1 ca-certificates (20090701) unstable; urgency=low
3 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
4 Rationale: The rogue collision CA has its validity period in the past.
5 Thus it does not impose a risk upon us at the moment.
6 * Restrict search for local certificates to add on files ending with '.crt'.
7 * Canonicalize PEM names by applying the same set of substitions to
8 local and other certificates like the Mozilla certdata dumper does.
10 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
12 ca-certificates (20090624) unstable; urgency=low
14 * Allow local certificate installation. All certificates found
15 in `/usr/local/share/ca-certificates' will be automatically added
16 to the list of trusted certificates in `/etc/ssl/certs'.
17 (Closes: #352637, #419491, #473677, #476663, #511150)
18 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
20 + COMODO ECC Certification Authority
22 + Network Solutions Certificate Authority
23 + WellsSecure Public Root Certificate Authority
24 - Equifax Secure Global eBusiness CA
25 - UTN USERFirst Object Root CA
26 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
27 untrusted certificates. This led to the exclusion of the
28 "MD5 Collisions Forged Rogue CA 23c3" and its parent
29 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
30 certificates are no longer included neither.
31 * Remove the purging of old PEM files in postinst dating back to
32 versions earlier than 20030414.
33 * Hooks are now called at every invocation of `update-ca-certificates'.
34 If no changes were done to `/etc/ssl/certs', the input for the
35 hooks will be empty, though. Failure exit codes of hooks will not
36 tear down the upgrade process anymore. They are printed but ignored.
38 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
40 ca-certificates (20081127) unstable; urgency=low
42 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
45 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
47 ca-certificates (20080809) unstable; urgency=low
49 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
50 This file can be used for proper certificate chaining if CACert
51 server certificates are used. The old class3.pem and root.pem
52 certificates are deprecated. This new file could safely serve as
53 a replacement for both. (Closes: #494343)
54 * This also reintroduces the old name for the CACert certificate,
55 thus closing a long-standing bug about its rename to root.crt.
58 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
60 ca-certificates (20080617) unstable; urgency=low
62 * Added French Government's IGC/A CA (both DSA and RSA).
65 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
67 ca-certificates (20080616) unstable; urgency=low
69 * Fix installation on pt_BR locales. The problem was caused by the
70 .templates choices strings being marked for translation, with pt_BR
71 being the only language which actually translated them. Thanks to
72 Ubuntu for the fix, which needs to be around until Lenny is released
73 or six months have passed, whichever is later. (Closes: #472507)
74 * Drop Fumitoshi from the list of maintainers. Farewell!
75 * Bump Standards-Version to 3.8.0.
77 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
79 ca-certificates (20080514) unstable; urgency=medium
81 * Added the new SPI CA certificate, created in response to the latest
82 openssl security update.
83 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
84 revoked sensibly. Expired CA created in 2003, expired in 2007 left
86 * Updated the Galician translation, thanks to Glennie Vignarajah.
89 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
91 ca-certificates (20080411) unstable; urgency=low
93 * Added the current SPI CA certificate, used by Debian's infrastructure.
94 * Added Deutsche Telekom Root CA 2, which is used by German institutions
96 * Updated mozilla certificates from trunk, which led to the following
97 adds (+) and removes (-):
98 + Camerfirma Chambers of Commerce Root
99 + Camerfirma Global Chambersign Root
100 + Certplus Class 2 Primary CA
101 + COMODO Certification Authority
102 + DigiCert Assured ID Root CA
103 + DigiCert Global Root CA
104 + DigiCert High Assurance EV Root CA
107 + Entrust Root Certification Authority
108 + Firmaprofesional Root CA
109 + GeoTrust Global CA 2
110 + GeoTrust Primary Certification Authority
111 + GeoTrust Universal CA
112 + GeoTrust Universal CA 2
113 + GlobalSign Root CA - R2
114 + Go Daddy Class 2 CA
115 + NetLock Business (Class B) Root
116 + NetLock Express (Class C) Root
117 + NetLock Notary (Class A) Root
118 + NetLock Qualified (Class QA) Root
123 + Starfield Class 2 CA
124 + StartCom Certification Authority
127 + SwissSign Gold CA - G2
128 + SwissSign Platinum CA - G2
129 + SwissSign Silver CA - G2
131 + thawte Primary Root CA
132 + TURKTRUST Certificate Services Provider Root 1
133 + TURKTRUST Certificate Services Provider Root 2
134 + VeriSign Class 3 Public Primary Certification Authority - G5
135 + Wells Fargo Root CA
136 + XRamp Global CA Root
137 - Verisign Class 1 Public Primary OCSP Responder
138 - Verisign Class 2 Public Primary OCSP Responder
139 - Verisign Class 3 Public Primary OCSP Responder
140 - Verisign Secure Server OCSP Responder
141 (Closes: #447062, #456581)
142 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
144 * Reworded the description and made it static to ease translations.
