ZhuningOS/libcap
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initialize for libcap

Browse source
This commit is contained in:
zyppe 2024-02-10 20:34:43 +08:00
commit da06b0df06
9 changed files with 812 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
libcap-2.63.tar.xz

1
.libcap.metadata Normal file
View file

@ -0,0 +1 @@
d766ce41dfb5c131536a8be41cde3889437151da3225cbbdff2792b1c7a43a72 libcap-2.63.tar.xz

12
CVE-2023-2602.patch Normal file
View file

@ -0,0 +1,12 @@
diff -Nurp libcap-2.63-orig/psx/psx.c libcap-2.63/psx/psx.c
--- libcap-2.63-orig/psx/psx.c 2022-01-24 01:30:38.000000000 +0100
+++ libcap-2.63/psx/psx.c 2023-05-16 16:05:14.436726170 +0200
@@ -492,7 +492,7 @@ int __wrap_pthread_create(pthread_t *thr
pthread_sigmask(SIG_BLOCK, &sigbit, NULL);
int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter);
- if (ret == -1) {
+ if (ret > 0) {
psx_new_state(_PSX_CREATE, _PSX_IDLE);
memset(starter, 0, sizeof(*starter));
free(starter);

26
CVE-2023-2603.patch Normal file
View file

@ -0,0 +1,26 @@
diff -Nurp libcap-2.63-orig/libcap/cap_alloc.c libcap-2.63/libcap/cap_alloc.c
--- libcap-2.63-orig/libcap/cap_alloc.c 2022-01-24 01:30:38.000000000 +0100
+++ libcap-2.63/libcap/cap_alloc.c 2023-05-16 16:08:54.870513495 +0200
@@ -105,15 +105,17 @@ char *_libcap_strdup(const char *old)
errno = EINVAL;
return NULL;
}
- len = strlen(old) + 1 + 2*sizeof(__u32);
- if (len < sizeof(struct _cap_alloc_s)) {
- len = sizeof(struct _cap_alloc_s);
- }
- if ((len & 0xffffffff) != len) {
+
+ len = strlen(old);
+ if ((len & 0x3fffffff) != len) {
_cap_debug("len is too long for libcap to manage");
errno = EINVAL;
return NULL;
}
+ len += 1 + 2*sizeof(__u32);
+ if (len < sizeof(struct _cap_alloc_s)) {
+ len = sizeof(struct _cap_alloc_s);
+ }
raw_data = calloc(1, len);
if (raw_data == NULL) {

2
baselibs.conf Normal file
View file

@ -0,0 +1,2 @@
libcap2
libpsx2

16
libcap-2.63.tar.sign Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEOKZEaYxpeHNE6VTOKe6EiuLM8/QFAmHuAO4ACgkQKe6EiuLM
8/Tydw//T21BWZmAVOMN5wJ5o0xDs5UxM9uEXb8cNPM+C3AUwfNuu+FhGmDYJGma
rdMf4/xKNXBXdw5LAhP+5trNnYv9l8ESHB0vSE0jD1L+5kz2C+62s7NRp2rSdD2j
HYbjizzDSacXsfIYIggMX/PgSekK+Ji05bFTigjX14CUb3im6Vco+JaYHp9C/4Cy
ER0SVLumvN3wQWfeufOoUUMcV/anNVdtKSk3JKPOAIN2IYF4qKR0BWmszNSQtX3H
QpTUSQDx7jeulshEelVQoDUsJncs9xHGo72Q6PMxmq0T/l0gcaReoZtGd2THjNqJ
akhUURraI0ottI/IwUKWpY6n1YAulLQUIZijHg94f42IDOtJtx7fMeGU+haa/6BG
tPGxmsJUyPKdfDqfAiDjIzLWMcA+QISWM0B91JKVmtvBCOlRDOwC7lWMa3CfiNcs
JnhXf4bNXu1fvdIw4S6NdGVh8nZ0pz/eV6sjYBQf0sL1441IUTgnuUNYr1NhKqsM
FwnN+cnq6eV7iAiN9IvmxwBJ2PLuIvbR/jcq7mwG6LUeU4dT0lP6tj0d+5SswugZ
ZpF20FUbj9uwtvDCRtonLoNpnjmFfdn5yk7/qJy+elRvVL/LFHjg24Ndi2mGJxK+
sHbaIo8mWs7PAzFeUl9uQncquwj90JHRTIGx9NalDtc75eBRUdg=
=oRLV
-----END PGP SIGNATURE-----

