summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnupg
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:04:08 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-07 20:05:31 +0000
commit2345af9b4829ed3eed5abf60f2483055649f8af7 (patch)
tree96a9a31e4b1957b93c4fe3eb669117d2752caf0d /meta/recipes-support/gnupg
parentc4901328fe5cf912c0965e5b011b64a95a9bcb9d (diff)
downloadpoky-2345af9b4829ed3eed5abf60f2483055649f8af7.tar.gz
recipes: Move out stale GPLv2 versions to a seperate layeruninative-1.5
These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. (From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/gnupg')
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch63
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch45
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch154
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch64
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch17
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch27
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch19
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch50
-rw-r--r--meta/recipes-support/gnupg/gnupg_1.4.7.bb104
9 files changed, 0 insertions, 543 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
deleted file mode 100644
index f0667741c8..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
+++ /dev/null
@@ -1,63 +0,0 @@
1From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001
2From: Werner Koch <wk@gnupg.org>
3Date: Thu, 25 Jul 2013 11:17:52 +0200
4Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret
5 exponents.
6
7commit e2202ff2b704623efc6277fb5256e4e15bac5676 from
8git://git.gnupg.org/libgcrypt.git
9
10* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
11exponents in secure memory.
12
13Upstream-Status: Backport
14CVE: CVE-2013-4242
15
16Signed-off-by: Kai Kang <kai.kang@windriver.com>
17--
18
19The attack is published as http://eprint.iacr.org/2013/448 :
20
21Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
22Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
23
24 Flush+Reload is a cache side-channel attack that monitors access to
25 data in shared pages. In this paper we demonstrate how to use the
26 attack to extract private encryption keys from GnuPG. The high
27 resolution and low noise of the Flush+Reload attack enables a spy
28 program to recover over 98% of the bits of the private key in a
29 single decryption or signing round. Unlike previous attacks, the
30 attack targets the last level L3 cache. Consequently, the spy
31 program and the victim do not need to share the execution core of
32 the CPU. The attack is not limited to a traditional OS and can be
33 used in a virtualised environment, where it can attack programs
34 executing in a different VM.
35
36Index: gnupg-1.4.7/mpi/mpi-pow.c
37===================================================================
38--- gnupg-1.4.7.orig/mpi/mpi-pow.c
39+++ gnupg-1.4.7/mpi/mpi-pow.c
40@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen
41 tp = rp; rp = xp; xp = tp;
42 rsize = xsize;
43
44- if( (mpi_limb_signed_t)e < 0 ) {
45+ /* To mitigate the Yarom/Falkner flush+reload cache
46+ * side-channel attack on the RSA secret exponent, we do
47+ * the multiplication regardless of the value of the
48+ * high-bit of E. But to avoid this performance penalty
49+ * we do it only if the exponent has been stored in secure
50+ * memory and we can thus assume it is a secret exponent. */
51+ if (esec || (mpi_limb_signed_t)e < 0) {
52 /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/
53 if( bsize < KARATSUBA_THRESHOLD ) {
54 mpihelp_mul( xp, rp, rsize, bp, bsize );
55@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen
56 mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
57 xsize = msize;
58 }
59+ }
60+ if ( (mpi_limb_signed_t)e < 0 ) {
61
62 tp = rp; rp = xp; xp = tp;
63 rsize = xsize;
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
deleted file mode 100644
index b50a32f40c..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1Upstream-Status: Backport
2CVE: CVE-2013-4351
3
4Index: gnupg-1.4.7/g10/getkey.c
5===================================================================
6--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
7+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
8@@ -1454,7 +1454,11 @@
9
10 if(flags)
11 key_usage |= PUBKEY_USAGE_UNKNOWN;
12+ if (!key_usage)
13+ key_usage |= PUBKEY_USAGE_NONE;
14 }
15+ else if (p)
16+ key_usage |= PUBKEY_USAGE_NONE;
17
18 /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
19 capability that we do not handle. This serves to distinguish
20Index: gnupg-1.4.7/g10/keygen.c
21===================================================================
22--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
23+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
24@@ -209,9 +209,6 @@
25 if (use & PUBKEY_USAGE_AUTH)
26 buf[0] |= 0x20;
27
28- if (!buf[0])
29- return;
30-
31 build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
32 }
33
34Index: gnupg-1.4.7/include/cipher.h
35===================================================================
36--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
37+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
38@@ -52,6 +52,7 @@
39 #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
40 #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
41 #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
42+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
43
44 #define DIGEST_ALGO_MD5 1
45 #define DIGEST_ALGO_SHA1 2
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
deleted file mode 100644
index 5dcde1f9cb..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
+++ /dev/null
@@ -1,154 +0,0 @@
1Upstream-Status: Backport
2CVE: CVE-2013-4576
3
4Index: gnupg-1.4.7/cipher/dsa.c
5===================================================================
6--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800
7+++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800
8@@ -287,6 +287,8 @@
9 MPI kinv;
10 MPI tmp;
11
12+ mpi_normalize (hash);
13+
14 /* select a random k with 0 < k < q */
15 k = gen_k( skey->q );
16
17Index: gnupg-1.4.7/cipher/elgamal.c
18===================================================================
19--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800
20+++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800
21@@ -376,6 +376,9 @@
22 {
23 MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
24
25+ mpi_normalize (a);
26+ mpi_normalize (b);
27+
28 /* output = b/(a^x) mod p */
29 mpi_powm( t1, a, skey->x, skey->p );
30 mpi_invm( t1, t1, skey->p );
31Index: gnupg-1.4.7/cipher/random.c
32===================================================================
33--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800
34+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
35@@ -273,6 +273,18 @@
36 }
37
38
39+/* Randomize the MPI */
40+void
41+randomize_mpi (MPI mpi, size_t nbits, int level)
42+{
43+ unsigned char *buffer;
44+
45+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
46+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
47+ xfree (buffer);
48+}
49+
50+
51 int
52 random_is_faked()
53 {
54Index: gnupg-1.4.7/cipher/random.h
55===================================================================
56--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800
57+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
58@@ -32,6 +32,7 @@
59 int random_is_faked(void);
60 void random_disable_locking (void);
61 void randomize_buffer( byte *buffer, size_t length, int level );
62+void randomize_mpi (MPI mpi, size_t nbits, int level);
63 byte *get_random_bits( size_t nbits, int level, int secure );
64 void fast_random_poll( void );
65
66Index: gnupg-1.4.7/cipher/rsa.c
67===================================================================
68--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800
69+++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800
70@@ -301,9 +301,26 @@
71 #if 0
72 mpi_powm( output, input, skey->d, skey->n );
73 #else
74- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
75- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
76- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
77+ int nlimbs = mpi_get_nlimbs (skey->n)+1;
78+ MPI m1 = mpi_alloc_secure (nlimbs);
79+ MPI m2 = mpi_alloc_secure (nlimbs);
80+ MPI h = mpi_alloc_secure (nlimbs);
81+# if 1
82+ MPI bdata= mpi_alloc_secure (nlimbs);
83+ MPI r = mpi_alloc_secure (nlimbs);
84+# endif
85+
86+ /* Remove superfluous leading zeroes from INPUT. */
87+ mpi_normalize (input);
88+
89+# if 1
90+ /* Blind: bdata = (data * r^e) mod n */
91+ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
92+ mpi_fdiv_r (r, r, skey->n);
93+ mpi_powm (bdata, r, skey->e, skey->n);
94+ mpi_mulm (bdata, bdata, input, skey->n);
95+ input = bdata;
96+# endif
97
98 /* m1 = c ^ (d mod (p-1)) mod p */
99 mpi_sub_ui( h, skey->p, 1 );
100@@ -321,8 +338,15 @@
101 /* m = m2 + h * p */
102 mpi_mul ( h, h, skey->p );
103 mpi_add ( output, m1, h );
104- /* ready */
105-
106+
107+# if 1
108+ mpi_free (bdata);
109+ /* Unblind: output = (output * r^(-1)) mod n */
110+ mpi_invm (r, r, skey->n);
111+ mpi_mulm (output, output, r, skey->n);
112+ mpi_free (r);
113+# endif
114+
115 mpi_free ( h );
116 mpi_free ( m1 );
117 mpi_free ( m2 );
118@@ -397,6 +421,7 @@
119 rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
120 {
121 RSA_secret_key sk;
122+ MPI input;
123
124 if( algo != 1 && algo != 2 )
125 return G10ERR_PUBKEY_ALGO;
126@@ -407,8 +432,14 @@
127 sk.p = skey[3];
128 sk.q = skey[4];
129 sk.u = skey[5];
130- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
131- secret( *result, data[0], &sk );
132+
133+ /* Mitigates side-channel attacks (CVE-2013-4576). */
134+ input = mpi_alloc (0);
135+ mpi_normalize (data[0]);
136+ mpi_fdiv_r (input, data[0], sk.n);
137+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
138+ secret (*result, input, &sk);
139+ mpi_free (input);
140 return 0;
141 }
142
143Index: gnupg-1.4.7/g10/gpgv.c
144===================================================================
145--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
146+++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800
147@@ -390,6 +390,7 @@
148 void random_dump_stats(void) {}
149 int quick_random_gen( int onoff ) { return -1;}
150 void randomize_buffer( byte *buffer, size_t length, int level ) {}
151+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
152 int random_is_faked() { return -1;}
153 byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
154 void set_random_seed_file( const char *name ) {}
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
deleted file mode 100644
index 362717636b..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
+++ /dev/null
@@ -1,64 +0,0 @@
1commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
2Author: Werner Koch <wk@gnupg.org>
3Date: Thu Dec 20 09:43:41 2012 +0100
4
5 gpg: Import only packets which are allowed in a keyblock.
6
7 * g10/import.c (valid_keyblock_packet): New.
8 (read_block): Store only valid packets.
9 --
10
11 A corrupted key, which for example included a mangled public key
12 encrypted packet, used to corrupt the keyring. This change skips all
13 packets which are not allowed in a keyblock.