145 * Reworded and amended README.Debian.
146 * Added myself to the uploaders of this package.
147 * Applied a patch by Martin F. Krafft to support hooks scripts
148 on add/remove of a certificate. (Closes: #377314)
150 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
152 ca-certificates (20070303-0.1) unstable; urgency=low
154 * Non-maintainer upload to fix longstanding pending l10n issues.
155 * Debconf templates and debian/control reviewed by the debian-l10n-
156 english team as part of the Smith review project.
157 Closes: #432249, #434789
158 * Debconf translation updates:
159 - Japanese. Closes:#433067
160 - Basque. Closes: #433074
161 - Spanish. Closes: #433078
162 - Czech. Closes: #433100
163 - Galician. Closes: #433215
164 - Russian. Closes: #433224
165 - Swedish. Closes: #433432
166 - Vietnamese. Closes: #433792, #427000, #434992
167 - Dutch. Closes: #434670
168 - German. Closes: #434788
169 - Italian. Closes: #435029
170 * Portuguese. Closes: #435471
171 * Finnish. Closes: #448826
172 * Remove /etc/ssl when purging the package (only if that
173 directory is empty). Closes: #454334
174 * [Lintian] Give a reference to the GPL text in debian/copyright
175 * [Lintian] No longer ignore errors from "make clean"
176 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
178 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
180 ca-certificates (20070303) unstable; urgency=low
182 * Add debconf.org crt. closes: Bug#342088
183 * Add cacert class3 crt. closes: Bug#350282
184 * Add debian/po/pt.po. closes: Bug#408183
185 * Update debian/po/ru.po. closes: Bug#410770
186 * Update debian/po/pt_BR.po. closes: Bug#403824
187 * Add debian/po/gl.po. closes: Bug#407951
189 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
191 ca-certificates (20061027.2) unstable; urgency=low
193 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
194 * Avoid cd to /etc/ssl/certs to removing hash symlinks
197 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
199 ca-certificates (20061027.1) unstable; urgency=low
201 * Non-maintainer upload to fix remaining l10n issues
202 * Debconf translation updates:
203 - Czech. Closes: #407807
204 - Spanish. Closes: #401968
205 - German. Closes: #396942
206 * Add debconf-updatepo to the clean target in debian/rules
207 to guarantee up-to-date PO(T) files
209 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
212 ca-certificates (20061027) unstable; urgency=low
214 * sbin/update-ca-certificates:
215 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
216 preserve other symlinks. closes: Bug#387089
217 * debian/po/nl.po: updated
219 * debian/po/fr.po: updated
221 * debian/po/da.po: updated
224 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
226 ca-certificates (20060816) unstable; urgency=low
228 * debian/control: explicitly mention that trustworthiness of certificate
229 authorities is not evaluated.
