From 8e1117aa6e93c09bc11438724efa84527577fe7a Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 11 Mar 2013 18:08:35 -0400 Subject: [PATCH] update to 0.67 0.67: - when saving certificates to NSS databases, try to preserve the trust value assigned to a previously-present certificate with the same nickname and subject, if one is found - when saving certificates to NSS databases, also prune certificates from the database which have both the same nickname and subject as the one we're adding, to avoid tripping up tools that only fetch one certificate by nickname 0.66: - build as position-independent executables with early binding (#883966) - also don't tag the unit file as a configuration file (internal tooling) - don't tag the D-Bus session .service file as a configuration file (internal tooling) --- .gitignore | 2 ++ certmonger.spec | 41 +++++++++++++++++++++++++++++------------ sources | 4 ++-- 3 files changed, 33 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 935a6ef..9635208 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,5 @@ certmonger-0.28.tar.gz /certmonger-0.63.tar.gz.sig /certmonger-0.65.tar.gz /certmonger-0.65.tar.gz.sig +/certmonger-0.67.tar.gz +/certmonger-0.67.tar.gz.sig diff --git a/certmonger.spec b/certmonger.spec index a935168..81038ee 100644 --- a/certmonger.spec +++ b/certmonger.spec @@ -19,8 +19,8 @@ %endif Name: certmonger -Version: 0.65 -Release: 2%{?dist} +Version: 0.67 +Release: 1%{?dist} Summary: Certificate status monitor and PKI enrollment client Group: System Environment/Daemons @@ -104,7 +104,7 @@ sed -i 's,^# chkconfig: - ,# chkconfig: 345 ,g' sysvinit/certmonger.in %if %{tmpfiles} --enable-tmpfiles \ %endif - --with-tmpdir=/var/run/certmonger + --with-tmpdir=/var/run/certmonger --enable-pie --enable-now # For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just # tell us about libxmlrpc_client, but we need more. Work around. make %{?_smp_mflags} XMLRPC_LIBS="-lxmlrpc_client -lxmlrpc_util -lxmlrpc" @@ -181,7 +181,7 @@ exit 0 %defattr(-,root,root,-) %doc README LICENSE STATUS doc/*.txt %config(noreplace) %{_sysconfdir}/dbus-1/system.d/* -%config(noreplace) %{_datadir}/dbus-1/services/* +%{_datadir}/dbus-1/services/* %dir %{_sysconfdir}/certmonger %config(noreplace) %{_sysconfdir}/certmonger/certmonger.conf %dir /var/run/certmonger @@ -197,13 +197,30 @@ exit 0 %attr(0644,root,root) %config(noreplace) /etc/tmpfiles.d/certmonger.conf %endif %if %{systemd} -%config(noreplace) %{_unitdir}/* +%{_unitdir}/* %endif %changelog +* Mon Mar 11 2013 Nalin Dahyabhai 0.67-1 +- when saving certificates to NSS databases, try to preserve the trust + value assigned to a previously-present certificate with the same nickname + and subject, if one is found +- when saving certificates to NSS databases, also prune certificates from + the database which have both the same nickname and subject as the one + we're adding, to avoid tripping up tools that only fetch one certificate + by nickname + * Wed Feb 13 2013 Fedora Release Engineering - 0.65-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild +* Wed Jan 23 2013 Nalin Dahyabhai 0.66-1 +- build as position-independent executables with early binding (#883966) +- also don't tag the unit file as a configuration file (internal tooling) + +* Wed Jan 23 2013 Nalin Dahyabhai 0.65-2 +- don't tag the D-Bus session .service file as a configuration file (internal + tooling) + * Tue Jan 8 2013 Nalin Dahyabhai 0.65-1 - fix a crash in the self-tests @@ -212,7 +229,7 @@ exit 0 which expects to have the newly-added lock already acquired, acquire it before moving on with the certificate's work (still aimed at fixing #883484) -* Tue Dec 19 2012 Nalin Dahyabhai 0.63-1 +* Tue Dec 18 2012 Nalin Dahyabhai 0.63-1 - serialize access to NSS databases and the running of pre- and post-save commands which might also access them (possibly fixing part of #883484) @@ -269,11 +286,11 @@ exit 0 doesn't become stop1/save1/stop2/start1/save2/start2 when we're stopping a service while we muck with more than one of its certificates -* Fri Jun 12 2012 Nalin Dahyabhai +* Fri Jun 15 2012 Nalin Dahyabhai - add a command option (-T) to getcert for specifying which enrollment profile to tell a CA that we're using, in case it cares (#10) -* Thu Jun 12 2012 Nalin Dahyabhai 0.57-1 +* Thu Jun 14 2012 Nalin Dahyabhai 0.57-1 - clarify that the command passed to getcert -C is a "post"-save command - add a "pre"-save command option to getcert, specified with the -B flag (#9) - after we notify of an impending not-valid-after approaching, don't do it @@ -290,14 +307,14 @@ exit 0 argument when we're missing a required argument, not that the option is invalid (broken since 0.51, #796542) -* Wed Feb 16 2012 Nalin Dahyabhai 0.55-1 +* Wed Feb 15 2012 Nalin Dahyabhai 0.55-1 - allow root to use our implementation of org.freedesktop.DBus.Properties - take more care to not emit useless PropertiesChanged signals -* Wed Feb 16 2012 Nalin Dahyabhai 0.54-1 +* Wed Feb 15 2012 Nalin Dahyabhai 0.54-1 - fix setting the group ID when spawning the post-save command -* Tue Feb 15 2012 Nalin Dahyabhai 0.53-1 +* Tue Feb 14 2012 Nalin Dahyabhai 0.53-1 - large changes to the D-Bus glue, exposing a lot of data which we were providing via D-Bus getter methods as properties, and providing more accurate introspection data @@ -646,7 +663,7 @@ exit 0 - fix handling of the pid file when we write one (by actually giving it contents) -* Wed Nov 24 2009 Nalin Dahyabhai 0.14-1 +* Wed Nov 25 2009 Nalin Dahyabhai 0.14-1 - update to 0.14 - check key and certificate location at add-time to make sure they're absolute paths to files or directories, as appropriate diff --git a/sources b/sources index 4e90792..8e1f263 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -c96bc020dbdb8ef35ba1c1e64d7d5dc3 certmonger-0.65.tar.gz -790b2873217a670c3e7c1541dfe98e37 certmonger-0.65.tar.gz.sig +173c3e1d0ab81a0045abbb147e3e2251 certmonger-0.67.tar.gz +ecc205036d8fb3562fd1d6c89286730e certmonger-0.67.tar.gz.sig