diff options
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | debian/lacme.NEWS | 16 | ||||
| -rw-r--r-- | debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch | 4 | 
3 files changed, 24 insertions, 2 deletions
| diff --git a/debian/changelog b/debian/changelog index b2b685c..6bcc0ef 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +lacme (0.7-1) unstable; urgency=high + +  * New upstream release.  Closes: #975862. + + -- Guilhem Moulin <guilhem@debian.org>  Thu, 26 Nov 2020 00:05:55 +0100 +  lacme (0.6.1-1) unstable; urgency=medium    * New upstream release.  Closes: #955767, #966958. diff --git a/debian/lacme.NEWS b/debian/lacme.NEWS new file mode 100644 index 0000000..d20acdc --- /dev/null +++ b/debian/lacme.NEWS @@ -0,0 +1,16 @@ +lacme (0.7-1) unstable; urgency=high + +    The certificate indicated by 'CAfile' is no longer used as is in +    'certificate-chain' (along with the leaf cert).  The chain returned +    by the ACME v2 endpoint is used instead.  This allows for more +    flexibility with respect to key/CA rotation.  See for instance +    https://letsencrypt.org/2020/11/06/own-two-feet.html and +    https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 + +   'CAfile' now defaults to /usr/share/lacme/ca-certificates.crt which +   is a concatenation of all known active CA certificates (which +   includes the previous default).  Starting December 2020 Let's Encrypt +   will use a different chain of trust for certificate issuance, so +   users will a non-default 'CAfile' might need to adjust the value. + + -- Guilhem Moulin <guilhem@debian.org>  Thu, 26 Nov 2020 00:08:32 +0100 diff --git a/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch b/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch index a66e14b..04f0d35 100644 --- a/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch +++ b/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch @@ -12,7 +12,7 @@ Subject: Mention the Debian BTS in the manpages.  +++ b/lacme-accountd.1.md  @@ -130,6 +130,12 @@ execute [`lacme`(8)] remotely:       ~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:$XDG_RUNTIME_DIR/S.lacme user@example.org \ -        sudo lacme --socket=/path/to/remote.sock newOrder + 		sudo lacme --socket=/path/to/remote.sock newOrder  +Bugs and feedback  +================= @@ -25,7 +25,7 @@ Subject: Mention the Debian BTS in the manpages.  --- a/lacme.8.md  +++ b/lacme.8.md -@@ -400,6 +400,12 @@ Examples +@@ -397,6 +397,12 @@ Examples       ~$ sudo lacme newOrder       ~$ sudo lacme revokeCert /path/to/server/certificate.pem | 
