Compare commits

...

No commits in common. "c8" and "c9" have entirely different histories.
c8 ... c9

5 changed files with 225 additions and 313 deletions

View File

@ -1,195 +0,0 @@
From 14d1b5f9a482a4740706dc1cb86c454662f48d4c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 7 Dec 2022 10:09:55 -0500
Subject: [PATCH] Revert "Remove the certmaster CA from the 028-dbus test"
This reverts commit dd8dcb899e0a159d1141b713993805565ffb6d28.
---
tests/028-dbus/expected.out | 130 ++++++++++++++++++++++++++++++++++--
1 file changed, 124 insertions(+), 6 deletions(-)
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
index 86cba02..544ebd7 100644
--- a/tests/028-dbus/expected.out
+++ b/tests/028-dbus/expected.out
@@ -35,6 +35,10 @@ CA 'IPA':
is-default: no
ca-type: EXTERNAL
helper-location: $libexecdir/ipa-submit
+CA 'certmaster':
+ is-default: no
+ ca-type: EXTERNAL
+ helper-location: $libexecdir/certmaster-submit
CA 'dogtag-ipa-renew-agent':
is-default: no
ca-type: EXTERNAL
@@ -42,8 +46,8 @@ CA 'dogtag-ipa-renew-agent':
[[ API ]]
[ simpleprop.py ]
-/org/fedorahosted/certmonger/cas/CA5
-/org/fedorahosted/certmonger/cas/CA5
+/org/fedorahosted/certmonger/cas/CA6
+/org/fedorahosted/certmonger/cas/CA6
: -> : -k admin@localhost -> :
0 -> 1 -> 0
[ walk.py ]
@@ -179,7 +183,7 @@ OK
OK
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_known_cas ]
-dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4')], signature=dbus.Signature('o'))
+dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA5')], signature=dbus.Signature('o'))
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_requests ]
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
@@ -507,6 +511,7 @@ After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.Stri
<node name="CA2"/>
<node name="CA3"/>
<node name="CA4"/>
+ <node name="CA5"/>
</node>
[ /org/fedorahosted/certmonger/cas/CA1: org.freedesktop.DBus.Introspectable.Introspect ]
@@ -940,10 +945,10 @@ dbus.Array([], signature=dbus.Signature('s'))
</node>
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ]
-$tmpdir/cas/20180327134236-3
+$tmpdir/cas/20180327134236-2
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ]
-dogtag-ipa-renew-agent
+certmaster
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ]
0
@@ -955,7 +960,7 @@ EXTERNAL
None
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_location ]
-$libexecdir/dogtag-ipa-renew-agent-submit
+$libexecdir/certmaster-submit
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_issuer_names ]
dbus.Array([], signature=dbus.Signature('s'))
@@ -963,3 +968,116 @@ dbus.Array([], signature=dbus.Signature('s'))
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ]
1
+[ /org/fedorahosted/certmonger/cas/CA5: org.freedesktop.DBus.Introspectable.Introspect ]
+<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
+"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
+
+<node name="/org/fedorahosted/certmonger/cas/CA5">
+ <interface name="org.freedesktop.DBus.Introspectable">
+ <method name="Introspect">
+ <arg name="xml_data" type="s" direction="out"/>
+ </method>
+ </interface>
+ <interface name="org.freedesktop.DBus.Properties">
+ <method name="Get">
+ <arg name="interface_name" type="s" direction="in"/>
+ <arg name="property_name" type="s" direction="in"/>
+ <arg name="value" type="v" direction="out"/>
+ </method>
+ <method name="Set">
+ <arg name="interface_name" type="s" direction="in"/>
+ <arg name="property_name" type="s" direction="in"/>
+ <arg name="value" type="v" direction="in"/>
+ </method>
+ <method name="GetAll">
+ <arg name="interface_name" type="s" direction="in"/>
+ <arg name="props" type="a{sv}" direction="out"/>
+ </method>
+ <signal name="PropertiesChanged">
+ <arg name="interface_name" type="s"/>
+ <arg name="changed_properties" type="a{sv}"/>
+ <arg name="invalidated_properties" type="as"/>
+ </signal>
+ </interface>
+ <interface name="org.fedorahosted.certmonger.ca">
+ <method name="get_config_file_path">
+ <arg name="path" type="s" direction="out"/>
+ </method>
+ <method name="get_nickname">
+ <arg name="nickname" type="s" direction="out"/>
+ </method>
+ <property name="nickname" type="s" access="read"/>
+ <property name="aka" type="s" access="read"/>
+ <method name="get_is_default">
+ <arg name="default" type="b" direction="out"/>
+ </method>
+ <property name="is-default" type="b" access="readwrite"/>
+ <method name="get_type">
+ <arg name="type" type="s" direction="out"/>
+ </method>
+ <method name="get_serial">
+ <arg name="serial_hex" type="s" direction="out"/>
+ </method>
+ <method name="get_location">
+ <arg name="path" type="s" direction="out"/>
+ </method>
+ <property name="external-helper" type="s" access="readwrite"/>
+ <method name="get_issuer_names">
+ <arg name="names" type="as" direction="out"/>
+ </method>
+ <method name="refresh">
+ <arg name="working" type="b" direction="out"/>
+ </method>
+ <property name="ca-error" type="s" access="read"/>
+ <property name="issuer-names" type="as" access="read"/>
+ <property name="root-certs" type="a(ss)" access="read"/>
+ <property name="root-other-certs" type="a(ss)" access="read"/>
+ <property name="other-certs" type="a(ss)" access="read"/>
+ <property name="required-enroll-attributes" type="as" access="read"/>
+ <property name="required-renew-attributes" type="as" access="read"/>
+ <property name="supported-profiles" type="as" access="read"/>
+ <property name="default-profile" type="s" access="read"/>
+ <property name="root-cert-files" type="as" access="readwrite"/>
+ <property name="root-other-cert-files" type="as" access="readwrite"/>
+ <property name="other-cert-files" type="as" access="readwrite"/>
+ <property name="root-cert-nssdbs" type="as" access="readwrite"/>
+ <property name="root-other-cert-nssdbs" type="as" access="readwrite"/>
+ <property name="other-cert-nssdbs" type="as" access="readwrite"/>
+ <property name="ca-presave-command" type="s" access="read"/>
+ <property name="ca-presave-uid" type="s" access="read"/>
+ <property name="ca-postsave-command" type="s" access="read"/>
+ <property name="ca-postsave-uid" type="s" access="read"/>
+ <property name="scep-cipher" type="s" access="readwrite"/>
+ <property name="scep-digest" type="s" access="readwrite"/>
+ <property name="scep-ca-identifier" type="s" access="readwrite"/>
+ <property name="scep-ca-capabilities" type="as" access="read"/>
+ <property name="scep-ra-cert" type="s" access="read"/>
+ <property name="scep-ca-cert" type="s" access="read"/>
+ <property name="scep-other-certs" type="s" access="read"/>
+ </interface>
+</node>
+
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_config_file_path ]
+$tmpdir/cas/20180327134236-3
+
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_nickname ]
+dogtag-ipa-renew-agent
+
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_is_default ]
+0
+
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_type ]
+EXTERNAL
+
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_serial ]
+None
+
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_location ]
+$libexecdir/dogtag-ipa-renew-agent-submit
+
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_issuer_names ]
+dbus.Array([], signature=dbus.Signature('s'))
+
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.refresh ]
+1
+
--
2.38.1

