ca-certificates (20170717~16.04.2) xenial; urgency=medium

  * Add ca-certificates udeb package (LP: #1807023)

 -- Mauricio Faria de Oliveira <mfo@canonical.com>  Thu, 06 Dec 2018 16:20:55 -0200

ca-certificates (20170717~16.04.1) xenial-security; urgency=medium

  * Update ca-certificates database to 20170717:
    - backport changes from the Ubuntu 17.10 20170717 package

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 27 Sep 2017 11:09:45 -0400

ca-certificates (20160104ubuntu1) xenial; urgency=medium

  * Ship changelog to explain dropped mozilla-1024 certs.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 08 Feb 2016 07:38:07 -0500

ca-certificates (20160104) unstable; urgency=medium

  * debian/rules:
    Sort certificate list for reproducible builds.  Closes: #808711
  * mozilla/certdata2pem.py:
    Drop old CK*_NETSCAPE trust flag checks

 -- Michael Shuler <michael@pbandjelly.org>  Mon, 04 Jan 2016 11:08:26 -0600

ca-certificates (20151214) unstable; urgency=medium

  * Removed SPI CA.  Closes: #796208
  * debian/{compat,control}:
    Updated d/compat to version 9 and updated Build-Depends.
  * debian/postinst:
    Handle /usr/local/share/ca-certificates permissions and ownership on
    upgrade.  Closes: #611501
  * mozilla/certdata2pem.py:
    Add Python 3 support to ca-certificates.
    Thanks to Andrew Wilcox and Richard Ipsum for the patch!  Closes: #789753
  * sbin/update-ca-certificates:
    Update local certificates directory when calling --fresh.
    Thanks for the patch, Daniel Lutz!  Closes: #783615
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.6.
    The following certificate authorities were added (+):
    + "CA WoSign ECC Root"
    + "Certification Authority of WoSign G2"
    + "Certinomis - Root CA"
    + "OISTE WISeKey Global Root GB CA"
    + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
    + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
    The following certificate authorities were removed (-):
    - "A-Trust-nQual-03"
    - "Buypass Class 3 CA 1"
    - "ComSign Secured CA"
    - "Digital Signature Trust Co. Global CA 1"
    - "Digital Signature Trust Co. Global CA 3"
    - "SG TRUST SERVICES RACINE"
    - "TC TrustCenter Class 2 CA II"
    - "TC TrustCenter Universal CA I"
    - "TURKTRUST Certificate Services Provider Root 1"
    - "TURKTRUST Certificate Services Provider Root 2"
    - "UTN DATACorp SGC Root CA"
    - "Verisign Class 4 Public Primary Certification Authority - G3"

 -- Michael Shuler <michael@pbandjelly.org>  Mon, 14 Dec 2015 18:51:50 -0600

ca-certificates (20150426ubuntu1) wily; urgency=medium

  * mozilla-1024/*, Makefile: Since version 20140927 of the ca-certificates
    package, containing the 2.1 version of the nss database, CA
    certificates with 1024-bit RSA keys have been removed. Unfortunately,
    older versions of libraries such as OpenSSL, GnuTLS and glib-networking
    are unable to automatically find alternative trust chains to continue
    connecting to certain sites. This update restores the certificates
    until all libraries have been updated to properly handle alternative
    trust chains. See mozilla-1024/certdata.txt for a list of the exact
    certificates that were added back. (LP: #1469803)

