Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Blacklist expired root certificate, "AddTrust External CA Root" | Michael Shuler | 2020-06-01 | 2 | -1/+9 |
| | |||||
* | Update d/changelog | Michael Shuler | 2020-06-01 | 1 | -1/+2 |
| | |||||
* | Standards-Version: 4.5.0.2; debhelper-compat (= 13) | Michael Shuler | 2020-06-01 | 1 | -2/+2 |
| | |||||
* | Update d/changelog | Michael Shuler | 2020-06-01 | 1 | -0/+4 |
| | |||||
* | Set Standards-Version: 4.5.0; Replace tabs in copywrite | Michael Shuler | 2020-06-01 | 2 | -7/+7 |
| | |||||
* | Set release 20200601; add Symantec CAs to blacklist | Michael Shuler | 2020-06-01 | 2 | -3/+39 |
| | |||||
* | Update Mozilla CA bundle to 2.40 | Michael Shuler | 2020-01-18 | 3 | -801/+1203 |
| | |||||
* | Set release to 20190122 | Michael Shuler | 2019-01-22 | 1 | -2/+2 |
| | |||||
* | Update Mozilla CA bundle to 2.30 | Michael Shuler | 2019-01-10 | 3 | -890/+1053 |
| | |||||
* | Update to standards 4.3.0.1 and compat 12debian/20190110 | Michael Shuler | 2019-01-10 | 3 | -6/+6 |
| | |||||
* | Depend on openssl >= 1.1.1 | Michael Shuler | 2018-12-21 | 2 | -6/+8 |
| | |||||
* | Add Closes: #911303 | Michael Shuler | 2018-12-20 | 1 | -0/+2 |
| | |||||
* | Standards-Version: 4.2.1 & removed d/changelog whitespace | Michael Shuler | 2018-12-20 | 2 | -2/+3 |
| | |||||
* | Release 20181220 | Michael Shuler | 2018-12-20 | 1 | -2/+2 |
| | |||||
* | Remove orphan symlinks found in /etc/ssl/certs | Michael Shuler | 2018-12-20 | 2 | -1/+13 |
| | | | | | | This should prevent `openssl rehash` from exiting with an error on a symlink with nonexistent target, since the behavior changed from c_rehash. See #895482, #895473. | ||||
* | Revert "Remove all orphan symlinks found in /etc/ssl/certs" | Michael Shuler | 2018-12-20 | 2 | -11/+0 |
| | | | | | | | This reverts commit 1ef0fd15cc77c854e79a4f599d5228a67548ab87. While this worked great to fix the error, it also broke the counting on upgrade for how many certificates were removed.. (-_-) | ||||
* | Remove all orphan symlinks found in /etc/ssl/certs | Michael Shuler | 2018-12-20 | 2 | -0/+11 |
| | | | | | | This should prevent `openssl rehash` from exiting with an error on a symlink with nonexistent target, since the behavior changed from c_rehash. See #895482, #895473. | ||||
* | Fix permissions on /usr/local/share/ca-certificates | Michael Shuler | 2018-12-20 | 2 | -4/+7 |
| | | | | Follow symlinks to stat the correct permissions and ownership - 916833 | ||||
* | Update Mozilla CA bundle to 2.28 | Michael Shuler | 2018-12-20 | 3 | -745/+308 |
| | |||||
* | Set 20180409 to 'unstable' for releasedebian/20180409 | Michael Shuler | 2018-04-09 | 1 | -2/+2 |
| | |||||
* | Drop -compat flag on `openssl rehash` | Michael Shuler | 2018-04-09 | 2 | -3/+3 |
| | |||||
* | Checked for policy 4.1.4. | Thijs Kinkhorst | 2018-04-08 | 2 | -2/+2 |
| | | | | | | We create a directory under /usr/local, but ensure it has the same permissions as /usr/local itself. I believe this satisfies the new policy requirement about the staff group. | ||||
* | Add Closes: #895075 | Michael Shuler | 2018-04-07 | 1 | -1/+1 |
| | |||||
* | Update openssl dependency to >= 1.1.0 | Michael Shuler | 2018-04-05 | 5 | -6/+8 |
| | | | | Switch to `openssl rehash` and drop usage of `c_rehash` script | ||||
* | Update mozilla/blacklist.txt | Michael Shuler | 2018-03-29 | 2 | -20/+13 |
| | | | | | - remove certificates no longer in certdata.txt - explicitly ignore distrusted certificates to prevent build errors | ||||
* | Add debian/.debhelper to .gitignore | Michael Shuler | 2018-03-29 | 1 | -0/+1 |
| | |||||
* | Set to debhelper >= 11 | Michael Shuler | 2018-03-29 | 2 | -2/+2 |
| | |||||