View File

@ -0,0 +1,54 @@
From 4ef80a8365e746d514110520c76d23433d1a378b Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 22 Jan 2024 09:44:30 -0500
Subject: [PATCH 1/2] getcert: return 2 when trying to create a duplicate entry
This affects the add-ca, request and start-tracking commands.
Returning a unique return code will make scripting easier.
Fixes: https://www.pagure.io/certmonger/issue/269
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/getcert.1.in | 9 +++++++++
src/getcert.c | 3 +++
2 files changed, 12 insertions(+)
diff --git a/src/getcert.1.in b/src/getcert.1.in
index 4adfc925..754a8836 100644
--- a/src/getcert.1.in
+++ b/src/getcert.1.in
@@ -43,6 +43,15 @@ All commands can take either the \fB\-s\fR or \fB\-S\fR arguments, which instruc
bus, if no value is set. By default, \fIgetcert\fR consults the @CM_DBUS_NAME@
service attached to the system bus.
+.SH "EXIT STATUS"
+The exit status is 0 on success, nonzero on error.
+
+0 Success
+
+1 Error
+
+2 Duplicate entry
+
.SH BUGS
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
diff --git a/src/getcert.c b/src/getcert.c
index 77fa5367..81b4bc8d 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -497,6 +497,9 @@ send_req(DBusMessage *req, int verbose)
printf(_("No response received from %s service.\n"),
CM_DBUS_NAME);
}
+ if (strcmp(err.name, "org.fedorahosted.certmonger.duplicate") == 0) {
+ exit(2);
+ }
exit(1);
}
dbus_message_unref(req);
--
2.42.0

