Change log : ca-certificates package : Debian

20240203

Published in sid-release on 2024-02-04

ca-certificates (20240203) unstable; urgency=medium

  [ Jeffrey Walton ]
  * update-ca-certificates man page updates
  * fix shellcheck warnings (closes: #1058658, #981663)

  [ Gioele Barabucci ]
  * Use standard dh sequence (closes: #1050112)

  [ Julien Cristau ]
  * Update Mozilla certificate authority bundle to version 2.64
    The following certificate authorities were added (+):
    + Atos TrustedRoot Root CA ECC TLS 2021
    + Atos TrustedRoot Root CA RSA TLS 2021
    + BJCA Global Root CA1
    + BJCA Global Root CA2
    + CommScope Public Trust ECC Root-01
    + CommScope Public Trust ECC Root-02
    + CommScope Public Trust RSA Root-01
    + CommScope Public Trust RSA Root-02
    + Sectigo Public Server Authentication Root E46
    + Sectigo Public Server Authentication Root R46
    + SSL.com TLS ECC Root CA 2022
    + SSL.com TLS RSA Root CA 2022
    + TrustAsia Global Root CA G3
    + TrustAsia Global Root CA G4
    The following certificate authorities were removed (-):
    - Autoridad de Certificacion Firmaprofesional CIF A62634068
    - E-Tugra Certification Authority (closes: #1032916)
    - E-Tugra Global Root CA ECC v3
    - E-Tugra Global Root CA RSA v3
    - Hongkong Post Root CA 1
    - TrustCor ECA-1
    - TrustCor RootCert CA-1
    - TrustCor RootCert CA-2 (closes: #1023945)

 -- Julien Cristau <email address hidden>  Sun, 04 Feb 2024 10:41:43 +0100

Available diffs

diff from 20230311ubuntu1 (in Ubuntu) to 20240203 (68.0 KiB)

20230311

Published in bookworm-release on 2023-06-01

Published in sid-release on 2023-03-11

ca-certificates (20230311) unstable; urgency=medium

  [ Đoàn Trần Công Danh ]
  * ca-certificates: compat with non-GNU mktemp (closes: #1000847)

  [ Ilya Lipnitskiy ]
  * certdata2pem.py: use UTC time when checking cert validity

  [ Julien Cristau ]
  * Update Mozilla certificate authority bundle to version 2.60
    The following certificate authorities were added (+):
    + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
    + "Certainly Root E1"
    + "Certainly Root R1"
    + "D-TRUST BR Root CA 1 2020"
    + "D-TRUST EV Root CA 1 2020"
    + "DigiCert TLS ECC P384 Root G5"
    + "DigiCert TLS RSA4096 Root G5"
    + "E-Tugra Global Root CA ECC v3"
    + "E-Tugra Global Root CA RSA v3"
    + "HARICA TLS ECC Root CA 2021"
    + "HARICA TLS RSA Root CA 2021"
    + "HiPKI Root CA - G1"
    + "ISRG Root X2"
    + "Security Communication ECC RootCA1"
    + "Security Communication RootCA3"
    + "Telia Root CA v2"
    + "TunTrust Root CA"
    + "vTrus ECC Root CA"
    + "vTrus Root CA"
    The following certificate authorities were removed (-):
    - "Cybertrust Global Root" (expired)
    - "EC-ACC"
    - "GlobalSign Root CA - R2" (expired)
    - "Hellenic Academic and Research Institutions RootCA 2011"
    - "Network Solutions Certificate Authority"
    - "Staat der Nederlanden EV Root CA" (expired)
  * Drop trailing space from debconf template causing misformatting
    (closes: #980821)

  [ Wataru Ashihara ]
  * Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)

 -- Julien Cristau <email address hidden>  Sat, 11 Mar 2023 09:47:05 +0100

Available diffs

diff from 20211016ubuntu1 (in Ubuntu) to 20230311 (178.1 KiB)

20211016

Superseded in sid-release on 2023-04-29

ca-certificates (20211016) unstable; urgency=low

  [ Michael Shuler ]
  * Fix error on install when TEMPBUNDLE missing. Closes: #996005

 -- Julien Cristau <email address hidden>  Sat, 16 Oct 2021 18:09:43 +0200

Available diffs

diff from 20210119ubuntu1 (in Ubuntu) to 20211016 (28.2 KiB)

20211004

Superseded in sid-release on 2021-10-16

ca-certificates (20211004) unstable; urgency=low

  [ Debian Janitor ]
  * Fix day-of-week for changelog entry 20090624.

  [ Julien Cristau ]
  * Create temporary ca-certificates.crt on the same file system.
    Closes: #923784
  * Don't remove ca-certificates.crt before updating it, so it doesn't
    go missing for a short while (closes: #920348).  Thanks, Dimitris
    Aragiorgis!
  * Bump package priority from optional to standard.
  * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
    bundle to version 2.50
    The following certificate authorities were added (+):
    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
    + "GlobalSign Root R46"
    + "GlobalSign Root E46"
    + "GLOBALTRUST 2020"
    + "ANF Secure Server Root CA"
    + "Certum EC-384 CA"
    + "Certum Trusted Root CA"
    The following certificate authorities were removed (-):
    - "QuoVadis Root CA"
    - "Sonera Class 2 Root CA"
    - "GeoTrust Primary Certification Authority - G2"
    - "VeriSign Universal Root Certification Authority"
    - "Chambers of Commerce Root - 2008"
    - "Global Chambersign Root - 2008"
    - "Trustis FPS Root CA"
    - "Staat der Nederlanden Root CA - G3"
  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
  * mozilla/certdata2pem.py: print a warning for expired certificates.

 -- Julien Cristau <email address hidden>  Thu, 07 Oct 2021 17:12:47 +0200

20200601~deb10u2

Published in buster-release on 2021-02-06

Superseded in sid-release on 2021-06-19

ca-certificates (20200601~deb10u2) buster; urgency=medium

  [ Julien Cristau ]
  * New maintainer (see #976406)

  [ Michael Shuler ]
  * mozilla/blacklist:
    Revert Symantec CA blacklist (#911289). Closes: #962596, #968002.
    The following root certificates were added back (+):
    + "GeoTrust Global CA"
    + "GeoTrust Primary Certification Authority"
    + "GeoTrust Primary Certification Authority - G2"
    + "GeoTrust Primary Certification Authority - G3"
    + "GeoTrust Universal CA"
    + "thawte Primary Root CA"
    + "thawte Primary Root CA - G2"
    + "thawte Primary Root CA - G3"
    + "VeriSign Class 3 Public Primary Certification Authority - G4"
    + "VeriSign Class 3 Public Primary Certification Authority - G5"
    + "VeriSign Universal Root Certification Authority"

  Note: due to bug #743339, CA certificates added back in this version
  won't automatically be trusted again on upgrade.  Affected users may
  need to reconfigure the package to restore the desired state.

