From: Michael Shuler <michael@pbandjelly.org>
Date: Sat, 17 Sep 2011 22:24:16 +0000 (-0500)
Subject: Import Debian version 20090701
X-Git-Url: https://git.donarmstrong.com/?p=ca-certificates.git;a=commitdiff_plain;h=8828ce73c28f732b6e32dd07172d384efe2c0478

Import Debian version 20090701
---

diff --git a/debian/NEWS b/debian/NEWS
index 19c6f38..004cc16 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,9 @@
+ca-certificates (20090701) unstable; urgency=low
+
+  * Readded Equifax Secure Global eBusiness CA.
+
+ -- Philipp Kern <pkern@debian.org>  Wed, 01 Jul 2009 14:47:02 +0200
+
 ca-certificates (20090624) unstable; urgency=low
 
   * This update eases the installation of local certification authorities
diff --git a/debian/changelog b/debian/changelog
index 46f792f..a4d8a5f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+ca-certificates (20090701) unstable; urgency=low
+
+  * Reactivated "Equifax Secure Global eBusiness CA".  (Closes: #534674)
+    Rationale: The rogue collision CA has its validity period in the past.
+    Thus it does not impose a risk upon us at the moment.
+  * Restrict search for local certificates to add on files ending with '.crt'.
+  * Canonicalize PEM names by applying the same set of substitions to
+    local and other certificates like the Mozilla certdata dumper does.
+
+ -- Philipp Kern <pkern@debian.org>  Wed, 01 Jul 2009 14:50:00 +0200
+
 ca-certificates (20090624) unstable; urgency=low
 
   * Allow local certificate installation.  All certificates found
diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt
index cc3e19b..8d57b86 100644
--- a/mozilla/blacklist.txt
+++ b/mozilla/blacklist.txt
@@ -1,8 +1,5 @@
 # One blacklist entry per line, corresponding to the label in certdata.txt.
 
-# Parent of "MD5 Collisions Forged Rogue CA 25c3"
-"Equifax Secure Global eBusiness CA"
-
 # MD5 Collision Proof of Concept CA
 "MD5 Collisions Forged Rogue CA 25c3"
 
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
index 728e909..a34ef75 100755
--- a/sbin/update-ca-certificates
+++ b/sbin/update-ca-certificates
@@ -60,7 +60,9 @@ REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
 # bundle.
 add() {
   CERT="$1"
-  PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
+  PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
+                                                  -e 's/[()]/=/g' \
+                                                  -e 's/,/_/g').pem"
   if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
   then
     ln -sf "$CERT" "$PEM"
@@ -118,7 +120,7 @@ done
 # administrator.
 if [ -d "$LOCALCERTSDIR" ]
 then
-  find -L "$LOCALCERTSDIR" -type f | while read crt
+  find -L "$LOCALCERTSDIR" -type f -name '*.crt' | while read crt
   do
     add "$crt"
   done