ca-certificates-java (20240118) unstable; urgency=medium
[ Vladimir Petko ]
* d/rules: Use java_compat_level variable provided by java-common to
adjust -source/-target level to the minimum required by the default
Java. Closes: #1057495.
* Do not try to run foreign architecture java. Closes: #1043247.
[ Matthias Klose ]
* Build-depend on java-common.
* debian/tests: Don't hardcode JREs and JDKs. Closes: #1057696.
-- Matthias Klose <doko@debian.org> Thu, 18 Jan 2024 10:40:28 +0100
ca-certificates-java (20230710) unstable; urgency=medium
* Add apt-utils to the test dependencies.
-- Matthias Klose <doko@debian.org> Mon, 10 Jul 2023 09:59:59 +0200
ca-certificates-java (20230707) unstable; urgency=medium
[ Vladimir Petko ]
* Resolve circular JRE dependency:
- debian/ca-certificates-java.postinst: remove setup_path from "configure"
stage.
- debian/ca-certificates-java.postinst: do "fresh" update if cacerts file is
not found. Certificates are refreshed only in response to the trigger
activated by OpenJDK packages.
- debian/ca-certificates-java.postinst: fix cacert enumeration command for
Java 8.
- debian/control: remove JRE dependency.
- debian/control: add Breaks condition.
- debian/tests: add smoke tests.
- debian/ca-certificates-java.triggers: remove file trigger /usr/jvm,
explicitly declare triggers as -await.
[ Matthias Klose ]
* Adjust the breaks for Debian versions.
-- Matthias Klose <doko@debian.org> Fri, 07 Jul 2023 11:13:17 +0200
ca-certificates-java (20230620) unstable; urgency=medium
[ Matthias Klose ]
* Bump standards version.
* Build-depend on default-jdk-headless instead of default-jdk.
[ Vladimir Petko ]
* d/ca-certificates-java.postinst: Work-around not yet configured jre.
-- Matthias Klose <doko@debian.org> Tue, 20 Jun 2023 06:09:44 +0200
ca-certificates-java (20230103) unstable; urgency=medium
* Promote again the JRE recommendation to a dependency. Otherwise
non-default OpenJDK versions are uninstallable.
-- Matthias Klose <doko@debian.org> Tue, 03 Jan 2023 09:10:44 +0100
ca-certificates-java (20220719) unstable; urgency=medium
[ Andreas Beckmann ]
* Team upload.
* Switch to debhelper-compat (= 13).
* Set Rules-Requires-Root: no.
* UpdateCertificates.java: Ignore empty lines in stdin. (Closes: #795244)
* Avoid warning about missing /etc/ssl/certs/java/cacerts on initial
install.
* Do not be satisfied by java7-runtime-headless.
* Remove support for upgrading from versions predating wheezy.
* Clean up misplaced symlinks in the root directory left over by ancient
versions. (Closes: #688415)
* Drop libnss3 manipulations, no longer needed since openjdk-6-jre-headless
at least.
* Add update-ca-certificates-java trigger and let jks-keystore record the
pending certificate updates and postpone them to the processing of this
trigger. (Closes: #908858)
* Add update-ca-certificates-java-fresh trigger, will be activated by
update-ca-certificates -f. (Closes: #922981)
* Remove obsolete certificates when building a fresh cacerts file.
(Closes: #767272)
* Bump ca-certificates dependency to 20210120.
* Skip Java certificates setup if no JRE is available.
* Add trigger on /usr/lib/jvm to perform Java certificates setup if a JRE
becomes available.
* Demote JRE dependency to Recommends to break dependency cycle.
(Closes: #929685, #940297)
* Foreign architecture JREs that place java in PATH are also usable.
(Closes: #776860, #864331)
[ Matthias Klose ]
* Support Java 18-21. Closes: #994152.
* Bump Standards-Version to 4.6.0.
-- Matthias Klose <doko@debian.org> Tue, 19 Jul 2022 16:02:33 +0200
ca-certificates-java (20190909) unstable; urgency=medium
* Team upload.
