1 ca-certificates (20090814+nmu3) unstable; urgency=low
3 * Non-maintainer upload.
4 * Fix pending l10n issues. Debconf translations:
5 - French (Christian Perrier). Closes: #594231
6 - Danish (Joe Hansen). Closes: #601129
7 - Catalan (Jordi Mallach). Closes: #601089
8 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
10 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
12 ca-certificates (20090814+nmu2) unstable; urgency=low
14 * Non-maintainer upload.
15 * Fixes buggy shell functions included in the postinst script.
18 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
20 ca-certificates (20090814+nmu1) unstable; urgency=low
22 * Non-maintainer upload.
23 * Preserve user changes to the /etc/ca-certificates.conf.
26 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
28 ca-certificates (20090814) unstable; urgency=low
30 * Call Debconf and its db_purge as early as possible in postrm.
33 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
35 ca-certificates (20090709) unstable; urgency=low
37 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
39 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
41 ca-certificates (20090708) unstable; urgency=low
44 - cacert.org/root.crt and cacert.org/class3.crt:
45 Both certificate files were deprecated with 20080809. Users of these
46 root certificates are encouraged to switch to
47 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
48 roots joined in a single file.
49 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
50 This certificate has been added into the Mozilla truststore and
51 is available as `mozilla/QuoVadis_Root_CA.crt'.
52 * Do not redirect c_rehash error messages to /dev/null.
54 * Remove dangling symlinks on purge, which also gets rid of the hash
55 symlink for ca-certificates.crt. (Closes: #475240)
56 * Use subshells when grepping for certificates in config, avoiding
57 SIGPIPE because of grep's immediate exit after it finds the pattern.
59 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
60 Robby Workman of Slackware.
61 * Updated Standards-Version and FSF portal address in the copyright file.
63 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
65 ca-certificates (20090701) unstable; urgency=low
67 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
68 Rationale: The rogue collision CA has its validity period in the past.
69 Thus it does not impose a risk upon us at the moment.
70 * Restrict search for local certificates to add on files ending with '.crt'.
71 * Canonicalize PEM names by applying the same set of substitions to
72 local and other certificates like the Mozilla certdata dumper does.
74 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
76 ca-certificates (20090624) unstable; urgency=low
78 * Allow local certificate installation. All certificates found
79 in `/usr/local/share/ca-certificates' will be automatically added
80 to the list of trusted certificates in `/etc/ssl/certs'.
81 (Closes: #352637, #419491, #473677, #476663, #511150)
82 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
84 + COMODO ECC Certification Authority
86 + Network Solutions Certificate Authority
87 + WellsSecure Public Root Certificate Authority
88 - Equifax Secure Global eBusiness CA
89 - UTN USERFirst Object Root CA
90 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
91 untrusted certificates. This led to the exclusion of the
92 "MD5 Collisions Forged Rogue CA 23c3" and its parent
93 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
94 certificates are no longer included neither.
95 * Remove the purging of old PEM files in postinst dating back to
96 versions earlier than 20030414.
97 * Hooks are now called at every invocation of `update-ca-certificates'.
98 If no changes were done to `/etc/ssl/certs', the input for the
99 hooks will be empty, though. Failure exit codes of hooks will not
100 tear down the upgrade process anymore. They are printed but ignored.
102 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
104 ca-certificates (20081127) unstable; urgency=low
106 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
109 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
111 ca-certificates (20080809) unstable; urgency=low
113 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
114 This file can be used for proper certificate chaining if CACert
115 server certificates are used. The old class3.pem and root.pem
116 certificates are deprecated. This new file could safely serve as
117 a replacement for both. (Closes: #494343)
118 * This also reintroduces the old name for the CACert certificate,
119 thus closing a long-standing bug about its rename to root.crt.
122 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
124 ca-certificates (20080617) unstable; urgency=low
126 * Added French Government's IGC/A CA (both DSA and RSA).
129 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
131 ca-certificates (20080616) unstable; urgency=low
133 * Fix installation on pt_BR locales. The problem was caused by the
134 .templates choices strings being marked for translation, with pt_BR
135 being the only language which actually translated them. Thanks to
136 Ubuntu for the fix, which needs to be around until Lenny is released
137 or six months have passed, whichever is later. (Closes: #472507)
138 * Drop Fumitoshi from the list of maintainers. Farewell!
139 * Bump Standards-Version to 3.8.0.
141 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
143 ca-certificates (20080514) unstable; urgency=medium
145 * Added the new SPI CA certificate, created in response to the latest
146 openssl security update.
147 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
148 revoked sensibly. Expired CA created in 2003, expired in 2007 left
149 around for reference.
150 * Updated the Galician translation, thanks to Glennie Vignarajah.
153 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
155 ca-certificates (20080411) unstable; urgency=low
157 * Added the current SPI CA certificate, used by Debian's infrastructure.
