<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>



<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<h3>
Timo Aaltonen pushed to branch master
at <a href="https://salsa.debian.org/freeipa-team/certmonger">FreeIPA packaging / certmonger</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/c5270bde4dab84f18c347e82376ef00733865247">c5270bde</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-07-01T11:58:11-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Don't free soptions while it is still needed

Introduced in fbcf03dd44007a9b231e9396cc418a00e1a4b49a trying
to avoid leaking soptions and aoptions.

https://pagure.io/certmonger/issue/163
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/7902064611ec4cc68960b3ca68fb92a1fd0b5137">79020646</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-07-30T11:20:10-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Revert "Adapt to the new behavior of disconnect in dbus-broker"

This reverts commit 39ce89ec821d02643681795d2149b20198f0fe42.

systemd will kill certmonger anyway. Let it go ahead and die
and we'll use PartOf to link the two services together instead.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/5e45029b429aa383db295facea18a6a72e1a2357">5e45029b</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-07-30T11:20:10-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Link certmonger to dbus so it stops and restarts with it

This will ensure that certmonger will run if dbus is restarted.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/00e948049acf0ca1b61ed9c2b8579b06b4bcb46a">00e94804</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-08T13:56:49-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Don't send SIGKILL to children, give them a chance to die

This was causing issues in IPA which uses a lock file to
serialize some operations. The kill was leaving the lock in
place causing things to time out.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/fcc3a370db5a353bbe63822e29995204b3c83874">fcc3a370</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-09T16:07:22-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove empty translation files

https://pagure.io/certmonger/issue/141
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/93974735c31e653acc0d3de7e1cb165dbe764aef">93974735</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-09-16T15:54:00+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">remove dead make targets

Commit 13abd68c7b862719e7b0ed065906cc28c6157a41 removed some files,
but left dangling references to those files in tests/Makefile.am,
breaking the build.  Delete references to the deleted files.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/1de7c2e7d4f3557bb45b9526016b766c7119c6ad">1de7c2e7</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-16T10:34:45-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Require jansson for IPA RPC calls, make xmlrpc optional

xmlrpc is now only used for certmaster

IPA will only make JSON RPC calls to retrieve certificates
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/aedf7f646f28d58c6bc422423401c1d0eb31ee75">aedf7f64</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-16T11:31:07-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make xmlrpc optional in the certmonger spec file, disable certmaster

This disables certmaster support by default since it requires
xmlrpc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/4347ce74b0001c002cb449b8dd63819634e980ae">4347ce74</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-16T11:31:07-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add Referer header option to the submit-h API

This will allow IPA API requests that require the Referer header
to be set.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/fdc2851233f532eb78363784712c597c63e1c4c1">fdc28512</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-16T11:31:07-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Switch IPA calls to use the JSON-RPC endpoint instead of XMLRPC

IPA has provided a JSON-RPC interface for many years now and has
long term plans to drop support for XMLRPC.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/dd8dcb899e0a159d1141b713993805565ffb6d28">dd8dcb89</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-16T11:31:07-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove the certmaster CA from the 028-dbus test

The certmaster CA is disabled by default so no longer look for it
in the dbus test.

This test will fail if certmaster is enabled. There is currently no
mechanism to dynamically enable/disable features of the tests. It
can be added if it comes up but its unclear if anyoen took advantage
of the certmaster support in the first place.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/94dfc2f31b439db37b67d58e635169c29a4f8dde">94dfc2f3</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-16T11:31:08-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add a local-srpm target to build an srpm from the current checkout

The srpm target will pull the origin master branch and build from
that so it isn't useful for testing local changes.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/eda1134a9db1246eb8a24e0e01cfe1fcbff10729">eda1134a</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-09-16T11:31:08-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Silence a rpm macro warning with an unescaped % in a comment
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/e64e4a9fda817ab9bd5af106c178105fc907dfc0">e64e4a9f</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-09-25T09:43:22+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream'
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/5faaac054a2ddf8dda810206a6feb822110b0921">5faaac05</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-10-05T11:16:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tag 0.79.12

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/f167cff199e2fc7df6c558e437222593ccecd390">f167cff1</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-10-09T11:10:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix NSS shutdown issues when obtaining the internal token name

The slot wasn't being freed every time util_internal_token_name()
was called which caused NSS_Shutdown() and NSS_ShutdownContext()
to return SEC_ERROR_BUSY.

