1 ca-certificates (20120212.3) UNRELEASED; urgency=low
3 * Add Polish translation, thanks to Michał Kułach. Closes: #660002
4 * Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
5 * Update mozilla/certdata.txt to version 1.82
6 (No certificates added/removed.)
8 -- Michael Shuler <michael@pbandjelly.org> Sun, 04 Mar 2012 09:52:09 -0600
10 ca-certificates (20120212) unstable; urgency=low
12 * Update mozilla/certdata.txt to version 1.81
13 Certificates added (+) and removed (-):
14 + "Security Communication RootCA2"
16 + "Hellenic Academic and Research Institutions RootCA 2011"
17 - "Verisign Class 2 Public Primary Certification Authority"
18 - "Verisign Class 4 Public Primary Certification Authority - G2"
19 - "TC TrustCenter, Germany, Class 2 CA"
20 - "TC TrustCenter, Germany, Class 3 CA"
21 * Add notice to README.Debian deprecating CA inclusions and refer to
22 #647848 for Debian CA Certificate Policy discussion.
24 -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600
26 ca-certificates (20111211) unstable; urgency=low
28 * Clarify CA audit note in package description and README.debian. Thanks
29 to C.J. Adams-Collier for the patch. Closes: #594383
30 * Remove French Government IGC/A CA certificates. The RSA certificate is
31 included in the Mozilla bundle and the DSA certificate is not in use.
33 * Remove expired signet.pl CAs. Closes: #647849
34 * Remove expired brasil.gov.br CA.
35 * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
36 * Use 'set -e' in body of debian/postinst
37 * Update mozilla/certdata.txt to version 1.80
38 (no added/removed CAs)
39 * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
41 -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
43 ca-certificates (20111025) unstable; urgency=low
46 * Add 3.0 (native) source format
47 * Add Vcs-Git/Browser fields
48 * Add myself as new Maintainer with Uploaders Closes: #588219
49 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
50 Certificates added (+) and removed (-):
51 + "AffirmTrust Commercial"
52 + "AffirmTrust Networking"
53 + "AffirmTrust Premium"
54 + "AffirmTrust Premium ECC"
56 + "Certinomis - Autorité Racine"
57 + "Certum Trusted Network CA"
58 + "Go Daddy Root Certificate Authority - G2"
59 + "Root CA Generalitat Valenciana"
60 + "Starfield Root Certificate Authority - G2"
61 + "Starfield Services Root Certificate Authority - G2"
62 + "TWCA Root Certification Authority"
63 - "AOL Time Warner Root Certification Authority 1"
64 - "AOL Time Warner Root Certification Authority 2"
66 - "Entrust.net Global Secure Personal CA"
67 - "Entrust.net Global Secure Server CA"
68 - "Entrust.net Secure Personal CA"
69 - "IPS Chained CAs root"
74 - "IPS Timestamping root"
75 - "Thawte Personal Freemail CA"
76 - "Thawte Time Stamping CA"
77 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
80 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
81 the way before calling c_rehash, so that symlinks don't accidentally get
82 pointed here, breaking openssl certificate verification LP: #854927
85 * Drop bogus c_rehash on upgrades, which caused issue when
86 ca-certificates.crt was still in place; instead, call
87 update-ca-certificates --fresh on upgrades to this version, and
88 the usual update-ca-certificates otherwise Closes: #643667, #537382
90 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
92 ca-certificates (20111022) unstable; urgency=low
95 * Fix pending l10n issues. Debconf translations:
96 - German (Helge Kreutzmann). Closes: #634000
97 - French (Christian Perrier). Closes: #634092
98 - Russian (Yuri Kozlov). Closes: #635146
99 - Swedish (Martin Bagge / brother). Closes: #640622
100 - Slovak (Slavko). Closes: #641987
101 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
102 - Japanese (Kenshi Muto). Closes: #644828
103 - Czech (Miroslav Kure). Closes: #644843
104 - Danish (Joe Hansen). Closes: #644854
105 - Italian (Luca Monducci). Closes: #645004
106 - Dutch; (Jeroen Schot). Closes: #645090
107 - Portuguese (Miguel Figueiredo). Closes: #645126
108 - Galician (Jorge Barreiro). Closes: #645138
109 - Catalan; (Jordi Mallach). Closes: #645182
110 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
111 * Split Choices in debconf templates
112 * Add build-arch and build-indep build targets
113 * Bump debhelper compatibility level to 8
114 * Bump Standards to 3.9.2 (checked)
115 * Replace "dh_clean -k" by dh_prep
117 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
119 ca-certificates (20110502+nmu1) unstable; urgency=high
121 * Non-maintainer upload by the Security Team.
