Fedora 27 Update: pki-core-10.5.11-1.fc27

updates Sat, 11 Aug 2018 11:40:15 -0700

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-5a53fd17e3
2018-08-11 18:38:12.394485
--------------------------------------------------------------------------------


Name        : pki-core
Product     : Fedora 27
Version     : 10.5.11
Release     : 1.fc27
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - PKI Core Components
Description :
==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-base-python2 (alias for pki-base)
  * pki-base-python3
  * pki-base-java
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.

Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.

Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.

--------------------------------------------------------------------------------
Update Information:

Resolves:  dogtagpki Pagure Issues #2915
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 31 2018 Dogtag Team <pki-de...@redhat.com> 10.5.11-1
- dogtagpki Pagure Issue #2915 - keyGen fails when only Identity
  certificate exists (jmagne)
* Mon Jul  2 2018 Dogtag Team <pki-de...@redhat.com> 10.5.10-1
- Updated "jss" build and runtime requirements (mharmsen)
- Updated "tomcatjss" build and runtime requirements (mharmsen)
- dogtagpki Pagure Issue #2865 X500Name.directoryStringEncodingOrder
  overridden by CSR encoding (cfu)
- dogtagpki Pagure Issue #2920 Part2 of SharedToken Audit (cfu)
- dogtagpki Pagure Issue #2922 IPAddressName: fix construction from
  String (ftweedal)
- dogtagpki Pagure Issue #2959 Address pkispawn ECC profile overrides (cfu)
- dogtagpki Pagure Issue #2992 CMC Simple request profiles and CMCResponse
  to support simple response (cfu)
- dogtagpki Pagure Issue #3003 AuditVerify failure due to line breaks (cfu)
- dogtagpki Pagure Issue #3037 CMC SharedToken SubjectDN default (cfu)
* Fri Jun  8 2018 Dogtag Team <pki-de...@redhat.com> 10.5.9-1
- dogtagpki Pagure Issue #2922 - Name Constraints: Using a Netmask
  produces an odd entry in a certifcate (ftweedal)
- dogtagpki Pagure Issue #2941 - ExternalCA: Installation failed during
  csr generation with ecc (rrelyea, gkapoor)
- dogtagpki Pagure Issue #2999 - Cert validation for installation with
  external CA cert (edewata)
- dogtagpki Pagure Issue #3028 - CMC CRMF request results in
  InvalidKeyFormatException when signing algorithm is ECC (cfu)
- dogtagpki Pagure Issue #3033 - CRMFPopClient tool - should allow
  option to do no key archival (cfu)
* Wed May 23 2018 Dogtag Team <pki-de...@redhat.com> 10.5.8-1
- Updated "jss" build and runtime requirements (mharmsen)
- dogtagpki Pagure Issue #1576 - subsystem -> subsystem SSL handshake
  issue with TLS_ECDHE_RSA_* on Thales HSM (cfu)
- dogtagpki Pagure Issue #1741 - ECDSA Certificates Generated by
  Certificate System fail NIST validation test with parameter field. (cfu)
- dogtagpki Pagure Issue #2940 - [MAN] Missing Man pages for tools
  CMCRequest, CMCResponse, CMCSharedToken (cfu)
- dogtagpki Pagure Issue #2992 - servlet profileSubmitCMCSimple throws
  NPE (cfu)
- dogtagpki Pagure Issue #2995 - SAN in internal SSL server certificate in
  pkispawn configuration step (cfu)
- dogtagpki Pagure Issue #2996 - ECC installation for non CA subsystems
  needs improvement (jmagne)
- dogtagpki Pagure Issue #2997 - Token name normalization problem in
  pki-server subsystem-cert-validate (edewata)
- dogtagpki Pagure Issue #3018 - CMC profiles: Some CMC profiles have
  wrong input class_id (cfu)
