Fedora 13 Update: certmonger-0.30-1.fc13
updates at fedoraproject.org
updates at fedoraproject.org
Sat Sep 11 09:08:48 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-12851
2010-08-17 05:06:16
--------------------------------------------------------------------------------
Name : certmonger
Product : Fedora 13
Version : 0.30
Release : 1.fc13
URL : http://certmonger.fedorahosted.org
Summary : Certificate status monitor and PKI enrollment client
Description :
Certmonger is a service which is primarily concerned with getting your
system enrolled with a certificate authority (CA) and keeping it enrolled.
--------------------------------------------------------------------------------
Update Information:
When used to tell certmonger to start tracking a certificate (and, when its
validity period ends, to attempt to get a fresh certificate from a CA), the
'getcert' utility could not be told to pass a PIN value (or the name of a file
containing the PIN) to the certmonger daemon, so certmonger would not correctly
handle keys stored using encryption. When a helper process (for example, a
helper used for submitting a signing request to a CA) needed to be stopped, the
process's exit status would not be reaped, so the helper process would become a
zombie. When self-signing certificates stored in NSS databases, the
certificate notBefore or notAfter values could be incorrect on 32-bit systems.
This update also incorporates init script fixes and translation updates.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 25 2010 Nalin Dahyabhai <nalin at redhat.com> 0.30-1
- update to 0.30
- fix errors computing the time at the end of an interval that were
caught by self-tests
* Mon Aug 23 2010 Nalin Dahyabhai <nalin at redhat.com> 0.29-1
- update to 0.29
- fix 64-bit cleanliness issue using libdbus
- actually include the full set of tests in tarballs
* Tue Aug 17 2010 Nalin Dahyabhai <nalin at redhat.com> 0.28-1
- update to 0.28
- fix self-signing certificate notBefore and notAfter values on 32-bit
machines
* Tue Aug 17 2010 Nalin Dahyabhai <nalin at redhat.com> 0.27-1
- update to 0.27
- portability and test fixes
* Fri Aug 13 2010 Nalin Dahyabhai <nalin at redhat.com> 0.26-1
- update to 0.26
- when canceling a submission request that's being handled by a helper,
reap the child process's status after killing it (#624120)
* Fri Aug 13 2010 Nalin Dahyabhai <nalin at redhat.com> 0.25-1
- update to 0.25
- new translations
- in by Okta Purnama Rahadian!
- fix detection of cases where we can't access a private key in an NSS
database because we don't have the PIN
- teach '*getcert start-tracking' about the -p and -P options which the
'*getcert request' commands already understand (#621670), and also
the -U, -K, -E, and -D flags
- double-check that the nicknames of keys we get back from
PK11_ListPrivKeysInSlot() match the desired nickname before accepting
them as matches, so that our tests won't all blow up on EL5
- fix dynamic addition and removal of CAs implemented through helpers
* Mon Jun 28 2010 Nalin Dahyabhai <nalin at redhat.com> 0.24-4
- init script: ensure that the subsys lock is created whenever we're called to
"start" when we're already running (even more of #596719)
* Tue Jun 15 2010 Nalin Dahyabhai <nalin at redhat.com> 0.24-3
- more gracefully handle manual daemon startups and cleaning up of unexpected
crashes (still more of #596719)
* Thu Jun 10 2010 Nalin Dahyabhai <nalin at redhat.com> 0.24-2
- don't create the daemon pidfile until after we've connected to the D-Bus
(still more of #596719)
* Tue Jun 8 2010 Nalin Dahyabhai <nalin at redhat.com> 0.24-1
- update to 0.24
- keep the lock on the pid file, if we have one, when we fork, and cancel
daemon startup if we can't gain ownership of the lock (the rest of #596719)
- make the man pages note which external configuration files we consult when
submitting requests to certmaster and ipa CAs
* Thu May 27 2010 Nalin Dahyabhai <nalin at redhat.com> 0.23-1
- update to 0.23
- new translations
- pl by Piotr Drąg!
- cancel daemon startup if we can't gain ownership of our well-known
service name on the DBus (#596719)
* Fri May 14 2010 Nalin Dahyabhai <nalin at redhat.com> 0.22-1
- update to 0.22
- new translations
- de by Fabian Affolter!
- certmaster-submit: don't fall over when we can't find a certmaster.conf
or a minion.conf (i.e., certmaster isn't installed) (#588932)
- when reading extension values from certificates, prune out duplicate
principal names, email addresses, and hostnames
* Tue May 4 2010 Nalin Dahyabhai <nalin at redhat.com> 0.21-1
- update to 0.21
- getcert/*-getcert: relay the desired CA to the local service, whether
specified on the command line (in getcert) or as a built-in hard-wired
default (in *-getcert) (#584983)
- flesh out the default certmonger.conf so that people can get a feel for
the expected formatting (Jenny Galipeau)
* Wed Apr 21 2010 Nalin Dahyabhai <nalin at redhat.com> 0.20-1
- update to 0.20
- correctly parse certificate validity periods given in years (spotted by
Stephen Gallagher)
- setup for translation
- es by Héctor Daniel Cabrera!
- ru by Yulia Poyarkova!
- uk by Yuri Chornoivan!
- fix unpreprocessed defaults in certmonger.conf's man page
- tweak the IPA-specific message that indicates a principal name also needs
to be specified if we're not using the default subject name (#579542)
- make the validity period of self-signed certificates into a configuration
setting and not a piece of the state information we track about the signer
- init script: exit with status 2 instead of 1 when invoked with an
unrecognized argument (#584517)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #624120 - certmonger defunct process ipa-submit
https://bugzilla.redhat.com/show_bug.cgi?id=624120
[ 2 ] Bug #621670 - RFE: there is no way to pass in a key or database password on start-tracking
https://bugzilla.redhat.com/show_bug.cgi?id=621670
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update certmonger' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list