Fedora 16 Update: certmonger-0.56-1.fc16
updates at fedoraproject.org
updates at fedoraproject.org
Wed Mar 21 02:37:03 UTC 2012
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-3301
2012-03-08 03:34:30
--------------------------------------------------------------------------------
Name : certmonger
Product : Fedora 16
Version : 0.56
Release : 1.fc16
URL : http://certmonger.fedorahosted.org
Summary : Certificate status monitor and PKI enrollment client
Description :
Certmonger is a service which is primarily concerned with getting your
system enrolled with a certificate authority (CA) and keeping it enrolled.
--------------------------------------------------------------------------------
Update Information:
This update adds enhancements which are mainly visible to other applications which might access certmonger's services via the system bus. It corrects the error which the "getcert" command prints when it is invoked with a valid option which is not given a required argument. It also now emits a D-Bus signal and can run a specified command, subject to SELinux policy, when a new copy of the certificate is saved to its expected location.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 3 2012 Nalin Dahyabhai <nalin at redhat.com> 0.56-1
- when a caller sets the is-default flag on a CA, and another CA is no longer
the default, emit the PropertiesChanged signal on the CA which is not the
default, instead on the new default a second time
- drop some dead code from the D-Bus message handlers (static analysis,
- cache public keys when we read private keys
- go back to printing an error indicating that we're missing a required
argument when we're missing a required argument, not that the option is
invalid (broken since 0.51, #796542)
* Thu Feb 16 2012 Nalin Dahyabhai <nalin at redhat.com> 0.55-1
- allow root to use our implementation of org.freedesktop.DBus.Properties
- take more care to not emit useless PropertiesChanged signals
* Thu Feb 16 2012 Nalin Dahyabhai <nalin at redhat.com> 0.54-1
- fix setting the group ID when spawning the post-save command
* Wed Feb 15 2012 Nalin Dahyabhai <nalin at redhat.com> 0.53-1
- large changes to the D-Bus glue, exposing a lot of data which we were
providing via D-Bus getter methods as properties, and providing more
accurate introspection data
- emit a signal when the daemon saves a certificate to the destination
location, and provide an option to have the daemon spawn an arbitrary
command at that point, too (#766167)
- enable starting the service by default on RHEL (#765600)
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.52-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Dec 16 2011 Nalin Dahyabhai <nalin at redhat.com> 0.52-1
- note that SELinux usually confines us to writing only to cert_t in
doc/getting-started.txt (#765599)
- fix crashes when we add a request during our first run when we're
populating the hard-coded CA list
- properly deal with cases where a path is passed to us is "./XXX"
- in session mode, create our data directories as we go
* Tue Dec 6 2011 Nalin Dahyabhai <nalin at redhat.com> 0.51-1
- api: lift restrictions on characters used in request and CA nicknames by
making their object names not incorporate their nicknames
- api: add find_request_by_nickname and find_ca_by_nickname
- certmonger-ipa-submit.8: list -k, -K, -t in the summary, document -K
- getcert: print "invalid option" error messages ourselves (#756291)
- ipa-submit: supply a Referer: header when submitting requests to IPA
(#750617, needed for #747710)
* Fri Oct 14 2011 Nalin Dahyabhai <nalin at redhat.com> 0.50-1
- really fix these this time:
- getcert: error out when "list -c" finds no matching CA (#743488)
- getcert: error out when "list -i" finds no matching request (#743485)
* Wed Oct 12 2011 Nalin Dahyabhai <nalin at redhat.com> 0.49-1
- when using an NSS database, skip loading the module database (#743042)
- when using an NSS database, skip loading root certs
- generate SPKAC values when generating CSRs, though we don't do anything
with SPKAC values yet
- internally maintain and use challenge passwords, if we have them
- behave better when certificates have shorter lifetimes
- add/recognize/handle notification type "none"
- getcert: error out when "list -c" finds no matching CA (#743488)
- getcert: error out when "list -i" finds no matching request (#743485)
* Thu Sep 29 2011 Nalin Dahyabhai <nalin at redhat.com> 0.48-1
- don't incorrectly assume that CERT_ImportCerts() returns a NULL-terminated
array (#742348)
* Tue Sep 27 2011 Nalin Dahyabhai <nalin at redhat.com> 0.47-1
- getcert: distinguish between {stat() succeeds but isn't a directory} and
{stat() failed} when printing an error message (#739903)
- getcert resubmit/start-tracking: when we're looking for an existing request
by ID, and we don't find one, note that specifically (#741262)
* Mon Aug 29 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.46-1.1
- Rebuild against fixed libtevent version
* Mon Aug 15 2011 Nalin Dahyabhai <nalin at redhat.com> 0.46-1
- treat the ability to access keys in an NSS database without using a PIN,
when we've been told we need one, as an error (#692766, really this time)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #796542 - Incorrect error message is displayed when no argument is provided for optional switches.
https://bugzilla.redhat.com/show_bug.cgi?id=796542
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update certmonger' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list