122 * Blacklist "DigiNotar Root CA" (Closes: #639744)
124 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
126 ca-certificates (20110502) unstable; urgency=low
129 * Mark the package as multi-arch:foreign. (Closes: #622323)
130 * Use db_settitle in config script to allow translations of the
131 dialog title; thanks to Frans Pop. (Closes: #560314)
133 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
135 ca-certificates (20110421) unstable; urgency=low
138 * Package is orphaned, set maintainer to QA group
139 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
140 both the old and new style of symlinks. (Closes: #611102)
141 * Remove libssl0.9.8 from enhances
142 * Update mozilla certdata.txt file to the latest version.
144 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
145 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
146 - beTRUSTed_Root_CA.crt
147 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
148 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
149 - Digital_Signature_Trust_Co._Global_CA_2.crt
150 - Digital_Signature_Trust_Co._Global_CA_4.crt
151 - Entrust.net_Global_Secure_Personal_CA.crt
152 - Entrust.net_Global_Secure_Server_CA.crt
153 - Entrust.net_Secure_Personal_CA.crt
154 - GTE_CyberTrust_Root_CA.crt
155 - IPS_Chained_CAs_root.crt
156 - IPS_CLASE1_root.crt
157 - IPS_CLASE3_root.crt
158 - IPS_CLASEA1_root.crt
159 - IPS_CLASEA3_root.crt
160 - IPS_Servidores_root.crt
161 - IPS_Timestamping_root.crt
162 - RSA_Security_1024_v3.crt
164 - Thawte_Personal_Basic_CA.crt
165 - Thawte_Personal_Premium_CA.crt
166 - UTN-USER_First-Network_Applications.crt
167 - Verisign_RSA_Secure_Server_CA.crt
168 - Verisign_Time_Stamping_Authority_CA.crt
169 - Visa_International_Global_Root_2.crt
172 - AC_Raíz_Certicámara_S.A..crt
173 - ApplicationCA_-_Japanese_Government.crt
174 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
175 - Buypass_Class_2_CA_1.crt
176 - Buypass_Class_3_CA_1.crt
179 - certSIGN_ROOT_CA.crt
180 - Chambers_of_Commerce_Root_-_2008.crt
183 - ComSign_Secured_CA.crt
184 - Cybertrust_Global_Root.crt
185 - Deutsche_Telekom_Root_CA_2.crt
186 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
187 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
188 - ePKI_Root_Certification_Authority.crt
189 - GeoTrust_Primary_Certification_Authority_-_G2.crt
190 - GeoTrust_Primary_Certification_Authority_-_G3.crt
191 - Global_Chambersign_Root_-_2008.crt
192 - GlobalSign_Root_CA_-_R3.crt
193 - Hongkong_Post_Root_CA_1.crt
197 - Microsec_e-Szigno_Root_CA_2009.crt
198 - Microsec_e-Szigno_Root_CA.crt
199 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
200 - OISTE_WISeKey_Global_Root_GA_CA.crt
201 - SecureSign_RootCA11.crt
202 - Security_Communication_EV_RootCA1.crt
203 - Staat_der_Nederlanden_Root_CA_-_G2.crt
204 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
205 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
206 - TC_TrustCenter_Class_2_CA_II.crt
207 - TC_TrustCenter_Class_3_CA_II.crt
208 - TC_TrustCenter_Universal_CA_I.crt
209 - TC_TrustCenter_Universal_CA_III.crt
210 - thawte_Primary_Root_CA_-_G2.crt
211 - thawte_Primary_Root_CA_-_G3.crt
212 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
213 - VeriSign_Universal_Root_Certification_Authority.crt
215 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
216 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
217 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
218 * String decode the mozilla certdata.txt so the filenames show up as
219 proper UTF-8 strings.
221 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
223 ca-certificates (20090814+nmu3) unstable; urgency=low
225 * Non-maintainer upload.
226 * Fix pending l10n issues. Debconf translations:
227 - French (Christian Perrier). Closes: #594231
228 - Danish (Joe Hansen). Closes: #601129
229 - Catalan (Jordi Mallach). Closes: #601089
230 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
232 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
234 ca-certificates (20090814+nmu2) unstable; urgency=low
236 * Non-maintainer upload.
237 * Fixes buggy shell functions included in the postinst script.
240 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
242 ca-certificates (20090814+nmu1) unstable; urgency=low
244 * Non-maintainer upload.
245 * Preserve user changes to the /etc/ca-certificates.conf.
