commit f8caae304a2fa94cf2770b72a313ee843b2f177b
author Brad Bishop <bradleyb@fuzziesquirrel.com> Mon Mar 25 13:13:56 2019 -0400
committer Brad Bishop <bradleyb@fuzziesquirrel.com> Mon Mar 25 13:14:34 2019 -0400
tree 019dd9bf04c554e796e3ec9fc04c311adcf3c93a
parent 2ef13c18a8b076d2a34e9e40d765f687b72ef195

poky: refresh thud: 506ec088e5..e4c0a8a7cb

Update poky to thud HEAD.

Alexander Kanavin (1):
      ca-certificates: upgrade 20180409 -> 20190110

André Draszik (1):
      systemd: RDEPENDS on util-linux-umount

Changqing Li (1):
      libsndfile1: Security fix CVE-2018-19432

Chen Qi (1):
      target-sdk-provides-dummy: add more perl modules to avoid populate_sdk failure

Douglas Royds (1):
      libpam: libpamc is licensed under its own BSD-style licence

George McCollister (1):
      systemd: fix CVE-2019-6454

Jonathan Rajotte-Julien (3):
      lttng-ust: update to 2.10.3
      lttng-modules: update to 2.10.9
      lttng-tools: update to 2.9.11

Mark Hatle (10):
      bitbake: gitsm.py: Fix when a submodule is defined, but not initialized
      bitbake: gitsm.py: Add support for alternative URL formats from submodule files
      bitbake: tests/fetch.py: Add alternative gitsm test case
      bitbake: gitsm.py: Optimize code and attempt to resolve locking issue
      bitbake: gitsm.py: revise unpack
      bitbake: gitsm.py: Rework the shallow fetcher and test case
      bitbake: gitsm.py: Refactor the functions and simplify the class
      bitbake: gitsm.py: Fix relative URLs
      bitbake: gitsmy.py: Fix unpack of submodules of submodules
      bitbake: gitsm: The fetcher did not process some recursive submodules properly.

Ming Liu (1):
      rm_work: sort the value of do_build dependencies

Oleksandr Kravchuk (1):
      target-sdk-provides-dummy: add perl-module-overload

Richard Purdie (3):
      target-sdk-provides-dummy: Extend to -dev and -src packages
      systemd: Update recent CVE patches
      kernel: Ensure an initramfs is added if configured

Robert Yang (1):
      send-error-report: Add --no-ssl to use http protocol

Ross Burton (1):
      libpng: fix CVE-2019-7317

Change-Id: I3e03c837688d49703b4989a561f3728d616abbec
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb

diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
new file mode 100644
index 0000000..b9f5790
--- /dev/null
+++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
@@ -0,0 +1,87 @@
+SUMMARY = "Common CA certificates"
+DESCRIPTION = "This package includes PEM files of CA certificates to allow \
+SSL-based applications to check for the authenticity of SSL connections. \
+This derived from Debian's CA Certificates."
+HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
+SECTION = "misc"
+LICENSE = "GPL-2.0+ & MPL-2.0"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308"
+
+# This is needed to ensure we can run the postinst at image creation time
+DEPENDS = ""
+DEPENDS_class-native = "openssl-native"
+DEPENDS_class-nativesdk = "openssl-native"
+# Need c_rehash from openssl and run-parts from debianutils
+PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
+
+SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be"
+
+SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
+           file://0002-update-ca-certificates-use-SYSROOT.patch \
+           file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
+           file://update-ca-certificates-support-Toybox.patch \
+           file://default-sysroot.patch \
+           file://sbindir.patch \
+           file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
+           "
+
+S = "${WORKDIR}/git"
+
+inherit allarch
+
+EXTRA_OEMAKE = "\
+    'CERTSDIR=${datadir}/ca-certificates' \
+    'SBINDIR=${sbindir}' \
+"
+
+do_compile_prepend() {
+    oe_runmake clean
+}
+
+do_install () {
+    install -d ${D}${datadir}/ca-certificates \
+               ${D}${sysconfdir}/ssl/certs \
+               ${D}${sysconfdir}/ca-certificates/update.d
+    oe_runmake 'DESTDIR=${D}' install
+
+    install -d ${D}${mandir}/man8
+    install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
+
+    install -d ${D}${sysconfdir}
+    {
+        echo "# Lines starting with # will be ignored"
+        echo "# Lines starting with ! will remove certificate on next update"
+        echo "#"
+        find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
+            sed 's,^${D}${datadir}/ca-certificates/,,'
+    } >${D}${sysconfdir}/ca-certificates.conf
+}
+
+do_install_append_class-target () {
+    sed -i -e 's,/etc/,${sysconfdir}/,' \
+           -e 's,/usr/share/,${datadir}/,' \
+           -e 's,/usr/local,${prefix}/local,' \
+        ${D}${sbindir}/update-ca-certificates \
+        ${D}${mandir}/man8/update-ca-certificates.8
+}
+
+pkg_postinst_${PN}_class-target () {
+    SYSROOT="$D" $D${sbindir}/update-ca-certificates
+}
+
+CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
+
+# Rather than make a postinst script that works for both target and nativesdk,
+# we just run update-ca-certificate from do_install() for nativesdk.
+CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
+do_install_append_class-nativesdk () {
+    SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
+}
+
+do_install_append_class-native () {
+    SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
+}
+
+RDEPENDS_${PN} += "openssl"
+
+BBCLASSEXTEND = "native nativesdk"