 -- Julien Cristau <email address hidden>  Thu, 28 Jan 2021 13:01:43 +0100

20210119

Published in bullseye-release on 2021-07-22

Superseded in sid-release on 2022-10-11

ca-certificates (20210119) unstable; urgency=medium

  [ Julien Cristau ]
  * New maintainer (closes: #976406)
  * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
    bundle to version 2.46.
    The following certificate authorities were added (+):
    + "certSIGN ROOT CA G2"
    + "e-Szigno Root CA 2017"
    + "Microsoft ECC Root Certificate Authority 2017"
    + "Microsoft RSA Root Certificate Authority 2017"
    + "NAVER Global Root Certification Authority"
    + "Trustwave Global Certification Authority"
    + "Trustwave Global ECC P256 Certification Authority"
    + "Trustwave Global ECC P384 Certification Authority"
    The following certificate authorities were removed (-):
    - "EE Certification Centre Root CA"
    - "GeoTrust Universal CA 2"
    - "LuxTrust Global Root 2"
    - "OISTE WISeKey Global Root GA CA"
    - "Staat der Nederlanden Root CA - G2" (closes: #962079)
    - "Taiwan GRCA"
    - "Verisign Class 3 Public Primary Certification Authority - G3"

  [ Michael Shuler ]
  * mozilla/blacklist:
    Revert Symantec CA blacklist (#911289). Closes: #962596
    The following root certificates were added back (+):
    + "GeoTrust Primary Certification Authority - G2"
    + "VeriSign Universal Root Certification Authority"

  [ Gianfranco Costamagna ]
  * debian/{rules,control}:
    Merge Ubuntu patch from Matthias Klose to use Python3 during build.
    Closes: #942915

 -- Julien Cristau <email address hidden>  Tue, 19 Jan 2021 11:11:04 +0100

20200601~deb10u1

Superseded in buster-release on 2021-02-06

Superseded in sid-release on 2021-02-05

ca-certificates (20200601~deb10u1) buster; urgency=medium

  * Rebuild for buster.
  * Merge changes from 20200601
    - d/control; set d/gbp.conf branch to debian-buster
  * This release updates the Mozilla CA bundle to 2.40, blacklists
    distrusted Symantec roots, and blacklists expired "AddTrust External
    Root". Closes: #956411, #955038, #911289, #961907

 -- Michael Shuler <email address hidden>  Wed, 03 Jun 2020 13:09:34 -0500

20200601~deb9u1

Published in stretch-release on 2020-07-18

ca-certificates (20200601~deb9u1) stretch; urgency=medium

  * Rebuild for stretch.
  * Merge changes from 20200601
    - d/control
  * This release updates the Mozilla CA bundle to 2.40, blacklists
    distrusted Symantec roots, and blacklists expired "AddTrust External
    Root". Closes: #956411, #955038, #911289, #961907
  * Fix permissions on /usr/local/share/ca-certificates when using symlinks.
    Closes: #916833
  * Remove email-only roots from mozilla trust store. Closes: #721976

 -- Michael Shuler <email address hidden>  Fri, 05 Jun 2020 11:52:50 -0500

20200601

Superseded in sid-release on 2021-04-16

ca-certificates (20200601) unstable; urgency=medium

  * debian/control:
    Set Standards-Version: 4.5.0.2
    Set Build-Depends: debhelper-compat (= 13)
  * debian/copyright:
    Replace tabs in license text
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.40.
    Closes: #956411, #955038
  * mozilla/blacklist.txt
    Add distrusted Symantec CA list to blacklist for explicit removal.
    Closes: #911289
    Blacklist expired root certificate, "AddTrust External Root"
    Closes: #961907
    The following certificate authorities were added (+):
    + "Certigna Root CA"
    + "emSign ECC Root CA - C3"
    + "emSign ECC Root CA - G3"
    + "emSign Root CA - C1"
    + "emSign Root CA - G1"
    + "Entrust Root Certification Authority - G4"
    + "GTS Root R1"
    + "GTS Root R2"
    + "GTS Root R3"
    + "GTS Root R4"
    + "Hongkong Post Root CA 3"
    + "UCA Extended Validation Root"
    + "UCA Global G2 Root"
    The following certificate authorities were removed (-):
    - "AddTrust External Root"
    - "Certinomis - Root CA"
    - "Certplus Class 2 Primary CA"
    - "Deutsche Telekom Root CA 2"
    - "GeoTrust Global CA"
    - "GeoTrust Primary Certification Authority"
    - "GeoTrust Primary Certification Authority - G2"
    - "GeoTrust Primary Certification Authority - G3"
    - "GeoTrust Universal CA"
    - "thawte Primary Root CA"
    - "thawte Primary Root CA - G2"
    - "thawte Primary Root CA - G3"
    - "VeriSign Class 3 Public Primary Certification Authority - G4"
    - "VeriSign Class 3 Public Primary Certification Authority - G5"
    - "VeriSign Universal Root Certification Authority"

 -- Michael Shuler <email address hidden>  Mon, 01 Jun 2020 11:45:49 -0500

Available diffs

diff from 20190110ubuntu2 (in Ubuntu) to 20200601 (53.9 KiB)

20190110

Superseded in buster-release on 2021-02-06

Superseded in sid-release on 2020-12-03

ca-certificates (20190110) unstable; urgency=high

  * debian/control:
    Depend on openssl (>= 1.1.1).
    Set Standards-Version: 4.3.0.1.
    Set Build-Depends: debhelper-compat (= 12); drop d/compat
    Remove trailing whitespace from d/changelog.
  * debian/ca-certificates.postinst:
    Fix permissions on /usr/local/share/ca-certificates when using symlinks.
    Closes: #916833
  * sbin/update-ca-certificates:
    Remove orphan symlinks found in /etc/ssl/certs to prevent `openssl
    rehash` from exiting with an error. Closes: #895482, #895473
    This will also fix removal of user CA certificates from /usr/local without
    needing to run --fresh. Closes: #911303
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.28.
    The following certificate authorities were added (+):
    + "GlobalSign Root CA - R6"
    + "OISTE WISeKey Global Root GC CA"
    The following certificate authorities were removed (-):
    - "Certplus Root CA G1"
    - "Certplus Root CA G2"
    - "OpenTrust Root CA G1"
    - "OpenTrust Root CA G2"
    - "OpenTrust Root CA G3"
    - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
    - "Visa eCommerce Root"

