From 395bae7d89e9e07e3b56b7d8c0bd54d140ad6591 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 30 2021 10:37:36 +0000 Subject: import pki-core-10.10.4-1.module+el8.4.0+9861+7cddd5b6 --- diff --git a/.gitignore b/.gitignore index 2bb3dbc..a16c0d3 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/pki-10.9.0-b2.tar.gz +SOURCES/pki-10.10.4.tar.gz diff --git a/.pki-core.metadata b/.pki-core.metadata index 0f8efb1..fb7b485 100644 --- a/.pki-core.metadata +++ b/.pki-core.metadata @@ -1 +1 @@ -7a900dcf24422f7756649fbed42b6a033f9204b7 SOURCES/pki-10.9.0-b2.tar.gz +d50ec310c6584bd0eb1448b6d40614954827a73d SOURCES/pki-10.10.4.tar.gz diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec index cf0485a..ecd5d9e 100644 --- a/SPECS/pki-core.spec +++ b/SPECS/pki-core.spec @@ -6,13 +6,15 @@ Name: pki-core %global brand Red Hat Summary: %{brand} PKI Core Package -URL: http://www.dogtagpki.org/ +URL: https://www.dogtagpki.org # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -Version: 10.9.0 -Release: 0.4%{?_timestamp}%{?_commit_id}%{?dist} -%global _phase -b2 +# For development (i.e. unsupported) releases, use x.y.z-0.n.. +# For official (i.e. supported) releases, use x.y.z-r where r >=1. +Version: 10.10.4 +Release: 1%{?_timestamp}%{?_commit_id}%{?dist} +#global _phase -beta1 # To create a tarball from a version tag: # $ git archive \ @@ -28,6 +30,11 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # \ # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch + +# Do not remove this!! pytest-runner isn't available on RHEL. Removing this +# patch will break RHEL builds. The error message is: +# BUILDSTDERR: Download error on https://pypi.org/simple/pytest-runner/: +# [Errno 111] Connection refused -- Some packages may not be found! Patch1: 0001-Removed-dependency-on-pytest-runner.patch ################################################################################ @@ -50,7 +57,16 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch # Java ################################################################################ -%define java_home %{_usr}/lib/jvm/jre-1.8.0-openjdk +%define java_devel java-devel +%define java_headless java-headless + +%if 0%{?fedora} && 0%{?fedora} >= 33 +%define min_java_version 1:11 +%define java_home /usr/lib/jvm/java-11-openjdk +%else +%define min_java_version 1:1.8.0 +%define java_home /usr/lib/jvm/java-1.8.0-openjdk +%endif ################################################################################ # RESTEasy @@ -94,6 +110,8 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch %global with_base 1 # package_option server %global with_server 1 +# package_option acme +%global with_acme 1 # package_option ca %global with_ca 1 # package_option kra @@ -113,6 +131,8 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch %define debug_package %{nil} %endif +%bcond_without sdnotify + # ignore unpackaged files from native 'tpsclient' # REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app %define _unpackaged_files_terminate_build 0 @@ -157,13 +177,14 @@ BuildRequires: make BuildRequires: cmake >= 3.0.2 BuildRequires: gcc-c++ BuildRequires: zip -BuildRequires: java-1.8.0-openjdk-devel +BuildRequires: %java_devel >= %{min_java_version} +BuildRequires: javapackages-tools BuildRequires: redhat-rpm-config BuildRequires: ldapjdk >= 4.22.0 BuildRequires: apache-commons-cli