ca-certificates (20240203~22.04.1) jammy-security; urgency=medium
* Update ca-certificates database to 20240203 (LP: #2081875)
- Update Mozilla certificate authority bundle to version 2.64
The following certificate authorities were added (+):
+ Atos TrustedRoot Root CA ECC TLS 2021
+ Atos TrustedRoot Root CA RSA TLS 2021
+ BJCA Global Root CA1
+ BJCA Global Root CA2
+ CommScope Public Trust ECC Root-01
+ CommScope Public Trust ECC Root-02
+ CommScope Public Trust RSA Root-01
+ CommScope Public Trust RSA Root-02
+ Sectigo Public Server Authentication Root E46
+ Sectigo Public Server Authentication Root R46
+ SSL.com TLS ECC Root CA 2022
+ SSL.com TLS RSA Root CA 2022
+ TrustAsia Global Root CA G3
+ TrustAsia Global Root CA G4
The following certificate authorities were removed (-):
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 24 Sep 2024 13:46:09 -0400
ca-certificates (20230311ubuntu0.22.04.1) jammy-security; urgency=medium
* Update ca-certificates database to 20230311 (LP: #2020089)
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2023 09:09:37 -0400
ca-certificates (20230311ubuntu1) mantic; urgency=medium
* Add Trustcor root certificates to mozilla/blacklist.txt: (LP: #1998785)
- "TrustCor RootCert CA-1"
- "TrustCor RootCert CA-2"
- "TrustCor ECA-1"
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2023 10:36:02 -0400
ca-certificates (20230311) unstable; urgency=medium
[ Đoàn Trần Công Danh ]
* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
[ Ilya Lipnitskiy ]
* certdata2pem.py: use UTC time when checking cert validity
[ Julien Cristau ]
* Update Mozilla certificate authority bundle to version 2.60
The following certificate authorities were added (+):
+ "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+ "Certainly Root E1"
+ "Certainly Root R1"
+ "D-TRUST BR Root CA 1 2020"
+ "D-TRUST EV Root CA 1 2020"
+ "DigiCert TLS ECC P384 Root G5"
+ "DigiCert TLS RSA4096 Root G5"
+ "E-Tugra Global Root CA ECC v3"
+ "E-Tugra Global Root CA RSA v3"
+ "HARICA TLS ECC Root CA 2021"
+ "HARICA TLS RSA Root CA 2021"
+ "HiPKI Root CA - G1"
+ "ISRG Root X2"
+ "Security Communication ECC RootCA1"
+ "Security Communication RootCA3"
+ "Telia Root CA v2"
+ "TunTrust Root CA"
+ "vTrus ECC Root CA"
+ "vTrus Root CA"
The following certificate authorities were removed (-):
- "Cybertrust Global Root" (expired)
- "EC-ACC"
- "GlobalSign Root CA - R2" (expired)
- "Hellenic Academic and Research Institutions RootCA 2011"
- "Network Solutions Certificate Authority"
- "Staat der Nederlanden EV Root CA" (expired)
* Drop trailing space from debconf template causing misformatting
(closes: #980821)
[ Wataru Ashihara ]
* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
-- Julien Cristau <jcristau@debian.org> Sat, 11 Mar 2023 09:47:05 +0100
ca-certificates (20211016) unstable; urgency=low
[ Michael Shuler ]
* Fix error on install when TEMPBUNDLE missing. Closes: #996005
-- Julien Cristau <jcristau@debian.org> Sat, 16 Oct 2021 18:09:43 +0200
ca-certificates (20211004) unstable; urgency=low
[ Debian Janitor ]
* Fix day-of-week for changelog entry 20090624.
[ Julien Cristau ]
* Create temporary ca-certificates.crt on the same file system.
Closes: #923784
* Don't remove ca-certificates.crt before updating it, so it doesn't
go missing for a short while (closes: #920348). Thanks, Dimitris
Aragiorgis!
* Bump package priority from optional to standard.
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
bundle to version 2.50
The following certificate authorities were added (+):
+ "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+ "GlobalSign Root R46"
+ "GlobalSign Root E46"
+ "GLOBALTRUST 2020"
+ "ANF Secure Server Root CA"
+ "Certum EC-384 CA"
+ "Certum Trusted Root CA"
The following certificate authorities were removed (-):
- "QuoVadis Root CA"
- "Sonera Class 2 Root CA"
- "GeoTrust Primary Certification Authority - G2"
- "VeriSign Universal Root Certification Authority"
- "Chambers of Commerce Root - 2008"
- "Global Chambersign Root - 2008"
- "Trustis FPS Root CA"
- "Staat der Nederlanden Root CA - G3"
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
* mozilla/certdata2pem.py: print a warning for expired certificates.
-- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
ca-certificates (20210119) unstable; urgency=medium
[ Julien Cristau ]
* New maintainer (closes: #976406)
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
bundle to version 2.46.
