ca-certificates: update 20211016 -> 20240203

author Theodore A. Roth <troth@openavr.org>

Wed, 24 Jul 2024 14:53:19 +0000 (08:53 -0600)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Fri, 26 Jul 2024 10:54:28 +0000 (11:54 +0100)
author Theodore A. Roth <troth@openavr.org>
Wed, 24 Jul 2024 14:53:19 +0000 (08:53 -0600)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Fri, 26 Jul 2024 10:54:28 +0000 (11:54 +0100)
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch

index 5c4a32f526044673415de22a9bfb771ae1e35224..78898f5150c8b07115d64a6654a6b3b77b39bdce 100644 (file)
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
@@ -19,7 +19,7 @@ diff --git a/debian/changelog b/debian/changelog
  index 531e4d0..4006509 100644
  --- a/debian/changelog
  +++ b/debian/changelog
-@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
+@@ -120,7 +120,6 @@ ca-certificates (20211004) unstable; urgency=low
       - "Trustis FPS Root CA"
       - "Staat der Nederlanden Root CA - G3"
     * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
@@ -37,9 +37,9 @@ index 4434b7a..5c6ba24 100644
   Build-Depends: debhelper-compat (= 13), po-debconf
  -Build-Depends-Indep: python3, openssl, python3-cryptography
  +Build-Depends-Indep: python3, openssl
- Standards-Version: 4.5.0.2
+ Standards-Version: 4.6.2
+ Rules-Requires-Root: no
   Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
- Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
  diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
  index ede23d4..7d796f1 100644
  --- a/mozilla/certdata2pem.py
@@ -66,8 +66,8 @@ index ede23d4..7d796f1 100644
           if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
               continue
  -
--        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
--        if cert.not_valid_after < datetime.datetime.now():
+-        cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
+-        if cert.not_valid_after < datetime.datetime.utcnow():
  -            print('!'*74)
  -            print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
  -            print('!'*74)
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch

index 4a8ae5f4b5ef235d9bdfa7b947bbe2f0e415b50e..1feefeb96ab09fbd0523135137f0727f992a9ce3 100644 (file)
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -21,14 +21,14 @@ Index: git/sbin/update-ca-certificates
  ===================================================================
  --- git.orig/sbin/update-ca-certificates
  +++ git/sbin/update-ca-certificates
-@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
+@@ -202,9 +202,7 @@ if [ -d "$HOOKSDIR" ]
   then
   
     echo "Running hooks in $HOOKSDIR..."
  -  VERBOSE_ARG=
  -  [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
--  eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
-+  eval run-parts --test "$HOOKSDIR" | while read hook
+-  eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook
++  eval run-parts --test "$HOOKSDIR" | while read -r hook
     do
       ( cat "$ADDED"
         cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb

similarity index 98%

rename from meta/recipes-support/ca-certificates/ca-certificates_20211016.bb

rename to meta/recipes-support/ca-certificates/ca-certificates_20240203.bb

index 99abe60613950bfc0d2474c30ecd53a85e32123e..b198ea77a93ed6818b366501ce7d1400ccc7cec1 100644 (file)
--- a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
@@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native"
  # Need rehash from openssl and run-parts from debianutils
  PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
  
-SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
+SRCREV = "ee6e0484031314090a11c04ee82689acb73d7ad8"
  
  SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
             file://0002-update-ca-certificates-use-SYSROOT.patch \
author	Theodore A. Roth <troth@openavr.org>
	Wed, 24 Jul 2024 14:53:19 +0000 (08:53 -0600)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 26 Jul 2024 10:54:28 +0000 (11:54 +0100)
meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch		patch \| blob \| blame \| history
meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch		patch \| blob \| blame \| history
meta/recipes-support/ca-certificates/ca-certificates_20240203.bb	[moved from meta/recipes-support/ca-certificates/ca-certificates_20211016.bb with 98% similarity]	patch \| blob \| blame \| history