1 ca-certificates (20121103) UNRELEASED; urgency=low
3 * Update mozilla/certdata.txt to version 1.86 Closes: #683728
4 Certificates added (+) (none removed):
5 + "Actalis Authentication Root CA"
6 + "Trustis FPS Root CA"
7 + "StartCom Certification Authority" (renewal/rehash)
8 + "StartCom Certification Authority G2"
9 + "Buypass Class 2 Root CA"
10 + "Buypass Class 3 Root CA"
11 + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
12 + "T-TeleSec GlobalRoot Class 3"
13 + "EE Certification Centre Root CA"
14 * Correct piuparts package remove/purge behavior Closes: #682125
15 - Remove deletes of /etc/ssl{,/certs} from debian/postrm
16 * Remove CAcert CA certificates due to non-free license Closes: #687693
18 -- Michael Shuler <michael@pbandjelly.org> Sat, 03 Nov 2012 15:47:55 -0500
20 ca-certificates (20120623) unstable; urgency=low
22 * Add Polish translation, thanks to Michał Kułach. Closes: #660002
23 * Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
24 * Correct update-ca-certificates(8) alignment Closes: #666932
25 * Add note to update-ca-certificates(8) about .crt extension needed for
26 CA certificates in /usr/local/share/ca-certificates Closes: #595279
27 * Update mozilla/certdata.txt to version 1.83
28 Mozilla Public License updated to v2.0
29 (no added/removed CAs)
30 * Update debian/copyright to:
31 - reflect MPL v2.0 update for mozilla/certdata.txt
32 - specify GPL-2 instead of GPL symlink
33 * Update debian/NEWS with added/removed certs from 20111211 and 20120212
34 * Update to Standards-Version: 3.9.3 (no changes needed)
36 -- Michael Shuler <michael@pbandjelly.org> Sat, 23 Jun 2012 09:16:54 -0500
38 ca-certificates (20120212) unstable; urgency=low
40 * Update mozilla/certdata.txt to version 1.81
41 Certificates added (+) and removed (-):
42 + "Security Communication RootCA2"
44 + "Hellenic Academic and Research Institutions RootCA 2011"
45 - "Verisign Class 2 Public Primary Certification Authority"
46 - "Verisign Class 4 Public Primary Certification Authority - G2"
47 - "TC TrustCenter, Germany, Class 2 CA"
48 - "TC TrustCenter, Germany, Class 3 CA"
49 * Add notice to README.Debian deprecating CA inclusions and refer to
50 #647848 for Debian CA Certificate Policy discussion.
52 -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600
54 ca-certificates (20111211) unstable; urgency=low
56 * Clarify CA audit note in package description and README.debian. Thanks
57 to C.J. Adams-Collier for the patch. Closes: #594383
58 * Remove French Government IGC/A CA certificates. The RSA certificate is
59 included in the Mozilla bundle and the DSA certificate is not in use.
61 * Remove expired signet.pl CAs. Closes: #647849
62 * Remove expired brasil.gov.br CA.