* Removed the ${nss:Depends} substvar
* Removed the @NSS_LIB@ template parameter
* Removed the now unused ${jre:Depends} substvar
* Build with the DH sequencer
* Standards-Version updated to 4.4.0
-- Emmanuel Bourg <ebourg@apache.org> Mon, 09 Sep 2019 11:56:28 +0200
ca-certificates-java (20190405) unstable; urgency=medium
* Team upload.
* Support Java 12-17 (Closes: #925431)
-- Jochen Sprickerhof <jspricke@debian.org> Fri, 05 Apr 2019 14:56:54 +0200
ca-certificates-java (20190214) unstable; urgency=medium
* Team upload.
* Declare compliance with Debian Policy 4.3.0.
* ca-certificates-java: Depend on default-jre-headless to avoid a circular dependency on
a specific OpenJDK package. (Closes: #864657, #910138)
-- Markus Koschany <apo@debian.org> Thu, 14 Feb 2019 22:21:15 +0100
ca-certificates-java (20180516) unstable; urgency=medium
* Team upload.
[ Tiago Stürmer Daitx ]
* debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
with the right configuration is already supplied by the openjdk packages.
* debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
and update PATH if a known jvm was found.
* debian/postinst.in: Detect PKCS12 cacert keystore generated by
previous ca-certificates-java and convert them to JKS. (Closes: #898678)
(LP: #1771363)
[ Matthias Klose ]
* debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
configure.
[ Emmanuel Bourg ]
* Use salsa.debian.org Vcs-* URLs
-- Emmanuel Bourg <ebourg@apache.org> Wed, 16 May 2018 23:00:38 +0200
ca-certificates-java (20180413) unstable; urgency=medium
* Team upload.
* Always generate a JKS keystore instead of using the default format
(Closes: #894979)
* Look for Java 10 and Java 11 when detecting the JRE
* Removed Damien Raude-Morvan from the uploaders (Closes: #889412)
* Standards-Version updated to 4.1.4
* Switch to debhelper level 11
-- Emmanuel Bourg <ebourg@apache.org> Fri, 13 Apr 2018 14:15:39 +0200
ca-certificates-java (20170930) unstable; urgency=medium
* Team upload.
* Revert the last two NMUs.
- Depend again on openjdk-8 after the stretch release. (Closes: #863803)
- Stop fiddling around with jvm-*.cfg files. ca-certificates-java
has no business with providing an initial cacerts file. This is
implemented in the openjdk packages. We are not 2008 anymore.
(Closes: #912187)
* Bump standards version.
* Remove Torsten Werner as uploader.
-- Matthias Klose <doko@debian.org> Sat, 30 Sep 2017 02:02:28 +0200
ca-certificates-java (20170929) unstable; urgency=low
[ Gianfranco Costamagna ]
* Team upload.
* Ack previous NMU, thanks
[ Rico Tzschichholz ]
* Fix temporary jvm-*.cfg generation on armhf (Closes: #874276)
- the armhf installation path is different from other architectures.
-- Rico Tzschichholz <ricotz@ubuntu.com> Wed, 27 Sep 2017 17:17:59 +0200
ca-certificates-java (20170531+nmu1) unstable; urgency=high
* Non-maintainer upload.
* Revert to depending on openjdk-7 instead of openjdk-8, since this triggers
a failure to dist-upgrade, due to the triggers loop (See: #864597). The
openjdk-7 package was dropped from stretch, but the java7-runtime-headless
alternative dependency is satisfied by openjdk-8.
-- Cyril Brulebois <kibi@debian.org> Thu, 15 Jun 2017 17:33:00 +0200
ca-certificates-java (20170531) unstable; urgency=medium
* Team upload.
* Depend on openjdk-8 instead of openjdk-7 (Closes: #863803)
* Moved the package to Git
-- Emmanuel Bourg <ebourg@apache.org> Wed, 31 May 2017 15:02:23 +0200
ca-certificates-java (20161107) unstable; urgency=medium
* Team upload.
* postinst: Use exit trap instead of if condition to not fail silently
(e.g. in case the java binary is not found) (Closes: #822201)
* Bump Standards-Version to 3.9.8 (no changes)
-- Benjamin Drung <benjamin.drung@profitbricks.com> Mon, 07 Nov 2016 13:45:23 +0100
ca-certificates-java (20160321) unstable; urgency=medium
* Team upload.
