CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

ca-certificates: update 20211016 -> 20240203

Browse Source 
The 20240203 version is the same as used in Ubuntu >= 24.04 and Debian
Trixie (testing).

(From OE-Core rev: 63620f034019b3b3585e263bd26b3fadd9a1692e)

Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ce19168885a04b0d77e81c1fd1c4262b195a47d4)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Theodore A. Roth 2025-11-10 23:21:41 +13:00 committed by Steve Sakoman
parent bc0e06b3b1
commit 302184ed4c
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
View File

@ -19,7 +19,7 @@ diff --git a/debian/changelog b/debian/changelog
index 531e4d0..4006509 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
@@ -120,7 +120,6 @@ ca-certificates (20211004) unstable; urgency=low
- "Trustis FPS Root CA"
- "Staat der Nederlanden Root CA - G3"
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
@ -37,9 +37,9 @@ index 4434b7a..5c6ba24 100644
Build-Depends: debhelper-compat (= 13), po-debconf
-Build-Depends-Indep: python3, openssl, python3-cryptography
+Build-Depends-Indep: python3, openssl
Standards-Version: 4.5.0.2
Standards-Version: 4.6.2
Rules-Requires-Root: no
Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index ede23d4..7d796f1 100644
--- a/mozilla/certdata2pem.py
@ -66,8 +66,8 @@ index ede23d4..7d796f1 100644
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
-
- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
- if cert.not_valid_after < datetime.datetime.now():
- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)

6
meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
View File

@ -21,14 +21,14 @@ Index: git/sbin/update-ca-certificates
===================================================================
--- git.orig/sbin/update-ca-certificates
+++ git/sbin/update-ca-certificates
@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
@@ -202,9 +202,7 @@ if [ -d "$HOOKSDIR" ]
then
echo "Running hooks in $HOOKSDIR..."
- VERBOSE_ARG=
- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
+ eval run-parts --test "$HOOKSDIR" | while read hook
- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook
+ eval run-parts --test "$HOOKSDIR" | while read -r hook
do
( cat "$ADDED"
cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."

2
meta/recipes-support/ca-certificates/ca-certificates_20211016.bb → meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
View File

@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native"
# Need rehash from openssl and run-parts from debianutils
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
SRCREV = "ee6e0484031314090a11c04ee82689acb73d7ad8"
SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
file://0002-update-ca-certificates-use-SYSROOT.patch \