343
libcap.changelog Normal file
View file

@ -0,0 +1,343 @@
* Tue May 16 2023 abergmann@suse.com
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
(bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
(bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
* Fri Feb 25 2022 meissner@suse.com
- Use "or" in the license tag to avoid confusion (bsc#1180073)
* Mon Jan 31 2022 dmueller@suse.com
- update to 2.63:
* restore errno to zero by the time main() is executed
* Consistent psx handling (a panic) for syscalls that return thread dependent
status Inconsistend behavior noticed by Lorenz Bauer
* Add a test case for a deadlock under investigation in golang
* Trim some of the #include file use to make the tree compile more
efficiently
* Thu Dec 30 2021 dmueller@suse.com
- update to 2.62:
* Bug fix for Go package "cap" and launching
* Build cleanups
* Documentation updates: cap_max_bits has a man page entry
* Recognize default securebits as a libcap mode: HYBRID
* Sun Nov 21 2021 andreas.stieger@gmx.de
- libcap 2.61:
* Better error handling of the numerical arguments for capsh and
setcap
* Fix executable mode for all of the .so files. There were two
situations where this was failing (with a hard to debug SIGSEGV
inside libc)
* Added an example of a shared library object with its own file
capability
* Fix the top-level include for Make.Rules in the contrib/sucap
example application
* Add support for running constructors at libcap.so start up time
when running as stand alone binary.
- includes changes from 2.60:
* Some build, code linting fixes, the addition of the
cap_fill_flag() API and a memory latency optimization
* General improvement in thread safety for libcap and cap package
* Minor API change replacing libcap:cap_launch_*() void returning
functions with int + errno status returns.
* Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
* New features for capsh: --quiet, -+ and =+ arguments
- add upstream signing key and verify source signature
* Tue Sep 28 2021 info@paolostivanin.com
- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant
applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
runnable as standalone binaries
* The module pam_cap.so now contains support for a default=<IAB> module argument
* Enhanced capsh --suggest to also compare against the capability value names
and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with
the POSIX.1e and IAB capabilities of each PID{TID} tree.
* Sat Jul 17 2021 dmueller@suse.com
- update to 2.51:
* Fix capsh installation
* Add an autoauth module flag to pam_cap.so
* Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
* API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
capability flag to another.
* --explain=cap_foo: describe what cap_foo does
* --suggest=phrase: search all the cap descriptions and describe those that match the phrase
* Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
* extend libcap to include cap_prctl() and cap_prctlw() functions to regain
feature parity with Go "cap" package. These are only needed when linking
against -lpsx for keepcaps POSIX semantics.
* this likely requires substantial application changes to make Ambient
capability support usable in general, but doing our part for the admin.
* Add a test case for recent kernel fix
* Go pragma fix for convenience functions in "cap" module
* Wed Jun 2 2021 christophe@krop.fr
- Fix a broken symlink. libcap-devel installs libpsx.so but
didn't install the library it's pointing to.
* Fri Apr 16 2021 tiwai@suse.de
- Add explicit dependency on libcap2 with version to libcap-progs
(bsc#1184690)
* Mon Mar 22 2021 dmueller@suse.com
- update to 2.49:
* Implement cap_func_launcher() and cap.FuncLauncher().
* More robust "psx" redirection for nocgo compilation - the documentation for
the cgo implementation is now included in the nocgo one because the go.dev
automated documentation builds the docs from the nocgo version.
* Lots of documentation cleanups and added a few man pages: for IAB and
Launching.
* Some general no-op License changes that might cause folk to notice but only
for formatting reasons. These were initially inspired by some lawyerly
interactions, but I ended up rolling back half of them because they
confused automated software infrastructure.
* Tue Feb 9 2021 dmueller@suse.com
- update to 2.48:
* More uniform use of $(MAKE) in Makefiles
* No longer include symlinks in the git tree
* Provide support for make GOLANG=no ...
* Provide support for pointing at a specific build of the go binary
* camelCase the contrib/seccomp/explore.go program
* A number of documentation fixes to man pages and source code comments
* Last use of GO major version 0
* Wed Jan 27 2021 dmueller@suse.com
- update to 2.47:
* Restructured gowns to default to uid base of getuid().
* Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
* Improve the usage and diagnostic message for setcap
* Documentation fixes, license declarations, example updates
* Mon Jan 4 2021 dmueller@suse.com
- update to 2.46:
* The bulk of this release concerns fixes and improvements to libpsx
* Fix the capsh == argument handling and add a test case
* Added build support for systems that do not support libpthread
* Added build support for not building shared libraries
* Sat Nov 14 2020 dmueller@suse.com
- update to 2.44:
Generally, this is a release to help package builders: no functional change
to any of the generated code just documentation and make related fixes.
* Wed Sep 2 2020 dmueller@suse.com
- update to 2.43
* Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
* Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
* Clean up a binary from the distribution
* Added some more release time checks for non-git tracked files.
* Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.
* Thu Aug 6 2020 info@paolostivanin.com
- Update to version 2.42:
* Closed a potential issue with "libcap/psx" Go package and errno
* Documentation updates
* Minor optimization for cap_to_text() and (*cap.Set).String()
* Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap
* Multiple fixes
* Support Go module abstraction
* A new kernel capability: CAP_BPF
* Better support for cross-compilation
* pam_cap now honors PAM_REINITIALIZE_CRED
* implements cap_launch functionality
* Sat Feb 15 2020 tiwai@suse.de
- Update to version 2.32:
* Bug fix for fakeroot incompatibility (boo#1162014)
* Slight perf improvement for cap_get_bound().
* C++ support for psx header inclusion.
* Some new testing features for capsh
* Tue Jan 28 2020 tiwai@suse.de
- Update to version 2.31:
* primarily a documentation update
* fix libpam.pc to not require libpsx.pc
* changed the text format of the default output of getpcap
* Mon Jan 13 2020 mpluskal@suse.com
- Build using -ffat-lto-objects for static library
* Thu Jan 9 2020 mpluskal@suse.com
- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):
* BUGFIX: arm and i386 fixes C and Go setgroups choice - used
wrong syscall in 2.29.
* cleaned up make clean and make install to actually work as
intended
* updated Gentoo libpsx.pc file from Lars Wendler
* refactored the way libpsx linkage with libcap performed mutual
discovery.
* Previously (2.28) libpsx had an API call overridden by libcap
using weak linkage function in libpsx. In 2.30 this is reversed,
namely libpsx provides the stronger function and libcap has a
weak "no-op" version.
* a bit more consistency in handling the 'all' sets in libcap
(C) and libcap/cap (Go). Namely, they both dynamically discover
the number of capabilities named by the kernel and use this as
the definition of 'all' for the current runtime.
+ libcap (C) exports cap_max_bit() to export the number of
supported capabilities
+ libcap/cap (Go) exports cap.MaxBits() for this same value.
- For changes for older releases see:
* https://sites.google.com/site/fullycapable/release-notes-for-libcap
- Add glibc-static-devel as build requirement as tests need it
- Install libpsx.a as it seems to be needed in some cases:
* https://bugs.gentoo.org/703912
* Mon Dec 16 2019 matthias.gerstner@suse.com
- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security
wise.
* Thu Feb 22 2018 fvogt@suse.com
- Use %%license (boo#1082318)
* Tue Jan 31 2017 matwey.kornilov@gmail.com
- Enable PAM pam_cap.so module
* Sun Jan 1 2017 jengelh@inai.de
- RPM group association fix
* Mon Aug 29 2016 dimstar@opensuse.org
- Update to versison 2.25:
+ Recover gperf detection in make rules.
+ Man page typo fix.
+ Tweak make rules to make packaging more straightforward.
+ Fix error explanation in setcap.
+ Drop need to link with libattr. It turns out libcap wasn't
actually using any code from that library, so linking to it was
superfluous.
- Drop libcap-nolibattr.patch: fixed upstream.
- No longer add %%{buildroot} to all variables for make install the
Makefile learned about the meaning of DESTDIR.
* Sat Jan 31 2015 p.drouand@gmail.com
- Update to version 2.24
* Fix compilation problems (note to self, make distclean && make,
before release)
* Some make rule changes to make uploading a release to kernel.org
easier for me.
* Tidied up some documented links.
- Update libcap-nolibattr.patch
- Add pkg-config build requirement; libcap now provides a pkgconfig
file
- Clean up specfile
- Move libraries and binaries to /usr because of #UsrMove
* Thu Jun 19 2014 crrodriguez@opensuse.org
- libcap-nolibattr.patch Do not link to libattr, it is
a bogus dependency. application uses sys/xattr from libc.
* Fri Feb 1 2013 coolo@suse.com
- update license to new format
* Tue Sep 20 2011 aj@suse.de
- Cleanup specfile a bit: Remove old tags.
* Tue Sep 20 2011 aj@suse.de
- Update to libcap 2.22
- libcap 2.22 includes:
* Clarified License file (with version 2 of the GPL)
* Support getting/setting capabilities on large files
* After --chroot command, change working directory to "/".
- libcap 2.21 includes:
* Introduce cap_get_bound() and cap_drop_bound() functions.
also include a macro CAP_IS_SUPPORTED(cap) for capabilities
- libcap 2.20 includes:
* Latest kernel capabilites supported: now includes CAP_SYSLOG
* $(CFLAGS) Makefile fixes
* Default to installing setcap with an inheritable capability.
* Thu Dec 2 2010 meissner@suse.de
- updated to libcap-2.19
* more stuff in capsh.c
* sys/capability.h header clean up and fixes.
* Thu Dec 2 2010 meissner@suse.de
- fixed build on ppc64 (needs to get linux/types.h included first).
* Mon Jun 28 2010 jengelh@medozas.de
- use %%_smp_mflags
* Wed Jun 9 2010 chris@computersalat.de
- fix deps for fdupes
* Sat Dec 12 2009 jengelh@medozas.de
- add baselibs.conf as a source
* Wed Mar 18 2009 tiwai@suse.de
- fix a typo in the previous patch (__le64) (bnc#487453)
- don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453)
* Tue Mar 10 2009 tiwai@suse.de
- fix build error on i386 due to missing __u64 definition in
sys/capability.h
* Wed Jan 7 2009 tiwai@suse.de
- updated to libcap-2.15:
* Makefile fixes
- updated to libcap-2.16:
* stop using sed for parsing capability.h
* Mon Oct 27 2008 tiwai@suse.de
- updated to libcap-2.14:
* add -v mode to setcap
- updated to libcap-2.13:
* fix a corner case of cap_to_text()
- updated to libcap-2.12:
* man page fixes
* remove never used codes for sysfs check
* Wed Oct 22 2008 mrueckert@suse.de
- fix debug_packages_requires define
* Wed Aug 6 2008 tiwai@suse.de
- updated to libcap-2.11:
* makefile fixes, minor clean-ups
* fix cap_copy_int(), new cap_get_pid() and cap_compare()
* fix cap_copy_ext()
- fix build with libcap-2.11.
* Sun Aug 3 2008 ro@suse.de
- fix requires for debuginfo package
* Wed Jun 11 2008 tiwai@suse.de
- updated to libcap-2.10:
v3 capabilities, documantation fixes, misc fixes
* Wed Apr 23 2008 tiwai@suse.de
- updated to libcap-2.08
properly supporting the recent 2.6 kernels
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Mon Apr 16 2007 tiwai@suse.de
- follow library packaging policy
* move docs to devel package
* move binaries and man pages to progs sub package
* fix *.so symlink in libdir
* Wed Jan 24 2007 tiwai@suse.de
- fix the access over array range in cap_extint.c (#237943).
* Tue Dec 19 2006 tiwai@suse.de
- update to libcap-1.10 to support fscaps (#229722, FATE#301748)
* Wed May 24 2006 schwab@suse.de
- Don't strip binaries.
* Thu May 11 2006 tiwai@suse.de
- fix invalid calls of free() (#174561)
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Aug 19 2005 kukuk@suse.de
- Create -devel subpackage
* Thu Jun 23 2005 meissner@suse.de
- use RPM_OPT_FLAGS.
* Wed May 25 2005 tiwai@suse.de
- fixed memory leak (#85659)
* Wed Jan 19 2005 tiwai@suse.de
- fixed compile warnings with gcc-4.0.
* Thu Mar 25 2004 thomas@suse.de
- added EAL3 man-page patch
* Tue Jan 27 2004 kukuk@suse.de
- Remove capget.2/capset.2 from package (version from man-pages
is newer).
* Sun Jan 11 2004 adrian@suse.de
- add %%run_ldconfig
* Mon Feb 24 2003 schwab@suse.de
- Don't include kernel headers, instead copy the contents here.
* Thu Feb 6 2003 garloff@suse.de
- Avoid inclusion of glibc's linux/fs.h (it's broken) [#23324].
- Use BuildRoot.
* Wed Nov 27 2002 coolo@suse.de
- link the library with the compiler so the depedencies
are tracked correctly (#21996)
* Tue Sep 17 2002 ro@suse.de
- removed bogus self-provides
* Wed Sep 4 2002 sf@suse.de
- fix biarch error (added patch to Make.Rules)
* Sun Aug 11 2002 kukuk@suse.de
- Remove kernel-source from neededforbuild
* Sat Apr 20 2002 garloff@suse.de
- Include capfaq-0.2.txt
- Disable syscall wrapper (capset/capget); it's defined in glibc.
* Sat Apr 20 2002 garloff@suse.de
- Compile syscall wrapper without -fPIC
* Tue Apr 9 2002 ro@suse.de
- apply gcc-3 fixes only for gcc-3
* Mon Mar 25 2002 stepan@suse.de
- remove -ansi, as it forbids inline. (gcc3)
- use -fpic for building libraries (gcc3)
* Wed Sep 5 2001 ro@suse.de
- updated neededforbuild and updated specfile (man and doc relocation)
* Tue Sep 28 1999 garloff@suse.de
- Initial check in of libcap.
- Kernel patches are provided within the docdir.