248 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
250 ca-certificates (20090814) unstable; urgency=low
252 * Call Debconf and its db_purge as early as possible in postrm.
255 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
257 ca-certificates (20090709) unstable; urgency=low
259 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
261 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
263 ca-certificates (20090708) unstable; urgency=low
266 - cacert.org/root.crt and cacert.org/class3.crt:
267 Both certificate files were deprecated with 20080809. Users of these
268 root certificates are encouraged to switch to
269 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
270 roots joined in a single file.
271 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
272 This certificate has been added into the Mozilla truststore and
273 is available as `mozilla/QuoVadis_Root_CA.crt'.
274 * Do not redirect c_rehash error messages to /dev/null.
276 * Remove dangling symlinks on purge, which also gets rid of the hash
277 symlink for ca-certificates.crt. (Closes: #475240)
278 * Use subshells when grepping for certificates in config, avoiding
279 SIGPIPE because of grep's immediate exit after it finds the pattern.
281 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
282 Robby Workman of Slackware.
283 * Updated Standards-Version and FSF portal address in the copyright file.
285 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
287 ca-certificates (20090701) unstable; urgency=low
289 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
290 Rationale: The rogue collision CA has its validity period in the past.
291 Thus it does not impose a risk upon us at the moment.
292 * Restrict search for local certificates to add on files ending with '.crt'.
293 * Canonicalize PEM names by applying the same set of substitions to
294 local and other certificates like the Mozilla certdata dumper does.
296 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
298 ca-certificates (20090624) unstable; urgency=low
300 * Allow local certificate installation. All certificates found
301 in `/usr/local/share/ca-certificates' will be automatically added
302 to the list of trusted certificates in `/etc/ssl/certs'.
303 (Closes: #352637, #419491, #473677, #476663, #511150)
304 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
306 + COMODO ECC Certification Authority
308 + Network Solutions Certificate Authority
309 + WellsSecure Public Root Certificate Authority
310 - Equifax Secure Global eBusiness CA
311 - UTN USERFirst Object Root CA
312 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
313 untrusted certificates. This led to the exclusion of the
314 "MD5 Collisions Forged Rogue CA 23c3" and its parent
315 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
316 certificates are no longer included neither.
317 * Remove the purging of old PEM files in postinst dating back to
318 versions earlier than 20030414.
319 * Hooks are now called at every invocation of `update-ca-certificates'.
320 If no changes were done to `/etc/ssl/certs', the input for the
321 hooks will be empty, though. Failure exit codes of hooks will not
322 tear down the upgrade process anymore. They are printed but ignored.
324 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
326 ca-certificates (20081127) unstable; urgency=low
328 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
331 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
333 ca-certificates (20080809) unstable; urgency=low
335 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
336 This file can be used for proper certificate chaining if CACert
337 server certificates are used. The old class3.pem and root.pem
338 certificates are deprecated. This new file could safely serve as
339 a replacement for both. (Closes: #494343)
340 * This also reintroduces the old name for the CACert certificate,
341 thus closing a long-standing bug about its rename to root.crt.
344 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
346 ca-certificates (20080617) unstable; urgency=low
348 * Added French Government's IGC/A CA (both DSA and RSA).
351 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
353 ca-certificates (20080616) unstable; urgency=low
355 * Fix installation on pt_BR locales. The problem was caused by the
356 .templates choices strings being marked for translation, with pt_BR
357 being the only language which actually translated them. Thanks to
358 Ubuntu for the fix, which needs to be around until Lenny is released
359 or six months have passed, whichever is later. (Closes: #472507)
360 * Drop Fumitoshi from the list of maintainers. Farewell!
361 * Bump Standards-Version to 3.8.0.
363 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
365 ca-certificates (20080514) unstable; urgency=medium
367 * Added the new SPI CA certificate, created in response to the latest
368 openssl security update.
369 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
370 revoked sensibly. Expired CA created in 2003, expired in 2007 left
371 around for reference.
372 * Updated the Galician translation, thanks to Glennie Vignarajah.
375 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
377 ca-certificates (20080411) unstable; urgency=low
379 * Added the current SPI CA certificate, used by Debian's infrastructure.