 -- Michael Shuler <email address hidden>  Thu, 10 Jan 2019 19:31:31 -0600

Available diffs

diff from 20180409 to 20190110 (15.7 KiB)
diff from 20180409ubuntu0.19.04.1 (in Ubuntu) to 20190110 (15.8 KiB)

20161130+nmu1+deb9u1

Superseded in buster-release on 2019-03-11

Superseded in sid-release on 2019-03-05

Superseded in stretch-release on 2020-07-18

ca-certificates (20161130+nmu1+deb9u1) stretch; urgency=medium

  * debian/ca-certificates.postinst:
    Prevent postinst failure on read-only /usr/local. Closes: #843722
  * debian/control:
    Remove Christian Perrier from uploaders at his request. Closes: #894070
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.22.
    Closes: #858064
    The following certificate authorities were added (+):
    + "AC RAIZ FNMT-RCM"
    + "Amazon Root CA 1"
    + "Amazon Root CA 2"
    + "Amazon Root CA 3"
    + "Amazon Root CA 4"
    + "D-TRUST Root CA 3 2013"
    + "GDCA TrustAUTH R5 ROOT"
    + "LuxTrust Global Root 2"
    + "SSL.com EV Root Certification Authority ECC"
    + "SSL.com EV Root Certification Authority RSA R2"
    + "SSL.com Root Certification Authority ECC"
    + "SSL.com Root Certification Authority RSA"
    + "Symantec Class 1 Public Primary Certification Authority - G4"
    + "Symantec Class 1 Public Primary Certification Authority - G6"
    + "Symantec Class 2 Public Primary Certification Authority - G4"
    + "Symantec Class 2 Public Primary Certification Authority - G6"
    + "TrustCor ECA-1"
    + "TrustCor RootCert CA-1"
    + "TrustCor RootCert CA-2"
    + "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
    The following certificate authorities were removed (-):
    - "ACEDICOM Root"
    - "AddTrust Public Services Root"
    - "AddTrust Qualified Certificates Root"
    - "ApplicationCA - Japanese Government"
    - "Buypass Class 2 CA 1"
    - "CA Disig Root R1"
    - "Certinomis - Autorité Racine"
    - "China Internet Network Information Center EV Certificates Root"
    - "CNNIC ROOT"
    - "Comodo Secure Services root"
    - "Comodo Trusted Services root"
    - "DST ACES CA X6"
    - "EBG Elektronik Sertifika Hizmet Saglayicisi"
    - "Equifax Secure CA"
    - "Equifax Secure eBusiness CA 1"
    - "Equifax Secure Global eBusiness CA"
    - "GeoTrust Global CA 2"
    - "IGC/A"
    - "Juur-SK"
    - "Microsec e-Szigno Root CA"
    - "PSCProcert"
    - "Root CA Generalitat Valenciana"
    - "RSA Security 2048 v3"
    - "Security Communication EV RootCA1"
    - "S-TRUST Authentication and Encryption Root CA 2005 PN"
    - "Swisscom Root CA 1"
    - "Swisscom Root EV CA 2"
    - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
    - "TURKTRUST Certificate Services Provider Root 2007"
    - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
    - "UTN USERFirst Hardware Root CA"
    - "Verisign Class 1 Public Primary Certification Authority"
    - "Verisign Class 2 Public Primary Certification Authority - G2"
    - "Verisign Class 3 Public Primary Certification Authority"
    - "WellsSecure Public Root Certificate Authority"

 -- Michael Shuler <email address hidden>  Sat, 07 Jul 2018 01:08:40 +0200

20180409

Superseded in sid-release on 2019-06-04

ca-certificates (20180409) unstable; urgency=medium

  [ Michael Shuler ]
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.22.
    The following certificate authorities were added (+):
    + "GDCA TrustAUTH R5 ROOT"
    + "SSL.com EV Root Certification Authority ECC"
    + "SSL.com EV Root Certification Authority RSA R2"
    + "SSL.com Root Certification Authority ECC"
    + "SSL.com Root Certification Authority RSA"
    + "TrustCor ECA-1"
    + "TrustCor RootCert CA-1"
    + "TrustCor RootCert CA-2"
    The following certificate authorities were removed (-):
    - "ACEDICOM Root"
    - "AddTrust Low-Value Services Root"
    - "AddTrust Public Services Root"
    - "AddTrust Qualified Certificates Root"
    - "CA Disig Root R1"
    - "CNNIC ROOT"
    - "Camerfirma Chambers of Commerce Root"
    - "Camerfirma Global Chambersign Root"
    - "Certinomis - Autorité Racine"
    - "Certum Root CA"
    - "China Internet Network Information Center EV Certificates Root"
    - "Comodo Secure Services root"
    - "Comodo Trusted Services root"
    - "DST ACES CA X6"
    - "GeoTrust Global CA 2"
    - "PSCProcert"
    - "Security Communication EV RootCA1"
    - "Swisscom Root CA 1"
    - "Swisscom Root CA 2"
    - "Swisscom Root EV CA 2"
    - "TURKTRUST Certificate Services Provider Root 2007"
    - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
    - "UTN USERFirst Hardware Root CA"
  * mozilla/blacklist.txt
    Update blacklist to remove certificates no longer in certdata.txt and
    explicitly ignore distrusted certificates.
  * debian/copyright:
    Fix lintian insecure-copyright-format-uri with https URL.
  * debian/changelog:
    Fix lintian file-contains-trailing-whitespace.
  * debian/{compat,control}:
    Set to debhelper compat 11.
  * Update openssl dependency to >= 1.1.0 to support `openssl rehash` and drop
    usage of `c_rehash` script. Closes: #895075

  [ Thijs Kinkhorst ]
  * Remove Christian Perrier from uploaders at his request (closes: #894070).
  * Checked for policy 4.1.4, no changes.

