1 ca-certificates (20120112) unstable; urgency=low
3 * Update mozilla/certdata.txt to version 1.81
4 Certificates added (+) and removed (-):
5 + "Security Communication RootCA2"
7 + "Hellenic Academic and Research Institutions RootCA 2011"
8 - "Verisign Class 2 Public Primary Certification Authority"
9 - "Verisign Class 4 Public Primary Certification Authority - G2"
10 - "TC TrustCenter, Germany, Class 2 CA"
11 - "TC TrustCenter, Germany, Class 3 CA"
12 * Add notice to README.Debian deprecating CA inclusions and refer to
13 #647848 for Debian CA Certificate Policy discussion.
15 -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 14:02:02 -0600
17 ca-certificates (20111211) unstable; urgency=low
19 * Clarify CA audit note in package description and README.debian. Thanks
20 to C.J. Adams-Collier for the patch. Closes: #594383
21 * Remove French Government IGC/A CA certificates. The RSA certificate is
22 included in the Mozilla bundle and the DSA certificate is not in use.
24 * Remove expired signet.pl CAs. Closes: #647849
25 * Remove expired brasil.gov.br CA.
26 * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
27 * Use 'set -e' in body of debian/postinst
28 * Update mozilla/certdata.txt to version 1.80
29 (no added/removed CAs)
30 * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
32 -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
34 ca-certificates (20111025) unstable; urgency=low
37 * Add 3.0 (native) source format
38 * Add Vcs-Git/Browser fields
39 * Add myself as new Maintainer with Uploaders Closes: #588219
40 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
41 Certificates added (+) and removed (-):
42 + "AffirmTrust Commercial"
43 + "AffirmTrust Networking"
44 + "AffirmTrust Premium"
45 + "AffirmTrust Premium ECC"
47 + "Certinomis - Autorité Racine"
48 + "Certum Trusted Network CA"
49 + "Go Daddy Root Certificate Authority - G2"
50 + "Root CA Generalitat Valenciana"
51 + "Starfield Root Certificate Authority - G2"
52 + "Starfield Services Root Certificate Authority - G2"
53 + "TWCA Root Certification Authority"
54 - "AOL Time Warner Root Certification Authority 1"
55 - "AOL Time Warner Root Certification Authority 2"
57 - "Entrust.net Global Secure Personal CA"
58 - "Entrust.net Global Secure Server CA"
59 - "Entrust.net Secure Personal CA"
60 - "IPS Chained CAs root"
65 - "IPS Timestamping root"
66 - "Thawte Personal Freemail CA"
67 - "Thawte Time Stamping CA"
68 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
71 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
72 the way before calling c_rehash, so that symlinks don't accidentally get
73 pointed here, breaking openssl certificate verification LP: #854927
76 * Drop bogus c_rehash on upgrades, which caused issue when
77 ca-certificates.crt was still in place; instead, call
78 update-ca-certificates --fresh on upgrades to this version, and
79 the usual update-ca-certificates otherwise Closes: #643667, #537382
81 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
83 ca-certificates (20111022) unstable; urgency=low
86 * Fix pending l10n issues. Debconf translations:
87 - German (Helge Kreutzmann). Closes: #634000
88 - French (Christian Perrier). Closes: #634092
89 - Russian (Yuri Kozlov). Closes: #635146
90 - Swedish (Martin Bagge / brother). Closes: #640622
91 - Slovak (Slavko). Closes: #641987
92 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
93 - Japanese (Kenshi Muto). Closes: #644828
94 - Czech (Miroslav Kure). Closes: #644843
95 - Danish (Joe Hansen). Closes: #644854
96 - Italian (Luca Monducci). Closes: #645004
97 - Dutch; (Jeroen Schot). Closes: #645090
98 - Portuguese (Miguel Figueiredo). Closes: #645126
99 - Galician (Jorge Barreiro). Closes: #645138
100 - Catalan; (Jordi Mallach). Closes: #645182
101 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
102 * Split Choices in debconf templates
103 * Add build-arch and build-indep build targets
104 * Bump debhelper compatibility level to 8
105 * Bump Standards to 3.9.2 (checked)
106 * Replace "dh_clean -k" by dh_prep
108 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
110 ca-certificates (20110502+nmu1) unstable; urgency=high
112 * Non-maintainer upload by the Security Team.
