Releases: lfs-book/make-ca
Releases · lfs-book/make-ca
make-ca-1.14
- Silence a warning from OpenSSL 3.2.x
- Stop using statically named temporary files
- Prevent translated date in the man page
Note: since this release the official tarball will be the git archive, i.e. https://github.com/lfs-book/make-ca/archive/v1.14/make-ca-1.14.tar.gz for 1.14.
We'll no longer manually create a release tarball and upload it because doing so is not necessary (we don't need any generated files in the tarball) and we can save the editors' time for more useful things, and in case one of us turned evil or hijacked it's more difficult to conduct a "Jia Tan" style attack with the git archive.
make-ca-1.13
v1.13
This tag was signed with the committer’s verified signature.
pierre-labastie
Pierre Labastie
This release is needed to update the root certificate from hg.mozilla.org
make-ca-1.12
- Remove extraneos output at end of downloaded certdata.txt file
- Work around bug in p11-kit trust extract that allows certificates with nss-{email,server}-distust after attribute to enter downstream trust bundles where this attribute is not honored.
make-ca-1.11
Changes since make-ca-1.10:
- Ship certificate of the CA root of hg.mozilla.org and use it for verification
- Update CS.txt (and update-mscertsign.sh)
make-ca-1.10
Changes since make-ca-1.9:
- Use --filter=ca-anchors for all stores
- Update CS.txt (no changes since last update)
- Fix installation of systemd timers on non-systemd systems
make-ca-1.9
Changes since make-ca-1.8.1:
- Guard overrides on first run to avoid error message
- Move dist files to /etc/make-ca
- Add distribution script to update CS.txt from CCADB
make-ca-1.8.1
- Rerelease of 1.8 - set default for code signing to off
1.8 Release notes:
- Use get_p11_label for certificate name in output when processing local certificates
- Use "Subject:" line for get_p11_label()
- Use last OU= value for get_p11_label() fallback
- Fix several text issues in get_p11_label - Thanks to Michael Joost
- Omit x-certificate-extension in comparison for copy-local-modifications
- Use X509v3 Key Usage section to determine local trust for anchors added using 'trust anchor --store'
- Add nss-{server,email}-distrust-after values in anchors - requires p11-kit >= 0.23.19
- Use --filter=certificates for all stores
- Fix output of NSSDB and Java PCKS#12 stores
- Correct incorrectly named get_p11_val()
- Use .p11-kit extension for anchors
- Handle getopt style short options in get_args()
- Use Microsoft's trust for code signing with -i | --mscodesign
Note: this is manually generated, will add CCADB when available - Backup and restore anchors with PKIX extensions
make-ca-1.8
Changes since 1.7:
- Use get_p11_label for certificate name in output when processing local certificates
- Use "Subject:" line for get_p11_label()
- Use last OU= value for get_p11_label() fallback
- Fix several text issues in get_p11_label - Thanks to Michael Joost
- Omit x-certificate-extension in comparison for copy-local-modifications
- Use X509v3 Key Usage section to determine local trust for anchors added using 'trust anchor --store'
- Add nss-{server,email}-distrust-after values in anchors - requires p11-kit >= 0.23.19
- Use --filter=certificates for all stores
- Fix output of NSSDB and Java PCKS#12 stores
- Correct incorrectly named get_p11_val()
- Use .p11-kit extension for anchors
- Handle getopt style short options in get_args()
- Use Microsoft's trust for code signing with -i | --mscodesign
Note: this is manually generated, will add CCADB when availalble - Backup and restore anchors with PKIX extensions
make-ca-1.7
- Rerelease of 1.6 - revert help2man update as it requires full perl environment
1.6 Release notes:
- Fix install target for make -j#
- Add detailed dependency info and add note about configuration file
make-ca-1.6
- Fix install target for make -j#
- Add detailed dependency info and add note about configuration file