summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Upload to unstableHEADmasterJulien Cristau2023-03-111-2/+2
|
* Update Mozilla certificate authority bundle to version 2.60Julien Cristau2023-03-114-2555/+3725
|
* Add changelog entryJulien Cristau2022-12-061-0/+3
|
* Make certdata2pem.py work with newer cryptography versionsWataru Ashihara2022-12-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | certdata2pem.py is incompatible the cryptography package version 2. $ pip3 install -U cryptography~=2.0 # 2.9.2 ... $ python3 certdata2pem.py ... Traceback (most recent call last): File "certdata2pem.py", line 125, in <module> cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' $ pip3 install -U cryptography~=3.0 # 3.4.8 ... $ python3 certdata2pem.py # ok ... I think this should be noted in README. cryptography>=35.0 is also incompatible: $ pip3 install -U cryptography~=35.0 ... $ python3 certdata2pem.py Traceback (most recent call last): File "certdata2pem.py", line 125, in <module> cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) File "/home/wsh/.local/lib/python3.8/site-packages/cryptography/x509/base.py", line 443, in load_der_x509_certificate return rust_x509.load_der_x509_certificate(data) TypeError: argument 'data': 'bytearray' object cannot be converted to 'PyBytes'
* Drop trailing space from debconf template causing misformattingJulien Cristau2022-02-222-1/+3
| | | | Closes: #980821
* Update Mozilla certificate authority bundle to version 2.52Julien Cristau2022-01-114-3/+789
|
* Blacklist expired CAsJulien Cristau2022-01-111-0/+2
|
* Add changelog entryJulien Cristau2022-01-111-0/+10
|
* Merge branch 'busybox-compat' into 'master'Julien Cristau2021-12-141-2/+2
|\ | | | | | | | | update-ca-certificates: compat with non-GNU mktemp(1) See merge request debian/ca-certificates!8
| * update-ca-certificates: compat with non-GNU mktemp(1)Đoàn Trần Công Danh2021-11-301-2/+2
| | | | | | | | | | | | | | | | | | | | BSD and BusyBox lacks --tmpdir support. Emulate it with -p instead. Close bugs #1000847 Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
* | mozilla/certdata2pem.py: use UTC time when checking cert validityIlya Lipnitskiy2021-12-141-1/+1
|/ | | | | | | | | | x509.not_valid_after returns naive UTC datetime and so does datetime.utcnow(), so keep the time consistent when performing the comparison. Fixes: 8033d5225917 ("mozilla/certdata2pem.py: print a warning for expired certificates.") Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> Signed-off-by: Julien Cristau <jcristau@debian.org>
* Upload to unstabledebian/20211016Julien Cristau2021-10-161-2/+2
|
* Fix error on install when TEMPBUNDLE missing. Closes: #996005Michael Shuler2021-10-162-4/+15
| | | | [jcristau: also make the restorecon call conditional]
* Upload to unstableJulien Cristau2021-10-091-2/+2
|
* mozilla/certdata2pem.py: print a warning for expired certificates.Julien Cristau2021-10-043-1/+13
|
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)Julien Cristau2021-10-042-0/+4
|
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority ↵Julien Cristau2021-10-043-768/+1387
| | | | | | | | | | | | | | | | | | | | | | | bundle to version 2.50 The following certificate authorities were added (+): + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" + "GlobalSign Root R46" + "GlobalSign Root E46" + "GLOBALTRUST 2020" + "ANF Secure Server Root CA" + "Certum EC-384 CA" + "Certum Trusted Root CA" The following certificate authorities were removed (-): - "QuoVadis Root CA" - "Sonera Class 2 Root CA" - "GeoTrust Primary Certification Authority - G2" - "VeriSign Universal Root Certification Authority" - "Chambers of Commerce Root - 2008" - "Global Chambersign Root - 2008" - "Trustis FPS Root CA" - "Staat der Nederlanden Root CA - G3"
* Merge branch 'master' into 'master'Julien Cristau2021-04-082-3/+6
|\ | | | | | | | | ca-certificates: Two small updates See merge request debian/ca-certificates!5
| * update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdirRichard Purdie2021-02-201-2/+2
| | | | | | | | | | | | | | According to coreutils docs, mktemp -t is deprecated, switch to the --tmpdir option instead. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| * sbin/Makefile: Allow the sbin path to be configurableRichard Purdie2021-02-201-1/+4
|/ | | | | | | | | Some project sharing ca-certificates from Debian allow configuration of the installation location. Make the sbin location configurable. Also ensure the target directory exists Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Bump package priority from optional to standard.Julien Cristau2021-01-272-0/+2
|
* Don't remove ca-certificates.crt before updating itJulien Cristau2021-01-202-2/+3
| | | | | It would previously go missing for a short while (closes: #920348). Thanks, Dimitris Aragiorgis!
