import pki-core-10.10.4-1.module+el8.4.0+9861+7cddd5b6

2021-03-30 06:37:36 -04:00 · 2021-03-30 06:37:36 -04:00 · 58a736a6e9
parent bf7396ae0d
commit 58a736a6e9
3 changed files with 273 additions and 119 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/pki-10.9.0-b2.tar.gz
+SOURCES/pki-10.10.4.tar.gz
--- a/.pki-core.metadata
+++ b/.pki-core.metadata
@ -1 +1 @@
-7a900dcf24422f7756649fbed42b6a033f9204b7 SOURCES/pki-10.9.0-b2.tar.gz
+d50ec310c6584bd0eb1448b6d40614954827a73d SOURCES/pki-10.10.4.tar.gz
--- a/SPECS/pki-core.spec
+++ b/SPECS/pki-core.spec
@ -6,13 +6,15 @@ Name:             pki-core
 %global           brand Red Hat
 Summary:          %{brand} PKI Core Package
-URL:              http://www.dogtagpki.org/
+URL:              https://www.dogtagpki.org
 # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
 License:          GPLv2 and LGPLv2
-Version:          10.9.0
+# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
-Release:          0.4%{?_timestamp}%{?_commit_id}%{?dist}
+# For official (i.e. supported) releases, use x.y.z-r where r >=1.
-%global           _phase -b2
+Version:          10.10.4
 Release:          1%{?_timestamp}%{?_commit_id}%{?dist}
 #global           _phase -beta1
 # To create a tarball from a version tag:
 # $ git archive \
@ -28,6 +30,11 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
 #     <version tag> \
 #     > pki-VERSION-RELEASE.patch
 # Patch: pki-VERSION-RELEASE.patch
 # Do not remove this!! pytest-runner isn't available on RHEL. Removing this
 # patch will break RHEL builds. The error message is:
 # BUILDSTDERR: Download error on https://pypi.org/simple/pytest-runner/:
 #   [Errno 111] Connection refused -- Some packages may not be found!
 Patch1: 0001-Removed-dependency-on-pytest-runner.patch
 ################################################################################
@ -50,7 +57,16 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
 # Java
 ################################################################################
-%define java_home %{_usr}/lib/jvm/jre-1.8.0-openjdk
+%define java_devel java-devel
 %define java_headless java-headless
 %if 0%{?fedora} && 0%{?fedora} >= 33
 %define min_java_version 1:11
 %define java_home /usr/lib/jvm/java-11-openjdk
 %else
 %define min_java_version 1:1.8.0
 %define java_home /usr/lib/jvm/java-1.8.0-openjdk
 %endif
 ################################################################################
 # RESTEasy
@ -94,6 +110,8 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
 %global with_base 1
 # package_option server
 %global with_server 1
 # package_option acme
 %global with_acme 1
 # package_option ca
 %global with_ca 1
 # package_option kra
@ -113,6 +131,8 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
 %define debug_package %{nil}
 %endif
 %bcond_without sdnotify
 # ignore unpackaged files from native 'tpsclient'
 # REMINDER:  Remove this '%%define' once 'tpsclient' is rewritten as a Java app
 %define _unpackaged_files_terminate_build 0
@ -157,13 +177,14 @@ BuildRequires:    make
 BuildRequires:    cmake >= 3.0.2
 BuildRequires:    gcc-c++
 BuildRequires:    zip
-BuildRequires:    java-1.8.0-openjdk-devel
+BuildRequires:    %java_devel >= %{min_java_version}
 BuildRequires:    javapackages-tools
 BuildRequires:    redhat-rpm-config
 BuildRequires:    ldapjdk >= 4.22.0
 BuildRequires:    apache-commons-cli
 BuildRequires:    apache-commons-codec
 BuildRequires:    apache-commons-io
-BuildRequires:    apache-commons-lang
+BuildRequires:    apache-commons-lang3 >= 3.2
 BuildRequires:    apache-commons-net
 BuildRequires:    jakarta-commons-httpclient
 BuildRequires:    glassfish-jaxb-api
@ -215,8 +236,13 @@ BuildRequires:    python3-pytest-runner
 BuildRequires:    junit
 BuildRequires:    jpackage-utils >= 0:1.7.5-10
-BuildRequires:    jss >= 4.7.0
+BuildRequires:    jss >= 4.8.1
-BuildRequires:    tomcatjss >= 7.5.0
+BuildRequires:    tomcatjss >= 7.6.1
 # JNA is used to bind to libsystemd
 %if %{with sdnotify}
 BuildRequires:    jna
 %endif
 BuildRequires:    systemd-units
 %if 0%{?rhel}
@ -263,6 +289,7 @@ to manage enterprise Public Key Infrastructure deployments.
 PKI consists of the following components:
  * Automatic Certificate Management Environment (ACME) Responder
  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
@ -287,6 +314,7 @@ Requires:         %{vendor_id}-pki-console-theme = %{version}
 # Make certain that this 'meta' package requires the latest version(s)
 # of ALL PKI core packages
 Requires:         pki-acme = %{version}
 Requires:         pki-ca = %{version}
 Requires:         pki-kra = %{version}
 Requires:         pki-ocsp = %{version}
@ -314,6 +342,7 @@ to manage enterprise Public Key Infrastructure deployments.
 PKI consists of the following components:
  * Automatic Certificate Management Environment (ACME) Responder
  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
@ -330,9 +359,9 @@ PKI consists of the following components:
 Summary:          PKI Symmetric Key Package
-Requires:         java-1.8.0-openjdk-headless
+Requires:         %java_headless >= %{min_java_version}
 Requires:         jpackage-utils >= 0:1.7.5-10
-Requires:         jss >= 4.7.0
+Requires:         jss >= 4.8.0
 Requires:         nss >= 3.38.0
 # Ensure we end up with a useful installation
@ -383,6 +412,7 @@ Provides:         pki-base-python3 = %{version}
 Requires:         pki-base = %{version}-%{release}
 Requires:         python3 >= 3.5
 Requires:         python3-cryptography
 Requires:         python3-ldap
 Requires:         python3-lxml
 Requires:         python3-nss
 Requires:         python3-requests >= 2.6.0
@ -398,11 +428,11 @@ This package contains PKI client library for Python 3.
 Summary:          PKI Base Java Package
 BuildArch:        noarch
-Requires:         java-1.8.0-openjdk-headless
+Requires:         %java_headless >= %{min_java_version}
 Requires:         apache-commons-cli
 Requires:         apache-commons-codec
 Requires:         apache-commons-io
-Requires:         apache-commons-lang
+Requires:         apache-commons-lang3 >= 3.2
 Requires:         apache-commons-logging
 Requires:         apache-commons-net
 Requires:         jakarta-commons-httpclient
@ -424,6 +454,11 @@ Requires:         resteasy-core >= 3.0.17-1
 Requires:         resteasy-jackson2-provider >= 3.0.17-1
 %endif
 %if 0%{?fedora} && 0%{?fedora} >= 33
 Requires:         jaxb-impl >= 2.3.3
 Requires:         jakarta-activation >= 1.2.2
 %endif
 Requires:         xalan-j2
 Requires:         xerces-j2
 Requires:         xml-commons-apis
@ -464,7 +499,6 @@ Summary:          PKI Server Package
 BuildArch:        noarch
 Requires:         hostname
 Requires:         net-tools
 Requires:         policycoreutils
 Requires:         procps-ng
@ -477,7 +511,6 @@ Requires:         keyutils
 Requires:         policycoreutils-python-utils
 Requires:         python3-ldap
 Requires:         python3-lxml
 Requires:         python3-libselinux
 Requires:         python3-policycoreutils
@ -491,11 +524,18 @@ Requires:         tomcat >= 1:9.0.7
 %endif
 Requires:         velocity
 Requires:         sudo
 Requires:         systemd
 Requires(post):   systemd-units
 Requires(preun):  systemd-units
 Requires(postun): systemd-units
 Requires(pre):    shadow-utils
-Requires:         tomcatjss >= 7.5.0
+Requires:         tomcatjss >= 7.6.1
 # JNA is used to bind to libsystemd
 %if %{with sdnotify}
 Requires:         jna
 %endif
 # pki-healthcheck depends on the following library
 %if 0%{?rhel}
@ -519,18 +559,29 @@ Provides:         bundled(js-patternfly) = 3.59.2
 Provides:         bundled(js-underscore) = 1.9.2
 %description -n   pki-server
-The PKI Server Package contains libraries and utilities needed by the
+The PKI Server Package contains libraries and utilities needed by other
-following PKI subsystems:
+PKI subsystems.
    the Certificate Authority (CA),
    the Key Recovery Authority (KRA),
    the Online Certificate Status Protocol (OCSP) Manager,
    the Token Key Service (TKS), and
    the Token Processing Service (TPS).
