diff --git a/.gitignore b/.gitignore index a16c0d3..d9c4942 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/pki-10.10.4.tar.gz +SOURCES/pki-10.11.0.tar.gz diff --git a/.pki-core.metadata b/.pki-core.metadata index fb7b485..e5fd7ce 100644 --- a/.pki-core.metadata +++ b/.pki-core.metadata @@ -1 +1 @@ -d50ec310c6584bd0eb1448b6d40614954827a73d SOURCES/pki-10.10.4.tar.gz +f125333c7e88d7aae11f51527681018319bba19c SOURCES/pki-10.11.0.tar.gz diff --git a/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch b/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch new file mode 100644 index 0000000..f0ec3e0 --- /dev/null +++ b/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch @@ -0,0 +1,30 @@ +From 63cf2895f5d5a37bb09f3e889b8584b0bb0dce06 Mon Sep 17 00:00:00 2001 +From: Christina Fu +Date: Wed, 11 Aug 2021 09:19:59 -0700 +Subject: [PATCH] Bug 1992337 - Double issuance of non-CA subsystem certs at + installation + +This patch removes an extra profile.submit() call that was accidentally left +off during manual cherry-picking of another bug (1905374): +commit 8e78a2b912e7c3bd015e4da1f1630d0f35145104 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH) + +fixes https://bugzilla.redhat.com/show_bug.cgi?id=1905374 +--- + .../main/java/com/netscape/cms/servlet/cert/CertProcessor.java | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java +index a5626d032..849d6b368 100644 +--- a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java ++++ b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java +@@ -250,7 +250,6 @@ public class CertProcessor extends CAProcessor { + + logger.info("CertProcessor: Submitting certificate request to " + profile.getId() + " profile"); + +- profile.submit(authToken, req); + profile.submit(authToken, req, explicitApprovalRequired); + + req.setRequestStatus(RequestStatus.COMPLETE); +-- +2.31.1 + diff --git a/SOURCES/0001-Removed-dependency-on-pytest-runner.patch b/SOURCES/0001-Removed-dependency-on-pytest-runner.patch deleted file mode 100644 index 5d5c1b1..0000000 --- a/SOURCES/0001-Removed-dependency-on-pytest-runner.patch +++ /dev/null @@ -1,23 +0,0 @@ -From ab8b87af09b26c3c7ec257e0fb8e5ae931153120 Mon Sep 17 00:00:00 2001 -From: "Endi S. Dewata" -Date: Sat, 8 Feb 2020 21:56:41 -0600 -Subject: [PATCH] Removed dependency on pytest-runner - ---- - base/server/healthcheck/setup.py | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/base/server/healthcheck/setup.py b/base/server/healthcheck/setup.py -index 22db8bd0f..c629e34c0 100644 ---- a/base/server/healthcheck/setup.py -+++ b/base/server/healthcheck/setup.py -@@ -32,6 +32,5 @@ setup( - 'Programming Language :: Python :: 3.6', - ], - python_requires='!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*', -- setup_requires=['pytest-runner'], - tests_require=['pytest'], - ) --- -2.21.0 - diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec index ecd5d9e..0664616 100644 --- a/SPECS/pki-core.spec +++ b/SPECS/pki-core.spec @@ -12,9 +12,9 @@ License: GPLv2 and LGPLv2 # For development (i.e. unsupported) releases, use x.y.z-0.n.. # For official (i.e. supported) releases, use x.y.z-r where r >=1. -Version: 10.10.4 -Release: 1%{?_timestamp}%{?_commit_id}%{?dist} -#global _phase -beta1 +Version: 10.11.0 +Release: 2%{?_timestamp}%{?_commit_id}%{?dist} +#global _phase -alpha1 # To create a tarball from a version tag: # $ git archive \ @@ -30,12 +30,15 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # \ # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch - -# Do not remove this!! pytest-runner isn't available on RHEL. Removing this -# patch will break RHEL builds. The error message is: -# BUILDSTDERR: Download error on https://pypi.org/simple/pytest-runner/: -# [Errno 111] Connection refused -- Some packages may not be found! -Patch1: 0001-Removed-dependency-on-pytest-runner.patch +Patch1: 0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch + +# md2man isn't available on i686. Additionally, we aren't generally multi-lib +# compatible (https://fedoraproject.org/wiki/Packaging:Java) +# so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems +# safest. +%if ! 