1 ca-certificates (20121112+nmu1) unstable; urgency=low
3 * Non-maintainer upload
4 * Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
5 * Provide update-ca-certificates and update-ca-certificates-fresh
7 * Call the triggers using no-await so that the configuration files from
8 the newer version of ca-certificates-java are in places before the
9 upgrade. Closes: #537051.
11 -- Don Armstrong <don@debian.org> Mon, 12 Nov 2012 15:58:11 -0800
13 ca-certificates (20121105) unstable; urgency=low
15 * Update mozilla/certdata.txt to version 1.86 Closes: #683728
16 Certificates added (+) (none removed):
17 + "Actalis Authentication Root CA"
18 + "Trustis FPS Root CA"
19 + "StartCom Certification Authority" (renewal/rehash)
20 + "StartCom Certification Authority G2"
21 + "Buypass Class 2 Root CA"
22 + "Buypass Class 3 Root CA"
23 + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
24 + "T-TeleSec GlobalRoot Class 3"
25 + "EE Certification Centre Root CA"
26 * Correct piuparts package remove/purge behavior Closes: #682125
27 - Remove deletes of /etc/ssl{,/certs} from debian/postrm
29 -- Michael Shuler <michael@pbandjelly.org> Mon, 05 Nov 2012 10:56:05 -0600
31 ca-certificates (20120623) unstable; urgency=low
33 * Add Polish translation, thanks to Michał Kułach. Closes: #660002
34 * Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
35 * Correct update-ca-certificates(8) alignment Closes: #666932
36 * Add note to update-ca-certificates(8) about .crt extension needed for
37 CA certificates in /usr/local/share/ca-certificates Closes: #595279
38 * Update mozilla/certdata.txt to version 1.83
39 Mozilla Public License updated to v2.0
40 (no added/removed CAs)
41 * Update debian/copyright to:
42 - reflect MPL v2.0 update for mozilla/certdata.txt
43 - specify GPL-2 instead of GPL symlink
44 * Update debian/NEWS with added/removed certs from 20111211 and 20120212
45 * Update to Standards-Version: 3.9.3 (no changes needed)
47 -- Michael Shuler <michael@pbandjelly.org> Sat, 23 Jun 2012 09:16:54 -0500
49 ca-certificates (20120212) unstable; urgency=low
51 * Update mozilla/certdata.txt to version 1.81
52 Certificates added (+) and removed (-):
53 + "Security Communication RootCA2"
55 + "Hellenic Academic and Research Institutions RootCA 2011"
56 - "Verisign Class 2 Public Primary Certification Authority"
57 - "Verisign Class 4 Public Primary Certification Authority - G2"
58 - "TC TrustCenter, Germany, Class 2 CA"
59 - "TC TrustCenter, Germany, Class 3 CA"
60 * Add notice to README.Debian deprecating CA inclusions and refer to
61 #647848 for Debian CA Certificate Policy discussion.
63 -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600
65 ca-certificates (20111211) unstable; urgency=low
67 * Clarify CA audit note in package description and README.debian. Thanks
68 to C.J. Adams-Collier for the patch. Closes: #594383
69 * Remove French Government IGC/A CA certificates. The RSA certificate is
70 included in the Mozilla bundle and the DSA certificate is not in use.
72 * Remove expired signet.pl CAs. Closes: #647849
73 * Remove expired brasil.gov.br CA.
