Initialize for libksba

.gitignore

@@ -0,0 +1 @@
+libksba-1.3.5.tar.bz2

.libksba.metadata

@@ -0,0 +1 @@
+0e3122d820fc6ddd7252cc59dc4b5a225dc90bc78db72f5dabf43ca237c5fc72 libksba-1.3.5.tar.bz2

libksba-CVE-2022-3515.patch

@@ -0,0 +1,36 @@
+From 4b7d9cd4a018898d7714ce06f3faf2626c14582b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Wed, 5 Oct 2022 14:19:06 +0200
+Subject: [PATCH 1/3] Detect a possible overflow directly in the TLV parser.
+
+* src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly
+used sum.
+--
+
+It is quite common to have checks like
+
+    if (ti.nhdr + ti.length >= DIM(tmpbuf))
+       return gpg_error (GPG_ERR_TOO_LARGE);
+
+This patch detects possible integer overflows immmediately when
+creating the TI object.
+
+Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929
+
+Index: libksba-1.3.5/src/ber-help.c
+===================================================================
+--- libksba-1.3.5.orig/src/ber-help.c
++++ libksba-1.3.5/src/ber-help.c
+@@ -181,6 +181,12 @@ _ksba_ber_read_tl (ksba_reader_t reader,
+       ti->length = len;
+     }
+ 
++  if (ti->length > ti->nhdr && (ti->nhdr + ti->length) < ti->length)
++    {
++      ti->err_string = "header+length would overflow";
++      return gpg_error (GPG_ERR_EOVERFLOW);
++    }
++
+   /* Without this kludge some example certs can't be parsed */
+   if (ti->class == CLASS_UNIVERSAL && !ti->tag)
+     ti->length = 0;

libksba-CVE-2022-47629.patch

@@ -0,0 +1,65 @@
+From f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Tue, 22 Nov 2022 16:36:46 +0100
+Subject: [PATCH] Fix an integer overflow in the CRL signature parser.
+
+* src/crl.c (parse_signature): N+N2 now checked for overflow.
+
+* src/ocsp.c (parse_response_extensions): Do not accept too large
+values.
+(parse_single_extensions): Ditto.
+--
+
+The second patch is an extra safegourd not related to the reported
+bug.
+
+GnuPG-bug-id: 6284
+Reported-by: Joseph Surin, elttam
+---
+ src/crl.c  |  2 +-
+ src/ocsp.c | 12 ++++++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+Index: libksba-1.3.5/src/crl.c
+===================================================================
+--- libksba-1.3.5.orig/src/crl.c
++++ libksba-1.3.5/src/crl.c
+@@ -1434,7 +1434,7 @@ parse_signature (ksba_crl_t crl)
+          && !ti.is_constructed) )
+     return gpg_error (GPG_ERR_INV_CRL_OBJ);
+   n2 = ti.nhdr + ti.length;
+-  if (n + n2 >= DIM(tmpbuf))
++  if (n + n2 >= DIM(tmpbuf) || (n + n2) < n)
+     return gpg_error (GPG_ERR_TOO_LARGE);
+   memcpy (tmpbuf+n, ti.buf, ti.nhdr);
+   err = read_buffer (crl->reader, tmpbuf+n+ti.nhdr, ti.length);
+Index: libksba-1.3.5/src/ocsp.c
+===================================================================
+--- libksba-1.3.5.orig/src/ocsp.c
++++ libksba-1.3.5/src/ocsp.c
+@@ -912,6 +912,12 @@ parse_response_extensions (ksba_ocsp_t o
+           else
+             ocsp->good_nonce = 1;
+         }
++      if (ti.length > (1<<24))
++        {
++          /* Bail out on much too large objects.  */
++          err = gpg_error (GPG_ERR_BAD_BER);
++          goto leave;
++        }
+       ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
+       if (!ex)
+         {
+@@ -979,6 +985,12 @@ parse_single_extensions (struct ocsp_req
+       err = parse_octet_string (&data, &datalen, &ti);
+       if (err)
+         goto leave;
++      if (ti.length > (1<<24))
++        {
++          /* Bail out on much too large objects.  */
++          err = gpg_error (GPG_ERR_BAD_BER);
++          goto leave;
++        }
+       ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
+       if (!ex)
+         {

