside renewal grace period. +- Bugzilla Bug #622535 - 64 bit host zlib uncompress operation fails when + reading data from token. +- Bugzilla Bug #497931 - CS 8.0 -- Have to download and stall the trust chain + through ESC even if it was already installed in the browser. +- Bugzilla Bug #579790 - errors in ESC communications can leave unusable + tokens and inconsistent data in TPS +- Bugzilla Bug #631474 - Token enrollment with TPS Client fails with error + 'Applet memory exceeded when writing out final token data' +- Bugzilla Bug #488762 - Found HTTP TRACE method enabled on TPS +- Bugzilla Bug #633405 - Tps client unable to perform token enrollment when + tried to load certificates with 2048 bit keys +- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be + generated on TKS instead of TPS. +- Bugzilla Bug #574942 - TPS database has performance problems with a large + number of tokens +- Bugzilla Bug #637982 - some selftest parameters are not properly substituted +- Bugzilla Bug #637824 - TPS UI: Profile state in CS.cfg is Pending Approval + after agent approve and Enable +- Bugzilla Bug #223313 - should do random generated IV param + for symmetric keys +- Bugzilla Bug #628995 - TPS CC requirement: Unused predicates for revocation + controls for TPS enrollment profiles should be removed. +- Bugzilla Bug #642084 - CC feature: Key Management -provide signature + verification functions (TPS subsystem) +- Bugzilla Bug #646545 - TPS Agent tab: displays approve list parameter with + last character chopped. +- Bugzilla Bug #532724 - Feature: ESC Security officer work station should + display % of operation complete for format SO card +- Bugzilla Bug #647364 - CC: audit signing certs for JAVA subsystems fail + CIMC cert verification (expose updated cert verification function in JSS) +- Bugzilla Bug #651087 - TPS UI Admin tab display 'null' string in the + General configuration +- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports + to talk to CA and complete configuration in DonePanel +- Bugzilla Bug #632425 - Port to tomcat6 +- Bugzilla Bug #638377 - Generate PKI UI components which exclude + a GUI interface +- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel + up to before Security Domain Panel +- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for + validity +- Bugzilla Bug #643206 - New CMake based build system for Dogtag +- Bugzilla Bug #499494 - change CA defaults to SHA2 +- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs + in TPS +- Bugzilla Bug #223314 - AOL: Better activities logs +- Bugzilla Bug #651001 - TPS does not create a password for entries in ldap. + This violates STIG requirements +- Bugzilla Bug #512248 - Status mismatch for the encryption cert in tps agent + and CA when a temporary smart card is issued. +- Bugzilla Bug #666902 - TPS needs to call CERT_VerifyCertificate() correctly +- Bugzilla Bug #223319 - Certificate Status inconsistency between token db + and CA +- Bugzilla Bug #669055 - TPS server does not re-start when signedAudit + logging is turned ON + +* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.2-1 +- Bugzilla Bug #601299 - tps installation does not update security domain +- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256 + instead of SHA1 for ECC +- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing + algorithm +- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true +- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn + per RFC 2616 +- Bugzilla Bug #498299 - Should not be able to change the status manually + on a token marked as permanently lost or destroyed +- Bugzilla Bug #554892 - configurable frequency signed audit +- Bugzilla Bug #500700 - tps log rotation +- Bugzilla Bug #562893 - tps shutdown if audit logs full +- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical +- Bugzilla Bug #556152 - ACL changes to CA and OCSP +- Bugzilla Bug #556167 - ACL changes to CA and OCSP +- Bugzilla Bug #581004 - add more audit logging to the TPS +- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, + and move to a client-auth port +- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm +- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps + crash +- Bugzilla Bug #581004 - add more audit logs +- Bugzilla Bug #595871 - CC: TKS needed audit message changes +- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result. +- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit +- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert + on the token. +- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need + to do both GenerateNewKey and RecoverLast operation for encryption key. +- Bugzilla Bug #498299 - fix case where no transitions available +- Bugzilla Bug #604186 - Common Criteria: TPS: Key Recovery needs + to meet CC requirements +- Bugzilla Bug #604178 - Common Criteria: TPS: cert registration needs + to meet CC requirements +- Bugzilla Bug #600968 - Common Criteria: TPS: cert registration needs + to meet CC requirements +- Bugzilla Bug #607381 - Common Criteria: TPS: cert registration needs + to meet CC requirements + +* Thu Apr 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 +- Bugzilla Bug #564131 - Config wizard : all subsystems - done panel text + needs correction + +* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-8 +- Bugzilla Bug #566060 - Add 'pki-native-tools' as a runtime dependency + for RA, and TPS . . . + +* Fri Jan 29 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-7 +- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System + Token Processing System +- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . +- Applied filters for unwanted perl provides and requires +- Applied %{?_smp_mflags} option to 'make' +- Removed manual 'strip' commands + +* Thu Jan 28 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-6 +- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . +- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System + Token Processing System + +* Wed Jan 27 2010 Kevin Wright <kwright@redhat.com> 1.3.0-5 +- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System + Token Processing System +- Per direction from the Fedora community, + removed the following explicit "Requires": + perl-HTML-Parser + perl-HTML-Tagset + perl-Parse-RecDescent + perl-URI + perl-XML-NamespaceSupport + perl-XML-Parser + perl-XML-Simple + +* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4 +- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into + pkicreate . . . +- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model +- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . +- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . +- Bugzilla Bug #553852 - Review Request: pki-tps - Dogtag Certificate System + Token Processing System + +* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-3 +- Removed BuildRequires bash - Removed 'with exceptions' from License + +* Mon Nov 02 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-2 +- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI +- Prepended directory path in front of setup_package +- Take ownership of pki tps directory. + +* Fri Oct 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI |