ca-certificates (20240203) unstable; urgency=medium
[ Jeffrey Walton ]
* update-ca-certificates man page updates
* fix shellcheck warnings (closes: #1058658, #981663)
[ Gioele Barabucci ]
* Use standard dh sequence (closes: #1050112)
[ Julien Cristau ]
* Update Mozilla certificate authority bundle to version 2.64
The following certificate authorities were added (+):
+ Atos TrustedRoot Root CA ECC TLS 2021
+ Atos TrustedRoot Root CA RSA TLS 2021
+ BJCA Global Root CA1
+ BJCA Global Root CA2
+ CommScope Public Trust ECC Root-01
+ CommScope Public Trust ECC Root-02
+ CommScope Public Trust RSA Root-01
+ CommScope Public Trust RSA Root-02
+ Sectigo Public Server Authentication Root E46
+ Sectigo Public Server Authentication Root R46
+ SSL.com TLS ECC Root CA 2022
+ SSL.com TLS RSA Root CA 2022
+ TrustAsia Global Root CA G3
+ TrustAsia Global Root CA G4
The following certificate authorities were removed (-):
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- E-Tugra Certification Authority (closes: #1032916)
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2 (closes: #1023945)
-- Julien Cristau <jcristau@debian.org> Sun, 04 Feb 2024 10:41:43 +0100
ca-certificates (20230311) unstable; urgency=medium
[ Đoàn Trần Công Danh ]
* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
[ Ilya Lipnitskiy ]
* certdata2pem.py: use UTC time when checking cert validity
[ Julien Cristau ]
* Update Mozilla certificate authority bundle to version 2.60
The following certificate authorities were added (+):
+ "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+ "Certainly Root E1"
+ "Certainly Root R1"
+ "D-TRUST BR Root CA 1 2020"
+ "D-TRUST EV Root CA 1 2020"
+ "DigiCert TLS ECC P384 Root G5"
+ "DigiCert TLS RSA4096 Root G5"
+ "E-Tugra Global Root CA ECC v3"
+ "E-Tugra Global Root CA RSA v3"
+ "HARICA TLS ECC Root CA 2021"
+ "HARICA TLS RSA Root CA 2021"
+ "HiPKI Root CA - G1"
+ "ISRG Root X2"
+ "Security Communication ECC RootCA1"
+ "Security Communication RootCA3"
+ "Telia Root CA v2"
+ "TunTrust Root CA"
+ "vTrus ECC Root CA"
+ "vTrus Root CA"
The following certificate authorities were removed (-):
- "Cybertrust Global Root" (expired)
- "EC-ACC"
- "GlobalSign Root CA - R2" (expired)
- "Hellenic Academic and Research Institutions RootCA 2011"
- "Network Solutions Certificate Authority"
- "Staat der Nederlanden EV Root CA" (expired)
* Drop trailing space from debconf template causing misformatting
(closes: #980821)
[ Wataru Ashihara ]
* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
-- Julien Cristau <jcristau@debian.org> Sat, 11 Mar 2023 09:47:05 +0100
ca-certificates (20211016) unstable; urgency=low
[ Michael Shuler ]
* Fix error on install when TEMPBUNDLE missing. Closes: #996005
-- Julien Cristau <jcristau@debian.org> Sat, 16 Oct 2021 18:09:43 +0200
ca-certificates (20211004) unstable; urgency=low
[ Debian Janitor ]
* Fix day-of-week for changelog entry 20090624.
[ Julien Cristau ]
* Create temporary ca-certificates.crt on the same file system.
Closes: #923784
* Don't remove ca-certificates.crt before updating it, so it doesn't
go missing for a short while (closes: #920348). Thanks, Dimitris
Aragiorgis!
* Bump package priority from optional to standard.
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
bundle to version 2.50
The following certificate authorities were added (+):
+ "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+ "GlobalSign Root R46"
+ "GlobalSign Root E46"
+ "GLOBALTRUST 2020"
+ "ANF Secure Server Root CA"
+ "Certum EC-384 CA"
+ "Certum Trusted Root CA"
The following certificate authorities were removed (-):
- "QuoVadis Root CA"
- "Sonera Class 2 Root CA"
- "GeoTrust Primary Certification Authority - G2"
- "VeriSign Universal Root Certification Authority"
- "Chambers of Commerce Root - 2008"
- "Global Chambersign Root - 2008"
- "Trustis FPS Root CA"
- "Staat der Nederlanden Root CA - G3"
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
* mozilla/certdata2pem.py: print a warning for expired certificates.
-- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
ca-certificates (20210119) unstable; urgency=medium
[ Julien Cristau ]
* New maintainer (closes: #976406)
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
bundle to version 2.46.
The following certificate authorities were added (+):
+ "certSIGN ROOT CA G2"
+ "e-Szigno Root CA 2017"
+ "Microsoft ECC Root Certificate Authority 2017"
+ "Microsoft RSA Root Certificate Authority 2017"
+ "NAVER Global Root Certification Authority"
+ "Trustwave Global Certification Authority"
+ "Trustwave Global ECC P256 Certification Authority"
+ "Trustwave Global ECC P384 Certification Authority"
The following certificate authorities were removed (-):
- "EE Certification Centre Root CA"
- "GeoTrust Universal CA 2"
- "LuxTrust Global Root 2"
- "OISTE WISeKey Global Root GA CA"
- "Staat der Nederlanden Root CA - G2" (closes: #962079)
- "Taiwan GRCA"
- "Verisign Class 3 Public Primary Certification Authority - G3"
[ Michael Shuler ]
* mozilla/blacklist:
Revert Symantec CA blacklist (#911289). Closes: #962596
The following root certificates were added back (+):
+ "GeoTrust Primary Certification Authority - G2"
+ "VeriSign Universal Root Certification Authority"
[ Gianfranco Costamagna ]
* debian/{rules,control}:
Merge Ubuntu patch from Matthias Klose to use Python3 during build.
Closes: #942915
-- Julien Cristau <jcristau@debian.org> Tue, 19 Jan 2021 11:11:04 +0100
ca-certificates (20200601) unstable; urgency=medium
* debian/control:
Set Standards-Version: 4.5.0.2
Set Build-Depends: debhelper-compat (= 13)
* debian/copyright:
Replace tabs in license text
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.40.
Closes: #956411, #955038
* mozilla/blacklist.txt
Add distrusted Symantec CA list to blacklist for explicit removal.
Closes: #911289
Blacklist expired root certificate, "AddTrust External Root"
Closes: #961907
The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"
The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"
-- Michael Shuler <michael@pbandjelly.org> Mon, 01 Jun 2020 11:45:49 -0500
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog ca-certificates`.
Generated by dwww version 1.16 on Mon Dec 15 20:55:36 CET 2025.