ca-certificates - Debian Package Tracker

general

source: ca-certificates (main)
version: 20250419
maintainer: Julien Cristau (DMD)
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 20210119
stable: 20230311
stable-upd: 20230311+deb12u1
stable-p-u: 20230311+deb12u1
testing: 20250419
unstable: 20250419

versioned links

20210119: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230311: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230311+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250419: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ca-certificates (21 bugs: 0, 10, 11, 0)
ca-certificates-udeb

action needed

35 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit ba3830faf6207f6444827209915dcfc4ce44b272
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Apr 19 09:25:41 2025 +0200

    Upload to unstable

commit cbbd485da88a2d5e91199679bafb33290350d9f1
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Apr 19 09:25:09 2025 +0200

    Update Mozilla certificate authority bundle to version 2.74
    
    The following certificate authorities were added (+):
    + D-TRUST BR Root CA 2 2023
    + D-TRUST EV Root CA 2 2023
    The following certificate authorities were removed (-):
    - Entrust Root Certification Authority - G4
    - SecureSign RootCA11
    - Security Communication RootCA3
    - SwissSign Silver CA - G2

commit cacd82a9015ed442d38d12eab94671e23d1d7c23
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Apr 19 09:23:52 2025 +0200

    Update changelog

commit 53bdbad93fad088f0f0fe402908b1f4f144e5280
Merge: 9ad250a a652c7f
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Apr 19 07:12:18 2025 +0000

    Merge branch 'add-sysroot' into 'master'
    
    sbin/update-ca-certificates: add a --sysroot option
    
    See merge request debian/ca-certificates!13

commit a652c7f4158ecd512e6972fcf453409d4a977948
Author: Alexander Kanavin <alex@linutronix.de>
Date:   Mon Mar 31 17:42:25 2025 +0200

    sbin/update-ca-certificates: add a --sysroot option
    
    This allows using the script in cross-compilation environments
    where the script needs to prefix the sysroot to every other
    directory it operates on. There are individual options
    to set those directories, but using a common prefix option
    instead is a lot less clutter and more robust.

commit 9ad250adb22da86f2f0929ecff081cf86919ac6e
Author: Julien Cristau <jcristau@debian.org>
Date:   Mon Dec 23 12:53:58 2024 +0100

    Upload to unstable

commit 9f5c23f6e85a350802438b6cdb0a52617c7ccedc
Author: Julien Cristau <jcristau@debian.org>
Date:   Mon Dec 23 12:53:16 2024 +0100

    Add Romanian debconf translation, thanks to Remus-Gabriel Chelu.
    
    Closes: #1067042, #1031490.

commit 0a40b3d0f6167bbbcf59aec8d696e436112306ea
Author: Julien Cristau <jcristau@debian.org>
Date:   Mon Dec 23 12:43:18 2024 +0100

    Update Mozilla certificate authority bundle to version 2.70.
    
    The following certificate authorities were added (+):
    + Telekom Security TLS ECC Root 2020
    + Telekom Security TLS RSA Root 2023
    + FIRMAPROFESIONAL CA ROOT-A WEB
    + TWCA CYBER Root CA
    + SecureSign Root CA12
    + SecureSign Root CA14
    + SecureSign Root CA15
    The following certificate authorities were removed (-):
    - Security Communication Root CA

commit ee6e0484031314090a11c04ee82689acb73d7ad8
Author: Julien Cristau <jcristau@debian.org>
Date:   Sun Feb 4 10:41:45 2024 +0100

    Upload to unstable

commit 75b26d5e4fb7ee0ca14df14d89f7f7a8a83da9a5
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 12:46:08 2024 +0100

    Update Mozilla certificate authority bundle to version 2.64
    
    The following certificate authorities were added (+):
    + Atos TrustedRoot Root CA ECC TLS 2021
    + Atos TrustedRoot Root CA RSA TLS 2021
    + BJCA Global Root CA1
    + BJCA Global Root CA2
    + CommScope Public Trust ECC Root-01
    + CommScope Public Trust ECC Root-02
    + CommScope Public Trust RSA Root-01
    + CommScope Public Trust RSA Root-02
    + Sectigo Public Server Authentication Root E46
    + Sectigo Public Server Authentication Root R46
    + SSL.com TLS ECC Root CA 2022
    + SSL.com TLS RSA Root CA 2022
    + TrustAsia Global Root CA G3
    + TrustAsia Global Root CA G4
    The following certificate authorities were removed (-):
    - Autoridad de Certificacion Firmaprofesional CIF A62634068
    - E-Tugra Certification Authority
    - E-Tugra Global Root CA ECC v3
    - E-Tugra Global Root CA RSA v3
    - Hongkong Post Root CA 1
    - TrustCor ECA-1
    - TrustCor RootCert CA-1
    - TrustCor RootCert CA-2 (closes: #1023945)

commit 4b85b0236d5b7d35115a6d537307152443d5638e
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 12:27:02 2024 +0100