113 * Blacklist "DigiNotar Root CA" (Closes: #639744)
115 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
117 ca-certificates (20110502) unstable; urgency=low
120 * Mark the package as multi-arch:foreign. (Closes: #622323)
121 * Use db_settitle in config script to allow translations of the
122 dialog title; thanks to Frans Pop. (Closes: #560314)
124 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
126 ca-certificates (20110421) unstable; urgency=low
129 * Package is orphaned, set maintainer to QA group
130 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
131 both the old and new style of symlinks. (Closes: #611102)
132 * Remove libssl0.9.8 from enhances
133 * Update mozilla certdata.txt file to the latest version.
135 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
136 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
137 - beTRUSTed_Root_CA.crt
138 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
139 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
140 - Digital_Signature_Trust_Co._Global_CA_2.crt
141 - Digital_Signature_Trust_Co._Global_CA_4.crt
142 - Entrust.net_Global_Secure_Personal_CA.crt
143 - Entrust.net_Global_Secure_Server_CA.crt
144 - Entrust.net_Secure_Personal_CA.crt
145 - GTE_CyberTrust_Root_CA.crt
146 - IPS_Chained_CAs_root.crt
147 - IPS_CLASE1_root.crt
148 - IPS_CLASE3_root.crt
149 - IPS_CLASEA1_root.crt
150 - IPS_CLASEA3_root.crt
151 - IPS_Servidores_root.crt
152 - IPS_Timestamping_root.crt
153 - RSA_Security_1024_v3.crt
155 - Thawte_Personal_Basic_CA.crt
156 - Thawte_Personal_Premium_CA.crt
157 - UTN-USER_First-Network_Applications.crt
158 - Verisign_RSA_Secure_Server_CA.crt
159 - Verisign_Time_Stamping_Authority_CA.crt
160 - Visa_International_Global_Root_2.crt
163 - AC_Raíz_Certicámara_S.A..crt
164 - ApplicationCA_-_Japanese_Government.crt
165 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
166 - Buypass_Class_2_CA_1.crt
167 - Buypass_Class_3_CA_1.crt
170 - certSIGN_ROOT_CA.crt
171 - Chambers_of_Commerce_Root_-_2008.crt
174 - ComSign_Secured_CA.crt
175 - Cybertrust_Global_Root.crt
176 - Deutsche_Telekom_Root_CA_2.crt
177 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
178 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
179 - ePKI_Root_Certification_Authority.crt
180 - GeoTrust_Primary_Certification_Authority_-_G2.crt
181 - GeoTrust_Primary_Certification_Authority_-_G3.crt
182 - Global_Chambersign_Root_-_2008.crt
183 - GlobalSign_Root_CA_-_R3.crt
184 - Hongkong_Post_Root_CA_1.crt
188 - Microsec_e-Szigno_Root_CA_2009.crt
189 - Microsec_e-Szigno_Root_CA.crt
190 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
191 - OISTE_WISeKey_Global_Root_GA_CA.crt
192 - SecureSign_RootCA11.crt
193 - Security_Communication_EV_RootCA1.crt
194 - Staat_der_Nederlanden_Root_CA_-_G2.crt
195 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
196 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
197 - TC_TrustCenter_Class_2_CA_II.crt
198 - TC_TrustCenter_Class_3_CA_II.crt
199 - TC_TrustCenter_Universal_CA_I.crt
200 - TC_TrustCenter_Universal_CA_III.crt
201 - thawte_Primary_Root_CA_-_G2.crt
202 - thawte_Primary_Root_CA_-_G3.crt
203 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
204 - VeriSign_Universal_Root_Certification_Authority.crt
206 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
207 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
208 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
209 * String decode the mozilla certdata.txt so the filenames show up as
210 proper UTF-8 strings.
212 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
214 ca-certificates (20090814+nmu3) unstable; urgency=low
216 * Non-maintainer upload.
217 * Fix pending l10n issues. Debconf translations:
218 - French (Christian Perrier). Closes: #594231
219 - Danish (Joe Hansen). Closes: #601129
220 - Catalan (Jordi Mallach). Closes: #601089
221 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
223 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
225 ca-certificates (20090814+nmu2) unstable; urgency=low
227 * Non-maintainer upload.
228 * Fixes buggy shell functions included in the postinst script.
231 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
233 ca-certificates (20090814+nmu1) unstable; urgency=low
235 * Non-maintainer upload.
236 * Preserve user changes to the /etc/ca-certificates.conf.
239 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
241 ca-certificates (20090814) unstable; urgency=low
243 * Call Debconf and its db_purge as early as possible in postrm.
