lp:ubuntu/saucy-updates/ca-certificates

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

27. By Marc Deslauriers on 2014-02-06

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

26. By Thijs Kinkhorst on 2013-06-10

[ Michael Shuler ]
* Install CAcert root and class3 certificates individually, no longer
  installing the concatenation of the two. The individual certificates
  are installed as cacert.org_root.crt and cacert.org_class3.crt for ease
  of identification. Additionally, this allows openssl maintainers to drop
  a problematic patch to c_rehash for handling multi-certificate files.
  (see #642314) Closes: #692323
* Update Vcs-* fields for lintian vcs-field-not-canonical
* Update to machine-readable debian/copyright file v1.0

[ Thijs Kinkhorst ]
* Drop upgrading code for upgrades from Debian Etch and earlier.
* Remove obsolete debconf.org CA certificate. DebConf now uses an
  intermediate certificate signed by SPI. (Closes: #693405)
* Remove obsolete SPI CA certiticate.
* Update Standards-Version: 3.9.4 (no changes needed)
* Clean up man page (LP#: 850997).

25. By Michael Shuler on 2013-01-19

* Update mozilla/certdata.txt to version 1.87 Closes: #697366
  Certificates removed (-) (none added):
  - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
* Remove unneeded and confusing usage of interest-noawait; remove unneeded
  Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
  Closes: #537051

24. By Michael Shuler on 2012-11-14

[ Don Armstrong ]
* Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
* Provide update-ca-certificates and update-ca-certificates-fresh
  triggers.
* Call the triggers using no-await so that the configuration files from
  the newer version of ca-certificates-java are in places before the
  upgrade. Closes: #537051.

[ Michael Shuler ]
* Add note to previous mozilla/certdata.txt changelog entry to document
  CKT_NSS_MUST_VERIFY_TRUST changes.

23. By Michael Shuler on 2012-11-05

* Update mozilla/certdata.txt to version 1.86 Closes: #683728
  Certificates added (+) (none removed):
  + "Actalis Authentication Root CA"
  + "Trustis FPS Root CA"
  + "StartCom Certification Authority" (renewal/rehash)
  + "StartCom Certification Authority G2"
  + "Buypass Class 2 Root CA"
  + "Buypass Class 3 Root CA"
  + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
  + "T-TeleSec GlobalRoot Class 3"
  + "EE Certification Centre Root CA"
* Correct piuparts package remove/purge behavior Closes: #682125
  - Remove deletes of /etc/ssl{,/certs} from debian/postrm

22. By Michael Shuler on 2012-06-23

* Add Polish translation, thanks to Michał Kułach. Closes: #660002
* Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
* Correct update-ca-certificates(8) alignment Closes: #666932
* Add note to update-ca-certificates(8) about .crt extension needed for
  CA certificates in /usr/local/share/ca-certificates Closes: #595279
* Update mozilla/certdata.txt to version 1.83
  Mozilla Public License updated to v2.0
  (no added/removed CAs)
* Update debian/copyright to:
  - reflect MPL v2.0 update for mozilla/certdata.txt
  - specify GPL-2 instead of GPL symlink
* Update debian/NEWS with added/removed certs from 20111211 and 20120212
* Update to Standards-Version: 3.9.3 (no changes needed)

21. By Michael Shuler on 2012-02-12

* Update mozilla/certdata.txt to version 1.81
  Certificates added (+) and removed (-):
  + "Security Communication RootCA2"
  + "EC-ACC"
  + "Hellenic Academic and Research Institutions RootCA 2011"
  - "Verisign Class 2 Public Primary Certification Authority"
  - "Verisign Class 4 Public Primary Certification Authority - G2"
  - "TC TrustCenter, Germany, Class 2 CA"
  - "TC TrustCenter, Germany, Class 3 CA"
* Add notice to README.Debian deprecating CA inclusions and refer to
  #647848 for Debian CA Certificate Policy discussion.

