lp:debian/wheezy/ca-certificates

Created by James Westby and last modified
Get this branch:
bzr branch lp:debian/wheezy/ca-certificates
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

26. By Michael Shuler

* Stable update including one patch and current mozilla/certdata.txt.
  Closes: #501123
* Fix certdata2pem.py for multiple CAs using the same CKA_LABEL. Thanks
  to Marc Deslauriers for the patch. Closes: #683403, LP: #1031333
* Update mozilla/certdata.txt to version 1.97 (version now in nssckbi.h).
  Certificates added (+), removed (-), and renamed (~):
  + "ACCVRAIZ1"
  + "Atos TrustedRoot 2011"
  + "CA Disig Root R1"
  + "CA Disig Root R2"
  + "China Internet Network Information Center EV Certificates Root"
  + "D-TRUST Root Class 3 CA 2 2009"
  + "D-TRUST Root Class 3 CA 2 EV 2009"
  + "E-Tugra Certification Authority"
  + "PSCProcert"
  + "SG TRUST SERVICES RACINE"
  + "StartCom Certification Authority"
  ~ "StartCom Certification Authority"_2
    (both StartCom CAs now included with duplicate CKA_LABEL fix)
  + "Swisscom Root CA 2"
  + "Swisscom Root EV CA 2"
  + "T-TeleSec GlobalRoot Class 2"
  + "TURKTRUST Certificate Services Provider Root 2007"
  + "TWCA Global Root CA"
  + "TeliaSonera Root CA v1"
  + "Verisign Class 3 Public Primary Certification Authority"
  ~ "Verisign Class 3 Public Primary Certification Authority"_2
    (both Verisign Class 3 CAs now included with duplicate CKA_LABEL fix)
  - "Equifax Secure eBusiness CA 2"
  - "Firmaprofesional Root CA"
  - "TC TrustCenter Universal CA III"
  - "TDC OCES Root CA"
  - "Wells Fargo Root CA"

25. By Michael Shuler

* Update mozilla/certdata.txt to version 1.87 Closes: #697366
  Certificates removed (-) (none added):
  - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
* Remove unneeded and confusing usage of interest-noawait; remove unneeded
  Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
  Closes: #537051

24. By Michael Shuler

[ Don Armstrong ]
* Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
* Provide update-ca-certificates and update-ca-certificates-fresh
  triggers.
* Call the triggers using no-await so that the configuration files from
  the newer version of ca-certificates-java are in places before the
  upgrade. Closes: #537051.

[ Michael Shuler ]
* Add note to previous mozilla/certdata.txt changelog entry to document
  CKT_NSS_MUST_VERIFY_TRUST changes.

23. By Michael Shuler

* Update mozilla/certdata.txt to version 1.86 Closes: #683728
  Certificates added (+) (none removed):
  + "Actalis Authentication Root CA"
  + "Trustis FPS Root CA"
  + "StartCom Certification Authority" (renewal/rehash)
  + "StartCom Certification Authority G2"
  + "Buypass Class 2 Root CA"
  + "Buypass Class 3 Root CA"
  + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
  + "T-TeleSec GlobalRoot Class 3"
  + "EE Certification Centre Root CA"
* Correct piuparts package remove/purge behavior Closes: #682125
  - Remove deletes of /etc/ssl{,/certs} from debian/postrm

22. By Michael Shuler

* Add Polish translation, thanks to Michał Kułach. Closes: #660002
* Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
* Correct update-ca-certificates(8) alignment Closes: #666932
* Add note to update-ca-certificates(8) about .crt extension needed for
  CA certificates in /usr/local/share/ca-certificates Closes: #595279
* Update mozilla/certdata.txt to version 1.83
  Mozilla Public License updated to v2.0
  (no added/removed CAs)
* Update debian/copyright to:
  - reflect MPL v2.0 update for mozilla/certdata.txt
  - specify GPL-2 instead of GPL symlink
* Update debian/NEWS with added/removed certs from 20111211 and 20120212
* Update to Standards-Version: 3.9.3 (no changes needed)

21. By Michael Shuler

* Update mozilla/certdata.txt to version 1.81
  Certificates added (+) and removed (-):
  + "Security Communication RootCA2"
  + "EC-ACC"
  + "Hellenic Academic and Research Institutions RootCA 2011"
  - "Verisign Class 2 Public Primary Certification Authority"
  - "Verisign Class 4 Public Primary Certification Authority - G2"
  - "TC TrustCenter, Germany, Class 2 CA"
  - "TC TrustCenter, Germany, Class 3 CA"
* Add notice to README.Debian deprecating CA inclusions and refer to
  #647848 for Debian CA Certificate Policy discussion.

