system environment/base

pki-server - Certificate System - PKI Server Framework

Website: http://pki.fedoraproject.org/
License: GPLv2
Vendor: Scientific Linux
Description:
The PKI Server Framework is required by the following four PKI subsystems:

    the Certificate Authority (CA),
    the Key Recovery Authority (KRA),
    the Online Certificate Status Protocol (OCSP) Manager,
    the Token Key Service (TKS), and
    the Token Processing Service (TPS).

This package is a part of the PKI Core used by the Certificate System.
The package contains scripts to create and remove PKI subsystems.


==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-base-python2 (alias for pki-base)
  * pki-base-python3
  * pki-base-java
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.

Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.

Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.

Packages

pki-server-10.5.18-12.el7_9.noarch [2.9 MiB] Changelog by Dogtag Team (2021-02-24):
- Change variable 'TPS' to 'tps'
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
  profiles, audit for IPA (edewata)
- ##########################################################################
- # Backported CVEs (ascheel):
- ##########################################################################
- Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
  parameters in TPS resulting in stored XSS [certificate_system_9-default]
  (edewata, ascheel)
- Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
  scripting (XSS) in the pki-tps web Activity tab
  [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
  creation [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
  Scripting in 'path length' constraint field in CA's Agent page
  [rhel-7.9.z] (dmoluguw, ascheel)
- Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
  scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
  (dmoluguw, ascheel)
- Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
  Reflected XSS in recoveryID search field at KRA's DRM agent page in
  authorize recovery tab [rhel-7.9.z] (ascheel)
- Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
  reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
- ##########################################################################
- Update to jquery v3.4.1 (ascheel)
- Update to jquery-i18n-properties v1.2.7 (ascheel)
- Update to backbone v1.4.0 (ascheel)
- Upgrade to underscore v1.9.2 (ascheel)
- Update to patternfly v3.59.3 (ascheel)
- Update to jQuery v3.5.1 (ascheel)
- Upgrade to bootstrap v3.4.1 (ascheel)
- Link in new Bootstrap CSS file (ascheel)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-server-10.5.16-3.el7.noarch [2.8 MiB] Changelog by Dogtag Team (2019-06-20):
- ##########################################################################
- # RHEL 7.7:
- ##########################################################################
- Bugzilla Bug #1638379 - PKI startup initialization process should not
  depend on LDAP operational attributes [ftweedal]
- ##########################################################################
- # RHCS 9.5:
- ##########################################################################
- Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
  pki-console to 10.5.16 in RHCS 9.5
pki-server-10.5.1-13.1.el7_5.noarch [2.8 MiB] Changelog by Dogtag Team (2018-06-09):
- Rebuild due to build system database problem
pki-server-10.4.1-11.el7.noarch [2.8 MiB] Changelog by Dogtag Team (2017-07-17):
- Resolves: rhbz #1469432
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1469432 - CMC plugin default change
- Resolves CVE-2017-7537
- Fixes BZ #1470948
pki-server-10.3.3-17.el7_3.noarch [2.7 MiB] Changelog by Dogtag Team (2017-01-30):
- ## RHCS 9.1.z Batch Update 3
- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
  tokendb shows different certificate status (cfu)
- ## RHEL 7.3.z Batch Update 3
- Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System
  8.1 fail NIST validation test with parameter field. (cfu)
- Bugzilla Bug #1417064 - Unable to search certificate requests using the
  latest request ID (edewata)
- Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website
  incorrect (alee)
- Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will
  not finish start, hangs (ftweedal)
- Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert
  (edewata)
- Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6
  environment. (edewata)
pki-server-10.3.3-10.el7.noarch [3.0 MiB] Changelog by Dogtag Team (2016-09-09):
- Revert Patch:  PKI TRAC Ticket #2449 - Unable to create system certificates
  in different tokens (edewata)
- Removes from Errata:  rhbz #1372041 - Unable to create system certificates
  in different tokens

Listing created by Repoview-0.6.6-4.el7