diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 1440 |
1 files changed, 1440 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..764b3f0 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1440 @@ +ca-certificates (20240203) unstable; urgency=medium + + [ Jeffrey Walton ] + * update-ca-certificates man page updates + * fix shellcheck warnings (closes: #1058658, #981663) + + [ Gioele Barabucci ] + * Use standard dh sequence (closes: #1050112) + + [ Julien Cristau ] + * Update Mozilla certificate authority bundle to version 2.64 + The following certificate authorities were added (+): + + Atos TrustedRoot Root CA ECC TLS 2021 + + Atos TrustedRoot Root CA RSA TLS 2021 + + BJCA Global Root CA1 + + BJCA Global Root CA2 + + CommScope Public Trust ECC Root-01 + + CommScope Public Trust ECC Root-02 + + CommScope Public Trust RSA Root-01 + + CommScope Public Trust RSA Root-02 + + Sectigo Public Server Authentication Root E46 + + Sectigo Public Server Authentication Root R46 + + SSL.com TLS ECC Root CA 2022 + + SSL.com TLS RSA Root CA 2022 + + TrustAsia Global Root CA G3 + + TrustAsia Global Root CA G4 + The following certificate authorities were removed (-): + - Autoridad de Certificacion Firmaprofesional CIF A62634068 + - E-Tugra Certification Authority (closes: #1032916) + - E-Tugra Global Root CA ECC v3 + - E-Tugra Global Root CA RSA v3 + - Hongkong Post Root CA 1 + - TrustCor ECA-1 + - TrustCor RootCert CA-1 + - TrustCor RootCert CA-2 (closes: #1023945) + + -- Julien Cristau <jcristau@debian.org> Sun, 04 Feb 2024 10:41:43 +0100 + +ca-certificates (20230311) unstable; urgency=medium + + [ Đoàn Trần Công Danh ] + * ca-certificates: compat with non-GNU mktemp (closes: #1000847) + + [ Ilya Lipnitskiy ] + * certdata2pem.py: use UTC time when checking cert validity + + [ Julien Cristau ] + * Update Mozilla certificate authority bundle to version 2.60 + The following certificate authorities were added (+): + + "Autoridad de Certificacion Firmaprofesional CIF A62634068" + + "Certainly Root E1" + + "Certainly Root R1" + + "D-TRUST BR Root CA 1 2020" + + "D-TRUST EV Root CA 1 2020" + + "DigiCert TLS ECC P384 Root G5" + + "DigiCert TLS RSA4096 Root G5" + + "E-Tugra Global Root CA ECC v3" + + "E-Tugra Global Root CA RSA v3" + + "HARICA TLS ECC Root CA 2021" + + "HARICA TLS RSA Root CA 2021" + + "HiPKI Root CA - G1" + + "ISRG Root X2" + + "Security Communication ECC RootCA1" + + "Security Communication RootCA3" + + "Telia Root CA v2" + + "TunTrust Root CA" + + "vTrus ECC Root CA" + + "vTrus Root CA" + The following certificate authorities were removed (-): + - "Cybertrust Global Root" (expired) + - "EC-ACC" + - "GlobalSign Root CA - R2" (expired) + - "Hellenic Academic and Research Institutions RootCA 2011" + - "Network Solutions Certificate Authority" + - "Staat der Nederlanden EV Root CA" (expired) + * Drop trailing space from debconf template causing misformatting + (closes: #980821) + + [ Wataru Ashihara ] + * Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244) + + -- Julien Cristau <jcristau@debian.org> Sat, 11 Mar 2023 09:47:05 +0100 + +ca-certificates (20211016) unstable; urgency=low + + [ Michael Shuler ] + * Fix error on install when TEMPBUNDLE missing. Closes: #996005 + + -- Julien Cristau <jcristau@debian.org> Sat, 16 Oct 2021 18:09:43 +0200 + +ca-certificates (20211004) unstable; urgency=low + + [ Debian Janitor ] + * Fix day-of-week for changelog entry 20090624. + + [ Julien Cristau ] + * Create temporary ca-certificates.crt on the same file system. + Closes: #923784 + * Don't remove ca-certificates.crt before updating it, so it doesn't + go missing for a short while (closes: #920348). Thanks, Dimitris + Aragiorgis! + * Bump package priority from optional to standard. + * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority + bundle to version 2.50 + The following certificate authorities were added (+): + + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" + + "GlobalSign Root R46" + + "GlobalSign Root E46" + + "GLOBALTRUST 2020" + + "ANF Secure Server Root CA" + + "Certum EC-384 CA" + + "Certum Trusted Root CA" + The following certificate authorities were removed (-): + - "QuoVadis Root CA" + - "Sonera Class 2 Root CA" + - "GeoTrust Primary Certification Authority - G2" + - "VeriSign Universal Root Certification Authority" + - "Chambers of Commerce Root - 2008" + - "Global Chambersign Root - 2008" + - "Trustis FPS Root CA" + - "Staat der Nederlanden Root CA - G3" + * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) + * mozilla/certdata2pem.py: print a warning for expired certificates. + + -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200 + +ca-certificates (20210119) unstable; urgency=medium + + [ Julien Cristau ] + * New maintainer (closes: #976406) + * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority + bundle to version 2.46. + The following certificate authorities were added (+): + + "certSIGN ROOT CA G2" + + "e-Szigno Root CA 2017" + + "Microsoft ECC Root Certificate Authority 2017" + + "Microsoft RSA Root Certificate Authority 2017" + + "NAVER Global Root Certification Authority" + + "Trustwave Global Certification Authority" + + "Trustwave Global ECC P256 Certification Authority" + + "Trustwave Global ECC P384 Certification Authority" + The following certificate authorities were removed (-): + - "EE Certification Centre Root CA" + - "GeoTrust Universal CA 2" + - "LuxTrust Global Root 2" + - "OISTE WISeKey Global Root GA CA" + - "Staat der Nederlanden Root CA - G2" (closes: #962079) + - "Taiwan GRCA" + - "Verisign Class 3 Public Primary Certification Authority - G3" + + [ Michael Shuler ] + * mozilla/blacklist: + Revert Symantec CA blacklist (#911289). Closes: #962596 + The following root certificates were added back (+): + + "GeoTrust Primary Certification Authority - G2" + + "VeriSign Universal Root Certification Authority" + + [ Gianfranco Costamagna ] + * debian/{rules,control}: + Merge Ubuntu patch from Matthias Klose to use Python3 during build. + Closes: #942915 + + -- Julien Cristau <jcristau@debian.org> Tue, 19 Jan 2021 11:11:04 +0100 + +ca-certificates (20200601) unstable; urgency=medium + + * debian/control: + Set Standards-Version: 4.5.0.2 + Set Build-Depends: debhelper-compat (= 13) + * debian/copyright: + Replace tabs in license text + * mozilla/{certdata.txt,nssckbi.h}: + Update Mozilla certificate authority bundle to version 2.40. + Closes: #956411, #955038 + * mozilla/blacklist.txt + Add distrusted Symantec CA list to blacklist for explicit removal. + Closes: #911289 + Blacklist expired root certificate, "AddTrust External Root" + Closes: #961907 + The following certificate authorities were added (+): + + "Certigna Root CA" + + "emSign ECC Root CA - C3" + + "emSign ECC