PKI Open Source History 2015

From Dogtag
Revision as of 17:25, 19 March 2015 by Mharmsen (talk | contribs) (Open Source History (2015))

Jump to: navigation, search

Open Source History (2015)

Dogtag Certificate Server 10.2.1       [01/09/2015]

Dogtag Certificate System 10.2.1 represents the second phase of Dogtag 10.2 and builds upon the bugs/features addressed by Dogtag 10.2.0. Dogtag 10.2.1 is associated with Fedora 22.

NOTE:   Due to the size, scope, and complexity of Dogtag 10.2, separate revisions of Dogtag 10.2 which incorporate a portion of the features will be released in phases over time. Each phase will likely correspond to a specific version of Fedora.

Project Name:

  • Dogtag Certificate System 10.2.1

Releases:

  • [01/09/2015] Dogtag Certificate Server 10.2.1 [32-bit & 64-bit Fedora 21] (Release 1)

Packages (Revised)

  • Release 1
    • pki-core-10.2.1-1.fc22 [01/09/2015]
    • dogtag-pki-10.2.1-1.fc22 [01/09/2015]
    • dogtag-pki-theme-10.2.1-1.fc22 [01/09/2015]
    • pki-console-10.2.1-1.fc22 [01/09/2015]

Upgrade Notes:

After running fedup, simply use yum (as necessary) to update existing packages.

Highlights since Dogtag 10.2.0

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.2.1 - page 8 (45 tickets)

Additionally, this release addressed the following issues:

  • Release 1:
    • Added CLIs to simplify generating user certificates
    • Added enhancements to KRA Python API
    • Added a man page for pki ca-profile commands
    • Added python api docs
    • Change resteasy dependencies for F22+
    • PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2
    • PKI TRAC Ticket #1205 - Outdated selinux-policy dependency.
    • Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies

Detailed Changes since Dogtag 10.2.0

The following list of dependencies was gleaned from the following procedure:

   Dogtag 10.2.0-1:  [09/06/2014] (master --> DOGTAG_10_2_0_BRANCH)
   Dogtag 10.2.1-1:  [01/09/2015] (master --> DOGTAG_10_2_1_BRANCH)
   
   Run the following command on the "DOGTAG_10_2_1_BRANCH"
   