63 * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
64 * Use 'set -e' in body of debian/postinst
65 * Update mozilla/certdata.txt to version 1.80
66 (no added/removed CAs)
67 * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
69 -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
71 ca-certificates (20111025) unstable; urgency=low
74 * Add 3.0 (native) source format
75 * Add Vcs-Git/Browser fields
76 * Add myself as new Maintainer with Uploaders Closes: #588219
77 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
78 Certificates added (+) and removed (-):
79 + "AffirmTrust Commercial"
80 + "AffirmTrust Networking"
81 + "AffirmTrust Premium"
82 + "AffirmTrust Premium ECC"
84 + "Certinomis - Autorité Racine"
85 + "Certum Trusted Network CA"
86 + "Go Daddy Root Certificate Authority - G2"
87 + "Root CA Generalitat Valenciana"
88 + "Starfield Root Certificate Authority - G2"
89 + "Starfield Services Root Certificate Authority - G2"
90 + "TWCA Root Certification Authority"
91 - "AOL Time Warner Root Certification Authority 1"
92 - "AOL Time Warner Root Certification Authority 2"
94 - "Entrust.net Global Secure Personal CA"
95 - "Entrust.net Global Secure Server CA"
96 - "Entrust.net Secure Personal CA"
97 - "IPS Chained CAs root"
102 - "IPS Timestamping root"
103 - "Thawte Personal Freemail CA"
104 - "Thawte Time Stamping CA"
105 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
108 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
109 the way before calling c_rehash, so that symlinks don't accidentally get
110 pointed here, breaking openssl certificate verification LP: #854927
113 * Drop bogus c_rehash on upgrades, which caused issue when
114 ca-certificates.crt was still in place; instead, call
115 update-ca-certificates --fresh on upgrades to this version, and
116 the usual update-ca-certificates otherwise Closes: #643667, #537382
118 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
120 ca-certificates (20111022) unstable; urgency=low
123 * Fix pending l10n issues. Debconf translations:
124 - German (Helge Kreutzmann). Closes: #634000
125 - French (Christian Perrier). Closes: #634092
126 - Russian (Yuri Kozlov). Closes: #635146
127 - Swedish (Martin Bagge / brother). Closes: #640622
128 - Slovak (Slavko). Closes: #641987
129 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
130 - Japanese (Kenshi Muto). Closes: #644828
131 - Czech (Miroslav Kure). Closes: #644843
132 - Danish (Joe Hansen). Closes: #644854
133 - Italian (Luca Monducci). Closes: #645004
134 - Dutch; (Jeroen Schot). Closes: #645090
135 - Portuguese (Miguel Figueiredo). Closes: #645126
136 - Galician (Jorge Barreiro). Closes: #645138
137 - Catalan; (Jordi Mallach). Closes: #645182
138 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
139 * Split Choices in debconf templates
140 * Add build-arch and build-indep build targets
141 * Bump debhelper compatibility level to 8
142 * Bump Standards to 3.9.2 (checked)
143 * Replace "dh_clean -k" by dh_prep
145 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
147 ca-certificates (20110502+nmu1) unstable; urgency=high
149 * Non-maintainer upload by the Security Team.
150 * Blacklist "DigiNotar Root CA" (Closes: #639744)
152 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
154 ca-certificates (20110502) unstable; urgency=low
157 * Mark the package as multi-arch:foreign. (Closes: #622323)
158 * Use db_settitle in config script to allow translations of the
159 dialog title; thanks to Frans Pop. (Closes: #560314)
161 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
163 ca-certificates (20110421) unstable; urgency=low
166 * Package is orphaned, set maintainer to QA group
167 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
168 both the old and new style of symlinks. (Closes: #611102)
169 * Remove libssl0.9.8 from enhances
170 * Update mozilla certdata.txt file to the latest version.
172 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
173 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
174 - beTRUSTed_Root_CA.crt
175 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
176 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
177 - Digital_Signature_Trust_Co._Global_CA_2.crt
178 - Digital_Signature_Trust_Co._Global_CA_4.crt
179 - Entrust.net_Global_Secure_Personal_CA.crt
180 - Entrust.net_Global_Secure_Server_CA.crt
181 - Entrust.net_Secure_Personal_CA.crt
182 - GTE_CyberTrust_Root_CA.crt
183 - IPS_Chained_CAs_root.crt
184 - IPS_CLASE1_root.crt
185 - IPS_CLASE3_root.crt
186 - IPS_CLASEA1_root.crt
187 - IPS_CLASEA3_root.crt
188 - IPS_Servidores_root.crt
189 - IPS_Timestamping_root.crt
190 - RSA_Security_1024_v3.crt
192 - Thawte_Personal_Basic_CA.crt
193 - Thawte_Personal_Premium_CA.crt
