Changelog for certmonger-0.79.13-lp154.2.1.x86_64.rpm :

* Thu Jul 12 2018 Fedora Release Engineering - 0.79.6-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue May 08 2018 Rob Crittenden - 0.79.6-1- Update to upstream 0.79.6
* Wed Mar 14 2018 Iryna Shcherbina - 0.79.5-7- Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Fri Feb 23 2018 Rob Crittenden 0.79.5-6- Fix unit tests. NSS crypto policy disallows keys < 1024
* Wed Feb 21 2018 Rob Crittenden 0.79.5-5- Add BuildRequires on gcc
* Wed Feb 07 2018 Fedora Release Engineering - 0.79.5-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 10 2018 Rob Crittenden 0.79.5-3- Remove BR on mktemp. It is now provided by coreutils.- Patch to fix NSS handling of keys in sqlite databases- Patches to fix tests now that sqlite is the NSS default.
* Wed Oct 04 2017 Rob Crittenden 0.79.5-2- Switch BR from /usr/include/popt.h to popt-devel
* Fri Sep 01 2017 Rob Crittenden 0.79.5-1- update to 0.79.5: - getcert start-tracking: use issuer option when specified - add support for specifying the MS certificate template - Reformat certificates returned by Dogtag to strip extra newline
* Wed Aug 16 2017 Rob Crittenden 0.79.4-2- Reformat certificates returned by Dogtag. Dogtag was including a spurious newline before -----END CERTIFICATE-----
* Mon Aug 07 2017 Rob Crittenden 0.79.4-1- update to 0.79.4 - fix CA option name for ipa cert-request - fix minor memory leak - fix build warnings - fix an incorrect date in the .spec changelog - bump gettext version to avoid warning
* Wed Aug 02 2017 Fedora Release Engineering - 0.79.3-3- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering - 0.79.3-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Feb 28 2017 Nalin Dahyabhai 0.79.3-1- update to 0.79.3: - fix self-signing self-test cases that used DSA or EC keys
* Mon Feb 27 2017 Nalin Dahyabhai 0.79.2-2- update %docs list because README is now README.md
* Mon Feb 27 2017 Nalin Dahyabhai 0.79.2-1- update to 0.79.2: - fix \'make distcheck\' target
* Sun Feb 19 2017 Nalin Dahyabhai 0.79.1-1- update to 0.79.1: - update translations - fix \'make archive\' target
* Sun Feb 19 2017 Nalin Dahyabhai 0.79-1- update to 0.79: - getcert now offers an option (-X) for requesting processing by a particular CA if the server we\'re contacting is running more than one - getcert also offers options (--for-ca, --not-for-ca, --ca-path-length) for requesting BasicConstraints values - getcert now displays times in local time instead of UTC, which was previously the only way they were displayed; the --utc option can often be used to switch back to its previous behavior - the SCEP enrollment helper now correctly issues GetCACertChain requests to SCEP servers, instead of issuing a GetCAChain request, which isn\'t part of the protocol; from report by Jason Garland - when issuing SCEP requests, the ID of the CA included in the HTTP request is now URL-encoded, as it should be - renewal or notification-of-impending-expiration logic is now triggered closer to TTL thresholds rather than waiting for a periodic check to pass a threshold - properly builds with OpenSSL 1.1, thanks to Lukas Slebodnik and Tomas Mraz for a lot of the legwork- resync .spec file with Fedora- upstream project migrated from fedorahosted.org to pagure.io
* Fri Feb 10 2017 Fedora Release Engineering - 0.78.6-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sat Jan 21 2017 Igor Gnatenko - 0.78.6-5- Rebuild for xmlrpc-c
* Wed Jul 06 2016 Nalin Dahyabhai 0.78.6-4- add backported fix to wait a reasonable amount of time after calling the \'resubmit\' method for a new certificate to be issued when we\'re exercising the D-Bus API during tests (Jan Cholasta, #1351052)
* Wed Jul 06 2016 Nalin Dahyabhai 0.78.6-3- instead of using killall to send a SIGHUP to the system bus daemon in %post to get it to reload its configuration, use dbus-send to send a ReloadConfig request over the bus (should fix #1277573)
