alioth/ca-bundle.git
6 months agofix uninstallability, found during new VM setup at ⮡ tarent master ca-bundle-20190604
mirabilos [Tue, 4 Jun 2019 22:08:58 +0000 (22:08 +0000)]
fix uninstallability, found during new VM setup at ⮡ tarent

6 months agorecord new upstream version ca-bundle-20190516
mirabilos [Thu, 16 May 2019 20:51:53 +0000 (22:51 +0200)]
record new upstream version

6 months agoMerge branch 'master' of /git/ca-bundle
mirabilos [Thu, 16 May 2019 20:50:05 +0000 (22:50 +0200)]
Merge branch 'master' of /git/ca-bundle

6 months agorefresh
tg [Thu, 16 May 2019 20:09:40 +0000 (20:09 +0000)]
refresh

6 months agoupdate from Debian and review
tg [Thu, 16 May 2019 19:55:43 +0000 (19:55 +0000)]
update from Debian and review

6 months agoremove expired “explicitly distrusted” certificates
tg [Thu, 16 May 2019 19:49:08 +0000 (19:49 +0000)]
remove expired “explicitly distrusted” certificates

6 months agosync
mirabilos [Thu, 16 May 2019 18:32:19 +0000 (20:32 +0200)]
sync

6 months agoswitch to -noawait trigger
mirabilos [Thu, 16 May 2019 17:53:54 +0000 (19:53 +0200)]
switch to -noawait trigger

(but keep the older installation form, as to not
deviate too much in the packaging)

6 months agorun this through sid and jessie lintian, override sid ones
mirabilos [Thu, 16 May 2019 17:52:42 +0000 (19:52 +0200)]
run this through sid and jessie lintian, override sid ones

6 months agojessie+ should be able to use the new override location
mirabilos [Thu, 16 May 2019 17:45:50 +0000 (19:45 +0200)]
jessie+ should be able to use the new override location

6 months agofix “possible bashism”, thanks lintian…
mirabilos [Thu, 16 May 2019 17:38:21 +0000 (19:38 +0200)]
fix “possible bashism”, thanks lintian…

6 months agorecord what was done already
mirabilos [Thu, 16 May 2019 17:36:56 +0000 (19:36 +0200)]
record what was done already

6 months agoclean up the old java stuff in /etc
mirabilos [Thu, 16 May 2019 17:12:43 +0000 (19:12 +0200)]
clean up the old java stuff in /etc

6 months agoalso sympa; compact the list further
mirabilos [Thu, 16 May 2019 17:06:23 +0000 (19:06 +0200)]
also sympa; compact the list further

6 months agohighly reduced KDE4 parts
mirabilos [Thu, 16 May 2019 17:01:02 +0000 (19:01 +0200)]
highly reduced KDE4 parts

6 months agogajim in jessie is well-behaved
mirabilos [Thu, 16 May 2019 16:59:17 +0000 (18:59 +0200)]
gajim in jessie is well-behaved

6 months agothese packages do not exist in jessie any more
mirabilos [Thu, 16 May 2019 16:58:17 +0000 (18:58 +0200)]
these packages do not exist in jessie any more

6 months agojxplorer in jessie is well-behaved
mirabilos [Thu, 16 May 2019 16:57:16 +0000 (18:57 +0200)]
jxplorer in jessie is well-behaved

6 months agodrop old replacements (OpenJDK < 7; Sun Java; KDE 3, Trinity; Apache 1; …)
mirabilos [Thu, 16 May 2019 16:53:57 +0000 (18:53 +0200)]
drop old replacements (OpenJDK < 7; Sun Java; KDE 3, Trinity; Apache 1; …)

6 months agoPolicy 4.3.0.3
mirabilos [Thu, 16 May 2019 16:43:50 +0000 (18:43 +0200)]
Policy 4.3.0.3

6 months agomodernise: Priority extra is gone; new-style Homepage
mirabilos [Thu, 16 May 2019 16:41:17 +0000 (18:41 +0200)]
modernise: Priority extra is gone; new-style Homepage

6 months agoswitch to debhelper 5 (lowest still supported one)
mirabilos [Thu, 16 May 2019 16:38:57 +0000 (18:38 +0200)]
switch to debhelper 5 (lowest still supported one)

6 months agoclear out the overrides files, we’ll refill them later
mirabilos [Thu, 16 May 2019 16:38:35 +0000 (18:38 +0200)]
clear out the overrides files, we’ll refill them later

