Declare fast forward from 20190110

[dgit --overwrite]
Upload to stable
2021-01-28 13:01:43 +01:00 · 2021-01-28 15:07:21 +01:00 · 2021-01-28 13:01:13 +01:00 · 2020-06-03 13:10:12 -05:00 · 2020-06-01 17:19:20 -05:00 · 2020-06-01 15:36:12 -05:00
4 changed files with 42 additions and 29 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,41 @@
+ca-certificates (20200601~deb10u2) buster; urgency=medium
+
+  [ Julien Cristau ]
+  * New maintainer (see #976406)
+
+  [ Michael Shuler ]
+  * mozilla/blacklist:
+    Revert Symantec CA blacklist (#911289). Closes: #962596, #968002.
+    The following root certificates were added back (+):
+    + "GeoTrust Global CA"
+    + "GeoTrust Primary Certification Authority"
+    + "GeoTrust Primary Certification Authority - G2"
+    + "GeoTrust Primary Certification Authority - G3"
+    + "GeoTrust Universal CA"
+    + "thawte Primary Root CA"
+    + "thawte Primary Root CA - G2"
+    + "thawte Primary Root CA - G3"
+    + "VeriSign Class 3 Public Primary Certification Authority - G4"
+    + "VeriSign Class 3 Public Primary Certification Authority - G5"
+    + "VeriSign Universal Root Certification Authority"
+
+  Note: due to bug #743339, CA certificates added back in this version
+  won't automatically be trusted again on upgrade.  Affected users may
+  need to reconfigure the package to restore the desired state.
+
+ -- Julien Cristau <jcristau@debian.org>  Thu, 28 Jan 2021 13:01:43 +0100
+
+ca-certificates (20200601~deb10u1) buster; urgency=medium
+
+  * Rebuild for buster.
+  * Merge changes from 20200601
+    - d/control; set d/gbp.conf branch to debian-buster
+  * This release updates the Mozilla CA bundle to 2.40, blacklists
+    distrusted Symantec roots, and blacklists expired "AddTrust External
+    Root". Closes: #956411, #955038, #911289, #961907
+
+ -- Michael Shuler <michael@pbandjelly.org>  Wed, 03 Jun 2020 13:09:34 -0500
+
 ca-certificates (20200601) unstable; urgency=medium

  * debian/control:
--- a/debian/control
+++ b/debian/control
@ -1,12 +1,10 @@
 Source: ca-certificates
 Section: misc
 Priority: optional
-Maintainer: Michael Shuler <michael@pbandjelly.org>
-Uploaders: Raphael Geissert <geissert@debian.org>,
-           Thijs Kinkhorst <thijs@debian.org>
-Build-Depends: debhelper-compat (= 13), po-debconf
+Maintainer: Julien Cristau <jcristau@debian.org>
+Build-Depends: debhelper-compat (= 12), po-debconf
 Build-Depends-Indep: python, openssl
-Standards-Version: 4.5.0.2
+Standards-Version: 4.3.0.1
 Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
 Vcs-Browser: https://salsa.debian.org/debian/ca-certificates

--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@ -1,2 +1,2 @@
 [buildpackage]
-debian-branch = master
+debian-branch = debian-buster
--- a/mozilla/blacklist.txt
+++ b/mozilla/blacklist.txt
@ -11,29 +11,6 @@
 "TURKTRUST Mis-issued Intermediate CA 1"
 "TURKTRUST Mis-issued Intermediate CA 2"

-# Distrusted Symantec Root CAs:
-"GeoTrust Global CA"
-"GeoTrust Primary Certification Authority"
-"GeoTrust Primary Certification Authority - G2"
-"GeoTrust Primary Certification Authority - G3"
-"GeoTrust Universal CA"
-"Thawte Premium Server CA"
-"thawte Primary Root CA"
-"thawte Primary Root CA - G2"
-"thawte Primary Root CA - G3"
-"Symantec Class 1 Public Primary Certification Authority - G4"
-"Symantec Class 1 Public Primary Certification Authority - G6"
-"Symantec Class 2 Public Primary Certification Authority - G4"
-"Symantec Class 2 Public Primary Certification Authority - G6"
-"Symantec Class 3 Public Primary Certification Authority - G4"
-"Symantec Class 3 Public Primary Certification Authority - G6"
-"VeriSign Class 1 Public Primary Certification Authority - G3"
-"VeriSign Class 2 Public Primary Certification Authority - G3"
-"VeriSign Class 3 Public Primary Certification Authority - G3"
-"VeriSign Class 3 Public Primary Certification Authority - G4"
-"VeriSign Class 3 Public Primary Certification Authority - G5"
-"VeriSign Universal Root Certification Authority"
-
 # Blacklist expired certificate (Not After : May 30 10:48:38 2020 GMT)
 # See: https://bugs.debian.org/961907
 "AddTrust External Root"
Author	SHA1	Message	Date
Julien Cristau	bfc96be712	Declare fast forward from 20190110 [dgit --overwrite]	2021-01-28 13:01:43 +01:00
Julien Cristau	5eeba011be	Upload to stable	2021-01-28 15:07:21 +01:00
Michael Shuler	62a6fc666d	Revert "Set release 20200601; add Symantec CAs to blacklist" This reverts commit `1efe81a680`.	2021-01-28 13:01:13 +01:00
Michael Shuler	7f18c95eca	Update d/changelog for buster stable update	2020-06-03 13:10:12 -05:00
Michael Shuler	5256b350ec	Set buster-security for suite	2020-06-01 17:19:20 -05:00
Michael Shuler	cef3c140d3	Rebuild for buster.	2020-06-01 15:36:12 -05:00
Michael Shuler	0ed466931e	ca-certificates (20190110) unstable; urgency=high * debian/control: Depend on openssl (>= 1.1.1). Set Standards-Version: 4.3.0.1. Set Build-Depends: debhelper-compat (= 12); drop d/compat Remove trailing whitespace from d/changelog. * debian/ca-certificates.postinst: Fix permissions on /usr/local/share/ca-certificates when using symlinks. Closes: #916833 * sbin/update-ca-certificates: Remove orphan symlinks found in /etc/ssl/certs to prevent `openssl rehash` from exiting with an error. Closes: #895482, #895473 This will also fix removal of user CA certificates from /usr/local without needing to run --fresh. Closes: #911303 * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.28. The following certificate authorities were added (+): + "GlobalSign Root CA - R6" + "OISTE WISeKey Global Root GC CA" The following certificate authorities were removed (-): - "Certplus Root CA G1" - "Certplus Root CA G2" - "OpenTrust Root CA G1" - "OpenTrust Root CA G2" - "OpenTrust Root CA G3" - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5" - "Visa eCommerce Root" [dgit import package ca-certificates 20190110]	2019-01-11 02:31:31 +01:00