Commit graph

10 commits

Author SHA1 Message Date
nia
5dfa1bcb59 fighting a losing battle against py-cryptography rustification, part 2
Switch users to versioned_dependencies.mk.
2022-10-19 13:56:31 +00:00
tnn
6c7684079a ca-certificates: try to mend py-cryptography fallout 2022-07-17 02:58:32 +00:00
wiz
fdb9aa35a8 ca-certificates: this does not support python 2 2022-07-09 09:38:57 +00:00
kim
40491cd477 security/ca-certificates: Add configurability for certificate store
- The location of the system certificate store can now be set using
  a new configuration file (ca-certificates-dir.conf).

- Installing the certificates to the system certificate store must
  be enabled by the administrator.
2022-06-12 07:05:30 +00:00
wiz
e4d6ed9e74 *: convert to versioned_dependencies for py-cryptography 2022-04-21 10:59:59 +00:00
kim
5bb2bb9629 security/ca-certificates: Fix mktemp usage 2022-02-28 06:46:52 +00:00
kim
63d954565e security/ca-certificates: Update to 20211016
ca-certificates (20211016) unstable; urgency=low

  [ Michael Shuler ]
  * Fix error on install when TEMPBUNDLE missing. Closes: #996005

 -- Julien Cristau <jcristau@debian.org>  Sat, 16 Oct 2021 18:09:43 +0200

ca-certificates (20211004) unstable; urgency=low

  [ Debian Janitor ]
  * Fix day-of-week for changelog entry 20090624.

  [ Julien Cristau ]
  * Create temporary ca-certificates.crt on the same file system.
    Closes: #923784
  * Don't remove ca-certificates.crt before updating it, so it doesn't
    go missing for a short while (closes: #920348).  Thanks, Dimitris
    Aragiorgis!
  * Bump package priority from optional to standard.
  * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
    bundle to version 2.50
    The following certificate authorities were added (+):
    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
    + "GlobalSign Root R46"
    + "GlobalSign Root E46"
    + "GLOBALTRUST 2020"
    + "ANF Secure Server Root CA"
    + "Certum EC-384 CA"
    + "Certum Trusted Root CA"
    The following certificate authorities were removed (-):
    - "QuoVadis Root CA"
    - "Sonera Class 2 Root CA"
    - "GeoTrust Primary Certification Authority - G2"
    - "VeriSign Universal Root Certification Authority"
    - "Chambers of Commerce Root - 2008"
    - "Global Chambersign Root - 2008"
    - "Trustis FPS Root CA"
    - "Staat der Nederlanden Root CA - G3"
  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
  * mozilla/certdata2pem.py: print a warning for expired certificates.

 -- Julien Cristau <jcristau@debian.org>  Thu, 07 Oct 2021 17:12:47 +0200

ca-certificates (20210119) unstable; urgency=medium

  [ Julien Cristau ]
  * New maintainer (closes: #976406)
  * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
    bundle to version 2.46.
    The following certificate authorities were added (+):
    + "certSIGN ROOT CA G2"
    + "e-Szigno Root CA 2017"
    + "Microsoft ECC Root Certificate Authority 2017"
    + "Microsoft RSA Root Certificate Authority 2017"
    + "NAVER Global Root Certification Authority"
    + "Trustwave Global Certification Authority"
    + "Trustwave Global ECC P256 Certification Authority"
    + "Trustwave Global ECC P384 Certification Authority"
    The following certificate authorities were removed (-):
    - "EE Certification Centre Root CA"
    - "GeoTrust Universal CA 2"
    - "LuxTrust Global Root 2"
    - "OISTE WISeKey Global Root GA CA"
    - "Staat der Nederlanden Root CA - G2" (closes: #962079)
    - "Taiwan GRCA"
    - "Verisign Class 3 Public Primary Certification Authority - G3"

  [ Michael Shuler ]
  * mozilla/blacklist:
    Revert Symantec CA blacklist (#911289). Closes: #962596
    The following root certificates were added back (+):
    + "GeoTrust Primary Certification Authority - G2"
    + "VeriSign Universal Root Certification Authority"

  [ Gianfranco Costamagna ]
  * debian/{rules,control}:
    Merge Ubuntu patch from Matthias Klose to use Python3 during build.
    Closes: #942915

 -- Julien Cristau <jcristau@debian.org>  Tue, 19 Jan 2021 11:11:04 +0100
2022-02-28 05:48:44 +00:00
kim
a599dcf6d4 Use PKGMANDIR 2020-10-12 21:52:30 +00:00
kim
bed248a516 Upgrade to 20200601
* Update Mozilla certificate authority bundle to version 2.40.
* Add distrusted Symantec CA list to blacklist for explicit removal.
* Blacklist expired root certificate, "AddTrust External Root".

The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"

The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"

Changes for pkgsrc packaging:
* Add README.pkgsrc, replacing MESSAGE.
* Improve DESCR to better describe the functionality of the package.
* Install changelog and README.source from the distribution package.
2020-06-08 09:55:36 +00:00
kim
5deb3f331a Add ca-certificates-20190110
This package provides the certificates distributed by the Mozilla
Project.

It also provides a script, update-ca-certs, which can be used to manage
a location that makes certificates usable by TLS implementations,
including installing select certificates from this package.
2020-05-31 15:53:44 +00:00