-ca-certificates (20080319) UNRELEASED; urgency=low
+ca-certificates (20111024) UNRELEASED; urgency=low
+
+ [ Steve Langasek ]
+ * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
+ the way before calling c_rehash, so that symlinks don't accidentally get
+ pointed here, breaking openssl certificate verification LP: #854927
+
+ [ Loïc Minier ]
+ * Drop bogus c_rehash on upgrades, which caused issue when
+ ca-certificates.crt was still in place; instead, call
+ update-ca-certificates --fresh on upgrades to this version, and
+ the usual update-ca-certificates otherwise Closes: #643667
+
+ -- Michael Shuler <michael@pbandjelly.org> Mon, 24 Oct 2011 18:44:13 -0500
+
+ca-certificates (20111023) unstable; urgency=low
+
+ * Add 3.0 (native) source format
+ * Add Vcs-Git/Browser fields
+ * Add myself as new Maintainer with Uploaders Closes: #588219
+ * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
+ Certificates added (+) and removed (-):
+ + "AffirmTrust Commercial"
+ + "AffirmTrust Networking"
+ + "AffirmTrust Premium"
+ + "AffirmTrust Premium ECC"
+ + "A-Trust-nQual-03"
+ + "Bogus Global Trustee"
+ + "Bogus GMail"
+ + "Bogus Google"
+ + "Bogus kuix.de"
+ + "Bogus live.com"
+ + "Bogus Mozilla Addons"
+ + "Bogus Skype"
+ + "Bogus Yahoo 1"
+ + "Bogus Yahoo 2"
+ + "Bogus Yahoo 3"
+ + "Certinomis - Autorité Racine"
+ + "Certum Trusted Network CA"
+ + "Explicitly Distrust DigiNotar Cyber CA"
+ + "Explicitly Distrust DigiNotar Cyber CA 2nd"
+ + "Explicitly Distrust DigiNotar Root CA"
+ + "Explicitly Distrust DigiNotar Services 1024 CA"
+ + "Explicitly Distrusted DigiNotar PKIoverheid"
+ + "Explicitly Distrusted DigiNotar PKIoverheid G2"
+ + "Go Daddy Root Certificate Authority - G2"
+ + "Root CA Generalitat Valenciana"
+ + "Starfield Root Certificate Authority - G2"
+ + "Starfield Services Root Certificate Authority - G2"
+ + "TWCA Root Certification Authority"
+ - "AOL Time Warner Root Certification Authority 1"
+ - "AOL Time Warner Root Certification Authority 2"
+ - "DigiNotar Root CA"
+ - "Entrust.net Global Secure Personal CA"
+ - "Entrust.net Global Secure Server CA"
+ - "Entrust.net Secure Personal CA"
+ - "IPS Chained CAs root"
+ - "IPS CLASE1 root"
+ - "IPS CLASE3 root"
+ - "IPS CLASEA1 root"
+ - "IPS CLASEA3 root"
+ - "IPS Timestamping root"
+ - "Thawte Personal Freemail CA"
+ - "Thawte Time Stamping CA"
+ * "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587
+ * Update CAcert-Class 3-Subroot-certificate Closes: #630232
+
+ -- Michael Shuler <michael@pbandjelly.org> Sun, 23 Oct 2011 23:14:47 -0500
+
+ca-certificates (20111022) unstable; urgency=low
+
+ * QA upload.
+ * Fix pending l10n issues. Debconf translations:
+ - German (Helge Kreutzmann). Closes: #634000
+ - French (Christian Perrier). Closes: #634092
+ - Russian (Yuri Kozlov). Closes: #635146
+ - Swedish (Martin Bagge / brother). Closes: #640622
+ - Slovak (Slavko). Closes: #641987
+ - Spanish; (Javier Fernández-Sanguino). Closes: #642359
+ - Japanese (Kenshi Muto). Closes: #644828
+ - Czech (Miroslav Kure). Closes: #644843
+ - Danish (Joe Hansen). Closes: #644854
+ - Italian (Luca Monducci). Closes: #645004
+ - Dutch; (Jeroen Schot). Closes: #645090
+ - Portuguese (Miguel Figueiredo). Closes: #645126
+ - Galician (Jorge Barreiro). Closes: #645138
+ - Catalan; (Jordi Mallach). Closes: #645182
+ - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
+ * Split Choices in debconf templates
+ * Add build-arch and build-indep build targets
+ * Bump debhelper compatibility level to 8
+ * Bump Standards to 3.9.2 (checked)
+ * Replace "dh_clean -k" by dh_prep
+
+ -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
+
+ca-certificates (20110502+nmu1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Blacklist "DigiNotar Root CA" (Closes: #639744)
+
+ -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
+
+ca-certificates (20110502) unstable; urgency=low
+
+ * QA upload.
