9 changed files with 231 additions and 159 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/.gitignore
+++ b/.gitignore
@ -1,16 +1,4 @@
-libksba-1.0.8.tar.bz2
-libksba-1.0.8.tar.bz2.sig
-/libksba-1.2.0.tar.bz2
-/libksba-1.2.0.tar.bz2.sig
-/libksba-1.3.0.tar.bz2
-/libksba-1.3.0.tar.bz2.sig
-/libksba-1.3.1.tar.bz2
-/libksba-1.3.1.tar.bz2.sig
-/libksba-1.3.2.tar.bz2
-/libksba-1.3.2.tar.bz2.sig
-/libksba-1.3.3.tar.bz2
-/libksba-1.3.3.tar.bz2.sig
-/libksba-1.3.4.tar.bz2
-/libksba-1.3.4.tar.bz2.sig
-/libksba-1.3.5.tar.bz2
-/libksba-1.3.5.tar.bz2.sig
+/*.rpm
+/libksba-*/
+/libksba-*.tar.bz2*
+/results_libksba/
--- a/ci.fmf
+++ b/ci.fmf
@ -0,0 +1 @@
+resultsdb-testcase: separate
--- a/gating.yaml
+++ b/gating.yaml
@ -1,7 +1,7 @@
 --- !Policy
 product_versions:
-  - rhel-8
+  - rhel-10
 decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-enabled.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-disabled.functional}
--- a/libksba-1.5.1-overflow.patch
+++ b/libksba-1.5.1-overflow.patch
@ -1,104 +0,0 @@
-From 4b7d9cd4a018898d7714ce06f3faf2626c14582b Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Wed, 5 Oct 2022 14:19:06 +0200
-Subject: [PATCH] Detect a possible overflow directly in the TLV parser.
-
-* src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly
-used sum.
--
-
-It is quite common to have checks like
-
-    if (ti.nhdr + ti.length >= DIM(tmpbuf))
-       return gpg_error (GPG_ERR_TOO_LARGE);
-
-This patch detects possible integer overflows immmediately when
-creating the TI object.
-
-Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929
---
- src/ber-help.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/ber-help.c b/src/ber-help.c
-index 81c31ed..56efb6a 100644
--- a/src/ber-help.c
-+++ b/src/ber-help.c
-@@ -182,6 +182,12 @@ _ksba_ber_read_tl (ksba_reader_t reader, struct tag_info *ti)
-       ti->length = len;
-     }
- 
-+  if (ti->length > ti->nhdr && (ti->nhdr + ti->length) < ti->length)
-+    {
-+      ti->err_string = "header+length would overflow";
-+      return gpg_error (GPG_ERR_EOVERFLOW);
-+    }
-+
-   /* Without this kludge some example certs can't be parsed */
-   if (ti->class == CLASS_UNIVERSAL && !ti->tag)
-     ti->length = 0;
-- 
-2.37.3
-
-commit f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
-Author: Werner Koch <wk@gnupg.org>
-Date:   Tue Nov 22 16:36:46 2022 +0100
-
-    Fix an integer overflow in the CRL signature parser.
-    
-    * src/crl.c (parse_signature): N+N2 now checked for overflow.
-    
-    * src/ocsp.c (parse_response_extensions): Do not accept too large
-    values.
-    (parse_single_extensions): Ditto.
-    --
-    
-    The second patch is an extra safegourd not related to the reported
-    bug.
-    
-    GnuPG-bug-id: 6284
-    Reported-by: Joseph Surin, elttam
-
-diff --git a/src/crl.c b/src/crl.c
-index 9f71c85..2e6ca29 100644
--- a/src/crl.c
-+++ b/src/crl.c
-@@ -1349,7 +1349,7 @@ parse_signature (ksba_crl_t crl)
-          && !ti.is_constructed) )
-     return gpg_error (GPG_ERR_INV_CRL_OBJ);
-   n2 = ti.nhdr + ti.length;
-  if (n + n2 >= DIM(tmpbuf))
-+  if (n + n2 >= DIM(tmpbuf) || (n + n2) < n)
-     return gpg_error (GPG_ERR_TOO_LARGE);
-   memcpy (tmpbuf+n, ti.buf, ti.nhdr);
-   err = read_buffer (crl->reader, tmpbuf+n+ti.nhdr, ti.length);
-diff --git a/src/ocsp.c b/src/ocsp.c
-index d4cba04..657d15f 100644
--- a/src/ocsp.c
-+++ b/src/ocsp.c
-@@ -721,6 +721,12 @@ parse_response_extensions (ksba_ocsp_t ocsp,
-           else
-             ocsp->good_nonce = 1;
-         }
-+      if (ti.length > (1<<24))
-+        {
-+          /* Bail out on much too large objects.  */
-+          err = gpg_error (GPG_ERR_BAD_BER);
-+          goto leave;
-+        }
-       ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
-       if (!ex)
-         {
-@@ -788,6 +794,12 @@ parse_single_extensions (struct ocsp_reqitem_s *ri,
-       err = parse_octet_string (&data, &datalen, &ti);
-       if (err)
-         goto leave;
-+      if (ti.length > (1<<24))
-+        {
-+          /* Bail out on much too large objects.  */
-+          err = gpg_error (GPG_ERR_BAD_BER);
-+          goto leave;
-+        }
-       ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
-       if (!ex)
-         {
--- a/libksba.spec
+++ b/libksba.spec
@ -1,24 +1,29 @@
+%bcond_with bootstrap
+
 Summary: CMS and X.509 library
 Name:    libksba
-Version: 1.3.5
-Release: 9%{?dist}
+Version: 1.6.7
+Release: 2%{?dist}

