Tree - rpms/pki-core - CentOS Git server

rpms / pki-core

Blame SPECS/pki-core.spec

Blob History Raw

		2eb3de	`# Python, keep every statement on a single line`
		2eb3de	`%{!?__python2: %global __python2 /usr/bin/python2}`
		2eb3de	`%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}`
		2eb3de
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`%global with_python3 1`
		2eb3de	`%else`
		2eb3de	`%global with_python3 0`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?rhel}`
		2eb3de	`# Package RHEL-specific RPMS Only`
		2eb3de	`%global package_rhel_packages 1`
		2eb3de	`# Package RHCS-specific RPMS Only`
		2eb3de	`%global package_rhcs_packages 0`
		2eb3de	`%define pki_core_rhel_version 10.5.17`
		2eb3de	`%else`
		2eb3de	`# Fedora always packages all RPMS`
		2eb3de	`%global package_fedora_packages 1`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`# Java`
		2eb3de	`%define java_home /usr/lib/jvm/jre-1.8.0-openjdk`
		2eb3de
		2eb3de	`# Tomcat`
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`%define with_tomcat7 0`
		2eb3de	`%define with_tomcat8 1`
		2eb3de	`%else`
		2eb3de	`%define with_tomcat7 1`
		2eb3de	`%define with_tomcat8 0`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`# RESTEasy`
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`%define jaxrs_api_jar /usr/share/java/resteasy-base/jaxrs-api.jar`
		2eb3de	`%define resteasy_lib /usr/share/java/resteasy-base`
		2eb3de	`%else`
		2eb3de	`%define jaxrs_api_jar /usr/share/java/jboss-jaxrs-2.0-api.jar`
		2eb3de	`%define resteasy_lib /usr/share/java/resteasy`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`# Dogtag`
		2eb3de	`%bcond_without server`
		2eb3de	`%bcond_without javadoc`
		2eb3de
		2eb3de	`# ignore unpackaged files from native 'tpsclient'`
		2eb3de	`# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app`
		2eb3de	`%define _unpackaged_files_terminate_build 0`
		2eb3de
		2eb3de	`# pkiuser and group. The uid and gid are preallocated`
		2eb3de	`# see /usr/share/doc/setup/uidgid`
		2eb3de	`%define pki_username pkiuser`
		2eb3de	`%define pki_uid 17`
		2eb3de	`%define pki_groupname pkiuser`
		2eb3de	`%define pki_gid 17`
		2eb3de	`%define pki_homedir /usr/share/pki`
		2eb3de
		2eb3de	`# Optionally fetch the release from the environment variable 'PKI_RELEASE'`
		2eb3de	`%define use_pki_release %{getenv:USE_PKI_RELEASE}`
		2eb3de	`%if 0%{?use_pki_release}`
		2eb3de	`%define pki_release %{getenv:PKI_RELEASE}`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`Name: pki-core`
		2eb3de	`%if 0%{?rhel}`
		2eb3de	`Version: 10.5.17`
		2eb3de	`%define redhat_release 4`
		2eb3de	`%define redhat_stage 0`
		2eb3de	`#%define default_release %{redhat_release}.%{redhat_stage}`
		2eb3de	`%define default_release %{redhat_release}`
		2eb3de	`%else`
		2eb3de	`Version: 10.5.17`
		2eb3de	`%define fedora_release 4`
		2eb3de	`%define fedora_stage 0`
		2eb3de	`#%define default_release %{fedora_release}.%{fedora_stage}`
		2eb3de	`%define default_release %{fedora_release}`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?use_pki_release}`
		2eb3de	`Release: %{pki_release}%{?dist}`
		2eb3de	`%else`
		2eb3de	`Release: %{default_release}%{?dist}`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`Summary: Certificate System - PKI Core Components`
		2eb3de	`URL: http://pki.fedoraproject.org/`
		2eb3de	`License: GPLv2`
		2eb3de	`Group: System Environment/Daemons`
		2eb3de
		2eb3de	`BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)`
		2eb3de
		2eb3de	`BuildRequires: cmake >= 2.8.9-1`
		2eb3de	`BuildRequires: gcc-c++`
		2eb3de	`BuildRequires: zip`
		2eb3de	`BuildRequires: java-1.8.0-openjdk-devel`
		2eb3de	`BuildRequires: redhat-rpm-config`
		2eb3de	`BuildRequires: ldapjdk >= 4.19-5`
		2eb3de	`BuildRequires: apache-commons-cli`
		2eb3de	`BuildRequires: apache-commons-codec`
		2eb3de	`BuildRequires: apache-commons-io`
		2eb3de	`BuildRequires: apache-commons-lang`
		2eb3de	`BuildRequires: jakarta-commons-httpclient`
		2eb3de	`BuildRequires: slf4j`
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`BuildRequires: slf4j-jdk14`
		2eb3de	`%endif`
		2eb3de	`BuildRequires: nspr-devel`
		2eb3de	`BuildRequires: nss-devel >= 3.28.3`
		2eb3de
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`BuildRequires: nuxwdog-client-java >= 1.0.5-1`
		2eb3de	`%else`
		2eb3de	`BuildRequires: nuxwdog-client-java >= 1.0.3-14`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`BuildRequires: openldap-devel`
		2eb3de	`BuildRequires: pkgconfig`
		2eb3de	`BuildRequires: policycoreutils`
		2eb3de	`BuildRequires: python-lxml`
		2eb3de	`BuildRequires: python-sphinx`
		2eb3de	`BuildRequires: velocity`
		2eb3de	`BuildRequires: xalan-j2`
		2eb3de	`BuildRequires: xerces-j2`
		2eb3de
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`# 'resteasy-base' is a subset of the complete set of`
		2eb3de	`# 'resteasy' packages and consists of what is needed to`
		2eb3de	`# support the PKI Restful interface on certain RHEL platforms`
		2eb3de	`BuildRequires: resteasy-base-atom-provider >= 3.0.6-1`
		2eb3de	`BuildRequires: resteasy-base-client >= 3.0.6-1`
		2eb3de	`BuildRequires: resteasy-base-jaxb-provider >= 3.0.6-1`
		2eb3de	`BuildRequires: resteasy-base-jaxrs >= 3.0.6-1`
		2eb3de	`BuildRequires: resteasy-base-jaxrs-api >= 3.0.6-1`
		2eb3de	`BuildRequires: resteasy-base-jackson-provider >= 3.0.6-1`
		2eb3de	`%else`
		2eb3de	`BuildRequires: jboss-annotations-1.2-api`
		2eb3de	`BuildRequires: jboss-jaxrs-2.0-api`
		2eb3de	`BuildRequires: jboss-logging`
		2eb3de	`BuildRequires: resteasy-atom-provider >= 3.0.17-1`
		2eb3de	`BuildRequires: resteasy-client >= 3.0.17-1`
		2eb3de	`BuildRequires: resteasy-jaxb-provider >= 3.0.17-1`
		2eb3de	`BuildRequires: resteasy-core >= 3.0.17-1`
		2eb3de	`BuildRequires: resteasy-jackson-provider >= 3.0.17-1`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`BuildRequires: pylint`
		2eb3de	`BuildRequires: python-flake8 >= 2.5.4`
		2eb3de	`BuildRequires: python3-flake8 >= 2.5.4`
		2eb3de	`# python-flake8 2.5.4 package should require pyflakes >= 1.2.3`
		2eb3de	`BuildRequires: pyflakes >= 1.2.3`
		2eb3de	`# python3-flake8 2.5.4 package should require python3-pyflakes >= 1.2.3`
		2eb3de	`BuildRequires: python3-pyflakes >= 1.2.3`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`BuildRequires: python2-cryptography`
		2eb3de	`BuildRequires: python-nss`
		2eb3de	`BuildRequires: python-requests >= 2.6.0`
		2eb3de	`BuildRequires: python-six`
		2eb3de	`BuildRequires: libselinux-python`
		2eb3de	`BuildRequires: policycoreutils-python`
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`BuildRequires: policycoreutils-python-utils`
		2eb3de	`%endif`
		2eb3de	`BuildRequires: python-ldap`
		2eb3de	`BuildRequires: junit`
		2eb3de	`BuildRequires: jpackage-utils >= 0:1.7.5-10`
		2eb3de	`BuildRequires: jss >= 4.4.7-1`
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`BuildRequires: tomcatjss >= 7.2.5-1`
		2eb3de	`%else`
		2eb3de	`BuildRequires: tomcatjss >= 7.2.4-4`
		2eb3de	`%endif`
		2eb3de	`BuildRequires: systemd-units`
		2eb3de
		2eb3de	`%if 0%{?with_python3}`
		2eb3de	`BuildRequires: python3-cryptography`
		2eb3de	`BuildRequires: python3-devel`
		2eb3de	`BuildRequires: python3-lxml`
		2eb3de	`BuildRequires: python3-nss`
		2eb3de	`BuildRequires: python3-pyldap`
		2eb3de	`BuildRequires: python3-requests >= 2.6.0`
		2eb3de	`BuildRequires: python3-six`
		2eb3de	`%endif # with_python3`
		2eb3de	`BuildRequires: python-devel`
		2eb3de
		2eb3de	`# additional build requirements needed to build native 'tpsclient'`
		2eb3de	`# REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app`
		2eb3de	`BuildRequires: apr-devel`
		2eb3de	`BuildRequires: apr-util-devel`
		2eb3de	`BuildRequires: cyrus-sasl-devel`
		2eb3de	`BuildRequires: httpd-devel >= 2.4.2`
		2eb3de	`BuildRequires: pcre-devel`
		2eb3de	`BuildRequires: python`
		2eb3de	`BuildRequires: systemd`
		2eb3de	`BuildRequires: zlib`
		2eb3de	`BuildRequires: zlib-devel`
		2eb3de
		2eb3de	`%if 0%{?rhel}`
		2eb3de	`# NOTE: In the future, as a part of its path, this URL will contain a release`
		2eb3de	`# directory which consists of the fixed number of the upstream release`
		2eb3de	`# upon which this tarball was originally based.`
		2eb3de	`Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{version}/%{release}/rhel/%{name}-%{version}%{?prerel}.tar.gz`
		2eb3de	`%else`
		2eb3de	`Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{version}/%{release}/%{name}-%{version}%{?prerel}.tar.gz`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`Patch0: pki-core-rhel-7-8-rhcs-9-6-alpha.patch`
		2eb3de	`Patch1: pki-core-rhel-7-8-rhcs-9-6-beta.patch`
		2eb3de
		2eb3de	`# Obtain version phase number (e. g. - used by "alpha", "beta", etc.)`
		2eb3de	`#`
		2eb3de	`# NOTE: For "alpha" releases, will be ".a1", ".a2", etc.`
		2eb3de	`# For "beta" releases, will be ".b1", ".b2", etc.`
		2eb3de	`#`
		2eb3de	%define version_phase "%(echo `echo %{version} \| awk -F. '{ print $4 }'`)"
		2eb3de
		2eb3de	`%global saveFileContext() \`
		2eb3de	`if [ -s /etc/selinux/config ]; then \`
		2eb3de	`. %{_sysconfdir}/selinux/config; \`
		2eb3de	`FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \`
		2eb3de	`if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \`
		2eb3de	`cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \`
		2eb3de	`fi \`
		2eb3de	`fi;`
		2eb3de
		2eb3de	`%global relabel() \`
		2eb3de	`. %{_sysconfdir}/selinux/config; \`
		2eb3de	`FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \`
		2eb3de	`selinuxenabled; \`
		2eb3de	`if [ $? == 0 -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \`
		2eb3de	`fixfiles -C ${FILE_CONTEXT}.%{name} restore; \`
		2eb3de	`rm -f ${FILE_CONTEXT}.%name; \`
		2eb3de	`fi;`
		2eb3de
		2eb3de	`%global overview \`
		2eb3de	`================================== \`
		2eb3de	`\|\| ABOUT "CERTIFICATE SYSTEM" \|\| \`
		2eb3de	`================================== \`
		2eb3de	`\`
		2eb3de	`Certificate System (CS) is an enterprise software system designed \`
		2eb3de	`to manage enterprise Public Key Infrastructure (PKI) deployments. \`
		2eb3de	`\`
		2eb3de	`PKI Core contains ALL top-level java-based Tomcat PKI components: \`
		2eb3de	`\`
		2eb3de	`* pki-symkey \`
		2eb3de	`* pki-base \`
		2eb3de	`* pki-base-python2 (alias for pki-base) \`
		2eb3de	`* pki-base-python3 \`
		2eb3de	`* pki-base-java \`
		2eb3de	`* pki-tools \`
		2eb3de	`* pki-server \`
		2eb3de	`* pki-ca \`
		2eb3de	`* pki-kra \`
		2eb3de	`* pki-ocsp \`
		2eb3de	`* pki-tks \`
		2eb3de	`* pki-tps \`
		2eb3de	`* pki-javadoc \`
		2eb3de	`\`
		2eb3de	`which comprise the following corresponding PKI subsystems: \`
		2eb3de	`\`
		2eb3de	`* Certificate Authority (CA) \`
		2eb3de	`* Key Recovery Authority (KRA) \`
		2eb3de	`* Online Certificate Status Protocol (OCSP) Manager \`
		2eb3de	`* Token Key Service (TKS) \`
		2eb3de	`* Token Processing Service (TPS) \`
		2eb3de	`\`
		2eb3de	`Python clients need only install the pki-base package. This \`
		2eb3de	`package contains the python REST client packages and the client \`
		2eb3de	`upgrade framework. \`
		2eb3de	`\`
		2eb3de	`Java clients should install the pki-base-java package. This package \`
		2eb3de	`contains the legacy and REST Java client packages. These clients \`
		2eb3de	`should also consider installing the pki-tools package, which contain \`
		2eb3de	`native and Java-based PKI tools and utilities. \`
		2eb3de	`\`
		2eb3de	`Certificate Server instances require the fundamental classes and \`
		2eb3de	`modules in pki-base and pki-base-java, as well as the utilities in \`
		2eb3de	`pki-tools. The main server classes are in pki-server, with subsystem \`
		2eb3de	`specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. \`
		2eb3de	`\`
		2eb3de	`Finally, if Certificate System is being deployed as an individual or \`
		2eb3de	`set of standalone rather than embedded server(s)/service(s), it is \`
		2eb3de	`strongly recommended (though not explicitly required) to include at \`
		2eb3de	`least one PKI Theme package: \`
		2eb3de	`\`
		2eb3de	`* dogtag-pki-theme (Dogtag Certificate System deployments) \`
		2eb3de	`* dogtag-pki-server-theme \`
		2eb3de	`* redhat-pki-server-theme (Red Hat Certificate System deployments) \`
		2eb3de	`* redhat-pki-server-theme \`
		2eb3de	`* customized pki theme (Customized Certificate System deployments) \`
		2eb3de	`* <customized>-pki-server-theme \`
		2eb3de	`\`
		2eb3de	`NOTE: As a convenience for standalone deployments, top-level meta \`
		2eb3de	`packages may be provided which bind a particular theme to \`
		2eb3de	`these certificate server packages. \`
		2eb3de	`\`
		2eb3de	`%{nil}`
		2eb3de
		2eb3de	`%description %{overview}`
		2eb3de
		2eb3de
		2eb3de	`%package -n pki-symkey`
		2eb3de	`Summary: Symmetric Key JNI Package`
		2eb3de	`Group: System Environment/Libraries`
		2eb3de
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`Requires: jpackage-utils >= 0:1.7.5-10`
		2eb3de	`Requires: jss >= 4.4.7-1`
		2eb3de	`Requires: nss >= 3.28.3`
		2eb3de
		2eb3de	`Provides: symkey = %{version}-%{release}`
		2eb3de
		2eb3de	`Obsoletes: symkey < %{version}-%{release}`
		2eb3de
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`## Because RHCS 9.0 does not run on RHEL 7.3+, obsolete all`
		2eb3de	`## RHCS 9.0 packages that can be replaced by RHCS 9.1 packages:`
		2eb3de	`# pki-console`
		2eb3de	`Obsoletes: pki-console < 10.3.0`
		2eb3de	`# pki-core`
		2eb3de	`Obsoletes: pki-core-debug = 10.2.6`
		2eb3de	`Obsoletes: pki-ocsp < 10.3.0`
		2eb3de	`Obsoletes: pki-tks < 10.3.0`
		2eb3de	`Obsoletes: pki-tps < 10.3.0`
		2eb3de	`# redhat-pki`
		2eb3de	`Obsoletes: redhat-pki < 10.3.0`
		2eb3de	`# redhat-pki-theme`
		2eb3de	`Obsoletes: redhat-pki-console-theme < 10.3.0`
		2eb3de	`Obsoletes: redhat-pki-server-theme < 10.3.0`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%description -n pki-symkey`
		2eb3de	`The Symmetric Key Java Native Interface (JNI) package supplies various native`
		2eb3de	`symmetric key operations to Java programs.`
		2eb3de
		2eb3de	`This package is a part of the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de
		2eb3de	`%package -n pki-base`
		2eb3de	`Summary: Certificate System - PKI Framework`
		2eb3de	`Group: System Environment/Base`
		2eb3de
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Provides: pki-common = %{version}-%{release}`
		2eb3de	`Provides: pki-util = %{version}-%{release}`
		2eb3de	`Provides: pki-base-python2 = %{version}-%{release}`
		2eb3de
		2eb3de	`Obsoletes: pki-common < %{version}-%{release}`
		2eb3de	`Obsoletes: pki-util < %{version}-%{release}`
		2eb3de
		2eb3de	`Conflicts: freeipa-server < 3.0.0`
		2eb3de
		2eb3de	`Requires: nss >= 3.28.3`
		2eb3de	`Requires: python2-cryptography`
		2eb3de	`Requires: python-nss`
		2eb3de	`Requires: python-requests >= 2.6.0`
		2eb3de	`Requires: python-six`
		2eb3de
		2eb3de	`%description -n pki-base`
		2eb3de	`The PKI Framework contains the common and client libraries and utilities`
		2eb3de	`written in Python. This package is a part of the PKI Core used by the`
		2eb3de	`Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de	`%package -n pki-base-java`
		2eb3de	`Summary: Certificate System - Java Framework`
		2eb3de	`Group: System Environment/Base`
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`Requires: apache-commons-cli`
		2eb3de	`Requires: apache-commons-codec`
		2eb3de	`Requires: apache-commons-io`
		2eb3de	`Requires: apache-commons-lang`
		2eb3de	`Requires: apache-commons-logging`
		2eb3de	`Requires: jakarta-commons-httpclient`
		2eb3de	`Requires: slf4j`
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`Requires: slf4j-jdk14`
		2eb3de	`%endif`
		2eb3de	`Requires: javassist`
		2eb3de	`Requires: jpackage-utils >= 0:1.7.5-10`
		2eb3de	`Requires: jss >= 4.4.7-1`
		2eb3de	`Requires: ldapjdk >= 4.19-5`
		2eb3de	`Requires: pki-base = %{version}-%{release}`
		2eb3de
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`# 'resteasy-base' is a subset of the complete set of`
		2eb3de	`# 'resteasy' packages and consists of what is needed to`
		2eb3de	`# support the PKI Restful interface on certain RHEL platforms`
		2eb3de	`Requires: resteasy-base-atom-provider >= 3.0.6-1`
		2eb3de	`Requires: resteasy-base-client >= 3.0.6-1`
		2eb3de	`Requires: resteasy-base-jaxb-provider >= 3.0.6-1`
		2eb3de	`Requires: resteasy-base-jaxrs >= 3.0.6-1`
		2eb3de	`Requires: resteasy-base-jaxrs-api >= 3.0.6-1`
		2eb3de	`Requires: resteasy-base-jackson-provider >= 3.0.6-1`
		2eb3de	`%else`
		2eb3de	`Requires: resteasy-atom-provider >= 3.0.17-1`
		2eb3de	`Requires: resteasy-client >= 3.0.17-1`
		2eb3de	`Requires: resteasy-jaxb-provider >= 3.0.17-1`
		2eb3de	`Requires: resteasy-core >= 3.0.17-1`
		2eb3de	`Requires: resteasy-jackson-provider >= 3.0.17-1`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`Requires: xalan-j2`
		2eb3de	`Requires: xerces-j2`
		2eb3de	`Requires: xml-commons-apis`
		2eb3de	`Requires: xml-commons-resolver`
		2eb3de
		2eb3de	`%description -n pki-base-java`
		2eb3de	`The PKI Framework contains the common and client libraries and utilities`
		2eb3de	`written in Java. This package is a part of the PKI Core used by the`
		2eb3de	`Certificate System.`
		2eb3de
		2eb3de	`This package is a part of the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de	`%if 0%{?with_python3}`
		2eb3de
		2eb3de	`%package -n pki-base-python3`
		2eb3de	`Summary: Certificate System - PKI Framework`
		2eb3de	`Group: System Environment/Base`
		2eb3de
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Requires: pki-base = %{version}-%{release}`
		2eb3de
		2eb3de	`Requires: python3-cryptography`
		2eb3de	`Requires: python3-lxml`
		2eb3de	`Requires: python3-nss`
		2eb3de	`Requires: python3-requests >= 2.6.0`
		2eb3de	`Requires: python3-six`
		2eb3de
		2eb3de	`%description -n pki-base-python3`
		2eb3de	`This package contains PKI client library for Python 3.`
		2eb3de
		2eb3de	`This package is a part of the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de	`%endif # with_python3 for python3-pki`
		2eb3de
		2eb3de	`%package -n pki-tools`
		2eb3de	`Summary: Certificate System - PKI Tools`
		2eb3de	`Group: System Environment/Base`
		2eb3de
		2eb3de	`Provides: pki-native-tools = %{version}-%{release}`
		2eb3de	`Provides: pki-java-tools = %{version}-%{release}`
		2eb3de
		2eb3de	`Obsoletes: pki-native-tools < %{version}-%{release}`
		2eb3de	`Obsoletes: pki-java-tools < %{version}-%{release}`
		2eb3de
		2eb3de	`Requires: openldap-clients`
		2eb3de	`Requires: nss-tools >= 3.28.3`
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`Requires: pki-base = %{version}-%{release}`
		2eb3de	`Requires: pki-base-java = %{version}-%{release}`
		2eb3de	`Requires: jpackage-utils >= 0:1.7.5-10`
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`Requires: tomcat-servlet-3.1-api`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%description -n pki-tools`
		2eb3de	`This package contains PKI executables that can be used to help make`
		2eb3de	`Certificate System into a more complete and robust PKI solution.`
		2eb3de
		2eb3de	`This package is a part of the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de
		2eb3de	`%if %{with server}`
		2eb3de
		2eb3de	`%package -n pki-server`
		2eb3de	`Summary: Certificate System - PKI Server Framework`
		2eb3de	`Group: System Environment/Base`
		2eb3de
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Provides: pki-deploy = %{version}-%{release}`
		2eb3de	`Provides: pki-setup = %{version}-%{release}`
		2eb3de	`Provides: pki-silent = %{version}-%{release}`
		2eb3de
		2eb3de	`Obsoletes: pki-deploy < %{version}-%{release}`
		2eb3de	`Obsoletes: pki-setup < %{version}-%{release}`
		2eb3de	`Obsoletes: pki-silent < %{version}-%{release}`
		2eb3de
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`Requires: hostname`
		2eb3de	`Requires: net-tools`
		2eb3de
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`Requires: nuxwdog-client-java >= 1.0.5-1`
		2eb3de	`%else`
		2eb3de	`Requires: nuxwdog-client-java >= 1.0.3-14`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`Requires: policycoreutils`
		2eb3de	`Requires: procps-ng`
		2eb3de	`Requires: openldap-clients`
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`Requires: openssl >= 1.0.2k-11`
		2eb3de	`%else`
		2eb3de	`Requires: openssl`
		2eb3de	`%endif`
		2eb3de	`Requires: pki-base = %{version}-%{release}`
		2eb3de	`Requires: pki-base-java = %{version}-%{release}`
		2eb3de	`Requires: pki-tools = %{version}-%{release}`
		2eb3de	`Requires: python-ldap`
		2eb3de	`Requires: python-lxml`
		2eb3de	`Requires: libselinux-python`
		2eb3de	`Requires: policycoreutils-python`
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`Requires: policycoreutils-python-utils`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`Requires: selinux-policy-targeted >= 3.13.1-159`
		2eb3de	`Obsoletes: pki-selinux`
		2eb3de
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`Requires: tomcat >= 7.0.69`
		2eb3de	`%else`
		2eb3de	`Requires: tomcat >= 7.0.68`
		2eb3de	`Requires: tomcat-el-3.0-api`
		2eb3de	`Requires: tomcat-jsp-2.3-api`
		2eb3de	`Requires: tomcat-servlet-3.1-api`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`Requires: velocity`
		2eb3de	`Requires(post): systemd-units`
		2eb3de	`Requires(preun): systemd-units`
		2eb3de	`Requires(postun): systemd-units`
		2eb3de	`Requires(pre): shadow-utils`
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`Requires: tomcatjss >= 7.2.5-1`
		2eb3de	`%else`
		2eb3de	`Requires: tomcatjss >= 7.2.4-4`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de	`## Because RHCS 9.0 does not run on RHEL 7.3+, obsolete all`
		2eb3de	`## RHCS 9.0 packages that can be replaced by RHCS 9.1 packages:`
		2eb3de	`# pki-console`
		2eb3de	`Obsoletes: pki-console < 10.3.0`
		2eb3de	`# pki-core`
		2eb3de	`Obsoletes: pki-core-debug = 10.2.6`
		2eb3de	`Obsoletes: pki-ocsp < 10.3.0`
		2eb3de	`Obsoletes: pki-tks < 10.3.0`
		2eb3de	`Obsoletes: pki-tps < 10.3.0`
		2eb3de	`# redhat-pki`
		2eb3de	`Obsoletes: redhat-pki < 10.3.0`
		2eb3de	`# redhat-pki-theme`
		2eb3de	`Obsoletes: redhat-pki-console-theme < 10.3.0`