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 13 Jul 2015 11:10:03 -0400

ca-certificates (20150426) unstable; urgency=medium

  * debian/postinst:
    Set mode and group of /usr/local/share/ca-certificates based on current
    /usr/local permissions and ownership.  Closes: #611501
  * sbin/update-ca-certificates:
    Allow customisation of the paths used by update-ca-certificates.
    Add an option to set the certs in a directory to the defaults.
    Thanks for the patches, Paul Wise.  Closes: #774059, #774201
    Fix shellcheck warnings and a little indentation.
  * sbin/update-ca-certificates.8:
    Correct concatenated file name in man page from certificates.crt to
    ca-certificates.crt.  Closes: #782230
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.4.
    The following certificate authorities were added (+):
    + "CFCA EV ROOT"
    + "COMODO RSA Certification Authority"
    + "Entrust Root Certification Authority - EC1"
    + "Entrust Root Certification Authority - G2"
    + "GlobalSign ECC Root CA - R4"
    + "GlobalSign ECC Root CA - R5"
    + "IdenTrust Commercial Root CA 1"
    + "IdenTrust Public Sector Root CA 1"
    + "S-TRUST Universal Root CA"
    + "Staat der Nederlanden EV Root CA"
    + "Staat der Nederlanden Root CA - G3"
    + "USERTrust ECC Certification Authority"
    + "USERTrust RSA Certification Authority"  Closes: #762709
    The following certificate authorities were removed (-):
    - "America Online Root Certification Authority 1"
    - "America Online Root Certification Authority 2"
    - "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"
    - "GTE CyberTrust Global Root"
    - "Thawte Premium Server CA"
    - "Thawte Server CA"

 -- Michael Shuler <michael@pbandjelly.org>  Sun, 26 Apr 2015 10:37:48 -0500

ca-certificates (20141019) unstable; urgency=medium

  * debian/copyright:
    Add coverage for all files reported by lintian
    file-without-copyright-information warning.
  * debian/source/lintian-overrides:
    Add file-without-copyright-information override for SPI certificate file.
  * sbin/update-ca-certificates:
    Restore SELinux label after generating ca-certificates.crt file.
    Thanks to Laurent Bigonville for the patch.  Closes: #742957
    Tidy indentation whitespace.
    Thanks to Antonio Terceiro for the patch.  Closes: #742663
  * debian/control:
    Update to Standards-Version: 3.9.6 (no other changes needed).
    Update Vcs-Browser link to cgit URL.

 -- Michael Shuler <michael@pbandjelly.org>  Sun, 19 Oct 2014 10:36:49 -0500

ca-certificates (20140927) unstable; urgency=medium

  * Update Mozilla certificate authority bundle to version 2.1.
    The following certificate authorities were added (+):
    + "DigiCert Assured ID Root G2"
    + "DigiCert Assured ID Root G3"
    + "DigiCert Global Root G2"
    + "DigiCert Global Root G3"
    + "DigiCert Trusted Root G4"
    + "QuoVadis Root CA 1 G3"
    + "QuoVadis Root CA 2 G3"
    + "QuoVadis Root CA 3 G3"
    + "WoSign"
    + "WoSign China"
    The following certificate authorities were removed (-):
    - "Entrust.net Secure Server CA"
    - "RSA Root Certificate 1"
    - "TDC Internet Root CA"
    - "ValiCert Class 1 VA"
    - "ValiCert Class 2 VA"
  * Include clear list of CAs added/removed, as above, and include better note
    in README.Debian for trust reconfiguration.  Closes: #743365
  * Remove debian/config in debian/rules clean target.
  * Include d/{changelog,NEWS} entries in 20140223 for duplicate CKA_LABEL
    rename of "StartCom Certification Authority"_2.

 -- Michael Shuler <michael@pbandjelly.org>  Sat, 27 Sep 2014 15:14:00 -0500

ca-certificates (20140325) unstable; urgency=medium

  * Update mozilla/certdata.txt to version 1.97+revert_of_936304
    Mozilla reverted the removal of 1024-bit root certificates for
    Entrust.net, GTE CyberTrust, and ValiCert (RSA), but did not update the
    version number in nssckbi.h.
    Certificates added (+) (none removed):
    + "Entrust.net Secure Server CA"
    + "GTE CyberTrust Global Root"
    + "RSA Root Certificate 1"
    + "ValiCert Class 1 VA"
    + "ValiCert Class 2 VA"

 -- Michael Shuler <michael@pbandjelly.org>  Tue, 25 Mar 2014 13:28:19 -0500

# For older changelog entries, run 'apt-get changelog ca-certificates'