Initialize for libksba
This commit is contained in:
commit
cc35fad1e9
8 changed files with 467 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
libksba-1.3.5.tar.bz2
|
||||
1
.libksba.metadata
Normal file
1
.libksba.metadata
Normal file
|
|
@ -0,0 +1 @@
|
|||
0e3122d820fc6ddd7252cc59dc4b5a225dc90bc78db72f5dabf43ca237c5fc72 libksba-1.3.5.tar.bz2
|
||||
BIN
libksba-1.3.5.tar.bz2.sig
Normal file
BIN
libksba-1.3.5.tar.bz2.sig
Normal file
Binary file not shown.
36
libksba-CVE-2022-3515.patch
Normal file
36
libksba-CVE-2022-3515.patch
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
From 4b7d9cd4a018898d7714ce06f3faf2626c14582b Mon Sep 17 00:00:00 2001
|
||||
From: Werner Koch <wk@gnupg.org>
|
||||
Date: Wed, 5 Oct 2022 14:19:06 +0200
|
||||
Subject: [PATCH 1/3] Detect a possible overflow directly in the TLV parser.
|
||||
|
||||
* src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly
|
||||
used sum.
|
||||
--
|
||||
|
||||
It is quite common to have checks like
|
||||
|
||||
if (ti.nhdr + ti.length >= DIM(tmpbuf))
|
||||
return gpg_error (GPG_ERR_TOO_LARGE);
|
||||
|
||||
This patch detects possible integer overflows immmediately when
|
||||
creating the TI object.
|
||||
|
||||
Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929
|
||||
|
||||
Index: libksba-1.3.5/src/ber-help.c
|
||||
===================================================================
|
||||
--- libksba-1.3.5.orig/src/ber-help.c
|
||||
+++ libksba-1.3.5/src/ber-help.c
|
||||
@@ -181,6 +181,12 @@ _ksba_ber_read_tl (ksba_reader_t reader,
|
||||
ti->length = len;
|
||||
}
|
||||
|
||||
+ if (ti->length > ti->nhdr && (ti->nhdr + ti->length) < ti->length)
|
||||
+ {
|
||||
+ ti->err_string = "header+length would overflow";
|
||||
+ return gpg_error (GPG_ERR_EOVERFLOW);
|
||||
+ }
|
||||
+
|
||||
/* Without this kludge some example certs can't be parsed */
|
||||
if (ti->class == CLASS_UNIVERSAL && !ti->tag)
|
||||
ti->length = 0;
|
||||
65
libksba-CVE-2022-47629.patch
Normal file
65
libksba-CVE-2022-47629.patch
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
From f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 Mon Sep 17 00:00:00 2001
|
||||
From: Werner Koch <wk@gnupg.org>
|
||||
Date: Tue, 22 Nov 2022 16:36:46 +0100
|
||||
Subject: [PATCH] Fix an integer overflow in the CRL signature parser.
|
||||
|
||||
* src/crl.c (parse_signature): N+N2 now checked for overflow.
|
||||
|
||||
* src/ocsp.c (parse_response_extensions): Do not accept too large
|
||||
values.
|
||||
(parse_single_extensions): Ditto.
|
||||
--
|
||||
|
||||
The second patch is an extra safegourd not related to the reported
|
||||
bug.