Root CA - G3" + + "emSign Root CA - C1" + + "emSign Root CA - G1" + + "Entrust Root Certification Authority - G4" + + "GTS Root R1" + + "GTS Root R2" + + "GTS Root R3" + + "GTS Root R4" + + "Hongkong Post Root CA 3" + + "UCA Extended Validation Root" + + "UCA Global G2 Root" + The following certificate authorities were removed (-): + - "AddTrust External Root" + - "Certinomis - Root CA" + - "Certplus Class 2 Primary CA" + - "Deutsche Telekom Root CA 2" + - "GeoTrust Global CA" + - "GeoTrust Primary Certification Authority" + - "GeoTrust Primary Certification Authority - G2" + - "GeoTrust Primary Certification Authority - G3" + - "GeoTrust Universal CA" + - "thawte Primary Root CA" + - "thawte Primary Root CA - G2" + - "thawte Primary Root CA - G3" + - "VeriSign Class 3 Public Primary Certification Authority - G4" + - "VeriSign Class 3 Public Primary Certification Authority - G5" + - "VeriSign Universal Root Certification Authority" + + -- Michael Shuler <michael@pbandjelly.org> Mon, 01 Jun 2020 11:45:49 -0500 + +ca-certificates (20190110) unstable; urgency=high + + * debian/control: + Depend on openssl (>= 1.1.1). + Set Standards-Version: 4.3.0.1. + Set Build-Depends: debhelper-compat (= 12); drop d/compat + Remove trailing whitespace from d/changelog. + * debian/ca-certificates.postinst: + Fix permissions on /usr/local/share/ca-certificates when using symlinks. + Closes: #916833 + * sbin/update-ca-certificates: + Remove orphan symlinks found in /etc/ssl/certs to prevent `openssl + rehash` from exiting with an error. Closes: #895482, #895473 + This will also fix removal of user CA certificates from /usr/local without + needing to run --fresh. Closes: #911303 + * mozilla/{certdata.txt,nssckbi.h}: + Update Mozilla certificate authority bundle to version 2.28. + The following certificate authorities were added (+): + + "GlobalSign Root CA - R6" + + "OISTE WISeKey Global Root GC CA" + The following certificate authorities were removed (-): + - "Certplus Root CA G1" + - "Certplus Root CA G2" + - "OpenTrust Root CA G1" + - "OpenTrust Root CA G2" + - "OpenTrust Root CA G3" + - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5" + - "Visa eCommerce Root" + + -- Michael Shuler <michael@pbandjelly.org> Thu, 10 Jan 2019 19:31:31 -0600 + +ca-certificates (20180409) unstable; urgency=medium + + [ Michael Shuler ] + * mozilla/{certdata.txt,nssckbi.h}: + Update Mozilla certificate authority bundle to version 2.22. + The following certificate authorities were added (+): + + "GDCA TrustAUTH R5 ROOT" + + "SSL.com EV Root Certification Authority ECC" + + "SSL.com EV Root Certification Authority RSA R2" + + "SSL.com Root Certification Authority ECC" + + "SSL.com Root Certification Authority RSA" + + "TrustCor ECA-1" + + "TrustCor RootCert CA-1" + + "TrustCor RootCert CA-2" + The following certificate authorities were removed (-): + - "ACEDICOM Root" + - "AddTrust Low-Value Services Root" + - "AddTrust Public Services Root" + - "AddTrust Qualified Certificates Root" + - "CA Disig Root R1" + - "CNNIC ROOT" + - "Camerfirma Chambers of Commerce Root" + - "Camerfirma Global Chambersign Root" + - "Certinomis - Autorité Racine" + - "Certum Root CA" + - "China Internet Network Information Center EV Certificates Root" + - "Comodo Secure Services root" + - "Comodo Trusted Services root" + - "DST ACES CA X6" + - "GeoTrust Global CA 2" + - "PSCProcert" + - "Security Communication EV RootCA1" + - "Swisscom Root CA 1" + - "Swisscom Root CA 2" + - "Swisscom Root EV CA 2" + - "TURKTRUST Certificate Services Provider Root 2007" + - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3" + - "UTN USERFirst Hardware Root CA" + * mozilla/blacklist.txt + Update blacklist to remove certificates no longer in certdata.txt and + explicitly ignore distrusted certificates. + * debian/copyright: + Fix lintian insecure-copyright-format-uri with https URL. + * debian/changelog: + Fix lintian file-contains-trailing-whitespace. + * debian/{compat,control}: + Set to debhelper compat 11. + * Update openssl dependency to >= 1.1.0 to support `openssl rehash` and drop + usage of `c_rehash` script. Closes: #895075 + + [ Thijs Kinkhorst ] + * Remove Christian Perrier from uploaders at his request (closes: #894070). + * Checked for policy 4.1.4, no changes. + + -- Michael Shuler <michael@pbandjelly.org> Mon, 09 Apr 2018 18:43:49 -0500 + +ca-certificates (20170717) unstable; urgency=medium + + * Update to Standards-Version: 4.0.1 + * debian/ca-certificates.postinst: + Prevent postinst failure on read-only /usr/local. Closes: #843722 + * mozilla/certdata2pem.py: + Remove email-only roots from mozilla trust store. Closes: #721976 + * mozilla/{certdata.txt,nssckbi.h}: + Update Mozilla certificate authority bundle to version 2.14. + Closes: #858064 + The following certificate authorities were added (+): + + "AC RAIZ FNMT-RCM" + + "Amazon Root CA 1" + + "Amazon Root CA 2" + + "Amazon Root CA 3" + + "Amazon Root CA 4" + + "D-TRUST Root CA 3 2013" + + "LuxTrust Global Root 2" + + "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" + The following certificate authorities were removed (-): + - "AC Raiz Certicamara S.A." + - "ApplicationCA - Japanese Government" + - "Buypass Class 2 CA 1" + - "ComSign CA" + - "EBG Elektronik Sertifika Hizmet Saglayicisi" + - "Equifax Secure CA" + - "Equifax Secure eBusiness CA 1" + - "Equifax Secure Global eBusiness CA" + - "IGC/A" + - "Juur-SK" + - "Microsec e-Szigno Root CA" + - "Root CA Generalitat Valenciana" + - "RSA Security 2048 v3" + - "S-TRUST Authentication and Encryption Root CA 2005 PN" + - "S-TRUST Universal Root CA" + - "SwissSign Platinum CA - G2" + - "TC TrustCenter Class 3 CA II" + - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6" + - "UTN USERFirst Email Root CA" + - "Verisign Class 1 Public Primary Certification Authority" + - "Verisign Class 1 Public Primary Certification Authority - G3" + - "Verisign Class 2 Public Primary Certification Authority - G2" + - "Verisign Class 2 Public Primary Certification Authority - G3" + - "Verisign Class 3 Public Primary Certification Authority" + - "WellsSecure Public Root Certificate Authority" + + -- Michael Shuler <michael@pbandjelly.org> Thu, 20 Jul 2017 00:18:08 -0500 + +ca-certificates (20161130+nmu1) unstable; urgency=medium + + * Non-maintainer upload. + * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are + now untrusted by the major browser vendors. Closes: #858539 + + -- Chris Lamb <lamby@debian.org> Fri, 19 May 2017 16:53:16 +0200 + +ca-certificates (20161130) unstable; urgency=medium + + [ Philipp Kern ] + * Add ca-certificates udeb package. Closes: #845456 + + [ Michael Shuler ] + * debian/{compat,control}: + Update to compat level 10 and debhelper (>= 10) + Shorten package