* Drop support for obsolete Java 6 (Closes: #776897, #816541)
* Add support for Java 8 and 9 (Closes: #775775)
* Bump Standards-Version to 3.9.7 (no changes)
* Use secure HTTPS URI for Vcs-Browser
-- Benjamin Drung <benjamin.drung@profitbricks.com> Mon, 21 Mar 2016 14:34:49 +0100
ca-certificates-java (20140324) unstable; urgency=medium
* Team upload.
* Fixed a test failure caused by the removal of the CAcert.org root
certificate from the ca-certificates package (Closes: #741755)
* Limit the memory used by java to 64M when updating the certificates
(Closes: #576453)
* Mavenized the project
* Code refactoring
* d/control: Standards-Version updated to 3.9.5 (no changes)
* Switch to debhelper level 9
-- Emmanuel Bourg <ebourg@apache.org> Mon, 24 Mar 2014 09:42:08 +0100
ca-certificates-java (20130815) unstable; urgency=low
* Acknowledge NMU done by Don Armstrong and Andreas Beckmann.
* Fix tests to works with new cacert certificates names (Closes:
#713138).
* d/control: Use canonical value for Vcs-* fields.
* d/control: Remove deprecated DMUA flag.
* d/control: Bump Standards-Version to 3.9.4 (no changes needed).
-- Damien Raude-Morvan <drazzib@debian.org> Thu, 15 Aug 2013 13:52:46 +0200
ca-certificates-java (20121112+nmu2) unstable; urgency=medium
* Non-maintainer upload.
* postinst, jks-keystore.hook: Do not fail if nss.cfg does not (yet) exist,
i.e. if openjdk-?-jre-headless is unpacked but not yet configured.
(Closes: #694888)
* Set urgency to medium for RC bugfix.
-- Andreas Beckmann <anbe@debian.org> Sun, 27 Jan 2013 14:19:41 +0100
ca-certificates-java (20121112+nmu1) unstable; urgency=low
* Non-maintainer upload
* Fix test for dpkg-query in postinst; there was an extraneous --version
here. [Probably don't even need to bother to check for dpkg-query, but
why not.] (Closes: #690204)
* Library path for softokn3pkg and nsspkg is potentially wrong if there
are multiple different paths; fix it.
* Do not run the hook if ca-certificates-java has been removed but not
purged.
* Use the new trigger support provided by ca-certificates (>=20121114).
-- Don Armstrong <don@debian.org> Mon, 12 Nov 2012 15:45:50 -0800
ca-certificates-java (20120721) unstable; urgency=low
* Fix jks-keystore and postinst to work on multi-arch system.
Use dpkg-query -L package:arch. (Closes: #680618).
* As libnss3-1d is a transitional package on both Debian and Ubuntu,
upgrade Depends to use libnss3.
-- Damien Raude-Morvan <drazzib@debian.org> Sat, 21 Jul 2012 01:06:32 +0200
ca-certificates-java (20120608) unstable; urgency=low
[ James Page ]
* Switch primary JRE dependency from openjdk-6 to openjdk-7 to support
demotion of openjdk-6 to universe in Ubuntu:
- d/control, rules: Generate primary JRE dependency at build time to
allow differentiation between Ubuntu and Debian.
* Added myself to uploaders.
[ Damien Raude-Morvan ]
* Update to unstable.
* Set DMUA flag for James Page.
-- James Page <james.page@ubuntu.com> Fri, 08 Jun 2012 09:44:58 +0100
ca-certificates-java (20120603) unstable; urgency=low
* Use javahelper as buildsystem:
- d/control: Add Build-Depends on javahelper.
- d/rules: Use jh_build to call javac.
* Create a testsuite for this package:
- Refactor UpdateCertificates code to send exceptions instead of
System.exit(1).
- New testsuite: UpdateCertificatesTest.
- d/control: Build-Depends on junit4.
- d/rules: Launch junit after build and handle "nocheck" option in
DEB_BUILD_OPTIONS.
-- Damien Raude-Morvan <drazzib@debian.org> Sun, 03 Jun 2012 12:10:26 +0200
ca-certificates-java (20120524) unstable; urgency=low
[ Marc Deslauriers ]
* debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around
since it is no longer needed.
