1 ca-certificates (20120623) unstable; urgency=low
3 * Add Polish translation, thanks to Michał Kułach. Closes: #660002
4 * Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
5 * Correct update-ca-certificates(8) alignment Closes: #666932
6 * Add note to update-ca-certificates(8) about .crt extension needed for
7 CA certificates in /usr/local/share/ca-certificates Closes: #595279
8 * Update mozilla/certdata.txt to version 1.83
9 Mozilla Public License updated to v2.0
10 (no added/removed CAs)
11 * Update debian/copyright to:
12 - reflect MPL v2.0 update for mozilla/certdata.txt
13 - specify GPL-2 instead of GPL symlink
14 * Update debian/NEWS with added/removed certs from 20111211 and 20120212
15 * Update to Standards-Version: 3.9.3 (no changes needed)
17 -- Michael Shuler <michael@pbandjelly.org> Sat, 23 Jun 2012 09:16:54 -0500
19 ca-certificates (20120212) unstable; urgency=low
21 * Update mozilla/certdata.txt to version 1.81
22 Certificates added (+) and removed (-):
23 + "Security Communication RootCA2"
25 + "Hellenic Academic and Research Institutions RootCA 2011"
26 - "Verisign Class 2 Public Primary Certification Authority"
27 - "Verisign Class 4 Public Primary Certification Authority - G2"
28 - "TC TrustCenter, Germany, Class 2 CA"
29 - "TC TrustCenter, Germany, Class 3 CA"
30 * Add notice to README.Debian deprecating CA inclusions and refer to
31 #647848 for Debian CA Certificate Policy discussion.
33 -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600
35 ca-certificates (20111211) unstable; urgency=low
37 * Clarify CA audit note in package description and README.debian. Thanks
38 to C.J. Adams-Collier for the patch. Closes: #594383
39 * Remove French Government IGC/A CA certificates. The RSA certificate is
40 included in the Mozilla bundle and the DSA certificate is not in use.
42 * Remove expired signet.pl CAs. Closes: #647849
43 * Remove expired brasil.gov.br CA.
44 * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
45 * Use 'set -e' in body of debian/postinst
46 * Update mozilla/certdata.txt to version 1.80
47 (no added/removed CAs)
48 * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
50 -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
52 ca-certificates (20111025) unstable; urgency=low
55 * Add 3.0 (native) source format
56 * Add Vcs-Git/Browser fields
57 * Add myself as new Maintainer with Uploaders Closes: #588219
58 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
59 Certificates added (+) and removed (-):
60 + "AffirmTrust Commercial"
61 + "AffirmTrust Networking"
62 + "AffirmTrust Premium"
63 + "AffirmTrust Premium ECC"
65 + "Certinomis - Autorité Racine"
66 + "Certum Trusted Network CA"
67 + "Go Daddy Root Certificate Authority - G2"
68 + "Root CA Generalitat Valenciana"
69 + "Starfield Root Certificate Authority - G2"
70 + "Starfield Services Root Certificate Authority - G2"
71 + "TWCA Root Certification Authority"
72 - "AOL Time Warner Root Certification Authority 1"
73 - "AOL Time Warner Root Certification Authority 2"
75 - "Entrust.net Global Secure Personal CA"
76 - "Entrust.net Global Secure Server CA"
77 - "Entrust.net Secure Personal CA"
78 - "IPS Chained CAs root"
83 - "IPS Timestamping root"
84 - "Thawte Personal Freemail CA"
85 - "Thawte Time Stamping CA"
86 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
89 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
90 the way before calling c_rehash, so that symlinks don't accidentally get
91 pointed here, breaking openssl certificate verification LP: #854927
94 * Drop bogus c_rehash on upgrades, which caused issue when
95 ca-certificates.crt was still in place; instead, call
96 update-ca-certificates --fresh on upgrades to this version, and
97 the usual update-ca-certificates otherwise Closes: #643667, #537382
99 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
101 ca-certificates (20111022) unstable; urgency=low
104 * Fix pending l10n issues. Debconf translations:
105 - German (Helge Kreutzmann). Closes: #634000
106 - French (Christian Perrier). Closes: #634092
107 - Russian (Yuri Kozlov). Closes: #635146
108 - Swedish (Martin Bagge / brother). Closes: #640622
109 - Slovak (Slavko). Closes: #641987
110 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
111 - Japanese (Kenshi Muto). Closes: #644828
112 - Czech (Miroslav Kure). Closes: #644843
113 - Danish (Joe Hansen). Closes: #644854
114 - Italian (Luca Monducci). Closes: #645004
115 - Dutch; (Jeroen Schot). Closes: #645090
116 - Portuguese (Miguel Figueiredo). Closes: #645126
117 - Galician (Jorge Barreiro). Closes: #645138
118 - Catalan; (Jordi Mallach). Closes: #645182
119 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
120 * Split Choices in debconf templates
121 * Add build-arch and build-indep build targets
122 * Bump debhelper compatibility level to 8
123 * Bump Standards to 3.9.2 (checked)
124 * Replace "dh_clean -k" by dh_prep
126 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
128 ca-certificates (20110502+nmu1) unstable; urgency=high
130 * Non-maintainer upload by the Security Team.
131 * Blacklist "DigiNotar Root CA" (Closes: #639744)
133 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
135 ca-certificates (20110502) unstable; urgency=low
138 * Mark the package as multi-arch:foreign. (Closes: #622323)
139 * Use db_settitle in config script to allow translations of the
140 dialog title; thanks to Frans Pop. (Closes: #560314)
142 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
144 ca-certificates (20110421) unstable; urgency=low
147 * Package is orphaned, set maintainer to QA group
148 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
149 both the old and new style of symlinks. (Closes: #611102)
150 * Remove libssl0.9.8 from enhances
151 * Update mozilla certdata.txt file to the latest version.
153 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
154 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
155 - beTRUSTed_Root_CA.crt
156 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
157 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
158 - Digital_Signature_Trust_Co._Global_CA_2.crt
159 - Digital_Signature_Trust_Co._Global_CA_4.crt
160 - Entrust.net_Global_Secure_Personal_CA.crt
161 - Entrust.net_Global_Secure_Server_CA.crt
162 - Entrust.net_Secure_Personal_CA.crt
163 - GTE_CyberTrust_Root_CA.crt
164 - IPS_Chained_CAs_root.crt
165 - IPS_CLASE1_root.crt
166 - IPS_CLASE3_root.crt
167 - IPS_CLASEA1_root.crt
168 - IPS_CLASEA3_root.crt
169 - IPS_Servidores_root.crt
170 - IPS_Timestamping_root.crt
171 - RSA_Security_1024_v3.crt
173 - Thawte_Personal_Basic_CA.crt
174 - Thawte_Personal_Premium_CA.crt
175 - UTN-USER_First-Network_Applications.crt
176 - Verisign_RSA_Secure_Server_CA.crt
177 - Verisign_Time_Stamping_Authority_CA.crt
178 - Visa_International_Global_Root_2.crt
181 - AC_Raíz_Certicámara_S.A..crt
182 - ApplicationCA_-_Japanese_Government.crt
183 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
184 - Buypass_Class_2_CA_1.crt
185 - Buypass_Class_3_CA_1.crt
188 - certSIGN_ROOT_CA.crt
189 - Chambers_of_Commerce_Root_-_2008.crt
192 - ComSign_Secured_CA.crt
193 - Cybertrust_Global_Root.crt
194 - Deutsche_Telekom_Root_CA_2.crt
195 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
196 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
197 - ePKI_Root_Certification_Authority.crt
198 - GeoTrust_Primary_Certification_Authority_-_G2.crt
199 - GeoTrust_Primary_Certification_Authority_-_G3.crt
200 - Global_Chambersign_Root_-_2008.crt
201 - GlobalSign_Root_CA_-_R3.crt
202 - Hongkong_Post_Root_CA_1.crt
206 - Microsec_e-Szigno_Root_CA_2009.crt
207 - Microsec_e-Szigno_Root_CA.crt
208 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
209 - OISTE_WISeKey_Global_Root_GA_CA.crt
210 - SecureSign_RootCA11.crt
211 - Security_Communication_EV_RootCA1.crt
212 - Staat_der_Nederlanden_Root_CA_-_G2.crt
213 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
214 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
215 - TC_TrustCenter_Class_2_CA_II.crt
216 - TC_TrustCenter_Class_3_CA_II.crt
217 - TC_TrustCenter_Universal_CA_I.crt
218 - TC_TrustCenter_Universal_CA_III.crt
219 - thawte_Primary_Root_CA_-_G2.crt
220 - thawte_Primary_Root_CA_-_G3.crt
221 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
222 - VeriSign_Universal_Root_Certification_Authority.crt
224 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
225 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
226 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
227 * String decode the mozilla certdata.txt so the filenames show up as
228 proper UTF-8 strings.
230 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
232 ca-certificates (20090814+nmu3) unstable; urgency=low
234 * Non-maintainer upload.
235 * Fix pending l10n issues. Debconf translations:
236 - French (Christian Perrier). Closes: #594231
237 - Danish (Joe Hansen). Closes: #601129
238 - Catalan (Jordi Mallach). Closes: #601089
239 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
241 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
243 ca-certificates (20090814+nmu2) unstable; urgency=low
245 * Non-maintainer upload.
246 * Fixes buggy shell functions included in the postinst script.
249 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
251 ca-certificates (20090814+nmu1) unstable; urgency=low
253 * Non-maintainer upload.
254 * Preserve user changes to the /etc/ca-certificates.conf.
257 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
259 ca-certificates (20090814) unstable; urgency=low
261 * Call Debconf and its db_purge as early as possible in postrm.
264 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
266 ca-certificates (20090709) unstable; urgency=low
268 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
270 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
272 ca-certificates (20090708) unstable; urgency=low
275 - cacert.org/root.crt and cacert.org/class3.crt:
276 Both certificate files were deprecated with 20080809. Users of these
277 root certificates are encouraged to switch to
278 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
279 roots joined in a single file.
280 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
281 This certificate has been added into the Mozilla truststore and
282 is available as `mozilla/QuoVadis_Root_CA.crt'.
283 * Do not redirect c_rehash error messages to /dev/null.
285 * Remove dangling symlinks on purge, which also gets rid of the hash
286 symlink for ca-certificates.crt. (Closes: #475240)
287 * Use subshells when grepping for certificates in config, avoiding
288 SIGPIPE because of grep's immediate exit after it finds the pattern.
290 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
291 Robby Workman of Slackware.
292 * Updated Standards-Version and FSF portal address in the copyright file.
294 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
296 ca-certificates (20090701) unstable; urgency=low
298 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
299 Rationale: The rogue collision CA has its validity period in the past.
300 Thus it does not impose a risk upon us at the moment.
301 * Restrict search for local certificates to add on files ending with '.crt'.
302 * Canonicalize PEM names by applying the same set of substitions to
303 local and other certificates like the Mozilla certdata dumper does.
305 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
307 ca-certificates (20090624) unstable; urgency=low
309 * Allow local certificate installation. All certificates found
310 in `/usr/local/share/ca-certificates' will be automatically added
311 to the list of trusted certificates in `/etc/ssl/certs'.
312 (Closes: #352637, #419491, #473677, #476663, #511150)
313 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
315 + COMODO ECC Certification Authority
317 + Network Solutions Certificate Authority
318 + WellsSecure Public Root Certificate Authority
319 - Equifax Secure Global eBusiness CA
320 - UTN USERFirst Object Root CA
321 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
322 untrusted certificates. This led to the exclusion of the
323 "MD5 Collisions Forged Rogue CA 23c3" and its parent
324 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
325 certificates are no longer included neither.
