1 ca-certificates (20090709) unstable; urgency=low
3 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
5 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
7 ca-certificates (20090708) unstable; urgency=low
10 - cacert.org/root.crt and cacert.org/class3.crt:
11 Both certificate files were deprecated with 20080809. Users of these
12 root certificates are encouraged to switch to
13 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
14 roots joined in a single file.
15 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
16 This certificate has been added into the Mozilla truststore and
17 is available as `mozilla/QuoVadis_Root_CA.crt'.
18 * Do not redirect c_rehash error messages to /dev/null.
20 * Remove dangling symlinks on purge, which also gets rid of the hash
21 symlink for ca-certificates.crt. (Closes: #475240)
22 * Use subshells when grepping for certificates in config, avoiding
23 SIGPIPE because of grep's immediate exit after it finds the pattern.
25 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
26 Robby Workman of Slackware.
27 * Updated Standards-Version and FSF portal address in the copyright file.
29 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
31 ca-certificates (20090701) unstable; urgency=low
33 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
34 Rationale: The rogue collision CA has its validity period in the past.
35 Thus it does not impose a risk upon us at the moment.
36 * Restrict search for local certificates to add on files ending with '.crt'.
37 * Canonicalize PEM names by applying the same set of substitions to
38 local and other certificates like the Mozilla certdata dumper does.
40 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
42 ca-certificates (20090624) unstable; urgency=low
44 * Allow local certificate installation. All certificates found
45 in `/usr/local/share/ca-certificates' will be automatically added
46 to the list of trusted certificates in `/etc/ssl/certs'.
47 (Closes: #352637, #419491, #473677, #476663, #511150)
48 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
50 + COMODO ECC Certification Authority
52 + Network Solutions Certificate Authority
53 + WellsSecure Public Root Certificate Authority
54 - Equifax Secure Global eBusiness CA
55 - UTN USERFirst Object Root CA
56 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
57 untrusted certificates. This led to the exclusion of the
58 "MD5 Collisions Forged Rogue CA 23c3" and its parent
59 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
60 certificates are no longer included neither.
61 * Remove the purging of old PEM files in postinst dating back to
62 versions earlier than 20030414.
63 * Hooks are now called at every invocation of `update-ca-certificates'.
64 If no changes were done to `/etc/ssl/certs', the input for the
65 hooks will be empty, though. Failure exit codes of hooks will not
66 tear down the upgrade process anymore. They are printed but ignored.
68 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
70 ca-certificates (20081127) unstable; urgency=low
72 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
75 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
77 ca-certificates (20080809) unstable; urgency=low
79 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
80 This file can be used for proper certificate chaining if CACert
81 server certificates are used. The old class3.pem and root.pem
82 certificates are deprecated. This new file could safely serve as
83 a replacement for both. (Closes: #494343)
84 * This also reintroduces the old name for the CACert certificate,
85 thus closing a long-standing bug about its rename to root.crt.
88 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
90 ca-certificates (20080617) unstable; urgency=low
92 * Added French Government's IGC/A CA (both DSA and RSA).
95 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
97 ca-certificates (20080616) unstable; urgency=low
99 * Fix installation on pt_BR locales. The problem was caused by the
100 .templates choices strings being marked for translation, with pt_BR
101 being the only language which actually translated them. Thanks to
102 Ubuntu for the fix, which needs to be around until Lenny is released
103 or six months have passed, whichever is later. (Closes: #472507)
104 * Drop Fumitoshi from the list of maintainers. Farewell!
105 * Bump Standards-Version to 3.8.0.
107 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
109 ca-certificates (20080514) unstable; urgency=medium
111 * Added the new SPI CA certificate, created in response to the latest
112 openssl security update.
113 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
114 revoked sensibly. Expired CA created in 2003, expired in 2007 left
115 around for reference.
116 * Updated the Galician translation, thanks to Glennie Vignarajah.
119 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
121 ca-certificates (20080411) unstable; urgency=low
123 * Added the current SPI CA certificate, used by Debian's infrastructure.