BuildRequires: apache-commons-codec BuildRequires: apache-commons-io -BuildRequires: apache-commons-lang +BuildRequires: apache-commons-lang3 >= 3.2 BuildRequires: apache-commons-net BuildRequires: jakarta-commons-httpclient BuildRequires: glassfish-jaxb-api @@ -215,8 +236,13 @@ BuildRequires: python3-pytest-runner BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 -BuildRequires: jss >= 4.7.0 -BuildRequires: tomcatjss >= 7.5.0 +BuildRequires: jss >= 4.8.1 +BuildRequires: tomcatjss >= 7.6.1 + +# JNA is used to bind to libsystemd +%if %{with sdnotify} +BuildRequires: jna +%endif BuildRequires: systemd-units %if 0%{?rhel} @@ -263,6 +289,7 @@ to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: + * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager @@ -287,6 +314,7 @@ Requires: %{vendor_id}-pki-console-theme = %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages +Requires: pki-acme = %{version} Requires: pki-ca = %{version} Requires: pki-kra = %{version} Requires: pki-ocsp = %{version} @@ -314,6 +342,7 @@ to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: + * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager @@ -330,9 +359,9 @@ PKI consists of the following components: Summary: PKI Symmetric Key Package -Requires: java-1.8.0-openjdk-headless +Requires: %java_headless >= %{min_java_version} Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 4.7.0 +Requires: jss >= 4.8.0 Requires: nss >= 3.38.0 # Ensure we end up with a useful installation @@ -383,6 +412,7 @@ Provides: pki-base-python3 = %{version} Requires: pki-base = %{version}-%{release} Requires: python3 >= 3.5 Requires: python3-cryptography +Requires: python3-ldap Requires: python3-lxml Requires: python3-nss Requires: python3-requests >= 2.6.0 @@ -398,11 +428,11 @@ This package contains PKI client library for Python 3. Summary: PKI Base Java Package BuildArch: noarch -Requires: java-1.8.0-openjdk-headless +Requires: %java_headless >= %{min_java_version} Requires: apache-commons-cli Requires: apache-commons-codec Requires: apache-commons-io -Requires: apache-commons-lang +Requires: apache-commons-lang3 >= 3.2 Requires: apache-commons-logging Requires: apache-commons-net Requires: jakarta-commons-httpclient @@ -424,6 +454,11 @@ Requires: resteasy-core >= 3.0.17-1 Requires: resteasy-jackson2-provider >= 3.0.17-1 %endif +%if 0%{?fedora} && 0%{?fedora} >= 33 +Requires: jaxb-impl >= 2.3.3 +Requires: jakarta-activation >= 1.2.2 +%endif + Requires: xalan-j2 Requires: xerces-j2 Requires: xml-commons-apis @@ -464,7 +499,6 @@ Summary: PKI Server Package BuildArch: noarch Requires: hostname -Requires: net-tools Requires: policycoreutils Requires: procps-ng @@ -477,7 +511,6 @@ Requires: keyutils Requires: policycoreutils-python-utils -Requires: python3-ldap Requires: python3-lxml Requires: python3-libselinux Requires: python3-policycoreutils @@ -491,11 +524,18 @@ Requires: tomcat >= 1:9.0.7 %endif Requires: velocity +Requires: sudo +Requires: systemd Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils -Requires: tomcatjss >= 7.5.0 +Requires: tomcatjss >= 7.6.1 + +# JNA is used to bind to libsystemd +%if %{with sdnotify} +Requires: jna +%endif # pki-healthcheck depends on the following library %if 0%{?rhel} @@ -519,18 +559,29 @@ Provides: bundled(js-patternfly) = 3.59.2 Provides: bundled(js-underscore) = 1.9.2 %description -n pki-server -The PKI Server Package contains libraries and utilities needed by the -following PKI subsystems: - - the Certificate Authority (CA), - the Key Recovery Authority (KRA), - the Online Certificate Status Protocol (OCSP) Manager, - the Token Key Service (TKS), and - the Token Processing Service (TPS). +The PKI Server Package contains libraries and utilities needed by other +PKI subsystems. # with server %endif +%if %{with acme} +################################################################################ +%package -n pki-acme +################################################################################ + +Summary: PKI ACME Package +BuildArch: noarch + +Requires: pki-server = %{version}-%{release} + +%description -n pki-acme +The PKI ACME responder is a service that provides an automatic certificate +management via ACME v2 protocol defined in RFC 8555. + +# with acme +%endif + %if %{with ca} ################################################################################ %package -n pki-ca @@ -804,6 +855,13 @@ This package contains PKI test suite. %build ################################################################################ +# get Java . version number +java_version=`%{java_home}/bin/java -XshowSettings:properties -version 2>&1 | sed -n 's/ *java.version *= *\([0-9]\+\.[0-9]\+\).*/\1/p'` + +# if == 1, get version number +# otherwise get version number +java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'` + # get Tomcat . version number tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'` @@ -813,14 +871,19 @@ else app_server=tomcat-$tomcat_version fi +%if 0%{?rhel} %{__mkdir_p} build cd build +%endif + %cmake \ --no-warn-unused-cli \ -DVERSION=%{version}-%{release} \ -DVAR_INSTALL_DIR:PATH=/var \ -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ - -DJAVA_HOME=%{java_home} \ + -DJAVA_VERSION=${java_version} \ + -DJAVA_HOME=%java_home \ + -DPKI_JAVA_PATH=%java_home/bin/java \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ -DAPP_SERVER=$app_server \ @@ -829,14 +892,29 @@ cd build -DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \ -DBUILD_PKI_CORE:BOOL=ON \ -DPYTHON_EXECUTABLE=%{python_executable} \ - -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \ -%if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps} +%if ! %{with server} && ! %{with acme} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps} -DWITH_SERVER:BOOL=OFF \ %endif + -DWITH_CA:BOOL=%{?with_ca:ON}%{!?with_ca:OFF} \ + -DWITH_KRA:BOOL=%{?with_kra:ON}%{!?with_kra:OFF} \ + -DWITH_OCSP:BOOL=%{?with_ocsp:ON}%{!?with_ocsp:OFF} \ + -DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \ + -DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \ + -DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \ + -DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \ -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \ + -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \ -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \ -DTHEME=%{?with_theme:%{vendor_id}} \ +%if 0%{?rhel} .. +%else + -B %{_vpath_builddir} +%endif + +%if 0%{?fedora} +cd %{_vpath_builddir} +%endif # Do not use _smp_mflags to preserve build order %{__make} \ @@ -851,7 +929,11 @@ cd build %install ################################################################################ +%if 0%{?rhel} cd build +%else +cd %{_vpath_builddir} +%endif %{__make} \ VERBOSE=%{?_verbose} \ @@ -1032,8 +1114,8 @@ fi %files -n pki-tools ################################################################################ -%license base/native-tools/LICENSE -%doc base/native-tools/doc/README +%license base/tools/LICENSE +%doc base/tools/doc/README %{_bindir}/p7tool %{_bindir}/pistool %{_bindir}/pki @@ -1041,7 +1123,6 @@ fi %{_bindir}/setpin %{_bindir}/sslget %{_bindir}/tkstool -%{_datadir}/pki/native-tools/ %{_bindir}/AtoB %{_bindir}/AuditVerify %{_bindir}/BtoA @@ -1066,7 +1147,7 @@ fi %{_bindir}/PrettyPrintCrl %{_bindir}/TokenInfo %{_javadir}/pki/pki-tools.jar -%{_datadir}/pki/java-tools/ +%{_datadir}/pki/tools/ %{_datadir}/pki/lib/p11-kit-trust.so %{_mandir}/man1/AtoB.1.gz %{_mandir}/man1/AuditVerify.1.gz @@ -1140,6 +1221,7 @@ fi %dir %{_sharedstatedir}/pki %{_mandir}/man1/pkidaemon.1.gz %{_mandir}/man5/pki_default.cfg.5.gz +%{_mandir}/man5/pki_healthcheck.conf.5.gz %{_mandir}/man5/pki-server-logging.5.gz %{_mandir}/man8/pki-server-upgrade.8.gz %{_mandir}/man8/pkidestroy.8.gz @@ -1159,12 +1241,26 @@ fi %{_mandir}/man8/pki-healthcheck.8.gz %{_datadir}/pki/setup/ %{_datadir}/pki/server/ -%{_datadir}/pki/acme/ -%{_javadir}/pki/pki-acme.jar + +%if %{with sdnotify} +%{_javadir}/pki/pki-systemd.jar +%endif # with server %endif +%if %{with acme} +################################################################################ +%files -n pki-acme +################################################################################ + +%{_javadir}/pki/pki-acme.jar +%dir %{_datadir}/pki/acme +%{_datadir}/pki/acme/ + +# with acme +%endif + %if %{with ca} ################################################################################ %files -n pki-ca @@ -1173,11 +1269,7 @@ fi %license base/ca/LICENSE %{_javadir}/pki/pki-ca.jar %dir %{_datadir}/pki/ca -%{_datadir}/pki/ca/conf/ -%{_datadir}/pki/ca/emails/ -%{_datadir}/pki/ca/profiles/ -%{_datadir}/pki/ca/setup/ -%{_datadir}/pki/ca/webapps/ +%{_datadir}/pki/ca/ # with ca %endif @@ -1190,9 +1282,7 @@ fi %license base/kra/LICENSE %{_javadir}/pki/pki-kra.jar %dir %{_datadir}/pki/kra -%{_datadir}/pki/kra/conf/ -%{_datadir}/pki/kra/setup/ -%{_datadir}/pki/kra/webapps/ +%{_datadir}/pki/kra/ # with kra %endif @@ -1205,9 +1295,7 @@ fi %license base/ocsp/LICENSE %{_javadir}/pki/pki-ocsp.jar %dir %{_datadir}/pki/ocsp -%{_datadir}/pki/ocsp/conf/ -%{_datadir}/pki/ocsp/setup/ -%{_datadir}/pki/ocsp/webapps/ +%{_datadir}/pki/ocsp/ # with ocsp %endif @@ -1220,9 +1308,7 @@ fi %license base/tks/LICENSE %{_javadir}/pki/pki-tks.jar %dir %{_datadir}/pki/tks -%{_datadir}/pki/tks/conf/ -%{_datadir}/pki/tks/setup/ -%{_datadir}/pki/tks/webapps/ +%{_datadir}/pki/tks/ # with tks %endif @@ -1235,10 +1321,7 @@ fi %license base/tps/LICENSE %{_javadir}/pki/pki-tps.jar %dir %{_datadir}/pki/tps -%{_datadir}/pki/tps/applets/ -%{_datadir}/pki/tps/conf/ -%{_datadir}/pki/tps/setup/ -%{_datadir}/pki/tps/webapps/ +%{_datadir}/pki/tps/ %{_mandir}/man5/pki-tps-connector.5.gz %{_mandir}/man5/pki-tps-profile.5.gz %{_mandir}/man1/tpsclient.1.gz @@ -1316,161 +1399,232 @@ fi ################################################################################ %changelog +* Mon Feb 08 2021 Red Hat PKI Team 10.10.4-1 +- Rebase to PKI 10.10.4 +- Bug 1664435 - Error instantiating class for challenge_password with SCEP request +- Bug 1912418 - OCSP and TKS cloning failed due to duplicate