Discovered in IPA issue https://pagure.io/freeipa/issue/8533
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/be632059b48b5c6b5d767c8b37afe0582c23cd38">be632059</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-10-20T14:47:52-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Save a copy of the IPA error message when parsing the JSON result

json_decref() is freeing the parsed value so the error message was
undefined.

Issued discovered in https://pagure.io/freeipa/issue/8537
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/5e77bf10f253a17edd26c1041cc70659330ff702">5e77bf10</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-10-20T14:50:20-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">certread-n: Look up certs using PK11_FindCertFromNickname()

Don't loop through all the tokens looking for a given nickname, look
it up directly. If a nickname does not contain a token then NSS
treats it as the internal token. Otherwise it uses the token name
to retrieve the slot and looks for certificates in that slot.

Looping through the certificates in each slot using
PK11_ListCertsInSlot() was sometimes taking as many as 14 seconds
for no apparent reason. This slowdown is not seen when using
PK11_FindCertFromNickname().

This 14 second delay was causing client DBus timeouts which was
causing IPA server installation failures when running start-tracking
on the CA subsystem certificates.

Related IPA issue https://pagure.io/freeipa/issue/8533
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/f25222fcc36d004172599e56fef3fa5ea4b5fa78">f25222fc</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-10-20T14:50:20-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Free public key information after storing and displaying

This fixes an NSS shutdown error.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/8a4778325f6c7ed030e203308a145c193c48c4b4">8a477832</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-10-20T15:22:16-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Don't report a spurious error if no SCEP pkiMessage is ready yet

On a brand new request in the state op_pkcsreq there will be no
pkiMessage to send yet because there is no CSR yet.

It correctly detects this state but also displays the message:

    Error reading request.  Expected PKCS7 data containing a
    PKCSReq pkiMessage, got nothing.

This is confusing if the request eventually succeeds.

It really only needs to report this if it is passed in a file name
to read the message from, otherwise silently return
CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES.

The same issue existed in the op_get_cert_initial state.

https://bugzilla.redhat.com/show_bug.cgi?id=1253009
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/3514c6d7a9d61a48f09f4f7affe06fa508a494ee">3514c6d7</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2020-10-20T15:39:55-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tag 0.79.13

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/f8b2d1acfefdb04004895a5eb55e66d986bff339">f8b2d1ac</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-10-26T22:31:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">control, postinst: Drop certmaster, build-depend on libjansson-dev instead of xmlrpc.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/450be6207353983ca1c2daed9898961d1b625ece">450be620</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-10-26T22:32:21+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream'
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/0691c2e66de7f724a49b3b3f8d42f0a1048d9cbb">0691c2e6</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-10-26T22:32:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/07d5d0daffe313c474855306391666ad4590f484">07d5d0da</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-10-28T16:26:40+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package certmonger version 0.79.13-1
</pre>
</li>
</ul>
<h4>8 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#552183f11039fa0be5545439c6aed0cb7f87aaaf">
certmonger.spec
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#b308d40572b921792d9c88e1857328baa2dc12f2">
debian/certmonger.postinst
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#58ef006ab62b83b4bec5d81fe5b32c3b4c2d1cc2">
debian/control
</a>
</li>
<li class="file-stats">
<a href="#815a556cb0445c3a99af539ec28bc10237795b8a">
<span class="deleted-file">

po/ach.po
</span>
</a>
</li>
<li class="file-stats">
<a href="#73340f8c5030588fc9dd1a77028ae00fe8cff1b5">
<span class="deleted-file">

po/af.po
</span>
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">

<br>
<a href="https://salsa.debian.org/freeipa-team/certmonger/-/compare/5d8489f577d95d5fd191e4678598927ebc8b36f0...07d5d0daffe313c474855306391666ad4590f484">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.



</p>
</div>
</body>
</html>