 # The library is licensed under LGPLv3+ or GPLv2+,
 # the rest of the package under GPLv3+
-License: (LGPLv3+ or GPLv2+) and GPLv3+
-Group:   System Environment/Libraries
-URL:     http://www.gnupg.org/
-Source0: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-%{version}.tar.bz2
-Source1: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-%{version}.tar.bz2.sig
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+License: GPL-3.0-or-later AND LGPL-2.1-or-later AND (LGPL-3.0-or-later OR GPL-2.0-or-later)
+URL:     https://www.gnupg.org/
+Source0: https://www.gnupg.org/ftp/gcrypt/libksba/libksba-%{version}.tar.bz2
+Source1: https://www.gnupg.org/ftp/gcrypt/libksba/libksba-%{version}.tar.bz2.sig
+Source2: https://gnupg.org/signature_key.asc

 Patch1: libksba-1.3.0-multilib.patch
-# Fix for CVE-2022-3515
-Patch2: libksba-1.5.1-overflow.patch

+BuildRequires: gcc
 BuildRequires: gawk
+%if %{without bootstrap}
+# Require gnupg2 to verify sources, unless bootstrapping
+BuildRequires: gnupg2
+%endif
 BuildRequires: libgpg-error-devel >= 1.8
 BuildRequires: libgcrypt-devel >= 1.2.0
+BuildRequires: make

 %description
 KSBA (pronounced Kasbah) is a library to make X.509 certificates as
@ -27,33 +32,38 @@ specifications are building blocks of S/MIME and TLS.

 %package devel
 Summary: Development headers and libraries for %{name}
-Group:   Development/Libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
-Requires(post): /sbin/install-info
-Requires(preun): /sbin/install-info
+Requires: pkgconfig
+
 %description devel
 %{summary}.


 %prep
+%if %{without bootstrap}
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+%endif
 %setup -q

-%patch1 -p1 -b .multilib
-%patch2 -p1 -b .overflow
+%patch 1 -p1 -b .multilib

+# Convert to utf-8
+for file in THANKS; do
+    iconv -f ISO-8859-1 -t UTF-8 -o $file.new $file && \
+    touch -r $file $file.new && \
+    mv $file.new $file
+done

 %build
 %configure \
  --disable-dependency-tracking \
  --disable-static

-make %{?_smp_mflags}
+%make_build


 %install
-rm -rf $RPM_BUILD_ROOT
-
-make install DESTDIR=$RPM_BUILD_ROOT
+%make_install

 rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
@ -65,36 +75,103 @@ make check

 %ldconfig_scriptlets

-%post devel
-install-info %{_infodir}/ksba.info %{_infodir}/dir ||:
-
-%preun devel
-if [ $1 -eq 0 ]; then
-  install-info --delete %{_infodir}/ksba.info %{_infodir}/dir ||:
-fi
-
-
 %files
-%defattr(-,root,root,-)
 %license COPYING COPYING.GPLv2 COPYING.GPLv3 COPYING.LGPLv3
 %doc AUTHORS ChangeLog NEWS README* THANKS TODO
 %{_libdir}/libksba.so.8*

 %files devel
-%defattr(-,root,root,-)
 %{_bindir}/ksba-config
 %{_libdir}/libksba.so
 %{_includedir}/ksba.h
 %{_datadir}/aclocal/ksba.m4
+%{_libdir}/pkgconfig/ksba.pc
 %{_infodir}/ksba.info*


