-ca-certificates (20111024) UNRELEASED; urgency=low
-
- [ Steve Langasek ]
- * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
- the way before calling c_rehash, so that symlinks don't accidentally get
- pointed here, breaking openssl certificate verification LP: #854927
-
- [ Loïc Minier ]
- * Drop bogus c_rehash on upgrades, which caused issue when
- ca-certificates.crt was still in place; instead, call
- update-ca-certificates --fresh on upgrades to this version, and
- the usual update-ca-certificates otherwise Closes: #643667
-
- -- Michael Shuler <michael@pbandjelly.org> Mon, 24 Oct 2011 18:44:13 -0500
-
-ca-certificates (20111023) unstable; urgency=low
-
+ca-certificates (20111025.4) UNRELEASED; urgency=low
+
+ * Clarify CA audit note in package description and README.debian. Thanks
+ to C.J. Adams-Collier for the patch. Closes: #594383
+ * Remove French Government IGC/A CA certificates. The RSA certificate is
+ included in the Mozilla bundle and the DSA certificate is not in use.
+ Closes: #646767
+ * Remove expired signet.pl CAs. Closes: #647849
+ * Remove expired brasil.gov.br CA.
+ * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
+ * Use 'set -e' in body of debian/postinst
+ * Update mozilla/certdata.txt to primary Mozilla repository version 1.80
+ (no added/removed CAs)
+ ! TODO: update mozilla/certdata2pem.py to grok [NETSCAPE||NSS]...
+
+ -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 15:00:20 -0600
+
+ca-certificates (20111025) unstable; urgency=low
+
+ [ Michael Shuler ]