X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=debian%2Fchangelog;h=f5b0e05a7c5c4c7913810f13ee95b59e70adcd4c;hb=556012bf94c15c5f90df37bca737f972a04223d2;hp=54da73d568610c868cd94896c91d4e61ceea43bf;hpb=4f86fa3c8fb5d6830395ad169786d5c6a9de82a5;p=ca-certificates.git diff --git a/debian/changelog b/debian/changelog index 54da73d..f5b0e05 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,190 @@ -ca-certificates (20080319) UNRELEASED; urgency=low +ca-certificates (20090814) unstable; urgency=low + + * Call Debconf and its db_purge as early as possible in postrm. + (Closes: #541275) + + -- Philipp Kern Fri, 14 Aug 2009 11:10:00 +0200 + +ca-certificates (20090709) unstable; urgency=low + + * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331) + + -- Philipp Kern Thu, 09 Jul 2009 10:35:39 +0200 + +ca-certificates (20090708) unstable; urgency=low + + * Removed CA files: + - cacert.org/root.crt and cacert.org/class3.crt: + Both certificate files were deprecated with 20080809. Users of these + root certificates are encouraged to switch to + `cacert.org/cacert.org.crt' which contains both class 1 and class 3 + roots joined in a single file. + - quovadis.bm/QuoVadis_Root_Certification_Authority.crt: + This certificate has been added into the Mozilla truststore and + is available as `mozilla/QuoVadis_Root_CA.crt'. + * Do not redirect c_rehash error messages to /dev/null. + (Closes: #495224) + * Remove dangling symlinks on purge, which also gets rid of the hash + symlink for ca-certificates.crt. (Closes: #475240) + * Use subshells when grepping for certificates in config, avoiding + SIGPIPE because of grep's immediate exit after it finds the pattern. + (Closes: #486737) + * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to + Robby Workman of Slackware. + * Updated Standards-Version and FSF portal address in the copyright file. + + -- Philipp Kern Wed, 08 Jul 2009 23:19:56 +0200 + +ca-certificates (20090701) unstable; urgency=low + + * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674) + Rationale: The rogue collision CA has its validity period in the past. + Thus it does not impose a risk upon us at the moment. + * Restrict search for local certificates to add on files ending with '.crt'. + * Canonicalize PEM names by applying the same set of substitions to + local and other certificates like the Mozilla certdata dumper does. + + -- Philipp Kern Wed, 01 Jul 2009 14:50:00 +0200 + +ca-certificates (20090624) unstable; urgency=low + + * Allow local certificate installation. All certificates found + in `/usr/local/share/ca-certificates' will be automatically added + to the list of trusted certificates in `/etc/ssl/certs'. + (Closes: #352637, #419491, #473677, #476663, #511150) + * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision + 1.51): + + COMODO ECC Certification Authority + + DigiNotar Root CA + + Network Solutions Certificate Authority + + WellsSecure Public Root Certificate Authority + - Equifax Secure Global eBusiness CA + - UTN USERFirst Object Root CA + * Reimplemented the Mozilla certdata parser mainly to exclude explicitly + untrusted certificates. This led to the exclusion of the + "MD5 Collisions Forged Rogue CA 23c3" and its parent + "Equifax Secure Global eBusiness CA". Furthermore code signing-only + certificates are no longer included neither. + * Remove the purging of old PEM files in postinst dating back to + versions earlier than 20030414. + * Hooks are now called at every invocation of `update-ca-certificates'. + If no changes were done to `/etc/ssl/certs', the input for the + hooks will be empty, though. Failure exit codes of hooks will not + tear down the upgrade process anymore. They are printed but ignored. + + -- Philipp Kern Tue, 24 Jun 2009 21:04:08 +0200 + +ca-certificates (20081127) unstable; urgency=low + + * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes: + #454334) + + -- Philipp Kern Thu, 27 Nov 2008 19:13:17 +0100 + +ca-certificates (20080809) unstable; urgency=low + + * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates. + This file can be used for proper certificate chaining if CACert + server certificates are used. The old class3.pem and root.pem + certificates are deprecated. This new file could safely serve as + a replacement for both. (Closes: #494343) + * This also reintroduces the old name for the CACert certificate, + thus closing a long-standing bug about its rename to root.crt. + (Closes: #413766) + + -- Philipp Kern Sat, 09 Aug 2008 14:58:24 -0300 + +ca-certificates (20080617) unstable; urgency=low + + * Added French Government's IGC/A CA (both DSA and RSA). + (Closes: #416470) + + -- Philipp Kern Mon, 23 Jun 2008 20:55:53 +0200 + +ca-certificates (20080616) unstable; urgency=low + + * Fix installation on pt_BR locales. The problem was caused by the + .templates choices strings being marked for translation, with pt_BR + being the only language which actually translated them. Thanks to + Ubuntu for the fix, which needs to be around until Lenny is released + or six months have passed, whichever is later. (Closes: #472507) + * Drop Fumitoshi from the list of maintainers. Farewell! + * Bump Standards-Version to 3.8.0. + + -- Philipp Kern Mon, 16 Jun 2008 17:41:50 +0200 + +ca-certificates (20080514) unstable; urgency=medium + + * Added the new SPI CA certificate, created in response to the latest + openssl security update. + * Removed old SPI CA certificates (2006, 2007) as CAs cannot be + revoked sensibly. Expired CA created in 2003, expired in 2007 left + around for reference. + * Updated the Galician translation, thanks to Glennie Vignarajah. + (Closes: #416470) + + -- Philipp Kern Wed, 14 May 2008 10:03:42 +0200 + +ca-certificates (20080411) unstable; urgency=low * Added the current SPI CA certificate, used by Debian's infrastructure. * Added Deutsche Telekom Root CA 2, which is used by German institutions through the DFN PKI. + * Updated mozilla certificates from trunk, which led to the following + adds (+) and removes (-): + + Camerfirma Chambers of Commerce Root + + Camerfirma Global Chambersign Root + + Certplus Class 2 Primary CA + + COMODO Certification Authority + + DigiCert Assured ID Root CA + + DigiCert Global Root CA + + DigiCert High Assurance EV Root CA + + DST ACES CA X6 + + DST Root CA X3 + + Entrust Root Certification Authority + + Firmaprofesional Root CA + + GeoTrust Global CA 2 + + GeoTrust Primary Certification Authority + + GeoTrust Universal CA + + GeoTrust Universal CA 2 + + GlobalSign Root CA - R2 + + Go Daddy Class 2 CA + + NetLock Business (Class B) Root + + NetLock Express (Class C) Root + + NetLock Notary (Class A) Root + + NetLock Qualified (Class QA) Root + + QuoVadis Root CA 2 + + QuoVadis Root CA 3 + + Secure Global CA + + SecureTrust CA + + Starfield Class 2 CA + + StartCom Certification Authority + + StartCom Ltd. + + Swisscom Root CA 1 + + SwissSign Gold CA - G2 + + SwissSign Platinum CA - G2 + + SwissSign Silver CA - G2 + + Taiwan GRCA + + thawte Primary Root CA + + TURKTRUST Certificate Services Provider Root 1 + + TURKTRUST Certificate Services Provider Root 2 + + VeriSign Class 3 Public Primary Certification Authority - G5 + + Wells Fargo Root CA + + XRamp Global CA Root + - Verisign Class 1 Public Primary OCSP Responder + - Verisign Class 2 Public Primary OCSP Responder + - Verisign Class 3 Public Primary OCSP Responder + - Verisign Secure Server OCSP Responder + (Closes: #447062, #456581) * Updated the Russian debconf translation, thanks to Mikhail Gusarov. (Closes: #434856) * Reworded the description and made it static to ease translations. + * Reworded and amended README.Debian. * Added myself to the uploaders of this package. + * Applied a patch by Martin F. Krafft to support hooks scripts + on add/remove of a certificate. (Closes: #377314) - -- Philipp Kern Wed, 19 Mar 2008 14:25:26 +0100 + -- Philipp Kern Sat, 12 Apr 2008 17:35:26 +0200 ca-certificates (20070303-0.1) unstable; urgency=low