 -- Michael Shuler <email address hidden>  Mon, 09 Apr 2018 18:43:49 -0500

Available diffs

diff from 20170717 to 20180409 (263.5 KiB)

20170717

Superseded in buster-release on 2019-07-03

Superseded in sid-release on 2019-06-04

ca-certificates (20170717) unstable; urgency=medium

  * Update to Standards-Version: 4.0.1
  * debian/ca-certificates.postinst:
    Prevent postinst failure on read-only /usr/local. Closes: #843722
  * mozilla/certdata2pem.py:
    Remove email-only roots from mozilla trust store. Closes: #721976
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.14.
    Closes: #858064
    The following certificate authorities were added (+):
    + "AC RAIZ FNMT-RCM"
    + "Amazon Root CA 1"
    + "Amazon Root CA 2"
    + "Amazon Root CA 3"
    + "Amazon Root CA 4"
    + "D-TRUST Root CA 3 2013"
    + "LuxTrust Global Root 2"
    + "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
    The following certificate authorities were removed (-):
    - "AC Raiz Certicamara S.A."
    - "ApplicationCA - Japanese Government"
    - "Buypass Class 2 CA 1"
    - "ComSign CA"
    - "EBG Elektronik Sertifika Hizmet Saglayicisi"
    - "Equifax Secure CA"
    - "Equifax Secure eBusiness CA 1"
    - "Equifax Secure Global eBusiness CA"
    - "IGC/A"
    - "Juur-SK"
    - "Microsec e-Szigno Root CA"
    - "Root CA Generalitat Valenciana"
    - "RSA Security 2048 v3"
    - "S-TRUST Authentication and Encryption Root CA 2005 PN"
    - "S-TRUST Universal Root CA"
    - "SwissSign Platinum CA - G2"
    - "TC TrustCenter Class 3 CA II"
    - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
    - "UTN USERFirst Email Root CA"
    - "Verisign Class 1 Public Primary Certification Authority"
    - "Verisign Class 1 Public Primary Certification Authority - G3"
    - "Verisign Class 2 Public Primary Certification Authority - G2"
    - "Verisign Class 2 Public Primary Certification Authority - G3"
    - "Verisign Class 3 Public Primary Certification Authority"
    - "WellsSecure Public Root Certificate Authority"

 -- Michael Shuler <email address hidden>  Thu, 20 Jul 2017 00:18:08 -0500

Available diffs

diff from 20161130+nmu1 to 20170717 (64.7 KiB)

20161130+nmu1

Superseded in buster-release on 2018-07-19

Superseded in stretch-release on 2018-07-14

Superseded in sid-release on 2018-07-14

ca-certificates (20161130+nmu1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are
    now untrusted by the major browser vendors. Closes: #858539

 -- Chris Lamb <email address hidden>  Fri, 19 May 2017 16:53:16 +0200

Available diffs

diff from 20161130 to 20161130+nmu1 (731 bytes)

20141019+deb8u3

Published in jessie-release on 2017-05-07

ca-certificates (20141019+deb8u3) jessie; urgency=medium

  [ Michael Shuler ]
  * sbin/update-ca-certificates:
    Update local certificates directory when calling --fresh. Closes: #783615

  [ Andreas Beckmann ]
  * Backport another commit to make running update-certificates without hooks
    actually work (instead of showing a usage message). Closes: #825730

 -- Andreas Beckmann <email address hidden>  Sat, 29 Apr 2017 01:19:23 +0200

20141019+deb8u2

Superseded in jessie-release on 2017-05-07

ca-certificates (20141019+deb8u2) stable; urgency=medium

  [ Michael Shuler ]
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.9.
    Thanks for the initial 2.7 patch, Jonathan Wiltshire. Closes: #828845
    The following certificate authorities were added (+):
    + "Certplus Root CA G1"
    + "Certplus Root CA G2"
    + "Certum Trusted Network CA 2"
    + "Hellenic Academic and Research Institutions ECC RootCA 2015"
    + "Hellenic Academic and Research Institutions RootCA 2015"
    + "ISRG Root X1"
    + "OpenTrust Root CA G1"
    + "OpenTrust Root CA G2"
    + "OpenTrust Root CA G3"
    + "SZAFIR ROOT CA2"
    The following certificate authorities were removed (-):
    - "CA Disig"
    - "NetLock Business (Class B) Root"
    - "NetLock Express (Class C) Root"
    - "NetLock Notary (Class A) Root"
    - "NetLock Qualified (Class QA) Root"
    - "Sonera Class 1 Root CA"
    - "Staat der Nederlanden Root CA"
    - "Verisign Class 1 Public Primary Certification Authority - G2"
    - "Verisign Class 3 Public Primary Certification Authority"
    - "Verisign Class 3 Public Primary Certification Authority - G2"

  [ Andreas Beckmann ]
  * debian/postinst:
    Run update-certificates without hooks to initially populate
    /etc/ssl/certs.  (The hooks are deferred to the noawait trigger.)
    Closes: #825730

 -- Michael Shuler <email address hidden>  Fri, 18 Nov 2016 09:09:47 -0600

20161130

Superseded in stretch-release on 2017-06-14

Superseded in sid-release on 2017-06-13

ca-certificates (20161130) unstable; urgency=medium

  [ Philipp Kern ]
  * Add ca-certificates udeb package. Closes: #845456

  [ Michael Shuler ]
  * debian/{compat,control}:
    Update to compat level 10 and debhelper (>= 10)
    Shorten package description.
  * debian/po/id.po
    Update Indonesian debconf translation file for build time line reorder

 -- Michael Shuler <email address hidden>  Wed, 30 Nov 2016 21:20:53 -0600

Available diffs

diff from 20160104ubuntu1 (in Ubuntu) to 20161130 (41.0 KiB)
diff from 20161102 to 20161130 (4.7 KiB)

20161102

Superseded in stretch-release on 2016-12-16

Superseded in sid-release on 2016-12-05

ca-certificates (20161102) unstable; urgency=medium

  [ Michael Shuler ]
  * debian/control:
    Update to Standards-Version: 3.9.8
    Update to Vcs-Browser/Vcs-Git: https URLs
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.9.
    Thanks for the initial 2.7 patch, Jonathan Wiltshire. Closes: #828845
    The following certificate authorities were added (+):
    + "Certplus Root CA G1"
    + "Certplus Root CA G2"
    + "Certum Trusted Network CA 2"
    + "Hellenic Academic and Research Institutions ECC RootCA 2015"
    + "Hellenic Academic and Research Institutions RootCA 2015"
    + "ISRG Root X1"
    + "OpenTrust Root CA G1"
    + "OpenTrust Root CA G2"
    + "OpenTrust Root CA G3"
    + "SZAFIR ROOT CA2"
    The following certificate authorities were removed (-):
    - "CA Disig"
    - "NetLock Business (Class B) Root"
    - "NetLock Express (Class C) Root"
    - "NetLock Notary (Class A) Root"
    - "NetLock Qualified (Class QA) Root"
    - "Sonera Class 1 Root CA"
    - "Staat der Nederlanden Root CA"
    - "Verisign Class 1 Public Primary Certification Authority - G2"
    - "Verisign Class 3 Public Primary Certification Authority"
    - "Verisign Class 3 Public Primary Certification Authority - G2"

   [ Andreas Beckmann ]
   * debian/postinst:
     Run update-certificates without hooks to initially populate
     /etc/ssl/certs.  (The hooks are deferred to the noawait trigger.)
     Closes: #825730

    [ Izharul Haq ]
    * debian/po/id.po:
      Add Indonesian debconf translation. Thank you, Izharul! Closes: #835156

