1 ca-certificates (20110421) unstable; urgency=low
4 * Package is orphaned, set maintainer to QA group
5 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
6 both the old and new style of symlinks. (Closes: #611102)
7 * Remove libssl0.9.8 from enhances
8 * Update mozilla certdata.txt file to the latest version.
10 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
11 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
12 - beTRUSTed_Root_CA.crt
13 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
14 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
15 - Digital_Signature_Trust_Co._Global_CA_2.crt
16 - Digital_Signature_Trust_Co._Global_CA_4.crt
17 - Entrust.net_Global_Secure_Personal_CA.crt
18 - Entrust.net_Global_Secure_Server_CA.crt
19 - Entrust.net_Secure_Personal_CA.crt
20 - GTE_CyberTrust_Root_CA.crt
21 - IPS_Chained_CAs_root.crt
24 - IPS_CLASEA1_root.crt
25 - IPS_CLASEA3_root.crt
26 - IPS_Servidores_root.crt
27 - IPS_Timestamping_root.crt
28 - RSA_Security_1024_v3.crt
30 - Thawte_Personal_Basic_CA.crt
31 - Thawte_Personal_Premium_CA.crt
32 - UTN-USER_First-Network_Applications.crt
33 - Verisign_RSA_Secure_Server_CA.crt
34 - Verisign_Time_Stamping_Authority_CA.crt
35 - Visa_International_Global_Root_2.crt
38 - AC_Raíz_Certicámara_S.A..crt
39 - ApplicationCA_-_Japanese_Government.crt
40 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
41 - Buypass_Class_2_CA_1.crt
42 - Buypass_Class_3_CA_1.crt
45 - certSIGN_ROOT_CA.crt
46 - Chambers_of_Commerce_Root_-_2008.crt
49 - ComSign_Secured_CA.crt
50 - Cybertrust_Global_Root.crt
51 - Deutsche_Telekom_Root_CA_2.crt
52 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
53 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
54 - ePKI_Root_Certification_Authority.crt
55 - GeoTrust_Primary_Certification_Authority_-_G2.crt
56 - GeoTrust_Primary_Certification_Authority_-_G3.crt
57 - Global_Chambersign_Root_-_2008.crt
58 - GlobalSign_Root_CA_-_R3.crt
59 - Hongkong_Post_Root_CA_1.crt
63 - Microsec_e-Szigno_Root_CA_2009.crt
64 - Microsec_e-Szigno_Root_CA.crt
65 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
66 - OISTE_WISeKey_Global_Root_GA_CA.crt
67 - SecureSign_RootCA11.crt
68 - Security_Communication_EV_RootCA1.crt
69 - Staat_der_Nederlanden_Root_CA_-_G2.crt
70 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
71 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
72 - TC_TrustCenter_Class_2_CA_II.crt
73 - TC_TrustCenter_Class_3_CA_II.crt
74 - TC_TrustCenter_Universal_CA_I.crt
75 - TC_TrustCenter_Universal_CA_III.crt
76 - thawte_Primary_Root_CA_-_G2.crt
77 - thawte_Primary_Root_CA_-_G3.crt
78 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
79 - VeriSign_Universal_Root_Certification_Authority.crt
81 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
82 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
83 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
84 * String decode the mozilla certdata.txt so the filenames show up as
87 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
89 ca-certificates (20090814+nmu3) unstable; urgency=low
91 * Non-maintainer upload.
92 * Fix pending l10n issues. Debconf translations:
93 - French (Christian Perrier). Closes: #594231
94 - Danish (Joe Hansen). Closes: #601129
95 - Catalan (Jordi Mallach). Closes: #601089
96 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
98 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
100 ca-certificates (20090814+nmu2) unstable; urgency=low
102 * Non-maintainer upload.
103 * Fixes buggy shell functions included in the postinst script.
106 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
108 ca-certificates (20090814+nmu1) unstable; urgency=low
110 * Non-maintainer upload.
111 * Preserve user changes to the /etc/ca-certificates.conf.
114 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
116 ca-certificates (20090814) unstable; urgency=low
118 * Call Debconf and its db_purge as early as possible in postrm.
121 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
123 ca-certificates (20090709) unstable; urgency=low
125 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
127 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
129 ca-certificates (20090708) unstable; urgency=low
132 - cacert.org/root.crt and cacert.org/class3.crt:
133 Both certificate files were deprecated with 20080809. Users of these
134 root certificates are encouraged to switch to
135 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
136 roots joined in a single file.