replica ID +- Bug 1916686 - Memory leak during ACME performance test +- Bug 1919282 - ACME cert enrollment failed with HTTP 500 + +* Thu Jan 14 2021 Red Hat PKI Team 10.10.3-1 +- Rebase to PKI 10.10.3 +- Bug 1584550 - CRMFPopClient: unexpected behavior with -y option when values are specified +- Bug 1590942 - CMCResponse treats -d as optional +- Bug 1890639 - Two-step installation with external certificates fails on HSM configured system +- Bug 1912493 - pkispawn reports incorrect FIPS mode + +* Tue Dec 08 2020 Red Hat PKI Team 10.10.2-1 +- Rebase to PKI 10.10.2 +- Bug 1392616 - KRA key recovery cli kra-key-retrieve generates an invalid p12 file +- Bug 1897120 - pki-server cert-fix command failing +- Bug 1694664 - ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (503) + +* Tue Nov 17 2020 Red Hat PKI Team 10.10.1-1 +- Rebase to PKI 10.10.1 +- Bug 1843416 - kra-audit-mod fail with Invalid event configuration +- Bug 1889691 - ACME failed when run with more than 1 thread/connection +- Bug 1891577 - Sub-ordinate installation is failing with NullPointerException + +* Wed Oct 28 2020 Red Hat PKI Team 10.10.0-1 +- Rebase to PKI 10.10.0 +- Add workaround for missing capture_output in Python 3.6 +- Fix JSS initialization in pki-server -user-cert-add +- Fix NPE in UGSubsystem.findUsersByKeyword() +- Bug 1787115 - Need Method to copy SKI from CSR to Certificate signed +- Bug 1875563 - Add KRA Transport and Storage Certificates profiles, audit for IPA +- Bug 1883996 - Inconsistent folders in pki-tools + +* Tue Oct 20 2020 Red Hat PKI Team 10.10.0-0.2.beta1 +- Rebase to PKI 10.10.0-beta1 +- Bug 1868233 - Disabling AIA and cert policy extensions in ACME examples + +* Fri Sep 11 2020 Red Hat PKI Team 10.9.4-1 +- Rebase to PKI 10.9.4 +- Bug 1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add + +* Thu Sep 03 2020 Red Hat PKI Team 10.9.3-1 +- Rebase to PKI 10.9.3 +- Bug 1869893 - Common certificates are missing in CS.cfg on shared PKI instance + +* Tue Aug 18 2020 Red Hat PKI Team 10.9.2-2 +- Bug 1871064 - Replica install failing during pki-ca component configuration + +* Tue Aug 18 2020 Red Hat PKI Team 10.9.2-1 +- Rebase to PKI 10.9.2 + +* Wed Aug 12 2020 Red Hat PKI Team 10.9.1-2 +- Bug 1857933 - CA Installation is failing with ncipher v12.30 HSM +- Bug 1868233 - Disabling AIA and cert policy extensions in ACME examples + +* Thu Aug 06 2020 Red Hat PKI Team 10.9.1-1 +- Rebase to PKI 10.9.1 +- Bug 1426572 - Fix Secure connection issue when server is down + +* Fri Jul 31 2020 Red Hat PKI Team 10.9.0-1 +- Rebase to PKI 10.9.0 + +* Tue Jul 14 2020 Red Hat PKI Team 10.9.0-0.7 +- Fix pki kra-key-generate failure +- Fix error handling in PKIRealm + +* Fri Jul 10 2020 Red Hat PKI Team 10.9.0-0.6 +- Rebase to PKI 10.9.0-b4 + * Thu Jun 25 2020 Red Hat PKI Team 10.9.0-0.4 -- Rebased to PKI 10.9.0-b2 +- Rebase to PKI 10.9.0-b2 * Mon Jun 22 2020 Red Hat PKI Team 10.9.0-0.3 -- Rebased to PKI 10.9.0-b1 +- Rebase to PKI 10.9.0-b1 * Tue May 26 2020 Red Hat PKI Team 10.9.0-0.1 -- Rebased to PKI 10.9.0-a1 +- Rebase to PKI 10.9.0-a1 * Tue Mar 03 2020 Red Hat PKI Team 10.8.3-1 -- Rebased to PKI 10.8.3 -- Bug #1809210 - TPS installation failure on HSM machine -- Bug #1807421 - Subordinate CA installation failed -- Bug #1806840 - KRA cloning with HSM failed +- Rebase to PKI 10.8.3 +- Bug 1809210 - TPS installation failure on HSM machine +- Bug 1807421 - Subordinate CA installation failed +- Bug 1806840 - KRA cloning with HSM failed * Wed Feb 19 2020 Red Hat PKI Team 10.8.2-2 -- Bug #1795215 - pkispawn interactive installation failed +- Bug 1795215 - pkispawn interactive installation failed * Mon Feb 17 2020 Red Hat PKI Team 10.8.2-1 -- Rebased to PKI 10.8.2 -- Bug #1802006 - KRA installation failed to create ECC admin cert +- Rebase to PKI 10.8.2 +- Bug 1802006 - KRA installation failed to create ECC admin cert * Mon Feb 10 2020 Red Hat PKI Team 10.8.1-1 -- Rebased to PKI 10.8.1 +- Rebase to PKI 10.8.1 * Fri Feb 07 2020 Red Hat PKI Team 10.8.0-1 -- Rebased to PKI 10.8.0 +- Rebase to PKI 10.8.0 * Thu Jan 16 2020 Red Hat PKI Team 10.8.0-0.5 -- Rebased to PKI 10.8.0-b3 +- Rebase to PKI 10.8.0-b3 * Fri Dec 13 2019 Red Hat PKI Team 10.8.0-0.4 -- Rebased to PKI 10.8.0-b2 +- Rebase to PKI 10.8.0-b2 * Wed Dec 11 2019 Red Hat PKI Team 10.8.0-0.3 -- Rebased to PKI 10.8.0-b1 +- Rebase to PKI 10.8.0-b1 * Fri Nov 22 2019 Red Hat PKI Team 10.8.0-0.2 -- Rebased to PKI 10.8.0-a2 +- Rebase to PKI 10.8.0-a2 * Thu Oct 31 2019 Red Hat PKI Team 10.8.0-0.1 -- Rebased to PKI 10.8.0-a1 +- Rebase to PKI 10.8.0-a1 * Wed Aug 14 2019 Red Hat PKI Team 10.7.3-1 -- Rebased to PKI 10.7.3 -- Bug #1698084 - pkidestroy not working as expected -- Bug #1468050 and Bug #1448235 - Support AES for LWCA key replication +- Rebase to PKI 10.7.3 +- Bug 1698084 - pkidestroy not working as expected +- Bug 1468050 and Bug #1448235 - Support AES for LWCA key replication * Tue Jul 23 2019 Red Hat PKI Team 10.7.2-1 -- Rebased to PKI 10.7.2 -- Bug #1721340 - TPS installation failure -- Bug #1248216 - Incorrect pkidaemon status -- Bug #1729215 - cert-fix: detect and prevent pkidbuser being used as --agent-uid -- Bug #1698059 - pki-core implements crypto +- Rebase to PKI 10.7.2 +- Bug 1721340 - TPS installation failure +- Bug 1248216 - Incorrect pkidaemon status +- Bug 1729215 - cert-fix: detect and prevent pkidbuser being used as --agent-uid +- Bug 1698059 - pki-core implements crypto * Thu Jun 13 2019 Red Hat PKI Team 10.7.1-2 -- Fixed cloning issue -- Fixed TPS installation issue +- Fix cloning issue +- Fix TPS installation issue * Wed Jun 12 2019 Red Hat PKI Team 10.7.1-1 -- Rebased to PKI 10.7.1 +- Rebase to PKI 10.7.1 * Wed Apr 24 2019 Red Hat PKI Team 10.7.0-1 -- Rebased to PKI 10.7.0 +- Rebase to PKI 10.7.0 * Mon Jan 28 2019 Red Hat PKI Team 10.6.9-2 -- Bug #1652269 - Replace Nuxwdog +- Bug 1652269 - Replace Nuxwdog * Mon Jan 14 2019 Red Hat PKI Team 10.6.9-1 -- Rebased to PKI 10.6.9 -- Bug #1629048 - X500Name.directoryStringEncodingOrder overridden by CSR encoding -- Bug #1652269 - Replace Nuxwdog -- Bug #1656856 - Need Method to Include SKI in CA Signing Certificate Request +- Rebase to PKI 10.6.9 +- Bug 1629048 - X500Name.directoryStringEncodingOrder overridden by CSR encoding +- Bug 1652269 - Replace Nuxwdog +- Bug 1656856 - Need Method to Include SKI in CA Signing Certificate Request * Thu Nov 29 2018 Red Hat PKI Team 10.6.8-1 -- Rebased to PKI 10.6.8 -- Bug #1602659 - Fix issues found by covscan -- Bug #1566360 - Fix missing serial number from pki-server subsystem-cert-find +- Rebase to PKI 10.6.8 +- Bug 1602659 - Fix issues found by covscan +- Bug 1566360 - Fix missing serial number from pki-server subsystem-cert-find * Fri Oct 26 2018 Red Hat PKI Team 10.6.7-3 -- Bug #1643101 - Fix problems due to token normalization +- Bug 1643101 - Fix problems due to token normalization * Tue Oct 23 2018 Red Hat PKI Team 10.6.7-2 -- Bug #1623444 - Fix Python KeyClient KeyRequestResponse parsing +- Bug 1623444 - Fix Python KeyClient KeyRequestResponse parsing * Fri Oct 05 2018 Red Hat PKI Team 10.6.7-1 -- Rebased to PKI 10.6.7 +- Rebase to PKI 10.6.7 * Fri Aug 24 2018 Alexander Bokovoy 10.6.6-3 - Build on s390x * Wed Aug 22 2018 Alexander Bokovoy 10.6.6-2 - Use platform-python interpreter -- Bug #1620066 - pkispawn crashes as /usr/bin/python3 does not exist +- Bug 1620066 - pkispawn crashes as /usr/bin/python3 does not exist * Mon Aug 13 2018 Red Hat PKI Team 10.6.6-1 -- Rebased to PKI 10.6.6 +- Rebase to PKI 10.6.6 * Wed Aug 08 2018 Red Hat PKI Team 10.6.5-1 -- Rebased to PKI 10.6.5 +- Rebase to PKI 10.6.5 * Tue Aug 07 2018 Red Hat PKI Team 10.6.4-4 -- Bug #1612063 - Do not override system crypto policy (support TLS 1.3) +- Bug 1612063 - Do not override system crypto policy (support TLS 1.3) * Wed Aug 01 2018 Red Hat PKI Team 10.6.4-3 - Patch PKI to use Jackson 2 and avoid Jackson 1 dependency. Add direct dependency on slf4j-jdk14. * Tue Jul 31 2018 Red Hat PKI Team 10.6.4-2 -- Updated Jackson and RESTEasy dependencies +- Update Jackson and RESTEasy dependencies * Fri Jul 20 2018 Red Hat PKI Team 10.6.4-1 -- Rebased to PKI 10.6.4 +- Rebase to PKI 10.6.4 * Thu Jul 05 2018 Red Hat PKI Team 10.6.3-1 -- Rebased to PKI 10.6.3 +- Rebase to PKI 10.6.3 * Mon Jul 02 2018 Miro Hrončok 10.6.2-4 -- Rebuilt for Python 3.7 +- Rebuild for Python 3.7 * Thu Jun 28 2018 Red Hat PKI Team 10.6.2-3 -- Fixed macro expressions -- Bug #1566606 - pki-core: Switch to Python 3 -- Bug #1590467 - pki-core: Drop pylint dependency from RHEL 8 +- Fix macro expressions +- Bug 1566606 - pki-core: Switch to Python 3 +- Bug 1590467 - pki-core: Drop pylint dependency from RHEL 8 * Tue Jun 19 2018 Miro Hrončok 10.6.2-2 -- Rebuilt for Python 3.7 +- Rebuild for Python 3.7 * Fri Jun 15 2018 Red Hat PKI Team 10.6.2-1 -- Rebased to PKI 10.6.2 +- Rebase to PKI 10.6.2 * Wed May 30 2018 Red Hat PKI Team 10.6.1-3 -- Updated JSS dependency -- Updated Tomcat dependency -- Fixed rpmlint warnings +- Update JSS dependency +- Update Tomcat dependency +- Fix rpmlint warnings * Fri May 04 2018 Red Hat PKI Team 10.6.1-2 -- Bug #1574711 - pki-tools cannot be installed on current Rawhide -- Fixed rpmlint warnings +- Bug 1574711 - pki-tools cannot be installed on current Rawhide +- Fix rpmlint warnings * Thu May 03 2018 Red Hat PKI Team 10.6.1-1 -- Rebased to PKI 10.6.1 -- Bug #1559047 - pki-core misses a dependency to pki-symkey -- Bug #1573094 - FreeIPA external CA installation fails +- Rebase to PKI 10.6.1 +- Bug 1559047 - pki-core misses a dependency to pki-symkey +- Bug 1573094 - FreeIPA external CA installation fails * Wed Apr 11 2018 Red Hat PKI Team 10.6.0-1 -- Updated project URL and package descriptions -- Cleaned up spec file -- Rebased to PKI 10.6.0 final +- Update project URL and package descriptions +- Clean up spec file +- Rebase to PKI 10.6.0 final * Thu Mar 29 2018 Red Hat PKI Team 10.6.0-0.3 - Iryna Shcherbina : Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) -- Rebased to PKI 10.6.0 beta2 +- Rebase to PKI 10.6.0 beta2 * Thu Mar 15 2018 Red Hat PKI Team 10.6.0-0.2 -- Rebased to PKI 10.6.0 beta +- Rebase to PKI 10.6.0 beta