Name: | pki-kra |
Version: | 10.5.18 |
Release: | 14.el7_9 |
Architecture: | noarch |
Group: | System Environment/Daemons |
Size: | 518382 |
License: | GPLv2 |
RPM: |
pki-kra-10.5.18-14.el7_9.noarch.rpm
|
Source RPM: |
pki-core-10.5.18-14.el7_9.src.rpm
|
Build Date: | Tue Jun 08 2021 |
Build Host: | host-100-100-224-28.blddevtest1iad.osdevelopmeniad.oraclevcn.com |
Vendor: | Oracle America |
URL: | http://pki.fedoraproject.org/ |
Summary: | Certificate System - Key Recovery Authority |
Description: | The Key Recovery Authority (KRA) is an optional PKI subsystem that can act
as a key archival facility. When configured in conjunction with the
Certificate Authority (CA), the KRA stores private encryption keys as part of
the certificate enrollment process. The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request. Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key. This key is then stored in
the KRA which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.
Note that the KRA archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.
This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package. This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package. This package
contains the legacy and REST Java client packages. These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools. The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages. |
-
Thu May 13 2021 Dogtag Team <pki-devel@redhat.com> 10.5.18-14
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1911472 - Revoke via REST API not working when Agent
certificate not issued by CA [rhel-7.9.z] (cfu)
- Bugzilla Bug 1914587 - RHEL IPA PKI - Failed to read product version
String.java.io.FileNotFoundException (ckelley)
- Bugzilla Bug 1942687 - TPS not populating Token Policy, or switching
PIN_RESET=YES to NO [rhel-7.9.z] (jmagne)
- Bugzilla Bug 1955633 - Recovery of Keys migrated to latest version of KRA
fail to recover and result in Null Point Exception [rhel-7.9.z] (jmagne)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 6)
-
Thu Apr 22 2021 Dogtag Team <pki-devel@redhat.com> 10.5.18-13
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1949136 - PKI instance creation failed with new 389-ds-base
build (jmagne)
- Bugzilla Bug 1949656 - CRMF requests with extensions other than SKID cannot
be processed (cfu)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 6)
-
Wed Feb 24 2021 Dogtag Team <pki-devel@redhat.com> 10.5.18-12
- Change variable 'TPS' to 'tps'
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
profiles, audit for IPA (edewata)
- ##########################################################################
- # Backported CVEs (ascheel):
- ##########################################################################
- Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
parameters in TPS resulting in stored XSS [certificate_system_9-default]
(edewata, ascheel)
- Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
scripting (XSS) in the pki-tps web Activity tab
[certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
creation [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
Scripting in 'path length' constraint field in CA's Agent page
[rhel-7.9.z] (dmoluguw, ascheel)
- Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
(dmoluguw, ascheel)
- Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
Reflected XSS in recoveryID search field at KRA's DRM agent page in
authorize recovery tab [rhel-7.9.z] (ascheel)
- Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
- ##########################################################################
- Update to jquery v3.4.1 (ascheel)
- Update to jquery-i18n-properties v1.2.7 (ascheel)
- Update to backbone v1.4.0 (ascheel)
- Upgrade to underscore v1.9.2 (ascheel)
- Update to patternfly v3.59.3 (ascheel)
- Update to jQuery v3.5.1 (ascheel)
- Upgrade to bootstrap v3.4.1 (ascheel)
- Link in new Bootstrap CSS file (ascheel)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Thu Feb 11 2021 Dogtag Team <pki-devel@redhat.com> 10.5.18-11
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
profiles, audit for IPA (edewata)
- ##########################################################################
- # Backported CVEs (ascheel):
- ##########################################################################
- Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
parameters in TPS resulting in stored XSS [certificate_system_9-default]
(edewata, ascheel)
- Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
scripting (XSS) in the pki-tps web Activity tab
[certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
creation [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
Scripting in 'path length' constraint field in CA's Agent page
[rhel-7.9.z] (dmoluguw, ascheel)
- Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
(dmoluguw, ascheel)
- Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
Reflected XSS in recoveryID search field at KRA's DRM agent page in
authorize recovery tab [rhel-7.9.z] (ascheel)
- Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
- ##########################################################################
- Update to jquery v3.4.1 (ascheel)
- Update to jquery-i18n-properties v1.2.7 (ascheel)
- Update to backbone v1.4.0 (ascheel)
- Upgrade to underscore v1.9.2 (ascheel)
- Update to patternfly v3.59.3 (ascheel)
- Update to jQuery v3.5.1 (ascheel)
- Upgrade to bootstrap v3.4.1 (ascheel)
- Link in new Bootstrap CSS file (ascheel)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Fri Dec 04 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-10
- Bugzilla Bug #1883639 - additional fix to upgrade script (edewata)
-
Thu Dec 03 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-9
- Bugzilla Bug #1883639 - additional support on upgrade for audit
cert profile and auditProfileUpgrade + auditProfileUpgrade part 2 (cfu)
-
Tue Nov 17 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-8
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug #1883639 - add profile caAuditSigningCert (cfu)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1710978 - TPS - Add logging to tdbAddCertificatesForCUID if
- # Bugzilla Bug #1858860 - TPS - Update Error Codes returned to client
- # Bugzilla Bug #1858861 - TPS - Server side key generation is not working
- # Bugzilla Bug #1858867 - TPS does not check token cuid on the user
-
Wed May 27 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-7
- Patch for CMCResponse tool
- Bugzilla Bug #1710109 - add RSA PSS support - fix CMCResponse tool (jmagne)
-
Tue May 19 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-6
- Patch for CMC Credential Error, RSA PSS typo, and new profile
for directory-authentication-based Server-Side keygen
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug #1710109 - add RSA PSS support (jmagne)
- Bugzilla Bug #1794213 - Server-Side keygen Enrollment for EE (cfu)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Thu May 07 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-5
- Updated jss dependencies
- Bugzilla Bug #1710109 - add RSA PSS support - fix SHA512 (jmagne)