Fedora 15 Update: certmonger-0.56-1.fc15

updates at fedoraproject.org updates at fedoraproject.org
Wed Mar 21 02:34:10 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-3307
2012-03-08 03:34:46
--------------------------------------------------------------------------------

Name        : certmonger
Product     : Fedora 15
Version     : 0.56
Release     : 1.fc15
URL         : http://certmonger.fedorahosted.org
Summary     : Certificate status monitor and PKI enrollment client
Description :
Certmonger is a service which is primarily concerned with getting your
system enrolled with a certificate authority (CA) and keeping it enrolled.

--------------------------------------------------------------------------------
Update Information:

This update adds enhancements which are mainly visible to other applications which might access certmonger's services via the system bus. It corrects the error which the "getcert" command prints when it is invoked with a valid option which is not given a required argument. It also now emits a D-Bus signal and can run a specified command, subject to SELinux policy, when a new copy of the certificate is saved to its expected location.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  3 2012 Nalin Dahyabhai <nalin at redhat.com> 0.56-1
- when a caller sets the is-default flag on a CA, and another CA is no longer
  the default, emit the PropertiesChanged signal on the CA which is not the
  default, instead on the new default a second time
- drop some dead code from the D-Bus message handlers (static analysis,
  - cache public keys when we read private keys
- go back to printing an error indicating that we're missing a required
  argument when we're missing a required argument, not that the option is
  invalid (broken since 0.51, #796542)
* Thu Feb 16 2012 Nalin Dahyabhai <nalin at redhat.com> 0.55-1
- allow root to use our implementation of org.freedesktop.DBus.Properties
- take more care to not emit useless PropertiesChanged signals
* Thu Feb 16 2012 Nalin Dahyabhai <nalin at redhat.com> 0.54-1
- fix setting the group ID when spawning the post-save command
* Wed Feb 15 2012 Nalin Dahyabhai <nalin at redhat.com> 0.53-1
- large changes to the D-Bus glue, exposing a lot of data which we were
  providing via D-Bus getter methods as properties, and providing more
  accurate introspection data
- emit a signal when the daemon saves a certificate to the destination
  location, and provide an option to have the daemon spawn an arbitrary
  command at that point, too (#766167)
- enable starting the service by default on RHEL (#765600)
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.52-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Dec 16 2011 Nalin Dahyabhai <nalin at redhat.com> 0.52-1
- note that SELinux usually confines us to writing only to cert_t in
  doc/getting-started.txt (#765599)
- fix crashes when we add a request during our first run when we're
  populating the hard-coded CA list
- properly deal with cases where a path is passed to us is "./XXX"
- in session mode, create our data directories as we go
* Tue Dec  6 2011 Nalin Dahyabhai <nalin at redhat.com> 0.51-1
- api: lift restrictions on characters used in request and CA nicknames by
  making their object names not incorporate their nicknames
- api: add find_request_by_nickname and find_ca_by_nickname
- certmonger-ipa-submit.8: list -k, -K, -t in the summary, document -K
- getcert: print "invalid option" error messages ourselves (#756291)
- ipa-submit: supply a Referer: header when submitting requests to IPA
  (#750617, needed for #747710)
* Fri Oct 14 2011 Nalin Dahyabhai <nalin at redhat.com> 0.50-1
- really fix these this time:
 - getcert: error out when "list -c" finds no matching CA (#743488)
 - getcert: error out when "list -i" finds no matching request (#743485)
* Wed Oct 12 2011 Nalin Dahyabhai <nalin at redhat.com> 0.49-1
- when using an NSS database, skip loading the module database (#743042)
- when using an NSS database, skip loading root certs
- generate SPKAC values when generating CSRs, though we don't do anything
  with SPKAC values yet
- internally maintain and use challenge passwords, if we have them
- behave better when certificates have shorter lifetimes
- add/recognize/handle notification type "none"
- getcert: error out when "list -c" finds no matching CA (#743488)
- getcert: error out when "list -i" finds no matching request (#743485)
* Thu Sep 29 2011 Nalin Dahyabhai <nalin at redhat.com> 0.48-1
- don't incorrectly assume that CERT_ImportCerts() returns a NULL-terminated
  array (#742348)
* Tue Sep 27 2011 Nalin Dahyabhai <nalin at redhat.com> 0.47-1
- getcert: distinguish between {stat() succeeds but isn't a directory} and
  {stat() failed} when printing an error message (#739903)
- getcert resubmit/start-tracking: when we're looking for an existing request
  by ID, and we don't find one, note that specifically (#741262)
* Mon Aug 29 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.46-1.1
