June 2013 - Pki-devel - Dogtag Pki List Archives

by Ade Lee

The Dogtag team is proud to announce the third errata build for Dogtag v10.0.0. Builds are available for Fedora 18 and Fedora 19 in the updates-testing repositories. Please try them out and provide karma to move them to the F18 and F19 stable repositories. == Build Versions == pki-core-10.0.3-1 pki-ra-10.0.3-1 pki-tps-10.0.3-1 dogtag-pki-10.0.3-1 dogtag-pki-theme-10.0.3-1 pki-console-10.0.3-1 == Highlights since Dogtag v. 10.0.2 == * Fixes for security flaws in the TPS as described in CVE-2013-1885 and CVE-2013-1886 * Added checking for sane lengths of the fields in subject DNs in the TPS, to prevent a TPS crash. * Previously the server certificate name was partially hard-coded. Now in Tomcat-based subsystems, it can be fully configured using pki_ssl_server_nickname parameter. * Corrections and additions to man pages and other documentation. == Detailed Changes since Dogtag v. 10.0.2 == akoneru (1): #599 Improve pkispawn "Installation Summary" block alee (1): #486 Document migration steps for dogtag 9 -> dogtag 10 instances awnuk (4): #607 Port plug-in randomizing validity #571 Port patch allowing to include in CRLs NextUpdate calculated base on ThisUpdate BZ 951501 - correcting JavaScript inability to handle big numbers BZ 966189 - fix various TPS flaws cfu (1): BZ 952500 - small patch to remove eclipse warning in fix to BZ 952500 edewata (1) #631 Hard-coded server certificate nickname. jmagne (1): BZ 963073 - rhcs81 tps crash for CN over than 64 bytes mharmsen (3): #606 add restart/start at boot info to pkispawn man page #610 Document limitation in using GUI install #629 Package ownership of '/usr/share/pki/etc/' directory

10 years, 10 months

1
0
0 / 0

Need python-backports-ssl_match_hostname-3.2-0.2 for RHEL 7.0

by Endi Sukma Dewata

Hi, Please add python-backports-ssl_match_hostname-3.2-0.2 package into RHEL 7.0. Currently the package exists in Fedora 19, but not in RHEL 7.0. If there is nobody else, please assign me as the maintainer: edewata The package is eventually needed by pki-ca package (Bugzilla #966040): https://bugzilla.redhat.com/show_bug.cgi?id=966040 Thanks. -- Endi S. Dewata

10 years, 10 months

1
0
0 / 0

[PATCH] 58 Use 'with' construct for file handling (Also added finally block when an exception is to be handled) #Ticket 562

by Abhishek Koneru

Please review he attached patch with a minor modification in code - to use the with construct for handling files. --Abhishek

10 years, 10 months

2
4
0 / 0

[PATCH] Updated man pages

by Matthew Harmsen

Please review the attached patch for Dogtag 10.0.3 which resolves the following TRAC tickets: * TRAC Ticket #606 - add restart / start at boot info to pkispawn man page * TRAC Ticket #610 - Document limitation in using GUI install * TRAC Ticket #629 - Package ownership of '/usr/share/pki/etc/' directory The changes for Dogtag 10.1 are identical.

10 years, 10 months

2
2
0 / 0

[PATCH] 61 Change how installation summary is displayed. Ticket#599 - Dogtag 10.0.3

by Abhishek Koneru

Please review the patch which shows the installation summary, only when pki_skip_configuration is not True. Also the client database details are shown only when pki_client_database_purge=False. The configuration url is already shown when pki_skip_configuration = true. --Abhishek

10 years, 10 months

3
2
0 / 0

[PATCH] 60 Continuation to patch 59 - Fixing pylint errors

by Abhishek Koneru

Please review the patch which fixes issues related to application of PEP 8 standards to the python code, raised in pylint scan. Should be applied over patch 59, which is also attached here. --Abhishek

10 years, 10 months

2
1
0 / 0

[PATCH] 261 Fixed hard-coded server certificate nickname.

by Endi Sukma Dewata

Previously the server certificate name was partially hard-coded as "Server-Cert cert-[PKI_INSTANCE_NAME]". Now in Tomcat-based subsystems it can be fully configured using pki_ssl_server_nickname parameter. In Apache-based subsystems it's left unchanged. Unused copies of serverCertNick.conf have been removed. Ticket #631 -- Endi S. Dewata

10 years, 10 months

2
3
0 / 0

[PATCH] 252-260 Preparation for Tomcat-based TPS

by Endi Sukma Dewata

In order to create Tomcat-based TPS (and possibly RA too), some files in RA and TPS need to be reorganized and some config variable names need to be changed to match the other Tomcat-based subsystems such that they can be used by pkispawn. -- Endi S. Dewata

10 years, 10 months

2
4
0 / 0

Review Request Bug 963073 - rhcs81 tps crash for CN over than 64 bytes

by John Magne

Please review attached patch. Fix solves a crash when a certificate to be displayed contains too many characters in one of its fields.

10 years, 10 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel June 2013