    Add changelog entry

commit 3b2b7b8cc4641744c8ee02198aa94526e8918f32
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 12:30:28 2024 +0100

    Clean up debian/config.initial-certs

commit de5a10538eec0579ee5feed1477da3fb861ac8be
Merge: 8d14620 aeba8f9
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 11:35:44 2024 +0000

    Merge branch 'use-dh-std-sequence' into 'master'
    
    d/rules: Use standard dh sequence (Closes #1050112)
    
    See merge request debian/ca-certificates!10

commit 8d14620cb6eeda7d11dc5b76175ff4e1ce90e8eb
Merge: 14983ba 97e854b
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 11:05:30 2024 +0000

    Merge branch 'cleanup' into 'master'
    
    Fix ShellCheck warnings
    
    See merge request debian/ca-certificates!12

commit 14983ba1b7840502b230abe2804088e384f6f824
Merge: 2c507f8 1b8958e
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 10:50:09 2024 +0000

    Merge branch 'docs' into 'master'
    
    Update documentation
    
    See merge request debian/ca-certificates!11

commit 1b8958e34aa7b4112b7f58bc04d3531afad8ef3f
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Thu Dec 14 11:52:42 2023 -0500

    Update docs

commit db36215af2b674fc3b9b2bedd121d6679ac012b5
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Thu Dec 14 06:59:34 2023 -0500

    Fix formatting

commit 97e854b0566ad51a5f6f05b87534db716ccc0331
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Thu Dec 14 06:18:59 2023 -0500

    Fix ShellCheck warnings

commit 751c3cefc52632bf2a0f0a45c752887bf8007315
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Thu Dec 14 06:11:51 2023 -0500

    Update documentation

commit aeba8f91704d3ba7f188cb8dc34d57c36d7d2df7
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 10:53:25 2023 +0200

    d/rules: Remove unnecessary override_dh_compress
    
    > In compat 12, `dh_compress` no longer compresses examples by default.

commit 572e7fa6c4ca306edaf01c33868db7a7b6f67f6a
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 10:43:54 2023 +0200

    d/rules: Simplify injection of certificate list in d/config
    
    Use the existing `-D` facility of `dh_installdebconf` to inject the
    list of certificates into `d/config`.

commit 7e96294469105099c2971211886cd153cdf24c72
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 01:01:47 2023 +0200

    d/control: Update standards version to 4.6.2, no changes needed

commit 270206e506f3561ba551bbe3dca63d16aff1fddf
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 01:00:48 2023 +0200

    d/control: Specify Rules-Requires-Root: no

commit afdfda25d8a502d401102f1aa1df9f10dfd68803
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 00:43:18 2023 +0200

    d/rules: Use standard dh sequence
    
    Closes: #1050112

commit 2c507f8c5aac8b50e35291739ffd40676ab08993
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Mar 11 09:47:10 2023 +0100

    Upload to unstable

commit 7eee62eaf1095953b79a312901aae5ec74012444
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Mar 11 09:35:49 2023 +0100

    Update Mozilla certificate authority bundle to version 2.60

commit 88d98d1082e5d2d1f85e5cb42811da813db981c9
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Dec 6 10:35:18 2022 +0100

    Add changelog entry

commit c7a3136aa0290f09080ff90d2c21d43b70710310
Author: Wataru Ashihara <wsh@iij.ad.jp>
Date:   Fri Mar 25 17:44:43 2022 +0900

    Make certdata2pem.py work with newer cryptography versions
    
    certdata2pem.py is incompatible the cryptography package version 2.
    
        $ pip3 install -U cryptography~=2.0  # 2.9.2
        ...
    
        $ python3 certdata2pem.py
        ...
        Traceback (most recent call last):
          File "certdata2pem.py", line 125, in <module>
            cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
        TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
    
        $ pip3 install -U cryptography~=3.0  # 3.4.8
        ...
    
        $ python3 certdata2pem.py  # ok
        ...
    
    I think this should be noted in README.
    
    cryptography>=35.0 is also incompatible:
    
        $ pip3 install -U cryptography~=35.0
        ...
    
        $ python3 certdata2pem.py
        Traceback (most recent call last):
          File "certdata2pem.py", line 125, in <module>
            cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
          File "/home/wsh/.local/lib/python3.8/site-packages/cryptography/x509/base.py", line 443, in load_der_x509_certificate
            return rust_x509.load_der_x509_certificate(data)
        TypeError: argument 'data': 'bytearray' object cannot be converted to 'PyBytes'

commit ac305ca929f9617de8c237a63ea05dc9fa5ead1c
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Feb 22 10:18:48 2022 +0100

    Drop trailing space from debconf template causing misformatting
    
    Closes: #980821

commit bbc989212eb0df43aaa213b68614f64eb5f94e17
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Jan 11 14:18:11 2022 +0100

    Update Mozilla certificate authority bundle to version 2.52

commit 7ceea873db3c45704aeb3d35d355aa930a419dab
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Jan 11 14:33:49 2022 +0100

    Blacklist expired CAs

commit 4823764900caa687451cd588f76585aa9e3abbb6
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Jan 11 14:14:40 2022 +0100