278
libcap.keyring Normal file
View file

@ -0,0 +1,278 @@
morgan@kernel.org upload/signature key.
pub 4096R/E2CCF3F4 2011-10-07 Andrew G. Morgan (Work Address) <agm@google.com>
uid Andrew G. Morgan <morgan@kernel.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.15 (GNU/Linux)
mQINBE6OiBIBEADpdtUxC8Fmhn5UK6UCZdU7mFgZwN8U9cabFUPfUIkMqXULhCD0
hG2/amuiiUoLollPjOopNqk4cc8LcZfszOdBFAYj7MeWzNySVw4KkWrVCEH/bZ0Q
QzZH2qmoMT5CIrtcNxCAvukYsZLhyZYO0HdfuE05mVhVjtX9Btfxr7Ndvb7L4MRS
3Qb6+nHTgfn/Oow92/koIWvi0YvskKdZypeU888TQL99E8xdgL2n2Ip3xYwBHRR2
GPb5MGOuEItF3tJ0kkILW5mzkJq/iLzRphzKjdF76I9QVRP8dZ+uWHPubWePm/5c
1H9lnlw00ZZ/ucQvSwTesUYk2aKkxzgm6X8fCdJXBLGgW5K6CkynpjN3qJ9KpcNY
H55smUgp8BaiWuoHe4pLvuBhnN2wiYOe2j9UvGX1OaRstMXFx7YbBvkGgdoZthUe
VPGAa4K+dnI2oy4wukzl/unAKrlMCBRsRoW2qjy3TDSXqwJhd34ilHzrdAdchrh/
acBfbBtRzVlcDTnGltDNMuRTXzujaY9C3B0L2E+Jfrds8WcM8ASO4mHwJUTMrBwM
b5sFSG+/X9Ufg/c2G086HQ7xMERUA5oz66P5ReHCph8WHQN2L5vtZwL7//hZB9hn
G0K1210YEDXpFPijpis/54MKUSkWEFOLjUbiSPbwEfb79A00CcHojQQinwARAQAB
tDBBbmRyZXcgRy4gTW9yZ2FuIChXb3JrIEFkZHJlc3MpIDxhZ21AZ29vZ2xlLmNv
bT6JAjgEEwECACIFAk6VD4ICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ
ECnuhIrizPP0zNoQAMDjx3iovvf0rpAYFvvAoPbzhEXcJ41/T+paxWOJm8SEg7fX
nUHgXeTwW3RJPIp7PguctPogvKQV+7GcU5Dcg13DZO4nMrSsvInsLQkfeDVU/zl2
MuHFOtBMpDp6iGcUwjS0bYbvl03fPj7ZXIML+I7OSyNeoZ/n2ztI9UiIBHovsHqZ
qYm4d7VOi4nVj1Y/Gak99sw3cLvUwq9f3i8ioNzynqBT7jA+GWFaeVJuGrOCBBBg
uIu0Ekg42NAZ2AR32wQP5eEtlSAq8Il9RZzewa1v74loDNJOl+kW5/jQK6tGj2A9
vlTqVzHUDmPZ9n6Ds7h3wo2g3gzYX1cuM3spW9UsA8XUDNY2yNFYDC9IsAI09u18
N7f89isG/yYh5MZpJz2fx7cecHtwSVukTGHDsaoHTXMlfjQmVU5efORZJa6Bx0Tk
aSCwecem3q+3OcdgW8XwPWik/5Wv8B3dJopMH1Mw3pRhirtTd6/88xNyLkJStptB
DZvbqvB2nMmSiqgh0mPeslnwubxJ5/4FbP9zlLN7zp49RZHKDl/8EMSXGCjmG6UT
xW6I3YpKdc4+yEd19/UUtxqQOfbgFvlcbesQ5ILvLOzZidkS7y0v4i9rZBe/HEy3
eG8z4s5dloBrpSBvKySwqWuuSDn3tMqw4Bz2Be3FgtYA4TnNy7shcFR2BMFotCRB
bmRyZXcgRy4gTW9yZ2FuIDxtb3JnYW5Aa2VybmVsLm9yZz6JAjsEEwECACUCGwMG
CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOmRGPAhkBAAoJECnuhIrizPP0wK0P
/RMvjmzeXbgoa36cBDvDKReAiC56Au4qGXkNah3984tNPT1hVUKCiwiUmULoNJbE
I4qFJTtwsMi5QzE+daCA7t+ALJiC+PKiKFG1LDz7mxfhmBeS3XcYuqZdjyKrATUF
r0SHbsJxtRCslawGD2gKczLknFeBXL0997TfJS9ipLibqCtmvyryHn4EbZfoJqcp
j/RBN/izVGHNYI8BsZpO5F6z7vXoncDL0dKh65ndGaIbhVDUPsDBvzg3i+EzhB51
hYTTNKK0QpWbmsXfJBnvztinfLUsnO9HV8aRaygOI/DAKAtT7YPXORA1oFYtx69b
zulqC+TXUmeV8YW8bETH4xHM9mQb0oNLPibR2nK2FSDiLp0/eEM5vgzfPVUX7WzB
JUPsf0ah/e1yrXqudGUUZ0R+3VMOdxMryZBKLymkzyvu6a5DcLarqAt8y9ciRH67
HKNnE1gvHf5K2Q37gwSecwmXCjpMlbVJnIarLKBcVRcYKtxgPxCv6483I8heSKF7
PB/IFBmzT1cX7lhln9+62Ks/0Gs0pA0iNLaD+POPiqWrAwZsFvKjD9PDaCBDFRWj
FqZLyJMsMi1qmP8jWsdQqPdUskQC0ftvw3Z6SiyyrriSAzglCjmmAcfdt+w4b/EO
4SzSZUnd/ApkHkZx1Lbta15WKxGi7S8/5zNdaK721nUdiEYEEBECAAYFAk6Oi/kA
CgkQQheEq9QabfJhdwCdEhWd2WbjrypMC2jEqWUswmf7fsQAn3LwZyeVJK5LApOF
7NimHkCQV9z7iQIcBBABAgAGBQJOl+CHAAoJEO2/8mhZLMbY4ywP/2qX0+QrilRC
eqk8cOmljLB+sxiA2Jc5YINAXipg6PSQzF7IlMnSNSW69ARLPW5iyDTljXTtD85W
/yWhm3vsouWldBa1Wb6xVb8iA8H8fUUKCY7ngCSjHJxPa1KRsTrMKCkLHR2MP7Qi
ar0dvquomtlx5chkhXmY+0cxcA/cMB/A/fbfDvvbYD5HYiB90AylPmLbM9XiLF0F
RSJt7iokGidS1W80ZCg5p1R02dQV5H7/111Xx1QIggPcNPWGwCK61Q3tPV0xc0oQ
dZpQk2hnPVHF7BMmCyB/iNRofF9mpC/QZGFRQkb3XgdIdK/O23VQntSGctrtnL1M
rcrgQUIrMaU3LKFbIE7DBwMUzUaTO/t14ZQQUZJTAKLSVCfvGvgh6/dqaXpssQxL
D2S5J1sWs1ZVInOhjo2OZnVl3SEmQT9h6NB93QRoGfbfy+AJgReRcfCep5zDMrud
5HPym9itvMLVVzw267Yn0ATBhrESAY8LqBBRbigM/TL+jNPfsQzhEzHXFsQL/dKh
V4N8IURnpCqHzY2BSnTX1K8ipl+iRGpMVfkYQnM660AIJhAReT2rwzuhGRKHbOXz
UrzoEg1PEw/+69ZmcGUZH1VtSrOw0r6eub+rg7Q0R4r6c8kF2vS2XSQn/MZ2Wqjk
hW4fWCqqogIvCkqk1Jt3OCRIWbVC0bKKiQIcBBABAgAGBQJOmJxYAAoJECDQTlpx
NmCnTvEP/38M2bsQGnKVhNsAcr7sDO4YmDrc8V/bUrGjADWmLcW/K2MDOWLZIwmg
Z1qMifHXuy/NhyX3/xp8VacNAlpuQ8o/T77P1QCLwuPu+fuXLOmFkCISFeTW5g/d
pShZ4tsTXAaJs7bQdQnsY3prZl0CMJtItOhwW34PDZL95Vp2ZRx84Dn355KHUeeq
yQjqu+cEz2T5sfVj/O2w1tgeWcMxrOI3ARD/Ks+CeWoFZPezq2K4ctka7Q+muH9/
1WCatdpryf5SJoBMDaC7GXzGegesKQr35sfNM9XRP1TphmCqQz4VOb+stIEJv1Dq
c9Lc4EScOwmESt5mzPwrZ3OJ+stFKW1QJgErUb55TNQ4C957rodxCerNa9ptpdUk
U9Pb2vpSurNRgETA/urZkBO/vPQ8MEgdJSbVgh0Rj/zPFnj3akQFc98U5Km0TIHJ
7r6S+qj73itUM79jMVKJgewPEA8cys0ACLoM5uRNYq35mY4OeP/Edm6NLiKfD0us
MfEQ+02B8RqXuHBAJAa/+f+U3zGkw268f3/16kZv/PTMfdOEy1cjKlQ3LFwIHfny
Brb/3vHAVTAyEbBPWmULEjopdevEPKmKyW2EXFphBmjOHSghmIRDxO2WmSuI8bIU
sH4oq6MwqAJpE5rzreBNLNh5ZY4yzw3nAJb6Bb59m0kt2fHKIq+AiQI4BBMBAgAi
BQJOjogSAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAp7oSK4szz9HRi
D/4sMdw5WrUtmagrXWVyj83YLJW2GBxH6s5UR1/fyl5uDYjBAccf3jDuIwVZzpCJ
ZpQ8RwvRV699Pag5L5uwDEvkiIMROPNescaXGROuNoCFfqIOTVZfGya2w06dB0Kh
C0l++iO6YVy1eJkyc/XooiOOtEfv5UpBZSWn9hMYaNSc9tiQcyPxzEnEQYUmIoXG
kHXUNRDBQfJLRZP4e9YjN/hH0ZW7/rHXXMxeBREfbCekKy0qDgJ/Sf3Eh6dwUkOR
/vCrdZM2Q8TTX0LJdflJdqMEuYHqm1j9RrnoXIjhx0wFopEOHPSr2qxOu2gOkyxB
JE7Ur3IKpMRaoCR0xHMb5MOgnMmwRW2G6KcZTCdr2jmxp2hK3BxRcUt3qh74jhZL
Dbv5dxTqVn/VK1CGhHbrcW2adkyi2sK7vVARdlSmHYWIWhLqv77p7tkSAX76Qig8
X75WGF+W3YSAS4f3I6QXRnXxzG8TbMIa4CfeN5IZ2Z5TisC2YyuG8VdM/m6i6W18
cLa7ZNGE3w04eVQvtigG+9p9gCs5Kg6PVVxwJsjGDDqHkCslfFF8Wl1ZdqXqtUB2
RKTWb4XNU5XxO0xIGFtLUNnCKcJAOUCu/oRJ/WWHW+BKDdG1VbgYVFTXHc6YZpet
2D+sAs7cWV8GDJ9nChHWcQ5C/bPV1PVnheZhwGvHLsWrILkCDQROjogSARAAtLny
8nlyr8fyYGAocQz0S47a99n/X0Vmgwo1trJsCXWbOrpztznY8IFRK/dRnRHiMwBx
WQ4CvdUk2p0MweUiOjpEN7bUm92jeFXMr0hpQKf+O4DMExHS4hxLwArnKFuAk2ej
RQGXBcEoMv11LiUwuzFbWdXqMsA1TbuA+WvEBnFUYM/6xNiJeRIUIiGydhG1yaw8
HrNWLHnhhcOfT6z5AO69hZZiJacp9pU/+jnep/M42p4J17x81+ESpJeladwR0Qxc
0qxOyWidN7oO5hSiBEwU6lYQjdQ23pa7tN1o90P9jyN2nFBEdBu2D/mi4DV/+VXU
YHNEy3uNhmmLGwMoPVWiZveRmG74+ne7MVyxwb9EIF3IenS4T65ee1dlZvaoMxUl
Ue8htEK0ChrQZOfITs9MyjUwoTiLUVo3kQeMli9HJEQXPRjHqkkZ7W65LhkEVnHS
PHWtttRSDkuZYtze+he142GzDSQA3dF2zy/tLpBb5CA29ITcQTspgV7AuV8YQqDZ
4XWHsR9Am5334N83EXk2oouqxl7mKUB0Vg6tujNCBSRn6A3CUaA29w/MyTg4z6Yw
6HD3il1J8PcWEoOzqlUoPd8tA5pcZCcKngkXndpXgsZCgoCgvx9WNU+LUrHBfhC3
TLLsI7iGO1JvLghkesKTARF3O2hS3xAhfGZxn8MAEQEAAYkCHwQYAQIACQUCTo6I
EgIbDAAKCRAp7oSK4szz9HSYD/9hmEsJuSgAGwx/OPweYuDGkA25ajDAu59LpzTb
jB/yOU1rDVUu3cMH+UEyaEGlhbneGvHF2DsEC9il/8fVL4eaE9EWpopIonYndBE9
1+YiGHPToiyKcdp0KuQMwm2ENAiEf/qErrB2NLna4wfZUx5lzvEOEk3cNPmNz2ER
yMPXIeeiQ9VKp3MzopWhvBItAyIzzuydKKvJAKzDoTOEL4w60slAphj8rVCsW45k
2AurWUH7VFM8ezXunieLeygCGb+YJZAet6yVXD3UwnNcWCGQ+xKSPuyKrn4xKG0N
5gzxnGIh/S/7IOjRaNR5X+pfWd6YzN9qURUfiXmuLSPRHK4Flfam4gMMHul9wL6X
BayFo2NUPBaxg4U9ACAgSJxgCTNPCKwnovecOsRmIESKtT1F3hbZRRgRGj/TDepJ
QNfHSyk/ZQfuoJggBMQLJKzGII42rb0W90QLMk0SyCzeb3LO3yyNiKpluNpJsl2I
qdBJE5t1LxhKDnju6JlFyPcGJnP/doTuDTjjL0V+guPAGVbuq0g2hku+ZlJwjMSt
NwHPWxeifuDJbQVIp0xZbI5djdHC8hVJX+d09J5eq0PlgMEidc4F+Vv+mmGJl0Gi
NfhmTaACSRzbI25/bhvj2xhx8A2LEOuU/+nzYgQzPcFpawiUP1wBnTqi+maxKx5/
9ifyrw==
=Ibs8
-----END PGP PUBLIC KEY BLOCK-----
pub 1024D/D41A6DF2 2002-09-23 Andrew G. Morgan <morgan@kernel.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.15 (GNU/Linux)
mQGiBD2PVCcRBADmR2dfKJIaGj120v0EjrGbnYic8nKCrDLUHmtiZyIlMeTNqnw/
/Q2m057SIyFC5K5W7XV8LIsOcpEBAdIS5QLClwec/wqVj1FU5TLHNifR9fBq+DaI
tyMH+LX/HUo4xPaJ5KnE62/3M/SyUx/S69RURfRdDsC+9ucKZkW9mnRiUwCgm18E
+aUKNBKGyqHaNK+n50jxW0ED/2epmE6porj12MyTlTvmxHuq7SSqgzTP8KoNoOE4
mtZnYAkopb8uksBo4yj4abfBZNiVXEttc+XpwhnRODfy576wVy/lmDMTFAz7CYw8
5Qmsf9HZXyAS+XovscbYYAWq11BycqHzVNqOevMZPX4Om7+rHBcIPI6pCd3ouPlW
ObE5A/oDWXC35DcgFdmgVH2qr5COEvrDs9T5w4UdRXBMj2khE+32rdP0qqGYCW13
by84+Cpoekmg+6/FqL/At0Xl2a87czur5xR9mrDd32iknws0DggEuf+zL3Twt9kA
ftnqgiGr33iaNeXwgqfgQYMbxruLvjaAOayKPhr+tgJU6bIpWbQkQW5kcmV3IEcu
IE1vcmdhbiA8bW9yZ2FuQGtlcm5lbC5vcmc+iEYEEBECAAYFAj4UuSoACgkQkEgh
GpsoCtOuSACbBUTsx4vlTI5sfutfBntt4TySShoAn1M8hB0S9TkqbG/3OHB8gPm+
QhjHiEYEERECAAYFAj3irW4ACgkQ1fT/Y8EaOHp+sQCfWWkmmIDvyUi4bA3v4VSw
WaK7mSsAn0N65kYwaW7ohuYJAPeZ6U2HKvFfiEYEExECAAYFAj22Rz8ACgkQi9gu
bzC5S1y0dACfewqmEfYHaTNlCD3PPBCQdWhfi4UAn3+rNDIS5AohUPpbG2/8s9Ef
ZLyKiFcEExECABcFAj2PVCcFCwcKAwQDFQMCAxYCAQIXgAAKCRBCF4Sr1Bpt8u+V
