From da06b0df066aa0580adec149c3025971e11470e7 Mon Sep 17 00:00:00 2001 From: zyppe <210hcl@gmail.com> Date: Sat, 10 Feb 2024 20:34:43 +0800 Subject: [PATCH] Initialize for libcap --- .gitignore | 1 + .libcap.metadata | 1 + CVE-2023-2602.patch | 12 ++ CVE-2023-2603.patch | 26 ++++ baselibs.conf | 2 + libcap-2.63.tar.sign | 16 ++ libcap.changelog | 343 +++++++++++++++++++++++++++++++++++++++++++ libcap.keyring | 278 +++++++++++++++++++++++++++++++++++ libcap.spec | 133 +++++++++++++++++ 9 files changed, 812 insertions(+) create mode 100644 .gitignore create mode 100644 .libcap.metadata create mode 100644 CVE-2023-2602.patch create mode 100644 CVE-2023-2603.patch create mode 100644 baselibs.conf create mode 100644 libcap-2.63.tar.sign create mode 100644 libcap.changelog create mode 100644 libcap.keyring create mode 100644 libcap.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..759c5f3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +libcap-2.63.tar.xz diff --git a/.libcap.metadata b/.libcap.metadata new file mode 100644 index 0000000..e8e36cc --- /dev/null +++ b/.libcap.metadata @@ -0,0 +1 @@ +d766ce41dfb5c131536a8be41cde3889437151da3225cbbdff2792b1c7a43a72 libcap-2.63.tar.xz diff --git a/CVE-2023-2602.patch b/CVE-2023-2602.patch new file mode 100644 index 0000000..fd701d1 --- /dev/null +++ b/CVE-2023-2602.patch @@ -0,0 +1,12 @@ +diff -Nurp libcap-2.63-orig/psx/psx.c libcap-2.63/psx/psx.c +--- libcap-2.63-orig/psx/psx.c 2022-01-24 01:30:38.000000000 +0100 ++++ libcap-2.63/psx/psx.c 2023-05-16 16:05:14.436726170 +0200 +@@ -492,7 +492,7 @@ int __wrap_pthread_create(pthread_t *thr + pthread_sigmask(SIG_BLOCK, &sigbit, NULL); + + int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter); +- if (ret == -1) { ++ if (ret > 0) { + psx_new_state(_PSX_CREATE, _PSX_IDLE); + memset(starter, 0, sizeof(*starter)); + free(starter); diff --git a/CVE-2023-2603.patch b/CVE-2023-2603.patch new file mode 100644 index 0000000..c295389 --- /dev/null +++ b/CVE-2023-2603.patch @@ -0,0 +1,26 @@ +diff -Nurp libcap-2.63-orig/libcap/cap_alloc.c libcap-2.63/libcap/cap_alloc.c +--- libcap-2.63-orig/libcap/cap_alloc.c 2022-01-24 01:30:38.000000000 +0100 ++++ libcap-2.63/libcap/cap_alloc.c 2023-05-16 16:08:54.870513495 +0200 +@@ -105,15 +105,17 @@ char *_libcap_strdup(const char *old) + errno = EINVAL; + return NULL; + } +- len = strlen(old) + 1 + 2*sizeof(__u32); +- if (len < sizeof(struct _cap_alloc_s)) { +- len = sizeof(struct _cap_alloc_s); +- } +- if ((len & 0xffffffff) != len) { ++ ++ len = strlen(old); ++ if ((len & 0x3fffffff) != len) { + _cap_debug("len is too long for libcap to manage"); + errno = EINVAL; + return NULL; + } ++ len += 1 + 2*sizeof(__u32); ++ if (len < sizeof(struct _cap_alloc_s)) { ++ len = sizeof(struct _cap_alloc_s); ++ } + + raw_data = calloc(1, len); + if (raw_data == NULL) { diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..01e187e --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,2 @@ +libcap2 +libpsx2 diff --git a/libcap-2.63.tar.sign b/libcap-2.63.tar.sign new file mode 100644 index 0000000..b43854d --- /dev/null +++ b/libcap-2.63.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEOKZEaYxpeHNE6VTOKe6EiuLM8/QFAmHuAO4ACgkQKe6EiuLM +8/Tydw//T21BWZmAVOMN5wJ5o0xDs5UxM9uEXb8cNPM+C3AUwfNuu+FhGmDYJGma +rdMf4/xKNXBXdw5LAhP+5trNnYv9l8ESHB0vSE0jD1L+5kz2C+62s7NRp2rSdD2j +HYbjizzDSacXsfIYIggMX/PgSekK+Ji05bFTigjX14CUb3im6Vco+JaYHp9C/4Cy +ER0SVLumvN3wQWfeufOoUUMcV/anNVdtKSk3JKPOAIN2IYF4qKR0BWmszNSQtX3H +QpTUSQDx7jeulshEelVQoDUsJncs9xHGo72Q6PMxmq0T/l0gcaReoZtGd2THjNqJ +akhUURraI0ottI/IwUKWpY6n1YAulLQUIZijHg94f42IDOtJtx7fMeGU+haa/6BG +tPGxmsJUyPKdfDqfAiDjIzLWMcA+QISWM0B91JKVmtvBCOlRDOwC7lWMa3CfiNcs +JnhXf4bNXu1fvdIw4S6NdGVh8nZ0pz/eV6sjYBQf0sL1441IUTgnuUNYr1NhKqsM +FwnN+cnq6eV7iAiN9IvmxwBJ2PLuIvbR/jcq7mwG6LUeU4dT0lP6tj0d+5SswugZ +ZpF20FUbj9uwtvDCRtonLoNpnjmFfdn5yk7/qJy+elRvVL/LFHjg24Ndi2mGJxK+ +sHbaIo8mWs7PAzFeUl9uQncquwj90JHRTIGx9NalDtc75eBRUdg= +=oRLV +-----END PGP SIGNATURE----- diff --git a/libcap.changelog b/libcap.changelog new file mode 100644 index 0000000..26bec68 --- /dev/null +++ b/libcap.changelog @@ -0,0 +1,343 @@ +* Tue May 16 2023 abergmann@suse.com +- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() + (bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch +- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() + (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch +* Fri Feb 25 2022 meissner@suse.com +- Use "or" in the license tag to avoid confusion (bsc#1180073) +* Mon Jan 31 2022 dmueller@suse.com +- update to 2.63: + * restore errno to zero by the time main() is executed + * Consistent psx handling (a panic) for syscalls that return thread dependent + status Inconsistend behavior noticed by Lorenz Bauer + * Add a test case for a deadlock under investigation in golang + * Trim some of the #include file use to make the tree compile more + efficiently +* Thu Dec 30 2021 dmueller@suse.com +- update to 2.62: + * Bug fix for Go package "cap" and launching + * Build cleanups + * Documentation updates: cap_max_bits has a man page entry + * Recognize default securebits as a libcap mode: HYBRID +* Sun Nov 21 2021 andreas.stieger@gmx.de +- libcap 2.61: + * Better error handling of the numerical arguments for capsh and + setcap + * Fix executable mode for all of the .so files. There were two + situations where this was failing (with a hard to debug SIGSEGV + inside libc) + * Added an example of a shared library object with its own file + capability + * Fix the top-level include for Make.Rules in the contrib/sucap + example application + * Add support for running constructors at libcap.so start up time + when running as stand alone binary. +- includes changes from 2.60: + * Some build, code linting fixes, the addition of the + cap_fill_flag() API and a memory latency optimization + * General improvement in thread safety for libcap and cap package + * Minor API change replacing libcap:cap_launch_*() void returning + functions with int + errno status returns. + * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API + * New features for capsh: --quiet, -+ and =+ arguments +- add upstream signing key and verify source signature +* Tue Sep 28 2021 info@paolostivanin.com +- update to 2.59: + * Fixed a potential libcap memory leak by adding a destructor + * Major improvement is that there is a path for Linux-PAM compliant + applications to support setting Ambient vector Capabilities via pam_cap.so now + * Added libcap cap_proc_root() API function + * Added color support to captree + * Fixed contrib/sucap/su to correctly handle the Inheritable flag + * capsh enhancements + * getcap -r / now generates readable output + * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now + runnable as standalone binaries + * The module pam_cap.so now contains support for a default= module argument + * Enhanced capsh --suggest to also compare against the capability value names + and not just their descriptions + * Added capsh --current support + * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su + * Fix for a corner case infinite loop handling long strings + * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs + * Added a Go utility, captree, to display the process (and thread) graph along with + the POSIX.1e and IAB capabilities of each PID{TID} tree. +* Sat Jul 17 2021 dmueller@suse.com +- update to 2.51: + * Fix capsh installation + * Add an autoauth module flag to pam_cap.so + * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data + * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one + capability flag to another. + * --explain=cap_foo: describe what cap_foo does + * --suggest=phrase: search all the cap descriptions and describe those that match the phrase + * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) + * extend libcap to include cap_prctl() and cap_prctlw() functions to regain + feature parity with Go "cap" package. These are only needed when linking + against -lpsx for keepcaps POSIX semantics. + * this likely requires substantial application changes to make Ambient + capability support usable in general, but doing our part for the admin. + * Add a test case for recent kernel fix + * Go pragma fix for convenience functions in "cap" module +* Wed Jun 2 2021 christophe@krop.fr +- Fix a broken symlink. libcap-devel installs libpsx.so but + didn't install the library it's pointing to. +* Fri Apr 16 2021 tiwai@suse.de +- Add explicit dependency on libcap2 with version to libcap-progs + (bsc#1184690) +* Mon Mar 22 2021 dmueller@suse.com +- update to 2.49: + * Implement cap_func_launcher() and cap.FuncLauncher(). + * More robust "psx" redirection for nocgo compilation - the documentation for + the cgo implementation is now included in the nocgo one because the go.dev + automated documentation builds the docs from the nocgo version. + * Lots of documentation cleanups and added a few man pages: for IAB and + Launching. + * Some general no-op License changes that might cause folk to notice but only + for formatting reasons. These were initially inspired by some lawyerly + interactions, but I ended up rolling back half of them because they + confused automated software infrastructure. +* Tue Feb 9 2021 dmueller@suse.com +- update to 2.48: + * More uniform use of $(MAKE) in Makefiles + * No longer include symlinks in the git tree + * Provide support for make GOLANG=no ... + * Provide support for pointing at a specific build of the go binary + * camelCase the contrib/seccomp/explore.go program + * A number of documentation fixes to man pages and source code comments + * Last use of GO major version 0 +* Wed Jan 27 2021 dmueller@suse.com +- update to 2.47: + * Restructured gowns to default to uid base of getuid(). + * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. + * Improve the usage and diagnostic message for setcap + * Documentation fixes, license declarations, example updates +* Mon Jan 4 2021 dmueller@suse.com +- update to 2.46: + * The bulk of this release concerns fixes and improvements to libpsx + * Fix the capsh == argument handling and add a test case + * Added build support for systems that do not support libpthread + * Added build support for not building shared libraries +* Sat Nov 14 2020 dmueller@suse.com +- update to 2.44: + Generally, this is a release to help package builders: no functional change + to any of the generated code just documentation and make related fixes. +* Wed Sep 2 2020 dmueller@suse.com +- update to 2.43 + * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it. + * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets + * Clean up a binary from the distribution + * Added some more release time checks for non-git tracked files. + * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder. +* Thu Aug 6 2020 info@paolostivanin.com +- Update to version 2.42: + * Closed a potential issue with "libcap/psx" Go package and errno + * Documentation updates + * Minor optimization for cap_to_text() and (*cap.Set).String() + * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap + * Multiple fixes + * Support Go module abstraction + * A new kernel capability: CAP_BPF + * Better support for cross-compilation + * pam_cap now honors PAM_REINITIALIZE_CRED + * implements cap_launch functionality +* Sat Feb 15 2020 tiwai@suse.de +- Update to version 2.32: + * Bug fix for fakeroot incompatibility (boo#1162014) + * Slight perf improvement for cap_get_bound(). + * C++ support for psx header inclusion. + * Some new testing features for capsh +* Tue Jan 28 2020 tiwai@suse.de +- Update to version 2.31: + * primarily a documentation update + * fix libpam.pc to not require libpsx.pc + * changed the text format of the default output of getpcap +* Mon Jan 13 2020 mpluskal@suse.com +- Build using -ffat-lto-objects for static library +* Thu Jan 9 2020 mpluskal@suse.com +- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460): + * BUGFIX: arm and i386 fixes C and Go setgroups choice - used + wrong syscall in 2.29. + * cleaned up make clean and make install to actually work as + intended + * updated Gentoo libpsx.pc file from Lars Wendler + * refactored the way libpsx linkage with libcap performed mutual + discovery. + * Previously (2.28) libpsx had an API call overridden by libcap + using weak linkage function in libpsx. In 2.30 this is reversed, + namely libpsx provides the stronger function and libcap has a + weak "no-op" version. + * a bit more consistency in handling the 'all' sets in libcap + (C) and libcap/cap (Go). Namely, they both dynamically discover + the number of capabilities named by the kernel and use this as + the definition of 'all' for the current runtime. + + libcap (C) exports cap_max_bit() to export the number of + supported capabilities + + libcap/cap (Go) exports cap.MaxBits() for this same value. +- For changes for older releases see: + * https://sites.google.com/site/fullycapable/release-notes-for-libcap +- Add glibc-static-devel as build requirement as tests need it +- Install libpsx.a as it seems to be needed in some cases: + * https://bugs.gentoo.org/703912 +* Mon Dec 16 2019 matthias.gerstner@suse.com +- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security + wise. +* Thu Feb 22 2018 fvogt@suse.com +- Use %%license (boo#1082318) +* Tue Jan 31 2017 matwey.kornilov@gmail.com +- Enable PAM pam_cap.so module +* Sun Jan 1 2017 jengelh@inai.de +- RPM group association fix +* Mon Aug 29 2016 dimstar@opensuse.org +- Update to versison 2.25: + + Recover gperf detection in make rules. + + Man page typo fix. + + Tweak make rules to make packaging more straightforward. + + Fix error explanation in setcap. + + Drop need to link with libattr. It turns out libcap wasn't + actually using any code from that library, so linking to it was + superfluous. +- Drop libcap-nolibattr.patch: fixed upstream. +- No longer add %%{buildroot} to all variables for make install the + Makefile learned about the meaning of DESTDIR. +* Sat Jan 31 2015 p.drouand@gmail.com +- Update to version 2.24 + * Fix compilation problems (note to self, make distclean && make, + before release) + * Some make rule changes to make uploading a release to kernel.org + easier for me. + * Tidied up some documented links. +- Update libcap-nolibattr.patch +- Add pkg-config build requirement; libcap now provides a pkgconfig + file +- Clean up specfile +- Move libraries and binaries to /usr because of #UsrMove +* Thu Jun 19 2014 crrodriguez@opensuse.org +- libcap-nolibattr.patch Do not link to libattr, it is + a bogus dependency. application uses sys/xattr from libc. +* Fri Feb 1 2013 coolo@suse.com +- update license to new format +* Tue Sep 20 2011 aj@suse.de +- Cleanup specfile a bit: Remove old tags. +* Tue Sep 20 2011 aj@suse.de +- Update to libcap 2.22 +- libcap 2.22 includes: + * Clarified License file (with version 2 of the GPL) + * Support getting/setting capabilities on large files + * After --chroot command, change working directory to "/". +- libcap 2.21 includes: + * Introduce cap_get_bound() and cap_drop_bound() functions. + also include a macro CAP_IS_SUPPORTED(cap) for capabilities +- libcap 2.20 includes: + * Latest kernel capabilites supported: now includes CAP_SYSLOG + * $(CFLAGS) Makefile fixes + * Default to installing setcap with an inheritable capability. +* Thu Dec 2 2010 meissner@suse.de +- updated to libcap-2.19 + * more stuff in capsh.c + * sys/capability.h header clean up and fixes. +* Thu Dec 2 2010 meissner@suse.de +- fixed build on ppc64 (needs to get linux/types.h included first). +* Mon Jun 28 2010 jengelh@medozas.de +- use %%_smp_mflags +* Wed Jun 9 2010 chris@computersalat.de +- fix deps for fdupes +* Sat Dec 12 2009 jengelh@medozas.de +- add baselibs.conf as a source +* Wed Mar 18 2009 tiwai@suse.de +- fix a typo in the previous patch (__le64) (bnc#487453) +- don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453) +* Tue Mar 10 2009 tiwai@suse.de +- fix build error on i386 due to missing __u64 definition in + sys/capability.h +* Wed Jan 7 2009 tiwai@suse.de +- updated to libcap-2.15: + * Makefile fixes +- updated to libcap-2.16: + * stop using sed for parsing capability.h +* Mon Oct 27 2008 tiwai@suse.de +- updated to libcap-2.14: + * add -v mode to setcap +- updated to libcap-2.13: + * fix a corner case of cap_to_text() +- updated to libcap-2.12: + * man page fixes + * remove never used codes for sysfs check +* Wed Oct 22 2008 mrueckert@suse.de +- fix debug_packages_requires define +* Wed Aug 6 2008 tiwai@suse.de +- updated to libcap-2.11: + * makefile fixes, minor clean-ups + * fix cap_copy_int(), new cap_get_pid() and cap_compare() + * fix cap_copy_ext() +- fix build with libcap-2.11. +* Sun Aug 3 2008 ro@suse.de +- fix requires for debuginfo package +* Wed Jun 11 2008 tiwai@suse.de +- updated to libcap-2.10: + v3 capabilities, documantation fixes, misc fixes +* Wed Apr 23 2008 tiwai@suse.de +- updated to libcap-2.08 + properly supporting the recent 2.6 kernels +* Thu Apr 10 2008 ro@suse.de +- added baselibs.conf file to build xxbit packages + for multilib support +* Mon Apr 16 2007 tiwai@suse.de +- follow library packaging policy + * move docs to devel package + * move binaries and man pages to progs sub package + * fix *.so symlink in libdir +* Wed Jan 24 2007 tiwai@suse.de +- fix the access over array range in cap_extint.c (#237943). +* Tue Dec 19 2006 tiwai@suse.de +- update to libcap-1.10 to support fscaps (#229722, FATE#301748) +* Wed May 24 2006 schwab@suse.de +- Don't strip binaries. +* Thu May 11 2006 tiwai@suse.de +- fix invalid calls of free() (#174561) +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Aug 19 2005 kukuk@suse.de +- Create -devel subpackage +* Thu Jun 23 2005 meissner@suse.de +- use RPM_OPT_FLAGS. +* Wed May 25 2005 tiwai@suse.de +- fixed memory leak (#85659) +* Wed Jan 19 2005 tiwai@suse.de +- fixed compile warnings with gcc-4.0. +* Thu Mar 25 2004 thomas@suse.de +- added EAL3 man-page patch +* Tue Jan 27 2004 kukuk@suse.de +- Remove capget.2/capset.2 from package (version from man-pages + is newer). +* Sun Jan 11 2004 adrian@suse.de +- add %%run_ldconfig +* Mon Feb 24 2003 schwab@suse.de +- Don't include kernel headers, instead copy the contents here. +* Thu Feb 6 2003 garloff@suse.de +- Avoid inclusion of glibc's linux/fs.h (it's broken) [#23324]. +- Use BuildRoot. +* Wed Nov 27 2002 coolo@suse.de +- link the library with the compiler so the depedencies + are tracked correctly (#21996) +* Tue Sep 17 2002 ro@suse.de +- removed bogus self-provides +* Wed Sep 4 2002 sf@suse.de +- fix biarch error (added patch to Make.Rules) +* Sun Aug 11 2002 kukuk@suse.de +- Remove kernel-source from neededforbuild +* Sat Apr 20 2002 garloff@suse.de +- Include capfaq-0.2.txt +- Disable syscall wrapper (capset/capget); it's defined in glibc. +* Sat Apr 20 2002 garloff@suse.de +- Compile syscall wrapper without -fPIC +* Tue Apr 9 2002 ro@suse.de +- apply gcc-3 fixes only for gcc-3 +* Mon Mar 25 2002 stepan@suse.de +- remove -ansi, as it forbids inline. (gcc3) +- use -fpic for building libraries (gcc3) +* Wed Sep 5 2001 ro@suse.de +- updated neededforbuild and updated specfile (man and doc relocation) +* Tue Sep 28 1999 garloff@suse.de +- Initial check in of libcap. +- Kernel patches are provided within the docdir. diff --git a/libcap.keyring b/libcap.keyring new file mode 100644 index 0000000..b39f76a --- /dev/null +++ b/libcap.keyring @@ -0,0 +1,278 @@ +morgan@kernel.org upload/signature key. + +pub 4096R/E2CCF3F4 