158 * Added Deutsche Telekom Root CA 2, which is used by German institutions
160 * Updated mozilla certificates from trunk, which led to the following
161 adds (+) and removes (-):
162 + Camerfirma Chambers of Commerce Root
163 + Camerfirma Global Chambersign Root
164 + Certplus Class 2 Primary CA
165 + COMODO Certification Authority
166 + DigiCert Assured ID Root CA
167 + DigiCert Global Root CA
168 + DigiCert High Assurance EV Root CA
171 + Entrust Root Certification Authority
172 + Firmaprofesional Root CA
173 + GeoTrust Global CA 2
174 + GeoTrust Primary Certification Authority
175 + GeoTrust Universal CA
176 + GeoTrust Universal CA 2
177 + GlobalSign Root CA - R2
178 + Go Daddy Class 2 CA
179 + NetLock Business (Class B) Root
180 + NetLock Express (Class C) Root
181 + NetLock Notary (Class A) Root
182 + NetLock Qualified (Class QA) Root
187 + Starfield Class 2 CA
188 + StartCom Certification Authority
191 + SwissSign Gold CA - G2
192 + SwissSign Platinum CA - G2
193 + SwissSign Silver CA - G2
195 + thawte Primary Root CA
196 + TURKTRUST Certificate Services Provider Root 1
197 + TURKTRUST Certificate Services Provider Root 2
198 + VeriSign Class 3 Public Primary Certification Authority - G5
199 + Wells Fargo Root CA
200 + XRamp Global CA Root
201 - Verisign Class 1 Public Primary OCSP Responder
202 - Verisign Class 2 Public Primary OCSP Responder
203 - Verisign Class 3 Public Primary OCSP Responder
204 - Verisign Secure Server OCSP Responder
205 (Closes: #447062, #456581)
206 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
208 * Reworded the description and made it static to ease translations.
209 * Reworded and amended README.Debian.
210 * Added myself to the uploaders of this package.
211 * Applied a patch by Martin F. Krafft to support hooks scripts
212 on add/remove of a certificate. (Closes: #377314)
214 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
216 ca-certificates (20070303-0.1) unstable; urgency=low
218 * Non-maintainer upload to fix longstanding pending l10n issues.
219 * Debconf templates and debian/control reviewed by the debian-l10n-
220 english team as part of the Smith review project.
221 Closes: #432249, #434789
222 * Debconf translation updates:
223 - Japanese. Closes:#433067
224 - Basque. Closes: #433074
225 - Spanish. Closes: #433078
226 - Czech. Closes: #433100
227 - Galician. Closes: #433215
228 - Russian. Closes: #433224
229 - Swedish. Closes: #433432
230 - Vietnamese. Closes: #433792, #427000, #434992
231 - Dutch. Closes: #434670
232 - German. Closes: #434788
233 - Italian. Closes: #435029
234 * Portuguese. Closes: #435471
235 * Finnish. Closes: #448826
236 * Remove /etc/ssl when purging the package (only if that
237 directory is empty). Closes: #454334
238 * [Lintian] Give a reference to the GPL text in debian/copyright
239 * [Lintian] No longer ignore errors from "make clean"
240 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
242 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
244 ca-certificates (20070303) unstable; urgency=low
246 * Add debconf.org crt. closes: Bug#342088
247 * Add cacert class3 crt. closes: Bug#350282
248 * Add debian/po/pt.po. closes: Bug#408183
249 * Update debian/po/ru.po. closes: Bug#410770
250 * Update debian/po/pt_BR.po. closes: Bug#403824
251 * Add debian/po/gl.po. closes: Bug#407951
253 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
255 ca-certificates (20061027.2) unstable; urgency=low
257 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
258 * Avoid cd to /etc/ssl/certs to removing hash symlinks
261 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
263 ca-certificates (20061027.1) unstable; urgency=low
265 * Non-maintainer upload to fix remaining l10n issues
266 * Debconf translation updates:
267 - Czech. Closes: #407807
268 - Spanish. Closes: #401968
269 - German. Closes: #396942
270 * Add debconf-updatepo to the clean target in debian/rules
271 to guarantee up-to-date PO(T) files
273 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
276 ca-certificates (20061027) unstable; urgency=low
278 * sbin/update-ca-certificates:
279 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
280 preserve other symlinks. closes: Bug#387089
281 * debian/po/nl.po: updated
283 * debian/po/fr.po: updated
285 * debian/po/da.po: updated
288 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
290 ca-certificates (20060816) unstable; urgency=low
292 * debian/control: explicitly mention that trustworthiness of certificate
293 authorities is not evaluated.
