<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch upstream
at <a href="https://salsa.debian.org/freeipa-team/certmonger">FreeIPA packaging / certmonger</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/08dab29d9e5091557b457642c8fec0ccd9e2f09c">08dab29d</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-01-12T10:44:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">If calling a CA helper fails, call cm_casave_done to reap
CA helper calls to certmaster when the certmaster helper wasn't
installed was causing 8 zombie processes (one for each query).
It is due to waitpid() not being called on them.
https://pagure.io/certmonger/issue/185
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/33948edadc8efb956cdf447c4a9788ae9dfb3ded">33948eda</a></strong>
<div>
<span>by Weblate</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update translation files
Updated by "Update ALL_LINGUAS variable in the "configure" file" hook in Weblate.
Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/4a532089b3836c49c9e70139b8a10b4e4963a984">4a532089</a></strong>
<div>
<span>by Yuri Chornoivan</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Ukrainian)
Currently translated at 100.0% (473 of 473 strings)
Translated using Weblate (Ukrainian)
Currently translated at 87.7% (415 of 473 strings)
Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/uk/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/c3e3e9828aa7c77190d3b6e9d6632aefcecd8f7a">c3e3e982</a></strong>
<div>
<span>by Geert Warrink</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Dutch)
Currently translated at 100.0% (473 of 473 strings)
Translated using Weblate (Dutch)
Currently translated at 75.2% (356 of 473 strings)
Co-authored-by: Geert Warrink <geert.warrink@onsnet.nu>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/nl/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/02a331ffbea7f02ff10f2581758642a244b112ad">02a331ff</a></strong>
<div>
<span>by Piotr Drąg</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Polish)
Currently translated at 100.0% (473 of 473 strings)
Co-authored-by: Piotr Drąg <piotrdrag@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/pl/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/329025ac650cc3026bd2d18a2b9d6790070b533c">329025ac</a></strong>
<div>
<span>by Luna Jernberg</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Swedish)
Currently translated at 90.2% (427 of 473 strings)
Co-authored-by: Luna Jernberg <bittin@reimu.nl>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/sv/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/12b574068bf27866a35714070f765a65e30e8dc8">12b57406</a></strong>
<div>
<span>by Oğuz Ersen</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Turkish)
Currently translated at 34.0% (161 of 473 strings)
Co-authored-by: Oğuz Ersen <oguzersen@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/tr/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/effa25f77896fd8b778ba6478e31fb880f68e0db">effa25f7</a></strong>
<div>
<span>by Göran Uddeborg</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Swedish)
Currently translated at 100.0% (473 of 473 strings)
Translated using Weblate (Swedish)
Currently translated at 100.0% (473 of 473 strings)
Co-authored-by: Göran Uddeborg <goeran@uddeborg.se>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/sv/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/4b5c9e388d64a97c2ac2b90f58d2037c443c5b8b">4b5c9e38</a></strong>
<div>
<span>by Mustafa Çalışkan</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Turkish)
Currently translated at 34.0% (161 of 473 strings)
Co-authored-by: Mustafa Çalışkan <musfay@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/tr/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/f3d86dc86c723fe4fa0ecacfe134939d4494819e">f3d86dc8</a></strong>
<div>
<span>by Oğuz Ersen</span>
<i>at 2021-02-16T13:19:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Turkish)
Currently translated at 42.4% (201 of 473 strings)
Co-authored-by: Oğuz Ersen <oguzersen@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/tr/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/62a6634867db5d9f79b613055b8788136d4cb41d">62a66348</a></strong>
<div>
<span>by Ade Lee</span>
<i>at 2021-04-14T16:16:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix local CA to work under FIPS
The PKCS12 file used for the local CA fails to be created because
it uses default OpenSSL encryption algorithms that are disallowed
under FIPS. This patch simply updates the PKCS12_create() command
to use allowed encryption algorithms.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/6802bec46dbbc846407ca06edc1bbb2434985059">6802bec4</a></strong>
<div>
<span>by Fábio Rodrigues Ribeiro</span>
<i>at 2021-04-15T20:45:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Portuguese (Brazil))
Currently translated at 50.1% (237 of 473 strings)
Co-authored-by: Fábio Rodrigues Ribeiro <farribeiro@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/pt_BR/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/b8ab1bf69b2ebbb80dd78783f198a2d9abca9abb">b8ab1bf6</a></strong>
<div>
<span>by Hela Basa</span>
<i>at 2021-04-15T20:45:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added translation using Weblate (Sinhala)
