- fix validation check on EKU OIDs in getcert (#691351)
- get session bus mode sorted
- add a list of recognized EKU values to the getcert-request man page
- be more careful about checking if we can read a PIN file successfully
before we even call an API that might need us to try (#688229)
- fix strict aliasing warnings
- fix some use-after-free bugs in the daemon (#689776)
- fix a copy/paste error in certmonger-ipa-submit(8)
- getcert now suppresses error details when not given its new -v option
(#683926, more of #681641/#652047)
- updated translations
- de, es, pl, ru, uk
- indonesian translation is now for "id" rather than "in"
- when canceling a submission request that's being handled by a helper,
reap the child process's status after killing it (#624120)
- update to 0.25
- new translations
- in by Okta Purnama Rahadian!
- fix detection of cases where we can't access a private key in an NSS
database because we don't have the PIN
- teach '*getcert start-tracking' about the -p and -P options which the
'*getcert request' commands already understand (#621670), and also
the -U, -K, -E, and -D flags
- double-check that the nicknames of keys we get back from
PK11_ListPrivKeysInSlot() match the desired nickname before accepting
them as matches, so that our tests won't all blow up on EL5
- fix dynamic addition and removal of CAs implemented through helpers
- init script: ensure that the subsys lock is created whenever we're called to
"start" when we're already running (even more of #596719)
- more gracefully handle manual daemon startups and cleaning up of unexpected
crashes (still more of #596719)
- don't create the daemon pidfile until after we've connected to the D-Bus
(still more of #596719)