		2eb3de	`Obsoletes: redhat-pki-server-theme < 10.3.0`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%description -n pki-server`
		2eb3de	`The PKI Server Framework is required by the following four PKI subsystems:`
		2eb3de
		2eb3de	`the Certificate Authority (CA),`
		2eb3de	`the Key Recovery Authority (KRA),`
		2eb3de	`the Online Certificate Status Protocol (OCSP) Manager,`
		2eb3de	`the Token Key Service (TKS), and`
		2eb3de	`the Token Processing Service (TPS).`
		2eb3de
		2eb3de	`This package is a part of the PKI Core used by the Certificate System.`
		2eb3de	`The package contains scripts to create and remove PKI subsystems.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de	`%package -n pki-ca`
		2eb3de	`Summary: Certificate System - Certificate Authority`
		2eb3de	`Group: System Environment/Daemons`
		2eb3de
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`Requires: pki-server = %{version}-%{release}`
		2eb3de	`Requires(post): systemd-units`
		2eb3de	`Requires(preun): systemd-units`
		2eb3de	`Requires(postun): systemd-units`
		2eb3de
		2eb3de	`%description -n pki-ca`
		2eb3de	`The Certificate Authority (CA) is a required PKI subsystem which issues,`
		2eb3de	`renews, revokes, and publishes certificates as well as compiling and`
		2eb3de	`publishing Certificate Revocation Lists (CRLs).`
		2eb3de
		2eb3de	`The Certificate Authority can be configured as a self-signing Certificate`
		2eb3de	`Authority, where it is the root CA, or it can act as a subordinate CA,`
		2eb3de	`where it obtains its own signing certificate from a public CA.`
		2eb3de
		2eb3de	`This package is one of the top-level java-based Tomcat PKI subsystems`
		2eb3de	`provided by the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de
		2eb3de	`%package -n pki-kra`
		2eb3de	`Summary: Certificate System - Key Recovery Authority`
		2eb3de	`Group: System Environment/Daemons`
		2eb3de
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`Requires: pki-server = %{version}-%{release}`
		2eb3de	`Requires(post): systemd-units`
		2eb3de	`Requires(preun): systemd-units`
		2eb3de	`Requires(postun): systemd-units`
		2eb3de
		2eb3de	`%description -n pki-kra`
		2eb3de	`The Key Recovery Authority (KRA) is an optional PKI subsystem that can act`
		2eb3de	`as a key archival facility. When configured in conjunction with the`
		2eb3de	`Certificate Authority (CA), the KRA stores private encryption keys as part of`
		2eb3de	`the certificate enrollment process. The key archival mechanism is triggered`
		2eb3de	`when a user enrolls in the PKI and creates the certificate request. Using the`
		2eb3de	`Certificate Request Message Format (CRMF) request format, a request is`
		2eb3de	`generated for the user's private encryption key. This key is then stored in`
		2eb3de	`the KRA which is configured to store keys in an encrypted format that can only`
		2eb3de	`be decrypted by several agents requesting the key at one time, providing for`
		2eb3de	`protection of the public encryption keys for the users in the PKI deployment.`
		2eb3de
		2eb3de	`Note that the KRA archives encryption keys; it does NOT archive signing keys,`
		2eb3de	`since such archival would undermine non-repudiation properties of signing keys.`
		2eb3de
		2eb3de	`This package is one of the top-level java-based Tomcat PKI subsystems`
		2eb3de	`provided by the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de
		2eb3de	`%package -n pki-ocsp`
		2eb3de	`Summary: Certificate System - Online Certificate Status Protocol Manager`
		2eb3de	`Group: System Environment/Daemons`
		2eb3de
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`Requires: pki-server = %{version}-%{release}`
		2eb3de	`%else`
		2eb3de	`Requires: pki-server >= %{pki_core_rhel_version}`
		2eb3de	`%endif`
		2eb3de	`Requires(post): systemd-units`
		2eb3de	`Requires(preun): systemd-units`
		2eb3de	`Requires(postun): systemd-units`
		2eb3de
		2eb3de	`%description -n pki-ocsp`
		2eb3de	`The Online Certificate Status Protocol (OCSP) Manager is an optional PKI`
		2eb3de	`subsystem that can act as a stand-alone OCSP service. The OCSP Manager`
		2eb3de	`performs the task of an online certificate validation authority by enabling`
		2eb3de	`OCSP-compliant clients to do real-time verification of certificates. Note`
		2eb3de	`that an online certificate-validation authority is often referred to as an`
		2eb3de	`OCSP Responder.`
		2eb3de
		2eb3de	`Although the Certificate Authority (CA) is already configured with an`
		2eb3de	`internal OCSP service. An external OCSP Responder is offered as a separate`
		2eb3de	`subsystem in case the user wants the OCSP service provided outside of a`
		2eb3de	`firewall while the CA resides inside of a firewall, or to take the load of`
		2eb3de	`requests off of the CA.`
		2eb3de
		2eb3de	`The OCSP Manager can receive Certificate Revocation Lists (CRLs) from`
		2eb3de	`multiple CA servers, and clients can query the OCSP Manager for the`
		2eb3de	`revocation status of certificates issued by all of these CA servers.`
		2eb3de
		2eb3de	`When an instance of OCSP Manager is set up with an instance of CA, and`
		2eb3de	`publishing is set up to this OCSP Manager, CRLs are published to it`
		2eb3de	`whenever they are issued or updated.`
		2eb3de
		2eb3de	`This package is one of the top-level java-based Tomcat PKI subsystems`
		2eb3de	`provided by the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de
		2eb3de	`%package -n pki-tks`
		2eb3de	`Summary: Certificate System - Token Key Service`
		2eb3de	`Group: System Environment/Daemons`
		2eb3de
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`Requires: pki-server = %{version}-%{release}`
		2eb3de	`Requires: pki-symkey = %{version}-%{release}`
		2eb3de	`%else`
		2eb3de	`Requires: pki-server >= %{pki_core_rhel_version}`
		2eb3de	`Requires: pki-symkey >= %{pki_core_rhel_version}`
		2eb3de	`%endif`
		2eb3de	`Requires(post): systemd-units`
		2eb3de	`Requires(preun): systemd-units`
		2eb3de	`Requires(postun): systemd-units`
		2eb3de
		2eb3de	`%description -n pki-tks`
		2eb3de	`The Token Key Service (TKS) is an optional PKI subsystem that manages the`
		2eb3de	`master key(s) and the transport key(s) required to generate and distribute`
		2eb3de	`keys for hardware tokens. TKS provides the security between tokens and an`
		2eb3de	`instance of Token Processing System (TPS), where the security relies upon the`
		2eb3de	`relationship between the master key and the token keys. A TPS communicates`
		2eb3de	`with a TKS over SSL using client authentication.`
		2eb3de
		2eb3de	`TKS helps establish a secure channel (signed and encrypted) between the token`
		2eb3de	`and the TPS, provides proof of presence of the security token during`
		2eb3de	`enrollment, and supports key changeover when the master key changes on the`
		2eb3de	`TKS. Tokens with older keys will get new token keys.`
		2eb3de
		2eb3de	`Because of the sensitivity of the data that TKS manages, TKS should be set up`
		2eb3de	`behind the firewall with restricted access.`
		2eb3de
		2eb3de	`This package is one of the top-level java-based Tomcat PKI subsystems`
		2eb3de	`provided by the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de
		2eb3de	`%package -n pki-tps`
		2eb3de	`Summary: Certificate System - Token Processing Service`
		2eb3de	`Group: System Environment/Daemons`
		2eb3de
		2eb3de	`Provides: pki-tps-tomcat`
		2eb3de	`Provides: pki-tps-client`
		2eb3de
		2eb3de	`Obsoletes: pki-tps-tomcat`
		2eb3de	`Obsoletes: pki-tps-client`
		2eb3de
		2eb3de	`Requires: java-1.8.0-openjdk-headless`
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`Requires: pki-server = %{version}-%{release}`
		2eb3de	`%else`
		2eb3de	`Requires: pki-server >= %{pki_core_rhel_version}`
		2eb3de	`%endif`
		2eb3de	`Requires(post): systemd-units`
		2eb3de	`Requires(preun): systemd-units`
		2eb3de	`Requires(postun): systemd-units`
		2eb3de
		2eb3de	`# additional runtime requirements needed to run native 'tpsclient'`
		2eb3de	`# REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app`
		2eb3de
		2eb3de	`Requires: nss-tools >= 3.28.3`
		2eb3de	`Requires: openldap-clients`
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`Requires: pki-symkey = %{version}-%{release}`
		2eb3de	`%else`
		2eb3de	`Requires: pki-symkey >= %{pki_core_rhel_version}`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%description -n pki-tps`
		2eb3de	`The Token Processing System (TPS) is an optional PKI subsystem that acts`
		2eb3de	`as a Registration Authority (RA) for authenticating and processing`
		2eb3de	`enrollment requests, PIN reset requests, and formatting requests from`
		2eb3de	`the Enterprise Security Client (ESC).`
		2eb3de
		2eb3de	`TPS is designed to communicate with tokens that conform to`
		2eb3de	`Global Platform's Open Platform Specification.`
		2eb3de
		2eb3de	`TPS communicates over SSL with various PKI backend subsystems (including`
		2eb3de	`the Certificate Authority (CA), the Key Recovery Authority (KRA), and the`
		2eb3de	`Token Key Service (TKS)) to fulfill the user's requests.`
		2eb3de
		2eb3de	`TPS also interacts with the token database, an LDAP server that stores`
		2eb3de	`information about individual tokens.`
		2eb3de
		2eb3de	`The utility "tpsclient" is a test tool that interacts with TPS. This`
		2eb3de	`tool is useful to test TPS server configs without risking an actual`
		2eb3de	`smart card.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de
		2eb3de	`%package -n pki-javadoc`
		2eb3de	`Summary: Certificate System - PKI Framework Javadocs`
		2eb3de	`Group: Documentation`
		2eb3de
		2eb3de	`BuildArch: noarch`
		2eb3de
		2eb3de	`Provides: pki-util-javadoc = %{version}-%{release}`
		2eb3de	`Provides: pki-java-tools-javadoc = %{version}-%{release}`
		2eb3de	`Provides: pki-common-javadoc = %{version}-%{release}`
		2eb3de
		2eb3de	`Obsoletes: pki-util-javadoc < %{version}-%{release}`
		2eb3de	`Obsoletes: pki-java-tools-javadoc < %{version}-%{release}`
		2eb3de	`Obsoletes: pki-common-javadoc < %{version}-%{release}`
		2eb3de
		2eb3de	`%description -n pki-javadoc`
		2eb3de	`This documentation pertains exclusively to version %{version} of`
		2eb3de	`the PKI Framework and Tools.`
		2eb3de
		2eb3de	`This package is a part of the PKI Core used by the Certificate System.`
		2eb3de
		2eb3de	`%{overview}`
		2eb3de
		2eb3de	`%endif # %{with server}`
		2eb3de
		2eb3de
		2eb3de	`%prep`
		2eb3de	`%setup -q -n %{name}-%{version}%{?prerel}`
		2eb3de
		2eb3de	`%patch0 -p1`
		2eb3de	`%patch1 -p1`
		2eb3de
		2eb3de	`%clean`
		2eb3de	`%{__rm} -rf %{buildroot}`
		2eb3de
		2eb3de	`%build`
		2eb3de	`%{__mkdir_p} build`
		2eb3de	`cd build`
		2eb3de	`%cmake \`
		2eb3de	`--no-warn-unused-cli \`
		2eb3de	`-DVERSION=%{version}-%{release} \`
		2eb3de	`-DVAR_INSTALL_DIR:PATH=/var \`
		2eb3de	`-DBUILD_PKI_CORE:BOOL=ON \`
		2eb3de	`-DJAVA_HOME=%{java_home} \`
		2eb3de	`-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \`
		2eb3de	`-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \`
		2eb3de	`%if %{version_phase}`
		2eb3de	`-DAPPLICATION_VERSION_PHASE="%{version_phase}" \`
		2eb3de	`%endif`
		2eb3de	`%if ! %{with_tomcat7}`
		2eb3de	`-DWITH_TOMCAT7:BOOL=OFF \`
		2eb3de	`%endif`
		2eb3de	`%if ! %{with_tomcat8}`
		2eb3de	`-DWITH_TOMCAT8:BOOL=OFF \`
		2eb3de	`%endif`
		2eb3de	`-DJAXRS_API_JAR=%{jaxrs_api_jar} \`
		2eb3de	`-DRESTEASY_LIB=%{resteasy_lib} \`
		2eb3de	`%if ! %{with server}`
		2eb3de	`-DWITH_SERVER:BOOL=OFF \`
		2eb3de	`%endif`
		2eb3de	`%if ! %{with server}`
		2eb3de	`-DWITH_SERVER:BOOL=OFF \`
		2eb3de	`%endif`
		2eb3de	`%if ! %{with javadoc}`
		2eb3de	`-DWITH_JAVADOC:BOOL=OFF \`
		2eb3de	`%endif`
		2eb3de	`..`
		2eb3de
		2eb3de	`%install`
		2eb3de
		2eb3de	`cd build`
		2eb3de
		2eb3de	`# Do not use _smp_mflags to preserve build order`
		2eb3de	`%{__make} \`
		2eb3de	`VERBOSE=%{?_verbose} \`
		2eb3de	`CMAKE_NO_VERBOSE=1 \`
		2eb3de	`DESTDIR=%{buildroot} \`
		2eb3de	`INSTALL="install -p" \`
		2eb3de	`--no-print-directory \`
		2eb3de	`all unit-test install`
		2eb3de
		2eb3de	`# Create symlinks for admin console (TPS does not use admin console)`
		2eb3de	`for subsystem in ca kra ocsp tks; do`
		2eb3de	`%{__mkdir_p} %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/admin`
		2eb3de	`ln -s %{_datadir}/pki/server/webapps/pki/admin/console %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/admin`
		2eb3de	`done`
		2eb3de
		2eb3de	`# Create compatibility symlink for DRMTool -> KRATool`
		2eb3de	`ln -s %{_bindir}/KRATool %{buildroot}%{_bindir}/DRMTool`
		2eb3de	`# Create compatibility symlink for DRMTool.cfg -> KRATool.cfg`
		2eb3de	`ln -s %{_datadir}/pki/java-tools/KRATool.cfg %{buildroot}%{_datadir}/pki/java-tools/DRMTool.cfg`
		2eb3de	`# Create compatibility symlink for DRMTool.1.gz -> KRATool.1.gz`
		2eb3de	`ln -s %{_mandir}/man1/KRATool.1.gz %{buildroot}%{_mandir}/man1/DRMTool.1.gz`
		2eb3de
		2eb3de	`# Customize client library links in /usr/share/pki/lib`
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`rm -f %{buildroot}%{_datadir}/pki/lib/scannotation.jar`
		2eb3de	`rm -f %{buildroot}%{_datadir}/pki/lib/resteasy-jaxrs-api.jar`
		2eb3de	`rm -f %{buildroot}%{_datadir}/pki/lib/resteasy-jaxrs-jandex.jar`
		2eb3de	`ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/lib/jboss-jaxrs-2.0-api.jar`
		2eb3de	`ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar`
		2eb3de	`ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar`
		2eb3de	`%else`
		2eb3de
		2eb3de	`if [ -f /etc/debian_version ]; then`
		2eb3de	`ln -sf /usr/share/java/httpclient.jar %{buildroot}%{_datadir}/pki/lib/httpclient.jar`
		2eb3de	`ln -sf /usr/share/java/httpcore.jar %{buildroot}%{_datadir}/pki/lib/httpcore.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-core-asl.jar %{buildroot}%{_datadir}/pki/lib/jackson-core-asl.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-jaxrs.jar %{buildroot}%{_datadir}/pki/lib/jackson-jaxrs.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-mapper-asl.jar %{buildroot}%{_datadir}/pki/lib/jackson-mapper-asl.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-mrbean.jar %{buildroot}%{_datadir}/pki/lib/jackson-mrbean.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-smile.jar %{buildroot}%{_datadir}/pki/lib/jackson-smile.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-xc.jar %{buildroot}%{_datadir}/pki/lib/jackson-xc.jar`
		2eb3de	`ln -sf /usr/share/java/jss4.jar %{buildroot}%{_datadir}/pki/lib/jss4.jar`
		2eb3de	`fi`
		2eb3de
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if %{with server}`
		2eb3de
		2eb3de	`# Customize server upgrade scripts in /usr/share/pki/server/upgrade`
		2eb3de	`%if 0%{?rhel} && 0%{?rhel} <= 7`
		2eb3de
		2eb3de	`# merge newer upgrade scripts into 10.3.3 for RHEL`
		2eb3de	`mv %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5/01-FixServerLibrary \`
		2eb3de	`%{buildroot}%{_datadir}/pki/server/upgrade/10.3.3/02-FixServerLibrary`
		2eb3de	`mv %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5/02-FixDeploymentDescriptor \`
		2eb3de	`%{buildroot}%{_datadir}/pki/server/upgrade/10.3.3/03-FixDeploymentDescriptor`
		2eb3de	`/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5`
		2eb3de
		2eb3de	`# merge newer upgrade scripts into 10.4.1 for RHEL`
		2eb3de	`%{__mkdir_p} %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1`
		2eb3de	`mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2/01-AddSessionAuthenticationPlugin \`
		2eb3de	`%{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/01-AddSessionAuthenticationPlugin`
		2eb3de	`mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2/02-AddKRAWrappingParams \`
		2eb3de	`%{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/02-AddKRAWrappingParams`
		2eb3de	`mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.6/01-UpdateKeepAliveTimeout \`
		2eb3de	`%{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/03-UpdateKeepAliveTimeout`
		2eb3de	`/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2`
		2eb3de	`/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.6`
		2eb3de
		2eb3de	`# merge newer upgrade scripts into 10.5.1 for RHEL 7.5`
		2eb3de	`%{__mkdir_p} %{buildroot}%{_datadir}/pki/server/upgrade/10.5.1`
		2eb3de	`mv %{buildroot}%{_datadir}/pki/server/upgrade/10.5.5/01-AddTPSExternalRegISEtokenParams \`
		2eb3de	`%{buildroot}%{_datadir}/pki/server/upgrade/10.5.1/01-AddTPSExternalRegISEtokenParams`
		2eb3de	`/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.5.5`
		2eb3de
		2eb3de	`# merge newer upgrade scripts into 10.5.9 for RHEL 7.6`
		2eb3de	`%{__mkdir_p} %{buildroot}%{_datadir}/pki/server/upgrade/10.5.9`
		2eb3de	`mv %{buildroot}%{_datadir}/pki/server/upgrade/10.5.14/01-UpdateAuditEvents \`
		2eb3de	`%{buildroot}%{_datadir}/pki/server/upgrade/10.5.9/01-UpdateAuditEvents`
		2eb3de	`/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.5.14`
		2eb3de
		2eb3de	`%endif`
		2eb3de
		2eb3de	`# Customize server library links in /usr/share/pki/server/common/lib`
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`rm -f %{buildroot}%{_datadir}/pki/server/common/lib/scannotation.jar`
		2eb3de	`rm -f %{buildroot}%{_datadir}/pki/server/common/lib/resteasy-jaxrs-api.jar`
		2eb3de	`ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar`
		2eb3de	`ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar`
		2eb3de	`ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar`
		2eb3de
		2eb3de	`%else`
		2eb3de
		2eb3de	`if [ -f /etc/debian_version ]; then`
		2eb3de	`ln -sf /usr/share/java/commons-collections3.jar %{buildroot}%{_datadir}/pki/server/common/lib/commons-collections.jar`
		2eb3de	`ln -sf /usr/share/java/httpclient.jar %{buildroot}%{_datadir}/pki/server/common/lib/httpclient.jar`
		2eb3de	`ln -sf /usr/share/java/httpcore.jar %{buildroot}%{_datadir}/pki/server/common/lib/httpcore.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-core-asl.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-core-asl.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-jaxrs.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-jaxrs.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-mapper-asl.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-mapper-asl.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-mrbean.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-mrbean.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-smile.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-smile.jar`
		2eb3de	`ln -sf /usr/share/java/jackson-xc.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-xc.jar`
		2eb3de	`ln -sf /usr/share/java/jss4.jar %{buildroot}%{_datadir}/pki/server/common/lib/jss4.jar`
		2eb3de	`ln -sf /usr/share/java/symkey.jar %{buildroot}%{_datadir}/pki/server/common/lib/symkey.jar`
		2eb3de	`ln -sf /usr/share/java/xercesImpl.jar %{buildroot}%{_datadir}/pki/server/common/lib/xerces-j2.jar`
		2eb3de	`ln -sf /usr/share/java/xml-apis.jar %{buildroot}%{_datadir}/pki/server/common/lib/xml-commons-apis.jar`
		2eb3de	`ln -sf /usr/share/java/xml-resolver.jar %{buildroot}%{_datadir}/pki/server/common/lib/xml-commons-resolver.jar`
		2eb3de	`fi`
		2eb3de
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`# Scanning the python code with pylint.`
		2eb3de	`%{__python2} ../pylint-build-scan.py rpm --prefix %{buildroot}`
		2eb3de	`if [ $? -ne 0 ]; then`
		2eb3de	`echo "pylint failed. RC: $?"`
		2eb3de	`exit 1`
		2eb3de	`fi`
		2eb3de
		2eb3de	`%{__python2} ../pylint-build-scan.py rpm --prefix %{buildroot} -- --py3k`
		2eb3de	`if [ $? -ne 0 ]; then`
		2eb3de	`echo "pylint --py3k failed. RC: $?"`
		2eb3de	`exit 1`
		2eb3de	`fi`
		2eb3de
		2eb3de	`flake8 --config ../tox.ini %{buildroot}`
		2eb3de	`if [ $? -ne 0 ]; then`
		2eb3de	`echo "flake8 for Python 2 failed. RC: $?"`
		2eb3de	`exit 1`
		2eb3de	`fi`
		2eb3de
		2eb3de	`python3-flake8 --config ../tox.ini %{buildroot}`
		2eb3de	`if [ $? -ne 0 ]; then`
		2eb3de	`echo "flake8 for Python 3 failed. RC: $?"`
		2eb3de	`exit 1`
		2eb3de	`fi`
		2eb3de
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%{__rm} -rf %{buildroot}%{_datadir}/pki/server/lib`
		2eb3de
		2eb3de	`%endif # %{with server}`
		2eb3de
		2eb3de	`%{__mkdir_p} %{buildroot}%{_localstatedir}/log/pki`
		2eb3de	`%{__mkdir_p} %{buildroot}%{_sharedstatedir}/pki`
		2eb3de
		2eb3de	`%if 0%{?fedora} \|\| 0%{?rhel} > 7`
		2eb3de	`%pretrans -n pki-base -p <lua>`
		2eb3de	`function test(a)`
		2eb3de	`if posix.stat(a) then`
		2eb3de	`for f in posix.files(a) do`
		2eb3de	`if f~=".." and f~="." then`
		2eb3de	`return true`
		2eb3de	`end`
		2eb3de	`end`
		2eb3de	`end`
		2eb3de	`return false`
		2eb3de	`end`
		2eb3de
		2eb3de	`if (test("/etc/sysconfig/pki/ca") or`
		2eb3de	`test("/etc/sysconfig/pki/kra") or`
		2eb3de	`test("/etc/sysconfig/pki/ocsp") or`
		2eb3de	`test("/etc/sysconfig/pki/tks")) then`
		2eb3de	`msg = "Unable to upgrade to Fedora 20. There are Dogtag 9 instances\n" ..`
		2eb3de	`"that will no longer work since they require Tomcat 6, and \n" ..`
		2eb3de	`"Tomcat 6 is no longer available in Fedora 20.\n\n" ..`
		2eb3de	`"Please follow these instructions to migrate the instances to \n" ..`
		2eb3de	`"Dogtag 10:\n\n" ..`
		2eb3de	`"http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag_10"`
		2eb3de	`error(msg)`
		2eb3de	`end`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if %{with server}`
		2eb3de
		2eb3de	`%pre -n pki-server`
		2eb3de	`getent group %{pki_groupname} >/dev/null \|\| groupadd -f -g %{pki_gid} -r %{pki_groupname}`
		2eb3de	`if ! getent passwd %{pki_username} >/dev/null ; then`
		2eb3de	`if ! getent passwd %{pki_uid} >/dev/null ; then`
		2eb3de	`useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username}`
		2eb3de	`else`
		2eb3de	`useradd -r -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username}`
		2eb3de	`fi`
		2eb3de	`fi`
		2eb3de	`exit 0`
		2eb3de
		2eb3de	`%endif # %{with server}`
		2eb3de
		2eb3de	`%post -n pki-base`
		2eb3de
		2eb3de	`if [ $1 -eq 1 ]`
		2eb3de	`then`
		2eb3de	`# On RPM installation create system upgrade tracker`
		2eb3de	`echo "Configuration-Version: %{version}" > %{_sysconfdir}/pki/pki.version`
		2eb3de
		2eb3de	`else`
		2eb3de	`# On RPM upgrade run system upgrade`
