1 ca-certificates (20090814+nmu1) unstable; urgency=low
3 * Non-maintainer upload.
4 * Preserve user changes to the /etc/ca-certificates.conf.
7 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
9 ca-certificates (20090814) unstable; urgency=low
11 * Call Debconf and its db_purge as early as possible in postrm.
14 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
16 ca-certificates (20090709) unstable; urgency=low
18 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
20 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
22 ca-certificates (20090708) unstable; urgency=low
25 - cacert.org/root.crt and cacert.org/class3.crt:
26 Both certificate files were deprecated with 20080809. Users of these
27 root certificates are encouraged to switch to
28 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
29 roots joined in a single file.
30 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
31 This certificate has been added into the Mozilla truststore and
32 is available as `mozilla/QuoVadis_Root_CA.crt'.
33 * Do not redirect c_rehash error messages to /dev/null.
35 * Remove dangling symlinks on purge, which also gets rid of the hash
36 symlink for ca-certificates.crt. (Closes: #475240)
37 * Use subshells when grepping for certificates in config, avoiding
38 SIGPIPE because of grep's immediate exit after it finds the pattern.
40 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
41 Robby Workman of Slackware.
42 * Updated Standards-Version and FSF portal address in the copyright file.
44 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
46 ca-certificates (20090701) unstable; urgency=low
48 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
49 Rationale: The rogue collision CA has its validity period in the past.
50 Thus it does not impose a risk upon us at the moment.
51 * Restrict search for local certificates to add on files ending with '.crt'.
52 * Canonicalize PEM names by applying the same set of substitions to
53 local and other certificates like the Mozilla certdata dumper does.
55 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
57 ca-certificates (20090624) unstable; urgency=low
59 * Allow local certificate installation. All certificates found
60 in `/usr/local/share/ca-certificates' will be automatically added
61 to the list of trusted certificates in `/etc/ssl/certs'.
62 (Closes: #352637, #419491, #473677, #476663, #511150)
63 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
65 + COMODO ECC Certification Authority
67 + Network Solutions Certificate Authority
68 + WellsSecure Public Root Certificate Authority
69 - Equifax Secure Global eBusiness CA
70 - UTN USERFirst Object Root CA
71 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
72 untrusted certificates. This led to the exclusion of the
73 "MD5 Collisions Forged Rogue CA 23c3" and its parent
74 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
75 certificates are no longer included neither.
76 * Remove the purging of old PEM files in postinst dating back to
77 versions earlier than 20030414.
78 * Hooks are now called at every invocation of `update-ca-certificates'.
79 If no changes were done to `/etc/ssl/certs', the input for the
80 hooks will be empty, though. Failure exit codes of hooks will not
81 tear down the upgrade process anymore. They are printed but ignored.
83 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
85 ca-certificates (20081127) unstable; urgency=low
87 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
90 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
92 ca-certificates (20080809) unstable; urgency=low
94 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
95 This file can be used for proper certificate chaining if CACert
96 server certificates are used. The old class3.pem and root.pem
97 certificates are deprecated. This new file could safely serve as
98 a replacement for both. (Closes: #494343)
99 * This also reintroduces the old name for the CACert certificate,
100 thus closing a long-standing bug about its rename to root.crt.
103 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
105 ca-certificates (20080617) unstable; urgency=low
107 * Added French Government's IGC/A CA (both DSA and RSA).
110 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
112 ca-certificates (20080616) unstable; urgency=low
114 * Fix installation on pt_BR locales. The problem was caused by the
115 .templates choices strings being marked for translation, with pt_BR
116 being the only language which actually translated them. Thanks to
117 Ubuntu for the fix, which needs to be around until Lenny is released
118 or six months have passed, whichever is later. (Closes: #472507)
119 * Drop Fumitoshi from the list of maintainers. Farewell!
120 * Bump Standards-Version to 3.8.0.
122 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
124 ca-certificates (20080514) unstable; urgency=medium
126 * Added the new SPI CA certificate, created in response to the latest
127 openssl security update.
128 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
129 revoked sensibly. Expired CA created in 2003, expired in 2007 left
130 around for reference.
131 * Updated the Galician translation, thanks to Glennie Vignarajah.
134 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
136 ca-certificates (20080411) unstable; urgency=low
138 * Added the current SPI CA certificate, used by Debian's infrastructure.
