1 ca-certificates (20111025.1) UNRELEASED; urgency=low
3 * Blacklist "Bogus *" and "Explicitly Distrust DigiNotar *" certificates.
4 * Clarify CA audit note in README.debian. Thanks to C.J. Adams-Collier for
5 the patch. Closes: #594383
6 * Remove French Government IGC/A CA certificates. The RSA certificate is
7 included in the Mozilla bundle and the DSA certificate is not in use.
10 -- Michael Shuler <michael@pbandjelly.org> Fri, 28 Oct 2011 21:15:01 -0500
12 ca-certificates (20111025) unstable; urgency=low
15 * Add 3.0 (native) source format
16 * Add Vcs-Git/Browser fields
17 * Add myself as new Maintainer with Uploaders Closes: #588219
18 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
19 Certificates added (+) and removed (-):
20 + "AffirmTrust Commercial"
21 + "AffirmTrust Networking"
22 + "AffirmTrust Premium"
23 + "AffirmTrust Premium ECC"
25 + "Bogus Global Trustee"
30 + "Bogus Mozilla Addons"
35 + "Certinomis - Autorité Racine"
36 + "Certum Trusted Network CA"
37 + "Explicitly Distrust DigiNotar Cyber CA"
38 + "Explicitly Distrust DigiNotar Cyber CA 2nd"
39 + "Explicitly Distrust DigiNotar Root CA"
40 + "Explicitly Distrust DigiNotar Services 1024 CA"
41 + "Explicitly Distrusted DigiNotar PKIoverheid"
42 + "Explicitly Distrusted DigiNotar PKIoverheid G2"
43 + "Go Daddy Root Certificate Authority - G2"
44 + "Root CA Generalitat Valenciana"
45 + "Starfield Root Certificate Authority - G2"
46 + "Starfield Services Root Certificate Authority - G2"
47 + "TWCA Root Certification Authority"
48 - "AOL Time Warner Root Certification Authority 1"
49 - "AOL Time Warner Root Certification Authority 2"
51 - "Entrust.net Global Secure Personal CA"
52 - "Entrust.net Global Secure Server CA"
53 - "Entrust.net Secure Personal CA"
54 - "IPS Chained CAs root"
59 - "IPS Timestamping root"
60 - "Thawte Personal Freemail CA"
61 - "Thawte Time Stamping CA"
62 * "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587
63 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
66 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
67 the way before calling c_rehash, so that symlinks don't accidentally get
68 pointed here, breaking openssl certificate verification LP: #854927
71 * Drop bogus c_rehash on upgrades, which caused issue when
72 ca-certificates.crt was still in place; instead, call
73 update-ca-certificates --fresh on upgrades to this version, and
74 the usual update-ca-certificates otherwise Closes: #643667, #537382
76 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
78 ca-certificates (20111022) unstable; urgency=low
81 * Fix pending l10n issues. Debconf translations:
82 - German (Helge Kreutzmann). Closes: #634000
83 - French (Christian Perrier). Closes: #634092
84 - Russian (Yuri Kozlov). Closes: #635146
85 - Swedish (Martin Bagge / brother). Closes: #640622
86 - Slovak (Slavko). Closes: #641987
87 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
88 - Japanese (Kenshi Muto). Closes: #644828
89 - Czech (Miroslav Kure). Closes: #644843
90 - Danish (Joe Hansen). Closes: #644854
91 - Italian (Luca Monducci). Closes: #645004
92 - Dutch; (Jeroen Schot). Closes: #645090
93 - Portuguese (Miguel Figueiredo). Closes: #645126
94 - Galician (Jorge Barreiro). Closes: #645138
95 - Catalan; (Jordi Mallach). Closes: #645182
96 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
97 * Split Choices in debconf templates
98 * Add build-arch and build-indep build targets
99 * Bump debhelper compatibility level to 8
100 * Bump Standards to 3.9.2 (checked)
101 * Replace "dh_clean -k" by dh_prep
103 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
105 ca-certificates (20110502+nmu1) unstable; urgency=high
107 * Non-maintainer upload by the Security Team.
108 * Blacklist "DigiNotar Root CA" (Closes: #639744)
110 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
112 ca-certificates (20110502) unstable; urgency=low
115 * Mark the package as multi-arch:foreign. (Closes: #622323)
116 * Use db_settitle in config script to allow translations of the
117 dialog title; thanks to Frans Pop. (Closes: #560314)
119 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
121 ca-certificates (20110421) unstable; urgency=low
124 * Package is orphaned, set maintainer to QA group
125 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
126 both the old and new style of symlinks. (Closes: #611102)
127 * Remove libssl0.9.8 from enhances
128 * Update mozilla certdata.txt file to the latest version.