View File

@ -1,24 +0,0 @@
From 6224c3aa01665edddbda1ec7d1e35b03823eefcb Mon Sep 17 00:00:00 2001
From: root <root@ci-vm-10-0-137-168.hosted.upshift.rdu2.redhat.com>
Date: Wed, 7 Dec 2022 14:50:01 -0500
Subject: [PATCH] Don't run the 002-keygen-* tests when root
The permissions tests will fail.
---
tests/002-keygen-dbm/prequal.sh | 5 +++++
1 file changed, 5 insertions(+)
create mode 100755 tests/002-keygen-dbm/prequal.sh
diff --git a/tests/002-keygen-dbm/prequal.sh b/tests/002-keygen-dbm/prequal.sh
new file mode 100755
index 0000000..b6c16e0
--- /dev/null
+++ b/tests/002-keygen-dbm/prequal.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+if test `id -u` -eq 0 ; then
+ echo "This test won't work right if run as root."
+ exit 1
+fi
--
2.31.1

View File

@ -0,0 +1,28 @@
From d9a773f709b42b6fe7d8816da656e5bee2afd641 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 30 Jan 2024 09:06:53 -0500
Subject: [PATCH 2/2] getcert: add NULL check to duplicate string compare
Fixes: https://www.pagure.io/certmonger/issue/269
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/getcert.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/getcert.c b/src/getcert.c
index 81b4bc8d..f5575bce 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -497,7 +497,7 @@ send_req(DBusMessage *req, int verbose)
printf(_("No response received from %s service.\n"),
CM_DBUS_NAME);
}
- if (strcmp(err.name, "org.fedorahosted.certmonger.duplicate") == 0) {
+ if ((err.name != NULL) && strcmp(err.name, "org.fedorahosted.certmonger.duplicate") == 0) {
exit(2);
}
exit(1);
--
2.42.0