|
||||
|
||||
GnuPG-bug-id: 6284
|
||||
Reported-by: Joseph Surin, elttam
|
||||
---
|
||||
src/crl.c | 2 +-
|
||||
src/ocsp.c | 12 ++++++++++++
|
||||
2 files changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: libksba-1.3.5/src/crl.c
|
||||
===================================================================
|
||||
--- libksba-1.3.5.orig/src/crl.c
|
||||
+++ libksba-1.3.5/src/crl.c
|
||||
@@ -1434,7 +1434,7 @@ parse_signature (ksba_crl_t crl)
|
||||
&& !ti.is_constructed) )
|
||||
return gpg_error (GPG_ERR_INV_CRL_OBJ);
|
||||
n2 = ti.nhdr + ti.length;
|
||||
- if (n + n2 >= DIM(tmpbuf))
|
||||
+ if (n + n2 >= DIM(tmpbuf) || (n + n2) < n)
|
||||
return gpg_error (GPG_ERR_TOO_LARGE);
|
||||
memcpy (tmpbuf+n, ti.buf, ti.nhdr);
|
||||
err = read_buffer (crl->reader, tmpbuf+n+ti.nhdr, ti.length);
|
||||
Index: libksba-1.3.5/src/ocsp.c
|
||||
===================================================================
|
||||
--- libksba-1.3.5.orig/src/ocsp.c
|
||||
+++ libksba-1.3.5/src/ocsp.c
|
||||
@@ -912,6 +912,12 @@ parse_response_extensions (ksba_ocsp_t o
|
||||
else
|
||||
ocsp->good_nonce = 1;
|
||||
}
|
||||
+ if (ti.length > (1<<24))
|
||||
+ {
|
||||
+ /* Bail out on much too large objects. */
|
||||
+ err = gpg_error (GPG_ERR_BAD_BER);
|
||||
+ goto leave;
|
||||
+ }
|
||||
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
|
||||
if (!ex)
|
||||
{
|
||||
@@ -979,6 +985,12 @@ parse_single_extensions (struct ocsp_req
|
||||
err = parse_octet_string (&data, &datalen, &ti);
|
||||
if (err)
|
||||
goto leave;
|
||||
+ if (ti.length > (1<<24))
|
||||
+ {
|
||||
+ /* Bail out on much too large objects. */
|
||||
+ err = gpg_error (GPG_ERR_BAD_BER);
|
||||
+ goto leave;
|
||||
+ }
|
||||
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
|
||||
if (!ex)
|
||||
{
|
||||
165
libksba.changes
Normal file
165
libksba.changes
Normal file
|
|
@ -0,0 +1,165 @@
|
|||
* Tue Jan 3 2023 pmonreal@suse.com
|
||||
- Security fix: [bsc#1206579, CVE-2022-47629]
|
||||
* Integer overflow in the CRL signature parser.
|
||||
* Add libksba-CVE-2022-47629.patch
|
||||
* Mon Oct 17 2022 pmonreal@suse.com
|
||||
- Security fix: [bsc#1204357, CVE-2022-3515]
|
||||
* Detect a possible overflow directly in the TLV parser.
|
||||
* Add libksba-CVE-2022-3515.patch
|
||||
* Thu Feb 22 2018 fvogt@suse.com
|
||||
- Use %%license (boo#1082318)
|
||||
* Mon Aug 22 2016 astieger@suse.com
|
||||
- libksba 1.3.5:
|
||||
* Limit the allowed size of complex ASN.1 objects (e.g.
|
||||
certificates) to 16MiB.
|
||||
* Avoid read access to unitialized memory.
|
||||
* Improve detection of invalid RDNs.
|
||||
* Encode the OCSP nonce value as an octet string as described by
|
||||
RFC-6960.
|
||||
* Tue May 10 2016 astieger@suse.com
|
||||
- libksba 1.3.4:
|
||||
* Fixed two OOB read access bugs which could be used to force a DoS.
|
||||
boo#979261 CVE-2016-4574, CVE-2016-4579
|
||||
* Fixed a crash due to faulty curve OID lookup code.
|
||||
* Synced the list of supported curves with those of Libgcrypt.
|
||||
* New configure option --enable-build-timestamp; a build timestamp is
|
||||
not anymore used by default.
|
||||
* Fri Apr 10 2015 astieger@suse.com
|
||||
- libksba 1.3.3:
|
||||
* Fixed an integer overflow in the DN decoder.
|
||||
* Now returns an error instead of terminating the process for
|
||||
certain bad BER encodings.
|
||||
* Improved the parsing of utf-8 strings in DNs.
|
||||
* Allow building with newer versions of Bison.
|
||||
* Thu Mar 19 2015 astieger@suse.com
|
||||
- remove libtool requirement
|
||||
* Wed Nov 26 2014 andreas.stieger@gmx.de
|
||||
- libksba 1.3.2 [boo#907074] [CVE-2014-9087]
|
||||
This version contains a security update which fixes a buffer
|
||||
overflow in OID to string conversion code that can be triggered
|
||||
by a specially crafted S/MIME message or ECC based OpenPGP data.
|
||||
Users of GnuPG 2.x should install this version and restart the
|
||||
dirmgr process.
|
||||
* Fixed a buffer overflow in ksba_oid_to_str.
|
||||
- verify source signature
|
||||
* Sun Sep 21 2014 andreas.stieger@gmx.de
|
||||
- libksba 1.3.1:
|
||||
* Fixed memory leak in CRL parsing
|
||||
* Build fixes for ppc64el
|
||||
* Tue Nov 27 2012 meissner@suse.com
|
||||
- Use URL for source
|
||||
* Mon Oct 1 2012 andreas.stieger@gmx.de
|
||||
- update to libksba 1.3.0
|
||||
- change license from GPLv2 to LGPLv3/GPLv2
|
||||
- minor bug fixes
|
||||
- implement shared library packaging policy
|
||||
- remove nld-build.diff which was added 2004 before package was in
|
||||
the openSUSE OBS, was never used or applied cleanly since r1
|
||||
* Sat Nov 19 2011 coolo@suse.com
|
||||
- add libtool as buildrequire to avoid implicit dependency
|
||||
* Fri Jul 29 2011 puzel@novell.com
|
||||
- update to libksba-1.2.0
|
||||
- New functions to allow the creation of X.509 certificates.
|
||||
- Interface changes relative to the 1.1.0 release:
|
||||
ksba_certreq_set_serial NEW
|
||||
ksba_certreq_set_issuer NEW
|
||||
ksba_certreq_set_validity NEW
|
||||
ksba_certreq_set_siginfo NEW
|
||||
* Fri Dec 3 2010 puzel@novell.com
|
||||
- update to libksba-1.1.0
|
||||
* New functions to fix a leak in dirmngr.
|
||||
* Interface changes relative to the 1.0.0 release:
|
||||
ksba_reader_set_release_notify NEW
|
||||
ksba_writer_set_release_notify NEW
|
||||
- clean up specfile
|
||||
* Sun Oct 31 2010 jengelh@medozas.de
|
||||
- Use %%_smp_mflags
|
||||
* Tue Aug 17 2010 puzel@novell.com
|
||||
- update to libksba-1.0.8
|
||||
* Fixed a CMS parsing bug exhibited by Lotus Notes.
|
||||
* Thu Jul 9 2009 puzel@novell.com
|
||||
- update to libksba-1.0.7
|
||||
* Detect overflow while parsing OIDs. Map BER encoded OIDs to well
|
||||
known names.
|
||||
* Allow mixed case names in DNs.
|
||||
* Wed Jun 24 2009 puzel@suse.cz
|
||||
- update to libksba-1.0.6
|
||||
* Support SHA-{384,512} based signature generation.
|
||||
* The RSA algorithmIdentifier ASN.1 sequence is now emitted with an
|
||||
explicit NULL parameter. Despite the interop testing we did in the
|
||||
past, some software still requires this and thus we better follow
|
||||
the best current practise.
|
||||
* Tue Apr 7 2009 crrodriguez@suse.de
|
||||
- remove static libraries and "la" files
|
||||
- fix buildrequires and -devel package dependencies
|
||||
* Mon Jan 12 2009 puzel@suse.cz
|
||||
- update to 1.0.5 (bugfix release)
|
||||
- minor bugfixes
|
||||
* Thu Sep 25 2008 puzel@suse.cz
|
||||
- update to 1.0.4
|
||||
* autoconf fixes
|
||||
- correctly install/uninstall info files
|
||||
- use %%makeinstall and %%configure macros
|
||||
* Thu Jun 26 2008 puzel@suse.cz
|
||||
- update to 1.0.3
|
||||
* bugfix release (autoconf fixes)
|
||||
* removed libksba-texi.patch
|
||||
* Thu Jan 10 2008 bk@suse.de
|
||||
- Add missing initialsation, fixes gpgsm crash in GPG's make check
|
||||
* Mon Jul 30 2007 ltinkl@suse.cz
|
||||
- update to 1.0.2
|
||||
* Support for SHA-2.
