X-Git-Url: https://git.donarmstrong.com/?p=ca-certificates.git;a=blobdiff_plain;f=debian%2Fchangelog;h=b4e956dee6affada9d93acaa9acd267f367cc4d6;hp=7e13a8cde10cd65925b041e4d8039f8a1f63aadf;hb=26c8042c69f3424e5c3d7e93a9915725fee6742a;hpb=3881775e4083a7e7ba99234c3a8c66a4a298bb53 diff --git a/debian/changelog b/debian/changelog index 7e13a8c..b4e956d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,12 +1,417 @@ -ca-certificates (20080319) UNRELEASED; urgency=low +ca-certificates (20111024) UNRELEASED; urgency=low + + [ Steve Langasek ] + * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of + the way before calling c_rehash, so that symlinks don't accidentally get + pointed here, breaking openssl certificate verification LP: #854927 + + [ Loïc Minier ] + * Drop bogus c_rehash on upgrades, which caused issue when + ca-certificates.crt was still in place; instead, call + update-ca-certificates --fresh on upgrades to this version, and + the usual update-ca-certificates otherwise Closes: #643667 + + -- Michael Shuler Mon, 24 Oct 2011 18:44:13 -0500 + +ca-certificates (20111023) unstable; urgency=low + + * Add 3.0 (native) source format + * Add Vcs-Git/Browser fields + * Add myself as new Maintainer with Uploaders Closes: #588219 + * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13) + Certificates added (+) and removed (-): + + "AffirmTrust Commercial" + + "AffirmTrust Networking" + + "AffirmTrust Premium" + + "AffirmTrust Premium ECC" + + "A-Trust-nQual-03" + + "Bogus Global Trustee" + + "Bogus GMail" + + "Bogus Google" + + "Bogus kuix.de" + + "Bogus live.com" + + "Bogus Mozilla Addons" + + "Bogus Skype" + + "Bogus Yahoo 1" + + "Bogus Yahoo 2" + + "Bogus Yahoo 3" + + "Certinomis - Autorité Racine" + + "Certum Trusted Network CA" + + "Explicitly Distrust DigiNotar Cyber CA" + + "Explicitly Distrust DigiNotar Cyber CA 2nd" + + "Explicitly Distrust DigiNotar Root CA" + + "Explicitly Distrust DigiNotar Services 1024 CA" + + "Explicitly Distrusted DigiNotar PKIoverheid" + + "Explicitly Distrusted DigiNotar PKIoverheid G2" + + "Go Daddy Root Certificate Authority - G2" + + "Root CA Generalitat Valenciana" + + "Starfield Root Certificate Authority - G2" + + "Starfield Services Root Certificate Authority - G2" + + "TWCA Root Certification Authority" + - "AOL Time Warner Root Certification Authority 1" + - "AOL Time Warner Root Certification Authority 2" + - "DigiNotar Root CA" + - "Entrust.net Global Secure Personal CA" + - "Entrust.net Global Secure Server CA" + - "Entrust.net Secure Personal CA" + - "IPS Chained CAs root" + - "IPS CLASE1 root" + - "IPS CLASE3 root" + - "IPS CLASEA1 root" + - "IPS CLASEA3 root" + - "IPS Timestamping root" + - "Thawte Personal Freemail CA" + - "Thawte Time Stamping CA" + * "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587 + * Update CAcert-Class 3-Subroot-certificate Closes: #630232 + + -- Michael Shuler Sun, 23 Oct 2011 23:14:47 -0500 + +ca-certificates (20111022) unstable; urgency=low + + * QA upload. + * Fix pending l10n issues. Debconf translations: + - German (Helge Kreutzmann). Closes: #634000 + - French (Christian Perrier). Closes: #634092 + - Russian (Yuri Kozlov). Closes: #635146 + - Swedish (Martin Bagge / brother). Closes: #640622 + - Slovak (Slavko). Closes: #641987 + - Spanish; (Javier Fernández-Sanguino). Closes: #642359 + - Japanese (Kenshi Muto). Closes: #644828 + - Czech (Miroslav Kure). Closes: #644843 + - Danish (Joe Hansen). Closes: #644854 + - Italian (Luca Monducci). Closes: #645004 + - Dutch; (Jeroen Schot). Closes: #645090 + - Portuguese (Miguel Figueiredo). Closes: #645126 + - Galician (Jorge Barreiro). Closes: #645138 + - Catalan; (Jordi Mallach). Closes: #645182 + - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526 + * Split Choices in debconf templates + * Add build-arch and build-indep build targets + * Bump debhelper compatibility level to 8 + * Bump Standards to 3.9.2 (checked) + * Replace "dh_clean -k" by dh_prep + + -- Christian Perrier Sat, 22 Oct 2011 14:24:00 +0200 + +ca-certificates (20110502+nmu1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Blacklist "DigiNotar Root CA" (Closes: #639744) + + -- Raphael Geissert Tue, 30 Aug 2011 21:00:55 -0500 + +ca-certificates (20110502) unstable; urgency=low + + * QA upload. + * Mark the package as multi-arch:foreign. (Closes: #622323) + * Use db_settitle in config script to allow translations of the + dialog title; thanks to Frans Pop. (Closes: #560314) + + -- Philipp Kern Mon, 02 May 2011 19:27:50 +0200 + +ca-certificates (20110421) unstable; urgency=low + + * QA upload. + * Package is orphaned, set maintainer to QA group + * Depend on openssl 1.0.0 and force a call of c_rehash so that we have + both the old and new style of symlinks. (Closes: #611102) + * Remove libssl0.9.8 from enhances + * Update mozilla certdata.txt file to the latest version. + Removed: + - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt + - beTRUSTed_Root_CA-Baltimore_Implementation.crt + - beTRUSTed_Root_CA.crt + - beTRUSTed_Root_CA_-_Entrust_Implementation.crt + - beTRUSTed_Root_CA_-_RSA_Implementation.crt + - Digital_Signature_Trust_Co._Global_CA_2.crt + - Digital_Signature_Trust_Co._Global_CA_4.crt + - Entrust.net_Global_Secure_Personal_CA.crt + - Entrust.net_Global_Secure_Server_CA.crt + - Entrust.net_Secure_Personal_CA.crt + - GTE_CyberTrust_Root_CA.crt + - IPS_Chained_CAs_root.crt + - IPS_CLASE1_root.crt + - IPS_CLASE3_root.crt + - IPS_CLASEA1_root.crt + - IPS_CLASEA3_root.crt + - IPS_Servidores_root.crt + - IPS_Timestamping_root.crt + - RSA_Security_1024_v3.crt + - StartCom_Ltd..crt + - Thawte_Personal_Basic_CA.crt + - Thawte_Personal_Premium_CA.crt + - UTN-USER_First-Network_Applications.crt + - Verisign_RSA_Secure_Server_CA.crt + - Verisign_Time_Stamping_Authority_CA.crt + - Visa_International_Global_Root_2.crt + Added: + - ACEDICOM_Root.crt + - AC_Raíz_Certicámara_S.A..crt + - ApplicationCA_-_Japanese_Government.crt + - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt + - Buypass_Class_2_CA_1.crt + - Buypass_Class_3_CA_1.crt + - CA_Disig.crt + - Certigna.crt + - certSIGN_ROOT_CA.crt + - Chambers_of_Commerce_Root_-_2008.crt + - CNNIC_ROOT.crt + - ComSign_CA.crt + - ComSign_Secured_CA.crt + - Cybertrust_Global_Root.crt + - Deutsche_Telekom_Root_CA_2.crt + - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt + - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt + - ePKI_Root_Certification_Authority.crt + - GeoTrust_Primary_Certification_Authority_-_G2.crt + - GeoTrust_Primary_Certification_Authority_-_G3.crt + - Global_Chambersign_Root_-_2008.crt + - GlobalSign_Root_CA_-_R3.crt + - Hongkong_Post_Root_CA_1.crt + - IGC_A.crt + - Izenpe.com.crt + - Juur-SK.crt + - Microsec_e-Szigno_Root_CA_2009.crt + - Microsec_e-Szigno_Root_CA.crt + - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt + - OISTE_WISeKey_Global_Root_GA_CA.crt + - SecureSign_RootCA11.crt + - Security_Communication_EV_RootCA1.crt + - Staat_der_Nederlanden_Root_CA_-_G2.crt + - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt + - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt + - TC_TrustCenter_Class_2_CA_II.crt + - TC_TrustCenter_Class_3_CA_II.crt + - TC_TrustCenter_Universal_CA_I.crt + - TC_TrustCenter_Universal_CA_III.crt + - thawte_Primary_Root_CA_-_G2.crt + - thawte_Primary_Root_CA_-_G3.crt + - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt + - VeriSign_Universal_Root_Certification_Authority.crt + Changed: + - Verisign_Class_1_Public_Primary_Certification_Authority.crt + - Verisign_Class_3_Public_Primary_Certification_Authority.crt + * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla. + * String decode the mozilla certdata.txt so the filenames show up as + proper UTF-8 strings. + + -- Kurt Roeckx Thu, 21 Apr 2011 18:56:08 +0200 + +ca-certificates (20090814+nmu3) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - French (Christian Perrier). Closes: #594231 + - Danish (Joe Hansen). Closes: #601129 + - Catalan (Jordi Mallach). Closes: #601089 + - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633 + + -- Christian Perrier Sat, 19 Mar 2011 07:47:00 +0100 + +ca-certificates (20090814+nmu2) unstable; urgency=low + + * Non-maintainer upload. + * Fixes buggy shell functions included in the postinst script. + (Closes: #591607) + + -- Maximiliano Curia Fri, 13 Aug 2010 20:16:21 -0300 + +ca-certificates (20090814+nmu1) unstable; urgency=low + + * Non-maintainer upload. + * Preserve user changes to the /etc/ca-certificates.conf. + (Closes: #514220) + + -- Maximiliano Curia Fri, 30 Jul 2010 12:55:28 -0400 + +ca-certificates (20090814) unstable; urgency=low + + * Call Debconf and its db_purge as early as possible in postrm. + (Closes: #541275) + + -- Philipp Kern Fri, 14 Aug 2009 11:10:00 +0200 + +ca-certificates (20090709) unstable; urgency=low + + * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331) + + -- Philipp Kern Thu, 09 Jul 2009 10:35:39 +0200 + +ca-certificates (20090708) unstable; urgency=low + + * Removed CA files: + - cacert.org/root.crt and cacert.org/class3.crt: + Both certificate files were deprecated with 20080809. Users of these + root certificates are encouraged to switch to + `cacert.org/cacert.org.crt' which contains both class 1 and class 3 + roots joined in a single file. + - quovadis.bm/QuoVadis_Root_Certification_Authority.crt: + This certificate has been added into the Mozilla truststore and + is available as `mozilla/QuoVadis_Root_CA.crt'. + * Do not redirect c_rehash error messages to /dev/null. + (Closes: #495224) + * Remove dangling symlinks on purge, which also gets rid of the hash + symlink for ca-certificates.crt. (Closes: #475240) + * Use subshells when grepping for certificates in config, avoiding + SIGPIPE because of grep's immediate exit after it finds the pattern. + (Closes: #486737) + * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to + Robby Workman of Slackware. + * Updated Standards-Version and FSF portal address in the copyright file. + + -- Philipp Kern Wed, 08 Jul 2009 23:19:56 +0200 + +ca-certificates (20090701) unstable; urgency=low + + * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674) + Rationale: The rogue collision CA has its validity period in the past. + Thus it does not impose a risk upon us at the moment. + * Restrict search for local certificates to add on files ending with '.crt'. + * Canonicalize PEM names by applying the same set of substitions to + local and other certificates like the Mozilla certdata dumper does. + + -- Philipp Kern Wed, 01 Jul 2009 14:50:00 +0200 + +ca-certificates (20090624) unstable; urgency=low + + * Allow local certificate installation. All certificates found + in `/usr/local/share/ca-certificates' will be automatically added + to the list of trusted certificates in `/etc/ssl/certs'. + (Closes: #352637, #419491, #473677, #476663, #511150) + * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision + 1.51): + + COMODO ECC Certification Authority + + DigiNotar Root CA + + Network Solutions Certificate Authority + + WellsSecure Public Root Certificate Authority + - Equifax Secure Global eBusiness CA + - UTN USERFirst Object Root CA + * Reimplemented the Mozilla certdata parser mainly to exclude explicitly + untrusted certificates. This led to the exclusion of the + "MD5 Collisions Forged Rogue CA 23c3" and its parent + "Equifax Secure Global eBusiness CA". Furthermore code signing-only + certificates are no longer included neither. + * Remove the purging of old PEM files in postinst dating back to + versions earlier than 20030414. + * Hooks are now called at every invocation of `update-ca-certificates'. + If no changes were done to `/etc/ssl/certs', the input for the + hooks will be empty, though. Failure exit codes of hooks will not + tear down the upgrade process anymore. They are printed but ignored. + + -- Philipp Kern Tue, 24 Jun 2009 21:04:08 +0200 + +ca-certificates (20081127) unstable; urgency=low + + * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes: + #454334) + + -- Philipp Kern Thu, 27 Nov 2008 19:13:17 +0100 + +ca-certificates (20080809) unstable; urgency=low + + * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates. + This file can be used for proper certificate chaining if CACert + server certificates are used. The old class3.pem and root.pem + certificates are deprecated. This new file could safely serve as + a replacement for both. (Closes: #494343) + * This also reintroduces the old name for the CACert certificate, + thus closing a long-standing bug about its rename to root.crt. + (Closes: #413766) + + -- Philipp Kern Sat, 09 Aug 2008 14:58:24 -0300 + +ca-certificates (20080617) unstable; urgency=low + + * Added French Government's IGC/A CA (both DSA and RSA). + (Closes: #416470) + + -- Philipp Kern Mon, 23 Jun 2008 20:55:53 +0200 + +ca-certificates (20080616) unstable; urgency=low + + * Fix installation on pt_BR locales. The problem was caused by the + .templates choices strings being marked for translation, with pt_BR + being the only language which actually translated them. Thanks to + Ubuntu for the fix, which needs to be around until Lenny is released + or six months have passed, whichever is later. (Closes: #472507) + * Drop Fumitoshi from the list of maintainers. Farewell! + * Bump Standards-Version to 3.8.0. + + -- Philipp Kern Mon, 16 Jun 2008 17:41:50 +0200 + +ca-certificates (20080514) unstable; urgency=medium + + * Added the new SPI CA certificate, created in response to the latest + openssl security update. + * Removed old SPI CA certificates (2006, 2007) as CAs cannot be + revoked sensibly. Expired CA created in 2003, expired in 2007 left + around for reference. + * Updated the Galician translation, thanks to Glennie Vignarajah. + (Closes: #416470) + + -- Philipp Kern Wed, 14 May 2008 10:03:42 +0200 + +ca-certificates (20080411) unstable; urgency=low * Added the current SPI CA certificate, used by Debian's infrastructure. * Added Deutsche Telekom Root CA 2, which is used by German institutions through the DFN PKI. + * Updated mozilla certificates from trunk, which led to the following + adds (+) and removes (-): + + Camerfirma Chambers of Commerce Root + + Camerfirma Global Chambersign Root + + Certplus Class 2 Primary CA + + COMODO Certification Authority + + DigiCert Assured ID Root CA + + DigiCert Global Root CA + + DigiCert High Assurance EV Root CA + + DST ACES CA X6 + + DST Root CA X3 + + Entrust Root Certification Authority + + Firmaprofesional Root CA + + GeoTrust Global CA 2 + + GeoTrust Primary Certification Authority + + GeoTrust Universal CA + + GeoTrust Universal CA 2 + + GlobalSign Root CA - R2 + + Go Daddy Class 2 CA + + NetLock Business (Class B) Root + + NetLock Express (Class C) Root + + NetLock Notary (Class A) Root + + NetLock Qualified (Class QA) Root + + QuoVadis Root CA 2 + + QuoVadis Root CA 3 + + Secure Global CA + + SecureTrust CA + + Starfield Class 2 CA + + StartCom Certification Authority + + StartCom Ltd. + + Swisscom Root CA 1 + + SwissSign Gold CA - G2 + + SwissSign Platinum CA - G2 + + SwissSign Silver CA - G2 + + Taiwan GRCA + + thawte Primary Root CA + + TURKTRUST Certificate Services Provider Root 1 + + TURKTRUST Certificate Services Provider Root 2 + + VeriSign Class 3 Public Primary Certification Authority - G5 + + Wells Fargo Root CA + + XRamp Global CA Root + - Verisign Class 1 Public Primary OCSP Responder + - Verisign Class 2 Public Primary OCSP Responder + - Verisign Class 3 Public Primary OCSP Responder + - Verisign Secure Server OCSP Responder + (Closes: #447062, #456581) * Updated the Russian debconf translation, thanks to Mikhail Gusarov. (Closes: #434856) + * Reworded the description and made it static to ease translations. + * Reworded and amended README.Debian. + * Added myself to the uploaders of this package. + * Applied a patch by Martin F. Krafft to support hooks scripts + on add/remove of a certificate. (Closes: #377314) - -- Philipp Kern Wed, 19 Mar 2008 14:25:26 +0100 + -- Philipp Kern Sat, 12 Apr 2008 17:35:26 +0200 ca-certificates (20070303-0.1) unstable; urgency=low