 # with server
 %endif
 %if %{with acme}
 ################################################################################
 %package -n       pki-acme
 ################################################################################
 Summary:          PKI ACME Package
 BuildArch:        noarch
 Requires:         pki-server = %{version}-%{release}
 %description -n   pki-acme
 The PKI ACME responder is a service that provides an automatic certificate
 management via ACME v2 protocol defined in RFC 8555.
 # with acme
 %endif
 %if %{with ca}
 ################################################################################
 %package -n       pki-ca
@ -804,6 +855,13 @@ This package contains PKI test suite.
 %build
 ################################################################################
 # get Java <major>.<minor> version number
 java_version=`%{java_home}/bin/java -XshowSettings:properties -version 2>&1 | sed -n 's/ *java.version *= *\([0-9]\+\.[0-9]\+\).*/\1/p'`
 # if <major> == 1, get <minor> version number
 # otherwise get <major> version number
 java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'`
 # get Tomcat <major>.<minor> version number
 tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
@ -813,14 +871,19 @@ else
    app_server=tomcat-$tomcat_version
 fi
 %if 0%{?rhel}
 %{__mkdir_p} build
 cd build
 %endif
 %cmake \
    --no-warn-unused-cli \
    -DVERSION=%{version}-%{release} \
    -DVAR_INSTALL_DIR:PATH=/var \
    -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
-    -DJAVA_HOME=%{java_home} \
+    -DJAVA_VERSION=${java_version} \
    -DJAVA_HOME=%java_home \
    -DPKI_JAVA_PATH=%java_home/bin/java \
    -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
    -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
    -DAPP_SERVER=$app_server \
@ -829,14 +892,29 @@ cd build
    -DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \
    -DBUILD_PKI_CORE:BOOL=ON \
    -DPYTHON_EXECUTABLE=%{python_executable} \
-    -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
+%if ! %{with server} && ! %{with acme} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps}
 %if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps}
    -DWITH_SERVER:BOOL=OFF \
 %endif
    -DWITH_CA:BOOL=%{?with_ca:ON}%{!?with_ca:OFF} \
    -DWITH_KRA:BOOL=%{?with_kra:ON}%{!?with_kra:OFF} \
    -DWITH_OCSP:BOOL=%{?with_ocsp:ON}%{!?with_ocsp:OFF} \
    -DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
    -DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
    -DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
    -DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \
    -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
    -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
    -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
    -DTHEME=%{?with_theme:%{vendor_id}} \
 %if 0%{?rhel}
    ..
