X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=debian%2Fchangelog;h=f5b0e05a7c5c4c7913810f13ee95b59e70adcd4c;hb=556012bf94c15c5f90df37bca737f972a04223d2;hp=dab6a8c6106076ebe9bd99eb382b3926d28aa28a;hpb=9e01cb0760d01fbe338039220e1a641cbf11dd8b;p=ca-certificates.git

diff --git a/debian/changelog b/debian/changelog
index dab6a8c..f5b0e05 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,106 @@
+ca-certificates (20090814) unstable; urgency=low
+
+  * Call Debconf and its db_purge as early as possible in postrm.
+    (Closes: #541275)
+
+ -- Philipp Kern <pkern@debian.org>  Fri, 14 Aug 2009 11:10:00 +0200
+
+ca-certificates (20090709) unstable; urgency=low
+
+  * Fix purge by checking for `/etc/ssl/certs' first.  (Closes: #536331)
+
+ -- Philipp Kern <pkern@debian.org>  Thu, 09 Jul 2009 10:35:39 +0200
+
+ca-certificates (20090708) unstable; urgency=low
+
+  * Removed CA files:
+    - cacert.org/root.crt and cacert.org/class3.crt:
+      Both certificate files were deprecated with 20080809.  Users of these
+      root certificates are encouraged to switch to
+      `cacert.org/cacert.org.crt' which contains both class 1 and class 3
+      roots joined in a single file.
+    - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
+      This certificate has been added into the Mozilla truststore and
+      is available as `mozilla/QuoVadis_Root_CA.crt'.
+  * Do not redirect c_rehash error messages to /dev/null.
+    (Closes: #495224)
+  * Remove dangling symlinks on purge, which also gets rid of the hash
+    symlink for ca-certificates.crt.  (Closes: #475240)
+  * Use subshells when grepping for certificates in config, avoiding
+    SIGPIPE because of grep's immediate exit after it finds the pattern.
+    (Closes: #486737)
+  * Fix VERBOSE_ARG usage in update-ca-certificates.  Thanks to
+    Robby Workman of Slackware.
+  * Updated Standards-Version and FSF portal address in the copyright file.
+
+ -- Philipp Kern <pkern@debian.org>  Wed, 08 Jul 2009 23:19:56 +0200
+
+ca-certificates (20090701) unstable; urgency=low
+
+  * Reactivated "Equifax Secure Global eBusiness CA".  (Closes: #534674)
+    Rationale: The rogue collision CA has its validity period in the past.
+    Thus it does not impose a risk upon us at the moment.
+  * Restrict search for local certificates to add on files ending with '.crt'.
+  * Canonicalize PEM names by applying the same set of substitions to
+    local and other certificates like the Mozilla certdata dumper does.
+
+ -- Philipp Kern <pkern@debian.org>  Wed, 01 Jul 2009 14:50:00 +0200
+
+ca-certificates (20090624) unstable; urgency=low
+
+  * Allow local certificate installation.  All certificates found
+    in `/usr/local/share/ca-certificates' will be automatically added
+    to the list of trusted certificates in `/etc/ssl/certs'.
+    (Closes: #352637, #419491, #473677, #476663, #511150)
+  * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
+    1.51):
+    + COMODO ECC Certification Authority
+    + DigiNotar Root CA
+    + Network Solutions Certificate Authority
+    + WellsSecure Public Root Certificate Authority
+    - Equifax Secure Global eBusiness CA
+    - UTN USERFirst Object Root CA
+  * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
+    untrusted certificates.  This led to the exclusion of the
+    "MD5 Collisions Forged Rogue CA 23c3" and its parent
+    "Equifax Secure Global eBusiness CA".  Furthermore code signing-only
+    certificates are no longer included neither.
+  * Remove the purging of old PEM files in postinst dating back to
+    versions earlier than 20030414.
+  * Hooks are now called at every invocation of `update-ca-certificates'.
+    If no changes were done to `/etc/ssl/certs', the input for the
+    hooks will be empty, though.  Failure exit codes of hooks will not
+    tear down the upgrade process anymore.  They are printed but ignored.
+
+ -- Philipp Kern <pkern@debian.org>  Tue, 24 Jun 2009 21:04:08 +0200
+
+ca-certificates (20081127) unstable; urgency=low
+
+  * Remove /etc/ssl{,/certs} in postrm to please piuparts.  (Closes:
+    #454334)
+
+ -- Philipp Kern <pkern@debian.org>  Thu, 27 Nov 2008 19:13:17 +0100
+
+ca-certificates (20080809) unstable; urgency=low
+
+  * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
+    This file can be used for proper certificate chaining if CACert
+    server certificates are used.  The old class3.pem and root.pem
+    certificates are deprecated.  This new file could safely serve as
+    a replacement for both.  (Closes: #494343)
+  * This also reintroduces the old name for the CACert certificate,
+    thus closing a long-standing bug about its rename to root.crt.
+    (Closes: #413766)
+
+ -- Philipp Kern <pkern@debian.org>  Sat, 09 Aug 2008 14:58:24 -0300
+
+ca-certificates (20080617) unstable; urgency=low
+
+  * Added French Government's IGC/A CA (both DSA and RSA).
+    (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org>  Mon, 23 Jun 2008 20:55:53 +0200
+
 ca-certificates (20080616) unstable; urgency=low
 
   * Fix installation on pt_BR locales.  The problem was caused by the