AJ958HbiLmhrpWjAauN9GrtKudijkACfR2XasdjQs2ECc2qMX19QwNohDAeIRgQQ
EQIABgUCQCGDkgAKCRCA8Qy7VNK/WXUIAJ9/Zhn5knqsTTMllzWxe/N1ddGaaACf
SiuBacgyyBdIas15RYaD0YYcNlGJARwEEwECAAYFAj/7MEkACgkQC56ssbtLKadZ
lwgAlS98PQDeITUujwAWpGvOhXh9Bfh27RRKe+MskFTzTzuvmK5+VZGo4suC0PPS
9Hv40UPtt0SvgIuli1Ero0pCP6pWGjgLGPWroXtKfXfYRqnu4vfETt/Ugy2OjG9R
zfum4J8PULD47bsMVw3oMHFucgerArSQNeNx0w5JwYpFJCb5jSf7yXhDCfm+yVv0
XTls1DC7mtHQrnKGlZe75gEa6zaXRUAYboKbuBifV/anjwMLr2q0JKJSYxFFjIfG
e6QHAuM+NKj3+UAcpkCKYCUobaB315K/pOyKdKfRe5L+8zYQLafNqRlhkvuIkChX
ztyhoXEspp/yIPUJfZFcRldgEohGBBMRAgAGBQJEK0S1AAoJEOCAR9WqTho4asYA
oMdOh1uGDl7qgIO/h5VDwo4Hcs2xAJ4zqSnm0QrNgfFTK9x6j4Jzur+Tl4hGBBMR
AgAGBQJGg9bXAAoJEPmxwkd4G/I7NZ4An2wZ8rfwJt3CSm1ZVPiSf9Ax6J9fAKDM
1PqnD/qIbNMbmURXpEbvWWQunYkBIgQQAQIADAUCRgBA4AUDABJ1AAAKCRCXELib
yletfCcuB/kBeH0/nAFKNw77fNucYhlt9GuT1c1j+8emujF7mwgm18TVcxqRjeSV
PskEkzaX+mzf3Tfn6k7+d/dPYRHPrX0STdsNMqrZkqjt5tiozuLYJUE/PDKafzdI
Q7ya5ps2AdIKNixiSRPC+6cNB85NBorLXs9yg+JkQlPeUI7/DZb2iz1iZXTnyCZv
SvKA7JMYpCOzZ6fWshanZ/91hxQvsYHjYC+zQVTErSYQlBqz8fDLPfyYQiqQFn4c
T/i1WsxYMEaZtexvLuQe9LeaDqyY19DyBaJIIiN6EcGZ4sXRa7M6QUD1HKjEWt62
U4shHkPGIMgQWLcRZDepovlpGVXLmXEf
=oXom
-----END PGP PUBLIC KEY BLOCK-----
The following is my DSA key 'D41A6DF2' signed with my old '2A398175'
RSA key.
-----BEGIN PGP MESSAGE-----
Version: 2.6.3a
owF9k82L42QAxmccVjFzUNjbHLQLHlbDTJq0aZuRAd+8+WgmaZqkTZtWWchHk6Zt
vpOmGcT1A1zm5EVZPXhQYW972IMHFVxQPK14UNjLICKiexBkEQQ9iI7zB/hcf4eH
B57f6dY7O5e2jt76ab/58Db7HPVasb3NvLvzT/5G44+H1uSpW0/fffDih3Dv9+uv
/ka/9Nh3n/h865FH0Qd1/f7Ny4/jg28/uPJ9tvvRjTdPrz1z+vVnyf4t50T95vmr
/gtninr/q7NP56+8/4Xb/tlJl9d/vXNj9+bnly6/vHX2p56urvwQ/3j3y92Pt/eO
3w57h3vO7O+/tn+5dw17HT555/bOe9YTQZR6ZrjPNHHQYjhi6zz7/4VmeUGuKbxS
U3RaEmBNZCc1WupD8QIjo1ma+VF4WOPDQuFra/ygftCqXeVlHZP8sNg8i8AoCGZh
fljjorTmh25Uy2az2jzP40MMK8vywAuL2Ds470eQQOV9miGUEbQ1GjCBRjiueCyY
/AIn6us6u0h5K5z4dicUYcpIejfI/WklrHqzoZyEJYZgKhHUyfZAqDhIiuS4bYw6
kpD17ZilgSMMSFWCq3JmY2UyWuCcTg6lruy7GuXSCcqYApJXvS4qGVhXj5obxTwm
xZBtEVijhw0qfYMNWpSma67mMBlEqcIWp8sxFYSar5fQC/AOi6CmLsq0yFdJ15RF
NCTri824zjIYMYsDthVH6fmWXjVcDdfBplsk7cEg8U6GSkeM5KjPNpEgn4YTsIxi
q1MsMzpqVoumabn0VPZHBpvnNmrE5TzU+oxbke1WOaqwVcD0hhw4acNJ2UFINchc
qjs1KjBAjWid2dZkAsYJjtOVnXRPRnLSn617U8Vo9oM2mnZpW1CEVgydRlQoqzHS
t1gSYBEzNmCDZGyPcwJv1CWSlIR9dp0yGTUky6buaAbdWxDLOYs2iNRR6knCT+AY
byBW1WmiMI5my8BDWxiXSBjI68aKMDtt+6RIyY1GBSnjNAh/GZZZnfE8tnDRE6kx
LHNqCRA3DxPP59NGwzflmVF6ieupk561SQtpvTBB36xEZZ6iuXestywhHlvqUh2T
SzsYNQTWLhCBxdd24MwtH3SsMVVNCa5Q+XxlB+TKguQ5s1Gfs1l2w0JA2xxYXJyO
g6UtglJlEE7tQbCZQKAKhgeACDUacs1BitNx3inQETimyE7X8qVgnsbjBTALmeLT
XCwcf7EE0EU0wjAzZ6FmBAttIukZOKWWcjRngH2EHLWNIY1cGMTKzP/o9S8=
=cdkf
-----END PGP MESSAGE-----
Type Bits/KeyID Date User ID
pub 1024/2A398175 1996/11/17 Andrew G. Morgan <morgan@linux.kernel.org>
Andrew G. Morgan <morgan@transmeta.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQCNAzKOhJ4AAAEEAJ9xYnZSD1kYanF+8GUBhHf/gx6hGd8ZNmS5qIC8Qb8rMcTI
+E16nV+FnNRlPRbShITYjq1TPvVK8gTliZf41N9LRQZw0rywRt1NQyhdfKgDWYxB
kSOwK67oDjkzzC56XS2rrGI6K3Rz/VtYElRyuQ6ZyaKTGcgU/TTwrUUqOYF1AAUR
tCpBbmRyZXcgRy4gTW9yZ2FuIDxtb3JnYW5AbGludXgua2VybmVsLm9yZz6JAJUD
BRA2iFK0NPCtRSo5gXUBAalqA/9s3Hx8BUESiC9PpL88KSVe3ENoO0ogAuMDK3vj
k2a17Twxi92Dc/NPXr8ewEKF/h1GiRetLBVPGaSVC+602+2cr5SHqzUzAeyF2Xa6
VAxCskxkAssTxIW7nyAMWaOB5A/1xm3YChawVQx3XIvbIp+HXHDNr/60COtlGm7I
IcHftbQnQW5kcmV3IEcuIE1vcmdhbiA8bW9yZ2FuQHRyYW5zbWV0YS5jb20+iQCV
AwUQNohVmTTwrUUqOYF1AQEgWwP+K94N0OO+I2A7lnP5Jp7O+kfMJCFxPZOeozrq
O8uKsAs03ekS+kDJ3p2ec65BOzZyweHEu1HtOtdZbXsN3zynLKBwJrvvaHBQpAqv
BrjfNsl9a+NFmfa4fmdPWTzCaG2rmFlaQvZ6FP7QrHXB/1+VlH0gJ90FOgAd3Qyp
4hhW9g8=
=qQJI
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/4536A8DD 1996/01/28 Michael K. Johnson <johnsonm@redhat.com>
Michael K. Johnson <johnsonm@nigel.vnet.net>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQCNAzEK0l0AAAEEAMWweYcS6ov1RISP6E7lb3vgQOrmhBy6S/8zkuHo92IkQWXm
V9AcMUY/eJPRJH6yI6o1ZKN4InT4uCkSIQOd2C8XyeIK5jFhpmP9DhoucacNL5H7
oCV4wtFGhUDaDl9VeTtbWLSMESxJ4T/fL/IfkW95/Q2dF7zIDid5aW9FNqjdAAUR
tChNaWNoYWVsIEsuIEpvaG5zb24gPGpvaG5zb25tQHJlZGhhdC5jb20+iQCVAwUQ
MuqeiDTwrUUqOYF1AQEjywP/bCWLybbZSI8plyUSWD3yxwjsE+8BiOPGRu1AARUz
GbVZq9LqPDyjFtH9DqgXULyZtCAk8ebZonH/h/0EnZTi4tiZg3BHKXhIlWQnNz4D
QRdtUEmMNQzi9+3mU99CBGigsrDQnNrnI88ejo/0YY3gdt6752g5HAvY13h9A0ZP
MFWJAJUDBRAxgAouJ3lpb0U2qN0BActVA/9vgBOUheUpLPiIry/+2qqJv+e+LnHw
DgZqROpli9bhJ4wfb1sXPYkFzchR8BUeU0NY6HvAwxEilSNPE1yQoaJuy8POtTuu
aFO4wvuLp0v5LuatXaU8EsncwjrBsWqRB6Dqd+jyq24Pjx0YKNSRJxceiBE8SBDW
HESAhYTYCBLy77QsTWljaGFlbCBLLiBKb2huc29uIDxqb2huc29ubUBuaWdlbC52
bmV0Lm5ldD6JAJUDBRAxGljWe01Ojay67k0BAf3qA/48N9OvgGk9nNR+Pg6aW3rK
2Dy8t2RQdFGd4b7gBtZeXUAklq9ppYZtS+cXFHoQ8d7K8XBjHh+rgF2oOSBQUrQf
eb8XkKSZQxB7DZVdi1gAsOzSwCrn4TWSSKc28P4Mjuj1Jr2f1FGST1+cGIl7JbhV
kLGjmvOIgs7lS8FE0Hhm/4kAlQMFEDEWclxEcVNogr/H7QEBN1QD/1iY+KYQyOTz
fgaBsx+Bt11kstmOlYhXx23yK2etG0p8XCD2r3aojGOTR/e3o2bLiJo4xe+iMhOM
dvdSzxSPGQ20wX3jGJaRrRiSClFTQbZSelGG0FcOGfM3mL5zeHaXzRcRciK3VDkD
IFzTQ3J5NJVBIVlAkxTMIxho758lR2SjiQCVAwUQMREqFnoDqzGe1QXFAQFdpAP/
VPPoYO50seo1rLL28AA2PVKqo6BJwj0ZMsC14MDJEKryBbj/E4Ma25uSlzBjj+t9
rbygoz0XWUQMLh8XPAEps3nE3n8FWROsdlucGzGiDGKVEygLPzCsjR7aGEspN1Y7
4qOZPxbpGG7B5exOLur4ACY75m6oBh+PN+Q1liCIYXKJAJUDBRAxDpk1iGe2nxKR
G10BAeQjBACmx4DyJacQXxuckDaKMTXa8v2Q7lQpPDyHdn1oAUsx1mrbSL55v2AI
Q0riFWcFRTERpjAToCLgQjK1pKpmJcduiXURj6TPVKd88hYkuCIpn2hIaI7SCkd8
HZlfFiuaxVN29UbbzHv3C+mseydpkPRrovqmOSuj2xAGFALo6Vl9U4kAlQMFEDEN
eD5EFXDNRmtCiQEBRmoEAJAuyY0F5hbweDOdeAhxLWeiTl9jGwQYDS3T5B5/9ZpC
bJ1yX7Pk2o7LvR9tg/Ji5sfMMvIpH48DNT4kyjmmChFXCUBccwd+33ugdTcYDwLR
Cdt7k9r2yXz1LEH+lVNKOEIhuIq8/sX61hvFR7+qSABthTLrvvynycD5n2pG3F7L
=aGjw
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/D4F4D901 1997/03/05 Cristian Gafton <gafton@sorosis.ro>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQCNAzMdU6sAAAEEAKLF73rRJ3RUtl+y4bLUOVOV7ataJ46ZHxDZeGAVi+/suwT9
Kq7QdaeFc4Xwaq8PVWv7pZ4/qTwHUkdbjBVeLt+KOlprvKuadyAh9aG/SqmKkEvA
hCS3yZDwNmeSLO7VIN5ko1nIwVD4kPJvS3xX6kn6jd4mvv/qGfGvxKXU9NkBAAUR
tCNDcmlzdGlhbiBHYWZ0b24gPGdhZnRvbkBzb3Jvc2lzLnJvPokAlQMFEDMeTlI0
8K1FKjmBdQEBmgQD/02JxAU6+fiaBKwRIFDdsLYTy8mPgYaoul9RIX450W5D5nY/
/696F6TfmFUzvnrvTbZUDyLxHB0mnh4SrdKRKo57i7RDrdx3Mqlt/xP4R6nHwFed
yTMvz3KB9tYuWfC1fJp69/VRIkMrw448zKkgqHUnAKxMIHvXnV3M9jd6lXSYiQCV
AwUQMx1Tq/GvxKXU9NkBAQE3/gP/RZMe59OkBWS4whc9c6eac6zwcC/hNc1vyiZ5
2TEHJ10PgtNtHchD7j3xsDO17/DGEZB23OQiPAeLdqnBr+y2uiSlQfYdpVHBHX3A
uX3onc69LpEHmUAJAVOvfU1scnDtOH/KeVN3nwc6PWLxzLWzXfUbwLNK+LiPMNMV
1qygu+s=
=J4G2
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/A5D75B79 1997/03/01 Andrey V. Savochkin <saw@msu.ru>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQCNAzMYf1MAAAEEAK1S5jgmWnn8IS9mKoSpXu87f2soQhVZ3XdvsBCK2V7BojlU
0+JJrK+2gMH5tavyFsQ6cKch6I4xH54cS4P4tNE9M7OtfoXOxejtp9U9KZio8T0X
gM8qOS4fTQEfmdHSA5ETe5Vv+WPZ+/3SCo5kD1uIUUwppHDgJH+l396l11t5AAUR
tCBBbmRyZXkgVi4gU2F2b2Noa2luIDxzYXdAbXN1LnJ1PokAlQMFEDaIUh008K1F
KjmBdQEBFtkD/38mraXdr4aEYC6lxlG3cF+59XB6FjyBYhtwgNshpI2mB5XLr25p
f4jMFNUqnY/bGjXWKwbNguzJ0ukD8TgOg1ZXQZztRso1t1Y2M1KPbwlqj8ib1bZG
inQO/eqLrVwFH6F9CTiF0Fgy7faAIHN6BfE0o8earrcIwjT7sxRej3lziQCVAwUQ
M35653fqPT1smcpJAQHeqgQAlXMOru6Rz1TkslVrWD0n7dvBUHQxs0HS1pcWJnZJ
6kcYMLSA2RBi1fRabwzuOtzK60tOmfmnD7btcGBMMflOtfSulEg/xKNw2awEsNQK
ULEIBsvrpMr0UN4hWkxTggDXaykg7rQqgrbAsicoLuTtPDIbc+yhQcFEVGJiPO/I
tqiJAJUDBRAzfnUef89/VVw/1FkBAQ2lA/9q6FQM4RZzp75qxZ7jqAwUy9RFAKhp
L63YFJX3i1JsUjNoO51pjj5pEAxVVQsorqbdsmpC2aOUTf1AufEcs1kLojb3tc19
MhXPyHTJs66QqWutdP/yOW+CLzmILAsbEgI6O+toVZ0rHVXjEtRgKUnYReHLrlYj
RKlBnkVc3NtPcIkAlQMFEDMYf1N/pd/epddbeQEBfKYD/3x/PkH2e+Cy7YXsfwxb
y/n+6eNIbfakSYjkwN5tDOeaKhdQKUJBKVwAzD2yrLmMDx6uW+FUOTucb6Anau6R
iKrAJq/a4DcpAeymo7cAthVU7en7HWwebQcL4wZGao1BJI+ulynki4sIqkfbGP83
DK775eovl5X195ZkE/wNJvoi
=V5TY
-----END PGP PUBLIC KEY BLOCK-----

133
libcap.spec Normal file
View file

@ -0,0 +1,133 @@
#
# spec file for package libcap
#
# Copyright (c) 2022-2023 ZhuningOS
#
Name: libcap
Version: 2.63
Release: 150400.3.3.1
Summary: Library for Capabilities (linux-privs) Support
License: BSD-3-Clause OR GPL-2.0-only
Group: Development/Libraries/C and C++
URL: https://sites.google.com/site/fullycapable/
Source: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.xz
Source2: baselibs.conf
Source3: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.sign
Source4: https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/plain/pgp.keys.asc#/%{name}.keyring
Patch: CVE-2023-2602.patch
Patch1: CVE-2023-2603.patch
BuildRequires: fdupes
BuildRequires: glibc-devel-static
BuildRequires: pkgconfig
%description
Capabilities are a measure to limit the omnipotence of the superuser.
Currently a program started by root or setuid root has the power to do
anything. Capabilities (Linux-Privs) provide a more fine-grained access
control. Without kernel patches, you can use this library to drop
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.
%package -n libcap2
Summary: Library for Capabilities (linux-privs) Support
Group: System/Libraries
%description -n libcap2
Capabilities are a measure to limit the omnipotence of the superuser.
Currently a program started by root or setuid root has the power to do
anything. Capabilities (Linux-Privs) provide a more fine-grained access
control. Without kernel patches, you can use this library to drop
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.
%package -n libpsx2
Summary: Library for Capabilities (linux-privs) Support
Group: System/Libraries
%description -n libpsx2
Capabilities are a measure to limit the omnipotence of the superuser.
Currently a program started by root or setuid root has the power to do
anything. Capabilities (Linux-Privs) provide a more fine-grained access
control. Without kernel patches, you can use this library to drop
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.
%package devel
Summary: Development files for libcap
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libcap2 = %{version}
Requires: libpsx2 = %{version}
%description devel
Development files (Headers, libraries for static linking, etc) for
libcap.
libcap is a library for getting and setting POSIX.1e (formerly POSIX 6)
draft 15 capabilities.
Install libcap-devel if you want to develop or compile applications
using libcap.
%package progs
Summary: Libcap utility programs
Group: System/Filesystems
Requires: libcap2 = %{version}
%description progs
This package contains utility programs handling capabilities via
libcap.
%prep
%setup -q
%autopatch -p1
%build
%global _lto_cflags %{nil}
%global buildvariables RAISE_SETFCAP=no prefix=%{_prefix} lib=%{_lib} SHARED=yes LIBDIR=%{_libdir} SBINDIR=%{_sbindir} PKGCONFIGDIR=%{_libdir}/pkgconfig/ INCDIR=%{_includedir} MANDIR=%{_mandir} SHARED=yes COPTS="%{optflags}"
%make_build %{buildvariables}
%install
make install %{buildvariables} DESTDIR=%{buildroot}
find %{buildroot} -type f -name "*.la" -delete -print
# do not provide static libs
rm %{buildroot}%{_libdir}/libcap.a
%fdupes -s %{buildroot}
%check
%make_build %{buildvariables} test
%post -n libcap2 -p /sbin/ldconfig
%postun -n libcap2 -p /sbin/ldconfig
%post -n libpsx2 -p /sbin/ldconfig
%postun -n libpsx2 -p /sbin/ldconfig
%files -n libpsx2
%license License
%{_libdir}/libpsx.so.2*
%files -n libcap2
%license License
%{_libdir}/libcap.so.*
%files progs
%{_mandir}/man1/*
%{_mandir}/man8/*
%{_sbindir}/*
%files devel
%license License
%doc README CHANGELOG
%{_includedir}/sys/capability.h
%{_includedir}/sys/psx_syscall.h
%{_libdir}/*.so
%{_libdir}/libpsx.a
%{_libdir}/pkgconfig/%{name}.pc
%{_libdir}/pkgconfig/libpsx.pc
%{_mandir}/man3/*
%changelog