		2eb3de	echo "Upgrading PKI system configuration at `/bin/date`." >> /var/log/pki/pki-upgrade-%{version}.log 2>&1
		2eb3de	`/sbin/pki-upgrade --silent >> /var/log/pki/pki-upgrade-%{version}.log 2>&1`
		2eb3de	`echo >> /var/log/pki/pki-upgrade-%{version}.log 2>&1`
		2eb3de	`fi`
		2eb3de
		2eb3de	`%postun -n pki-base`
		2eb3de
		2eb3de	`if [ $1 -eq 0 ]`
		2eb3de	`then`
		2eb3de	`# On RPM uninstallation remove system upgrade tracker`
		2eb3de	`rm -f %{_sysconfdir}/pki/pki.version`
		2eb3de	`fi`
		2eb3de
		2eb3de	`%if %{with server}`
		2eb3de
		2eb3de	`%post -n pki-server`
		2eb3de	`## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem`
		2eb3de	`## from EITHER 'sysVinit' OR previous 'systemd' processes to the new`
		2eb3de	`## PKI deployment process`
		2eb3de
		2eb3de	echo "Upgrading PKI server configuration at `/bin/date`." >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1
		2eb3de	`/sbin/pki-server-upgrade --silent >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1`
		2eb3de	`echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1`
		2eb3de
		2eb3de	`# Migrate Tomcat configuration`
		2eb3de	`/sbin/pki-server migrate >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1`
		2eb3de	`echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1`
		2eb3de
		2eb3de	`# Reload systemd daemons on upgrade only`
		2eb3de	`if [ "$1" == "2" ]`
		2eb3de	`then`
		2eb3de	`systemctl daemon-reload`
		2eb3de	`fi`
		2eb3de
		2eb3de	`## %preun -n pki-server`
		2eb3de	`## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem`
		2eb3de	`## from EITHER 'sysVinit' OR previous 'systemd' processes to the new`
		2eb3de	`## PKI deployment process`
		2eb3de
		2eb3de
		2eb3de	`## %postun -n pki-server`
		2eb3de	`## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem`
		2eb3de	`## from EITHER 'sysVinit' OR previous 'systemd' processes to the new`
		2eb3de	`## PKI deployment process`
		2eb3de
		2eb3de	`%endif # %{with server}`
		2eb3de
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%files -n pki-symkey`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/symkey/LICENSE`
		2eb3de	`%{_jnidir}/symkey.jar`
		2eb3de	`%{_libdir}/symkey/`
		2eb3de	`%endif`
		2eb3de
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%files -n pki-base`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/common/LICENSE`
		2eb3de	`%doc base/common/LICENSE.LESSER`
		2eb3de	`%doc %{_datadir}/doc/pki-base/html`
		2eb3de	`%dir %{_datadir}/pki`
		2eb3de	`%{_datadir}/pki/VERSION`
		2eb3de	`%{_datadir}/pki/etc/`
		2eb3de	`%{_datadir}/pki/upgrade/`
		2eb3de	`%{_datadir}/pki/key/templates`
		2eb3de	`%dir %{_sysconfdir}/pki`
		2eb3de	`%config(noreplace) %{_sysconfdir}/pki/pki.conf`
		2eb3de	`%exclude %{python2_sitelib}/pki/server`
		2eb3de	`%{python2_sitelib}/pki`
		2eb3de	`%dir %{_localstatedir}/log/pki`
		2eb3de	`%{_sbindir}/pki-upgrade`
		2eb3de	`%{_mandir}/man1/pki-python-client.1.gz`
		2eb3de	`%{_mandir}/man5/pki-logging.5.gz`
		2eb3de	`%{_mandir}/man8/pki-upgrade.8.gz`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%files -n pki-base-java`
		2eb3de	`%{_datadir}/pki/examples/java/`
		2eb3de	`%{_datadir}/pki/lib/`
		2eb3de	`%dir %{_javadir}/pki`
		2eb3de	`%{_javadir}/pki/pki-cmsutil.jar`
		2eb3de	`%{_javadir}/pki/pki-nsutil.jar`
		2eb3de	`%{_javadir}/pki/pki-certsrv.jar`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%if %{with_python3}`
		2eb3de	`%files -n pki-base-python3`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/common/LICENSE`
		2eb3de	`%doc base/common/LICENSE.LESSER`
		2eb3de	`%exclude %{python3_sitelib}/pki/server`
		2eb3de	`%{python3_sitelib}/pki`
		2eb3de	`%endif # with_python3`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%files -n pki-tools`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/native-tools/LICENSE base/native-tools/doc/README`
		2eb3de	`%{_bindir}/pki`
		2eb3de	`%{_bindir}/p7tool`
		2eb3de	`%{_bindir}/pistool`
		2eb3de	`%{_bindir}/revoker`
		2eb3de	`%{_bindir}/setpin`
		2eb3de	`%{_bindir}/sslget`
		2eb3de	`%{_bindir}/tkstool`
		2eb3de	`%{_datadir}/pki/native-tools/`
		2eb3de	`%{_bindir}/AtoB`
		2eb3de	`%{_bindir}/AuditVerify`
		2eb3de	`%{_bindir}/BtoA`
		2eb3de	`%{_bindir}/CMCEnroll`
		2eb3de	`%{_bindir}/CMCRequest`
		2eb3de	`%{_bindir}/CMCResponse`
		2eb3de	`%{_bindir}/CMCRevoke`
		2eb3de	`%{_bindir}/CMCSharedToken`
		2eb3de	`%{_bindir}/CRMFPopClient`
		2eb3de	`%{_bindir}/DRMTool`
		2eb3de	`%{_bindir}/ExtJoiner`
		2eb3de	`%{_bindir}/GenExtKeyUsage`
		2eb3de	`%{_bindir}/GenIssuerAltNameExt`
		2eb3de	`%{_bindir}/GenSubjectAltNameExt`
		2eb3de	`%{_bindir}/HttpClient`
		2eb3de	`%{_bindir}/KRATool`
		2eb3de	`%{_bindir}/OCSPClient`
		2eb3de	`%{_bindir}/PKCS10Client`
		2eb3de	`%{_bindir}/PKCS12Export`
		2eb3de	`%{_bindir}/PKICertImport`
		2eb3de	`%{_bindir}/PrettyPrintCert`
		2eb3de	`%{_bindir}/PrettyPrintCrl`
		2eb3de	`%{_bindir}/TokenInfo`
		2eb3de	`%{_javadir}/pki/pki-tools.jar`
		2eb3de	`%{_datadir}/pki/java-tools/`
		2eb3de	`%{_mandir}/man1/AtoB.1.gz`
		2eb3de	`%{_mandir}/man1/AuditVerify.1.gz`
		2eb3de	`%{_mandir}/man1/BtoA.1.gz`
		2eb3de	`%{_mandir}/man1/CMCEnroll.1.gz`
		2eb3de	`%{_mandir}/man1/CMCRequest.1.gz`
		2eb3de	`%{_mandir}/man1/CMCResponse.1.gz`
		2eb3de	`%{_mandir}/man1/CMCSharedToken.1.gz`
		2eb3de	`%{_mandir}/man1/DRMTool.1.gz`
		2eb3de	`%{_mandir}/man1/KRATool.1.gz`
		2eb3de	`%{_mandir}/man1/PrettyPrintCert.1.gz`
		2eb3de	`%{_mandir}/man1/PrettyPrintCrl.1.gz`
		2eb3de	`%{_mandir}/man1/pki.1.gz`
		2eb3de	`%{_mandir}/man1/pki-audit.1.gz`
		2eb3de	`%{_mandir}/man1/pki-ca-kraconnector.1.gz`
		2eb3de	`%{_mandir}/man1/pki-ca-profile.1.gz`
		2eb3de	`%{_mandir}/man1/pki-cert.1.gz`
		2eb3de	`%{_mandir}/man1/pki-client.1.gz`
		2eb3de	`%{_mandir}/man1/pki-group.1.gz`
		2eb3de	`%{_mandir}/man1/pki-group-member.1.gz`
		2eb3de	`%{_mandir}/man1/pki-key.1.gz`
		2eb3de	`%{_mandir}/man1/pki-pkcs12-cert.1.gz`
		2eb3de	`%{_mandir}/man1/pki-pkcs12-key.1.gz`
		2eb3de	`%{_mandir}/man1/pki-pkcs12.1.gz`
		2eb3de	`%{_mandir}/man1/pki-securitydomain.1.gz`
		2eb3de	`%{_mandir}/man1/pki-tps-profile.1.gz`
		2eb3de	`%{_mandir}/man1/pki-user.1.gz`
		2eb3de	`%{_mandir}/man1/pki-user-cert.1.gz`
		2eb3de	`%{_mandir}/man1/pki-user-membership.1.gz`
		2eb3de	`%{_mandir}/man1/PKCS10Client.1.gz`
		2eb3de	`%{_mandir}/man1/PKICertImport.1.gz`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if %{with server}`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%files -n pki-server`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/common/THIRD_PARTY_LICENSES`
		2eb3de	`%doc base/server/LICENSE`
		2eb3de	`%doc base/server/README`
		2eb3de	`%{_sysconfdir}/pki/default.cfg`
		2eb3de	`%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki`
		2eb3de	`%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki/tomcat`
		2eb3de	`%{_sbindir}/pkispawn`
		2eb3de	`%{_sbindir}/pkidestroy`
		2eb3de	`%{_sbindir}/pki-server`
		2eb3de	`%{_sbindir}/pki-server-nuxwdog`
		2eb3de	`%{_sbindir}/pki-server-upgrade`
		2eb3de	`%{python2_sitelib}/pki/server/`
		2eb3de	`%dir %{_datadir}/pki/deployment`
		2eb3de	`%{_datadir}/pki/deployment/config/`
		2eb3de	`%dir %{_datadir}/pki/scripts`
		2eb3de	`%{_datadir}/pki/scripts/operations`
		2eb3de	`%{_bindir}/pkidaemon`
		2eb3de	`%dir %{_sysconfdir}/systemd/system/pki-tomcatd.target.wants`
		2eb3de	`%attr(644,-,-) %{_unitdir}/pki-tomcatd@.service`
		2eb3de	`%attr(644,-,-) %{_unitdir}/pki-tomcatd.target`
		2eb3de	`%dir %{_sysconfdir}/systemd/system/pki-tomcatd-nuxwdog.target.wants`
		2eb3de	`%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service`
		2eb3de	`%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target`
		2eb3de	`%{_javadir}/pki/pki-cms.jar`
		2eb3de	`%{_javadir}/pki/pki-cmsbundle.jar`
		2eb3de	`%{_javadir}/pki/pki-cmscore.jar`
		2eb3de	`%{_javadir}/pki/pki-tomcat.jar`
		2eb3de	`%dir %{_sharedstatedir}/pki`
		2eb3de	`%{_mandir}/man1/pkidaemon.1.gz`
		2eb3de	`%{_mandir}/man5/pki_default.cfg.5.gz`
		2eb3de	`%{_mandir}/man5/pki-server-logging.5.gz`
		2eb3de	`%{_mandir}/man8/pki-server-upgrade.8.gz`
		2eb3de	`%{_mandir}/man8/pkidestroy.8.gz`
		2eb3de	`%{_mandir}/man8/pkispawn.8.gz`
		2eb3de	`%{_mandir}/man8/pki-server.8.gz`
		2eb3de	`%{_mandir}/man8/pki-server-instance.8.gz`
		2eb3de	`%{_mandir}/man8/pki-server-subsystem.8.gz`
		2eb3de	`%{_mandir}/man8/pki-server-nuxwdog.8.gz`
		2eb3de	`%{_mandir}/man8/pki-server-migrate.8.gz`
		2eb3de	`%{_mandir}/man8/pki-server-cert.8.gz`
		2eb3de
		2eb3de	`%{_datadir}/pki/setup/`
		2eb3de	`%{_datadir}/pki/server/`
		2eb3de	`%endif`
		2eb3de
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%files -n pki-ca`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/ca/LICENSE`
		2eb3de	`%{_javadir}/pki/pki-ca.jar`
		2eb3de	`%dir %{_datadir}/pki/ca`
		2eb3de	`%{_datadir}/pki/ca/conf/`
		2eb3de	`%{_datadir}/pki/ca/emails/`
		2eb3de	`%dir %{_datadir}/pki/ca/profiles`
		2eb3de	`%{_datadir}/pki/ca/profiles/ca/`
		2eb3de	`%{_datadir}/pki/ca/setup/`
		2eb3de	`%{_datadir}/pki/ca/webapps/`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%files -n pki-kra`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/kra/LICENSE`
		2eb3de	`%{_javadir}/pki/pki-kra.jar`
		2eb3de	`%dir %{_datadir}/pki/kra`
		2eb3de	`%{_datadir}/pki/kra/conf/`
		2eb3de	`%{_datadir}/pki/kra/setup/`
		2eb3de	`%{_datadir}/pki/kra/webapps/`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhcs_packages}`
		2eb3de	`%files -n pki-ocsp`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/ocsp/LICENSE`
		2eb3de	`%{_javadir}/pki/pki-ocsp.jar`
		2eb3de	`%dir %{_datadir}/pki/ocsp`
		2eb3de	`%{_datadir}/pki/ocsp/conf/`
		2eb3de	`%{_datadir}/pki/ocsp/setup/`
		2eb3de	`%{_datadir}/pki/ocsp/webapps/`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhcs_packages}`
		2eb3de	`%files -n pki-tks`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/tks/LICENSE`
		2eb3de	`%{_javadir}/pki/pki-tks.jar`
		2eb3de	`%dir %{_datadir}/pki/tks`
		2eb3de	`%{_datadir}/pki/tks/conf/`
		2eb3de	`%{_datadir}/pki/tks/setup/`
		2eb3de	`%{_datadir}/pki/tks/webapps/`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhcs_packages}`
		2eb3de	`%files -n pki-tps`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%doc base/tps/LICENSE`
		2eb3de	`%{_javadir}/pki/pki-tps.jar`
		2eb3de	`%dir %{_datadir}/pki/tps`
		2eb3de	`%{_datadir}/pki/tps/applets/`
		2eb3de	`%{_datadir}/pki/tps/conf/`
		2eb3de	`%{_datadir}/pki/tps/setup/`
		2eb3de	`%{_datadir}/pki/tps/webapps/`
		2eb3de	`%{_mandir}/man5/pki-tps-connector.5.gz`
		2eb3de	`%{_mandir}/man5/pki-tps-profile.5.gz`
		2eb3de	`%{_mandir}/man1/tpsclient.1.gz`
		2eb3de	`# files for native 'tpsclient'`
		2eb3de	`# REMINDER: Remove this comment once 'tpsclient' is rewritten as a Java app`
		2eb3de	`%{_bindir}/tpsclient`
		2eb3de	`%{_libdir}/tps/libtps.so`
		2eb3de	`%{_libdir}/tps/libtokendb.so`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%if 0%{?package_fedora_packages} \|\| 0%{?package_rhel_packages}`
		2eb3de	`%if %{with javadoc}`
		2eb3de	`%files -n pki-javadoc`
		2eb3de	`%defattr(-,root,root,-)`
		2eb3de	`%{_javadocdir}/pki-%{version}/`
		2eb3de	`%endif`
		2eb3de	`%endif`
		2eb3de
		2eb3de	`%endif # %{with server}`
		2eb3de
		2eb3de	`%changelog`
		2eb3de	`* Mon Sep 30 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-4`
		2eb3de	`- Include 'pistool' in the 'pki-tools' package`
		2eb3de
		2eb3de	`* Mon Sep 23 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-3`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.8:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1445479 - KRATool does not support netkeyKeyRecovery`
		2eb3de	`attribute (dmoluguw)`
		2eb3de	`- Bugzilla Bug #1534013 - Attempting to add new keys using a PUT KEY APDU`
		2eb3de	`to a token that is loaded only with the default/factory keys (Key Version`
		2eb3de	`Number 0xFF) returns an APDU with error code 0x6A88. (jmagne)`
		2eb3de	`- Bugzilla Bug #1709585 - PKI (test support) for PKCS#11 standard`
		2eb3de	`AES KeyWrap for HSM support (cfu, ftweedal)`
		2eb3de	`- Bugzilla Bug #1748766 - number range depletion when multiple clones`
		2eb3de	`created from same master (ftweedal)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1520258 - TPS token search fails to find entries , LDAP filter`
		2eb3de	`# on cn and tokenUserID with wildchar too broad in some cases (rhcs-maint)`
		2eb3de	`- # Bugzilla Bug #1535671 - RFE to have the users be able to use the`
		2eb3de	`# "Advanced Search" option on the TPS UI (edewata)`
		2eb3de
		2eb3de	`* Mon Sep 9 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-2`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.8:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1523330 - CC: missing audit event for CS acting as TLS`
		2eb3de	`client (cfu)`
		2eb3de	`- Bugzilla Bug #1597727 - CA - Unable to change a certificate’s revocation`
		2eb3de	`reason from superceded to key_compromised (rhcs-maint)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1470410 - TPS doesn't update revocation status when`
		2eb3de	`# certificate already marked as unformatted/terminated/damaged (rhcs-maint)`
		2eb3de	`- # Bugzilla Bug #1470433 - Add supported transitions to TPS (rhcs-maint)`
		2eb3de	`- # Bugzilla Bug #1585722 - TMS - PKISocketFactory – Modify Logging to Allow`
		2eb3de	`# External Use of class to work like CS8 (rhcs-maint)`
		2eb3de	`- # Bugzilla Bug #1642577 - TPS – Revoked Encryption Certificates Marked as`
		2eb3de	`# Active in TPS Cert LDAP During Token Key Recovery (rhcs-maint)`
		2eb3de
		2eb3de	`* Tue Aug 13 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-1`
		2eb3de	`- Updated jss, nuxwdog, and tomcatjss dependencies`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.8:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1733586 - Rebase pki-core from 10.5.16 to 10.5.17 (RHEL)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1718418 - Update RHCS version of CA, KRA, OCSP, and TKS so`
		2eb3de	`# that it can be identified using a browser [RHCS]`
		2eb3de	`- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`# pki-console to 10.5.17 in RHCS 9.6`
		2eb3de
		2eb3de	`* Thu Jun 20 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-3`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.7:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1638379 - PKI startup initialization process should not`
		2eb3de	`depend on LDAP operational attributes [ftweedal]`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`# pki-console to 10.5.16 in RHCS 9.5`
		2eb3de
		2eb3de	`* Thu Apr 4 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-2`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.7:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1491453 - Need Method to Include SKI in CA Signing`
		2eb3de	`Certificate Request [ftweedal]`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`# pki-console to 10.5.16 in RHCS 9.5`
		2eb3de
		2eb3de	`* Mon Mar 18 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-1`
		2eb3de	`- Updated jss dependencies`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.7:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1633422 - Rebase pki-core from 10.5.1 to 10.5.16 (RHEL)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`# pki-console to 10.5.6 in RHCS 9.5`
		2eb3de
		2eb3de	`* Fri Feb 15 2019 Dogtag Team <pki-devel@redhat.com> 10.5.9-13`
		2eb3de	`- Updated jss dependencies`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1671245 - CC: unable to verify cert before import`
		2eb3de	`[rhel-7.6.z] [manpage] (ascheel)`
		2eb3de	`- Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL)`
		2eb3de	`[rhel-7.6.z] (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)`
		2eb3de	`# [rhcs-9.4.z] (edewata)`
		2eb3de
		2eb3de	`* Fri Feb 1 2019 Dogtag Team <pki-devel@redhat.com> 10.5.9-12`
		2eb3de	`- Updated jss dependencies`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1671245 - CC: unable to verify cert before import`
		2eb3de	`[rhel-7.6.z] (ascheel)`
		2eb3de	`- Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL)`
		2eb3de	`[rhel-7.6.z] (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)`
		2eb3de	`# [rhcs-9.4.z] (edewata)`
		2eb3de
		2eb3de	`* Thu Jan 31 2019 Dogtag Team <pki-devel@redhat.com> 10.5.9-11`
		2eb3de	`- Updated jss dependencies`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1671245 - CC: unable to verify cert before import`
		2eb3de	`[rhel-7.6.z] (ascheel)`
		2eb3de	`- Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL)`
		2eb3de	`[rhel-7.6.z] (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)`
		2eb3de	`# [rhcs-9.4.z] (edewata)`
		2eb3de
		2eb3de	`* Mon Dec 17 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-10`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout`
		2eb3de	`configuration [rhel-7.6.z] (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,`
		2eb3de	`# OCSP, and TKS using browser [RHCS] (mharmsen)`
		2eb3de	`- # Added Batch Update Information to Product Version (mharmsen)`
		2eb3de
		2eb3de	`* Mon Dec 10 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-9`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification`
		2eb3de	`if enableOCSP is true [rhel-7.6.z] (jmagne)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,`
		2eb3de	`# OCSP, and TKS using browser [RHCS] (mharmsen)`
		2eb3de
		2eb3de	`* Wed Dec 5 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-8`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z]`
		2eb3de	`(dmoluguw)`
		2eb3de	`- Bugzilla Bug #1645263 - Auth plugins leave passwords in the access`
		2eb3de	`log and audit log using REST [rhel-7.6.z] (dmoluguw)`
		2eb3de	`- Bugzilla Bug #1645429 - pkispawn fails due to name collision with`
		2eb3de	`/var/log/pki/<instance> [rhel-7.6.z] (dmoluguw)`
		2eb3de	`- Bugzilla Bug #1655951 - CC: tools supporting CMC requests output`
		2eb3de	`keyID needs to be captured in file [rhel-7.6.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1656297 - Unable to install with admin-generated keys`
		2eb3de	`[rhel-7.6.z] (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,`
		2eb3de	`# OCSP, and TKS using browser [RHCS] (mharmsen)`
		2eb3de
		2eb3de	`* Mon Oct 29 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-7`
		2eb3de	`- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1632116 - CC: missing audit event for CS acting as`
		2eb3de	`TLS client [rhel-7.6.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be`
		2eb3de	`removed from the default ciphers list [rhel-7.6.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be`
		2eb3de	`enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder`
		2eb3de	`overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen)`
		2eb3de	`- Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth`
		2eb3de	`[rhel-7.6.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1636490 - Installation of CA using an existing CA fails`
		2eb3de	`[rhel-7.6.z] (edewata)`
		2eb3de	`- Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for`
		2eb3de	`a password [rhel-7.6.z] (edewata)`
		2eb3de	`- Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra,`
		2eb3de	`pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne)`
		2eb3de	`- Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when`
		2eb3de	`there is no space on the disk to write logs [rhel-7.6.z] (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,`
		2eb3de	`# OCSP, and TKS using browser [RHCS] (mharmsen)`
		2eb3de
		2eb3de	`* Tue Aug 21 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-6`
		2eb3de	`- Updated nuxwdog dependencies`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #673182 - ECC keys not supported for signing`
		2eb3de	`audit logs (cfu)`
		2eb3de	`- Bugzilla Bug #1593805 - Better understanding of`
		2eb3de	`NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu)`
		2eb3de	`- Bugzilla Bug #1601071 - Certificate generation happens with`
		2eb3de	`partial attributes in CMCRequest file (cfu)`
		2eb3de	`- Bugzilla Bug #1601569 - CC: Enable all config audit events`
		2eb3de	`(cfu)`
		2eb3de	`- Bugzilla Bug #1608375 - CMC Revocations throws exception`
		2eb3de	`with same reqIssuer & certissuer (cfu)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to`
		2eb3de	`# latest upstream 10.5.x (RHCS) (mharmsen)`
		2eb3de
		2eb3de	`* Thu Aug 9 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-5`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0`
		2eb3de	`with latest version (abokovoy)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to`
		2eb3de	`# latest upstream 10.5.x (RHCS) (mharmsen)`
		2eb3de
		2eb3de	`* Tue Jul 31 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-4`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1548203 - pki console configurations that involves ldap`
		2eb3de	`passwords leave the plain text password in signed audit logs (cfu)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1494591 - keyGen fails when only Identity`
		2eb3de	`# certificate exists (jmagne)`
		2eb3de
		2eb3de	`* Mon Jul 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-3`
		2eb3de	`- Re-spin alpha builds`
		2eb3de
		2eb3de	`* Thu Jul 5 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-2`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden`
		2eb3de	`by CSR encoding (cfu)`
		2eb3de	`- Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a`
		2eb3de	`certificate (ftweedal)`
		2eb3de	`- Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in`
		2eb3de	`SharedToken scenario's (cfu)`
		2eb3de	`- Bugzilla Bug #1550742 - Address ECC profile overrides (cfu)`
		2eb3de	`- Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu)`
		2eb3de	`- Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu)`
		2eb3de	`- Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request`
		2eb3de	`authenticated through SharedToken (cfu)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to`
		2eb3de	`# latest upstream 10.5.x (RHCS) (mharmsen)`
		2eb3de
		2eb3de	`* Mon Jun 11 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-1`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.6:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1538311 - Using a Netmask produces an odd`
		2eb3de	`entry in a certifcate (ftweedal)`
