[Pkg-freeipa-devel] dogtag-pki: Changes to 'refs/tags/debian/10.2.6+git20160317-1'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Tue Apr 5 16:45:52 UTC 2016
Tag 'debian/10.2.6+git20160317-1' created by Timo Aaltonen <tjaalton at debian.org> at 2016-04-05 16:37 +0000
tagging package dogtag-pki version debian/10.2.6+git20160317-1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXA+nAAAoJEMtwMWWoiYTcKdYP+we0iTEJMIF9fbrTrVLUPJzk
Gw09YOcaTu4TRRkgsPIdiOBP4GP05v573RpdjOYnmouQyKOAavt52rJjJ53NkHoG
n1V0aTmji3oxoC55GTXqMdCkUNxaZ6SmpozF7cdUaY+9lQTWWF5wBjSFhhFxUK+w
txJSWEQbyDaaJIOaNCs52fmOEafEKMkaUAlI8MVMGYyfs6iJ+MDOATCvLDW1YhGJ
wA7XG9DExXtyu+aOojFyxdMhL3NjTz2uF37de7gNsXLq6NAMmNaYIlUZVE81h3Ur
9ESGL4/GFOxeDj4TQzZ9WeG/ixb+l+9ElVzDc7iSfb4ID8XuWsTehOrIHDWXaWEJ
lQE99lVkuh0EZIJ78yHnsvMrfhn2mT8qN+UuXt3SG8D/MndqbAW1PAzX/WVG0RMK
MBAWFOYDP4Qc2CQMSeAr824tuFz/xd0ag5oXQTqpxrE29QIxqENKvEjI3V4TSzQ+
q9yv/iHsYSs4fo+gWQ857xXKmcRGUPtU8MrbeWNTqCScV00eJtlyAZtP/o8OLXC0
N49AhuS0oyJAGeVCimgbjRK9eGR3h6oPcryGKYXZX5PoE0OgA4AfRgcB7WLdkQCh
zWJ+j71SqEvTfOEQh1cqAv1vy7/9XlDhjtY2wfz4snw63+6W0/2mj/n1x3MmXa1N
GiJF6339e1uVj99Th60M
=+Riz
-----END PGP SIGNATURE-----
Changes since debian/10.2.6-1:
Ade Lee (6):
Fix code to add replicationdb password unless already present
Remove noise file generation code
Add code to reindex data during cloning without replication
Separate range and cert status threads
One-liner fix to conditional for new SerialNumberUpdateTask
Modify dnsdomainname test in pkispawn
Christian Heimes (3):
Temporary silence InsecureRequestWarning
sslget must set Host HTTP header
pki-tomcat8 needs tomcat-api.jar to compile
Christina Fu (8):
Ticket 1307 issue: FilterMappingResolver always returns target
Ticket 1531 Directory auth plugin requires LDAP anonymous binds
Ticket 1539 Unable to create ECC KRA Instance when kra admin key type is ECC
Ticket 1543 portalEnroll authentication does not load during creation from Console
Ticket #1556 Weak HTTPS TLS ciphers
Ticket 1566 on HSM, non-CA subystem installations failing while trying to join security domain Investigation shows that this issue occurs when the non-CA subsystem's SSL server and client keys are also on the HSM. While browsers (on soft token) have no issue connecting to any of the subsystems on HSM, subsystem to subsystem communication has issues when the TLS_ECDHE_RSA_* ciphers are turned on. We have decided to turn off the TLS_ECDHE_RSA_* ciphers by default (can be manually turned on if desired) based on the fact that: 1. The tested HSM seems to have issue with them (will still continue to investigate) 2. While the Perfect Forward Secrecy provides added security by the TLS_ECDHE_RSA_* ciphers, each SSL session takes 3 times longer to estabish. 3. The TLS_RSA_* ciphers are adequate at this time for the CS system operations
Ticket 1307 minor fix for - [RFE] Support multiple keySets for different cards for ExternalReg - make default keySetMappingResolver work for smart cards out of box
Ticket #1593 auto-shutdown - for HSM failover support
Endi S. Dewata (22):
Fixed ObjectNotFoundException in PKCS12Export.
Fixed missing cert request hostname and address.
Fixed missing query parameters in ListCerts page.
Added pki-user-membership man page.
Added CLI to update cert data and request in CS.cfg.
Added support for secure database connection in CLI.
Relocated legacy cert enrollment methods.
Refactored certificate processors.
Added support for directory-authenticated profiles in CLI.
Added default subject DN for pki client-cert-request.
Fixed user search in PasswdUserDBAuthentication.
Removed unused WizardServlet.
Replaced legacy HttpClient.
Added pki-server subsystem-cert-export command.
Added CLI options to simplify submitting CSR.
Added mechanism to import existing CA certificate.
Updated pki-cert and pki-server-subsystem man pages.
Fixed external CA case for IPA compatibility.
Fixed mismatching certificate validity calculation.
Fixed installation summary for existing CA.
Renamed pki.nss into pki.nssdb.
Fixed KRA installation.
Fraser Tweedale (6):
Extract LDAPControl search function to LDAPUtil
Add LDAPPostReadControl class
Avoid profile race conditions by tracking entryUSN
Handle LDAPProfileSubsystem delete-then-recreate races
Ensure config store commits refresh file-based profile data
Block startup until initial profile load completed
Jack Magne (8):
TPS UI: After successful key upgrade during pin reset operation the token db still shows old key
op.format.externalRegAddToToken.revokeCert parameter missing in TPS CS.cfg.
Firefox warning
setpin utility doesn't set the pin for users.
Minor fix to "setpin" fix.
Internet Explorer 11 not working browser warning.
SC650 format/enroll fails
KRA: key archival/recovery via cli - should honor encryption/decryption flags.
Matthew Harmsen (24):
Update release number for release build (10.2.6-2)
Please depend on policycoreutils-python-utils
Fixed previous patch by ALWAYS including 'policycoreutils-python' regardless
Add certutil options for ECC
Update release number for release build (10.2.6-4)
remove extra space from Base 64 encoded cert displays
Added in commented out 'javac' command-line options such as "-g" debugging
remove more inaccessible URLs from server.xml
updated dependencies
Update release number for release build (10.2.6-5)
Update release number for release build (10.2.6-6)
Update release number for release build (10.2.6-7)
Update release number for release build (10.2.6-8)
Fixed pkidbuser group memberships.
Added python-nss runtime dependency
Updated pki-core.spec to 10.2.6-10.
Checking in under the one line trivial change rule.
Added automatic Tomcat migration.
Updated pki-core.spec to 10.2.6-12.
Resolves: PKI TRAC Ticket #1714
Fix to determine supported javadoc options
Build using tomcat 7.0.68 on F22
Changed 'pki-core.spec' (Dogtag 10.2.6) to be in sync with Fedora 23 in Koji.
Inserted Fedora 22 specific dependencies into 'pki-core.spec' (Dogtag 10.2.6)
Timo Aaltonen (19):
pki-server.dirs: Add pki-tomcatd-nuxwdog.target.wants.
base.postrm: No need to remove /etc/pki here.
debian-support.diff: Drop /etc/default/tomcat8, was a leftover from t8 testing. (Closes: #800558)
debian-support.diff: Import /lib/lsb/init-functions in scripts/operations. (Closes: #800559)
releasing package dogtag-pki version 10.2.6-2
pki-base.postrm: Remove upgrade logs on purge. (Closes: #801139)
use-usr-bin.diff: Fix paths to binaries to use /usr/bin instead of /bin.
releasing package dogtag-pki version 10.2.6-3
rules: Mark systemd units disabled by default.
Merge branch 'upstream-next' into master-next
update to current 10_2_6 branch, fix stuff
use-usr-bin.diff: Updated.
use-root-homedir.diff: Force home_dir to be /root, so that ipa works right.
control: Add conflicts on strongswan-pki.
