1 ca-certificates (20111025.1) UNRELEASED; urgency=low
3 * Blacklist "Bogus *" and "Explicitly Distrust DigiNotar *" certificates
4 * Clarify CA audit note in README.debian; thanks to C.J. Adams-Collier for
5 the patch Closes: #594383
7 -- Michael Shuler <michael@pbandjelly.org> Fri, 28 Oct 2011 15:49:51 -0500
9 ca-certificates (20111025) unstable; urgency=low
12 * Add 3.0 (native) source format
13 * Add Vcs-Git/Browser fields
14 * Add myself as new Maintainer with Uploaders Closes: #588219
15 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
16 Certificates added (+) and removed (-):
17 + "AffirmTrust Commercial"
18 + "AffirmTrust Networking"
19 + "AffirmTrust Premium"
20 + "AffirmTrust Premium ECC"
22 + "Bogus Global Trustee"
27 + "Bogus Mozilla Addons"
32 + "Certinomis - Autorité Racine"
33 + "Certum Trusted Network CA"
34 + "Explicitly Distrust DigiNotar Cyber CA"
35 + "Explicitly Distrust DigiNotar Cyber CA 2nd"
36 + "Explicitly Distrust DigiNotar Root CA"
37 + "Explicitly Distrust DigiNotar Services 1024 CA"
38 + "Explicitly Distrusted DigiNotar PKIoverheid"
39 + "Explicitly Distrusted DigiNotar PKIoverheid G2"
40 + "Go Daddy Root Certificate Authority - G2"
41 + "Root CA Generalitat Valenciana"
42 + "Starfield Root Certificate Authority - G2"
43 + "Starfield Services Root Certificate Authority - G2"
44 + "TWCA Root Certification Authority"
45 - "AOL Time Warner Root Certification Authority 1"
46 - "AOL Time Warner Root Certification Authority 2"
48 - "Entrust.net Global Secure Personal CA"
49 - "Entrust.net Global Secure Server CA"
50 - "Entrust.net Secure Personal CA"
51 - "IPS Chained CAs root"
56 - "IPS Timestamping root"
57 - "Thawte Personal Freemail CA"
58 - "Thawte Time Stamping CA"
59 * "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587
60 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
63 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
64 the way before calling c_rehash, so that symlinks don't accidentally get
65 pointed here, breaking openssl certificate verification LP: #854927
68 * Drop bogus c_rehash on upgrades, which caused issue when
69 ca-certificates.crt was still in place; instead, call
70 update-ca-certificates --fresh on upgrades to this version, and
71 the usual update-ca-certificates otherwise Closes: #643667, #537382
73 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
75 ca-certificates (20111022) unstable; urgency=low
78 * Fix pending l10n issues. Debconf translations:
79 - German (Helge Kreutzmann). Closes: #634000
80 - French (Christian Perrier). Closes: #634092
81 - Russian (Yuri Kozlov). Closes: #635146
82 - Swedish (Martin Bagge / brother). Closes: #640622
83 - Slovak (Slavko). Closes: #641987
84 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
85 - Japanese (Kenshi Muto). Closes: #644828
86 - Czech (Miroslav Kure). Closes: #644843
87 - Danish (Joe Hansen). Closes: #644854
88 - Italian (Luca Monducci). Closes: #645004
89 - Dutch; (Jeroen Schot). Closes: #645090
90 - Portuguese (Miguel Figueiredo). Closes: #645126
91 - Galician (Jorge Barreiro). Closes: #645138
92 - Catalan; (Jordi Mallach). Closes: #645182
93 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
94 * Split Choices in debconf templates
95 * Add build-arch and build-indep build targets
96 * Bump debhelper compatibility level to 8
97 * Bump Standards to 3.9.2 (checked)
98 * Replace "dh_clean -k" by dh_prep
100 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
102 ca-certificates (20110502+nmu1) unstable; urgency=high
104 * Non-maintainer upload by the Security Team.
105 * Blacklist "DigiNotar Root CA" (Closes: #639744)
107 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
109 ca-certificates (20110502) unstable; urgency=low
112 * Mark the package as multi-arch:foreign. (Closes: #622323)
113 * Use db_settitle in config script to allow translations of the
114 dialog title; thanks to Frans Pop. (Closes: #560314)
116 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
118 ca-certificates (20110421) unstable; urgency=low
121 * Package is orphaned, set maintainer to QA group
122 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
123 both the old and new style of symlinks. (Closes: #611102)
124 * Remove libssl0.9.8 from enhances
125 * Update mozilla certdata.txt file to the latest version.