74 * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
75 * Use 'set -e' in body of debian/postinst
76 * Update mozilla/certdata.txt to version 1.80
77 (no added/removed CAs)
78 * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
80 -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
82 ca-certificates (20111025) unstable; urgency=low
85 * Add 3.0 (native) source format
86 * Add Vcs-Git/Browser fields
87 * Add myself as new Maintainer with Uploaders Closes: #588219
88 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
89 Certificates added (+) and removed (-):
90 + "AffirmTrust Commercial"
91 + "AffirmTrust Networking"
92 + "AffirmTrust Premium"
93 + "AffirmTrust Premium ECC"
95 + "Certinomis - Autorité Racine"
96 + "Certum Trusted Network CA"
97 + "Go Daddy Root Certificate Authority - G2"
98 + "Root CA Generalitat Valenciana"
99 + "Starfield Root Certificate Authority - G2"
100 + "Starfield Services Root Certificate Authority - G2"
101 + "TWCA Root Certification Authority"
102 - "AOL Time Warner Root Certification Authority 1"
103 - "AOL Time Warner Root Certification Authority 2"
104 - "DigiNotar Root CA"
105 - "Entrust.net Global Secure Personal CA"
106 - "Entrust.net Global Secure Server CA"
107 - "Entrust.net Secure Personal CA"
108 - "IPS Chained CAs root"
113 - "IPS Timestamping root"
114 - "Thawte Personal Freemail CA"
115 - "Thawte Time Stamping CA"
116 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
119 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
120 the way before calling c_rehash, so that symlinks don't accidentally get
121 pointed here, breaking openssl certificate verification LP: #854927
124 * Drop bogus c_rehash on upgrades, which caused issue when
125 ca-certificates.crt was still in place; instead, call
126 update-ca-certificates --fresh on upgrades to this version, and
127 the usual update-ca-certificates otherwise Closes: #643667, #537382
129 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
131 ca-certificates (20111022) unstable; urgency=low
134 * Fix pending l10n issues. Debconf translations:
135 - German (Helge Kreutzmann). Closes: #634000
136 - French (Christian Perrier). Closes: #634092
137 - Russian (Yuri Kozlov). Closes: #635146
138 - Swedish (Martin Bagge / brother). Closes: #640622
139 - Slovak (Slavko). Closes: #641987
140 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
141 - Japanese (Kenshi Muto). Closes: #644828
142 - Czech (Miroslav Kure). Closes: #644843
143 - Danish (Joe Hansen). Closes: #644854
144 - Italian (Luca Monducci). Closes: #645004
145 - Dutch; (Jeroen Schot). Closes: #645090
146 - Portuguese (Miguel Figueiredo). Closes: #645126
147 - Galician (Jorge Barreiro). Closes: #645138
148 - Catalan; (Jordi Mallach). Closes: #645182
149 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
150 * Split Choices in debconf templates
151 * Add build-arch and build-indep build targets
152 * Bump debhelper compatibility level to 8
153 * Bump Standards to 3.9.2 (checked)
154 * Replace "dh_clean -k" by dh_prep
156 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
158 ca-certificates (20110502+nmu1) unstable; urgency=high
160 * Non-maintainer upload by the Security Team.
161 * Blacklist "DigiNotar Root CA" (Closes: #639744)
163 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
165 ca-certificates (20110502) unstable; urgency=low
168 * Mark the package as multi-arch:foreign. (Closes: #622323)
169 * Use db_settitle in config script to allow translations of the
170 dialog title; thanks to Frans Pop. (Closes: #560314)
172 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
174 ca-certificates (20110421) unstable; urgency=low
177 * Package is orphaned, set maintainer to QA group
178 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
179 both the old and new style of symlinks. (Closes: #611102)
180 * Remove libssl0.9.8 from enhances
181 * Update mozilla certdata.txt file to the latest version.