add use-root-homedir.diff
pki-server: Remove logs on purge. (Closes: #814636)
pki-base: Remove pki.conf on purge. (Closes: #804312)
pki-server: remove /etc/pki/default.cfg on purge
releasing package dogtag-pki version 10.2.6+git20160317-1
---
CMakeLists.txt | 3
base/ca/shared/conf/CS.cfg.in | 9
base/ca/shared/conf/indextasks.ldif | 31
base/ca/shared/profiles/ca/AdminCert.cfg | 4
base/ca/shared/profiles/ca/caAdminCert.cfg | 4
base/ca/shared/webapps/ca/agent/ca/displayBySerial.template | 8
base/ca/shared/webapps/ca/agent/ca/displayBySerial2.template | 4
base/ca/shared/webapps/ca/agent/ca/queryCert.template | 4
base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template | 56
base/ca/shared/webapps/ca/ee/ca/displayBySerial.template | 8
base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template | 4
base/ca/shared/webapps/ca/ee/ca/displayCaCert.template | 8
base/ca/shared/webapps/ca/ee/ca/queryCert.template | 4
base/ca/shared/webapps/ca/services.template | 6
base/ca/src/com/netscape/ca/CertificateAuthority.java | 5
base/ca/src/com/netscape/ca/SigningUnit.java | 13
base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java | 16
base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java | 11
base/common/python/pki/cli.py | 7
base/common/python/pki/client.py | 24
base/common/python/pki/nssdb.py | 533 ++++++
base/common/src/com/netscape/certsrv/apps/CMS.java | 39
base/common/src/com/netscape/certsrv/apps/ICMSEngine.java | 7
base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java | 20
base/common/src/com/netscape/certsrv/cert/CertRequestResource.java | 10
base/common/src/com/netscape/certsrv/client/PKIConnection.java | 20
base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java | 2
base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java | 5
base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java | 31
base/java-tools/man/man1/pki-cert.1 | 23
base/java-tools/man/man1/pki-client.1 | 17
base/java-tools/man/man1/pki-user-cert.1 | 8
base/java-tools/man/man1/pki-user-membership.1 | 84 +
base/java-tools/man/man1/pki.1 | 6
base/java-tools/src/com/netscape/cmstools/PKCS12Export.java | 12
base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java | 184 ++
base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java | 94 -
base/java-tools/src/com/netscape/cmstools/client/ClientCertShowCLI.java | 168 +-
base/javadoc/CMakeLists.txt | 61
base/kra/shared/conf/CS.cfg.in | 2
base/kra/shared/conf/indextasks.ldif | 31
base/kra/shared/webapps/kra/agent/kra/displayBySerial2.template | 4
base/kra/src/com/netscape/kra/RecoveryService.java | 2
base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java | 107 +
base/kra/src/com/netscape/kra/SecurityDataService.java | 61
base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java | 2
base/native-tools/src/setpin/setpin.c | 59
base/native-tools/src/setpin/setpin_options.c | 7
base/native-tools/src/sslget/sslget.c | 23
base/ocsp/shared/conf/CS.cfg.in | 7
base/ocsp/shared/conf/indextasks.ldif | 31
base/ocsp/src/com/netscape/ocsp/SigningUnit.java | 2
base/server/cms/src/com/netscape/cms/authentication/DirBasedAuthentication.java | 54
base/server/cms/src/com/netscape/cms/authentication/TokenAuthentication.java | 38
base/server/cms/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java | 12
base/server/cms/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java | 12
base/server/cms/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java | 17
base/server/cms/src/com/netscape/cms/authentication/UserPwdDirAuthentication.java | 12
base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java | 79 -
base/server/cms/src/com/netscape/cms/realm/PKIRealm.java | 33
base/server/cms/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java | 14
base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java | 67
base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestDAO.java | 15
base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java | 45
base/server/cms/src/com/netscape/cms/servlet/cert/ListCerts.java | 60
base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java | 36
base/server/cms/src/com/netscape/cms/servlet/common/AuthCredentials.java | 2
base/server/cms/src/com/netscape/cms/servlet/csadmin/AdminPanel.java | 332 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/AuthDBPanel.java | 125 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java | 192 --
base/server/cms/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java | 215 --
base/server/cms/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java | 375 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java | 115 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java | 296 ---
base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 771 ++++++----
base/server/cms/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java | 279 ---
base/server/cms/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java | 532 ------
base/server/cms/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java | 226 --
base/server/cms/src/com/netscape/cms/servlet/csadmin/DonePanel.java | 313 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java | 194 --
base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java | 340 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java | 145 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/ModulePanel.java | 338 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/NamePanel.java | 622 --------
base/server/cms/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java | 235 ---
base/server/cms/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java | 144 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java | 482 ------
base/server/cms/src/com/netscape/cms/servlet/csadmin/SizePanel.java | 491 ------
base/server/cms/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java | 128 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java | 306 ---
base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java | 85 -
base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java | 3
base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java | 66
base/server/cms/src/com/netscape/cms/servlet/wizard/IWizardPanel.java | 111 -
base/server/cms/src/com/netscape/cms/servlet/wizard/WizardServlet.java | 489 ------
base/server/cms/src/org/dogtagpki/server/rest/SessionContextInterceptor.java | 10
base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 90 -
base/server/cmsbundle/src/UserMessages.properties | 2
base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java | 230 ++
base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java | 4
base/server/cmscore/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java | 80 -
base/server/cmscore/src/com/netscape/cmscore/base/LDAPConfigStore.java | 57
base/server/cmscore/src/com/netscape/cmscore/dbs/CertificateRepository.java | 80 -
base/server/cmscore/src/com/netscape/cmscore/profile/AbstractProfileSubsystem.java | 53
base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java | 202 ++
base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java | 2
base/server/etc/default.cfg | 12
base/server/man/man1/pkidaemon.1 | 14
base/server/man/man5/pki_default.cfg.5 | 10
base/server/man/man8/pki-server-subsystem.8 | 26
base/server/man/man8/pkispawn.8 | 4
base/server/python/pki/server/__init__.py | 225 ++
base/server/python/pki/server/ca.py | 92 +
base/server/python/pki/server/cli/ca.py | 206 ++
base/server/python/pki/server/cli/instance.py | 28
base/server/python/pki/server/cli/migrate.py | 14
base/server/python/pki/server/cli/nuxwdog.py | 4
base/server/python/pki/server/cli/subsystem.py | 519 +++++-
base/server/python/pki/server/deployment/pkihelper.py | 179 +-
base/server/python/pki/server/deployment/pkimessages.py | 8
base/server/python/pki/server/deployment/pkiparser.py | 66
base/server/python/pki/server/deployment/scriptlets/configuration.py | 132 +
base/server/python/pki/server/deployment/scriptlets/finalization.py | 12
base/server/python/pki/server/deployment/scriptlets/security_databases.py | 12
base/server/python/pki/server/upgrade.py | 3
base/server/sbin/pki-server | 2
base/server/sbin/pkidestroy | 2
base/server/sbin/pkispawn | 41
base/server/share/conf/ciphers.info | 74
base/server/share/webapps/ROOT/index.jsp | 9
base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java | 6
base/server/tomcat7/conf/server.xml | 9
base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java | 5
base/server/tomcat8/conf/server.xml | 9
base/server/tomcat8/src/CMakeLists.txt | 10
base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML | 2
base/tks/shared/conf/CS.cfg.in | 2
base/tks/shared/conf/indextasks.ldif | 31
base/tps/shared/conf/CS.cfg.in | 26
base/tps/shared/conf/indextasks.ldif | 14
base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java | 2
base/tps/src/org/dogtagpki/server/tps/installer/CAInfoPanel.java | 171 --
base/tps/src/org/dogtagpki/server/tps/installer/DRMInfoPanel.java | 154 -
base/tps/src/org/dogtagpki/server/tps/installer/TKSInfoPanel.java | 150 -
base/tps/src/org/dogtagpki/server/tps/mapping/FilterMappingResolver.java | 17
base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java | 15
base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 12
base/util/src/com/netscape/cmsutil/ldap/LDAPPostReadControl.java | 106 +
base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java | 18
debian/changelog | 35
debian/control | 2
debian/patches/debian-support.diff | 35
debian/patches/series | 3
debian/patches/tomcat7-build-fix.diff | 15
debian/patches/use-root-homedir.diff | 11
debian/patches/use-usr-bin.diff | 89 +
debian/pki-base.postrm | 3
debian/pki-server.dirs | 1
debian/pki-server.postrm | 11
debian/pki-tools.install | 1
debian/rules | 4
specs/pki-core.spec | 297 +++
162 files changed, 5324 insertions(+), 8783 deletions(-)
---
More information about the Pkg-freeipa-devel
mailing list