130 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
131 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
132 - beTRUSTed_Root_CA.crt
133 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
134 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
135 - Digital_Signature_Trust_Co._Global_CA_2.crt
136 - Digital_Signature_Trust_Co._Global_CA_4.crt
137 - Entrust.net_Global_Secure_Personal_CA.crt
138 - Entrust.net_Global_Secure_Server_CA.crt
139 - Entrust.net_Secure_Personal_CA.crt
140 - GTE_CyberTrust_Root_CA.crt
141 - IPS_Chained_CAs_root.crt
142 - IPS_CLASE1_root.crt
143 - IPS_CLASE3_root.crt
144 - IPS_CLASEA1_root.crt
145 - IPS_CLASEA3_root.crt
146 - IPS_Servidores_root.crt
147 - IPS_Timestamping_root.crt
148 - RSA_Security_1024_v3.crt
150 - Thawte_Personal_Basic_CA.crt
151 - Thawte_Personal_Premium_CA.crt
152 - UTN-USER_First-Network_Applications.crt
153 - Verisign_RSA_Secure_Server_CA.crt
154 - Verisign_Time_Stamping_Authority_CA.crt
155 - Visa_International_Global_Root_2.crt
158 - AC_Raíz_Certicámara_S.A..crt
159 - ApplicationCA_-_Japanese_Government.crt
160 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
161 - Buypass_Class_2_CA_1.crt
162 - Buypass_Class_3_CA_1.crt
165 - certSIGN_ROOT_CA.crt
166 - Chambers_of_Commerce_Root_-_2008.crt
169 - ComSign_Secured_CA.crt
170 - Cybertrust_Global_Root.crt
171 - Deutsche_Telekom_Root_CA_2.crt
172 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
173 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
174 - ePKI_Root_Certification_Authority.crt
175 - GeoTrust_Primary_Certification_Authority_-_G2.crt
176 - GeoTrust_Primary_Certification_Authority_-_G3.crt
177 - Global_Chambersign_Root_-_2008.crt
178 - GlobalSign_Root_CA_-_R3.crt
179 - Hongkong_Post_Root_CA_1.crt
183 - Microsec_e-Szigno_Root_CA_2009.crt
184 - Microsec_e-Szigno_Root_CA.crt
185 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
186 - OISTE_WISeKey_Global_Root_GA_CA.crt
187 - SecureSign_RootCA11.crt
188 - Security_Communication_EV_RootCA1.crt
189 - Staat_der_Nederlanden_Root_CA_-_G2.crt
190 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
191 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
192 - TC_TrustCenter_Class_2_CA_II.crt
193 - TC_TrustCenter_Class_3_CA_II.crt
194 - TC_TrustCenter_Universal_CA_I.crt
195 - TC_TrustCenter_Universal_CA_III.crt
196 - thawte_Primary_Root_CA_-_G2.crt
197 - thawte_Primary_Root_CA_-_G3.crt
198 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
199 - VeriSign_Universal_Root_Certification_Authority.crt
201 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
202 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
203 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
204 * String decode the mozilla certdata.txt so the filenames show up as
205 proper UTF-8 strings.
207 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
209 ca-certificates (20090814+nmu3) unstable; urgency=low
211 * Non-maintainer upload.
212 * Fix pending l10n issues. Debconf translations:
213 - French (Christian Perrier). Closes: #594231
214 - Danish (Joe Hansen). Closes: #601129
215 - Catalan (Jordi Mallach). Closes: #601089
216 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
218 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
220 ca-certificates (20090814+nmu2) unstable; urgency=low
222 * Non-maintainer upload.
223 * Fixes buggy shell functions included in the postinst script.
226 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
228 ca-certificates (20090814+nmu1) unstable; urgency=low
230 * Non-maintainer upload.
231 * Preserve user changes to the /etc/ca-certificates.conf.
234 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
236 ca-certificates (20090814) unstable; urgency=low
238 * Call Debconf and its db_purge as early as possible in postrm.
241 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
243 ca-certificates (20090709) unstable; urgency=low
245 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
247 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
249 ca-certificates (20090708) unstable; urgency=low
252 - cacert.org/root.crt and cacert.org/class3.crt:
253 Both certificate files were deprecated with 20080809. Users of these
254 root certificates are encouraged to switch to
255 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
256 roots joined in a single file.
