-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-5a53fd17e3 2018-08-11 18:38:12.394485 --------------------------------------------------------------------------------
Name : pki-core Product : Fedora 27 Version : 10.5.11 Release : 1.fc27 URL : http://pki.fedoraproject.org/ Summary : Certificate System - PKI Core Components Description : ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * <customized>-pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages. -------------------------------------------------------------------------------- Update Information: Resolves: dogtagpki Pagure Issues #2915 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 31 2018 Dogtag Team <pki-de...@redhat.com> 10.5.11-1 - dogtagpki Pagure Issue #2915 - keyGen fails when only Identity certificate exists (jmagne) * Mon Jul 2 2018 Dogtag Team <pki-de...@redhat.com> 10.5.10-1 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - dogtagpki Pagure Issue #2865 X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - dogtagpki Pagure Issue #2920 Part2 of SharedToken Audit (cfu) - dogtagpki Pagure Issue #2922 IPAddressName: fix construction from String (ftweedal) - dogtagpki Pagure Issue #2959 Address pkispawn ECC profile overrides (cfu) - dogtagpki Pagure Issue #2992 CMC Simple request profiles and CMCResponse to support simple response (cfu) - dogtagpki Pagure Issue #3003 AuditVerify failure due to line breaks (cfu) - dogtagpki Pagure Issue #3037 CMC SharedToken SubjectDN default (cfu) * Fri Jun 8 2018 Dogtag Team <pki-de...@redhat.com> 10.5.9-1 - dogtagpki Pagure Issue #2922 - Name Constraints: Using a Netmask produces an odd entry in a certifcate (ftweedal) - dogtagpki Pagure Issue #2941 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - dogtagpki Pagure Issue #2999 - Cert validation for installation with external CA cert (edewata) - dogtagpki Pagure Issue #3028 - CMC CRMF request results in InvalidKeyFormatException when signing algorithm is ECC (cfu) - dogtagpki Pagure Issue #3033 - CRMFPopClient tool - should allow option to do no key archival (cfu) * Wed May 23 2018 Dogtag Team <pki-de...@redhat.com> 10.5.8-1 - Updated "jss" build and runtime requirements (mharmsen) - dogtagpki Pagure Issue #1576 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM (cfu) - dogtagpki Pagure Issue #1741 - ECDSA Certificates Generated by Certificate System fail NIST validation test with parameter field. (cfu) - dogtagpki Pagure Issue #2940 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (cfu) - dogtagpki Pagure Issue #2992 - servlet profileSubmitCMCSimple throws NPE (cfu) - dogtagpki Pagure Issue #2995 - SAN in internal SSL server certificate in pkispawn configuration step (cfu) - dogtagpki Pagure Issue #2996 - ECC installation for non CA subsystems needs improvement (jmagne) - dogtagpki Pagure Issue #2997 - Token name normalization problem in pki-server subsystem-cert-validate (edewata) - dogtagpki Pagure Issue #3018 - CMC profiles: Some CMC profiles have wrong input class_id (cfu) * Tue Apr 10 2018 Dogtag Team <pki-de...@redhat.com> 10.5.7-2 - dogtagpki Pagure Issue #2940 -[MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (cfu) - dogtagpki Pagure Issue #2946 - libtps does not directly depend on libz (build failure with nss-3.35) (ftweedal, cfu) - dogtagpki Pagure Issue #2950 - Need ECC-specific Enrollment Profiles for standard conformance (cfu) * Fri Mar 23 2018 Dogtag Team <pki-de...@redhat.com> 10.5.7-1 - dogtagpki Pagure Issue #2918 - Make sslget aware of TLSv1_2 ciphers (cheimes, mharmsen) - dogtagpki Pagure Issue #2922 - Name Constraints: Using a Netmask produces an odd entry in a certificate (ftweedal) - dogtagpki Pagure Issue #2938 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. (edewata) - dogtagpki Pagure Issue #2940 -[MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (cfu) - dogtagpki Pagure Issue #2949 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database (cfu) - dogtagpki Pagure Issue #2950 - Need ECC-specific Enrollment Profiles for standard conformance (cfu) - dogtagpki Pagure Issue #2952 - Permit additional FIPS ciphers to be enabled by default for RSA . . . (mharmsen, cfu) - dogtagpki Pagure Issue #2957 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException (ftweedal) - dogtagpki Pagure Issue #2975 - Not able to generate certificate request with ECC using pki client-cert-request (akahat) * Wed Feb 21 2018 Dogtag Team <pki-de...@redhat.com> 10.5.6-2 - dogtagpki Pagure Issue #2946 - libtps does not directly depend on libz (build failure with nss-3.35) * Mon Feb 19 2018 Dogtag Team <pki-de...