recipes: Move out stale GPLv2 versions to a seperate layeruninative-1.5

These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. (From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-02 12:04:08 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-07 20:05:31 +0000
commit: 2345af9b4829ed3eed5abf60f2483055649f8af7 (patch)
tree: 96a9a31e4b1957b93c4fe3eb669117d2752caf0d /meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
parent: c4901328fe5cf912c0965e5b011b64a95a9bcb9d (diff)
download: poky-uninative-1.5.tar.gz
1 files changed, 0 insertions, 154 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
deleted file mode 100644
index 5dcde1f9cb..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-Upstream-Status: Backport
-CVE: CVE-2013-4576
-Index: gnupg-1.4.7/cipher/dsa.c
-===================================================================
--- gnupg-1.4.7.orig/cipher/dsa.c       2006-12-12 02:27:21.000000000 +0800
-+++ gnupg-1.4.7/cipher/dsa.c    2014-01-23 11:30:17.300915919 +0800
-@@ -287,6 +287,8 @@
-     MPI kinv;
-     MPI tmp;
- 
-+    mpi_normalize (hash);
-+
-     /* select a random k with 0 < k < q */
-     k = gen_k( skey->q );
- 
-Index: gnupg-1.4.7/cipher/elgamal.c
-===================================================================
--- gnupg-1.4.7.orig/cipher/elgamal.c   2006-12-12 03:08:05.000000000 +0800
-+++ gnupg-1.4.7/cipher/elgamal.c        2014-01-23 11:30:17.300915919 +0800
-@@ -376,6 +376,9 @@
- {
-     MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
- 
-+    mpi_normalize (a);
-+    mpi_normalize (b);
-+
-     /* output = b/(a^x) mod p */
-     mpi_powm( t1, a, skey->x, skey->p );
-     mpi_invm( t1, t1, skey->p );
-Index: gnupg-1.4.7/cipher/random.c
-===================================================================
--- gnupg-1.4.7.orig/cipher/random.c    2006-11-03 18:09:39.000000000 +0800
-+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
-@@ -273,6 +273,18 @@
- }
- 
- 
-+/* Randomize the MPI */ 
-+void
-+randomize_mpi (MPI mpi, size_t nbits, int level)
-+{
-+  unsigned char *buffer;
-+
-+  buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
-+  mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
-+  xfree (buffer);
-+}
-+
-+
- int
- random_is_faked()
- {
-Index: gnupg-1.4.7/cipher/random.h
-===================================================================
--- gnupg-1.4.7.orig/cipher/random.h    2006-02-09 19:29:29.000000000 +0800
-+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
-@@ -32,6 +32,7 @@
- int  random_is_faked(void);
- void random_disable_locking (void);
- void randomize_buffer( byte *buffer, size_t length, int level );
-+void randomize_mpi (MPI mpi, size_t nbits, int level);
- byte *get_random_bits( size_t nbits, int level, int secure );
- void fast_random_poll( void );
- 
-Index: gnupg-1.4.7/cipher/rsa.c
-===================================================================
--- gnupg-1.4.7.orig/cipher/rsa.c       2006-12-12 03:09:00.000000000 +0800
-+++ gnupg-1.4.7/cipher/rsa.c    2014-01-23 11:35:04.330639125 +0800
-@@ -301,9 +301,26 @@
- #if 0
-     mpi_powm( output, input, skey->d, skey->n );
- #else
-    MPI m1   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
-    MPI m2   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
-    MPI h    = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
-+    int nlimbs = mpi_get_nlimbs (skey->n)+1;
-+    MPI m1   = mpi_alloc_secure (nlimbs);
-+    MPI m2   = mpi_alloc_secure (nlimbs);
-+    MPI h    = mpi_alloc_secure (nlimbs);
-+# if 1
-+    MPI bdata= mpi_alloc_secure (nlimbs);
-+    MPI r    = mpi_alloc_secure (nlimbs);
-+# endif
-+
-+    /* Remove superfluous leading zeroes from INPUT.  */
-+    mpi_normalize (input);
-+
-+# if 1 
-+    /* Blind:  bdata = (data * r^e) mod n   */
