1 ca-certificates (20090708) unstable; urgency=low
4 - cacert.org/root.crt and cacert.org/class3.crt:
5 Both certificate files were deprecated with 20080809. Users of these
6 root certificates are encouraged to switch to
7 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
8 roots joined in a single file.
9 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
10 This certificate has been added into the Mozilla truststore and
11 is available as `mozilla/QuoVadis_Root_CA.crt'.
12 * Do not redirect c_rehash error messages to /dev/null.
14 * Remove dangling symlinks on purge, which also gets rid of the hash
15 symlink for ca-certificates.crt. (Closes: #475240)
16 * Use subshells when grepping for certificates in config, avoiding
17 SIGPIPE because of grep's immediate exit after it finds the pattern.
19 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
20 Robby Workman of Slackware.
21 * Updated Standards-Version and FSF portal address in the copyright file.
23 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
25 ca-certificates (20090701) unstable; urgency=low
27 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
28 Rationale: The rogue collision CA has its validity period in the past.
29 Thus it does not impose a risk upon us at the moment.
30 * Restrict search for local certificates to add on files ending with '.crt'.
31 * Canonicalize PEM names by applying the same set of substitions to
32 local and other certificates like the Mozilla certdata dumper does.
34 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
36 ca-certificates (20090624) unstable; urgency=low
38 * Allow local certificate installation. All certificates found
39 in `/usr/local/share/ca-certificates' will be automatically added
40 to the list of trusted certificates in `/etc/ssl/certs'.
41 (Closes: #352637, #419491, #473677, #476663, #511150)
42 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
44 + COMODO ECC Certification Authority
46 + Network Solutions Certificate Authority
47 + WellsSecure Public Root Certificate Authority
48 - Equifax Secure Global eBusiness CA
49 - UTN USERFirst Object Root CA
50 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
51 untrusted certificates. This led to the exclusion of the
52 "MD5 Collisions Forged Rogue CA 23c3" and its parent
53 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
54 certificates are no longer included neither.
55 * Remove the purging of old PEM files in postinst dating back to
56 versions earlier than 20030414.
57 * Hooks are now called at every invocation of `update-ca-certificates'.
58 If no changes were done to `/etc/ssl/certs', the input for the
59 hooks will be empty, though. Failure exit codes of hooks will not
60 tear down the upgrade process anymore. They are printed but ignored.
62 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
64 ca-certificates (20081127) unstable; urgency=low
66 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
69 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
71 ca-certificates (20080809) unstable; urgency=low
73 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
74 This file can be used for proper certificate chaining if CACert
75 server certificates are used. The old class3.pem and root.pem
76 certificates are deprecated. This new file could safely serve as
77 a replacement for both. (Closes: #494343)
78 * This also reintroduces the old name for the CACert certificate,
79 thus closing a long-standing bug about its rename to root.crt.
82 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
84 ca-certificates (20080617) unstable; urgency=low
86 * Added French Government's IGC/A CA (both DSA and RSA).
89 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
91 ca-certificates (20080616) unstable; urgency=low
93 * Fix installation on pt_BR locales. The problem was caused by the
94 .templates choices strings being marked for translation, with pt_BR
95 being the only language which actually translated them. Thanks to
96 Ubuntu for the fix, which needs to be around until Lenny is released
97 or six months have passed, whichever is later. (Closes: #472507)
98 * Drop Fumitoshi from the list of maintainers. Farewell!
99 * Bump Standards-Version to 3.8.0.
101 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
103 ca-certificates (20080514) unstable; urgency=medium
105 * Added the new SPI CA certificate, created in response to the latest
106 openssl security update.
107 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
108 revoked sensibly. Expired CA created in 2003, expired in 2007 left
109 around for reference.
110 * Updated the Galician translation, thanks to Glennie Vignarajah.
113 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
115 ca-certificates (20080411) unstable; urgency=low
117 * Added the current SPI CA certificate, used by Debian's infrastructure.
118 * Added Deutsche Telekom Root CA 2, which is used by German institutions
120 * Updated mozilla certificates from trunk, which led to the following
121 adds (+) and removes (-):
122 + Camerfirma Chambers of Commerce Root
123 + Camerfirma Global Chambersign Root
124 + Certplus Class 2 Primary CA
125 + COMODO Certification Authority
126 + DigiCert Assured ID Root CA
127 + DigiCert Global Root CA
128 + DigiCert High Assurance EV Root CA
131 + Entrust Root Certification Authority
132 + Firmaprofesional Root CA
133 + GeoTrust Global CA 2
134 + GeoTrust Primary Certification Authority
135 + GeoTrust Universal CA
136 + GeoTrust Universal CA 2
137 + GlobalSign Root CA - R2
138 + Go Daddy Class 2 CA
139 + NetLock Business (Class B) Root
140 + NetLock Express (Class C) Root
141 + NetLock Notary (Class A) Root
142 + NetLock Qualified (Class QA) Root
147 + Starfield Class 2 CA
148 + StartCom Certification Authority
151 + SwissSign Gold CA - G2
152 + SwissSign Platinum CA - G2
153 + SwissSign Silver CA - G2
155 + thawte Primary Root CA
156 + TURKTRUST Certificate Services Provider Root 1
157 + TURKTRUST Certificate Services Provider Root 2
158 + VeriSign Class 3 Public Primary Certification Authority - G5
159 + Wells Fargo Root CA
160 + XRamp Global CA Root
161 - Verisign Class 1 Public Primary OCSP Responder
162 - Verisign Class 2 Public Primary OCSP Responder
163 - Verisign Class 3 Public Primary OCSP Responder
164 - Verisign Secure Server OCSP Responder
165 (Closes: #447062, #456581)
166 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
168 * Reworded the description and made it static to ease translations.
169 * Reworded and amended README.Debian.
170 * Added myself to the uploaders of this package.
171 * Applied a patch by Martin F. Krafft to support hooks scripts
172 on add/remove of a certificate. (Closes: #377314)
174 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
176 ca-certificates (20070303-0.1) unstable; urgency=low
178 * Non-maintainer upload to fix longstanding pending l10n issues.
179 * Debconf templates and debian/control reviewed by the debian-l10n-
180 english team as part of the Smith review project.
181 Closes: #432249, #434789
182 * Debconf translation updates:
183 - Japanese. Closes:#433067
184 - Basque. Closes: #433074
185 - Spanish. Closes: #433078
186 - Czech. Closes: #433100
187 - Galician. Closes: #433215
188 - Russian. Closes: #433224
189 - Swedish. Closes: #433432
190 - Vietnamese. Closes: #433792, #427000, #434992
191 - Dutch. Closes: #434670
192 - German. Closes: #434788
193 - Italian. Closes: #435029
194 * Portuguese. Closes: #435471
195 * Finnish. Closes: #448826
196 * Remove /etc/ssl when purging the package (only if that
197 directory is empty). Closes: #454334
198 * [Lintian] Give a reference to the GPL text in debian/copyright
199 * [Lintian] No longer ignore errors from "make clean"
200 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
202 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
204 ca-certificates (20070303) unstable; urgency=low
206 * Add debconf.org crt. closes: Bug#342088
207 * Add cacert class3 crt. closes: Bug#350282
208 * Add debian/po/pt.po. closes: Bug#408183
209 * Update debian/po/ru.po. closes: Bug#410770
210 * Update debian/po/pt_BR.po. closes: Bug#403824
211 * Add debian/po/gl.po. closes: Bug#407951
213 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
215 ca-certificates (20061027.2) unstable; urgency=low
217 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
218 * Avoid cd to /etc/ssl/certs to removing hash symlinks
221 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
223 ca-certificates (20061027.1) unstable; urgency=low
225 * Non-maintainer upload to fix remaining l10n issues
226 * Debconf translation updates:
227 - Czech. Closes: #407807
228 - Spanish. Closes: #401968
229 - German. Closes: #396942
230 * Add debconf-updatepo to the clean target in debian/rules
231 to guarantee up-to-date PO(T) files
233 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
236 ca-certificates (20061027) unstable; urgency=low
238 * sbin/update-ca-certificates:
239 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
240 preserve other symlinks. closes: Bug#387089
241 * debian/po/nl.po: updated
243 * debian/po/fr.po: updated
245 * debian/po/da.po: updated
248 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
250 ca-certificates (20060816) unstable; urgency=low
252 * debian/control: explicitly mention that trustworthiness of certificate
253 authorities is not evaluated.
