update to 0.67

0.67:
- when saving certificates to NSS databases, try to preserve the trust
  value assigned to a previously-present certificate with the same nickname
  and subject, if one is found
- when saving certificates to NSS databases, also prune certificates from
  the database which have both the same nickname and subject as the one
  we're adding, to avoid tripping up tools that only fetch one certificate
  by nickname

0.66:
- build as position-independent executables with early binding (#883966)
- also don't tag the unit file as a configuration file (internal tooling)
- don't tag the D-Bus session .service file as a configuration file (internal
  tooling)

.gitignore

@@ -50,3 +50,5 @@ certmonger-0.28.tar.gz
 /certmonger-0.63.tar.gz.sig
 /certmonger-0.65.tar.gz
 /certmonger-0.65.tar.gz.sig
+/certmonger-0.67.tar.gz
+/certmonger-0.67.tar.gz.sig

certmonger.spec

@@ -19,8 +19,8 @@
 %endif
 
 Name:		certmonger
-Version:	0.65
-Release:	2%{?dist}
+Version:	0.67
+Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
 Group:		System Environment/Daemons
@@ -104,7 +104,7 @@ sed -i 's,^# chkconfig: - ,# chkconfig: 345 ,g' sysvinit/certmonger.in
 %if %{tmpfiles}
 	--enable-tmpfiles \
 %endif
-	--with-tmpdir=/var/run/certmonger
+	--with-tmpdir=/var/run/certmonger --enable-pie --enable-now
 # For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just
 # tell us about libxmlrpc_client, but we need more.  Work around.
 make %{?_smp_mflags} XMLRPC_LIBS="-lxmlrpc_client -lxmlrpc_util -lxmlrpc"
@@ -181,7 +181,7 @@ exit 0
 %defattr(-,root,root,-)
 %doc README LICENSE STATUS doc/*.txt
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/*
-%config(noreplace) %{_datadir}/dbus-1/services/*
+%{_datadir}/dbus-1/services/*
 %dir %{_sysconfdir}/certmonger
 %config(noreplace) %{_sysconfdir}/certmonger/certmonger.conf
 %dir /var/run/certmonger
@@ -197,13 +197,30 @@ exit 0
 %attr(0644,root,root) %config(noreplace) /etc/tmpfiles.d/certmonger.conf
 %endif
 %if %{systemd}
-%config(noreplace) %{_unitdir}/*
+%{_unitdir}/*
 %endif
 
 %changelog
+* Mon Mar 11 2013 Nalin Dahyabhai <nalin@redhat.com> 0.67-1
+- when saving certificates to NSS databases, try to preserve the trust
+  value assigned to a previously-present certificate with the same nickname
+  and subject, if one is found
+- when saving certificates to NSS databases, also prune certificates from
+  the database which have both the same nickname and subject as the one
+  we're adding, to avoid tripping up tools that only fetch one certificate
+  by nickname
+
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.65-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
+* Wed Jan 23 2013 Nalin Dahyabhai <nalin@redhat.com> 0.66-1
+- build as position-independent executables with early binding (#883966)
+- also don't tag the unit file as a configuration file (internal tooling)
+
+* Wed Jan 23 2013 Nalin Dahyabhai <nalin@redhat.com> 0.65-2
+- don't tag the D-Bus session .service file as a configuration file (internal
+  tooling)
+
 * Tue Jan  8 2013 Nalin Dahyabhai <nalin@redhat.com> 0.65-1
 - fix a crash in the self-tests
 
@@ -212,7 +229,7 @@ exit 0
   which expects to have the newly-added lock already acquired, acquire it
   before moving on with the certificate's work (still aimed at fixing #883484)
 
-* Tue Dec 19 2012 Nalin Dahyabhai <nalin@redhat.com> 0.63-1
+* Tue Dec 18 2012 Nalin Dahyabhai <nalin@redhat.com> 0.63-1
 - serialize access to NSS databases and the running of pre- and post-save
   commands which might also access them (possibly fixing part of #883484)
 
@@ -269,11 +286,11 @@ exit 0
   doesn't become stop1/save1/stop2/start1/save2/start2 when we're stopping
   a service while we muck with more than one of its certificates
 
-* Fri Jun 12 2012 Nalin Dahyabhai <nalin@redhat.com>
+* Fri Jun 15 2012 Nalin Dahyabhai <nalin@redhat.com>
 - add a command option (-T) to getcert for specifying which enrollment
   profile to tell a CA that we're using, in case it cares (#10)
 
-* Thu Jun 12 2012 Nalin Dahyabhai <nalin@redhat.com> 0.57-1
+* Thu Jun 14 2012 Nalin Dahyabhai <nalin@redhat.com> 0.57-1
 - clarify that the command passed to getcert -C is a "post"-save command
 - add a "pre"-save command option to getcert, specified with the -B flag (#9)
 - after we notify of an impending not-valid-after approaching, don't do it
@@ -290,14 +307,14 @@ exit 0
   argument when we're missing a required argument, not that the option is
   invalid (broken since 0.51, #796542)
 
-* Wed Feb 16 2012 Nalin Dahyabhai <nalin@redhat.com> 0.55-1
+* Wed Feb 15 2012 Nalin Dahyabhai <nalin@redhat.com> 0.55-1
 - allow root to use our implementation of org.freedesktop.DBus.Properties
 - take more care to not emit useless PropertiesChanged signals
 
-* Wed Feb 16 2012 Nalin Dahyabhai <nalin@redhat.com> 0.54-1
+* Wed Feb 15 2012 Nalin Dahyabhai <nalin@redhat.com> 0.54-1
 - fix setting the group ID when spawning the post-save command
 
-* Tue Feb 15 2012 Nalin Dahyabhai <nalin@redhat.com> 0.53-1
+* Tue Feb 14 2012 Nalin Dahyabhai <nalin@redhat.com> 0.53-1
 - large changes to the D-Bus glue, exposing a lot of data which we were
   providing via D-Bus getter methods as properties, and providing more
   accurate introspection data
@@ -646,7 +663,7 @@ exit 0
   - fix handling of the pid file when we write one (by actually giving it
     contents)
 
-* Wed Nov 24 2009 Nalin Dahyabhai <nalin@redhat.com> 0.14-1
+* Wed Nov 25 2009 Nalin Dahyabhai <nalin@redhat.com> 0.14-1
 - update to 0.14
   - check key and certificate location at add-time to make sure they're
     absolute paths to files or directories, as appropriate

sources

@@ -1,2 +1,2 @@
-c96bc020dbdb8ef35ba1c1e64d7d5dc3  certmonger-0.65.tar.gz
-790b2873217a670c3e7c1541dfe98e37  certmonger-0.65.tar.gz.sig
+173c3e1d0ab81a0045abbb147e3e2251  certmonger-0.67.tar.gz
+ecc205036d8fb3562fd1d6c89286730e  certmonger-0.67.tar.gz.sig