diff --git a/Makefile b/Makefile index 79183a4..44846eb 100644 --- a/Makefile +++ b/Makefile @@ -3,9 +3,7 @@ # CERTSDIR = /usr/share/ca-certificates -SUBDIRS = spi-inc.org debconf.org mozilla \ - cacert.org brasil.gov.br signet.pl quovadis.bm \ - telesec.de gouv.fr +SUBDIRS = spi-inc.org debconf.org mozilla cacert.org brasil.gov.br signet.pl telesec.de gouv.fr all: for dir in $(SUBDIRS); do \ diff --git a/cacert.org/Makefile b/cacert.org/Makefile index fd0c435..180ea6b 100644 --- a/cacert.org/Makefile +++ b/cacert.org/Makefile @@ -9,6 +9,5 @@ clean: install: cat root.crt class3.crt > cacert.org.crt - for p in *.crt; do \ - install -m 644 $$p $(CERTSDIR)/$$p ; \ - done + install -m 644 cacert.org.crt $(CERTSDIR)/cacert.org.crt + diff --git a/debian/NEWS b/debian/NEWS index 004cc16..6a0b57a 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,17 @@ +ca-certificates (20090708) unstable; urgency=low + + * Removed CA files: + - cacert.org/root.crt and cacert.org/class3.crt: + Both certificate files were deprecated with 20080809. Users of these + root certificates are encouraged to switch to + `cacert.org/cacert.org.crt' which contains both class 1 and class 3 + roots joined in a single file. + - quovadis.bm/QuoVadis_Root_Certification_Authority.crt: + This certificate has been added into the Mozilla truststore and + is available as `mozilla/QuoVadis_Root_CA.crt'. + + -- Philipp Kern Wed, 08 Jul 2009 23:19:56 +0200 + ca-certificates (20090701) unstable; urgency=low * Readded Equifax Secure Global eBusiness CA. diff --git a/debian/changelog b/debian/changelog index a4d8a5f..575fb00 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,33 @@ +ca-certificates (20090709) unstable; urgency=low + + * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331) + + -- Philipp Kern Thu, 09 Jul 2009 10:35:39 +0200 + +ca-certificates (20090708) unstable; urgency=low + + * Removed CA files: + - cacert.org/root.crt and cacert.org/class3.crt: + Both certificate files were deprecated with 20080809. Users of these + root certificates are encouraged to switch to + `cacert.org/cacert.org.crt' which contains both class 1 and class 3 + roots joined in a single file. + - quovadis.bm/QuoVadis_Root_Certification_Authority.crt: + This certificate has been added into the Mozilla truststore and + is available as `mozilla/QuoVadis_Root_CA.crt'. + * Do not redirect c_rehash error messages to /dev/null. + (Closes: #495224) + * Remove dangling symlinks on purge, which also gets rid of the hash + symlink for ca-certificates.crt. (Closes: #475240) + * Use subshells when grepping for certificates in config, avoiding + SIGPIPE because of grep's immediate exit after it finds the pattern. + (Closes: #486737) + * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to + Robby Workman of Slackware. + * Updated Standards-Version and FSF portal address in the copyright file. + + -- Philipp Kern Wed, 08 Jul 2009 23:19:56 +0200 + ca-certificates (20090701) unstable; urgency=low * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674) diff --git a/debian/config b/debian/config index afa7d29..288c63a 100644 --- a/debian/config +++ b/debian/config @@ -5,7 +5,7 @@ set -e action="$1" cur_version="$2" -this_version='20090701' +this_version='20090709' pt_BR_fixed_version="20080616" if test -f /etc/ca-certificates.conf; then @@ -28,7 +28,7 @@ CERTS_AVAILABLE="" CERTS_ENABLED="" # CERTS_LIST: certs that will be installed -CERTS_LIST="mozilla/Entrust_Root_Certification_Authority.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/IPS_Servidores_root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/IPS_Timestamping_root.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/DigiNotar_Root_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/IPS_CLASE3_root.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/IPS_CLASE1_root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/SecureTrust_CA.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Taiwan_GRCA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/IPS_CLASEA1_root.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Certum_Root_CA.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/StartCom_Ltd..crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/Thawte_Server_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/DST_Root_CA_X3.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/AddTrust_Public_Services_Root.crt, debconf.org/ca.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt, spi-inc.org/spi-cacert-2008.crt, spi-inc.org/spi-ca-2003.crt, gouv.fr/cert_igca_dsa.crt, gouv.fr/cert_igca_rsa.crt, brasil.gov.br/brasil.gov.br.crt, cacert.org/root.crt, cacert.org/cacert.org.crt, cacert.org/class3.crt, telesec.de/deutsche-telekom-root-ca-2.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_tsa1_pem.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_ocspklasa3_pem.crt" +CERTS_LIST="mozilla/Entrust_Root_Certification_Authority.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/IPS_Servidores_root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/IPS_Timestamping_root.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/DigiNotar_Root_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/IPS_CLASE3_root.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/IPS_CLASE1_root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/SecureTrust_CA.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Taiwan_GRCA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/IPS_CLASEA1_root.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Certum_Root_CA.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/StartCom_Ltd..crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/Thawte_Server_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/DST_Root_CA_X3.