CVS commit: pkgsrc/security/ca-certificates

["Tobias Nygren" <tnn%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tnn
Date:           Sun Jul 17 02:58:32 UTC 2022

Modified Files:
        pkgsrc/security/ca-certificates: Makefile distinfo
Added Files:
        pkgsrc/security/ca-certificates/patches: patch-mozilla_certdata2pem.py

Log Message:
ca-certificates: try to mend py-cryptography fallout


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/ca-certificates/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/ca-certificates/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/ca-certificates/patches/patch-mozilla_certdata2pem.py

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/ca-certificates/Makefile
diff -u pkgsrc/security/ca-certificates/Makefile:1.8 pkgsrc/security/ca-certificates/Makefile:1.9
--- pkgsrc/security/ca-certificates/Makefile:1.8        Sat Jul  9 09:38:57 2022
+++ pkgsrc/security/ca-certificates/Makefile    Sun Jul 17 02:58:32 2022
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2022/07/09 09:38:57 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2022/07/17 02:58:32 tnn Exp $
 
 PKGNAME=       ca-certificates-20211016
-PKGREVISION=   3
+PKGREVISION=   4
 DISTNAME=      ${PKGNAME_NOREV:C/-([^-]*)$/_\1/}
 CATEGORIES=    security
 MASTER_SITES=  http://deb.debian.org/debian/pool/main/c/ca-certificates/

Index: pkgsrc/security/ca-certificates/distinfo
diff -u pkgsrc/security/ca-certificates/distinfo:1.7 pkgsrc/security/ca-certificates/distinfo:1.8
--- pkgsrc/security/ca-certificates/distinfo:1.7        Sun Jun 12 07:05:30 2022
+++ pkgsrc/security/ca-certificates/distinfo    Sun Jul 17 02:58:32 2022
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.7 2022/06/12 07:05:30 kim Exp $
+$NetBSD: distinfo,v 1.8 2022/07/17 02:58:32 tnn Exp $
 
 BLAKE2s (ca-certificates_20211016.tar.xz) = ee1b82472068aef176dbc9dab2099848e299dbcc92ac309ba5a906a98414731d
 SHA512 (ca-certificates_20211016.tar.xz) = bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
 Size (ca-certificates_20211016.tar.xz) = 239608 bytes
+SHA1 (patch-mozilla_certdata2pem.py) = e0752892bf93113bb4a6414f1bef98261a5b832a
 SHA1 (patch-sbin_update-ca-certificates) = e57e4c0ec2be335f6d901c865a7b0a33405fd7f2

Added files:

Index: pkgsrc/security/ca-certificates/patches/patch-mozilla_certdata2pem.py
diff -u /dev/null pkgsrc/security/ca-certificates/patches/patch-mozilla_certdata2pem.py:1.1
--- /dev/null   Sun Jul 17 02:58:32 2022
+++ pkgsrc/security/ca-certificates/patches/patch-mozilla_certdata2pem.py       Sun Jul 17 02:58:32 2022
@@ -0,0 +1,16 @@
+$NetBSD: patch-mozilla_certdata2pem.py,v 1.1 2022/07/17 02:58:32 tnn Exp $
+
+py-cryptography fallout:
+TypeError: argument 'data': 'bytearray' object cannot be converted to 'PyBytes'
+
+--- mozilla/certdata2pem.py.orig       2021-10-16 16:09:43.000000000 +0000
++++ mozilla/certdata2pem.py
+@@ -122,7 +122,7 @@ for obj in objects:
+         if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
+             continue
+ 
+-        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
++        cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
+         if cert.not_valid_after < datetime.datetime.now():
+             print('!'*74)
+             print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])