description. + * debian/po/id.po + Update Indonesian debconf translation file for build time line reorder + + -- Michael Shuler <michael@pbandjelly.org> Wed, 30 Nov 2016 21:20:53 -0600 + +ca-certificates (20161102) unstable; urgency=medium + + [ Michael Shuler ] + * debian/control: + Update to Standards-Version: 3.9.8 + Update to Vcs-Browser/Vcs-Git: https URLs + * mozilla/{certdata.txt,nssckbi.h}: + Update Mozilla certificate authority bundle to version 2.9. + Thanks for the initial 2.7 patch, Jonathan Wiltshire. Closes: #828845 + The following certificate authorities were added (+): + + "Certplus Root CA G1" + + "Certplus Root CA G2" + + "Certum Trusted Network CA 2" + + "Hellenic Academic and Research Institutions ECC RootCA 2015" + + "Hellenic Academic and Research Institutions RootCA 2015" + + "ISRG Root X1" + + "OpenTrust Root CA G1" + + "OpenTrust Root CA G2" + + "OpenTrust Root CA G3" + + "SZAFIR ROOT CA2" + The following certificate authorities were removed (-): + - "CA Disig" + - "NetLock Business (Class B) Root" + - "NetLock Express (Class C) Root" + - "NetLock Notary (Class A) Root" + - "NetLock Qualified (Class QA) Root" + - "Sonera Class 1 Root CA" + - "Staat der Nederlanden Root CA" + - "Verisign Class 1 Public Primary Certification Authority - G2" + - "Verisign Class 3 Public Primary Certification Authority" + - "Verisign Class 3 Public Primary Certification Authority - G2" + + [ Andreas Beckmann ] + * debian/postinst: + Run update-certificates without hooks to initially populate + /etc/ssl/certs. (The hooks are deferred to the noawait trigger.) + Closes: #825730 + + [ Izharul Haq ] + * debian/po/id.po: + Add Indonesian debconf translation. Thank you, Izharul! Closes: #835156 + + -- Michael Shuler <michael@pbandjelly.org> Wed, 02 Nov 2016 21:15:03 -0500 + +ca-certificates (20160104) unstable; urgency=medium + + * debian/rules: + Sort certificate list for reproducible builds. Closes: #808711 + * mozilla/certdata2pem.py: + Drop old CK*_NETSCAPE trust flag checks + + -- Michael Shuler <michael@pbandjelly.org> Mon, 04 Jan 2016 11:08:26 -0600 + +ca-certificates (20151214) unstable; urgency=medium + + * Removed SPI CA. Closes: #796208 + * debian/{compat,control}: + Updated d/compat to version 9 and updated Build-Depends. + * debian/postinst: + Handle /usr/local/share/ca-certificates permissions and ownership on + upgrade. Closes: #611501 + * mozilla/certdata2pem.py: + Add Python 3 support to ca-certificates. + Thanks to Andrew Wilcox and Richard Ipsum for the patch! Closes: #789753 + * sbin/update-ca-certificates: + Update local certificates directory when calling --fresh. + Thanks for the patch, Daniel Lutz! Closes: #783615 + * mozilla/{certdata.txt,nssckbi.h}: + Update Mozilla certificate authority bundle to version 2.6. + The following certificate authorities were added (+): + + "CA WoSign ECC Root" + + "Certification Authority of WoSign G2" + + "Certinomis - Root CA" + + "OISTE WISeKey Global Root GB CA" + + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5" + + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6" + The following certificate authorities were removed (-): + - "A-Trust-nQual-03" + - "Buypass Class 3 CA 1" + - "ComSign Secured CA" + - "Digital Signature Trust Co. Global CA 1" + - "Digital Signature Trust Co. Global CA 3" + - "SG TRUST SERVICES RACINE" + - "TC TrustCenter Class 2 CA II" + - "TC TrustCenter Universal CA I" + - "TURKTRUST Certificate Services Provider Root 1" + - "TURKTRUST Certificate Services Provider Root 2" + - "UTN DATACorp SGC Root CA" + - "Verisign Class 4 Public Primary Certification Authority - G3" + + -- Michael Shuler <michael@pbandjelly.org> Mon, 14 Dec 2015 18:51:50 -0600 + +ca-certificates (20150426) unstable; urgency=medium + + * debian/postinst: + Set mode and group of /usr/local/share/ca-certificates based on current + /usr/local permissions and ownership. Closes: #611501 + * sbin/update-ca-certificates: + Allow customisation of the paths used by update-ca-certificates. + Add an option to set the certs in a directory to the defaults. + Thanks for the patches, Paul Wise. Closes: #774059, #774201 + Fix shellcheck warnings and a little indentation. + * sbin/update-ca-certificates.8: + Correct concatenated file name in man page from certificates.crt to + ca-certificates.crt. Closes: #782230 + * mozilla/{certdata.txt,nssckbi.h}: + Update Mozilla certificate authority bundle to version 2.4. + The following certificate authorities were added (+): + + "CFCA EV ROOT" + + "COMODO RSA Certification Authority" + + "Entrust Root Certification Authority - EC1" + + "Entrust Root Certification Authority - G2" + + "GlobalSign ECC Root CA - R4" + + "GlobalSign ECC Root CA - R5" + + "IdenTrust Commercial Root CA 1" + + "IdenTrust Public Sector Root CA 1" + + "S-TRUST Universal Root CA" + + "Staat der Nederlanden EV Root CA" + + "Staat der Nederlanden Root CA - G3" + + "USERTrust ECC Certification Authority" + + "USERTrust RSA Certification Authority" Closes: #762709 + The following certificate authorities were removed (-): + - "America Online Root Certification Authority 1" + - "America Online Root Certification Authority 2" + - "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" + - "GTE CyberTrust Global Root" + - "Thawte Premium Server CA" + - "Thawte Server CA" + + -- Michael Shuler <michael@pbandjelly.org> Sun, 26 Apr 2015 10:37:48 -0500 + +ca-certificates (20141019) unstable; urgency=medium + + * debian/copyright: + Add coverage for all files reported by lintian + file-without-copyright-information warning. + * debian/source/lintian-overrides: + Add file-without-copyright-information override for SPI certificate file. + * sbin/update-ca-certificates: + Restore SELinux label after generating ca-certificates.crt file. + Thanks to Laurent Bigonville for the patch. Closes: #742957 + Tidy indentation whitespace. + Thanks to Antonio Terceiro for the patch. Closes: #742663 + * debian/control: + Update to Standards-Version: 3.9.6 (no other changes needed). + Update Vcs-Browser link to cgit URL. + + -- Michael Shuler <michael@pbandjelly.org> Sun, 19 Oct 2014 10:36:49 -0500 + +ca-certificates (20140927) unstable; urgency=medium + + * Update Mozilla certificate authority bundle to version 2.1. + The following certificate authorities were added (+): + + "DigiCert Assured ID Root G2" + + "DigiCert Assured ID Root G3" + + "DigiCert Global Root G2" + + "DigiCert Global Root G3" + + "DigiCert Trusted Root G4" + + "QuoVadis Root CA 1 G3" + + "QuoVadis Root CA 2 G3" + + "QuoVadis Root CA 3 G3" + + "WoSign" + + "WoSign China" + The following certificate authorities were removed (-): + - "Entrust.net Secure Server CA" + - "RSA Root Certificate 1" + - "TDC Internet Root CA" + - "ValiCert Class 1 