libksba.changes

@@ -0,0 +1,165 @@
+* Tue Jan  3 2023 pmonreal@suse.com
+- Security fix: [bsc#1206579, CVE-2022-47629]
+  * Integer overflow in the CRL signature parser.
+  * Add libksba-CVE-2022-47629.patch
+* Mon Oct 17 2022 pmonreal@suse.com
+- Security fix: [bsc#1204357, CVE-2022-3515]
+  * Detect a possible overflow directly in the TLV parser.
+  * Add libksba-CVE-2022-3515.patch
+* Thu Feb 22 2018 fvogt@suse.com
+- Use %%license (boo#1082318)
+* Mon Aug 22 2016 astieger@suse.com
+- libksba 1.3.5:
+  * Limit the allowed size of complex ASN.1 objects (e.g.
+  certificates) to 16MiB.
+  * Avoid read access to unitialized memory.
+  * Improve detection of invalid RDNs.
+  * Encode the OCSP nonce value as an octet string as described by
+  RFC-6960.
+* Tue May 10 2016 astieger@suse.com
+- libksba 1.3.4:
+  * Fixed two OOB read access bugs which could be used to force a DoS.
+  boo#979261 CVE-2016-4574, CVE-2016-4579
+  * Fixed a crash due to faulty curve OID lookup code.
+  * Synced the list of supported curves with those of Libgcrypt.
+  * New configure option --enable-build-timestamp; a build timestamp is
+  not anymore used by default.
+* Fri Apr 10 2015 astieger@suse.com
+- libksba 1.3.3:
+  * Fixed an integer overflow in the DN decoder.
+  * Now returns an error instead of terminating the process for
+  certain bad BER encodings.
+  * Improved the parsing of utf-8 strings in DNs.
+  * Allow building with newer versions of Bison.
+* Thu Mar 19 2015 astieger@suse.com
+- remove libtool requirement
+* Wed Nov 26 2014 andreas.stieger@gmx.de
+- libksba 1.3.2 [boo#907074] [CVE-2014-9087]
+  This version contains a security update which fixes a buffer
+  overflow in OID to string conversion code that can be triggered
+  by a specially crafted S/MIME message or ECC based OpenPGP data.
+  Users of GnuPG 2.x should install this version and restart the
+  dirmgr process.
+  * Fixed a buffer overflow in ksba_oid_to_str.
+- verify source signature
+* Sun Sep 21 2014 andreas.stieger@gmx.de
+- libksba 1.3.1:
+  * Fixed memory leak in CRL parsing
+  * Build fixes for ppc64el
+* Tue Nov 27 2012 meissner@suse.com
+- Use URL for source
+* Mon Oct  1 2012 andreas.stieger@gmx.de
+- update to libksba 1.3.0
+  - change license from GPLv2 to LGPLv3/GPLv2
+  - minor bug fixes
+- implement shared library packaging policy
+- remove nld-build.diff which was added 2004 before package was in
+  the openSUSE OBS, was never used or applied cleanly since r1
+* Sat Nov 19 2011 coolo@suse.com
+- add libtool as buildrequire to avoid implicit dependency
+* Fri Jul 29 2011 puzel@novell.com
+- update to libksba-1.2.0
+  - New functions to allow the creation of X.509 certificates.
+  - Interface changes relative to the 1.1.0 release:
+    ksba_certreq_set_serial          NEW
+    ksba_certreq_set_issuer          NEW
+    ksba_certreq_set_validity        NEW
+    ksba_certreq_set_siginfo         NEW
+* Fri Dec  3 2010 puzel@novell.com
+- update to libksba-1.1.0
+  * New functions to fix a leak in dirmngr.
+  * Interface changes relative to the 1.0.0 release:
+  ksba_reader_set_release_notify   NEW
+  ksba_writer_set_release_notify   NEW
+- clean up specfile
+* Sun Oct 31 2010 jengelh@medozas.de
+- Use %%_smp_mflags
+* Tue Aug 17 2010 puzel@novell.com
