1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
|
ca-certificates (20080809) unstable; urgency=low
* New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
This file can be used for proper certificate chaining if CACert
server certificates are used. The old class3.pem and root.pem
certificates are deprecated. This new file could safely serve as
a replacement for both. (Closes: #494343)
-- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
ca-certificates (20080617) unstable; urgency=low
* Added French Government's IGC/A CA (both DSA and RSA).
(Closes: #416470)
-- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
ca-certificates (20080616) unstable; urgency=low
* Fix installation on pt_BR locales. The problem was caused by the
.templates choices strings being marked for translation, with pt_BR
being the only language which actually translated them. Thanks to
Ubuntu for the fix, which needs to be around until Lenny is released
or six months have passed, whichever is later. (Closes: #472507)
* Drop Fumitoshi from the list of maintainers. Farewell!
* Bump Standards-Version to 3.8.0.
-- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
ca-certificates (20080514) unstable; urgency=medium
* Added the new SPI CA certificate, created in response to the latest
openssl security update.
* Removed old SPI CA certificates (2006, 2007) as CAs cannot be
revoked sensibly. Expired CA created in 2003, expired in 2007 left
around for reference.
* Updated the Galician translation, thanks to Glennie Vignarajah.
(Closes: #416470)
-- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
ca-certificates (20080411) unstable; urgency=low
* Added the current SPI CA certificate, used by Debian's infrastructure.
* Added Deutsche Telekom Root CA 2, which is used by German institutions
through the DFN PKI.
* Updated mozilla certificates from trunk, which led to the following
adds (+) and removes (-):
+ Camerfirma Chambers of Commerce Root
+ Camerfirma Global Chambersign Root
+ Certplus Class 2 Primary CA
+ COMODO Certification Authority
+ DigiCert Assured ID Root CA
+ DigiCert Global Root CA
+ DigiCert High Assurance EV Root CA
+ DST ACES CA X6
+ DST Root CA X3
+ Entrust Root Certification Authority
+ Firmaprofesional Root CA
+ GeoTrust Global CA 2
+ GeoTrust Primary Certification Authority
+ GeoTrust Universal CA
+ GeoTrust Universal CA 2
+ GlobalSign Root CA - R2
+ Go Daddy Class 2 CA
+ NetLock Business (Class B) Root
+ NetLock Express (Class C) Root
+ NetLock Notary (Class A) Root
+ NetLock Qualified (Class QA) Root
+ QuoVadis Root CA 2
+ QuoVadis Root CA 3
+ Secure Global CA
+ SecureTrust CA
+ Starfield Class 2 CA
+ StartCom Certification Authority
+ StartCom Ltd.
+ Swisscom Root CA 1
+ SwissSign Gold CA - G2
+ SwissSign Platinum CA - G2
+ SwissSign Silver CA - G2
+ Taiwan GRCA
+ thawte Primary Root CA
+ TURKTRUST Certificate Services Provider Root 1
+ TURKTRUST Certificate Services Provider Root 2
+ VeriSign Class 3 Public Primary Certification Authority - G5
+ Wells Fargo Root CA
+ XRamp Global CA Root
- Verisign Class 1 Public Primary OCSP Responder
- Verisign Class 2 Public Primary OCSP Responder
- Verisign Class 3 Public Primary OCSP Responder
- Verisign Secure Server OCSP Responder
(Closes: #447062, #456581)
* Updated the Russian debconf translation, thanks to Mikhail Gusarov.
(Closes: #434856)
* Reworded the description and made it static to ease translations.
* Reworded and amended README.Debian.
* Added myself to the uploaders of this package.
* Applied a patch by Martin F. Krafft to support hooks scripts
on add/remove of a certificate. (Closes: #377314)
-- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
ca-certificates (20070303-0.1) unstable; urgency=low
* Non-maintainer upload to fix longstanding pending l10n issues.
* Debconf templates and debian/control reviewed by the debian-l10n-
english team as part of the Smith review project.