127 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
128 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
129 - beTRUSTed_Root_CA.crt
130 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
131 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
132 - Digital_Signature_Trust_Co._Global_CA_2.crt
133 - Digital_Signature_Trust_Co._Global_CA_4.crt
134 - Entrust.net_Global_Secure_Personal_CA.crt
135 - Entrust.net_Global_Secure_Server_CA.crt
136 - Entrust.net_Secure_Personal_CA.crt
137 - GTE_CyberTrust_Root_CA.crt
138 - IPS_Chained_CAs_root.crt
139 - IPS_CLASE1_root.crt
140 - IPS_CLASE3_root.crt
141 - IPS_CLASEA1_root.crt
142 - IPS_CLASEA3_root.crt
143 - IPS_Servidores_root.crt
144 - IPS_Timestamping_root.crt
145 - RSA_Security_1024_v3.crt
147 - Thawte_Personal_Basic_CA.crt
148 - Thawte_Personal_Premium_CA.crt
149 - UTN-USER_First-Network_Applications.crt
150 - Verisign_RSA_Secure_Server_CA.crt
151 - Verisign_Time_Stamping_Authority_CA.crt
152 - Visa_International_Global_Root_2.crt
155 - AC_Raíz_Certicámara_S.A..crt
156 - ApplicationCA_-_Japanese_Government.crt
157 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
158 - Buypass_Class_2_CA_1.crt
159 - Buypass_Class_3_CA_1.crt
162 - certSIGN_ROOT_CA.crt
163 - Chambers_of_Commerce_Root_-_2008.crt
166 - ComSign_Secured_CA.crt
167 - Cybertrust_Global_Root.crt
168 - Deutsche_Telekom_Root_CA_2.crt
169 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
170 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
171 - ePKI_Root_Certification_Authority.crt
172 - GeoTrust_Primary_Certification_Authority_-_G2.crt
173 - GeoTrust_Primary_Certification_Authority_-_G3.crt
174 - Global_Chambersign_Root_-_2008.crt
175 - GlobalSign_Root_CA_-_R3.crt
176 - Hongkong_Post_Root_CA_1.crt
180 - Microsec_e-Szigno_Root_CA_2009.crt
181 - Microsec_e-Szigno_Root_CA.crt
182 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
183 - OISTE_WISeKey_Global_Root_GA_CA.crt
184 - SecureSign_RootCA11.crt
185 - Security_Communication_EV_RootCA1.crt
186 - Staat_der_Nederlanden_Root_CA_-_G2.crt
187 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
188 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
189 - TC_TrustCenter_Class_2_CA_II.crt
190 - TC_TrustCenter_Class_3_CA_II.crt
191 - TC_TrustCenter_Universal_CA_I.crt
192 - TC_TrustCenter_Universal_CA_III.crt
193 - thawte_Primary_Root_CA_-_G2.crt
194 - thawte_Primary_Root_CA_-_G3.crt
195 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
196 - VeriSign_Universal_Root_Certification_Authority.crt
198 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
199 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
200 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
201 * String decode the mozilla certdata.txt so the filenames show up as
202 proper UTF-8 strings.
204 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
206 ca-certificates (20090814+nmu3) unstable; urgency=low
208 * Non-maintainer upload.
209 * Fix pending l10n issues. Debconf translations:
210 - French (Christian Perrier). Closes: #594231
211 - Danish (Joe Hansen). Closes: #601129
212 - Catalan (Jordi Mallach). Closes: #601089
213 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
215 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
217 ca-certificates (20090814+nmu2) unstable; urgency=low
219 * Non-maintainer upload.
220 * Fixes buggy shell functions included in the postinst script.
223 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
225 ca-certificates (20090814+nmu1) unstable; urgency=low
227 * Non-maintainer upload.
228 * Preserve user changes to the /etc/ca-certificates.conf.
231 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
233 ca-certificates (20090814) unstable; urgency=low
235 * Call Debconf and its db_purge as early as possible in postrm.
238 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
240 ca-certificates (20090709) unstable; urgency=low
242 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
244 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
246 ca-certificates (20090708) unstable; urgency=low
249 - cacert.org/root.crt and cacert.org/class3.crt:
250 Both certificate files were deprecated with 20080809. Users of these
251 root certificates are encouraged to switch to
252 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
253 roots joined in a single file.