 %else
    -B %{_vpath_builddir}
 %endif
 %if 0%{?fedora}
 cd %{_vpath_builddir}
 %endif
 # Do not use _smp_mflags to preserve build order
 %{__make} \
@ -851,7 +929,11 @@ cd build
 %install
 ################################################################################
 %if 0%{?rhel}
 cd build
 %else
 cd %{_vpath_builddir}
 %endif
 %{__make} \
    VERBOSE=%{?_verbose} \
@ -1032,8 +1114,8 @@ fi
 %files -n pki-tools
 ################################################################################
-%license base/native-tools/LICENSE
+%license base/tools/LICENSE
-%doc base/native-tools/doc/README
+%doc base/tools/doc/README
 %{_bindir}/p7tool
 %{_bindir}/pistool
 %{_bindir}/pki
@ -1041,7 +1123,6 @@ fi
 %{_bindir}/setpin
 %{_bindir}/sslget
 %{_bindir}/tkstool
 %{_datadir}/pki/native-tools/
 %{_bindir}/AtoB
 %{_bindir}/AuditVerify
 %{_bindir}/BtoA
@ -1066,7 +1147,7 @@ fi
 %{_bindir}/PrettyPrintCrl
 %{_bindir}/TokenInfo
 %{_javadir}/pki/pki-tools.jar
-%{_datadir}/pki/java-tools/
+%{_datadir}/pki/tools/
 %{_datadir}/pki/lib/p11-kit-trust.so
 %{_mandir}/man1/AtoB.1.gz
 %{_mandir}/man1/AuditVerify.1.gz
@ -1140,6 +1221,7 @@ fi
 %dir %{_sharedstatedir}/pki
 %{_mandir}/man1/pkidaemon.1.gz
 %{_mandir}/man5/pki_default.cfg.5.gz
 %{_mandir}/man5/pki_healthcheck.conf.5.gz
 %{_mandir}/man5/pki-server-logging.5.gz
 %{_mandir}/man8/pki-server-upgrade.8.gz
 %{_mandir}/man8/pkidestroy.8.gz
@ -1159,12 +1241,26 @@ fi
 %{_mandir}/man8/pki-healthcheck.8.gz
 %{_datadir}/pki/setup/
 %{_datadir}/pki/server/
-%{_datadir}/pki/acme/
+
-%{_javadir}/pki/pki-acme.jar
+%if %{with sdnotify}
 %{_javadir}/pki/pki-systemd.jar
 %endif
 # with server
 %endif
 %if %{with acme}
 ################################################################################
 %files -n pki-acme
 ################################################################################
 %{_javadir}/pki/pki-acme.jar
 %dir %{_datadir}/pki/acme
 %{_datadir}/pki/acme/
 # with acme
 %endif
 %if %{with ca}
 ################################################################################
 %files -n pki-ca
@ -1173,11 +1269,7 @@ fi
 %license base/ca/LICENSE
 %{_javadir}/pki/pki-ca.jar
 %dir %{_datadir}/pki/ca
-%{_datadir}/pki/ca/conf/
+%{_datadir}/pki/ca/
 %{_datadir}/pki/ca/emails/
 %{_datadir}/pki/ca/profiles/
 %{_datadir}/pki/ca/setup/
 %{_datadir}/pki/ca/webapps/
 # with ca
 %endif
@ -1190,9 +1282,7 @@ fi
 %license base/kra/LICENSE
 %{_javadir}/pki/pki-kra.jar
 %dir %{_datadir}/pki/kra
-%{_datadir}/pki/kra/conf/
+%{_datadir}/pki/kra/
 %{_datadir}/pki/kra/setup/
 %{_datadir}/pki/kra/webapps/
 # with kra
 %endif
@ -1205,9 +1295,7 @@ fi
 %license base/ocsp/LICENSE
 %{_javadir}/pki/pki-ocsp.jar
 %dir %{_datadir}/pki/ocsp
-%{_datadir}/pki/ocsp/conf/
+%{_datadir}/pki/ocsp/
 %{_datadir}/pki/ocsp/setup/
 %{_datadir}/pki/ocsp/webapps/
 # with ocsp
 %endif
@ -1220,9 +1308,7 @@ fi
 %license base/tks/LICENSE
 %{_javadir}/pki/pki-tks.jar
 %dir %{_datadir}/pki/tks
-%{_datadir}/pki/tks/conf/
+%{_datadir}/pki/tks/
 %{_datadir}/pki/tks/setup/
 %{_datadir}/pki/tks/webapps/
 # with tks
 %endif
@ -1235,10 +1321,7 @@ fi
 %license base/tps/LICENSE
 %{_javadir}/pki/pki-tps.jar
 %dir %{_datadir}/pki/tps
-%{_datadir}/pki/tps/applets/
+%{_datadir}/pki/tps/
 %{_datadir}/pki/tps/conf/
 %{_datadir}/pki/tps/setup/
 %{_datadir}/pki/tps/webapps/
 %{_mandir}/man5/pki-tps-connector.5.gz
 %{_mandir}/man5/pki-tps-profile.5.gz
 %{_mandir}/man1/tpsclient.1.gz
@ -1316,161 +1399,232 @@ fi
 ################################################################################
 %changelog
 * Mon Feb 08 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.4-1
 - Rebase to PKI 10.10.4
 - Bug 1664435 - Error instantiating class for challenge_password with SCEP request
 - Bug 1912418 - OCSP and TKS cloning failed due to duplicate replica ID
 - Bug 1916686 - Memory leak during ACME performance test
 - Bug 1919282 - ACME cert enrollment failed with HTTP 500
 * Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.3-1
 - Rebase to PKI 10.10.3
 - Bug 1584550 - CRMFPopClient: unexpected behavior with -y option when values are specified
 - Bug 1590942 - CMCResponse treats -d as optional
 - Bug 1890639 - Two-step installation with external certificates fails on HSM configured system
