[Pkg-freeipa-devel] dogtag-pki: Changes to 'refs/tags/debian/10.3.5+12-1'

Timo Aaltonen tjaalton at moszumanska.debian.org
Wed Feb 15 09:08:42 UTC 2017


Tag 'debian/10.3.5+12-1' created by Timo Aaltonen <tjaalton at debian.org> at 2017-02-15 09:06 +0000

tagging package dogtag-pki version debian/10.3.5+12-1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAABCAAGBQJYpBozAAoJEMtwMWWoiYTc3XAP+wR2qrw8IbZqBpBOkltAJUvT
PMap0rQ3bsbqSDd9/DnJU7mt6ZccFeFKoLz7MNzH1h8vRU/Mmhm6iHIb7PixaCV9
54yxefufRjLP3AE+2vBHajFFDfUvYQVCgoxzExr72dohIM/tO+80T/Uv7S4SZd0r
lnEF4on2rgKQDBMjvbVXi1XpCee+y30P4L6LHo0xQ2UMfCZZ24rnr8sZ2fmAxGLc
6hlGuHfoy9U0j6X4MdCE9Ri/OnBdv41sF8SA9oJE4gNLBy/Uodb2o51QItC1j5cR
lWDr8j6HU+6DaO9Bphtfy9Fq+xgKhE+aFJtHwbsE8aabZADs2/yZSmT5tBcybb8W
xVxLtXG7iJug1KpC8yrAHe62+giYM4q0DBHH8phg1oP2B9x4xKPaEPcTe2HlvFIP
sUjmkgABNdPbMlOeGPGOH8lIRugb3GpkVoKa2foKgmJ6YoQMEJpB86NZoQvlGS8e
pA18WcvvWl2bH1NxWLgebiKMo/xEd+WxfDjvj4XvQimL8sW7HWcU/S70EqkpZKlI
4Yypfqpx+MqF1jr0wnK+iIj74/JiV35WX+NPmvwncJiEIwni/X24MrbYACaojBEh
uSoTK9oqTvoi8Uwota4VchaiKnZ/oYn16/bwDMOSAvVprAgfp8XVF8VyiUTrMwzF
qjm6FIHaonAZF4z5jkFw
=8vF5
-----END PGP SIGNATURE-----

Changes since debian/10.3.5-7:
Abhijeet Kasurde (1):
      Added check for pki-server-nuxwdog parameter

Ade Lee (2):
      Fix CertRequestInfo URLs
      Add option to remove signing cert entry

Christina Fu (7):
      Ticket #2446 pkispawn: make subject_dn defaults unique per instance name (for shared HSM)
      Ticket #1527 TPS Enrollment always goes to "ca1" (bug fix)
      Ticket #2496 Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches
      Ticket #2498 Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true
      Ticket #2534 Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status
      Ticket #1741 ECDSA certs Alg IDs contian parameter field
      Ticket #2534 (additional) - reset cert status after successful unrevoke

