From 42ca560e410c566faa5a11b17024335a551f93c4 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 24 Feb 2014 10:18:07 -0500 Subject: [PATCH] Update to 0.73 - encode the friendlyName attribute in signing requests as a BMPString, not as a PrintableString - catch more filesystem permissions problems earlier (more of #996581) - move the tmpfiles.d file from /etc/tmpfiles.d to %%{_tmpfilesdir}, where it belongs - support generating requests and self-signing using DSA and EC keys --- .gitignore | 2 ++ certmonger.spec | 47 +++++++++++++++++++++++++++++++++++++++++++++-- sources | 4 ++-- 3 files changed, 49 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index aa7278c..9250d62 100644 --- a/.gitignore +++ b/.gitignore @@ -60,3 +60,5 @@ certmonger-0.28.tar.gz /certmonger-0.70.tar.gz.sig /certmonger-0.71.2.tar.gz /certmonger-0.71.2.tar.gz.sig +/certmonger-0.73.tar.gz +/certmonger-0.73.tar.gz.sig diff --git a/certmonger.spec b/certmonger.spec index d7db186..4599eea 100644 --- a/certmonger.spec +++ b/certmonger.spec @@ -19,7 +19,7 @@ %endif Name: certmonger -Version: 0.71.2 +Version: 0.73 Release: 1%{?dist} Summary: Certificate status monitor and PKI enrollment client @@ -195,13 +195,56 @@ exit 0 %{sysvinitdir}/certmonger %endif %if %{tmpfiles} -%attr(0644,root,root) %config(noreplace) /etc/tmpfiles.d/certmonger.conf +%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/certmonger.conf %endif %if %{systemd} %{_unitdir}/* %endif %changelog +* Thu Feb 20 2014 Nalin Dahyabhai 0.73-1 +- updates to 0.73 + - getcert no longer claims to be stuck when a CA is unreachable, + because the daemon isn't actually stuck + +* Mon Feb 17 2014 Nalin Dahyabhai +- updates to 0.73 + - also pass the key type to enrollment helpers in the environment as + a the value of "CERTMONGER_KEY_TYPE" + +* Mon Feb 10 2014 Nalin Dahyabhai +- move the tmpfiles.d file from /etc/tmpfiles.d to %%{_tmpfilesdir}, + where it belongs + +* Mon Feb 10 2014 Nalin Dahyabhai +- updates for 0.73 + - set the flag to encode EC public key parameters using named curves + instead of the default of all-the-details when using OpenSSL + - don't break when NSS supports secp521r1 but OpenSSL doesn't + - also pass the CA nickname to enrollment helpers in the environment as + a text value in "CERTMONGER_CA_NICKNAME", so they can use that value + when reading configuration settings + - also pass the SPKAC value to enrollment helpers in the environment as + a base64 value in "CERTMONGER_SPKAC" + - also pass the request's SubjectPublicKeyInfo value to enrollment helpers + in the environment as a base64 value in "CERTMONGER_SPKI" + - when generating signing requests using NSS, be more accommodating of + requested subject names that don't parse properly + +* Mon Feb 3 2014 Nalin Dahyabhai 0.72-1 +- update to 0.72 + - support generating DSA parameters and keys on sufficiently-new OpenSSL + and NSS + - support generating EC keys when OpenSSL and NSS support it, using key + size to select the curve to use from among secp256r1, secp384r1, + secp521r1 (which are the ones that are usually available, though + secp521r1 isn't always, even if the other two are) + - stop trying to cache public key parameters at all and instead cache public + key info properly + - encode the friendlyName attribute in signing requests as a BMPString, + not as a PrintableString + - catch more filesystem permissions problems earlier (more of #996581) + * Mon Jan 27 2014 Nalin Dahyabhai 0.71-1 - check for cases where we fail to allocate memory while reading a request or CA entry from disk (John Haxby) diff --git a/sources b/sources index d9ef01e..bfa1f64 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -9e32d18ab4c9dc0abd15c25196c1afbf certmonger-0.71.2.tar.gz -342b66ebe353cc47e2cb589a87c7e1ce certmonger-0.71.2.tar.gz.sig +c5b06fba4e03cc8211c4e472108aba17 certmonger-0.73.tar.gz +97a666e2f176904b724ec3e76f8d888b certmonger-0.73.tar.gz.sig