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/AddTrust_Public_Services_Root.crt, debconf.org/ca.crt, spi-inc.org/spi-cacert-2008.crt, spi-inc.org/spi-ca-2003.crt, gouv.fr/cert_igca_dsa.crt, gouv.fr/cert_igca_rsa.crt, brasil.gov.br/brasil.gov.br.crt, cacert.org/cacert.org.crt, telesec.de/deutsche-telekom-root-ca-2.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_tsa1_pem.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_ocspklasa3_pem.crt" # CERTS_NEW: new certificates that will be installed CERTS_NEW="" @@ -78,9 +78,9 @@ if test -d /usr/share/ca-certificates; then else CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt" fi - if echo "$CERTS_DISABLED" | grep -F -q -x "$crt" > /dev/null 2>&1; then + if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then : # echo "I: ignore $crt" - elif echo "$CERTS_TRUST" | grep -F -q -x "$crt" > /dev/null 2>&1; then + elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then # already trusted if test "$CERTS_ENABLED" = ""; then CERTS_ENABLED="$crt" diff --git a/debian/config.in b/debian/config.in index 6677eab..209bf3d 100644 --- a/debian/config.in +++ b/debian/config.in @@ -78,9 +78,9 @@ if test -d /usr/share/ca-certificates; then else CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt" fi - if echo "$CERTS_DISABLED" | grep -F -q -x "$crt" > /dev/null 2>&1; then + if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then : # echo "I: ignore $crt" - elif echo "$CERTS_TRUST" | grep -F -q -x "$crt" > /dev/null 2>&1; then + elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then # already trusted if test "$CERTS_ENABLED" = ""; then CERTS_ENABLED="$crt" diff --git a/debian/control b/debian/control index 943ec87..01f9a55 100644 --- a/debian/control +++ b/debian/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: Philipp Kern Build-Depends: debhelper (>> 4.1.16), po-debconf Build-Depends-Indep: python -Standards-Version: 3.8.0 +Standards-Version: 3.8.2 Package: ca-certificates Architecture: all diff --git a/debian/copyright b/debian/copyright index fadf8e0..5318b43 100644 --- a/debian/copyright +++ b/debian/copyright @@ -22,7 +22,8 @@ sbin/update-ca-certificates: You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, + USA. mozilla/certdata2pem.py: diff --git a/debian/postrm b/debian/postrm index 8aa9d3f..a397de9 100644 --- a/debian/postrm +++ b/debian/postrm @@ -16,31 +16,40 @@ set -e # * `disappear' overwrit>r> # for details, see /usr/share/doc/packaging-manual/ +remove_dangling_symlinks() { + if ! [ -d /etc/ssl/certs ] + then + return + fi + echo -n "Removing dangling symlinks from /etc/ssl/certs... " + find /etc/ssl/certs -type l -print | while read h + do + test -f "$h" || rm -f "$h" + done + echo "done." +} + case "$1" in remove) - echo -n "Removing hash symlinks in /etc/ssl/certs ..." - find /etc/ssl/certs -type l -print | while read h - do - test -f "$h" || rm -f "$h" - done - echo done. - rmdir /usr/local/share/ca-certificates 2>/dev/null || true - ;; + remove_dangling_symlinks + rmdir /usr/local/share/ca-certificates 2>/dev/null || true + ;; purge) - rm -f /etc/ssl/certs/ca-certificates.crt* + rm -f /etc/ssl/certs/ca-certificates.crt + remove_dangling_symlinks - # Clean up even if openssl is removed before ca-certificates. - # (Which is what piuparts does.) - [ -d /etc/ssl/certs ] && rmdir --ignore-fail-on-non-empty /etc/ssl/certs - [ -d /etc/ssl ] && rmdir --ignore-fail-on-non-empty /etc/ssl + # Clean up even if openssl is removed before ca-certificates. + # (Which is what piuparts does.) + [ -d /etc/ssl/certs ] && rmdir --ignore-fail-on-non-empty /etc/ssl/certs + [ -d /etc/ssl ] && rmdir --ignore-fail-on-non-empty /etc/ssl - rm -f /etc/ca-certificates.conf* - if test -e /usr/share/debconf/confmodule; then - . /usr/share/debconf/confmodule - db_purge - fi - ;; + rm -f /etc/ca-certificates.conf* + if test -e /usr/share/debconf/confmodule; then + . /usr/share/debconf/confmodule + db_purge + fi + ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; @@ -48,7 +57,6 @@ case "$1" in *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 - esac # dh_installdeb will replace this with shell code automatically diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py index d40b659..76cc343 100644 --- a/mozilla/certdata2pem.py +++ b/mozilla/certdata2pem.py @@ -17,7 +17,8 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, +# USA. import base64 import os.path diff --git a/quovadis.bm/Makefile b/quovadis.bm/Makefile deleted file mode 100644 index 7c1b893..0000000 --- a/quovadis.bm/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# -# Makefile -# - -all: - -clean: - -install: - for p in *.crt; do \ - install -m 644 $$p $(CERTSDIR)/$$p ; \ - done diff --git a/quovadis.bm/QuoVadis_Root_Certification_Authority.crt b/quovadis.bm/QuoVadis_Root_Certification_Authority.crt deleted file mode 100644 index 0050532..0000000 --- a/quovadis.bm/QuoVadis_Root_Certification_Authority.crt +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC -TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz -MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw -IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR -dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp -li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D -rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ -WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug -F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU -xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC -Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv -dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw -ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl -IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh -c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy -ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh -Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI -KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T -KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq -y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p -dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD -VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL -MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk -fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 -7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R -cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y -mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW -xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK -SnQ2+Q== ------END CERTIFICATE----- - diff --git a/quovadis.bm/bug250847.txt b/quovadis.bm/bug250847.txt deleted file mode 100644 index 76e5b4b..0000000 --- a/quovadis.bm/bug250847.txt +++ /dev/null @@ -1,205 +0,0 @@ -From SDavidson@quovadis.bm Tue May 25 05:18:29 2004 -Received: (at submit) by bugs.debian.org; 25 May 2004 12:18:29 +0000 -Return-path: -Received: from scbm1mx01.securecentre.com [200.1.160.234] - by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) - id 1BSat2-0000fn-00; Tue, 25 May 2004 05:18:28 -0700 -Received: from mail.quovadis.bm (webmail.qvnetwork.com) by scbm1mx01.securecentre.com - (Content Technologies SMTPRS 4.3.12) with ESMTP id for ; - Tue, 25 May 2004 09:17:56 -0300 -X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 -Content-class: urn:content-classes:message -MIME-Version: 1.0 -Content-Type: multipart/alternative; - boundary="----_=_NextPart_001_01C44252.4F71FB64" -Subject: ca-certificates - Add QuoVadis CA Certificates -Date: Tue, 25 May 2004 09:17:56 -0300 -Message-ID: -X-MS-Has-Attach: -X-MS-TNEF-Correlator: -Thread-Topic: ca-certificates - Add QuoVadis CA Certificates -Thread-Index: AcRCUk9mQ9YHgyerSUiCfaIpO7JoJg== -From: "Stephen Davidson" -To: -Delivered-To: submit@bugs.debian.org -X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 - (1.212-2003-09-23-exp) on spohr.debian.org -X-Spam-Status: No, hits=1.6 required=4.0 tests=FRONTPAGE,HAS_PACKAGE, - HTML_10_20,HTML_MESSAGE,UPPERCASE_25_50 autolearn=no - version=2.60-bugs.debian.org_2004_03_25 -X-Spam-Level: * - -This is a multi-part message in MIME format. - -------_=_NextPart_001_01C44252.4F71FB64 -Content-Type: text/plain; - charset="us-ascii" -Content-Transfer-Encoding: quoted-printable - -Package: ca-certificates -Version: 20020323 -Severity: Normal - -Problem: Please add the QuoVadis CA certificates to Debian. -=20 -QuoVadis is a commercial certificate authority located in Bermuda and -serving customers worldwide. QuoVadis is an Authorised Certification -Services Provider (CSP) under Bermuda's Electronic Transactions Act. -The CSP standard synthesizes major requirements from BS 7799, WebTrust -for Certification Authorities, and the European Electronic Signature -Standards Initiative (EESSI). More information may be found at: -http://www.quovadis.bm/bdacsp.asp . - - -The QuoVadis CA cert is already distributed in Apple OSX and Microsoft -Windows (for which we completed the WebTrust for CAs procedures with -Ernst & Young). - -A summary of our certification policies may be found at: -http://www.quovadis.bm/policies/pki.asp -=20 - -QuoVadis currently provides a "root injector" that senses the user's -computer config and inserts the root appropriately. This may be found -at: =20 - -Following is the QV root CA cert in base 64 format. The CA cert may -also be downloaded from http://www.quovadis.bm/root/ - : - ------BEGIN CERTIFICATE----- -MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC -TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz -MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw -IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR -dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp -li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D -rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ -WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug -F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU -xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC -Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv -dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw -ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl -IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh -c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy -ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh -Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI -KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T -KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq -y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p -dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD -VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL -MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk -fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 -7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R -cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y -mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW -xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK -SnQ2+Q=3D=3D ------END CERTIFICATE----- - -Please contact me if you need any additional information. -=20 -=20 - -------_=_NextPart_001_01C44252.4F71FB64 -Content-Type: text/html; - charset="us-ascii" -Content-Transfer-Encoding: quoted-printable - - -Message - - - - - - - -
Package: ca-certificates
Version: 20020323
-
Severity:  Normal
-
Problem:  Please add the = -QuoVadis CA=20 -certificates to Debian.
-
 
