aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog6
-rw-r--r--debian/lacme.NEWS16
-rw-r--r--debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch4
3 files changed, 24 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index b2b685c..6bcc0ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+lacme (0.7-1) unstable; urgency=high
+
+ * New upstream release. Closes: #975862.
+
+ -- Guilhem Moulin <guilhem@debian.org> Thu, 26 Nov 2020 00:05:55 +0100
+
lacme (0.6.1-1) unstable; urgency=medium
* New upstream release. Closes: #955767, #966958.
diff --git a/debian/lacme.NEWS b/debian/lacme.NEWS
new file mode 100644
index 0000000..d20acdc
--- /dev/null
+++ b/debian/lacme.NEWS
@@ -0,0 +1,16 @@
+lacme (0.7-1) unstable; urgency=high
+
+ The certificate indicated by 'CAfile' is no longer used as is in
+ 'certificate-chain' (along with the leaf cert). The chain returned
+ by the ACME v2 endpoint is used instead. This allows for more
+ flexibility with respect to key/CA rotation. See for instance
+ https://letsencrypt.org/2020/11/06/own-two-feet.html and
+ https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018
+
+ 'CAfile' now defaults to /usr/share/lacme/ca-certificates.crt which
+ is a concatenation of all known active CA certificates (which
+ includes the previous default). Starting December 2020 Let's Encrypt
+ will use a different chain of trust for certificate issuance, so
+ users will a non-default 'CAfile' might need to adjust the value.
+
+ -- Guilhem Moulin <guilhem@debian.org> Thu, 26 Nov 2020 00:08:32 +0100
diff --git a/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch b/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch
index a66e14b..04f0d35 100644
--- a/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch
+++ b/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch
@@ -12,7 +12,7 @@ Subject: Mention the Debian BTS in the manpages.
+++ b/lacme-accountd.1.md
@@ -130,6 +130,12 @@ execute [`lacme`(8)] remotely:
~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:$XDG_RUNTIME_DIR/S.lacme user@example.org \
- sudo lacme --socket=/path/to/remote.sock newOrder
+ sudo lacme --socket=/path/to/remote.sock newOrder
+Bugs and feedback
+=================
@@ -25,7 +25,7 @@ Subject: Mention the Debian BTS in the manpages.
--- a/lacme.8.md
+++ b/lacme.8.md
-@@ -400,6 +400,12 @@ Examples
+@@ -397,6 +397,12 @@ Examples
~$ sudo lacme newOrder
~$ sudo lacme revokeCert /path/to/server/certificate.pem