diff options
author | Theodore A. Roth <troth@openavr.org> | 2024-07-24 08:53:19 -0600 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-07-26 12:28:42 +0100 |
commit | beabc787cacb9b399f19eac39903948154dcce18 (patch) | |
tree | 8cf063b3bd93d96b361f373c6fabff6580642f92 | |
parent | 0f2f18c738e8a8e1a4ed5ab436343e6db47d5c0f (diff) | |
download | poky-beabc787cacb9b399f19eac39903948154dcce18.tar.gz |
ca-certificates: update 20211016 -> 20240203
The 20240203 version is the same as used in Ubuntu >= 24.04 and Debian
Trixie (testing).
(From OE-Core rev: ce19168885a04b0d77e81c1fd1c4262b195a47d4)
Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch | 10 | ||||
-rw-r--r-- | meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch | 6 | ||||
-rw-r--r-- | meta/recipes-support/ca-certificates/ca-certificates_20240203.bb (renamed from meta/recipes-support/ca-certificates/ca-certificates_20211016.bb) | 2 |
3 files changed, 9 insertions, 9 deletions
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch index 5c4a32f526..78898f5150 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch +++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch | |||
@@ -19,7 +19,7 @@ diff --git a/debian/changelog b/debian/changelog | |||
19 | index 531e4d0..4006509 100644 | 19 | index 531e4d0..4006509 100644 |
20 | --- a/debian/changelog | 20 | --- a/debian/changelog |
21 | +++ b/debian/changelog | 21 | +++ b/debian/changelog |
22 | @@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low | 22 | @@ -120,7 +120,6 @@ ca-certificates (20211004) unstable; urgency=low |
23 | - "Trustis FPS Root CA" | 23 | - "Trustis FPS Root CA" |
24 | - "Staat der Nederlanden Root CA - G3" | 24 | - "Staat der Nederlanden Root CA - G3" |
25 | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) | 25 | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |
@@ -37,9 +37,9 @@ index 4434b7a..5c6ba24 100644 | |||
37 | Build-Depends: debhelper-compat (= 13), po-debconf | 37 | Build-Depends: debhelper-compat (= 13), po-debconf |
38 | -Build-Depends-Indep: python3, openssl, python3-cryptography | 38 | -Build-Depends-Indep: python3, openssl, python3-cryptography |
39 | +Build-Depends-Indep: python3, openssl | 39 | +Build-Depends-Indep: python3, openssl |
40 | Standards-Version: 4.5.0.2 | 40 | Standards-Version: 4.6.2 |
41 | Rules-Requires-Root: no | ||
41 | Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git | 42 | Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git |
42 | Vcs-Browser: https://salsa.debian.org/debian/ca-certificates | ||
43 | diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py | 43 | diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py |
44 | index ede23d4..7d796f1 100644 | 44 | index ede23d4..7d796f1 100644 |
45 | --- a/mozilla/certdata2pem.py | 45 | --- a/mozilla/certdata2pem.py |
@@ -66,8 +66,8 @@ index ede23d4..7d796f1 100644 | |||
66 | if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: | 66 | if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |
67 | continue | 67 | continue |
68 | - | 68 | - |
69 | - cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) | 69 | - cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE'])) |
70 | - if cert.not_valid_after < datetime.datetime.now(): | 70 | - if cert.not_valid_after < datetime.datetime.utcnow(): |
71 | - print('!'*74) | 71 | - print('!'*74) |
72 | - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) | 72 | - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) |
73 | - print('!'*74) | 73 | - print('!'*74) |
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch index 4a8ae5f4b5..1feefeb96a 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch +++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch | |||
@@ -21,14 +21,14 @@ Index: git/sbin/update-ca-certificates | |||
21 | =================================================================== | 21 | =================================================================== |
22 | --- git.orig/sbin/update-ca-certificates | 22 | --- git.orig/sbin/update-ca-certificates |
23 | +++ git/sbin/update-ca-certificates | 23 | +++ git/sbin/update-ca-certificates |
24 | @@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ] | 24 | @@ -202,9 +202,7 @@ if [ -d "$HOOKSDIR" ] |
25 | then | 25 | then |
26 | 26 | ||
27 | echo "Running hooks in $HOOKSDIR..." | 27 | echo "Running hooks in $HOOKSDIR..." |
28 | - VERBOSE_ARG= | 28 | - VERBOSE_ARG= |
29 | - [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" | 29 | - [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" |
30 | - eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook | 30 | - eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook |
31 | + eval run-parts --test "$HOOKSDIR" | while read hook | 31 | + eval run-parts --test "$HOOKSDIR" | while read -r hook |
32 | do | 32 | do |
33 | ( cat "$ADDED" | 33 | ( cat "$ADDED" |
34 | cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." | 34 | cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." |
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb index 99abe60613..b198ea77a9 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb | |||
@@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native" | |||
14 | # Need rehash from openssl and run-parts from debianutils | 14 | # Need rehash from openssl and run-parts from debianutils |
15 | PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" | 15 | PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" |
16 | 16 | ||
17 | SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8" | 17 | SRCREV = "ee6e0484031314090a11c04ee82689acb73d7ad8" |
18 | 18 | ||
19 | SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \ | 19 | SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \ |
20 | file://0002-update-ca-certificates-use-SYSROOT.patch \ | 20 | file://0002-update-ca-certificates-use-SYSROOT.patch \ |