194 - UTN-USER_First-Network_Applications.crt
195 - Verisign_RSA_Secure_Server_CA.crt
196 - Verisign_Time_Stamping_Authority_CA.crt
197 - Visa_International_Global_Root_2.crt
200 - AC_Raíz_Certicámara_S.A..crt
201 - ApplicationCA_-_Japanese_Government.crt
202 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
203 - Buypass_Class_2_CA_1.crt
204 - Buypass_Class_3_CA_1.crt
207 - certSIGN_ROOT_CA.crt
208 - Chambers_of_Commerce_Root_-_2008.crt
211 - ComSign_Secured_CA.crt
212 - Cybertrust_Global_Root.crt
213 - Deutsche_Telekom_Root_CA_2.crt
214 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
215 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
216 - ePKI_Root_Certification_Authority.crt
217 - GeoTrust_Primary_Certification_Authority_-_G2.crt
218 - GeoTrust_Primary_Certification_Authority_-_G3.crt
219 - Global_Chambersign_Root_-_2008.crt
220 - GlobalSign_Root_CA_-_R3.crt
221 - Hongkong_Post_Root_CA_1.crt
225 - Microsec_e-Szigno_Root_CA_2009.crt
226 - Microsec_e-Szigno_Root_CA.crt
227 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
228 - OISTE_WISeKey_Global_Root_GA_CA.crt
229 - SecureSign_RootCA11.crt
230 - Security_Communication_EV_RootCA1.crt
231 - Staat_der_Nederlanden_Root_CA_-_G2.crt
232 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
233 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
234 - TC_TrustCenter_Class_2_CA_II.crt
235 - TC_TrustCenter_Class_3_CA_II.crt
236 - TC_TrustCenter_Universal_CA_I.crt
237 - TC_TrustCenter_Universal_CA_III.crt
238 - thawte_Primary_Root_CA_-_G2.crt
239 - thawte_Primary_Root_CA_-_G3.crt
240 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
241 - VeriSign_Universal_Root_Certification_Authority.crt
243 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
244 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
245 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
246 * String decode the mozilla certdata.txt so the filenames show up as
247 proper UTF-8 strings.
249 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
251 ca-certificates (20090814+nmu3) unstable; urgency=low
253 * Non-maintainer upload.
254 * Fix pending l10n issues. Debconf translations:
255 - French (Christian Perrier). Closes: #594231
256 - Danish (Joe Hansen). Closes: #601129
257 - Catalan (Jordi Mallach). Closes: #601089
258 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
260 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
262 ca-certificates (20090814+nmu2) unstable; urgency=low
264 * Non-maintainer upload.
265 * Fixes buggy shell functions included in the postinst script.
268 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
270 ca-certificates (20090814+nmu1) unstable; urgency=low
272 * Non-maintainer upload.
273 * Preserve user changes to the /etc/ca-certificates.conf.
276 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
278 ca-certificates (20090814) unstable; urgency=low
280 * Call Debconf and its db_purge as early as possible in postrm.
283 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
285 ca-certificates (20090709) unstable; urgency=low
287 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
289 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
291 ca-certificates (20090708) unstable; urgency=low
294 - cacert.org/root.crt and cacert.org/class3.crt:
295 Both certificate files were deprecated with 20080809. Users of these
296 root certificates are encouraged to switch to
297 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
298 roots joined in a single file.
299 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
300 This certificate has been added into the Mozilla truststore and
301 is available as `mozilla/QuoVadis_Root_CA.crt'.
302 * Do not redirect c_rehash error messages to /dev/null.
304 * Remove dangling symlinks on purge, which also gets rid of the hash
305 symlink for ca-certificates.crt. (Closes: #475240)
306 * Use subshells when grepping for certificates in config, avoiding
307 SIGPIPE because of grep's immediate exit after it finds the pattern.
309 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
310 Robby Workman of Slackware.
311 * Updated Standards-Version and FSF portal address in the copyright file.
313 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
315 ca-certificates (20090701) unstable; urgency=low
317 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
318 Rationale: The rogue collision CA has its validity period in the past.
319 Thus it does not impose a risk upon us at the moment.
320 * Restrict search for local certificates to add on files ending with '.crt'.
321 * Canonicalize PEM names by applying the same set of substitions to
322 local and other certificates like the Mozilla certdata dumper does.