6 months agoinitial overhaul
mirabilos [Thu, 16 May 2019 16:25:29 +0000 (18:25 +0200)]
initial overhaul

6 months agoIntroduce versioned Provides for ca-certificates-java for OpenJDK 11
mirabilos [Thu, 16 May 2019 16:13:31 +0000 (18:13 +0200)]
Introduce versioned Provides for ca-certificates-java for OpenJDK 11

(cherry picked from commit 165858afad0a704af3615da581780dda95db742f)

6 months agoMerge remote-tracking branch 'bsd/master' and make identical to .dsc ca-bundle-20181220
mirabilos [Thu, 16 May 2019 15:37:00 +0000 (17:37 +0200)]
Merge remote-tracking branch 'bsd/master' and make identical to .dsc

6 months agosame for tag ca-bundle-20170309 ca-bundle-20170309
mirabilos [Thu, 9 Mar 2017 15:45:35 +0000 (15:45 +0000)]
same for tag ca-bundle-20170309

6 months agosame for tag ca-bundle-20140329 ca-bundle-20140329
mirabilos [Sat, 29 Mar 2014 23:18:52 +0000 (23:18 +0000)]
same for tag ca-bundle-20140329

6 months agoMerge tags 'ca-bundle-20120530' of pkg-cvs and bsd/master branches ca-bundle-20120530
mirabilos [Wed, 30 May 2012 20:02:08 +0000 (20:02 +0000)]
Merge tags 'ca-bundle-20120530' of pkg-cvs and bsd/master branches

11 months agorefresh
tg [Thu, 20 Dec 2018 04:17:48 +0000 (04:17 +0000)]
refresh

11 months agoupdate SSL certificates from Debian (also kills expired ones)
tg [Thu, 20 Dec 2018 03:57:10 +0000 (03:57 +0000)]
update SSL certificates from Debian (also kills expired ones)

2 years agodrop all certs expiring in 2017
tg [Fri, 8 Dec 2017 03:14:41 +0000 (03:14 +0000)]
drop all certs expiring in 2017

2 years agosync
tg [Mon, 31 Jul 2017 17:43:33 +0000 (17:43 +0000)]
sync

2 years agoupdate from Mozilla via Debian: blacklist WoSign and StartCom
tg [Mon, 31 Jul 2017 17:33:15 +0000 (17:33 +0000)]
update from Mozilla via Debian: blacklist WoSign and StartCom

2 years agoadd back 4fbd6bfa.0 (UTN DATACorp SGC) until we can access CloudFlare
tg [Fri, 10 Mar 2017 21:33:47 +0000 (21:33 +0000)]
add back 4fbd6bfa.0 (UTN DATACorp SGC) until we can access CloudFlare
sites without being presented a SHA-1 cert from a Legacy root (see
their LV proposal) presumably by merging LibreSSL or so

2 years agoupdate
tg [Thu, 9 Mar 2017 15:45:35 +0000 (15:45 +0000)]
update

2 years agosync
tg [Thu, 9 Mar 2017 15:06:47 +0000 (15:06 +0000)]
sync

2 years agoupdate
tg [Thu, 9 Mar 2017 14:22:23 +0000 (14:22 +0000)]
update

3 years agothe package (which I really ought to be making some time soon) is called
tg [Sat, 13 Feb 2016 16:32:16 +0000 (16:32 +0000)]
the package (which I really ought to be making some time soon) is called
lynx-openssl not lynx-secure, to minimise naming conflict potential
(woody had lynx-ssl)

3 years agobump
tg [Fri, 12 Feb 2016 13:20:33 +0000 (13:20 +0000)]
bump

3 years agoupdate (part 2)
tg [Mon, 8 Feb 2016 19:18:01 +0000 (19:18 +0000)]
update (part 2)

3 years agoupdate (part 1)
tg [Mon, 8 Feb 2016 17:50:27 +0000 (17:50 +0000)]
update (part 1)

4 years agorefresh; remove all that expire this year
tg [Sat, 18 Jul 2015 22:47:39 +0000 (22:47 +0000)]
refresh; remove all that expire this year
• ca-certificates_20150426_all.deb
• sendmail CACerts,v 8.6 (8.15.2)

5 years agoprepare new version
tg [Sat, 29 Mar 2014 23:18:52 +0000 (23:18 +0000)]
prepare new version

