<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch upstream
at <a href="https://salsa.debian.org/freeipa-team/dogtag-pki">FreeIPA packaging / dogtag-pki</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/09b2d251d848e3907741c72531cc7bdd09f79cc3">09b2d251</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-10-08T17:27:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update COPR repo
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6748b681172f418e217f6914edd6e939ebdf7acb">6748b681</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-11-02T17:22:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix replica reinstallation
The pkispawn and pkidestroy have been modified to ignore
failures caused by adding an entry or attribute that is
already exists and to check whether a file exists before
removing it during replica removal and reinstallation.
One of the CA clone tests has been modified to test
removing and reinstalling a replica.
Resolves: https://github.com/dogtagpki/pki/issues/3544
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2b64641f0564ec50004f5b76cc52eece1382b54f">2b64641f</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-11-09T10:37:45+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Deprecated all SHA-1 constants, classes and enum entries.
* Bump version to 11.0.1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d3e7e807d08ae3842ebf6a71673d1d09b6f00b55">d3e7e807</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-11-11T08:52:55-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Generate warnings for deprecated algorithms on server startup
The PKI server has been modified to generate warnings for
deprecated algorithms in the config files and cert profiles
when the server is started.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2bf3d4a7983235c49722bda7d0b36b3b67c8bd24">2bf3d4a7</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-11-11T17:38:03+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove SHA-1 from signingAlgsAllowed in configuration files
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a699cc56b4599eb479205d2fea3e959f427ddae7">a699cc56</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-11-12T17:15:00+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add acme-wait.sh
The acme-wait.sh has been added to wait for the ACME server
to start before running the tests.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/69c0757fa747ef324b6213302b4a9bc701b5e26d">69c0757f</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-11-15T16:47:30+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Provide user friendly error message when trying to parse invalid JSON
Original JsonParseException is logged, and a new PKIException is thrown
with a user-friendly message.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0821e7d066faf4edc052221e179c5be244a6d6e7">0821e7d0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-12-08T11:55:01+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to 11.0.2
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/291f825b2025d37736589bd11a53f0eb3fc440b4">291f825b</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-12-16T18:15:26+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove KRA CLI XML options
* Only allow JSON
* Provide JSON templates
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/92447552876937c4b986ae988cd9674a208b876c">92447552</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-12-16T13:53:43-08:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug2033109-Invalid-subCA-certs-pkispawn-single
This patch takes care of the issue reported in the following bug
Bug 2033109 - Invalid certificates with creation of subCA (pkispawn single step)
where the subject DN of a certificate could be unintentionally recoded.
In addition, I found the CA enrollment profile caInstallCACert.cfg to have
only 2 year validity; Also the signingAlgsAllowed list is outdated.
This is also addressed.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2033109
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2e3f18dd2807ccfdf7098cc85c3512e2fd46c105">2e3f18dd</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2022-01-19T15:42:04+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to 11.0.3
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#ecae19c77a082e8b0487ab1eb8428f56f72e4341">
.github/workflows/acme-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#59aa675277e0d680e6ce78ba8f1b1e1d9918a617">
.github/workflows/ca-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#6651ddff6eb82c840ced7c1dddee15c6e1913dd4">
Dockerfile
</a>
</li>
<li class="file-stats">
<a href="#8ec9a00bfd09b3190ac6b22251dbb1aa95a0579d">
README.md
</a>
</li>
<li class="file-stats">
<a href="#63ffd8e45cfcae6135a76ec084286fce4acc3a2f">
base/acme/Dockerfile
</a>
</li>
<li class="file-stats">
<a href="#e00787d06879b23bb47a02edef01afb7689dbe64">
base/ca/shared/profiles/ca/AdminCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#24354bc89c5b9cde5ab20ff5263cf3269101b674">
base/ca/shared/profiles/ca/caAgentFileSigning.cfg
</a>
</li>
<li class="file-stats">
<a href="#85f2b9b306c434522ef49a610e5b47827c22e493">
base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
</a>
</li>
<li class="file-stats">
<a href="#d52e59d40446b3fe86a985c520274e582e5a8155">
base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#6179d91aef64fc28ce882ea539e34234739b4209">
base/ca/shared/profiles/ca/caDirPinUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#f8abdfe9490f89e3f9e0c6c15727a90fa0df1ddf">
base/ca/shared/profiles/ca/caDirUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#b6d1d3472a192538ba9be32297660a2d8fbf66f4">
base/ca/shared/profiles/ca/caDualCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#cbb1a372336c27bf27a987460fffe8767b35a091">
base/ca/shared/profiles/ca/caDualRAuserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#9a81b1d92429f4a292d086f25f10172e4d6f5532">
base/ca/shared/profiles/ca/caECDualCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#1bc5cdecdfb3e029fc281b0a9688673c18b2889d">
base/ca/shared/profiles/ca/caEncUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#72ff23048156d82c5feb28d33ac58f4a8fb6462e">
base/ca/shared/profiles/ca/caIPAserviceCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#bdb1363cdc84d17b63143b530a40d9f13dd62aa4">
base/ca/shared/profiles/ca/caInstallCACert.cfg
</a>
</li>
<li class="file-stats">
<a href="#488bf9649f0a337b6c017cf1e47335a0530ec633">
base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#1c3a6963d10f936d683363e20ab675e73198592e">
base/ca/shared/profiles/ca/caJarSigningCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#85a48150e5b90860699e11f9b16989f6f5629f36">
base/ca/shared/profiles/ca/caOtherCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#94c2e41aa33a45224afc3314091aebf913eb1f69">
base/ca/shared/profiles/ca/caRACert.cfg
</a>
</li>
<li class="file-stats">
<a href="#d1eebaafee48cd8a1c5ae6082047ebbb821c01c5">
base/ca/shared/profiles/ca/caRARouterCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#0dede753dafcb1502b1dbd7813c6635bb1fe6b54">
base/ca/shared/profiles/ca/caRAagentCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#04e4f601905d25ef52b0fd3fa5cc29d3a50ee681">
base/ca/shared/profiles/ca/caRAserverCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#e346c770aaaf6fd027107c2d92744a9fd643049d">
base/ca/shared/profiles/ca/caRouterCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#40b1f54c1b9fb96b32aedb2fdde197cf55c623ba">
base/ca/shared/profiles/ca/caServerKeygen_DirUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#d7d965a1ab3979b8e2be0ecac50d941f36340c97">
base/ca/shared/profiles/ca/caServerKeygen_UserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#cd757bf12f6226fa3cf48db8793868db92e695e3">
base/ca/shared/profiles/ca/caSigningUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#3070aa7c90962798acc6808295f69959b217a2ff">
base/ca/shared/profiles/ca/caTPSCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#029949b453f8af804ebc978ab64127cbba2c5a66">
base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/e8660ffea9a73d81a0627387691f255a20f585a7...2e3f18dd2807ccfdf7098cc85c3512e2fd46c105">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>