From 35ef2edb3fa48ee377a1623a4944543568f8b736 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Mon, 21 Feb 2022 21:48:14 +0100
Subject: [PATCH] Release 1.9.12.

---
 CHANGELOG.rst                                 | 24 +++++++++++++
 changelogs/changelog.yaml                     | 35 +++++++++++++++++++
 changelogs/fragments/1.9.12.yml               |  1 -
 .../402-x509_certificate-ownca-subject.yml    |  2 --
 ...ertificate_complete_chain-same-subject.yml |  2 --
 .../407-x509_certificate-signature.yml        |  8 -----
 6 files changed, 59 insertions(+), 13 deletions(-)
 delete mode 100644 changelogs/fragments/1.9.12.yml
 delete mode 100644 changelogs/fragments/402-x509_certificate-ownca-subject.yml
 delete mode 100644 changelogs/fragments/403-certificate_complete_chain-same-subject.yml
 delete mode 100644 changelogs/fragments/407-x509_certificate-signature.yml

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 6166985b..39739979 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,30 @@ Community Crypto Release Notes
 .. contents:: Topics
 
 
+v1.9.12
+=======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- certificate_complete_chain - allow multiple potential intermediate certificates to have the same subject (https://github.com/ansible-collections/community.crypto/issues/399, https://github.com/ansible-collections/community.crypto/pull/403).
+- x509_certificate - for the ``ownca`` provider, check whether the CA private key actually belongs to the CA certificate. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+- x509_certificate - regenerate certificate when the CA's public key changes for ``provider=ownca``. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+- x509_certificate - regenerate certificate when the CA's subject changes for ``provider=ownca`` (https://github.com/ansible-collections/community.crypto/issues/400, https://github.com/ansible-collections/community.crypto/pull/402).
+- x509_certificate - regenerate certificate when the private key changes for ``provider=selfsigned``. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+
+Known Issues
+------------
+
+- x509_certificate - when using the ``ownca`` provider with the ``pyopenssl`` backend, changing the CA's public key does not cause regeneration of the certificate (https://github.com/ansible-collections/community.crypto/pull/407).
+- x509_certificate - when using the ``ownca`` provider with the ``pyopenssl`` backend, it is possible to specify a CA private key which is not related to the CA certificate (https://github.com/ansible-collections/community.crypto/pull/407).
+- x509_certificate - when using the ``selfsigned`` provider with the ``pyopenssl`` backend, changing the private key does not cause regeneration of the certificate (https://github.com/ansible-collections/community.crypto/pull/407).
+
 v1.9.11
 =======
 
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
index 6c23db34..5c994d02 100644
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -550,6 +550,41 @@ releases:
     - 1.9.11.yml
     - 396-openssh_cert-host-cert-idempotence-fix.yml
     release_date: '2022-02-05'
+  1.9.12:
+    changes:
+      bugfixes:
+      - certificate_complete_chain - allow multiple potential intermediate certificates
+        to have the same subject (https://github.com/ansible-collections/community.crypto/issues/399,
+        https://github.com/ansible-collections/community.crypto/pull/403).
+      - x509_certificate - for the ``ownca`` provider, check whether the CA private
+        key actually belongs to the CA certificate. This fix only covers the ``cryptography``
+        backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+      - x509_certificate - regenerate certificate when the CA's public key changes
+        for ``provider=ownca``. This fix only covers the ``cryptography`` backend,
+        not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+      - x509_certificate - regenerate certificate when the CA's subject changes for
+        ``provider=ownca`` (https://github.com/ansible-collections/community.crypto/issues/400,
+        https://github.com/ansible-collections/community.crypto/pull/402).
+      - x509_certificate - regenerate certificate when the private key changes for
+        ``provider=selfsigned``. This fix only covers the ``cryptography`` backend,
+        not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+      known_issues:
+      - x509_certificate - when using the ``ownca`` provider with the ``pyopenssl``
+        backend, changing the CA's public key does not cause regeneration of the certificate
+        (https://github.com/ansible-collections/community.crypto/pull/407).
+      - x509_certificate - when using the ``ownca`` provider with the ``pyopenssl``
+        backend, it is possible to specify a CA private key which is not related to
+        the CA certificate (https://github.com/ansible-collections/community.crypto/pull/407).
+      - x509_certificate - when using the ``selfsigned`` provider with the ``pyopenssl``
+        backend, changing the private key does not cause regeneration of the certificate
+        (https://github.com/ansible-collections/community.crypto/pull/407).
+      release_summary: Regular bugfix release.
+    fragments:
+    - 1.9.12.yml
+    - 402-x509_certificate-ownca-subject.yml
+    - 403-certificate_complete_chain-same-subject.yml
+    - 407-x509_certificate-signature.yml
+    release_date: '2022-02-21'
   1.9.2:
     changes:
       release_summary: Bugfix release to fix the changelog. No other change compared
diff --git a/changelogs/fragments/1.9.12.yml b/changelogs/fragments/1.9.12.yml
deleted file mode 100644
index 1b14bd80..00000000
--- a/changelogs/fragments/1.9.12.yml
+++ /dev/null
@@ -1 +0,0 @@
-release_summary: Regular bugfix release.
diff --git a/changelogs/fragments/402-x509_certificate-ownca-subject.yml b/changelogs/fragments/402-x509_certificate-ownca-subject.yml
deleted file mode 100644
index 8a07e261..00000000
--- a/changelogs/fragments/402-x509_certificate-ownca-subject.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-bugfixes:
-  - "x509_certificate - regenerate certificate when the CA's subject changes for ``provider=ownca`` (https://github.com/ansible-collections/community.crypto/issues/400, https://github.com/ansible-collections/community.crypto/pull/402)."
diff --git a/changelogs/fragments/403-certificate_complete_chain-same-subject.yml b/changelogs/fragments/403-certificate_complete_chain-same-subject.yml
deleted file mode 100644
index d6d0d5b6..00000000
--- a/changelogs/fragments/403-certificate_complete_chain-same-subject.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-bugfixes:
-  - "certificate_complete_chain - allow multiple potential intermediate certificates to have the same subject (https://github.com/ansible-collections/community.crypto/issues/399, https://github.com/ansible-collections/community.crypto/pull/403)."
diff --git a/changelogs/fragments/407-x509_certificate-signature.yml b/changelogs/fragments/407-x509_certificate-signature.yml
deleted file mode 100644
index 72aed287..00000000
--- a/changelogs/fragments/407-x509_certificate-signature.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-bugfixes:
-  - "x509_certificate - for the ``ownca`` provider, check whether the CA private key actually belongs to the CA certificate. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407)."
-  - "x509_certificate - regenerate certificate when the CA's public key changes for ``provider=ownca``. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407)."
-  - "x509_certificate - regenerate certificate when the private key changes for ``provider=selfsigned``. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407)."
-known_issues:
-  - "x509_certificate - when using the ``ownca`` provider with the ``pyopenssl`` backend, it is possible to specify a CA private key which is not related to the CA certificate (https://github.com/ansible-collections/community.crypto/pull/407)."
-  - "x509_certificate - when using the ``ownca`` provider with the ``pyopenssl`` backend, changing the CA's public key does not cause regeneration of the certificate (https://github.com/ansible-collections/community.crypto/pull/407)."
-  - "x509_certificate - when using the ``selfsigned`` provider with the ``pyopenssl`` backend, changing the private key does not cause regeneration of the certificate (https://github.com/ansible-collections/community.crypto/pull/407)."