[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][master] 12 commits: Add python3-ldap to python3-pki-base Depends. Thanks, Francisco Vilmar Cardoso...
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Tue Sep 7 11:18:24 BST 2021
Timo Aaltonen pushed to branch master at FreeIPA packaging / dogtag-pki
Commits:
821cac24 by Timo Aaltonen at 2021-09-06T10:39:53+03:00
Add python3-ldap to python3-pki-base Depends. Thanks, Francisco Vilmar Cardoso Ruviaro and Rene Luria! (Closes: #985340)
- - - - -
3966aec4 by Timo Aaltonen at 2021-09-06T10:39:58+03:00
Move p11-kit-trust.so to pki-tools, add p11-kit-modules to pki-tools Depends. (Closes: #986080)
- - - - -
623abcb2 by Timo Aaltonen at 2021-09-06T10:40:33+03:00
releasing package dogtag-pki version 10.10.2-3
- - - - -
e0155145 by Timo Aaltonen at 2021-09-06T10:50:46+03:00
Refresh patches.
- - - - -
7eb92d05 by Timo Aaltonen at 2021-09-06T10:59:01+03:00
JNA requirement got dropped, update packaging for it.
- - - - -
97134407 by Timo Aaltonen at 2021-09-06T10:59:10+03:00
pki-server.postinst: Remove world access from existing installation logs.
- - - - -
abf3b73b by Timo Aaltonen at 2021-09-06T10:59:52+03:00
control: Drop velocity from depends, it's not used anymore.
- - - - -
450348c1 by Timo Aaltonen at 2021-09-06T11:01:46+03:00
control: Drop libcommons-httpclient-java from depends, not used anymore.
- - - - -
f945fad1 by Timo Aaltonen at 2021-09-06T14:22:29+03:00
control: Bump libjss dependency.
- - - - -
d544a142 by Timo Aaltonen at 2021-09-07T13:03:14+03:00
pki-tps.install: Updated.
- - - - -
5addd550 by Timo Aaltonen at 2021-09-07T13:09:43+03:00
tests: Add iproute2 to test depends. (Closes: #991173)
- - - - -
d21b7f98 by Timo Aaltonen at 2021-09-07T13:16:50+03:00
tests: Add isolation-container to test restrictions. (Closes: #991174)
- - - - -
10 changed files:
- debian/changelog
- debian/control
- debian/patches/fix-symkey-path.diff
- debian/pki-base-java.install
- debian/pki-server.install
- debian/pki-server.postinst
- debian/pki-tools.install
- debian/pki-tps.install
- debian/rules
- debian/tests/control
Changes:
=====================================
debian/changelog
=====================================
@@ -3,9 +3,30 @@ dogtag-pki (10.10.6-1) UNRELEASED; urgency=medium
* New upstream release.
- CVE-2021-3551 (Closes: #991665)
* CVE-2021-20179.diff: Dropped, upstream.
+ * Refresh patches.
+ * JNA requirement got dropped, update packaging for it.
+ * pki-server.postinst: Remove world access from existing installation
+ logs.
+ * control: Drop velocity from depends, it's not used anymore.
+ * control: Drop libcommons-httpclient-java from depends, not used
+ anymore.
+ * control: Bump libjss dependency.
+ * pki-tps.install: Updated.
+ * tests: Add iproute2 to test depends. (Closes: #991173)
+ * tests: Add isolation-container to test restrictions. (Closes:
+ #991174)
-- Timo Aaltonen <tjaalton at debian.org> Thu, 28 Jan 2021 13:06:45 +0200
+dogtag-pki (10.10.2-3) unstable; urgency=medium
+
+ * Add python3-ldap to python3-pki-base Depends. Thanks, Francisco
+ Vilmar Cardoso Ruviaro and Rene Luria! (Closes: #985340)
+ * Move p11-kit-trust.so to pki-tools, add p11-kit-modules to pki-tools
+ Depends. (Closes: #986080)
+
+ -- Timo Aaltonen <tjaalton at debian.org> Wed, 14 Apr 2021 11:02:32 +0300
+
dogtag-pki (10.10.2-2) unstable; urgency=medium
* CVE-2021-20179.diff: Fix renewal profile approval process.
=====================================
debian/control
=====================================
@@ -15,7 +15,6 @@ Build-Depends:
libactivation-java,
libcommons-cli-java,
libcommons-codec-java,
- libcommons-httpclient-java,
libcommons-io-java,
libcommons-lang3-java,
libcommons-net-java,
@@ -27,8 +26,7 @@ Build-Depends:
libjackson2-databind-java,
libjaxb-java,
libjaxp1.3-java,
- libjna-java,
- libjss-java (>= 4.8.0~),
+ libjss-java (>= 4.8.1~),
libldap-java (>= 4.21.0+dfsg1),
libldap2-dev,
libnspr4-dev,
@@ -52,7 +50,6 @@ Build-Depends:
python3-setuptools,
python3-sphinx,
python3-urllib3,
- velocity,
zlib1g-dev,
389-ds-base-dev (>= 1.4.0.16-1),
Standards-Version: 4.5.0
@@ -112,7 +109,6 @@ Breaks: pki-base (<< 10.3.5-1)
Depends:
libcommons-cli-java,
libcommons-codec-java,
- libcommons-httpclient-java,
libcommons-io-java,
libcommons-lang3-java,
libcommons-logging-java,
@@ -121,7 +117,7 @@ Depends:
libhttpcore-java,
libjaxp1.3-java,
libjettison-java,
- libjss-java (>= 4.8.0~),
+ libjss-java (>= 4.8.1~),
libldap-java (>= 4.21.0+dfsg1),
libresteasy3.0-java (>= 3.0.19-5),
libslf4j-java,
@@ -146,6 +142,7 @@ Architecture: all
Depends:
openssl,
python3-cryptography,
+ python3-ldap,
python3-nss,
python3-requests,
python3-urllib3,
@@ -163,13 +160,16 @@ Depends:
libjackson2-annotations-java,
libnss3-tools,
openssl,
+ p11-kit-modules,
pki-base-java (= ${source:Version}),
python3-pki-base (>= ${source:Version}),
${java:Depends},
${misc:Depends},
${python3:Depends},
${shlibs:Depends},
-Conflicts: strongswan-starter, strongswan-pki
+Conflicts: strongswan-starter, strongswan-pki,
+Replaces: pki-base-java (<< 10.10.2-3)
+Breaks: pki-base-java (<< 10.10.2-3)
Description: Certificate System - PKI Tools
This package contains PKI executables that can be used to help make
Certificate System into a more complete and robust PKI solution.