20. By Michael Shuler on 2011-12-11

* Clarify CA audit note in package description and README.debian. Thanks
  to C.J. Adams-Collier for the patch. Closes: #594383
* Remove French Government IGC/A CA certificates. The RSA certificate is
  included in the Mozilla bundle and the DSA certificate is not in use.
  Closes: #646767
* Remove expired signet.pl CAs. Closes: #647849
* Remove expired brasil.gov.br CA.
* Edit 20111025 changelog/NEWS entries to correctly list installed CAs
* Use 'set -e' in body of debian/postinst
* Update mozilla/certdata.txt to version 1.80
  (no added/removed CAs)
* Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data

19. By Michael Shuler on 2011-10-25

[ Michael Shuler ]
* Add 3.0 (native) source format
* Add Vcs-Git/Browser fields
* Add myself as new Maintainer with Uploaders Closes: #588219
* Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
  Certificates added (+) and removed (-):
  + "AffirmTrust Commercial"
  + "AffirmTrust Networking"
  + "AffirmTrust Premium"
  + "AffirmTrust Premium ECC"
  + "A-Trust-nQual-03"
  + "Bogus Global Trustee"
  + "Bogus GMail"
  + "Bogus Google"
  + "Bogus kuix.de"
  + "Bogus live.com"
  + "Bogus Mozilla Addons"
  + "Bogus Skype"
  + "Bogus Yahoo 1"
  + "Bogus Yahoo 2"
  + "Bogus Yahoo 3"
  + "Certinomis - Autorité Racine"
  + "Certum Trusted Network CA"
  + "Explicitly Distrust DigiNotar Cyber CA"
  + "Explicitly Distrust DigiNotar Cyber CA 2nd"
  + "Explicitly Distrust DigiNotar Root CA"
  + "Explicitly Distrust DigiNotar Services 1024 CA"
  + "Explicitly Distrusted DigiNotar PKIoverheid"
  + "Explicitly Distrusted DigiNotar PKIoverheid G2"
  + "Go Daddy Root Certificate Authority - G2"
  + "Root CA Generalitat Valenciana"
  + "Starfield Root Certificate Authority - G2"
  + "Starfield Services Root Certificate Authority - G2"
  + "TWCA Root Certification Authority"
  - "AOL Time Warner Root Certification Authority 1"
  - "AOL Time Warner Root Certification Authority 2"
  - "DigiNotar Root CA"
  - "Entrust.net Global Secure Personal CA"
  - "Entrust.net Global Secure Server CA"
  - "Entrust.net Secure Personal CA"
  - "IPS Chained CAs root"
  - "IPS CLASE1 root"
  - "IPS CLASE3 root"
  - "IPS CLASEA1 root"
  - "IPS CLASEA3 root"
  - "IPS Timestamping root"
  - "Thawte Personal Freemail CA"
  - "Thawte Time Stamping CA"
* "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587
* Update CAcert-Class 3-Subroot-certificate Closes: #630232

[ Steve Langasek ]
* sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
  the way before calling c_rehash, so that symlinks don't accidentally get
  pointed here, breaking openssl certificate verification LP: #854927

[ Loïc Minier ]
* Drop bogus c_rehash on upgrades, which caused issue when
  ca-certificates.crt was still in place; instead, call
  update-ca-certificates --fresh on upgrades to this version, and
  the usual update-ca-certificates otherwise Closes: #643667, #537382

18. By Christian Perrier on 2011-10-22

* QA upload.
* Fix pending l10n issues. Debconf translations:
  - German (Helge Kreutzmann). Closes: #634000
  - French (Christian Perrier). Closes: #634092
  - Russian (Yuri Kozlov). Closes: #635146
  - Swedish (Martin Bagge / brother). Closes: #640622
  - Slovak (Slavko). Closes: #641987
  - Spanish; (Javier Fernández-Sanguino). Closes: #642359
  - Japanese (Kenshi Muto). Closes: #644828
  - Czech (Miroslav Kure). Closes: #644843
  - Danish (Joe Hansen). Closes: #644854
  - Italian (Luca Monducci). Closes: #645004
  - Dutch; (Jeroen Schot). Closes: #645090
  - Portuguese (Miguel Figueiredo). Closes: #645126
  - Galician (Jorge Barreiro). Closes: #645138
  - Catalan; (Jordi Mallach). Closes: #645182
  - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
* Split Choices in debconf templates
* Add build-arch and build-indep build targets
* Bump debhelper compatibility level to 8
* Bump Standards to 3.9.2 (checked)
* Replace "dh_clean -k" by dh_prep