183 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
184 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
185 - beTRUSTed_Root_CA.crt
186 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
187 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
188 - Digital_Signature_Trust_Co._Global_CA_2.crt
189 - Digital_Signature_Trust_Co._Global_CA_4.crt
190 - Entrust.net_Global_Secure_Personal_CA.crt
191 - Entrust.net_Global_Secure_Server_CA.crt
192 - Entrust.net_Secure_Personal_CA.crt
193 - GTE_CyberTrust_Root_CA.crt
194 - IPS_Chained_CAs_root.crt
195 - IPS_CLASE1_root.crt
196 - IPS_CLASE3_root.crt
197 - IPS_CLASEA1_root.crt
198 - IPS_CLASEA3_root.crt
199 - IPS_Servidores_root.crt
200 - IPS_Timestamping_root.crt
201 - RSA_Security_1024_v3.crt
203 - Thawte_Personal_Basic_CA.crt
204 - Thawte_Personal_Premium_CA.crt
205 - UTN-USER_First-Network_Applications.crt
206 - Verisign_RSA_Secure_Server_CA.crt
207 - Verisign_Time_Stamping_Authority_CA.crt
208 - Visa_International_Global_Root_2.crt
211 - AC_Raíz_Certicámara_S.A..crt
212 - ApplicationCA_-_Japanese_Government.crt
213 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
214 - Buypass_Class_2_CA_1.crt
215 - Buypass_Class_3_CA_1.crt
218 - certSIGN_ROOT_CA.crt
219 - Chambers_of_Commerce_Root_-_2008.crt
222 - ComSign_Secured_CA.crt
223 - Cybertrust_Global_Root.crt
224 - Deutsche_Telekom_Root_CA_2.crt
225 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
226 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
227 - ePKI_Root_Certification_Authority.crt
228 - GeoTrust_Primary_Certification_Authority_-_G2.crt
229 - GeoTrust_Primary_Certification_Authority_-_G3.crt
230 - Global_Chambersign_Root_-_2008.crt
231 - GlobalSign_Root_CA_-_R3.crt
232 - Hongkong_Post_Root_CA_1.crt
236 - Microsec_e-Szigno_Root_CA_2009.crt
237 - Microsec_e-Szigno_Root_CA.crt
238 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
239 - OISTE_WISeKey_Global_Root_GA_CA.crt
240 - SecureSign_RootCA11.crt
241 - Security_Communication_EV_RootCA1.crt
242 - Staat_der_Nederlanden_Root_CA_-_G2.crt
243 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
244 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
245 - TC_TrustCenter_Class_2_CA_II.crt
246 - TC_TrustCenter_Class_3_CA_II.crt
247 - TC_TrustCenter_Universal_CA_I.crt
248 - TC_TrustCenter_Universal_CA_III.crt
249 - thawte_Primary_Root_CA_-_G2.crt
250 - thawte_Primary_Root_CA_-_G3.crt
251 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
252 - VeriSign_Universal_Root_Certification_Authority.crt
254 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
255 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
256 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
257 * String decode the mozilla certdata.txt so the filenames show up as
258 proper UTF-8 strings.
260 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
262 ca-certificates (20090814+nmu3) unstable; urgency=low
264 * Non-maintainer upload.
265 * Fix pending l10n issues. Debconf translations:
266 - French (Christian Perrier). Closes: #594231
267 - Danish (Joe Hansen). Closes: #601129
268 - Catalan (Jordi Mallach). Closes: #601089
269 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
271 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
273 ca-certificates (20090814+nmu2) unstable; urgency=low
275 * Non-maintainer upload.
276 * Fixes buggy shell functions included in the postinst script.
279 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
281 ca-certificates (20090814+nmu1) unstable; urgency=low
283 * Non-maintainer upload.
284 * Preserve user changes to the /etc/ca-certificates.conf.
287 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
289 ca-certificates (20090814) unstable; urgency=low
291 * Call Debconf and its db_purge as early as possible in postrm.
294 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
296 ca-certificates (20090709) unstable; urgency=low
298 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
300 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
302 ca-certificates (20090708) unstable; urgency=low
305 - cacert.org/root.crt and cacert.org/class3.crt:
306 Both certificate files were deprecated with 20080809. Users of these
307 root certificates are encouraged to switch to
308 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
309 roots joined in a single file.
310 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
311 This certificate has been added into the Mozilla truststore and
312 is available as `mozilla/QuoVadis_Root_CA.crt'.
313 * Do not redirect c_rehash error messages to /dev/null.
315 * Remove dangling symlinks on purge, which also gets rid of the hash
316 symlink for ca-certificates.crt. (Closes: #475240)
317 * Use subshells when grepping for certificates in config, avoiding
318 SIGPIPE because of grep's immediate exit after it finds the pattern.
320 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
321 Robby Workman of Slackware.
322 * Updated Standards-Version and FSF portal address in the copyright file.
324 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
326 ca-certificates (20090701) unstable; urgency=low
328 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
329 Rationale: The rogue collision CA has its validity period in the past.
330 Thus it does not impose a risk upon us at the moment.
331 * Restrict search for local certificates to add on files ending with '.crt'.
