X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=debian%2Fchangelog;h=609ddd64a98141bc4670a965ba32417cc169a6ec;hb=b45b3e496f22983ce5ddcb9ac8b44dbab23cfe48;hp=eea7e8c79d499964293d70d2c0e2f8dde9fc164f;hpb=b188fc2325a4404cf815622799310affa6d82d1e;p=ca-certificates.git

diff --git a/debian/changelog b/debian/changelog
index eea7e8c..609ddd6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,112 @@
+ca-certificates (20090708) unstable; urgency=low
+
+  * Removed CA files:
+    - cacert.org/root.crt and cacert.org/class3.crt:
+      Both certificate files were deprecated with 20080809.  Users of these
+      root certificates are encouraged to switch to
+      `cacert.org/cacert.org.crt' which contains both class 1 and class 3
+      roots joined in a single file.
+    - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
+      This certificate has been added into the Mozilla truststore and
+      is available as `mozilla/QuoVadis_Root_CA.crt'.
+  * Do not redirect c_rehash error messages to /dev/null.
+    (Closes: #495224)
+  * Remove dangling symlinks on purge, which also gets rid of the hash
+    symlink for ca-certificates.crt.  (Closes: #475240)
+  * Use subshells when grepping for certificates in config, avoiding
+    SIGPIPE because of grep's immediate exit after it finds the pattern.
+    (Closes: #486737)
+  * Fix VERBOSE_ARG usage in update-ca-certificates.  Thanks to
+    Robby Workman of Slackware.
+  * Updated Standards-Version and FSF portal address in the copyright file.
+
+ -- Philipp Kern <pkern@debian.org>  Wed, 08 Jul 2009 23:19:56 +0200
+
+ca-certificates (20090701) unstable; urgency=low
+
+  * Reactivated "Equifax Secure Global eBusiness CA".  (Closes: #534674)
+    Rationale: The rogue collision CA has its validity period in the past.
+    Thus it does not impose a risk upon us at the moment.
+  * Restrict search for local certificates to add on files ending with '.crt'.
+  * Canonicalize PEM names by applying the same set of substitions to
+    local and other certificates like the Mozilla certdata dumper does.
+
+ -- Philipp Kern <pkern@debian.org>  Wed, 01 Jul 2009 14:50:00 +0200
+
+ca-certificates (20090624) unstable; urgency=low
+
+  * Allow local certificate installation.  All certificates found
+    in `/usr/local/share/ca-certificates' will be automatically added
+    to the list of trusted certificates in `/etc/ssl/certs'.
+    (Closes: #352637, #419491, #473677, #476663, #511150)
+  * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
+    1.51):
+    + COMODO ECC Certification Authority
+    + DigiNotar Root CA
+    + Network Solutions Certificate Authority
+    + WellsSecure Public Root Certificate Authority
+    - Equifax Secure Global eBusiness CA
+    - UTN USERFirst Object Root CA
+  * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
+    untrusted certificates.  This led to the exclusion of the
+    "MD5 Collisions Forged Rogue CA 23c3" and its parent
+    "Equifax Secure Global eBusiness CA".  Furthermore code signing-only
+    certificates are no longer included neither.
+  * Remove the purging of old PEM files in postinst dating back to
+    versions earlier than 20030414.
+  * Hooks are now called at every invocation of `update-ca-certificates'.
+    If no changes were done to `/etc/ssl/certs', the input for the
+    hooks will be empty, though.  Failure exit codes of hooks will not
+    tear down the upgrade process anymore.  They are printed but ignored.
+
+ -- Philipp Kern <pkern@debian.org>  Tue, 24 Jun 2009 21:04:08 +0200
+
+ca-certificates (20081127) unstable; urgency=low
+
+  * Remove /etc/ssl{,/certs} in postrm to please piuparts.  (Closes:
+    #454334)
+
+ -- Philipp Kern <pkern@debian.org>  Thu, 27 Nov 2008 19:13:17 +0100
+
+ca-certificates (20080809) unstable; urgency=low
+
+  * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
+    This file can be used for proper certificate chaining if CACert
+    server certificates are used.  The old class3.pem and root.pem
+    certificates are deprecated.  This new file could safely serve as
+    a replacement for both.  (Closes: #494343)
+  * This also reintroduces the old name for the CACert certificate,
+    thus closing a long-standing bug about its rename to root.crt.
+    (Closes: #413766)
+
+ -- Philipp Kern <pkern@debian.org>  Sat, 09 Aug 2008 14:58:24 -0300
+
+ca-certificates (20080617) unstable; urgency=low
+
+  * Added French Government's IGC/A CA (both DSA and RSA).
+    (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org>  Mon, 23 Jun 2008 20:55:53 +0200
+
+ca-certificates (20080616) unstable; urgency=low
+
+  * Fix installation on pt_BR locales.  The problem was caused by the
+    .templates choices strings being marked for translation, with pt_BR
+    being the only language which actually translated them.  Thanks to
+    Ubuntu for the fix, which needs to be around until Lenny is released
+    or six months have passed, whichever is later.  (Closes: #472507)
+  * Drop Fumitoshi from the list of maintainers.  Farewell!
+  * Bump Standards-Version to 3.8.0.
+
+ -- Philipp Kern <pkern@debian.org>  Mon, 16 Jun 2008 17:41:50 +0200
+
 ca-certificates (20080514) unstable; urgency=medium
 
   * Added the new SPI CA certificate, created in response to the latest
     openssl security update.
+  * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
+    revoked sensibly.  Expired CA created in 2003, expired in 2007 left
+    around for reference.
   * Updated the Galician translation, thanks to Glennie Vignarajah.
     (Closes: #416470)