[ol7_latest_archive] pki-base-java-10.3.3-14.el7_3.noarch

Name:	pki-base-java
Version:	10.3.3
Release:	14.el7_3
Architecture:	noarch
Group:	System Environment/Base
Size:	1185377
License:	GPLv2
RPM:	pki-base-java-10.3.3-14.el7_3.noarch.rpm
Source RPM:	pki-core-10.3.3-14.el7_3.src.rpm
Build Date:	Tue Dec 06 2016
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	http://pki.fedoraproject.org/
Summary:	Certificate System - Java Framework
Description:	The PKI Framework contains the common and client libraries and utilities written in Java. This package is a part of the PKI Core used by the Certificate System. This package is a part of the PKI Core used by the Certificate System. ================================== \|\| ABOUT "CERTIFICATE SYSTEM" \|\| ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * <customized>-pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.

Changelog (Show File list) (Show related packages)

Tue Nov 08 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-14

- Marked the following RHCS 9.1.z bug:
  Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel
  when TPS and TKS security db is on fips mode. (jmagne)
  as a duplicate of RHEL 7.3.z bug:
  Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
  and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.

Thu Nov 03 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-13

- ## RHEL 7.3.z Batch Update 1
- Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
  (added KRA key recovery via CLI in FIPS mode)
- ## RHCS 9.1.z Batch Update 1
- Reverted patches associated with
  Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
  not reflected in the TPS Web UI (edewata)

Mon Oct 31 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-12

- ## RHEL 7.3.z Batch Update 1
- Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does
  not show proper error message (alee)
- Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service
  ("ipa-cacert-manage renew" failed?) (edewata)
- Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as
  a dependency package (mharmsen)
- Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due
  to missing AuthorityID (ftweedal)
- Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal)
- Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA
  with partial certificate chain (edewata)
- Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
- Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar
  files (edewata)
- Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java
  (edewata)
- ## RHCS 9.1.z Batch Update 1
- Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu)
- Bugzilla Bug #1274096 -  [BUG] Add ability to disallow TPS to enroll a
  single user on multiple tokens. (jmagne)
- Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed
  tokens (jmagne)
- Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working
  when a token is physically damaged and a temporary token is issued (jmagne)
- Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial
  number and key id on the ldap user mismatches
- Bugzilla Bug #1381635 - Token format with external reg fails when
  op.format.externalRegAddToToken.revokeCert=true (cfu)
- Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when
  set on a token (jmagne)
- Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel
  when TPS and TKS security db is on fips mode. (jmagne)
- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
  not reflected in the TPS Web UI (edewata)

Mon Oct 10 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-11

- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu)
- PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single
  user on multiple tokens. (jmagne)
- PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a
  dependency package (mharmsen)
- PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed
  tokens (jmagne)
- PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial
  number and key id on the ldap user mismatches (cfu)
- PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar
  files (edewata)

Fri Sep 09 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-10

- Revert Patch:  PKI TRAC Ticket #2449 - Unable to create system certificates
  in different tokens (edewata)
- Resolves:  rhbz #1374054 - ipa-replica-install fails setting up certificate
- Restores:  rhbz #1319557 - pkispawn KRA instance is failing server
- Removes from Errata:  rhbz #1372041 - Unable to create system certificates
  in different tokens

Tue Sep 06 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-9

- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion
  (ftweedal)
- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
  (edewata)
- PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry
  deleted (ftweedal)
- PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if
  USN plugin enabled (ftweedal)
- PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per
  instance name (for shared HSM) (cfu)
- PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu)
- PKI TRAC Ticket #2449 - Unable to create system certificates in different
  tokens (edewata)

Mon Aug 29 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-8

- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne)
- PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor)
- PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata)
- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open
- PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)

Tue Aug 23 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-7

- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen)
  - CMCEnroll
- PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message
  "PKIException: LDAP error (21): error result" (edewata)
- PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade.
  (cheimes, edewata, mharmsen)
- PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata)
- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
  (edewata, mharmsen)
- PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem
  format with/without header works while pkcs7 with header is not allowed
  (edewata)
- PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)

Mon Aug 15 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-6
```
- Bugzilla Bug #1366465 - Errata TPS upgrade test fails
```

Mon Aug 08 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-5

- PKI TRAC Ticket #978  - TPS connector man page: add revocation routing
  info (cfu)
- PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from
  Firefox' workarounds to appropriate 'pki' man page (jmagne)
- PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu)
- PKI TRAC Ticket #2381 - Throws exception while providing invalid module.
  (edewata)
- PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable
  should accept only boolean value (edewata)
- PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter
  beyond CA signing cert in case of external or existing CA (cfu)
- PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements
  (akasurde, alee, cheimes, edewata, jmagne, mharmsen)
- PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not
  rpm-require hostname (mharmsen)
- PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and
  pki-server (cheimes)
- PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata)
- PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne)
- PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not
  apply the specified trust bits (alee)
- PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen
  during installation (alee)
- PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are
  not used (ftweedal)
- PKI TRAC Ticket #2421 - Incorrect SELinux contexts
  Installation/Configuration (edewata)
- PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server
  is converted from CA-less to CA-full (edewata)
- PKI TRAC Ticket #2428 - broken request links for CA's system certs in
  agent request viewing (cfu)
- PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial
  number in migration case (jmagne)
- PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade.
  (mharmsen)
- PKI TRAC Ticket #2433 - Lightweight CA GET <id>/chain returns bogus PEM
  data (ftweedal)