 - Bug 1912493 - pkispawn reports incorrect FIPS mode
 * Tue Dec 08 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.2-1
 - Rebase to PKI 10.10.2
 - Bug 1392616 - KRA key recovery cli kra-key-retrieve generates an invalid p12 file
 - Bug 1897120 - pki-server cert-fix command failing
 - Bug 1694664 - ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (503)
 * Tue Nov 17 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.1-1
 - Rebase to PKI 10.10.1
 - Bug 1843416 - kra-audit-mod fail with Invalid event configuration
 - Bug 1889691 - ACME failed when run with more than 1 thread/connection
 - Bug 1891577 - Sub-ordinate installation is failing with NullPointerException
 * Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.0-1
 - Rebase to PKI 10.10.0
 - Add workaround for missing capture_output in Python 3.6
 - Fix JSS initialization in pki-server <subsystem>-user-cert-add
 - Fix NPE in UGSubsystem.findUsersByKeyword()
 - Bug 1787115 - Need Method to copy SKI from CSR to Certificate signed
 - Bug 1875563 - Add KRA Transport and Storage Certificates profiles, audit for IPA
 - Bug 1883996 - Inconsistent folders in pki-tools
 * Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.0-0.2.beta1
 - Rebase to PKI 10.10.0-beta1
 - Bug 1868233 - Disabling AIA and cert policy extensions in ACME examples
 * Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.4-1
 - Rebase to PKI 10.9.4
 - Bug 1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add
 * Thu Sep 03 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.3-1
 - Rebase to PKI 10.9.3
 - Bug 1869893 - Common certificates are missing in CS.cfg on shared PKI instance
 * Tue Aug 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.2-2
 - Bug 1871064 - Replica install failing during pki-ca component configuration
 * Tue Aug 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.2-1
 - Rebase to PKI 10.9.2
 * Wed Aug 12 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.1-2
 - Bug 1857933 - CA Installation is failing with ncipher v12.30 HSM
 - Bug 1868233 - Disabling AIA and cert policy extensions in ACME examples
 * Thu Aug 06 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.1-1
 - Rebase to PKI 10.9.1
 - Bug 1426572 - Fix Secure connection issue when server is down
 * Fri Jul 31 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-1
 - Rebase to PKI 10.9.0
 * Tue Jul 14 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-0.7
 - Fix pki kra-key-generate failure
 - Fix error handling in PKIRealm
 * Fri Jul 10 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-0.6
 - Rebase to PKI 10.9.0-b4
 * Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-0.4
- Rebased to PKI 10.9.0-b2
+- Rebase to PKI 10.9.0-b2
 * Mon Jun 22 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-0.3
- Rebased to PKI 10.9.0-b1
+- Rebase to PKI 10.9.0-b1
 * Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-0.1
- Rebased to PKI 10.9.0-a1
+- Rebase to PKI 10.9.0-a1
 * Tue Mar 03 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.3-1
- Rebased to PKI 10.8.3
+- Rebase to PKI 10.8.3
- Bug #1809210 - TPS installation failure on HSM machine
+- Bug 1809210 - TPS installation failure on HSM machine
- Bug #1807421 - Subordinate CA installation failed
+- Bug 1807421 - Subordinate CA installation failed
- Bug #1806840 - KRA cloning with HSM failed
+- Bug 1806840 - KRA cloning with HSM failed
 * Wed Feb 19 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.2-2
- Bug #1795215 - pkispawn interactive installation failed
+- Bug 1795215 - pkispawn interactive installation failed
 * Mon Feb 17 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.2-1
- Rebased to PKI 10.8.2
+- Rebase to PKI 10.8.2
- Bug #1802006 - KRA installation failed to create ECC admin cert
+- Bug 1802006 - KRA installation failed to create ECC admin cert
 * Mon Feb 10 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.1-1
- Rebased to PKI 10.8.1
+- Rebase to PKI 10.8.1
 * Fri Feb 07 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.0-1
- Rebased to PKI 10.8.0
+- Rebase to PKI 10.8.0
 * Thu Jan 16 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.0-0.5
- Rebased to PKI 10.8.0-b3
+- Rebase to PKI 10.8.0-b3
