| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Switch users to versioned_dependencies.mk.
|
|
|
|
|
|
- The location of the system certificate store can now be set using
a new configuration file (ca-certificates-dir.conf).
- Installing the certificates to the system certificate store must
be enabled by the administrator.
|
|
Point out that this is from Debian and that Debian's policy is unclear
(it's not on HOMEPAGE at least; they probably do have one).
Note that modification outside of the package's files is either to
base or to pkgsrc openssl.
Clarify that there's a supported way to exclude particular certs as
trust anchors.
|
|
|
|
|
|
ca-certificates (20211016) unstable; urgency=low
[ Michael Shuler ]
* Fix error on install when TEMPBUNDLE missing. Closes: #996005
-- Julien Cristau <jcristau@debian.org> Sat, 16 Oct 2021 18:09:43 +0200
ca-certificates (20211004) unstable; urgency=low
[ Debian Janitor ]
* Fix day-of-week for changelog entry 20090624.
[ Julien Cristau ]
* Create temporary ca-certificates.crt on the same file system.
Closes: #923784
* Don't remove ca-certificates.crt before updating it, so it doesn't
go missing for a short while (closes: #920348). Thanks, Dimitris
Aragiorgis!
* Bump package priority from optional to standard.
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
bundle to version 2.50
The following certificate authorities were added (+):
+ "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+ "GlobalSign Root R46"
+ "GlobalSign Root E46"
+ "GLOBALTRUST 2020"
+ "ANF Secure Server Root CA"
+ "Certum EC-384 CA"
+ "Certum Trusted Root CA"
The following certificate authorities were removed (-):
- "QuoVadis Root CA"
- "Sonera Class 2 Root CA"
- "GeoTrust Primary Certification Authority - G2"
- "VeriSign Universal Root Certification Authority"
- "Chambers of Commerce Root - 2008"
- "Global Chambersign Root - 2008"
- "Trustis FPS Root CA"
- "Staat der Nederlanden Root CA - G3"
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
* mozilla/certdata2pem.py: print a warning for expired certificates.
-- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
ca-certificates (20210119) unstable; urgency=medium
[ Julien Cristau ]
* New maintainer (closes: #976406)
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
bundle to version 2.46.
The following certificate authorities were added (+):
+ "certSIGN ROOT CA G2"
+ "e-Szigno Root CA 2017"
+ "Microsoft ECC Root Certificate Authority 2017"
+ "Microsoft RSA Root Certificate Authority 2017"
+ "NAVER Global Root Certification Authority"
+ "Trustwave Global Certification Authority"
+ "Trustwave Global ECC P256 Certification Authority"
+ "Trustwave Global ECC P384 Certification Authority"
The following certificate authorities were removed (-):
- "EE Certification Centre Root CA"
- "GeoTrust Universal CA 2"
- "LuxTrust Global Root 2"
- "OISTE WISeKey Global Root GA CA"
- "Staat der Nederlanden Root CA - G2" (closes: #962079)
- "Taiwan GRCA"
- "Verisign Class 3 Public Primary Certification Authority - G3"
[ Michael Shuler ]
* mozilla/blacklist:
Revert Symantec CA blacklist (#911289). Closes: #962596
The following root certificates were added back (+):
+ "GeoTrust Primary Certification Authority - G2"
+ "VeriSign Universal Root Certification Authority"
[ Gianfranco Costamagna ]
* debian/{rules,control}:
Merge Ubuntu patch from Matthias Klose to use Python3 during build.
Closes: #942915
-- Julien Cristau <jcristau@debian.org> Tue, 19 Jan 2021 11:11:04 +0100
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
|
|
|
|
Note that this package is irregular because it modifies configuration
outside of pkgsrc.
Add a see-also for mozilla-rootcerts{,-openssl}.
|
|
|
|
* Update Mozilla certificate authority bundle to version 2.40.
* Add distrusted Symantec CA list to blacklist for explicit removal.
* Blacklist expired root certificate, "AddTrust External Root".
The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"
The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"
Changes for pkgsrc packaging:
* Add README.pkgsrc, replacing MESSAGE.
* Improve DESCR to better describe the functionality of the package.
* Install changelog and README.source from the distribution package.
|
|
This package provides the certificates distributed by the Mozilla
Project.
It also provides a script, update-ca-certs, which can be used to manage
a location that makes certificates usable by TLS implementations,
including installing select certificates from this package.
|