-
QuoVadis is a commercial = -certificate=20 -authority located in Bermuda and serving customers worldwide.  = -QuoVadis is=20 -an Authorised Certification Services Provider (CSP) under Bermuda's = -Electronic=20 -Transactions Act.  The CSP standard synthesizes = -major requirements=20 -from BS 7799, WebTrust for Certification Authorities, and the European=20 -Electronic Signature Standards Initiative (EESSI).  More = -information may be=20 -found at:  http://www.quovadis.bm/bdacsp.asp.  = -

The=20 -QuoVadis CA cert is already distributed in Apple OSX and Microsoft = -Windows (for=20 -which we completed the WebTrust for CAs procedures with Ernst & = - -Young).

A summary of our certification policies may be found = -at:  http://www.quovadis.bm/policies/pki.asp
QuoVadis=20 -currently provides a "root injector" that senses the user's computer = -config and=20 -inserts the root appropriately.  This may be found at: =20 -

Following is the QV root CA cert in base 64 format.  The CA = -cert=20 -may also be downloaded from http://www.quovadis.bm/root/:

-----BEGI= -N=20 -CERTIFICATE-----
MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswC= -QYDVQQGEwJC
TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdC= -BDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ= -0
aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz
= -MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw
IwYDV= -QQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR
dW9WYWRpcy= -BSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8= -AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp
li4kVEAkOPcahdxYTMuk= -J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D
rOpm2RgbaIr1VxqYuvXtdj182= -d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ
WCCYfqtffp/p1k3sg3Spx2zY7ilKhS= -oGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug
F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx= -24ONmy+pdpibu5cxfvWenAScOospU
xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJS= -vPhEQ+aQuwIDAQABo4ICUjCC
Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFod= -HRwczovL29jc3AucXVv
dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCAR= -oGA1UdIASCAREw
ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJ= -lbGlhbmNl
IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0= -eSBh
c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy<= -BR>ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
Y3= -RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI
KwYBBQU= -HAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
KbkGGew5Oanw= -l4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq
y+/foYGEpIGBMH8xC= -zAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p
dGVkMSUwIwYDVQQLExxSb2= -90IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD
VQQDEyVRdW9WYWRpcyBSb290IEN= -lcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL
MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG= -9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk
fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG= -+NpGA7O+0dQoE7/8CQfvbLO9Sf8
7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR= -0kvoIgR13VRH56FmjffU1R
cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcH= -XetwReNDWXcG31a0y
mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4= -l/UO/erMkqQW
xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5= -nrQNiOK
SnQ2+Q=3D=3D
-----END=20 -CERTIFICATE-----

Please contact me if you need any additional=20 -information.
-
 
-
 
-=00 -------_=_NextPart_001_01C44252.4F71FB64-- - - - diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates index a34ef75..fc083d7 100755 --- a/sbin/update-ca-certificates +++ b/sbin/update-ca-certificates @@ -17,7 +17,8 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, +# USA. # verbose=0 @@ -137,7 +138,7 @@ then # only run if set of files has changed if [ "$verbose" = 0 ] then - c_rehash . > /dev/null 2>&1 + c_rehash . > /dev/null else c_rehash . fi @@ -149,7 +150,7 @@ HOOKSDIR=/etc/ca-certificates/update.d echo -n "Running hooks in $HOOKSDIR...." VERBOSE_ARG= [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose -eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook +eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook do ( cat $ADDED cat $REMOVED ) | $hook || echo E: $hook exited with code $?.