diff options
| author | Tianling Shen <cnsztl@immortalwrt.org> | 2023-05-26 12:09:47 +0800 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2023-05-31 23:10:06 +0200 |
| commit | 14cbf041ea46ab936f5ac4e9c05d67e3259e3bd9 (patch) | |
| tree | bc2da8e7bf4aecbd611537d14ea1bf7d2ea39933 /package/system/ca-certificates/patches | |
| parent | 20295c071a6285066b847a9ad2bc1b7d1f6e5e88 (diff) | |
| download | upstream-14cbf041ea46ab936f5ac4e9c05d67e3259e3bd9.tar.gz upstream-14cbf041ea46ab936f5ac4e9c05d67e3259e3bd9.tar.bz2 upstream-14cbf041ea46ab936f5ac4e9c05d67e3259e3bd9.zip | |
ca-certificates: Update to version 20230311
Update the ca-certificates and ca-bundle package from version 20211016 to
version 20230311.
Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches.
Debian change-log entry [1]:
|[...]
|[ Đoàn Trần Công Danh ]
|* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
|
|[ Ilya Lipnitskiy ]
|* certdata2pem.py: use UTC time when checking cert validity
|
|[ Julien Cristau ]
|* Update Mozilla certificate authority bundle to version 2.60
| The following certificate authorities were added (+):
| + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
| + "Certainly Root E1"
| + "Certainly Root R1"
| + "D-TRUST BR Root CA 1 2020"
| + "D-TRUST EV Root CA 1 2020"
| + "DigiCert TLS ECC P384 Root G5"
| + "DigiCert TLS RSA4096 Root G5"
| + "E-Tugra Global Root CA ECC v3"
| + "E-Tugra Global Root CA RSA v3"
| + "HARICA TLS ECC Root CA 2021"
| + "HARICA TLS RSA Root CA 2021"
| + "HiPKI Root CA - G1"
| + "ISRG Root X2"
| + "Security Communication ECC RootCA1"
| + "Security Communication RootCA3"
| + "Telia Root CA v2"
| + "TunTrust Root CA"
| + "vTrus ECC Root CA"
| + "vTrus Root CA"
| The following certificate authorities were removed (-):
| - "Cybertrust Global Root" (expired)
| - "EC-ACC"
| - "GlobalSign Root CA - R2" (expired)
| - "Hellenic Academic and Research Institutions RootCA 2011"
| - "Network Solutions Certificate Authority"
| - "Staat der Nederlanden EV Root CA" (expired)
|* Drop trailing space from debconf template causing misformatting
| (closes: #980821)
|
|[ Wataru Ashihara ]
|* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
|[...]
[1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7c83b6ac8656f9a3b005554d25857e8ed5faf3f6)
Diffstat (limited to 'package/system/ca-certificates/patches')
| -rw-r--r-- | package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch b/package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch index add01f42c0..09092617f1 100644 --- a/package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch +++ b/package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch @@ -18,8 +18,8 @@ Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> --- ---- a/work/mozilla/certdata2pem.py -+++ b/work/mozilla/certdata2pem.py +--- a/mozilla/certdata2pem.py ++++ b/mozilla/certdata2pem.py @@ -21,16 +21,12 @@ # USA. @@ -42,8 +42,8 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com> if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: continue - -- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) -- if cert.not_valid_after < datetime.datetime.now(): +- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE'])) +- if cert.not_valid_after < datetime.datetime.utcnow(): - print('!'*74) - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) - print('!'*74) |