Synopsis

certmonger bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated certmonger packages that fix multiple bugs and add multiple enhancements
are now available for Red Hat Enterprise Linux 6.

Description

The certmonger daemon monitors certificates which have been registered with it,
and as a certificate's not-valid-after date approaches, the daemon can
optionally attempt to obtain a fresh certificate from a supported CA.

The certmonger packages have been upgraded to upstream version 0.56,
which provides a number of bug fixes and enhancements over the
previous version. (BZ#789153)

This update fixes the following bugs:

• Prior to this update, one of the examples provided in the getting-started.txt
  file did not work as expected if the daemon was prevented from accessing files
  in user-specified locations, for example by the SELinux policy. With this
  update, this problem is now documented in the getting-started.txt file.
  (BZ#765599)
  
• Prior to this update, the certmonger daemon was not configured to start by
  default when the package was installed. This update enables the certmonger
  service by default. (BZ#765600)
  
• Prior to this update, the "getcert" command could under certain circumstances,
  display the misleading error message "invalid option" when an option that
  required an argument was used and the argument was not specified. This update
  modifies the error code so that the correct message is now sent. (BZ#796542)
  

In addition, this update adds the following enhancement:

• Prior to this update, newly added certificates were not automatically visible.
  To see these certificates, servers had to be manually restarted. This update
  adds the emission of D-Bus signals over the message bus to allow applications to
  perform the actions they need to use a new certificate. Also, the new "-C"
  option was added to invoke a user-specified command. (BZ#766167)
  

All users of certmonger are advised to upgrade to these updated packages, which
fix these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 765599 - certmonger's getting-started.txt includes an example that doesn't work by default
• BZ - 766167 - RFE: provide a command/signal for certmonger to send after renewing cert
• BZ - 796542 - Incorrect error message is displayed when no argument is provided for optional switches.
• BZ - 796813 - Deadcode in tdbush.c

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
x86_64
certmonger-0.56-1.el6.x86_64.rpm	SHA-256: 30cdbfe3486a5d25ad95d343662ae410f10a60640a892648f37caf52d2960a45
certmonger-debuginfo-0.56-1.el6.x86_64.rpm	SHA-256: a28430d81a15b4633d26b2fa16dbef5417be09175b4030350084e51e1b05a89a
i386
certmonger-0.56-1.el6.i686.rpm	SHA-256: e28139cc6b77a84d42409bfb816cab6e911762305ae97d4ee63be4b287e6799a
certmonger-debuginfo-0.56-1.el6.i686.rpm	SHA-256: ea2621c3d8648d94552ceae9e6da63316a14eda71eb79449d360e05e7b96d59d

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
x86_64
certmonger-0.56-1.el6.x86_64.rpm	SHA-256: 30cdbfe3486a5d25ad95d343662ae410f10a60640a892648f37caf52d2960a45
certmonger-debuginfo-0.56-1.el6.x86_64.rpm	SHA-256: a28430d81a15b4633d26b2fa16dbef5417be09175b4030350084e51e1b05a89a
i386
certmonger-0.56-1.el6.i686.rpm	SHA-256: e28139cc6b77a84d42409bfb816cab6e911762305ae97d4ee63be4b287e6799a
certmonger-debuginfo-0.56-1.el6.i686.rpm	SHA-256: ea2621c3d8648d94552ceae9e6da63316a14eda71eb79449d360e05e7b96d59d

Red Hat Enterprise Linux Workstation 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
x86_64
certmonger-0.56-1.el6.x86_64.rpm	SHA-256: 30cdbfe3486a5d25ad95d343662ae410f10a60640a892648f37caf52d2960a45
certmonger-debuginfo-0.56-1.el6.x86_64.rpm	SHA-256: a28430d81a15b4633d26b2fa16dbef5417be09175b4030350084e51e1b05a89a
i386
certmonger-0.56-1.el6.i686.rpm	SHA-256: e28139cc6b77a84d42409bfb816cab6e911762305ae97d4ee63be4b287e6799a
certmonger-debuginfo-0.56-1.el6.i686.rpm	SHA-256: ea2621c3d8648d94552ceae9e6da63316a14eda71eb79449d360e05e7b96d59d

Red Hat Enterprise Linux Desktop 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
x86_64
certmonger-0.56-1.el6.x86_64.rpm	SHA-256: 30cdbfe3486a5d25ad95d343662ae410f10a60640a892648f37caf52d2960a45
certmonger-debuginfo-0.56-1.el6.x86_64.rpm	SHA-256: a28430d81a15b4633d26b2fa16dbef5417be09175b4030350084e51e1b05a89a
i386
certmonger-0.56-1.el6.i686.rpm	SHA-256: e28139cc6b77a84d42409bfb816cab6e911762305ae97d4ee63be4b287e6799a
certmonger-debuginfo-0.56-1.el6.i686.rpm	SHA-256: ea2621c3d8648d94552ceae9e6da63316a14eda71eb79449d360e05e7b96d59d

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
s390x
certmonger-0.56-1.el6.s390x.rpm	SHA-256: 6f22984fa793dcea66af94d7805e9c8db5b506e897e8a96527c75fcd53957362
certmonger-debuginfo-0.56-1.el6.s390x.rpm	SHA-256: 53ef35366a8f6b8e26bc54b3601d0b57eb073f5b61dfe299c10302186c175918

Red Hat Enterprise Linux for Power, big endian 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
ppc64
certmonger-0.56-1.el6.ppc64.rpm	SHA-256: 15ea119e6d851a0d3dd6b7f0a52a1d652a3248ce8fe34d78e2bb07f3019aa896
certmonger-debuginfo-0.56-1.el6.ppc64.rpm	SHA-256: 091527356a94db3f664778920b6a27b3968289bb79b826d537dd0003f041f108

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
x86_64
certmonger-0.56-1.el6.x86_64.rpm	SHA-256: 30cdbfe3486a5d25ad95d343662ae410f10a60640a892648f37caf52d2960a45
certmonger-debuginfo-0.56-1.el6.x86_64.rpm	SHA-256: a28430d81a15b4633d26b2fa16dbef5417be09175b4030350084e51e1b05a89a

Red Hat Enterprise Linux Server from RHUI 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
x86_64
certmonger-0.56-1.el6.x86_64.rpm	SHA-256: 30cdbfe3486a5d25ad95d343662ae410f10a60640a892648f37caf52d2960a45
certmonger-debuginfo-0.56-1.el6.x86_64.rpm	SHA-256: a28430d81a15b4633d26b2fa16dbef5417be09175b4030350084e51e1b05a89a
i386
certmonger-0.56-1.el6.i686.rpm	SHA-256: e28139cc6b77a84d42409bfb816cab6e911762305ae97d4ee63be4b287e6799a
certmonger-debuginfo-0.56-1.el6.i686.rpm	SHA-256: ea2621c3d8648d94552ceae9e6da63316a14eda71eb79449d360e05e7b96d59d

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
certmonger-0.56-1.el6.src.rpm	SHA-256: cea38cb29522821a46b09f13b05d32c97803ace4d4b7314e3f6f0d724aac1daa
s390x
certmonger-0.56-1.el6.s390x.rpm	SHA-256: 6f22984fa793dcea66af94d7805e9c8db5b506e897e8a96527c75fcd53957362
certmonger-debuginfo-0.56-1.el6.s390x.rpm	SHA-256: 53ef35366a8f6b8e26bc54b3601d0b57eb073f5b61dfe299c10302186c175918