    Add changelog entry

commit 15229cb234becd05577c87b4e8a4522bab740f2f
Merge: 4784cf2 17b759d
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Dec 14 10:09:40 2021 +0000

    Merge branch 'busybox-compat' into 'master'
    
    update-ca-certificates: compat with non-GNU mktemp(1)
    
    See merge request debian/ca-certificates!8

commit 4784cf2dac3b6a10f4747423ee8c7f912804feb2
Author: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Date:   Mon Dec 13 13:13:52 2021 -0800

    mozilla/certdata2pem.py: use UTC time when checking cert validity
    
    x509.not_valid_after returns naive UTC datetime and so does
    datetime.utcnow(), so keep the time consistent when performing the
    comparison.
    
    Fixes: 8033d5225917 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
    Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
    Signed-off-by: Julien Cristau <jcristau@debian.org>

commit 17b759d6975b8bfb3fbdddabd429680b6fa78939
Author: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Date:   Tue Nov 30 17:26:24 2021 +0700

    update-ca-certificates: compat with non-GNU mktemp(1)
    
    BSD and BusyBox lacks --tmpdir support.
    
    Emulate it with -p instead.
    
    Close bugs #1000847
    
    Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>

Created: 2021-12-14 Last update: 2025-07-25 19:30

2 bugs tagged help in the BTS normal

The BTS contains 2 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2025-07-25 19:00

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-07-25 19:00

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-04-19 Last update: 2025-04-19 17:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).

Created: 2024-04-07 Last update: 2025-04-19 11:31

news

[rss feed]

[2025-06-13] Accepted ca-certificates 20230311+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Julien Cristau)
[2025-05-01] ca-certificates 20250419 MIGRATED to testing (Debian testing watch)
[2025-04-19] Accepted ca-certificates 20250419 (source) into unstable (Julien Cristau)
[2025-01-01] ca-certificates 20241223 MIGRATED to testing (Debian testing watch)
[2024-12-23] Accepted ca-certificates 20241223 (source) into unstable (Julien Cristau)
[2024-02-11] ca-certificates 20240203 MIGRATED to testing (Debian testing watch)
[2024-02-04] Accepted ca-certificates 20240203 (source) into unstable (Julien Cristau)
[2023-03-16] ca-certificates 20230311 MIGRATED to testing (Debian testing watch)
[2023-03-11] Accepted ca-certificates 20230311 (source) into unstable (Julien Cristau)
[2022-02-10] ca-certificates 20211016 MIGRATED to testing (Debian testing watch)
[2021-10-16] Accepted ca-certificates 20211016 (source) into unstable (Julien Cristau)
[2021-10-09] Accepted ca-certificates 20211004 (source) into unstable (Julien Cristau)
[2021-03-13] Accepted ca-certificates 20200601~deb9u2 (source all) into oldstable (Utkarsh Gupta)
[2021-01-28] Accepted ca-certificates 20200601~deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Julien Cristau)
[2021-01-24] ca-certificates 20210119 MIGRATED to testing (Debian testing watch)
[2021-01-19] Accepted ca-certificates 20210119 (source) into unstable (Julien Cristau)
[2020-06-07] ca-certificates 20200601 MIGRATED to testing (Debian testing watch)
[2020-06-06] Accepted ca-certificates 20200601~deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2020-06-05] Accepted ca-certificates 20200601~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2020-06-02] Accepted ca-certificates 20200601 (source) into unstable (Michael Shuler) (signed by: Andrew Shadura)
[2019-02-06] ca-certificates 20190110 MIGRATED to testing (Debian testing watch)
[2019-01-23] Accepted ca-certificates 20190110 (source all) into unstable (Michael Shuler) (signed by: Axel Beckert)
[2018-07-07] Accepted ca-certificates 20161130+nmu1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Michael Shuler) (signed by: Andreas Beckmann)
[2018-07-07] Accepted ca-certificates 20130119+deb7u3 (source all) into oldoldstable (Michael Shuler) (signed by: Chris Lamb)
[2018-07-07] Accepted ca-certificates 20141019+deb8u4 (source all) into oldstable (Michael Shuler) (signed by: Chris Lamb)
[2018-04-10] Accepted ca-certificates 20180409 (source all) into unstable (Michael Shuler) (signed by: Thijs Kinkhorst)
[2018-01-14] Accepted ca-certificates 20130119+deb7u2 (source all) into oldoldstable (Michael Shuler) (signed by: Brian May)
[2017-09-04] ca-certificates 20170717 MIGRATED to testing (Debian testing watch)
[2017-08-14] Accepted ca-certificates 20170717 (source all) into unstable (Michael Shuler) (signed by: Thijs Kinkhorst)
[2017-05-25] ca-certificates 20161130+nmu1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 20 22
RC: 0
I&N: 10 11
M&W: 10 11
F&P: 0
patch: 2
help: 2

links

lintian (0, 3)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
screenshots
l10n (98, -)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 20250419
81 bugs