ca-certificates-java (20240118) unstable; urgency=medium [ Vladimir Petko ] * d/rules: Use java_compat_level variable provided by java-common to adjust -source/-target level to the minimum required by the default Java. Closes: #1057495. * Do not try to run foreign architecture java. Closes: #1043247. [ Matthias Klose ] * Build-depend on java-common. * debian/tests: Don't hardcode JREs and JDKs. Closes: #1057696. -- Matthias Klose Thu, 18 Jan 2024 10:40:28 +0100 ca-certificates-java (20230710) unstable; urgency=medium * Add apt-utils to the test dependencies. -- Matthias Klose Mon, 10 Jul 2023 09:59:59 +0200 ca-certificates-java (20230707) unstable; urgency=medium [ Vladimir Petko ] * Resolve circular JRE dependency: - debian/ca-certificates-java.postinst: remove setup_path from "configure" stage. - debian/ca-certificates-java.postinst: do "fresh" update if cacerts file is not found. Certificates are refreshed only in response to the trigger activated by OpenJDK packages. - debian/ca-certificates-java.postinst: fix cacert enumeration command for Java 8. - debian/control: remove JRE dependency. - debian/control: add Breaks condition. - debian/tests: add smoke tests. - debian/ca-certificates-java.triggers: remove file trigger /usr/jvm, explicitly declare triggers as -await. [ Matthias Klose ] * Adjust the breaks for Debian versions. -- Matthias Klose Fri, 07 Jul 2023 11:13:17 +0200 ca-certificates-java (20230620) unstable; urgency=medium [ Matthias Klose ] * Bump standards version. * Build-depend on default-jdk-headless instead of default-jdk. [ Vladimir Petko ] * d/ca-certificates-java.postinst: Work-around not yet configured jre. -- Matthias Klose Tue, 20 Jun 2023 06:09:44 +0200 ca-certificates-java (20230103) unstable; urgency=medium * Promote again the JRE recommendation to a dependency. Otherwise non-default OpenJDK versions are uninstallable. -- Matthias Klose Tue, 03 Jan 2023 09:10:44 +0100 ca-certificates-java (20220719) unstable; urgency=medium [ Andreas Beckmann ] * Team upload. * Switch to debhelper-compat (= 13). * Set Rules-Requires-Root: no. * UpdateCertificates.java: Ignore empty lines in stdin. (Closes: #795244) * Avoid warning about missing /etc/ssl/certs/java/cacerts on initial install. * Do not be satisfied by java7-runtime-headless. * Remove support for upgrading from versions predating wheezy. * Clean up misplaced symlinks in the root directory left over by ancient versions. (Closes: #688415) * Drop libnss3 manipulations, no longer needed since openjdk-6-jre-headless at least. * Add update-ca-certificates-java trigger and let jks-keystore record the pending certificate updates and postpone them to the processing of this trigger. (Closes: #908858) * Add update-ca-certificates-java-fresh trigger, will be activated by update-ca-certificates -f. (Closes: #922981) * Remove obsolete certificates when building a fresh cacerts file. (Closes: #767272) * Bump ca-certificates dependency to 20210120. * Skip Java certificates setup if no JRE is available. * Add trigger on /usr/lib/jvm to perform Java certificates setup if a JRE becomes available. * Demote JRE dependency to Recommends to break dependency cycle. (Closes: #929685, #940297) * Foreign architecture JREs that place java in PATH are also usable. (Closes: #776860, #864331) [ Matthias Klose ] * Support Java 18-21. Closes: #994152. * Bump Standards-Version to 4.6.0. -- Matthias Klose Tue, 19 Jul 2022 16:02:33 +0200 ca-certificates-java (20190909) unstable; urgency=medium * Team upload. * Removed the ${nss:Depends} substvar * Removed the @NSS_LIB@ template parameter * Removed the now unused ${jre:Depends} substvar * Build with the DH sequencer * Standards-Version updated to 4.4.0 -- Emmanuel Bourg Mon, 09 Sep 2019 11:56:28 +0200 ca-certificates-java (20190405) unstable; urgency=medium * Team upload. * Support Java 12-17 (Closes: #925431) -- Jochen Sprickerhof Fri, 05 Apr 2019 14:56:54 +0200 ca-certificates-java (20190214) unstable; urgency=medium * Team upload. * Declare compliance with Debian Policy 4.3.0. * ca-certificates-java: Depend on default-jre-headless to avoid a circular dependency on a specific OpenJDK package. (Closes: #864657, #910138) -- Markus Koschany Thu, 14 Feb 2019 22:21:15 +0100 ca-certificates-java (20180516) unstable; urgency=medium * Team upload. [ Tiago Stürmer Daitx ] * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file with the right configuration is already supplied by the openjdk packages. * debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME and update PATH if a known jvm was found. * debian/postinst.in: Detect PKCS12 cacert keystore generated by previous ca-certificates-java and convert them to JKS. (Closes: #898678) (LP: #1771363) [ Matthias Klose ] * debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to configure. [ Emmanuel Bourg ] * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg Wed, 16 May 2018 23:00:38 +0200 ca-certificates-java (20180413) unstable; urgency=medium * Team upload. * Always generate a JKS keystore instead of using the default format (Closes: #894979) * Look for Java 10 and Java 11 when detecting the JRE * Removed Damien Raude-Morvan from the uploaders (Closes: #889412) * Standards-Version updated to 4.1.4 * Switch to debhelper level 11 -- Emmanuel Bourg Fri, 13 Apr 2018 14:15:39 +0200 ca-certificates-java (20170930) unstable; urgency=medium * Team upload. * Revert the last two NMUs. - Depend again on openjdk-8 after the stretch release. (Closes: #863803) - Stop fiddling around with jvm-*.cfg files. ca-certificates-java has no business with providing an initial cacerts file. This is implemented in the openjdk packages. We are not 2008 anymore. (Closes: #912187) * Bump standards version. * Remove Torsten Werner as uploader. -- Matthias Klose Sat, 30 Sep 2017 02:02:28 +0200 ca-certificates-java (20170929) unstable; urgency=low [ Gianfranco Costamagna ] * Team upload. * Ack previous NMU, thanks [ Rico Tzschichholz ] * Fix temporary jvm-*.cfg generation on armhf (Closes: #874276) - the armhf installation path is different from other architectures. -- Rico Tzschichholz Wed, 27 Sep 2017 17:17:59 +0200 ca-certificates-java (20170531+nmu1) unstable; urgency=high * Non-maintainer upload. * Revert to depending on openjdk-7 instead of openjdk-8, since this triggers a failure to dist-upgrade, due to the triggers loop (See: #864597). The openjdk-7 package was dropped from stretch, but the java7-runtime-headless alternative dependency is satisfied by openjdk-8. -- Cyril Brulebois Thu, 15 Jun 2017 17:33:00 +0200 ca-certificates-java (20170531) unstable; urgency=medium * Team upload. * Depend on openjdk-8 instead of openjdk-7 (Closes: #863803) * Moved the package to Git -- Emmanuel Bourg Wed, 31 May 2017 15:02:23 +0200 ca-certificates-java (20161107) unstable; urgency=medium * Team upload. * postinst: Use exit trap instead of if condition to not fail silently (e.g. in case the java binary is not found) (Closes: #822201) * Bump Standards-Version to 3.9.8 (no changes) -- Benjamin Drung Mon, 07 Nov 2016 13:45:23 +0100 ca-certificates-java (20160321) unstable; urgency=medium * Team upload. * Drop support for obsolete Java 6 (Closes: #776897, #816541) * Add support for Java 8 and 9 (Closes: #775775) * Bump Standards-Version to 3.9.7 (no changes) * Use secure HTTPS URI for Vcs-Browser -- Benjamin Drung Mon, 21 Mar 2016 14:34:49 +0100 ca-certificates-java (20140324) unstable; urgency=medium * Team upload. * Fixed a test failure caused by the removal of the CAcert.org root certificate from the ca-certificates package (Closes: #741755) * Limit the memory used by java to 64M when updating the certificates (Closes: #576453) * Mavenized the project * Code refactoring * d/control: Standards-Version updated to 3.9.5 (no changes) * Switch to debhelper level 9 -- Emmanuel Bourg Mon, 24 Mar 2014 09:42:08 +0100 ca-certificates-java (20130815) unstable; urgency=low * Acknowledge NMU done by Don Armstrong and Andreas Beckmann. * Fix tests to works with new cacert certificates names (Closes: #713138). * d/control: Use canonical value for Vcs-* fields. * d/control: Remove deprecated DMUA flag. * d/control: Bump Standards-Version to 3.9.4 (no changes needed). -- Damien Raude-Morvan Thu, 15 Aug 2013 13:52:46 +0200 ca-certificates-java (20121112+nmu2) unstable; urgency=medium * Non-maintainer upload. * postinst, jks-keystore.hook: Do not fail if nss.cfg does not (yet) exist, i.e. if openjdk-?