324 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
326 ca-certificates (20090624) unstable; urgency=low
328 * Allow local certificate installation. All certificates found
329 in `/usr/local/share/ca-certificates' will be automatically added
330 to the list of trusted certificates in `/etc/ssl/certs'.
331 (Closes: #352637, #419491, #473677, #476663, #511150)
332 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
334 + COMODO ECC Certification Authority
336 + Network Solutions Certificate Authority
337 + WellsSecure Public Root Certificate Authority
338 - Equifax Secure Global eBusiness CA
339 - UTN USERFirst Object Root CA
340 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
341 untrusted certificates. This led to the exclusion of the
342 "MD5 Collisions Forged Rogue CA 23c3" and its parent
343 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
344 certificates are no longer included neither.
345 * Remove the purging of old PEM files in postinst dating back to
346 versions earlier than 20030414.
347 * Hooks are now called at every invocation of `update-ca-certificates'.
348 If no changes were done to `/etc/ssl/certs', the input for the
349 hooks will be empty, though. Failure exit codes of hooks will not
350 tear down the upgrade process anymore. They are printed but ignored.
352 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
354 ca-certificates (20081127) unstable; urgency=low
356 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
359 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
361 ca-certificates (20080809) unstable; urgency=low
363 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
364 This file can be used for proper certificate chaining if CACert
365 server certificates are used. The old class3.pem and root.pem
366 certificates are deprecated. This new file could safely serve as
367 a replacement for both. (Closes: #494343)
368 * This also reintroduces the old name for the CACert certificate,
369 thus closing a long-standing bug about its rename to root.crt.
372 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
374 ca-certificates (20080617) unstable; urgency=low
376 * Added French Government's IGC/A CA (both DSA and RSA).
379 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
381 ca-certificates (20080616) unstable; urgency=low
383 * Fix installation on pt_BR locales. The problem was caused by the
384 .templates choices strings being marked for translation, with pt_BR
385 being the only language which actually translated them. Thanks to
386 Ubuntu for the fix, which needs to be around until Lenny is released
387 or six months have passed, whichever is later. (Closes: #472507)
388 * Drop Fumitoshi from the list of maintainers. Farewell!
389 * Bump Standards-Version to 3.8.0.
391 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
393 ca-certificates (20080514) unstable; urgency=medium
395 * Added the new SPI CA certificate, created in response to the latest
396 openssl security update.
397 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
398 revoked sensibly. Expired CA created in 2003, expired in 2007 left
399 around for reference.
400 * Updated the Galician translation, thanks to Glennie Vignarajah.
403 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
405 ca-certificates (20080411) unstable; urgency=low
407 * Added the current SPI CA certificate, used by Debian's infrastructure.
408 * Added Deutsche Telekom Root CA 2, which is used by German institutions
410 * Updated mozilla certificates from trunk, which led to the following
411 adds (+) and removes (-):
412 + Camerfirma Chambers of Commerce Root
413 + Camerfirma Global Chambersign Root
414 + Certplus Class 2 Primary CA
415 + COMODO Certification Authority
416 + DigiCert Assured ID Root CA
417 + DigiCert Global Root CA
418 + DigiCert High Assurance EV Root CA
421 + Entrust Root Certification Authority
422 + Firmaprofesional Root CA
423 + GeoTrust Global CA 2
424 + GeoTrust Primary Certification Authority
425 + GeoTrust Universal CA
426 + GeoTrust Universal CA 2
427 + GlobalSign Root CA - R2
428 + Go Daddy Class 2 CA
429 + NetLock Business (Class B) Root
430 + NetLock Express (Class C) Root
431 + NetLock Notary (Class A) Root
432 + NetLock Qualified (Class QA) Root
437 + Starfield Class 2 CA
438 + StartCom Certification Authority
441 + SwissSign Gold CA - G2
442 + SwissSign Platinum CA - G2
443 + SwissSign Silver CA - G2
445 + thawte Primary Root CA
446 + TURKTRUST Certificate Services Provider Root 1
447 + TURKTRUST Certificate Services Provider Root 2
448 + VeriSign Class 3 Public Primary Certification Authority - G5
449 + Wells Fargo Root CA
450 + XRamp Global CA Root
451 - Verisign Class 1 Public Primary OCSP Responder
452 - Verisign Class 2 Public Primary OCSP Responder
453 - Verisign Class 3 Public Primary OCSP Responder
454 - Verisign Secure Server OCSP Responder
455 (Closes: #447062, #456581)
456 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
458 * Reworded the description and made it static to ease translations.