* Create temporary ca-certificates.crt on the same file system.Julien Cristau2021-01-202-1/+6
| | | | Closes: #923784
* Fix day-of-week for changelog entry 20090624.Debian Janitor2021-01-201-1/+7
| | | | | Fixes: lintian: debian-changelog-has-wrong-day-of-week See-also: https://lintian.debian.org/tags/debian-changelog-has-wrong-day-of-week.html
* Upload to unstabledebian/20210119archive/debian/20210119Julien Cristau2021-01-191-2/+2
|
* Remove obsolete items from the blacklistJulien Cristau2021-01-191-7/+0
| | | | These entries are no longer present in certdata.txt.
* Update Mozilla certificate authority bundle to version 2.46Julien Cristau2021-01-193-3063/+1232
| | | | | | | | | | | | | | | | | | | | | | | The following certificate authorities were added (+): + "certSIGN ROOT CA G2" + "e-Szigno Root CA 2017" + "Microsoft ECC Root Certificate Authority 2017" + "Microsoft RSA Root Certificate Authority 2017" + "NAVER Global Root Certification Authority" + "Trustwave Global Certification Authority" + "Trustwave Global ECC P256 Certification Authority" + "Trustwave Global ECC P384 Certification Authority" The following certificate authorities were removed (-): - "EE Certification Centre Root CA" - "GeoTrust Universal CA 2" - "LuxTrust Global Root 2" - "OISTE WISeKey Global Root GA CA" - "Staat der Nederlanden Root CA - G2" - "Taiwan GRCA" - "Verisign Class 3 Public Primary Certification Authority - G3"
* New maintainer (closes: #976406)Julien Cristau2021-01-192-4/+6
|
* Revert "Set release 20200601; add Symantec CAs to blacklist"Michael Shuler2020-06-112-27/+21
| | | | This reverts commit 1efe81a680eedb94111716c8825290a0cde509af.
* Grab Ubuntu patch to make the package compatible and building with Python3Matthias Klose2020-06-034-3/+10
|
* Fix typo on AddTrust CNdebian/20200601archive/debian/20200601Michael Shuler2020-06-012-3/+3
|
* Blacklist expired root certificate, "AddTrust External CA Root"Michael Shuler2020-06-012-1/+9
|
* Update d/changelogMichael Shuler2020-06-011-1/+2
|
* Standards-Version: 4.5.0.2; debhelper-compat (= 13)Michael Shuler2020-06-011-2/+2
|
* Update d/changelogMichael Shuler2020-06-011-0/+4
|
* Set Standards-Version: 4.5.0; Replace tabs in copywriteMichael Shuler2020-06-012-7/+7
|
* Set release 20200601; add Symantec CAs to blacklistMichael Shuler2020-06-012-3/+39
|
* Update Mozilla CA bundle to 2.40Michael Shuler2020-01-183-801/+1203
|
* Set release to 20190122Michael Shuler2019-01-221-2/+2
|
* Update Mozilla CA bundle to 2.30Michael Shuler2019-01-103-890/+1053
|
* Update to standards 4.3.0.1 and compat 12debian/20190110Michael Shuler2019-01-103-6/+6
|
* Depend on openssl >= 1.1.1Michael Shuler2018-12-212-6/+8
|
* Add Closes: #911303Michael Shuler2018-12-201-0/+2
|
* Standards-Version: 4.2.1 & removed d/changelog whitespaceMichael Shuler2018-12-202-2/+3
|
* Release 20181220Michael Shuler2018-12-201-2/+2
|
* Remove orphan symlinks found in /etc/ssl/certsMichael Shuler2018-12-202-1/+13
| | | | | | This should prevent `openssl rehash` from exiting with an error on a symlink with nonexistent target, since the behavior changed from c_rehash. See #895482, #895473.
* Revert "Remove all orphan symlinks found in /etc/ssl/certs"Michael Shuler2018-12-202-11/+0
| | | | | | | This reverts commit 1ef0fd15cc77c854e79a4f599d5228a67548ab87. While this worked great to fix the error, it also broke the counting on upgrade for how many certificates were removed.. (-_-)
* Remove all orphan symlinks found in /etc/ssl/certsMichael Shuler2018-12-202-0/+11
| | | | | | This should prevent `openssl rehash` from exiting with an error on a symlink with nonexistent target, since the behavior changed from c_rehash. See #895482, #895473.
* Fix permissions on /usr/local/share/ca-certificatesMichael Shuler2018-12-202-4/+7
| | | | Follow symlinks to stat the correct permissions and ownership - 916833
* Update Mozilla CA bundle to 2.28Michael Shuler2018-12-203-745/+308
|
View Lorry Controller Status