326 * Remove the purging of old PEM files in postinst dating back to
327 versions earlier than 20030414.
328 * Hooks are now called at every invocation of `update-ca-certificates'.
329 If no changes were done to `/etc/ssl/certs', the input for the
330 hooks will be empty, though. Failure exit codes of hooks will not
331 tear down the upgrade process anymore. They are printed but ignored.
333 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
335 ca-certificates (20081127) unstable; urgency=low
337 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
340 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
342 ca-certificates (20080809) unstable; urgency=low
344 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
345 This file can be used for proper certificate chaining if CACert
346 server certificates are used. The old class3.pem and root.pem
347 certificates are deprecated. This new file could safely serve as
348 a replacement for both. (Closes: #494343)
349 * This also reintroduces the old name for the CACert certificate,
350 thus closing a long-standing bug about its rename to root.crt.
353 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
355 ca-certificates (20080617) unstable; urgency=low
357 * Added French Government's IGC/A CA (both DSA and RSA).
360 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
362 ca-certificates (20080616) unstable; urgency=low
364 * Fix installation on pt_BR locales. The problem was caused by the
365 .templates choices strings being marked for translation, with pt_BR
366 being the only language which actually translated them. Thanks to
367 Ubuntu for the fix, which needs to be around until Lenny is released
368 or six months have passed, whichever is later. (Closes: #472507)
369 * Drop Fumitoshi from the list of maintainers. Farewell!
370 * Bump Standards-Version to 3.8.0.
372 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
374 ca-certificates (20080514) unstable; urgency=medium
376 * Added the new SPI CA certificate, created in response to the latest
377 openssl security update.
378 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
379 revoked sensibly. Expired CA created in 2003, expired in 2007 left
380 around for reference.
381 * Updated the Galician translation, thanks to Glennie Vignarajah.
384 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
386 ca-certificates (20080411) unstable; urgency=low
388 * Added the current SPI CA certificate, used by Debian's infrastructure.
389 * Added Deutsche Telekom Root CA 2, which is used by German institutions
391 * Updated mozilla certificates from trunk, which led to the following
392 adds (+) and removes (-):
393 + Camerfirma Chambers of Commerce Root
394 + Camerfirma Global Chambersign Root
395 + Certplus Class 2 Primary CA
396 + COMODO Certification Authority
397 + DigiCert Assured ID Root CA
398 + DigiCert Global Root CA
399 + DigiCert High Assurance EV Root CA
402 + Entrust Root Certification Authority
403 + Firmaprofesional Root CA
404 + GeoTrust Global CA 2
405 + GeoTrust Primary Certification Authority
406 + GeoTrust Universal CA
407 + GeoTrust Universal CA 2
408 + GlobalSign Root CA - R2
409 + Go Daddy Class 2 CA
410 + NetLock Business (Class B) Root
411 + NetLock Express (Class C) Root
412 + NetLock Notary (Class A) Root
413 + NetLock Qualified (Class QA) Root
418 + Starfield Class 2 CA
419 + StartCom Certification Authority
422 + SwissSign Gold CA - G2
423 + SwissSign Platinum CA - G2
424 + SwissSign Silver CA - G2
426 + thawte Primary Root CA
427 + TURKTRUST Certificate Services Provider Root 1
428 + TURKTRUST Certificate Services Provider Root 2
429 + VeriSign Class 3 Public Primary Certification Authority - G5
430 + Wells Fargo Root CA
431 + XRamp Global CA Root
432 - Verisign Class 1 Public Primary OCSP Responder
433 - Verisign Class 2 Public Primary OCSP Responder
434 - Verisign Class 3 Public Primary OCSP Responder
435 - Verisign Secure Server OCSP Responder
436 (Closes: #447062, #456581)
437 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
439 * Reworded the description and made it static to ease translations.
