Fedora 20 Update: certmonger-0.71.2-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Thu Jun 19 22:50:26 UTC 2014

Fedora Update Notification
2014-01-29 01:58:41

Name        : certmonger
Product     : Fedora 20
Version     : 0.71.2
Release     : 1.fc20
URL         : http://certmonger.fedorahosted.org
Summary     : Certificate status monitor and PKI enrollment client
Description :
Certmonger is a service which is primarily concerned with getting your
system enrolled with a certificate authority (CA) and keeping it enrolled.

Update Information:

This update avoids an assertion failure which can occur when the certmonger service attempts to reconnect to the message bus after losing a connection to the message bus.  It also corrects a logic error which could cause it to dereference a NULL pointer while attempting to load its data files from disk.
This update fixes crashes in the daemon when there are errors reading some of its data files or errors saving newly-obtained certificates to disk.

* Mon Jan 27 2014 Nalin Dahyabhai <nalin at redhat.com> 0.71-1
- check for cases where we fail to allocate memory while reading a request
  or CA entry from disk (John Haxby)
- only handle one watch at a time, which should avoid abort() during
  attempts to reconnect to the message bus after losing our connection
  to it (#1055521)
* Fri Jan 24 2014 Daniel Mach <dmach at redhat.com> - 0.70-2
- Mass rebuild 2014-01-24
* Thu Jan  2 2014 Nalin Dahyabhai <nalin at redhat.com> 0.70-1
- add a --with-homedir option to configure, and use it, since subprocesses
  which we run and which use NSS may attempt to write to $HOME/.pki, and
  0.69's strategy of setting that to "/" was rightly hitting SELinux policy
  denials (#1047798)
* Fri Dec 27 2013 Daniel Mach <dmach at redhat.com> - 0.69-2
- Mass rebuild 2013-12-27
* Mon Dec  9 2013 Nalin Dahyabhai <nalin at redhat.com> 0.69-1
- tweak how we decide whether we're on the master or a minion when we're
  told to use certmaster as a CA
- clean up one of the tests so that it doesn't have to work around internal
  logging producing duplicate messages
- when logging errors while setting up to contact xmlrpc servers, explicitly
  note that the error is client-side
- don't abort() due to incorrect locking when an attempt to save an issued
  certificate to the designated location fails (part of #1032760/#1033333,
  ticket #22)
- when reading an issued certificate from an enrollment helper, ignore
  noise before or after the certificate itself (more of #1032760/1033333,
  ticket #22)
- run subprocesses in a cleaned-up environment (more of #1032760/1033333,
  ticket #22)
- clear the ca-error that we saved when we had an error talking to the CA if we
  subsequently succeed in talking to the CA
- various other static-analysis fixes

  [ 1 ] Bug #1055521 - [abrt] certmonger: _dbus_abort(): certmonger killed by SIGABRT
  [ 2 ] Bug #995022 - certmonger coredumps when certificates cannot be created due to permissions
  [ 3 ] Bug #1043017 - [abrt] certmonger-0.67-1.fc19: strcmp: Process /usr/sbin/certmonger was killed by signal 11 (SIGSEGV)

This update can be installed with the "yum" update program.  Use
su -c 'yum update certmonger' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list