Co-authored-by: Hela Basa <r45xveza@pm.me>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/7335176c987535dfc7ed31760be7e3c49974617c">7335176c</a></strong>
<div>
<span>by simmon</span>
<i>at 2021-04-15T20:45:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Korean)
Currently translated at 100.0% (473 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 100.0% (473 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 100.0% (473 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 100.0% (473 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 100.0% (473 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 25.7% (122 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 18.6% (88 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 16.9% (80 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 13.7% (65 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 13.3% (63 of 473 strings)
Translated using Weblate (Korean)
Currently translated at 12.0% (57 of 473 strings)
Added translation using Weblate (Korean)
Co-authored-by: simmon <simmon@nplob.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ko/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/f269602b72457a8cf15d1be7ca42047fb15f0676">f269602b</a></strong>
<div>
<span>by Oğuz Ersen</span>
<i>at 2021-04-15T20:45:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Turkish)
Currently translated at 100.0% (473 of 473 strings)
Co-authored-by: Oğuz Ersen <oguzersen@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/tr/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/0302d410fa7aea00b5b871f1566620f367609700">0302d410</a></strong>
<div>
<span>by Rafael Fontenelle</span>
<i>at 2021-04-15T20:45:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Portuguese (Brazil))
Currently translated at 50.3% (238 of 473 strings)
Co-authored-by: Rafael Fontenelle <rafaelff@gnome.org>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/pt_BR/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/ab5d0f6068fa4f79de7966337a218a1b38aa66e9">ab5d0f60</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-04-29T14:40:59-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Revert three Korean translations because they change the order
The order of the formatting was changed so the wrong values/types
would be displayed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/a5f9b624e2340c323b5752c6267ac9a3a4d5ef21">a5f9b624</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:04:48-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update cadata test to reflect non-NULL returned by helper
NULL was returned when a helper was non-executable which led to
it becoming a zombie process.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/50cec1d8003465c84c26745532b1c6a25dde35a8">50cec1d8</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:04:48-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop hardcoded values for Apache NSS db for IPA < v4
These were used with IPAv3 when the IPA RA certificate
was stored in the Apache NSS database and references
by nickname. The RA certificate was moved to a set of
PEM files starting in IPA v4.
The hardcoded values were not particulary distribution
friendly.
This change isn't explicitly dropping support for IPAv3
but changes would be necessary there to pass in the
options for the NSS database directory and nickname.
A newer certmonger is not likely to be used with such an
old IPA release.
https://pagure.io/certmonger/issue/97
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/0eec70b9dbd0a50a24fe173a68fd9ab72857e08d">0eec70b9</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:20:36-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add NULL checks before string compares when analyzing a cert
A user reported a segfault which was due to a broken request.
How it got broken I have no idea but it was effectively empty.
It had everything as defaults: 0, -1, UNSPECIFIED or not
present at all.
So when trying to analyze the request it did a NULL compare.
https://pagure.io/certmonger/issue/191
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/881a1af1948d529a77fafc4c41b976df79f13991">881a1af1</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:42:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Pass /etc/ipa/ca.crt if it exists to libcurl, else rely on system
Don't pass a non-existant file to libcurl because it overrides the
system-wide trust and the connection will fail since there is no
chain.
https://pagure.io/certmonger/issue/132
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/c69e64cb89de7795b44664e3ed72fc555010bb3b">c69e64cb</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:53:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Close file in casave on NSS database login error
Discovered by Coverity
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/45d946003a91c45570072b6d508167f2465d04b3">45d94600</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:53:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove remaining reference to token variable in certread-n
I had switched to using PK11_GetTokenName(slot) except in one
spot which could lead to use of an uninitialized pointer in
an error message. Change this and drop the token variable.