20. By Michael Shuler

* Clarify CA audit note in package description and README.debian. Thanks
  to C.J. Adams-Collier for the patch. Closes: #594383
* Remove French Government IGC/A CA certificates. The RSA certificate is
  included in the Mozilla bundle and the DSA certificate is not in use.
  Closes: #646767
* Remove expired signet.pl CAs. Closes: #647849
* Remove expired brasil.gov.br CA.
* Edit 20111025 changelog/NEWS entries to correctly list installed CAs
* Use 'set -e' in body of debian/postinst
* Update mozilla/certdata.txt to version 1.80
  (no added/removed CAs)
* Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data

19. By Michael Shuler

[ Michael Shuler ]
* Add 3.0 (native) source format
* Add Vcs-Git/Browser fields
* Add myself as new Maintainer with Uploaders Closes: #588219
* Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
  Certificates added (+) and removed (-):
  + "AffirmTrust Commercial"
  + "AffirmTrust Networking"
  + "AffirmTrust Premium"
  + "AffirmTrust Premium ECC"
  + "A-Trust-nQual-03"
  + "Bogus Global Trustee"
  + "Bogus GMail"
  + "Bogus Google"
  + "Bogus kuix.de"
  + "Bogus live.com"
  + "Bogus Mozilla Addons"
  + "Bogus Skype"
  + "Bogus Yahoo 1"
  + "Bogus Yahoo 2"
  + "Bogus Yahoo 3"
  + "Certinomis - Autorité Racine"
  + "Certum Trusted Network CA"
  + "Explicitly Distrust DigiNotar Cyber CA"
  + "Explicitly Distrust DigiNotar Cyber CA 2nd"
  + "Explicitly Distrust DigiNotar Root CA"
  + "Explicitly Distrust DigiNotar Services 1024 CA"
  + "Explicitly Distrusted DigiNotar PKIoverheid"
  + "Explicitly Distrusted DigiNotar PKIoverheid G2"
  + "Go Daddy Root Certificate Authority - G2"
  + "Root CA Generalitat Valenciana"
  + "Starfield Root Certificate Authority - G2"
  + "Starfield Services Root Certificate Authority - G2"
  + "TWCA Root Certification Authority"
  - "AOL Time Warner Root Certification Authority 1"
  - "AOL Time Warner Root Certification Authority 2"
  - "DigiNotar Root CA"
  - "Entrust.net Global Secure Personal CA"
  - "Entrust.net Global Secure Server CA"
  - "Entrust.net Secure Personal CA"
  - "IPS Chained CAs root"
  - "IPS CLASE1 root"
  - "IPS CLASE3 root"
  - "IPS CLASEA1 root"
  - "IPS CLASEA3 root"
  - "IPS Timestamping root"
  - "Thawte Personal Freemail CA"
  - "Thawte Time Stamping CA"
* "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587
* Update CAcert-Class 3-Subroot-certificate Closes: #630232

[ Steve Langasek ]
* sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
  the way before calling c_rehash, so that symlinks don't accidentally get
  pointed here, breaking openssl certificate verification LP: #854927

[ Loïc Minier ]
* Drop bogus c_rehash on upgrades, which caused issue when
  ca-certificates.crt was still in place; instead, call
  update-ca-certificates --fresh on upgrades to this version, and
  the usual update-ca-certificates otherwise Closes: #643667, #537382

18. By Christian Perrier

* QA upload.
* Fix pending l10n issues. Debconf translations:
  - German (Helge Kreutzmann). Closes: #634000
  - French (Christian Perrier). Closes: #634092
  - Russian (Yuri Kozlov). Closes: #635146
  - Swedish (Martin Bagge / brother). Closes: #640622
  - Slovak (Slavko). Closes: #641987
  - Spanish; (Javier Fernández-Sanguino). Closes: #642359
  - Japanese (Kenshi Muto). Closes: #644828
  - Czech (Miroslav Kure). Closes: #644843
  - Danish (Joe Hansen). Closes: #644854
  - Italian (Luca Monducci). Closes: #645004
  - Dutch; (Jeroen Schot). Closes: #645090
  - Portuguese (Miguel Figueiredo). Closes: #645126
  - Galician (Jorge Barreiro). Closes: #645138
  - Catalan; (Jordi Mallach). Closes: #645182
  - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
* Split Choices in debconf templates
* Add build-arch and build-indep build targets
* Bump debhelper compatibility level to 8
* Bump Standards to 3.9.2 (checked)
* Replace "dh_clean -k" by dh_prep

17. By Raphael Geissert

* Non-maintainer upload by the Security Team.
* Blacklist "DigiNotar Root CA" (Closes: #639744)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:debian/ca-certificates
This branch contains Public information 
Everyone can see this information.

Subscribers