[ol7_latest] pki-tools-10.5.1-15.el7_5.aarch64

Name:	pki-tools
Version:	10.5.1
Release:	15.el7_5
Architecture:	aarch64
Group:	System Environment/Base
Size:	1239955
License:	GPLv2
RPM:	pki-tools-10.5.1-15.el7_5.aarch64.rpm
Source RPM:	pki-core-10.5.1-15.el7_5.src.rpm
Build Date:	Tue Sep 25 2018
Build Host:	ca-buildarm01.us.oracle.com
Vendor:	Oracle America
URL:	http://pki.fedoraproject.org/
Summary:	Certificate System - PKI Tools
Description:	This package contains PKI executables that can be used to help make Certificate System into a more complete and robust PKI solution. This package is a part of the PKI Core used by the Certificate System. ================================== \|\| ABOUT "CERTIFICATE SYSTEM" \|\| ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * <customized>-pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.

Changelog (Show File list) (Show related packages)

Mon Aug 13 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-15

- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1600905 - pki console configurations that involves ldap
  passwords leave the plain text password in signed audit logs
  [rhel-7.5.z] (cfu)
- Bugzilla Bug #1611245 - Certificate generation happens with partial
  attributes in CMCRequest file [rhel-7.5.z] (cfu)
- Bugzilla Bug #1611250 - Better understanding of
  NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu)
- Bugzilla Bug #1612880 - CMC Revocations throws exception with
  same reqIssuer & certissuer [rhel-7.5.z] (cfu)
- Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on
  DL0 with latest version [rhel-7.5.z] (abokovoy)
- Bugzilla Bug #1614839 - CC: Enable all config audit events
  [rhel-7.5.z] (cfu)
- Bugzilla Bug #1615266 - ECC keys not supported for signing audit
  logs [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1539933 - keyGen fails when only Identity

Mon Jul 02 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-14

- Updated "jss" build and runtime requirements (mharmsen)
- Updated "tomcatjss" build and runtime requirements (mharmsen)
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE
  [rhel-7.5.z] (cfu)
- Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request
  authenticated through SharedToken [rhel-7.5.z] (cfu)
- Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in
  SharedToken scenario's [rhel-7.5.z] (cfu)
- Bugzilla Bug #1595606 - AuditVerify failure due to line breaks
  [rhel-7.5.z] (cfu)
- Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu)
- Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden
  by CSR encoding [rhel-7.5.z] (cfu)
- Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a
  certifcate [rhel-7.5.z] (ftweedal)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

Sat Jun 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13.1
```
- Rebuild due to build system database problem
```

Fri Jun 08 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13

- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1553068 - Using a Netmask produces an odd
  entry in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1585945 - CMC CRMF requests result in
  InvalidKeyFormatException when signing algorithm is ECC
  [rhel-7.5.z] (cfu)
- Bugzilla Bug #1587826 - ExternalCA: Installation failed during
  csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor)
- Bugzilla Bug #1588944 - Cert validation for installation with
  external CA cert [rhel-7.5.z] (edewata)
- Bugzilla Bug #1588945 - CRMFPopClient tool - should allow
  option to do no key archival (cfu)
- Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled
  ACL configuration in AAclAuthz.java reverses rules that allow
  and deny access [rhel-7.5.z] (ftweedal, cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

Tue May 22 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-12

- Updated "jss" build and runtime requirements (mharmsen)
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest,
  CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu)
- Bugzilla Bug #1572548 - IPA install with external-CA is failing when
  FIPS mode enabled. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE
  [rhel-7.5.z] (cfu)
- Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue
  with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs
  improvement [rhel-7.5.z] (jmagne)
- Bugzilla Bug #1581135 - SAN in internal SSL server certificate in
  pkispawn configuration step [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong
  input class_id [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System
  9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

Mon Apr 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-11

- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
  standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
  CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz

Fri Mar 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-10

- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1550581 - CMCAuth throws
  org.mozilla.jss.crypto.TokenException: Unable to insert certificate into
  temporary database [rhel-7.5.z] (cfu)
- Bugzilla Bug #1551067 - [MAN] Add --skip-configuration
  and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers
  [rhel-7.5.z] (cheimes, mharmsen)
- Bugzilla Bug #1553068 - Using a Netmask produces an odd entry
  in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
  standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled
  by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
  CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives
  StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1558919 - Not able to generate certificate request
  with ECC using pki client-cert-request [rhel-7.5.z] (akahat)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz

Mon Feb 19 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-9

- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
  - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event
  set (RHEL) (edewata)
- Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata)
- Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM
  and FIPS (edewata)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
  - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event

Mon Feb 12 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-8

- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
  - Bugzilla Bug #1542210 - pki console configurations that involves ldap
  passwords leave the plain text password in debug logs (jmagne)
- Bugzilla Bug #1543242 - Regression in lightweight CA key replication
  (ftweedal)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

Mon Feb 05 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-7

- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
  - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event
  set (RHEL) (edewata)
- Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and
  audit event logging at startup (jmagne)
- Bugzilla Bug #1523410 -  Unable to have non "pkiuser" owned CA instance
  (alee)
- Bugzilla Bug #1525306 - CC: missing CMC request and response record
  (cfu)
- Bugzilla Bug #1532933 - Installing subsystems with external CMC
  certificates in HSM environment shows import error (edewata)
- Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm
  (edewata)
- Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers
  permitted in fips mode (mharmsen)
- Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED
  outcomes. (edewata)
- Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in
  SharedToken scenario's (cfu)
- Bugzilla Bug #1541526 - CMC: Revocation works with an unknown
  revRequest.issuer (cfu)
- Bugzilla Bug #1541853 - ProfileService: config values with
  backslashes have backslashes removed (ftweedal)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
  - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit
  - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the