Merge branch 'debian-buster' into debian-stretch

Merge branch 'master' into debian-buster
Fix Vcs- URLs in d/control
2020-06-11 09:14:51 -05:00 · 2020-06-11 09:08:26 -05:00 · 2020-06-05 15:15:06 -05:00 · 2020-06-05 15:08:53 -05:00 · 2020-06-05 15:07:50 -05:00 · 2020-06-05 15:06:56 -05:00
7 changed files with 17 additions and 18 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,10 @@
+ca-certificates (20200611~deb9u1) stretch; urgency=medium
+
+  * Rebuild for stretch.
+  * This oldstable release Closes: #962596, #942915
+
+ -- Michael Shuler <michael@pbandjelly.org>  Thu, 11 Jun 2020 09:11:56 -0500
+
 ca-certificates (20200611) unstable; urgency=medium

  * mozilla/blacklist:
--- a/debian/compat
+++ b/debian/compat
@ -0,0 +1 @@
+10
--- a/debian/control
+++ b/debian/control
@ -4,15 +4,15 @@ Priority: optional
 Maintainer: Michael Shuler <michael@pbandjelly.org>
 Uploaders: Raphael Geissert <geissert@debian.org>,
           Thijs Kinkhorst <thijs@debian.org>
-Build-Depends: debhelper-compat (= 13), po-debconf
+Build-Depends: debhelper (>= 10), po-debconf
 Build-Depends-Indep: python3, openssl
-Standards-Version: 4.5.0.2
+Standards-Version: 3.9.8
 Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
 Vcs-Browser: https://salsa.debian.org/debian/ca-certificates

 Package: ca-certificates
 Architecture: all
-Depends: openssl (>= 1.1.1), ${misc:Depends}
+Depends: openssl (>= 1.0.0), ${misc:Depends}
 Enhances: openssl
 Multi-Arch: foreign
 Breaks: ca-certificates-java (<<20121112+nmu1)
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@ -1,2 +1,2 @@
 [buildpackage]
-debian-branch = master
+debian-branch = debian-stretch
--- a/debian/rules
+++ b/debian/rules
@ -60,7 +60,7 @@ install: build
 	install -d -m 0755 "$(CURDIR)/debian/ca-certificates-udeb/etc/ssl/certs"
 	(cd mozilla; \
 	 $(MAKE) install CERTSDIR="$(CURDIR)/debian/ca-certificates-udeb/etc/ssl/certs")
-	openssl rehash -v "$(CURDIR)/debian/ca-certificates-udeb/etc/ssl/certs"
+	c_rehash -v "$(CURDIR)/debian/ca-certificates-udeb/etc/ssl/certs"

 # Build architecture-independent files here.
 binary-indep: build install
--- a/sbin/update-ca-certificates
+++ b/sbin/update-ca-certificates
@ -172,20 +172,11 @@ REMOVED_CNT=$(wc -l < "$REMOVED")
 if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
 then
  # only run if set of files has changed
-  # Remove orphan symlinks found in ETCCERTSDIR to prevent `openssl rehash`
-  # from exiting with an error. See #895482, #895473.
-  find $ETCCERTSDIR -type l ! -exec test -e {} \; -print | while read orphan
-  do
-    rm -f "$orphan"
-    if [ "$verbose" = 1 ]; then
-      echo "Removed orphan symlink $orphan"
-    fi
-  done
  if [ "$verbose" = 0 ]
  then
-    openssl rehash . > /dev/null
+    c_rehash . > /dev/null
  else
-    openssl rehash -v .
+    c_rehash .
  fi
 fi

