-ca-certificates (20080616) UNRELEASED; urgency=low
+ca-certificates (20111024) UNRELEASED; urgency=low
+
+ [ Steve Langasek ]
+ * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
+ the way before calling c_rehash, so that symlinks don't accidentally get
+ pointed here, breaking openssl certificate verification LP: #854927
+
+ [ Loïc Minier ]
+ * Drop bogus c_rehash on upgrades, which caused issue when
+ ca-certificates.crt was still in place; instead, call
+ update-ca-certificates --fresh on upgrades to this version, and
+ the usual update-ca-certificates otherwise Closes: #643667
+
+ -- Michael Shuler <michael@pbandjelly.org> Mon, 24 Oct 2011 18:44:13 -0500
+
+ca-certificates (20111023) unstable; urgency=low
+
+ * Add 3.0 (native) source format
+ * Add Vcs-Git/Browser fields
+ * Add myself as new Maintainer with Uploaders Closes: #588219
+ * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
+ Certificates added (+) and removed (-):
+ + "AffirmTrust Commercial"
+ + "AffirmTrust Networking"
+ + "AffirmTrust Premium"
+ + "AffirmTrust Premium ECC"
+ + "A-Trust-nQual-03"
+ + "Bogus Global Trustee"
+ + "Bogus GMail"
+ + "Bogus Google"
+ + "Bogus kuix.de"
+ + "Bogus live.com"
+ + "Bogus Mozilla Addons"
+ + "Bogus Skype"
+ + "Bogus Yahoo 1"
+ + "Bogus Yahoo 2"
+ + "Bogus Yahoo 3"
+ + "Certinomis - Autorité Racine"
+ + "Certum Trusted Network CA"
+ + "Explicitly Distrust DigiNotar Cyber CA"
+ + "Explicitly Distrust DigiNotar Cyber CA 2nd"
+ + "Explicitly Distrust DigiNotar Root CA"
+ + "Explicitly Distrust DigiNotar Services 1024 CA"
+ + "Explicitly Distrusted DigiNotar PKIoverheid"
+ + "Explicitly Distrusted DigiNotar PKIoverheid G2"
+ + "Go Daddy Root Certificate Authority - G2"
+ + "Root CA Generalitat Valenciana"
+ + "Starfield Root Certificate Authority - G2"
+ + "Starfield Services Root Certificate Authority - G2"
+ + "TWCA Root Certification Authority"
+ - "AOL Time Warner Root Certification Authority 1"
+ - "AOL Time Warner Root Certification Authority 2"
+ - "DigiNotar Root CA"
+ - "Entrust.net Global Secure Personal CA"
+ - "Entrust.net Global Secure Server CA"
+ - "Entrust.net Secure Personal CA"
+ - "IPS Chained CAs root"
+ - "IPS CLASE1 root"
+ - "IPS CLASE3 root"
+ - "IPS CLASEA1 root"
+ - "IPS CLASEA3 root"
+ - "IPS Timestamping root"
+ - "Thawte Personal Freemail CA"
+ - "Thawte Time Stamping CA"
+ * "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587
+ * Update CAcert-Class 3-Subroot-certificate Closes: #630232
+
+ -- Michael Shuler <michael@pbandjelly.org> Sun, 23 Oct 2011 23:14:47 -0500
+
+ca-certificates (20111022) unstable; urgency=low
+
+ * QA upload.
+ * Fix pending l10n issues. Debconf translations:
+ - German (Helge Kreutzmann). Closes: #634000
+ - French (Christian Perrier). Closes: #634092
+ - Russian (Yuri Kozlov). Closes: #635146
+ - Swedish (Martin Bagge / brother). Closes: #640622
+ - Slovak (Slavko). Closes: #641987
+ - Spanish; (Javier Fernández-Sanguino). Closes: #642359
+ - Japanese (Kenshi Muto). Closes: #644828
+ - Czech (Miroslav Kure). Closes: #644843
+ - Danish (Joe Hansen). Closes: #644854
+ - Italian (Luca Monducci). Closes: #645004
+ - Dutch; (Jeroen Schot). Closes: #645090
+ - Portuguese (Miguel Figueiredo). Closes: #645126
+ - Galician (Jorge Barreiro). Closes: #645138
+ - Catalan; (Jordi Mallach). Closes: #645182
+ - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
+ * Split Choices in debconf templates
+ * Add build-arch and build-indep build targets
+ * Bump debhelper compatibility level to 8
+ * Bump Standards to 3.9.2 (checked)
+ * Replace "dh_clean -k" by dh_prep
+
+ -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
+
+ca-certificates (20110502+nmu1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Blacklist "DigiNotar Root CA" (Closes: #639744)
+
+ -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
+
+ca-certificates (20110502) unstable; urgency=low
+
+ * QA upload.
