1 ca-certificates (20090624) unstable; urgency=low
3 * Allow local certificate installation. All certificates found
4 in `/usr/local/share/ca-certificates' will be automatically added
5 to the list of trusted certificates in `/etc/ssl/certs'.
6 (Closes: #352637, #419491, #473677, #476663, #511150)
7 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
9 + COMODO ECC Certification Authority
11 + Network Solutions Certificate Authority
12 + WellsSecure Public Root Certificate Authority
13 - Equifax Secure Global eBusiness CA
14 - UTN USERFirst Object Root CA
15 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
16 untrusted certificates. This led to the exclusion of the
17 "MD5 Collisions Forged Rogue CA 23c3" and its parent
18 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
19 certificates are no longer included neither.
20 * Remove the purging of old PEM files in postinst dating back to
21 versions earlier than 20030414.
22 * Hooks are now called at every invocation of `update-ca-certificates'.
23 If no changes were done to `/etc/ssl/certs', the input for the
24 hooks will be empty, though. Failure exit codes of hooks will not
25 tear down the upgrade process anymore. They are printed but ignored.
27 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
29 ca-certificates (20081127) unstable; urgency=low
31 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
34 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
36 ca-certificates (20080809) unstable; urgency=low
38 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
39 This file can be used for proper certificate chaining if CACert
40 server certificates are used. The old class3.pem and root.pem
41 certificates are deprecated. This new file could safely serve as
42 a replacement for both. (Closes: #494343)
43 * This also reintroduces the old name for the CACert certificate,
44 thus closing a long-standing bug about its rename to root.crt.
47 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
49 ca-certificates (20080617) unstable; urgency=low
51 * Added French Government's IGC/A CA (both DSA and RSA).
54 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
56 ca-certificates (20080616) unstable; urgency=low
58 * Fix installation on pt_BR locales. The problem was caused by the
59 .templates choices strings being marked for translation, with pt_BR
60 being the only language which actually translated them. Thanks to
61 Ubuntu for the fix, which needs to be around until Lenny is released
62 or six months have passed, whichever is later. (Closes: #472507)
63 * Drop Fumitoshi from the list of maintainers. Farewell!
64 * Bump Standards-Version to 3.8.0.
66 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
68 ca-certificates (20080514) unstable; urgency=medium
70 * Added the new SPI CA certificate, created in response to the latest
71 openssl security update.
72 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
73 revoked sensibly. Expired CA created in 2003, expired in 2007 left
75 * Updated the Galician translation, thanks to Glennie Vignarajah.
78 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
80 ca-certificates (20080411) unstable; urgency=low
82 * Added the current SPI CA certificate, used by Debian's infrastructure.
83 * Added Deutsche Telekom Root CA 2, which is used by German institutions
85 * Updated mozilla certificates from trunk, which led to the following
86 adds (+) and removes (-):
87 + Camerfirma Chambers of Commerce Root
88 + Camerfirma Global Chambersign Root
89 + Certplus Class 2 Primary CA
90 + COMODO Certification Authority
91 + DigiCert Assured ID Root CA
92 + DigiCert Global Root CA
93 + DigiCert High Assurance EV Root CA
96 + Entrust Root Certification Authority
97 + Firmaprofesional Root CA
98 + GeoTrust Global CA 2
99 + GeoTrust Primary Certification Authority
100 + GeoTrust Universal CA
101 + GeoTrust Universal CA 2
102 + GlobalSign Root CA - R2
103 + Go Daddy Class 2 CA
104 + NetLock Business (Class B) Root
105 + NetLock Express (Class C) Root
106 + NetLock Notary (Class A) Root
107 + NetLock Qualified (Class QA) Root
112 + Starfield Class 2 CA
113 + StartCom Certification Authority
116 + SwissSign Gold CA - G2
117 + SwissSign Platinum CA - G2
118 + SwissSign Silver CA - G2
120 + thawte Primary Root CA
121 + TURKTRUST Certificate Services Provider Root 1
122 + TURKTRUST Certificate Services Provider Root 2
123 + VeriSign Class 3 Public Primary Certification Authority - G5
124 + Wells Fargo Root CA
125 + XRamp Global CA Root
126 - Verisign Class 1 Public Primary OCSP Responder
127 - Verisign Class 2 Public Primary OCSP Responder
128 - Verisign Class 3 Public Primary OCSP Responder
129 - Verisign Secure Server OCSP Responder
130 (Closes: #447062, #456581)
131 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
133 * Reworded the description and made it static to ease translations.