* Wed Feb 03 2016 Fedora Release Engineering - 0.78.6-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jan 13 2016 Nalin Dahyabhai 0.78.6-1- document the -R, -N, -o, and -t flags for dogtag-ipa-renew-agent-submit- stop checking that we can generate 512 bit keys during self-tests
* Thu Nov 12 2015 Nalin Dahyabhai 0.78.5-1- fix a possible uninitialized memory read (possibly #1260871)- log a diagnostic error when we fail to initialize libkrb5
* Tue Aug 04 2015 Nalin Dahyabhai 0.78.4-1- fix the \"getcert start-tracking\" -L and -l options (#1249753)- output diagnostics about the second request when scep-submit encounters an error during a second request to the SCEP server
* Mon Jul 20 2015 Nalin Dahyabhai 0.78.3-1- call poptGetOptArg() correctly, to fix parsing of the -R flag to scep-submit and the -O and -o flags to dogtag-submit (#1244914)
* Thu Jul 09 2015 Nalin Dahyabhai 0.78.2-1- tweak initialization so that we set up for providing our D-Bus API before we register our name with the bus, so that we can handle any requests that arrive before the acknowledgement of that registration- on systems that run systemd, add the right data file so that the service gets started when someone tries to talk to the daemon (ticket #38)- correctly check for error responses when sending GetCAChain requests to SCEP servers
* Sun Jun 21 2015 Nalin Dahyabhai 0.78.1-1- self-tests: assume that certutil won\'t generate DSA keys with more than 1024 bits, and will often short us by a few
* Sat Jun 20 2015 Nalin Dahyabhai 0.78-1- switch to using popt for parsing command line arguments, continuing to use old help text for now so that we can catch up with translations (print old text for --help, new text (with longopts!) for -H)- add some plumbing for eventually receiving per-certificate roots in addition to issued certificates and chain certificates- add a \"rekey\" command to getcert, for triggering enrollment using a new key pair (#1087932)- scep-submit: check for the Renewal capability, and default to taking advantage of it during rekeying, unless the new -n flag is specified to it- dogtag-submit: add flags for passing user names, UDNs, passwords, and PINs to the helper (part of ticket #12)- dogtag-submit: add a flag for using the agent creds to do TLS client auth while submitting enrollment requests (more of ticket #12)- dogtag-submit: handle cases where we submit a request and the server returns a success code rather than just queuing the request (#12 again)- ipa-submit: pass requested profile names to the server as an argument named \"profile_id\"; if the server gives us an \"unrecognized argument\" error, retry without it for compatibility\'s sake (part of IPA ticket #57)- keygen: fix a possible crash if keygen fails to return a key from NSS- correct the certmonger(8) man page\'s description of the -c flag, which it used to call the -C flag- add logic for setting ownership and permissions on certificates and keys when saving them to disk- add configuration options \"max_key_lifetime\" and \"max_key_use_count\" for making automatic renewal prefer rekeying
* Wed Jun 17 2015 Fedora Release Engineering - 0.77.5-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Thu May 28 2015 Nalin Dahyabhai 0.77.5-1- pass $CERTMONGER_REQ_IP_ADDRESS to enrollment helpers if the signing request includes IP address subjectAltName values- correctly verify signatures on SCEP server replies when the signer is neither the top-level CA nor the RA (feedback in #1161768)- correctly verify signatures on SCEP server replies when there is more than one certificate in the chain between the RA and the top-level CA (feedback in
* Fri May 15 2015 Nalin Dahyabhai 0.77.4-1- don\'t display PINs in \"getcert list\" output (#42)- clean up launching of a private instance in \"getcert\"- expand on the don\'t-delete-private-key fix from 0.77.3 by letting NSS\'s own safety checks have an effect- backport record-keeping of key generation dates and counts of how many times we\'ve gotten certificates using a given key pair