137 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
138 This certificate has been added into the Mozilla truststore and
139 is available as `mozilla/QuoVadis_Root_CA.crt'.
140 * Do not redirect c_rehash error messages to /dev/null.
142 * Remove dangling symlinks on purge, which also gets rid of the hash
143 symlink for ca-certificates.crt. (Closes: #475240)
144 * Use subshells when grepping for certificates in config, avoiding
145 SIGPIPE because of grep's immediate exit after it finds the pattern.
147 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
148 Robby Workman of Slackware.
149 * Updated Standards-Version and FSF portal address in the copyright file.
151 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
153 ca-certificates (20090701) unstable; urgency=low
155 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
156 Rationale: The rogue collision CA has its validity period in the past.
157 Thus it does not impose a risk upon us at the moment.
158 * Restrict search for local certificates to add on files ending with '.crt'.
159 * Canonicalize PEM names by applying the same set of substitions to
160 local and other certificates like the Mozilla certdata dumper does.
162 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
164 ca-certificates (20090624) unstable; urgency=low
166 * Allow local certificate installation. All certificates found
167 in `/usr/local/share/ca-certificates' will be automatically added
168 to the list of trusted certificates in `/etc/ssl/certs'.
169 (Closes: #352637, #419491, #473677, #476663, #511150)
170 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
172 + COMODO ECC Certification Authority
174 + Network Solutions Certificate Authority
175 + WellsSecure Public Root Certificate Authority
176 - Equifax Secure Global eBusiness CA
177 - UTN USERFirst Object Root CA
178 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
179 untrusted certificates. This led to the exclusion of the
180 "MD5 Collisions Forged Rogue CA 23c3" and its parent
181 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
182 certificates are no longer included neither.
183 * Remove the purging of old PEM files in postinst dating back to
184 versions earlier than 20030414.
185 * Hooks are now called at every invocation of `update-ca-certificates'.
186 If no changes were done to `/etc/ssl/certs', the input for the
187 hooks will be empty, though. Failure exit codes of hooks will not
188 tear down the upgrade process anymore. They are printed but ignored.
190 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
192 ca-certificates (20081127) unstable; urgency=low
194 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
197 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
199 ca-certificates (20080809) unstable; urgency=low
201 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
202 This file can be used for proper certificate chaining if CACert
203 server certificates are used. The old class3.pem and root.pem
204 certificates are deprecated. This new file could safely serve as
205 a replacement for both. (Closes: #494343)
206 * This also reintroduces the old name for the CACert certificate,
207 thus closing a long-standing bug about its rename to root.crt.
210 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
212 ca-certificates (20080617) unstable; urgency=low
214 * Added French Government's IGC/A CA (both DSA and RSA).
217 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
219 ca-certificates (20080616) unstable; urgency=low
221 * Fix installation on pt_BR locales. The problem was caused by the
222 .templates choices strings being marked for translation, with pt_BR
223 being the only language which actually translated them. Thanks to
224 Ubuntu for the fix, which needs to be around until Lenny is released
225 or six months have passed, whichever is later. (Closes: #472507)
226 * Drop Fumitoshi from the list of maintainers. Farewell!
227 * Bump Standards-Version to 3.8.0.
229 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
231 ca-certificates (20080514) unstable; urgency=medium
233 * Added the new SPI CA certificate, created in response to the latest
234 openssl security update.
235 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
236 revoked sensibly. Expired CA created in 2003, expired in 2007 left
237 around for reference.
238 * Updated the Galician translation, thanks to Glennie Vignarajah.
241 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
243 ca-certificates (20080411) unstable; urgency=low
245 * Added the current SPI CA certificate, used by Debian's infrastructure.
