diff options
| author | Michael Shuler <michael@pbandjelly.org> | 2020-06-11 09:14:51 -0500 |
|---|---|---|
| committer | Michael Shuler <michael@pbandjelly.org> | 2020-06-11 09:14:51 -0500 |
| commit | c151326dda72f703f7001f655e331b548eb1e411 (patch) | |
| tree | a1c826dc009ac6f8b2a8b2c78e4f364fed6608fb | |
| parent | 5dd5fef200d58d07bbd48afc050ebcc9b758df48 (diff) | |
| parent | 442fd47f4831483b72329e0df1f6260e4a91ab36 (diff) | |
| download | ca-certificates-debian-stretch.tar.gz | |
Merge branch 'debian-buster' into debian-stretchdebian-stretch
| -rw-r--r-- | debian/changelog | 39 | ||||
| -rw-r--r-- | debian/control | 4 | ||||
| -rw-r--r-- | mozilla/Makefile | 2 | ||||
| -rw-r--r-- | mozilla/blacklist.txt | 23 | ||||
| -rw-r--r-- | mozilla/certdata2pem.py | 2 |
5 files changed, 32 insertions, 38 deletions
diff --git a/debian/changelog b/debian/changelog index 37a142b..fa0d9f7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,16 +1,33 @@ -ca-certificates (20200601~deb9u1) stretch; urgency=medium +ca-certificates (20200611~deb9u1) stretch; urgency=medium * Rebuild for stretch. - * Merge changes from 20200601 - - d/control - * This release updates the Mozilla CA bundle to 2.40, blacklists - distrusted Symantec roots, and blacklists expired "AddTrust External - Root". Closes: #956411, #955038, #911289, #961907 - * Fix permissions on /usr/local/share/ca-certificates when using symlinks. - Closes: #916833 - * Remove email-only roots from mozilla trust store. Closes: #721976 - - -- Michael Shuler <michael@pbandjelly.org> Fri, 05 Jun 2020 11:52:50 -0500 + * This oldstable release Closes: #962596, #942915 + + -- Michael Shuler <michael@pbandjelly.org> Thu, 11 Jun 2020 09:11:56 -0500 + +ca-certificates (20200611) unstable; urgency=medium + + * mozilla/blacklist: + Revert Symantec CA blacklist (#911289). Closes: #962596 + The following root certificates were added back (+): + + "GeoTrust Global CA" + + "GeoTrust Primary Certification Authority" + + "GeoTrust Primary Certification Authority - G2" + + "GeoTrust Primary Certification Authority - G3" + + "GeoTrust Universal CA" + + "thawte Primary Root CA" + + "thawte Primary Root CA - G2" + + "thawte Primary Root CA - G3" + + "VeriSign Class 3 Public Primary Certification Authority - G4" + + "VeriSign Class 3 Public Primary Certification Authority - G5" + + "VeriSign Universal Root Certification Authority" + + [ Gianfranco Costamagna ] + * debian/{rules,control}: + Merge Ubuntu patch from Matthias Klose to use Python3 during build. + Closes: #942915 + + -- Michael Shuler <michael@pbandjelly.org> Thu, 11 Jun 2020 08:38:00 -0500 ca-certificates (20200601) unstable; urgency=medium diff --git a/debian/control b/debian/control index 9899120..c6127f7 100644 --- a/debian/control +++ b/debian/control @@ -3,9 +3,9 @@ Section: misc Priority: optional Maintainer: Michael Shuler <michael@pbandjelly.org> Uploaders: Raphael Geissert <geissert@debian.org>, - Thijs Kinkhorst <thijs@debian.org>, + Thijs Kinkhorst <thijs@debian.org> Build-Depends: debhelper (>= 10), po-debconf -Build-Depends-Indep: python, openssl +Build-Depends-Indep: python3, openssl Standards-Version: 3.9.8 Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git Vcs-Browser: https://salsa.debian.org/debian/ca-certificates diff --git a/mozilla/Makefile b/mozilla/Makefile index 6f46118..f98877c 100644 --- a/mozilla/Makefile +++ b/mozilla/Makefile @@ -3,7 +3,7 @@ # all: - python certdata2pem.py + python3 certdata2pem.py clean: -rm -f *.crt diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt index ec81988..4318bb5 100644 --- a/mozilla/blacklist.txt +++ b/mozilla/blacklist.txt @@ -11,29 +11,6 @@ "TURKTRUST Mis-issued Intermediate CA 1" "TURKTRUST Mis-issued Intermediate CA 2" -# Distrusted Symantec Root CAs: -"GeoTrust Global CA" -"GeoTrust Primary Certification Authority" -"GeoTrust Primary Certification Authority - G2" -"GeoTrust Primary Certification Authority - G3" -"GeoTrust Universal CA" -"Thawte Premium Server CA" -"thawte Primary Root CA" -"thawte Primary Root CA - G2" -"thawte Primary Root CA - G3" -"Symantec Class 1 Public Primary Certification Authority - G4" -"Symantec Class 1 Public Primary Certification Authority - G6" -"Symantec Class 2 Public Primary Certification Authority - G4" -"Symantec Class 2 Public Primary Certification Authority - G6" -"Symantec Class 3 Public Primary Certification Authority - G4" -"Symantec Class 3 Public Primary Certification Authority - G6" -"VeriSign Class 1 Public Primary Certification Authority - G3" -"VeriSign Class 2 Public Primary Certification Authority - G3" -"VeriSign Class 3 Public Primary Certification Authority - G3" -"VeriSign Class 3 Public Primary Certification Authority - G4" -"VeriSign Class 3 Public Primary Certification Authority - G5" -"VeriSign Universal Root Certification Authority" - # Blacklist expired certificate (Not After : May 30 10:48:38 2020 GMT) # See: https://bugs.debian.org/961907 "AddTrust External Root" diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py index 0b02b2a..7d796f1 100644 --- a/mozilla/certdata2pem.py +++ b/mozilla/certdata2pem.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 # vim:set et sw=4: # # certdata2pem.py - splits certdata.txt into multiple files |