|
||||
* Fixed a couple of memory leaks.
|
||||
* Experimental support for ECDSA.
|
||||
* Minor portability fixes.
|
||||
* Switched to GPLv3.
|
||||
* Tue Sep 12 2006 pnemec@suse.cz
|
||||
- updated to 1.0.0 by diff from author
|
||||
- change in api
|
||||
* Mon Sep 11 2006 pnemec@suse.cz
|
||||
- updated to 0.9.16
|
||||
Fixed a character set conversion bug in BMPStrings
|
||||
Added new api functions, see readme.
|
||||
* Fri Jun 23 2006 pnemec@suse.cz
|
||||
- updated to 0.9.15 from CVS!
|
||||
fixed security bug #177462
|
||||
* Thu May 25 2006 pnemec@suse.cz
|
||||
- updated to version 0.9.14
|
||||
* Fixed broken OCSP requests.
|
||||
* Ignore invalid bytes appended to a certificate.
|
||||
* New functions to associate user data with a certificate object.
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Mon Sep 26 2005 mls@suse.de
|
||||
- make devel package require base package
|
||||
* Fri Aug 5 2005 postadal@suse.cz
|
||||
- updated to version 0.9.12
|
||||
* Mon Jul 11 2005 postadal@suse.cz
|
||||
- updated to version 0.9.11
|
||||
- removed obsoleted patch autoconf-fix.diff
|
||||
* Wed Jan 12 2005 postadal@suse.cz
|
||||
- update to version 0.9.10
|
||||
* Thu Sep 30 2004 postadal@suse.cz
|
||||
- restored autoconf-fix.diff patch removed by last update [#36193, #46036]
|
||||
(fixed autoconf issue - quoted definition of AM_PATH_KSBA)
|
||||
* Wed Jul 28 2004 adrian@suse.de
|
||||
- update to version 0.9.8
|
||||
* Wed Jul 14 2004 adrian@suse.de
|
||||
- create -devel sub package
|
||||
- prepare for nld
|
||||
* Mon Jul 12 2004 adrian@suse.de
|
||||
- update to version 0.9.7
|
||||
* Wed Mar 17 2004 postadal@suse.cz
|
||||
- fixed autoconf issue (quoted definition of AM_PATH_KSBA) [#36193]
|
||||
* Tue Feb 10 2004 postadal@suse.cz
|
||||
- fixed code that broke strict aliasing
|
||||
- bziped tarball
|
||||
* Sun Jan 11 2004 adrian@suse.de
|
||||
- add %%run_ldconfig
|
||||
* Mon Jun 2 2003 mc@suse.de
|
||||
- switch to version 0.4.7
|
||||
This fixes a problem mainly relevant to certificate request
|
||||
creation (if you must use the ugly way of putting the email
|
||||
address into the subject DN)
|
||||
* Thu Feb 20 2003 mc@suse.de
|
||||
- initial version
|
||||
99
libksba.keyring
Normal file
99
libksba.keyring
Normal file
|
|
@ -0,0 +1,99 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2
|
||||
|
||||
mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I
|
||||
Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg
|
||||
jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7
|
||||
KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u
|
||||
qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB
|
||||
1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk
|
||||
aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW
|
||||
AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s
|
||||
hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8
|
||||
5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8
|
||||
Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc
|
||||
WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC
|
||||
E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsqInAQQAQIA
|
||||
BgUCTS2NBAAKCRBTtiDQHODGMEZPBACLmrMjpwmyVvI6X5N4NlWctXQWY+4ODx2i
|
||||
O9CtUM/F96YiPFlmgwsJUzyXLwALYk+shh83TjQLfjexohzS1O07DCZUy7Lsb9R7
|
||||
HbYJ1Yf/QcEykbiAW465CZb1BAOMR2HUODBTaABaidfnhmUzJtayz7Y0KKRHAx+V
|
||||
VS6kfnsFq5kBDQRUUF8HAQgAh1mo8r+kVWVTNsNlyurm2tdZKiQbdeVgpBgcDnqI
|
||||
3fAV58C3nC8DVuK5qVGZPB/jbu42jc8BXGP1l6UP+515LQL5GpTtV0pRWUO02WOu
|
||||
TLZBVQcq53vzbg1xVo31rWV96mqGAPs8lGUCm09fpuiVKQojO6/Ihkg7/bnzeSbc
|
||||
X5Xk9eKLhyB7tnakuYJeRYm4bjs+YDApK8IFQyevYF8pjTcbLTSNJPW9WLCsozsy
|
||||
11r4xdfRcTWjARVz5VzTnQ+Px8YtsnjQ3qwNJBpsqMLCdDN7YGhh/mlwPjgdq/UF
|
||||
f5+bY6f3ew0vshBqInBQycBSmYyoX0Ye3sAS/OR4nu5ZaQARAQABtD5EYXZpZCBT
|
||||
aGF3IChHbnVQRyBSZWxlYXNlIFNpZ25pbmcgS2V5KSA8ZHNoYXdAamFiYmVyd29j
|
||||
a3kuY29tPokBPgQTAQIAKAUCVFBfBwIbAwUJCbp27gYLCQgHAwIGFQgCCQoLBBYC
|
||||
AwECHgECF4AACgkQBDdvPuCFaVmIoQf+POxCWkCTicRVlq0kust/iwYO1egK9FWG
|
||||
130e2Irnv2lAZZN/0S5ibjHCYFp9gfMgmtVTF5oWXjSDAy/kIykQBBcUVx4SCJbd
|
||||
MtKSdsSIQMz6P4DxXumxQm79msOsbi5TsdtUwjqdrbu2sHloE7ck/hTXUCkX3zuq
|
||||
txY7W23BCQxVVT5qUaFuAHkkQaaBgAb8gdgixmkIBfu9u8k3k9zUKm/PNfMjxClv
|
||||
ORkP8gev+XyzNgcXM49h5YYlmDT+Ahv99nUM1wg8yJTjefBAY0fL982Scx30nDQO
|
||||
3w7ihALUoj5+TXQjhs3sWPJ8u3pstr9XcfzEZC77/CZmRYNr8g5hBokBHAQQAQgA
|
||||
BgUCVFOBbwAKCRAkmznSTyXjtmHeB/0X00v959Oyc0EsSLOlfC52qsEn5cU7vxFb
|
||||
+KY9aKtG4+hApJxemkqpCgA5+xZwXp3SQOf0sYFwz5OsukIjRF0HgSEdjoMTH6b7
|
||||
lT0nCwKo8AMU0nJbopVIJikHOzk2gUqh1gxu5iml1RbSkmFhiGjYeqM+ONQynCeX
|
||||
Gg3LLZCQ1eeoaX69bvbWQFDtTIn2HYvjZLjuGC6PGH/naZ7GchiiiK0bs4UOdJFX
|
||||
HtITC/7DcgEiHMHOMT3XlwINTexZG0grl2LuWuyyhurJh5IO6geArPKUmR8SjJjV
|
||||
azpwbutZhYjTzfUpPvKK8kCSan9Df5eeekDrKCU8x8aqLDVyoQcRmQENBFRQOyMB
|
||||
CADmEHA30Xc6op/72ZcJdQMriVvnAyN22L3rEbTiACfvBajs6fpzme2uJlC5F1Hk
|
||||
Ydx3DvdcLoIV6Ed6j95JViJaoE0EB8T1TNuQRL5xj7jAPOpVpyqErF3vReYdCDIr