246 * Added Deutsche Telekom Root CA 2, which is used by German institutions
248 * Updated mozilla certificates from trunk, which led to the following
249 adds (+) and removes (-):
250 + Camerfirma Chambers of Commerce Root
251 + Camerfirma Global Chambersign Root
252 + Certplus Class 2 Primary CA
253 + COMODO Certification Authority
254 + DigiCert Assured ID Root CA
255 + DigiCert Global Root CA
256 + DigiCert High Assurance EV Root CA
259 + Entrust Root Certification Authority
260 + Firmaprofesional Root CA
261 + GeoTrust Global CA 2
262 + GeoTrust Primary Certification Authority
263 + GeoTrust Universal CA
264 + GeoTrust Universal CA 2
265 + GlobalSign Root CA - R2
266 + Go Daddy Class 2 CA
267 + NetLock Business (Class B) Root
268 + NetLock Express (Class C) Root
269 + NetLock Notary (Class A) Root
270 + NetLock Qualified (Class QA) Root
275 + Starfield Class 2 CA
276 + StartCom Certification Authority
279 + SwissSign Gold CA - G2
280 + SwissSign Platinum CA - G2
281 + SwissSign Silver CA - G2
283 + thawte Primary Root CA
284 + TURKTRUST Certificate Services Provider Root 1
285 + TURKTRUST Certificate Services Provider Root 2
286 + VeriSign Class 3 Public Primary Certification Authority - G5
287 + Wells Fargo Root CA
288 + XRamp Global CA Root
289 - Verisign Class 1 Public Primary OCSP Responder
290 - Verisign Class 2 Public Primary OCSP Responder
291 - Verisign Class 3 Public Primary OCSP Responder
292 - Verisign Secure Server OCSP Responder
293 (Closes: #447062, #456581)
294 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
296 * Reworded the description and made it static to ease translations.
297 * Reworded and amended README.Debian.
298 * Added myself to the uploaders of this package.
299 * Applied a patch by Martin F. Krafft to support hooks scripts
300 on add/remove of a certificate. (Closes: #377314)
302 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
304 ca-certificates (20070303-0.1) unstable; urgency=low
306 * Non-maintainer upload to fix longstanding pending l10n issues.
307 * Debconf templates and debian/control reviewed by the debian-l10n-
308 english team as part of the Smith review project.
309 Closes: #432249, #434789
310 * Debconf translation updates:
311 - Japanese. Closes:#433067
312 - Basque. Closes: #433074
313 - Spanish. Closes: #433078
314 - Czech. Closes: #433100
315 - Galician. Closes: #433215
316 - Russian. Closes: #433224
317 - Swedish. Closes: #433432
318 - Vietnamese. Closes: #433792, #427000, #434992
319 - Dutch. Closes: #434670
320 - German. Closes: #434788
321 - Italian. Closes: #435029
322 * Portuguese. Closes: #435471
323 * Finnish. Closes: #448826
324 * Remove /etc/ssl when purging the package (only if that
325 directory is empty). Closes: #454334
326 * [Lintian] Give a reference to the GPL text in debian/copyright
327 * [Lintian] No longer ignore errors from "make clean"
328 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
330 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
332 ca-certificates (20070303) unstable; urgency=low
334 * Add debconf.org crt. closes: Bug#342088
335 * Add cacert class3 crt. closes: Bug#350282
336 * Add debian/po/pt.po. closes: Bug#408183
337 * Update debian/po/ru.po. closes: Bug#410770
338 * Update debian/po/pt_BR.po. closes: Bug#403824
339 * Add debian/po/gl.po. closes: Bug#407951
341 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
343 ca-certificates (20061027.2) unstable; urgency=low
345 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
346 * Avoid cd to /etc/ssl/certs to removing hash symlinks
349 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
351 ca-certificates (20061027.1) unstable; urgency=low
353 * Non-maintainer upload to fix remaining l10n issues
354 * Debconf translation updates:
355 - Czech. Closes: #407807
356 - Spanish. Closes: #401968
357 - German. Closes: #396942
358 * Add debconf-updatepo to the clean target in debian/rules
359 to guarantee up-to-date PO(T) files
361 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
364 ca-certificates (20061027) unstable; urgency=low
366 * sbin/update-ca-certificates:
367 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
368 preserve other symlinks. closes: Bug#387089
369 * debian/po/nl.po: updated
371 * debian/po/fr.po: updated
373 * debian/po/da.po: updated
376 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
378 ca-certificates (20060816) unstable; urgency=low
380 * debian/control: explicitly mention that trustworthiness of certificate
381 authorities is not evaluated.
