-
ca-certificates (20141019+deb8u3) jessie; urgency=medium
[ Michael Shuler ]
* sbin/update-ca-certificates:
Update local certificates directory when calling --fresh. Closes: #783615
[ Andreas Beckmann ]
* Backport another commit to make running update-certificates without hooks
actually work (instead of showing a usage message). Closes: #825730
-- Andreas Beckmann <email address hidden> Sat, 29 Apr 2017 01:19:23 +0200
-
ca-certificates (20141019+deb8u2) stable; urgency=medium
[ Michael Shuler ]
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.9.
Thanks for the initial 2.7 patch, Jonathan Wiltshire. Closes: #828845
The following certificate authorities were added (+):
+ "Certplus Root CA G1"
+ "Certplus Root CA G2"
+ "Certum Trusted Network CA 2"
+ "Hellenic Academic and Research Institutions ECC RootCA 2015"
+ "Hellenic Academic and Research Institutions RootCA 2015"
+ "ISRG Root X1"
+ "OpenTrust Root CA G1"
+ "OpenTrust Root CA G2"
+ "OpenTrust Root CA G3"
+ "SZAFIR ROOT CA2"
The following certificate authorities were removed (-):
- "CA Disig"
- "NetLock Business (Class B) Root"
- "NetLock Express (Class C) Root"
- "NetLock Notary (Class A) Root"
- "NetLock Qualified (Class QA) Root"
- "Sonera Class 1 Root CA"
- "Staat der Nederlanden Root CA"
- "Verisign Class 1 Public Primary Certification Authority - G2"
- "Verisign Class 3 Public Primary Certification Authority"
- "Verisign Class 3 Public Primary Certification Authority - G2"
[ Andreas Beckmann ]
* debian/postinst:
Run update-certificates without hooks to initially populate
/etc/ssl/certs. (The hooks are deferred to the noawait trigger.)
Closes: #825730
-- Michael Shuler <email address hidden> Fri, 18 Nov 2016 09:09:47 -0600
-
ca-certificates (20141019+deb8u1) stable; urgency=medium
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.6.
Closes: #806239
The following certificate authorities were added (+):
+ "CA WoSign ECC Root"
+ "Certification Authority of WoSign G2"
+ "Certinomis - Root CA"
+ "CFCA EV ROOT"
+ "COMODO RSA Certification Authority"
+ "Entrust Root Certification Authority - EC1"
+ "Entrust Root Certification Authority - G2"
+ "GlobalSign ECC Root CA - R4"
+ "GlobalSign ECC Root CA - R5"
+ "IdenTrust Commercial Root CA 1"
+ "IdenTrust Public Sector Root CA 1"
+ "OISTE WISeKey Global Root GB CA"
+ "S-TRUST Universal Root CA"
+ "Staat der Nederlanden EV Root CA"
+ "Staat der Nederlanden Root CA - G3"
+ "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+ "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+ "USERTrust ECC Certification Authority"
+ "USERTrust RSA Certification Authority"
The following certificate authorities were removed (-):
- "A-Trust-nQual-03"
- "America Online Root Certification Authority 1"
- "America Online Root Certification Authority 2"
- "Buypass Class 3 CA 1"
- "ComSign Secured CA"
- "Digital Signature Trust Co. Global CA 1"
- "Digital Signature Trust Co. Global CA 3"
- "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"
- "GTE CyberTrust Global Root"
- "SG TRUST SERVICES RACINE"
- "TC TrustCenter Class 2 CA II"
- "TC TrustCenter Universal CA I"
- "Thawte Premium Server CA"
- "Thawte Server CA"
- "TURKTRUST Certificate Services Provider Root 1"
- "TURKTRUST Certificate Services Provider Root 2"
- "UTN DATACorp SGC Root CA"
- "Verisign Class 4 Public Primary Certification Authority - G3"
-- Michael Shuler <email address hidden> Mon, 14 Dec 2015 20:46:50 -0600
-
ca-certificates (20141019) unstable; urgency=medium
* debian/copyright:
Add coverage for all files reported by lintian
file-without-copyright-information warning.
* debian/source/lintian-overrides:
Add file-without-copyright-information override for SPI certificate file.
* sbin/update-ca-certificates:
Restore SELinux label after generating ca-certificates.crt file.
Thanks to Laurent Bigonville for the patch. Closes: #742957
Tidy indentation whitespace.
Thanks to Antonio Terceiro for the patch. Closes: #742663
* debian/control:
Update to Standards-Version: 3.9.6 (no other changes needed).
Update Vcs-Browser link to cgit URL.
-- Michael Shuler <email address hidden> Sun, 19 Oct 2014 10:36:49 -0500
-
ca-certificates (20140927) unstable; urgency=medium
* Update Mozilla certificate authority bundle to version 2.1.
The following certificate authorities were added (+):
+ "DigiCert Assured ID Root G2"
+ "DigiCert Assured ID Root G3"
+ "DigiCert Global Root G2"
+ "DigiCert Global Root G3"
+ "DigiCert Trusted Root G4"
+ "QuoVadis Root CA 1 G3"
+ "QuoVadis Root CA 2 G3"
+ "QuoVadis Root CA 3 G3"
+ "WoSign"
+ "WoSign China"
The following certificate authorities were removed (-):
- "Entrust.net Secure Server CA"
- "RSA Root Certificate 1"
- "TDC Internet Root CA"
- "ValiCert Class 1 VA"
- "ValiCert Class 2 VA"
* Include clear list of CAs added/removed, as above, and include better note
in README.Debian for trust reconfiguration. Closes: #743365
* Remove debian/config in debian/rules clean target.