 * Fri Dec 13 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.0-0.4
- Rebased to PKI 10.8.0-b2
+- Rebase to PKI 10.8.0-b2
 * Wed Dec 11 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.0-0.3
- Rebased to PKI 10.8.0-b1
+- Rebase to PKI 10.8.0-b1
 * Fri Nov 22 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.0-0.2
- Rebased to PKI 10.8.0-a2
+- Rebase to PKI 10.8.0-a2
 * Thu Oct 31 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.8.0-0.1
- Rebased to PKI 10.8.0-a1
+- Rebase to PKI 10.8.0-a1
 * Wed Aug 14 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.7.3-1
- Rebased to PKI 10.7.3
+- Rebase to PKI 10.7.3
- Bug #1698084 - pkidestroy not working as expected
+- Bug 1698084 - pkidestroy not working as expected
- Bug #1468050 and Bug #1448235 - Support AES for LWCA key replication
+- Bug 1468050 and Bug #1448235 - Support AES for LWCA key replication
 * Tue Jul 23 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.7.2-1
- Rebased to PKI 10.7.2
+- Rebase to PKI 10.7.2
- Bug #1721340 - TPS installation failure
+- Bug 1721340 - TPS installation failure
- Bug #1248216 - Incorrect pkidaemon status
+- Bug 1248216 - Incorrect pkidaemon status
- Bug #1729215 - cert-fix: detect and prevent pkidbuser being used as --agent-uid
+- Bug 1729215 - cert-fix: detect and prevent pkidbuser being used as --agent-uid
- Bug #1698059 - pki-core implements crypto
+- Bug 1698059 - pki-core implements crypto
 * Thu Jun 13 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.7.1-2
- Fixed cloning issue
+- Fix cloning issue
- Fixed TPS installation issue
+- Fix TPS installation issue
 * Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.7.1-1
- Rebased to PKI 10.7.1
+- Rebase to PKI 10.7.1
 * Wed Apr 24 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.7.0-1
- Rebased to PKI 10.7.0
+- Rebase to PKI 10.7.0
 * Mon Jan 28 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.9-2
- Bug #1652269 - Replace Nuxwdog
+- Bug 1652269 - Replace Nuxwdog
 * Mon Jan 14 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.9-1
- Rebased to PKI 10.6.9
+- Rebase to PKI 10.6.9
- Bug #1629048 - X500Name.directoryStringEncodingOrder overridden by CSR encoding
+- Bug 1629048 - X500Name.directoryStringEncodingOrder overridden by CSR encoding
- Bug #1652269 - Replace Nuxwdog
+- Bug 1652269 - Replace Nuxwdog
- Bug #1656856 - Need Method to Include SKI in CA Signing Certificate Request
+- Bug 1656856 - Need Method to Include SKI in CA Signing Certificate Request
 * Thu Nov 29 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.8-1
- Rebased to PKI 10.6.8
+- Rebase to PKI 10.6.8
- Bug #1602659 - Fix issues found by covscan
+- Bug 1602659 - Fix issues found by covscan
- Bug #1566360 - Fix missing serial number from pki-server subsystem-cert-find
+- Bug 1566360 - Fix missing serial number from pki-server subsystem-cert-find
 * Fri Oct 26 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.7-3
- Bug #1643101 - Fix problems due to token normalization
+- Bug 1643101 - Fix problems due to token normalization
 * Tue Oct 23 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.7-2
- Bug #1623444 - Fix Python KeyClient KeyRequestResponse parsing
+- Bug 1623444 - Fix Python KeyClient KeyRequestResponse parsing
 * Fri Oct 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.7-1
- Rebased to PKI 10.6.7
+- Rebase to PKI 10.6.7
 * Fri Aug 24 2018 Alexander Bokovoy <abokovoy@redhat.com> 10.6.6-3
 - Build on s390x
 * Wed Aug 22 2018 Alexander Bokovoy <abokovoy@redhat.com> 10.6.6-2
 - Use platform-python interpreter
- Bug #1620066 - pkispawn crashes as /usr/bin/python3 does not exist
+- Bug 1620066 - pkispawn crashes as /usr/bin/python3 does not exist
 * Mon Aug 13 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.6-1
- Rebased to PKI 10.6.6
+- Rebase to PKI 10.6.6
 * Wed Aug 08 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.5-1
- Rebased to PKI 10.6.5
+- Rebase to PKI 10.6.5
 * Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.4-4
- Bug #1612063 - Do not override system crypto policy (support TLS 1.3)
+- Bug 1612063 - Do not override system crypto policy (support TLS 1.3)
 * Wed Aug 01 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.4-3
 - Patch PKI to use Jackson 2 and avoid Jackson 1 dependency.