Discovered by Coverity
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/baa10a98b65d7077e16f8aa364c43c56e9dba628">baa10a98</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:53:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Free the thumbprint variable before returning
This is probably a false-positive because if we know that the
length of t is 0 then there is nothing to free, but it doesn't
hurt anything and quiets the static analyzers.
Discovered by Coverity
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/08b9baee53e228224901fa38dc09ab2fb6008a1e">08b9baee</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:53:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Free the error message when returning
Since the submit label may be called multiple times free
error_message before returning.
Discovered by Coverity
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/a13b7ed11c0844c6d83a8929a4fb9984448fe34c">a13b7ed1</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:53:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix compiler warnings
These range from:
- unused variables
- missing switch options
- missing default in switch
- logging with known NULL variables
- non-void function with no return
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/af3264e79f476807cdf18e610704066a25331a17">af3264e7</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:53:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">clang: Unused variable assignment
kret is assigned but unused.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/0bf6d91f576d8601b9213b8de4c0d7b3b91e79c1">0bf6d91f</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:53:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">clang: Remove memory leak on failure
At this point a number of objects have been allocated. On error
be sure to release them.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/4ae497e9db7604213f266681049f83e3f8d0c035">4ae497e9</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T14:53:02-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">clang: free error_message when finding the realm
The error message can come from either krb5_get_error_message(),
error_message() or a static string.
If krb5_get_error_message() is used then krb5_free_error_message()
needs to be called to free it.
We already strdup'd error_message() but there were some static
strings as well.
So unify around strdup'ing these strings so we can free() it
when the function exits.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/84d575da7516cae1ee94099317cf0f8fae2c7ea1">84d575da</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-05-14T15:12:07-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Display not_before in getcert output
Including not_before can help with troubleshooting
renewal problems and if time needs to be reversed
helping identify the maximum one can go back.
https://bugzilla.redhat.com/show_bug.cgi?id=1940261
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/5e276766aef3d19baf9aa75573139bd156c44dbf">5e276766</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-06-03T17:36:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Revert "Revert three Korean translations because they change the order"
This reverts commit ab5d0f6068fa4f79de7966337a218a1b38aa66e9.
This was corrected in Weblate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/694f4d2ed261bbf1655ad41e64d138b66c1923fa">694f4d2e</a></strong>
<div>
<span>by simmon</span>
<i>at 2021-06-03T23:38:13+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Korean)
Currently translated at 100.0% (473 of 473 strings)
Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ko/
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/f8d6652c27f29c00d40fbf80e71840c9f70a176c">f8d6652c</a></strong>
<div>
<span>by Semyon Apoykov</span>
<i>at 2021-06-03T23:38:13+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Russian)
Currently translated at 67.4% (319 of 473 strings)
Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ru/
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/f824624949a92acec923be2f7af751fadbb47f21">f8246249</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-06-04T09:06:51-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix list of sub-commands in the getcert man page
There was a typo (refresh-cas) and a number of sub-commands were
missing in the top-level summary.
https://pagure.io/certmonger/issue/203
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/977dca3039b0a7b1ced0f5e2b1d9abcfd57c0aac">977dca30</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-06-04T14:29:09-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use the system env and not the session env for the local CA
The session env caused the local CA to try to use
/run/certmonger/.config/certmonger/certmonger.conf for its
configuration file which is both temporary and not exactly ideal.
Use the system environment as well so that
/etc/certmonger/certmonger.conf is the configuration file.