246 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
248 ca-certificates (20090709) unstable; urgency=low
250 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
252 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
254 ca-certificates (20090708) unstable; urgency=low
257 - cacert.org/root.crt and cacert.org/class3.crt:
258 Both certificate files were deprecated with 20080809. Users of these
259 root certificates are encouraged to switch to
260 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
261 roots joined in a single file.
262 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
263 This certificate has been added into the Mozilla truststore and
264 is available as `mozilla/QuoVadis_Root_CA.crt'.
265 * Do not redirect c_rehash error messages to /dev/null.
267 * Remove dangling symlinks on purge, which also gets rid of the hash
268 symlink for ca-certificates.crt. (Closes: #475240)
269 * Use subshells when grepping for certificates in config, avoiding
270 SIGPIPE because of grep's immediate exit after it finds the pattern.
272 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
273 Robby Workman of Slackware.
274 * Updated Standards-Version and FSF portal address in the copyright file.
276 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
278 ca-certificates (20090701) unstable; urgency=low
280 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
281 Rationale: The rogue collision CA has its validity period in the past.
282 Thus it does not impose a risk upon us at the moment.
283 * Restrict search for local certificates to add on files ending with '.crt'.
284 * Canonicalize PEM names by applying the same set of substitions to
285 local and other certificates like the Mozilla certdata dumper does.
287 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
289 ca-certificates (20090624) unstable; urgency=low
291 * Allow local certificate installation. All certificates found
292 in `/usr/local/share/ca-certificates' will be automatically added
293 to the list of trusted certificates in `/etc/ssl/certs'.
294 (Closes: #352637, #419491, #473677, #476663, #511150)
295 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
297 + COMODO ECC Certification Authority
299 + Network Solutions Certificate Authority
300 + WellsSecure Public Root Certificate Authority
301 - Equifax Secure Global eBusiness CA
302 - UTN USERFirst Object Root CA
303 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
304 untrusted certificates. This led to the exclusion of the
305 "MD5 Collisions Forged Rogue CA 23c3" and its parent
306 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
307 certificates are no longer included neither.
308 * Remove the purging of old PEM files in postinst dating back to
309 versions earlier than 20030414.
310 * Hooks are now called at every invocation of `update-ca-certificates'.
311 If no changes were done to `/etc/ssl/certs', the input for the
312 hooks will be empty, though. Failure exit codes of hooks will not
313 tear down the upgrade process anymore. They are printed but ignored.
315 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
317 ca-certificates (20081127) unstable; urgency=low
319 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
322 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
324 ca-certificates (20080809) unstable; urgency=low
326 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
327 This file can be used for proper certificate chaining if CACert
328 server certificates are used. The old class3.pem and root.pem
329 certificates are deprecated. This new file could safely serve as
330 a replacement for both. (Closes: #494343)
331 * This also reintroduces the old name for the CACert certificate,
332 thus closing a long-standing bug about its rename to root.crt.
335 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
337 ca-certificates (20080617) unstable; urgency=low
339 * Added French Government's IGC/A CA (both DSA and RSA).
342 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
344 ca-certificates (20080616) unstable; urgency=low
346 * Fix installation on pt_BR locales. The problem was caused by the
347 .templates choices strings being marked for translation, with pt_BR
348 being the only language which actually translated them. Thanks to
349 Ubuntu for the fix, which needs to be around until Lenny is released
350 or six months have passed, whichever is later. (Closes: #472507)
351 * Drop Fumitoshi from the list of maintainers. Farewell!
352 * Bump Standards-Version to 3.8.0.
354 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
356 ca-certificates (20080514) unstable; urgency=medium
358 * Added the new SPI CA certificate, created in response to the latest
359 openssl security update.
360 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
361 revoked sensibly. Expired CA created in 2003, expired in 2007 left
362 around for reference.
363 * Updated the Galician translation, thanks to Glennie Vignarajah.
366 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
368 ca-certificates (20080411) unstable; urgency=low
370 * Added the current SPI CA certificate, used by Debian's infrastructure.