257 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
258 This certificate has been added into the Mozilla truststore and
259 is available as `mozilla/QuoVadis_Root_CA.crt'.
260 * Do not redirect c_rehash error messages to /dev/null.
262 * Remove dangling symlinks on purge, which also gets rid of the hash
263 symlink for ca-certificates.crt. (Closes: #475240)
264 * Use subshells when grepping for certificates in config, avoiding
265 SIGPIPE because of grep's immediate exit after it finds the pattern.
267 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
268 Robby Workman of Slackware.
269 * Updated Standards-Version and FSF portal address in the copyright file.
271 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
273 ca-certificates (20090701) unstable; urgency=low
275 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
276 Rationale: The rogue collision CA has its validity period in the past.
277 Thus it does not impose a risk upon us at the moment.
278 * Restrict search for local certificates to add on files ending with '.crt'.
279 * Canonicalize PEM names by applying the same set of substitions to
280 local and other certificates like the Mozilla certdata dumper does.
282 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
284 ca-certificates (20090624) unstable; urgency=low
286 * Allow local certificate installation. All certificates found
287 in `/usr/local/share/ca-certificates' will be automatically added
288 to the list of trusted certificates in `/etc/ssl/certs'.
289 (Closes: #352637, #419491, #473677, #476663, #511150)
290 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
292 + COMODO ECC Certification Authority
294 + Network Solutions Certificate Authority
295 + WellsSecure Public Root Certificate Authority
296 - Equifax Secure Global eBusiness CA
297 - UTN USERFirst Object Root CA
298 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
299 untrusted certificates. This led to the exclusion of the
300 "MD5 Collisions Forged Rogue CA 23c3" and its parent
301 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
302 certificates are no longer included neither.
303 * Remove the purging of old PEM files in postinst dating back to
304 versions earlier than 20030414.
305 * Hooks are now called at every invocation of `update-ca-certificates'.
306 If no changes were done to `/etc/ssl/certs', the input for the
307 hooks will be empty, though. Failure exit codes of hooks will not
308 tear down the upgrade process anymore. They are printed but ignored.
310 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
312 ca-certificates (20081127) unstable; urgency=low
314 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
317 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
319 ca-certificates (20080809) unstable; urgency=low
321 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
322 This file can be used for proper certificate chaining if CACert
323 server certificates are used. The old class3.pem and root.pem
324 certificates are deprecated. This new file could safely serve as
325 a replacement for both. (Closes: #494343)
326 * This also reintroduces the old name for the CACert certificate,
327 thus closing a long-standing bug about its rename to root.crt.
330 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
332 ca-certificates (20080617) unstable; urgency=low
334 * Added French Government's IGC/A CA (both DSA and RSA).
337 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
339 ca-certificates (20080616) unstable; urgency=low
341 * Fix installation on pt_BR locales. The problem was caused by the
342 .templates choices strings being marked for translation, with pt_BR
343 being the only language which actually translated them. Thanks to
344 Ubuntu for the fix, which needs to be around until Lenny is released
345 or six months have passed, whichever is later. (Closes: #472507)
346 * Drop Fumitoshi from the list of maintainers. Farewell!
347 * Bump Standards-Version to 3.8.0.
349 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
351 ca-certificates (20080514) unstable; urgency=medium
353 * Added the new SPI CA certificate, created in response to the latest
354 openssl security update.
355 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
356 revoked sensibly. Expired CA created in 2003, expired in 2007 left
357 around for reference.
358 * Updated the Galician translation, thanks to Glennie Vignarajah.
361 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
363 ca-certificates (20080411) unstable; urgency=low
365 * Added the current SPI CA certificate, used by Debian's infrastructure.