@redhat.com> 10.5.6-1 - dogtagpki Pagure Issue #2656 - Updating list of default audit events (edewata) - dogtagpki Pagure Issue #2884 - Inconsistent key ID encoding (edewata) - dogtagpki Pagure Issue #2929 - Regression in lightweight CA key replication (ftweedal) - dogtagpki Pagure Issue #2944 - External OCSP Installation failure with HSM and FIPS (edewata) * Mon Feb 5 2018 Dogtag Team <pki-de...@redhat.com> 10.5.5-1 - dogtagpki Pagure Issue #2656 - Updating list of default audit events (edewata) - dogtagpki Pagure Issue #2838 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - dogtagpki Pagure Issue #2844 - TPS CS.cfg should be reflected with the changes after an in-place upgrade (jmagne) - dogtagpki Pagure Issue #2855 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - dogtagpki Pagure Issue #2878 - Missing faillure resumption detection and audit event logging at startup (jmagne) - dogtagpki Pagure Issue #2880 - Need to record CMC requests and responses (cfu) - dogtagpki Pagure Issue #2889 - Unable to have non "pkiuser" owned CA instance (alee) - dogtagpki Pagure Issue #2901 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - dogtagpki Pagure Issue #2909 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - dogtagpki Pagure Issue #2916 - ExternalCA: Failures when installed with hsm (edewata) - dogtagpki Pagure Issue #2920 - CMC: Audit Events needed for failures in SharedToken scenarios (cfu) - dogtagpki Pagure Issue #2921 - CMC: Revocation works with an unknown revRequest.issuer (cfu) * Tue Jan 23 2018 Dogtag Team <pki-de...@redhat.com> 10.5.4-1 - dogtagpki Pagure Issue #2557 -CA Cloning: Failed to update number range in few cases (ftweedal) - dogtagpki Pagure Issue #2604 - RFE: shared token storage and retrieval mechanism (cfu) - dogtagpki Pagure Issue #2661 -HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - dogtagpki Pagure Issue #2835 - pkidestroy does not work with nuxwdog (vakwetu) - dogtagpki Pagure Issue #2870 - Adjust requirement for openssl to latest version to include latest openssl fixes for FIPS SSL (mharmsen) - dogtagpki Pagure Issue #2872 -PR_FILE_NOT_FOUND_ERROR during pkispawn (vakwetu) - dogtagpki Pagure Issue #2873 - p12 admin certificate is missing when certificate is signed Externally (edewata) - dogtagpki Pagure Issue #2887 -Not able to setup CA with ECC (mharmsen) - dogtagpki Pagure Issue #2889 - Unable to have non "pkiuser" owned CA instance (vakwetu) - dogtagpki Pagure Issue #2904 - Adjust dependencies to require the latest nuxwdog (mharmsen) - dogtagpki Pagure Issue #2910 - pkispawn fails to mask specified parameter values under the [DEFAULT] section (vakwetu) - dogtagpki Pagure Issue #2911 -Adjust dependencies to require the latest JSS (mharmsen) * Mon Dec 11 2017 Dogtag Team <pki-de...@redhat.com> 10.5.3-1 - Re-base Dogtag to 10.5.3 - dogtagpki Pagure Issue #2735 - Secure removal of secret data storage (jmagne) - dogtagpki Pagure Issue #2856 - Pylint flags seobject failures (cheimes, mharmsen) - dogtagpki Pagure Issue #2861 -ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - dogtagpki Pagure Issue #2862 - Create a mechanism to select the default NSS DB type (jmagne, mharmsen) - dogtagpki Pagure Issue #2874 - nuxwdog won't start on Fedora (alee, mharmsen) * Mon Nov 27 2017 Dogtag Team <pki-de...@redhat.com> 10.5.2-1 - Re-base Dogtag to 10.5.2 * Tue Nov 14 2017 Troy Dawson <tdaw...@redhat.com> - 10.5.1-3 - dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals * Wed Nov 8 2017 Dogtag Team <pki-de...@redhat.com> 10.5.1-2 - Patch applying check-ins since 10.5.1-1 * Thu Nov 2 2017 Dogtag Team <pki-de...@redhat.com> 10.5.1-1 - Re-base Dogtag to 10.5.1 * Thu Oct 19 2017 Dogtag Team <pki-de...@redhat.com> 10.5.0-1 - Re-base Dogtag to 10.5.0 * Mon Sep 18 2017 Dogtag Team <pki-de...@redhat.com> 10.4.8-7 - dogtagpki Pagure Issue #2809 - PKCS #12 files incompatible with NSS >= 3.31 (ftweedal) * Tue Sep 12 2017 Dogtag Team <pki-de...@redhat.com> 10.4.8-6 - Require "jss >= 4.4.2-5" as a build and runtime requirement - dogtagpki Pagure Issue #2796 - lightweight CA replication fails with a NullPointerException (ftweedal) - dogtagpki Pagure Issue #2788 - Missing CN in user signing cert would cause error in cmc user-signed (cfu) - dogtagpki Pagure Issue #2789 - FixDeploymentDescriptor upgrade scriptlet can fail (ftweedal) - dogtagpki Pagure Issue #2664 - PKCS12: upgrade to at least AES and SHA2 (FIPS) (ftweedal) - dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: TypeError: ... is not JSON serializable (ftweedal) - dogtagpki Pagure Issue #2772 - TPS incorrectly assigns "tokenOrigin" and "tokenType" certificate attribute for recovered certificates. (cfu) - dogtagpki Pagure Issue #2793 - TPS UI: need to display tokenType and tokenOrigin for token certificates on TPS UI (edewata) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-5a53fd17e3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDXS4VFEDIFERVUD3UDRMUSQPMAZF52G/