380 * Added Deutsche Telekom Root CA 2, which is used by German institutions
382 * Updated mozilla certificates from trunk, which led to the following
383 adds (+) and removes (-):
384 + Camerfirma Chambers of Commerce Root
385 + Camerfirma Global Chambersign Root
386 + Certplus Class 2 Primary CA
387 + COMODO Certification Authority
388 + DigiCert Assured ID Root CA
389 + DigiCert Global Root CA
390 + DigiCert High Assurance EV Root CA
393 + Entrust Root Certification Authority
394 + Firmaprofesional Root CA
395 + GeoTrust Global CA 2
396 + GeoTrust Primary Certification Authority
397 + GeoTrust Universal CA
398 + GeoTrust Universal CA 2
399 + GlobalSign Root CA - R2
400 + Go Daddy Class 2 CA
401 + NetLock Business (Class B) Root
402 + NetLock Express (Class C) Root
403 + NetLock Notary (Class A) Root
404 + NetLock Qualified (Class QA) Root
409 + Starfield Class 2 CA
410 + StartCom Certification Authority
413 + SwissSign Gold CA - G2
414 + SwissSign Platinum CA - G2
415 + SwissSign Silver CA - G2
417 + thawte Primary Root CA
418 + TURKTRUST Certificate Services Provider Root 1
419 + TURKTRUST Certificate Services Provider Root 2
420 + VeriSign Class 3 Public Primary Certification Authority - G5
421 + Wells Fargo Root CA
422 + XRamp Global CA Root
423 - Verisign Class 1 Public Primary OCSP Responder
424 - Verisign Class 2 Public Primary OCSP Responder
425 - Verisign Class 3 Public Primary OCSP Responder
426 - Verisign Secure Server OCSP Responder
427 (Closes: #447062, #456581)
428 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
430 * Reworded the description and made it static to ease translations.
431 * Reworded and amended README.Debian.
432 * Added myself to the uploaders of this package.
433 * Applied a patch by Martin F. Krafft to support hooks scripts
434 on add/remove of a certificate. (Closes: #377314)
436 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
438 ca-certificates (20070303-0.1) unstable; urgency=low
440 * Non-maintainer upload to fix longstanding pending l10n issues.
441 * Debconf templates and debian/control reviewed by the debian-l10n-
442 english team as part of the Smith review project.
443 Closes: #432249, #434789
444 * Debconf translation updates:
445 - Japanese. Closes:#433067
446 - Basque. Closes: #433074
447 - Spanish. Closes: #433078
448 - Czech. Closes: #433100
449 - Galician. Closes: #433215
450 - Russian. Closes: #433224
451 - Swedish. Closes: #433432
452 - Vietnamese. Closes: #433792, #427000, #434992
453 - Dutch. Closes: #434670
454 - German. Closes: #434788
455 - Italian. Closes: #435029
456 * Portuguese. Closes: #435471
457 * Finnish. Closes: #448826
458 * Remove /etc/ssl when purging the package (only if that
459 directory is empty). Closes: #454334
460 * [Lintian] Give a reference to the GPL text in debian/copyright
461 * [Lintian] No longer ignore errors from "make clean"
462 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
464 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
466 ca-certificates (20070303) unstable; urgency=low
468 * Add debconf.org crt. closes: Bug#342088
469 * Add cacert class3 crt. closes: Bug#350282
470 * Add debian/po/pt.po. closes: Bug#408183
471 * Update debian/po/ru.po. closes: Bug#410770
472 * Update debian/po/pt_BR.po. closes: Bug#403824
473 * Add debian/po/gl.po. closes: Bug#407951
475 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
477 ca-certificates (20061027.2) unstable; urgency=low
479 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
480 * Avoid cd to /etc/ssl/certs to removing hash symlinks
483 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
485 ca-certificates (20061027.1) unstable; urgency=low
487 * Non-maintainer upload to fix remaining l10n issues
488 * Debconf translation updates:
489 - Czech. Closes: #407807
490 - Spanish. Closes: #401968
491 - German. Closes: #396942
492 * Add debconf-updatepo to the clean target in debian/rules
493 to guarantee up-to-date PO(T) files
495 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
498 ca-certificates (20061027) unstable; urgency=low
500 * sbin/update-ca-certificates:
501 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
502 preserve other symlinks. closes: Bug#387089
503 * debian/po/nl.po: updated
505 * debian/po/fr.po: updated
507 * debian/po/da.po: updated
510 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
512 ca-certificates (20060816) unstable; urgency=low
514 * debian/control: explicitly mention that trustworthiness of certificate
515 authorities is not evaluated.