139 * Added Deutsche Telekom Root CA 2, which is used by German institutions
141 * Updated mozilla certificates from trunk, which led to the following
142 adds (+) and removes (-):
143 + Camerfirma Chambers of Commerce Root
144 + Camerfirma Global Chambersign Root
145 + Certplus Class 2 Primary CA
146 + COMODO Certification Authority
147 + DigiCert Assured ID Root CA
148 + DigiCert Global Root CA
149 + DigiCert High Assurance EV Root CA
152 + Entrust Root Certification Authority
153 + Firmaprofesional Root CA
154 + GeoTrust Global CA 2
155 + GeoTrust Primary Certification Authority
156 + GeoTrust Universal CA
157 + GeoTrust Universal CA 2
158 + GlobalSign Root CA - R2
159 + Go Daddy Class 2 CA
160 + NetLock Business (Class B) Root
161 + NetLock Express (Class C) Root
162 + NetLock Notary (Class A) Root
163 + NetLock Qualified (Class QA) Root
168 + Starfield Class 2 CA
169 + StartCom Certification Authority
172 + SwissSign Gold CA - G2
173 + SwissSign Platinum CA - G2
174 + SwissSign Silver CA - G2
176 + thawte Primary Root CA
177 + TURKTRUST Certificate Services Provider Root 1
178 + TURKTRUST Certificate Services Provider Root 2
179 + VeriSign Class 3 Public Primary Certification Authority - G5
180 + Wells Fargo Root CA
181 + XRamp Global CA Root
182 - Verisign Class 1 Public Primary OCSP Responder
183 - Verisign Class 2 Public Primary OCSP Responder
184 - Verisign Class 3 Public Primary OCSP Responder
185 - Verisign Secure Server OCSP Responder
186 (Closes: #447062, #456581)
187 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
189 * Reworded the description and made it static to ease translations.
190 * Reworded and amended README.Debian.
191 * Added myself to the uploaders of this package.
192 * Applied a patch by Martin F. Krafft to support hooks scripts
193 on add/remove of a certificate. (Closes: #377314)
195 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
197 ca-certificates (20070303-0.1) unstable; urgency=low
199 * Non-maintainer upload to fix longstanding pending l10n issues.
200 * Debconf templates and debian/control reviewed by the debian-l10n-
201 english team as part of the Smith review project.
202 Closes: #432249, #434789
203 * Debconf translation updates:
204 - Japanese. Closes:#433067
205 - Basque. Closes: #433074
206 - Spanish. Closes: #433078
207 - Czech. Closes: #433100
208 - Galician. Closes: #433215
209 - Russian. Closes: #433224
210 - Swedish. Closes: #433432
211 - Vietnamese. Closes: #433792, #427000, #434992
212 - Dutch. Closes: #434670
213 - German. Closes: #434788
214 - Italian. Closes: #435029
215 * Portuguese. Closes: #435471
216 * Finnish. Closes: #448826
217 * Remove /etc/ssl when purging the package (only if that
218 directory is empty). Closes: #454334
219 * [Lintian] Give a reference to the GPL text in debian/copyright
220 * [Lintian] No longer ignore errors from "make clean"
221 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
223 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
225 ca-certificates (20070303) unstable; urgency=low
227 * Add debconf.org crt. closes: Bug#342088
228 * Add cacert class3 crt. closes: Bug#350282
229 * Add debian/po/pt.po. closes: Bug#408183
230 * Update debian/po/ru.po. closes: Bug#410770
231 * Update debian/po/pt_BR.po. closes: Bug#403824
232 * Add debian/po/gl.po. closes: Bug#407951
234 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
236 ca-certificates (20061027.2) unstable; urgency=low
238 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
239 * Avoid cd to /etc/ssl/certs to removing hash symlinks
242 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
244 ca-certificates (20061027.1) unstable; urgency=low
246 * Non-maintainer upload to fix remaining l10n issues
247 * Debconf translation updates:
248 - Czech. Closes: #407807
249 - Spanish. Closes: #401968
250 - German. Closes: #396942
251 * Add debconf-updatepo to the clean target in debian/rules
252 to guarantee up-to-date PO(T) files
254 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
257 ca-certificates (20061027) unstable; urgency=low
259 * sbin/update-ca-certificates:
260 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
261 preserve other symlinks. closes: Bug#387089
262 * debian/po/nl.po: updated
264 * debian/po/fr.po: updated
266 * debian/po/da.po: updated
269 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
271 ca-certificates (20060816) unstable; urgency=low
273 * debian/control: explicitly mention that trustworthiness of certificate
274 authorities is not evaluated.
