From 4e0a55fb382a5ce33912643ec07b59800d497f23 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 26 Nov 2020 00:14:20 +0100 Subject: New upstream release. Closes: #975862. --- debian/changelog | 6 ++++++ debian/lacme.NEWS | 16 ++++++++++++++++ .../patches/Mention-the-Debian-BTS-in-the-manpages.patch | 4 ++-- 3 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 debian/lacme.NEWS (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index b2b685c..6bcc0ef 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +lacme (0.7-1) unstable; urgency=high + + * New upstream release. Closes: #975862. + + -- Guilhem Moulin Thu, 26 Nov 2020 00:05:55 +0100 + lacme (0.6.1-1) unstable; urgency=medium * New upstream release. Closes: #955767, #966958. diff --git a/debian/lacme.NEWS b/debian/lacme.NEWS new file mode 100644 index 0000000..d20acdc --- /dev/null +++ b/debian/lacme.NEWS @@ -0,0 +1,16 @@ +lacme (0.7-1) unstable; urgency=high + + The certificate indicated by 'CAfile' is no longer used as is in + 'certificate-chain' (along with the leaf cert). The chain returned + by the ACME v2 endpoint is used instead. This allows for more + flexibility with respect to key/CA rotation. See for instance + https://letsencrypt.org/2020/11/06/own-two-feet.html and + https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 + + 'CAfile' now defaults to /usr/share/lacme/ca-certificates.crt which + is a concatenation of all known active CA certificates (which + includes the previous default). Starting December 2020 Let's Encrypt + will use a different chain of trust for certificate issuance, so + users will a non-default 'CAfile' might need to adjust the value. + + -- Guilhem Moulin Thu, 26 Nov 2020 00:08:32 +0100 diff --git a/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch b/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch index a66e14b..04f0d35 100644 --- a/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch +++ b/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch @@ -12,7 +12,7 @@ Subject: Mention the Debian BTS in the manpages. +++ b/lacme-accountd.1.md @@ -130,6 +130,12 @@ execute [`lacme`(8)] remotely: ~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:$XDG_RUNTIME_DIR/S.lacme user@example.org \ - sudo lacme --socket=/path/to/remote.sock newOrder + sudo lacme --socket=/path/to/remote.sock newOrder +Bugs and feedback +================= @@ -25,7 +25,7 @@ Subject: Mention the Debian BTS in the manpages. --- a/lacme.8.md +++ b/lacme.8.md -@@ -400,6 +400,12 @@ Examples +@@ -397,6 +397,12 @@ Examples ~$ sudo lacme newOrder ~$ sudo lacme revokeCert /path/to/server/certificate.pem -- cgit v1.2.3