View File

@ -1,47 +1,71 @@
%if 0%{?fedora} > 15 || 0%{?rhel} > 6
%global systemd 1
%global sysvinit 0
%else
%global systemd 0
%global sysvinit 1
%endif
%if 0%{?fedora} > 15 && 0%{?fedora} < 20
%global systemdsysv 1
%else
%global systemdsysv 0
%endif
%if 0%{?fedora} > 14 || 0%{?rhel} > 6
%global tmpfiles 1
%else
%global tmpfiles 0
%endif
%if 0%{?fedora} > 9 || 0%{?rhel} > 5
%global sysvinitdir %{_initddir}
%else
%global sysvinitdir %{_initrddir}
%endif
%bcond_without xmlrpc
%bcond_with xmlrpc
Name: certmonger
Version: 0.79.17
Release: 2%{?dist}
Summary: Certificate status monitor and PKI enrollment client
Group: System Environment/Daemons
License: GPLv3+
URL: http://pagure.io/certmonger/
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
Patch0001: 0001-Revert-Remove-the-certmaster-CA-from-the-028-dbus-te.patch
Patch0002: 0002-Don-t-run-the-002-keygen-tests-when-root.patch
Patch0001: 0001-getcert-return-2-when-trying-to-create-a-duplicate-e.patch
Patch0002: 0002-getcert-add-NULL-check-to-duplicate-string-compare.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gettext-devel
BuildRequires: gcc
BuildRequires: openldap-devel
BuildRequires: krb5-devel
BuildRequires: libidn2-devel
BuildRequires: python3-dbus
BuildRequires: dbus-devel
BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: openssl-devel
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
BuildRequires: libuuid-devel
%else
BuildRequires: e2fsprogs-devel
%endif
BuildRequires: libtalloc-devel, libtevent-devel
%if 0%{?rhel} >= 6 || 0%{?fedora} >= 9
BuildRequires: libcurl-devel
%else
BuildRequires: curl-devel
%endif
BuildRequires: libxml2-devel
%if %{with xmlrpc}
BuildRequires: xmlrpc-c-devel
BuildRequires: xmlrpc-c-devel
%endif
BuildRequires: jansson-devel
%if 0%{?rhel} && 0%{?rhel} < 6
BuildRequires: bind-libbind-devel
BuildRequires: mktemp
%endif
BuildRequires: jansson-devel
# Required for 'make check':
# for diff and cmp
BuildRequires: diffutils
@ -58,10 +82,10 @@ BuildRequires: /usr/bin/dos2unix
BuildRequires: /usr/bin/unix2dos
# for which
BuildRequires: /usr/bin/which
# for dbus tests
BuildRequires: python3-dbus
BuildRequires: popt-devel
# for make check
BuildRequires: python3-devel
BuildRequires: krb5-devel
BuildRequires: sed
# we need a running system bus
Requires: dbus
@ -69,6 +93,7 @@ Requires(post): %{_bindir}/dbus-send
%if %{systemd}
BuildRequires: systemd-units
BuildRequires: make
Requires(post): systemd-units
Requires(preun): systemd-units, dbus, sed
Requires(postun): systemd-units
@ -90,6 +115,10 @@ Requires(post): /sbin/chkconfig, /sbin/service
Requires(preun): /sbin/chkconfig, /sbin/service, dbus, sed
%endif
%if 0%{?fedora} >= 15
# Certain versions of libtevent have incorrect internal ABI versions.
Conflicts: libtevent < 0.9.13
%endif
%description
Certmonger is a service which is primarily concerned with getting your
@ -98,6 +127,12 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
%prep
%autosetup -p1
%if 0%{?rhel} > 0
# Enabled by default for RHEL for bug #765600, still disabled by default for
# Fedora pending a similar bug report there.
sed -i 's,^# chkconfig: - ,# chkconfig: 345 ,g' sysvinit/certmonger.in
%endif
%build
autoreconf -i -f
%configure \
@ -112,8 +147,9 @@ autoreconf -i -f
%endif
--with-homedir=/run/certmonger \
%if %{with xmlrpc}
--with-xmlrpc \
--with-xmlrpc \
%endif
--disable-dsa \
--with-tmpdir=/run/certmonger --enable-pie --enable-now
%if %{with xmlrpc}
# For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just
@ -131,10 +167,6 @@ install -m755 -d $RPM_BUILD_ROOT/run/certmonger
%{find_lang} %{name}
%check
# Seed then openssl RNG if not set
if [ ! -e $HOME/.rnd ] ; then
openssl rand -writerand $HOME/.rnd
fi
make check
%post
@ -144,7 +176,7 @@ fi
%if %{without xmlrpc}
# remove any existing certmaster CA configuration
if test $1 -gt 1 ; then
%{_bindir}/getcert remove-ca -c certmaster 2>&1 || :
%{_bindir}/getcert remove-ca -c certmaster 2>&1 || :
fi
%endif
%if %{systemd}
@ -212,7 +244,6 @@ exit 0
%endif
%files -f %{name}.lang
%defattr(-,root,root,-)
%doc README.md LICENSE STATUS doc/*.txt
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/*
%{_datadir}/dbus-1/services/*
@ -236,106 +267,124 @@ exit 0
%endif
%changelog
* Wed Dec 7 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.17-2
- Skip the keygen tests when executed as root.
* Thu Feb 01 2024 Rob Crittenden <rcritten@redhat.com> - 0.79.17-2
- getcert should return unique error on duplicates (RHEL-22302)
* Tue Dec 6 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.17-1
- Update to upstream 0.79.17 (#2139523)
- Certificate format validation when adding the SCEP server's CA (#2150025)
- Certmonger SCEP renewal should not use old challenges (#2150030)
- certmonger SEGV during rekey in FIPS mode (#2150070)
- Update to upstream 0.79.17
* Mon Oct 18 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-5
* Thu Apr 07 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.14-7
- Disable DSA (#2066439)
* Thu Mar 17 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.14-6
- Certificate format validation when adding the SCEP server's CA
(#1492112)
- Replace some SHA1 usages with SHA256 in the unit tests
* Thu Oct 07 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-5
- Certmonger SCEP renewal should not use old challenges (#1990926)
- Certmonger certificates stuck in NEED_GUIDANCE (#2001082)
- certmonger creates CSRs with invalid DER syntax for X509v3 extensions
with critical=FALSE (#2012258)
with critical=FALSE (#2012261)
* Wed Oct 06 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-4
- Certmonger SCEP renewal should not use old challenges (#1577570)
- Certmonger segfault after cert renewal request (#1881500)
- Include certificate NotBefore date in output of the 'getcert list' command
(#1940261)
- Certmonger certificates stuck in NEED_GUIDANCE (#2001079)
* Tue Sep 28 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-4
- Fix FTBFS due to change in OpenSSL 3.0.0-beta2 API (#2008451)
* Wed Apr 28 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-3
- Fix local CA to work under FIPS (#1950132)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.79.14-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Nov 10 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.13-2
- Rebuild with xmlrpc-c support enabled (#1687698)
* Wed Jul 28 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-2
- Re-enable LTO (#1986099)
* Wed Oct 28 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.13-1
- Rebase to 0.79.13 (#1891743)
* Thu Jun 17 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-1
- Update to upstream 0.79.14 (#1969537)
* Thu Jul 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-15
- Replace the previous fix for dbus restarting with PartOf in the
certmonger systemd service file to link the two (#1687698)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.79.13-6
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Tue Jun 2 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-14
- Include &message=CA-IDENT with GetCACaps/GetCACert requests (#1843009)
* Wed May 19 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-5
- Port to OpenSSL 3.0 (#1952930)
* Mon May 18 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-13
- Exit gracefully if dbus is restarted (#1687698)
* Wed Apr 28 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-4
- Fix local CA to work under FIPS (#1954618)
* Thu May 14 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-12
- Add long command-line options to man pages and help output (#1782838)
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.79.13-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon May 4 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-11
- Fix test failure in 039-fromfile
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon May 4 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-10
- Ensure that files read in have a trailing new-line (#1829490)
* Tue Oct 20 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.13-1
- Update to upstream 0.79.13
* Thu Apr 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-9
- Call the secport equivalent of PR_ErrorToString
- Remove a couple of unused varaibles found by coverity
* Mon Oct 5 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.12-1
- Update to upstream 0.79.12
* Mon Apr 13 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-8
- Move systemd tmpfiles from /var/run to /run (#1804928)
- Improve logging in the SCEP helper (#1807691)
- Fix sort order of certificates passed into PKCS7_verify (#1808052)
- Add -N option to SCEP helper to separate web server chain from
SCEP issuer chain (#1808613)
- Add template profile, MS v2 template and issuer to getcert list
output (#1734451)
* Fri Sep 18 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.11-4
- Don't send SIGKILL to child processes to terminate them
- Switch to JSON for communication with IPA
* Tue Dec 17 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-7
- Update gating requirements
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Dec 16 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-6
- Rebuild
* Tue Jun 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.11-2
- Fix for an unnecessary free() which can cause core dump.
* Mon Dec 2 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-5
- Fix use-after-free issue when retrieving CA chain (#1710632)
* Tue Jun 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.11-1
- Update to upstream 0.79.11
* Mon Dec 2 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-4
- Optimize closing of file descriptors on fork (#1763745)
- Remove NOMODDB flag flag from context init, look for full tokens (#1746543)
- Retrieve full IPA CA chain (#1710632)
* Thu Jun 25 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.10-1
- Update to upstream 0.79.10
* Tue May 14 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
- Rebuild for new annobin (#1708095)
* Thu Jan 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.9-1
- Update to upstream 0.79.9
* Fri May 10 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-2
- Rebuild for new annobin (#1708095)
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu May 9 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.79.7-1
- Rebase to 0.79.7 (#1708095)
* Wed Oct 30 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.8-3
- Change python2-dbus build dependency to python3
- Convert tests to pass under python 3
- Skip DSA tests because it is disabled by default crypto policy
* Mon Oct 8 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-5
- Address more issues uncovered by static analysis (#1632449)
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Oct 2 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-4
- Improve handling of NSS tokens (#1624930)
- Pull in upstream fixes discovered in coverity and clang (#1632449)
* Wed Jul 17 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.8-1
- Update to upstream 0.79.8
* Mon Aug 13 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-3
- Add BuildRequires on python3-devel (#1615507)
* Wed May 22 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
- Add BuildRequires for krb5-devel, the buildroot changed.
* Thu Aug 2 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-2
- Fix test failure on some platforms
* Mon May 20 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-2
- Move systemd tmpfiles from /var/run to /run (upstream #111)
- Change /var/run -> /run in systemd service file
* Wed Aug 1 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-1
* Mon Feb 18 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-1
- Update to upstream 0.79.7
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Oct 4 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-4
- Pull in upstream fixes discovered in coverity and clang.
* Mon Oct 1 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-3
- Improve NSS token handling. The updated NSS crypto-policy enables all
tokens which broke requesting certificates due to the way that tokens
were managed.
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue May 8 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-1
- Update to upstream 0.79.6
- Fix unit tests to work with python 3
* Wed Mar 14 2018 Iryna Shcherbina <ishcherb@redhat.com> - 0.79.5-7
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Fri Feb 23 2018 Rob Crittenden <rcritten@redhat.com> 0.79.5-6
- Fix unit tests. NSS crypto policy disallows keys < 1024