332 * Canonicalize PEM names by applying the same set of substitions to
333 local and other certificates like the Mozilla certdata dumper does.
335 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
337 ca-certificates (20090624) unstable; urgency=low
339 * Allow local certificate installation. All certificates found
340 in `/usr/local/share/ca-certificates' will be automatically added
341 to the list of trusted certificates in `/etc/ssl/certs'.
342 (Closes: #352637, #419491, #473677, #476663, #511150)
343 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
345 + COMODO ECC Certification Authority
347 + Network Solutions Certificate Authority
348 + WellsSecure Public Root Certificate Authority
349 - Equifax Secure Global eBusiness CA
350 - UTN USERFirst Object Root CA
351 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
352 untrusted certificates. This led to the exclusion of the
353 "MD5 Collisions Forged Rogue CA 23c3" and its parent
354 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
355 certificates are no longer included neither.
356 * Remove the purging of old PEM files in postinst dating back to
357 versions earlier than 20030414.
358 * Hooks are now called at every invocation of `update-ca-certificates'.
359 If no changes were done to `/etc/ssl/certs', the input for the
360 hooks will be empty, though. Failure exit codes of hooks will not
361 tear down the upgrade process anymore. They are printed but ignored.
363 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
365 ca-certificates (20081127) unstable; urgency=low
367 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
370 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
372 ca-certificates (20080809) unstable; urgency=low
374 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
375 This file can be used for proper certificate chaining if CACert
376 server certificates are used. The old class3.pem and root.pem
377 certificates are deprecated. This new file could safely serve as
378 a replacement for both. (Closes: #494343)
379 * This also reintroduces the old name for the CACert certificate,
380 thus closing a long-standing bug about its rename to root.crt.
383 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
385 ca-certificates (20080617) unstable; urgency=low
387 * Added French Government's IGC/A CA (both DSA and RSA).
390 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
392 ca-certificates (20080616) unstable; urgency=low
394 * Fix installation on pt_BR locales. The problem was caused by the
395 .templates choices strings being marked for translation, with pt_BR
396 being the only language which actually translated them. Thanks to
397 Ubuntu for the fix, which needs to be around until Lenny is released
398 or six months have passed, whichever is later. (Closes: #472507)
399 * Drop Fumitoshi from the list of maintainers. Farewell!
400 * Bump Standards-Version to 3.8.0.
402 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
404 ca-certificates (20080514) unstable; urgency=medium
406 * Added the new SPI CA certificate, created in response to the latest
407 openssl security update.
408 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
409 revoked sensibly. Expired CA created in 2003, expired in 2007 left
410 around for reference.
411 * Updated the Galician translation, thanks to Glennie Vignarajah.
414 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
416 ca-certificates (20080411) unstable; urgency=low
418 * Added the current SPI CA certificate, used by Debian's infrastructure.
419 * Added Deutsche Telekom Root CA 2, which is used by German institutions
421 * Updated mozilla certificates from trunk, which led to the following
422 adds (+) and removes (-):
423 + Camerfirma Chambers of Commerce Root
424 + Camerfirma Global Chambersign Root
425 + Certplus Class 2 Primary CA
426 + COMODO Certification Authority
427 + DigiCert Assured ID Root CA
428 + DigiCert Global Root CA
429 + DigiCert High Assurance EV Root CA
432 + Entrust Root Certification Authority
433 + Firmaprofesional Root CA
434 + GeoTrust Global CA 2
435 + GeoTrust Primary Certification Authority
436 + GeoTrust Universal CA
437 + GeoTrust Universal CA 2
438 + GlobalSign Root CA - R2
439 + Go Daddy Class 2 CA
440 + NetLock Business (Class B) Root
441 + NetLock Express (Class C) Root
442 + NetLock Notary (Class A) Root
443 + NetLock Qualified (Class QA) Root
448 + Starfield Class 2 CA
449 + StartCom Certification Authority
452 + SwissSign Gold CA - G2
453 + SwissSign Platinum CA - G2
454 + SwissSign Silver CA - G2
456 + thawte Primary Root CA
457 + TURKTRUST Certificate Services Provider Root 1
458 + TURKTRUST Certificate Services Provider Root 2
459 + VeriSign Class 3 Public Primary Certification Authority - G5
460 + Wells Fargo Root CA
461 + XRamp Global CA Root
462 - Verisign Class 1 Public Primary OCSP Responder
463 - Verisign Class 2 Public Primary OCSP Responder
464 - Verisign Class 3 Public Primary OCSP Responder
465 - Verisign Secure Server OCSP Responder
466 (Closes: #447062, #456581)
467 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
469 * Reworded the description and made it static to ease translations.