+ * Mark the package as multi-arch:foreign. (Closes: #622323)
+ * Use db_settitle in config script to allow translations of the
+ dialog title; thanks to Frans Pop. (Closes: #560314)
+
+ -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
+
+ca-certificates (20110421) unstable; urgency=low
+
+ * QA upload.
+ * Package is orphaned, set maintainer to QA group
+ * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
+ both the old and new style of symlinks. (Closes: #611102)
+ * Remove libssl0.9.8 from enhances
+ * Update mozilla certdata.txt file to the latest version.
+ Removed:
+ - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
+ - beTRUSTed_Root_CA-Baltimore_Implementation.crt
+ - beTRUSTed_Root_CA.crt
+ - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
+ - beTRUSTed_Root_CA_-_RSA_Implementation.crt
+ - Digital_Signature_Trust_Co._Global_CA_2.crt
+ - Digital_Signature_Trust_Co._Global_CA_4.crt
+ - Entrust.net_Global_Secure_Personal_CA.crt
+ - Entrust.net_Global_Secure_Server_CA.crt
+ - Entrust.net_Secure_Personal_CA.crt
+ - GTE_CyberTrust_Root_CA.crt
+ - IPS_Chained_CAs_root.crt
+ - IPS_CLASE1_root.crt
+ - IPS_CLASE3_root.crt
+ - IPS_CLASEA1_root.crt
+ - IPS_CLASEA3_root.crt
+ - IPS_Servidores_root.crt
+ - IPS_Timestamping_root.crt
+ - RSA_Security_1024_v3.crt
+ - StartCom_Ltd..crt
+ - Thawte_Personal_Basic_CA.crt
+ - Thawte_Personal_Premium_CA.crt
+ - UTN-USER_First-Network_Applications.crt
+ - Verisign_RSA_Secure_Server_CA.crt
+ - Verisign_Time_Stamping_Authority_CA.crt
+ - Visa_International_Global_Root_2.crt
+ Added:
+ - ACEDICOM_Root.crt
+ - AC_Raíz_Certicámara_S.A..crt
+ - ApplicationCA_-_Japanese_Government.crt
+ - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
+ - Buypass_Class_2_CA_1.crt
+ - Buypass_Class_3_CA_1.crt
+ - CA_Disig.crt
+ - Certigna.crt
+ - certSIGN_ROOT_CA.crt
+ - Chambers_of_Commerce_Root_-_2008.crt
+ - CNNIC_ROOT.crt
+ - ComSign_CA.crt
+ - ComSign_Secured_CA.crt
+ - Cybertrust_Global_Root.crt
+ - Deutsche_Telekom_Root_CA_2.crt
+ - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
+ - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
+ - ePKI_Root_Certification_Authority.crt
+ - GeoTrust_Primary_Certification_Authority_-_G2.crt
+ - GeoTrust_Primary_Certification_Authority_-_G3.crt
+ - Global_Chambersign_Root_-_2008.crt
+ - GlobalSign_Root_CA_-_R3.crt
+ - Hongkong_Post_Root_CA_1.crt
+ - IGC_A.crt
+ - Izenpe.com.crt
+ - Juur-SK.crt
+ - Microsec_e-Szigno_Root_CA_2009.crt
+ - Microsec_e-Szigno_Root_CA.crt
+ - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
+ - OISTE_WISeKey_Global_Root_GA_CA.crt
+ - SecureSign_RootCA11.crt
+ - Security_Communication_EV_RootCA1.crt
+ - Staat_der_Nederlanden_Root_CA_-_G2.crt
+ - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
+ - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
+ - TC_TrustCenter_Class_2_CA_II.crt
+ - TC_TrustCenter_Class_3_CA_II.crt
+ - TC_TrustCenter_Universal_CA_I.crt
+ - TC_TrustCenter_Universal_CA_III.crt
+ - thawte_Primary_Root_CA_-_G2.crt
+ - thawte_Primary_Root_CA_-_G3.crt
+ - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
+ - VeriSign_Universal_Root_Certification_Authority.crt
+ Changed:
+ - Verisign_Class_1_Public_Primary_Certification_Authority.crt
+ - Verisign_Class_3_Public_Primary_Certification_Authority.crt
+ * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
+ * String decode the mozilla certdata.txt so the filenames show up as
+ proper UTF-8 strings.
+
+ -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
+
+ca-certificates (20090814+nmu3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix pending l10n issues. Debconf translations:
+ - French (Christian Perrier). Closes: #594231
+ - Danish (Joe Hansen). Closes: #601129
+ - Catalan (Jordi Mallach). Closes: #601089
+ - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
+
+ -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
+
+ca-certificates (20090814+nmu2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixes buggy shell functions included in the postinst script.