134 * Reworded and amended README.Debian.
135 * Added myself to the uploaders of this package.
136 * Applied a patch by Martin F. Krafft to support hooks scripts
137 on add/remove of a certificate. (Closes: #377314)
139 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
141 ca-certificates (20070303-0.1) unstable; urgency=low
143 * Non-maintainer upload to fix longstanding pending l10n issues.
144 * Debconf templates and debian/control reviewed by the debian-l10n-
145 english team as part of the Smith review project.
146 Closes: #432249, #434789
147 * Debconf translation updates:
148 - Japanese. Closes:#433067
149 - Basque. Closes: #433074
150 - Spanish. Closes: #433078
151 - Czech. Closes: #433100
152 - Galician. Closes: #433215
153 - Russian. Closes: #433224
154 - Swedish. Closes: #433432
155 - Vietnamese. Closes: #433792, #427000, #434992
156 - Dutch. Closes: #434670
157 - German. Closes: #434788
158 - Italian. Closes: #435029
159 * Portuguese. Closes: #435471
160 * Finnish. Closes: #448826
161 * Remove /etc/ssl when purging the package (only if that
162 directory is empty). Closes: #454334
163 * [Lintian] Give a reference to the GPL text in debian/copyright
164 * [Lintian] No longer ignore errors from "make clean"
165 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
167 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
169 ca-certificates (20070303) unstable; urgency=low
171 * Add debconf.org crt. closes: Bug#342088
172 * Add cacert class3 crt. closes: Bug#350282
173 * Add debian/po/pt.po. closes: Bug#408183
174 * Update debian/po/ru.po. closes: Bug#410770
175 * Update debian/po/pt_BR.po. closes: Bug#403824
176 * Add debian/po/gl.po. closes: Bug#407951
178 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
180 ca-certificates (20061027.2) unstable; urgency=low
182 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
183 * Avoid cd to /etc/ssl/certs to removing hash symlinks
186 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
188 ca-certificates (20061027.1) unstable; urgency=low
190 * Non-maintainer upload to fix remaining l10n issues
191 * Debconf translation updates:
192 - Czech. Closes: #407807
193 - Spanish. Closes: #401968
194 - German. Closes: #396942
195 * Add debconf-updatepo to the clean target in debian/rules
196 to guarantee up-to-date PO(T) files
198 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
201 ca-certificates (20061027) unstable; urgency=low
203 * sbin/update-ca-certificates:
204 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
205 preserve other symlinks. closes: Bug#387089
206 * debian/po/nl.po: updated
208 * debian/po/fr.po: updated
210 * debian/po/da.po: updated
213 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
215 ca-certificates (20060816) unstable; urgency=low
217 * debian/control: explicitly mention that trustworthiness of certificate
218 authorities is not evaluated.
220 * debian/templates: refine messages
222 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
224 * debian/control: libssl0.9.7->libssl0.9.8
226 * debian/postrm: remove .dpkg-old files
228 * debian/README.Debian: fix
230 * debian/postinst: fix typo
232 * debian/po/sv.po: added
234 * debian/po/es.po: added
236 * add new SPI CA certificate
237 submitted by Michael C. Schultheiss <schultmc@debian.org>
239 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
241 ca-certificates (20050804) unstable; urgency=low
243 * use ${misc:Depends} in debian/control for debconf
244 * update description in debian/control
246 * update debian/po/vi.po
248 * update debian/po/de.po
251 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
253 ca-certificates (20050518) unstable; urgency=high
255 * fix ca-certificates.crt generationumask-sensitive and racy
257 * update mozilla/certdata.txt
258 add: "Certum Root CA", "Comodo AAA Services root"
259 "Comodo Secure Services root",
260 "Comodo Trusted Services root",
261 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
262 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
263 "IPS Timestamping root",
265 "Security Communication Root CA",
266 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
267 "Staat der Nederlanden Root CA",
268 "TDC Internet Root CA", "TDC OCES Root CA",
269 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
270 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
271 * add CACert.org's Root CA
272 closes: Bug#213086, Bug#288293
273 * add debian/po/vi.po
275 * add debian/po/cs.po
277 * write "How certificate will be accepted in ca-certificates package"
280 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
282 ca-certificates (20040809) unstable; urgency=low
284 * previous version was not fixed Bug#255933 correctly.