The problem was that users didn't know how to manage this file
and it didn't persist. The local CA is designed just for
developers but this wasn't discoverable at all and the
shipped certmonger.conf has a [local] section so confusion
abounded.
https://pagure.io/certmonger/issue/101
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/2cb0420ba5c33c2bb1e033d894e11c008160b79b">2cb0420b</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-06-08T17:06:38-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add autoreconf to in-tree rpm spec file
This is to allow CI automation using copr
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/9cd9bbc582831d22778ddcd9d4ff6dd44f3a1969">9cd9bbc5</a></strong>
<div>
<span>by simmon</span>
<i>at 2021-06-15T08:04:15+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Korean)
Currently translated at 100.0% (473 of 473 strings)
Co-authored-by: simmon <simmon@nplob.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ko/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/10064de9d447d7845e51d346d45b8e35312cbd0b">10064de9</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-06-15T15:07:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tag 0.79.14
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/9ac80d80c8e2a38f9478acce3696029fce462a01">9ac80d80</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-08-06T10:02:55-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">If an existing cert exists, use it to decrypt the PKCS#7 envelope
>From the PKCS7_decrypt man page:
Although the recipients certificate is not needed to decrypt the data
it is needed to locate the appropriate (of possible several) recipients
in the PKCS#7 structure.
Based heavily on patch contributed by Romain Bezut
https://pagure.io/certmonger/issue/202
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/fa54cbf4c0a9320c9d6cda2b20c2431e0bbe6f43">fa54cbf4</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-08-06T10:13:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Increase minimum allowed RSA key size to 1024
Better late than never.
https://pagure.io/certmonger/issue/211
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/c50fa8609169ee886c4b278a8c2702a5c4409d97">c50fa860</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-08-06T10:13:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make the default RSA key size configurable
There is still a compiled-in default (currently 2048)
but this can be overridden in certmonger.conf with the
rsa_key_size setting in the default section. This will
allow users to increase the minimum size without changing
the default behavior for others.
https://pagure.io/certmonger/issue/211
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/2eb0793c4a7e0f37a3bd801b442f691b31961575">2eb0793c</a></strong>
<div>
<span>by simmon</span>
<i>at 2021-08-06T10:37:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Korean)
Currently translated at 100.0% (473 of 473 strings)
Co-authored-by: simmon <simmon@nplob.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ko/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/f0b6f42e1d193d29516ae664d8073c5bdfa4cb97">f0b6f42e</a></strong>
<div>
<span>by Anders Jonsson</span>
<i>at 2021-08-06T10:37:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Swedish)
Currently translated at 100.0% (473 of 473 strings)
Co-authored-by: Anders Jonsson <anders.jonsson@norsjovallen.se>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/sv/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/b38981c6e140ada6dd34bc817c508e8dd9714494">b38981c6</a></strong>
<div>
<span>by Your Name</span>
<i>at 2021-08-06T10:51:21-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add SCEP config option to treat the challenge password as an OTP
SCEP RFC 8894 specifies that a challenge password SHOULD be
removed from subsequent requests but that it MAY be included.
This adds a new configuration option to treat the challenge password
as a one-time password (OTP) so that it will not be sent on
subsequent requests, like renewals, by removing it completely
from the tracking request.
This allows certmonger to be able to renew AD-issued SCEP certificates
if the AD registry entry DisableRenewalSubjectNameMatch is set to 1.
https://bugzilla.redhat.com/show_bug.cgi?id=1577570
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/027556dd5cdfc87234c7e38c4614b44f11b6b5ef">027556dd</a></strong>
<div>
<span>by Hela Basa</span>
<i>at 2021-08-18T21:05:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Sinhala)
Currently translated at 0.6% (3 of 473 strings)
Co-authored-by: Hela Basa <r45xveza@pm.me>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/si/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/b4c090d2e12956a2df6157592839936adf4024f4">b4c090d2</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-09-03T13:18:49-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix file descriptor leak when executing CA helpers
cm_cadata_start_generic() creates a pipe. One half is passed
to fetch(), the function that does all helper calls,
via the cm_cadata_state variable ret. The other half is the
reader and is used to detect execution errors. There is a pair
of write/read on this descriptor which on error would be the
errno.