459 * Reworded and amended README.Debian.
460 * Added myself to the uploaders of this package.
461 * Applied a patch by Martin F. Krafft to support hooks scripts
462 on add/remove of a certificate. (Closes: #377314)
464 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
466 ca-certificates (20070303-0.1) unstable; urgency=low
468 * Non-maintainer upload to fix longstanding pending l10n issues.
469 * Debconf templates and debian/control reviewed by the debian-l10n-
470 english team as part of the Smith review project.
471 Closes: #432249, #434789
472 * Debconf translation updates:
473 - Japanese. Closes:#433067
474 - Basque. Closes: #433074
475 - Spanish. Closes: #433078
476 - Czech. Closes: #433100
477 - Galician. Closes: #433215
478 - Russian. Closes: #433224
479 - Swedish. Closes: #433432
480 - Vietnamese. Closes: #433792, #427000, #434992
481 - Dutch. Closes: #434670
482 - German. Closes: #434788
483 - Italian. Closes: #435029
484 * Portuguese. Closes: #435471
485 * Finnish. Closes: #448826
486 * Remove /etc/ssl when purging the package (only if that
487 directory is empty). Closes: #454334
488 * [Lintian] Give a reference to the GPL text in debian/copyright
489 * [Lintian] No longer ignore errors from "make clean"
490 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
492 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
494 ca-certificates (20070303) unstable; urgency=low
496 * Add debconf.org crt. closes: Bug#342088
497 * Add cacert class3 crt. closes: Bug#350282
498 * Add debian/po/pt.po. closes: Bug#408183
499 * Update debian/po/ru.po. closes: Bug#410770
500 * Update debian/po/pt_BR.po. closes: Bug#403824
501 * Add debian/po/gl.po. closes: Bug#407951
503 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
505 ca-certificates (20061027.2) unstable; urgency=low
507 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
508 * Avoid cd to /etc/ssl/certs to removing hash symlinks
511 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
513 ca-certificates (20061027.1) unstable; urgency=low
515 * Non-maintainer upload to fix remaining l10n issues
516 * Debconf translation updates:
517 - Czech. Closes: #407807
518 - Spanish. Closes: #401968
519 - German. Closes: #396942
520 * Add debconf-updatepo to the clean target in debian/rules
521 to guarantee up-to-date PO(T) files
523 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
526 ca-certificates (20061027) unstable; urgency=low
528 * sbin/update-ca-certificates:
529 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
530 preserve other symlinks. closes: Bug#387089
531 * debian/po/nl.po: updated
533 * debian/po/fr.po: updated
535 * debian/po/da.po: updated
538 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
540 ca-certificates (20060816) unstable; urgency=low
542 * debian/control: explicitly mention that trustworthiness of certificate
543 authorities is not evaluated.
545 * debian/templates: refine messages
547 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
549 * debian/control: libssl0.9.7->libssl0.9.8
551 * debian/postrm: remove .dpkg-old files
553 * debian/README.Debian: fix
555 * debian/postinst: fix typo
557 * debian/po/sv.po: added
559 * debian/po/es.po: added
561 * add new SPI CA certificate
562 submitted by Michael C. Schultheiss <schultmc@debian.org>
564 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
566 ca-certificates (20050804) unstable; urgency=low
568 * use ${misc:Depends} in debian/control for debconf
569 * update description in debian/control
571 * update debian/po/vi.po
573 * update debian/po/de.po
576 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
578 ca-certificates (20050518) unstable; urgency=high
580 * fix ca-certificates.crt generationumask-sensitive and racy
582 * update mozilla/certdata.txt
583 add: "Certum Root CA", "Comodo AAA Services root"
584 "Comodo Secure Services root",
585 "Comodo Trusted Services root",
586 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
587 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
588 "IPS Timestamping root",
590 "Security Communication Root CA",
591 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
592 "Staat der Nederlanden Root CA",
593 "TDC Internet Root CA", "TDC OCES Root CA",
594 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
595 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
596 * add CACert.org's Root CA
597 closes: Bug#213086, Bug#288293
598 * add debian/po/vi.po
600 * add debian/po/cs.po
602 * write "How certificate will be accepted in ca-certificates package"
605 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
607 ca-certificates (20040809) unstable; urgency=low
609 * previous version was not fixed Bug#255933 correctly.
