[packages/ca-certificates] up to 20230311

atler atler at pld-linux.org
Sun Mar 12 16:35:26 CET 2023 

commit 9c97289131039baa464a302b57c1a31ac0fd013b
Author: Jan Palus <atler at pld-linux.org>
Date:   Sun Mar 12 16:35:07 2023 +0100

    up to 20230311

 blacklist.patch                 |  9 ---------
 ca-certificates-etc-certs.patch |  4 ++--
 ca-certificates.spec            | 24 ++++++++++--------------
 py_cryptography35.patch         | 29 -----------------------------
 4 files changed, 12 insertions(+), 54 deletions(-)
---
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 4233376..3808a14 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -11,13 +11,13 @@
 Summary:	Common CA Certificates PEM files
 Summary(pl.UTF-8):	Pliki PEM popularnych certyfikatów CA
 Name:		ca-certificates
-%define	ver_date	20211016
+%define	ver_date	20230311
 Version:	%{ver_date}
-Release:	3
+Release:	1
 License:	GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs)
 Group:		Base
 Source0:	http://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz
-# Source0-md5:	5cce77de047611c4b9384d4ce52d9204
+# Source0-md5:	fc1c3ec0067385f0be8ac7f6e670a0f8
 Source2:	http://www.certum.pl/keys/CA.pem
 # Source2-md5:	35610177afc9c64e70f1ce62c1885496
 Source14:	http://www.certum.pl/CTNCA.pem
@@ -57,11 +57,9 @@ Source36:	http://www.terena.org/activities/tcs/repository-g3/TERENA_SSL_High_Ass
 Patch0:		%{name}-undebianize.patch
 Patch1:		%{name}-more-certs.patch
 Patch2:		%{name}-etc-certs.patch
-Patch3:		py_cryptography35.patch
-Patch4:		blacklist.patch
-Patch5:		%{name}-DESTDIR.patch
-Patch6:		%{name}.d.patch
-Patch7:		no-openssl-rehash.patch
+Patch3:		%{name}-DESTDIR.patch
+Patch4:		%{name}.d.patch
+Patch5:		no-openssl-rehash.patch
 URL:		https://packages.debian.org/sid/ca-certificates
 BuildRequires:	openssl-tools
 BuildRequires:	python3
@@ -106,15 +104,13 @@ Skrypt i dane do odświeżania bazy certyfikatów CA.
 
 %prep
 %setup -qc
-cd work
+cd ca-certificates
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1
-%patch7 -p1
 
 %{__sed} -i -e 's, at openssldir@,%{openssldir},' sbin/update-ca-certificates*
 
@@ -137,7 +133,7 @@ install -d esteid
 cp -pi %{SOURCE29} esteid/ESTEID-SK_2011.crt
 
 %build
-cd work
+cd ca-certificates
 install -d terena
 openssl x509 -inform DER -in %{SOURCE23} -outform PEM -out terena/$(basename %{SOURCE23})
 openssl x509 -inform DER -in %{SOURCE24} -outform PEM -out terena/$(basename %{SOURCE24})
@@ -180,7 +176,7 @@ make_sure_expired_and_rm() {
 
 %install
 rm -rf $RPM_BUILD_ROOT
-cd work
+cd ca-certificates
 install -d $RPM_BUILD_ROOT{%{_datadir}/%{name},%{_sbindir},%{certsdir},/etc/pki/tls/certs,%{_sysconfdir}/ca-certificates.d}
 %{__make} install \
 	DESTDIR=$RPM_BUILD_ROOT
@@ -254,7 +250,7 @@ end
 
 %files
 %defattr(644,root,root,755)
-%doc work/debian/{README.Debian,changelog}
+%doc ca-certificates/debian/{README.Debian,changelog}
 %dir /etc/pki/tls
 %dir /etc/pki/tls/certs
 %dir /etc/ssl
diff --git a/blacklist.patch b/blacklist.patch
deleted file mode 100644
index 8cf9172..0000000
--- a/blacklist.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- work/mozilla/blacklist.txt.orig	2021-10-07 17:12:47.000000000 +0200
-+++ work/mozilla/blacklist.txt	2021-10-09 22:48:50.449155614 +0200
-@@ -10,3 +10,6 @@
- 
- # Expired CA (#995432)
- "DST Root CA X3"
-+
-+# Negative serial number (python crytography fails to parse it)
-+"EC-ACC"
diff --git a/ca-certificates-etc-certs.patch b/ca-certificates-etc-certs.patch
index 17c543c..597a163 100644
--- a/ca-certificates-etc-certs.patch
+++ b/ca-certificates-etc-certs.patch
@@ -17,8 +17,8 @@
  # subshells later on.)
 -TEMPBUNDLE="${ETCCERTSDIR}/${CERTBUNDLE}.new"
 +TEMPBUNDLE="${CERTBUNDLE}.new"
- ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
- REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
+ ADDED="$(mktemp -p "${TMPDIR:-/tmp}" "ca-certificates.tmp.XXXXXX")"
+ REMOVED="$(mktemp -p "${TMPDIR:-/tmp}" "ca-certificates.tmp.XXXXXX")"
  
 @@ -62,7 +62,7 @@
  # bundle.
diff --git a/py_cryptography35.patch b/py_cryptography35.patch
deleted file mode 100644
index f4015d6..0000000
--- a/py_cryptography35.patch
+++ /dev/null
@@ -1,29 +0,0 @@
---- work/mozilla/certdata2pem.py.orig	2021-10-07 17:12:47.000000000 +0200
-+++ work/mozilla/certdata2pem.py	2021-10-09 22:27:49.300281185 +0200
-@@ -29,7 +29,13 @@
- import io
- 
- from cryptography import x509
-+import cryptography
-+from packaging import version
- 
-+if version.parse(cryptography.__version__) >= version.parse("35.0.0"):
-+    use_bytes=True
-+else:
-+    use_bytes=False
- 
- objects = []
- 
-@@ -122,7 +128,11 @@
-         if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
-             continue
- 
--        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+        if use_bytes:
-+            cka_value = bytes(obj['CKA_VALUE'])
-+        else:
-+            cka_value = obj['CKA_VALUE']
-+        cert = x509.load_der_x509_certificate(cka_value)
-         if cert.not_valid_after < datetime.datetime.now():
-             print('!'*74)
-             print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/ca-certificates.git/commitdiff/9c97289131039baa464a302b57c1a31ac0fd013b

More information about the pld-cvs-commit mailing list