20050518 (patches unapplied)

Imported using git-ubuntu import.

Makefile

@@ -4,7 +4,7 @@
 
 CERTSDIR = /usr/share/ca-certificates
 SUBDIRS = spi-inc.org mozilla \
-	brasil.gov.br signet.pl quovadis.bm
+	cacert.org brasil.gov.br signet.pl quovadis.bm
 
 all:
 	for dir in $(SUBDIRS); do \

cacert.org/Makefile

@@ -0,0 +1,12 @@
+#
+# Makefile
+#
+
+all:
+
+clean:
+
+install:
+	for p in *.crt; do \
+	 install -m 644 $$p $(CERTSDIR)/$$p ; \
+	done

cacert.org/README.asc

@@ -0,0 +1,38 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+- -----------------------
+CACert.org Certificate
+- -----------------------
+
+This certificate has been fetched from the following website:
+
+  http://www.cacert.org/index.php?id=3
+
+Confirmed the certificate fingerprint with this webpage.
+
+% openssl x509 -in cacert.org.crt -fingerprint -noout
+MD5 Fingerprint=A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
+
+% gpg --verify cacert-gpg-fingerprint.asc
+gpg: Signature made Mon Feb 14 14:10:37 2005 JST using DSA key ID 65D0FD58
+gpg: Good signature from "CA Cert Signing Authority (Root CA) <gpg@cacert.org>"
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: A31D 4F81 EF4E BD07 B456  FA04 D2BB 0D01 65D0 FD58
+
+% gpg --verify cacert-fingerprint.asc
+gpg: Signature made Thu Sep  4 14:57:45 2003 JST using DSA key ID 65D0FD58
+gpg: Good signature from "CA Cert Signing Authority (Root CA) <gpg@cacert.org>"
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: A31D 4F81 EF4E BD07 B456  FA04 D2BB 0D01 65D0 FD58
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (GNU/Linux)
+
+iD8DBQFCihTo9D5yZjzIjAkRAi8cAJ9Rr03AFQentLJPS4D1IPqywKz9DQCgttyW
+GVtZAwYfsijRojpE5EIXF6o=
+=VauY
+-----END PGP SIGNATURE-----

cacert.org/cacert-fingerprint.asc

@@ -0,0 +1,15 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+For most software, the fingerprint is reported as:
+A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
+
+Under MSIE the thumbprint is reported as:
+135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (GNU/Linux)
+
+iD8DBQE/VtRZ0rsNAWXQ/VgRAphfAJ9jh6TKBDexG0NTTUHvdNuf6O9RuQCdE5kD
+Mch2LMZhK4h/SBIft5ROzVU=
+=R/pJ
+-----END PGP SIGNATURE-----

cacert.org/cacert-gpg-fingerprint.asc

@@ -0,0 +1,13 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+pub  1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA)
+     Key fingerprint = A31D 4F81 EF4E BD07 B456  FA04 D2BB 0D01 65D0 FD58
+sub  2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.5 (GNU/Linux)
+
+iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk
+TG1yj+lkktROGGyn0hJ5SbM=
+=tXoj
+-----END PGP SIGNATURE-----