VA" + - "ValiCert Class 2 VA" + * Include clear list of CAs added/removed, as above, and include better note + in README.Debian for trust reconfiguration. Closes: #743365 + * Remove debian/config in debian/rules clean target. + * Include d/{changelog,NEWS} entries in 20140223 for duplicate CKA_LABEL + rename of "StartCom Certification Authority"_2. + + -- Michael Shuler <michael@pbandjelly.org> Sat, 27 Sep 2014 15:14:00 -0500 + +ca-certificates (20140325) unstable; urgency=medium + + * Update mozilla/certdata.txt to version 1.97+revert_of_936304 + Mozilla reverted the removal of 1024-bit root certificates for + Entrust.net, GTE CyberTrust, and ValiCert (RSA), but did not update the + version number in nssckbi.h. + Certificates added (+) (none removed): + + "Entrust.net Secure Server CA" + + "GTE CyberTrust Global Root" + + "RSA Root Certificate 1" + + "ValiCert Class 1 VA" + + "ValiCert Class 2 VA" + + -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Mar 2014 13:28:19 -0500 + +ca-certificates (20140223) unstable; urgency=medium + + * No longer ship cacert.org certificates. Closes: #718434, LP: #1258286 + * Fix certdata2pem.py for multiple CAs using the same CKA_LABEL. Thanks + to Marc Deslauriers for the patch. Closes: #683403, LP: #1031333 + * Sort local CA certificates on update-ca-certificates runs. Thanks to + Vaclav Ovsik for the suggestion and patch. Closes: #727136 + * Add trailing newline to certificate, if it is missing. Closes: #635570 + * Update mozilla/certdata.txt to version 1.97. + Certificates added (+), removed (-), and renamed (~): + + "ACCVRAIZ1" + + "Atos TrustedRoot 2011" + + "E-Tugra Certification Authority" + + "SG TRUST SERVICES RACINE" + + "StartCom Certification Authority" + ~ "StartCom Certification Authority"_2 + (both StartCom CAs now included with duplicate CKA_LABEL fix) + + "T-TeleSec GlobalRoot Class 2" + + "TWCA Global Root CA" + + "TeliaSonera Root CA v1" + + "Verisign Class 3 Public Primary Certification Authority" + ~ "Verisign Class 3 Public Primary Certification Authority"_2 + (both Verisign Class 3 CAs now included with duplicate CKA_LABEL fix) + - "Entrust.net Secure Server CA" + - "Firmaprofesional Root CA" + - "GTE CyberTrust Global Root" + - "RSA Root Certificate 1" + - "TDC OCES Root CA" + - "ValiCert Class 1 VA" + - "ValiCert Class 2 VA" + - "Wells Fargo Root CA" + + -- Michael Shuler <michael@pbandjelly.org> Sun, 23 Feb 2014 23:22:29 -0600 + +ca-certificates (20130906) unstable; urgency=low + + * Add ca-certificates-local source package example to documentation + * Update local certificate handling in README.Debian. + Closes: #718173, LP: #487845 + * Update CA inclusion policy for ca-certificates in README.Debian. With + the exception of SPI and CAcert, only those CAs included in Mozilla's + trust store will be included in ca-certificates in Debian. + Closes: #647848, LP: #103074 + * Clarify that not all software that uses SSL uses ca-certificates in + README.Debian. Closes: #664769 + * Add mozilla/nssckbi.h to source, since certdata.txt no longer contains + a version number. + * Update debian/copyright to "Copyright: Mozilla Contributors" for + mozilla/{certdata.txt,nssckbi.h}. + * Update mozilla/certdata.txt to version 1.94 + Certificates added (+) and removed (-): + + "CA Disig Root R1" + + "CA Disig Root R2" + + "China Internet Network Information Center EV Certificates Root" + + "D-TRUST Root Class 3 CA 2 2009" + + "D-TRUST Root Class 3 CA 2 EV 2009" + + "PSCProcert" + + "Swisscom Root CA 2" + + "Swisscom Root EV CA 2" + + "TURKTRUST Certificate Services Provider Root 2007" + - "Equifax Secure eBusiness CA 2" + - "TC TrustCenter Universal CA III" + + -- Michael Shuler <michael@pbandjelly.org> Fri, 06 Sep 2013 11:31:06 -0500 + +ca-certificates (20130610) unstable; urgency=low + + [ Michael Shuler ] + * Install CAcert root and class3 certificates individually, no longer + installing the concatenation of the two. The individual certificates + are installed as cacert.org_root.crt and cacert.org_class3.crt for ease + of identification. Additionally, this allows openssl maintainers to drop + a problematic patch to c_rehash for handling multi-certificate files. + (see #642314) Closes: #692323 + * Update Vcs-* fields for lintian vcs-field-not-canonical + * Update to machine-readable debian/copyright file v1.0 + + [ Thijs Kinkhorst ] + * Drop upgrading code for upgrades from Debian Etch and earlier. + * Remove obsolete debconf.org CA certificate. DebConf now uses an + intermediate certificate signed by SPI. (Closes: #693405) + * Remove obsolete SPI CA certiticate. + * Update Standards-Version: 3.9.4 (no changes needed) + * Clean up man page (LP: #850997). + + -- Thijs Kinkhorst <thijs@debian.org> Mon, 10 Jun 2013 19:52:15 +0200 + +ca-certificates (20130119) unstable; urgency=low + + * Update mozilla/certdata.txt to version 1.87 Closes: #697366 + Certificates removed (-) (none added): + - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" + * Remove unneeded and confusing usage of interest-noawait; remove unneeded + Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch. + Closes: #537051 + + -- Michael Shuler <michael@pbandjelly.org> Sat, 19 Jan 2013 14:02:09 -0600 + +ca-certificates (20121114) unstable; urgency=low + + [ Don Armstrong ] + * Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051. + * Provide update-ca-certificates and update-ca-certificates-fresh + triggers. + * Call the triggers using no-await so that the configuration files from + the newer version of ca-certificates-java are in places before the + upgrade. Closes: #537051. + + [ Michael Shuler ] + * Add note to previous mozilla/certdata.txt changelog entry to document + CKT_NSS_MUST_VERIFY_TRUST changes. + + -- Michael Shuler <michael@pbandjelly.org> Wed, 14 Nov 2012 23:58:59 -0600 + +ca-certificates (20121105) unstable; urgency=low + + * Update mozilla/certdata.txt to version 1.86 Closes: #683728 + - Replace legacy "no explicit trust" flag of CKT_NSS_TRUST_UNKNOWN for + CKT_NSS_MUST_VERIFY_TRUST, instead of a mix of both flags: + https://bugzilla.mozilla.org/show_bug.cgi?id=757189 + This upstream fix does not change the CA certificates installed in + ca-certificates as both flags are ignored. Only those CA certificates + with the CKT_NSS_TRUSTED_DELEGATOR flag in certdata.txt are installed. + Certificates added (+) (none removed): + + "Actalis Authentication Root CA" + + "Trustis FPS Root CA" + + "StartCom Certification Authority" (renewal/rehash) + + "StartCom Certification Authority G2" + + "Buypass Class 2 Root CA" + + "Buypass Class 3 Root CA" + + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" + + "T-TeleSec GlobalRoot Class 3" + + "EE Certification Centre Root CA" + * Correct piuparts package remove/purge