285 update-ca-certificates now remove symlinks of deselected entries
286 in ca-certificates.conf
289 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
291 ca-certificates (20040808) unstable; urgency=low
293 * run update-ca-certificates by /bin/sh -e
295 * update-ca-certificates remove symlinks of deselected entries
296 in ca-certificates.conf
298 * change default of trust_new_crts from 'ask' to 'yes'
299 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
300 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
302 * add brasil.gov.br certs
304 * add Signet CA Roots certs
306 * add QuoVadis CA Roots certs
318 * fix quote characters in template
320 * remove debian.org, because certs used in db.debian.org has been
321 revoked due to debian.org crack incidents.
322 db.debian.org uses certificates using spi-inc.org Root CA.
324 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
326 ca-certificates (20031007.1) unstable; urgency=low
329 * Add brasil.gov.br/brasil.gov.br.crt, created from
330 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
331 * Add debian/po/pt_BR.po: closes: Bug#224612
333 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
335 ca-certificates (20031007) unstable; urgency=low
337 * add debian/po/ru.po: closes: Bug#214371
339 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
341 ca-certificates (20030924) unstable; urgency=low
343 * add debian/po/ja.po: closes: Bug#212565
345 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
347 ca-certificates (20030916) unstable; urgency=low
349 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
350 * debian/config: if new cert is asked, don't ask all available certs
353 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
355 ca-certificates (20030915) unstable; urgency=low
357 * debian/config.in: fix typo. closes: Bug#190990
358 * add option for new CA certificates. closes: Bug#190989
359 * switch to gettext-based debconf templates. closes: Bug#205782
360 * update mozilla/certdata.txt from mozilla 1.4 release
362 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
364 ca-certificates (20030420) unstable; urgency=low
366 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
367 * fix broken English in debconf template. closes: Bug#189606
368 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
369 * preserve comments in /etc/ca-certificates.conf when upgrading.
372 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
374 ca-certificates (20030415) unstable; urgency=medium
376 * fix upgrade problem
377 closes: Bug#188938, Bug#188940
380 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
382 ca-certificates (20030414) unstable; urgency=medium
384 * certificates are installed in /usr/share/ca-certificates
385 you can find md5sum of certs files. closes: Bug#170777
387 * debconf to generate /etc/ca-certificates.conf
388 * update-ca-certificates update /etc/ssl/certs according
389 /etc/ca-certificates.conf
390 It also generate /etc/ssl/certs/ca-certificates.crt
391 which is single-file version of certs.
394 * change extension from .pem to .crt in /usr/share/ca-certificates
396 application/x-x509-ca-cert crt
397 but it will be hardlink or copied in /etc/ssl/certs with .pem
398 extension by update-ca-certificates.
399 c_rehash requires .pem extension
401 * Update certificate from mozilla 2:1.3-4
402 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
403 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
405 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
406 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
407 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
408 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
410 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
412 ca-certificates (20020323) unstable; urgency=low
414 * Moved from non-US to main now that openssl has moved there.
416 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
418 ca-certificates (20020208) unstable; urgency=low
420 * add db.debian.org certificate
422 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
424 ca-certificates (20020112) unstable; urgency=low
426 * upload to non-US instead of main, because it depends on openssl
427 (it uses c_rehash in openssl in maintainer scripts)
429 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
431 ca-certificates (20020107) unstable; urgency=low
433 * Initial Release. closes: Bug#126586
435 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900