* Tue Apr 10 2018 Dogtag Team <pki-de...@redhat.com> 10.5.7-2
- dogtagpki Pagure Issue #2940 -[MAN] Missing Man pages for tools
  CMCRequest, CMCResponse, CMCSharedToken (cfu)
- dogtagpki Pagure Issue #2946 - libtps does not directly depend on libz
  (build failure with nss-3.35) (ftweedal, cfu)
- dogtagpki Pagure Issue #2950 - Need ECC-specific Enrollment Profiles
  for standard conformance (cfu)
* Fri Mar 23 2018 Dogtag Team <pki-de...@redhat.com> 10.5.7-1
- dogtagpki Pagure Issue #2918 - Make sslget aware of TLSv1_2 ciphers
  (cheimes, mharmsen)
- dogtagpki Pagure Issue #2922 - Name Constraints: Using a Netmask
  produces an odd entry in a certificate (ftweedal)
- dogtagpki Pagure Issue #2938 - [MAN] Add --skip-configuration
  and --skip-installation into pkispawn man page. (edewata)
- dogtagpki Pagure Issue #2940 -[MAN] Missing Man pages for tools
  CMCRequest, CMCResponse, CMCSharedToken (cfu)
- dogtagpki Pagure Issue #2949 - CMCAuth throws
  org.mozilla.jss.crypto.TokenException: Unable to insert certificate
  into temporary database (cfu)
- dogtagpki Pagure Issue #2950 - Need ECC-specific Enrollment Profiles
  for standard conformance (cfu)
- dogtagpki Pagure Issue #2952 - Permit additional FIPS ciphers to be
  enabled by default for RSA . . . (mharmsen, cfu)
- dogtagpki Pagure Issue #2957 - Console: Adding ACL from pki-console
  gives StringIndexOutOfBoundsException (ftweedal)
- dogtagpki Pagure Issue #2975 - Not able to generate certificate
  request with ECC using pki client-cert-request (akahat)
* Wed Feb 21 2018 Dogtag Team <pki-de...@redhat.com> 10.5.6-2
- dogtagpki Pagure Issue #2946 - libtps does not directly depend on libz
  (build failure with nss-3.35)
* Mon Feb 19 2018 Dogtag Team <pki-de...@redhat.com> 10.5.6-1
- dogtagpki Pagure Issue #2656 - Updating list of default audit events
  (edewata)
- dogtagpki Pagure Issue #2884 - Inconsistent key ID encoding
  (edewata)
- dogtagpki Pagure Issue #2929 - Regression in lightweight CA
  key replication (ftweedal)
- dogtagpki Pagure Issue #2944 - External OCSP Installation failure
  with HSM and FIPS (edewata)
* Mon Feb  5 2018 Dogtag Team <pki-de...@redhat.com> 10.5.5-1
- dogtagpki Pagure Issue #2656 - Updating list of default audit events
  (edewata)
- dogtagpki Pagure Issue #2838 - Inconsistent  CERT_REQUEST_PROCESSED
  outcomes. (edewata)
- dogtagpki Pagure Issue #2844 - TPS CS.cfg should be reflected with the
  changes after an in-place upgrade (jmagne)
- dogtagpki Pagure Issue #2855 - restrict default cipher suite to those
  ciphers permitted in fips mode (mharmsen)
- dogtagpki Pagure Issue #2878 - Missing faillure resumption detection and
  audit event logging at startup (jmagne)
- dogtagpki Pagure Issue #2880 - Need to record CMC requests and responses
  (cfu)
- dogtagpki Pagure Issue #2889 - Unable to have non "pkiuser" owned CA
  instance (alee)
- dogtagpki Pagure Issue #2901 - Installing subsystems with external CMC
  certificates in HSM environment shows import error (edewata)
- dogtagpki Pagure Issue #2909 - ProfileService: config values with
  backslashes have backslashes removed (ftweedal)
- dogtagpki Pagure Issue #2916 - ExternalCA: Failures when installed with
  hsm (edewata)
- dogtagpki Pagure Issue #2920 - CMC: Audit Events needed for failures in
  SharedToken scenarios (cfu)
- dogtagpki Pagure Issue #2921 - CMC: Revocation works with an unknown
  revRequest.issuer (cfu)
* Tue Jan 23 2018 Dogtag Team <pki-de...@redhat.com> 10.5.4-1
- dogtagpki Pagure Issue #2557 -CA Cloning: Failed to update number range
