Announcing the release of Dogtag 10.0.3
by Ade Lee
The Dogtag team is proud to announce the third errata build for
Dogtag v10.0.0.
Builds are available for Fedora 18 and Fedora 19 in the updates-testing
repositories. Please try them out and provide karma to move them to the
F18 and F19 stable repositories.
== Build Versions ==
pki-core-10.0.3-1
pki-ra-10.0.3-1
pki-tps-10.0.3-1
dogtag-pki-10.0.3-1
dogtag-pki-theme-10.0.3-1
pki-console-10.0.3-1
== Highlights since Dogtag v. 10.0.2 ==
* Fixes for security flaws in the TPS as described in CVE-2013-1885 and
CVE-2013-1886
* Added checking for sane lengths of the fields in subject DNs in the
TPS, to prevent a TPS crash.
* Previously the server certificate name was partially hard-coded. Now
in Tomcat-based subsystems, it can be fully configured using
pki_ssl_server_nickname parameter.
* Corrections and additions to man pages and other documentation.
== Detailed Changes since Dogtag v. 10.0.2 ==
akoneru (1):
#599 Improve pkispawn "Installation Summary" block
alee (1):
#486 Document migration steps for dogtag 9 -> dogtag 10 instances
awnuk (4):
#607 Port plug-in randomizing validity
#571 Port patch allowing to include in CRLs NextUpdate calculated base
on ThisUpdate
BZ 951501 - correcting JavaScript inability to handle big numbers
BZ 966189 - fix various TPS flaws
cfu (1):
BZ 952500 - small patch to remove eclipse warning in fix to BZ 952500
edewata (1)
#631 Hard-coded server certificate nickname.
jmagne (1):
BZ 963073 - rhcs81 tps crash for CN over than 64 bytes
mharmsen (3):
#606 add restart/start at boot info to pkispawn man page
#610 Document limitation in using GUI install
#629 Package ownership of '/usr/share/pki/etc/' directory
11 years, 5 months
[PATCH] Updated man pages
by Matthew Harmsen
Please review the attached patch for Dogtag 10.0.3 which resolves the
following TRAC tickets:
* TRAC Ticket #606 - add restart / start at boot info to pkispawn man page
* TRAC Ticket #610 - Document limitation in using GUI install
* TRAC Ticket #629 - Package ownership of '/usr/share/pki/etc/' directory
The changes for Dogtag 10.1 are identical.
11 years, 5 months
[PATCH] 261 Fixed hard-coded server certificate nickname.
by Endi Sukma Dewata
Previously the server certificate name was partially hard-coded as
"Server-Cert cert-[PKI_INSTANCE_NAME]". Now in Tomcat-based subsystems
it can be fully configured using pki_ssl_server_nickname parameter.
In Apache-based subsystems it's left unchanged.
Unused copies of serverCertNick.conf have been removed.
Ticket #631
--
Endi S. Dewata
11 years, 5 months
[PATCH] 252-260 Preparation for Tomcat-based TPS
by Endi Sukma Dewata
In order to create Tomcat-based TPS (and possibly RA too), some files in
RA and TPS need to be reorganized and some config variable names need to
be changed to match the other Tomcat-based subsystems such that they can
be used by pkispawn.
--
Endi S. Dewata
11 years, 5 months