@@ -194,7 +194,6 @@ Depends:
libjackson2-jaxrs-providers-java,
libjaxb-java,
libjboss-logging-java,
- libjna-java,
libjs-jquery,
libjs-underscore,
libsymkey-java (= ${source:Version}),
@@ -211,7 +210,6 @@ Depends:
python3-lxml,
python3-selinux,
tomcat9-user,
- velocity,
${java:Depends},
${misc:Depends},
${python3:Depends},
=====================================
debian/patches/fix-symkey-path.diff
=====================================
@@ -38,5 +38,5 @@ Description: fix the libsymkey.so JNI install path
- COMMAND ln -sf /usr/lib/java/symkey.jar ${CMAKE_CURRENT_BINARY_DIR}/common/lib/symkey.jar
+ COMMAND ln -sf /usr/share/java/symkey.jar ${CMAKE_CURRENT_BINARY_DIR}/common/lib/symkey.jar
COMMAND ${CMAKE_COMMAND} -E create_symlink ${TOMCATJSS_JAR} common/lib/tomcatjss.jar
- COMMAND ${CMAKE_COMMAND} -E create_symlink ${VELOCITY_JAR} common/lib/velocity.jar
COMMAND ${CMAKE_COMMAND} -E create_symlink ${XERCES_JAR} common/lib/xerces-j2.jar
+ COMMAND ${CMAKE_COMMAND} -E create_symlink ${XML_COMMONS_APIS_JAR} common/lib/xml-commons-apis.jar
=====================================
debian/pki-base-java.install
=====================================
@@ -1,3 +1,3 @@
usr/share/java/pki/pki-certsrv.jar
usr/share/java/pki/pki-cmsutil.jar
-usr/share/pki/lib
+usr/share/pki/lib/*.jar
=====================================
debian/pki-server.install
=====================================
@@ -15,7 +15,6 @@ usr/sbin/pkispawn
usr/share/java/pki/pki-acme.jar
usr/share/java/pki/pki-cms.jar
usr/share/java/pki/pki-cmsbundle.jar
-usr/share/java/pki/pki-systemd.jar
usr/share/java/pki/pki-tomcat.jar
usr/share/man/man1/pkidaemon.1
usr/share/man/man5/pki_default.cfg.5
=====================================
debian/pki-server.postinst
=====================================
@@ -24,6 +24,9 @@ invoke_failure() {
fi
}
+# CVE-2021-3551
+# Remove world access from existing installation logs
+find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \;
#DEBHELPER#
=====================================
debian/pki-tools.install
=====================================
@@ -59,4 +59,5 @@ usr/share/man/man1/pki-user.1
usr/share/man/man1/pki-user-cert.1
usr/share/man/man1/pki-user-membership.1
usr/share/man/man1/pki.1
+usr/share/pki/lib/p11-kit-trust.so
usr/share/pki/tools/
=====================================
debian/pki-tps.install
=====================================
@@ -2,6 +2,8 @@ usr/share/java/pki/pki-tps.jar
usr/share/man/man5/pki-tps-connector.5
usr/share/man/man5/pki-tps-profile.5
usr/share/man/man8/pki-server-tps.8
+usr/share/pki/tps/auth/
+usr/share/pki/tps/bin/
usr/share/pki/tps/conf/
usr/share/pki/tps/setup/
usr/share/pki/tps/webapps/
=====================================
debian/rules
=====================================
@@ -45,7 +45,6 @@ confflags-core = \
-DBUILD_PKI_CONSOLE:BOOL=ON \
-DTHEME=dogtag \
-DWITH_TEST=OFF \
- -DWITH_SYSTEMD_NOTIFICATION:BOOL=ON \
%:
dh $@ --with javahelper,python3,apache2 --builddirectory=build/ \
=====================================
debian/tests/control
=====================================
@@ -2,8 +2,10 @@ Tests: pkispawn
Depends:
@,
389-ds-base (>= 1.4.1.6-1),
+ iproute2,
procps,
sudo,
Restrictions:
allow-stderr,
+ isolation-container,
needs-root,
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/2a6edd9bb656b9f6aae239242342adbd5a03e3d0...d21b7f98a6d1a5563d0b9b6333e34c5f41a1a8c3
--
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/2a6edd9bb656b9f6aae239242342adbd5a03e3d0...d21b7f98a6d1a5563d0b9b6333e34c5f41a1a8c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20210907/7c016c28/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list