371 * Added Deutsche Telekom Root CA 2, which is used by German institutions
373 * Updated mozilla certificates from trunk, which led to the following
374 adds (+) and removes (-):
375 + Camerfirma Chambers of Commerce Root
376 + Camerfirma Global Chambersign Root
377 + Certplus Class 2 Primary CA
378 + COMODO Certification Authority
379 + DigiCert Assured ID Root CA
380 + DigiCert Global Root CA
381 + DigiCert High Assurance EV Root CA
384 + Entrust Root Certification Authority
385 + Firmaprofesional Root CA
386 + GeoTrust Global CA 2
387 + GeoTrust Primary Certification Authority
388 + GeoTrust Universal CA
389 + GeoTrust Universal CA 2
390 + GlobalSign Root CA - R2
391 + Go Daddy Class 2 CA
392 + NetLock Business (Class B) Root
393 + NetLock Express (Class C) Root
394 + NetLock Notary (Class A) Root
395 + NetLock Qualified (Class QA) Root
400 + Starfield Class 2 CA
401 + StartCom Certification Authority
404 + SwissSign Gold CA - G2
405 + SwissSign Platinum CA - G2
406 + SwissSign Silver CA - G2
408 + thawte Primary Root CA
409 + TURKTRUST Certificate Services Provider Root 1
410 + TURKTRUST Certificate Services Provider Root 2
411 + VeriSign Class 3 Public Primary Certification Authority - G5
412 + Wells Fargo Root CA
413 + XRamp Global CA Root
414 - Verisign Class 1 Public Primary OCSP Responder
415 - Verisign Class 2 Public Primary OCSP Responder
416 - Verisign Class 3 Public Primary OCSP Responder
417 - Verisign Secure Server OCSP Responder
418 (Closes: #447062, #456581)
419 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
421 * Reworded the description and made it static to ease translations.
422 * Reworded and amended README.Debian.
423 * Added myself to the uploaders of this package.
424 * Applied a patch by Martin F. Krafft to support hooks scripts
425 on add/remove of a certificate. (Closes: #377314)
427 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
429 ca-certificates (20070303-0.1) unstable; urgency=low
431 * Non-maintainer upload to fix longstanding pending l10n issues.
432 * Debconf templates and debian/control reviewed by the debian-l10n-
433 english team as part of the Smith review project.
434 Closes: #432249, #434789
435 * Debconf translation updates:
436 - Japanese. Closes:#433067
437 - Basque. Closes: #433074
438 - Spanish. Closes: #433078
439 - Czech. Closes: #433100
440 - Galician. Closes: #433215
441 - Russian. Closes: #433224
442 - Swedish. Closes: #433432
443 - Vietnamese. Closes: #433792, #427000, #434992
444 - Dutch. Closes: #434670
445 - German. Closes: #434788
446 - Italian. Closes: #435029
447 * Portuguese. Closes: #435471
448 * Finnish. Closes: #448826
449 * Remove /etc/ssl when purging the package (only if that
450 directory is empty). Closes: #454334
451 * [Lintian] Give a reference to the GPL text in debian/copyright
452 * [Lintian] No longer ignore errors from "make clean"
453 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
455 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
457 ca-certificates (20070303) unstable; urgency=low
459 * Add debconf.org crt. closes: Bug#342088
460 * Add cacert class3 crt. closes: Bug#350282
461 * Add debian/po/pt.po. closes: Bug#408183
462 * Update debian/po/ru.po. closes: Bug#410770
463 * Update debian/po/pt_BR.po. closes: Bug#403824
464 * Add debian/po/gl.po. closes: Bug#407951
466 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
468 ca-certificates (20061027.2) unstable; urgency=low
470 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
471 * Avoid cd to /etc/ssl/certs to removing hash symlinks
474 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
476 ca-certificates (20061027.1) unstable; urgency=low
478 * Non-maintainer upload to fix remaining l10n issues
479 * Debconf translation updates:
480 - Czech. Closes: #407807
481 - Spanish. Closes: #401968
482 - German. Closes: #396942
483 * Add debconf-updatepo to the clean target in debian/rules
484 to guarantee up-to-date PO(T) files
486 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
489 ca-certificates (20061027) unstable; urgency=low
491 * sbin/update-ca-certificates:
492 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
493 preserve other symlinks. closes: Bug#387089
494 * debian/po/nl.po: updated
496 * debian/po/fr.po: updated
498 * debian/po/da.po: updated
501 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
503 ca-certificates (20060816) unstable; urgency=low
505 * debian/control: explicitly mention that trustworthiness of certificate
506 authorities is not evaluated.