-+    randomize_mpi (r, mpi_get_nbits (skey->n), 0);
-+    mpi_fdiv_r (r, r, skey->n);
-+    mpi_powm (bdata, r, skey->e, skey->n);
-+    mpi_mulm (bdata, bdata, input, skey->n);
-+    input = bdata;
-+# endif
- 
-     /* m1 = c ^ (d mod (p-1)) mod p */
-     mpi_sub_ui( h, skey->p, 1  );
-@@ -321,8 +338,15 @@
-     /* m = m2 + h * p */
-     mpi_mul ( h, h, skey->p );
-     mpi_add ( output, m1, h );
-    /* ready */
-    
-+
-+# if 1
-+    mpi_free (bdata);
-+    /* Unblind: output = (output * r^(-1)) mod n  */
-+    mpi_invm (r, r, skey->n);
-+    mpi_mulm (output, output, r, skey->n);
-+    mpi_free (r);
-+# endif
-+
-     mpi_free ( h );
-     mpi_free ( m1 );
-     mpi_free ( m2 );
-@@ -397,6 +421,7 @@
- rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
- {
-     RSA_secret_key sk;
-+    MPI input;
- 
-     if( algo != 1 && algo != 2 )
-        return G10ERR_PUBKEY_ALGO;
-@@ -407,8 +432,14 @@
-     sk.p = skey[3];
-     sk.q = skey[4];
-     sk.u = skey[5];
-    *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
-    secret( *result, data[0], &sk );
-+
-+    /* Mitigates side-channel attacks (CVE-2013-4576).  */
-+    input = mpi_alloc (0);
-+    mpi_normalize (data[0]);
-+    mpi_fdiv_r (input, data[0], sk.n);
-+    *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
-+    secret (*result, input, &sk);
-+    mpi_free (input);
-     return 0;
- }
- 
-Index: gnupg-1.4.7/g10/gpgv.c
-===================================================================
--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
-+++ gnupg-1.4.7/g10/gpgv.c      2014-01-23 11:30:17.300915919 +0800
-@@ -390,6 +390,7 @@
- void random_dump_stats(void) {}
- int quick_random_gen( int onoff ) { return -1;}
- void randomize_buffer( byte *buffer, size_t length, int level ) {}
-+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
- int random_is_faked() { return -1;}
- byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
- void set_random_seed_file( const char *name ) {}
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-03-02 12:04:08 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-03-07 20:05:31 +0000
commit	2345af9b4829ed3eed5abf60f2483055649f8af7 (patch)
tree	96a9a31e4b1957b93c4fe3eb669117d2752caf0d /meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
parent	c4901328fe5cf912c0965e5b011b64a95a9bcb9d (diff)
download	poky-uninative-1.5.tar.gz

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch deleted file mode 100644 index 5dcde1f9cb..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch +++ /dev/null
@@ -1,154 +0,0 @@
1	Upstream-Status: Backport
2	CVE: CVE-2013-4576
3
4	Index: gnupg-1.4.7/cipher/dsa.c
5	===================================================================
6	--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800
7	+++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800
8	@@ -287,6 +287,8 @@
9	MPI kinv;
10	MPI tmp;
11
12	+ mpi_normalize (hash);
13	+
14	/* select a random k with 0 < k < q */
15	k = gen_k( skey->q );
16
17	Index: gnupg-1.4.7/cipher/elgamal.c
18	===================================================================
19	--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800
20	+++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800
21	@@ -376,6 +376,9 @@
22	{
23	MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
24
25	+ mpi_normalize (a);
26	+ mpi_normalize (b);
27	+
28	/* output = b/(a^x) mod p */
29	mpi_powm( t1, a, skey->x, skey->p );
30	mpi_invm( t1, t1, skey->p );
31	Index: gnupg-1.4.7/cipher/random.c
32	===================================================================
33	--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800
34	+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
35	@@ -273,6 +273,18 @@
36	}
37
38
39	+/* Randomize the MPI */