+ * Mark the package as multi-arch:foreign. (Closes: #622323)
+ * Use db_settitle in config script to allow translations of the
+ dialog title; thanks to Frans Pop. (Closes: #560314)
+
+ -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
+
+ca-certificates (20110421) unstable; urgency=low
+
+ * QA upload.
+ * Package is orphaned, set maintainer to QA group
+ * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
+ both the old and new style of symlinks. (Closes: #611102)
+ * Remove libssl0.9.8 from enhances
+ * Update mozilla certdata.txt file to the latest version.
+ Removed:
+ - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
+ - beTRUSTed_Root_CA-Baltimore_Implementation.crt
+ - beTRUSTed_Root_CA.crt
+ - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
+ - beTRUSTed_Root_CA_-_RSA_Implementation.crt
+ - Digital_Signature_Trust_Co._Global_CA_2.crt
+ - Digital_Signature_Trust_Co._Global_CA_4.crt
+ - Entrust.net_Global_Secure_Personal_CA.crt
+ - Entrust.net_Global_Secure_Server_CA.crt
+ - Entrust.net_Secure_Personal_CA.crt
+ - GTE_CyberTrust_Root_CA.crt
+ - IPS_Chained_CAs_root.crt
+ - IPS_CLASE1_root.crt
+ - IPS_CLASE3_root.crt
+ - IPS_CLASEA1_root.crt
+ - IPS_CLASEA3_root.crt
+ - IPS_Servidores_root.crt
+ - IPS_Timestamping_root.crt
+ - RSA_Security_1024_v3.crt
+ - StartCom_Ltd..crt
+ - Thawte_Personal_Basic_CA.crt
+ - Thawte_Personal_Premium_CA.crt
+ - UTN-USER_First-Network_Applications.crt
+ - Verisign_RSA_Secure_Server_CA.crt
+ - Verisign_Time_Stamping_Authority_CA.crt
+ - Visa_International_Global_Root_2.crt
+ Added:
+ - ACEDICOM_Root.crt
+ - AC_Raíz_Certicámara_S.A..crt
+ - ApplicationCA_-_Japanese_Government.crt
+ - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
+ - Buypass_Class_2_CA_1.crt
+ - Buypass_Class_3_CA_1.crt
+ - CA_Disig.crt
+ - Certigna.crt
+ - certSIGN_ROOT_CA.crt
+ - Chambers_of_Commerce_Root_-_2008.crt
+ - CNNIC_ROOT.crt
+ - ComSign_CA.crt
+ - ComSign_Secured_CA.crt
+ - Cybertrust_Global_Root.crt
+ - Deutsche_Telekom_Root_CA_2.crt
+ - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
+ - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
+ - ePKI_Root_Certification_Authority.crt
+ - GeoTrust_Primary_Certification_Authority_-_G2.crt
+ - GeoTrust_Primary_Certification_Authority_-_G3.crt
+ - Global_Chambersign_Root_-_2008.crt
+ - GlobalSign_Root_CA_-_R3.crt
+ - Hongkong_Post_Root_CA_1.crt
+ - IGC_A.crt
+ - Izenpe.com.crt
+ - Juur-SK.crt
+ - Microsec_e-Szigno_Root_CA_2009.crt
+ - Microsec_e-Szigno_Root_CA.crt
+ - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
+ - OISTE_WISeKey_Global_Root_GA_CA.crt
+ - SecureSign_RootCA11.crt
+ - Security_Communication_EV_RootCA1.crt
+ - Staat_der_Nederlanden_Root_CA_-_G2.crt
+ - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
+ - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
+ - TC_TrustCenter_Class_2_CA_II.crt
+ - TC_TrustCenter_Class_3_CA_II.crt
+ - TC_TrustCenter_Universal_CA_I.crt
+ - TC_TrustCenter_Universal_CA_III.crt
+ - thawte_Primary_Root_CA_-_G2.crt
+ - thawte_Primary_Root_CA_-_G3.crt
+ - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
+ - VeriSign_Universal_Root_Certification_Authority.crt
+ Changed:
+ - Verisign_Class_1_Public_Primary_Certification_Authority.crt
+ - Verisign_Class_3_Public_Primary_Certification_Authority.crt
+ * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
+ * String decode the mozilla certdata.txt so the filenames show up as
+ proper UTF-8 strings.