254 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
255 This certificate has been added into the Mozilla truststore and
256 is available as `mozilla/QuoVadis_Root_CA.crt'.
257 * Do not redirect c_rehash error messages to /dev/null.
259 * Remove dangling symlinks on purge, which also gets rid of the hash
260 symlink for ca-certificates.crt. (Closes: #475240)
261 * Use subshells when grepping for certificates in config, avoiding
262 SIGPIPE because of grep's immediate exit after it finds the pattern.
264 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
265 Robby Workman of Slackware.
266 * Updated Standards-Version and FSF portal address in the copyright file.
268 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
270 ca-certificates (20090701) unstable; urgency=low
272 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
273 Rationale: The rogue collision CA has its validity period in the past.
274 Thus it does not impose a risk upon us at the moment.
275 * Restrict search for local certificates to add on files ending with '.crt'.
276 * Canonicalize PEM names by applying the same set of substitions to
277 local and other certificates like the Mozilla certdata dumper does.
279 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
281 ca-certificates (20090624) unstable; urgency=low
283 * Allow local certificate installation. All certificates found
284 in `/usr/local/share/ca-certificates' will be automatically added
285 to the list of trusted certificates in `/etc/ssl/certs'.
286 (Closes: #352637, #419491, #473677, #476663, #511150)
287 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
289 + COMODO ECC Certification Authority
291 + Network Solutions Certificate Authority
292 + WellsSecure Public Root Certificate Authority
293 - Equifax Secure Global eBusiness CA
294 - UTN USERFirst Object Root CA
295 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
296 untrusted certificates. This led to the exclusion of the
297 "MD5 Collisions Forged Rogue CA 23c3" and its parent
298 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
299 certificates are no longer included neither.
300 * Remove the purging of old PEM files in postinst dating back to
301 versions earlier than 20030414.
302 * Hooks are now called at every invocation of `update-ca-certificates'.
303 If no changes were done to `/etc/ssl/certs', the input for the
304 hooks will be empty, though. Failure exit codes of hooks will not
305 tear down the upgrade process anymore. They are printed but ignored.
307 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
309 ca-certificates (20081127) unstable; urgency=low
311 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
314 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
316 ca-certificates (20080809) unstable; urgency=low
318 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
319 This file can be used for proper certificate chaining if CACert
320 server certificates are used. The old class3.pem and root.pem
321 certificates are deprecated. This new file could safely serve as
322 a replacement for both. (Closes: #494343)
323 * This also reintroduces the old name for the CACert certificate,
324 thus closing a long-standing bug about its rename to root.crt.
327 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
329 ca-certificates (20080617) unstable; urgency=low
331 * Added French Government's IGC/A CA (both DSA and RSA).
334 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
336 ca-certificates (20080616) unstable; urgency=low
338 * Fix installation on pt_BR locales. The problem was caused by the
339 .templates choices strings being marked for translation, with pt_BR
340 being the only language which actually translated them. Thanks to
341 Ubuntu for the fix, which needs to be around until Lenny is released
342 or six months have passed, whichever is later. (Closes: #472507)
343 * Drop Fumitoshi from the list of maintainers. Farewell!
344 * Bump Standards-Version to 3.8.0.
346 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
348 ca-certificates (20080514) unstable; urgency=medium
350 * Added the new SPI CA certificate, created in response to the latest
351 openssl security update.
352 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
353 revoked sensibly. Expired CA created in 2003, expired in 2007 left
354 around for reference.
355 * Updated the Galician translation, thanks to Glennie Vignarajah.
358 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
360 ca-certificates (20080411) unstable; urgency=low
362 * Added the current SPI CA certificate, used by Debian's infrastructure.