40	+void
41	+randomize_mpi (MPI mpi, size_t nbits, int level)
42	+{
43	+ unsigned char *buffer;
44	+
45	+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
46	+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
47	+ xfree (buffer);
48	+}
49	+
50	+
51	int
52	random_is_faked()
53	{
54	Index: gnupg-1.4.7/cipher/random.h
55	===================================================================
56	--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800
57	+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
58	@@ -32,6 +32,7 @@
59	int random_is_faked(void);
60	void random_disable_locking (void);
61	void randomize_buffer( byte *buffer, size_t length, int level );
62	+void randomize_mpi (MPI mpi, size_t nbits, int level);
63	byte *get_random_bits( size_t nbits, int level, int secure );
64	void fast_random_poll( void );
65
66	Index: gnupg-1.4.7/cipher/rsa.c
67	===================================================================
68	--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800
69	+++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800
70	@@ -301,9 +301,26 @@
71	#if 0
72	mpi_powm( output, input, skey->d, skey->n );
73	#else
74	- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
75	- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
76	- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
77	+ int nlimbs = mpi_get_nlimbs (skey->n)+1;
78	+ MPI m1 = mpi_alloc_secure (nlimbs);
79	+ MPI m2 = mpi_alloc_secure (nlimbs);
80	+ MPI h = mpi_alloc_secure (nlimbs);
81	+# if 1
82	+ MPI bdata= mpi_alloc_secure (nlimbs);
83	+ MPI r = mpi_alloc_secure (nlimbs);
84	+# endif
85	+
86	+ /* Remove superfluous leading zeroes from INPUT. */
87	+ mpi_normalize (input);
88	+
89	+# if 1
90	+ /* Blind: bdata = (data * r^e) mod n */
91	+ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
92	+ mpi_fdiv_r (r, r, skey->n);
93	+ mpi_powm (bdata, r, skey->e, skey->n);
94	+ mpi_mulm (bdata, bdata, input, skey->n);
95	+ input = bdata;
96	+# endif
97
98	/* m1 = c ^ (d mod (p-1)) mod p */
99	mpi_sub_ui( h, skey->p, 1 );
100	@@ -321,8 +338,15 @@
101	/* m = m2 + h * p */
102	mpi_mul ( h, h, skey->p );
103	mpi_add ( output, m1, h );
104	- /* ready */
105	-
106	+
107	+# if 1
108	+ mpi_free (bdata);
109	+ /* Unblind: output = (output * r^(-1)) mod n */
110	+ mpi_invm (r, r, skey->n);
111	+ mpi_mulm (output, output, r, skey->n);
112	+ mpi_free (r);
113	+# endif
114	+
115	mpi_free ( h );
116	mpi_free ( m1 );
117	mpi_free ( m2 );
118	@@ -397,6 +421,7 @@
119	rsa_decrypt( int algo, MPI result, MPI data, MPI *skey )
120	{
121	RSA_secret_key sk;
122	+ MPI input;
123
124	if( algo != 1 && algo != 2 )
125	return G10ERR_PUBKEY_ALGO;
126	@@ -407,8 +432,14 @@
127	sk.p = skey[3];
128	sk.q = skey[4];
129	sk.u = skey[5];
130	- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
131	- secret( *result, data[0], &sk );
132	+
133	+ /* Mitigates side-channel attacks (CVE-2013-4576). */
134	+ input = mpi_alloc (0);
135	+ mpi_normalize (data[0]);
136	+ mpi_fdiv_r (input, data[0], sk.n);
137	+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
138	+ secret (*result, input, &sk);
139	+ mpi_free (input);
140	return 0;
141	}
142
143	Index: gnupg-1.4.7/g10/gpgv.c
144	===================================================================
145	--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
146	+++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800
147	@@ -390,6 +390,7 @@
148	void random_dump_stats(void) {}
149	int quick_random_gen( int onoff ) { return -1;}
150	void randomize_buffer( byte *buffer, size_t length, int level ) {}
151	+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
152	int random_is_faked() { return -1;}
153	byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
154	void set_random_seed_file( const char *name ) {}