-jre-headless is unpacked but not yet configured. (Closes: #694888) * Set urgency to medium for RC bugfix. -- Andreas Beckmann Sun, 27 Jan 2013 14:19:41 +0100 ca-certificates-java (20121112+nmu1) unstable; urgency=low * Non-maintainer upload * Fix test for dpkg-query in postinst; there was an extraneous --version here. [Probably don't even need to bother to check for dpkg-query, but why not.] (Closes: #690204) * Library path for softokn3pkg and nsspkg is potentially wrong if there are multiple different paths; fix it. * Do not run the hook if ca-certificates-java has been removed but not purged. * Use the new trigger support provided by ca-certificates (>=20121114). -- Don Armstrong Mon, 12 Nov 2012 15:45:50 -0800 ca-certificates-java (20120721) unstable; urgency=low * Fix jks-keystore and postinst to work on multi-arch system. Use dpkg-query -L package:arch. (Closes: #680618). * As libnss3-1d is a transitional package on both Debian and Ubuntu, upgrade Depends to use libnss3. -- Damien Raude-Morvan Sat, 21 Jul 2012 01:06:32 +0200 ca-certificates-java (20120608) unstable; urgency=low [ James Page ] * Switch primary JRE dependency from openjdk-6 to openjdk-7 to support demotion of openjdk-6 to universe in Ubuntu: - d/control, rules: Generate primary JRE dependency at build time to allow differentiation between Ubuntu and Debian. * Added myself to uploaders. [ Damien Raude-Morvan ] * Update to unstable. * Set DMUA flag for James Page. -- James Page Fri, 08 Jun 2012 09:44:58 +0100 ca-certificates-java (20120603) unstable; urgency=low * Use javahelper as buildsystem: - d/control: Add Build-Depends on javahelper. - d/rules: Use jh_build to call javac. * Create a testsuite for this package: - Refactor UpdateCertificates code to send exceptions instead of System.exit(1). - New testsuite: UpdateCertificatesTest. - d/control: Build-Depends on junit4. - d/rules: Launch junit after build and handle "nocheck" option in DEB_BUILD_OPTIONS. -- Damien Raude-Morvan Sun, 03 Jun 2012 12:10:26 +0200 ca-certificates-java (20120524) unstable; urgency=low [ Marc Deslauriers ] * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around since it is no longer needed. * debian/postinst: don't put a symlink in / if jvm doesn't contain nss configuration. (Closes: #665754, #665749). * debian/postinst: force migration to new alias names again. The migration was supposed to occur on upgrades to Oneiric, but failed because of an NSS error. * debian/postinst: forcibly remove diginotar cert. It could be left behind under certain circumstances. (LP: #920758) * debian/postinst: also look for jvm in multiarch locations (LP: #962378) * debian/postinst: retrigger first_install to properly get cert store. [ James Page ] * d/rules: Ensure java is built with source/target == 1.6 for backwards compatibility with openjdk-6. [ Damien Raude-Morvan ] * Sync handling of nss.cfg between debian/jks-keystore.hook.in and debian/postinst.in. * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers). * Improve handling of certificate with UTF-8 filenames: - UpdateCertificates: Force read System.in with UTF-8 - debian/postinst: Set LC_CTYPE to C.UTF-8 -- Damien Raude-Morvan Tue, 22 May 2012 23:41:41 +0200 ca-certificates-java (20120225) unstable; urgency=low [ Steve Langasek ] * debian/jks-keystore.hook: If we *don't* find libnss3 / libnss3-1d, don't remove files from the filesystem in do_cleanup(), since this has a nasty tendency of nuking system libraries. LP: #855171. * debian/preinst, debian/postinst: when upgrading from version 20110912ubuntu1, disable the buggy hook script early to prevent it from being run before our new version is configured; and re-enable the script in the postinst. LP: #855246. [ Matthias Klose ] * Mark as Multi-Arch: foreign. * Adjust the libnss3-1d versioned dependency. [ Damien Raude-Morvan ] * Add myself to Uploaders. * Use dh_gencontrol and dpkg-vendor to allow: - New substvar ${nss:Depends} for libnss3-1d versionning. - New @NSS_LIB@ parameter for debian/*.in files. * Bump Standards-Version to 3.9.3: - Add recommended build-arch / build-indep targets. -- Damien Raude-Morvan Sat, 25 Feb 2012 15:06:32 +0100 ca-certificates-java (20111223) unstable; urgency=low * Support new multiarch JRE packages in postinst. -- Torsten Werner Fri, 23 Dec 2011 13:46:15 +0100 ca-certificates-java (20110912) unstable; urgency=low * Support new multiarch JRE packages in jks-keystore. (Closes: #641306) * Support OpenJDK 7. (Closes: #641305) -- Torsten Werner Mon, 12 Sep 2011 21:23:22 +0200 ca-certificates-java (20110816) unstable; urgency=low * Upgrade Recommends: libnss3-1d to a versioned Depends