Fedora 16 Update: certmonger-0.59-1.fc16

updates at fedoraproject.org updates at fedoraproject.org
Thu Aug 9 23:21:04 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11382
2012-08-01 22:09:35
--------------------------------------------------------------------------------

Name        : certmonger
Product     : Fedora 16
Version     : 0.59
Release     : 1.fc16
URL         : http://certmonger.fedorahosted.org
Summary     : Certificate status monitor and PKI enrollment client
Description :
Certmonger is a service which is primarily concerned with getting your
system enrolled with a certificate authority (CA) and keeping it enrolled.

--------------------------------------------------------------------------------
Update Information:

This update adds minor bug fixes and two noteworthy features.

It adds an option for specifying hook commands to be run before a newly-obtained certificate is saved to its designated location.

It adds the ability to request a replacement for an already-issued certificate from a Dogtag CA, and to use a suitably-authorized agent certificate to approve issuance of the new certificate.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 29 2012 Nalin Dahyabhai <nalin at redhat.com> 0.59-1
- mostly documentation updates
* Fri Jun 29 2012 Nalin Dahyabhai <nalin at redhat.com> 0.58-1
- add a "dogtag-ipa-renew-agent" CA so that we can renew certificates using
  an IPA server's internal Dogtag instance
- export the requested profile and old certificate to enrollment helpers
- make libxml and libcurl into hard build-time requirements
- serialize all pre/save/post sequences to make sure that stop/save/start
  doesn't become stop1/save1/stop2/start1/save2/start2 when we're stopping
  a service while we muck with more than one of its certificates
* Tue Jun 12 2012 Nalin Dahyabhai <nalin at redhat.com>
- add a command option (-T) to getcert for specifying which enrollment
  profile to tell a CA that we're using, in case it cares (#10)
* Tue Jun 12 2012 Nalin Dahyabhai <nalin at redhat.com> 0.57-1
- clarify that the command passed to getcert -C is a "post"-save command
- add a "pre"-save command option to getcert, specified with the -B flag (#9)
* Sat Mar  3 2012 Nalin Dahyabhai <nalin at redhat.com> 0.56-1
- when a caller sets the is-default flag on a CA, and another CA is no longer
  the default, emit the PropertiesChanged signal on the CA which is not the
  default, instead on the new default a second time
- drop some dead code from the D-Bus message handlers (static analysis,
  - cache public keys when we read private keys
- go back to printing an error indicating that we're missing a required
  argument when we're missing a required argument, not that the option is
  invalid (broken since 0.51, #796542)
* Thu Feb 16 2012 Nalin Dahyabhai <nalin at redhat.com> 0.55-1
- allow root to use our implementation of org.freedesktop.DBus.Properties
- take more care to not emit useless PropertiesChanged signals
* Thu Feb 16 2012 Nalin Dahyabhai <nalin at redhat.com> 0.54-1
- fix setting the group ID when spawning the post-save command
* Wed Feb 15 2012 Nalin Dahyabhai <nalin at redhat.com> 0.53-1
- large changes to the D-Bus glue, exposing a lot of data which we were
  providing via D-Bus getter methods as properties, and providing more
  accurate introspection data
- emit a signal when the daemon saves a certificate to the destination
  location, and provide an option to have the daemon spawn an arbitrary
  command at that point, too (#766167)
- enable starting the service by default on RHEL (#765600)
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.52-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Dec 16 2011 Nalin Dahyabhai <nalin at redhat.com> 0.52-1
- note that SELinux usually confines us to writing only to cert_t in
  doc/getting-started.txt (#765599)
- fix crashes when we add a request during our first run when we're
  populating the hard-coded CA list
- properly deal with cases where a path is passed to us is "./XXX"
- in session mode, create our data directories as we go
* Tue Dec  6 2011 Nalin Dahyabhai <nalin at redhat.com> 0.51-1
- api: lift restrictions on characters used in request and CA nicknames by
  making their object names not incorporate their nicknames
- api: add find_request_by_nickname and find_ca_by_nickname
- certmonger-ipa-submit.8: list -k, -K, -t in the summary, document -K
- getcert: print "invalid option" error messages ourselves (#756291)
- ipa-submit: supply a Referer: header when submitting requests to IPA
  (#750617, needed for #747710)
* Fri Oct 14 2011 Nalin Dahyabhai <nalin at redhat.com> 0.50-1
- really fix these this time:
 - getcert: error out when "list -c" finds no matching CA (#743488)
 - getcert: error out when "list -i" finds no matching request (#743485)
* Wed Oct 12 2011 Nalin Dahyabhai <nalin at redhat.com> 0.49-1
- when using an NSS database, skip loading the module database (#743042)
- when using an NSS database, skip loading root certs
- generate SPKAC values when generating CSRs, though we don't do anything
  with SPKAC values yet
- internally maintain and use challenge passwords, if we have them
- behave better when certificates have shorter lifetimes
- add/recognize/handle notification type "none"
- getcert: error out when "list -c" finds no matching CA (#743488)
- getcert: error out when "list -i" finds no matching request (#743485)
* Thu Sep 29 2011 Nalin Dahyabhai <nalin at redhat.com> 0.48-1
- don't incorrectly assume that CERT_ImportCerts() returns a NULL-terminated
  array (#742348)
* Tue Sep 27 2011 Nalin Dahyabhai <nalin at redhat.com> 0.47-1
- getcert: distinguish between {stat() succeeds but isn't a directory} and
  {stat() failed} when printing an error message (#739903)
- getcert resubmit/start-tracking: when we're looking for an existing request
  by ID, and we don't find one, note that specifically (#741262)
* Mon Aug 29 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.46-1.1
- Rebuild against fixed libtevent version
* Mon Aug 15 2011 Nalin Dahyabhai <nalin at redhat.com> 0.46-1
- treat the ability to access keys in an NSS database without using a PIN,
  when we've been told we need one, as an error (#692766, really this time)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update certmonger' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list