* Include d/{changelog,NEWS} entries in 20140223 for duplicate CKA_LABEL
rename of "StartCom Certification Authority"_2.
-- Michael Shuler <email address hidden> Sat, 27 Sep 2014 15:14:00 -0500
-
ca-certificates (20140325) unstable; urgency=medium
* Update mozilla/certdata.txt to version 1.97+revert_of_936304
Mozilla reverted the removal of 1024-bit root certificates for
Entrust.net, GTE CyberTrust, and ValiCert (RSA), but did not update the
version number in nssckbi.h.
Certificates added (+) (none removed):
+ "Entrust.net Secure Server CA"
+ "GTE CyberTrust Global Root"
+ "RSA Root Certificate 1"
+ "ValiCert Class 1 VA"
+ "ValiCert Class 2 VA"
-- Michael Shuler <email address hidden> Tue, 25 Mar 2014 13:28:19 -0500
-
ca-certificates (20140223) unstable; urgency=medium
* No longer ship cacert.org certificates. Closes: #718434, LP: #1258286
* Fix certdata2pem.py for multiple CAs using the same CKA_LABEL. Thanks
to Marc Deslauriers for the patch. Closes: #683403, LP: #1031333
* Sort local CA certificates on update-ca-certificates runs. Thanks to
Vaclav Ovsik for the suggestion and patch. Closes: #727136
* Add trailing newline to certificate, if it is missing. Closes: #635570
* Update mozilla/certdata.txt to version 1.97.
Certificates added (+), removed (-), and renamed (~):
+ "ACCVRAIZ1"
+ "Atos TrustedRoot 2011"
+ "E-Tugra Certification Authority"
+ "SG TRUST SERVICES RACINE"
+ "T-TeleSec GlobalRoot Class 2"
+ "TWCA Global Root CA"
+ "TeliaSonera Root CA v1"
+ "Verisign Class 3 Public Primary Certification Authority"
~ "Verisign Class 3 Public Primary Certification Authority"_2
(both Verisign Class 3 CAs now included with duplicate CKA_LABEL fix)
- "Entrust.net Secure Server CA"
- "Firmaprofesional Root CA"
- "GTE CyberTrust Global Root"
- "RSA Root Certificate 1"
- "TDC OCES Root CA"
- "ValiCert Class 1 VA"
- "ValiCert Class 2 VA"
- "Wells Fargo Root CA"
-- Michael Shuler <email address hidden> Sun, 23 Feb 2014 23:22:29 -0600
-
ca-certificates (20130906) unstable; urgency=low
* Add ca-certificates-local source package example to documentation
* Update local certificate handling in README.Debian.
Closes: #718173, LP: #487845
* Update CA inclusion policy for ca-certificates in README.Debian. With
the exception of SPI and CAcert, only those CAs included in Mozilla's
trust store will be included in ca-certificates in Debian.
Closes: #647848, LP: #103074
* Clarify that not all software that uses SSL uses ca-certificates in
README.Debian. Closes: #664769
* Add mozilla/nssckbi.h to source, since certdata.txt no longer contains
a version number.
* Update debian/copyright to "Copyright: Mozilla Contributors" for
mozilla/{certdata.txt,nssckbi.h}.
* Update mozilla/certdata.txt to version 1.94
Certificates added (+) and removed (-):
+ "CA Disig Root R1"
+ "CA Disig Root R2"
+ "China Internet Network Information Center EV Certificates Root"
+ "D-TRUST Root Class 3 CA 2 2009"
+ "D-TRUST Root Class 3 CA 2 EV 2009"
+ "PSCProcert"
+ "Swisscom Root CA 2"
+ "Swisscom Root EV CA 2"
+ "TURKTRUST Certificate Services Provider Root 2007"
- "Equifax Secure eBusiness CA 2"
- "TC TrustCenter Universal CA III"
-- Michael Shuler <email address hidden> Fri, 06 Sep 2013 11:31:06 -0500
-
ca-certificates (20130610) unstable; urgency=low
[ Michael Shuler ]
* Install CAcert root and class3 certificates individually, no longer
installing the concatenation of the two. The individual certificates
are installed as cacert.org_root.crt and cacert.org_class3.crt for ease
of identification. Additionally, this allows openssl maintainers to drop
a problematic patch to c_rehash for handling multi-certificate files.
(see #642314) Closes: #692323
* Update Vcs-* fields for lintian vcs-field-not-canonical
* Update to machine-readable debian/copyright file v1.0
[ Thijs Kinkhorst ]
* Drop upgrading code for upgrades from Debian Etch and earlier.
* Remove obsolete debconf.org CA certificate. DebConf now uses an
intermediate certificate signed by SPI. (Closes: #693405)
* Remove obsolete SPI CA certiticate.
* Update Standards-Version: 3.9.4 (no changes needed)
* Clean up man page (LP#: 850997).
-- Thijs Kinkhorst <email address hidden> Mon, 10 Jun 2013 19:52:15 +0200
-
ca-certificates (20130119) unstable; urgency=low
* Update mozilla/certdata.txt to version 1.87 Closes: #697366
Certificates removed (-) (none added):
- "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
* Remove unneeded and confusing usage of interest-noawait; remove unneeded
Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
Closes: #537051
-- Michael Shuler <email address hidden> Sat, 19 Jan 2013 14:02:09 -0600