470 * Reworded and amended README.Debian.
471 * Added myself to the uploaders of this package.
472 * Applied a patch by Martin F. Krafft to support hooks scripts
473 on add/remove of a certificate. (Closes: #377314)
475 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
477 ca-certificates (20070303-0.1) unstable; urgency=low
479 * Non-maintainer upload to fix longstanding pending l10n issues.
480 * Debconf templates and debian/control reviewed by the debian-l10n-
481 english team as part of the Smith review project.
482 Closes: #432249, #434789
483 * Debconf translation updates:
484 - Japanese. Closes:#433067
485 - Basque. Closes: #433074
486 - Spanish. Closes: #433078
487 - Czech. Closes: #433100
488 - Galician. Closes: #433215
489 - Russian. Closes: #433224
490 - Swedish. Closes: #433432
491 - Vietnamese. Closes: #433792, #427000, #434992
492 - Dutch. Closes: #434670
493 - German. Closes: #434788
494 - Italian. Closes: #435029
495 * Portuguese. Closes: #435471
496 * Finnish. Closes: #448826
497 * Remove /etc/ssl when purging the package (only if that
498 directory is empty). Closes: #454334
499 * [Lintian] Give a reference to the GPL text in debian/copyright
500 * [Lintian] No longer ignore errors from "make clean"
501 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
503 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
505 ca-certificates (20070303) unstable; urgency=low
507 * Add debconf.org crt. closes: Bug#342088
508 * Add cacert class3 crt. closes: Bug#350282
509 * Add debian/po/pt.po. closes: Bug#408183
510 * Update debian/po/ru.po. closes: Bug#410770
511 * Update debian/po/pt_BR.po. closes: Bug#403824
512 * Add debian/po/gl.po. closes: Bug#407951
514 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
516 ca-certificates (20061027.2) unstable; urgency=low
518 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
519 * Avoid cd to /etc/ssl/certs to removing hash symlinks
522 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
524 ca-certificates (20061027.1) unstable; urgency=low
526 * Non-maintainer upload to fix remaining l10n issues
527 * Debconf translation updates:
528 - Czech. Closes: #407807
529 - Spanish. Closes: #401968
530 - German. Closes: #396942
531 * Add debconf-updatepo to the clean target in debian/rules
532 to guarantee up-to-date PO(T) files
534 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
537 ca-certificates (20061027) unstable; urgency=low
539 * sbin/update-ca-certificates:
540 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
541 preserve other symlinks. closes: Bug#387089
542 * debian/po/nl.po: updated
544 * debian/po/fr.po: updated
546 * debian/po/da.po: updated
549 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
551 ca-certificates (20060816) unstable; urgency=low
553 * debian/control: explicitly mention that trustworthiness of certificate
554 authorities is not evaluated.
556 * debian/templates: refine messages
558 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
560 * debian/control: libssl0.9.7->libssl0.9.8
562 * debian/postrm: remove .dpkg-old files
564 * debian/README.Debian: fix
566 * debian/postinst: fix typo
568 * debian/po/sv.po: added
570 * debian/po/es.po: added
572 * add new SPI CA certificate
573 submitted by Michael C. Schultheiss <schultmc@debian.org>
575 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
577 ca-certificates (20050804) unstable; urgency=low
579 * use ${misc:Depends} in debian/control for debconf
580 * update description in debian/control
582 * update debian/po/vi.po
584 * update debian/po/de.po
587 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
589 ca-certificates (20050518) unstable; urgency=high
591 * fix ca-certificates.crt generationumask-sensitive and racy
593 * update mozilla/certdata.txt
594 add: "Certum Root CA", "Comodo AAA Services root"
595 "Comodo Secure Services root",
596 "Comodo Trusted Services root",
597 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
598 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
599 "IPS Timestamping root",
601 "Security Communication Root CA",
602 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
603 "Staat der Nederlanden Root CA",
604 "TDC Internet Root CA", "TDC OCES Root CA",
605 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
606 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
607 * add CACert.org's Root CA
608 closes: Bug#213086, Bug#288293
609 * add debian/po/vi.po
611 * add debian/po/cs.po
613 * write "How certificate will be accepted in ca-certificates package"
616 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
618 ca-certificates (20040809) unstable; urgency=low
620 * previous version was not fixed Bug#255933 correctly.