|
||||
umlEb8zCQvVTICsIYYAo3oxX/Z/M7ogZDDeOe1G57f/Y8YacZqKw0AqW+20dZn3W
|
||||
7Lgpjl8EzX25AKBl3Hi/z+s/T7JCqxZPAlQq/KbHkYh81oIm+AX6/5o+vCynEEx/
|
||||
2OkdeoNeeHgujwL8axAwPoYKVV9COy+/NQcofZ6gvig1+S75RrkG4AdiL64C7OpX
|
||||
1N2kX08KlAzI9+65lyUw8t0zABEBAAG0Mk5JSUJFIFl1dGFrYSAoR251UEcgUmVs
|
||||
ZWFzZSBLZXkpIDxnbmlpYmVAZnNpai5vcmc+iQE8BBMBCAAmBQJUUDsjAhsDBQkD
|
||||
wmcABQsHCAkDBBUICQoFFgIDAQACHgECF4AACgkQIHGwijO9PwZ1/wgA0LKal1wF
|
||||
Za8FPUonc2GzwE9YhkZiJB8KA/a7T6//cW4N46/GswiqZJxN1RdKs1B+rp7EMMU3
|
||||
bhoXstLBcIYveljqh4lPBWCsTT2+/OpwAmgnzjgdTHcpnCMTEOdZktD5SKrTj2tV
|
||||
aWXAlWK/UsEEanA3cvzofy44n7rm+Eoa7P1YGCHL++Ihsi66ElbehilTT/xxckHX
|
||||
Uji1XDvoagEENEHk5j4Z2mhWtjnGclvuiBkS4XezezNMW/fPAypZX4bkURNbGd8j
|
||||
tkb3Eqt+bv+ZQoSA+Ukv8APaAzj8lRSw+CYjDxpoM0jtmiPrk+u/Do46COVA/IX2
|
||||
2aYNT2Y2KoWJV4kBHAQQAQgABgUCVFOCHQAKCRAkmznSTyXjtoIhB/0ZE/ppI2Gc
|
||||
qDxSwPKkRkkoMD8oXdKkPxjUF2jgP+bceHKiz1F78cx/eZltB4av8OujO1IwqH2C
|
||||
0aVr46W3eSyIcpmmw6F9sjLcTfyZJfWJrvobb7WQSKvWw0eHFgNGR6Z+BA3ohjws
|
||||
aCZtzzkH2gXI+EM7qaZozMw+eSkZ4qTE9B4/hkMZZpBO0oGy9PQzSlADGftyyuTt
|
||||
oSUvepfs+EvYSddQ7skXWq0zePuOhng2Mppl690A+aTywyetbPvVeqjiAbI7NB5f
|
||||
8Tw7dk0Febe9NHvbwzgiStMPmIKrTcthvgIClBkZvmkBFWAPxYPdHfLzAlpDGxJt
|
||||
R31c0zNFBH68mQENBFRDqVIBCAC0k8eZKDmNqdmawOlJ/m62L2g8uXT/+/vAEGb1
|
||||
yaib09xI6tfGXzbqlDwrLIZcJsSIT/nt/ajJnIVbc3137va4XbwMzsDpAMH4mmiT
|
||||
oqk+izEChGm2knzrLwhoflR8aGsKL35QoZT/erdjfgPeCRLvf25fHsN2Jb0WIMzC
|
||||
56VkMeFoza+9HZ5hrkemmm+gPvIvhEUopxCyOS8mK5WjB4zzIdyDJfkqVpHvafNP
|
||||
0N4LIsedKdyHcj/K3kY4Kejl99GW1z1snBgPamoN2/e52Pf6KTw2FjsSGZ72oalc
|
||||
rkBR4wacUizGxKcRD2Y6Xa0g9mwToWdNBQCIII+uTzOzq1EDABEBAAG0IVdlcm5l
|
||||
ciBLb2NoIChSZWxlYXNlIFNpZ25pbmcgS2V5KYkBPQQTAQgAJwUCVEOpUgIbAwUJ
|
||||
C6oF9QULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCKhhscfv1g2aH7B/wIW6mV
|
||||
mTmzW2xc1q1MUdssExQBhEeONrbWJ/HiGZP/MaabgQ/+wZuThTAwfGM5zFQBOvrB
|
||||
OGURhINU6lYQlcOrVo+V8Z1mNQKFWaKxJaY5Ku1bB1OuX9FHLEiMibogHu5fjJIX
|
||||
BE8XrnvueejyFQ5g/uX2xcGgCWlMe49sR3K+lEl3n93xTmSNhP52r0gTjMjbqKWK
|
||||
UaIGJ5OcWSrvawdfqLXkxR8phq2AlHHEfxpcZsOp9mZirWYQ5jcgGgFP0LYXUw/R
|
||||
nxFpOcrj45qufmyEL9QJKjBV5RaHJbqukefwUInPQtVUmINqQxztSh5QxQP2tsUP
|
||||
IeEi5RAoCwLJam8ziQEcBBABCAAGBQJUU4JUAAoJECSbOdJPJeO2c+cH+wevKc8w
|
||||
bkWSoGOJiYDglVMJa4x5utgHyXP4PyqelIQ7yibfQq3YyOU9RWRGxfvuofPXpx1E
|
||||
u/XtCGgw03r4HZhauauYe27IDpA5P/Go7+WqufT6gMBoZf/1cD2ykQZpFyszEKHf
|
||||
Y+BlzqPJcRaXy4+uQG3O+bh/R2eIGAJDao/AclJI+kfckeY5DzRTibPex+rGAkxZ