  Add direct dependency on slf4j-jdk14.
 * Tue Jul 31 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.4-2
- Updated Jackson and RESTEasy dependencies
+- Update Jackson and RESTEasy dependencies
 * Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.4-1
- Rebased to PKI 10.6.4
+- Rebase to PKI 10.6.4
 * Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.3-1
- Rebased to PKI 10.6.3
+- Rebase to PKI 10.6.3
 * Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> 10.6.2-4
- Rebuilt for Python 3.7
+- Rebuild for Python 3.7
 * Thu Jun 28 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.2-3
- Fixed macro expressions
+- Fix macro expressions
- Bug #1566606 - pki-core: Switch to Python 3
+- Bug 1566606 - pki-core: Switch to Python 3
- Bug #1590467 - pki-core: Drop pylint dependency from RHEL 8
+- Bug 1590467 - pki-core: Drop pylint dependency from RHEL 8
 * Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> 10.6.2-2
- Rebuilt for Python 3.7
+- Rebuild for Python 3.7
 * Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.2-1
- Rebased to PKI 10.6.2
+- Rebase to PKI 10.6.2
 * Wed May 30 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.1-3
- Updated JSS dependency
+- Update JSS dependency
- Updated Tomcat dependency
+- Update Tomcat dependency
- Fixed rpmlint warnings
+- Fix rpmlint warnings
 * Fri May 04 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.1-2
- Bug #1574711 - pki-tools cannot be installed on current Rawhide
+- Bug 1574711 - pki-tools cannot be installed on current Rawhide
- Fixed rpmlint warnings
+- Fix rpmlint warnings
 * Thu May 03 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.1-1
- Rebased to PKI 10.6.1
+- Rebase to PKI 10.6.1
- Bug #1559047 - pki-core misses a dependency to pki-symkey
+- Bug 1559047 - pki-core misses a dependency to pki-symkey
- Bug #1573094 - FreeIPA external CA installation fails
+- Bug 1573094 - FreeIPA external CA installation fails
 * Wed Apr 11 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.0-1
- Updated project URL and package descriptions
+- Update project URL and package descriptions
- Cleaned up spec file
+- Clean up spec file
- Rebased to PKI 10.6.0 final
+- Rebase to PKI 10.6.0 final
 * Thu Mar 29 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.0-0.3
 - Iryna Shcherbina <ishcherb@redhat.com>: Update Python 2 dependency declarations to new packaging standards
  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
- Rebased to PKI 10.6.0 beta2
+- Rebase to PKI 10.6.0 beta2
 * Thu Mar 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 10.6.0-0.2
- Rebased to PKI 10.6.0 beta
+- Rebase to PKI 10.6.0 beta
`@ -1 +1 @@`
	`SOURCES/pki-10.9.0-b2.tar.gz`	`SOURCES/pki-10.10.4.tar.gz`
`@ -1 +1 @@`
	`7a900dcf24422f7756649fbed42b6a033f9204b7 SOURCES/pki-10.9.0-b2.tar.gz`	`d50ec310c6584bd0eb1448b6d40614954827a73d SOURCES/pki-10.10.4.tar.gz`