Your message dated Mon, 01 Jun 2026 13:48:31 +0000
with message-id <[email protected]>
and subject line Bug#1127101: fixed in ca-certificates 20260601
has caused the Debian Bug report #1127101,
regarding ca-certificates: ca-certificates-local creates
/usr/local/share/ca-certificates as 2775 root:staff
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1127101: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127101
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Version: 20250419
Severity: minor
Prompted by recent changes in fontconfig and its handling of
/usr/local/share/fonts, I noticed that ca-certificates' example local
ca-certificates-local package also creates a directory below /usr/local
with mode 2775 and owner root:staff (when it is removed).
According to Policy ยง9.1.2, since Policy 4.1.4 (2018), directories below
/usr/local should normally be created with mode 0755 and owner
root:root, a change that was made to avoid privilege escalation by
members of the staff group. (There's a flag file to opt back in to the
old behaviour.) For ca-certificates itself this was fixed as #916833,
but ca-certificates-local never got the same change.
Unfortunately dh_usrlocal probably cannot be used in this specific case.
Thanks,
smcv
--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20260601
Done: Julien Cristau <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <[email protected]> (supplier of updated ca-certificates
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Jun 2026 15:39:00 +0200
Source: ca-certificates
Architecture: source
Version: 20260601
Distribution: unstable
Urgency: medium
Maintainer: Julien Cristau <[email protected]>
Changed-By: Julien Cristau <[email protected]>
Closes: 988912 1127101
Changes:
ca-certificates (20260601) unstable; urgency=medium
.
* Remove ca-certificates-local example (closes: #988912, #1127101).
* Update Mozilla certificate authority bundle to version 2.86
The following certificate authority was added (+):
+ e-Szigno TLS Root CA 2023
The following certificate authorities were removed (-):
- QuoVadis Root CA 2
- QuoVadis Root CA 3
- DigiCert Assured ID Root CA
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- SwissSign Gold CA - G2
- SecureTrust CA
- Secure Global CA
- COMODO Certification Authority
- Certigna
- certSIGN ROOT CA
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- TeliaSonera Root CA v1
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
- GLOBALTRUST 2020
- GTS Root R2
- FIRMAPROFESIONAL CA ROOT-A WEB
The following certificate authority was renamed (~):
~ "OISTE Server Root RSA G1" (removed leading space)
Checksums-Sha1:
e3994c8456126c19d1aad506741d3f975674da49 1766 ca-certificates_20260601.dsc
1f5f67a526d68876dadd89c049c9e817dc092249 265368 ca-certificates_20260601.tar.xz
Checksums-Sha256:
a7298ff7aad5801b95de6463e3ed17e63325543c736918dc8239a9258d19c261 1766
ca-certificates_20260601.dsc
7ab6301f7f34eef90a4d278647c260bc0762e0e14561f4649854cf4b0d4bea21 265368
ca-certificates_20260601.tar.xz
Files:
d6019ce88e93b698e13c5023dfb37d53 1766 misc optional
ca-certificates_20260601.dsc
987199e8918ed427ec494a1a716241b0 265368 misc optional
ca-certificates_20260601.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmodi/wUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z61Z/xAAh1deSOfdIMvhggaso9eFvvYzoiLk
fTwp53lkY3KRy5Q0YrMuDgBBXhEqhBf3M30KPfX9UYn1Eo8p4WkOUi5dzpihMmFM
IHI7W3tSY7n43ts8yvM6pc788OK5gz1BcD1d0Kry0dcFWSEGM4iOIT2vX8Z4+vk7
/VqfQEIZTL4kTsi43vrhsKcp57z+xjv8lGdvDLx14PWQJNcKV4dUCZf3ps0WYxbS
SP1RHuIjMPTBTYqMnZIEAuQ5SZx/SktEJYvw80EzaOzj07S/MWn06mfslsL+Ixpg
/G/He/vbWWY/yEnTO+AI2fW7MNMOx2OIXNHMVyGoz2RPoLedH6qxJnE9SR0hswyJ
NFzTfQ+1NHJp18CSUHPCaRuR8sP4TFoHlCikCYVpbi2VD9vXdj3d8O2Jur/gN4qt
TlyrIdA1PmxL7ildu3e0poXHx8DfYFrui2//ZxLuk5jEyZOw7SzhfNDCSY3tJkRi
YHqbh+f/U6RAc33DCe9c+PZVYTUUlmL+O62fwd22qos+Hw47PK2UGKDmM4G0tiLf
Tad98amSLnxjycTn8ub7KbZPWhGaGKgw7CgQfABSrMi6YUag51SLguoE/O+TiciS
pJDXy59kNaHEAUVcLnDJB8Ez1oQyvtncY41er0qjJsyXc/VeKuwjqfIRgWT5rew0
rv/UWHy2bVuj83I=
=lKn2
-----END PGP SIGNATURE-----
pgpufJ7OjOqE1.pgp
Description: PGP signature
--- End Message ---