+- update to libksba-1.0.8
+  * Fixed a CMS parsing bug exhibited by Lotus Notes.
+* Thu Jul  9 2009 puzel@novell.com
+- update to libksba-1.0.7
+  * Detect overflow while parsing OIDs.  Map BER encoded OIDs to well
+  known names.
+  * Allow mixed case names in DNs.
+* Wed Jun 24 2009 puzel@suse.cz
+- update to libksba-1.0.6
+  * Support SHA-{384,512} based signature generation.
+  * The RSA algorithmIdentifier ASN.1 sequence is now emitted with an
+  explicit NULL parameter.  Despite the interop testing we did in the
+  past, some software still requires this and thus we better follow
+  the best current practise.
+* Tue Apr  7 2009 crrodriguez@suse.de
+- remove static libraries and "la" files
+- fix buildrequires and -devel package dependencies
+* Mon Jan 12 2009 puzel@suse.cz
+- update to 1.0.5 (bugfix release)
+  - minor bugfixes
+* Thu Sep 25 2008 puzel@suse.cz
+- update to 1.0.4
+  * autoconf fixes
+- correctly install/uninstall info files
+- use %%makeinstall and %%configure macros
+* Thu Jun 26 2008 puzel@suse.cz
+- update to 1.0.3
+  * bugfix release (autoconf fixes)
+  * removed libksba-texi.patch
+* Thu Jan 10 2008 bk@suse.de
+- Add missing initialsation, fixes gpgsm crash in GPG's make check
+* Mon Jul 30 2007 ltinkl@suse.cz
+- update to 1.0.2
+  * Support for SHA-2.
+  * Fixed a couple of memory leaks.
+  * Experimental support for ECDSA.
+  * Minor portability fixes.
+  * Switched to GPLv3.
+* Tue Sep 12 2006 pnemec@suse.cz
+- updated to 1.0.0 by diff from author
+  - change in api
+* Mon Sep 11 2006 pnemec@suse.cz
+- updated to 0.9.16
+  Fixed a character set conversion bug in BMPStrings
+  Added new api functions, see readme.
+* Fri Jun 23 2006 pnemec@suse.cz
+- updated to 0.9.15 from CVS!
+  fixed security bug #177462
+* Thu May 25 2006 pnemec@suse.cz
+- updated to version 0.9.14
+  * Fixed broken OCSP requests.
+  * Ignore invalid bytes appended to a certificate.
+  * New functions to associate user data with a certificate object.
+* Wed Jan 25 2006 mls@suse.de
+- converted neededforbuild to BuildRequires
+* Mon Sep 26 2005 mls@suse.de
+- make devel package require base package
+* Fri Aug  5 2005 postadal@suse.cz
+- updated to version 0.9.12
+* Mon Jul 11 2005 postadal@suse.cz
+- updated to version 0.9.11
+- removed obsoleted patch autoconf-fix.diff
+* Wed Jan 12 2005 postadal@suse.cz
+- update to version 0.9.10
+* Thu Sep 30 2004 postadal@suse.cz
+- restored autoconf-fix.diff patch removed by last update [#36193, #46036]
+  (fixed autoconf issue - quoted definition of AM_PATH_KSBA)
+* Wed Jul 28 2004 adrian@suse.de
+- update to version 0.9.8
+* Wed Jul 14 2004 adrian@suse.de
+- create -devel sub package
+- prepare for nld
+* Mon Jul 12 2004 adrian@suse.de
+- update to version 0.9.7
+* Wed Mar 17 2004 postadal@suse.cz
+- fixed autoconf issue (quoted definition of AM_PATH_KSBA) [#36193]
+* Tue Feb 10 2004 postadal@suse.cz
+- fixed code that broke strict aliasing
+- bziped tarball
+* Sun Jan 11 2004 adrian@suse.de
+- add %%run_ldconfig
+* Mon Jun  2 2003 mc@suse.de
+- switch to version 0.4.7
+  This fixes a problem mainly relevant to certificate request
+  creation (if you must use the ugly way of putting the email
+  address into the subject DN)
+* Thu Feb 20 2003 mc@suse.de
+- initial version