295 * debian/templates: refine messages
297 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
299 * debian/control: libssl0.9.7->libssl0.9.8
301 * debian/postrm: remove .dpkg-old files
303 * debian/README.Debian: fix
305 * debian/postinst: fix typo
307 * debian/po/sv.po: added
309 * debian/po/es.po: added
311 * add new SPI CA certificate
312 submitted by Michael C. Schultheiss <schultmc@debian.org>
314 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
316 ca-certificates (20050804) unstable; urgency=low
318 * use ${misc:Depends} in debian/control for debconf
319 * update description in debian/control
321 * update debian/po/vi.po
323 * update debian/po/de.po
326 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
328 ca-certificates (20050518) unstable; urgency=high
330 * fix ca-certificates.crt generationumask-sensitive and racy
332 * update mozilla/certdata.txt
333 add: "Certum Root CA", "Comodo AAA Services root"
334 "Comodo Secure Services root",
335 "Comodo Trusted Services root",
336 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
337 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
338 "IPS Timestamping root",
340 "Security Communication Root CA",
341 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
342 "Staat der Nederlanden Root CA",
343 "TDC Internet Root CA", "TDC OCES Root CA",
344 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
345 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
346 * add CACert.org's Root CA
347 closes: Bug#213086, Bug#288293
348 * add debian/po/vi.po
350 * add debian/po/cs.po
352 * write "How certificate will be accepted in ca-certificates package"
355 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
357 ca-certificates (20040809) unstable; urgency=low
359 * previous version was not fixed Bug#255933 correctly.
360 update-ca-certificates now remove symlinks of deselected entries
361 in ca-certificates.conf
364 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
366 ca-certificates (20040808) unstable; urgency=low
368 * run update-ca-certificates by /bin/sh -e
370 * update-ca-certificates remove symlinks of deselected entries
371 in ca-certificates.conf
373 * change default of trust_new_crts from 'ask' to 'yes'
374 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
375 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
377 * add brasil.gov.br certs
379 * add Signet CA Roots certs
381 * add QuoVadis CA Roots certs
393 * fix quote characters in template
395 * remove debian.org, because certs used in db.debian.org has been
396 revoked due to debian.org crack incidents.
397 db.debian.org uses certificates using spi-inc.org Root CA.
399 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
401 ca-certificates (20031007.1) unstable; urgency=low
404 * Add brasil.gov.br/brasil.gov.br.crt, created from
405 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
406 * Add debian/po/pt_BR.po: closes: Bug#224612
408 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
410 ca-certificates (20031007) unstable; urgency=low
412 * add debian/po/ru.po: closes: Bug#214371
414 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
416 ca-certificates (20030924) unstable; urgency=low
418 * add debian/po/ja.po: closes: Bug#212565
420 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
422 ca-certificates (20030916) unstable; urgency=low
424 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
425 * debian/config: if new cert is asked, don't ask all available certs
428 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
430 ca-certificates (20030915) unstable; urgency=low
432 * debian/config.in: fix typo. closes: Bug#190990
433 * add option for new CA certificates. closes: Bug#190989
434 * switch to gettext-based debconf templates. closes: Bug#205782
435 * update mozilla/certdata.txt from mozilla 1.4 release
437 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
439 ca-certificates (20030420) unstable; urgency=low
441 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
442 * fix broken English in debconf template. closes: Bug#189606
443 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
444 * preserve comments in /etc/ca-certificates.conf when upgrading.
447 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
449 ca-certificates (20030415) unstable; urgency=medium
451 * fix upgrade problem
452 closes: Bug#188938, Bug#188940
455 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
457 ca-certificates (20030414) unstable; urgency=medium
459 * certificates are installed in /usr/share/ca-certificates
460 you can find md5sum of certs files. closes: Bug#170777
462 * debconf to generate /etc/ca-certificates.conf
463 * update-ca-certificates update /etc/ssl/certs according
464 /etc/ca-certificates.conf
465 It also generate /etc/ssl/certs/ca-certificates.crt
466 which is single-file version of certs.
469 * change extension from .pem to .crt in /usr/share/ca-certificates
471 application/x-x509-ca-cert crt
472 but it will be hardlink or copied in /etc/ssl/certs with .pem
473 extension by update-ca-certificates.
474 c_rehash requires .pem extension
476 * Update certificate from mozilla 2:1.3-4
477 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
478 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
480 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
481 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
482 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
483 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
485 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
487 ca-certificates (20020323) unstable; urgency=low
489 * Moved from non-US to main now that openssl has moved there.
491 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
493 ca-certificates (20020208) unstable; urgency=low
495 * add db.debian.org certificate
497 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
499 ca-certificates (20020112) unstable; urgency=low
501 * upload to non-US instead of main, because it depends on openssl
502 (it uses c_rehash in openssl in maintainer scripts)
504 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
506 ca-certificates (20020107) unstable; urgency=low
508 * Initial Release. closes: Bug#126586
510 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900