1 ca-certificates (20090814) unstable; urgency=low
3 * Call Debconf and its db_purge as early as possible in postrm.
6 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
8 ca-certificates (20090709) unstable; urgency=low
10 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
12 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
14 ca-certificates (20090708) unstable; urgency=low
17 - cacert.org/root.crt and cacert.org/class3.crt:
18 Both certificate files were deprecated with 20080809. Users of these
19 root certificates are encouraged to switch to
20 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
21 roots joined in a single file.
22 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
23 This certificate has been added into the Mozilla truststore and
24 is available as `mozilla/QuoVadis_Root_CA.crt'.
25 * Do not redirect c_rehash error messages to /dev/null.
27 * Remove dangling symlinks on purge, which also gets rid of the hash
28 symlink for ca-certificates.crt. (Closes: #475240)
29 * Use subshells when grepping for certificates in config, avoiding
30 SIGPIPE because of grep's immediate exit after it finds the pattern.
32 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
33 Robby Workman of Slackware.
34 * Updated Standards-Version and FSF portal address in the copyright file.
36 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
38 ca-certificates (20090701) unstable; urgency=low
40 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
41 Rationale: The rogue collision CA has its validity period in the past.
42 Thus it does not impose a risk upon us at the moment.
43 * Restrict search for local certificates to add on files ending with '.crt'.
44 * Canonicalize PEM names by applying the same set of substitions to
45 local and other certificates like the Mozilla certdata dumper does.
47 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
49 ca-certificates (20090624) unstable; urgency=low
51 * Allow local certificate installation. All certificates found
52 in `/usr/local/share/ca-certificates' will be automatically added
53 to the list of trusted certificates in `/etc/ssl/certs'.
54 (Closes: #352637, #419491, #473677, #476663, #511150)
55 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
57 + COMODO ECC Certification Authority
59 + Network Solutions Certificate Authority
60 + WellsSecure Public Root Certificate Authority
61 - Equifax Secure Global eBusiness CA
62 - UTN USERFirst Object Root CA
63 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
64 untrusted certificates. This led to the exclusion of the
65 "MD5 Collisions Forged Rogue CA 23c3" and its parent
66 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
67 certificates are no longer included neither.
68 * Remove the purging of old PEM files in postinst dating back to
69 versions earlier than 20030414.
70 * Hooks are now called at every invocation of `update-ca-certificates'.
71 If no changes were done to `/etc/ssl/certs', the input for the
72 hooks will be empty, though. Failure exit codes of hooks will not
73 tear down the upgrade process anymore. They are printed but ignored.
75 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
77 ca-certificates (20081127) unstable; urgency=low
79 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
82 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
84 ca-certificates (20080809) unstable; urgency=low
86 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
87 This file can be used for proper certificate chaining if CACert
88 server certificates are used. The old class3.pem and root.pem
89 certificates are deprecated. This new file could safely serve as
90 a replacement for both. (Closes: #494343)
91 * This also reintroduces the old name for the CACert certificate,
92 thus closing a long-standing bug about its rename to root.crt.
95 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
97 ca-certificates (20080617) unstable; urgency=low
99 * Added French Government's IGC/A CA (both DSA and RSA).
102 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
104 ca-certificates (20080616) unstable; urgency=low
106 * Fix installation on pt_BR locales. The problem was caused by the
107 .templates choices strings being marked for translation, with pt_BR
108 being the only language which actually translated them. Thanks to
109 Ubuntu for the fix, which needs to be around until Lenny is released
110 or six months have passed, whichever is later. (Closes: #472507)
111 * Drop Fumitoshi from the list of maintainers. Farewell!
112 * Bump Standards-Version to 3.8.0.
114 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
116 ca-certificates (20080514) unstable; urgency=medium
118 * Added the new SPI CA certificate, created in response to the latest
119 openssl security update.
120 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
121 revoked sensibly. Expired CA created in 2003, expired in 2007 left
122 around for reference.
123 * Updated the Galician translation, thanks to Glennie Vignarajah.
126 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
128 ca-certificates (20080411) unstable; urgency=low
130 * Added the current SPI CA certificate, used by Debian's infrastructure.
