ca-certificates-java (20170930) unstable; urgency=medium * Team upload. * Revert the last two NMUs. - Depend again on openjdk-8 after the stretch release. - Stop fiddling around with jvm-*.cfg files. ca-certificates-java has no business with providing an initial cacerts file. This is implemented in the openjdk packages. We are not 2008 anymore. * Bump standards version. * Remove Torsten Werner as uploader. -- Matthias Klose Sat, 30 Sep 2017 02:02:28 +0200 ca-certificates-java (20170929) unstable; urgency=low [ Gianfranco Costamagna ] * Team upload. * Ack previous NMU, thanks [ Rico Tzschichholz ] * Fix temporary jvm-*.cfg generation on armhf (Closes: #874276) - the armhf installation path is different from other architectures. -- Rico Tzschichholz Wed, 27 Sep 2017 17:17:59 +0200 ca-certificates-java (20170531+nmu1) unstable; urgency=high * Non-maintainer upload. * Revert to depending on openjdk-7 instead of openjdk-8, since this triggers a failure to dist-upgrade, due to the triggers loop (See: #864597). The openjdk-7 package was dropped from stretch, but the java7-runtime-headless alternative dependency is satisfied by openjdk-8. -- Cyril Brulebois Thu, 15 Jun 2017 17:33:00 +0200 ca-certificates-java (20170531) unstable; urgency=medium * Team upload. * Depend on openjdk-8 instead of openjdk-7 (Closes: #863803) * Moved the package to Git -- Emmanuel Bourg Wed, 31 May 2017 15:02:23 +0200 ca-certificates-java (20161107) unstable; urgency=medium * Team upload. * postinst: Use exit trap instead of if condition to not fail silently (e.g. in case the java binary is not found) (Closes: #822201) * Bump Standards-Version to 3.9.8 (no changes) -- Benjamin Drung Mon, 07 Nov 2016 13:45:23 +0100 ca-certificates-java (20160321) unstable; urgency=medium * Team upload. * Drop support for obsolete Java 6 (Closes: #776897) * Add support for Java 8 and 9 (Closes: #775775) * Bump Standards-Version to 3.9.7 (no changes) * Use secure HTTPS URI for Vcs-Browser -- Benjamin Drung Mon, 21 Mar 2016 14:34:49 +0100 ca-certificates-java (20140324) unstable; urgency=medium * Team upload. * Fixed a test failure caused by the removal of the CAcert.org root certificate from the ca-certificates package (Closes: #741755) * Limit the memory used by java to 64M when updating the certificates (Closes: #576453) * Mavenized the project * Code refactoring * d/control: Standards-Version updated to 3.9.5 (no changes) * Switch to debhelper level 9 -- Emmanuel Bourg Mon, 24 Mar 2014 09:42:08 +0100 ca-certificates-java (20130815) unstable; urgency=low * Acknowledge NMU done by Don Armstrong and Andreas Beckmann. * Fix tests to works with new cacert certificates names (Closes: #713138). * d/control: Use canonical value for Vcs-* fields. * d/control: Remove deprecated DMUA flag. * d/control: Bump Standards-Version to 3.9.4 (no changes needed). -- Damien Raude-Morvan Thu, 15 Aug 2013 13:52:46 +0200 ca-certificates-java (20121112+nmu2) unstable; urgency=medium * Non-maintainer upload. * postinst, jks-keystore.hook: Do not fail if nss.cfg does not (yet) exist, i.e. if openjdk-?-jre-headless is unpacked but not yet configured. (Closes: #694888) * Set urgency to medium for RC bugfix. -- Andreas Beckmann Sun, 27 Jan 2013 14:19:41 +0100 ca-certificates-java (20121112+nmu1) unstable; urgency=low * Non-maintainer upload * Fix test for dpkg-query in postinst; there was an extraneous --version here. [Probably don't even need to bother to check for dpkg-query, but why not.] (Closes: #690204) * Library path for softokn3pkg and nsspkg is potentially wrong if there are multiple different paths; fix it. * Do not run the hook if ca-certificates-java has been removed but not purged. * Use the new trigger support provided by ca-certificates (>=20121114). -- Don Armstrong Mon, 12 Nov 2012 15:45:50 -0800 ca-certificates-java (20120721) unstable; urgency=low * Fix jks-keystore and postinst to work on multi-arch system. Use dpkg-query -L package:arch. (Closes: #680618). * As libnss3-1d is a transitional package on both Debian