124 * Added Deutsche Telekom Root CA 2, which is used by German institutions
126 * Updated mozilla certificates from trunk, which led to the following
127 adds (+) and removes (-):
128 + Camerfirma Chambers of Commerce Root
129 + Camerfirma Global Chambersign Root
130 + Certplus Class 2 Primary CA
131 + COMODO Certification Authority
132 + DigiCert Assured ID Root CA
133 + DigiCert Global Root CA
134 + DigiCert High Assurance EV Root CA
137 + Entrust Root Certification Authority
138 + Firmaprofesional Root CA
139 + GeoTrust Global CA 2
140 + GeoTrust Primary Certification Authority
141 + GeoTrust Universal CA
142 + GeoTrust Universal CA 2
143 + GlobalSign Root CA - R2
144 + Go Daddy Class 2 CA
145 + NetLock Business (Class B) Root
146 + NetLock Express (Class C) Root
147 + NetLock Notary (Class A) Root
148 + NetLock Qualified (Class QA) Root
153 + Starfield Class 2 CA
154 + StartCom Certification Authority
157 + SwissSign Gold CA - G2
158 + SwissSign Platinum CA - G2
159 + SwissSign Silver CA - G2
161 + thawte Primary Root CA
162 + TURKTRUST Certificate Services Provider Root 1
163 + TURKTRUST Certificate Services Provider Root 2
164 + VeriSign Class 3 Public Primary Certification Authority - G5
165 + Wells Fargo Root CA
166 + XRamp Global CA Root
167 - Verisign Class 1 Public Primary OCSP Responder
168 - Verisign Class 2 Public Primary OCSP Responder
169 - Verisign Class 3 Public Primary OCSP Responder
170 - Verisign Secure Server OCSP Responder
171 (Closes: #447062, #456581)
172 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
174 * Reworded the description and made it static to ease translations.
175 * Reworded and amended README.Debian.
176 * Added myself to the uploaders of this package.
177 * Applied a patch by Martin F. Krafft to support hooks scripts
178 on add/remove of a certificate. (Closes: #377314)
180 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
182 ca-certificates (20070303-0.1) unstable; urgency=low
184 * Non-maintainer upload to fix longstanding pending l10n issues.
185 * Debconf templates and debian/control reviewed by the debian-l10n-
186 english team as part of the Smith review project.
187 Closes: #432249, #434789
188 * Debconf translation updates:
189 - Japanese. Closes:#433067
190 - Basque. Closes: #433074
191 - Spanish. Closes: #433078
192 - Czech. Closes: #433100
193 - Galician. Closes: #433215
194 - Russian. Closes: #433224
195 - Swedish. Closes: #433432
196 - Vietnamese. Closes: #433792, #427000, #434992
197 - Dutch. Closes: #434670
198 - German. Closes: #434788
199 - Italian. Closes: #435029
200 * Portuguese. Closes: #435471
201 * Finnish. Closes: #448826
202 * Remove /etc/ssl when purging the package (only if that
203 directory is empty). Closes: #454334
204 * [Lintian] Give a reference to the GPL text in debian/copyright
205 * [Lintian] No longer ignore errors from "make clean"
206 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
208 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
210 ca-certificates (20070303) unstable; urgency=low
212 * Add debconf.org crt. closes: Bug#342088
213 * Add cacert class3 crt. closes: Bug#350282
214 * Add debian/po/pt.po. closes: Bug#408183
215 * Update debian/po/ru.po. closes: Bug#410770
216 * Update debian/po/pt_BR.po. closes: Bug#403824
217 * Add debian/po/gl.po. closes: Bug#407951
219 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
221 ca-certificates (20061027.2) unstable; urgency=low
223 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
224 * Avoid cd to /etc/ssl/certs to removing hash symlinks
227 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
229 ca-certificates (20061027.1) unstable; urgency=low
231 * Non-maintainer upload to fix remaining l10n issues
232 * Debconf translation updates:
233 - Czech. Closes: #407807
234 - Spanish. Closes: #401968
235 - German. Closes: #396942
236 * Add debconf-updatepo to the clean target in debian/rules
237 to guarantee up-to-date PO(T) files
239 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
242 ca-certificates (20061027) unstable; urgency=low
244 * sbin/update-ca-certificates:
245 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
246 preserve other symlinks. closes: Bug#387089
247 * debian/po/nl.po: updated
249 * debian/po/fr.po: updated
251 * debian/po/da.po: updated
254 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
256 ca-certificates (20060816) unstable; urgency=low
258 * debian/control: explicitly mention that trustworthiness of certificate
259 authorities is not evaluated.