libksba.keyring

@@ -0,0 +1,99 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I
+Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg
+jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7
+KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u
+qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB
+1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk
+aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW
+AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s
+hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8
+5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8
+Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc
+WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC
+E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsqInAQQAQIA
+BgUCTS2NBAAKCRBTtiDQHODGMEZPBACLmrMjpwmyVvI6X5N4NlWctXQWY+4ODx2i
+O9CtUM/F96YiPFlmgwsJUzyXLwALYk+shh83TjQLfjexohzS1O07DCZUy7Lsb9R7
+HbYJ1Yf/QcEykbiAW465CZb1BAOMR2HUODBTaABaidfnhmUzJtayz7Y0KKRHAx+V
+VS6kfnsFq5kBDQRUUF8HAQgAh1mo8r+kVWVTNsNlyurm2tdZKiQbdeVgpBgcDnqI
+3fAV58C3nC8DVuK5qVGZPB/jbu42jc8BXGP1l6UP+515LQL5GpTtV0pRWUO02WOu
+TLZBVQcq53vzbg1xVo31rWV96mqGAPs8lGUCm09fpuiVKQojO6/Ihkg7/bnzeSbc
+X5Xk9eKLhyB7tnakuYJeRYm4bjs+YDApK8IFQyevYF8pjTcbLTSNJPW9WLCsozsy
+11r4xdfRcTWjARVz5VzTnQ+Px8YtsnjQ3qwNJBpsqMLCdDN7YGhh/mlwPjgdq/UF
+f5+bY6f3ew0vshBqInBQycBSmYyoX0Ye3sAS/OR4nu5ZaQARAQABtD5EYXZpZCBT
+aGF3IChHbnVQRyBSZWxlYXNlIFNpZ25pbmcgS2V5KSA8ZHNoYXdAamFiYmVyd29j
+a3kuY29tPokBPgQTAQIAKAUCVFBfBwIbAwUJCbp27gYLCQgHAwIGFQgCCQoLBBYC
+AwECHgECF4AACgkQBDdvPuCFaVmIoQf+POxCWkCTicRVlq0kust/iwYO1egK9FWG
+130e2Irnv2lAZZN/0S5ibjHCYFp9gfMgmtVTF5oWXjSDAy/kIykQBBcUVx4SCJbd
+MtKSdsSIQMz6P4DxXumxQm79msOsbi5TsdtUwjqdrbu2sHloE7ck/hTXUCkX3zuq
+txY7W23BCQxVVT5qUaFuAHkkQaaBgAb8gdgixmkIBfu9u8k3k9zUKm/PNfMjxClv
+ORkP8gev+XyzNgcXM49h5YYlmDT+Ahv99nUM1wg8yJTjefBAY0fL982Scx30nDQO
+3w7ihALUoj5+TXQjhs3sWPJ8u3pstr9XcfzEZC77/CZmRYNr8g5hBokBHAQQAQgA
+BgUCVFOBbwAKCRAkmznSTyXjtmHeB/0X00v959Oyc0EsSLOlfC52qsEn5cU7vxFb
++KY9aKtG4+hApJxemkqpCgA5+xZwXp3SQOf0sYFwz5OsukIjRF0HgSEdjoMTH6b7