		2eb3de	`- Bugzilla Bug #1544843 - ExternalCA: Installation failed during`
		2eb3de	`csr generation with ecc (rrelyea, gkapoor)`
		2eb3de	`- Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest`
		2eb3de	`upstream 10.5.x (RHEL) (mharmsen)`
		2eb3de	`- Bugzilla Bug #1580394 - CMC CRMF requests result in`
		2eb3de	`InvalidKeyFormatException when signing algorithm is ECC (cfu)`
		2eb3de	`- Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled`
		2eb3de	`ACL configuration in AAclAuthz.java reverses rules that allow`
		2eb3de	`and deny access (ftweedal, cfu)`
		2eb3de	`- Bugzilla Bug #1585866 - CRMFPopClient tool - should allow`
		2eb3de	`option to do no key archival (cfu)`
		2eb3de	`- Bugzilla Bug #1588655 - Cert validation for installation with`
		2eb3de	`external CA cert (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to`
		2eb3de	`# latest upstream 10.5.x (RHCS) (mharmsen)`
		2eb3de
		2eb3de	`* Sat Jun 9 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13.1`
		2eb3de	`- Rebuild due to build system database problem`
		2eb3de
		2eb3de	`* Fri Jun 8 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1553068 - Using a Netmask produces an odd`
		2eb3de	`entry in a certifcate [rhel-7.5.z] (ftweedal)`
		2eb3de	`- Bugzilla Bug #1585945 - CMC CRMF requests result in`
		2eb3de	`InvalidKeyFormatException when signing algorithm is ECC`
		2eb3de	`[rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1587826 - ExternalCA: Installation failed during`
		2eb3de	`csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor)`
		2eb3de	`- Bugzilla Bug #1588944 - Cert validation for installation with`
		2eb3de	`external CA cert [rhel-7.5.z] (edewata)`
		2eb3de	`- Bugzilla Bug #1588945 - CRMFPopClient tool - should allow`
		2eb3de	`option to do no key archival (cfu)`
		2eb3de	`- Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled`
		2eb3de	`ACL configuration in AAclAuthz.java reverses rules that allow`
		2eb3de	`and deny access [rhel-7.5.z] (ftweedal, cfu)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,`
		2eb3de	`# and pki-console to 10.5.x in RHCS 9.3`
		2eb3de
		2eb3de	`* Tue May 22 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-12`
		2eb3de	`- Updated "jss" build and runtime requirements (mharmsen)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest,`
		2eb3de	`CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1572548 - IPA install with external-CA is failing when`
		2eb3de	`FIPS mode enabled. [rhel-7.5.z] (edewata)`
		2eb3de	`- Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE`
		2eb3de	`[rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue`
		2eb3de	`with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs`
		2eb3de	`improvement [rhel-7.5.z] (jmagne)`
		2eb3de	`- Bugzilla Bug #1581135 - SAN in internal SSL server certificate in`
		2eb3de	`pkispawn configuration step [rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong`
		2eb3de	`input class_id [rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System`
		2eb3de	`9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,`
		2eb3de	`# and pki-console to 10.5.x in RHCS 9.3`
		2eb3de
		2eb3de	`* Mon Apr 9 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-11`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for`
		2eb3de	`standard conformance [rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools`
		2eb3de	`CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1560233 - libtps does not directly depend on libz`
		2eb3de	`# (build failure with nss-3.35) [rhcs-9.3.z] (ftweedal)`
		2eb3de
		2eb3de	`* Fri Mar 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-10`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1550581 - CMCAuth throws`
		2eb3de	`org.mozilla.jss.crypto.TokenException: Unable to insert certificate into`
		2eb3de	`temporary database [rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1551067 - [MAN] Add --skip-configuration`
		2eb3de	`and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata)`
		2eb3de	`- Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers`
		2eb3de	`[rhel-7.5.z] (cheimes, mharmsen)`
		2eb3de	`- Bugzilla Bug #1553068 - Using a Netmask produces an odd entry`
		2eb3de	`in a certifcate [rhel-7.5.z] (ftweedal)`
		2eb3de	`- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for`
		2eb3de	`standard conformance [rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled`
		2eb3de	`by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu)`
		2eb3de	`- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools`
		2eb3de	`CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)`
		2eb3de	`- Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives`
		2eb3de	`StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal)`
		2eb3de	`- Bugzilla Bug #1558919 - Not able to generate certificate request`
		2eb3de	`with ECC using pki client-cert-request [rhel-7.5.z] (akahat)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1560233 - libtps does not directly depend on libz`
		2eb3de	`# (build failure with nss-3.35) [rhcs-9.3.z] (ftweedal)`
		2eb3de
		2eb3de	`* Mon Feb 19 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-9`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release`
		2eb3de	`# (RHEL)`
		2eb3de	`- Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event`
		2eb3de	`set (RHEL) (edewata)`
		2eb3de	`- Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata)`
		2eb3de	`- Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM`
		2eb3de	`and FIPS (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,`
		2eb3de	`# and pki-console to 10.5.x in RHCS 9.3`
		2eb3de	`- # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event`
		2eb3de	`# set (RHCS) (edewata)`
		2eb3de
		2eb3de	`* Mon Feb 12 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-8`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release`
		2eb3de	`# (RHEL)`
		2eb3de	`- Bugzilla Bug #1542210 - pki console configurations that involves ldap`
		2eb3de	`passwords leave the plain text password in debug logs (jmagne)`
		2eb3de	`- Bugzilla Bug #1543242 - Regression in lightweight CA key replication`
		2eb3de	`(ftweedal)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,`
		2eb3de	`# and pki-console to 10.5.x in RHCS 9.3`
		2eb3de
		2eb3de	`* Mon Feb 5 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-7`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release`
		2eb3de	`# (RHEL)`
		2eb3de	`- Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event`
		2eb3de	`set (RHEL) (edewata)`
		2eb3de	`- Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and`
		2eb3de	`audit event logging at startup (jmagne)`
		2eb3de	`- Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance`
		2eb3de	`(alee)`
		2eb3de	`- Bugzilla Bug #1525306 - CC: missing CMC request and response record`
		2eb3de	`(cfu)`
		2eb3de	`- Bugzilla Bug #1532933 - Installing subsystems with external CMC`
		2eb3de	`certificates in HSM environment shows import error (edewata)`
		2eb3de	`- Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm`
		2eb3de	`(edewata)`
		2eb3de	`- Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers`
		2eb3de	`permitted in fips mode (mharmsen)`
		2eb3de	`- Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED`
		2eb3de	`outcomes. (edewata)`
		2eb3de	`- Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in`
		2eb3de	`SharedToken scenario's (cfu)`
		2eb3de	`- Bugzilla Bug #1541526 - CMC: Revocation works with an unknown`
		2eb3de	`revRequest.issuer (cfu)`
		2eb3de	`- Bugzilla Bug #1541853 - ProfileService: config values with`
		2eb3de	`backslashes have backslashes removed (ftweedal)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,`
		2eb3de	`# and pki-console to 10.5.x in RHCS 9.3`
		2eb3de	`- # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit`
		2eb3de	`# event set (RHCS) (edewata)`
		2eb3de	`- # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the`
		2eb3de	`# changes after an in-place upgrade. (jmagne)`
		2eb3de
		2eb3de	`* Tue Jan 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-6`
		2eb3de	`- Updated jss, nuxwdog, and openssl dependencies`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release`
		2eb3de	`(RHEL)`
		2eb3de	`- Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in`
		2eb3de	`few cases (ftweedal)`
		2eb3de	`- Bugzilla Bug #1428021 - CC: shared token storage and retrieval`
		2eb3de	`mechanism (cfu)`
		2eb3de	`- Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false`
		2eb3de	`would cause error (cfu)`
		2eb3de	`- Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog`
		2eb3de	`(alee)`
		2eb3de	`- Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during`
		2eb3de	`pkispawn (alee)`
		2eb3de	`- Bugzilla Bug #1520526 - p12 admin certificate is missing when`
		2eb3de	`certificate is signed Externally (edewata)`
		2eb3de	`- Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA`
		2eb3de	`instance (alee)`
		2eb3de	`- Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to`
		2eb3de	`missing nextupdate field (ftweedal)`
		2eb3de	`- Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen)`
		2eb3de	`- Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords`
		2eb3de	`in several different files after installation completes (alee)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,`
		2eb3de	`# and pki-console to 10.5.x in RHCS 9.3`
		2eb3de
		2eb3de	`* Mon Dec 11 2017 Dogtag Team <pki-devel@redhat.com> 10.5.1-5`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release`
		2eb3de	`(RHEL)`
		2eb3de	`- Bugzilla Bug #1466066 - CC: Secure removal of secret data storage`
		2eb3de	`(jmagne)`
		2eb3de	`- Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to`
		2eb3de	`setup with CMC signed certificates (cfu)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`# pki-console to 10.5.x in RHCS 9.3`
		2eb3de
		2eb3de	`* Mon Nov 27 2017 Dogtag Team <pki-devel@redhat.com> 10.5.1-4`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release`
		2eb3de	`(RHEL)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`#pki-console to 10.5.x in RHCS 9.3`
		2eb3de
		2eb3de	`* Tue Nov 14 2017 Troy Dawson <tdawson@redhat.com> - 10.5.1-3`
		2eb3de	`- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals`
		2eb3de
		2eb3de	`* Wed Nov 8 2017 Dogtag Team <pki-devel@redhat.com> 10.5.1-2`
		2eb3de	`- Patch applying check-ins since 10.5.1-1`
		2eb3de
		2eb3de	`* Thu Nov 2 2017 Dogtag Team <pki-devel@redhat.com> 10.5.1-1`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release`
		2eb3de	`(RHEL)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`#pki-console to 10.5.x in RHCS 9.3`
		2eb3de
		2eb3de	`* Thu Oct 19 2017 Dogtag Team <pki-devel@redhat.com> 10.5.0-1`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.5:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release`
		2eb3de	`(RHEL)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.3:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`#pki-console to 10.5.x in RHCS 9.3`
		2eb3de
		2eb3de	`* Mon Sep 18 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-15`
		2eb3de	`- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0`
		2eb3de	`#[rhel-7.4.z] (ftweedal)`
		2eb3de
		2eb3de	`* Tue Sep 12 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-14`
		2eb3de	`- #Require "jss >= 4.4.0-8" as a build and runtime requirement`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332`
		2eb3de	`- # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions)`
		2eb3de	`# [RHEL 7.4.z] (ftweedal)`
		2eb3de	`- # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error`
		2eb3de	`# in cmc user-signed [rhel-7.4.z] (cfu)`
		2eb3de	`- # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from`
		2eb3de	`# RHEL 7.1 [rhel-7.4.z] (ftweedal)`
		2eb3de	`- # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS)`
		2eb3de	`# [rhel-7.4.z] (ftweedal)`
		2eb3de	`- # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin`
		2eb3de	`# for token certificates on TPS UI Server [rhel-7.4.z] (edewata)`
		2eb3de	`- # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data:`
		2eb3de	`# TypeError: ... is not JSON serializable (ftweedal)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.2:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271`
		2eb3de	`- # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and`
		2eb3de	`# "tokenType" certificate attribute for recovered certificates. (cfu)`
		2eb3de	`- # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin`
		2eb3de	`# for token certificates on TPS UI (edewata)`
		2eb3de
		2eb3de	`* Mon Aug 21 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-13`
		2eb3de	`- Resolves: rhbz #1463350`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1463350 - Access banner validation (edewata)`
		2eb3de	`# [pki-core-server-access-banner-retrieval-validation.patch]`
		2eb3de
		2eb3de	`* Wed Jul 19 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-12`
		2eb3de	`- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing`
		2eb3de	`# certificate requests (cfu)`
		2eb3de	`# [PREVIOUS PATCH: pki-core-beta.patch]`
		2eb3de	`# [PREVIOUS PATCH: pki-core-snapshot-4.patch]`
		2eb3de	`- # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause`
		2eb3de	`# error (cfu)`
		2eb3de	`# [PREVIOUS PATCH: pki-core-post-beta.patch]`
		2eb3de	`- # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert`
		2eb3de	`# against CMC signer (cfu)`
		2eb3de	`# [PREVIOUS PATCH: pki-core-CMC-check-HTTPS-client-authentication-cert.patch]`
		2eb3de	`- # Bugzilla Bug #1463350 - Access banner validation (edewata)`
		2eb3de	`# [pki-core-server-access-banner-validation.patch]`
		2eb3de	`- # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal`
		2eb3de	`# non-signing cert requests (cfu)`
		2eb3de	`# [PREVIOUS PATCH: pki-core-snapshot-1.patch]`
		2eb3de	`# [pki-core-pre-signed-CMC-renewal-UniqueKeyConstraint.patch]`
		2eb3de	`- # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen)`
		2eb3de	`# [pki-core-platform-dependent-python-import.patch]`
		2eb3de	`- # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with`
		2eb3de	`# id-cmc-statusInfoV2 (cfu)`
		2eb3de	`# [pki-core-CMC-id-cmc-statusInfoV2.patch]`
		2eb3de	`- # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option`
		2eb3de	`# (dmoluguw)`
		2eb3de	`# [pki-core-subsystem-cert-update-CLI-cert-option.patch]`
		2eb3de	`- # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03`
		2eb3de	`# (jmagne)`
		2eb3de	`# [pki-core-HSM-key-changeover-SCP03-support.patch]`
		2eb3de	`- # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system`
		2eb3de	`# certificates (cfu)`
		2eb3de	`# [pki-core-system-cert-CMC-enroll-profile.patch]`
		2eb3de
		2eb3de	`* Mon Jul 17 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-11`
		2eb3de	`- # Resolves: rhbz #1469432`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # Bugzilla Bug #1469432 - CMC plugin default change`
		2eb3de	`- # Resolves CVE-2017-7537`
		2eb3de	`- # Fixes BZ #1470948`
		2eb3de
		2eb3de	`* Mon Jun 19 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-10`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1458043 - Key recovery on token fails with`
		2eb3de	`invalid public key error on KRA (alee)`
		2eb3de	`- Bugzilla Bug #1460764 - CC: CMC: check HTTPS client`
		2eb3de	`authentication cert against CMC signer (cfu)`
		2eb3de	`- Bugzilla Bug #1461533 - Unable to find keys in the p12 file after`
		2eb3de	`deleting the any of the subsystem certs from it (ftweedal)`
		2eb3de
		2eb3de	`* Mon Jun 12 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-9`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)`
		2eb3de	`using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)`
		2eb3de	`- Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC`
		2eb3de	`non-signing certificate requests (cfu)`
		2eb3de	`- Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC`
		2eb3de	`revocation non-signing cert requests (cfu)`
		2eb3de	`- Bugzilla Bug #1458047 - change the way aes clients refer to`
		2eb3de	`aes keysets (alee)`
		2eb3de	`- Bugzilla Bug #1458055 - dont reuse IVs in the CMC code`
		2eb3de	`(alee)`
		2eb3de	`- Bugzilla Bug #1460028 - In keywrap mode, key recovery on`
		2eb3de	`KRA with HSM causes KRA to crash (ftweedal)`
		2eb3de
		2eb3de	`* Mon Jun 5 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-8`
		2eb3de	`- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement`
		2eb3de	`- Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS`
		2eb3de	`enabled system (edewata)`
		2eb3de	`- Bugzilla Bug #1447144 - CA brought down during separate KRA instance`
		2eb3de	`creation (edewata)`
		2eb3de	`- Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure`
		2eb3de	`ACCESS_SESSION_ESTABLISH_FAILURE (edewata)`
		2eb3de	`- Bugzilla Bug #1454450 - SubCA installation failure with 2 step`
		2eb3de	`installation in fips enabled mode (edewata)`
		2eb3de	`- Bugzilla Bug #1456597 - Certificate import using pki client-cert-import`
		2eb3de	`is asking for password when already provided (edewata)`
		2eb3de	`- Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes)`
		2eb3de	`- Bugzilla Bug #1458043 - Key recovery using externalReg fails`
		2eb3de	`with java null pointer exception on KRA (alee)`
		2eb3de	`- Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter`
		2eb3de	`(edewata)`
		2eb3de	`- Bugzilla Bug #1458429 - client-cert-import --ca-cert should`
		2eb3de	`import CA cert with trust bits "CT,C,C" (edewata)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.2:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)`
		2eb3de
		2eb3de	`* Tue May 30 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-7`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)`
		2eb3de	`using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)`
		2eb3de	`- Bugzilla Bug #1445519 - CA Server installation with HSM fails`
		2eb3de	`(jmagne)`
		2eb3de	`- Bugzilla Bug #1452617 - Unable to create IPA Sub CA`
		2eb3de	`(ftweedal)`
		2eb3de	`- Bugzilla Bug #1454471 - Enabling all subsystems on startup`
		2eb3de	`(edewata)`
		2eb3de	`- Bugzilla Bug #1455617 - Key recovery on token fails because`
		2eb3de	`key record is not marked encrypted (alee)`
		2eb3de
		2eb3de	`* Tue May 23 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-6`
		2eb3de	`- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error`
		2eb3de	`(mharmsen)`
		2eb3de
		2eb3de	`* Mon May 22 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-5`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal`
		2eb3de	`non-signing cert requests (cfu)`
		2eb3de	`- Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed)`
		2eb3de	`CMC with identity proof (cfu)`
		2eb3de	`- Bugzilla Bug #1447144 - CA brought down during separate KRA instance`
		2eb3de	`creation (mharmsen)`
		2eb3de	`- Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when`
		2eb3de	`defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata)`
		2eb3de	`- Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne)`
		2eb3de	`- Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen)`
		2eb3de	`- Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in`
		2eb3de	`ConnectorServlet. (edewata)`
		2eb3de	`- Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata)`
		2eb3de	`- Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED`
		2eb3de	`audit event. (edewata)`
		2eb3de
		2eb3de	`* Tue May 9 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-4`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1386303 - cannot extract generated private key from KRA when`
		2eb3de	`HSM is used. (alee)`
		2eb3de	`- Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes)`
		2eb3de	`- Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause`
		2eb3de	`error (cfu)`
		2eb3de	`- Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from`
		2eb3de	`the KRA (ftweedal)`
		2eb3de	`- Bugzilla Bug #1448204 - pkispawn of clone install fails with`
		2eb3de	`InvalidBERException (ftweedal)`
		2eb3de	`- Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on`
		2eb3de	`thales hsm (alee)`
		2eb3de	`- Updated "jss" build and runtime requirements (mharmsen)`
		2eb3de	`- ##########################################################################`
		2eb3de	`- # RHCS 9.2:`
		2eb3de	`- ##########################################################################`
		2eb3de	`- Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)`
		2eb3de
		2eb3de	`* Mon May 1 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-3`
		2eb3de	`- ############################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in`
		2eb3de	`conjuction with FreeIPA (ftweedal)`
		2eb3de	`- Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the`
		2eb3de	`startTime parameter is not working as expected. (jmagne)`
		2eb3de	`- Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing`
		2eb3de	`certificate requests (cfu)`
		2eb3de	`- Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal)`
		2eb3de	`- Bugzilla Bug #1445088 - profile modification cannot remove existing config`
		2eb3de	`parameters (ftweedal)`
		2eb3de	`- Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption)`
		2eb3de	`(RHEL) (alee)`
		2eb3de	`- Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when`
		2eb3de	`pki CLI terminates SSL connection (edewata)`
		2eb3de	`- Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata)`
		2eb3de	`- ############################################################################`
		2eb3de	`- # RHCS 9.2:`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption)`
		2eb3de	`(RHCS) (alee)`
		2eb3de
		2eb3de	`* Mon Apr 17 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-2`
		2eb3de	`- ############################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1282504 - Installing pki-server in container reports`
		2eb3de	`scriptlet failed, exit status 1 (jpazdziora)`
		2eb3de	`- Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS`
		2eb3de	`enabled system (edewata)`
		2eb3de	`- Bugzilla Bug #1410650 - [RFE] Add SCP03 support`
		2eb3de	`for sc 7 g & d cards (RHEL) (jmagne)`
		2eb3de	`- Bugzilla Bug #1437591 - cli authentication using expired cert throws an`