Endi S. Dewata (52):
      Removed PKCS #7 from add user cert dialog in TPS UI.
      Added cert validation error message in selftest log.
      Added exception wrapper for invalid LDAP attribute syntax.
      Removed misleading log in SelfTestSubsystem.
      Fixed SelfTestService.findSelfTests().
      Added debug messages for ConfigurationUtils.handleCerts().
      Allowing optional CA signing CSR.
      Updated pki-server subsystem-cert-update CLI.
      Added upgrade script to fix deployment descriptors.
      Updated RPM spec for RHEL.
      Fixed default token name for system certificates.
      Moved subsystem initialization after database initialization.
      Fixed debug log in UpdateNumberRange servlet.
      Added support to create system certificates in different tokens.
      Removed FixSELinuxContexts upgrade script.
      Removed support for creating system certificates in different tokens.
      Troubleshooting improvements for SigningUnit.
      Troubleshooting improvements for ConfigurationUtils.
      Additional improvements for SigningUnit.
      Removed duplicate classes.
      Troubleshooting improvements for GetCertChain.
      Fixed NSSDatabase.create_request().
      Fixed ConfigurationUtils.importCertChain().
      Fixed typo in UserPwdDirAuthentication.
      Fixed CryptoUtil.getTokenName().
      Fixed TPS UI for agent approval.
      Fixed TPS UI system menu.
      Reformatted SecurityDataRecoveryService.serviceRequest().
      Fixed KRA key recovery via CLI in FIPS mode.
      Refactored PKIConnection.get().
      Fixed problem with pki user-cert-add.
      Updated NSS dependency on Fedora.
      Updated pki-cert man page.
      Updated AccountInfo.
      Fixed TPS UI system menu.
      Fixed TPS UI for agent approval.
      Fixed problem installing subordinate CA with HSM in FIPS mode.
      Fixed hanging subordinate CA with HSM installation in FIPS mode.
      Removed unused CA and KRA logging.properties.
      Removed unused OCSP, TKS, and TPS logging.properties.
      Updated logging.properties.
      Updated log4j.properties.
      Added man pages for logging configuration.
      Updated spec file for logging configuration man pages.
      Added man pages for PKCS #12 utilities.
      Updated pki-core.spec.
      Replaced default AJP hostname with generic loopback address.
      Added global TCP Keep-Alive option.
      Added upgrade script to update AJP loopback address.
      Fixed problem searching the latest certificate request.
      Fixed missing SLF4J in Javadoc classpath.
      Fixed Javadoc failure caused by HTML special characters.

Fraser Tweedale (7):
      Revoke lightweight CA certificate on deletion
      Prevent deletion of host CA cert and key from NSSDB
      Accept LWCA entry with missing entryUSN if plugin enabled
      Perform host authority check before entryUSN check
      Do not attempt LWCA key retrieval for host authority
      Compare serialised DNs in host authority check
      Use BigInteger for entryUSN

Geetika Kapoor (1):
      Fix for BZ 1358462

Jack Magne (8):
      Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working.
      Fix for: Add ability to disallow TPS to enroll a single user on multiple tokens. #1664
      Another Fix for: Add ability to disallow TPS to enroll a single user on multiple tokens. #1664
      Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches
      PIN_RESET policy is not giving expected results when set on a token.
      TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode.
      Resolve: pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config
      Change lifecycle at end of enrollment if it is not already set.

Matthew Harmsen (21):
      Update version number to 10.3.6-0.1
      Resolves:  rhbz #1366465
      pki-tools CMCEnroll man page (spec file)
      Resolve python-requests dependencies appropriately by adding minimum required version
      pki-tools HEADER/FOOTER changes
      pki-tools CMCEnroll man page
      spec file changes
      Updated RPM spec.
      Updated RPM spec.
      Added openssl runtime dependency for support of External CA.
      Updated RPM spec for 10.3.5-7.
      Updated pki-console RPM spec for 10.3.5-2.
      Fixed name of patch.
      Fix for flake8 errors on Fedora 26 (cheimes)
      Fix for flake8 errors on Fedora 26 (cheimes) - spec file changes
      Revert "Fixed TPS UI for agent approval."
      Revert "Fixed TPS UI system menu."
      Updated pki-core spec file for 10.3.5-9.
      Updated pki-core spec file for 10.3.5-11.
      Cast 'char *' to 'const char *' in C++ files.
      Checked-in under trivial file fix.

Timo Aaltonen (7):
      Merge branch 'upstream'
      update changelog
      Merge branch 'upstream'
      minor version update
      sync-rpm-10.3.5-7.diff: Dropped.
      use-resteasy-legacy.diff, control: Port to resteasy 3.1.0-2 which ships resteasy-legacy.jar. (LP: #1664457)
      releasing package dogtag-pki version 10.3.5+12-1

---
 CMakeLists.txt                                                                     |    1 
 base/ca/shared/conf/logging.properties                                             |   70 
 base/ca/src/CMakeLists.txt                                                         |    4 
 base/ca/src/com/netscape/ca/CertificateAuthority.java                              |  131 
 base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java                       |    7 
 base/ca/src/com/netscape/ca/SigningUnit.java                                       |   26 
 base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java                     |    2 
 base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java                   |   50 
 base/common/man/man5/pki-logging.5                                                 |   94 
 base/common/python/pki/nssdb.py                                                    |   64 
 base/common/share/etc/logging.properties                                           |    3 
 base/common/src/CMakeLists.txt                                                     |    4 
 base/common/src/com/netscape/certsrv/account/AccountInfo.java                      |    8 
 base/common/src/com/netscape/certsrv/apps/CMS.java                                 |    5 
 base/common/src/com/netscape/certsrv/apps/ICMSEngine.java                          |    8 
 base/common/src/com/netscape/certsrv/base/ResourceMessage.java                     |   11 
 base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java                 |    2 
 base/common/src/com/netscape/certsrv/client/PKIConnection.java                     |    8 
 base/common/src/com/netscape/certsrv/client/SubsystemClient.java                   |   26 
 base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java              |    6 
 base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java                 |    3 
 base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java             |    4 
 base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java              |   32 
 base/common/src/org/dogtagpki/tps/apdu/APDU.java                                   |    3 
 base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java                       |   35 
 base/console/src/CMakeLists.txt                                                    |    5 
 base/java-tools/man/man1/CMCEnroll.1                                               |  570 +
 base/java-tools/man/man1/pki-cert.1                                                |    5 
 base/java-tools/man/man1/pki-pkcs12-cert.1                                         |  122 
 base/java-tools/man/man1/pki-pkcs12-key.1                                          |   76 
 base/java-tools/man/man1/pki-pkcs12.1                                              |  114 
 base/java-tools/src/CMakeLists.txt                                                 |    4 
 base/java-tools/src/com/netscape/cmstools/CMCEnroll.java                           |   13 
 base/java-tools/src/com/netscape/cmstools/CMCRequest.java                          |    4 
 base/java-tools/src/com/netscape/cmstools/CMCRevoke.java                           |   11 
 base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java                       |    8 
 base/java-tools/src/com/netscape/cmstools/HttpClient.java                          |    2 
 base/java-tools/src/com/netscape/cmstools/PKCS10Client.java                        |   11 
 base/javadoc/CMakeLists.txt                                                        |    1 
 base/kra/shared/conf/logging.properties                                            |   70 
 base/kra/src/CMakeLists.txt                                                        |    4 
 base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java                     |   30 
 base/ocsp/shared/conf/logging.properties                                           |   70 
 base/ocsp/src/CMakeLists.txt                                                       |    4 
 base/ocsp/src/com/netscape/ocsp/SigningUnit.java                                   |   44 
 base/server/cms/src/CMakeLists.txt                                                 |    4 
 base/server/cms/src/com/netscape/cms/authentication/UserPwdDirAuthentication.java  |    2 
 base/server/cms/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java   |   22 
 base/server/cms/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java      |   22 
 base/server/cms/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java |   22 
 base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java |    2 
 base/server/cms/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java      |   11 
 base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestDAO.java              |   17 
 base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java      |   15 
 base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java                 |   15 
 base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java               |    2 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java       |   73 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java             |   21 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java        |    3 
 base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java     |    1 
 base/server/cms/src/com/netscape/cms/servlet/request/QueryReq.java                 |    6 
 base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java        |    4 
 base/server/cms/src/org/dogtagpki/server/rest/AccountService.java                  |   46 
 base/server/cms/src/org/dogtagpki/server/rest/SelfTestService.java                 |    2 
 base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java             |   11 
 base/server/cms/src/org/dogtagpki/server/rest/UserService.java                     |    2 
 base/server/cmsbundle/src/LogMessages.properties                                   |    2 
 base/server/cmscore/src/CMakeLists.txt                                             |    4 
 base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java                   |   15 