366 * Added Deutsche Telekom Root CA 2, which is used by German institutions
368 * Updated mozilla certificates from trunk, which led to the following
369 adds (+) and removes (-):
370 + Camerfirma Chambers of Commerce Root
371 + Camerfirma Global Chambersign Root
372 + Certplus Class 2 Primary CA
373 + COMODO Certification Authority
374 + DigiCert Assured ID Root CA
375 + DigiCert Global Root CA
376 + DigiCert High Assurance EV Root CA
379 + Entrust Root Certification Authority
380 + Firmaprofesional Root CA
381 + GeoTrust Global CA 2
382 + GeoTrust Primary Certification Authority
383 + GeoTrust Universal CA
384 + GeoTrust Universal CA 2
385 + GlobalSign Root CA - R2
386 + Go Daddy Class 2 CA
387 + NetLock Business (Class B) Root
388 + NetLock Express (Class C) Root
389 + NetLock Notary (Class A) Root
390 + NetLock Qualified (Class QA) Root
395 + Starfield Class 2 CA
396 + StartCom Certification Authority
399 + SwissSign Gold CA - G2
400 + SwissSign Platinum CA - G2
401 + SwissSign Silver CA - G2
403 + thawte Primary Root CA
404 + TURKTRUST Certificate Services Provider Root 1
405 + TURKTRUST Certificate Services Provider Root 2
406 + VeriSign Class 3 Public Primary Certification Authority - G5
407 + Wells Fargo Root CA
408 + XRamp Global CA Root
409 - Verisign Class 1 Public Primary OCSP Responder
410 - Verisign Class 2 Public Primary OCSP Responder
411 - Verisign Class 3 Public Primary OCSP Responder
412 - Verisign Secure Server OCSP Responder
413 (Closes: #447062, #456581)
414 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
416 * Reworded the description and made it static to ease translations.
417 * Reworded and amended README.Debian.
418 * Added myself to the uploaders of this package.
419 * Applied a patch by Martin F. Krafft to support hooks scripts
420 on add/remove of a certificate. (Closes: #377314)
422 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
424 ca-certificates (20070303-0.1) unstable; urgency=low
426 * Non-maintainer upload to fix longstanding pending l10n issues.
427 * Debconf templates and debian/control reviewed by the debian-l10n-
428 english team as part of the Smith review project.
429 Closes: #432249, #434789
430 * Debconf translation updates:
431 - Japanese. Closes:#433067
432 - Basque. Closes: #433074
433 - Spanish. Closes: #433078
434 - Czech. Closes: #433100
435 - Galician. Closes: #433215
436 - Russian. Closes: #433224
437 - Swedish. Closes: #433432
438 - Vietnamese. Closes: #433792, #427000, #434992
439 - Dutch. Closes: #434670
440 - German. Closes: #434788
441 - Italian. Closes: #435029
442 * Portuguese. Closes: #435471
443 * Finnish. Closes: #448826
444 * Remove /etc/ssl when purging the package (only if that
445 directory is empty). Closes: #454334
446 * [Lintian] Give a reference to the GPL text in debian/copyright
447 * [Lintian] No longer ignore errors from "make clean"
448 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
450 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
452 ca-certificates (20070303) unstable; urgency=low
454 * Add debconf.org crt. closes: Bug#342088
455 * Add cacert class3 crt. closes: Bug#350282
456 * Add debian/po/pt.po. closes: Bug#408183
457 * Update debian/po/ru.po. closes: Bug#410770
458 * Update debian/po/pt_BR.po. closes: Bug#403824
459 * Add debian/po/gl.po. closes: Bug#407951
461 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
463 ca-certificates (20061027.2) unstable; urgency=low
465 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
466 * Avoid cd to /etc/ssl/certs to removing hash symlinks
469 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
471 ca-certificates (20061027.1) unstable; urgency=low
473 * Non-maintainer upload to fix remaining l10n issues
474 * Debconf translation updates:
475 - Czech. Closes: #407807
476 - Spanish. Closes: #401968
477 - German. Closes: #396942
478 * Add debconf-updatepo to the clean target in debian/rules
479 to guarantee up-to-date PO(T) files
481 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
484 ca-certificates (20061027) unstable; urgency=low
486 * sbin/update-ca-certificates:
487 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
488 preserve other symlinks. closes: Bug#387089
489 * debian/po/nl.po: updated
491 * debian/po/fr.po: updated
493 * debian/po/da.po: updated
496 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
498 ca-certificates (20060816) unstable; urgency=low
500 * debian/control: explicitly mention that trustworthiness of certificate
501 authorities is not evaluated.