Closes: #432249, #434789
* Debconf translation updates:
- Japanese. Closes:#433067
- Basque. Closes: #433074
- Spanish. Closes: #433078
- Czech. Closes: #433100
- Galician. Closes: #433215
- Russian. Closes: #433224
- Swedish. Closes: #433432
- Vietnamese. Closes: #433792, #427000, #434992
- Dutch. Closes: #434670
- German. Closes: #434788
- Italian. Closes: #435029
* Portuguese. Closes: #435471
* Finnish. Closes: #448826
* Remove /etc/ssl when purging the package (only if that
directory is empty). Closes: #454334
* [Lintian] Give a reference to the GPL text in debian/copyright
* [Lintian] No longer ignore errors from "make clean"
* [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
-- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
ca-certificates (20070303) unstable; urgency=low
* Add debconf.org crt. closes: Bug#342088
* Add cacert class3 crt. closes: Bug#350282
* Add debian/po/pt.po. closes: Bug#408183
* Update debian/po/ru.po. closes: Bug#410770
* Update debian/po/pt_BR.po. closes: Bug#403824
* Add debian/po/gl.po. closes: Bug#407951
-- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
ca-certificates (20061027.2) unstable; urgency=low
* Non-maintainer upload to fix an RC issue revealed by the last NMU.
* Avoid cd to /etc/ssl/certs to removing hash symlinks
Closes: #408469
-- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
ca-certificates (20061027.1) unstable; urgency=low
* Non-maintainer upload to fix remaining l10n issues
* Debconf translation updates:
- Czech. Closes: #407807
- Spanish. Closes: #401968
- German. Closes: #396942
* Add debconf-updatepo to the clean target in debian/rules
to guarantee up-to-date PO(T) files
-- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
ca-certificates (20061027) unstable; urgency=low
* sbin/update-ca-certificates:
in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
preserve other symlinks. closes: Bug#387089
* debian/po/nl.po: updated
closes: Bug#386767
* debian/po/fr.po: updated
closes: Bug#386806
* debian/po/da.po: updated
closes: Bug#388018
-- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
ca-certificates (20060816) unstable; urgency=low
* debian/control: explicitly mention that trustworthiness of certificate
authorities is not evaluated.
closes: Bug#350726
* debian/templates: refine messages
closes: Bug#309481
* debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
closes: Bug#349346
* debian/control: libssl0.9.7->libssl0.9.8
closes: Bug#345197
* debian/postrm: remove .dpkg-old files
closes: Bug#349351
* debian/README.Debian: fix
closes: Bug#354509
* debian/postinst: fix typo
closes: Bug#355271
* debian/po/sv.po: added
closes: Bug#330984
* debian/po/es.po: added
closes: Bug#334383
* add new SPI CA certificate
submitted by Michael C. Schultheiss <schultmc@debian.org>
-- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
ca-certificates (20050804) unstable; urgency=low
* use ${misc:Depends} in debian/control for debconf
* update description in debian/control
closes: Bug#309547
* update debian/po/vi.po
closes: Bug#313186
* update debian/po/de.po
closes: Bug#313678
-- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
ca-certificates (20050518) unstable; urgency=high
* fix ca-certificates.crt generationumask-sensitive and racy
closes: Bug#296212
* update mozilla/certdata.txt
add: "Certum Root CA", "Comodo AAA Services root"
"Comodo Secure Services root",
"Comodo Trusted Services root",
"IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
"IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
"IPS Timestamping root",
"QuoVadis Root CA",
"Security Communication Root CA",
"Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
"Staat der Nederlanden Root CA",
"TDC Internet Root CA", "TDC OCES Root CA",
"UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
"UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
* add CACert.org's Root CA
closes: Bug#213086, Bug#288293
* add debian/po/vi.po
closes: Bug#309480
* add debian/po/cs.po
closes: Bug#309019
* write "How certificate will be accepted in ca-certificates package"
in README.Debain
-- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
ca-certificates (20040809) unstable; urgency=low
* previous version was not fixed Bug#255933 correctly.