131 * Added Deutsche Telekom Root CA 2, which is used by German institutions
133 * Updated mozilla certificates from trunk, which led to the following
134 adds (+) and removes (-):
135 + Camerfirma Chambers of Commerce Root
136 + Camerfirma Global Chambersign Root
137 + Certplus Class 2 Primary CA
138 + COMODO Certification Authority
139 + DigiCert Assured ID Root CA
140 + DigiCert Global Root CA
141 + DigiCert High Assurance EV Root CA
144 + Entrust Root Certification Authority
145 + Firmaprofesional Root CA
146 + GeoTrust Global CA 2
147 + GeoTrust Primary Certification Authority
148 + GeoTrust Universal CA
149 + GeoTrust Universal CA 2
150 + GlobalSign Root CA - R2
151 + Go Daddy Class 2 CA
152 + NetLock Business (Class B) Root
153 + NetLock Express (Class C) Root
154 + NetLock Notary (Class A) Root
155 + NetLock Qualified (Class QA) Root
160 + Starfield Class 2 CA
161 + StartCom Certification Authority
164 + SwissSign Gold CA - G2
165 + SwissSign Platinum CA - G2
166 + SwissSign Silver CA - G2
168 + thawte Primary Root CA
169 + TURKTRUST Certificate Services Provider Root 1
170 + TURKTRUST Certificate Services Provider Root 2
171 + VeriSign Class 3 Public Primary Certification Authority - G5
172 + Wells Fargo Root CA
173 + XRamp Global CA Root
174 - Verisign Class 1 Public Primary OCSP Responder
175 - Verisign Class 2 Public Primary OCSP Responder
176 - Verisign Class 3 Public Primary OCSP Responder
177 - Verisign Secure Server OCSP Responder
178 (Closes: #447062, #456581)
179 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
181 * Reworded the description and made it static to ease translations.
182 * Reworded and amended README.Debian.
183 * Added myself to the uploaders of this package.
184 * Applied a patch by Martin F. Krafft to support hooks scripts
185 on add/remove of a certificate. (Closes: #377314)
187 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
189 ca-certificates (20070303-0.1) unstable; urgency=low
191 * Non-maintainer upload to fix longstanding pending l10n issues.
192 * Debconf templates and debian/control reviewed by the debian-l10n-
193 english team as part of the Smith review project.
194 Closes: #432249, #434789
195 * Debconf translation updates:
196 - Japanese. Closes:#433067
197 - Basque. Closes: #433074
198 - Spanish. Closes: #433078
199 - Czech. Closes: #433100
200 - Galician. Closes: #433215
201 - Russian. Closes: #433224
202 - Swedish. Closes: #433432
203 - Vietnamese. Closes: #433792, #427000, #434992
204 - Dutch. Closes: #434670
205 - German. Closes: #434788
206 - Italian. Closes: #435029
207 * Portuguese. Closes: #435471
208 * Finnish. Closes: #448826
209 * Remove /etc/ssl when purging the package (only if that
210 directory is empty). Closes: #454334
211 * [Lintian] Give a reference to the GPL text in debian/copyright
212 * [Lintian] No longer ignore errors from "make clean"
213 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
215 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
217 ca-certificates (20070303) unstable; urgency=low
219 * Add debconf.org crt. closes: Bug#342088
220 * Add cacert class3 crt. closes: Bug#350282
221 * Add debian/po/pt.po. closes: Bug#408183
222 * Update debian/po/ru.po. closes: Bug#410770
223 * Update debian/po/pt_BR.po. closes: Bug#403824
224 * Add debian/po/gl.po. closes: Bug#407951
226 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
228 ca-certificates (20061027.2) unstable; urgency=low
230 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
231 * Avoid cd to /etc/ssl/certs to removing hash symlinks
234 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
236 ca-certificates (20061027.1) unstable; urgency=low
238 * Non-maintainer upload to fix remaining l10n issues
239 * Debconf translation updates:
240 - Czech. Closes: #407807
241 - Spanish. Closes: #401968
242 - German. Closes: #396942
243 * Add debconf-updatepo to the clean target in debian/rules
244 to guarantee up-to-date PO(T) files
246 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
249 ca-certificates (20061027) unstable; urgency=low
251 * sbin/update-ca-certificates:
252 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
253 preserve other symlinks. closes: Bug#387089
254 * debian/po/nl.po: updated
256 * debian/po/fr.po: updated
258 * debian/po/da.po: updated
261 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
263 ca-certificates (20060816) unstable; urgency=low
265 * debian/control: explicitly mention that trustworthiness of certificate
266 authorities is not evaluated.