261 * debian/templates: refine messages
263 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
265 * debian/control: libssl0.9.7->libssl0.9.8
267 * debian/postrm: remove .dpkg-old files
269 * debian/README.Debian: fix
271 * debian/postinst: fix typo
273 * debian/po/sv.po: added
275 * debian/po/es.po: added
277 * add new SPI CA certificate
278 submitted by Michael C. Schultheiss <schultmc@debian.org>
280 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
282 ca-certificates (20050804) unstable; urgency=low
284 * use ${misc:Depends} in debian/control for debconf
285 * update description in debian/control
287 * update debian/po/vi.po
289 * update debian/po/de.po
292 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
294 ca-certificates (20050518) unstable; urgency=high
296 * fix ca-certificates.crt generationumask-sensitive and racy
298 * update mozilla/certdata.txt
299 add: "Certum Root CA", "Comodo AAA Services root"
300 "Comodo Secure Services root",
301 "Comodo Trusted Services root",
302 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
303 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
304 "IPS Timestamping root",
306 "Security Communication Root CA",
307 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
308 "Staat der Nederlanden Root CA",
309 "TDC Internet Root CA", "TDC OCES Root CA",
310 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
311 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
312 * add CACert.org's Root CA
313 closes: Bug#213086, Bug#288293
314 * add debian/po/vi.po
316 * add debian/po/cs.po
318 * write "How certificate will be accepted in ca-certificates package"
321 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
323 ca-certificates (20040809) unstable; urgency=low
325 * previous version was not fixed Bug#255933 correctly.
326 update-ca-certificates now remove symlinks of deselected entries
327 in ca-certificates.conf
330 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
332 ca-certificates (20040808) unstable; urgency=low
334 * run update-ca-certificates by /bin/sh -e
336 * update-ca-certificates remove symlinks of deselected entries
337 in ca-certificates.conf
339 * change default of trust_new_crts from 'ask' to 'yes'
340 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
341 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
343 * add brasil.gov.br certs
345 * add Signet CA Roots certs
347 * add QuoVadis CA Roots certs
359 * fix quote characters in template
361 * remove debian.org, because certs used in db.debian.org has been
362 revoked due to debian.org crack incidents.
363 db.debian.org uses certificates using spi-inc.org Root CA.
365 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
367 ca-certificates (20031007.1) unstable; urgency=low
370 * Add brasil.gov.br/brasil.gov.br.crt, created from
371 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
372 * Add debian/po/pt_BR.po: closes: Bug#224612
374 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
376 ca-certificates (20031007) unstable; urgency=low
378 * add debian/po/ru.po: closes: Bug#214371
380 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
382 ca-certificates (20030924) unstable; urgency=low
384 * add debian/po/ja.po: closes: Bug#212565
386 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
388 ca-certificates (20030916) unstable; urgency=low
390 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
391 * debian/config: if new cert is asked, don't ask all available certs
394 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
396 ca-certificates (20030915) unstable; urgency=low
398 * debian/config.in: fix typo. closes: Bug#190990
399 * add option for new CA certificates. closes: Bug#190989
400 * switch to gettext-based debconf templates. closes: Bug#205782
401 * update mozilla/certdata.txt from mozilla 1.4 release
403 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
405 ca-certificates (20030420) unstable; urgency=low
407 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
408 * fix broken English in debconf template. closes: Bug#189606
409 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
410 * preserve comments in /etc/ca-certificates.conf when upgrading.
413 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
415 ca-certificates (20030415) unstable; urgency=medium
417 * fix upgrade problem
418 closes: Bug#188938, Bug#188940
421 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
423 ca-certificates (20030414) unstable; urgency=medium
425 * certificates are installed in /usr/share/ca-certificates
426 you can find md5sum of certs files. closes: Bug#170777
428 * debconf to generate /etc/ca-certificates.conf
429 * update-ca-certificates update /etc/ssl/certs according
430 /etc/ca-certificates.conf
431 It also generate /etc/ssl/certs/ca-certificates.crt
432 which is single-file version of certs.
435 * change extension from .pem to .crt in /usr/share/ca-certificates
437 application/x-x509-ca-cert crt
438 but it will be hardlink or copied in /etc/ssl/certs with .pem
439 extension by update-ca-certificates.
440 c_rehash requires .pem extension
442 * Update certificate from mozilla 2:1.3-4
443 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
444 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
446 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
447 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
448 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
449 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
451 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
453 ca-certificates (20020323) unstable; urgency=low
455 * Moved from non-US to main now that openssl has moved there.
457 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
459 ca-certificates (20020208) unstable; urgency=low
461 * add db.debian.org certificate
463 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
465 ca-certificates (20020112) unstable; urgency=low
467 * upload to non-US instead of main, because it depends on openssl
468 (it uses c_rehash in openssl in maintainer scripts)
470 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
472 ca-certificates (20020107) unstable; urgency=low
474 * Initial Release. closes: Bug#126586
476 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900