This second half wasn't being closed after reading to test for
errors.
https://bugzilla.redhat.com/show_bug.cgi?id=1992439
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/40a702fccfd25e409d66012bcaf139f6ff1453cf">40a702fc</a></strong>
<div>
<span>by Natacha Rault</span>
<i>at 2021-09-13T02:04:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (French)
Currently translated at 48.4% (229 of 473 strings)
Co-authored-by: Natacha Rault <n.rault@me.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/fr/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/729c2fbc3a56baa067322f307762ecb57d8a8990">729c2fbc</a></strong>
<div>
<span>by Andika Triwidada</span>
<i>at 2021-09-13T02:04:52+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Indonesian)
Currently translated at 4.8% (23 of 473 strings)
Co-authored-by: Andika Triwidada <andika@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/id/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/5be5279cf7530a819c12f693932bf378f2487d06">5be5279c</a></strong>
<div>
<span>by Didik Supriadi</span>
<i>at 2021-09-13T02:04:52+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Translated using Weblate (Indonesian)
Currently translated at 4.8% (23 of 473 strings)
Co-authored-by: Didik Supriadi <didiksupriadi41@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/id/
Translation: certmonger/master
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/aab56206a03fe9bdc5941fa0e42ca807f8d38777">aab56206</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-09-28T10:37:49-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add compile check for EVP_PKEY_get_id along with EVP_PKEY_id
EVP_PKEY_id is no longer available as a function, only as a preprocessor
macro, so AC_CHECK_FUNCS cannot recognize it.
This was changed in OpenSSL 3.0.0-beta2
https://bugzilla.redhat.com/show_bug.cgi?id=2008451
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/9312d1892c611d9f0e814cb915488182da2b76cc">9312d189</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2021-10-04T17:35:44+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use extensions template from NSS
Drop certmonger's custom extension template and use the sequence of X509v3
extensions template from NSS.
The certmonger template had a bug that caused certmonger to create CSRs
with invalid DER. It was encoding extension's critical element even for
default value FALSE.
Fixes: https://pagure.io/certmonger/issue/223
Signed-off-by: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/e3e4679693efc60bc7a25983909ddfa6883ab2ec">e3e46796</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2021-10-05T09:37:33+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use implicit, empty FALSE for extensions
Cemplate had a bug that caused certmonger to create CSRs with invalid DER..
It was encoding extension's critical element even for default value FALSE..
Fixes: https://pagure.io/certmonger/issue/223
Signed-off-by: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/certmonger/-/commit/46cd5a7d9434ed104093152bdf0a55404e6a1c6b">46cd5a7d</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2021-10-05T11:55:57-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update csrgen test to understand OpenSSL 3.0.0 output
OpenSSL 3.0.0 change a lot of output messages. When verifying
a certificate instead of printing just "verify OK" it prints
"Certificate request self-signature verify OK"
Modify the check to match both OpenSSL 1.x and 3.x
Related: https://pagure.io/certmonger/issue/223
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
</ul>
<h4>7 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#552183f11039fa0be5545439c6aed0cb7f87aaaf">
certmonger.spec
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#261f99793f9021156930d27482395a311478cacf">
doc/selinux.txt
</a>
</li>
<li class="file-stats">
<a href="#09aa9a4cf22de79302d7cefe7d280b7235f787c7">
po/fr.po
</a>
</li>
<li class="file-stats">
<a href="#cbd0a16c6ab85833ae5892982bc57d68cc315864">
po/id.po
</a>
</li>
<li class="file-stats">
<a href="#462de2f88a6167ce90705f7096ce3afdcfa1d264">
<span class="new-file">
+
po/ko.po
</span>
</a>
</li>
<li class="file-stats">
<a href="#c54e8255699d35fd83cf0c4800a6cf1fe45533d9">
po/nl.po
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/certmonger/-/compare/3514c6d7a9d61a48f09f4f7affe06fa508a494ee...46cd5a7d9434ed104093152bdf0a55404e6a1c6b">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>