update-ca-certificates now remove symlinks of deselected entries
in ca-certificates.conf
closes: Bug#255933
-- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
ca-certificates (20040808) unstable; urgency=low
* run update-ca-certificates by /bin/sh -e
closes: Bug#247581
* update-ca-certificates remove symlinks of deselected entries
in ca-certificates.conf
closes: Bug#255933
* change default of trust_new_crts from 'ask' to 'yes'
closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
* refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
closes: Bug#251158
* add brasil.gov.br certs
closes: Bug#224612
* add Signet CA Roots certs
closes: Bug#233206
* add QuoVadis CA Roots certs
closes: Bug#250847
* update pt_BR.po
closes: Bug#218812
* add da.po
closes: Bug#235322
* add ca.po
closes: Bug#237124
* add nl.po
closes: Bug#23840
* add de.po
closes: Bug#250785
* fix quote characters in template
closes: Bug#255738
* remove debian.org, because certs used in db.debian.org has been
revoked due to debian.org crack incidents.
db.debian.org uses certificates using spi-inc.org Root CA.
-- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
ca-certificates (20031007.1) unstable; urgency=low
* NMU
* Add brasil.gov.br/brasil.gov.br.crt, created from
http://www.icpbrasil.gov.br/certificadoACRaiz.crt
* Add debian/po/pt_BR.po: closes: Bug#224612
-- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
ca-certificates (20031007) unstable; urgency=low
* add debian/po/ru.po: closes: Bug#214371
-- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
ca-certificates (20030924) unstable; urgency=low
* add debian/po/ja.po: closes: Bug#212565
-- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
ca-certificates (20030916) unstable; urgency=low
* add debian/po/fr.po: closes: Bug#211224, Bug#206769
* debian/config: if new cert is asked, don't ask all available certs
closes: Bug#211199
-- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
ca-certificates (20030915) unstable; urgency=low
* debian/config.in: fix typo. closes: Bug#190990
* add option for new CA certificates. closes: Bug#190989
* switch to gettext-based debconf templates. closes: Bug#205782
* update mozilla/certdata.txt from mozilla 1.4 release
-- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
ca-certificates (20030420) unstable; urgency=low
* add README.Debian and update-ca-certificates(8). closes: Bug#189604
* fix broken English in debconf template. closes: Bug#189606
* don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
* preserve comments in /etc/ca-certificates.conf when upgrading.
closes: Bug#189611
-- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
ca-certificates (20030415) unstable; urgency=medium
* fix upgrade problem
closes: Bug#188938, Bug#188940
* purge debconf
-- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
ca-certificates (20030414) unstable; urgency=medium
* certificates are installed in /usr/share/ca-certificates
you can find md5sum of certs files. closes: Bug#170777
* debconf to generate /etc/ca-certificates.conf
* update-ca-certificates update /etc/ssl/certs according
/etc/ca-certificates.conf
It also generate /etc/ssl/certs/ca-certificates.crt
which is single-file version of certs.
closes: Bug#158904
* change extension from .pem to .crt in /usr/share/ca-certificates
- /etc/mime.types:
application/x-x509-ca-cert crt
but it will be hardlink or copied in /etc/ssl/certs with .pem
extension by update-ca-certificates.
c_rehash requires .pem extension
* Update certificate from mozilla 2:1.3-4
mozilla/security/nss/lib/ckfw/builtins/certdata.txt
cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
* Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
% openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
-- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
ca-certificates (20020323) unstable; urgency=low
* Moved from non-US to main now that openssl has moved there.
-- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
ca-certificates (20020208) unstable; urgency=low
* add db.debian.org certificate
-- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
ca-certificates (20020112) unstable; urgency=low
* upload to non-US instead of main, because it depends on openssl
(it uses c_rehash in openssl in maintainer scripts)
-- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
ca-certificates (20020107) unstable; urgency=low
* Initial Release. closes: Bug#126586
-- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900
|