+ (Closes: #591607)
+
+ -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
+
+ca-certificates (20090814+nmu1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Preserve user changes to the /etc/ca-certificates.conf.
+ (Closes: #514220)
+
+ -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
+
+ca-certificates (20090814) unstable; urgency=low
+
+ * Call Debconf and its db_purge as early as possible in postrm.
+ (Closes: #541275)
+
+ -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
+
+ca-certificates (20090709) unstable; urgency=low
+
+ * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
+
+ -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
+
+ca-certificates (20090708) unstable; urgency=low
+
+ * Removed CA files:
+ - cacert.org/root.crt and cacert.org/class3.crt:
+ Both certificate files were deprecated with 20080809. Users of these
+ root certificates are encouraged to switch to
+ `cacert.org/cacert.org.crt' which contains both class 1 and class 3
+ roots joined in a single file.
+ - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
+ This certificate has been added into the Mozilla truststore and
+ is available as `mozilla/QuoVadis_Root_CA.crt'.
+ * Do not redirect c_rehash error messages to /dev/null.
+ (Closes: #495224)
+ * Remove dangling symlinks on purge, which also gets rid of the hash
+ symlink for ca-certificates.crt. (Closes: #475240)
+ * Use subshells when grepping for certificates in config, avoiding
+ SIGPIPE because of grep's immediate exit after it finds the pattern.
+ (Closes: #486737)
+ * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
+ Robby Workman of Slackware.
+ * Updated Standards-Version and FSF portal address in the copyright file.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
+
+ca-certificates (20090701) unstable; urgency=low
+
+ * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
+ Rationale: The rogue collision CA has its validity period in the past.
+ Thus it does not impose a risk upon us at the moment.
+ * Restrict search for local certificates to add on files ending with '.crt'.
+ * Canonicalize PEM names by applying the same set of substitions to
+ local and other certificates like the Mozilla certdata dumper does.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
+
+ca-certificates (20090624) unstable; urgency=low
+
+ * Allow local certificate installation. All certificates found
+ in `/usr/local/share/ca-certificates' will be automatically added
+ to the list of trusted certificates in `/etc/ssl/certs'.
+ (Closes: #352637, #419491, #473677, #476663, #511150)
+ * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
+ 1.51):
+ + COMODO ECC Certification Authority
+ + DigiNotar Root CA
+ + Network Solutions Certificate Authority
+ + WellsSecure Public Root Certificate Authority
+ - Equifax Secure Global eBusiness CA
+ - UTN USERFirst Object Root CA
+ * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
+ untrusted certificates. This led to the exclusion of the
+ "MD5 Collisions Forged Rogue CA 23c3" and its parent
+ "Equifax Secure Global eBusiness CA". Furthermore code signing-only
+ certificates are no longer included neither.
+ * Remove the purging of old PEM files in postinst dating back to
+ versions earlier than 20030414.
+ * Hooks are now called at every invocation of `update-ca-certificates'.
+ If no changes were done to `/etc/ssl/certs', the input for the
+ hooks will be empty, though. Failure exit codes of hooks will not
+ tear down the upgrade process anymore. They are printed but ignored.
+
+ -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
+
+ca-certificates (20081127) unstable; urgency=low
+
+ * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
+ #454334)
+
+ -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
+
+ca-certificates (20080809) unstable; urgency=low
+
+ * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
+ This file can be used for proper certificate chaining if CACert
+ server certificates are used. The old class3.pem and root.pem
+ certificates are deprecated. This new file could safely serve as
+ a replacement for both. (Closes: #494343)
+ * This also reintroduces the old name for the CACert certificate,
+ thus closing a long-standing bug about its rename to root.crt.
+ (Closes: #413766)
+
+ -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
+
+ca-certificates (20080617) unstable; urgency=low
+
+ * Added French Government's IGC/A CA (both DSA and RSA).
+ (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
+
+ca-certificates (20080616) unstable; urgency=low
* Fix installation on pt_BR locales. The problem was caused by the
.templates choices strings being marked for translation, with pt_BR
being the only language which actually translated them. Thanks to
Ubuntu for the fix, which needs to be around until Lenny is released
or six months have passed, whichever is later. (Closes: #472507)
+ * Drop Fumitoshi from the list of maintainers. Farewell!
+ * Bump Standards-Version to 3.8.0.
- -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 16:57:29 +0200
+ -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
ca-certificates (20080514) unstable; urgency=medium
projects / ca-certificates.git / blobdiff