       # git --no-pager log --since "09/06/2014" --until "01/09/2015" > ../history_10.2.1
   
   and compose the following list.
  • abhishek(3)
    • 1037 - Incorrect status change in key-request-review.
    • 1150 - Fixing upstream trac ticket 1150.
    • Add a man page for profile CLI commands.
  • alee(10)
    • 1132 - Fix sub-CA installation with own security domain
    • 1157 - Added Python Client API Docs to build
    • Added idempotent 01-MoveWebApplicationContextFile migration script
    • Added missing audit event ASYMKEY_GENERATION_REQUEST to KRA CS.cfg
    • Remove pylint from rhel build
    • Fixes to spec file for RHEL build
    • Updates to some python client classes for prettier API docs.
    • Added missing .rst annotations and missing docstrings.
    • Added log file for sphinx runs.
    • Require resteasy sub modules for F22+
  • benjamin.drung@profitbricks.com (2)
    • Fix manpage errors (using lintian tool on Debian)
    • fix typo succesfully -> successfully
  • cfu(15)
    • 864 - (part 1 symkey, common) NIST SP800-108 KDF
    • 866 - (part 1 symkey, common) NIST SP800-108 KDF
    • 1110 - pkispawn (configuration) does not provide CA extensions in subordinate certificate signing requests (CSR)
    • 1158 - CMCRequest does not support internal token
    • 1173 - Directory-based renewal evaluator fails authorization
    • 1180 - RFE: show link to request record from cert display
    • 1198 - add TLS range support to server.xml by default and upgrade
    • 1198 - add TLS range support (spec file jss tomcatjss dependencies)
    • 1198 - add TLS range support to server.xml by default
    • 1206 - (java console) TLS range support: code change needed for cs when acting as client
    • BZ 871171 - (client-side code) Provide Tomcat support for TLS v1.1 and TLS v1.2
    • BZ 1151147 - issuerDN encoding correction
    • BZ 1158410 - add TLS range support to server.xml by default and upgrade
    • BZ 1158410 - add TLS range support (spec file jss tomcatjss dependencies)
    • BZ 1158410 - add TLS range support to server.xml by default
  • edewata(15)
    • 1093 - Fixed problem importing renewed system certificate.
    • 1147 - Removed profile input/output IDs from CLI output.
    • 1148 - Added client-cert-request CLI.
    • 1149 - Displaying request status in ca-cert-request-review.
    • 1151 - Added option to import user cert from CA.
    • 1152 - Added option to import client cert from CA.
    • 1226 - Added rangeUnit property to certificate profiles.
    • 1155 - Improvements for KeyClient.archive_encrypted_data().
    • 1156 - Improvements for KeyClient.archive_encrypted_data().
    • 1157 - Fixed incorrect Python API docs format.
    • 1192 - Updated JUnit JAR file name.
    • Added CLI to import/export certificates with private keys.
    • Updated KRA Python client library.
    • Fixed pylint failure on F21.
    • Cleaned up clone installation code.
  • ftweedal(4)
    • 1035 - Fix BasicConstraints min/max path length check
    • 1221 - Decode challengePassword attribute as DirectoryString
    • Fix ECC curve name typos
    • Enable Authority Key Identifier CRL extension by default
  • jmagne(2)
    • BZ 1170867 - TPS-Installation-Failed
    • Provide standalone Pin Reset Processor.
  • mharmsen(14)
    • 1130 - Add RHEL/CentOS conditionals to spec
    • 1136 - Remove ipa-pki-theme component and old unused 'ca-ui', 'kra-ui', 'ocsp-ui', 'ra-ui', 'tks-ui', and 'tps-ui' directories
    • 1138 - Remove 'migrate' source code from master branch
    • 1139 - Remove 'selinux' code from 'master' branch
    • 1187 - mod_perl should be removed from requirements for 10.2
    • 1205 - Outdated selinux-policy dependency.
    • 1211 - New release overwrites old source tarball
    • BZ 1147924 - dogtag: syntax errors in /usr/share/pki/scripts/operations
    • BZ 1165351 - Errata TPS test fails due to dependent packages not found
    • Revised dependencies
    • Removed RA references
    • Changed Apache TPS references to Tomcat TPS references
    • Remove legacy multilib JNI_JAR_DIR logic
    • Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies
  • tjaalton@debian.org (1)
    • Fix Debian specific paths to jackson jars

Server Platforms:

Platform 10.2.1
32-bit Fedora 22 (i686)
X
64-bit Fedora 22 (x86_64)
X

Dogtag Certificate Server 10.2.2       [03/18/2015]

Dogtag Certificate System 10.2.2 represents the third phase of Dogtag 10.2 and builds upon the bugs/features addressed by Dogtag 10.2.1. Like Dogtag 10.2.1, Dogtag 10.2.2 is also associated with Fedora 22.

NOTE:   Due to the size, scope, and complexity of Dogtag 10.2, separate revisions of Dogtag 10.2 which incorporate a portion of the features will be released in phases over time. Each phase will likely correspond to a specific version of Fedora.

Project Name:

  • Dogtag Certificate System 10.2.2

Releases:

  • [03/18/2015] Dogtag Certificate Server 10.2.2 [32-bit & 64-bit Fedora 22] (Release 1)

Packages (Revised)

  • Release 1
    • pki-core-10.2.2-1.fc22 [03/18/2015]
    • dogtag-pki-10.2.2-1.fc22 [03/18/2015]
    • dogtag-pki-theme-10.2.1-1.fc22 [03/18/2015]
    • pki-console-10.2.2-1.fc22 [03/18/2015]

Upgrade Notes:

After running fedup, simply use yum (as necessary) to update existing packages.

Highlights since Dogtag 10.2.1

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.2.2 - page 8 (32 tickets)

Additionally, this release addressed the following issues: