1 ca-certificates (20111211.1) unstable; urgency=low
3 * Add notice to README.Debian deprecating CA inclusions and refer to
4 #647848 for Debian CA Certificate Policy discussion.
6 -- Michael Shuler <michael@pbandjelly.org> Thu, 15 Dec 2011 12:28:39 -0600
8 ca-certificates (20111211) unstable; urgency=low
10 * Clarify CA audit note in package description and README.debian. Thanks
11 to C.J. Adams-Collier for the patch. Closes: #594383
12 * Remove French Government IGC/A CA certificates. The RSA certificate is
13 included in the Mozilla bundle and the DSA certificate is not in use.
15 * Remove expired signet.pl CAs. Closes: #647849
16 * Remove expired brasil.gov.br CA.
17 * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
18 * Use 'set -e' in body of debian/postinst
19 * Update mozilla/certdata.txt to version 1.80
20 (no added/removed CAs)
21 * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
23 -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
25 ca-certificates (20111025) unstable; urgency=low
28 * Add 3.0 (native) source format
29 * Add Vcs-Git/Browser fields
30 * Add myself as new Maintainer with Uploaders Closes: #588219
31 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
32 Certificates added (+) and removed (-):
33 + "AffirmTrust Commercial"
34 + "AffirmTrust Networking"
35 + "AffirmTrust Premium"
36 + "AffirmTrust Premium ECC"
38 + "Certinomis - Autorité Racine"
39 + "Certum Trusted Network CA"
40 + "Go Daddy Root Certificate Authority - G2"
41 + "Root CA Generalitat Valenciana"
42 + "Starfield Root Certificate Authority - G2"
43 + "Starfield Services Root Certificate Authority - G2"
44 + "TWCA Root Certification Authority"
45 - "AOL Time Warner Root Certification Authority 1"
46 - "AOL Time Warner Root Certification Authority 2"
48 - "Entrust.net Global Secure Personal CA"
49 - "Entrust.net Global Secure Server CA"
50 - "Entrust.net Secure Personal CA"
51 - "IPS Chained CAs root"
56 - "IPS Timestamping root"
57 - "Thawte Personal Freemail CA"
58 - "Thawte Time Stamping CA"
59 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
62 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
63 the way before calling c_rehash, so that symlinks don't accidentally get
64 pointed here, breaking openssl certificate verification LP: #854927
67 * Drop bogus c_rehash on upgrades, which caused issue when
68 ca-certificates.crt was still in place; instead, call
69 update-ca-certificates --fresh on upgrades to this version, and
70 the usual update-ca-certificates otherwise Closes: #643667, #537382
72 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
74 ca-certificates (20111022) unstable; urgency=low
77 * Fix pending l10n issues. Debconf translations:
78 - German (Helge Kreutzmann). Closes: #634000
79 - French (Christian Perrier). Closes: #634092
80 - Russian (Yuri Kozlov). Closes: #635146
81 - Swedish (Martin Bagge / brother). Closes: #640622
82 - Slovak (Slavko). Closes: #641987
83 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
84 - Japanese (Kenshi Muto). Closes: #644828
85 - Czech (Miroslav Kure). Closes: #644843
86 - Danish (Joe Hansen). Closes: #644854
87 - Italian (Luca Monducci). Closes: #645004
88 - Dutch; (Jeroen Schot). Closes: #645090
89 - Portuguese (Miguel Figueiredo). Closes: #645126
90 - Galician (Jorge Barreiro). Closes: #645138
91 - Catalan; (Jordi Mallach). Closes: #645182
92 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
93 * Split Choices in debconf templates
94 * Add build-arch and build-indep build targets
95 * Bump debhelper compatibility level to 8
96 * Bump Standards to 3.9.2 (checked)
97 * Replace "dh_clean -k" by dh_prep
99 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
101 ca-certificates (20110502+nmu1) unstable; urgency=high
103 * Non-maintainer upload by the Security Team.
104 * Blacklist "DigiNotar Root CA" (Closes: #639744)
106 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
108 ca-certificates (20110502) unstable; urgency=low
111 * Mark the package as multi-arch:foreign. (Closes: #622323)
112 * Use db_settitle in config script to allow translations of the
113 dialog title; thanks to Frans Pop. (Closes: #560314)
115 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
117 ca-certificates (20110421) unstable; urgency=low
120 * Package is orphaned, set maintainer to QA group
121 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
122 both the old and new style of symlinks. (Closes: #611102)
123 * Remove libssl0.9.8 from enhances
124 * Update mozilla certdata.txt file to the latest version.
126 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
127 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
128 - beTRUSTed_Root_CA.crt
129 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
130 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
131 - Digital_Signature_Trust_Co._Global_CA_2.crt
132 - Digital_Signature_Trust_Co._Global_CA_4.crt
133 - Entrust.net_Global_Secure_Personal_CA.crt
134 - Entrust.net_Global_Secure_Server_CA.crt
135 - Entrust.net_Secure_Personal_CA.crt
136 - GTE_CyberTrust_Root_CA.crt
137 - IPS_Chained_CAs_root.crt
138 - IPS_CLASE1_root.crt
139 - IPS_CLASE3_root.crt
140 - IPS_CLASEA1_root.crt
141 - IPS_CLASEA3_root.crt
142 - IPS_Servidores_root.crt
143 - IPS_Timestamping_root.crt
144 - RSA_Security_1024_v3.crt
146 - Thawte_Personal_Basic_CA.crt
147 - Thawte_Personal_Premium_CA.crt
148 - UTN-USER_First-Network_Applications.crt
149 - Verisign_RSA_Secure_Server_CA.crt
150 - Verisign_Time_Stamping_Authority_CA.crt
151 - Visa_International_Global_Root_2.crt
154 - AC_Raíz_Certicámara_S.A..crt
155 - ApplicationCA_-_Japanese_Government.crt
156 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
157 - Buypass_Class_2_CA_1.crt
158 - Buypass_Class_3_CA_1.crt
161 - certSIGN_ROOT_CA.crt
162 - Chambers_of_Commerce_Root_-_2008.crt
165 - ComSign_Secured_CA.crt
166 - Cybertrust_Global_Root.crt
167 - Deutsche_Telekom_Root_CA_2.crt
168 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
169 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
170 - ePKI_Root_Certification_Authority.crt
171 - GeoTrust_Primary_Certification_Authority_-_G2.crt
172 - GeoTrust_Primary_Certification_Authority_-_G3.crt
173 - Global_Chambersign_Root_-_2008.crt
174 - GlobalSign_Root_CA_-_R3.crt
175 - Hongkong_Post_Root_CA_1.crt
179 - Microsec_e-Szigno_Root_CA_2009.crt
180 - Microsec_e-Szigno_Root_CA.crt
181 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
182 - OISTE_WISeKey_Global_Root_GA_CA.crt
183 - SecureSign_RootCA11.crt
184 - Security_Communication_EV_RootCA1.crt
185 - Staat_der_Nederlanden_Root_CA_-_G2.crt
186 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
187 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
188 - TC_TrustCenter_Class_2_CA_II.crt
189 - TC_TrustCenter_Class_3_CA_II.crt
190 - TC_TrustCenter_Universal_CA_I.crt
191 - TC_TrustCenter_Universal_CA_III.crt
192 - thawte_Primary_Root_CA_-_G2.crt
193 - thawte_Primary_Root_CA_-_G3.crt
194 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
195 - VeriSign_Universal_Root_Certification_Authority.crt
197 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
198 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
199 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
200 * String decode the mozilla certdata.txt so the filenames show up as
201 proper UTF-8 strings.
203 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
205 ca-certificates (20090814+nmu3) unstable; urgency=low
207 * Non-maintainer upload.
208 * Fix pending l10n issues. Debconf translations:
209 - French (Christian Perrier). Closes: #594231
210 - Danish (Joe Hansen). Closes: #601129
211 - Catalan (Jordi Mallach). Closes: #601089
212 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
214 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
216 ca-certificates (20090814+nmu2) unstable; urgency=low
218 * Non-maintainer upload.
219 * Fixes buggy shell functions included in the postinst script.
222 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
224 ca-certificates (20090814+nmu1) unstable; urgency=low
226 * Non-maintainer upload.
227 * Preserve user changes to the /etc/ca-certificates.conf.
230 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
232 ca-certificates (20090814) unstable; urgency=low
234 * Call Debconf and its db_purge as early as possible in postrm.
237 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
239 ca-certificates (20090709) unstable; urgency=low
241 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
243 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
245 ca-certificates (20090708) unstable; urgency=low
248 - cacert.org/root.crt and cacert.org/class3.crt:
249 Both certificate files were deprecated with 20080809. Users of these
250 root certificates are encouraged to switch to
251 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
252 roots joined in a single file.
253 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
254 This certificate has been added into the Mozilla truststore and
255 is available as `mozilla/QuoVadis_Root_CA.crt'.
256 * Do not redirect c_rehash error messages to /dev/null.
258 * Remove dangling symlinks on purge, which also gets rid of the hash
259 symlink for ca-certificates.crt. (Closes: #475240)
260 * Use subshells when grepping for certificates in config, avoiding
261 SIGPIPE because of grep's immediate exit after it finds the pattern.
263 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
264 Robby Workman of Slackware.
265 * Updated Standards-Version and FSF portal address in the copyright file.
267 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
269 ca-certificates (20090701) unstable; urgency=low
271 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
272 Rationale: The rogue collision CA has its validity period in the past.
273 Thus it does not impose a risk upon us at the moment.
274 * Restrict search for local certificates to add on files ending with '.crt'.
275 * Canonicalize PEM names by applying the same set of substitions to
276 local and other certificates like the Mozilla certdata dumper does.
278 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
280 ca-certificates (20090624) unstable; urgency=low
282 * Allow local certificate installation. All certificates found
283 in `/usr/local/share/ca-certificates' will be automatically added
284 to the list of trusted certificates in `/etc/ssl/certs'.
285 (Closes: #352637, #419491, #473677, #476663, #511150)
286 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
288 + COMODO ECC Certification Authority
290 + Network Solutions Certificate Authority
291 + WellsSecure Public Root Certificate Authority
292 - Equifax Secure Global eBusiness CA
293 - UTN USERFirst Object Root CA
294 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
295 untrusted certificates. This led to the exclusion of the
296 "MD5 Collisions Forged Rogue CA 23c3" and its parent
297 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
298 certificates are no longer included neither.
299 * Remove the purging of old PEM files in postinst dating back to
300 versions earlier than 20030414.
301 * Hooks are now called at every invocation of `update-ca-certificates'.
302 If no changes were done to `/etc/ssl/certs', the input for the
303 hooks will be empty, though. Failure exit codes of hooks will not
304 tear down the upgrade process anymore. They are printed but ignored.
306 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
308 ca-certificates (20081127) unstable; urgency=low
310 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
313 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
315 ca-certificates (20080809) unstable; urgency=low
317 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
318 This file can be used for proper certificate chaining if CACert
319 server certificates are used. The old class3.pem and root.pem
320 certificates are deprecated. This new file could safely serve as
321 a replacement for both. (Closes: #494343)
322 * This also reintroduces the old name for the CACert certificate,
323 thus closing a long-standing bug about its rename to root.crt.
326 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
328 ca-certificates (20080617) unstable; urgency=low
330 * Added French Government's IGC/A CA (both DSA and RSA).
333 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
335 ca-certificates (20080616) unstable; urgency=low
337 * Fix installation on pt_BR locales. The problem was caused by the
338 .templates choices strings being marked for translation, with pt_BR
339 being the only language which actually translated them. Thanks to
340 Ubuntu for the fix, which needs to be around until Lenny is released
341 or six months have passed, whichever is later. (Closes: #472507)
342 * Drop Fumitoshi from the list of maintainers. Farewell!
343 * Bump Standards-Version to 3.8.0.
345 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
347 ca-certificates (20080514) unstable; urgency=medium
349 * Added the new SPI CA certificate, created in response to the latest
350 openssl security update.
351 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
352 revoked sensibly. Expired CA created in 2003, expired in 2007 left
353 around for reference.
354 * Updated the Galician translation, thanks to Glennie Vignarajah.
357 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
359 ca-certificates (20080411) unstable; urgency=low
361 * Added the current SPI CA certificate, used by Debian's infrastructure.
362 * Added Deutsche Telekom Root CA 2, which is used by German institutions
364 * Updated mozilla certificates from trunk, which led to the following
365 adds (+) and removes (-):
366 + Camerfirma Chambers of Commerce Root
367 + Camerfirma Global Chambersign Root
368 + Certplus Class 2 Primary CA
369 + COMODO Certification Authority
370 + DigiCert Assured ID Root CA
371 + DigiCert Global Root CA
372 + DigiCert High Assurance EV Root CA
375 + Entrust Root Certification Authority
376 + Firmaprofesional Root CA
377 + GeoTrust Global CA 2
378 + GeoTrust Primary Certification Authority
379 + GeoTrust Universal CA
380 + GeoTrust Universal CA 2
381 + GlobalSign Root CA - R2
382 + Go Daddy Class 2 CA
383 + NetLock Business (Class B) Root
384 + NetLock Express (Class C) Root
385 + NetLock Notary (Class A) Root
386 + NetLock Qualified (Class QA) Root
391 + Starfield Class 2 CA
392 + StartCom Certification Authority
395 + SwissSign Gold CA - G2
396 + SwissSign Platinum CA - G2
397 + SwissSign Silver CA - G2
399 + thawte Primary Root CA
400 + TURKTRUST Certificate Services Provider Root 1
401 + TURKTRUST Certificate Services Provider Root 2
402 + VeriSign Class 3 Public Primary Certification Authority - G5
403 + Wells Fargo Root CA
404 + XRamp Global CA Root
405 - Verisign Class 1 Public Primary OCSP Responder
406 - Verisign Class 2 Public Primary OCSP Responder
407 - Verisign Class 3 Public Primary OCSP Responder
408 - Verisign Secure Server OCSP Responder
409 (Closes: #447062, #456581)
410 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
412 * Reworded the description and made it static to ease translations.
413 * Reworded and amended README.Debian.
414 * Added myself to the uploaders of this package.
415 * Applied a patch by Martin F. Krafft to support hooks scripts
416 on add/remove of a certificate. (Closes: #377314)
418 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
420 ca-certificates (20070303-0.1) unstable; urgency=low
422 * Non-maintainer upload to fix longstanding pending l10n issues.
423 * Debconf templates and debian/control reviewed by the debian-l10n-
424 english team as part of the Smith review project.
425 Closes: #432249, #434789
426 * Debconf translation updates:
427 - Japanese. Closes:#433067
428 - Basque. Closes: #433074
429 - Spanish. Closes: #433078
430 - Czech. Closes: #433100
431 - Galician. Closes: #433215
432 - Russian. Closes: #433224
433 - Swedish. Closes: #433432
434 - Vietnamese. Closes: #433792, #427000, #434992
435 - Dutch. Closes: #434670
436 - German. Closes: #434788
437 - Italian. Closes: #435029
438 * Portuguese. Closes: #435471
439 * Finnish. Closes: #448826
440 * Remove /etc/ssl when purging the package (only if that
441 directory is empty). Closes: #454334
442 * [Lintian] Give a reference to the GPL text in debian/copyright
443 * [Lintian] No longer ignore errors from "make clean"
444 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
446 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
448 ca-certificates (20070303) unstable; urgency=low
450 * Add debconf.org crt. closes: Bug#342088
451 * Add cacert class3 crt. closes: Bug#350282
452 * Add debian/po/pt.po. closes: Bug#408183
453 * Update debian/po/ru.po. closes: Bug#410770
454 * Update debian/po/pt_BR.po. closes: Bug#403824
455 * Add debian/po/gl.po. closes: Bug#407951
457 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
459 ca-certificates (20061027.2) unstable; urgency=low
461 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
462 * Avoid cd to /etc/ssl/certs to removing hash symlinks
465 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
467 ca-certificates (20061027.1) unstable; urgency=low
469 * Non-maintainer upload to fix remaining l10n issues
470 * Debconf translation updates:
471 - Czech. Closes: #407807
472 - Spanish. Closes: #401968
473 - German. Closes: #396942
474 * Add debconf-updatepo to the clean target in debian/rules
475 to guarantee up-to-date PO(T) files
477 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
480 ca-certificates (20061027) unstable; urgency=low
482 * sbin/update-ca-certificates:
483 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
484 preserve other symlinks. closes: Bug#387089
485 * debian/po/nl.po: updated
487 * debian/po/fr.po: updated
489 * debian/po/da.po: updated
492 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
494 ca-certificates (20060816) unstable; urgency=low
496 * debian/control: explicitly mention that trustworthiness of certificate
497 authorities is not evaluated.
