+ca-certificates (20090708) unstable; urgency=low
+
+ * Removed CA files:
+ - cacert.org/root.crt and cacert.org/class3.crt:
+ Both certificate files were deprecated with 20080809. Users of these
+ root certificates are encouraged to switch to
+ `cacert.org/cacert.org.crt' which contains both class 1 and class 3
+ roots joined in a single file.
+ - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
+ This certificate has been added into the Mozilla truststore and
+ is available as `mozilla/QuoVadis_Root_CA.crt'.
+ * Do not redirect c_rehash error messages to /dev/null.
+ (Closes: #495224)
+ * Remove dangling symlinks on purge, which also gets rid of the hash
+ symlink for ca-certificates.crt. (Closes: #475240)
+ * Use subshells when grepping for certificates in config, avoiding
+ SIGPIPE because of grep's immediate exit after it finds the pattern.
+ (Closes: #486737)
+ * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
+ Robby Workman of Slackware.
+ * Updated Standards-Version and FSF portal address in the copyright file.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
+
+ca-certificates (20090701) unstable; urgency=low
+
+ * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
+ Rationale: The rogue collision CA has its validity period in the past.
+ Thus it does not impose a risk upon us at the moment.
+ * Restrict search for local certificates to add on files ending with '.crt'.
+ * Canonicalize PEM names by applying the same set of substitions to
+ local and other certificates like the Mozilla certdata dumper does.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
+
+ca-certificates (20090624) unstable; urgency=low
+
+ * Allow local certificate installation. All certificates found
+ in `/usr/local/share/ca-certificates' will be automatically added
+ to the list of trusted certificates in `/etc/ssl/certs'.
+ (Closes: #352637, #419491, #473677, #476663, #511150)
+ * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
+ 1.51):
+ + COMODO ECC Certification Authority
+ + DigiNotar Root CA
+ + Network Solutions Certificate Authority
+ + WellsSecure Public Root Certificate Authority
+ - Equifax Secure Global eBusiness CA
+ - UTN USERFirst Object Root CA
+ * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
+ untrusted certificates. This led to the exclusion of the
+ "MD5 Collisions Forged Rogue CA 23c3" and its parent
+ "Equifax Secure Global eBusiness CA". Furthermore code signing-only
+ certificates are no longer included neither.
+ * Remove the purging of old PEM files in postinst dating back to
+ versions earlier than 20030414.
+ * Hooks are now called at every invocation of `update-ca-certificates'.
+ If no changes were done to `/etc/ssl/certs', the input for the
+ hooks will be empty, though. Failure exit codes of hooks will not
+ tear down the upgrade process anymore. They are printed but ignored.
+
+ -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
+
+ca-certificates (20081127) unstable; urgency=low
+
+ * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
+ #454334)
+
+ -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
+
+ca-certificates (20080809) unstable; urgency=low
+
+ * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
+ This file can be used for proper certificate chaining if CACert
+ server certificates are used. The old class3.pem and root.pem
+ certificates are deprecated. This new file could safely serve as
+ a replacement for both. (Closes: #494343)
+ * This also reintroduces the old name for the CACert certificate,
+ thus closing a long-standing bug about its rename to root.crt.
+ (Closes: #413766)
+
+ -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
+
+ca-certificates (20080617) unstable; urgency=low
+
+ * Added French Government's IGC/A CA (both DSA and RSA).
+ (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
+
+ca-certificates (20080616) unstable; urgency=low
+
+ * Fix installation on pt_BR locales. The problem was caused by the
+ .templates choices strings being marked for translation, with pt_BR
+ being the only language which actually translated them. Thanks to
+ Ubuntu for the fix, which needs to be around until Lenny is released
+ or six months have passed, whichever is later. (Closes: #472507)
+ * Drop Fumitoshi from the list of maintainers. Farewell!
+ * Bump Standards-Version to 3.8.0.
+
+ -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
+
+ca-certificates (20080514) unstable; urgency=medium
+
+ * Added the new SPI CA certificate, created in response to the latest
+ openssl security update.
+ * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
+ revoked sensibly. Expired CA created in 2003, expired in 2007 left
+ around for reference.
+ * Updated the Galician translation, thanks to Glennie Vignarajah.
+ (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
+
+ca-certificates (20080411) unstable; urgency=low