610 update-ca-certificates now remove symlinks of deselected entries
611 in ca-certificates.conf
614 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
616 ca-certificates (20040808) unstable; urgency=low
618 * run update-ca-certificates by /bin/sh -e
620 * update-ca-certificates remove symlinks of deselected entries
621 in ca-certificates.conf
623 * change default of trust_new_crts from 'ask' to 'yes'
624 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
625 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
627 * add brasil.gov.br certs
629 * add Signet CA Roots certs
631 * add QuoVadis CA Roots certs
643 * fix quote characters in template
645 * remove debian.org, because certs used in db.debian.org has been
646 revoked due to debian.org crack incidents.
647 db.debian.org uses certificates using spi-inc.org Root CA.
649 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
651 ca-certificates (20031007.1) unstable; urgency=low
654 * Add brasil.gov.br/brasil.gov.br.crt, created from
655 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
656 * Add debian/po/pt_BR.po: closes: Bug#224612
658 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
660 ca-certificates (20031007) unstable; urgency=low
662 * add debian/po/ru.po: closes: Bug#214371
664 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
666 ca-certificates (20030924) unstable; urgency=low
668 * add debian/po/ja.po: closes: Bug#212565
670 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
672 ca-certificates (20030916) unstable; urgency=low
674 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
675 * debian/config: if new cert is asked, don't ask all available certs
678 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
680 ca-certificates (20030915) unstable; urgency=low
682 * debian/config.in: fix typo. closes: Bug#190990
683 * add option for new CA certificates. closes: Bug#190989
684 * switch to gettext-based debconf templates. closes: Bug#205782
685 * update mozilla/certdata.txt from mozilla 1.4 release
687 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
689 ca-certificates (20030420) unstable; urgency=low
691 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
692 * fix broken English in debconf template. closes: Bug#189606
693 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
694 * preserve comments in /etc/ca-certificates.conf when upgrading.
697 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
699 ca-certificates (20030415) unstable; urgency=medium
701 * fix upgrade problem
702 closes: Bug#188938, Bug#188940
705 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
707 ca-certificates (20030414) unstable; urgency=medium
709 * certificates are installed in /usr/share/ca-certificates
710 you can find md5sum of certs files. closes: Bug#170777
712 * debconf to generate /etc/ca-certificates.conf
713 * update-ca-certificates update /etc/ssl/certs according
714 /etc/ca-certificates.conf
715 It also generate /etc/ssl/certs/ca-certificates.crt
716 which is single-file version of certs.
719 * change extension from .pem to .crt in /usr/share/ca-certificates
721 application/x-x509-ca-cert crt
722 but it will be hardlink or copied in /etc/ssl/certs with .pem
723 extension by update-ca-certificates.
724 c_rehash requires .pem extension
726 * Update certificate from mozilla 2:1.3-4
727 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
728 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
730 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
731 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
732 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
733 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
735 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
737 ca-certificates (20020323) unstable; urgency=low
739 * Moved from non-US to main now that openssl has moved there.
741 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
743 ca-certificates (20020208) unstable; urgency=low
745 * add db.debian.org certificate
747 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
749 ca-certificates (20020112) unstable; urgency=low
751 * upload to non-US instead of main, because it depends on openssl
752 (it uses c_rehash in openssl in maintainer scripts)
754 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
756 ca-certificates (20020107) unstable; urgency=low
758 * Initial Release. closes: Bug#126586
760 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900