383 * debian/templates: refine messages
385 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
387 * debian/control: libssl0.9.7->libssl0.9.8
389 * debian/postrm: remove .dpkg-old files
391 * debian/README.Debian: fix
393 * debian/postinst: fix typo
395 * debian/po/sv.po: added
397 * debian/po/es.po: added
399 * add new SPI CA certificate
400 submitted by Michael C. Schultheiss <schultmc@debian.org>
402 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
404 ca-certificates (20050804) unstable; urgency=low
406 * use ${misc:Depends} in debian/control for debconf
407 * update description in debian/control
409 * update debian/po/vi.po
411 * update debian/po/de.po
414 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
416 ca-certificates (20050518) unstable; urgency=high
418 * fix ca-certificates.crt generationumask-sensitive and racy
420 * update mozilla/certdata.txt
421 add: "Certum Root CA", "Comodo AAA Services root"
422 "Comodo Secure Services root",
423 "Comodo Trusted Services root",
424 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
425 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
426 "IPS Timestamping root",
428 "Security Communication Root CA",
429 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
430 "Staat der Nederlanden Root CA",
431 "TDC Internet Root CA", "TDC OCES Root CA",
432 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
433 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
434 * add CACert.org's Root CA
435 closes: Bug#213086, Bug#288293
436 * add debian/po/vi.po
438 * add debian/po/cs.po
440 * write "How certificate will be accepted in ca-certificates package"
443 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
445 ca-certificates (20040809) unstable; urgency=low
447 * previous version was not fixed Bug#255933 correctly.
448 update-ca-certificates now remove symlinks of deselected entries
449 in ca-certificates.conf
452 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
454 ca-certificates (20040808) unstable; urgency=low
456 * run update-ca-certificates by /bin/sh -e
458 * update-ca-certificates remove symlinks of deselected entries
459 in ca-certificates.conf
461 * change default of trust_new_crts from 'ask' to 'yes'
462 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
463 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
465 * add brasil.gov.br certs
467 * add Signet CA Roots certs
469 * add QuoVadis CA Roots certs
481 * fix quote characters in template
483 * remove debian.org, because certs used in db.debian.org has been
484 revoked due to debian.org crack incidents.
485 db.debian.org uses certificates using spi-inc.org Root CA.
487 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
489 ca-certificates (20031007.1) unstable; urgency=low
492 * Add brasil.gov.br/brasil.gov.br.crt, created from
493 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
494 * Add debian/po/pt_BR.po: closes: Bug#224612
496 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
498 ca-certificates (20031007) unstable; urgency=low
500 * add debian/po/ru.po: closes: Bug#214371
502 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
504 ca-certificates (20030924) unstable; urgency=low
506 * add debian/po/ja.po: closes: Bug#212565
508 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
510 ca-certificates (20030916) unstable; urgency=low
512 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
513 * debian/config: if new cert is asked, don't ask all available certs
516 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
518 ca-certificates (20030915) unstable; urgency=low
520 * debian/config.in: fix typo. closes: Bug#190990
521 * add option for new CA certificates. closes: Bug#190989
522 * switch to gettext-based debconf templates. closes: Bug#205782
523 * update mozilla/certdata.txt from mozilla 1.4 release
525 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
527 ca-certificates (20030420) unstable; urgency=low
529 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
530 * fix broken English in debconf template. closes: Bug#189606
531 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
532 * preserve comments in /etc/ca-certificates.conf when upgrading.
535 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
537 ca-certificates (20030415) unstable; urgency=medium
539 * fix upgrade problem
540 closes: Bug#188938, Bug#188940
543 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
545 ca-certificates (20030414) unstable; urgency=medium
547 * certificates are installed in /usr/share/ca-certificates
548 you can find md5sum of certs files. closes: Bug#170777
550 * debconf to generate /etc/ca-certificates.conf
551 * update-ca-certificates update /etc/ssl/certs according
552 /etc/ca-certificates.conf
553 It also generate /etc/ssl/certs/ca-certificates.crt
554 which is single-file version of certs.
557 * change extension from .pem to .crt in /usr/share/ca-certificates
559 application/x-x509-ca-cert crt
560 but it will be hardlink or copied in /etc/ssl/certs with .pem
561 extension by update-ca-certificates.
562 c_rehash requires .pem extension
564 * Update certificate from mozilla 2:1.3-4
565 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
566 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
568 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
569 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
570 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
571 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
573 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
575 ca-certificates (20020323) unstable; urgency=low
577 * Moved from non-US to main now that openssl has moved there.
579 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
581 ca-certificates (20020208) unstable; urgency=low
583 * add db.debian.org certificate
585 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
587 ca-certificates (20020112) unstable; urgency=low
589 * upload to non-US instead of main, because it depends on openssl
590 (it uses c_rehash in openssl in maintainer scripts)
592 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
594 ca-certificates (20020107) unstable; urgency=low
596 * Initial Release. closes: Bug#126586
598 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900