 -- Michael Shuler <email address hidden>  Wed, 02 Nov 2016 21:15:03 -0500

20141019+deb8u1

Superseded in jessie-release on 2017-01-14

ca-certificates (20141019+deb8u1) stable; urgency=medium

  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.6.
    Closes: #806239
    The following certificate authorities were added (+):
    + "CA WoSign ECC Root"
    + "Certification Authority of WoSign G2"
    + "Certinomis - Root CA"
    + "CFCA EV ROOT"
    + "COMODO RSA Certification Authority"
    + "Entrust Root Certification Authority - EC1"
    + "Entrust Root Certification Authority - G2"
    + "GlobalSign ECC Root CA - R4"
    + "GlobalSign ECC Root CA - R5"
    + "IdenTrust Commercial Root CA 1"
    + "IdenTrust Public Sector Root CA 1"
    + "OISTE WISeKey Global Root GB CA"
    + "S-TRUST Universal Root CA"
    + "Staat der Nederlanden EV Root CA"
    + "Staat der Nederlanden Root CA - G3"
    + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
    + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
    + "USERTrust ECC Certification Authority"
    + "USERTrust RSA Certification Authority"
    The following certificate authorities were removed (-):
    - "A-Trust-nQual-03"
    - "America Online Root Certification Authority 1"
    - "America Online Root Certification Authority 2"
    - "Buypass Class 3 CA 1"
    - "ComSign Secured CA"
    - "Digital Signature Trust Co. Global CA 1"
    - "Digital Signature Trust Co. Global CA 3"
    - "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"
    - "GTE CyberTrust Global Root"
    - "SG TRUST SERVICES RACINE"
    - "TC TrustCenter Class 2 CA II"
    - "TC TrustCenter Universal CA I"
    - "Thawte Premium Server CA"
    - "Thawte Server CA"
    - "TURKTRUST Certificate Services Provider Root 1"
    - "TURKTRUST Certificate Services Provider Root 2"
    - "UTN DATACorp SGC Root CA"
    - "Verisign Class 4 Public Primary Certification Authority - G3"

 -- Michael Shuler <email address hidden>  Mon, 14 Dec 2015 20:46:50 -0600

20160104

Superseded in stretch-release on 2016-11-09

Superseded in sid-release on 2016-11-03

ca-certificates (20160104) unstable; urgency=medium

  * debian/rules:
    Sort certificate list for reproducible builds.  Closes: #808711
  * mozilla/certdata2pem.py:
    Drop old CK*_NETSCAPE trust flag checks

 -- Michael Shuler <email address hidden>  Mon, 04 Jan 2016 11:08:26 -0600

20151214

Superseded in stretch-release on 2016-01-10

Superseded in sid-release on 2016-01-04

ca-certificates (20151214) unstable; urgency=medium

  * Removed SPI CA.  Closes: #796208
  * debian/{compat,control}:
    Updated d/compat to version 9 and updated Build-Depends.
  * debian/postinst:
    Handle /usr/local/share/ca-certificates permissions and ownership on
    upgrade.  Closes: #611501
  * mozilla/certdata2pem.py:
    Add Python 3 support to ca-certificates.
    Thanks to Andrew Wilcox and Richard Ipsum for the patch!  Closes: #789753
  * sbin/update-ca-certificates:
    Update local certificates directory when calling --fresh.
    Thanks for the patch, Daniel Lutz!  Closes: #783615
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.6.
    The following certificate authorities were added (+):
    + "CA WoSign ECC Root"
    + "Certification Authority of WoSign G2"
    + "Certinomis - Root CA"
    + "OISTE WISeKey Global Root GB CA"
    + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
    + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
    The following certificate authorities were removed (-):
    - "A-Trust-nQual-03"
    - "Buypass Class 3 CA 1"
    - "ComSign Secured CA"
    - "Digital Signature Trust Co. Global CA 1"
    - "Digital Signature Trust Co. Global CA 3"
    - "SG TRUST SERVICES RACINE"
    - "TC TrustCenter Class 2 CA II"
    - "TC TrustCenter Universal CA I"
    - "TURKTRUST Certificate Services Provider Root 1"
    - "TURKTRUST Certificate Services Provider Root 2"
    - "UTN DATACorp SGC Root CA"
    - "Verisign Class 4 Public Primary Certification Authority - G3"

 -- Michael Shuler <email address hidden>  Mon, 14 Dec 2015 18:51:50 -0600

20150426

Superseded in stretch-release on 2015-12-26

Superseded in sid-release on 2015-12-20

ca-certificates (20150426) unstable; urgency=medium

  * debian/postinst:
    Set mode and group of /usr/local/share/ca-certificates based on current
    /usr/local permissions and ownership.  Closes: #611501
  * sbin/update-ca-certificates:
    Allow customisation of the paths used by update-ca-certificates.
    Add an option to set the certs in a directory to the defaults.
    Thanks for the patches, Paul Wise.  Closes: #774059, #774201
    Fix shellcheck warnings and a little indentation.
  * sbin/update-ca-certificates.8:
    Correct concatenated file name in man page from certificates.crt to
    ca-certificates.crt.  Closes: #782230
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.4.
    The following certificate authorities were added (+):
    + "CFCA EV ROOT"
    + "COMODO RSA Certification Authority"
    + "Entrust Root Certification Authority - EC1"
    + "Entrust Root Certification Authority - G2"
    + "GlobalSign ECC Root CA - R4"
    + "GlobalSign ECC Root CA - R5"
    + "IdenTrust Commercial Root CA 1"
    + "IdenTrust Public Sector Root CA 1"
    + "S-TRUST Universal Root CA"
    + "Staat der Nederlanden EV Root CA"
    + "Staat der Nederlanden Root CA - G3"
    + "USERTrust ECC Certification Authority"
    + "USERTrust RSA Certification Authority"  Closes: #762709
    The following certificate authorities were removed (-):
    - "America Online Root Certification Authority 1"
    - "America Online Root Certification Authority 2"
    - "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"
    - "GTE CyberTrust Global Root"
    - "Thawte Premium Server CA"
    - "Thawte Server CA"

 -- Michael Shuler <email address hidden>  Sun, 26 Apr 2015 10:37:48 -0500

Available diffs

diff from 20141019 to 20150426 (39.2 KiB)

20141019

Superseded in stretch-release on 2015-06-03

Superseded in jessie-release on 2016-01-23

Superseded in sid-release on 2015-05-29

ca-certificates (20141019) unstable; urgency=medium


  * debian/copyright:
    Add coverage for all files reported by lintian
    file-without-copyright-information warning.
  * debian/source/lintian-overrides:
    Add file-without-copyright-information override for SPI certificate file.
  * sbin/update-ca-certificates:
    Restore SELinux label after generating ca-certificates.crt file.
    Thanks to Laurent Bigonville for the patch.  Closes: #742957
    Tidy indentation whitespace.
    Thanks to Antonio Terceiro for the patch.  Closes: #742663
  * debian/control:
    Update to Standards-Version: 3.9.6 (no other changes needed).
    Update Vcs-Browser link to cgit URL.