+lT0nCwKo8AMU0nJbopVIJikHOzk2gUqh1gxu5iml1RbSkmFhiGjYeqM+ONQynCeX
+Gg3LLZCQ1eeoaX69bvbWQFDtTIn2HYvjZLjuGC6PGH/naZ7GchiiiK0bs4UOdJFX
+HtITC/7DcgEiHMHOMT3XlwINTexZG0grl2LuWuyyhurJh5IO6geArPKUmR8SjJjV
+azpwbutZhYjTzfUpPvKK8kCSan9Df5eeekDrKCU8x8aqLDVyoQcRmQENBFRQOyMB
+CADmEHA30Xc6op/72ZcJdQMriVvnAyN22L3rEbTiACfvBajs6fpzme2uJlC5F1Hk
+Ydx3DvdcLoIV6Ed6j95JViJaoE0EB8T1TNuQRL5xj7jAPOpVpyqErF3vReYdCDIr
+umlEb8zCQvVTICsIYYAo3oxX/Z/M7ogZDDeOe1G57f/Y8YacZqKw0AqW+20dZn3W
+7Lgpjl8EzX25AKBl3Hi/z+s/T7JCqxZPAlQq/KbHkYh81oIm+AX6/5o+vCynEEx/
+2OkdeoNeeHgujwL8axAwPoYKVV9COy+/NQcofZ6gvig1+S75RrkG4AdiL64C7OpX
+1N2kX08KlAzI9+65lyUw8t0zABEBAAG0Mk5JSUJFIFl1dGFrYSAoR251UEcgUmVs
+ZWFzZSBLZXkpIDxnbmlpYmVAZnNpai5vcmc+iQE8BBMBCAAmBQJUUDsjAhsDBQkD
+wmcABQsHCAkDBBUICQoFFgIDAQACHgECF4AACgkQIHGwijO9PwZ1/wgA0LKal1wF
+Za8FPUonc2GzwE9YhkZiJB8KA/a7T6//cW4N46/GswiqZJxN1RdKs1B+rp7EMMU3
+bhoXstLBcIYveljqh4lPBWCsTT2+/OpwAmgnzjgdTHcpnCMTEOdZktD5SKrTj2tV
+aWXAlWK/UsEEanA3cvzofy44n7rm+Eoa7P1YGCHL++Ihsi66ElbehilTT/xxckHX
+Uji1XDvoagEENEHk5j4Z2mhWtjnGclvuiBkS4XezezNMW/fPAypZX4bkURNbGd8j
+tkb3Eqt+bv+ZQoSA+Ukv8APaAzj8lRSw+CYjDxpoM0jtmiPrk+u/Do46COVA/IX2
+2aYNT2Y2KoWJV4kBHAQQAQgABgUCVFOCHQAKCRAkmznSTyXjtoIhB/0ZE/ppI2Gc
+qDxSwPKkRkkoMD8oXdKkPxjUF2jgP+bceHKiz1F78cx/eZltB4av8OujO1IwqH2C
+0aVr46W3eSyIcpmmw6F9sjLcTfyZJfWJrvobb7WQSKvWw0eHFgNGR6Z+BA3ohjws
+aCZtzzkH2gXI+EM7qaZozMw+eSkZ4qTE9B4/hkMZZpBO0oGy9PQzSlADGftyyuTt
+oSUvepfs+EvYSddQ7skXWq0zePuOhng2Mppl690A+aTywyetbPvVeqjiAbI7NB5f
+8Tw7dk0Febe9NHvbwzgiStMPmIKrTcthvgIClBkZvmkBFWAPxYPdHfLzAlpDGxJt
+R31c0zNFBH68mQENBFRDqVIBCAC0k8eZKDmNqdmawOlJ/m62L2g8uXT/+/vAEGb1
+yaib09xI6tfGXzbqlDwrLIZcJsSIT/nt/ajJnIVbc3137va4XbwMzsDpAMH4mmiT
+oqk+izEChGm2knzrLwhoflR8aGsKL35QoZT/erdjfgPeCRLvf25fHsN2Jb0WIMzC
+56VkMeFoza+9HZ5hrkemmm+gPvIvhEUopxCyOS8mK5WjB4zzIdyDJfkqVpHvafNP
+0N4LIsedKdyHcj/K3kY4Kejl99GW1z1snBgPamoN2/e52Pf6KTw2FjsSGZ72oalc
+rkBR4wacUizGxKcRD2Y6Xa0g9mwToWdNBQCIII+uTzOzq1EDABEBAAG0IVdlcm5l
+ciBLb2NoIChSZWxlYXNlIFNpZ25pbmcgS2V5KYkBPQQTAQgAJwUCVEOpUgIbAwUJ
+C6oF9QULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCKhhscfv1g2aH7B/wIW6mV