499 * debian/templates: refine messages
501 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
503 * debian/control: libssl0.9.7->libssl0.9.8
505 * debian/postrm: remove .dpkg-old files
507 * debian/README.Debian: fix
509 * debian/postinst: fix typo
511 * debian/po/sv.po: added
513 * debian/po/es.po: added
515 * add new SPI CA certificate
516 submitted by Michael C. Schultheiss <schultmc@debian.org>
518 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
520 ca-certificates (20050804) unstable; urgency=low
522 * use ${misc:Depends} in debian/control for debconf
523 * update description in debian/control
525 * update debian/po/vi.po
527 * update debian/po/de.po
530 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
532 ca-certificates (20050518) unstable; urgency=high
534 * fix ca-certificates.crt generationumask-sensitive and racy
536 * update mozilla/certdata.txt
537 add: "Certum Root CA", "Comodo AAA Services root"
538 "Comodo Secure Services root",
539 "Comodo Trusted Services root",
540 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
541 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
542 "IPS Timestamping root",
544 "Security Communication Root CA",
545 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
546 "Staat der Nederlanden Root CA",
547 "TDC Internet Root CA", "TDC OCES Root CA",
548 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
549 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
550 * add CACert.org's Root CA
551 closes: Bug#213086, Bug#288293
552 * add debian/po/vi.po
554 * add debian/po/cs.po
556 * write "How certificate will be accepted in ca-certificates package"
559 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
561 ca-certificates (20040809) unstable; urgency=low
563 * previous version was not fixed Bug#255933 correctly.
564 update-ca-certificates now remove symlinks of deselected entries
565 in ca-certificates.conf
568 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
570 ca-certificates (20040808) unstable; urgency=low
572 * run update-ca-certificates by /bin/sh -e
574 * update-ca-certificates remove symlinks of deselected entries
575 in ca-certificates.conf
577 * change default of trust_new_crts from 'ask' to 'yes'
578 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
579 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
581 * add brasil.gov.br certs
583 * add Signet CA Roots certs
585 * add QuoVadis CA Roots certs
597 * fix quote characters in template
599 * remove debian.org, because certs used in db.debian.org has been
600 revoked due to debian.org crack incidents.
601 db.debian.org uses certificates using spi-inc.org Root CA.
603 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
605 ca-certificates (20031007.1) unstable; urgency=low
608 * Add brasil.gov.br/brasil.gov.br.crt, created from
609 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
610 * Add debian/po/pt_BR.po: closes: Bug#224612
612 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
614 ca-certificates (20031007) unstable; urgency=low
616 * add debian/po/ru.po: closes: Bug#214371
618 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
620 ca-certificates (20030924) unstable; urgency=low
622 * add debian/po/ja.po: closes: Bug#212565
624 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
626 ca-certificates (20030916) unstable; urgency=low
628 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
629 * debian/config: if new cert is asked, don't ask all available certs
632 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
634 ca-certificates (20030915) unstable; urgency=low
636 * debian/config.in: fix typo. closes: Bug#190990
637 * add option for new CA certificates. closes: Bug#190989
638 * switch to gettext-based debconf templates. closes: Bug#205782
639 * update mozilla/certdata.txt from mozilla 1.4 release
641 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
643 ca-certificates (20030420) unstable; urgency=low
645 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
646 * fix broken English in debconf template. closes: Bug#189606
647 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
648 * preserve comments in /etc/ca-certificates.conf when upgrading.
651 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
653 ca-certificates (20030415) unstable; urgency=medium
655 * fix upgrade problem
656 closes: Bug#188938, Bug#188940
659 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
661 ca-certificates (20030414) unstable; urgency=medium
663 * certificates are installed in /usr/share/ca-certificates
664 you can find md5sum of certs files. closes: Bug#170777
666 * debconf to generate /etc/ca-certificates.conf
667 * update-ca-certificates update /etc/ssl/certs according
668 /etc/ca-certificates.conf
669 It also generate /etc/ssl/certs/ca-certificates.crt
670 which is single-file version of certs.
673 * change extension from .pem to .crt in /usr/share/ca-certificates
675 application/x-x509-ca-cert crt
676 but it will be hardlink or copied in /etc/ssl/certs with .pem
677 extension by update-ca-certificates.
678 c_rehash requires .pem extension
680 * Update certificate from mozilla 2:1.3-4
681 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
682 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
684 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
685 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
686 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
687 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
689 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
691 ca-certificates (20020323) unstable; urgency=low
693 * Moved from non-US to main now that openssl has moved there.
695 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
697 ca-certificates (20020208) unstable; urgency=low
699 * add db.debian.org certificate
701 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
703 ca-certificates (20020112) unstable; urgency=low
705 * upload to non-US instead of main, because it depends on openssl
706 (it uses c_rehash in openssl in maintainer scripts)
708 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
710 ca-certificates (20020107) unstable; urgency=low
712 * Initial Release. closes: Bug#126586
714 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900