276 * debian/templates: refine messages
278 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
280 * debian/control: libssl0.9.7->libssl0.9.8
282 * debian/postrm: remove .dpkg-old files
284 * debian/README.Debian: fix
286 * debian/postinst: fix typo
288 * debian/po/sv.po: added
290 * debian/po/es.po: added
292 * add new SPI CA certificate
293 submitted by Michael C. Schultheiss <schultmc@debian.org>
295 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
297 ca-certificates (20050804) unstable; urgency=low
299 * use ${misc:Depends} in debian/control for debconf
300 * update description in debian/control
302 * update debian/po/vi.po
304 * update debian/po/de.po
307 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
309 ca-certificates (20050518) unstable; urgency=high
311 * fix ca-certificates.crt generationumask-sensitive and racy
313 * update mozilla/certdata.txt
314 add: "Certum Root CA", "Comodo AAA Services root"
315 "Comodo Secure Services root",
316 "Comodo Trusted Services root",
317 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
318 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
319 "IPS Timestamping root",
321 "Security Communication Root CA",
322 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
323 "Staat der Nederlanden Root CA",
324 "TDC Internet Root CA", "TDC OCES Root CA",
325 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
326 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
327 * add CACert.org's Root CA
328 closes: Bug#213086, Bug#288293
329 * add debian/po/vi.po
331 * add debian/po/cs.po
333 * write "How certificate will be accepted in ca-certificates package"
336 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
338 ca-certificates (20040809) unstable; urgency=low
340 * previous version was not fixed Bug#255933 correctly.
341 update-ca-certificates now remove symlinks of deselected entries
342 in ca-certificates.conf
345 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
347 ca-certificates (20040808) unstable; urgency=low
349 * run update-ca-certificates by /bin/sh -e
351 * update-ca-certificates remove symlinks of deselected entries
352 in ca-certificates.conf
354 * change default of trust_new_crts from 'ask' to 'yes'
355 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
356 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
358 * add brasil.gov.br certs
360 * add Signet CA Roots certs
362 * add QuoVadis CA Roots certs
374 * fix quote characters in template
376 * remove debian.org, because certs used in db.debian.org has been
377 revoked due to debian.org crack incidents.
378 db.debian.org uses certificates using spi-inc.org Root CA.
380 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
382 ca-certificates (20031007.1) unstable; urgency=low
385 * Add brasil.gov.br/brasil.gov.br.crt, created from
386 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
387 * Add debian/po/pt_BR.po: closes: Bug#224612
389 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
391 ca-certificates (20031007) unstable; urgency=low
393 * add debian/po/ru.po: closes: Bug#214371
395 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
397 ca-certificates (20030924) unstable; urgency=low
399 * add debian/po/ja.po: closes: Bug#212565
401 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
403 ca-certificates (20030916) unstable; urgency=low
405 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
406 * debian/config: if new cert is asked, don't ask all available certs
409 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
411 ca-certificates (20030915) unstable; urgency=low
413 * debian/config.in: fix typo. closes: Bug#190990
414 * add option for new CA certificates. closes: Bug#190989
415 * switch to gettext-based debconf templates. closes: Bug#205782
416 * update mozilla/certdata.txt from mozilla 1.4 release
418 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
420 ca-certificates (20030420) unstable; urgency=low
422 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
423 * fix broken English in debconf template. closes: Bug#189606
424 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
425 * preserve comments in /etc/ca-certificates.conf when upgrading.
428 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
430 ca-certificates (20030415) unstable; urgency=medium
432 * fix upgrade problem
433 closes: Bug#188938, Bug#188940
436 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
438 ca-certificates (20030414) unstable; urgency=medium
440 * certificates are installed in /usr/share/ca-certificates
441 you can find md5sum of certs files. closes: Bug#170777
443 * debconf to generate /etc/ca-certificates.conf
444 * update-ca-certificates update /etc/ssl/certs according
445 /etc/ca-certificates.conf
446 It also generate /etc/ssl/certs/ca-certificates.crt
447 which is single-file version of certs.
450 * change extension from .pem to .crt in /usr/share/ca-certificates
452 application/x-x509-ca-cert crt
453 but it will be hardlink or copied in /etc/ssl/certs with .pem
454 extension by update-ca-certificates.
455 c_rehash requires .pem extension
457 * Update certificate from mozilla 2:1.3-4
458 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
459 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
461 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
462 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
463 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
464 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
466 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
468 ca-certificates (20020323) unstable; urgency=low
470 * Moved from non-US to main now that openssl has moved there.
472 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
474 ca-certificates (20020208) unstable; urgency=low
476 * add db.debian.org certificate
478 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
480 ca-certificates (20020112) unstable; urgency=low
482 * upload to non-US instead of main, because it depends on openssl
483 (it uses c_rehash in openssl in maintainer scripts)
485 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
487 ca-certificates (20020107) unstable; urgency=low
489 * Initial Release. closes: Bug#126586
491 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900