+mTmzW2xc1q1MUdssExQBhEeONrbWJ/HiGZP/MaabgQ/+wZuThTAwfGM5zFQBOvrB
+OGURhINU6lYQlcOrVo+V8Z1mNQKFWaKxJaY5Ku1bB1OuX9FHLEiMibogHu5fjJIX
+BE8XrnvueejyFQ5g/uX2xcGgCWlMe49sR3K+lEl3n93xTmSNhP52r0gTjMjbqKWK
+UaIGJ5OcWSrvawdfqLXkxR8phq2AlHHEfxpcZsOp9mZirWYQ5jcgGgFP0LYXUw/R
+nxFpOcrj45qufmyEL9QJKjBV5RaHJbqukefwUInPQtVUmINqQxztSh5QxQP2tsUP
+IeEi5RAoCwLJam8ziQEcBBABCAAGBQJUU4JUAAoJECSbOdJPJeO2c+cH+wevKc8w
+bkWSoGOJiYDglVMJa4x5utgHyXP4PyqelIQ7yibfQq3YyOU9RWRGxfvuofPXpx1E
+u/XtCGgw03r4HZhauauYe27IDpA5P/Go7+WqufT6gMBoZf/1cD2ykQZpFyszEKHf
+Y+BlzqPJcRaXy4+uQG3O+bh/R2eIGAJDao/AclJI+kfckeY5DzRTibPex+rGAkxZ
+8qHtlCb0WeUbL3mgl9f3LlbPH77w1on6XqqIaQ+ODSS/3CUOIhNI3lrGO7mIqhSC
+0n+rpqLHeVLpLkz0IFvsJOp9UOHDCA8oL0cQtJGP1pN7muKR9nCVtoNuN41JapoO
+4ZaHe5Y0r5MIofSYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNwQo8OSmVw
+IvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYUTF0F/15p
+iAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz28iRH/UZc
+YLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpuQGdudS5v
+cmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2MtwUJClRO
+YQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhAtm3dxWeU
+xA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2qagd/nRch
+l9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+EwCV7i2e2
+u5kBogQ1oh4eEQQA/pdK4Oafa1uDN7Cr5nss4bNpg8YUSg01VVJ08KTCEdpCAPaU
++NzaP3KD2ow74WU2gzP70s9uSGQ2Vie4BLvOkaaBHba/3ivBrg3ILFrxbOfmKQg8
+Fhtncd/TBOwzfkkbxBNcVJuBPRtjZ3dlDbS4IPNsIIv2SuCIfQmA8qNGvWsAoIrJ
+90b2fzERCZkKtfkoyYA8fnNrBADhJ8RmIrKiCnDk3Tzk04nu6O8fp3ptrmnO7jlu
+vDfsEVsYRjyMbDnbnjCGu1PeFoP2HZ+H9lp4CaQbyjWh2JlvI9UOc72V16SFkV0r
+8k0euNQXHhhzXWIkfz4gwSbBkN2nO5+6cIVeKnsdyFYkQyVs+Q86/PMfjo7utyrc
+WLq1CAQAou3da1JR6+KJO4gUZVh2F1NoaVCEPAvlDhNV10/hwe5mS0kTjUJ1jMl5
+6mwAFvhFFF9saW+eAnrwIOHjopbdHrPBmTJlOnNMHVLJzFlqjihwRRZQyL8iNu2m
+farn9Mr28ut5BQmp0CnNEJ6hl0Cs7l2xagWFtlEK2II144vK3fG0J1dlcm5lciBL
+b2NoIChnbnVwZyBzaWcpIDxkZDlqbkBnbnUub3JnPohhBBMRAgAhAheABQkOFIf9
+BQJBvGheBgsJCAcDAgMVAgMDFgIBAh4BAAoJEGi3q4lXVI3NBJMAn01313ag0tgj
+rGUZtDlKYbmNIeMeAJ0UpVsjxpylBcSjsPE8MAki7Hb2Rw==
+=W3eM
+-----END PGP PUBLIC KEY BLOCK-----