2011-10-07 Andrew G. Morgan (Work Address) +uid Andrew G. Morgan +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.15 (GNU/Linux) + +mQINBE6OiBIBEADpdtUxC8Fmhn5UK6UCZdU7mFgZwN8U9cabFUPfUIkMqXULhCD0 +hG2/amuiiUoLollPjOopNqk4cc8LcZfszOdBFAYj7MeWzNySVw4KkWrVCEH/bZ0Q +QzZH2qmoMT5CIrtcNxCAvukYsZLhyZYO0HdfuE05mVhVjtX9Btfxr7Ndvb7L4MRS +3Qb6+nHTgfn/Oow92/koIWvi0YvskKdZypeU888TQL99E8xdgL2n2Ip3xYwBHRR2 +GPb5MGOuEItF3tJ0kkILW5mzkJq/iLzRphzKjdF76I9QVRP8dZ+uWHPubWePm/5c +1H9lnlw00ZZ/ucQvSwTesUYk2aKkxzgm6X8fCdJXBLGgW5K6CkynpjN3qJ9KpcNY +H55smUgp8BaiWuoHe4pLvuBhnN2wiYOe2j9UvGX1OaRstMXFx7YbBvkGgdoZthUe +VPGAa4K+dnI2oy4wukzl/unAKrlMCBRsRoW2qjy3TDSXqwJhd34ilHzrdAdchrh/ +acBfbBtRzVlcDTnGltDNMuRTXzujaY9C3B0L2E+Jfrds8WcM8ASO4mHwJUTMrBwM +b5sFSG+/X9Ufg/c2G086HQ7xMERUA5oz66P5ReHCph8WHQN2L5vtZwL7//hZB9hn +G0K1210YEDXpFPijpis/54MKUSkWEFOLjUbiSPbwEfb79A00CcHojQQinwARAQAB +tDBBbmRyZXcgRy4gTW9yZ2FuIChXb3JrIEFkZHJlc3MpIDxhZ21AZ29vZ2xlLmNv +bT6JAjgEEwECACIFAk6VD4ICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ +ECnuhIrizPP0zNoQAMDjx3iovvf0rpAYFvvAoPbzhEXcJ41/T+paxWOJm8SEg7fX +nUHgXeTwW3RJPIp7PguctPogvKQV+7GcU5Dcg13DZO4nMrSsvInsLQkfeDVU/zl2 +MuHFOtBMpDp6iGcUwjS0bYbvl03fPj7ZXIML+I7OSyNeoZ/n2ztI9UiIBHovsHqZ +qYm4d7VOi4nVj1Y/Gak99sw3cLvUwq9f3i8ioNzynqBT7jA+GWFaeVJuGrOCBBBg +uIu0Ekg42NAZ2AR32wQP5eEtlSAq8Il9RZzewa1v74loDNJOl+kW5/jQK6tGj2A9 +vlTqVzHUDmPZ9n6Ds7h3wo2g3gzYX1cuM3spW9UsA8XUDNY2yNFYDC9IsAI09u18 +N7f89isG/yYh5MZpJz2fx7cecHtwSVukTGHDsaoHTXMlfjQmVU5efORZJa6Bx0Tk +aSCwecem3q+3OcdgW8XwPWik/5Wv8B3dJopMH1Mw3pRhirtTd6/88xNyLkJStptB +DZvbqvB2nMmSiqgh0mPeslnwubxJ5/4FbP9zlLN7zp49RZHKDl/8EMSXGCjmG6UT +xW6I3YpKdc4+yEd19/UUtxqQOfbgFvlcbesQ5ILvLOzZidkS7y0v4i9rZBe/HEy3 +eG8z4s5dloBrpSBvKySwqWuuSDn3tMqw4Bz2Be3FgtYA4TnNy7shcFR2BMFotCRB +bmRyZXcgRy4gTW9yZ2FuIDxtb3JnYW5Aa2VybmVsLm9yZz6JAjsEEwECACUCGwMG +CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOmRGPAhkBAAoJECnuhIrizPP0wK0P +/RMvjmzeXbgoa36cBDvDKReAiC56Au4qGXkNah3984tNPT1hVUKCiwiUmULoNJbE +I4qFJTtwsMi5QzE+daCA7t+ALJiC+PKiKFG1LDz7mxfhmBeS3XcYuqZdjyKrATUF +r0SHbsJxtRCslawGD2gKczLknFeBXL0997TfJS9ipLibqCtmvyryHn4EbZfoJqcp +j/RBN/izVGHNYI8BsZpO5F6z7vXoncDL0dKh65ndGaIbhVDUPsDBvzg3i+EzhB51 +hYTTNKK0QpWbmsXfJBnvztinfLUsnO9HV8aRaygOI/DAKAtT7YPXORA1oFYtx69b +zulqC+TXUmeV8YW8bETH4xHM9mQb0oNLPibR2nK2FSDiLp0/eEM5vgzfPVUX7WzB +JUPsf0ah/e1yrXqudGUUZ0R+3VMOdxMryZBKLymkzyvu6a5DcLarqAt8y9ciRH67 +HKNnE1gvHf5K2Q37gwSecwmXCjpMlbVJnIarLKBcVRcYKtxgPxCv6483I8heSKF7 +PB/IFBmzT1cX7lhln9+62Ks/0Gs0pA0iNLaD+POPiqWrAwZsFvKjD9PDaCBDFRWj +FqZLyJMsMi1qmP8jWsdQqPdUskQC0ftvw3Z6SiyyrriSAzglCjmmAcfdt+w4b/EO +4SzSZUnd/ApkHkZx1Lbta15WKxGi7S8/5zNdaK721nUdiEYEEBECAAYFAk6Oi/kA +CgkQQheEq9QabfJhdwCdEhWd2WbjrypMC2jEqWUswmf7fsQAn3LwZyeVJK5LApOF +7NimHkCQV9z7iQIcBBABAgAGBQJOl+CHAAoJEO2/8mhZLMbY4ywP/2qX0+QrilRC +eqk8cOmljLB+sxiA2Jc5YINAXipg6PSQzF7IlMnSNSW69ARLPW5iyDTljXTtD85W +/yWhm3vsouWldBa1Wb6xVb8iA8H8fUUKCY7ngCSjHJxPa1KRsTrMKCkLHR2MP7Qi +ar0dvquomtlx5chkhXmY+0cxcA/cMB/A/fbfDvvbYD5HYiB90AylPmLbM9XiLF0F +RSJt7iokGidS1W80ZCg5p1R02dQV5H7/111Xx1QIggPcNPWGwCK61Q3tPV0xc0oQ +dZpQk2hnPVHF7BMmCyB/iNRofF9mpC/QZGFRQkb3XgdIdK/O23VQntSGctrtnL1M +rcrgQUIrMaU3LKFbIE7DBwMUzUaTO/t14ZQQUZJTAKLSVCfvGvgh6/dqaXpssQxL +D2S5J1sWs1ZVInOhjo2OZnVl3SEmQT9h6NB93QRoGfbfy+AJgReRcfCep5zDMrud +5HPym9itvMLVVzw267Yn0ATBhrESAY8LqBBRbigM/TL+jNPfsQzhEzHXFsQL/dKh +V4N8IURnpCqHzY2BSnTX1K8ipl+iRGpMVfkYQnM660AIJhAReT2rwzuhGRKHbOXz +UrzoEg1PEw/+69ZmcGUZH1VtSrOw0r6eub+rg7Q0R4r6c8kF2vS2XSQn/MZ2Wqjk +hW4fWCqqogIvCkqk1Jt3OCRIWbVC0bKKiQIcBBABAgAGBQJOmJxYAAoJECDQTlpx +NmCnTvEP/38M2bsQGnKVhNsAcr7sDO4YmDrc8V/bUrGjADWmLcW/K2MDOWLZIwmg +Z1qMifHXuy/NhyX3/xp8VacNAlpuQ8o/T77P1QCLwuPu+fuXLOmFkCISFeTW5g/d +pShZ4tsTXAaJs7bQdQnsY3prZl0CMJtItOhwW34PDZL95Vp2ZRx84Dn355KHUeeq +yQjqu+cEz2T5sfVj/O2w1tgeWcMxrOI3ARD/Ks+CeWoFZPezq2K4ctka7Q+muH9/ +1WCatdpryf5SJoBMDaC7GXzGegesKQr35sfNM9XRP1TphmCqQz4VOb+stIEJv1Dq +c9Lc4EScOwmESt5mzPwrZ3OJ+stFKW1QJgErUb55TNQ4C957rodxCerNa9ptpdUk +U9Pb2vpSurNRgETA/urZkBO/vPQ8MEgdJSbVgh0Rj/zPFnj3akQFc98U5Km0TIHJ +7r6S+qj73itUM79jMVKJgewPEA8cys0ACLoM5uRNYq35mY4OeP/Edm6NLiKfD0us +MfEQ+02B8RqXuHBAJAa/+f+U3zGkw268f3/16kZv/PTMfdOEy1cjKlQ3LFwIHfny +Brb/3vHAVTAyEbBPWmULEjopdevEPKmKyW2EXFphBmjOHSghmIRDxO2WmSuI8bIU +sH4oq6MwqAJpE5rzreBNLNh5ZY4yzw3nAJb6Bb59m0kt2fHKIq+AiQI4BBMBAgAi +BQJOjogSAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAp7oSK4szz9HRi +D/4sMdw5WrUtmagrXWVyj83YLJW2GBxH6s5UR1/fyl5uDYjBAccf3jDuIwVZzpCJ +ZpQ8RwvRV699Pag5L5uwDEvkiIMROPNescaXGROuNoCFfqIOTVZfGya2w06dB0Kh +C0l++iO6YVy1eJkyc/XooiOOtEfv5UpBZSWn9hMYaNSc9tiQcyPxzEnEQYUmIoXG +kHXUNRDBQfJLRZP4e9YjN/hH0ZW7/rHXXMxeBREfbCekKy0qDgJ/Sf3Eh6dwUkOR +/vCrdZM2Q8TTX0LJdflJdqMEuYHqm1j9RrnoXIjhx0wFopEOHPSr2qxOu2gOkyxB +JE7Ur3IKpMRaoCR0xHMb5MOgnMmwRW2G6KcZTCdr2jmxp2hK3BxRcUt3qh74jhZL +Dbv5dxTqVn/VK1CGhHbrcW2adkyi2sK7vVARdlSmHYWIWhLqv77p7tkSAX76Qig8 +X75WGF+W3YSAS4f3I6QXRnXxzG8TbMIa4CfeN5IZ2Z5TisC2YyuG8VdM/m6i6W18 +cLa7ZNGE3w04eVQvtigG+9p9gCs5Kg6PVVxwJsjGDDqHkCslfFF8Wl1ZdqXqtUB2 +RKTWb4XNU5XxO0xIGFtLUNnCKcJAOUCu/oRJ/WWHW+BKDdG1VbgYVFTXHc6YZpet +2D+sAs7cWV8GDJ9nChHWcQ5C/bPV1PVnheZhwGvHLsWrILkCDQROjogSARAAtLny +8nlyr8fyYGAocQz0S47a99n/X0Vmgwo1trJsCXWbOrpztznY8IFRK/dRnRHiMwBx +WQ4CvdUk2p0MweUiOjpEN7bUm92jeFXMr0hpQKf+O4DMExHS4hxLwArnKFuAk2ej +RQGXBcEoMv11LiUwuzFbWdXqMsA1TbuA+WvEBnFUYM/6xNiJeRIUIiGydhG1yaw8 +HrNWLHnhhcOfT6z5AO69hZZiJacp9pU/+jnep/M42p4J17x81+ESpJeladwR0Qxc +0qxOyWidN7oO5hSiBEwU6lYQjdQ23pa7tN1o90P9jyN2nFBEdBu2D/mi4DV/+VXU +YHNEy3uNhmmLGwMoPVWiZveRmG74+ne7MVyxwb9EIF3IenS4T65ee1dlZvaoMxUl +Ue8htEK0ChrQZOfITs9MyjUwoTiLUVo3kQeMli9HJEQXPRjHqkkZ7W65LhkEVnHS +PHWtttRSDkuZYtze+he142GzDSQA3dF2zy/tLpBb5CA29ITcQTspgV7AuV8YQqDZ +4XWHsR9Am5334N83EXk2oouqxl7mKUB0Vg6tujNCBSRn6A3CUaA29w/MyTg4z6Yw +6HD3il1J8PcWEoOzqlUoPd8tA5pcZCcKngkXndpXgsZCgoCgvx9WNU+LUrHBfhC3 +TLLsI7iGO1JvLghkesKTARF3O2hS3xAhfGZxn8MAEQEAAYkCHwQYAQIACQUCTo6I +EgIbDAAKCRAp7oSK4szz9HSYD/9hmEsJuSgAGwx/OPweYuDGkA25ajDAu59LpzTb +jB/yOU1rDVUu3cMH+UEyaEGlhbneGvHF2DsEC9il/8fVL4eaE9EWpopIonYndBE9 +1+YiGHPToiyKcdp0KuQMwm2ENAiEf/qErrB2NLna4wfZUx5lzvEOEk3cNPmNz2ER +yMPXIeeiQ9VKp3MzopWhvBItAyIzzuydKKvJAKzDoTOEL4w60slAphj8rVCsW45k +2AurWUH7VFM8ezXunieLeygCGb+YJZAet6yVXD3UwnNcWCGQ+xKSPuyKrn4xKG0N +5gzxnGIh/S/7IOjRaNR5X+pfWd6YzN9qURUfiXmuLSPRHK4Flfam4gMMHul9wL6X +BayFo2NUPBaxg4U9ACAgSJxgCTNPCKwnovecOsRmIESKtT1F3hbZRRgRGj/TDepJ +QNfHSyk/ZQfuoJggBMQLJKzGII42rb0W90QLMk0SyCzeb3LO3yyNiKpluNpJsl2I +qdBJE5t1LxhKDnju6JlFyPcGJnP/doTuDTjjL0V+guPAGVbuq0g2hku+ZlJwjMSt +NwHPWxeifuDJbQVIp0xZbI5djdHC8hVJX+d09J5eq0PlgMEidc4F+Vv+mmGJl0Gi +NfhmTaACSRzbI25/bhvj2xhx8A2LEOuU/+nzYgQzPcFpawiUP1wBnTqi+maxKx5/ +9ifyrw== +=Ibs8 +-----END PGP PUBLIC KEY BLOCK----- + +pub 1024D/D41A6DF2 2002-09-23 Andrew G. Morgan +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.15 (GNU/Linux) + +mQGiBD2PVCcRBADmR2dfKJIaGj120v0EjrGbnYic8nKCrDLUHmtiZyIlMeTNqnw/ +/Q2m057SIyFC5K5W7XV8LIsOcpEBAdIS5QLClwec/wqVj1FU5TLHNifR9fBq+DaI +tyMH+LX/HUo4xPaJ5KnE62/3M/SyUx/S69RURfRdDsC+9ucKZkW9mnRiUwCgm18E ++aUKNBKGyqHaNK+n50jxW0ED/2epmE6porj12MyTlTvmxHuq7SSqgzTP8KoNoOE4 +mtZnYAkopb8uksBo4yj4abfBZNiVXEttc+XpwhnRODfy576wVy/lmDMTFAz7CYw8 +5Qmsf9HZXyAS+XovscbYYAWq11BycqHzVNqOevMZPX4Om7+rHBcIPI6pCd3ouPlW +ObE5A/oDWXC35DcgFdmgVH2qr5COEvrDs9T5w4UdRXBMj2khE+32rdP0qqGYCW13 +by84+Cpoekmg+6/FqL/At0Xl2a87czur5xR9mrDd32iknws0DggEuf+zL3Twt9kA +ftnqgiGr33iaNeXwgqfgQYMbxruLvjaAOayKPhr+tgJU6bIpWbQkQW5kcmV3IEcu +IE1vcmdhbiA8bW9yZ2FuQGtlcm5lbC5vcmc+iEYEEBECAAYFAj4UuSoACgkQkEgh +GpsoCtOuSACbBUTsx4vlTI5sfutfBntt4TySShoAn1M8hB0S9TkqbG/3OHB8gPm+ +QhjHiEYEERECAAYFAj3irW4ACgkQ1fT/Y8EaOHp+sQCfWWkmmIDvyUi4bA3v4VSw +WaK7mSsAn0N65kYwaW7ohuYJAPeZ6U2HKvFfiEYEExECAAYFAj22Rz8ACgkQi9gu +bzC5S1y0dACfewqmEfYHaTNlCD3PPBCQdWhfi4UAn3+rNDIS5AohUPpbG2/8s9Ef +ZLyKiFcEExECABcFAj2PVCcFCwcKAwQDFQMCAxYCAQIXgAAKCRBCF4Sr1Bpt8u+V +AJ958HbiLmhrpWjAauN9GrtKudijkACfR2XasdjQs2ECc2qMX19QwNohDAeIRgQQ +EQIABgUCQCGDkgAKCRCA8Qy7VNK/WXUIAJ9/Zhn5knqsTTMllzWxe/N1ddGaaACf +SiuBacgyyBdIas15RYaD0YYcNlGJARwEEwECAAYFAj/7MEkACgkQC56ssbtLKadZ +lwgAlS98PQDeITUujwAWpGvOhXh9Bfh27RRKe+MskFTzTzuvmK5+VZGo4suC0PPS +9Hv40UPtt0SvgIuli1Ero0pCP6pWGjgLGPWroXtKfXfYRqnu4vfETt/Ugy2OjG9R +zfum4J8PULD47bsMVw3oMHFucgerArSQNeNx0w5JwYpFJCb5jSf7yXhDCfm+yVv0 +XTls1DC7mtHQrnKGlZe75gEa6zaXRUAYboKbuBifV/anjwMLr2q0JKJSYxFFjIfG +e6QHAuM+NKj3+UAcpkCKYCUobaB315K/pOyKdKfRe5L+8zYQLafNqRlhkvuIkChX +ztyhoXEspp/yIPUJfZFcRldgEohGBBMRAgAGBQJEK0S1AAoJEOCAR9WqTho4asYA +oMdOh1uGDl7qgIO/h5VDwo4Hcs2xAJ4zqSnm0QrNgfFTK9x6j4Jzur+Tl4hGBBMR +AgAGBQJGg9bXAAoJEPmxwkd4G/I7NZ4An2wZ8rfwJt3CSm1ZVPiSf9Ax6J9fAKDM +1PqnD/qIbNMbmURXpEbvWWQunYkBIgQQAQIADAUCRgBA4AUDABJ1AAAKCRCXELib +yletfCcuB/kBeH0/nAFKNw77fNucYhlt9GuT1c1j+8emujF7mwgm18TVcxqRjeSV +PskEkzaX+mzf3Tfn6k7+d/dPYRHPrX0STdsNMqrZkqjt5tiozuLYJUE/PDKafzdI +Q7ya5ps2AdIKNixiSRPC+6cNB85NBorLXs9yg+JkQlPeUI7/DZb2iz1iZXTnyCZv +SvKA7JMYpCOzZ6fWshanZ/91hxQvsYHjYC+zQVTErSYQlBqz8fDLPfyYQiqQFn4c +T/i1WsxYMEaZtexvLuQe9LeaDqyY19DyBaJIIiN6EcGZ4sXRa7M6QUD1HKjEWt62 +U4shHkPGIMgQWLcRZDepovlpGVXLmXEf +=oXom +-----END PGP PUBLIC KEY BLOCK----- + +The following is my DSA key 'D41A6DF2' signed with my old '2A398175' +RSA key. + +-----BEGIN PGP MESSAGE----- +Version: 2.6.3a + +owF9k82L42QAxmccVjFzUNjbHLQLHlbDTJq0aZuRAd+8+WgmaZqkTZtWWchHk6Zt +vpOmGcT1A1zm5EVZPXhQYW972IMHFVxQPK14UNjLICKiexBkEQQ9iI7zB/hcf4eH +B57f6dY7O5e2jt76ab/58Db7HPVasb3NvLvzT/5G44+H1uSpW0/fffDih3Dv9+uv +/ka/9Nh3n/h865FH0Qd1/f7Ny4/jg28/uPJ9tvvRjTdPrz1z+vVnyf4t50T95vmr +/gtninr/q7NP56+8/4Xb/tlJl9d/vXNj9+bnly6/vHX2p56urvwQ/3j3y92Pt/eO +3w57h3vO7O+/tn+5dw17HT555/bOe9YTQZR6ZrjPNHHQYjhi6zz7/4VmeUGuKbxS +U3RaEmBNZCc1WupD8QIjo1ma+VF4WOPDQuFra/ygftCqXeVlHZP8sNg8i8AoCGZh +fljjorTmh25Uy2az2jzP40MMK8vywAuL2Ds470eQQOV9miGUEbQ1GjCBRjiueCyY +/AIn6us6u0h5K5z4dicUYcpIejfI/WklrHqzoZyEJYZgKhHUyfZAqDhIiuS4bYw6 +kpD17ZilgSMMSFWCq3JmY2UyWuCcTg6lruy7GuXSCcqYApJXvS4qGVhXj5obxTwm +xZBtEVijhw0qfYMNWpSma67mMBlEqcIWp8sxFYSar5fQC/AOi6CmLsq0yFdJ15RF +NCTri824zjIYMYsDthVH6fmWXjVcDdfBplsk7cEg8U6GSkeM5KjPNpEgn4YTsIxi +q1MsMzpqVoumabn0VPZHBpvnNmrE5TzU+oxbke1WOaqwVcD0hhw4acNJ2UFINchc +qjs1KjBAjWid2dZkAsYJjtOVnXRPRnLSn617U8Vo9oM2mnZpW1CEVgydRlQoqzHS +t1gSYBEzNmCDZGyPcwJv1CWSlIR9dp0yGTUky6buaAbdWxDLOYs2iNRR6knCT+AY +byBW1WmiMI5my8BDWxiXSBjI68aKMDtt+6RIyY1GBSnjNAh/GZZZnfE8tnDRE6kx +LHNqCRA3DxPP59NGwzflmVF6ieupk561SQtpvTBB36xEZZ6iuXestywhHlvqUh2T +SzsYNQTWLhCBxdd24MwtH3SsMVVNCa5Q+XxlB+TKguQ5s1Gfs1l2w0JA2xxYXJyO +g6UtglJlEE7tQbCZQKAKhgeACDUacs1BitNx3inQETimyE7X8qVgnsbjBTALmeLT +XCwcf7EE0EU0wjAzZ6FmBAttIukZOKWWcjRngH2EHLWNIY1cGMTKzP/o9S8= +=cdkf +-----END PGP MESSAGE----- + +Type Bits/KeyID Date User ID +pub 1024/2A398175 1996/11/17 Andrew G. Morgan + Andrew G. Morgan + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3a + +mQCNAzKOhJ4AAAEEAJ9xYnZSD1kYanF+8GUBhHf/gx6hGd8ZNmS5qIC8Qb8rMcTI ++E16nV+FnNRlPRbShITYjq1TPvVK8gTliZf41N9LRQZw0rywRt1NQyhdfKgDWYxB +kSOwK67oDjkzzC56XS2rrGI6K3Rz/VtYElRyuQ6ZyaKTGcgU/TTwrUUqOYF1AAUR +tCpBbmRyZXcgRy4gTW9yZ2FuIDxtb3JnYW5AbGludXgua2VybmVsLm9yZz6JAJUD +BRA2iFK0NPCtRSo5gXUBAalqA/9s3Hx8BUESiC9PpL88KSVe3ENoO0ogAuMDK3vj +k2a17Twxi92Dc/NPXr8ewEKF/h1GiRetLBVPGaSVC+602+2cr5SHqzUzAeyF2Xa6 +VAxCskxkAssTxIW7nyAMWaOB5A/1xm3YChawVQx3XIvbIp+HXHDNr/60COtlGm7I +IcHftbQnQW5kcmV3IEcuIE1vcmdhbiA8bW9yZ2FuQHRyYW5zbWV0YS5jb20+iQCV +AwUQNohVmTTwrUUqOYF1AQEgWwP+K94N0OO+I2A7lnP5Jp7O+kfMJCFxPZOeozrq +O8uKsAs03ekS+kDJ3p2ec65BOzZyweHEu1HtOtdZbXsN3zynLKBwJrvvaHBQpAqv +BrjfNsl9a+NFmfa4fmdPWTzCaG2rmFlaQvZ6FP7QrHXB/1+VlH0gJ90FOgAd3Qyp +4hhW9g8= +=qQJI +-----END PGP PUBLIC KEY BLOCK----- + +Type Bits/KeyID Date User ID +pub 1024/4536A8DD 1996/01/28 Michael K. Johnson + Michael K. Johnson +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3a + +mQCNAzEK0l0AAAEEAMWweYcS6ov1RISP6E7lb3vgQOrmhBy6S/8zkuHo92IkQWXm +V9AcMUY/eJPRJH6yI6o1ZKN4InT4uCkSIQOd2C8XyeIK5jFhpmP9DhoucacNL5H7 +oCV4wtFGhUDaDl9VeTtbWLSMESxJ4T/fL/IfkW95/Q2dF7zIDid5aW9FNqjdAAUR +tChNaWNoYWVsIEsuIEpvaG5zb24gPGpvaG5zb25tQHJlZGhhdC5jb20+iQCVAwUQ +MuqeiDTwrUUqOYF1AQEjywP/bCWLybbZSI8plyUSWD3yxwjsE+8BiOPGRu1AARUz +GbVZq9LqPDyjFtH9DqgXULyZtCAk8ebZonH/h/0EnZTi4tiZg3BHKXhIlWQnNz4D +QRdtUEmMNQzi9+3mU99CBGigsrDQnNrnI88ejo/0YY3gdt6752g5HAvY13h9A0ZP +MFWJAJUDBRAxgAouJ3lpb0U2qN0BActVA/9vgBOUheUpLPiIry/+2qqJv+e+LnHw +DgZqROpli9bhJ4wfb1sXPYkFzchR8BUeU0NY6HvAwxEilSNPE1yQoaJuy8POtTuu +aFO4wvuLp0v5LuatXaU8EsncwjrBsWqRB6Dqd+jyq24Pjx0YKNSRJxceiBE8SBDW +HESAhYTYCBLy77QsTWljaGFlbCBLLiBKb2huc29uIDxqb2huc29ubUBuaWdlbC52 +bmV0Lm5ldD6JAJUDBRAxGljWe01Ojay67k0BAf3qA/48N9OvgGk9nNR+Pg6aW3rK +2Dy8t2RQdFGd4b7gBtZeXUAklq9ppYZtS+cXFHoQ8d7K8XBjHh+rgF2oOSBQUrQf +eb8XkKSZQxB7DZVdi1gAsOzSwCrn4TWSSKc28P4Mjuj1Jr2f1FGST1+cGIl7JbhV +kLGjmvOIgs7lS8FE0Hhm/4kAlQMFEDEWclxEcVNogr/H7QEBN1QD/1iY+KYQyOTz +fgaBsx+Bt11kstmOlYhXx23yK2etG0p8XCD2r3aojGOTR/e3o2bLiJo4xe+iMhOM +dvdSzxSPGQ20wX3jGJaRrRiSClFTQbZSelGG0FcOGfM3mL5zeHaXzRcRciK3VDkD +IFzTQ3J5NJVBIVlAkxTMIxho758lR2SjiQCVAwUQMREqFnoDqzGe1QXFAQFdpAP/ +VPPoYO50seo1rLL28AA2PVKqo6BJwj0ZMsC14MDJEKryBbj/E4Ma25uSlzBjj+t9 +rbygoz0XWUQMLh8XPAEps3nE3n8FWROsdlucGzGiDGKVEygLPzCsjR7aGEspN1Y7 +4qOZPxbpGG7B5exOLur4ACY75m6oBh+PN+Q1liCIYXKJAJUDBRAxDpk1iGe2nxKR +G10BAeQjBACmx4DyJacQXxuckDaKMTXa8v2Q7lQpPDyHdn1oAUsx1mrbSL55v2AI +Q0riFWcFRTERpjAToCLgQjK1pKpmJcduiXURj6TPVKd88hYkuCIpn2hIaI7SCkd8 +HZlfFiuaxVN29UbbzHv3C+mseydpkPRrovqmOSuj2xAGFALo6Vl9U4kAlQMFEDEN +eD5EFXDNRmtCiQEBRmoEAJAuyY0F5hbweDOdeAhxLWeiTl9jGwQYDS3T5B5/9ZpC +bJ1yX7Pk2o7LvR9tg/Ji5sfMMvIpH48DNT4kyjmmChFXCUBccwd+33ugdTcYDwLR +Cdt7k9r2yXz1LEH+lVNKOEIhuIq8/sX61hvFR7+qSABthTLrvvynycD5n2pG3F7L +=aGjw +-----END PGP PUBLIC KEY BLOCK----- + +Type Bits/KeyID Date User ID +pub 1024/D4F4D901 1997/03/05 Cristian Gafton + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3a + +mQCNAzMdU6sAAAEEAKLF73rRJ3RUtl+y4bLUOVOV7ataJ46ZHxDZeGAVi+/suwT9 +Kq7QdaeFc4Xwaq8PVWv7pZ4/qTwHUkdbjBVeLt+KOlprvKuadyAh9aG/SqmKkEvA +hCS3yZDwNmeSLO7VIN5ko1nIwVD4kPJvS3xX6kn6jd4mvv/qGfGvxKXU9NkBAAUR +tCNDcmlzdGlhbiBHYWZ0b24gPGdhZnRvbkBzb3Jvc2lzLnJvPokAlQMFEDMeTlI0 +8K1FKjmBdQEBmgQD/02JxAU6+fiaBKwRIFDdsLYTy8mPgYaoul9RIX450W5D5nY/ +/696F6TfmFUzvnrvTbZUDyLxHB0mnh4SrdKRKo57i7RDrdx3Mqlt/xP4R6nHwFed +yTMvz3KB9tYuWfC1fJp69/VRIkMrw448zKkgqHUnAKxMIHvXnV3M9jd6lXSYiQCV +AwUQMx1Tq/GvxKXU9NkBAQE3/gP/RZMe59OkBWS4whc9c6eac6zwcC/hNc1vyiZ5 +2TEHJ10PgtNtHchD7j3xsDO17/DGEZB23OQiPAeLdqnBr+y2uiSlQfYdpVHBHX3A +uX3onc69LpEHmUAJAVOvfU1scnDtOH/KeVN3nwc6PWLxzLWzXfUbwLNK+LiPMNMV +1qygu+s= +=J4G2 +-----END PGP PUBLIC KEY BLOCK----- + +Type Bits/KeyID Date User ID +pub 1024/A5D75B79 1997/03/01 Andrey V. Savochkin + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3a + +mQCNAzMYf1MAAAEEAK1S5jgmWnn8IS9mKoSpXu87f2soQhVZ3XdvsBCK2V7BojlU +0+JJrK+2gMH5tavyFsQ6cKch6I4xH54cS4P4tNE9M7OtfoXOxejtp9U9KZio8T0X +gM8qOS4fTQEfmdHSA5ETe5Vv+WPZ+/3SCo5kD1uIUUwppHDgJH+l396l11t5AAUR +tCBBbmRyZXkgVi4gU2F2b2Noa2luIDxzYXdAbXN1LnJ1PokAlQMFEDaIUh008K1F +KjmBdQEBFtkD/38mraXdr4aEYC6lxlG3cF+59XB6FjyBYhtwgNshpI2mB5XLr25p +f4jMFNUqnY/bGjXWKwbNguzJ0ukD8TgOg1ZXQZztRso1t1Y2M1KPbwlqj8ib1bZG +inQO/eqLrVwFH6F9CTiF0Fgy7faAIHN6BfE0o8earrcIwjT7sxRej3lziQCVAwUQ +M35653fqPT1smcpJAQHeqgQAlXMOru6Rz1TkslVrWD0n7dvBUHQxs0HS1pcWJnZJ +6kcYMLSA2RBi1fRabwzuOtzK60tOmfmnD7btcGBMMflOtfSulEg/xKNw2awEsNQK +ULEIBsvrpMr0UN4hWkxTggDXaykg7rQqgrbAsicoLuTtPDIbc+yhQcFEVGJiPO/I +tqiJAJUDBRAzfnUef89/VVw/1FkBAQ2lA/9q6FQM4RZzp75qxZ7jqAwUy9RFAKhp +L63YFJX3i1JsUjNoO51pjj5pEAxVVQsorqbdsmpC2aOUTf1AufEcs1kLojb3tc19 +MhXPyHTJs66QqWutdP/yOW+CLzmILAsbEgI6O+toVZ0rHVXjEtRgKUnYReHLrlYj +RKlBnkVc3NtPcIkAlQMFEDMYf1N/pd/epddbeQEBfKYD/3x/PkH2e+Cy7YXsfwxb +y/n+6eNIbfakSYjkwN5tDOeaKhdQKUJBKVwAzD2yrLmMDx6uW+FUOTucb6Anau6R +iKrAJq/a4DcpAeymo7cAthVU7en7HWwebQcL4wZGao1BJI+ulynki4sIqkfbGP83 +DK775eovl5X195ZkE/wNJvoi +=V5TY +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libcap.spec b/libcap.spec new file mode 100644 index 0000000..03760d6 --- /dev/null +++ b/libcap.spec @@ -0,0 +1,133 @@ +# +# spec file for package libcap +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +Name: libcap +Version: 2.63 +Release: 150400.3.3.1 +Summary: Library for Capabilities (linux-privs) Support +License: BSD-3-Clause OR GPL-2.0-only +Group: Development/Libraries/C and C++ +URL: https://sites.google.com/site/fullycapable/ +Source: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.xz +Source2: baselibs.conf +Source3: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.sign +Source4: https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/plain/pgp.keys.asc#/%{name}.keyring +Patch: CVE-2023-2602.patch +Patch1: CVE-2023-2603.patch +BuildRequires: fdupes +BuildRequires: glibc-devel-static +BuildRequires: pkgconfig + +%description +Capabilities are a measure to limit the omnipotence of the superuser. +Currently a program started by root or setuid root has the power to do +anything. Capabilities (Linux-Privs) provide a more fine-grained access +control. Without kernel patches, you can use this library to drop +capabilities within setuid binaries. If you use patches, this can be +done automatically by the kernel. + +%package -n libcap2 +Summary: Library for Capabilities (linux-privs) Support +Group: System/Libraries + +%description -n libcap2 +Capabilities are a measure to limit the omnipotence of the superuser. +Currently a program started by root or setuid root has the power to do +anything. Capabilities (Linux-Privs) provide a more fine-grained access +control. Without kernel patches, you can use this library to drop +capabilities within setuid binaries. If you use patches, this can be +done automatically by the kernel. + +%package -n libpsx2 +Summary: Library for Capabilities (linux-privs) Support +Group: System/Libraries + +%description -n libpsx2 +Capabilities are a measure to limit the omnipotence of the superuser. +Currently a program started by root or setuid root has the power to do +anything. Capabilities (Linux-Privs) provide a more fine-grained access +control. Without kernel patches, you can use this library to drop +capabilities within setuid binaries. If you use patches, this can be +done automatically by the kernel. + +%package devel +Summary: Development files for libcap +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: libcap2 = %{version} +Requires: libpsx2 = %{version} + +%description devel +Development files (Headers, libraries for static linking, etc) for +libcap. + +libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) +draft 15 capabilities. + +Install libcap-devel if you want to develop or compile applications +using libcap. + +%package progs +Summary: Libcap utility programs +Group: System/Filesystems +Requires: libcap2 = %{version} + +%description progs +This package contains utility programs handling capabilities via +libcap. + +%prep +%setup -q +%autopatch -p1 + +%build +%global _lto_cflags %{nil} +%global buildvariables RAISE_SETFCAP=no prefix=%{_prefix} lib=%{_lib} SHARED=yes LIBDIR=%{_libdir} SBINDIR=%{_sbindir} PKGCONFIGDIR=%{_libdir}/pkgconfig/ INCDIR=%{_includedir} MANDIR=%{_mandir} SHARED=yes COPTS="%{optflags}" + +%make_build %{buildvariables} + +%install +make install %{buildvariables} DESTDIR=%{buildroot} +find %{buildroot} -type f -name "*.la" -delete -print +# do not provide static libs +rm %{buildroot}%{_libdir}/libcap.a + +%fdupes -s %{buildroot} + +%check +%make_build %{buildvariables} test + +%post -n libcap2 -p /sbin/ldconfig +%postun -n libcap2 -p /sbin/ldconfig +%post -n libpsx2 -p /sbin/ldconfig +%postun -n libpsx2 -p /sbin/ldconfig + +%files -n libpsx2 +%license License +%{_libdir}/libpsx.so.2* + +%files -n libcap2 +%license License +%{_libdir}/libcap.so.* + +%files progs +%{_mandir}/man1/* +%{_mandir}/man8/* +%{_sbindir}/* + +%files devel +%license License +%doc README CHANGELOG +%{_includedir}/sys/capability.h +%{_includedir}/sys/psx_syscall.h +%{_libdir}/*.so +%{_libdir}/libpsx.a +%{_libdir}/pkgconfig/%{name}.pc +%{_libdir}/pkgconfig/libpsx.pc +%{_mandir}/man3/* + +%changelog