and Ubuntu, upgrade Depends to use libnss3. -- Damien Raude-Morvan Sat, 21 Jul 2012 01:06:32 +0200 ca-certificates-java (20120608) unstable; urgency=low [ James Page ] * Switch primary JRE dependency from openjdk-6 to openjdk-7 to support demotion of openjdk-6 to universe in Ubuntu: - d/control, rules: Generate primary JRE dependency at build time to allow differentiation between Ubuntu and Debian. * Added myself to uploaders. [ Damien Raude-Morvan ] * Update to unstable. * Set DMUA flag for James Page. -- James Page Fri, 08 Jun 2012 09:44:58 +0100 ca-certificates-java (20120603) unstable; urgency=low * Use javahelper as buildsystem: - d/control: Add Build-Depends on javahelper. - d/rules: Use jh_build to call javac. * Create a testsuite for this package: - Refactor UpdateCertificates code to send exceptions instead of System.exit(1). - New testsuite: UpdateCertificatesTest. - d/control: Build-Depends on junit4. - d/rules: Launch junit after build and handle "nocheck" option in DEB_BUILD_OPTIONS. -- Damien Raude-Morvan Sun, 03 Jun 2012 12:10:26 +0200 ca-certificates-java (20120524) unstable; urgency=low [ Marc Deslauriers ] * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around since it is no longer needed. * debian/postinst: don't put a symlink in / if jvm doesn't contain nss configuration. (Closes: #665754, #665749). * debian/postinst: force migration to new alias names again. The migration was supposed to occur on upgrades to Oneiric, but failed because of an NSS error. * debian/postinst: forcibly remove diginotar cert. It could be left behind under certain circumstances. (LP: #920758) * debian/postinst: also look for jvm in multiarch locations (LP: #962378) * debian/postinst: retrigger first_install to properly get cert store. [ James Page ] * d/rules: Ensure java is built with source/target == 1.6 for backwards compatibility with openjdk-6. [ Damien Raude-Morvan ] * Sync handling of nss.cfg between debian/jks-keystore.hook.in and debian/postinst.in. * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers). * Improve handling of certificate with UTF-8 filenames: - UpdateCertificates: Force read System.in with UTF-8 - debian/postinst: Set LC_CTYPE to C.UTF-8 -- Damien Raude-Morvan Tue, 22 May 2012 23:41:41 +0200 ca-certificates-java (20120225) unstable; urgency=low [ Steve Langasek ] * debian/jks-keystore.hook: If we *don't* find libnss3 / libnss3-1d, don't remove files from the filesystem in do_cleanup(), since this has a nasty tendency of nuking system libraries. LP: #855171. * debian/preinst, debian/postinst: when upgrading from version 20110912ubuntu1, disable the buggy hook script early to prevent it from being run before our new version is configured; and re-enable the script in the postinst. LP: #855246. [ Matthias Klose ] * Mark as Multi-Arch: foreign. * Adjust the libnss3-1d versioned dependency. [ Damien Raude-Morvan ] * Add myself to Uploaders. * Use dh_gencontrol and dpkg-vendor to allow: - New substvar ${nss:Depends} for libnss3-1d versionning. - New @NSS_LIB@ parameter for debian/*.in files. * Bump Standards-Version to 3.9.3: - Add recommended build-arch / build-indep targets. -- Damien Raude-Morvan Sat, 25 Feb 2012 15:06:32 +0100 ca-certificates-java (20111223) unstable; urgency=low * Support new multiarch JRE packages in postinst. -- Torsten Werner Fri, 23 Dec 2011 13:46:15 +0100 ca-certificates-java (20110912) unstable; urgency=low * Support new multiarch JRE packages in jks-keystore. (Closes: #641306) * Support OpenJDK 7. (Closes: #641305) -- Torsten Werner Mon, 12 Sep 2011 21:23:22 +0200 ca-certificates-java (20110816) unstable; urgency=low * Upgrade Recommends: libnss3-1d to a versioned Depends due to multiarch changes. (Closes: #635571) * Use the locale C.UTF-8 for the hook script to be more robust. -- Torsten Werner Tue, 16 Aug 2011 11:00:33 +0200 ca-certificates-java (20110531) unstable; urgency=low * Prepare for multiarch libnss3 update. -- Matthias Klose Tue, 31 May 2011 15:20:52 +0200 ca-certificates-java (20110426) unstable; urgency=low * Test for existing file in postinst before copying it. (Closes: #624152) * Add Vcs headers to debian/control. -- Torsten Werner Tue, 26 Apr 2011 09:23:03 +0200 ca-certificates-java (20110425) unstable; urgency=low * Add Java code to update the keystore and support UTF-8 encoded filenames. (Closes: #607245, #623671) * Change Maintainer to Debian Java Maintainers and add myself to Uploaders. * Update Build-Depends. * Replace old inconsistent keystore aliases. (Closes: #623888) * Add support for openjdk-7 and remove support for old cacao VM. * Add a NEWS file explaining the update. * Update README.Debian. -- Torsten Werner Mon, 25 Apr 2011 15:28:55 +0200 ca-certificates-java (20100412) unstable; urgency=low * Upload to unstable. -- Matthias Klose Mon, 12 Apr 2010 03:15:47 +0200 ca-certificates-java (20100406ubuntu1) lucid; urgency=low * Make the installation and import of certificates more robust, if the NSS based security provider is disabled or not built. -- Matthias Klose Sun, 11 Apr 2010 20:54:43 +0200 ca-certificates-java (20100406) unstable; urgency=low * Explicitely fail the installation, if /proc is not mounted. Currently required by the java tools, changed in OpenJDK7. Closes: #576453. LP: #556044. * Print name of JVM in case of errors. * Set priority to optional, set section to java. Closes: #566855. * Remove /etc/ssl/certs on package purge, if empty. Closes: #566853. -- Matthias Klose Tue, 06 Apr 2010 21:41:39 +0200 ca-certificates-java (20091021) unstable; urgency=low * Clarify output for keytool errors (although it shouldnn't be necessary anymore). Closes: #540490. -- Matthias Klose Wed, 21 Oct 2009 22:00:53 +0200 ca-certificates-java (20090928) karmic; urgency=low * Rebuild with OpenJDK supporting PKCS11 cryptography, rebuild with ca-certificates 20090814. -- Matthias Klose Mon, 28 Sep 2009 16:47:09 +0200 ca-certificates-java (20090629) unstable; urgency=low * debian/rules, debian/postinst, debian/jks-keystore.hook: Filter out SHA384withECDSA certificates since keytool won't support them. LP: #392104, closes: #534520. * Fix typo in hook. Closes: #534533. * Use java6-runtime-headless as alternative dependency. Closes: #512293. -- Matthias Klose Mon, 29 Jun 2009 11:27:59 +0200 ca-certificates-java (20081028) unstable; urgency=low * Ignore LANG and LC_ALL setting when running keytool. LP: #289934. -- Matthias Klose Tue, 28 Oct 2008 07:20:16 +0100 ca-certificates-java (20081027) unstable; urgency=medium * Merge from Ubuntu: - Don't try to import certificates, which are listed in /etc/ca-certificates.conf, but not available on the system. Just warn about those. LP: #289091. - Need to run keytool, when the jre is unpacked, but not yet configured. Create a temporary jvm.cfg for the time in that postinst and the jks-keystore.hook are run, and remove it afterwards. LP: #289199. -- Matthias Klose Mon, 27 Oct 2008 13:58:14 +0100 ca-certificates-java (20081024) unstable; urgency=low * Install /etc/default/cacerts with mode 600. -- Matthias Klose Fri, 24 Oct 2008 15:10:48 +0200 ca-certificates-java (20081022) unstable; urgency=low * debian/jks-keystore.hook: - Don't stop after first error during the update. LP: #244412. Closes: #489748. - Call keytool with -noprompt. * On initial install, add locally added certificates. LP: #244410. Closes: #489748. * Install /etc/default/cacerts to set options: - storepass, holding the password for the keystore. - updates, to enable/disable updates of the keystore. * Only use the keytool command from OpenJDK or Sun Java. Closes: #496587. -- Matthias Klose Wed, 22 Oct 2008 20:51:24 +0200 ca-certificates-java (20080712) unstable; urgency=low * Upload to main. -- Matthias Klose Sat, 12 Jul 2008 12:19:00 +0200 ca-certificates-java (20080711) unstable; urgency=low * debian/jks-keystore.hook: Fix typo. Closes: #489747, LP: #244408. -- Matthias Klose Fri, 11 Jul 2008 20:38:04 +0200 ca-certificates-java (20080514) unstable; urgency=low * Initial release. -- Matthias Klose Mon, 02 Jun 2008 14:52:46 +0000