cacert.org/cacert.asc

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.2.2 (GNU/Linux)
+
+mQGiBD8OdRwRBACEr0/NPA88qp8f6KyIMMveLQ1FOuLi0aDQDPybG7u1nrBoi3VI
+tSRyfYcdExVxWQjTGd9qbShzXBw2DsxjA6YjiGzWKpVcqtj9uUDpSlylBaoadUzu
+Sf3r3IkOHR2QJeC+9v2il30xy5XLMxDRbQYaSmf4uwTlIOUWNn118KpdawCgoNny
+p4DR9EvRgCmY5z6IKHA2WscD/AhAKDVHCIAoZHzSB/puNOuVUSKRbIWNAqUAYosz
+GRzYWb8O/3Ja4fNb3IMQ1gIsEcnUJFHnzID3pTjqWyiCId/NSX3fLuQxZHZE9n8P
+PqlZIvqMrOfCT0RJQa0zTFcrgepnmnHLj7qmtXQZm+YkTvlihOZNtVA4JNzrxDrQ
+egkqA/4hr0LezNJfkUhWnbW604p7AmmKK7Hi/ZixAfnxN0adgnV7oC3Q4VM8aB2i
+gReSuifluHiaJmf/WsA3KH4bdyLRbagz6dOPkXY8bQKy9yRxQz9oYwudlluYoZXe
+gSQI2Jle9U2ENefa9ouvVlsB0he1qzF6VzHXAXpLsANt5smDh7Q0Q0EgQ2VydCBT
+aWduaW5nIEF1dGhvcml0eSAoUm9vdCBDQSkgPGdwZ0BjYWNlcnQub3JnPohfBBMR
+AgAfBQI/DnUcBQk4ZAkABAsHAwIDFQIDAxYCAQIeAQIXgAAKCRDSuw0BZdD9WEFX
+AJ9C6WBcYfTYw1uvZ+N85TPGG5PMKQCcCM1tyULC5J6pfwevywS6cEwfagW5Ag0E
+Pw51MBAIANUbl1u0j+mnVJk1fKbJ+Ul6SAYpNtordfgrgrmlnOhMCFcROrCzsaaI
+1ehohxMbTnIj0RP0g/KotahAurqB98qzHIxXZMEJSzBE2OCNvlIXqUyT1jwhAUN6
+e71s084Lml84gD4cIr7+2YtwIu+6zrE+YdjfMT1NibM3vmiXaknrk4aADb02ZS5U
+iDeRstUO5PG7qVg4umR0HZJ1Ck2U7Kdjaekzzlm0q/vYMZKTYX37NkZRUU0QFLsM
+tACEaZnwKf9hMAWJwG1OFyJeLVH8xvzCkI4I+fpAvAQj6LVAh41SHl7EivH6SiTp
+/+61idoz/CGqeLBxuex6Z+Y53U54FmcAAwUH/2chzBs1YWFX5LuLGEW3R3UW/wDb
+RnYpsSR+pnMBVh18WS0nF08R/SXtb12RsqN5H+GtELOZng6IWL5hhgNaYvF1F4sW
+Ezm2nyVmTsu7/DtHLmXtzz1oNLQ9pzJkoqP2pGtPYQKvmiuoNbt+l1prwjt5zn1D
+slLn8w0+9/PP1YdKpuZ/189yQP6iYsLHxBxg/50MbSzoFwiT22aJCdF+OJ7zRwDy
+GhjnfV7HVwdEDV5rvb7aRolRmZZF2UADSPu52BWT4PI0nVnewAgivyELqVU3Zc3P
+aWqmH5BAh22MjbsbXrWZXK/WOfZCNlPVdfHxwFGxnlwsHgmyrkPAs3szJGiITAQY
+EQIADAUCPw51MAUJOGQJAAAKCRDSuw0BZdD9WMw8AJwIVUzB2WQJGAbf/aXzCABn
+QWdKwACdEWUSf69RZiJgp4oMfXMx0fDEh2I=
+=OaPO
+-----END PGP PUBLIC KEY BLOCK-----

cacert.org/cacert.org.crt

@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----

debian/README.Debian

@@ -1,5 +1,5 @@
 The Debian Package ca-certificates
-----------------------------
+----------------------------------
 
 Common CA certificates PEM files, installed in /usr/share/ca-certificates/
 
@@ -8,6 +8,7 @@ It includes the following certificates:
  - db.debian.org certificate
  - Mozilla builtin CA certificates
  - brasil.gov.br certificate
+ - cacert.org certificate
 
 configuration file:
  /etc/ca-certificates.conf
@@ -25,4 +26,18 @@ For w3m package, it has ssl_ca_path configuration in /etc/w3m/w3mconfig,
 so it works without any configuration.  You can specify 
 /etc/ssl/certs/ca-certificates.crt for ssl_ca_file instead.
 
-Fumitoshi UKAI <ukai@debian.or.jp>, Mon,  7 Jan 2002 21:16:51 +0900
+
+How certificate will be accepted in ca-certificates package
+-----------------------------------------------------------
+
+ - submit *GPG signed* bug report to ca-certificate with severity normal.
+   the bug report should include
+     - description of the CA
+     - how to obtain CA cert pem or paste it in the bug report
+     - license of the CA certificate
+     - fingerprint and/or hash value of the cert
+ - get 2 or 3 recommendation ("seconded" mail) from other people to 
+   the bug report, GPG signed.
+   I won't accept if the CA is requested by only one people.
+   
+ -- ukai <ukai@debian.or.jp>, Wed May 18 01:24:57 2005

debian/changelog

@@ -1,3 +1,32 @@
+ca-certificates (20050518) unstable; urgency=high
+
+  * fix ca-certificates.crt generationumask-sensitive and racy
+    closes: Bug#296212
+  * update mozilla/certdata.txt
+    add: "Certum Root CA", "Comodo AAA Services root"
+         "Comodo Secure Services root", 
+	 "Comodo Trusted Services root",
+	 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
+	 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
+	 "IPS Timestamping root",
+	 "QuoVadis Root CA",
+	 "Security Communication Root CA",
+	 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
+	 "Staat der Nederlanden Root CA",
+	 "TDC Internet Root CA", "TDC OCES Root CA", 
+	 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
+	 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
+  * add CACert.org's Root CA
+    closes: Bug#213086, Bug#288293
+  * add debian/po/vi.po
+    closes: Bug#309480
+  * add debian/po/cs.po
+    closes: Bug#309019
+  * write "How certificate will be accepted in ca-certificates package"
+    in README.Debain
+    
+ -- Fumitoshi UKAI <ukai@debian.or.jp>  Wed, 18 May 2005 00:40:54 +0900
+
 ca-certificates (20040809) unstable; urgency=low
 
