Update to 0.75.8
- add a 'refresh' option to the getcert command - add a '-a' flag to the getcert command's 'refresh-ca' option - adjust package Requires: on systemd-sysv on F19 and EL6 and older, conditionalized it so that it's ignored on newer releases, and make whether or not we call systemd-sysv-convert in triggers depend on that, too (#1104138) - fix an inconsistency in how we parse cookie values returned by CA helpers, in that single-line values would lose the end-of-line after a daemon restart, but not before - handle timeout values and exit status values when calling CA helpers in non-SUBMIT, non-POLL modes (#1118468) - rework how we save CA certificates so that we save CA certificates associated with end-entity certificates when we save that end-entity certificate, which requires running all of the involved pre- and post-save commands
This commit is contained in:
Nalin Dahyabhai
parent
acbe23a0ad
commit
1bab3989b3
2
.gitignore
vendored
2
.gitignore
vendored
@ -76,3 +76,5 @@ certmonger-0.28.tar.gz
|
|||||||
/certmonger-0.75.5.tar.gz.sig
|
/certmonger-0.75.5.tar.gz.sig
|
||||||
/certmonger-0.75.6.tar.gz
|
/certmonger-0.75.6.tar.gz
|
||||||
/certmonger-0.75.6.tar.gz.sig
|
/certmonger-0.75.6.tar.gz.sig
|
||||||
|
/certmonger-0.75.8.tar.gz
|
||||||
|
/certmonger-0.75.8.tar.gz.sig
|
||||||
|
|||||||
@ -6,6 +6,12 @@
|
|||||||
%global sysvinit 1
|
%global sysvinit 1
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?fedora} > 15 && 0%{?fedora} < 20
|
||||||
|
%global systemdsysv 1
|
||||||
|
%else
|
||||||
|
%global systemdsysv 0
|
||||||
|
%endif
|
||||||
|
|
||||||
%if 0%{?fedora} > 14 || 0%{?rhel} > 6
|
%if 0%{?fedora} > 14 || 0%{?rhel} > 6
|
||||||
%global tmpfiles 1
|
%global tmpfiles 1
|
||||||
%else
|
%else
|
||||||
@ -19,7 +25,7 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: certmonger
|
Name: certmonger
|
||||||
Version: 0.75.6
|
Version: 0.75.8
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Certificate status monitor and PKI enrollment client
|
Summary: Certificate status monitor and PKI enrollment client
|
||||||
|
|
||||||
@ -71,7 +77,17 @@ BuildRequires: systemd-units
|
|||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
Requires(preun): systemd-units, dbus, sed
|
Requires(preun): systemd-units, dbus, sed
|
||||||
Requires(postun): systemd-units
|
Requires(postun): systemd-units
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{systemdsysv}
|
||||||
Requires(post): systemd-sysv
|
Requires(post): systemd-sysv
|
||||||
|
%global systemdsysvsave \
|
||||||
|
# Save the current service runlevel info, in case the user wants \
|
||||||
|
# to apply the enabled status manually later, by running \
|
||||||
|
# "systemd-sysv-convert --apply certmonger". \
|
||||||
|
%{_bindir}/systemd-sysv-convert --save certmonger >/dev/null 2>&1 ||:
|
||||||
|
%else
|
||||||
|
%global systemdsysvsave %{nil}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{sysvinit}
|
%if %{sysvinit}
|
||||||
@ -186,10 +202,7 @@ exit 0
|
|||||||
|
|
||||||
%if %{systemd}
|
%if %{systemd}
|
||||||
%triggerun -- certmonger < 0.43
|
%triggerun -- certmonger < 0.43
|
||||||
# Save the current service runlevel info, in case the user wants to apply
|
%{systemdsysvsave}
|
||||||
# the enabled status manually later, by running
|
|
||||||
# "systemd-sysv-convert --apply certmonger".
|
|
||||||
%{_bindir}/systemd-sysv-convert --save certmonger >/dev/null 2>&1 ||:
|
|
||||||
# Do this because the old package's %%postun doesn't know we need to do it.
|
# Do this because the old package's %%postun doesn't know we need to do it.
|
||||||
/sbin/chkconfig --del certmonger >/dev/null 2>&1 || :
|
/sbin/chkconfig --del certmonger >/dev/null 2>&1 || :
|
||||||
# Do this because the old package's %%postun wouldn't have tried.
|
# Do this because the old package's %%postun wouldn't have tried.
|
||||||
@ -221,6 +234,27 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 21 2014 Nalin Dahyabhai <nalin@redhat.com> 0.75.8-1
|
||||||
|
- add a 'refresh' option to the getcert command
|
||||||
|
- add a '-a' flag to the getcert command's 'refresh-ca' option
|
||||||
|
|
||||||
|
* Thu Jul 17 2014 Nalin Dahyabhai <nalin@redhat.com> 0.75.7-2
|
||||||
|
- reintroduce package Requires: on systemd-sysv on F19 and EL6 and older,
|
||||||
|
conditionalized it so that it's ignored on newer releases, and make
|
||||||
|
whether or not we call systemd-sysv-convert in triggers depend on that,
|
||||||
|
too (#1104138)
|
||||||
|
|
||||||
|
* Thu Jul 17 2014 Nalin Dahyabhai <nalin@redhat.com> 0.75.7-1
|
||||||
|
- fix an inconsistency in how we parse cookie values returned by CA helpers,
|
||||||
|
in that single-line values would lose the end-of-line after a daemon
|
||||||
|
restart, but not before
|
||||||
|
- handle timeout values and exit status values when calling CA helpers
|
||||||
|
in non-SUBMIT, non-POLL modes (#1118468)
|
||||||
|
- rework how we save CA certificates so that we save CA certificates associated
|
||||||
|
with end-entity certificates when we save that end-entity certificate, which
|
||||||
|
requires running all of the involved pre- and post-save commands
|
||||||
|
- drop package Requires: on systemd-sysv (#1104138)
|
||||||
|
|
||||||
* Thu Jun 26 2014 Nalin Dahyabhai <nalin@redhat.com> 0.75.6-1
|
* Thu Jun 26 2014 Nalin Dahyabhai <nalin@redhat.com> 0.75.6-1
|
||||||
- avoid potential use-after-free and read overrun after a CA is added
|
- avoid potential use-after-free and read overrun after a CA is added
|
||||||
dynamically (thanks to Jan Cholasta)
|
dynamically (thanks to Jan Cholasta)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user