0%{?rhel} || 0%{?rhel} > 8 +ExcludeArch: i686 +%endif ################################################################################ # NSS @@ -47,7 +50,7 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch # Python ################################################################################ -%if 0%{?rhel} +%if 0%{?rhel} && 0%{?rhel} <= 8 %global python_executable /usr/libexec/platform-python %else %global python_executable /usr/bin/python3 @@ -57,15 +60,14 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch # Java ################################################################################ -%define java_devel java-devel -%define java_headless java-headless - -%if 0%{?fedora} && 0%{?fedora} >= 33 -%define min_java_version 1:11 -%define java_home /usr/lib/jvm/java-11-openjdk +%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8 +%define java_devel java-1.8.0-openjdk-devel +%define java_headless java-1.8.0-openjdk-headless +%define java_home /usr/lib/jvm/jre-1.8.0-openjdk %else -%define min_java_version 1:1.8.0 -%define java_home /usr/lib/jvm/java-1.8.0-openjdk +%define java_devel java-11-openjdk-devel +%define java_headless java-11-openjdk-headless +%define java_home /usr/lib/jvm/jre-11-openjdk %endif ################################################################################ @@ -82,8 +84,7 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch # By default the build will execute unit tests unless --without test # option is specified. -# bcond_without test -%global with_test 1 +%bcond_without test # By default all packages will be built except the ones specified with # --without option (exclusion method). @@ -131,8 +132,6 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch %define debug_package %{nil} %endif -%bcond_without sdnotify - # ignore unpackaged files from native 'tpsclient' # REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app %define _unpackaged_files_terminate_build 0 @@ -170,23 +169,20 @@ fi; # Build Dependencies ################################################################################ -# autosetup -BuildRequires: git BuildRequires: make - BuildRequires: cmake >= 3.0.2 BuildRequires: gcc-c++ BuildRequires: zip -BuildRequires: %java_devel >= %{min_java_version} +BuildRequires: %{java_devel} BuildRequires: javapackages-tools BuildRequires: redhat-rpm-config -BuildRequires: ldapjdk >= 4.22.0 +BuildRequires: ldapjdk >= 4.23.0, ldapjdk < 5.0.0 BuildRequires: apache-commons-cli BuildRequires: apache-commons-codec BuildRequires: apache-commons-io BuildRequires: apache-commons-lang3 >= 3.2 +BuildRequires: apache-commons-logging BuildRequires: apache-commons-net -BuildRequires: jakarta-commons-httpclient BuildRequires: glassfish-jaxb-api BuildRequires: slf4j BuildRequires: slf4j-jdk14 @@ -200,22 +196,10 @@ BuildRequires: policycoreutils BuildRequires: python3-lxml BuildRequires: python3-sphinx -BuildRequires: velocity BuildRequires: xalan-j2 BuildRequires: xerces-j2 -%if 0%{?rhel} BuildRequires: resteasy >= 3.0.26 -%else -BuildRequires: jboss-annotations-1.2-api -BuildRequires: jboss-jaxrs-2.0-api -BuildRequires: jboss-logging -BuildRequires: resteasy-atom-provider >= 3.0.17-1 -BuildRequires: resteasy-client >= 3.0.17-1 -BuildRequires: resteasy-jaxb-provider >= 3.0.17-1 -BuildRequires: resteasy-core >= 3.0.17-1 -BuildRequires: resteasy-jackson2-provider >= 3.0.17-1 -%endif BuildRequires: python3 >= 3.5 BuildRequires: python3-devel @@ -224,28 +208,17 @@ BuildRequires: python3-cryptography BuildRequires: python3-lxml BuildRequires: python3-ldap BuildRequires: python3-libselinux -BuildRequires: python3-nss BuildRequires: python3-requests >= 2.6.0 BuildRequires: python3-six -%if 0%{?rhel} -# no python3-pytest-runner -%else -BuildRequires: python3-pytest-runner -%endif - BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 -BuildRequires: jss >= 4.8.1 -BuildRequires: tomcatjss >= 7.6.1 +BuildRequires: jss >= 4.9.0, jss < 5.0.0 +BuildRequires: tomcatjss >= 7.7.0, tomcatjss < 8.0.0 -# JNA is used to bind to libsystemd -%if %{with sdnotify} -BuildRequires: jna -%endif BuildRequires: systemd-units -%if 0%{?rhel} +%if 0%{?rhel} && ! 