		2eb3de	`exception (edewata)`
		2eb3de	`- Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a`
		2eb3de	`request (edewata)`
		2eb3de	`- ############################################################################`
		2eb3de	`- # RHCS 9.2:`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1274086 - [RFE] Add SCP03 support`
		2eb3de	`for sc 7 g & d cards (RHCS) (jmagne)`
		2eb3de	`- ############################################################################`
		2eb3de	`- # Common Criteria`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures`
		2eb3de	`(edewata)`
		2eb3de	`- Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata)`
		2eb3de	`- Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature`
		2eb3de	`implementation (cfu)`
		2eb3de
		2eb3de	`* Mon Mar 27 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-1`
		2eb3de	`- Require "nss >= 3.28.3" as a build and runtime requirement`
		2eb3de	`- Require "jss >= 4.4.0-4" as a build and runtime requirement`
		2eb3de	`- Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement`
		2eb3de	`- dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find`
		2eb3de	`failure (edewata)`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4`
		2eb3de	`- Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`pki-console to 10.4.x`
		2eb3de	`- ############################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ############################################################################`
		2eb3de	`- ############################################################################`
		2eb3de	`- # RHCS 9.2:`
		2eb3de	`- ############################################################################`
		2eb3de	`- ############################################################################`
		2eb3de	`- # Common Criteria`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature`
		2eb3de	`implementation (cfu)`
		2eb3de	`- Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption`
		2eb3de	`cert requests (cfu)`
		2eb3de	`- Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures`
		2eb3de	`(edewata)`
		2eb3de	`- Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance`
		2eb3de	`protection cert mechanism (cfu)`
		2eb3de
		2eb3de	`* Tue Mar 14 2017 Dogtag Team <pki-devel@redhat.com> 10.4.0-1`
		2eb3de	`- Require "jss >= 4.4.0-1" as a build and runtime requirement`
		2eb3de	`- Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4`
		2eb3de	`- Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and`
		2eb3de	`pki-console to 10.4.x`
		2eb3de	`- ############################################################################`
		2eb3de	`- # RHEL 7.4:`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System`
		2eb3de	`8.1 fail NIST validation test with parameter field. (cfu)`
		2eb3de	`- Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate`
		2eb3de	`when --usages verify (vakwetu)`
		2eb3de	`- Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port`
		2eb3de	`with remote CA shows authentication failure (edewata)`
		2eb3de	`- Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does`
		2eb3de	`not show proper error message (vakwetu)`
		2eb3de	`- Bugzilla Bug #1305993 - Add profile component that copies CN to SAN`
		2eb3de	`(ftweedal)`
		2eb3de	`- Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because`
		2eb3de	`of missing authentication even if it should not require any (edewata)`
		2eb3de	`- Bugzilla Bug #1325071 - add options to enable/disable cert or crl`
		2eb3de	`publishing. (vakwetu)`
		2eb3de	`- Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service`
		2eb3de	`("ipa-cacert-manage renew" failed?) (edewata)`
		2eb3de	`- Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata)`
		2eb3de	`- Bugzilla Bug #1372052 - Unable to search certificate requests using the`
		2eb3de	`latest request ID (edewata)`
		2eb3de	`- Bugzilla Bug #1375347 - Typo in comment line of`
		2eb3de	`UserPwdDirAuthentication.java (edewata)`
		2eb3de	`- Bugzilla Bug #1376226 - IPA replica-prepare failed with error`
		2eb3de	`"Profile caIPAserviceCert Not Found" (ftweedal)`
		2eb3de	`- Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as`
		2eb3de	`a dependency package (mharmsen)`
		2eb3de	`- Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due`
		2eb3de	`to missing AuthorityID (ftweedal)`
		2eb3de	`- Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal)`
		2eb3de	`- Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata)`
		2eb3de	`- Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA`
		2eb3de	`with partial certificate chain (edewata)`
		2eb3de	`- Bugzilla Bug #1382066 - Problems with FIPS mode (edewata)`
		2eb3de	`- Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen)`
		2eb3de	`- Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar`
		2eb3de	`files (edewata)`
		2eb3de	`- Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is`
		2eb3de	`not reflected in the TPS Web UI (RHEL 7) (edewata)`
		2eb3de	`- Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA`
		2eb3de	`(vakwetu)`
		2eb3de	`- Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS`
		2eb3de	`mode (edewata)`
		2eb3de	`- Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from`
		2eb3de	`nistp256 when nistp384 is specified in spawn config (jmagne)`
		2eb3de	`- Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata)`
		2eb3de	`- Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and`
		2eb3de	`enroll G&D Cards (jmagne)`
		2eb3de	`- Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL)`
		2eb3de	`(jmagne)`
		2eb3de	`- Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate`
		2eb3de	`(vakwetu)`
		2eb3de	`- Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website`
		2eb3de	`incorrect (vakwetu)`
		2eb3de	`- Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne)`
		2eb3de	`- Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata)`
		2eb3de	`- Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata)`
		2eb3de	`- Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will`
		2eb3de	`not finish start, hangs (ftweedal)`
		2eb3de	`- Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert`
		2eb3de	`(edewata)`
		2eb3de	`- Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6`
		2eb3de	`environment. (edewata)`
		2eb3de	`- ############################################################################`
		2eb3de	`- # RHCS 9.2:`
		2eb3de	`- ############################################################################`
		2eb3de	`- Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu)`
		2eb3de	`- Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)`
		2eb3de	`- Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single`
		2eb3de	`user on multiple tokens. (jmagne)`
		2eb3de	`- Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed`
		2eb3de	`tokens (jmagne)`
		2eb3de	`- Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working`
		2eb3de	`when a token is physically damaged and a temporary token is issued (jmagne)`
		2eb3de	`- Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial`
		2eb3de	`number and key id on the ldap user mismatches (cfu)`
		2eb3de	`- Bugzilla Bug #1381635 - Token format with external reg fails when`
		2eb3de	`op.format.externalRegAddToToken.revokeCert=true (cfu)`
		2eb3de	`- Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when`
		2eb3de	`set on a token (jmagne)`
		2eb3de	`- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is`
		2eb3de	`not reflected in the TPS Web UI (RHCS 9) (edewata)`
		2eb3de	`- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS`
		2eb3de	`tokendb shows different certificate status (cfu)`
		2eb3de	`- Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and`
		2eb3de	`enroll G&D Cards (RHCS) (jmagne)`
		2eb3de	`- Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata)`
		2eb3de	`- Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS)`
		2eb3de	`(jmagne)`
		2eb3de	`- ############################################################################`
		2eb3de
		2eb3de	`* Mon Mar 6 2017 Dogtag Team <pki-devel@redhat.com> 10.3.3-18`
		2eb3de	`- ## RHEL 7.3.z Batch Update 4`
		2eb3de	`- Bugzilla Bug #1429492 - Add profile component that copies CN to SAN`
		2eb3de	`(ftweedal)`
		2eb3de
		2eb3de	`* Mon Jan 30 2017 Dogtag Team <pki-devel@redhat.com> 10.3.3-17`
		2eb3de	`- ## RHCS 9.1.z Batch Update 3`
		2eb3de	`- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS`
		2eb3de	`tokendb shows different certificate status (cfu)`
		2eb3de	`- ## RHEL 7.3.z Batch Update 3`
		2eb3de	`- Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System`
		2eb3de	`8.1 fail NIST validation test with parameter field. (cfu)`
		2eb3de	`- Bugzilla Bug #1417064 - Unable to search certificate requests using the`
		2eb3de	`latest request ID (edewata)`
		2eb3de	`- Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website`
		2eb3de	`incorrect (alee)`
		2eb3de	`- Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will`
		2eb3de	`not finish start, hangs (ftweedal)`
		2eb3de	`- Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert`
		2eb3de	`(edewata)`
		2eb3de	`- Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6`
		2eb3de	`environment. (edewata)`
		2eb3de
		2eb3de	`* Thu Dec 15 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-16`
		2eb3de	`- Separate original patches into RHEL and RHCS portions`
		2eb3de	`- ## RHEL 7.3.z Batch Update 2`
		2eb3de	`- Bugzilla Bug #1404176 - logging properties and man pages (edewata)`
		2eb3de	`- Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and`
		2eb3de	`enroll G&D Cards (jmagne)`
		2eb3de	`- ## RHCS 9.1.z Batch Update 2`
		2eb3de	`- Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and`
		2eb3de	`enroll G&D Cards (jmagne)`
		2eb3de	`- Bugzilla Bug #1404900 - RHCS logging properties (edewata)`
		2eb3de
		2eb3de	`* Tue Dec 13 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-15`
		2eb3de	`- ## RHEL 7.3.z Batch Update 2`
		2eb3de	`- Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port`
		2eb3de	`with remote CA shows authentication failure (edewata)`
		2eb3de	`- Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because`
		2eb3de	`of missing authentication even if it should not require any (edewata)`
		2eb3de	`- Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is`
		2eb3de	`not reflected in the TPS Web UI [pki-base] (edewata)`
		2eb3de	`- Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS`
		2eb3de	`mode (edewata)`
		2eb3de	`- Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from`
		2eb3de	`nistp256 when nistp384 is specified in spawn config (jmagne)`
		2eb3de	`- Bugzilla Bug #1404176 - logging properties and man pages (edewata)`
		2eb3de	`- ## RHCS 9.1.z Batch Update 2`
		2eb3de	`- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is`
		2eb3de	`not reflected in the TPS Web UI [pki-tps] (edewata)`
		2eb3de	`- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS`
		2eb3de	`tokendb shows different certificate status (cfu)`
		2eb3de	`- Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and`
		2eb3de	`enroll G&D Cards (jmagne)`
		2eb3de
		2eb3de	`* Tue Nov 8 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-14`
		2eb3de	`- Marked the following RHCS 9.1.z bug:`
		2eb3de	`Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel`
		2eb3de	`when TPS and TKS security db is on fips mode. (jmagne)`
		2eb3de	`as a duplicate of RHEL 7.3.z bug:`
		2eb3de	`Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)`
		2eb3de	`and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.`
		2eb3de
		2eb3de	`* Thu Nov 3 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-13`
		2eb3de	`- ## RHEL 7.3.z Batch Update 1`
		2eb3de	`- Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)`
		2eb3de	`(added KRA key recovery via CLI in FIPS mode)`
		2eb3de	`- ## RHCS 9.1.z Batch Update 1`
		2eb3de	`- Reverted patches associated with`
		2eb3de	`Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is`
		2eb3de	`not reflected in the TPS Web UI (edewata)`
		2eb3de
		2eb3de	`* Mon Oct 31 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-12`
		2eb3de	`- ## RHEL 7.3.z Batch Update 1`
		2eb3de	`- Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does`
		2eb3de	`not show proper error message (alee)`
		2eb3de	`- Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service`
		2eb3de	`("ipa-cacert-manage renew" failed?) (edewata)`
		2eb3de	`- Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as`
		2eb3de	`a dependency package (mharmsen)`
		2eb3de	`- Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due`
		2eb3de	`to missing AuthorityID (ftweedal)`
		2eb3de	`- Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal)`
		2eb3de	`- Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA`
		2eb3de	`with partial certificate chain (edewata)`
		2eb3de	`- Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)`
		2eb3de	`- Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar`
		2eb3de	`files (edewata)`
		2eb3de	`- Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java`
		2eb3de	`(edewata)`
		2eb3de	`- ## RHCS 9.1.z Batch Update 1`
		2eb3de	`- Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu)`
		2eb3de	`- Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a`
		2eb3de	`single user on multiple tokens. (jmagne)`
		2eb3de	`- Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed`
		2eb3de	`tokens (jmagne)`
		2eb3de	`- Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working`
		2eb3de	`when a token is physically damaged and a temporary token is issued (jmagne)`
		2eb3de	`- Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial`
		2eb3de	`number and key id on the ldap user mismatches`
		2eb3de	`- Bugzilla Bug #1381635 - Token format with external reg fails when`
		2eb3de	`op.format.externalRegAddToToken.revokeCert=true (cfu)`
		2eb3de	`- Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when`
		2eb3de	`set on a token (jmagne)`
		2eb3de	`- Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel`
		2eb3de	`when TPS and TKS security db is on fips mode. (jmagne)`
		2eb3de	`- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is`
		2eb3de	`not reflected in the TPS Web UI (edewata)`
		2eb3de
		2eb3de	`* Mon Oct 10 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-11`
		2eb3de	`- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu)`
		2eb3de	`- PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single`
		2eb3de	`user on multiple tokens. (jmagne)`
		2eb3de	`- PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a`
		2eb3de	`dependency package (mharmsen)`
		2eb3de	`- PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed`
		2eb3de	`tokens (jmagne)`
		2eb3de	`- PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial`
		2eb3de	`number and key id on the ldap user mismatches (cfu)`
		2eb3de	`- PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar`
		2eb3de	`files (edewata)`
		2eb3de
		2eb3de	`* Fri Sep 9 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-10`
		2eb3de	`- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates`
		2eb3de	`in different tokens (edewata)`
		2eb3de	`- Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate`
		2eb3de	`- Restores: rhbz #1319557 - pkispawn KRA instance is failing server`
		2eb3de	`- Removes from Errata: rhbz #1372041 - Unable to create system certificates`
		2eb3de	`in different tokens`
		2eb3de
		2eb3de	`* Tue Sep 6 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-9`
		2eb3de	`- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion`
		2eb3de	`(ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements`
		2eb3de	`(edewata)`
		2eb3de	`- PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry`
		2eb3de	`deleted (ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if`
		2eb3de	`USN plugin enabled (ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per`
		2eb3de	`instance name (for shared HSM) (cfu)`
		2eb3de	`- PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu)`
		2eb3de	`- PKI TRAC Ticket #2449 - Unable to create system certificates in different`
		2eb3de	`tokens (edewata)`
		2eb3de
		2eb3de	`* Mon Aug 29 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-8`
		2eb3de	`- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne)`
		2eb3de	`- PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor)`
		2eb3de	`- PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata)`
		2eb3de	`- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open`
		2eb3de	`- PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)`
		2eb3de
		2eb3de	`* Tue Aug 23 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-7`
		2eb3de	`- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen)`
		2eb3de	`- CMCEnroll`
		2eb3de	`- PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message`
		2eb3de	`"PKIException: LDAP error (21): error result" (edewata)`
		2eb3de	`- PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade.`
		2eb3de	`(cheimes, edewata, mharmsen)`
		2eb3de	`- PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata)`
		2eb3de	`- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements`
		2eb3de	`(edewata, mharmsen)`
		2eb3de	`- PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem`
		2eb3de	`format with/without header works while pkcs7 with header is not allowed`
		2eb3de	`(edewata)`
		2eb3de	`- PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)`
		2eb3de
		2eb3de	`* Mon Aug 15 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-6`
		2eb3de	`- Bugzilla Bug #1366465 - Errata TPS upgrade test fails`
		2eb3de
		2eb3de	`* Mon Aug 8 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-5`
		2eb3de	`- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing`
		2eb3de	`info (cfu)`
		2eb3de	`- PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from`
		2eb3de	`Firefox' workarounds to appropriate 'pki' man page (jmagne)`
		2eb3de	`- PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu)`
		2eb3de	`- PKI TRAC Ticket #2381 - Throws exception while providing invalid module.`
		2eb3de	`(edewata)`
		2eb3de	`- PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable`
		2eb3de	`should accept only boolean value (edewata)`
		2eb3de	`- PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter`
		2eb3de	`beyond CA signing cert in case of external or existing CA (cfu)`
		2eb3de	`- PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements`
		2eb3de	`(akasurde, alee, cheimes, edewata, jmagne, mharmsen)`
		2eb3de	`- PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not`
		2eb3de	`rpm-require hostname (mharmsen)`
		2eb3de	`- PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and`
		2eb3de	`pki-server (cheimes)`
		2eb3de	`- PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata)`
		2eb3de	`- PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne)`
		2eb3de	`- PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not`
		2eb3de	`apply the specified trust bits (alee)`
		2eb3de	`- PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen`
		2eb3de	`during installation (alee)`
		2eb3de	`- PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are`
		2eb3de	`not used (ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2421 - Incorrect SELinux contexts`
		2eb3de	`Installation/Configuration (edewata)`
		2eb3de	`- PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server`
		2eb3de	`is converted from CA-less to CA-full (edewata)`
		2eb3de	`- PKI TRAC Ticket #2428 - broken request links for CA's system certs in`
		2eb3de	`agent request viewing (cfu)`
		2eb3de	`- PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial`
		2eb3de	`number in migration case (jmagne)`
		2eb3de	`- PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade.`
		2eb3de	`(mharmsen)`
		2eb3de	`- PKI TRAC Ticket #2433 - Lightweight CA GET <id>/chain returns bogus PEM`
		2eb3de	`data (ftweedal)`
		2eb3de
		2eb3de	`* Tue Jul 5 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-3`
		2eb3de	`- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen)`
		2eb3de	`- PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with`
		2eb3de	`key-generate when --usages verify is passed (jmagne)`
		2eb3de	`- PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS`
		2eb3de	`(cfu)`
		2eb3de	`- PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key`
		2eb3de	`generation for non-encryption token keys (cfu)`
		2eb3de	`- PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to`
		2eb3de	`'pki_default.cfg' & 'pkispawn' man pages (mharmsen)`
		2eb3de	`- PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for`
		2eb3de	`shared vs non shared tomcat instance installation (mharmsen)`
		2eb3de	`- PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single`
		2eb3de	`user on multiple tokens. (jmagne)`
		2eb3de	`- PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws`
		2eb3de	`IOError (edewata, ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core`
		2eb3de	`update on upgraded system (ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing`
		2eb3de	`it to "internal" (mharmsen)`
		2eb3de	`- PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared`
		2eb3de	`secret from remote TKS (jmagne)`
		2eb3de	`- PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws`
		2eb3de	`attribute error (ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with`
		2eb3de	`--help option (edewata)`
		2eb3de	`- PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust`
		2eb3de	`flags (edewata)`
		2eb3de	`- PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while`
		2eb3de	`specifying invalid parameters. (edewata)`
		2eb3de	`- PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password`
		2eb3de	`during silent installation (edewata)`
		2eb3de	`- PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg`
		2eb3de	`(ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given`
		2eb3de	`(ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance`
		2eb3de	`fails (ftweedal)`
		2eb3de	`- PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter`
		2eb3de	`beyond CA signing cert in case of external or existing CA (cfu)`
		2eb3de	`- PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements`
		2eb3de	`(akasurde, edewata)`
		2eb3de