libksba.spec

@@ -0,0 +1,100 @@
+#
+# spec file for package libksba
+#
+# Copyright (c) 2022-2023 ZhuningOS
+#
+
+
+%define soname 8
+Name:           libksba
+Version:        1.3.5
+Release:        150000.4.6.1
+Summary:        A X.509 Library
+License:        (LGPL-3.0+ or GPL-2.0+) and GPL-3.0+ and MIT
+Group:          Development/Libraries/C and C++
+Url:            http://www.gnupg.org/aegypten/
+Source:         ftp://ftp.gnupg.org/gcrypt/libksba/%{name}-%{version}.tar.bz2
+Source2:        ftp://ftp.gnupg.org/gcrypt/libksba/%{name}-%{version}.tar.bz2.sig
+Source3:        libksba.keyring
+Source4:        libksba.changes
+Patch0:         libksba-CVE-2022-3515.patch
+#PATCH-FIX-UPSTREAM bsc#1206579 CVE-2022-47629 integer overflow in the CRL signature parser
+Patch1:         libksba-CVE-2022-47629.patch
+BuildRequires:  libgpg-error-devel >= 1.8
+# FIXME: use proper Requires(pre/post/preun/...)
+PreReq:         %{install_info_prereq}
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+KSBA is a library to simplify the task of working with X.509
+certificates, CMS data, and related data.
+
+%package -n %{name}%{soname}
+Summary:        A X.509 Library
+Group:          Development/Libraries/C and C++
+Provides:       %{name} = %{version}
+Obsoletes:      %{name} < %{version}
+
+%description -n %{name}%{soname}
+KSBA is a library to simplify the task of working with X.509
+certificates, CMS data, and related data.
+
+%package devel
+Summary:        A X.509 Library
+Group:          Development/Libraries/C and C++
+Requires:       libgpg-error-devel
+Requires:       libksba = %{version}
+Provides:       libksba:%{_includedir}/ksba.h
+
+%description devel
+KSBA is a library to simplify the task of working with X.509
+certificates, CMS data, and related data.
+
+This package contains the needed files to compile and link against the
+libksba.
+
+%prep
+%setup -q -n libksba-%{version}
+%patch0 -p1
+%patch1 -p1
+
+%build
+build_timestamp=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE4})
+%configure \
+	--disable-static \
+	--with-pic \
+	--enable-build-timestamp="${build_timestamp}"
+
+make %{?_smp_mflags}
+
+%check
+make %{?_smp_mflags} check
+
+%install
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%post -n %{name}%{soname} -p /sbin/ldconfig
+%postun -n %{name}%{soname} -p /sbin/ldconfig
+
+%files -n %{name}%{soname}
+%defattr(-,root,root)
+%license COPYING
+%doc README AUTHORS ChangeLog NEWS THANKS TODO
+%{_libdir}/libksba*.so.*
+
+%post devel
+%install_info --info-dir=%{_infodir} %{_infodir}/ksba.info.gz
+
+%postun devel
+%install_info_delete --info-dir=%{_infodir} %{_infodir}/ksba.info.gz
+
+%files devel
+%defattr(-,root,root)
+%{_bindir}/*
+%{_libdir}/libksba*.so
+%{_includedir}/*
+%{_infodir}/ksba*
+%{_datadir}/aclocal/*
+
+%changelog