|
||||
8qHtlCb0WeUbL3mgl9f3LlbPH77w1on6XqqIaQ+ODSS/3CUOIhNI3lrGO7mIqhSC
|
||||
0n+rpqLHeVLpLkz0IFvsJOp9UOHDCA8oL0cQtJGP1pN7muKR9nCVtoNuN41JapoO
|
||||
4ZaHe5Y0r5MIofSYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNwQo8OSmVw
|
||||
IvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYUTF0F/15p
|
||||
iAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz28iRH/UZc
|
||||
YLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpuQGdudS5v
|
||||
cmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2MtwUJClRO
|
||||
YQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhAtm3dxWeU
|
||||
xA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2qagd/nRch
|
||||
l9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+EwCV7i2e2
|
||||
u5kBogQ1oh4eEQQA/pdK4Oafa1uDN7Cr5nss4bNpg8YUSg01VVJ08KTCEdpCAPaU
|
||||
+NzaP3KD2ow74WU2gzP70s9uSGQ2Vie4BLvOkaaBHba/3ivBrg3ILFrxbOfmKQg8
|
||||
Fhtncd/TBOwzfkkbxBNcVJuBPRtjZ3dlDbS4IPNsIIv2SuCIfQmA8qNGvWsAoIrJ
|
||||
90b2fzERCZkKtfkoyYA8fnNrBADhJ8RmIrKiCnDk3Tzk04nu6O8fp3ptrmnO7jlu
|
||||
vDfsEVsYRjyMbDnbnjCGu1PeFoP2HZ+H9lp4CaQbyjWh2JlvI9UOc72V16SFkV0r
|
||||
8k0euNQXHhhzXWIkfz4gwSbBkN2nO5+6cIVeKnsdyFYkQyVs+Q86/PMfjo7utyrc
|
||||
WLq1CAQAou3da1JR6+KJO4gUZVh2F1NoaVCEPAvlDhNV10/hwe5mS0kTjUJ1jMl5
|
||||
6mwAFvhFFF9saW+eAnrwIOHjopbdHrPBmTJlOnNMHVLJzFlqjihwRRZQyL8iNu2m
|
||||
farn9Mr28ut5BQmp0CnNEJ6hl0Cs7l2xagWFtlEK2II144vK3fG0J1dlcm5lciBL
|
||||
b2NoIChnbnVwZyBzaWcpIDxkZDlqbkBnbnUub3JnPohhBBMRAgAhAheABQkOFIf9
|
||||
BQJBvGheBgsJCAcDAgMVAgMDFgIBAh4BAAoJEGi3q4lXVI3NBJMAn01313ag0tgj
|
||||
rGUZtDlKYbmNIeMeAJ0UpVsjxpylBcSjsPE8MAki7Hb2Rw==
|
||||
=W3eM
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
100
libksba.spec
Normal file
100
libksba.spec
Normal file
|
|
@ -0,0 +1,100 @@
|
|||
#
|
||||
# spec file for package libksba
|
||||
#
|
||||
# Copyright (c) 2022-2023 ZhuningOS
|
||||
#
|
||||
|
||||
|
||||
%define soname 8
|
||||
Name: libksba
|
||||
Version: 1.3.5
|
||||
Release: 150000.4.6.1
|
||||
Summary: A X.509 Library
|
||||
License: (LGPL-3.0+ or GPL-2.0+) and GPL-3.0+ and MIT
|
||||
Group: Development/Libraries/C and C++
|
||||
Url: http://www.gnupg.org/aegypten/
|
||||
Source: ftp://ftp.gnupg.org/gcrypt/libksba/%{name}-%{version}.tar.bz2
|
||||
Source2: ftp://ftp.gnupg.org/gcrypt/libksba/%{name}-%{version}.tar.bz2.sig
|
||||
Source3: libksba.keyring
|
||||
Source4: libksba.changes
|
||||
Patch0: libksba-CVE-2022-3515.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1206579 CVE-2022-47629 integer overflow in the CRL signature parser