		2eb3de	`* Thu Jun 30 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-2`
		2eb3de	`- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks`
		2eb3de	`pki-core (ftweedal)`
		2eb3de
		2eb3de	`* Mon Jun 20 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-1`
		2eb3de	`- Updated release number to 10.3.3-1`
		2eb3de
		2eb3de	`* Tue Jun 7 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-0.1`
		2eb3de	`- Updated version number to 10.3.3-0.1`
		2eb3de
		2eb3de	`* Tue Jun 7 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-5`
		2eb3de	`- Provided cleaner runtime dependency separation`
		2eb3de
		2eb3de	`* Tue Jun 7 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-4`
		2eb3de	`- Updated tomcatjss version dependencies`
		2eb3de
		2eb3de	`* Tue Jun 7 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-3`
		2eb3de	`- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.`
		2eb3de
		2eb3de	`* Tue Jun 7 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-2`
		2eb3de	`- Updated tomcat version dependencies`
		2eb3de
		2eb3de	`* Tue Jun 7 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-1`
		2eb3de	`- Updated version number to 10.3.2-1`
		2eb3de
		2eb3de	`* Wed May 18 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-0.1`
		2eb3de	`- Updated version number to 10.3.2-0.1`
		2eb3de
		2eb3de	`* Tue May 17 2016 Dogtag Team <pki-devel@redhat.com> 10.3.1-1`
		2eb3de	`- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)`
		2eb3de
		2eb3de	`* Mon May 16 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0-1`
		2eb3de	`- Updated version number to 10.3.0-1`
		2eb3de
		2eb3de	`* Mon Apr 18 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.b1-1`
		2eb3de	`- Build for F24 beta`
		2eb3de
		2eb3de	`* Fri Apr 8 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.a2-2`
		2eb3de	`- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.`
		2eb3de
		2eb3de	`* Thu Apr 7 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.a2-1`
		2eb3de	`- Updated build for F24 alpha`
		2eb3de
		2eb3de	`* Wed Mar 23 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.a1-2`
		2eb3de	`- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name`
		2eb3de	`(union of rules) [ftweedal]`
		2eb3de	`- PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap`
		2eb3de	`unconditionally [edewata]`
		2eb3de	`- PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert`
		2eb3de	`request. [edewata]`
		2eb3de	`- PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA`
		2eb3de	`certificates. [edewata]`
		2eb3de	`- PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata]`
		2eb3de	`- PKI TRAC Ticket #1808 - Fixed illegal token state transition`
		2eb3de	`via TEMP_LOST. [edewata]`
		2eb3de
		2eb3de	`* Fri Mar 4 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.a1-1`
		2eb3de	`- Build for F24 alpha`
		2eb3de
		2eb3de	`* Tue Mar 1 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.5`
		2eb3de	`- PKI Trac Ticket #1399 - Move java components out of pki-base`
		2eb3de
		2eb3de	`* Thu Feb 11 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.4`
		2eb3de	`- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool`
		2eb3de
		2eb3de	`* Thu Feb 4 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.3`
		2eb3de	`- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps`
		2eb3de	`should be removed`
		2eb3de
		2eb3de	`* Sat Oct 3 2015 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.2`
		2eb3de	`- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing`
		2eb3de
		2eb3de	`* Sat Aug 8 2015 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.1`
		2eb3de	`- Updated version number to 10.3.0-0.1`
		2eb3de
		2eb3de	`* Fri Aug 7 2015 Dogtag Team <pki-devel@redhat.com> 10.2.7-0.3`
		2eb3de	`- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on`
		2eb3de	`tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools`
		2eb3de	`- Updated dep on tomcatjss [Fedora 23 and later]`
		2eb3de
		2eb3de	`* Fri Jul 24 2015 Tomas Radej <tradej@redhat.com> - 10.2.7-0.2`
		2eb3de	`- Updated dep on policycoreutils-python-utils [Fedora 23 and later]`
		2eb3de
		2eb3de	`* Sat Jul 18 2015 Dogtag Team <pki-devel@redhat.com> 10.2.7-0.1`
		2eb3de	`- Updated version number to 10.2.7-0.1`
		2eb3de
		2eb3de	`* Sat Jul 18 2015 Dogtag Team <pki-devel@redhat.com> 10.2.6-1`
		2eb3de	`- Update release number for release build`
		2eb3de
		2eb3de	`* Fri Jul 17 2015 Dogtag Team <pki-devel@redhat.com> 10.2.6-0.3`
		2eb3de	`- Remove setup directory and remaining Perl dependencies`
		2eb3de
		2eb3de	`* Sat Jun 20 2015 Dogtag Team <pki-devel@redhat.com> 10.2.6-0.2`
		2eb3de	`- Remove ExcludeArch directive`
		2eb3de
		2eb3de	`* Fri Jun 19 2015 Dogtag Team <pki-devel@redhat.com> 10.2.6-0.1`
		2eb3de	`- Updated version number to 10.2.6-0.1`
		2eb3de
		2eb3de	`* Fri Jun 19 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-1`
		2eb3de	`- Update release number for release build`
		2eb3de
		2eb3de	`* Wed Jun 17 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-0.2`
		2eb3de	`- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed`
		2eb3de
		2eb3de	`* Tue May 26 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-0.1`
		2eb3de	`- Updated version number to 10.2.5-0.1`
		2eb3de
		2eb3de	`* Tue May 26 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-1`
		2eb3de	`- Update release number for release build`
		2eb3de
		2eb3de	`* Tue May 12 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-0.2`
		2eb3de	`- Updated nuxwdog and tomcatjss requirements (alee)`
		2eb3de
		2eb3de	`* Thu Apr 23 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-0.1`
		2eb3de	`- Updated version number to 10.2.4-0.1`
		2eb3de	`- Added nuxwdog systemd files`
		2eb3de
		2eb3de	`* Thu Apr 23 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-1`
		2eb3de	`- Update release number for release build`
		2eb3de
		2eb3de	`* Thu Apr 9 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-0.1`
		2eb3de	`- Reverted version number back to 10.2.3-0.1`
		2eb3de	`- Added support for Tomcat 8.`
		2eb3de
		2eb3de	`* Mon Apr 6 2015 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.1`
		2eb3de	`- Updated version number to 10.3.0-0.1`
		2eb3de
		2eb3de	`* Wed Mar 18 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-0.1`
		2eb3de	`- Updated version number to 10.2.3-0.1`
		2eb3de
		2eb3de	`* Tue Mar 17 2015 Dogtag Team <pki-devel@redhat.com> 10.2.2-1`
		2eb3de	`- Update release number for release build`
		2eb3de
		2eb3de	`* Thu Jan 8 2015 Dogtag Team <pki-devel@redhat.com> 10.2.2-0.1`
		2eb3de	`- Updated version number to 10.2.2-0.1`
		2eb3de	`- Moved web application deployment locations.`
		2eb3de	`- Updated Resteasy and Jackson dependencies.`
		2eb3de	`- Added missing python-lxml build dependency.`
		2eb3de
		2eb3de	`* Thu Jan 8 2015 Dogtag Team <pki-devel@redhat.com> 10.2.1-1`
		2eb3de	`- Update release number for release build`
		2eb3de
		2eb3de	`* Tue Dec 16 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.1-0.4`
		2eb3de	`- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2`
		2eb3de	`- PKI TRAC Ticket #1205 - Outdated selinux-policy dependency.`
		2eb3de	`- Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime`
		2eb3de	`dependencies`
		2eb3de
		2eb3de	`* Fri Dec 12 2014 Ade Lee <alee@redhat.com> 10.2.1-0.3`
		2eb3de	`- Change resteasy dependencies for F22+`
		2eb3de
		2eb3de	`* Mon Nov 24 2014 Christina Fu <cfu@redhat.com> 10.2.1-0.2`
		2eb3de	`- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by`
		2eb3de	`default and upgrade (cfu)`
		2eb3de	`- PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen)`
		2eb3de	`- up the release number to 0.2`
		2eb3de
		2eb3de	`* Fri Oct 24 2014 Dogtag Team <pki-devel@redhat.com> 10.2.1-0.1`
		2eb3de	`- Updated version number to 10.2.1-0.1.`
		2eb3de	`- Added CLIs to simplify generating user certificates`
		2eb3de	`- Added enhancements to KRA Python API`
		2eb3de	`- Added a man page for pki ca-profile commands.`
		2eb3de	`- Added python api docs`
		2eb3de
		2eb3de	`* Wed Oct 1 2014 Ade Lee <alee@redhat.com> 10.2.0-3`
		2eb3de	`- Disable pylint dependency for RHEL builds`
		2eb3de	`- Added jakarta-commons-httpclient requirements`
		2eb3de	`- Added tomcat version for RHEL build`
		2eb3de	`- Added resteasy-base-client for RHEL build`
		2eb3de
		2eb3de	`* Wed Sep 24 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-2`
		2eb3de	`- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec`
		2eb3de
		2eb3de	`* Wed Sep 3 2014 Dogtag Team <pki-devel@redhat.com> 10.2.0-1`
		2eb3de	`- Update release number for release build`
		2eb3de
		2eb3de	`* Wed Sep 3 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.10`
		2eb3de	`- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps`
		2eb3de
		2eb3de	`* Fri Aug 29 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.9`
		2eb3de	`- Merged jmagne@redhat.com's spec file changes from the stand-alone`
		2eb3de	`'pki-tps-client' package needed to build/run the native 'tpsclient'`
		2eb3de	`command line utility into this 'pki-core' spec file under the 'tps' package.`
		2eb3de	`- Original tps libararies must be built to support this native utility.`
		2eb3de	`- Modifies tps package from 'noarch' into 'architecture-specific' package`
		2eb3de
		2eb3de	`* Wed Aug 27 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.8`
		2eb3de	`- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent'`
		2eb3de	`packages . . .`
		2eb3de
		2eb3de	`* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.2.0-0.5`
		2eb3de	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild`
		2eb3de
		2eb3de	`* Wed Aug 13 2014 Jack Magne <jmagne@redhat.com> - 10.2.0-0.7`
		2eb3de	`- Respin to include the applet files with the rpm install. No change`
		2eb3de	`to spec file needed.`
		2eb3de
		2eb3de	`* Tue Jul 15 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.6`
		2eb3de	`- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires --`
		2eb3de	`drop dependency on java-atk-wrapper`
		2eb3de	`- Removed 'java-atk-wrapper' dependency from 'pki-server'`
		2eb3de
		2eb3de	`* Wed Jul 2 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.5`
		2eb3de	`- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .`
		2eb3de
		2eb3de	`* Tue Jul 1 2014 Ade Lee <alee@redhat.com> - 10.2.0-0.4`
		2eb3de	`- Update rawhide build`
		2eb3de
		2eb3de	`* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.2.0-0.3`
		2eb3de	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild`
		2eb3de
		2eb3de	`* Fri Mar 28 2014 Michael Simacek <msimacek@redhat.com> - 10.2.0-0.2`
		2eb3de	`- Use Requires: java-headless rebuild (#1067528)`
		2eb3de
		2eb3de	`* Fri Nov 22 2013 Dogtag Team <pki-devel@redhat.com> 10.2.0-0.1`
		2eb3de	`- Added option to build without server packages.`
		2eb3de	`- Replaced Jettison with Jackson.`
		2eb3de	`- Added python-nss build requirement`
		2eb3de	`- Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python`
		2eb3de	`- TRAC Ticket #840 - pkispawn requires policycoreutils-python`
		2eb3de	`- Updated requirements for resteasy`
		2eb3de	`- Added template files for archive, retrieve and generate key`
		2eb3de	`requests to the client package.`
		2eb3de
		2eb3de	`* Fri Nov 15 2013 Ade Lee <alee@redhat.com> 10.1.0-1`
		2eb3de	`- Trac Ticket 788 - Clean up spec files`
		2eb3de	`- Update release number for release build`
		2eb3de	`- Updated requirements for resteasy`
		2eb3de
		2eb3de	`* Sun Nov 10 2013 Ade Lee <alee@redhat.com> 10.1.0-0.14`
		2eb3de	`- Change release number for beta build`
		2eb3de
		2eb3de	`* Thu Nov 7 2013 Ade Lee <alee@redhat.com> 10.1.0-0.13`
		2eb3de	`- Updated requirements for tomcat`
		2eb3de
		2eb3de	`* Fri Oct 4 2013 Ade Lee <alee@redhat.com> 10.1.0-0.12`
		2eb3de	`- Removed additional /var/run, /var/lock references.`
		2eb3de
		2eb3de	`* Fri Oct 4 2013 Ade Lee <alee@redhat.com> 10.1.0-0.11`
		2eb3de	`- Removed delivery of /var/lock and /var/run directories for fedora 20.`
		2eb3de
		2eb3de	`* Wed Aug 14 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.10`
		2eb3de	`- Moved Tomcat-based TPS into pki-core.`
		2eb3de
		2eb3de	`* Wed Aug 14 2013 Abhishek Koneru <akoneru@redhat.com> 10.1.0.0.9`
		2eb3de	`- Listed new packages required during build, due to issues reported`
		2eb3de	`by pylint.`
		2eb3de	`- Packages added: python-requests, python-ldap, libselinux-python,`
		2eb3de	`policycoreutils-python`
		2eb3de
		2eb3de	`* Fri Aug 09 2013 Abhishek Koneru <akoneru@redhat.com> 10.1.0.0.8`
		2eb3de	`- Added pylint scan to the build process.`
		2eb3de
		2eb3de	`* Mon Jul 22 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.7`
		2eb3de	`- Added man pages for upgrade tools.`
		2eb3de
		2eb3de	`* Wed Jul 17 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.6`
		2eb3de	`- Cleaned up the code to install man pages.`
		2eb3de
		2eb3de	`* Tue Jul 16 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.5`
		2eb3de	`- Reorganized deployment tools.`
		2eb3de
		2eb3de	`* Tue Jul 9 2013 Ade Lee <alee@redhat.com> 10.1.0-0.4`
		2eb3de	`- Bugzilla Bug 973224 - resteasy-base must be split into subpackages`
		2eb3de	`to simplify dependencies`
		2eb3de
		2eb3de	`* Fri Jun 14 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.3`
		2eb3de	`- Updated dependencies to Java 1.7.`
		2eb3de
		2eb3de	`* Wed Jun 5 2013 Matthew Harmsen <mharmsen@redhat.com> 10.1.0-0.2`
		2eb3de	`- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page`
		2eb3de	`- TRAC Ticket 610 - Document limitation in using GUI install`
		2eb3de	`- TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory`
		2eb3de
		2eb3de	`* Tue May 7 2013 Ade Lee <alee@redhat.com> 10.1.0-0.1`
		2eb3de	`- Change release number for 10.1 development`
		2eb3de
		2eb3de	`* Mon May 6 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-5`
		2eb3de	`- Fixed incorrect JNI_JAR_DIR.`
		2eb3de
		2eb3de	`* Sat May 4 2013 Ade Lee <alee@redhat.com> 10.0.2-4`
		2eb3de	`- TRAC Ticket 605 Junit internal function used in TestRunner,`
		2eb3de	`breaks F19 build`
		2eb3de
		2eb3de	`* Sat May 4 2013 Ade Lee <alee@redhat.com> 10.0.2-3`
		2eb3de	`- TRAC Ticket 604 Added fallback methods for pkispawn tests`
		2eb3de
		2eb3de	`* Mon Apr 29 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-2`
		2eb3de	`- Added default pki.conf in /usr/share/pki/etc`
		2eb3de	`- Create upgrade tracker on install and remove it on uninstall`
		2eb3de
		2eb3de	`* Fri Apr 26 2013 Ade Lee <alee@redhat.com> 10.0.2-1`
		2eb3de	`- Change release number for official release.`
		2eb3de
		2eb3de	`* Thu Apr 25 2013 Ade Lee <alee@redhat.com> 10.0.2-0.8`
		2eb3de	`- Added %pretrans script for f19`
		2eb3de	`- Added java-atk-wrapper dependency`
		2eb3de
		2eb3de	`* Wed Apr 24 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.7`
		2eb3de	`- Added pki-server-upgrade script and pki.server module.`
		2eb3de	`- Call upgrade scripts in %post for pki-base and pki-server.`
		2eb3de
		2eb3de	`* Tue Apr 23 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.6`
		2eb3de	`- Added dependency on commons-io.`
		2eb3de
		2eb3de	`* Mon Apr 22 2013 Ade Lee <alee@redhat.com> 10.0.2-0.5`
		2eb3de	`- Add /var/log/pki and /var/lib/pki directories`
		2eb3de
		2eb3de	`* Tue Apr 16 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.4`
		2eb3de	`- Run pki-upgrade on post server installation.`
		2eb3de
		2eb3de	`* Mon Apr 15 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.3`
		2eb3de	`- Added dependency on python-lxml.`
		2eb3de
		2eb3de	`* Fri Apr 5 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.2`
		2eb3de	`- Added pki-upgrade script.`
		2eb3de
		2eb3de	`* Fri Apr 5 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.1`
		2eb3de	`- Updated version number to 10.0.2-0.1.`
		2eb3de
		2eb3de	`* Fri Apr 5 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-9`
		2eb3de	`- Renamed base/deploy to base/server.`
		2eb3de	`- Moved pki.conf into pki-base.`
		2eb3de	`- Removed redundant pki/server folder declaration.`
		2eb3de
		2eb3de	`* Tue Mar 19 2013 Ade Lee <alee@redhat.com> 10.0.1-8`
		2eb3de	`- Removed jython dependency`
		2eb3de
		2eb3de	`* Mon Mar 11 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-7`
		2eb3de	`- Added minimum python-requests version.`
		2eb3de
		2eb3de	`* Fri Mar 8 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-6`
		2eb3de	`- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar`
		2eb3de
		2eb3de	`* Thu Mar 7 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-5`
		2eb3de	`- Added dependency on python-requests.`
		2eb3de	`- Reorganized Python module packaging.`
		2eb3de
		2eb3de	`* Thu Mar 7 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-4`
		2eb3de	`- Added dependency on python-ldap.`
		2eb3de
		2eb3de	`* Mon Mar 4 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-3`
		2eb3de	`- TRAC Ticket #517 - Clean up theme dependencies`
		2eb3de	`- TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .`
		2eb3de
		2eb3de	`* Fri Mar 1 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-2`
		2eb3de	`- Removed runtime dependency on 'pki-server-theme' to resolve`
		2eb3de	`Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme`
		2eb3de
		2eb3de	`* Tue Jan 15 2013 Ade Lee <alee@redhat.com> 10.0.1-1`
		2eb3de	`- TRAC Ticket 214 - Missing error description for duplicate user`
		2eb3de	`- TRAC Ticket 213 - Add nonces for cert revocation`
		2eb3de	`- TRAC Ticket 367 - pkidestroy does not remove connector`
		2eb3de	`- TRAC Ticket #430 - License for 3rd party code`
		2eb3de	`- Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP`
		2eb3de	`- Fix spec file to allow f17 to work with latest tomcatjss`
		2eb3de	`- TRAC Ticket 466 - Increase root CA validity to 20 years`
		2eb3de	`- TRAC Ticket 469 - Fix tomcatjss issue in spec files`
		2eb3de	`- TRAC Ticket 468 - pkispawn throws exception`
		2eb3de	`- TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes`
		2eb3de	`- TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . .`
		2eb3de	`- TRAC Ticket 437 - Make admin cert p12 file location configurable`
		2eb3de	`- TRAC Ticket 393 - pkispawn fails when selinux is disabled`
		2eb3de	`- Punctuation and formatting changes in man pages`
		2eb3de	`- Revert to using default config file for pkidestroy`
		2eb3de	`- Hardcode setting of resteasy-lib for instance`
		2eb3de	`- TRAC Ticket 436 - Interpolation for pki_subsystem`
		2eb3de	`- TRAC Ticket 433 - Interpolation for paths`
		2eb3de	`- TRAC Ticket 435 - Identical instance id and instance name`
		2eb3de	`- TRAC Ticket 406 - Replace file dependencies with package dependencies`
		2eb3de
		2eb3de	`* Wed Jan 9 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-5`
		2eb3de	`- TRAC Ticket #430 - License for 3rd party code`
		2eb3de
		2eb3de	`* Fri Jan 4 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-4`
		2eb3de	`- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and`
		2eb3de	`dogtag-pki.spec . . .`
		2eb3de	`- TRAC Ticket #468 - pkispawn throws exception`
		2eb3de
		2eb3de	`* Wed Dec 12 2012 Ade Lee <alee@redhat.com> 10.0.0-3`
		2eb3de	`- Replaced file dependencies with package dependencies`
		2eb3de
		2eb3de	`* Mon Dec 10 2012 Ade Lee <alee@redhat.com> 10.0.0-2`
		2eb3de	`- Updated man pages`
		2eb3de
		2eb3de	`* Fri Dec 7 2012 Ade Lee <alee@redhat.com> 10.0.0-1`
		2eb3de	`- Update to official release for rc1`
		2eb3de
		2eb3de	`* Thu Dec 6 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.56.b3`
		2eb3de	`- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy.`
		2eb3de	`- Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.`
		2eb3de
		2eb3de	`* Thu Dec 6 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.55.b3`
		2eb3de	`- Added system-wide configuration /etc/pki/pki.conf.`
		2eb3de	`- Removed redundant lines in %files.`
		2eb3de
		2eb3de	`* Tue Dec 4 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.54.b3`
		2eb3de	`- Moved default deployment configuration to /etc/pki.`
		2eb3de
		2eb3de	`* Mon Nov 19 2012 Ade Lee <alee@redhat.com> 10.0.0-0.53.b3`
		2eb3de	`- Cleaned up spec file to provide only support rhel 7+, f17+`
		2eb3de	`- Added resteasy-base dependency for rhel 7`
		2eb3de	`- Update cmake version`
		2eb3de
		2eb3de	`* Mon Nov 12 2012 Ade Lee <alee@redhat.com> 10.0.0-0.52.b3`
		2eb3de	`- Update release to b3`
		2eb3de
		2eb3de	`* Fri Nov 9 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.51.b2`
		2eb3de	`- Removed dependency on CA, KRA, OCSP, TKS theme packages.`
		2eb3de
		2eb3de	`* Thu Nov 8 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.50.b2`
		2eb3de	`- Renamed pki-common-theme to pki-server-theme.`
		2eb3de
		2eb3de	`* Thu Nov 8 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.49.b2`
		2eb3de	`- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to`
		2eb3de	`'pki-server'`
		2eb3de
		2eb3de	`* Mon Oct 29 2012 Ade Lee <alee@redhat.com> 10.0.0-0.48.b2`
		2eb3de	`- Update release to b2`
		2eb3de
		2eb3de	`* Wed Oct 24 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.47.b1`
		2eb3de	`- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .`
		2eb3de
		2eb3de	`* Tue Oct 23 2012 Ade Lee <alee@redhat.com> 10.0.0-0.46.b1`
		2eb3de	`- Added Obsoletes for pki-selinux`
		2eb3de
		2eb3de	`* Tue Oct 23 2012 Ade Lee <alee@redhat.com> 10.0.0-0.45.b1`
		2eb3de	`- Remove build of pki-selinux for f18, use system policy instead`
		2eb3de
		2eb3de	`* Fri Oct 12 2012 Ade Lee <alee@redhat.com> 10.0.0-0.44.b1`
		2eb3de	`- Update required tomcatjss version`
		2eb3de	`- Added net-tools dependency`
		2eb3de
		2eb3de	`* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.43.b1`
		2eb3de	`- Update selinux-policy version to fix error from latest policy changes`
		2eb3de
		2eb3de	`* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.42.b1`
		2eb3de	`- Fix typo in selinux policy versions`
		2eb3de
		2eb3de	`* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.41.b1`
		2eb3de	`- Added build requires for correct version of selinux-policy-devel`
		2eb3de
		2eb3de	`* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.40.b1`
		2eb3de	`- Update release to b1`
		2eb3de
		2eb3de	`* Fri Oct 5 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.40.a2`