621 update-ca-certificates now remove symlinks of deselected entries
622 in ca-certificates.conf
625 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
627 ca-certificates (20040808) unstable; urgency=low
629 * run update-ca-certificates by /bin/sh -e
631 * update-ca-certificates remove symlinks of deselected entries
632 in ca-certificates.conf
634 * change default of trust_new_crts from 'ask' to 'yes'
635 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
636 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
638 * add brasil.gov.br certs
640 * add Signet CA Roots certs
642 * add QuoVadis CA Roots certs
654 * fix quote characters in template
656 * remove debian.org, because certs used in db.debian.org has been
657 revoked due to debian.org crack incidents.
658 db.debian.org uses certificates using spi-inc.org Root CA.
660 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
662 ca-certificates (20031007.1) unstable; urgency=low
665 * Add brasil.gov.br/brasil.gov.br.crt, created from
666 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
667 * Add debian/po/pt_BR.po: closes: Bug#224612
669 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
671 ca-certificates (20031007) unstable; urgency=low
673 * add debian/po/ru.po: closes: Bug#214371
675 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
677 ca-certificates (20030924) unstable; urgency=low
679 * add debian/po/ja.po: closes: Bug#212565
681 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
683 ca-certificates (20030916) unstable; urgency=low
685 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
686 * debian/config: if new cert is asked, don't ask all available certs
689 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
691 ca-certificates (20030915) unstable; urgency=low
693 * debian/config.in: fix typo. closes: Bug#190990
694 * add option for new CA certificates. closes: Bug#190989
695 * switch to gettext-based debconf templates. closes: Bug#205782
696 * update mozilla/certdata.txt from mozilla 1.4 release
698 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
700 ca-certificates (20030420) unstable; urgency=low
702 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
703 * fix broken English in debconf template. closes: Bug#189606
704 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
705 * preserve comments in /etc/ca-certificates.conf when upgrading.
708 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
710 ca-certificates (20030415) unstable; urgency=medium
712 * fix upgrade problem
713 closes: Bug#188938, Bug#188940
716 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
718 ca-certificates (20030414) unstable; urgency=medium
720 * certificates are installed in /usr/share/ca-certificates
721 you can find md5sum of certs files. closes: Bug#170777
723 * debconf to generate /etc/ca-certificates.conf
724 * update-ca-certificates update /etc/ssl/certs according
725 /etc/ca-certificates.conf
726 It also generate /etc/ssl/certs/ca-certificates.crt
727 which is single-file version of certs.
730 * change extension from .pem to .crt in /usr/share/ca-certificates
732 application/x-x509-ca-cert crt
733 but it will be hardlink or copied in /etc/ssl/certs with .pem
734 extension by update-ca-certificates.
735 c_rehash requires .pem extension
737 * Update certificate from mozilla 2:1.3-4
738 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
739 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
741 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
742 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
743 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
744 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
746 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
748 ca-certificates (20020323) unstable; urgency=low
750 * Moved from non-US to main now that openssl has moved there.
752 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
754 ca-certificates (20020208) unstable; urgency=low
756 * add db.debian.org certificate
758 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
760 ca-certificates (20020112) unstable; urgency=low
762 * upload to non-US instead of main, because it depends on openssl
763 (it uses c_rehash in openssl in maintainer scripts)
765 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
767 ca-certificates (20020107) unstable; urgency=low
769 * Initial Release. closes: Bug#126586
771 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900