The following certificate authorities were added (+):
+ "certSIGN ROOT CA G2"
+ "e-Szigno Root CA 2017"
+ "Microsoft ECC Root Certificate Authority 2017"
+ "Microsoft RSA Root Certificate Authority 2017"
+ "NAVER Global Root Certification Authority"
+ "Trustwave Global Certification Authority"
+ "Trustwave Global ECC P256 Certification Authority"
+ "Trustwave Global ECC P384 Certification Authority"
The following certificate authorities were removed (-):
- "EE Certification Centre Root CA"
- "GeoTrust Universal CA 2"
- "LuxTrust Global Root 2"
- "OISTE WISeKey Global Root GA CA"
- "Staat der Nederlanden Root CA - G2" (closes: #962079)
- "Taiwan GRCA"
- "Verisign Class 3 Public Primary Certification Authority - G3"
[ Michael Shuler ]
* mozilla/blacklist:
Revert Symantec CA blacklist (#911289). Closes: #962596
The following root certificates were added back (+):
+ "GeoTrust Primary Certification Authority - G2"
+ "VeriSign Universal Root Certification Authority"
[ Gianfranco Costamagna ]
* debian/{rules,control}:
Merge Ubuntu patch from Matthias Klose to use Python3 during build.
Closes: #942915
-- Julien Cristau <jcristau@debian.org> Tue, 19 Jan 2021 11:11:04 +0100
ca-certificates (20200601) unstable; urgency=medium
* debian/control:
Set Standards-Version: 4.5.0.2
Set Build-Depends: debhelper-compat (= 13)
* debian/copyright:
Replace tabs in license text
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.40.
Closes: #956411, #955038
* mozilla/blacklist.txt
Add distrusted Symantec CA list to blacklist for explicit removal.
Closes: #911289
Blacklist expired root certificate, "AddTrust External Root"
Closes: #961907
The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"
The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"
-- Michael Shuler <michael@pbandjelly.org> Mon, 01 Jun 2020 11:45:49 -0500
ca-certificates (20190110) unstable; urgency=high
* debian/control:
Depend on openssl (>= 1.1.1).
Set Standards-Version: 4.3.0.1.
Set Build-Depends: debhelper-compat (= 12); drop d/compat
Remove trailing whitespace from d/changelog.
* debian/ca-certificates.postinst:
Fix permissions on /usr/local/share/ca-certificates when using symlinks.
Closes: #916833
* sbin/update-ca-certificates:
Remove orphan symlinks found in /etc/ssl/certs to prevent `openssl
rehash` from exiting with an error. Closes: #895482, #895473
This will also fix removal of user CA certificates from /usr/local without
needing to run --fresh. Closes: #911303
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.28.
The following certificate authorities were added (+):
+ "GlobalSign Root CA - R6"
+ "OISTE WISeKey Global Root GC CA"
The following certificate authorities were removed (-):
- "Certplus Root CA G1"
- "Certplus Root CA G2"
- "OpenTrust Root CA G1"
- "OpenTrust Root CA G2"
- "OpenTrust Root CA G3"
- "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
- "Visa eCommerce Root"
-- Michael Shuler <michael@pbandjelly.org> Thu, 10 Jan 2019 19:31:31 -0600
ca-certificates (20180409) unstable; urgency=medium
[ Michael Shuler ]
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.22.
The following certificate authorities were added (+):
+ "GDCA TrustAUTH R5 ROOT"
+ "SSL.com EV Root Certification Authority ECC"
+ "SSL.com EV Root Certification Authority RSA R2"
+ "SSL.com Root Certification Authority ECC"
+ "SSL.com Root Certification Authority RSA"
+ "TrustCor ECA-1"
+ "TrustCor RootCert CA-1"
+ "TrustCor RootCert CA-2"
The following certificate authorities were removed (-):
- "ACEDICOM Root"
- "AddTrust Low-Value Services Root"
- "AddTrust Public Services Root"
- "AddTrust Qualified Certificates Root"
- "CA Disig Root R1"
- "CNNIC ROOT"
- "Camerfirma Chambers of Commerce Root"
- "Camerfirma Global Chambersign Root"
- "Certinomis - Autorité Racine"
- "Certum Root CA"
- "China Internet Network Information Center EV Certificates Root"
- "Comodo Secure Services root"
- "Comodo Trusted Services root"
- "DST ACES CA X6"
- "GeoTrust Global CA 2"
- "PSCProcert"
- "Security Communication EV RootCA1"
- "Swisscom Root CA 1"
- "Swisscom Root CA 2"
- "Swisscom Root EV CA 2"
- "TURKTRUST Certificate Services Provider Root 2007"
- "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
- "UTN USERFirst Hardware Root CA"
* mozilla/blacklist.txt
Update blacklist to remove certificates no longer in certdata.txt and
explicitly ignore distrusted certificates.
* debian/copyright:
Fix lintian insecure-copyright-format-uri with https URL.
* debian/changelog:
Fix lintian file-contains-trailing-whitespace.
* debian/{compat,control}:
Set to debhelper compat 11.
* Update openssl dependency to >= 1.1.0 to support `openssl rehash` and drop
usage of `c_rehash` script. Closes: #895075
[ Thijs Kinkhorst ]
* Remove Christian Perrier from uploaders at his request (closes: #894070).
* Checked for policy 4.1.4, no changes.
-- Michael Shuler <michael@pbandjelly.org> Mon, 09 Apr 2018 18:43:49 -0500
# For older changelog entries, run 'apt-get changelog ca-certificates'
Generated by dwww version 1.14 on Sun Feb 2 13:34:38 CET 2025.