5 years ago• regenerate
tg [Sat, 29 Mar 2014 22:59:17 +0000 (22:59 +0000)]
• regenerate
• use upstream NSS trust values if possible, backported to our version
• remove certdata.c as announced
• note gkeytool-4.4 chokes on one more cert

5 years agoUpdate X.509v3 Root CA certificates in the base system
tg [Sat, 29 Mar 2014 20:56:48 +0000 (20:56 +0000)]
Update X.509v3 Root CA certificates in the base system
• drastically reduce number of CAs shipped, to follow current best practice
  (per recommendation of IanG and mostly Debian)
• install OpenSSL 1.x-format hashed files, by request of bsiegert@

6 years agoMBF
tg [Sat, 9 Nov 2013 01:21:33 +0000 (01:21 +0000)]
MBF

6 years agothat should be it
tg [Tue, 10 Sep 2013 21:45:29 +0000 (21:45 +0000)]
that should be it

6 years agoEndmail 2012
tg [Tue, 6 Aug 2013 20:24:11 +0000 (20:24 +0000)]
Endmail 2012

6 years agobump
tg [Sun, 6 Jan 2013 01:17:34 +0000 (01:17 +0000)]
bump

6 years agoprepare an update and handle horracle java 7
tg [Sun, 6 Jan 2013 00:56:31 +0000 (00:56 +0000)]
prepare an update and handle horracle java 7

6 years agosync
tg [Sun, 6 Jan 2013 00:44:01 +0000 (00:44 +0000)]
sync

6 years ago• SECURITY: remove TÜRKTRUST because they apparently “accidentally” issue
tg [Sun, 6 Jan 2013 00:08:06 +0000 (00:08 +0000)]
• SECURITY: remove TÜRKTRUST because they apparently “accidentally” issue
  intermediate roots when the request was just for a regular certificate,
  do not notice it and a “*.google.com” cert signed by that was seen in the
  wild (the patch to explicitly distrust certificates in OpenSSL is still
  not ready)
• remove expired ones

7 years agodrop expired
tg [Sun, 2 Sep 2012 22:14:11 +0000 (22:14 +0000)]
drop expired

7 years agowe may have a release!
tg [Wed, 30 May 2012 20:02:08 +0000 (20:02 +0000)]
we may have a release!

7 years agowe can now generate the .links file at build time, no need to package it
tg [Wed, 30 May 2012 19:56:07 +0000 (19:56 +0000)]
we can now generate the .links file at build time, no need to package it

7 years agoother misc. packaging improvements
tg [Wed, 30 May 2012 19:50:46 +0000 (19:50 +0000)]
other misc. packaging improvements

7 years agodashes
tg [Wed, 30 May 2012 19:46:57 +0000 (19:46 +0000)]
dashes

7 years agomerge rest of tarent packaging improvements: gcj, conflicts,
tg [Wed, 30 May 2012 19:42:01 +0000 (19:42 +0000)]
merge rest of tarent packaging improvements: gcj, conflicts,
move the update-ca-certificates script back to /usr/sbin

7 years agoswitch to Debhelper 4 for handling sarge; from tarent solutions GmbH
tg [Wed, 30 May 2012 19:29:06 +0000 (19:29 +0000)]
switch to Debhelper 4 for handling sarge; from tarent solutions GmbH

7 years agoadd placeholders for newly added files in The MirPorts Framework
tg [Wed, 30 May 2012 19:24:19 +0000 (19:24 +0000)]
add placeholders for newly added files in The MirPorts Framework

7 years agorefresh JKS and NSSCKBI; add GCJ; enact OpenSSL 1.x compat hardlinks;
tg [Wed, 30 May 2012 19:12:27 +0000 (19:12 +0000)]
refresh JKS and NSSCKBI; add GCJ; enact OpenSSL 1.x compat hardlinks;
pimp DESCR

7 years agoregenerate the NSS bundle in the meantime
tg [Wed, 30 May 2012 18:09:13 +0000 (18:09 +0000)]
regenerate the NSS bundle in the meantime

7 years agosync with certdata.txt and expire
tg [Wed, 30 May 2012 17:21:02 +0000 (17:21 +0000)]
sync with certdata.txt and expire

XXX we really should consider an inclusion policy other than “convenience”

7 years agonuke expired SSL cert
tg [Sat, 14 Jan 2012 21:49:12 +0000 (21:49 +0000)]
nuke expired SSL cert

