aboutsummaryrefslogtreecommitdiffstats
path: root/Changelog
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@debian.org>2023-01-25 03:32:04 +0100
committerGuilhem Moulin <guilhem@debian.org>2023-01-25 03:32:04 +0100
commit33687a2e3aea5ae69add7812315445ad23748fab (patch)
tree952a06618d7da373043debef8a8c28d4c8371385 /Changelog
parent2a981ac3829f27d3179eb6b6e682dc17cc9c4225 (diff)
parentb3af3526b293f396da02a6276ea86ca17dcd2d03 (diff)
Merge tag 'v0.8.1' into debian/latest
Release version 0.8.1
Diffstat (limited to 'Changelog')
-rw-r--r--Changelog34
1 files changed, 34 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index 9f12237..fc658bf 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,35 @@
+lacme (0.8.1) upstream;
+
+ + lacme-accountd: improve log messages and refactor logging logic.
+ + lacme-accountd: refuse to sign JWS with an invalid Protected Header.
+ + lacme: don't write certificate(-chain) file on chown/chmod failure.
+ + lacme: default mode for certificate(-chain) creation is 0644 minus
+ umask restrictions. Also, always spawn the client with umask 0022 so
+ a starting lacme(8) with a restrictive umask doesn't impede serving
+ challenge files.
+ + lacme: add 'owner' resp. 'mode' as (prefered) alias for 'chown' resp.
+ 'chmod'.
+ + lacme: split certificates using Net::SSLeay::PEM_* instead of calling
+ openssl.
+ + lacme: pass a temporary JSON file with the client configuration to
+ the internal client, so it doesn't have to parse the INI file again.
+ - lacme: in the [accountd] config, let lacme-accountd(1) do the
+ %-expansion for 'config', not lacme(8) when building the command.
+ - lacme-accountd: don't log debug messages unless --debug is set.
+ - lacme: when getpwnam()/getgrnam()'s errno is 0, exclude it from error
+ messages.
+ - tests/drop-privileges: ensure failure to drop privileges yields an
+ error instead of retaining root priviliges.
+ - tests/cert-install: include tests for failing chown(2) due to unknown
+ user/group name.
+ - lacme: ignore empty values in settings 'chown', 'chmod', 'certificate'
+ and 'certificate-chain'.
+ - lacme: return an error when the 'mode'/'chown' isn't a number.
+ - Makefile: replace '$(dir $@)' with '$(@D)'.
+ - Test suite: Adjust against current Let's Encrypt staging environment.
+
+ -- Guilhem Moulin <guilhem@fripost.org> Wed, 25 Jan 2023 03:23:51 +0100
+
lacme (0.8.0) upstream;
* Breaking change: 'challenge-directory' now needs to be set to an
@@ -218,6 +250,8 @@ lacme (0.2) upstream;
directories. New default "lacme-certs.conf lacme-certs.conf.d/".
- Minor manpage fixes
- More useful message upon Validation Challenge failure.
+ - If restricting access via umask() fails, don't include errno in the
+ error message as it's not set on failure.
-- Guilhem Moulin <guilhem@guilhem.org> Sat, 03 Dec 2016 16:40:56 +0100