ca-certificates - Debian Package Tracker

general

source: ca-certificates (main)
version: 20250419
maintainer: Julien Cristau (DMD)
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 20210119
stable: 20230311
stable-upd: 20230311+deb12u1
stable-p-u: 20230311+deb12u1
testing: 20250419
unstable: 20250419

versioned links

20210119: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230311: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230311+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250419: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ca-certificates (21 bugs: 0, 10, 11, 0)
ca-certificates-udeb

action needed

2 bugs tagged help in the BTS normal

The BTS contains 2 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2025-07-26 20:30

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-07-26 20:30

35 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit ba3830faf6207f6444827209915dcfc4ce44b272
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Apr 19 09:25:41 2025 +0200

    Upload to unstable

commit cbbd485da88a2d5e91199679bafb33290350d9f1
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Apr 19 09:25:09 2025 +0200

    Update Mozilla certificate authority bundle to version 2.74
    
    The following certificate authorities were added (+):
    + D-TRUST BR Root CA 2 2023
    + D-TRUST EV Root CA 2 2023
    The following certificate authorities were removed (-):
    - Entrust Root Certification Authority - G4
    - SecureSign RootCA11
    - Security Communication RootCA3
    - SwissSign Silver CA - G2

commit cacd82a9015ed442d38d12eab94671e23d1d7c23
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Apr 19 09:23:52 2025 +0200

    Update changelog

commit 53bdbad93fad088f0f0fe402908b1f4f144e5280
Merge: 9ad250a a652c7f
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Apr 19 07:12:18 2025 +0000

    Merge branch 'add-sysroot' into 'master'
    
    sbin/update-ca-certificates: add a --sysroot option
    
    See merge request debian/ca-certificates!13

commit a652c7f4158ecd512e6972fcf453409d4a977948
Author: Alexander Kanavin <alex@linutronix.de>
Date:   Mon Mar 31 17:42:25 2025 +0200

    sbin/update-ca-certificates: add a --sysroot option
    
    This allows using the script in cross-compilation environments
    where the script needs to prefix the sysroot to every other
    directory it operates on. There are individual options
    to set those directories, but using a common prefix option
    instead is a lot less clutter and more robust.

commit 9ad250adb22da86f2f0929ecff081cf86919ac6e
Author: Julien Cristau <jcristau@debian.org>
Date:   Mon Dec 23 12:53:58 2024 +0100

    Upload to unstable

commit 9f5c23f6e85a350802438b6cdb0a52617c7ccedc
Author: Julien Cristau <jcristau@debian.org>
Date:   Mon Dec 23 12:53:16 2024 +0100

    Add Romanian debconf translation, thanks to Remus-Gabriel Chelu.
    
    Closes: #1067042, #1031490.

commit 0a40b3d0f6167bbbcf59aec8d696e436112306ea
Author: Julien Cristau <jcristau@debian.org>
Date:   Mon Dec 23 12:43:18 2024 +0100

    Update Mozilla certificate authority bundle to version 2.70.
    
    The following certificate authorities were added (+):
    + Telekom Security TLS ECC Root 2020
    + Telekom Security TLS RSA Root 2023
    + FIRMAPROFESIONAL CA ROOT-A WEB
    + TWCA CYBER Root CA
    + SecureSign Root CA12
    + SecureSign Root CA14
    + SecureSign Root CA15
    The following certificate authorities were removed (-):
    - Security Communication Root CA

commit ee6e0484031314090a11c04ee82689acb73d7ad8
Author: Julien Cristau <jcristau@debian.org>
Date:   Sun Feb 4 10:41:45 2024 +0100

    Upload to unstable

commit 75b26d5e4fb7ee0ca14df14d89f7f7a8a83da9a5
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 12:46:08 2024 +0100

    Update Mozilla certificate authority bundle to version 2.64
    
    The following certificate authorities were added (+):
    + Atos TrustedRoot Root CA ECC TLS 2021
    + Atos TrustedRoot Root CA RSA TLS 2021
    + BJCA Global Root CA1
    + BJCA Global Root CA2
    + CommScope Public Trust ECC Root-01
    + CommScope Public Trust ECC Root-02
    + CommScope Public Trust RSA Root-01
    + CommScope Public Trust RSA Root-02
    + Sectigo Public Server Authentication Root E46
    + Sectigo Public Server Authentication Root R46
    + SSL.com TLS ECC Root CA 2022
    + SSL.com TLS RSA Root CA 2022
    + TrustAsia Global Root CA G3
    + TrustAsia Global Root CA G4
    The following certificate authorities were removed (-):
    - Autoridad de Certificacion Firmaprofesional CIF A62634068
    - E-Tugra Certification Authority
    - E-Tugra Global Root CA ECC v3
    - E-Tugra Global Root CA RSA v3
    - Hongkong Post Root CA 1
    - TrustCor ECA-1
    - TrustCor RootCert CA-1
    - TrustCor RootCert CA-2 (closes: #1023945)

commit 4b85b0236d5b7d35115a6d537307152443d5638e
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 12:27:02 2024 +0100