|
||||
Patch1: libksba-CVE-2022-47629.patch
|
||||
BuildRequires: libgpg-error-devel >= 1.8
|
||||
# FIXME: use proper Requires(pre/post/preun/...)
|
||||
PreReq: %{install_info_prereq}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
KSBA is a library to simplify the task of working with X.509
|
||||
certificates, CMS data, and related data.
|
||||
|
||||
%package -n %{name}%{soname}
|
||||
Summary: A X.509 Library
|
||||
Group: Development/Libraries/C and C++
|
||||
Provides: %{name} = %{version}
|
||||
Obsoletes: %{name} < %{version}
|
||||
|
||||
%description -n %{name}%{soname}
|
||||
KSBA is a library to simplify the task of working with X.509
|
||||
certificates, CMS data, and related data.
|
||||
|
||||
%package devel
|
||||
Summary: A X.509 Library
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libgpg-error-devel
|
||||
Requires: libksba = %{version}
|
||||
Provides: libksba:%{_includedir}/ksba.h
|
||||
|
||||
%description devel
|
||||
KSBA is a library to simplify the task of working with X.509
|
||||
certificates, CMS data, and related data.
|
||||
|
||||
This package contains the needed files to compile and link against the
|
||||
libksba.
|
||||
|
||||
%prep
|
||||
%setup -q -n libksba-%{version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
build_timestamp=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE4})
|
||||
%configure \
|
||||
--disable-static \
|
||||
--with-pic \
|
||||
--enable-build-timestamp="${build_timestamp}"
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%check
|
||||
make %{?_smp_mflags} check
|
||||
|
||||
%install
|
||||
make %{?_smp_mflags} DESTDIR=%{buildroot} install
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
|
||||
%post -n %{name}%{soname} -p /sbin/ldconfig
|
||||
%postun -n %{name}%{soname} -p /sbin/ldconfig
|
||||
|
||||
%files -n %{name}%{soname}
|
||||
%defattr(-,root,root)
|
||||
%license COPYING
|
||||
%doc README AUTHORS ChangeLog NEWS THANKS TODO
|
||||
%{_libdir}/libksba*.so.*
|
||||
|
||||
%post devel
|
||||
%install_info --info-dir=%{_infodir} %{_infodir}/ksba.info.gz
|
||||
|
||||
%postun devel
|
||||
%install_info_delete --info-dir=%{_infodir} %{_infodir}/ksba.info.gz
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/*
|
||||
%{_libdir}/libksba*.so
|
||||
%{_includedir}/*
|
||||
%{_infodir}/ksba*
|
||||
%{_datadir}/aclocal/*
|
||||
|
||||
%changelog
|
||||
Loading…
Add table
Reference in a new issue