268 * debian/templates: refine messages
270 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
272 * debian/control: libssl0.9.7->libssl0.9.8
274 * debian/postrm: remove .dpkg-old files
276 * debian/README.Debian: fix
278 * debian/postinst: fix typo
280 * debian/po/sv.po: added
282 * debian/po/es.po: added
284 * add new SPI CA certificate
285 submitted by Michael C. Schultheiss <schultmc@debian.org>
287 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
289 ca-certificates (20050804) unstable; urgency=low
291 * use ${misc:Depends} in debian/control for debconf
292 * update description in debian/control
294 * update debian/po/vi.po
296 * update debian/po/de.po
299 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
301 ca-certificates (20050518) unstable; urgency=high
303 * fix ca-certificates.crt generationumask-sensitive and racy
305 * update mozilla/certdata.txt
306 add: "Certum Root CA", "Comodo AAA Services root"
307 "Comodo Secure Services root",
308 "Comodo Trusted Services root",
309 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
310 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
311 "IPS Timestamping root",
313 "Security Communication Root CA",
314 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
315 "Staat der Nederlanden Root CA",
316 "TDC Internet Root CA", "TDC OCES Root CA",
317 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
318 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
319 * add CACert.org's Root CA
320 closes: Bug#213086, Bug#288293
321 * add debian/po/vi.po
323 * add debian/po/cs.po
325 * write "How certificate will be accepted in ca-certificates package"
328 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
330 ca-certificates (20040809) unstable; urgency=low
332 * previous version was not fixed Bug#255933 correctly.
333 update-ca-certificates now remove symlinks of deselected entries
334 in ca-certificates.conf
337 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
339 ca-certificates (20040808) unstable; urgency=low
341 * run update-ca-certificates by /bin/sh -e
343 * update-ca-certificates remove symlinks of deselected entries
344 in ca-certificates.conf
346 * change default of trust_new_crts from 'ask' to 'yes'
347 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
348 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
350 * add brasil.gov.br certs
352 * add Signet CA Roots certs
354 * add QuoVadis CA Roots certs
366 * fix quote characters in template
368 * remove debian.org, because certs used in db.debian.org has been
369 revoked due to debian.org crack incidents.
370 db.debian.org uses certificates using spi-inc.org Root CA.
372 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
374 ca-certificates (20031007.1) unstable; urgency=low
377 * Add brasil.gov.br/brasil.gov.br.crt, created from
378 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
379 * Add debian/po/pt_BR.po: closes: Bug#224612
381 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
383 ca-certificates (20031007) unstable; urgency=low
385 * add debian/po/ru.po: closes: Bug#214371
387 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
389 ca-certificates (20030924) unstable; urgency=low
391 * add debian/po/ja.po: closes: Bug#212565
393 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
395 ca-certificates (20030916) unstable; urgency=low
397 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
398 * debian/config: if new cert is asked, don't ask all available certs
401 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
403 ca-certificates (20030915) unstable; urgency=low
405 * debian/config.in: fix typo. closes: Bug#190990
406 * add option for new CA certificates. closes: Bug#190989
407 * switch to gettext-based debconf templates. closes: Bug#205782
408 * update mozilla/certdata.txt from mozilla 1.4 release
410 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
412 ca-certificates (20030420) unstable; urgency=low
414 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
415 * fix broken English in debconf template. closes: Bug#189606
416 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
417 * preserve comments in /etc/ca-certificates.conf when upgrading.
420 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
422 ca-certificates (20030415) unstable; urgency=medium
424 * fix upgrade problem
425 closes: Bug#188938, Bug#188940
428 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
430 ca-certificates (20030414) unstable; urgency=medium
432 * certificates are installed in /usr/share/ca-certificates
433 you can find md5sum of certs files. closes: Bug#170777
435 * debconf to generate /etc/ca-certificates.conf
436 * update-ca-certificates update /etc/ssl/certs according
437 /etc/ca-certificates.conf
438 It also generate /etc/ssl/certs/ca-certificates.crt
439 which is single-file version of certs.
442 * change extension from .pem to .crt in /usr/share/ca-certificates
444 application/x-x509-ca-cert crt
445 but it will be hardlink or copied in /etc/ssl/certs with .pem
446 extension by update-ca-certificates.
447 c_rehash requires .pem extension
449 * Update certificate from mozilla 2:1.3-4
450 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
451 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
453 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
454 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
455 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
456 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
458 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
460 ca-certificates (20020323) unstable; urgency=low
462 * Moved from non-US to main now that openssl has moved there.
464 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
466 ca-certificates (20020208) unstable; urgency=low
468 * add db.debian.org certificate
470 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
472 ca-certificates (20020112) unstable; urgency=low
474 * upload to non-US instead of main, because it depends on openssl
475 (it uses c_rehash in openssl in maintainer scripts)
477 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
479 ca-certificates (20020107) unstable; urgency=low
481 * Initial Release. closes: Bug#126586
483 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900