440 * Reworded and amended README.Debian.
441 * Added myself to the uploaders of this package.
442 * Applied a patch by Martin F. Krafft to support hooks scripts
443 on add/remove of a certificate. (Closes: #377314)
445 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
447 ca-certificates (20070303-0.1) unstable; urgency=low
449 * Non-maintainer upload to fix longstanding pending l10n issues.
450 * Debconf templates and debian/control reviewed by the debian-l10n-
451 english team as part of the Smith review project.
452 Closes: #432249, #434789
453 * Debconf translation updates:
454 - Japanese. Closes:#433067
455 - Basque. Closes: #433074
456 - Spanish. Closes: #433078
457 - Czech. Closes: #433100
458 - Galician. Closes: #433215
459 - Russian. Closes: #433224
460 - Swedish. Closes: #433432
461 - Vietnamese. Closes: #433792, #427000, #434992
462 - Dutch. Closes: #434670
463 - German. Closes: #434788
464 - Italian. Closes: #435029
465 * Portuguese. Closes: #435471
466 * Finnish. Closes: #448826
467 * Remove /etc/ssl when purging the package (only if that
468 directory is empty). Closes: #454334
469 * [Lintian] Give a reference to the GPL text in debian/copyright
470 * [Lintian] No longer ignore errors from "make clean"
471 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
473 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
475 ca-certificates (20070303) unstable; urgency=low
477 * Add debconf.org crt. closes: Bug#342088
478 * Add cacert class3 crt. closes: Bug#350282
479 * Add debian/po/pt.po. closes: Bug#408183
480 * Update debian/po/ru.po. closes: Bug#410770
481 * Update debian/po/pt_BR.po. closes: Bug#403824
482 * Add debian/po/gl.po. closes: Bug#407951
484 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
486 ca-certificates (20061027.2) unstable; urgency=low
488 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
489 * Avoid cd to /etc/ssl/certs to removing hash symlinks
492 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
494 ca-certificates (20061027.1) unstable; urgency=low
496 * Non-maintainer upload to fix remaining l10n issues
497 * Debconf translation updates:
498 - Czech. Closes: #407807
499 - Spanish. Closes: #401968
500 - German. Closes: #396942
501 * Add debconf-updatepo to the clean target in debian/rules
502 to guarantee up-to-date PO(T) files
504 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
507 ca-certificates (20061027) unstable; urgency=low
509 * sbin/update-ca-certificates:
510 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
511 preserve other symlinks. closes: Bug#387089
512 * debian/po/nl.po: updated
514 * debian/po/fr.po: updated
516 * debian/po/da.po: updated
519 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
521 ca-certificates (20060816) unstable; urgency=low
523 * debian/control: explicitly mention that trustworthiness of certificate
524 authorities is not evaluated.
526 * debian/templates: refine messages
528 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
530 * debian/control: libssl0.9.7->libssl0.9.8
532 * debian/postrm: remove .dpkg-old files
534 * debian/README.Debian: fix
536 * debian/postinst: fix typo
538 * debian/po/sv.po: added
540 * debian/po/es.po: added
542 * add new SPI CA certificate
543 submitted by Michael C. Schultheiss <schultmc@debian.org>
545 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
547 ca-certificates (20050804) unstable; urgency=low
549 * use ${misc:Depends} in debian/control for debconf
550 * update description in debian/control
552 * update debian/po/vi.po
554 * update debian/po/de.po
557 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
559 ca-certificates (20050518) unstable; urgency=high
561 * fix ca-certificates.crt generationumask-sensitive and racy
563 * update mozilla/certdata.txt
564 add: "Certum Root CA", "Comodo AAA Services root"
565 "Comodo Secure Services root",
566 "Comodo Trusted Services root",
567 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
568 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
569 "IPS Timestamping root",
571 "Security Communication Root CA",
572 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
573 "Staat der Nederlanden Root CA",
574 "TDC Internet Root CA", "TDC OCES Root CA",
575 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
576 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
577 * add CACert.org's Root CA
578 closes: Bug#213086, Bug#288293
579 * add debian/po/vi.po
581 * add debian/po/cs.po
583 * write "How certificate will be accepted in ca-certificates package"
586 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
588 ca-certificates (20040809) unstable; urgency=low
590 * previous version was not fixed Bug#255933 correctly.
