20121114 (patches unapplied)

Imported using git-ubuntu import.
[ Don Armstrong ] * Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051. * Provide update-ca-certificates and update-ca-certificates-fresh triggers. * Call the triggers using no-await so that the configuration files from the newer version of ca-certificates-java are in places before the upgrade. Closes: #537051. [ Michael Shuler ] * Add note to previous mozilla/certdata.txt changelog entry to document CKT_NSS_MUST_VERIFY_TRUST changes.
2025-04-13 09:38:26 +00:00 · 2012-11-14 23:58:59 -06:00 · 2012-11-14 23:58:59 -06:00 · 9625595db7 · 2020-07-14 23:27:18 +00:00
commit 9625595db7
parent 6c0d765d7f
5 changed files with 48 additions and 3 deletions
--- a/debian/ca-certificates.triggers
+++ b/debian/ca-certificates.triggers
@ -0,0 +1,4 @@
+interest-noawait update-ca-certificates
+interest-noawait update-ca-certificates-fresh
+interest update-ca-certificates
+interest update-ca-certificates-fresh
--- a/debian/changelog
+++ b/debian/changelog
@ -1,6 +1,28 @@
+ca-certificates (20121114) unstable; urgency=low
+
+  [ Don Armstrong ]
+  * Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
+  * Provide update-ca-certificates and update-ca-certificates-fresh
+    triggers.
+  * Call the triggers using no-await so that the configuration files from
+    the newer version of ca-certificates-java are in places before the
+    upgrade. Closes: #537051.
+
+  [ Michael Shuler ]
+  * Add note to previous mozilla/certdata.txt changelog entry to document
+    CKT_NSS_MUST_VERIFY_TRUST changes.
+
+ -- Michael Shuler <michael@pbandjelly.org>  Wed, 14 Nov 2012 23:58:59 -0600
+
 ca-certificates (20121105) unstable; urgency=low

  * Update mozilla/certdata.txt to version 1.86  Closes: #683728
+    - Replace legacy "no explicit trust" flag of CKT_NSS_TRUST_UNKNOWN for
+      CKT_NSS_MUST_VERIFY_TRUST, instead of a mix of both flags:
+      https://bugzilla.mozilla.org/show_bug.cgi?id=757189
+      This upstream fix does not change the CA certificates installed in
+      ca-certificates as both flags are ignored. Only those CA certificates
+      with the CKT_NSS_TRUSTED_DELEGATOR flag in certdata.txt are installed.
    Certificates added (+) (none removed):
    + "Actalis Authentication Root CA"
    + "Trustis FPS Root CA"
--- a/debian/config
+++ b/debian/config
@ -5,7 +5,7 @@ set -e

 action="$1"
 cur_version="$2"
-this_version='20121105'
+this_version='20121114'
 pt_BR_fixed_version="20080616"

 if test -f /etc/ca-certificates.conf; then
--- a/debian/control
+++ b/debian/control
@ -13,9 +13,11 @@ Vcs-Browser: http://git.debian.org/?p=collab-maint/ca-certificates.git

 Package: ca-certificates
 Architecture: all
+Pre-Depends: dpkg (>= 1.16.1)
 Depends: openssl (>= 1.0.0), ${misc:Depends}
 Enhances: openssl
 Multi-Arch: foreign
+Breaks: ca-certificates-java (<<20121112+nmu1)
 Description: Common CA certificates
 This package includes PEM files of CA certificates to allow SSL-based
 applications to check for the authenticity of SSL connections.
--- a/debian/postinst
+++ b/debian/postinst
@ -142,12 +142,29 @@ EOF
 	# fix bogus symlink to ca-certificates.crt on upgrades; see
 	# Debian #643667; drop after wheezy
 	if dpkg --compare-versions "$2" lt-nl 20111025; then
-	    update-ca-certificates --fresh
+	    dpkg-trigger --no-await update-ca-certificates-fresh
 	else
-	    update-ca-certificates
+	    dpkg-trigger --no-await update-ca-certificates
 	fi
    ;;

+    triggered)
+	for trigger in $2; do
+	    case "$trigger" in
+		update-ca-certificates)
+		    update-ca-certificates
+		    ;;
+		update-ca-certificates-fresh)
+		    update-ca-certificates --fresh
+		    ;;
+		*)
+		    echo "postinst called with unknown trigger \`$2'">&2
+		    exit 1
+		    ;;
+	    esac;
+	done;
+	;;
+
    abort-upgrade|abort-remove|abort-deconfigure)

    ;;