+
+ -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
+
+ca-certificates (20090814+nmu3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix pending l10n issues. Debconf translations:
+ - French (Christian Perrier). Closes: #594231
+ - Danish (Joe Hansen). Closes: #601129
+ - Catalan (Jordi Mallach). Closes: #601089
+ - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
+
+ -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
+
+ca-certificates (20090814+nmu2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixes buggy shell functions included in the postinst script.
+ (Closes: #591607)
+
+ -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
+
+ca-certificates (20090814+nmu1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Preserve user changes to the /etc/ca-certificates.conf.
+ (Closes: #514220)
+
+ -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
+
+ca-certificates (20090814) unstable; urgency=low
+
+ * Call Debconf and its db_purge as early as possible in postrm.
+ (Closes: #541275)
+
+ -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
+
+ca-certificates (20090709) unstable; urgency=low
+
+ * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
+
+ -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
+
+ca-certificates (20090708) unstable; urgency=low
+
+ * Removed CA files:
+ - cacert.org/root.crt and cacert.org/class3.crt:
+ Both certificate files were deprecated with 20080809. Users of these
+ root certificates are encouraged to switch to
+ `cacert.org/cacert.org.crt' which contains both class 1 and class 3
+ roots joined in a single file.
+ - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
+ This certificate has been added into the Mozilla truststore and
+ is available as `mozilla/QuoVadis_Root_CA.crt'.
+ * Do not redirect c_rehash error messages to /dev/null.
+ (Closes: #495224)
+ * Remove dangling symlinks on purge, which also gets rid of the hash
+ symlink for ca-certificates.crt. (Closes: #475240)
+ * Use subshells when grepping for certificates in config, avoiding
+ SIGPIPE because of grep's immediate exit after it finds the pattern.
+ (Closes: #486737)
+ * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
+ Robby Workman of Slackware.
+ * Updated Standards-Version and FSF portal address in the copyright file.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
+
+ca-certificates (20090701) unstable; urgency=low
+
+ * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
+ Rationale: The rogue collision CA has its validity period in the past.
+ Thus it does not impose a risk upon us at the moment.
+ * Restrict search for local certificates to add on files ending with '.crt'.
+ * Canonicalize PEM names by applying the same set of substitions to
+ local and other certificates like the Mozilla certdata dumper does.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
+
+ca-certificates (20090624) unstable; urgency=low
+
+ * Allow local certificate installation. All certificates found
+ in `/usr/local/share/ca-certificates' will be automatically added
+ to the list of trusted certificates in `/etc/ssl/certs'.
+ (Closes: #352637, #419491, #473677, #476663, #511150)
+ * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
+ 1.51):
+ + COMODO ECC Certification Authority
+ + DigiNotar Root CA
+ + Network Solutions Certificate Authority
+ + WellsSecure Public Root Certificate Authority
+ - Equifax Secure Global eBusiness CA
+ - UTN USERFirst Object Root CA
+ * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
+ untrusted certificates. This led to the exclusion of the
+ "MD5 Collisions Forged Rogue CA 23c3" and its parent
+ "Equifax Secure Global eBusiness CA". Furthermore code signing-only
+ certificates are no longer included neither.
+ * Remove the purging of old PEM files in postinst dating back to
+ versions earlier than 20030414.
+ * Hooks are now called at every invocation of `update-ca-certificates'.
+ If no changes were done to `/etc/ssl/certs', the input for the
+ hooks will be empty, though. Failure exit codes of hooks will not
+ tear down the upgrade process anymore. They are printed but ignored.