* Thu May 07 2015 Nalin Dahyabhai 0.77.3-1- fix a data loss bug when saving renewed certificates to NSS databases - the private key could be removed in error since 0.77- fixes for bugs found by static analysis- fix self-tests when built with OpenSSL 1.0.2
* Tue Apr 14 2015 Nalin Dahyabhai 0.77.2-1- expose the certificate\'s not-valid-before and not-valid-after dates as a property over D-Bus (ticket #41)- give the local signer its own configuration option to set the lifetime of its signing certificate, falling back to the lifetime configured for the self-signer as a default to match the previous behavior- fix a potential read segfault parsing the output of an enrollment helper, introduced in 0.77 (thanks to Steve Neuharth)- read the ns-certtype extension value in certificates- request an enrollment certtype extension to CSRs if we have a profile name that we want to use (ticket #17, possibly part of IPA ticket #57)
* Fri Feb 27 2015 Nalin Dahyabhai 0.77.1-1- update to 0.77 - add initial, still rough, SCEP support (#1140241,#1161768) - add an scep-submit helper to handle part of it - getcert: add add-ca/add-scep-ca/modify-ca/remove-ca commands - getcert: add -l, -L flags to request/resubmit/start-tracking commands to provide a way to set a ChallengePassword in signing requests - lay some groundwork for rekeying support - bundled dogtag enrollment helpers now output debugging info to stderr (#) - ipa-getcert: fix a crash when using DNS discovery to locate servers (#39) - getcert: fix displaying of pre-request pre-/post-save commands (#1178190, - use Zanata for translations - getcert list: list the certificate\'s profile name, if it contains one
* Tue Nov 18 2014 Nalin Dahyabhai 0.76.8-1- dogtag-submit: accept additional options to pass to the server when approving requests using agent creds (#1165155, patch by Jan Cholasta)- getcert: print help output when \'status\' isn\'t given any args (#1163541)
* Tue Nov 11 2014 Nalin Dahyabhai 0.76.7-1- correctly read CA not-valid-after dates on 32-bit machines (also reported by Natxo Asenjo), so that we don\'t spin on polling them (#1163023)
* Mon Nov 10 2014 Nalin Dahyabhai 0.76.6-1- don\'t discard the priority value in DNS SRV records
* Mon Nov 10 2014 Nalin Dahyabhai 0.76.5-1- avoid premature exit on CA data analysis failures (should fix an issue reported by Natxo Asenjo)
* Mon Nov 10 2014 Nalin Dahyabhai 0.76.4-1- fix a failure in self-tests
* Mon Nov 10 2014 Nalin Dahyabhai 0.76.3-1- fixes for bugs found by static analysis- handle IDN correctly when doing service location using SRV records- documentation updates
* Wed Nov 05 2014 Nalin Dahyabhai - rework the state machine so that we save an issued certificate\'s associated CA certificates, then re-read the certificate, then run the post hook and issue notifications, in that order, instead of saving CA certificates after running the post hook, which was always a surprising order (#1131700)- add a generic dogtag-submit helper that doesn\'t include any IPA defaults, to make it easier to know the difference between paramenters it requires and parameters which are optional (#12)
* Tue Nov 04 2014 Nalin Dahyabhai 0.76.2-1- ipa-submit: when we fail to locate/contact LDAP or XML-RPC servers, use discovery to find them (#1136900)
* Fri Oct 31 2014 Nalin Dahyabhai 0.76.1-1- allow for \'certmonger -P abstract:...\' to work, too
* Fri Oct 31 2014 Nalin Dahyabhai 0.76-1- require a single certificate to be specified to \'getcert status\' (#1148001, - shorten the default help message which getcert prints when it\'s not given a specific command (#1131704)- add private listener (-l, -L, -P) mode to certmonger, to allow it to listen for connections directly from clients running under the same UID- add a command mode (-c) to certmonger, in which once it\'s started, it launches a specified command, and after that command exits, the daemon exits- when getcert is invoked with no bus running, if it\'s running as root, run certmonger in private listener mode with the same invocation of getcert as the command to start and wait for (#1134497)