* | Set to debhelper compat 11 | Michael Shuler | 2018-03-29 | 2 | -1/+3 |
| | |||||
* | Fix lintian file-contains-trailing-whitespace | Michael Shuler | 2018-03-29 | 1 | -22/+24 |
| | |||||
* | Fix lintian insecure-copyright-format-uri with https URL | Michael Shuler | 2018-03-29 | 2 | -1/+3 |
| | |||||
* | Update d/changelog with CA adds/removes | Michael Shuler | 2018-03-29 | 1 | -2/+31 |
| | |||||
* | Update Mozilla CA bundle to 2.22 | Michael Shuler | 2018-03-29 | 3 | -5715/+1292 |
| | |||||
* | Remove Christian Perrier from d/control | Michael Shuler | 2018-03-29 | 1 | -1/+0 |
| | |||||
* | Checked for policy 4.1.3, no changes. | Thijs Kinkhorst | 2018-03-26 | 1 | -0/+1 |
| | |||||
* | Remove Christian Perrier from uploaders at his request (closes: #894070). | Thijs Kinkhorst | 2018-03-26 | 1 | -0/+4 |
| | |||||
* | Checked for policy 4.1.3, no changes | Thijs Kinkhorst | 2018-01-06 | 1 | -1/+1 |
| | |||||
* | Update Vcs urls for salsa migration | Thijs Kinkhorst | 2018-01-06 | 1 | -2/+2 |
| | |||||
* | Update Mozilla CA bundle to 2.16 | Michael Shuler | 2017-08-14 | 3 | -1898/+117 |
| | |||||
* | Checked for policy 4.0.1debian/20170717 | Thijs Kinkhorst | 2017-08-14 | 2 | -2/+2 |
| | |||||
* | Add Closes: #858064 | Michael Shuler | 2017-07-21 | 1 | -0/+1 |
| | |||||
* | Update to Standards-Version: 4.0.0 | Michael Shuler | 2017-07-20 | 2 | -1/+2 |
| | |||||
* | Release 20170717 | Michael Shuler | 2017-07-20 | 1 | -2/+2 |
| | |||||
* | Update changelog for email-only removal #721976 | Michael Shuler | 2017-07-19 | 1 | -6/+12 |
| | |||||
* | Remove email-only roots from mozilla trust store | Jacob Hoffman-Andrews | 2017-07-18 | 1 | -2/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These roots are trusted in the Mozilla program only for S/MIME, so should not be included in ca-certificates, which most applications use to validate TLS certificates. Per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721976, the only MUAs that depend on or suggest ca-certificates are Mutt and Sylpheed. Sylpheed doesn't use ca-certificates for S/MIME. Mutt does, but I think it is still safe to remove thes because: (a) S/MIME is relatively uncommon, and (b) The CAs that have both TLS and S/MIME bits will continue to work, and (c) Nearly all of the 12 removed email-only CAs have ceased operation of their email certificate services Verisign Class 1 Public Primary Certification Authority - G3 Verisign Class 2 Public Primary Certification Authority - G3 UTN USERFirst Email Root CA SwissSign Platinum CA - G2 AC Raiz Certicamara S.A. TC TrustCenter Class 3 CA II ComSign CA S-TRUST Universal Root CA Symantec Class 1 Public Primary Certification Authority - G6 Symantec Class 2 Public Primary Certification Authority - G6 Symantec Class 1 Public Primary Certification Authority - G4 Symantec Class 2 Public Primary Certification Authority - G4 | ||||
* | Prevent postinst failure on read-only /usr/local | Michael Shuler | 2017-07-18 | 2 | -2/+4 |
| | |||||
* | Remove NEWS | Michael Shuler | 2017-07-17 | 1 | -424/+0 |
| | | | | | | | | The CA add/remove info is in the changelog for users that wish to know what certificate authorities were added or removed. The default installation of apt-listchanges results in lots of emails from users wondering why the package maintainer is emailing them or halting their automated upgrades. | ||||
* | Add unstable gbp.conf | Michael Shuler | 2017-07-17 | 1 | -0/+2 |
| | |||||
* | Update Mozilla CA bundle to 2.14 | Michael Shuler | 2017-07-17 | 3 | -679/+507 |
| | |||||
* | merge in NMU for #858539debian/20161130+nmu1 | Antoine Beaupré | 2017-07-06 | 2 | -0/+24 |
| | |||||
* | Add mozilla bundle NEWS | Michael Shuler | 2017-01-23 | 1 | -0/+31 |
| |