   * previous version was not fixed Bug#255933 correctly.

debian/po/cs.po

@@ -0,0 +1,110 @@
+#
+#    Translators, if you are not familiar with the PO format, gettext
+#    documentation is worth reading, especially sections dedicated to
+#    this format, e.g. by running:
+#         info -n '(gettext)PO Files'
+#         info -n '(gettext)Header Entry'
+#
+#    Some information specific to po-debconf are available at
+#            /usr/share/doc/po-debconf/README-trans
+#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+#    Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2004-08-08 11:28+0900\n"
+"PO-Revision-Date: 2005-03-11 17:41+0100\n"
+"Last-Translator: Jan Outrata <outrataj@upcase.inf.upol.cz>\n"
+"Language-Team: Czech <debian-l10n-czech@debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-2\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Choices
+#: ../templates:3
+msgid "yes, no, ask"
+msgstr "ano, ne, zeptat se"
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid "Trust new CAs certificates?"
+msgstr "Dùvìøovat novým certifikátùm CA?"
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading.  You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Tento balíèek mù¾e pøi aktualizaci instalovat nové certifikáty CA "
+"(Certifikaèních Autorit). Mù¾ete chtít tyto nové certifikáty "
+"zkontrolovat a vybrat jen ty, kterým dùvìøujete."
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid ""
+" - \"yes\", new CA certificates will be trusted and installed.\n"
+" - \"no\", new CA certificates will not be installed by default.\n"
+" - \"ask\", Ask you trust each new CA certificates or not"
+msgstr ""
+" - \"ano\", dùvìøujete novým certifikátùm a budou nainstalovány.\n"
+" - \"ne\", nové certifikáty nebudou implicitnì instalovány.\n"
+" - \"zeptat se\", zeptat se na dùvìru ka¾dému certifikátu"
+
+#. Type: multiselect
+#. Choices
+#: ../templates:16
+msgid "${new_crts}"
+msgstr "${new_crts}"
+
+#. Type: multiselect
+#. Description
+#: ../templates:17
+msgid "Select new certificates to activate:"
+msgstr "Vyberte nové certifikáty, které se mají aktivovat:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:17
+msgid ""
+"In this upgrading, these new certificates are added. Do you trust these "
+"certificates and want that these certificates are installed into /etc/ssl/"
+"certs?"
+msgstr ""
+"V této aktualizaci jsou pøidány tyto nové certifikáty. Dùvìøujete jim "
+"a chcete je nainstalovat do /etc/ssl/certs?"
+
+#. Type: multiselect
+#. Choices
+#: ../templates:24
+msgid "${enable_crts}"
+msgstr "${enable_crts}"
+
+#. Type: multiselect
+#. Description
+#: ../templates:25
+msgid "Select certificates to activate:"
+msgstr "Vyberte certifikáty, které se mají aktivovat:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:25
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates. You can select certs from these available certs to be "
+"installed into /etc/ssl/certs. This package will make symlinks and generate "
+"a single file of all your selected certs, /etc/ssl/certs/ca-certificates.crt."
+msgstr ""
+"Tento balíèek instaluje certifikáty bì¾ných CA (Certifikaèních "
+"Autorit) do /usr/share/ca-certificates. Mù¾ete z tìchto dostupných "
+"certifikátù vybrat ty, které se mají nainstalovat do "
+"/etc/ssl/certs. Vytvoøí se symbolické odkazy a vygeneruje se soubor se "
+"v¹emi vybranými certifikáty, /etc/ssl/certs/ca-certificates.crt."