255 * debian/templates: refine messages
257 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
259 * debian/control: libssl0.9.7->libssl0.9.8
261 * debian/postrm: remove .dpkg-old files
263 * debian/README.Debian: fix
265 * debian/postinst: fix typo
267 * debian/po/sv.po: added
269 * debian/po/es.po: added
271 * add new SPI CA certificate
272 submitted by Michael C. Schultheiss <schultmc@debian.org>
274 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
276 ca-certificates (20050804) unstable; urgency=low
278 * use ${misc:Depends} in debian/control for debconf
279 * update description in debian/control
281 * update debian/po/vi.po
283 * update debian/po/de.po
286 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
288 ca-certificates (20050518) unstable; urgency=high
290 * fix ca-certificates.crt generationumask-sensitive and racy
292 * update mozilla/certdata.txt
293 add: "Certum Root CA", "Comodo AAA Services root"
294 "Comodo Secure Services root",
295 "Comodo Trusted Services root",
296 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
297 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
298 "IPS Timestamping root",
300 "Security Communication Root CA",
301 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
302 "Staat der Nederlanden Root CA",
303 "TDC Internet Root CA", "TDC OCES Root CA",
304 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
305 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
306 * add CACert.org's Root CA
307 closes: Bug#213086, Bug#288293
308 * add debian/po/vi.po
310 * add debian/po/cs.po
312 * write "How certificate will be accepted in ca-certificates package"
315 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
317 ca-certificates (20040809) unstable; urgency=low
319 * previous version was not fixed Bug#255933 correctly.
320 update-ca-certificates now remove symlinks of deselected entries
321 in ca-certificates.conf
324 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
326 ca-certificates (20040808) unstable; urgency=low
328 * run update-ca-certificates by /bin/sh -e
330 * update-ca-certificates remove symlinks of deselected entries
331 in ca-certificates.conf
333 * change default of trust_new_crts from 'ask' to 'yes'
334 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
335 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
337 * add brasil.gov.br certs
339 * add Signet CA Roots certs
341 * add QuoVadis CA Roots certs
353 * fix quote characters in template
355 * remove debian.org, because certs used in db.debian.org has been
356 revoked due to debian.org crack incidents.
357 db.debian.org uses certificates using spi-inc.org Root CA.
359 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
361 ca-certificates (20031007.1) unstable; urgency=low
364 * Add brasil.gov.br/brasil.gov.br.crt, created from
365 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
366 * Add debian/po/pt_BR.po: closes: Bug#224612
368 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
370 ca-certificates (20031007) unstable; urgency=low
372 * add debian/po/ru.po: closes: Bug#214371
374 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
376 ca-certificates (20030924) unstable; urgency=low
378 * add debian/po/ja.po: closes: Bug#212565
380 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
382 ca-certificates (20030916) unstable; urgency=low
384 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
385 * debian/config: if new cert is asked, don't ask all available certs
388 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
390 ca-certificates (20030915) unstable; urgency=low
392 * debian/config.in: fix typo. closes: Bug#190990
393 * add option for new CA certificates. closes: Bug#190989
394 * switch to gettext-based debconf templates. closes: Bug#205782
395 * update mozilla/certdata.txt from mozilla 1.4 release
397 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
399 ca-certificates (20030420) unstable; urgency=low
401 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
402 * fix broken English in debconf template. closes: Bug#189606
403 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
404 * preserve comments in /etc/ca-certificates.conf when upgrading.
407 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
409 ca-certificates (20030415) unstable; urgency=medium
411 * fix upgrade problem
412 closes: Bug#188938, Bug#188940
415 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
417 ca-certificates (20030414) unstable; urgency=medium
419 * certificates are installed in /usr/share/ca-certificates
420 you can find md5sum of certs files. closes: Bug#170777
422 * debconf to generate /etc/ca-certificates.conf
423 * update-ca-certificates update /etc/ssl/certs according
424 /etc/ca-certificates.conf
425 It also generate /etc/ssl/certs/ca-certificates.crt
426 which is single-file version of certs.
429 * change extension from .pem to .crt in /usr/share/ca-certificates
431 application/x-x509-ca-cert crt
432 but it will be hardlink or copied in /etc/ssl/certs with .pem
433 extension by update-ca-certificates.
434 c_rehash requires .pem extension
436 * Update certificate from mozilla 2:1.3-4
437 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
438 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
440 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
441 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
442 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
443 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
445 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
447 ca-certificates (20020323) unstable; urgency=low
449 * Moved from non-US to main now that openssl has moved there.
451 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
453 ca-certificates (20020208) unstable; urgency=low
455 * add db.debian.org certificate
457 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
459 ca-certificates (20020112) unstable; urgency=low
461 * upload to non-US instead of main, because it depends on openssl
462 (it uses c_rehash in openssl in maintainer scripts)
464 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
466 ca-certificates (20020107) unstable; urgency=low
468 * Initial Release. closes: Bug#126586
470 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900