 -- Michael Shuler <email address hidden>  Sun, 19 Oct 2014 10:36:49 -0500

Available diffs

diff from 20140325 to 20141019 (35.4 KiB)

20130119+deb7u1

Published in wheezy-release on 2014-10-18

ca-certificates (20130119+deb7u1) stable; urgency=low


  * Stable update including one patch and current mozilla/certdata.txt.
    Closes: #501123
  * Fix certdata2pem.py for multiple CAs using the same CKA_LABEL.  Thanks
    to Marc Deslauriers for the patch.  Closes: #683403, LP: #1031333
  * Update mozilla/certdata.txt to version 1.97 (version now in nssckbi.h).
    Certificates added (+), removed (-), and renamed (~):
    + "ACCVRAIZ1"                                                         
    + "Atos TrustedRoot 2011"
    + "CA Disig Root R1"
    + "CA Disig Root R2"
    + "China Internet Network Information Center EV Certificates Root"
    + "D-TRUST Root Class 3 CA 2 2009"
    + "D-TRUST Root Class 3 CA 2 EV 2009"
    + "E-Tugra Certification Authority"
    + "PSCProcert"
    + "SG TRUST SERVICES RACINE"
    + "StartCom Certification Authority"
    ~ "StartCom Certification Authority"_2
      (both StartCom CAs now included with duplicate CKA_LABEL fix)
    + "Swisscom Root CA 2"
    + "Swisscom Root EV CA 2"
    + "T-TeleSec GlobalRoot Class 2"
    + "TURKTRUST Certificate Services Provider Root 2007"
    + "TWCA Global Root CA"
    + "TeliaSonera Root CA v1"
    + "Verisign Class 3 Public Primary Certification Authority"
    ~ "Verisign Class 3 Public Primary Certification Authority"_2
      (both Verisign Class 3 CAs now included with duplicate CKA_LABEL fix)
    - "Equifax Secure eBusiness CA 2"
    - "Firmaprofesional Root CA"
    - "TC TrustCenter Universal CA III"
    - "TDC OCES Root CA"
    - "Wells Fargo Root CA"

 -- Michael Shuler <email address hidden>  Sun, 30 Mar 2014 17:49:01 -0500

20140927

Superseded in jessie-release on 2014-10-30

Superseded in sid-release on 2014-10-20

ca-certificates (20140927) unstable; urgency=medium


  * Update Mozilla certificate authority bundle to version 2.1.
    The following certificate authorities were added (+):
    + "DigiCert Assured ID Root G2"
    + "DigiCert Assured ID Root G3"
    + "DigiCert Global Root G2"
    + "DigiCert Global Root G3"
    + "DigiCert Trusted Root G4"
    + "QuoVadis Root CA 1 G3"
    + "QuoVadis Root CA 2 G3"
    + "QuoVadis Root CA 3 G3"
    + "WoSign"
    + "WoSign China"
    The following certificate authorities were removed (-):
    - "Entrust.net Secure Server CA"
    - "RSA Root Certificate 1"
    - "TDC Internet Root CA"
    - "ValiCert Class 1 VA"
    - "ValiCert Class 2 VA"
  * Include clear list of CAs added/removed, as above, and include better note
    in README.Debian for trust reconfiguration.  Closes: #743365
  * Remove debian/config in debian/rules clean target.
  * Include d/{changelog,NEWS} entries in 20140223 for duplicate CKA_LABEL
    rename of "StartCom Certification Authority"_2.

 -- Michael Shuler <email address hidden>  Sat, 27 Sep 2014 15:14:00 -0500

20140325

Superseded in jessie-release on 2014-10-17

Superseded in sid-release on 2014-10-06

ca-certificates (20140325) unstable; urgency=medium


  * Update mozilla/certdata.txt to version 1.97+revert_of_936304
    Mozilla reverted the removal of 1024-bit root certificates for
    Entrust.net, GTE CyberTrust, and ValiCert (RSA), but did not update the
    version number in nssckbi.h.
    Certificates added (+) (none removed):
    + "Entrust.net Secure Server CA"
    + "GTE CyberTrust Global Root"
    + "RSA Root Certificate 1"
    + "ValiCert Class 1 VA"
    + "ValiCert Class 2 VA"

 -- Michael Shuler <email address hidden>  Tue, 25 Mar 2014 13:28:19 -0500

Available diffs

diff from 20130906ubuntu2 (in Ubuntu) to 20140325 (61.8 KiB)

20140223

Superseded in jessie-release on 2014-04-01

Superseded in sid-release on 2014-03-26

ca-certificates (20140223) unstable; urgency=medium


  * No longer ship cacert.org certificates.  Closes: #718434, LP: #1258286
  * Fix certdata2pem.py for multiple CAs using the same CKA_LABEL.  Thanks
    to Marc Deslauriers for the patch.  Closes: #683403, LP: #1031333
  * Sort local CA certificates on update-ca-certificates runs.  Thanks to
    Vaclav Ovsik for the suggestion and patch.  Closes: #727136
  * Add trailing newline to certificate, if it is missing.  Closes: #635570
  * Update mozilla/certdata.txt to version 1.97.
    Certificates added (+), removed (-), and renamed (~):
    + "ACCVRAIZ1"
    + "Atos TrustedRoot 2011"
    + "E-Tugra Certification Authority"
    + "SG TRUST SERVICES RACINE"
    + "T-TeleSec GlobalRoot Class 2"
    + "TWCA Global Root CA"
    + "TeliaSonera Root CA v1"
    + "Verisign Class 3 Public Primary Certification Authority"
    ~ "Verisign Class 3 Public Primary Certification Authority"_2
      (both Verisign Class 3 CAs now included with duplicate CKA_LABEL fix)
    - "Entrust.net Secure Server CA"
    - "Firmaprofesional Root CA"
    - "GTE CyberTrust Global Root"
    - "RSA Root Certificate 1"
    - "TDC OCES Root CA"
    - "ValiCert Class 1 VA"
    - "ValiCert Class 2 VA"
    - "Wells Fargo Root CA"

