From 468fcf0c32dc0549f4cb04a2549490157dde158d Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Jun 13 2014 21:32:02 +0000
Subject: Update to 0.75


- add a -w (wait) flag to the getcert's request/resubmit/start-tracking
  commands, and add a non-waiting "status" command
- add the "local" signer, a local toy CA that signs anything you'll
  ask it to sign
- fix self-test errors that we trigger with new OpenSSL
- fix a build error that would sometimes happen when we're told to
  build PIE binaries
- quiet a compile warning
- retrieve CA information from CAs, if the helpers can do so, and
  add a command to explicitly refresh that data: "getcert refresh-ca"
- offer to save CA certificates to files and databases, when specified with
  new -a and -F flags to getcert request/resubmit/start-tracking (#1098208,
  trac #31)
- add IP address subject alternate names when getcert request/resubmit
  is passed the -A option (trac #35)
- read and cache the freshestCRL extension in certificates
- properly interpret KDC-unreachable errors encountered in the IPA
  submission error as a server-unreachable error that we will retry,
  rather than a misconfiguration error which we won't
- don't let tests get tripped up by new formatting used in dos2unix status
  messages (#1099080)
- updated translations
- be explicit that we are going to use bashisms in test scripts by calling
  the shell interpreter as 'bash' rather than 'sh' (trac #27)

---

diff --git a/.gitignore b/.gitignore
index a735d81..6a65d70 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,5 @@ certmonger-0.28.tar.gz
 /certmonger-0.73.tar.gz.sig
 /certmonger-0.74.tar.gz
 /certmonger-0.74.tar.gz.sig
+/certmonger-0.75.tar.gz
+/certmonger-0.75.tar.gz.sig
diff --git a/certmonger.spec b/certmonger.spec
index af9804e..6b0625e 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -19,8 +19,8 @@
 %endif
 
 Name:		certmonger
-Version:	0.74
-Release:	2%{?dist}
+Version:	0.75
+Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
 Group:		System Environment/Daemons
@@ -30,7 +30,8 @@ Source0:	http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.g
 Source1:	http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz.sig
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
-BuildRequires:	dbus-devel, nspr-devel, nss-devel, openssl-devel
+BuildRequires:	openldap-devel
+BuildRequires:	dbus-devel, nspr-devel, nss-devel, openssl-devel, libidn-devel
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
 BuildRequires:  libuuid-devel
 %else
@@ -204,9 +205,60 @@ exit 0
 %endif
 
 %changelog
+* Fri Jun 13 2014 Nalin Dahyabhai <nalin@redhat.com> 0.75-1
+- add a -w (wait) flag to the getcert's request/resubmit/start-tracking
+  commands, and add a non-waiting status command
+
+* Wed Jun 11 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.96-1
+- make the trust settings we apply to CA-supplied certificates while
+  saving them to NSS databases run-time configurable
+- fix compiling against EL5-era OpenSSL
+- when saving CA certificates we pull from an IPA server, nickname
+  it using the realm name with " IPA CA" appended rather than just
+  naming it "IPA CA"
+- fix the local signer so that when it issues itself a new certificate,
+  it uses the same subject name
+- add a -w flag to getcert's request, resubmit, and start-tracking
+  commands, telling it to wait until either the certificate is issued,
+  we get to a state where we know that we won't be able to get one, or
+  we are waiting for a CA
+
+* Mon Jun  9 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.95-1
+- add the "local" signer, a local toy CA that signs anything you'll
+  ask it to sign
+
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.74-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 
+* Fri Jun  6 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.94-1
+- fix self-test errors that we trigger with new OpenSSL
+- fix a build error that would sometimes happen when we're told to
+  build PIE binaries
+- quiet a compile warning
+
+* Thu Jun  5 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.93-1
+- add some self-tests
+- simplify the internal submit-to-CA logic
+- fixes for more problems found through static analysis
+
+* Tue Jun  3 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.92-1
+- retrieve CA information from CAs, if the helpers can do so, and
+  add a command to explicitly refresh that data: "getcert refresh-ca"
+- offer to save CA certificates to files and databases, when specified with
+  new -a and -F flags to getcert request/resubmit/start-tracking (#1098208,
+  trac #31)
+- add IP address subject alternate names when getcert request/resubmit
+  is passed the -A option (trac #35)
+- read and cache the freshestCRL extension in certificates
+- properly interpret KDC-unreachable errors encountered in the IPA
+  submission error as a server-unreachable error that we will retry,
+  rather than a misconfiguration error which we won't
+- don't let tests get tripped up by new formatting used in dos2unix status
+  messages (#1099080)
+- updated translations
+- be explicit that we are going to use bashisms in test scripts by calling
+  the shell interpreter as 'bash' rather than 'sh' (trac #27)
+
 * Thu Apr  3 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74-1
 - also save state when we exit due to SIGHUP
 - don't get tripped up when enrollment helpers hand us certificates which
diff --git a/sources b/sources
index 48bf4eb..ee230ac 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-cd73eed2f6ef837a790286d0998c6c47  certmonger-0.74.tar.gz
-1764071325f7e7d6d143862a88e07071  certmonger-0.74.tar.gz.sig
+e84ed86a9392b1a49a01149cea669ddc  certmonger-0.75.tar.gz
+79c053b21ee1a58824205eb08f9c06df  certmonger-0.75.tar.gz.sig