517 * debian/templates: refine messages
519 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
521 * debian/control: libssl0.9.7->libssl0.9.8
523 * debian/postrm: remove .dpkg-old files
525 * debian/README.Debian: fix
527 * debian/postinst: fix typo
529 * debian/po/sv.po: added
531 * debian/po/es.po: added
533 * add new SPI CA certificate
534 submitted by Michael C. Schultheiss <schultmc@debian.org>
536 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
538 ca-certificates (20050804) unstable; urgency=low
540 * use ${misc:Depends} in debian/control for debconf
541 * update description in debian/control
543 * update debian/po/vi.po
545 * update debian/po/de.po
548 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
550 ca-certificates (20050518) unstable; urgency=high
552 * fix ca-certificates.crt generationumask-sensitive and racy
554 * update mozilla/certdata.txt
555 add: "Certum Root CA", "Comodo AAA Services root"
556 "Comodo Secure Services root",
557 "Comodo Trusted Services root",
558 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
559 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
560 "IPS Timestamping root",
562 "Security Communication Root CA",
563 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
564 "Staat der Nederlanden Root CA",
565 "TDC Internet Root CA", "TDC OCES Root CA",
566 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
567 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
568 * add CACert.org's Root CA
569 closes: Bug#213086, Bug#288293
570 * add debian/po/vi.po
572 * add debian/po/cs.po
574 * write "How certificate will be accepted in ca-certificates package"
577 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
579 ca-certificates (20040809) unstable; urgency=low
581 * previous version was not fixed Bug#255933 correctly.
582 update-ca-certificates now remove symlinks of deselected entries
583 in ca-certificates.conf
586 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
588 ca-certificates (20040808) unstable; urgency=low
590 * run update-ca-certificates by /bin/sh -e
592 * update-ca-certificates remove symlinks of deselected entries
593 in ca-certificates.conf
595 * change default of trust_new_crts from 'ask' to 'yes'
596 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
597 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
599 * add brasil.gov.br certs
601 * add Signet CA Roots certs
603 * add QuoVadis CA Roots certs
615 * fix quote characters in template
617 * remove debian.org, because certs used in db.debian.org has been
618 revoked due to debian.org crack incidents.
619 db.debian.org uses certificates using spi-inc.org Root CA.
621 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
623 ca-certificates (20031007.1) unstable; urgency=low
626 * Add brasil.gov.br/brasil.gov.br.crt, created from
627 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
628 * Add debian/po/pt_BR.po: closes: Bug#224612
630 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
632 ca-certificates (20031007) unstable; urgency=low
634 * add debian/po/ru.po: closes: Bug#214371
636 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
638 ca-certificates (20030924) unstable; urgency=low
640 * add debian/po/ja.po: closes: Bug#212565
642 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
644 ca-certificates (20030916) unstable; urgency=low
646 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
647 * debian/config: if new cert is asked, don't ask all available certs
650 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
652 ca-certificates (20030915) unstable; urgency=low
654 * debian/config.in: fix typo. closes: Bug#190990
655 * add option for new CA certificates. closes: Bug#190989
656 * switch to gettext-based debconf templates. closes: Bug#205782
657 * update mozilla/certdata.txt from mozilla 1.4 release
659 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
661 ca-certificates (20030420) unstable; urgency=low
663 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
664 * fix broken English in debconf template. closes: Bug#189606
665 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
666 * preserve comments in /etc/ca-certificates.conf when upgrading.
669 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
671 ca-certificates (20030415) unstable; urgency=medium
673 * fix upgrade problem
674 closes: Bug#188938, Bug#188940
677 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
679 ca-certificates (20030414) unstable; urgency=medium
681 * certificates are installed in /usr/share/ca-certificates
682 you can find md5sum of certs files. closes: Bug#170777
684 * debconf to generate /etc/ca-certificates.conf
685 * update-ca-certificates update /etc/ssl/certs according
686 /etc/ca-certificates.conf
687 It also generate /etc/ssl/certs/ca-certificates.crt
688 which is single-file version of certs.
691 * change extension from .pem to .crt in /usr/share/ca-certificates
693 application/x-x509-ca-cert crt
694 but it will be hardlink or copied in /etc/ssl/certs with .pem
695 extension by update-ca-certificates.
696 c_rehash requires .pem extension
698 * Update certificate from mozilla 2:1.3-4
699 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
700 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
702 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
703 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
704 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
705 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
707 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
709 ca-certificates (20020323) unstable; urgency=low
711 * Moved from non-US to main now that openssl has moved there.
713 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
715 ca-certificates (20020208) unstable; urgency=low
717 * add db.debian.org certificate
719 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
721 ca-certificates (20020112) unstable; urgency=low
723 * upload to non-US instead of main, because it depends on openssl
724 (it uses c_rehash in openssl in maintainer scripts)
726 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
728 ca-certificates (20020107) unstable; urgency=low
730 * Initial Release. closes: Bug#126586
732 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900