 -- Michael Shuler <email address hidden>  Sun, 23 Feb 2014 23:22:29 -0600

20130906

Superseded in jessie-release on 2014-03-19

Superseded in sid-release on 2014-03-13

ca-certificates (20130906) unstable; urgency=low


  * Add ca-certificates-local source package example to documentation
  * Update local certificate handling in README.Debian.
    Closes: #718173, LP: #487845
  * Update CA inclusion policy for ca-certificates in README.Debian. With
    the exception of SPI and CAcert, only those CAs included in Mozilla's
    trust store will be included in ca-certificates in Debian.
    Closes: #647848, LP: #103074
  * Clarify that not all software that uses SSL uses ca-certificates in
    README.Debian.  Closes: #664769
  * Add mozilla/nssckbi.h to source, since certdata.txt no longer contains
    a version number.
  * Update debian/copyright to "Copyright: Mozilla Contributors" for
    mozilla/{certdata.txt,nssckbi.h}.
  * Update mozilla/certdata.txt to version 1.94
    Certificates added (+) and removed (-):
    + "CA Disig Root R1"
    + "CA Disig Root R2"
    + "China Internet Network Information Center EV Certificates Root"
    + "D-TRUST Root Class 3 CA 2 2009"
    + "D-TRUST Root Class 3 CA 2 EV 2009"
    + "PSCProcert"
    + "Swisscom Root CA 2"
    + "Swisscom Root EV CA 2"
    + "TURKTRUST Certificate Services Provider Root 2007"
    - "Equifax Secure eBusiness CA 2"
    - "TC TrustCenter Universal CA III"

 -- Michael Shuler <email address hidden>  Fri, 06 Sep 2013 11:31:06 -0500

Available diffs

diff from 20130610 to 20130906 (31.3 KiB)

20130610

Superseded in jessie-release on 2013-09-18

Superseded in sid-release on 2013-09-07

ca-certificates (20130610) unstable; urgency=low


  [ Michael Shuler ]
  * Install CAcert root and class3 certificates individually, no longer
    installing the concatenation of the two. The individual certificates
    are installed as cacert.org_root.crt and cacert.org_class3.crt for ease
    of identification. Additionally, this allows openssl maintainers to drop
    a problematic patch to c_rehash for handling multi-certificate files.
    (see #642314)  Closes: #692323
  * Update Vcs-* fields for lintian vcs-field-not-canonical
  * Update to machine-readable debian/copyright file v1.0

  [ Thijs Kinkhorst ]
  * Drop upgrading code for upgrades from Debian Etch and earlier. 
  * Remove obsolete debconf.org CA certificate. DebConf now uses an
    intermediate certificate signed by SPI. (Closes: #693405)
  * Remove obsolete SPI CA certiticate.
  * Update Standards-Version: 3.9.4 (no changes needed)
  * Clean up man page (LP#: 850997).

 -- Thijs Kinkhorst <email address hidden>  Mon, 10 Jun 2013 19:52:15 +0200

Available diffs

diff from 20130119 to 20130610 (17.6 KiB)

20130119

Superseded in jessie-release on 2013-06-21

Superseded in wheezy-release on 2014-10-18

Superseded in sid-release on 2013-06-10

ca-certificates (20130119) unstable; urgency=low


  * Update mozilla/certdata.txt to version 1.87  Closes: #697366
    Certificates removed (-) (none added):
    - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
  * Remove unneeded and confusing usage of interest-noawait; remove unneeded
    Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
    Closes: #537051

 -- Michael Shuler <email address hidden>  Sat, 19 Jan 2013 14:02:09 -0600

Available diffs

diff from 20121114 to 20130119 (5.8 KiB)

20121114

Superseded in sid-release on 2013-01-20

ca-certificates (20121114) unstable; urgency=low


  [ Don Armstrong ]
  * Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
  * Provide update-ca-certificates and update-ca-certificates-fresh
    triggers.
  * Call the triggers using no-await so that the configuration files from
    the newer version of ca-certificates-java are in places before the
    upgrade. Closes: #537051.

  [ Michael Shuler ]
  * Add note to previous mozilla/certdata.txt changelog entry to document
    CKT_NSS_MUST_VERIFY_TRUST changes.

 -- Michael Shuler <email address hidden>  Wed, 14 Nov 2012 23:58:59 -0600

Available diffs

diff from 20121105 to 20121114 (1.5 KiB)

20121105

Superseded in sid-release on 2012-11-29

ca-certificates (20121105) unstable; urgency=low


  * Update mozilla/certdata.txt to version 1.86  Closes: #683728
    Certificates added (+) (none removed):
    + "Actalis Authentication Root CA"
    + "Trustis FPS Root CA"
    + "StartCom Certification Authority" (renewal/rehash)
    + "StartCom Certification Authority G2"
    + "Buypass Class 2 Root CA"
    + "Buypass Class 3 Root CA"
    + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
    + "T-TeleSec GlobalRoot Class 3"
    + "EE Certification Centre Root CA"
  * Correct piuparts package remove/purge behavior  Closes: #682125
    - Remove deletes of /etc/ssl{,/certs} from debian/postrm

 -- Michael Shuler <email address hidden>  Mon, 05 Nov 2012 10:56:05 -0600

Available diffs

diff from 20120623 to 20121105 (22.6 KiB)

20120623

Superseded in wheezy-release on 2013-02-04

Superseded in sid-release on 2012-11-07

ca-certificates (20120623) unstable; urgency=low


  * Add Polish translation, thanks to Michał Kułach.  Closes: #660002
  * Add Turkish translation, thanks to Atila KOÇ.  Closes: #661785
  * Correct update-ca-certificates(8) alignment  Closes: #666932
  * Add note to update-ca-certificates(8) about .crt extension needed for
    CA certificates in /usr/local/share/ca-certificates  Closes: #595279
  * Update mozilla/certdata.txt to version 1.83
    Mozilla Public License updated to v2.0
    (no added/removed CAs)
  * Update debian/copyright to:
    - reflect MPL v2.0 update for mozilla/certdata.txt
    - specify GPL-2 instead of GPL symlink
  * Update debian/NEWS with added/removed certs from 20111211 and 20120212
  * Update to Standards-Version: 3.9.3 (no changes needed)

 -- Michael Shuler <email address hidden>  Sat, 23 Jun 2012 09:16:54 -0500

Available diffs

diff from 20120212 to 20120623 (10.8 KiB)

20120212

Superseded in wheezy-release on 2012-07-04

Superseded in sid-release on 2012-06-23

ca-certificates (20120212) unstable; urgency=low


  * Update mozilla/certdata.txt to version 1.81
    Certificates added (+) and removed (-):
    + "Security Communication RootCA2"
    + "EC-ACC"
    + "Hellenic Academic and Research Institutions RootCA 2011"
    - "Verisign Class 2 Public Primary Certification Authority"
    - "Verisign Class 4 Public Primary Certification Authority - G2"
    - "TC TrustCenter, Germany, Class 2 CA"
    - "TC TrustCenter, Germany, Class 3 CA"
  * Add notice to README.Debian deprecating CA inclusions and refer to
    #647848 for Debian CA Certificate Policy discussion.