    Add changelog entry

commit 3b2b7b8cc4641744c8ee02198aa94526e8918f32
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 12:30:28 2024 +0100

    Clean up debian/config.initial-certs

commit de5a10538eec0579ee5feed1477da3fb861ac8be
Merge: 8d14620 aeba8f9
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 11:35:44 2024 +0000

    Merge branch 'use-dh-std-sequence' into 'master'
    
    d/rules: Use standard dh sequence (Closes #1050112)
    
    See merge request debian/ca-certificates!10

commit 8d14620cb6eeda7d11dc5b76175ff4e1ce90e8eb
Merge: 14983ba 97e854b
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 11:05:30 2024 +0000

    Merge branch 'cleanup' into 'master'
    
    Fix ShellCheck warnings
    
    See merge request debian/ca-certificates!12

commit 14983ba1b7840502b230abe2804088e384f6f824
Merge: 2c507f8 1b8958e
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Feb 3 10:50:09 2024 +0000

    Merge branch 'docs' into 'master'
    
    Update documentation
    
    See merge request debian/ca-certificates!11

commit 1b8958e34aa7b4112b7f58bc04d3531afad8ef3f
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Thu Dec 14 11:52:42 2023 -0500

    Update docs

commit db36215af2b674fc3b9b2bedd121d6679ac012b5
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Thu Dec 14 06:59:34 2023 -0500

    Fix formatting

commit 97e854b0566ad51a5f6f05b87534db716ccc0331
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Thu Dec 14 06:18:59 2023 -0500

    Fix ShellCheck warnings

commit 751c3cefc52632bf2a0f0a45c752887bf8007315
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Thu Dec 14 06:11:51 2023 -0500

    Update documentation

commit aeba8f91704d3ba7f188cb8dc34d57c36d7d2df7
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 10:53:25 2023 +0200

    d/rules: Remove unnecessary override_dh_compress
    
    > In compat 12, `dh_compress` no longer compresses examples by default.

commit 572e7fa6c4ca306edaf01c33868db7a7b6f67f6a
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 10:43:54 2023 +0200

    d/rules: Simplify injection of certificate list in d/config
    
    Use the existing `-D` facility of `dh_installdebconf` to inject the
    list of certificates into `d/config`.

commit 7e96294469105099c2971211886cd153cdf24c72
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 01:01:47 2023 +0200

    d/control: Update standards version to 4.6.2, no changes needed

commit 270206e506f3561ba551bbe3dca63d16aff1fddf
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 01:00:48 2023 +0200

    d/control: Specify Rules-Requires-Root: no

commit afdfda25d8a502d401102f1aa1df9f10dfd68803
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sun Aug 20 00:43:18 2023 +0200

    d/rules: Use standard dh sequence
    
    Closes: #1050112

commit 2c507f8c5aac8b50e35291739ffd40676ab08993
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Mar 11 09:47:10 2023 +0100

    Upload to unstable

commit 7eee62eaf1095953b79a312901aae5ec74012444
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Mar 11 09:35:49 2023 +0100

    Update Mozilla certificate authority bundle to version 2.60

commit 88d98d1082e5d2d1f85e5cb42811da813db981c9
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Dec 6 10:35:18 2022 +0100

    Add changelog entry

commit c7a3136aa0290f09080ff90d2c21d43b70710310
Author: Wataru Ashihara <wsh@iij.ad.jp>
Date:   Fri Mar 25 17:44:43 2022 +0900

    Make certdata2pem.py work with newer cryptography versions
    
    certdata2pem.py is incompatible the cryptography package version 2.
    
        $ pip3 install -U cryptography~=2.0  # 2.9.2
        ...
    
        $ python3 certdata2pem.py
        ...
        Traceback (most recent call last):
          File "certdata2pem.py", line 125, in <module>
            cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
        TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
    
        $ pip3 install -U cryptography~=3.0  # 3.4.8
        ...
    
        $ python3 certdata2pem.py  # ok
        ...
    
    I think this should be noted in README.
    
    cryptography>=35.0 is also incompatible:
    
        $ pip3 install -U cryptography~=35.0
        ...
    
        $ python3 certdata2pem.py
        Traceback (most recent call last):
          File "certdata2pem.py", line 125, in <module>
            cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
          File "/home/wsh/.local/lib/python3.8/site-packages/cryptography/x509/base.py", line 443, in load_der_x509_certificate
            return rust_x509.load_der_x509_certificate(data)
        TypeError: argument 'data': 'bytearray' object cannot be converted to 'PyBytes'

commit ac305ca929f9617de8c237a63ea05dc9fa5ead1c
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Feb 22 10:18:48 2022 +0100

    Drop trailing space from debconf template causing misformatting
    
    Closes: #980821

commit bbc989212eb0df43aaa213b68614f64eb5f94e17
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Jan 11 14:18:11 2022 +0100

    Update Mozilla certificate authority bundle to version 2.52

commit 7ceea873db3c45704aeb3d35d355aa930a419dab
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Jan 11 14:33:49 2022 +0100