- Rebuild against fixed libtevent version
* Mon Aug 15 2011 Nalin Dahyabhai <nalin at redhat.com> 0.46-1
- treat the ability to access keys in an NSS database without using a PIN,
  when we've been told we need one, as an error (#692766, really this time)
* Thu Aug 11 2011 Nalin Dahyabhai <nalin at redhat.com> 0.45-1
- modify the systemd .service file to be a proper 'dbus' service (more
  of #718172)
* Thu Aug 11 2011 Nalin Dahyabhai <nalin at redhat.com> 0.44-1
- check specifically for cases where a specified token that we need to
  use just isn't present for whatever reason (#697058)
* Wed Aug 10 2011 Nalin Dahyabhai <nalin at redhat.com> 0.43-1
- add a -K option to ipa-submit, to use the current ccache, which makes
  it easier to test
* Fri Aug  5 2011 Nalin Dahyabhai <nalin at redhat.com>
- if xmlrpc-c's struct xmlrpc_curl_xportparms has a gss_delegate field, set
  it to TRUE when we're doing Negotiate auth (#727864, #727863, #727866)
* Wed Jul 13 2011 Nalin Dahyabhai <nalin at redhat.com>
- treat the ability to access keys in an NSS database without using a PIN,
  when we've been told we need one, as an error (#692766)
- when handling "getcert resubmit" requests, if we don't have a key yet,
  make sure we go all the way back to generating one (#694184)
- getcert: try to clean up tests for NSS and PEM file locations (#699059)
- don't try to set reconnect-on-exit policy unless we managed to connect
  to the bus (#712500)
- handle cases where we specify a token but the storage token isn't
  known (#699552)
- getcert: recognize -i and storage options to narrow down which requests
  the user wants to know about (#698772)
- output hints when the daemon has startup problems, too (#712075)
- add flags to specify whether we're bus-activated or not, so that we can
  exit if we have nothing to do after handling a request received over
  the bus if some specified amount of time has passed
- explicitly disallow non-root access in the D-Bus configuration (#712072)
- migrate to systemd on releases newer than Fedora 15 or RHEL 6 (#718172)
- fix a couple of incorrect calls to talloc_asprintf() (#721392)
* Wed Apr 13 2011 Nalin Dahyabhai <nalin at redhat.com> 0.42-1
- getcert: fix a buffer overrun preparing a request for the daemon when
  there are more parameters to encode than space in the array (#696185)
- updated translations: de, es, id, pl, ru, uk
* Mon Apr 11 2011 Nalin Dahyabhai <nalin at redhat.com> 0.41-1
- read information about the keys we've just generated before proceeding
  to generating a CSR (part of #694184, part of #695675)
- when processing a "resubmit" request from getcert, go back to key
  generation if we don't have keys yet, else go back to CSR generation as
  before (#694184, #695675)
- configure with --with-tmpdir=/var/run/certmonger and own /var/run/certmonger
  (#687899), and add a systemd tmpfiles.d control file for creating
  /var/run/certmonger on Fedora 15 and later
- let session instances exit when they get disconnected from the bus
- use a lock file to make sure there's only one session instance messing
  around with the user's files at a time
- fix errors saving certificates to NSS databases when there's already a
  certificate there with the same nickname (#695672)
- make key and certificate location output from 'getcert list' more properly
  translatable (#7)
* Mon Mar 28 2011 Nalin Dahyabhai <nalin at redhat.com> 0.40-1
- update to 0.40
  - fix validation check on EKU OIDs in getcert (#691351)
  - get session bus mode sorted
  - add a list of recognized EKU values to the getcert-request man page
* Fri Mar 25 2011 Nalin Dahyabhai <nalin at redhat.com> 0.39-1
- update to 0.39
  - fix use of an uninitialized variable in the xmlrpc-based submission
    helpers (#690886)
* Thu Mar 24 2011 Nalin Dahyabhai <nalin at redhat.com> 0.38-1
- update to 0.38
  - catch cases where we can't read a PIN file, but we never have to log
    in to the token to access the private key (more of #688229)
* Tue Mar 22 2011 Nalin Dahyabhai <nalin at redhat.com> 0.37-1
- update to 0.37
  - be more careful about checking if we can read a PIN file successfully
    before we even call an API that might need us to try (#688229)
  - fix strict aliasing warnings
* Tue Mar 22 2011 Nalin Dahyabhai <nalin at redhat.com> 0.36-1
- update to 0.36
  - fix some use-after-free bugs in the daemon (#689776)
  - fix a copy/paste error in certmonger-ipa-submit(8)
  - getcert now suppresses error details when not given its new -v option
    (#683926, more of #681641/#652047)
  - updated translations
    - de, es, pl, ru, uk
    - indonesian translation is now for "id" rather than "in"
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #796542 - Incorrect error message is displayed when no argument is provided for optional switches.
        https://bugzilla.redhat.com/show_bug.cgi?id=796542
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update certmonger' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list