behavior Closes: #682125 + - Remove deletes of /etc/ssl{,/certs} from debian/postrm + + -- Michael Shuler <michael@pbandjelly.org> Mon, 05 Nov 2012 10:56:05 -0600 + +ca-certificates (20120623) unstable; urgency=low + + * Add Polish translation, thanks to Michał Kułach. Closes: #660002 + * Add Turkish translation, thanks to Atila KOÇ. Closes: #661785 + * Correct update-ca-certificates(8) alignment Closes: #666932 + * Add note to update-ca-certificates(8) about .crt extension needed for + CA certificates in /usr/local/share/ca-certificates Closes: #595279 + * Update mozilla/certdata.txt to version 1.83 + Mozilla Public License updated to v2.0 + (no added/removed CAs) + * Update debian/copyright to: + - reflect MPL v2.0 update for mozilla/certdata.txt + - specify GPL-2 instead of GPL symlink + * Update debian/NEWS with added/removed certs from 20111211 and 20120212 + * Update to Standards-Version: 3.9.3 (no changes needed) + + -- Michael Shuler <michael@pbandjelly.org> Sat, 23 Jun 2012 09:16:54 -0500 + +ca-certificates (20120212) unstable; urgency=low + + * Update mozilla/certdata.txt to version 1.81 + Certificates added (+) and removed (-): + + "Security Communication RootCA2" + + "EC-ACC" + + "Hellenic Academic and Research Institutions RootCA 2011" + - "Verisign Class 2 Public Primary Certification Authority" + - "Verisign Class 4 Public Primary Certification Authority - G2" + - "TC TrustCenter, Germany, Class 2 CA" + - "TC TrustCenter, Germany, Class 3 CA" + * Add notice to README.Debian deprecating CA inclusions and refer to + #647848 for Debian CA Certificate Policy discussion. + + -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600 + +ca-certificates (20111211) unstable; urgency=low + + * Clarify CA audit note in package description and README.debian. Thanks + to C.J. Adams-Collier for the patch. Closes: #594383 + * Remove French Government IGC/A CA certificates. The RSA certificate is + included in the Mozilla bundle and the DSA certificate is not in use. + Closes: #646767 + * Remove expired signet.pl CAs. Closes: #647849 + * Remove expired brasil.gov.br CA. + * Edit 20111025 changelog/NEWS entries to correctly list installed CAs + * Use 'set -e' in body of debian/postinst + * Update mozilla/certdata.txt to version 1.80 + (no added/removed CAs) + * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data + + -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600 + +ca-certificates (20111025) unstable; urgency=low + + [ Michael Shuler ] + * Add 3.0 (native) source format + * Add Vcs-Git/Browser fields + * Add myself as new Maintainer with Uploaders Closes: #588219 + * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13) + Certificates added (+) and removed (-): + + "AffirmTrust Commercial" + + "AffirmTrust Networking" + + "AffirmTrust Premium" + + "AffirmTrust Premium ECC" + + "A-Trust-nQual-03" + + "Certinomis - Autorité Racine" + + "Certum Trusted Network CA" + + "Go Daddy Root Certificate Authority - G2" + + "Root CA Generalitat Valenciana" + + "Starfield Root Certificate Authority - G2" + + "Starfield Services Root Certificate Authority - G2" + + "TWCA Root Certification Authority" + - "AOL Time Warner Root Certification Authority 1" + - "AOL Time Warner Root Certification Authority 2" + - "DigiNotar Root CA" + - "Entrust.net Global Secure Personal CA" + - "Entrust.net Global Secure Server CA" + - "Entrust.net Secure Personal CA" + - "IPS Chained CAs root" + - "IPS CLASE1 root" + - "IPS CLASE3 root" + - "IPS CLASEA1 root" + - "IPS CLASEA3 root" + - "IPS Timestamping root" + - "Thawte Personal Freemail CA" + - "Thawte Time Stamping CA" + * Update CAcert-Class 3-Subroot-certificate Closes: #630232 + + [ Steve Langasek ] + * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of + the way before calling c_rehash, so that symlinks don't accidentally get + pointed here, breaking openssl certificate verification LP: #854927 + + [ Loïc Minier ] + * Drop bogus c_rehash on upgrades, which caused issue when + ca-certificates.crt was still in place; instead, call + update-ca-certificates --fresh on upgrades to this version, and + the usual update-ca-certificates otherwise Closes: #643667, #537382 + + -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500 + +ca-certificates (20111022) unstable; urgency=low + + * QA upload. + * Fix pending l10n issues. Debconf translations: + - German (Helge Kreutzmann). Closes: #634000 + - French (Christian Perrier). Closes: #634092 + - Russian (Yuri Kozlov). Closes: #635146 + - Swedish (Martin Bagge / brother). Closes: #640622 + - Slovak (Slavko). Closes: #641987 + - Spanish; (Javier Fernández-Sanguino). Closes: #642359 + - Japanese (Kenshi Muto). Closes: #644828 + - Czech (Miroslav Kure). Closes: #644843 + - Danish (Joe Hansen). Closes: #644854 + - Italian (Luca Monducci). Closes: #645004 + - Dutch; (Jeroen Schot). Closes: #645090 + - Portuguese (Miguel Figueiredo). Closes: #645126 + - Galician (Jorge Barreiro). Closes: #645138 + - Catalan; (Jordi Mallach). Closes: #645182 + - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526 + * Split Choices in debconf templates + * Add build-arch and build-indep build targets + * Bump debhelper compatibility level to 8 + * Bump Standards to 3.9.2 (checked) + * Replace "dh_clean -k" by dh_prep + + -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200 + +ca-certificates (20110502+nmu1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Blacklist "DigiNotar Root CA" (Closes: #639744) + + -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500 + +ca-certificates (20110502) unstable; urgency=low + + * QA upload. + * Mark the package as multi-arch:foreign. (Closes: #622323) + * Use db_settitle in config script to allow translations of the + dialog title; thanks to Frans Pop. (Closes: #560314) + + -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200 + +ca-certificates (20110421) unstable; urgency=low + + * QA upload. + * Package is orphaned, set maintainer to QA group + * Depend on openssl 1.0.0 and force a call of c_rehash so that we have + both the old and new style of symlinks. (Closes: #611102) + * Remove libssl0.9.8 from enhances + * Update mozilla certdata.txt file to the latest version. + Removed: + - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt + - beTRUSTed_Root_CA-Baltimore_Implementation.crt + - beTRUSTed_Root_CA.crt + - beTRUSTed_Root_CA_-_Entrust_Implementation.crt + - beTRUSTed_Root_CA_-_RSA_Implementation.crt + - Digital_Signature_Trust_Co._Global_CA_2.crt + - Digital_Signature_Trust_Co._Global_CA_4.crt + - Entrust.net_Global_Secure_Personal_CA.crt + - Entrust.net_Global_Secure_Server_CA.crt + - Entrust.net_Secure_Personal_CA.crt + - GTE_CyberTrust_Root_CA.crt + - IPS_Chained_CAs_root.crt + - IPS_CLASE1_root.crt + - IPS_CLASE3_root.crt + - IPS_CLASEA1_root.crt + - IPS_CLASEA3_root.crt + - IPS_Servidores_root.crt + - IPS_Timestamping_root.crt + - RSA_Security_1024_v3.crt + - StartCom_Ltd..crt + - Thawte_Personal_Basic_CA.crt + - Thawte_Personal_Premium_CA.crt + - UTN-USER_First-Network_Applications.crt + - Verisign_RSA_Secure_Server_CA.crt + - Verisign_Time_Stamping_Authority_CA.crt + - Visa_International_Global_Root_2.crt + Added: + - ACEDICOM_Root.crt + - AC_Raíz_Certicámara_S.A..crt + - ApplicationCA_-_Japanese_Government.crt + - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt + - Buypass_Class_2_CA_1.crt + - Buypass_Class_3_CA_1.crt + - CA_Disig.crt + - Certigna.crt + - certSIGN_ROOT_CA.crt + - Chambers_of_Commerce_Root_-_2008.crt + - CNNIC_ROOT.crt + - ComSign_CA.crt + - ComSign_Secured_CA.crt + - Cybertrust_Global_Root.crt + - Deutsche_Telekom_Root_CA_2.crt + - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt + - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt + - ePKI_Root_Certification_Authority.crt + - GeoTrust_Primary_Certification_Authority_-_G2.crt + - GeoTrust_Primary_Certification_Authority_-_G3.crt + - Global_Chambersign_Root_-_2008.crt + - GlobalSign_Root_CA_-_R3.crt + - Hongkong_Post_Root_CA_1.crt + - IGC_A.crt + - Izenpe.com.crt + - Juur-SK.crt + - Microsec_e-Szigno_Root_CA_2009.crt + - Microsec_e-Szigno_Root_CA.crt + - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt + - OISTE_WISeKey_Global_Root_GA_CA.crt + - SecureSign_RootCA11.crt + - Security_Communication_EV_RootCA1.crt + - Staat_der_Nederlanden_Root_CA_-_G2.crt + - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt + - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt + - TC_TrustCenter_Class_2_CA_II.crt + - TC_TrustCenter_Class_3_CA_II.crt + - TC_TrustCenter_Universal_CA_I.crt + - TC_TrustCenter_Universal_CA_III.crt + - thawte_Primary_Root_CA_-_G2.crt + - thawte_Primary_Root_CA_-_G3.crt + - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt + - VeriSign_Universal_Root_Certification_Authority.crt + Changed: + - Verisign_Class_1_Public_Primary_Certification_Authority.crt + - Verisign_Class_3_Public_Primary_Certification_Authority.crt + * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla. + * String decode the mozilla certdata.txt so the filenames show up as + proper UTF-8 strings. + + -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200 + +ca-certificates (20090814+nmu3) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - French (Christian Perrier). Closes: #594231 + - Danish (Joe Hansen). Closes: #601129 + - Catalan (Jordi Mallach). Closes: #601089 + - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633 + + -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100 + +ca-certificates (20090814+nmu2) unstable; urgency=low + + * Non-maintainer upload. + * Fixes buggy shell functions included in the postinst script. + (Closes: #591607) + + -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300 + +ca-certificates (20090814+nmu1) unstable; urgency=low + + * Non-maintainer upload. + * Preserve user changes to the /etc/ca-certificates.conf. + (Closes: #514220) + + -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400 + +ca-certificates (20090814) unstable; urgency=low + + * Call Debconf and its db_purge as early as possible in postrm. + (Closes: #541275) + + -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200 + +ca-certificates (20090709) unstable; urgency=low + + * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331) + + -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200 + +ca-certificates (20090708) unstable; urgency=low + + * Removed CA files: + - cacert.org/root.crt and cacert.org/class3.crt: + Both certificate files were deprecated with 20080809. Users of these + root certificates are encouraged to switch to + `cacert.org/cacert.org.crt' which contains both class 1 and class 3 + roots joined in a single file. + - quovadis.bm/QuoVadis_Root_Certification_Authority.crt: + This certificate has been added into the Mozilla truststore and + is available as `mozilla/QuoVadis_Root_CA.crt'. + * Do not redirect c_rehash error messages to /dev/null. + (Closes: #495224) + * Remove dangling symlinks on purge, which also gets rid of the hash + symlink for ca-certificates.crt. (Closes: #475240) + * Use subshells when grepping for certificates in config, avoiding + SIGPIPE because of grep's immediate exit after it finds the pattern. + (Closes: #486737) + * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to + Robby Workman of Slackware. + * Updated Standards-Version and FSF portal address in the copyright file. + + -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200 + +ca-certificates (20090701) unstable; urgency=low + + * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674) + Rationale: The rogue collision CA has its validity period in the past. + Thus it does not impose a risk upon us at the moment. + * Restrict search for local certificates to add on files ending with '.crt'. + * Canonicalize PEM names by applying the same set of substitions to + local and other certificates like the Mozilla certdata dumper does. + + -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200 + +ca-certificates (20090624) unstable; urgency=low + + * Allow local certificate installation. All certificates found + in `/usr/local/share/ca-certificates' will be automatically added + to the list of trusted certificates in `/etc/ssl/certs'. + (Closes: #352637, #419491, #473677, #476663, #511150) + * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision + 1.51): + + COMODO ECC Certification Authority + + DigiNotar Root CA + + Network Solutions Certificate Authority + + WellsSecure Public Root Certificate Authority + - Equifax Secure Global eBusiness CA + - UTN USERFirst Object Root CA + * Reimplemented the Mozilla certdata parser mainly to exclude explicitly + untrusted certificates. This led to the exclusion of the + "MD5 Collisions Forged Rogue CA 23c3" and its parent + "Equifax Secure Global eBusiness CA". Furthermore code signing-only + certificates are no longer included neither. + * Remove the purging of old PEM files in postinst dating back to + versions earlier than 20030414. + * Hooks are now called at every invocation of `update-ca-certificates'. + If no changes were done to `/etc/ssl/certs', the input for the + hooks will be empty, though. Failure exit codes of hooks will not + tear down the upgrade process anymore. They are printed but ignored. + + -- Philipp Kern <pkern@debian.org> Wed, 24 Jun 2009 21:04:08 +0200 + +ca-certificates (20081127) unstable; urgency=low + + * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes: + #454334) + + -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100 + +ca-certificates (20080809) unstable; urgency=low + + * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates. + This file can be used for proper certificate chaining if CACert + server certificates are used. The old class3.pem and root.pem + certificates are deprecated. This new file could safely serve as + a replacement for both. (Closes: #494343) + * This also reintroduces the old name for the CACert certificate, + thus closing a long-standing bug about its rename to root.crt. + (Closes: #413766) + + -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300 + +ca-certificates (20080617) unstable; urgency=low + + * Added French Government's IGC/A CA (both DSA and RSA). + (Closes: #416470) + + -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200 + +ca-certificates (20080616) unstable; urgency=low + + * Fix installation on pt_BR locales. The problem was caused by the + .templates choices strings being marked for translation, with pt_BR + being the only language which actually translated them. Thanks to + Ubuntu for the fix, which needs to be around until Lenny is released + or six months have passed, whichever is later. (Closes: #472507) + * Drop Fumitoshi from the list of maintainers. Farewell! + * Bump Standards-Version to 3.8.0. + + -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200 + +ca-certificates (20080514) unstable; urgency=medium + + * Added the new SPI CA certificate, created in response to the latest + openssl security update. + * Removed old SPI CA certificates (2006, 2007) as CAs cannot be + revoked sensibly. Expired CA created in 2003, expired in 2007 left + around for reference. + * Updated the Galician translation, thanks to Glennie Vignarajah. + (Closes: #416470) + + -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200 + +ca-certificates (20080411) unstable; urgency=low + + * Added the current SPI CA certificate, used by Debian's infrastructure. + * Added Deutsche Telekom Root CA 2, which is used by German institutions + through the DFN PKI. + * Updated mozilla certificates from trunk, which led to the following + adds (+) and removes (-): + + Camerfirma Chambers of Commerce Root + + Camerfirma Global Chambersign Root + + Certplus Class 2 Primary CA + + COMODO Certification Authority + + DigiCert Assured ID Root CA + + DigiCert Global Root CA + + DigiCert High Assurance EV Root CA + + DST ACES CA X6 + + DST Root CA X3 + + Entrust Root Certification Authority + + Firmaprofesional Root CA + + GeoTrust Global CA 2 + + GeoTrust Primary Certification Authority + + GeoTrust Universal CA + + GeoTrust Universal CA 2 + + GlobalSign Root CA - R2 + + Go Daddy Class 2 CA + + NetLock Business (Class B) Root + + NetLock Express (Class C) Root + + NetLock Notary (Class A) Root + + NetLock Qualified (Class QA) Root + + QuoVadis Root CA 2 + + QuoVadis Root CA 3 + + Secure Global CA + + SecureTrust CA + + Starfield Class 2 CA + + StartCom Certification Authority + + StartCom Ltd. + + Swisscom Root CA 1 + + SwissSign Gold CA - G2 + + SwissSign Platinum CA - G2 + + SwissSign Silver CA - G2 + + Taiwan GRCA + + thawte Primary Root CA + + TURKTRUST Certificate Services Provider Root 1 + + TURKTRUST Certificate Services Provider Root 2 + + VeriSign Class 3 Public Primary Certification Authority - G5 + + Wells Fargo Root CA + + XRamp Global CA Root + - Verisign Class 1 Public Primary OCSP Responder + - Verisign Class 2 Public Primary OCSP Responder + - Verisign Class 3 Public Primary OCSP Responder + - Verisign Secure Server OCSP Responder + (Closes: #447062, #456581) + * Updated the Russian debconf translation, thanks to Mikhail Gusarov. + (Closes: #434856) + * Reworded the description and made it static to ease translations. + * Reworded and amended README.Debian. + * Added myself to the uploaders of this package. + * Applied a patch by Martin F. Krafft to support hooks scripts + on add/remove of a certificate. (Closes: #377314) + + -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200 + +ca-certificates (20070303-0.1) unstable; urgency=low + + * Non-maintainer upload to fix longstanding pending l10n issues. + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. + Closes: #432249, #434789 + * Debconf translation updates: + - Japanese. Closes:#433067 + - Basque. Closes: #433074 + - Spanish. Closes: #433078 + - Czech. Closes: #433100 + - Galician. Closes: #433215 + - Russian. Closes: #433224 + - Swedish. Closes: #433432 + - Vietnamese. Closes: #433792, #427000, #434992 + - Dutch. Closes: #434670 + - German. Closes: #434788 + - Italian. Closes: #435029 + * Portuguese. Closes: #435471 + * Finnish. Closes: #448826 + * Remove /etc/ssl when purging the package (only if that + directory is empty). Closes: #454334 + * [Lintian] Give a reference to the GPL text in debian/copyright + * [Lintian] No longer ignore errors from "make clean" + * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat). + + -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100 + +ca-certificates (20070303) unstable; urgency=low + + * Add debconf.org crt. closes: Bug#342088 + * Add cacert class3 crt. closes: Bug#350282 + * Add debian/po/pt.po. closes: Bug#408183 + * Update debian/po/ru.po. closes: Bug#410770 + * Update debian/po/pt_BR.po. closes: Bug#403824 + * Add debian/po/gl.po. closes: Bug#407951 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900 + +ca-certificates (20061027.2) unstable; urgency=low + + * Non-maintainer upload to fix an RC issue revealed by the last NMU. + * Avoid cd to /etc/ssl/certs to removing hash symlinks + Closes: #408469 + + -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100 + +ca-certificates (20061027.1) unstable; urgency=low + + * Non-maintainer upload to fix remaining l10n issues + * Debconf translation updates: + - Czech. Closes: #407807 + - Spanish. Closes: #401968 + - German. Closes: #396942 + * Add debconf-updatepo to the clean target in debian/rules + to guarantee up-to-date PO(T) files + + -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100 + + +ca-certificates (20061027) unstable; urgency=low + + * sbin/update-ca-certificates: + in fresh mode, rm symlinks only point to /usr/share/ca-certificates. + preserve other symlinks. closes: Bug#387089 + * debian/po/nl.po: updated + closes: Bug#386767 + * debian/po/fr.po: updated + closes: Bug#386806 + * debian/po/da.po: updated + closes: Bug#388018 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900 + +ca-certificates (20060816) unstable; urgency=low + + * debian/control: explicitly mention that trustworthiness of certificate + authorities is not evaluated. + closes: Bug#350726 + * debian/templates: refine messages + closes: Bug#309481 + * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file. + closes: Bug#349346 + * debian/control: libssl0.9.7->libssl0.9.8 + closes: Bug#345197 + * debian/postrm: remove .dpkg-old files + closes: Bug#349351 + * debian/README.Debian: fix + closes: Bug#354509 + * debian/postinst: fix typo + closes: Bug#355271 + * debian/po/sv.po: added + closes: Bug#330984 + * debian/po/es.po: added + closes: Bug#334383 + * add new SPI CA certificate + submitted by Michael C. Schultheiss <schultmc@debian.org> + + -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900 + +ca-certificates (20050804) unstable; urgency=low + + * use ${misc:Depends} in debian/control for debconf + * update description in debian/control + closes: Bug#309547 + * update debian/po/vi.po + closes: Bug#313186 + * update debian/po/de.po + closes: Bug#313678 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900 + +ca-certificates (20050518) unstable; urgency=high + + * fix ca-certificates.crt generationumask-sensitive and racy + closes: Bug#296212 + * update mozilla/certdata.txt + add: "Certum Root CA", "Comodo AAA Services root" + "Comodo Secure Services root", + "Comodo Trusted Services root", + "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root", + "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root" + "IPS Timestamping root", + "QuoVadis Root CA", + "Security Communication Root CA", + "Sonera Class 1 Root CA", "Sonera Class 2 Root CA", + "Staat der Nederlanden Root CA", + "TDC Internet Root CA", "TDC OCES Root CA", + "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA", + "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA" + * add CACert.org's Root CA + closes: Bug#213086, Bug#288293 + * add debian/po/vi.po + closes: Bug#309480 + * add debian/po/cs.po + closes: Bug#309019 + * write "How certificate will be accepted in ca-certificates package" + in README.Debain + + -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900 + +ca-certificates (20040809) unstable; urgency=low + + * previous version was not fixed Bug#255933 correctly. + update-ca-certificates now remove symlinks of deselected entries + in ca-certificates.conf + closes: Bug#255933 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900 + +ca-certificates (20040808) unstable; urgency=low + + * run update-ca-certificates by /bin/sh -e + closes: Bug#247581 + * update-ca-certificates remove symlinks of deselected entries + in ca-certificates.conf + closes: Bug#255933 + * change default of trust_new_crts from 'ask' to 'yes' + closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509 + * refer libssl0.9.7 instead of libssl0.9.6 in Enhances: + closes: Bug#251158 + * add brasil.gov.br certs + closes: Bug#224612 + * add Signet CA Roots certs + closes: Bug#233206 + * add QuoVadis CA Roots certs + closes: Bug#250847 + * update pt_BR.po + closes: Bug#218812 + * add da.po + closes: Bug#235322 + * add ca.po + closes: Bug#237124 + * add nl.po + closes: Bug#23840 + * add de.po + closes: Bug#250785 + * fix quote characters in template + closes: Bug#255738 + * remove debian.org, because certs used in db.debian.org has been + revoked due to debian.org crack incidents. + db.debian.org uses certificates using spi-inc.org Root CA. + + -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900 + +ca-certificates (20031007.1) unstable; urgency=low + + * NMU + * Add brasil.gov.br/brasil.gov.br.crt, created from + http://www.icpbrasil.gov.br/certificadoACRaiz.crt + * Add debian/po/pt_BR.po: closes: Bug#224612 + + -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300 + +ca-certificates (20031007) unstable; urgency=low + + * add debian/po/ru.po: closes: Bug#214371 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900 + +ca-certificates (20030924) unstable; urgency=low + + * add debian/po/ja.po: closes: Bug#212565 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900 + +ca-certificates (20030916) unstable; urgency=low + + * add debian/po/fr.po: closes: Bug#211224, Bug#206769 + * debian/config: if new cert is asked, don't ask all available certs + closes: Bug#211199 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900 + +ca-certificates (20030915) unstable; urgency=low + + * debian/config.in: fix typo. closes: Bug#190990 + * add option for new CA certificates. closes: Bug#190989 + * switch to gettext-based debconf templates. closes: Bug#205782 + * update mozilla/certdata.txt from mozilla 1.4 release + + -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900 + +ca-certificates (20030420) unstable; urgency=low + + * add README.Debian and update-ca-certificates(8). closes: Bug#189604 + * fix broken English in debconf template. closes: Bug#189606 + * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607 + * preserve comments in /etc/ca-certificates.conf when upgrading. + closes: Bug#189611 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900 + +ca-certificates (20030415) unstable; urgency=medium + + * fix upgrade problem + closes: Bug#188938, Bug#188940 + * purge debconf + + -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900 + +ca-certificates (20030414) unstable; urgency=medium + + * certificates are installed in /usr/share/ca-certificates + you can find md5sum of certs files. closes: Bug#170777 + + * debconf to generate /etc/ca-certificates.conf + * update-ca-certificates update /etc/ssl/certs according + /etc/ca-certificates.conf + It also generate /etc/ssl/certs/ca-certificates.crt + which is single-file version of certs. + closes: Bug#158904 + + * change extension from .pem to .crt in /usr/share/ca-certificates + - /etc/mime.types: + application/x-x509-ca-cert crt + but it will be hardlink or copied in /etc/ssl/certs with .pem + extension by update-ca-certificates. + c_rehash requires .pem extension + + * Update certificate from mozilla 2:1.3-4 + mozilla/security/nss/lib/ckfw/builtins/certdata.txt + cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt + + * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/ + 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt + % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout + MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900 + +ca-certificates (20020323) unstable; urgency=low + + * Moved from non-US to main now that openssl has moved there. + + -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900 + +ca-certificates (20020208) unstable; urgency=low + + * add db.debian.org certificate + + -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900 + +ca-certificates (20020112) unstable; urgency=low + + * upload to non-US instead of main, because it depends on openssl + (it uses c_rehash in openssl in maintainer scripts) + + -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900 + +ca-certificates (20020107) unstable; urgency=low + + * Initial Release. closes: Bug#126586 + + -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900 |