		2eb3de	`- Merged pki-silent into pki-server.`
		2eb3de
		2eb3de	`* Fri Oct 5 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.39.a2`
		2eb3de	`- Renamed "shared" folder to "server".`
		2eb3de
		2eb3de	`* Fri Oct 5 2012 Ade Lee <alee@redhat.com> 10.0.0-0.38.a2`
		2eb3de	`- Added required selinux versions for new policy.`
		2eb3de
		2eb3de	`* Tue Oct 2 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.37.a2`
		2eb3de	`- Added Provides to packages replacing obsolete packages.`
		2eb3de
		2eb3de	`* Mon Oct 1 2012 Ade Lee <alee@redhat.com> 10.0.0-0.36.a2`
		2eb3de	`- Update release to a2`
		2eb3de
		2eb3de	`* Sun Sep 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.36.a1`
		2eb3de	`- Modified CMake to use RPM version number`
		2eb3de
		2eb3de	`* Tue Sep 25 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.35.a1`
		2eb3de	`- Added VERSION file`
		2eb3de
		2eb3de	`* Mon Sep 24 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.34.a1`
		2eb3de	`- Merged pki-setup into pki-server`
		2eb3de
		2eb3de	`* Thu Sep 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.33.a1`
		2eb3de	`- Added Conflicts for IPA 2.X`
		2eb3de	`- Added build requires for zip to work around mock problem`
		2eb3de
		2eb3de	`* Wed Sep 12 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.32.a1`
		2eb3de	`- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances`
		2eb3de	`upon RPM "update" . . .`
		2eb3de	`- TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy"`
		2eb3de	`from /usr/bin to /usr/sbin . . .`
		2eb3de
		2eb3de	`* Wed Sep 12 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.31.a1`
		2eb3de	`- Fixed pki-server to include everything in shared dir.`
		2eb3de
		2eb3de	`* Tue Sep 11 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.30.a1`
		2eb3de	`- Added build dependency on redhat-rpm-config.`
		2eb3de
		2eb3de	`* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.29.a1`
		2eb3de	`- Merged Javadoc packages.`
		2eb3de
		2eb3de	`* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.28.a1`
		2eb3de	`- Added pki-tomcat.jar.`
		2eb3de
		2eb3de	`* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.27.a1`
		2eb3de	`- Moved webapp creation code into pkispawn.`
		2eb3de
		2eb3de	`* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.26.a1`
		2eb3de	`- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.`
		2eb3de
		2eb3de	`* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.25.a1`
		2eb3de	`- Merged pki-native-tools and pki-java-tools into pki-tools.`
		2eb3de	`- Modified pki-server to depend on pki-tools.`
		2eb3de
		2eb3de	`* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.24.a1`
		2eb3de	`- Split pki-common into pki-base and pki-server.`
		2eb3de	`- Merged pki-util into pki-base.`
		2eb3de	`- Merged pki-deploy into pki-server.`
		2eb3de
		2eb3de	`* Thu Aug 16 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.23.a1`
		2eb3de	`- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17`
		2eb3de	`- Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy'`
		2eb3de	`- Altered PKI Package Dependency Chain (top-to-bottom):`
		2eb3de	`pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common`
		2eb3de
		2eb3de	`* Mon Aug 13 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.22.a1`
		2eb3de	`- Added pki-client.jar.`
		2eb3de
		2eb3de	`* Fri Jul 27 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.21.a1`
		2eb3de	`- Merged pki-jndi-realm.jar into pki-cmscore.jar.`
		2eb3de
		2eb3de	`* Tue Jul 24 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.20.a1`
		2eb3de	`- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully`
		2eb3de	`via mock on Fedora 17 . . .`
		2eb3de
		2eb3de	`* Wed Jul 11 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.19.a1`
		2eb3de	`- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)`
		2eb3de
		2eb3de	`* Thu Jun 14 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.18.a1`
		2eb3de	`- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18`
		2eb3de
		2eb3de	`* Tue May 29 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.17.a1`
		2eb3de	`- Added CLI for REST services`
		2eb3de
		2eb3de	`* Fri May 18 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.16.a1`
		2eb3de	`- Integration of Tomcat 7`
		2eb3de	`- Addition of centralized 'pki-tomcatd' systemd functionality to the`
		2eb3de	`PKI Deployment strategy`
		2eb3de	`- Removal of 'pki_flavor' attribute`
		2eb3de
		2eb3de	`* Mon Apr 16 2012 Ade Lee <alee@redhat.com> 10.0.0-0.15.a1`
		2eb3de	`- BZ 813075 - selinux denial for file size access`
		2eb3de
		2eb3de	`* Thu Apr 5 2012 Christina Fu <cfu@redhat.com> 10.0.0-0.14.a1`
		2eb3de	`- Bug 745278 - [RFE] ECC encryption keys cannot be archived`
		2eb3de
		2eb3de	`* Tue Mar 27 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.13.a1`
		2eb3de	`- Replaced candlepin-deps with resteasy`
		2eb3de
		2eb3de	`* Fri Mar 23 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.12.a1`
		2eb3de	`- Added option to build without Javadoc`
		2eb3de
		2eb3de	`* Fri Mar 16 2012 Ade Lee <alee@redhat.com> 10.0.0-0.11.a1`
		2eb3de	`- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes`
		2eb3de	`- Corrected patch selected for selinux f17 rules`
		2eb3de
		2eb3de	`* Wed Mar 14 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.10.a1`
		2eb3de	`- Corrected 'junit' dependency check`
		2eb3de
		2eb3de	`* Mon Mar 12 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.9.a1`
		2eb3de	`- Initial attempt at PKI deployment framework described in`
		2eb3de	`'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.`
		2eb3de
		2eb3de	`* Fri Mar 09 2012 Jack Magne <jmagne@redhat.com> 10.0.0-0.8.a1`
		2eb3de	`- Added support for pki-jndi-realm in tomcat6 in pki-common`
		2eb3de	`and pki-kra.`
		2eb3de	`- Ticket #69.`
		2eb3de
		2eb3de	`* Fri Mar 2 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.7.a1`
		2eb3de	`- For 'mock' purposes, removed platform-specific logic from around`
		2eb3de	`the 'patch' files so that ALL 'patch' files will be included in`
		2eb3de	`the SRPM.`
		2eb3de
		2eb3de	`* Wed Feb 29 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.6.a1`
		2eb3de	`- Removed dependency on OSUtil.`
		2eb3de
		2eb3de	`* Tue Feb 28 2012 Ade Lee <alee@redhat.com> 10.0.0-0.5.a1`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Added platform-dependent patches for SELinux component`
		2eb3de	`- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)`
		2eb3de	`- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)`
		2eb3de
		2eb3de	`* Thu Feb 23 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.4.a1`
		2eb3de	`- Added dependency on Apache Commons Codec.`
		2eb3de
		2eb3de	`* Wed Feb 22 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.3.a1`
		2eb3de	`- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes`
		2eb3de	`in fundamental path structure in Fedora 17`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Hard-code Perl dependencies to protect against bugs such as`
		2eb3de	`Bugzilla Bug #772699 - Adapt perl and python fileattrs to`
		2eb3de	`changed file 5.10 magics`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess`
		2eb3de
		2eb3de	`* Mon Feb 20 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.2.a1`
		2eb3de	`- Integrated 'pki-kra' into 'pki-core'`
		2eb3de	`- Integrated 'pki-ocsp' into 'pki-core'`
		2eb3de	`- Integrated 'pki-tks' into 'pki-core'`
		2eb3de	`- Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements`
		2eb3de
		2eb3de	`* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1`
		2eb3de	`- Updated package version number`
		2eb3de
		2eb3de	`* Mon Jan 16 2012 Ade Lee <alee@redhat.com> 9.0.16-3`
		2eb3de	`- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup`
		2eb3de
		2eb3de	`* Mon Nov 28 2011 Endi S. Dewata <edewata@redhat.com> 9.0.16-2`
		2eb3de	`- Added JUnit tests`
		2eb3de
		2eb3de	`* Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.16-1`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- Bugzilla Bug #737122 - DRM: during archiving and recovering,`
		2eb3de	`wrapping unwrapping keys should be done in the token (cfu)`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after`
		2eb3de	`the in-place upgrade( CS 8.0->8.1) (cfu)`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)`
		2eb3de	`- Bugzilla Bug #737122 - DRM: during archiving and recovering,`
		2eb3de	`wrapping unwrapping keys should be done in the token (cfu)`
		2eb3de	`- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17`
		2eb3de	`(rawhide) . . . (mharmsen)`
		2eb3de	`- Bugzilla Bug #749945 - Installation error reported during CA, DRM,`
		2eb3de	`OCSP, and TKS package installation . . . (mharmsen)`
		2eb3de	`- 'pki-silent'`
		2eb3de
		2eb3de	`* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.15-1`
		2eb3de	`- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)`
		2eb3de	`- Bugzilla Bug #699809 - Convert CS to use systemd (alee)`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS`
		2eb3de	`mode (cfu)`
		2eb3de	`- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode`
		2eb3de	`(hsm+NSS). (jmagne)`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)`
		2eb3de	`- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS`
		2eb3de	`mode (cfu)`
		2eb3de	`- 'pki-util'`
		2eb3de	`- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS`
		2eb3de	`mode (cfu)`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS`
		2eb3de	`mode (cfu)`
		2eb3de	`- Bugzilla Bug #737218 - Incorrect request attribute name matching`
		2eb3de	`ignores request attributes during request parsing. (awnuk)`
		2eb3de	`- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode`
		2eb3de	`(hsm+NSS). (jmagne)`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #712931 - CS requires too many ports`
		2eb3de	`to be open in the FW (alee)`
		2eb3de	`- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS`
		2eb3de	`mode (cfu)`
		2eb3de	`- 'pki-silent'`
		2eb3de	`- Bugzilla Bug #739201 - pkisilent does not take arch into account`
		2eb3de	`as Java packages migrated to arch-dependent directories (mharmsen)`
		2eb3de
		2eb3de	`* Fri Sep 9 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.14-1`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .`
		2eb3de	`- Bugzilla Bug #699809 - Convert CS to use systemd (alee)`
		2eb3de	`- 'pki-silent'`
		2eb3de	`- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .`
		2eb3de
		2eb3de	`* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.13-1`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #699809 - Convert CS to use systemd (alee)`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #699809 - Convert CS to use systemd (alee)`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #699809 - Convert CS to use systemd (alee)`
		2eb3de
		2eb3de	`* Tue Aug 23 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.12-1`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #712931 - CS requires too many ports`
		2eb3de	`to be open in the FW (alee)`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- Bugzilla Bug #717643 - Fopen without NULL check and other Coverity`
		2eb3de	`issues (awnuk)`
		2eb3de	`- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)`
		2eb3de	`- 'pki-util'`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #700522 - pki tomcat6 instances currently running`
		2eb3de	`unconfined, allow server to come up when selinux disabled (alee)`
		2eb3de	`- Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated`
		2eb3de	`correctly when subsystem cloned (using hsm) (alee)`
		2eb3de	`- Bugzilla Bug #712931 - CS requires too many ports`
		2eb3de	`to be open in the FW (alee)`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Bugzilla Bug #712931 - CS requires too many ports`
		2eb3de	`to be open in the FW (alee)`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #712931 - CS requires too many ports`
		2eb3de	`to be open in the FW (alee)`
		2eb3de	`- 'pki-silent'`
		2eb3de
		2eb3de	`* Wed Aug 10 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.11-1`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much`
		2eb3de	`time - remove the inefficient sleeps (alee)`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by`
		2eb3de	`renumbering "cn=<value>" (mharmsen)`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like`
		2eb3de	`(jmagne, awnuk)`
		2eb3de	`- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much`
		2eb3de	`time - remove the inefficient sleeps (alee)`
		2eb3de	`- Bugzilla Bug #708075 - Clone installation does not work over NAT`
		2eb3de	`(alee)`
		2eb3de	`- Bugzilla Bug #726785 - If replication fails while setting up a clone`
		2eb3de	`it will wait forever (alee)`
		2eb3de	`- Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)`
		2eb3de	`- Bugzilla Bug #700505 - pki tomcat6 instances currently running`
		2eb3de	`unconfined (alee)`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Bugzilla Bug #700505 - pki tomcat6 instances currently running`
		2eb3de	`unconfined (alee)`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs`
		2eb3de	`in IPA profile (awnuk)`
		2eb3de	`- 'pki-silent'`
		2eb3de	`- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much`
		2eb3de	`time - remove the inefficient sleeps (alee)`
		2eb3de
		2eb3de	`* Fri Jul 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.10-1`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored`
		2eb3de	`using an ECC CA to generate ECC certs from CRMF. (jmagne)`
		2eb3de	`- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding`
		2eb3de	`for any component value which is equal to its default value (alee)`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #720510 - Console: Adding a certificate into nethsm`
		2eb3de	`throws Token not found error. (jmagne)`
		2eb3de	`- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored`
		2eb3de	`using an ECC CA to generate ECC certs from CRMF. (jmagne)`
		2eb3de	`- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding`
		2eb3de	`for any component value which is equal to its default value (alee)`
		2eb3de	`- Bugzilla Bug #722989 - Registering an agent when a subsystem is`
		2eb3de	`created - does not log AUTHZ_SUCCESS event. (alee)`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert`
		2eb3de	`(awnuk)`
		2eb3de	`- 'pki-silent'`
		2eb3de
		2eb3de	`* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.9-1`
		2eb3de	`- Updated release of 'jss'`
		2eb3de	`- Updated release of 'tomcatjss' for Fedora 15`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser`
		2eb3de	`(jdennis)`
		2eb3de	`- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #717765 - TPS configuration: logging into security domain`
		2eb3de	`from tps does not work with clientauth=want. (alee)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de	`- 'pki-util'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)`
		2eb3de	`- Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record`
		2eb3de	`processing) (mharmsen)`
		2eb3de	`- Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #695403 - Editing signedaudit or transaction, system`
		2eb3de	`logs throws 'Invalid protocol' for OCSP subsystems (alee)`
		2eb3de	`- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)`
		2eb3de	`- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not`
		2eb3de	`populated in the CA signedAudit messages (alee)`
		2eb3de	`- Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)`
		2eb3de	`- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not`
		2eb3de	`populated in the CA signedAudit messages (jmagne)`
		2eb3de	`- Bugzilla Bug #698885 - Race conditions during IPA installation (alee)`
		2eb3de	`- Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:`
		2eb3de	`SubjectID=$Unidentified$ fails audit evaluation (jmagne)`
		2eb3de	`- Bugzilla Bug #705914 - SCEP mishandles nicknames when processing`
		2eb3de	`subsequent SCEP requests. (awnuk)`
		2eb3de	`- Bugzilla Bug #661142 - Verification should fail when a revoked`
		2eb3de	`certificate is added. (jmagne)`
		2eb3de	`- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs`
		2eb3de	`for modify/add (alee)`
		2eb3de	`- Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)`
		2eb3de	`- Bugzilla Bug #707607 - Published certificate summary has list of`
		2eb3de	`non-published certificates with succeeded status (jmagne)`
		2eb3de	`- Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated`
		2eb3de	`for tps and ca on server shutdown (jmagne)`
		2eb3de	`- Bugzilla Bug #697939 - DRM signed audit log message - operation should`
		2eb3de	`be read instead of modify (jmagne)`
		2eb3de	`- Bugzilla Bug #718427 - When audit log is full, server continue to`
		2eb3de	`function. (alee)`
		2eb3de	`- Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in`
		2eb3de	`CA's signedaudit log when a directory based user enrollment is`
		2eb3de	`performed (jmagne)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #720503 - RA and TPS require additional SELinux`
		2eb3de	`permissions to run in "Enforcing" mode (alee)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser`
		2eb3de	`(jdennis)`
		2eb3de	`- Bugzilla Bug #699837 - service command is not fully backwards`
		2eb3de	`compatible with Dogtag pki subsystems (mharmsen)`
		2eb3de	`- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an`
		2eb3de	`administrator group. (jmagne)`
		2eb3de	`- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs`
		2eb3de	`for modify/add (alee)`
		2eb3de	`- Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee`
		2eb3de	`pages (alee)`
		2eb3de	`- Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs`
		2eb3de	`for a revocation invoked by EE user (awnuk)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de	`- 'pki-silent'`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de	`(mharmsen)`
		2eb3de	`- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)`
		2eb3de
		2eb3de	`* Wed May 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-2`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Added 'DRMTool.cfg' configuration file to inventory`
		2eb3de	`- 'pki-common'`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- 'pki-silent'`
		2eb3de
		2eb3de	`* Wed May 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Bugzilla Bug #532548 - Tool to do DRM re-key`
		2eb3de	`- 'pki-common'`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- 'pki-silent'`
		2eb3de
		2eb3de	`* Tue Apr 26 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser`
		2eb3de	`- Bugzilla Bug #694569 - parameter used by pkiremove not updated`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs`
		2eb3de	`throws 'Invalid protocol' for OCSP subsystems`
		2eb3de	`- Bugzilla Bug #694569 - parameter used by pkiremove not updated`
		2eb3de	`- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not`
		2eb3de	`populated in the CA signedAudit messages`
		2eb3de	`- Bugzilla Bug #694143 - CA Agent not returning specified request`
		2eb3de	`- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not`
		2eb3de	`populated in the CA signedAudit messages`
		2eb3de	`- Bugzilla Bug #698885 - Race conditions during IPA installation`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser`
		2eb3de	`- Bugzilla Bug #699837 - service command is not fully backwards compatible`
		2eb3de	`with Dogtag pki subsystems`
		2eb3de	`- 'pki-silent'`
		2eb3de
		2eb3de	`* Mon Apr 11 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-2`
		2eb3de	`- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.`
		2eb3de
		2eb3de	`* Tue Apr 5 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-1`
		2eb3de	`- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)`
		2eb3de	`- Bugzilla Bug #693327 - Missing requires: tomcatjss`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #690626 - pkiremove removes the registry entry for`
		2eb3de	`all instances on a machine`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port`
		2eb3de	`throws file not found exception.`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #692990 - Audit log messages needed to match CC doc:`
		2eb3de	`DRM Recovery audit log messages`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- 'pki-silent'`
		2eb3de
		2eb3de	`* Tue Apr 5 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.5-2`
		2eb3de	`- Bugzilla Bug #693327 - Missing requires: tomcatjss`
		2eb3de
		2eb3de	`* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.5-1`
		2eb3de	`- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)`
		2eb3de	`- Require "jss >= 4.2.6-15" as a build and runtime requirement`
		2eb3de	`- Require "tomcatjss >= 2.1.1" as a build and runtime requirement`
		2eb3de	`for Fedora 15 and later platforms`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #688287 - Add "deprecation" notice regarding using`
		2eb3de	`"shared ports" in pkicreate -help . . .`
		2eb3de	`- Bugzilla Bug #688251 - Dogtag installation under IPA takes`
		2eb3de	`too much time - SELinux policy compilation`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple`
		2eb3de	`extensions`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #683581 - CA configuration with ECC(Default`
		2eb3de	`EC curve-nistp521) CA fails with 'signing operation failed'`
		2eb3de	`- Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled`
		2eb3de	`on the EE port`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Bugzilla Bug #684871 - ldaps selinux link change`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #683581 - CA configuration with ECC(Default`
		2eb3de	`EC curve-nistp521) CA fails with 'signing operation failed'`
		2eb3de	`- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments`
		2eb3de	`- Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port`
		2eb3de	`throws file not found exception.(profile and CS.cfg only)`
		2eb3de	`- 'pki-silent'`
		2eb3de
		2eb3de	`* Thu Mar 17 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.4-1`
		2eb3de	`- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha)`
		2eb3de	`- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA`
		2eb3de	`instance`
		2eb3de	`- Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #678157 - uninitialized variable warnings from Perl`