    Blacklist expired CAs

commit 4823764900caa687451cd588f76585aa9e3abbb6
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Jan 11 14:14:40 2022 +0100

    Add changelog entry

commit 15229cb234becd05577c87b4e8a4522bab740f2f
Merge: 4784cf2 17b759d
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Dec 14 10:09:40 2021 +0000

    Merge branch 'busybox-compat' into 'master'
    
    update-ca-certificates: compat with non-GNU mktemp(1)
    
    See merge request debian/ca-certificates!8

commit 4784cf2dac3b6a10f4747423ee8c7f912804feb2
Author: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Date:   Mon Dec 13 13:13:52 2021 -0800

    mozilla/certdata2pem.py: use UTC time when checking cert validity
    
    x509.not_valid_after returns naive UTC datetime and so does
    datetime.utcnow(), so keep the time consistent when performing the
    comparison.
    
    Fixes: 8033d5225917 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
    Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
    Signed-off-by: Julien Cristau <jcristau@debian.org>

commit 17b759d6975b8bfb3fbdddabd429680b6fa78939
Author: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Date:   Tue Nov 30 17:26:24 2021 +0700

    update-ca-certificates: compat with non-GNU mktemp(1)
    
    BSD and BusyBox lacks --tmpdir support.
    
    Emulate it with -p instead.
    
    Close bugs #1000847
    
    Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>

Created: 2021-12-14 Last update: 2025-07-25 19:30

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-04-19 Last update: 2025-04-19 17:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).

Created: 2024-04-07 Last update: 2025-04-19 11:31

news

[rss feed]

[2025-06-13] Accepted ca-certificates 20230311+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Julien Cristau)
[2025-05-01] ca-certificates 20250419 MIGRATED to testing (Debian testing watch)
[2025-04-19] Accepted ca-certificates 20250419 (source) into unstable (Julien Cristau)
[2025-01-01] ca-certificates 20241223 MIGRATED to testing (Debian testing watch)
[2024-12-23] Accepted ca-certificates 20241223 (source) into unstable (Julien Cristau)
[2024-02-11] ca-certificates 20240203 MIGRATED to testing (Debian testing watch)
[2024-02-04] Accepted ca-certificates 20240203 (source) into unstable (Julien Cristau)
[2023-03-16] ca-certificates 20230311 MIGRATED to testing (Debian testing watch)
[2023-03-11] Accepted ca-certificates 20230311 (source) into unstable (Julien Cristau)
[2022-02-10] ca-certificates 20211016 MIGRATED to testing (Debian testing watch)
[2021-10-16] Accepted ca-certificates 20211016 (source) into unstable (Julien Cristau)
[2021-10-09] Accepted ca-certificates 20211004 (source) into unstable (Julien Cristau)
[2021-03-13] Accepted ca-certificates 20200601~deb9u2 (source all) into oldstable (Utkarsh Gupta)
[2021-01-28] Accepted ca-certificates 20200601~deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Julien Cristau)
[2021-01-24] ca-certificates 20210119 MIGRATED to testing (Debian testing watch)
[2021-01-19] Accepted ca-certificates 20210119 (source) into unstable (Julien Cristau)
[2020-06-07] ca-certificates 20200601 MIGRATED to testing (Debian testing watch)
[2020-06-06] Accepted ca-certificates 20200601~deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2020-06-05] Accepted ca-certificates 20200601~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2020-06-02] Accepted ca-certificates 20200601 (source) into unstable (Michael Shuler) (signed by: Andrew Shadura)
[2019-02-06] ca-certificates 20190110 MIGRATED to testing (Debian testing watch)
[2019-01-23] Accepted ca-certificates 20190110 (source all) into unstable (Michael Shuler) (signed by: Axel Beckert)
[2018-07-07] Accepted ca-certificates 20161130+nmu1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Michael Shuler) (signed by: Andreas Beckmann)
[2018-07-07] Accepted ca-certificates 20130119+deb7u3 (source all) into oldoldstable (Michael Shuler) (signed by: Chris Lamb)
[2018-07-07] Accepted ca-certificates 20141019+deb8u4 (source all) into oldstable (Michael Shuler) (signed by: Chris Lamb)
[2018-04-10] Accepted ca-certificates 20180409 (source all) into unstable (Michael Shuler) (signed by: Thijs Kinkhorst)
[2018-01-14] Accepted ca-certificates 20130119+deb7u2 (source all) into oldoldstable (Michael Shuler) (signed by: Brian May)
[2017-09-04] ca-certificates 20170717 MIGRATED to testing (Debian testing watch)
[2017-08-14] Accepted ca-certificates 20170717 (source all) into unstable (Michael Shuler) (signed by: Thijs Kinkhorst)
[2017-05-25] ca-certificates 20161130+nmu1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 20 22
RC: 0
I&N: 10 11
M&W: 10 11
F&P: 0
patch: 2
help: 2

links

lintian (0, 3)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
screenshots
l10n (98, -)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 20250419
81 bugs