From 573fc235367742536f16a8c14fdf9bac11ad68c2 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Sep 30 2021 01:27:51 +0000
Subject: import pki-core-10.11.2-2.module+el8.5.0+12735+8eb38ccc


---

diff --git a/.gitignore b/.gitignore
index d9c4942..eed9bac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/pki-10.11.0.tar.gz
+SOURCES/pki-10.11.2.tar.gz
diff --git a/.pki-core.metadata b/.pki-core.metadata
index e5fd7ce..9ffef46 100644
--- a/.pki-core.metadata
+++ b/.pki-core.metadata
@@ -1 +1 @@
-f125333c7e88d7aae11f51527681018319bba19c SOURCES/pki-10.11.0.tar.gz
+864e86742b5462527a677c060d5b3b1d0f11b299 SOURCES/pki-10.11.2.tar.gz
diff --git a/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch b/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch
deleted file mode 100644
index f0ec3e0..0000000
--- a/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 63cf2895f5d5a37bb09f3e889b8584b0bb0dce06 Mon Sep 17 00:00:00 2001
-From: Christina Fu <cfu@redhat.com>
-Date: Wed, 11 Aug 2021 09:19:59 -0700
-Subject: [PATCH] Bug 1992337 - Double issuance of non-CA subsystem certs at
- installation
-
-This patch removes an extra  profile.submit() call that was accidentally left
-off during manual cherry-picking of another bug (1905374):
-commit 8e78a2b912e7c3bd015e4da1f1630d0f35145104 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH)
-
-fixes https://bugzilla.redhat.com/show_bug.cgi?id=1905374
----
- .../main/java/com/netscape/cms/servlet/cert/CertProcessor.java   | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
-index a5626d032..849d6b368 100644
---- a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
-+++ b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
-@@ -250,7 +250,6 @@ public class CertProcessor extends CAProcessor {
- 
-                 logger.info("CertProcessor: Submitting certificate request to " + profile.getId() + " profile");
- 
--                profile.submit(authToken, req);
-                 profile.submit(authToken, req, explicitApprovalRequired);
- 
-                 req.setRequestStatus(RequestStatus.COMPLETE);
--- 
-2.31.1
-
diff --git a/SOURCES/0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch b/SOURCES/0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
new file mode 100644
index 0000000..71510c7
--- /dev/null
+++ b/SOURCES/0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
@@ -0,0 +1,26 @@
+From 607300e57ea05a1475656f1493745f7c7a28b747 Mon Sep 17 00:00:00 2001
+From: Jack Magne <jmagne@redhat.com>
+Date: Thu, 23 Sep 2021 13:50:41 -0400
+Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server
+ in FIPS mode (RHEL-8.5). Additional fix to this issue to account for our
+ standalone java tools.
+
+---
+ base/tools/templates/pki_java_command_wrapper.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/base/tools/templates/pki_java_command_wrapper.in b/base/tools/templates/pki_java_command_wrapper.in
+index 05650630d..d68ed93a3 100644
+--- a/base/tools/templates/pki_java_command_wrapper.in
++++ b/base/tools/templates/pki_java_command_wrapper.in
+@@ -90,6 +90,7 @@ JAVA_OPTIONS=""
+ 
+ ${JAVA} ${JAVA_OPTIONS} \
+   -cp "${PKI_LIB}/*" \
++  -Dcom.redhat.fips=false \
+   -Djava.util.logging.config.file=${PKI_LOGGING_CONFIG} \
+   com.netscape.cmstools.${COMMAND} "$@"
+ 
+-- 
+2.31.1
+
diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec
index 0664616..aa5c113 100644
--- a/SPECS/pki-core.spec
+++ b/SPECS/pki-core.spec
@@ -12,7 +12,7 @@ License:          GPLv2 and LGPLv2
 
 # For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
 # For official (i.e. supported) releases, use x.y.z-r where r >=1.
-Version:          10.11.0
+Version:          10.11.2
 Release:          2%{?_timestamp}%{?_commit_id}%{?dist}
 #global           _phase -alpha1
 
@@ -30,7 +30,7 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
 #     <version tag> \
 #     > pki-VERSION-RELEASE.patch
 # Patch: pki-VERSION-RELEASE.patch
-Patch1: 0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch
+Patch1: 0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
 
 # md2man isn't available on i686. Additionally, we aren't generally multi-lib
 # compatible (https://fedoraproject.org/wiki/Packaging:Java)
@@ -1091,6 +1091,7 @@ fi
 %license base/tools/LICENSE
 %doc base/tools/doc/README
 %{_bindir}/p7tool
+%{_bindir}/p12tool
 %{_bindir}/pistool
 %{_bindir}/pki
 %{_bindir}/revoker
@@ -1362,6 +1363,12 @@ fi
 
 ################################################################################
 %changelog
+* Fri Sep 24 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.2-2
+- Bug 2001576 - pki instance creation fails for IPA in FIPS mode
+
+* Fri Sep 17 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.2-1
+- Rebase to PKI 10.11.2
+
 * Thu Aug 12 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-2
 - Bug 1992337 - Double issuance of non-CA subsystem certs at installation