diff --git a/debian/changelog b/debian/changelog index fa04f1a..e55341b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,41 @@ +ca-certificates (20200601~deb10u2) buster; urgency=medium + + [ Julien Cristau ] + * New maintainer (see #976406) + + [ Michael Shuler ] + * mozilla/blacklist: + Revert Symantec CA blacklist (#911289). Closes: #962596, #968002. + The following root certificates were added back (+): + + "GeoTrust Global CA" + + "GeoTrust Primary Certification Authority" + + "GeoTrust Primary Certification Authority - G2" + + "GeoTrust Primary Certification Authority - G3" + + "GeoTrust Universal CA" + + "thawte Primary Root CA" + + "thawte Primary Root CA - G2" + + "thawte Primary Root CA - G3" + + "VeriSign Class 3 Public Primary Certification Authority - G4" + + "VeriSign Class 3 Public Primary Certification Authority - G5" + + "VeriSign Universal Root Certification Authority" + + Note: due to bug #743339, CA certificates added back in this version + won't automatically be trusted again on upgrade. Affected users may + need to reconfigure the package to restore the desired state. + + -- Julien Cristau Thu, 28 Jan 2021 13:01:43 +0100 + +ca-certificates (20200601~deb10u1) buster; urgency=medium + + * Rebuild for buster. + * Merge changes from 20200601 + - d/control; set d/gbp.conf branch to debian-buster + * This release updates the Mozilla CA bundle to 2.40, blacklists + distrusted Symantec roots, and blacklists expired "AddTrust External + Root". Closes: #956411, #955038, #911289, #961907 + + -- Michael Shuler Wed, 03 Jun 2020 13:09:34 -0500 + ca-certificates (20200601) unstable; urgency=medium * debian/control: diff --git a/debian/control b/debian/control index 88129e1..cb3ddf0 100644 --- a/debian/control +++ b/debian/control @@ -1,12 +1,10 @@ Source: ca-certificates Section: misc Priority: optional -Maintainer: Michael Shuler -Uploaders: Raphael Geissert , - Thijs Kinkhorst -Build-Depends: debhelper-compat (= 13), po-debconf +Maintainer: Julien Cristau +Build-Depends: debhelper-compat (= 12), po-debconf Build-Depends-Indep: python, openssl -Standards-Version: 4.5.0.2 +Standards-Version: 4.3.0.1 Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git Vcs-Browser: https://salsa.debian.org/debian/ca-certificates diff --git a/debian/gbp.conf b/debian/gbp.conf index 86f84e1..7f1cf19 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,2 +1,2 @@ [buildpackage] -debian-branch = master +debian-branch = debian-buster diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt index ec81988..4318bb5 100644 --- a/mozilla/blacklist.txt +++ b/mozilla/blacklist.txt @@ -11,29 +11,6 @@ "TURKTRUST Mis-issued Intermediate CA 1" "TURKTRUST Mis-issued Intermediate CA 2" -# Distrusted Symantec Root CAs: -"GeoTrust Global CA" -"GeoTrust Primary Certification Authority" -"GeoTrust Primary Certification Authority - G2" -"GeoTrust Primary Certification Authority - G3" -"GeoTrust Universal CA" -"Thawte Premium Server CA" -"thawte Primary Root CA" -"thawte Primary Root CA - G2" -"thawte Primary Root CA - G3" -"Symantec Class 1 Public Primary Certification Authority - G4" -"Symantec Class 1 Public Primary Certification Authority - G6" -"Symantec Class 2 Public Primary Certification Authority - G4" -"Symantec Class 2 Public Primary Certification Authority - G6" -"Symantec Class 3 Public Primary Certification Authority - G4" -"Symantec Class 3 Public Primary Certification Authority - G6" -"VeriSign Class 1 Public Primary Certification Authority - G3" -"VeriSign Class 2 Public Primary Certification Authority - G3" -"VeriSign Class 3 Public Primary Certification Authority - G3" -"VeriSign Class 3 Public Primary Certification Authority - G4" -"VeriSign Class 3 Public Primary Certification Authority - G5" -"VeriSign Universal Root Certification Authority" - # Blacklist expired certificate (Not After : May 30 10:48:38 2020 GMT) # See: https://bugs.debian.org/961907 "AddTrust External Root"