+ca-certificates (20111024) UNRELEASED; urgency=low
+
+ [ Steve Langasek ]
+ * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
+ the way before calling c_rehash, so that symlinks don't accidentally get
+ pointed here, breaking openssl certificate verification LP: #854927
+
+ [ Loïc Minier ]
+ * Drop bogus c_rehash on upgrades, which caused issue when
+ ca-certificates.crt was still in place; instead, call
+ update-ca-certificates --fresh on upgrades to this version, and
+ the usual update-ca-certificates otherwise Closes: #643667
+
+ -- Michael Shuler <michael@pbandjelly.org> Mon, 24 Oct 2011 18:44:13 -0500
+
ca-certificates (20111023) unstable; urgency=low
* Add 3.0 (native) source format
-e 's/^[[:space:]]*1[[:space:]]*/!/' \
>> /etc/ca-certificates.conf
fi
- update-ca-certificates
- # Call c_rehash when upgrading from older versions to that we
- # have both the old and new style of symlink
- if [ ! -z "$2" ]; then
- if dpkg --compare-versions "$2" le 20090814+nmu3; then
- c_rehash
- fi
+ # fix bogus symlink to ca-certificates.crt on upgrades; see
+ # Debian #643667; drop after wheezy
+ if dpkg --compare-versions "$2" lt-nl 20110502+nmu2+643667; then
+ update-ca-certificates --fresh
+ else
+ update-ca-certificates
fi
;;
done
fi
-chmod 0644 "$TEMPBUNDLE"
-mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
+rm -f "$CERTBUNDLE"
ADDED_CNT=$(wc -l < "$ADDED")
REMOVED_CNT=$(wc -l < "$REMOVED")
fi
fi
+chmod 0644 "$TEMPBUNDLE"
+mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
+
echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
HOOKSDIR=/etc/ca-certificates/update.d