231 * debian/templates: refine messages
233 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
235 * debian/control: libssl0.9.7->libssl0.9.8
237 * debian/postrm: remove .dpkg-old files
239 * debian/README.Debian: fix
241 * debian/postinst: fix typo
243 * debian/po/sv.po: added
245 * debian/po/es.po: added
247 * add new SPI CA certificate
248 submitted by Michael C. Schultheiss <schultmc@debian.org>
250 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
252 ca-certificates (20050804) unstable; urgency=low
254 * use ${misc:Depends} in debian/control for debconf
255 * update description in debian/control
257 * update debian/po/vi.po
259 * update debian/po/de.po
262 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
264 ca-certificates (20050518) unstable; urgency=high
266 * fix ca-certificates.crt generationumask-sensitive and racy
268 * update mozilla/certdata.txt
269 add: "Certum Root CA", "Comodo AAA Services root"
270 "Comodo Secure Services root",
271 "Comodo Trusted Services root",
272 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
273 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
274 "IPS Timestamping root",
276 "Security Communication Root CA",
277 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
278 "Staat der Nederlanden Root CA",
279 "TDC Internet Root CA", "TDC OCES Root CA",
280 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
281 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
282 * add CACert.org's Root CA
283 closes: Bug#213086, Bug#288293
284 * add debian/po/vi.po
286 * add debian/po/cs.po
288 * write "How certificate will be accepted in ca-certificates package"
291 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
293 ca-certificates (20040809) unstable; urgency=low
295 * previous version was not fixed Bug#255933 correctly.
296 update-ca-certificates now remove symlinks of deselected entries
297 in ca-certificates.conf
300 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
302 ca-certificates (20040808) unstable; urgency=low
304 * run update-ca-certificates by /bin/sh -e
306 * update-ca-certificates remove symlinks of deselected entries
307 in ca-certificates.conf
309 * change default of trust_new_crts from 'ask' to 'yes'
310 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
311 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
313 * add brasil.gov.br certs
315 * add Signet CA Roots certs
317 * add QuoVadis CA Roots certs
329 * fix quote characters in template
331 * remove debian.org, because certs used in db.debian.org has been
332 revoked due to debian.org crack incidents.
333 db.debian.org uses certificates using spi-inc.org Root CA.
335 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
337 ca-certificates (20031007.1) unstable; urgency=low
340 * Add brasil.gov.br/brasil.gov.br.crt, created from
341 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
342 * Add debian/po/pt_BR.po: closes: Bug#224612
344 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
346 ca-certificates (20031007) unstable; urgency=low
348 * add debian/po/ru.po: closes: Bug#214371
350 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
352 ca-certificates (20030924) unstable; urgency=low
354 * add debian/po/ja.po: closes: Bug#212565
356 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
358 ca-certificates (20030916) unstable; urgency=low
360 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
361 * debian/config: if new cert is asked, don't ask all available certs
364 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
366 ca-certificates (20030915) unstable; urgency=low
368 * debian/config.in: fix typo. closes: Bug#190990
369 * add option for new CA certificates. closes: Bug#190989
370 * switch to gettext-based debconf templates. closes: Bug#205782
371 * update mozilla/certdata.txt from mozilla 1.4 release
373 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
375 ca-certificates (20030420) unstable; urgency=low
377 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
378 * fix broken English in debconf template. closes: Bug#189606
379 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
380 * preserve comments in /etc/ca-certificates.conf when upgrading.
383 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
385 ca-certificates (20030415) unstable; urgency=medium
387 * fix upgrade problem
388 closes: Bug#188938, Bug#188940
391 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
393 ca-certificates (20030414) unstable; urgency=medium
395 * certificates are installed in /usr/share/ca-certificates
396 you can find md5sum of certs files. closes: Bug#170777
398 * debconf to generate /etc/ca-certificates.conf
399 * update-ca-certificates update /etc/ssl/certs according
400 /etc/ca-certificates.conf
401 It also generate /etc/ssl/certs/ca-certificates.crt
402 which is single-file version of certs.
405 * change extension from .pem to .crt in /usr/share/ca-certificates
407 application/x-x509-ca-cert crt
408 but it will be hardlink or copied in /etc/ssl/certs with .pem
409 extension by update-ca-certificates.
410 c_rehash requires .pem extension
412 * Update certificate from mozilla 2:1.3-4
413 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
414 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
416 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
417 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
418 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
419 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
421 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
423 ca-certificates (20020323) unstable; urgency=low
425 * Moved from non-US to main now that openssl has moved there.
427 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
429 ca-certificates (20020208) unstable; urgency=low
431 * add db.debian.org certificate
433 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
435 ca-certificates (20020112) unstable; urgency=low
437 * upload to non-US instead of main, because it depends on openssl
438 (it uses c_rehash in openssl in maintainer scripts)
440 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
442 ca-certificates (20020107) unstable; urgency=low
444 * Initial Release. closes: Bug#126586
446 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900