8 years agodrop expired certificates
tg [Sun, 20 Nov 2011 00:21:57 +0000 (00:21 +0000)]
drop expired certificates

8 years agolintian and d/rules cleanup round
tg [Sat, 12 Nov 2011 00:11:22 +0000 (00:11 +0000)]
lintian and d/rules cleanup round

8 years agoupdate description
tg [Fri, 11 Nov 2011 23:41:28 +0000 (23:41 +0000)]
update description

8 years agojust DO NOT use build-depends-indep
tg [Fri, 11 Nov 2011 23:39:30 +0000 (23:39 +0000)]
just DO NOT use build-depends-indep

8 years agodrop pkioverheid.nl which was also accessible to the DigiNotar crackers, sorry dutch...
tg [Tue, 13 Sep 2011 18:41:34 +0000 (18:41 +0000)]
drop pkioverheid.nl which was also accessible to the DigiNotar crackers, sorry dutch people you’ve got a problem now

8 years agoFix maintainer scripts and drop dh_installdirs
tg [Tue, 6 Sep 2011 20:18:41 +0000 (20:18 +0000)]
Fix maintainer scripts and drop dh_installdirs

8 years agoupdate to certdata.txt,v 1.5 which contains a patch from Debian nss
tg [Tue, 6 Sep 2011 18:33:33 +0000 (18:33 +0000)]
update to certdata.txt,v 1.5 which contains a patch from Debian nss
to explicitly distrust the DigiNotar root due to the absolute trust
Super-GAU (and renames the 25C3 collisions CA to distrust, as well)

8 years agoChanges:
tg [Sat, 3 Sep 2011 12:09:38 +0000 (12:09 +0000)]
Changes:
 nss (3.12.11-3) unstable; urgency=high
 .
   * mozilla/security/nss/lib/ckfw/builtins/certdata.*:
     Explicitely distrust various DigiNotar CAs:
     - DigiNotar Root CA
     - DigiNotar Services 1024 CA
     - DigiNotar Cyber CA
     - DigiNotar Cyber CA 2nd
     - DigiNotar PKIoverheid
     - DigiNotar PKIoverheid G2

8 years agoupdate
tg [Tue, 30 Aug 2011 14:06:35 +0000 (14:06 +0000)]
update

8 years agoeep, fix RCS ID
tg [Tue, 30 Aug 2011 13:50:09 +0000 (13:50 +0000)]
eep, fix RCS ID

8 years agosync
tg [Tue, 30 Aug 2011 13:45:49 +0000 (13:45 +0000)]
sync

8 years agohttp://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
tg [Tue, 30 Aug 2011 13:10:50 +0000 (13:10 +0000)]
blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/

8 years agosmall SSL CA Certificate update (don’t have the time for a full one ATM):
tg [Sun, 17 Jul 2011 21:22:15 +0000 (21:22 +0000)]
small SSL CA Certificate update (don’t have the time for a full one ATM):
• CAcert.org Class 3 rollover
• drop one expired
• drop two duplicates (wtf…)

8 years agobetter
tg [Sun, 24 Apr 2011 17:08:16 +0000 (17:08 +0000)]
better

8 years agoOpenSSL sucks. I’ve kept so much pain away from MirBSD by sticking with 0.9.7…
tg [Sun, 24 Apr 2011 17:02:38 +0000 (17:02 +0000)]
OpenSSL sucks. I’ve kept so much pain away from MirBSD by sticking with 0.9.7…

8 years agopart 4/4: prepare upload of a new package
tg [Wed, 30 Mar 2011 10:45:25 +0000 (10:45 +0000)]
part 4/4: prepare upload of a new package

8 years agopart 2 of 4 updating the CA bundle
tg [Wed, 30 Mar 2011 10:16:25 +0000 (10:16 +0000)]
part 2 of 4 updating the CA bundle

8 years agopart 1/2 of periodical x.509 cert update; prodded by gecko2@tarent
tg [Wed, 30 Mar 2011 08:59:55 +0000 (08:59 +0000)]
part 1/2 of periodical x.509 cert update; prodded by gecko2@tarent

8 years agomerge and tweak the strays
tg [Fri, 4 Mar 2011 15:19:51 +0000 (15:19 +0000)]
merge and tweak the strays

