summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTheodore A. Roth <troth@openavr.org>2024-07-24 08:53:19 -0600
committerRichard Purdie <richard.purdie@linuxfoundation.org>2024-07-26 12:28:42 +0100
commitbeabc787cacb9b399f19eac39903948154dcce18 (patch)
tree8cf063b3bd93d96b361f373c6fabff6580642f92
parent0f2f18c738e8a8e1a4ed5ab436343e6db47d5c0f (diff)
downloadpoky-beabc787cacb9b399f19eac39903948154dcce18.tar.gz
ca-certificates: update 20211016 -> 20240203
The 20240203 version is the same as used in Ubuntu >= 24.04 and Debian Trixie (testing). (From OE-Core rev: ce19168885a04b0d77e81c1fd1c4262b195a47d4) Signed-off-by: Theodore A. Roth <troth@openavr.org> Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch10
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch6
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates_20240203.bb (renamed from meta/recipes-support/ca-certificates/ca-certificates_20211016.bb)2
3 files changed, 9 insertions, 9 deletions
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
index 5c4a32f526..78898f5150 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
@@ -19,7 +19,7 @@ diff --git a/debian/changelog b/debian/changelog
19index 531e4d0..4006509 100644 19index 531e4d0..4006509 100644
20--- a/debian/changelog 20--- a/debian/changelog
21+++ b/debian/changelog 21+++ b/debian/changelog
22@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low 22@@ -120,7 +120,6 @@ ca-certificates (20211004) unstable; urgency=low
23 - "Trustis FPS Root CA" 23 - "Trustis FPS Root CA"
24 - "Staat der Nederlanden Root CA - G3" 24 - "Staat der Nederlanden Root CA - G3"
25 * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) 25 * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
@@ -37,9 +37,9 @@ index 4434b7a..5c6ba24 100644
37 Build-Depends: debhelper-compat (= 13), po-debconf 37 Build-Depends: debhelper-compat (= 13), po-debconf
38-Build-Depends-Indep: python3, openssl, python3-cryptography 38-Build-Depends-Indep: python3, openssl, python3-cryptography
39+Build-Depends-Indep: python3, openssl 39+Build-Depends-Indep: python3, openssl
40 Standards-Version: 4.5.0.2 40 Standards-Version: 4.6.2
41 Rules-Requires-Root: no
41 Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git 42 Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
42 Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
43diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py 43diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
44index ede23d4..7d796f1 100644 44index ede23d4..7d796f1 100644
45--- a/mozilla/certdata2pem.py 45--- a/mozilla/certdata2pem.py
@@ -66,8 +66,8 @@ index ede23d4..7d796f1 100644
66 if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: 66 if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
67 continue 67 continue
68- 68-
69- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) 69- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
70- if cert.not_valid_after < datetime.datetime.now(): 70- if cert.not_valid_after < datetime.datetime.utcnow():
71- print('!'*74) 71- print('!'*74)
72- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) 72- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
73- print('!'*74) 73- print('!'*74)
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
index 4a8ae5f4b5..1feefeb96a 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -21,14 +21,14 @@ Index: git/sbin/update-ca-certificates
21=================================================================== 21===================================================================
22--- git.orig/sbin/update-ca-certificates 22--- git.orig/sbin/update-ca-certificates
23+++ git/sbin/update-ca-certificates 23+++ git/sbin/update-ca-certificates
24@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ] 24@@ -202,9 +202,7 @@ if [ -d "$HOOKSDIR" ]
25 then 25 then
26 26
27 echo "Running hooks in $HOOKSDIR..." 27 echo "Running hooks in $HOOKSDIR..."
28- VERBOSE_ARG= 28- VERBOSE_ARG=
29- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" 29- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
30- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook 30- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook
31+ eval run-parts --test "$HOOKSDIR" | while read hook 31+ eval run-parts --test "$HOOKSDIR" | while read -r hook
32 do 32 do
33 ( cat "$ADDED" 33 ( cat "$ADDED"
34 cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." 34 cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
index 99abe60613..b198ea77a9 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
@@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native"
14# Need rehash from openssl and run-parts from debianutils 14# Need rehash from openssl and run-parts from debianutils
15PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" 15PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
16 16
17SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8" 17SRCREV = "ee6e0484031314090a11c04ee82689acb73d7ad8"
18 18
19SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \ 19SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
20 file://0002-update-ca-certificates-use-SYSROOT.patch \ 20 file://0002-update-ca-certificates-use-SYSROOT.patch \