* debian/postinst: don't put a symlink in / if jvm doesn't contain nss
configuration. (Closes: #665754, #665749).
* debian/postinst: force migration to new alias names again. The
migration was supposed to occur on upgrades to Oneiric, but failed
because of an NSS error.
* debian/postinst: forcibly remove diginotar cert. It could be left
behind under certain circumstances. (LP: #920758)
* debian/postinst: also look for jvm in multiarch locations (LP: #962378)
* debian/postinst: retrigger first_install to properly get cert store.
[ James Page ]
* d/rules: Ensure java is built with source/target == 1.6 for backwards
compatibility with openjdk-6.
[ Damien Raude-Morvan ]
* Sync handling of nss.cfg between debian/jks-keystore.hook.in and
debian/postinst.in.
* Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers).
* Improve handling of certificate with UTF-8 filenames:
- UpdateCertificates: Force read System.in with UTF-8
- debian/postinst: Set LC_CTYPE to C.UTF-8
-- Damien Raude-Morvan <drazzib@debian.org> Tue, 22 May 2012 23:41:41 +0200
ca-certificates-java (20120225) unstable; urgency=low
[ Steve Langasek ]
* debian/jks-keystore.hook: If we *don't* find libnss3 / libnss3-1d,
don't remove files from the filesystem in do_cleanup(),
since this has a nasty tendency of nuking system libraries.
LP: #855171.
* debian/preinst, debian/postinst: when upgrading from version
20110912ubuntu1, disable the buggy hook script early to prevent it from
being run before our new version is configured; and re-enable the script
in the postinst. LP: #855246.
[ Matthias Klose ]
* Mark as Multi-Arch: foreign.
* Adjust the libnss3-1d versioned dependency.
[ Damien Raude-Morvan ]
* Add myself to Uploaders.
* Use dh_gencontrol and dpkg-vendor to allow:
- New substvar ${nss:Depends} for libnss3-1d versionning.
- New @NSS_LIB@ parameter for debian/*.in files.
* Bump Standards-Version to 3.9.3:
- Add recommended build-arch / build-indep targets.
-- Damien Raude-Morvan <drazzib@debian.org> Sat, 25 Feb 2012 15:06:32 +0100
ca-certificates-java (20111223) unstable; urgency=low
* Support new multiarch JRE packages in postinst.
-- Torsten Werner <twerner@debian.org> Fri, 23 Dec 2011 13:46:15 +0100
ca-certificates-java (20110912) unstable; urgency=low
* Support new multiarch JRE packages in jks-keystore. (Closes: #641306)
* Support OpenJDK 7. (Closes: #641305)
-- Torsten Werner <twerner@debian.org> Mon, 12 Sep 2011 21:23:22 +0200
ca-certificates-java (20110816) unstable; urgency=low
* Upgrade Recommends: libnss3-1d to a versioned Depends due to multiarch
changes. (Closes: #635571)
* Use the locale C.UTF-8 for the hook script to be more robust.
-- Torsten Werner <twerner@debian.org> Tue, 16 Aug 2011 11:00:33 +0200
ca-certificates-java (20110531) unstable; urgency=low
* Prepare for multiarch libnss3 update.
-- Matthias Klose <doko@ubuntu.com> Tue, 31 May 2011 15:20:52 +0200
ca-certificates-java (20110426) unstable; urgency=low
* Test for existing file in postinst before copying it. (Closes: #624152)
* Add Vcs headers to debian/control.
-- Torsten Werner <twerner@debian.org> Tue, 26 Apr 2011 09:23:03 +0200
ca-certificates-java (20110425) unstable; urgency=low
* Add Java code to update the keystore and support UTF-8 encoded filenames.
(Closes: #607245, #623671)
* Change Maintainer to Debian Java Maintainers and add myself to Uploaders.
* Update Build-Depends.
* Replace old inconsistent keystore aliases. (Closes: #623888)
* Add support for openjdk-7 and remove support for old cacao VM.
* Add a NEWS file explaining the update.
* Update README.Debian.
-- Torsten Werner <twerner@debian.org> Mon, 25 Apr 2011 15:28:55 +0200
ca-certificates-java (20100412) unstable; urgency=low
* Upload to unstable.