 base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java      |    2 
 base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java     |    8 
 base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java |  117 
 base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java        |  211 
 base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java     |   13 
 base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java      |   18 
 base/server/etc/default.cfg                                                        |   54 
 base/server/man/man5/pki-server-logging.5                                          |  191 
 base/server/man/man5/pki_default.cfg.5                                             |    2 
 base/server/python/pki/server/__init__.py                                          |    3 
 base/server/python/pki/server/cli/subsystem.py                                     |   74 
 base/server/python/pki/server/deployment/pkihelper.py                              |   16 
 base/server/python/pki/server/deployment/pkiparser.py                              |   33 
 base/server/python/pki/server/deployment/scriptlets/instance_layout.py             |   23 
 base/server/sbin/pki-server-nuxwdog                                                |   12 
 base/server/share/conf/log4j.properties                                            |   45 
 base/server/share/conf/logging.properties                                          |   24 
 base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java                |    5 
 base/server/upgrade/10.3.5/02-FixDeploymentDescriptor                              |  110 
 base/server/upgrade/10.3.5/02-FixSELinuxContexts                                   |   36 
 base/server/upgrade/10.3.5/03-UpdateAJPLoopbackAddress                             |   62 
 base/symkey/src/CMakeLists.txt                                                     |    4 
 base/symkey/src/com/netscape/symkey/CMakeLists.txt                                 |    2 
 base/tks/shared/conf/logging.properties                                            |   70 
 base/tks/src/CMakeLists.txt                                                        |    4 
 base/tps-client/src/CMakeLists.txt                                                 |    1 
 base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp                                    |   41 
 base/tps-client/src/include/apdu/APDU.h                                            |    3 
 base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h                              |   58 
 base/tps-client/src/main/ConfigStore.cpp                                           |    2 
 base/tps-client/src/main/RollingLogFile.cpp                                        |    2 
 base/tps-client/tools/raclient/RA_Conn.cpp                                         |   14 
 base/tps-client/tools/raclient/RA_Token.cpp                                        |    4 
 base/tps/shared/conf/CS.cfg                                                        |   36 
 base/tps/shared/conf/logging.properties                                            |   70 
 base/tps/shared/webapps/tps/js/profile.js                                          |   85 
 base/tps/shared/webapps/tps/js/tps.js                                              |  132 
 base/tps/shared/webapps/tps/ui/index.html                                          |   60 
 base/tps/shared/webapps/tps/ui/user-certs.html                                     |    2 
 base/tps/src/CMakeLists.txt                                                        |    4 
 base/tps/src/org/dogtagpki/server/tps/TPSAccountService.java                       |   80 
 base/tps/src/org/dogtagpki/server/tps/TPSTokenPolicy.java                          |    8 
 base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java                              |  109 
 base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java              |   48 
 base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java             |   45 
 base/tps/src/org/dogtagpki/server/tps/dbs/TokenCertStatus.java                     |   43 
 base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java                        |   15 
 base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java                   |   35 
 base/tps/src/org/dogtagpki/server/tps/main/ExternalRegCertToRecover.java           |   27 
 base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java                          |    3 
 base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java             |   32 
 base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java            |  337 
 base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java          |   34 
 base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java                  |   54 
 base/tps/src/org/dogtagpki/server/tps/rest/TPSApplication.java                     |    4 
 base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java                |    2 
 base/util/src/CMakeLists.txt                                                       |    8 
 base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java                          |   23 
 base/util/src/netscape/security/pkcs/PKCS12.java                                   |    6 
 base/util/src/netscape/security/x509/AlgorithmId.java                              |   41 
 debian/changelog                                                                   |   10 
 debian/control                                                                     |    2 
 debian/patches/series                                                              |    2 
 debian/patches/sync-rpm-10.3.5-7.diff                                              | 3687 ----------
 debian/patches/use-resteasy-legacy.diff                                            |  357 
 specs/pki-console.spec                                                             |   10 
 specs/pki-core.spec                                                                |  364 
 136 files changed, 4095 insertions(+), 5043 deletions(-)
---



More information about the Pkg-freeipa-devel mailing list