 -- Michael Shuler <email address hidden>  Sun, 12 Feb 2012 15:12:59 -0600

Available diffs

diff from 20111211 to 20120212 (13.0 KiB)

20111211

Superseded in wheezy-release on 2012-02-24

Superseded in sid-release on 2012-02-14

ca-certificates (20111211) unstable; urgency=low


  * Clarify CA audit note in package description and README.debian. Thanks
    to C.J. Adams-Collier for the patch.  Closes: #594383
  * Remove French Government IGC/A CA certificates. The RSA certificate is
    included in the Mozilla bundle and the DSA certificate is not in use.
    Closes: #646767
  * Remove expired signet.pl CAs.  Closes: #647849
  * Remove expired brasil.gov.br CA.
  * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
  * Use 'set -e' in body of debian/postinst
  * Update mozilla/certdata.txt to version 1.80
    (no added/removed CAs)
  * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data

 -- Michael Shuler <email address hidden>  Sun, 11 Dec 2011 19:05:32 -0600

Available diffs

diff from 20110502+nmu1ubuntu5 (in Ubuntu) to 20111211 (135.6 KiB)

20111025

Superseded in wheezy-release on 2011-12-25

Superseded in sid-release on 2011-12-15

ca-certificates (20111025) unstable; urgency=low


  [ Michael Shuler ]
  * Add 3.0 (native) source format
  * Add Vcs-Git/Browser fields
  * Add myself as new Maintainer with Uploaders  Closes: #588219
  * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
    Certificates added (+) and removed (-):
    + "AffirmTrust Commercial"
    + "AffirmTrust Networking"
    + "AffirmTrust Premium"
    + "AffirmTrust Premium ECC"
    + "A-Trust-nQual-03"
    + "Bogus Global Trustee"
    + "Bogus GMail"
    + "Bogus Google"
    + "Bogus kuix.de"
    + "Bogus live.com"
    + "Bogus Mozilla Addons"
    + "Bogus Skype"
    + "Bogus Yahoo 1"
    + "Bogus Yahoo 2"
    + "Bogus Yahoo 3"
    + "Certinomis - Autorité Racine"
    + "Certum Trusted Network CA"
    + "Explicitly Distrust DigiNotar Cyber CA"
    + "Explicitly Distrust DigiNotar Cyber CA 2nd"
    + "Explicitly Distrust DigiNotar Root CA"
    + "Explicitly Distrust DigiNotar Services 1024 CA"
    + "Explicitly Distrusted DigiNotar PKIoverheid"
    + "Explicitly Distrusted DigiNotar PKIoverheid G2"
    + "Go Daddy Root Certificate Authority - G2"
    + "Root CA Generalitat Valenciana"
    + "Starfield Root Certificate Authority - G2"
    + "Starfield Services Root Certificate Authority - G2"
    + "TWCA Root Certification Authority"
    - "AOL Time Warner Root Certification Authority 1"
    - "AOL Time Warner Root Certification Authority 2"
    - "DigiNotar Root CA"
    - "Entrust.net Global Secure Personal CA"
    - "Entrust.net Global Secure Server CA"
    - "Entrust.net Secure Personal CA"
    - "IPS Chained CAs root"
    - "IPS CLASE1 root"
    - "IPS CLASE3 root"
    - "IPS CLASEA1 root"
    - "IPS CLASEA3 root"
    - "IPS Timestamping root"
    - "Thawte Personal Freemail CA"
    - "Thawte Time Stamping CA"
  * "Bogus *" CAs above address Comodo MITM 03/11  Closes: #619587
  * Update CAcert-Class 3-Subroot-certificate  Closes: #630232

  [ Steve Langasek ]
  * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
    the way before calling c_rehash, so that symlinks don't accidentally get
    pointed here, breaking openssl certificate verification  LP: #854927

  [ Loïc Minier ]
  * Drop bogus c_rehash on upgrades, which caused issue when
    ca-certificates.crt was still in place; instead, call
    update-ca-certificates --fresh on upgrades to this version, and
    the usual update-ca-certificates otherwise  Closes: #643667, #537382

 -- Michael Shuler <email address hidden>  Tue, 25 Oct 2011 09:12:10 -0500

20111022

Superseded in sid-release on 2011-10-27

ca-certificates (20111022) unstable; urgency=low


  * QA upload.
  * Fix pending l10n issues. Debconf translations:
    - German (Helge Kreutzmann).  Closes: #634000
    - French (Christian Perrier).  Closes: #634092
    - Russian (Yuri Kozlov).  Closes: #635146
    - Swedish (Martin Bagge / brother).  Closes: #640622
    - Slovak (Slavko).  Closes: #641987
    - Spanish; (Javier Fernández-Sanguino).  Closes: #642359
    - Japanese (Kenshi Muto).  Closes: #644828
    - Czech (Miroslav Kure).  Closes: #644843
    - Danish (Joe Hansen).  Closes: #644854
    - Italian (Luca Monducci).  Closes: #645004
    - Dutch; (Jeroen Schot).  Closes: #645090
    - Portuguese (Miguel Figueiredo).  Closes: #645126
    - Galician (Jorge Barreiro).  Closes: #645138
    - Catalan; (Jordi Mallach).  Closes: #645182
    - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #645526
  * Split Choices in debconf templates
  * Add build-arch and build-indep build targets
  * Bump debhelper compatibility level to 8
  * Bump Standards to 3.9.2 (checked)
  * Replace "dh_clean -k" by dh_prep

 -- Christian Perrier <email address hidden>  Sat, 22 Oct 2011 14:24:00 +0200

20090814+nmu3squeeze1

Published in squeeze-release on 2011-10-08

ca-certificates (20090814+nmu3squeeze1) stable; urgency=low


  * Non-maintainer upload.
  * No-change upload with incremented version number to avoid a
    version number conflict with '20090814+nmu3'.

 -- Thijs Kinkhorst <email address hidden>  Tue, 13 Sep 2011 11:29:21 +0200

20110502+nmu1

Superseded in wheezy-release on 2011-11-06

Superseded in sid-release on 2011-10-22

ca-certificates (20110502+nmu1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Blacklist "DigiNotar Root CA" (Closes: #639744)

 -- Raphael Geissert <email address hidden>  Tue, 30 Aug 2011 21:00:55 -0500

20110502

Superseded in wheezy-release on 2011-09-21