due to multiarch changes. (Closes: #635571) * Use the locale C.UTF-8 for the hook script to be more robust. -- Torsten Werner Tue, 16 Aug 2011 11:00:33 +0200 ca-certificates-java (20110531) unstable; urgency=low * Prepare for multiarch libnss3 update. -- Matthias Klose Tue, 31 May 2011 15:20:52 +0200 ca-certificates-java (20110426) unstable; urgency=low * Test for existing file in postinst before copying it. (Closes: #624152) * Add Vcs headers to debian/control. -- Torsten Werner Tue, 26 Apr 2011 09:23:03 +0200 ca-certificates-java (20110425) unstable; urgency=low * Add Java code to update the keystore and support UTF-8 encoded filenames. (Closes: #607245, #623671) * Change Maintainer to Debian Java Maintainers and add myself to Uploaders. * Update Build-Depends. * Replace old inconsistent keystore aliases. (Closes: #623888) * Add support for openjdk-7 and remove support for old cacao VM. * Add a NEWS file explaining the update. * Update README.Debian. -- Torsten Werner Mon, 25 Apr 2011 15:28:55 +0200 ca-certificates-java (20100412) unstable; urgency=low * Upload to unstable. -- Matthias Klose Mon, 12 Apr 2010 03:15:47 +0200 ca-certificates-java (20100406ubuntu1) lucid; urgency=low * Make the installation and import of certificates more robust, if the NSS based security provider is disabled or not built. -- Matthias Klose Sun, 11 Apr 2010 20:54:43 +0200 ca-certificates-java (20100406) unstable; urgency=low * Explicitely fail the installation, if /proc is not mounted. Currently required by the java tools, changed in OpenJDK7. Closes: #576453. LP: #556044. * Print name of JVM in case of errors. * Set priority to optional, set section to java. Closes: #566855. * Remove /etc/ssl/certs on package purge, if empty. Closes: #566853. -- Matthias Klose Tue, 06 Apr 2010 21:41:39 +0200 ca-certificates-java (20091021) unstable; urgency=low * Clarify output for keytool errors (although it shouldnn't be necessary anymore). Closes: #540490. -- Matthias Klose Wed, 21 Oct 2009 22:00:53 +0200 ca-certificates-java (20090928) karmic; urgency=low * Rebuild with OpenJDK supporting PKCS11 cryptography, rebuild with ca-certificates 20090814. -- Matthias Klose Mon, 28 Sep 2009 16:47:09 +0200 ca-certificates-java (20090629) unstable; urgency=low * debian/rules, debian/postinst, debian/jks-keystore.hook: Filter out SHA384withECDSA certificates since keytool won't support them. LP: #392104, closes: #534520. * Fix typo in hook. Closes: #534533. * Use java6-runtime-headless as alternative dependency. Closes: #512293. -- Matthias Klose Mon, 29 Jun 2009 11:27:59 +0200 ca-certificates-java (20081028) unstable; urgency=low * Ignore LANG and LC_ALL setting when running keytool. LP: #289934. -- Matthias Klose Tue, 28 Oct 2008 07:20:16 +0100 ca-certificates-java (20081027) unstable; urgency=medium * Merge from Ubuntu: - Don't try to import certificates, which are listed in /etc/ca-certificates.conf, but not available on the system. Just warn about those. LP: #289091. - Need to run keytool, when the jre is unpacked, but not yet configured. Create a temporary jvm.cfg for the time in that postinst and the jks-keystore.hook are run, and remove it afterwards. LP: #289199. -- Matthias Klose Mon, 27 Oct 2008 13:58:14 +0100 ca-certificates-java (20081024) unstable; urgency=low * Install /etc/default/cacerts with mode 600. -- Matthias Klose Fri, 24 Oct 2008 15:10:48 +0200 ca-certificates-java (20081022) unstable; urgency=low * debian/jks-keystore.hook: - Don't stop after first error during the update. LP: #244412. Closes: #489748. - Call keytool with -noprompt. * On initial install, add locally added certificates. LP: #244410. Closes: #489748. * Install /etc/default/cacerts to set options: - storepass, holding the password for the keystore. - updates, to enable/disable updates of the keystore. * Only use the keytool command from OpenJDK or Sun Java. Closes: #496587. -- Matthias Klose Wed, 22 Oct 2008 20:51:24 +0200 ca-certificates-java (20080712) unstable; urgency=low * Upload to main. -- Matthias Klose Sat, 12 Jul 2008 12:19:00 +0200 ca-certificates-java (20080711) unstable; urgency=low * debian/jks-keystore.hook: Fix typo. Closes: #489747, LP: #244408. -- Matthias Klose Fri, 11 Jul 2008 20:38:04 +0200 ca-certificates-java (20080514) unstable; urgency=low * Initial release. -- Matthias Klose Mon, 02 Jun 2008 14:52:46 +0000