Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:debian/jessie/ca-certificates
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

31. By Michael Shuler

* debian/copyright:
  Add coverage for all files reported by lintian
  file-without-copyright-information warning.
* debian/source/lintian-overrides:
  Add file-without-copyright-information override for SPI certificate file.
* sbin/update-ca-certificates:
  Restore SELinux label after generating ca-certificates.crt file.
  Thanks to Laurent Bigonville for the patch. Closes: #742957
  Tidy indentation whitespace.
  Thanks to Antonio Terceiro for the patch. Closes: #742663
* debian/control:
  Update to Standards-Version: 3.9.6 (no other changes needed).
  Update Vcs-Browser link to cgit URL.

30. By Michael Shuler

* Update Mozilla certificate authority bundle to version 2.1.
  The following certificate authorities were added (+):
  + "DigiCert Assured ID Root G2"
  + "DigiCert Assured ID Root G3"
  + "DigiCert Global Root G2"
  + "DigiCert Global Root G3"
  + "DigiCert Trusted Root G4"
  + "QuoVadis Root CA 1 G3"
  + "QuoVadis Root CA 2 G3"
  + "QuoVadis Root CA 3 G3"
  + "WoSign"
  + "WoSign China"
  The following certificate authorities were removed (-):
  - "Entrust.net Secure Server CA"
  - "RSA Root Certificate 1"
  - "TDC Internet Root CA"
  - "ValiCert Class 1 VA"
  - "ValiCert Class 2 VA"
* Include clear list of CAs added/removed, as above, and include better note
  in README.Debian for trust reconfiguration. Closes: #743365
* Remove debian/config in debian/rules clean target.
* Include d/{changelog,NEWS} entries in 20140223 for duplicate CKA_LABEL
  rename of "StartCom Certification Authority"_2.

29. By Michael Shuler

* Update mozilla/certdata.txt to version 1.97+revert_of_936304
  Mozilla reverted the removal of 1024-bit root certificates for
  Entrust.net, GTE CyberTrust, and ValiCert (RSA), but did not update the
  version number in nssckbi.h.
  Certificates added (+) (none removed):
  + "Entrust.net Secure Server CA"
  + "GTE CyberTrust Global Root"
  + "RSA Root Certificate 1"
  + "ValiCert Class 1 VA"
  + "ValiCert Class 2 VA"

28. By Michael Shuler

* No longer ship cacert.org certificates. Closes: #718434, LP: #1258286
* Fix certdata2pem.py for multiple CAs using the same CKA_LABEL. Thanks
  to Marc Deslauriers for the patch. Closes: #683403, LP: #1031333
* Sort local CA certificates on update-ca-certificates runs. Thanks to
  Vaclav Ovsik for the suggestion and patch. Closes: #727136
* Add trailing newline to certificate, if it is missing. Closes: #635570
* Update mozilla/certdata.txt to version 1.97.
  Certificates added (+), removed (-), and renamed (~):
  + "Atos TrustedRoot 2011"
  + "E-Tugra Certification Authority"
  + "T-TeleSec GlobalRoot Class 2"
  + "TWCA Global Root CA"
  + "TeliaSonera Root CA v1"
  + "Verisign Class 3 Public Primary Certification Authority"
  ~ "Verisign Class 3 Public Primary Certification Authority"_2
    (both Verisign Class 3 CAs now included with duplicate CKA_LABEL fix)
  - "Entrust.net Secure Server CA"
  - "Firmaprofesional Root CA"
  - "GTE CyberTrust Global Root"
  - "RSA Root Certificate 1"
  - "TDC OCES Root CA"
  - "ValiCert Class 1 VA"
  - "ValiCert Class 2 VA"
  - "Wells Fargo Root CA"