0%{?eln} BuildRequires: pki-servlet-engine %else BuildRequires: tomcat >= 1:9.0.7 @@ -263,7 +236,7 @@ BuildRequires: zlib BuildRequires: zlib-devel # build dependency to build man pages -%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel} +%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel} && 0%{?rhel} <= 8 BuildRequires: go-md2man %else BuildRequires: golang-github-cpuguy83-md2man @@ -309,26 +282,28 @@ Summary: %{brand} PKI Package # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI theme packages -Requires: %{vendor_id}-pki-server-theme = %{version} -Requires: %{vendor_id}-pki-console-theme = %{version} +Requires: %{vendor_id}-pki-server-theme = %{version}-%{release} +Requires: %{vendor_id}-pki-console-theme = %{version}-%{release} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages -Requires: pki-acme = %{version} -Requires: pki-ca = %{version} -Requires: pki-kra = %{version} -Requires: pki-ocsp = %{version} -Requires: pki-tks = %{version} -Requires: pki-tps = %{version} +Requires: pki-acme = %{version}-%{release} +Requires: pki-ca = %{version}-%{release} +Requires: pki-kra = %{version}-%{release} +Requires: pki-ocsp = %{version}-%{release} +Requires: pki-tks = %{version}-%{release} +Requires: pki-tps = %{version}-%{release} # Make certain that this 'meta' package requires the latest version(s) # of PKI console -Requires: pki-console = %{version} -Requires: pki-javadoc = %{version} +Requires: pki-console = %{version}-%{release} +Requires: pki-javadoc = %{version}-%{release} # Make certain that this 'meta' package requires the latest version(s) -# of ALL PKI clients +# of ALL PKI clients -- except for s390/s390x where 'esc' is not built +%ifnarch s390 s390x Requires: esc >= 1.1.1 +%endif # description for top-level package (unless there is a separate meta package) %if "%{name}" == "%{vendor_id}-pki" @@ -359,9 +334,9 @@ PKI consists of the following components: Summary: PKI Symmetric Key Package -Requires: %java_headless >= %{min_java_version} +Requires: %{java_headless} Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 4.8.0 +Requires: jss >= 4.9.0, jss < 5.0.0 Requires: nss >= 3.38.0 # Ensure we end up with a useful installation @@ -404,8 +379,8 @@ Summary: PKI Python 3 Package BuildArch: noarch Obsoletes: pki-base-python3 < %{version} -Provides: pki-base-python3 = %{version} -%if 0%{?fedora} +Provides: pki-base-python3 = %{version}-%{release} +%if 0%{?fedora} || 0%{?rhel} > 8 %{?python_provide:%python_provide python3-pki} %endif @@ -414,9 +389,11 @@ Requires: python3 >= 3.5 Requires: python3-cryptography Requires: python3-ldap Requires: python3-lxml -Requires: python3-nss Requires: python3-requests >= 2.6.0 Requires: python3-six +%if 0%{?rhel} < 9 || 0%{?fedora} < 34 +Recommends: python3-nss +%endif %description -n python3-pki This package contains PKI client library for Python 3. @@ -428,33 +405,31 @@ This package contains PKI client library for Python 3. Summary: PKI Base Java Package BuildArch: noarch -Requires: %java_headless >= %{min_java_version} +Requires: %{java_headless} Requires: apache-commons-cli Requires: apache-commons-codec Requires: apache-commons-io Requires: apache-commons-lang3 >= 3.2 Requires: apache-commons-logging Requires: apache-commons-net -Requires: jakarta-commons-httpclient Requires: glassfish-jaxb-api Requires: slf4j Requires: slf4j-jdk14 Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 4.7.0 -Requires: ldapjdk >= 4.22.0 +Requires: jss >= 4.9.0, jss < 5.0.0 +Requires: ldapjdk >= 4.23.0, ldapjdk < 5.0.0 Requires: pki-base = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} && 0%{?rhel} <= 8 Requires: resteasy >= 3.0.26 %else -Requires: resteasy-atom-provider >= 3.0.17-1 Requires: resteasy-client >= 3.0.17-1 Requires: resteasy-jaxb-provider >= 3.0.17-1 Requires: resteasy-core >= 3.0.17-1 Requires: resteasy-jackson2-provider >= 3.0.17-1 %endif -%if 0%{?fedora} && 0%{?fedora} >= 33 +%if 0%{?fedora} >= 33 || 0%{?rhel} > 8 Requires: jaxb-impl >= 2.3.3 Requires: jakarta-activation >= 1.2.2 %endif @@ -517,25 +492,19 @@ Requires: python3-policycoreutils Requires: selinux-policy-targeted >= 3.13.1-159 -%if 0%{?rhel} -Requires: pki-servlet-engine >= 1:9.0.7 +%if 0%{?rhel} && ! 