ca-certificates-java (20180516) unstable; urgency=medium

  * Team upload.

  [ Tiago Stürmer Daitx ]
  * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
    with the right configuration is already supplied by the openjdk packages.
  * debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
    and update PATH if a known jvm was found.
  * debian/postinst.in: Detect PKCS12 cacert keystore generated by
    previous ca-certificates-java and convert them to JKS. (Closes: #898678)
    (LP: #1771363)

  [ Matthias Klose ]
  * debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
    configure.

  [ Emmanuel Bourg ]
  * Use salsa.debian.org Vcs-* URLs

ca-certificates-java (20180413) unstable; urgency=medium

  * Team upload.
  * Always generate a JKS keystore instead of using the default format
    (Closes: #894979)
  * Look for Java 10 and Java 11 when detecting the JRE
  * Removed Damien Raude-Morvan from the uploaders (Closes: #889412)
  * Standards-Version updated to 4.1.4
  * Switch to debhelper level 11

ca-certificates-java (20170930) unstable; urgency=medium

  * Team upload.
  * Revert the last two NMUs.
    - Depend again on openjdk-8 after the stretch release.
    - Stop fiddling around with jvm-*.cfg files. ca-certificates-java
      has no business with providing an initial cacerts file. This is
      implemented in the openjdk packages. We are not 2008 anymore.
  * Bump standards version.
  * Remove Torsten Werner as uploader.

ca-certificates-java (20170929) unstable; urgency=low

  [ Gianfranco Costamagna ]
  * Team upload.
  * Ack previous NMU, thanks

  [ Rico Tzschichholz ]
  * Fix temporary jvm-*.cfg generation on armhf (Closes: #874276)
    - the armhf installation path is different from other architectures.

ca-certificates-java (20170531+nmu1) unstable; urgency=high

  * Non-maintainer upload.
  * Revert to depending on openjdk-7 instead of openjdk-8, since this triggers
    a failure to dist-upgrade, due to the triggers loop (See: #864597). The
    openjdk-7 package was dropped from stretch, but the java7-runtime-headless
    alternative dependency is satisfied by openjdk-8.

ca-certificates-java (20170531) unstable; urgency=medium

  * Team upload.
  * Depend on openjdk-8 instead of openjdk-7 (Closes: #863803)
  * Moved the package to Git

ca-certificates-java (20161107) unstable; urgency=medium

  * Team upload.
  * postinst: Use exit trap instead of if condition to not fail silently
    (e.g. in case the java binary is not found) (Closes: #822201)
  * Bump Standards-Version to 3.9.8 (no changes)

ca-certificates-java (20160321) unstable; urgency=medium

  * Team upload.
  * Drop support for obsolete Java 6 (Closes: #776897)
  * Add support for Java 8 and 9 (Closes: #775775)
  * Bump Standards-Version to 3.9.7 (no changes)
  * Use secure HTTPS URI for Vcs-Browser

ca-certificates-java (20140324) unstable; urgency=medium

  * Team upload.
  * Fixed a test failure caused by the removal of the CAcert.org root
    certificate from the ca-certificates package (Closes: #741755)
  * Limit the memory used by java to 64M when updating the certificates
    (Closes: #576453)
  * Mavenized the project
  * Code refactoring
  * d/control: Standards-Version updated to 3.9.5 (no changes)
  * Switch to debhelper level 9

ca-certificates-java (20130815) unstable; urgency=low

  * Acknowledge NMU done by Don Armstrong and Andreas Beckmann.
  * Fix tests to works with new cacert certificates names (Closes:
    #713138).
  * d/control: Use canonical value for Vcs-* fields.
  * d/control: Remove deprecated DMUA flag.
  * d/control: Bump Standards-Version to 3.9.4 (no changes needed).

ca-certificates-java (20121112+nmu2) unstable; urgency=medium

  * Non-maintainer upload.
  * postinst, jks-keystore.hook: Do not fail if nss.cfg does not (yet) exist,
    i.e. if openjdk-?-jre-headless is unpacked but not yet configured.
    (Closes: #694888)
  * Set urgency to medium for RC bugfix.

ca-certificates-java (20121112+nmu1) unstable; urgency=low

  * Non-maintainer upload
  * Fix test for dpkg-query in postinst; there was an extraneous --version
    here. [Probably don't even need to bother to check for dpkg-query, but
    why not.] (Closes: #690204)
  * Library path for softokn3pkg and nsspkg is potentially wrong if there
    are multiple different paths; fix it.
  * Do not run the hook if ca-certificates-java has been removed but not
    purged.
  * Use the new trigger support provided by ca-certificates (>=20121114).

ca-certificates-java (20120721) unstable; urgency=low

  * Fix jks-keystore and postinst to work on multi-arch system.
    Use dpkg-query -L package:arch. (Closes: #680618).
  * As libnss3-1d is a transitional package on both Debian and Ubuntu,
    upgrade Depends to use libnss3.

ca-certificates-java (20120608) unstable; urgency=low

  [ James Page ]
  * Switch primary JRE dependency from openjdk-6 to openjdk-7 to support
    demotion of openjdk-6 to universe in Ubuntu:
    - d/control, rules: Generate primary JRE dependency at build time to
      allow differentiation between Ubuntu and Debian.
  * Added myself to uploaders.

  [ Damien Raude-Morvan ]
  * Update to unstable.
  * Set DMUA flag for James Page.

ca-certificates-java (20120603) unstable; urgency=low

  * Use javahelper as buildsystem:
    - d/control: Add Build-Depends on javahelper.
    - d/rules: Use jh_build to call javac.
  * Create a testsuite for this package:
    - Refactor UpdateCertificates code to send exceptions instead of
      System.exit(1).
    - New testsuite: UpdateCertificatesTest.
    - d/control: Build-Depends on junit4.
    - d/rules: Launch junit after build and handle "nocheck" option in
      DEB_BUILD_OPTIONS.

ca-certificates-java (20120524) unstable; urgency=low

  [ Marc Deslauriers ]
  * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around
    since it is no longer needed.
  * debian/postinst: don't put a symlink in / if jvm doesn't contain nss
    configuration. (Closes: #665754, #665749).
  * debian/postinst: force migration to new alias names again. The
    migration was supposed to occur on upgrades to Oneiric, but failed
    because of an NSS error.
  * debian/postinst: forcibly remove diginotar cert. It could be left
    behind under certain circumstances. (LP: #920758)
  * debian/postinst: also look for jvm in multiarch locations (LP: #962378)
  * debian/postinst: retrigger first_install to properly get cert store.

  [ James Page ]
  * d/rules: Ensure java is built with source/target == 1.6 for backwards
    compatibility with openjdk-6. 

  [ Damien Raude-Morvan ]
  * Sync handling of nss.cfg between debian/jks-keystore.hook.in and
    debian/postinst.in.
  * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers).
  * Improve handling of certificate with UTF-8 filenames:
    - UpdateCertificates: Force read System.in with UTF-8
    - debian/postinst: Set LC_CTYPE to C.UTF-8

ca-certificates-java (20120225) unstable; urgency=low

  [ Steve Langasek ]
  * debian/jks-keystore.hook: If we *don't* find libnss3 / libnss3-1d,
    don't remove files from the filesystem in do_cleanup(),
    since this has a nasty tendency of nuking system libraries.
    LP: #855171.
  * debian/preinst, debian/postinst: when upgrading from version
    20110912ubuntu1, disable the buggy hook script early to prevent it from
    being run before our new version is configured; and re-enable the script
    in the postinst.  LP: #855246.

  [ Matthias Klose ]
  * Mark as Multi-Arch: foreign.
  * Adjust the libnss3-1d versioned dependency.

  [ Damien Raude-Morvan ]
  * Add myself to Uploaders.
  * Use dh_gencontrol and dpkg-vendor to allow:
    - New substvar ${nss:Depends} for libnss3-1d versionning.
    - New @NSS_LIB@ parameter for debian/*.in files.
  * Bump Standards-Version to 3.9.3:
    - Add recommended build-arch / build-indep targets.

ca-certificates-java (20111223) unstable; urgency=low

  * Support new multiarch JRE packages in postinst.

ca-certificates-java (20110912) unstable; urgency=low

  * Support new multiarch JRE packages in jks-keystore. (Closes: #641306)
  * Support OpenJDK 7. (Closes: #641305)

ca-certificates-java (20110816) unstable; urgency=low

  * Upgrade Recommends: libnss3-1d to a versioned Depends due to multiarch
    changes. (Closes: #635571)
  * Use the locale C.UTF-8 for the hook script to be more robust.

ca-certificates-java (20110531) unstable; urgency=low

  * Prepare for multiarch libnss3 update.

ca-certificates-java (20110426) unstable; urgency=low

  * Test for existing file in postinst before copying it. (Closes: #624152)
  * Add Vcs headers to debian/control.

ca-certificates-java (20110425) unstable; urgency=low

  * Add Java code to update the keystore and support UTF-8 encoded filenames.
    (Closes: #607245, #623671)
  * Change Maintainer to Debian Java Maintainers and add myself to Uploaders.
  * Update Build-Depends.
  * Replace old inconsistent keystore aliases. (Closes: #623888)
  * Add support for openjdk-7 and remove support for old cacao VM.
  * Add a NEWS file explaining the update.
  * Update README.Debian.

ca-certificates-java (20100412) unstable; urgency=low

  * Upload to unstable.

ca-certificates-java (20100406ubuntu1) lucid; urgency=low

  * Make the installation and import of certificates more robust,
    if the NSS based security provider is disabled or not built.

ca-certificates-java (20100406) unstable; urgency=low

  * Explicitely fail the installation, if /proc is not mounted.
    Currently required by the java tools, changed in OpenJDK7.
    Closes: #576453. LP: #556044.
  * Print name of JVM in case of errors.
  * Set priority to optional, set section to java. Closes: #566855.
  * Remove /etc/ssl/certs on package purge, if empty. Closes: #566853.

ca-certificates-java (20091021) unstable; urgency=low

  * Clarify output for keytool errors (although it shouldnn't be
    necessary anymore). Closes: #540490.

ca-certificates-java (20090928) karmic; urgency=low

  * Rebuild with OpenJDK supporting PKCS11 cryptography, rebuild with
    ca-certificates 20090814.

ca-certificates-java (20090629) unstable; urgency=low

  * debian/rules, debian/postinst, debian/jks-keystore.hook: Filter out
    SHA384withECDSA certificates since keytool won't support them.
    LP: #392104, closes: #534520.
  * Fix typo in hook. Closes: #534533.
  * Use java6-runtime-headless as alternative dependency. Closes: #512293.

ca-certificates-java (20081028) unstable; urgency=low

  * Ignore LANG and LC_ALL setting when running keytool. LP: #289934.

ca-certificates-java (20081027) unstable; urgency=medium

  * Merge from Ubuntu:
    - Don't try to import certificates, which are listed in
      /etc/ca-certificates.conf, but not available on the system.
      Just warn about those. LP: #289091.
    - Need to run keytool, when the jre is unpacked, but not yet configured.
      Create a temporary jvm.cfg for the time in that postinst and the
      jks-keystore.hook are run, and remove it afterwards. LP: #289199.

ca-certificates-java (20081024) unstable; urgency=low

  * Install /etc/default/cacerts with mode 600.

ca-certificates-java (20081022) unstable; urgency=low

  * debian/jks-keystore.hook:
    - Don't stop after first error during the update. LP: #244412.
      Closes: #489748.
    - Call keytool with -noprompt.
  * On initial install, add locally added certificates. LP: #244410.
    Closes: #489748.
  * Install /etc/default/cacerts to set options:
    - storepass, holding the password for the keystore.
    - updates, to enable/disable updates of the keystore.
  * Only use the keytool command from OpenJDK or Sun Java. Closes: #496587.

ca-certificates-java (20080712) unstable; urgency=low

  * Upload to main.

ca-certificates-java (20080711) unstable; urgency=low

  * debian/jks-keystore.hook: Fix typo. Closes: #489747, LP: #244408.

ca-certificates-java (20080514) unstable; urgency=low

  * Initial release.