363 * Added Deutsche Telekom Root CA 2, which is used by German institutions
365 * Updated mozilla certificates from trunk, which led to the following
366 adds (+) and removes (-):
367 + Camerfirma Chambers of Commerce Root
368 + Camerfirma Global Chambersign Root
369 + Certplus Class 2 Primary CA
370 + COMODO Certification Authority
371 + DigiCert Assured ID Root CA
372 + DigiCert Global Root CA
373 + DigiCert High Assurance EV Root CA
376 + Entrust Root Certification Authority
377 + Firmaprofesional Root CA
378 + GeoTrust Global CA 2
379 + GeoTrust Primary Certification Authority
380 + GeoTrust Universal CA
381 + GeoTrust Universal CA 2
382 + GlobalSign Root CA - R2
383 + Go Daddy Class 2 CA
384 + NetLock Business (Class B) Root
385 + NetLock Express (Class C) Root
386 + NetLock Notary (Class A) Root
387 + NetLock Qualified (Class QA) Root
392 + Starfield Class 2 CA
393 + StartCom Certification Authority
396 + SwissSign Gold CA - G2
397 + SwissSign Platinum CA - G2
398 + SwissSign Silver CA - G2
400 + thawte Primary Root CA
401 + TURKTRUST Certificate Services Provider Root 1
402 + TURKTRUST Certificate Services Provider Root 2
403 + VeriSign Class 3 Public Primary Certification Authority - G5
404 + Wells Fargo Root CA
405 + XRamp Global CA Root
406 - Verisign Class 1 Public Primary OCSP Responder
407 - Verisign Class 2 Public Primary OCSP Responder
408 - Verisign Class 3 Public Primary OCSP Responder
409 - Verisign Secure Server OCSP Responder
410 (Closes: #447062, #456581)
411 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
413 * Reworded the description and made it static to ease translations.
414 * Reworded and amended README.Debian.
415 * Added myself to the uploaders of this package.
416 * Applied a patch by Martin F. Krafft to support hooks scripts
417 on add/remove of a certificate. (Closes: #377314)
419 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
421 ca-certificates (20070303-0.1) unstable; urgency=low
423 * Non-maintainer upload to fix longstanding pending l10n issues.
424 * Debconf templates and debian/control reviewed by the debian-l10n-
425 english team as part of the Smith review project.
426 Closes: #432249, #434789
427 * Debconf translation updates:
428 - Japanese. Closes:#433067
429 - Basque. Closes: #433074
430 - Spanish. Closes: #433078
431 - Czech. Closes: #433100
432 - Galician. Closes: #433215
433 - Russian. Closes: #433224
434 - Swedish. Closes: #433432
435 - Vietnamese. Closes: #433792, #427000, #434992
436 - Dutch. Closes: #434670
437 - German. Closes: #434788
438 - Italian. Closes: #435029
439 * Portuguese. Closes: #435471
440 * Finnish. Closes: #448826
441 * Remove /etc/ssl when purging the package (only if that
442 directory is empty). Closes: #454334
443 * [Lintian] Give a reference to the GPL text in debian/copyright
444 * [Lintian] No longer ignore errors from "make clean"
445 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
447 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
449 ca-certificates (20070303) unstable; urgency=low
451 * Add debconf.org crt. closes: Bug#342088
452 * Add cacert class3 crt. closes: Bug#350282
453 * Add debian/po/pt.po. closes: Bug#408183
454 * Update debian/po/ru.po. closes: Bug#410770
455 * Update debian/po/pt_BR.po. closes: Bug#403824
456 * Add debian/po/gl.po. closes: Bug#407951
458 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
460 ca-certificates (20061027.2) unstable; urgency=low
462 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
463 * Avoid cd to /etc/ssl/certs to removing hash symlinks
466 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
468 ca-certificates (20061027.1) unstable; urgency=low
470 * Non-maintainer upload to fix remaining l10n issues
471 * Debconf translation updates:
472 - Czech. Closes: #407807
473 - Spanish. Closes: #401968
474 - German. Closes: #396942
475 * Add debconf-updatepo to the clean target in debian/rules
476 to guarantee up-to-date PO(T) files
478 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
481 ca-certificates (20061027) unstable; urgency=low
483 * sbin/update-ca-certificates:
484 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
485 preserve other symlinks. closes: Bug#387089
486 * debian/po/nl.po: updated
488 * debian/po/fr.po: updated
490 * debian/po/da.po: updated
493 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
495 ca-certificates (20060816) unstable; urgency=low
497 * debian/control: explicitly mention that trustworthiness of certificate
498 authorities is not evaluated.
