Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *ca-certificates* to *20260601* has Succeeded.
Next steps:
- apply the patch: git am
0001-ca-certificates-upgrade-20260223-20260601.patch
- check the changes to upstream patches and summarize them in the commit
message,
- compile an image that contains the package
- perform some basic sanity tests
- amend the patch and sign it off: git commit -s --reset-author --amend
- send it to the appropriate mailing list
Alternatively, if you believe the recipe should not be upgraded at this time,
you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that
automatic upgrades would no longer be attempted.
Please review the attached files for further information and build/update
failures.
Any problem please file a bug at
https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler
Regards,
The Upgrade Helper
-- >8 --
>From b93de52b4ac6f8583a5f98819c533aa7a7ad79c6 Mon Sep 17 00:00:00 2001
From: Upgrade Helper <[email protected]>
Date: Thu, 11 Jun 2026 14:57:50 +0000
Subject: [PATCH] ca-certificates: upgrade 20260223 -> 20260601
---
...ertdata2pem.py-print-a-warning-for-e.patch | 6 ++---
...icates-don-t-use-Debianisms-in-run-p.patch | 2 +-
...icates-use-relative-symlinks-from-ET.patch | 2 +-
...0260223.bb => ca-certificates_20260601.bb} | 25 +++++++++++++++++--
4 files changed, 28 insertions(+), 7 deletions(-)
rename meta/recipes-support/ca-certificates/{ca-certificates_20260223.bb =>
ca-certificates_20260601.bb} (79%)
diff --git
a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
index 1226508c98..5ba5d3eac6 100644
---
a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
+++
b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
@@ -1,4 +1,4 @@
-From 743774cd53ed1c45bb660eddacf6dadb5ee3e145 Mon Sep 17 00:00:00 2001
+From 05f51aa6d26e7107f744bbb6e71effa213fa04c8 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <[email protected]>
Date: Mon, 18 Oct 2021 12:05:49 +0200
Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
@@ -16,10 +16,10 @@ Signed-off-by: Alexander Kanavin <[email protected]>
3 files changed, 1 insertion(+), 13 deletions(-)
diff --git a/debian/changelog b/debian/changelog
-index dbe3e9c..496e05d 100644
+index 8ae7839..23b4b21 100644
--- a/debian/changelog
+++ b/debian/changelog
-@@ -156,7 +156,6 @@ ca-certificates (20211004) unstable; urgency=low
+@@ -218,7 +218,6 @@ ca-certificates (20211004) unstable; urgency=low
- "Trustis FPS Root CA"
- "Staat der Nederlanden Root CA - G3"
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
diff --git
a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
index 1a29da756f..f03d298705 100644
---
a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
+++
b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -1,4 +1,4 @@
-From 63086d41f76b1c3357e23c6509df72d3f75af20c Mon Sep 17 00:00:00 2001
+From 4bad006e03e23a8e69c5a409d7c46d31015292ec Mon Sep 17 00:00:00 2001
From: Ross Burton <[email protected]>
Date: Mon, 6 Jul 2015 15:19:41 +0100
Subject: [PATCH] ca-certificates: remove Debianism in run-parts invocation
diff --git
a/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
b/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
index 929945b56f..310b3ad95c 100644
---
a/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
+++
b/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
@@ -1,4 +1,4 @@
-From a69933f96a8675369de702bdb55e57dc21f65e7f Mon Sep 17 00:00:00 2001
+From c61c17ae5e10d560cd2de1d56c5347509bbc14b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <[email protected]>
Date: Wed, 28 Mar 2018 16:45:05 +0100
Subject: [PATCH] update-ca-certificates: use relative symlinks from
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20260223.bb
b/meta/recipes-support/ca-certificates/ca-certificates_20260601.bb
similarity index 79%
rename from meta/recipes-support/ca-certificates/ca-certificates_20260223.bb
rename to meta/recipes-support/ca-certificates/ca-certificates_20260601.bb
index 41690d1d08..641975b11d 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20260223.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20260601.bb
@@ -1,3 +1,24 @@
+# FIXME: the LIC_FILES_CHKSUM values have been updated by 'devtool upgrade'.
+# The following is the difference between the old and the new license text.
+# Please update the LICENSE value if needed, and summarize the changes in
+# the commit message via 'License-Update:' tag.
+# (example: 'License-Update: copyright years updated.')
+#
+# The changes:
+#
+# --- debian/copyright
+# +++ debian/copyright
+# @@ -2,7 +2,6 @@
+# Source: http://ftp.debian.org/debian/pool/main/c/ca-certificates/
+#
+# Files: debian/*
+# - examples/*
+# Makefile
+# mozilla/*
+# sbin/*
+#
+#
+
SUMMARY = "Common CA certificates"
DESCRIPTION = "This package includes PEM files of CA certificates to allow \
SSL-based applications to check for the authenticity of SSL connections. \
@@ -5,7 +26,7 @@ This derived from Debian's CA Certificates."
HOMEPAGE = "http://packages.debian.org/sid/ca-certificates";
SECTION = "misc"
LICENSE = "GPL-2.0-or-later & MPL-2.0"
-LIC_FILES_CHKSUM =
"file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e"
+LIC_FILES_CHKSUM =
"file://debian/copyright;md5=dab7c7cea776d1a1648deb0052c72647"
# This is needed to ensure we can run the postinst at image creation time
DEPENDS = ""
@@ -14,7 +35,7 @@ DEPENDS:class-nativesdk = "openssl-native"
# Need rehash from openssl and run-parts from debianutils
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
-SRC_URI[sha256sum] =
"2fa2b00d4360f0d14ec51640ae8aea9e563956b95ea786e3c3c01c4eead42b56"
+SRC_URI[sha256sum] =
"7ab6301f7f34eef90a4d278647c260bc0762e0e14561f4649854cf4b0d4bea21"
SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \
file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
--
2.47.1
packages/all-poky-linux/ca-certificates/ca-certificates-dbg: PV changed from "20260223" to "20260601" packages/all-poky-linux/ca-certificates/ca-certificates-dbg: PKGV changed from 20260223 [default] to 20260601 [default] packages/all-poky-linux/ca-certificates/ca-certificates-dev: PV changed from "20260223" to "20260601" packages/all-poky-linux/ca-certificates/ca-certificates-dev: PKGV changed from 20260223 [default] to 20260601 [default] packages/all-poky-linux/ca-certificates/ca-certificates-doc: PV changed from "20260223" to "20260601" packages/all-poky-linux/ca-certificates/ca-certificates-doc: PKGV changed from 20260223 [default] to 20260601 [default] packages/all-poky-linux/ca-certificates/ca-certificates-locale: PV changed from "20260223" to "20260601" packages/all-poky-linux/ca-certificates/ca-certificates-locale: PKGV changed from 20260223 [default] to 20260601 [default] packages/all-poky-linux/ca-certificates/ca-certificates-src: PV changed from "20260223" to "20260601" packages/all-poky-linux/ca-certificates/ca-certificates-src: PKGV changed from 20260223 [default] to 20260601 [default] packages/all-poky-linux/ca-certificates/ca-certificates-staticdev: PV changed from "20260223" to "20260601" packages/all-poky-linux/ca-certificates/ca-certificates-staticdev: PKGV changed from 20260223 [default] to 20260601 [default] packages/all-poky-linux/ca-certificates/ca-certificates: PV changed from "20260223" to "20260601" packages/all-poky-linux/ca-certificates/ca-certificates: PKGV changed from 20260223 [default] to 20260601 [default] packages/all-poky-linux/ca-certificates/ca-certificates: PKGSIZE changed from 228128 to 192791 (-15%) packages/all-poky-linux/ca-certificates/ca-certificates: FILELIST: removed "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt /usr/share/ca-certificates/mozilla/Certigna.crt /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt /usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt /usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt /usr/share/ca-certificates/mozilla/SecureTrust_CA.crt /usr/share/ca-certificates/mozilla/GTS_Root_R2.crt /usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt /usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt /usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt /usr/share/ca-certif icates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt /usr/share/ca-certificates/mozilla/_OISTE_Server_Root_RSA_G1.crt /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt /usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", added "/usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt /usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt" packages/all-poky-linux/ca-certificates: SRC_URI changed from "http://deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20260223.tar.xz file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch" to "http://deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20260601.tar.xz file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch" packages/all-poky-linux/ca-certificates: PV changed from "20260223" to "20260601" packages/all-poky-linux/ca-certificates: PKGV changed from 20260223 [default] to 20260601 [default] Changes to packages/all-poky-linux/ca-certificates (sysroot): /usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt was added /usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt was added /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt was removed /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt was removed /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt was removed /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt was removed /usr/share/ca-certificates/mozilla/Certigna.crt was removed /usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt was removed /usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt was removed /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt was removed /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt was removed /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt was removed /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt was removed /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt was removed /usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt was removed /usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt was removed /usr/share/ca-certificates/mozilla/GTS_Root_R2.crt was removed /usr/share/ca-certificates/mozilla/_OISTE_Server_Root_RSA_G1.crt was removed /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt was removed /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt was removed /usr/share/ca-certificates/mozilla/Secure_Global_CA.crt was removed /usr/share/ca-certificates/mozilla/SecureTrust_CA.crt was removed /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt was removed /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt was removed /usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt was removed /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt was removed /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt was removed
packages/all-poky-linux/ca-certificates/ca-certificates: FILELIST: removed "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt /usr/share/ca-certificates/mozilla/Certigna.crt /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt /usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt /usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA _2.crt /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt /usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt /usr/share/ca-certificates/mozilla/SecureTrust_CA.crt /usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt /usr/share/ca-certificates/mozilla/_OISTE_Server_Root_RSA_G1.crt /usr/share/ca-certificates/mozilla/Secure_Global_CA.crt /usr/share/ca-certificates/mozilla/GTS_Root_R2.crt /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt /usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", added "/usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt /usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt" packages/all-poky-linux/ca-certificates/ca-certificates: PKGSIZE changed from 228128 to 192791 (-15%) Changes to packages/all-poky-linux/ca-certificates (sysroot): /usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt was added /usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt was added /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt was removed /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt was removed /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt was removed /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt was removed /usr/share/ca-certificates/mozilla/Certigna.crt was removed /usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt was removed /usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt was removed /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt was removed /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt was removed /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt was removed /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt was removed /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt was removed /usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt was removed /usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt was removed /usr/share/ca-certificates/mozilla/GTS_Root_R2.crt was removed /usr/share/ca-certificates/mozilla/_OISTE_Server_Root_RSA_G1.crt was removed /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt was removed /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt was removed /usr/share/ca-certificates/mozilla/Secure_Global_CA.crt was removed /usr/share/ca-certificates/mozilla/SecureTrust_CA.crt was removed /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt was removed /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt was removed /usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt was removed /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt was removed /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt was removed
0001-ca-certificates-upgrade-20260223-20260601.patch
Description: Binary data
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#238567): https://lists.openembedded.org/g/openembedded-core/message/238567 Mute This Topic: https://lists.openembedded.org/mt/119759948/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