508 * debian/templates: refine messages
510 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
512 * debian/control: libssl0.9.7->libssl0.9.8
514 * debian/postrm: remove .dpkg-old files
516 * debian/README.Debian: fix
518 * debian/postinst: fix typo
520 * debian/po/sv.po: added
522 * debian/po/es.po: added
524 * add new SPI CA certificate
525 submitted by Michael C. Schultheiss <schultmc@debian.org>
527 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
529 ca-certificates (20050804) unstable; urgency=low
531 * use ${misc:Depends} in debian/control for debconf
532 * update description in debian/control
534 * update debian/po/vi.po
536 * update debian/po/de.po
539 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
541 ca-certificates (20050518) unstable; urgency=high
543 * fix ca-certificates.crt generationumask-sensitive and racy
545 * update mozilla/certdata.txt
546 add: "Certum Root CA", "Comodo AAA Services root"
547 "Comodo Secure Services root",
548 "Comodo Trusted Services root",
549 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
550 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
551 "IPS Timestamping root",
553 "Security Communication Root CA",
554 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
555 "Staat der Nederlanden Root CA",
556 "TDC Internet Root CA", "TDC OCES Root CA",
557 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
558 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
559 * add CACert.org's Root CA
560 closes: Bug#213086, Bug#288293
561 * add debian/po/vi.po
563 * add debian/po/cs.po
565 * write "How certificate will be accepted in ca-certificates package"
568 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
570 ca-certificates (20040809) unstable; urgency=low
572 * previous version was not fixed Bug#255933 correctly.
573 update-ca-certificates now remove symlinks of deselected entries
574 in ca-certificates.conf
577 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
579 ca-certificates (20040808) unstable; urgency=low
581 * run update-ca-certificates by /bin/sh -e
583 * update-ca-certificates remove symlinks of deselected entries
584 in ca-certificates.conf
586 * change default of trust_new_crts from 'ask' to 'yes'
587 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
588 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
590 * add brasil.gov.br certs
592 * add Signet CA Roots certs
594 * add QuoVadis CA Roots certs
606 * fix quote characters in template
608 * remove debian.org, because certs used in db.debian.org has been
609 revoked due to debian.org crack incidents.
610 db.debian.org uses certificates using spi-inc.org Root CA.
612 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
614 ca-certificates (20031007.1) unstable; urgency=low
617 * Add brasil.gov.br/brasil.gov.br.crt, created from
618 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
619 * Add debian/po/pt_BR.po: closes: Bug#224612
621 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
623 ca-certificates (20031007) unstable; urgency=low
625 * add debian/po/ru.po: closes: Bug#214371
627 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
629 ca-certificates (20030924) unstable; urgency=low
631 * add debian/po/ja.po: closes: Bug#212565
633 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
635 ca-certificates (20030916) unstable; urgency=low
637 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
638 * debian/config: if new cert is asked, don't ask all available certs
641 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
643 ca-certificates (20030915) unstable; urgency=low
645 * debian/config.in: fix typo. closes: Bug#190990
646 * add option for new CA certificates. closes: Bug#190989
647 * switch to gettext-based debconf templates. closes: Bug#205782
648 * update mozilla/certdata.txt from mozilla 1.4 release
650 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
652 ca-certificates (20030420) unstable; urgency=low
654 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
655 * fix broken English in debconf template. closes: Bug#189606
656 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
657 * preserve comments in /etc/ca-certificates.conf when upgrading.
660 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
662 ca-certificates (20030415) unstable; urgency=medium
664 * fix upgrade problem
665 closes: Bug#188938, Bug#188940
668 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
670 ca-certificates (20030414) unstable; urgency=medium
672 * certificates are installed in /usr/share/ca-certificates
673 you can find md5sum of certs files. closes: Bug#170777
675 * debconf to generate /etc/ca-certificates.conf
676 * update-ca-certificates update /etc/ssl/certs according
677 /etc/ca-certificates.conf
678 It also generate /etc/ssl/certs/ca-certificates.crt
679 which is single-file version of certs.
682 * change extension from .pem to .crt in /usr/share/ca-certificates
684 application/x-x509-ca-cert crt
685 but it will be hardlink or copied in /etc/ssl/certs with .pem
686 extension by update-ca-certificates.
687 c_rehash requires .pem extension
689 * Update certificate from mozilla 2:1.3-4
690 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
691 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
693 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
694 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
695 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
696 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
698 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
700 ca-certificates (20020323) unstable; urgency=low
702 * Moved from non-US to main now that openssl has moved there.
704 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
706 ca-certificates (20020208) unstable; urgency=low
708 * add db.debian.org certificate
710 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
712 ca-certificates (20020112) unstable; urgency=low
714 * upload to non-US instead of main, because it depends on openssl
715 (it uses c_rehash in openssl in maintainer scripts)
717 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
719 ca-certificates (20020107) unstable; urgency=low
721 * Initial Release. closes: Bug#126586
723 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900