		2eb3de	`- Bugzilla Bug #679574 - Velocity fails to load all dependent classes`
		2eb3de	`- Bugzilla Bug #680420 - xml-commons-apis.jar dependency`
		2eb3de	`- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's`
		2eb3de	`classpath`
		2eb3de	`- Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library`
		2eb3de	`name for SafeNet LunaSA`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #673638 - Installation within IPA hangs`
		2eb3de	`- Bugzilla Bug #678715 - netstat loop fixes needed`
		2eb3de	`- Bugzilla Bug #673609 - CC: authorize() call needs to be added to`
		2eb3de	`getStats servlet`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Bugzilla Bug #674195: SELinux error message thrown during token`
		2eb3de	`enrollment`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #673638 - Installation within IPA hangs`
		2eb3de	`- Bugzilla Bug #673609 - CC: authorize() call needs to be added to`
		2eb3de	`getStats servlet`
		2eb3de	`- Bugzilla Bug #676330 - init script cannot start service`
		2eb3de	`- 'pki-silent'`
		2eb3de	`- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's`
		2eb3de	`classpath`
		2eb3de
		2eb3de	`* Wed Feb 9 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-2`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #676051 - IPA installation failing - Fails to create CA`
		2eb3de	`instance`
		2eb3de	`- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA`
		2eb3de	`instance`
		2eb3de
		2eb3de	`* Fri Feb 4 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #674894 - ipactl restart : an annoy output line`
		2eb3de	`- Bugzilla Bug #675179 - ipactl restart : an annoy output line`
		2eb3de
		2eb3de	`* Thu Feb 3 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.2-1`
		2eb3de	`- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #673638 - Installation within IPA hangs`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- 'pki-util'`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided`
		2eb3de	`by 'netscape.security.provider' package`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #672291 - CA is not publishing certificates issued using`
		2eb3de	`"Manual User Dual-Use Certificate Enrollment"`
		2eb3de	`- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection`
		2eb3de	`error.`
		2eb3de	`- Bugzilla Bug #504056 - Completed SCEP requests are assigned to the`
		2eb3de	`"begin" state instead of "complete".`
		2eb3de	`- Bugzilla Bug #504055 - SCEP requests are not properly populated`
		2eb3de	`- Bugzilla Bug #564207 - Searches for completed requests in the agent`
		2eb3de	`interface returns zero entries`
		2eb3de	`- Bugzilla Bug #672291 - CA is not publishing certificates issued using`
		2eb3de	`"Manual User Dual-Use Certificate Enrollment" -`
		2eb3de	`- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided`
		2eb3de	`by 'netscape.security.provider' package`
		2eb3de	`- Bugzilla Bug #672920 - CA console: adding policy to a profile throws`
		2eb3de	`'Duplicate policy' error in some cases.`
		2eb3de	`- Bugzilla Bug #673199 - init script returns control before web apps have`
		2eb3de	`started`
		2eb3de	`- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI`
		2eb3de	`subsystem instances`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #504013 - sscep request is rejected due to authentication`
		2eb3de	`error if submitted through one time pin router certificate enrollment.`
		2eb3de	`- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing`
		2eb3de	`information`
		2eb3de	`- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml`
		2eb3de	`as part of CC interface review`
		2eb3de	`- Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation`
		2eb3de	`- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI`
		2eb3de	`subsystem instances`
		2eb3de	`- 'pki-silent'`
		2eb3de	`- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided`
		2eb3de	`by 'netscape.security.provider' package`
		2eb3de
		2eb3de	`* Wed Feb 2 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-3`
		2eb3de	`- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files`
		2eb3de	`in /var/run and /var/lock`
		2eb3de
		2eb3de	`* Thu Jan 20 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-2`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- Bugzilla Bug #671265 - pki-symkey jar version incorrect`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #564207 - Searches for completed requests in the agent`
		2eb3de	`interface returns zero entries`
		2eb3de
		2eb3de	`* Tue Jan 18 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1`
		2eb3de	`- Allow 'pki-native-tools' to be installed independently of 'pki-setup'`
		2eb3de	`- Removed explicit 'pki-setup' requirement from 'pki-ca'`
		2eb3de	`(since it already requires 'pki-common')`
		2eb3de	`- 'pki-setup'`
		2eb3de	`- Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group`
		2eb3de	`- Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP`
		2eb3de	`and TKS.`
		2eb3de	`- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port`
		2eb3de	`fowarding for agent services`
		2eb3de	`- Bugzilla Bug #632425 - Port to tomcat6`
		2eb3de	`- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from`
		2eb3de	`OpenLDAP instead of the Mozldap`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13`
		2eb3de	`- Bugzilla Bug #661514 - CMAKE build system requires rules to make`
		2eb3de	`javadocs`
		2eb3de	`- Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*,`
		2eb3de	`pkicreate fails Fedora 14 and above`
		2eb3de	`- Bugzilla Bug #23346 - Two conflicting ACL list definitions in source`
		2eb3de	`repository`
		2eb3de	`- Bugzilla Bug #656733 - Standardize jar install location and jar names`
		2eb3de	`- 'pki-symkey'`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #644056 - CS build contains warnings`
		2eb3de	`- 'pki-native-tools'`
		2eb3de	`- template change`
		2eb3de	`- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from`
		2eb3de	`OpenLDAP instead of the Mozldap`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #644056 - CS build contains warnings`
		2eb3de	`- 'pki-util'`
		2eb3de	`- Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical`
		2eb3de	`cannot be set to true`
		2eb3de	`- Bugzilla Bug #224945 - javadocs has missing descriptions, contains`
		2eb3de	`empty packages`
		2eb3de	`- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.`
		2eb3de	`- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte`
		2eb3de	`senderNonce in all signed SCEP responses.`
		2eb3de	`- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade`
		2eb3de	`attack in SCEP`
		2eb3de	`- Bugzilla Bug #621334 - Provide an option to set default hash algorithm`
		2eb3de	`for signing SCEP response messages.`
		2eb3de	`- Bugzilla Bug #635033 - At installation wizard selecting key types other`
		2eb3de	`than CA's signing cert will fail`
		2eb3de	`- Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and`
		2eb3de	`CS interface`
		2eb3de	`- Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse`
		2eb3de	`ASN.1 encoding/decoding is broken`
		2eb3de	`- Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1`
		2eb3de	`encoding/decoding is incomplete`
		2eb3de	`- Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1`
		2eb3de	`encoding/decoding is incomplete`
		2eb3de	`- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit`
		2eb3de	`policy extension to 5 only`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #661514 - CMAKE build system requires rules to make`
		2eb3de	`javadocs`
		2eb3de	`- Bugzilla Bug #658188 - remove remaining references to tomcat5`
		2eb3de	`- Bugzilla Bug #656733 - Standardize jar install location and jar names`
		2eb3de	`- Bugzilla Bug #223319 - Certificate Status inconsistency between token`
		2eb3de	`db and CA`
		2eb3de	`- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory`
		2eb3de	`During CRL Generation`
		2eb3de	`- 'pki-java-tools'`
		2eb3de	`- Bugzilla Bug #224945 - javadocs has missing descriptions, contains`
		2eb3de	`empty packages`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #661514 - CMAKE build system requires rules to make`
		2eb3de	`javadocs`
		2eb3de	`- Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to`
		2eb3de	`5000 bytes`
		2eb3de	`- Bugzilla Bug #656733 - Standardize jar install location and jar names`
		2eb3de	`- 'pki-common'`
		2eb3de	`- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review`
		2eb3de	`- Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable`
		2eb3de	`started before configuration completed`
		2eb3de	`- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit`
		2eb3de	`logs in the java subsystems`
		2eb3de	`- Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5`
		2eb3de	`policy mappings (seem hardcoded)`
		2eb3de	`- Bugzilla Bug #224945 - javadocs has missing descriptions, contains`
		2eb3de	`empty packages`
		2eb3de	`- Bugzilla Bug #548699 - subCA's admin certificate should be generated by`
		2eb3de	`itself`
		2eb3de	`- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA`
		2eb3de	`- Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile`
		2eb3de	`caAgentServerCert (null cert_request)`
		2eb3de	`- Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited`
		2eb3de	`number of times`
		2eb3de	`- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml`
		2eb3de	`as part of CC interface review`
		2eb3de	`- Bugzilla Bug #629677 - TPS: token enrollment fails.`
		2eb3de	`- Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN`
		2eb3de	`in a SCEP request`
		2eb3de	`- Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection`
		2eb3de	`pools not reliable - improve connections or discovery`
		2eb3de	`- Bugzilla Bug #629769 - password decryption logs plain text password`
		2eb3de	`- Bugzilla Bug #583823 - CC: Auditing issues found as result of`
		2eb3de	`CC - interface review`
		2eb3de	`- Bugzilla Bug #632425 - Port to tomcat6`
		2eb3de	`- Bugzilla Bug #586700 - OCSP Server throws fatal error while using`
		2eb3de	`OCSP console for renewing SSL Server certificate.`
		2eb3de	`- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.`
		2eb3de	`- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte`
		2eb3de	`senderNonce in all signed SCEP responses.`
		2eb3de	`- Bugzilla Bug #607380 - CC: Make sure Java Console can configure all`
		2eb3de	`security relevant config items`
		2eb3de	`- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be`
		2eb3de	`generated on TKS instead of TPS.`
		2eb3de	`- Bugzilla Bug #489342 -`
		2eb3de	`com.netscape.cms.servlet.common.CMCOutputTemplate.java`
		2eb3de	`doesn't support EC`
		2eb3de	`- Bugzilla Bug #630121 - OCSP responder lacking option to delete or`
		2eb3de	`disable a CA that it serves`
		2eb3de	`- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1`
		2eb3de	`- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade`
		2eb3de	`attack in SCEP`
		2eb3de	`- Bugzilla Bug #621334 - Provide an option to set default hash algorithm`
		2eb3de	`for signing SCEP response messages.`
		2eb3de	`- Bugzilla Bug #635033 - At installation wizard selecting key types other`
		2eb3de	`than CA's signing cert will fail`
		2eb3de	`- Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated`
		2eb3de	`for SCEP signing and encryption.`
		2eb3de	`- Bugzilla Bug #223336 - ECC: unable to clone a ECC CA`
		2eb3de	`- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned`
		2eb3de	`by Reason Code - onlySomeReasons ?`
		2eb3de	`- Bugzilla Bug #637330 - CC feature: Key Management - provide signature`
		2eb3de	`verification functions (JAVA subsystems)`
		2eb3de	`- Bugzilla Bug #223313 - should do random generated IV param`
		2eb3de	`for symmetric keys`
		2eb3de	`- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port`
		2eb3de	`fowarding for agent services`
		2eb3de	`- Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory`
		2eb3de	`- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on`
		2eb3de	`ECC curve names (not on key sizes).`
		2eb3de	`- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple`
		2eb3de	`Certificates from the Same Request`
		2eb3de	`- Bugzilla Bug #648757 - expose and use updated cert verification`
		2eb3de	`function in JSS`
		2eb3de	`- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection`
		2eb3de	`of signature algorithm; and for ECC curves`
		2eb3de	`- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing`
		2eb3de	`e.c. support`
		2eb3de	`- Bugzilla Bug #651040 - cloning shoud not include sslserver`
		2eb3de	`- Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to`
		2eb3de	`CS.cfg files imcomplete when the cert is stored on a hsm`
		2eb3de	`- Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . .`
		2eb3de	`- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports`
		2eb3de	`to talk to CA and complete configuration in DonePanel`
		2eb3de	`- Bugzilla Bug #642359 - CC Feature - need to verify certificate when it`
		2eb3de	`is added`
		2eb3de	`- Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires`
		2eb3de	`auditing`
		2eb3de	`- Bugzilla Bug #489385 - references to rhpki`
		2eb3de	`- Bugzilla Bug #499494 - change CA defaults to SHA2`
		2eb3de	`- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit`
		2eb3de	`policy extension to 5 only`
		2eb3de	`- Bugzilla Bug #649910 - Console: an auditor or agent can be added to`
		2eb3de	`an administrator group.`
		2eb3de	`- Bugzilla Bug #632425 - Port to tomcat6`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)`
		2eb3de	`- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets`
		2eb3de	`as expected`
		2eb3de	`- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for`
		2eb3de	`validity`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1`
		2eb3de	`- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with`
		2eb3de	`Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.`
		2eb3de	`- Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an`
		2eb3de	`error to TPS even if certificate in question is already revoked.`
		2eb3de	`- Bugzilla Bug #663546 - Disable the functionalities that are not exposed`
		2eb3de	`in the console`
		2eb3de	`- Bugzilla Bug #661514 - CMAKE build system requires rules to make`
		2eb3de	`javadocs`
		2eb3de	`- Bugzilla Bug #658188 - remove remaining references to tomcat5`
		2eb3de	`- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.`
		2eb3de	`- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and`
		2eb3de	`pkiCA, obsolete 2252 and 2256`
		2eb3de	`- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs`
		2eb3de	`- Bugzilla Bug #656733 - Standardize jar install location and jar names`
		2eb3de	`- Bugzilla Bug #661142 - Verification should fail when`
		2eb3de	`a revoked certificate is added`
		2eb3de	`- Bugzilla Bug #642741 - CS build uses deprecated functions`
		2eb3de	`- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error`
		2eb3de	`- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time`
		2eb3de	`interface is no longer available through console`
		2eb3de	`- 'pki-selinux'`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer -`
		2eb3de	`selinux changes`
		2eb3de	`- 'pki-ca'`
		2eb3de	`- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review`
		2eb3de	`- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit`
		2eb3de	`logs in the java subsystems`
		2eb3de	`- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA`
		2eb3de	`- Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of`
		2eb3de	`CC interface doc review`
		2eb3de	`- Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with`
		2eb3de	`admin privilege throws error "You are not authorized to perform this`
		2eb3de	`operation".`
		2eb3de	`- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml`
		2eb3de	`as part of CC interface review`
		2eb3de	`- Bugzilla Bug #583823 - CC: Auditing issues found as result of`
		2eb3de	`CC - interface review`
		2eb3de	`- Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws`
		2eb3de	`'Internal Server Error'.`
		2eb3de	`- Bugzilla Bug #586700 - OCSP Server throws fatal error while using`
		2eb3de	`OCSP console for renewing SSL Server certificate.`
		2eb3de	`- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.`
		2eb3de	`- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte`
		2eb3de	`senderNonce in all signed SCEP responses.`
		2eb3de	`- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be`
		2eb3de	`generated on TKS instead of TPS.`
		2eb3de	`- Bugzilla Bug #630121 - OCSP responder lacking option to delete or`
		2eb3de	`disable a CA that it serves`
		2eb3de	`- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1`
		2eb3de	`- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade`
		2eb3de	`attack in SCEP`
		2eb3de	`- Bugzilla Bug #621334 - Provide an option to set default hash algorithm`
		2eb3de	`for signing SCEP response messages.`
		2eb3de	`- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned`
		2eb3de	`by Reason Code - onlySomeReasons ?`
		2eb3de	`- Bugzilla Bug #637330 - CC feature: Key Management - provide signature`
		2eb3de	`verification functions (JAVA subsystems)`
		2eb3de	`- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port`
		2eb3de	`fowarding for agent services`
		2eb3de	`- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on`
		2eb3de	`ECC curve names (not on key sizes).`
		2eb3de	`- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple`
		2eb3de	`Certificates from the Same Request`
		2eb3de	`- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection`
		2eb3de	`of signature algorithm; and for ECC curves`
		2eb3de	`- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA`
		2eb3de	`release -- DRM and TKS do not seem to have CRL checking enabled`
		2eb3de	`- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help`
		2eb3de	`correctly set up CC environment`
		2eb3de	`- Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in`
		2eb3de	`certificates (RFC 4262)`
		2eb3de	`- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports`
		2eb3de	`to talk to CA and complete configuration in DonePanel`
		2eb3de	`- Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object`
		2eb3de	`signing support in RHCS`
		2eb3de	`- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)`
		2eb3de	`- Bugzilla Bug #489385 - references to rhpki`
		2eb3de	`- Bugzilla Bug #499494 - change CA defaults to SHA2`
		2eb3de	`- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit`
		2eb3de	`policy extension to 5 only`
		2eb3de	`- Bugzilla Bug #649910 - Console: an auditor or agent can be added to`
		2eb3de	`an administrator group.`
		2eb3de	`- Bugzilla Bug #632425 - Port to tomcat6`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets`
		2eb3de	`as expected`
		2eb3de	`- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for`
		2eb3de	`validity`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke`
		2eb3de	`certs in TPS`
		2eb3de	`- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature`
		2eb3de	`- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with`
		2eb3de	`Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.`
		2eb3de	`- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.`
		2eb3de	`- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and`
		2eb3de	`pkiCA, obsolete 2252 and 2256`
		2eb3de	`- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source`
		2eb3de	`repository`
		2eb3de	`- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs`
		2eb3de	`- Bugzilla Bug #656733 - Standardize jar install location and jar names`
		2eb3de	`- Bugzilla Bug #661142 - Verification should fail when`
		2eb3de	`a revoked certificate is added`
		2eb3de	`- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key`
		2eb3de	`usage`
		2eb3de	`- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time`
		2eb3de	`interface is no longer available through console`
		2eb3de	`- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory`
		2eb3de	`During CRL Generation`
		2eb3de	`- 'pki-silent'`
		2eb3de	`- Bugzilla Bug #627309 - pkisilent subca configuration fails.`
		2eb3de	`- Bugzilla Bug #640091 - pkisilent panels need to match with changed java`
		2eb3de	`subsystems`
		2eb3de	`- Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM`
		2eb3de	`Clone.`
		2eb3de	`- Bugzilla Bug #643053 - pkisilent DRM configuration fails`
		2eb3de	`- Bugzilla Bug #583754 - pki-silent needs an option to configure signing`
		2eb3de	`algorithm for CA certificates`
		2eb3de	`- Bugzilla Bug #489385 - references to rhpki`
		2eb3de	`- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI`
		2eb3de	`interface`
		2eb3de	`- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)`
		2eb3de	`- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module`
		2eb3de	`Panel up to before Security Domain Panel`
		2eb3de	`- Bugzilla Bug #643206 - New CMake based build system for Dogtag`
		2eb3de	`- Bugzilla Bug #588323 - Failed to enable cipher 0xc001`
		2eb3de	`- Bugzilla Bug #656733 - Standardize jar install location and jar names`
		2eb3de	`- Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves,`
		2eb3de	`signing algorithm`
		2eb3de	`- Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords`
		2eb3de	`with special characters`
		2eb3de	`- Bugzilla Bug #642741 - CS build uses deprecated functions`
		2eb3de
		2eb3de	`* Thu Jan 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-3`
		2eb3de	`- Bugzilla Bug #668839 - Review Request: pki-core`
		2eb3de	`- Removed empty "pre" from "pki-ca"`
		2eb3de	`- Consolidated directory ownership`
		2eb3de	`- Corrected file ownership within subpackages`
		2eb3de	`- Removed all versioning from NSS and NSPR packages`
		2eb3de
		2eb3de	`* Thu Jan 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-2`
		2eb3de	`- Bugzilla Bug #668839 - Review Request: pki-core`
		2eb3de	`- Added component versioning comments`
		2eb3de	`- Updated JSS from "4.2.6-10" to "4.2.6-12"`
		2eb3de	`- Modified installation section to preserve timestamps`
		2eb3de	`- Removed sectional comments`
		2eb3de
		2eb3de	`* Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1`
		2eb3de	`- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)`
		2eb3de

rpms / pki-core

Source Code

Blame SPECS/pki-core.spec