500 * debian/templates: refine messages
502 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
504 * debian/control: libssl0.9.7->libssl0.9.8
506 * debian/postrm: remove .dpkg-old files
508 * debian/README.Debian: fix
510 * debian/postinst: fix typo
512 * debian/po/sv.po: added
514 * debian/po/es.po: added
516 * add new SPI CA certificate
517 submitted by Michael C. Schultheiss <schultmc@debian.org>
519 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
521 ca-certificates (20050804) unstable; urgency=low
523 * use ${misc:Depends} in debian/control for debconf
524 * update description in debian/control
526 * update debian/po/vi.po
528 * update debian/po/de.po
531 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
533 ca-certificates (20050518) unstable; urgency=high
535 * fix ca-certificates.crt generationumask-sensitive and racy
537 * update mozilla/certdata.txt
538 add: "Certum Root CA", "Comodo AAA Services root"
539 "Comodo Secure Services root",
540 "Comodo Trusted Services root",
541 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
542 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
543 "IPS Timestamping root",
545 "Security Communication Root CA",
546 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
547 "Staat der Nederlanden Root CA",
548 "TDC Internet Root CA", "TDC OCES Root CA",
549 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
550 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
551 * add CACert.org's Root CA
552 closes: Bug#213086, Bug#288293
553 * add debian/po/vi.po
555 * add debian/po/cs.po
557 * write "How certificate will be accepted in ca-certificates package"
560 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
562 ca-certificates (20040809) unstable; urgency=low
564 * previous version was not fixed Bug#255933 correctly.
565 update-ca-certificates now remove symlinks of deselected entries
566 in ca-certificates.conf
569 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
571 ca-certificates (20040808) unstable; urgency=low
573 * run update-ca-certificates by /bin/sh -e
575 * update-ca-certificates remove symlinks of deselected entries
576 in ca-certificates.conf
578 * change default of trust_new_crts from 'ask' to 'yes'
579 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
580 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
582 * add brasil.gov.br certs
584 * add Signet CA Roots certs
586 * add QuoVadis CA Roots certs
598 * fix quote characters in template
600 * remove debian.org, because certs used in db.debian.org has been
601 revoked due to debian.org crack incidents.
602 db.debian.org uses certificates using spi-inc.org Root CA.
604 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
606 ca-certificates (20031007.1) unstable; urgency=low
609 * Add brasil.gov.br/brasil.gov.br.crt, created from
610 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
611 * Add debian/po/pt_BR.po: closes: Bug#224612
613 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
615 ca-certificates (20031007) unstable; urgency=low
617 * add debian/po/ru.po: closes: Bug#214371
619 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
621 ca-certificates (20030924) unstable; urgency=low
623 * add debian/po/ja.po: closes: Bug#212565
625 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
627 ca-certificates (20030916) unstable; urgency=low
629 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
630 * debian/config: if new cert is asked, don't ask all available certs
633 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
635 ca-certificates (20030915) unstable; urgency=low
637 * debian/config.in: fix typo. closes: Bug#190990
638 * add option for new CA certificates. closes: Bug#190989
639 * switch to gettext-based debconf templates. closes: Bug#205782
640 * update mozilla/certdata.txt from mozilla 1.4 release
642 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
644 ca-certificates (20030420) unstable; urgency=low
646 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
647 * fix broken English in debconf template. closes: Bug#189606
648 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
649 * preserve comments in /etc/ca-certificates.conf when upgrading.
652 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
654 ca-certificates (20030415) unstable; urgency=medium
656 * fix upgrade problem
657 closes: Bug#188938, Bug#188940
660 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
662 ca-certificates (20030414) unstable; urgency=medium
664 * certificates are installed in /usr/share/ca-certificates
665 you can find md5sum of certs files. closes: Bug#170777
667 * debconf to generate /etc/ca-certificates.conf
668 * update-ca-certificates update /etc/ssl/certs according
669 /etc/ca-certificates.conf
670 It also generate /etc/ssl/certs/ca-certificates.crt
671 which is single-file version of certs.
674 * change extension from .pem to .crt in /usr/share/ca-certificates
676 application/x-x509-ca-cert crt
677 but it will be hardlink or copied in /etc/ssl/certs with .pem
678 extension by update-ca-certificates.
679 c_rehash requires .pem extension
681 * Update certificate from mozilla 2:1.3-4
682 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
683 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
685 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
686 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
687 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
688 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
690 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
692 ca-certificates (20020323) unstable; urgency=low
694 * Moved from non-US to main now that openssl has moved there.
696 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
698 ca-certificates (20020208) unstable; urgency=low
700 * add db.debian.org certificate
702 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
704 ca-certificates (20020112) unstable; urgency=low
706 * upload to non-US instead of main, because it depends on openssl
707 (it uses c_rehash in openssl in maintainer scripts)
709 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
711 ca-certificates (20020107) unstable; urgency=low
713 * Initial Release. closes: Bug#126586
715 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900