+
+ -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
+
+ca-certificates (20081127) unstable; urgency=low
+
+ * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
+ #454334)
+
+ -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
+
+ca-certificates (20080809) unstable; urgency=low
+
+ * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
+ This file can be used for proper certificate chaining if CACert
+ server certificates are used. The old class3.pem and root.pem
+ certificates are deprecated. This new file could safely serve as
+ a replacement for both. (Closes: #494343)
+ * This also reintroduces the old name for the CACert certificate,
+ thus closing a long-standing bug about its rename to root.crt.
+ (Closes: #413766)
+
+ -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
+
+ca-certificates (20080617) unstable; urgency=low
+
+ * Added French Government's IGC/A CA (both DSA and RSA).
+ (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
+
+ca-certificates (20080616) unstable; urgency=low
+
+ * Fix installation on pt_BR locales. The problem was caused by the
+ .templates choices strings being marked for translation, with pt_BR
+ being the only language which actually translated them. Thanks to
+ Ubuntu for the fix, which needs to be around until Lenny is released
+ or six months have passed, whichever is later. (Closes: #472507)
+ * Drop Fumitoshi from the list of maintainers. Farewell!
+ * Bump Standards-Version to 3.8.0.
+
+ -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
+
+ca-certificates (20080514) unstable; urgency=medium
+
+ * Added the new SPI CA certificate, created in response to the latest
+ openssl security update.
+ * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
+ revoked sensibly. Expired CA created in 2003, expired in 2007 left
+ around for reference.
+ * Updated the Galician translation, thanks to Glennie Vignarajah.
+ (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
+
+ca-certificates (20080411) unstable; urgency=low
* Added the current SPI CA certificate, used by Debian's infrastructure.
* Added Deutsche Telekom Root CA 2, which is used by German institutions
through the DFN PKI.
+ * Updated mozilla certificates from trunk, which led to the following
+ adds (+) and removes (-):
+ + Camerfirma Chambers of Commerce Root
+ + Camerfirma Global Chambersign Root
+ + Certplus Class 2 Primary CA
+ + COMODO Certification Authority
+ + DigiCert Assured ID Root CA
+ + DigiCert Global Root CA
+ + DigiCert High Assurance EV Root CA
+ + DST ACES CA X6
+ + DST Root CA X3
+ + Entrust Root Certification Authority
+ + Firmaprofesional Root CA
+ + GeoTrust Global CA 2
+ + GeoTrust Primary Certification Authority
+ + GeoTrust Universal CA
+ + GeoTrust Universal CA 2
+ + GlobalSign Root CA - R2
+ + Go Daddy Class 2 CA
+ + NetLock Business (Class B) Root
+ + NetLock Express (Class C) Root
+ + NetLock Notary (Class A) Root
+ + NetLock Qualified (Class QA) Root
+ + QuoVadis Root CA 2
+ + QuoVadis Root CA 3
+ + Secure Global CA
+ + SecureTrust CA
+ + Starfield Class 2 CA
+ + StartCom Certification Authority
+ + StartCom Ltd.
+ + Swisscom Root CA 1
+ + SwissSign Gold CA - G2
+ + SwissSign Platinum CA - G2
+ + SwissSign Silver CA - G2
+ + Taiwan GRCA
+ + thawte Primary Root CA
+ + TURKTRUST Certificate Services Provider Root 1
+ + TURKTRUST Certificate Services Provider Root 2
+ + VeriSign Class 3 Public Primary Certification Authority - G5
+ + Wells Fargo Root CA
+ + XRamp Global CA Root
+ - Verisign Class 1 Public Primary OCSP Responder
+ - Verisign Class 2 Public Primary OCSP Responder
+ - Verisign Class 3 Public Primary OCSP Responder
+ - Verisign Secure Server OCSP Responder
+ (Closes: #447062, #456581)
* Updated the Russian debconf translation, thanks to Mikhail Gusarov.
(Closes: #434856)
* Reworded the description and made it static to ease translations.
+ * Reworded and amended README.Debian.
* Added myself to the uploaders of this package.
+ * Applied a patch by Martin F. Krafft to support hooks scripts
+ on add/remove of a certificate. (Closes: #377314)
- -- Philipp Kern <pkern@debian.org> Wed, 19 Mar 2008 14:25:26 +0100
+ -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
ca-certificates (20070303-0.1) unstable; urgency=low
projects / ca-certificates.git / blobdiff