8 years agoput packages that weren’t built from CVS into the latter…
tg [Fri, 4 Mar 2011 14:51:47 +0000 (14:51 +0000)]
put packages that weren’t built from CVS into the latter…

8 years agoTrinity has officially taken over KDE 3 development… but… what the hey…
tg [Sat, 29 Jan 2011 19:10:16 +0000 (19:10 +0000)]
Trinity has officially taken over KDE 3 development… but… what the hey…

9 years agorebuild
tg [Mon, 13 Dec 2010 09:38:18 +0000 (09:38 +0000)]
rebuild

9 years agouse a central place for NSS ckbi; sync with MirBSD CA bundle
tg [Sun, 12 Dec 2010 16:37:15 +0000 (16:37 +0000)]
use a central place for NSS ckbi; sync with MirBSD CA bundle

9 years agoupdate from MirBSD sources, new keytool can do ECC too, sync notes
tg [Sun, 12 Dec 2010 16:17:47 +0000 (16:17 +0000)]
update from MirBSD sources, new keytool can do ECC too, sync notes
also put certdata.{txt,c} here for easier access

9 years ago• sync with Netscape
tg [Sat, 11 Dec 2010 20:05:47 +0000 (20:05 +0000)]
• sync with Netscape
• sync from Startcom
• drop those expiring this year

9 years ago• remove expired certs
tg [Wed, 24 Nov 2010 18:10:45 +0000 (18:10 +0000)]
• remove expired certs
• add two new, from plänet debian, for MSN Messenger

9 years agoroll over almost-expired c61efb68.0 (c61efb68.1 is its replacement
tg [Sat, 7 Aug 2010 16:04:03 +0000 (16:04 +0000)]
roll over almost-expired c61efb68.0 (c61efb68.1 is its replacement
and now called c61efb68.0 instead)

9 years agoupdate this package, too
tg [Fri, 23 Jul 2010 08:34:41 +0000 (08:34 +0000)]
update this package, too

9 years ago• keystore.jks: refresh from latest SSL bundle, except EC certs:
tg [Thu, 22 Jul 2010 14:21:07 +0000 (14:21 +0000)]
• keystore.jks: refresh from latest SSL bundle, except EC certs:
  27af790d.0 5e4e69e7.0 89c02a45.0 a7d2cf64.0
• security/nss/files/certdata.txt: refresh from latest SSL bundle
• www/firesomething/files/certdata.txt: copy from security/nss/
  because bsiegert@ still hasn’t fixed the firesomething port to use it

9 years agoupdate from Opera and Microsoft (rootsupd.exe) and nuke expired ones
tg [Thu, 22 Jul 2010 13:00:23 +0000 (13:00 +0000)]
update from Opera and Microsoft (rootsupd.exe) and nuke expired ones
note: intermediates are now included for the first time

9 years agorolling updates for e.g. IPS, Endmail Org CA, Startcom intermediates, etc.
tg [Thu, 27 May 2010 21:51:19 +0000 (21:51 +0000)]
rolling updates for e.g. IPS, Endmail Org CA, Startcom intermediates, etc.
and removal of expired ones; sync with Mozilla/NSS bundle too and add notes

9 years ago• remove “RSA Security 1024 V3” root, cf.
tg [Fri, 9 Apr 2010 19:29:13 +0000 (19:29 +0000)]
• remove “RSA Security 1024 V3” root, cf.
  http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/b6493a285ba79998/26fca75f9aeff1dc
• I managed to forget the passphrase for the MirBSD Infrastructure CA, RIP…

9 years agonuke DMUA field, I am DD of BSD^H^Horg
tg [Thu, 25 Feb 2010 22:15:21 +0000 (22:15 +0000)]
nuke DMUA field, I am DD of BSD^H^Horg

9 years agoprevent "accidents" such as Debian #570064 where someone changes to debian/source...
tg [Tue, 16 Feb 2010 23:21:02 +0000 (23:21 +0000)]
prevent "accidents" such as Debian #570064 where someone changes to debian/source/format="3.0 (quilt)" in an NMU (wtf?!) - thanks to mika@d.o for noticing

9 years agoInclude the "Gandi Standard SSL CA" (intermediate CA) from France,
tg [Sat, 30 Jan 2010 23:49:55 +0000 (23:49 +0000)]
Include the "Gandi Standard SSL CA" (intermediate CA) from France,
because Freenode PDPC is too stupid to properly include their own
certificate chain into the server response.