-- Matthias Klose <doko@ubuntu.com> Mon, 12 Apr 2010 03:15:47 +0200
ca-certificates-java (20100406ubuntu1) lucid; urgency=low
* Make the installation and import of certificates more robust,
if the NSS based security provider is disabled or not built.
-- Matthias Klose <doko@ubuntu.com> Sun, 11 Apr 2010 20:54:43 +0200
ca-certificates-java (20100406) unstable; urgency=low
* Explicitely fail the installation, if /proc is not mounted.
Currently required by the java tools, changed in OpenJDK7.
Closes: #576453. LP: #556044.
* Print name of JVM in case of errors.
* Set priority to optional, set section to java. Closes: #566855.
* Remove /etc/ssl/certs on package purge, if empty. Closes: #566853.
-- Matthias Klose <doko@debian.org> Tue, 06 Apr 2010 21:41:39 +0200
ca-certificates-java (20091021) unstable; urgency=low
* Clarify output for keytool errors (although it shouldnn't be
necessary anymore). Closes: #540490.
-- Matthias Klose <doko@ubuntu.com> Wed, 21 Oct 2009 22:00:53 +0200
ca-certificates-java (20090928) karmic; urgency=low
* Rebuild with OpenJDK supporting PKCS11 cryptography, rebuild with
ca-certificates 20090814.
-- Matthias Klose <doko@ubuntu.com> Mon, 28 Sep 2009 16:47:09 +0200
ca-certificates-java (20090629) unstable; urgency=low
* debian/rules, debian/postinst, debian/jks-keystore.hook: Filter out
SHA384withECDSA certificates since keytool won't support them.
LP: #392104, closes: #534520.
* Fix typo in hook. Closes: #534533.
* Use java6-runtime-headless as alternative dependency. Closes: #512293.
-- Matthias Klose <doko@ubuntu.com> Mon, 29 Jun 2009 11:27:59 +0200
ca-certificates-java (20081028) unstable; urgency=low
* Ignore LANG and LC_ALL setting when running keytool. LP: #289934.
-- Matthias Klose <doko@debian.org> Tue, 28 Oct 2008 07:20:16 +0100
ca-certificates-java (20081027) unstable; urgency=medium
* Merge from Ubuntu:
- Don't try to import certificates, which are listed in
/etc/ca-certificates.conf, but not available on the system.
Just warn about those. LP: #289091.
- Need to run keytool, when the jre is unpacked, but not yet configured.
Create a temporary jvm.cfg for the time in that postinst and the
jks-keystore.hook are run, and remove it afterwards. LP: #289199.
-- Matthias Klose <doko@debian.org> Mon, 27 Oct 2008 13:58:14 +0100
ca-certificates-java (20081024) unstable; urgency=low
* Install /etc/default/cacerts with mode 600.
-- Matthias Klose <doko@debian.org> Fri, 24 Oct 2008 15:10:48 +0200
ca-certificates-java (20081022) unstable; urgency=low
* debian/jks-keystore.hook:
- Don't stop after first error during the update. LP: #244412.
Closes: #489748.
- Call keytool with -noprompt.
* On initial install, add locally added certificates. LP: #244410.
Closes: #489748.
* Install /etc/default/cacerts to set options:
- storepass, holding the password for the keystore.
- updates, to enable/disable updates of the keystore.
* Only use the keytool command from OpenJDK or Sun Java. Closes: #496587.
-- Matthias Klose <doko@ubuntu.com> Wed, 22 Oct 2008 20:51:24 +0200
ca-certificates-java (20080712) unstable; urgency=low
* Upload to main.
-- Matthias Klose <doko@ubuntu.com> Sat, 12 Jul 2008 12:19:00 +0200
ca-certificates-java (20080711) unstable; urgency=low
* debian/jks-keystore.hook: Fix typo. Closes: #489747, LP: #244408.
-- Matthias Klose <doko@ubuntu.com> Fri, 11 Jul 2008 20:38:04 +0200
ca-certificates-java (20080514) unstable; urgency=low
* Initial release.
-- Matthias Klose <doko@ubuntu.com> Mon, 02 Jun 2008 14:52:46 +0000