27. By Michael Shuler

* Add ca-certificates-local source package example to documentation
* Update local certificate handling in README.Debian.
  Closes: #718173, LP: #487845
* Update CA inclusion policy for ca-certificates in README.Debian. With
  the exception of SPI and CAcert, only those CAs included in Mozilla's
  trust store will be included in ca-certificates in Debian.
  Closes: #647848, LP: #103074
* Clarify that not all software that uses SSL uses ca-certificates in
  README.Debian. Closes: #664769
* Add mozilla/nssckbi.h to source, since certdata.txt no longer contains
  a version number.
* Update debian/copyright to "Copyright: Mozilla Contributors" for
* Update mozilla/certdata.txt to version 1.94
  Certificates added (+) and removed (-):
  + "CA Disig Root R1"
  + "CA Disig Root R2"
  + "China Internet Network Information Center EV Certificates Root"
  + "D-TRUST Root Class 3 CA 2 2009"
  + "D-TRUST Root Class 3 CA 2 EV 2009"
  + "PSCProcert"
  + "Swisscom Root CA 2"
  + "Swisscom Root EV CA 2"
  + "TURKTRUST Certificate Services Provider Root 2007"
  - "Equifax Secure eBusiness CA 2"
  - "TC TrustCenter Universal CA III"

26. By Thijs Kinkhorst

[ Michael Shuler ]
* Install CAcert root and class3 certificates individually, no longer
  installing the concatenation of the two. The individual certificates
  are installed as cacert.org_root.crt and cacert.org_class3.crt for ease
  of identification. Additionally, this allows openssl maintainers to drop
  a problematic patch to c_rehash for handling multi-certificate files.
  (see #642314) Closes: #692323
* Update Vcs-* fields for lintian vcs-field-not-canonical
* Update to machine-readable debian/copyright file v1.0

[ Thijs Kinkhorst ]
* Drop upgrading code for upgrades from Debian Etch and earlier.
* Remove obsolete debconf.org CA certificate. DebConf now uses an
  intermediate certificate signed by SPI. (Closes: #693405)
* Remove obsolete SPI CA certiticate.
* Update Standards-Version: 3.9.4 (no changes needed)
* Clean up man page (LP#: 850997).

25. By Michael Shuler

* Update mozilla/certdata.txt to version 1.87 Closes: #697366
  Certificates removed (-) (none added):
  - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
* Remove unneeded and confusing usage of interest-noawait; remove unneeded
  Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
  Closes: #537051

24. By Michael Shuler

[ Don Armstrong ]
* Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
* Provide update-ca-certificates and update-ca-certificates-fresh
* Call the triggers using no-await so that the configuration files from
  the newer version of ca-certificates-java are in places before the
  upgrade. Closes: #537051.

[ Michael Shuler ]
* Add note to previous mozilla/certdata.txt changelog entry to document

23. By Michael Shuler

* Update mozilla/certdata.txt to version 1.86 Closes: #683728
  Certificates added (+) (none removed):
  + "Actalis Authentication Root CA"
  + "Trustis FPS Root CA"
  + "StartCom Certification Authority" (renewal/rehash)
  + "StartCom Certification Authority G2"
  + "Buypass Class 2 Root CA"
  + "Buypass Class 3 Root CA"
  + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
  + "T-TeleSec GlobalRoot Class 3"
  + "EE Certification Centre Root CA"
* Correct piuparts package remove/purge behavior Closes: #682125
  - Remove deletes of /etc/ssl{,/certs} from debian/postrm

22. By Michael Shuler

* Add Polish translation, thanks to Michał Kułach. Closes: #660002
* Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
* Correct update-ca-certificates(8) alignment Closes: #666932
* Add note to update-ca-certificates(8) about .crt extension needed for
  CA certificates in /usr/local/share/ca-certificates Closes: #595279
* Update mozilla/certdata.txt to version 1.83
  Mozilla Public License updated to v2.0
  (no added/removed CAs)
* Update debian/copyright to:
  - reflect MPL v2.0 update for mozilla/certdata.txt
  - specify GPL-2 instead of GPL symlink
* Update debian/NEWS with added/removed certs from 20111211 and 20120212
* Update to Standards-Version: 3.9.3 (no changes needed)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.