  in few cases (ftweedal)
- dogtagpki Pagure Issue #2604 - RFE: shared token storage and retrieval
  mechanism (cfu)
- dogtagpki Pagure Issue #2661 -HAProxy rejects OCSP responses due to
  missing nextupdate field (ftweedal)
- dogtagpki Pagure Issue #2835 - pkidestroy does not work with nuxwdog
  (vakwetu)
- dogtagpki Pagure Issue #2870 - Adjust requirement for openssl to latest
  version to include latest openssl fixes for FIPS SSL (mharmsen)
- dogtagpki Pagure Issue #2872 -PR_FILE_NOT_FOUND_ERROR during
  pkispawn (vakwetu)
- dogtagpki Pagure Issue #2873 - p12 admin certificate is missing when
  certificate is signed Externally (edewata)
- dogtagpki Pagure Issue #2887 -Not able to setup CA with ECC (mharmsen)
- dogtagpki Pagure Issue #2889 - Unable to have non "pkiuser" owned CA
  instance (vakwetu)
- dogtagpki Pagure Issue #2904 - Adjust dependencies to require the latest
  nuxwdog (mharmsen)
- dogtagpki Pagure Issue #2910 - pkispawn fails to mask specified parameter
  values under the [DEFAULT] section (vakwetu)
- dogtagpki Pagure Issue #2911 -Adjust dependencies to require the latest
  JSS (mharmsen)
* Mon Dec 11 2017 Dogtag Team <pki-de...@redhat.com> 10.5.3-1
- Re-base Dogtag to 10.5.3
- dogtagpki Pagure Issue #2735 - Secure removal of secret data storage
  (jmagne)
- dogtagpki Pagure Issue #2856 - Pylint flags seobject failures
  (cheimes, mharmsen)
- dogtagpki Pagure Issue #2861 -ExternalCA: Failures in ExternalCA when
  tried to setup with CMC signed certificates (cfu)
- dogtagpki Pagure Issue #2862 - Create a mechanism to select the
  default NSS DB type (jmagne, mharmsen)
- dogtagpki Pagure Issue #2874 - nuxwdog won't start on Fedora
  (alee, mharmsen)
* Mon Nov 27 2017 Dogtag Team <pki-de...@redhat.com> 10.5.2-1
- Re-base Dogtag to 10.5.2
* Tue Nov 14 2017 Troy Dawson <tdaw...@redhat.com> - 10.5.1-3
- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals
* Wed Nov  8 2017 Dogtag Team <pki-de...@redhat.com> 10.5.1-2
- Patch applying check-ins since 10.5.1-1
* Thu Nov  2 2017 Dogtag Team <pki-de...@redhat.com> 10.5.1-1
- Re-base Dogtag to 10.5.1
* Thu Oct 19 2017 Dogtag Team <pki-de...@redhat.com> 10.5.0-1
- Re-base Dogtag to 10.5.0
* Mon Sep 18 2017 Dogtag Team <pki-de...@redhat.com> 10.4.8-7
- dogtagpki Pagure Issue #2809 - PKCS #12 files incompatible with
  NSS >= 3.31 (ftweedal)
* Tue Sep 12 2017 Dogtag Team <pki-de...@redhat.com> 10.4.8-6
- Require "jss >= 4.4.2-5" as a build and runtime requirement
- dogtagpki Pagure Issue #2796 - lightweight CA replication fails with a
  NullPointerException (ftweedal)
- dogtagpki Pagure Issue #2788 - Missing CN in user signing cert would cause
  error in cmc user-signed (cfu)
- dogtagpki Pagure Issue #2789 - FixDeploymentDescriptor upgrade scriptlet can
  fail (ftweedal)
- dogtagpki Pagure Issue #2664 - PKCS12: upgrade to at least AES and SHA2
  (FIPS) (ftweedal)
- dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data:
  TypeError: ... is not JSON serializable (ftweedal)
- dogtagpki Pagure Issue #2772 - TPS incorrectly assigns "tokenOrigin" and
  "tokenType" certificate attribute for recovered certificates. (cfu)
- dogtagpki Pagure Issue #2793 - TPS UI: need to display tokenType and
  tokenOrigin for token certificates on TPS UI (edewata)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-5a53fd17e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDXS4VFEDIFERVUD3UDRMUSQPMAZF52G/

Fedora 27 Update: pki-core-10.5.11-1.fc27

Reply via email to