Bug#962245: RFS: ca-certificates/20200601~deb9u1 [RC] -- Common CA certificates
Control: tags -1 moreinfo
On Thu, Jun 04, 2020 at 08:37:24PM -0500, Michael Shuler wrote:
>...
> Changes since the last upload:
>
> * Rebuild for stretch.
> * Merge changes from 20200601
> - d/control
> * This release updates the Mozilla CA bundle to 2.40, blacklists
> distrusted Symantec roots, and blacklists expired "AddTrust External
> Root". Closes: #956411, #955038, #911289, #961907
> * Fix permissions on /usr/local/share/ca-certificates when using
> symlinks.
> Closes: #916833
>...
Compared to 20200601 and 20200601~deb10u1 this contains the following
additional files:
/usr/share/ca-certificates/mozilla/AddTrust_Low-Value_Services_Root.crt
/usr/share/ca-certificates/mozilla/Camerfirma_Chambers_of_Commerce_Root.crt
/usr/share/ca-certificates/mozilla/Camerfirma_Global_Chambersign_Root.crt
/usr/share/ca-certificates/mozilla/Certum_Root_CA.crt
/usr/share/ca-certificates/mozilla/D-TRUST_Root_CA_3_2013.crt
/usr/share/ca-certificates/mozilla/SwissSign_Platinum_CA_-_G2.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
/usr/share/doc/ca-certificates/NEWS.Debian.gz
The additional NEWS.Debian.gz is either correct or harmless,
the additional certificates are not.
This is due to the backport missing the "Remove email-only roots from
mozilla trust store" (#721976) change that is in 20200601.
Please update the stretch-pu request with that fixed and let me know
when the corrected debdiff is approved.
> Kind regards,
> Michael Shuler
cu
Adrian
Reply to: