X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=debian%2Fchangelog;h=06d6b0d3f05aa5aab5fd0ab9dcd3a38399be4277;hb=ae03cea72e176c15c832dcfd44f03f4a558d85c4;hp=ba81dfbe62c3d66e18228c27a04176c94c3a75d6;hpb=357d17d3b826ef6e3ca4cbb17a320364c9c0b4e1;p=ca-certificates.git

diff --git a/debian/changelog b/debian/changelog
index ba81dfb..06d6b0d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,21 @@
-ca-certificates (20111022.1) UNRELEASED; urgency=low
+ca-certificates (20111025.4) UNRELEASED; urgency=low
 
-  TODO: set version to release date
-        s/UNRELEASED/unstable/
-        dch --news with CA adds/removes list
-        ? #643667 Broken symlinks on upgrade due to plain c_rehash call
+  * Clarify CA audit note in package description and README.debian. Thanks
+    to C.J. Adams-Collier for the patch.  Closes: #594383
+  * Remove French Government IGC/A CA certificates. The RSA certificate is
+    included in the Mozilla bundle and the DSA certificate is not in use.
+    Closes: #646767
+  * Remove expired signet.pl CAs.  Closes: #647849
+  * Remove expired brasil.gov.br CA.
+  * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
+  * Use 'set -e' in body of debian/postinst
+  * Update mozilla/certdata.txt to primary Mozilla repository version 1.80
+    (no added/removed CAs)
+  ! TODO: update mozilla/certdata2pem.py to grok [NETSCAPE||NSS]...
+
+ -- Michael Shuler <michael@pbandjelly.org>  Sun, 11 Dec 2011 15:00:20 -0600
+
+ca-certificates (20111025) unstable; urgency=low
 
   [ Michael Shuler ]
   * Add 3.0 (native) source format
@@ -16,24 +28,8 @@ ca-certificates (20111022.1) UNRELEASED; urgency=low
     + "AffirmTrust Premium"
     + "AffirmTrust Premium ECC"
     + "A-Trust-nQual-03"
-    + "Bogus Global Trustee"
-    + "Bogus GMail"
-    + "Bogus Google"
-    + "Bogus kuix.de"
-    + "Bogus live.com"
-    + "Bogus Mozilla Addons"
-    + "Bogus Skype"
-    + "Bogus Yahoo 1"
-    + "Bogus Yahoo 2"
-    + "Bogus Yahoo 3"
     + "Certinomis - Autorité Racine"
     + "Certum Trusted Network CA"
-    + "Explicitly Distrust DigiNotar Cyber CA"
-    + "Explicitly Distrust DigiNotar Cyber CA 2nd"
-    + "Explicitly Distrust DigiNotar Root CA"
-    + "Explicitly Distrust DigiNotar Services 1024 CA"
-    + "Explicitly Distrusted DigiNotar PKIoverheid"
-    + "Explicitly Distrusted DigiNotar PKIoverheid G2"
     + "Go Daddy Root Certificate Authority - G2"
     + "Root CA Generalitat Valenciana"
     + "Starfield Root Certificate Authority - G2"
@@ -53,10 +49,20 @@ ca-certificates (20111022.1) UNRELEASED; urgency=low
     - "IPS Timestamping root"
     - "Thawte Personal Freemail CA"
     - "Thawte Time Stamping CA"
-  * "Bogus *" CAs above address Comodo MITM 03/11  Closes: #619587
   * Update CAcert-Class 3-Subroot-certificate  Closes: #630232
 
- -- Michael Shuler <michael@pbandjelly.org>  Sun, 23 Oct 2011 21:37:30 -0500
+  [ Steve Langasek ]
+  * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
+    the way before calling c_rehash, so that symlinks don't accidentally get
+    pointed here, breaking openssl certificate verification  LP: #854927
+
+  [ Loïc Minier ]
+  * Drop bogus c_rehash on upgrades, which caused issue when
+    ca-certificates.crt was still in place; instead, call
+    update-ca-certificates --fresh on upgrades to this version, and
+    the usual update-ca-certificates otherwise  Closes: #643667, #537382
+
+ -- Michael Shuler <michael@pbandjelly.org>  Tue, 25 Oct 2011 09:12:10 -0500
 
 ca-certificates (20111022) unstable; urgency=low