591 update-ca-certificates now remove symlinks of deselected entries
592 in ca-certificates.conf
595 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
597 ca-certificates (20040808) unstable; urgency=low
599 * run update-ca-certificates by /bin/sh -e
601 * update-ca-certificates remove symlinks of deselected entries
602 in ca-certificates.conf
604 * change default of trust_new_crts from 'ask' to 'yes'
605 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
606 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
608 * add brasil.gov.br certs
610 * add Signet CA Roots certs
612 * add QuoVadis CA Roots certs
624 * fix quote characters in template
626 * remove debian.org, because certs used in db.debian.org has been
627 revoked due to debian.org crack incidents.
628 db.debian.org uses certificates using spi-inc.org Root CA.
630 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
632 ca-certificates (20031007.1) unstable; urgency=low
635 * Add brasil.gov.br/brasil.gov.br.crt, created from
636 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
637 * Add debian/po/pt_BR.po: closes: Bug#224612
639 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
641 ca-certificates (20031007) unstable; urgency=low
643 * add debian/po/ru.po: closes: Bug#214371
645 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
647 ca-certificates (20030924) unstable; urgency=low
649 * add debian/po/ja.po: closes: Bug#212565
651 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
653 ca-certificates (20030916) unstable; urgency=low
655 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
656 * debian/config: if new cert is asked, don't ask all available certs
659 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
661 ca-certificates (20030915) unstable; urgency=low
663 * debian/config.in: fix typo. closes: Bug#190990
664 * add option for new CA certificates. closes: Bug#190989
665 * switch to gettext-based debconf templates. closes: Bug#205782
666 * update mozilla/certdata.txt from mozilla 1.4 release
668 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
670 ca-certificates (20030420) unstable; urgency=low
672 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
673 * fix broken English in debconf template. closes: Bug#189606
674 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
675 * preserve comments in /etc/ca-certificates.conf when upgrading.
678 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
680 ca-certificates (20030415) unstable; urgency=medium
682 * fix upgrade problem
683 closes: Bug#188938, Bug#188940
686 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
688 ca-certificates (20030414) unstable; urgency=medium
690 * certificates are installed in /usr/share/ca-certificates
691 you can find md5sum of certs files. closes: Bug#170777
693 * debconf to generate /etc/ca-certificates.conf
694 * update-ca-certificates update /etc/ssl/certs according
695 /etc/ca-certificates.conf
696 It also generate /etc/ssl/certs/ca-certificates.crt
697 which is single-file version of certs.
700 * change extension from .pem to .crt in /usr/share/ca-certificates
702 application/x-x509-ca-cert crt
703 but it will be hardlink or copied in /etc/ssl/certs with .pem
704 extension by update-ca-certificates.
705 c_rehash requires .pem extension
707 * Update certificate from mozilla 2:1.3-4
708 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
709 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
711 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
712 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
713 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
714 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
716 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
718 ca-certificates (20020323) unstable; urgency=low
720 * Moved from non-US to main now that openssl has moved there.
722 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
724 ca-certificates (20020208) unstable; urgency=low
726 * add db.debian.org certificate
728 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
730 ca-certificates (20020112) unstable; urgency=low
732 * upload to non-US instead of main, because it depends on openssl
733 (it uses c_rehash in openssl in maintainer scripts)
735 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
737 ca-certificates (20020107) unstable; urgency=low
739 * Initial Release. closes: Bug#126586
741 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900