lp://staging/ubuntu/trusty-updates/ca-certificates

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

30. By Marc Deslauriers on 2015-02-20

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

29. By Marc Deslauriers on 2014-02-19

No longer ship cacert.org certificates. (LP: #1258286)

28. By Marc Deslauriers on 2013-12-04

mozilla/certdata2pem.py: Work around openssl issue by shipping both
versions of the same signed roots. Previously, the script would simply
overwrite the first one found in the certdata.txt with the later one
since they both have the same CKA_LABEL, resulting in identical
filenames. (LP: #1014640)

27. By Michael Shuler on 2013-09-06

* Add ca-certificates-local source package example to documentation
* Update local certificate handling in README.Debian.
  Closes: #718173, LP: #487845
* Update CA inclusion policy for ca-certificates in README.Debian. With
  the exception of SPI and CAcert, only those CAs included in Mozilla's
  trust store will be included in ca-certificates in Debian.
  Closes: #647848, LP: #103074
* Clarify that not all software that uses SSL uses ca-certificates in
  README.Debian. Closes: #664769
* Add mozilla/nssckbi.h to source, since certdata.txt no longer contains
  a version number.
* Update debian/copyright to "Copyright: Mozilla Contributors" for
  mozilla/{certdata.txt,nssckbi.h}.
* Update mozilla/certdata.txt to version 1.94
  Certificates added (+) and removed (-):
  + "CA Disig Root R1"
  + "CA Disig Root R2"
  + "China Internet Network Information Center EV Certificates Root"
  + "D-TRUST Root Class 3 CA 2 2009"
  + "D-TRUST Root Class 3 CA 2 EV 2009"
  + "PSCProcert"
  + "Swisscom Root CA 2"
  + "Swisscom Root EV CA 2"
  + "TURKTRUST Certificate Services Provider Root 2007"
  - "Equifax Secure eBusiness CA 2"
  - "TC TrustCenter Universal CA III"

26. By Thijs Kinkhorst on 2013-06-10

[ Michael Shuler ]
* Install CAcert root and class3 certificates individually, no longer
  installing the concatenation of the two. The individual certificates
  are installed as cacert.org_root.crt and cacert.org_class3.crt for ease
  of identification. Additionally, this allows openssl maintainers to drop
  a problematic patch to c_rehash for handling multi-certificate files.
  (see #642314) Closes: #692323
* Update Vcs-* fields for lintian vcs-field-not-canonical
* Update to machine-readable debian/copyright file v1.0

[ Thijs Kinkhorst ]
* Drop upgrading code for upgrades from Debian Etch and earlier.
* Remove obsolete debconf.org CA certificate. DebConf now uses an
  intermediate certificate signed by SPI. (Closes: #693405)
* Remove obsolete SPI CA certiticate.
* Update Standards-Version: 3.9.4 (no changes needed)
* Clean up man page (LP#: 850997).

25. By Michael Shuler on 2013-01-19

* Update mozilla/certdata.txt to version 1.87 Closes: #697366
  Certificates removed (-) (none added):
  - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
* Remove unneeded and confusing usage of interest-noawait; remove unneeded
  Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
  Closes: #537051

24. By Michael Shuler on 2012-11-14

[ Don Armstrong ]
* Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
* Provide update-ca-certificates and update-ca-certificates-fresh
  triggers.
* Call the triggers using no-await so that the configuration files from
  the newer version of ca-certificates-java are in places before the
  upgrade. Closes: #537051.

[ Michael Shuler ]
* Add note to previous mozilla/certdata.txt changelog entry to document
  CKT_NSS_MUST_VERIFY_TRUST changes.

23. By Michael Shuler on 2012-11-05

* Update mozilla/certdata.txt to version 1.86 Closes: #683728
  Certificates added (+) (none removed):
  + "Actalis Authentication Root CA"
  + "Trustis FPS Root CA"
  + "StartCom Certification Authority" (renewal/rehash)
  + "StartCom Certification Authority G2"
  + "Buypass Class 2 Root CA"
  + "Buypass Class 3 Root CA"
  + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
  + "T-TeleSec GlobalRoot Class 3"
  + "EE Certification Centre Root CA"
* Correct piuparts package remove/purge behavior Closes: #682125
  - Remove deletes of /etc/ssl{,/certs} from debian/postrm

22. By Michael Shuler on 2012-06-23

* Add Polish translation, thanks to Michał Kułach. Closes: #660002
* Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
* Correct update-ca-certificates(8) alignment Closes: #666932
* Add note to update-ca-certificates(8) about .crt extension needed for
  CA certificates in /usr/local/share/ca-certificates Closes: #595279
* Update mozilla/certdata.txt to version 1.83
  Mozilla Public License updated to v2.0
  (no added/removed CAs)
* Update debian/copyright to:
  - reflect MPL v2.0 update for mozilla/certdata.txt
  - specify GPL-2 instead of GPL symlink
* Update debian/NEWS with added/removed certs from 20111211 and 20120212
* Update to Standards-Version: 3.9.3 (no changes needed)

21. By Michael Shuler on 2012-02-12

* Update mozilla/certdata.txt to version 1.81
  Certificates added (+) and removed (-):
  + "Security Communication RootCA2"
  + "EC-ACC"
  + "Hellenic Academic and Research Institutions RootCA 2011"
  - "Verisign Class 2 Public Primary Certification Authority"
  - "Verisign Class 4 Public Primary Certification Authority - G2"
  - "TC TrustCenter, Germany, Class 2 CA"
  - "TC TrustCenter, Germany, Class 3 CA"
* Add notice to README.Debian deprecating CA inclusions and refer to
  #647848 for Debian CA Certificate Policy discussion.