0%{?eln} +Requires: pki-servlet-engine %else Requires: tomcat >= 1:9.0.7 %endif -Requires: velocity Requires: sudo Requires: systemd Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils -Requires: tomcatjss >= 7.6.1 - -# JNA is used to bind to libsystemd -%if %{with sdnotify} -Requires: jna -%endif +Requires: tomcatjss >= 7.7.0, tomcatjss < 8.0.0 # pki-healthcheck depends on the following library %if 0%{?rhel} @@ -646,7 +615,7 @@ since such archival would undermine non-repudiation properties of signing keys. Summary: PKI OCSP Package BuildArch: noarch -Requires: pki-server = %{version} +Requires: pki-server = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -684,7 +653,7 @@ whenever they are issued or updated. Summary: PKI TKS Package BuildArch: noarch -Requires: pki-server = %{version} +Requires: pki-server = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -715,7 +684,7 @@ behind the firewall with restricted access. Summary: PKI TPS Package -Requires: pki-server = %{version} +Requires: pki-server = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -780,8 +749,8 @@ BuildArch: noarch BuildRequires: idm-console-framework >= 1.2.0 Requires: idm-console-framework >= 1.2.0 -Requires: pki-base-java = %{version} -Requires: pki-console-theme = %{version} +Requires: pki-base-java = %{version}-%{release} +Requires: pki-console-theme = %{version}-%{release} %description -n pki-console The PKI Console is a Java application used to administer PKI server. @@ -797,7 +766,7 @@ The PKI Console is a Java application used to administer PKI server. Summary: %{brand} PKI Server Theme Package BuildArch: noarch -Provides: pki-server-theme = %{version} +Provides: pki-server-theme = %{version}-%{release} # Ensure we end up with a useful installation Conflicts: pki-base < %{version} @@ -816,7 +785,7 @@ This PKI Server Theme Package contains Summary: %{brand} PKI Console Theme Package BuildArch: noarch -Provides: pki-console-theme = %{version} +Provides: pki-console-theme = %{version}-%{release} # Ensure we end up with a useful installation Conflicts: pki-base < %{version} @@ -849,7 +818,7 @@ This package contains PKI test suite. %prep ################################################################################ -%autosetup -n pki-%{version}%{?_phase} -p 1 -S git +%autosetup -n pki-%{version}%{?_phase} -p 1 ################################################################################ %build @@ -862,16 +831,10 @@ java_version=`%{java_home}/bin/java -XshowSettings:properties -version 2>&1 | se # otherwise get version number java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'` -# get Tomcat . version number -tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'` - -if [ $tomcat_version == "9.0" ]; then - app_server=tomcat-8.5 -else - app_server=tomcat-$tomcat_version -fi +# assume tomcat app_server +app_server=tomcat-9.0 -%if 0%{?rhel} +%if 0%{?rhel} && 0%{?rhel} <= 8 %{__mkdir_p} build cd build %endif @@ -882,8 +845,8 @@ cd build -DVAR_INSTALL_DIR:PATH=/var \ -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ -DJAVA_VERSION=${java_version} \ - -DJAVA_HOME=%java_home \ - -DPKI_JAVA_PATH=%java_home/bin/java \ + -DJAVA_HOME=%{java_home} \ + -DPKI_JAVA_PATH=%{java_home}/bin/java \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ -DAPP_SERVER=$app_server \ @@ -901,18 +864,17 @@ cd build -DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \ -DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \ -DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \ - -DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \ -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \ -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \ -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \ -DTHEME=%{?with_theme:%{vendor_id}} \ -%if 0%{?rhel} +%if 0%{?rhel} && 0%{?rhel} <= 8 .. %else -B %{_vpath_builddir} %endif -%if 0%{?fedora} +%if 0%{?fedora} || 0%{?rhel} > 8 cd %{_vpath_builddir} %endif @@ -929,7 +891,7 @@ cd %{_vpath_builddir} %install ################################################################################ -%if 0%{?rhel} +%if 0%{?rhel} && 0%{?rhel} <= 8 cd build %else cd %{_vpath_builddir} @@ -943,7 +905,7 @@ cd %{_vpath_builddir} --no-print-directory \ install -%if %{with_test} +%if %{with test} ctest --output-on-failure %endif @@ -960,14 +922,22 @@ EOF # Customize client library links in /usr/share/pki/lib ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar +%if 0%{?fedora} && 0%{?fedora} <= 34 || 0%{?rhel} && 0%{?rhel} <= 8 ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar +%else +ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/lib/jakarta.annotation-api.jar +%endif %if %{with server} # Customize server common library links in /usr/share/pki/server/common/lib ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar +%if 0%{?fedora} && 0%{?fedora} <= 34 || 0%{?rhel} && 0%{?rhel} <= 8 ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar +%else +ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/server/common/lib/jakarta.annotation-api.jar +%endif # with server %endif @@ -1018,6 +988,10 @@ fi ## from EITHER 'sysVinit' OR previous 'systemd' processes to the new ## PKI deployment process +# CVE-2021-3551 +# Remove world access from existing installation logs +find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \; + # Reload systemd daemons on upgrade only if [ "$1" == "2" ] then @@ -1197,9 +1171,8 @@ fi %{_sbindir}/pkidestroy %{_sbindir}/pki-server %{_sbindir}/pki-server-upgrade -%{python3_sitelib}/pki/server/ %{_sbindir}/pki-healthcheck -%{python3_sitelib}/pki/server/healthcheck/ +%{python3_sitelib}/pki/server/ %{python3_sitelib}/pkihealthcheck-*.egg-info/ %config(noreplace) %{_sysconfdir}/pki/healthcheck.conf @@ -1242,10 +1215,6 @@ fi %{_datadir}/pki/setup/ %{_datadir}/pki/server/ -%if %{with sdnotify} -%{_javadir}/pki/pki-systemd.jar -%endif - # with server %endif @@ -1255,7 +1224,6 @@ fi ################################################################################ %{_javadir}/pki/pki-acme.jar -%dir %{_datadir}/pki/acme %{_datadir}/pki/acme/ # with acme @@ -1268,7 +1236,6 @@ fi %license base/ca/LICENSE %{_javadir}/pki/pki-ca.jar -%dir %{_datadir}/pki/ca %{_datadir}/pki/ca/ # with ca @@ -1281,7 +1248,6 @@ fi %license base/kra/LICENSE %{_javadir}/pki/pki-kra.jar -%dir %{_datadir}/pki/kra %{_datadir}/pki/kra/ # with kra @@ -1294,7 +1260,6 @@ fi %license base/ocsp/LICENSE %{_javadir}/pki/pki-ocsp.jar -%dir %{_datadir}/pki/ocsp %{_datadir}/pki/ocsp/ # with ocsp @@ -1307,7 +1272,6 @@ fi %license base/tks/LICENSE %{_javadir}/pki/pki-tks.jar -%dir %{_datadir}/pki/tks %{_datadir}/pki/tks/ # with tks @@ -1320,7 +1284,6 @@ fi %license base/tps/LICENSE %{_javadir}/pki/pki-tps.jar -%dir %{_datadir}/pki/tps %{_datadir}/pki/tps/ %{_mandir}/man5/pki-tps-connector.5.gz %{_mandir}/man5/pki-tps-profile.5.gz @@ -1399,6 +1362,21 @@ fi ################################################################################ %changelog +* Thu Aug 12 2021 Red Hat PKI Team 10.11.0-2 +- Bug 1992337 - Double issuance of non-CA subsystem certs at installation + +* Mon Jul 26 2021 Red Hat PKI Team 10.11.0-1 +- Rebase to PKI 10.11.0 + +* Mon Jun 14 2021 Red Hat PKI Team 10.11.0-0.3 +- Rebase to PKI 10.11.0-alpha3 + +* Thu Jun 03 2021 Red Hat PKI Team 10.11.0-0.2 +- Fix JAVA_HOME + +* Wed Jun 02 2021 Red Hat PKI Team 10.11.0-0.1 +- Rebase to PKI 10.11.0-alpha2 + * Mon Feb 08 2021 Red Hat PKI Team 10.10.4-1 - Rebase to PKI 10.10.4 - Bug 1664435 - Error instantiating class for challenge_password with SCEP request