503 * debian/templates: refine messages
505 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
507 * debian/control: libssl0.9.7->libssl0.9.8
509 * debian/postrm: remove .dpkg-old files
511 * debian/README.Debian: fix
513 * debian/postinst: fix typo
515 * debian/po/sv.po: added
517 * debian/po/es.po: added
519 * add new SPI CA certificate
520 submitted by Michael C. Schultheiss <schultmc@debian.org>
522 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
524 ca-certificates (20050804) unstable; urgency=low
526 * use ${misc:Depends} in debian/control for debconf
527 * update description in debian/control
529 * update debian/po/vi.po
531 * update debian/po/de.po
534 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
536 ca-certificates (20050518) unstable; urgency=high
538 * fix ca-certificates.crt generationumask-sensitive and racy
540 * update mozilla/certdata.txt
541 add: "Certum Root CA", "Comodo AAA Services root"
542 "Comodo Secure Services root",
543 "Comodo Trusted Services root",
544 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
545 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
546 "IPS Timestamping root",
548 "Security Communication Root CA",
549 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
550 "Staat der Nederlanden Root CA",
551 "TDC Internet Root CA", "TDC OCES Root CA",
552 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
553 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
554 * add CACert.org's Root CA
555 closes: Bug#213086, Bug#288293
556 * add debian/po/vi.po
558 * add debian/po/cs.po
560 * write "How certificate will be accepted in ca-certificates package"
563 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
565 ca-certificates (20040809) unstable; urgency=low
567 * previous version was not fixed Bug#255933 correctly.
568 update-ca-certificates now remove symlinks of deselected entries
569 in ca-certificates.conf
572 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
574 ca-certificates (20040808) unstable; urgency=low
576 * run update-ca-certificates by /bin/sh -e
578 * update-ca-certificates remove symlinks of deselected entries
579 in ca-certificates.conf
581 * change default of trust_new_crts from 'ask' to 'yes'
582 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
583 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
585 * add brasil.gov.br certs
587 * add Signet CA Roots certs
589 * add QuoVadis CA Roots certs
601 * fix quote characters in template
603 * remove debian.org, because certs used in db.debian.org has been
604 revoked due to debian.org crack incidents.
605 db.debian.org uses certificates using spi-inc.org Root CA.
607 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
609 ca-certificates (20031007.1) unstable; urgency=low
612 * Add brasil.gov.br/brasil.gov.br.crt, created from
613 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
614 * Add debian/po/pt_BR.po: closes: Bug#224612
616 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
618 ca-certificates (20031007) unstable; urgency=low
620 * add debian/po/ru.po: closes: Bug#214371
622 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
624 ca-certificates (20030924) unstable; urgency=low
626 * add debian/po/ja.po: closes: Bug#212565
628 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
630 ca-certificates (20030916) unstable; urgency=low
632 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
633 * debian/config: if new cert is asked, don't ask all available certs
636 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
638 ca-certificates (20030915) unstable; urgency=low
640 * debian/config.in: fix typo. closes: Bug#190990
641 * add option for new CA certificates. closes: Bug#190989
642 * switch to gettext-based debconf templates. closes: Bug#205782
643 * update mozilla/certdata.txt from mozilla 1.4 release
645 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
647 ca-certificates (20030420) unstable; urgency=low
649 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
650 * fix broken English in debconf template. closes: Bug#189606
651 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
652 * preserve comments in /etc/ca-certificates.conf when upgrading.
655 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
657 ca-certificates (20030415) unstable; urgency=medium
659 * fix upgrade problem
660 closes: Bug#188938, Bug#188940
663 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
665 ca-certificates (20030414) unstable; urgency=medium
667 * certificates are installed in /usr/share/ca-certificates
668 you can find md5sum of certs files. closes: Bug#170777
670 * debconf to generate /etc/ca-certificates.conf
671 * update-ca-certificates update /etc/ssl/certs according
672 /etc/ca-certificates.conf
673 It also generate /etc/ssl/certs/ca-certificates.crt
674 which is single-file version of certs.
677 * change extension from .pem to .crt in /usr/share/ca-certificates
679 application/x-x509-ca-cert crt
680 but it will be hardlink or copied in /etc/ssl/certs with .pem
681 extension by update-ca-certificates.
682 c_rehash requires .pem extension
684 * Update certificate from mozilla 2:1.3-4
685 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
686 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
688 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
689 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
690 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
691 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
693 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
695 ca-certificates (20020323) unstable; urgency=low
697 * Moved from non-US to main now that openssl has moved there.
699 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
701 ca-certificates (20020208) unstable; urgency=low
703 * add db.debian.org certificate
705 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
707 ca-certificates (20020112) unstable; urgency=low
709 * upload to non-US instead of main, because it depends on openssl
710 (it uses c_rehash in openssl in maintainer scripts)
712 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
714 ca-certificates (20020107) unstable; urgency=low
716 * Initial Release. closes: Bug#126586
718 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900