--- a/sbin/update-ca-certificates.8
+++ b/sbin/update-ca-certificates.8
@ -50,7 +50,7 @@ A summary of options is included below.
 Show summary of options.
 .TP
 .B \-v, \-\-verbose
-Be verbose. Output \fBopenssl rehash\fP.
+Be verbose. Output \fBc_rehash\fP.
 .TP
 .B \-f, \-\-fresh
 Fresh updates.  Remove symlinks in /etc/ssl/certs directory.
@ -69,7 +69,7 @@ Directory of CA certificates.
 .I /usr/local/share/ca-certificates
 Directory of local CA certificates (with .crt extension).
 .SH SEE ALSO
-.BR openssl (1)
+.BR c_rehash (1)
 .SH AUTHOR
 This manual page was written by Fumitoshi UKAI <ukai@debian.or.jp>,
 for the Debian project (but may be used by others).
Author	SHA1	Message	Date
Michael Shuler	c151326dda	Merge branch 'debian-buster' into debian-stretch	2020-06-11 09:14:51 -05:00
Michael Shuler	442fd47f48	Merge branch 'master' into debian-buster	2020-06-11 09:08:26 -05:00
Michael Shuler	5dd5fef200	Fix Vcs- URLs in d/control	2020-06-05 15:15:06 -05:00
Michael Shuler	fe905ac1c2	Merge branch 'debian-buster' into debian-stretch	2020-06-05 15:08:53 -05:00
Michael Shuler	13d1babea9	Merge .gitignore from debian-buster	2020-06-05 15:07:50 -05:00
Michael Shuler	129b2a9cb6	Merge branch 'master' into debian-buster	2020-06-05 15:06:56 -05:00
Michael Shuler	c9f299db2d	Drop filename specified for stretch rebuild summary	2020-06-05 11:53:34 -05:00
Michael Shuler	2930b0fa4d	Remove NEWS The CA add/remove info is in the changelog for users that wish to know what certificate authorities were added or removed. The default installation of apt-listchanges results in lots of emails from users wondering why the package maintainer is emailing them or halting their automated upgrades.	2020-06-05 10:23:05 -05:00
Michael Shuler	411a57013d	Backport email-only root removal for stretch, #721976	2020-06-05 09:59:51 -05:00
Jacob Hoffman-Andrews	21210559b1	Remove email-only roots from mozilla trust store These roots are trusted in the Mozilla program only for S/MIME, so should not be included in ca-certificates, which most applications use to validate TLS certificates. Per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721976, the only MUAs that depend on or suggest ca-certificates are Mutt and Sylpheed. Sylpheed doesn't use ca-certificates for S/MIME. Mutt does, but I think it is still safe to remove thes because: (a) S/MIME is relatively uncommon, and (b) The CAs that have both TLS and S/MIME bits will continue to work, and (c) Nearly all of the 12 removed email-only CAs have ceased operation of their email certificate services Verisign Class 1 Public Primary Certification Authority - G3 Verisign Class 2 Public Primary Certification Authority - G3 UTN USERFirst Email Root CA SwissSign Platinum CA - G2 AC Raiz Certicamara S.A. TC TrustCenter Class 3 CA II ComSign CA S-TRUST Universal Root CA Symantec Class 1 Public Primary Certification Authority - G6 Symantec Class 2 Public Primary Certification Authority - G6 Symantec Class 1 Public Primary Certification Authority - G4 Symantec Class 2 Public Primary Certification Authority - G4	2020-06-05 09:56:25 -05:00
Michael Shuler	f325b6032b	Add #916833 to d/changelog from previous stretch commit	2020-06-03 16:34:30 -05:00
Michael Shuler	d7d6c7bab8	Update d/changelog for stretch stable update	2020-06-03 13:15:47 -05:00
Michael Shuler	7f18c95eca	Update d/changelog for buster stable update	2020-06-03 13:10:12 -05:00
Michael Shuler	7bd8f941ce	Set stretch-security for suite	2020-06-01 17:21:07 -05:00
Michael Shuler	5256b350ec	Set buster-security for suite	2020-06-01 17:19:20 -05:00
Michael Shuler	23fdec2808	Rebuild for stretch.	2020-06-01 16:05:55 -05:00
Michael Shuler	cef3c140d3	Rebuild for buster.	2020-06-01 15:36:12 -05:00
Michael Shuler	d27e356472	Update for stretch Update Mozilla certificate authority bundle to version 2.28 Fix permissions on /usr/local/share/ca-certificates when using symlinks (#916833)	2019-01-23 17:19:02 -06:00
Andreas Beckmann	024d12e7f2	bump upload date	2018-07-07 01:08:49 +02:00
Michael Shuler	a0ca1a6aa3	Set stretch for changelog suite, update date	2018-06-10 20:50:07 -05:00
Michael Shuler	bbac13496e	Remove Christian Perrier from uploaders at his request. Closes: #894070	2018-03-30 11:35:21 -06:00
Michael Shuler	5717e0f323	Update d/changelog with CA adds/removes	2018-03-30 11:23:24 -06:00
Michael Shuler	73346492b3	Revert NEWS to 20161130+nmu1 file	2018-03-30 11:13:45 -05:00
Michael Shuler	cc5ba7a112	Update Mozilla CA bundle to 2.22	2018-03-30 11:12:13 -05:00
Michael Shuler	4c514f487e	Add Closes: #858064	2017-07-21 01:08:53 -05:00
Michael Shuler	3ba93048d9	Stable Release 20161130+nmu1+deb9u1	2017-07-20 00:57:40 -05:00
Michael Shuler	aed0801340	Add postinst fix for read-only /usr/local	2017-07-19 00:34:28 -05:00
Michael Shuler	80b9ab821f	Update Mozilla CA bundle to 2.14	2017-07-18 20:23:47 -05:00
Michael Shuler	7e5c841ddb	Add stretch gbp.conf	2017-07-17 18:01:02 -05:00