 %changelog
-* Wed Jan 25 2023 Jakub Jelen <jjelen@redhat.com> - 1.3.5-9
- Fix for CVE-2022-47629 (#2161571)
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.6.7-2
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018

-* Wed Oct 19 2022 Jakub Jelen <jjelen@redhat.com> - 1.3.5-8
- Fix for CVE-2022-3515 (#2135702)
+* Tue Jul 02 2024 Jakub Jelen <jjelen@redhat.com> - 1.6.7-1
+- New upstream release (#2265627)
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.6.5-4
+- Bump release for June 2024 mass rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Nov 16 2023 Jakub Jelen <jjelen@redhat.com> - 1.6.5-1
+- New upstream release (#2250046)
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jun 19 2023 Jakub Jelen <jjelen@redhat.com> - 1.6.4-1
+- New upstream release (#2215873)
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Dec 20 2022 Todd Zullinger <tmz@pobox.com> - 1.6.3-1
+- New upstream release (#2155172)
+
+* Fri Oct 07 2022 Jakub Jelen <jjelen@redhat.com> - 1.6.2-1
+- New upstream release (#2132953)
+
+* Mon Sep 19 2022 Jakub Jelen <jjelen@redhat.com> - 1.6.1-1
+- New upstream release (#2127464)
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 10 2021 Jakub Jelen <jjelen@redhat.com> - 1.6.0-1
+- New upstream release (#1970445)
+
+* Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.5.1-2
+- Address issues reported by coverity
+
+* Wed Apr 07 2021 Jakub Jelen <jjelen@redhat.com> - 1.5.1-1
+- New upstream release (#1946544)
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec 01 2020 Jakub Jelen <jjelen@redhat.com> - 1.5.0-1
+- New upstream release (#1899183)
+
+* Tue Oct  6 2020 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1
+- New upstream version 1.4.0
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.3.5-12
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--- a/plans/ci.fmf
+++ b/plans/ci.fmf
@ -0,0 +1,23 @@
+/fips-disabled-buildroot-disabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/libksba
+      name: /plans/ci/fips-disabled-buildroot-disabled
+
+/fips-disabled-buildroot-enabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/libksba
+      name: /plans/ci/fips-disabled-buildroot-enabled
+
+/fips-enabled-buildroot-disabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/libksba
+      name: /plans/ci/fips-enabled-buildroot-disabled
+
+/fips-enabled-buildroot-enabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/libksba
+      name: /plans/ci/fips-enabled-buildroot-enabled
--- a/signature_key.asc
+++ b/signature_key.asc
@ -0,0 +1,86 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
+3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
+a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
+LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
+MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
+ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
+hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
+F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
+BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
+/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
+dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
+xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
+hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
+ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
+QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
+ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
+iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
+CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
+FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
+CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
+IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
+fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
+6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
+ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
+sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
+/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
+Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
+o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
+5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
+4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
+b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
+bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
+icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
+GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
+m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
+IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
+/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
+BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
+ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
+AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
+BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
+EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
+BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
+V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
+c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
+OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
+l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
+Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
+HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
+UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
+7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
+wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
+C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
+bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
+Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
+VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
+fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
+dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
+AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
+my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
+7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
+3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
+QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
+vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
+vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
+YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
+t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
+eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
+4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
+7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
+D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
+MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
+MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
+14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
+jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
+WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
+AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
+RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
+IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
+N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
+eiInsGZ/+h5XYrpXTgA=
+=4+Sn
+-----END PGP PUBLIC KEY BLOCK-----
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (libksba-1.3.5.tar.bz2) = 60179bfd109b7b4fd8d2b30a3216540f03f5a13620d9a5b63f1f95788028708a420911619f172ba57e945a6a2fcd2ef7eaafc5585a0eb2b9652cfadf47bf39a2
-SHA512 (libksba-1.3.5.tar.bz2.sig) = 6b58b1c6ee924230e4f3b040836e85cb3b3f527f667bcb370c28d8ec702c884bcceab374688e02d0356dede81f9fcf975d726c1958d4d87e5c41757a6b2ba39e
+SHA512 (libksba-1.6.7.tar.bz2) = 60cb9df9f502ca479818f45b78c4bc2b78f6f359be2b8da489ea98f8896a43ab2c20cf97526b79a3220fb32f1701e62a6481fe61e91e567186ecf4f33d8e64d3
+SHA512 (libksba-1.6.7.tar.bz2.sig) = 97df523f0640f8fed0c3c7603218058021475d5b0e47a36610aa88312a6bb5f302e1e2016f5721a9077d0d27b35b28c7c96d9843866c957c965b2c580d3ee60b