debian/po/vi.po

@@ -0,0 +1,94 @@
+# Vietnamese Translation for ca-certificates.
+# Copyright © 2005 Free Software Foundation, Inc.
+# Clytie Siddall <clytie@riverland.net.au>, 2005.
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20040809\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2004-08-08 11:28+0900\n"
+"PO-Revision-Date: 2005-05-17 23:50+0930\n"
+"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
+"Language-Team: Vietnamese <gnomevi-list@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0\n"
+
+#.Type: select
+#.Choices
+#:../templates:3
+msgid "yes, no, ask"
+msgstr "có, không, hỏi"
+
+#.Type: select
+#.Description
+#:../templates:5
+msgid "Trust new CAs certificates?"
+msgstr "Tin chứng nhận của CA mới không?"
+
+#.Type: select
+#.Description
+#:../templates:5
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading.  You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr "Gói tin này có lẽ sẽ cài đặt một số chứng nhận CA (nhà cầm quyền) mới khi cập nhật. Có lẽ bạn muốn kiểm tra các chứng nhận CA ấy và chỉ chọn chứng nhận đã tin."
+
+#.Type: select
+#.Description
+#:../templates:5
+msgid ""
+" - \"yes\", new CA certificates will be trusted and installed.\n"
+" - \"no\", new CA certificates will not be installed by default.\n"
+" - \"ask\", Ask you trust each new CA certificates or not"
+msgstr ""
+" - «có» có nghĩa là sẽ tin và cài đặt các chứng nhận CA mới.\n"
+"- «không» có nghĩa là sẽ không cài đặt chứng nhận CA mới, theo mặc định.\n"
+"- «hỏi» có nghĩa là sẽ hỏi nếu bạn tin mỗi chứng nhận CA mới, hay không."
+
+#.Type: multiselect
+#.Choices
+#:../templates:16
+# Variable: do not translate/ biến: đừng dịch
+msgid "${new_crts}"
+msgstr "${new_crts}"
+
+#.Type: multiselect
+#.Description
+#:../templates:17
+msgid "Select new certificates to activate:"
+msgstr "Chọn chứng nhận mới cần kích hoạt:"
+
+#.Type: multiselect
+#.Description
+#:../templates:17
+msgid ""
+"In this upgrading, these new certificates are added. Do you trust these "
+"certificates and want that these certificates are installed into /etc/ssl/"
+"certs?"
+msgstr "Trong khi cập nhật thì sẽ thêm những chứng nhận mới này. Bạn có tin chúng, và muốn cài đặt chúng vào /etc/ssl/certs không?"
+
+#.Type: multiselect
+#.Choices
+#:../templates:24
+# Variable: do not translate/ biến: đừng dịch
+msgid "${enable_crts}"
+msgstr "${enable_crts}"
+
+#.Type: multiselect
+#.Description
+#:../templates:25
+msgid "Select certificates to activate:"
+msgstr "Chọn chứng nhận cần kích hoạt:"
+
+#.Type: multiselect
+#.Description
+#:../templates:25
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates. You can select certs from these available certs to be "
+"installed into /etc/ssl/certs. This package will make symlinks and generate "
+"a single file of all your selected certs, /etc/ssl/certs/ca-certificates.crt."
+msgstr "Gói tin này sẽ cài đặt các chứng nhận CA (nhà cầm quyền chứng nhận) thường dùng vào /usr/share/ca-certificates. Bạn có thể chọn chứng nhận từ danh sách này, để cài đặt vào /etc/ssl/certs. Gói tin này sẽ tạo liên kết tượng trưng, và sẽ tạo ra một tập tin riêng lẻ chứa các chứng nhận đã chọn: /etc/ssl/certs/ca-certificates.crt"

sbin/update-ca-certificates

@@ -37,6 +37,7 @@ done
 
 CERTSCONF=/etc/ca-certificates.conf
 CERTSDIR=/usr/share/ca-certificates
+CERTBUNDLE=ca-certificates.crt
 cd /etc/ssl/certs
 if [ "$fresh" = 1 ]; then
   echo -n "Clearing symlinks in /etc/ssl/certs..."
@@ -45,7 +46,7 @@ if [ "$fresh" = 1 ]; then
 fi
 echo -n "Updating certificates in /etc/ssl/certs...."
 
-rm -f ca-certificates.crt
+bundletmp=`mktemp "${CERTBUNDLE}.tmp.XXXXXX"`
 sed -ne 's/^!//p' $CERTSCONF | while read crt
 do
  if test "$crt" = ""; then continue; fi
@@ -59,8 +60,11 @@ do
  if ! test -f "$CERTSDIR/$crt"; then continue; fi
  pem=$(basename "$crt" .crt).pem
  ln -sf "$CERTSDIR/$crt" "$pem"
- cat "$CERTSDIR/$crt" >> ca-certificates.crt
+ cat "$CERTSDIR/$crt" >> "$bundletmp"
 done
+chmod 0644 "$bundletmp"
+mv -f "$bundletmp" "$CERTBUNDLE"
+
 if [ "$verbose" = 0 ]; then
   c_rehash . > /dev/null 2>&1
 else