14
15 GnuPG-bug-id: 1455
16
17 (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
18
19Upstream-Status: Backport
20CVE: CVE-2012-6085
21
22Signed-off-by: Saul Wold <sgw@linux.intel.com>
23
24diff --git a/g10/import.c b/g10/import.c
25index bfe02eb..a57b32e 100644
26--- a/g10/import.c
27+++ b/g10/import.c
28@@ -384,6 +384,27 @@ import_print_stats (void *hd)
29 }
30
31
32+/* Return true if PKTTYPE is valid in a keyblock. */
33+static int
34+valid_keyblock_packet (int pkttype)
35+{
36+ switch (pkttype)
37+ {
38+ case PKT_PUBLIC_KEY:
39+ case PKT_PUBLIC_SUBKEY:
40+ case PKT_SECRET_KEY:
41+ case PKT_SECRET_SUBKEY:
42+ case PKT_SIGNATURE:
43+ case PKT_USER_ID:
44+ case PKT_ATTRIBUTE:
45+ case PKT_RING_TRUST:
46+ return 1;
47+ default:
48+ return 0;
49+ }
50+}
51+
52+
53 /****************
54 * Read the next keyblock from stream A.
55 * PENDING_PKT should be initialzed to NULL
56@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
57 }
58 in_cert = 1;
59 default:
60- if( in_cert ) {
61+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
62 if( !root )
63 root = new_kbnode( pkt );
64 else
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
deleted file mode 100644
index e005ac658f..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
+++ /dev/null
@@ -1,17 +0,0 @@
1
2Upstream-Status: Inappropriate [configuration]
3
4Signed-off-by: Saul Wold <sgw@linux.intel.com>
5
6Index: gnupg-1.4.7/configure.ac
7===================================================================
8--- gnupg-1.4.7.orig/configure.ac
9+++ gnupg-1.4.7/configure.ac
10@@ -827,7 +827,6 @@ else
11 AC_SUBST(USE_NLS)
12 AC_SUBST(USE_INCLUDED_LIBINTL)
13 AC_SUBST(BUILD_INCLUDED_LIBINTL)
14- AM_PO_SUBDIRS
15 fi
16
17 if test "$try_extensions" = yes || test x"$card_support" = xyes ; then
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
deleted file mode 100644
index e5fb24aa63..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
+++ /dev/null
@@ -1,27 +0,0 @@
1
2This has been discussed in a couple of different bug reported
3upstream:
4
5http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250
6http://bugs.sourcemage.org/show_bug.cgi?id=14446
7
8Fix:
9http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
10
11Upstream-Status: Backport [Debian]
12
13Signed-off-by: Saul Wold <sgw@linux.intel.com>
14
15Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c
16===================================================================
17--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c
18+++ gnupg-1.4.7/keyserver/gpgkeys_curl.c
19@@ -286,7 +286,7 @@ main(int argc,char *argv[])
20 curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
21 }
22
23- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
24+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
25 curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
26
27 if(proxy)
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
deleted file mode 100644
index 2855cab24b..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
+++ /dev/null
@@ -1,19 +0,0 @@
1Orignal Patch came from OpenWrt via OE-Classic
2https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4
3which is no longer a valid revision!
4
5Upstream-Status: Inappropriate [configuration]
6
7
8--- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000
9+++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000
10@@ -181,7 +181,7 @@
11 /***************************************
12 ************** ARM ******************
13 ***************************************/
14-#if defined (__arm__) && W_TYPE_SIZE == 32
15+#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__)
16 #define add_ssaaaa(sh, sl, ah, al, bh, bl) \
17 __asm__ ("adds %1, %4, %5\n" \
18 "adc %0, %2, %3" \
19
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
deleted file mode 100644
index 9a03b2b705..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1
2From Openembedded-Classic
3
4 gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support
5
6
7Upstream-Status: Inappropriate [embedded-specific]
8
9Index: gnupg-1.4.10/mpi/longlong.h
10===================================================================
11--- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100
12+++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100
13@@ -706,18 +706,35 @@
14 #endif /* __m88110__ */
15 #endif /* __m88000__ */
16
17+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
18+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
19+#define __GNUC_PREREQ(maj, min) \
20+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
21+#else
22+#define __GNUC_PREREQ(maj, min) 0
23+#endif
24+
25 /***************************************
26 ************** MIPS *****************
27 ***************************************/
28 #if defined (__mips__) && W_TYPE_SIZE == 32
29-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
30+#if __GNUC_PREREQ (4,4)
31+#define umul_ppmm(w1, w0, u, v) \
32+ do { \
33+ UDItype __ll = (UDItype)(u) * (v); \
34+ w1 = __ll >> 32; \
35+ w0 = __ll; \
36+ } while (0)
37+#endif
38+#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7)
39 #define umul_ppmm(w1, w0, u, v) \
40 __asm__ ("multu %2,%3" \
41 : "=l" ((USItype)(w0)), \
42 "=h" ((USItype)(w1)) \
43 : "d" ((USItype)(u)), \
44 "d" ((USItype)(v)))
45-#else
46+#endif
47+#if !defined (umul_ppmm)
48 #define umul_ppmm(w1, w0, u, v) \
49 __asm__ ("multu %2,%3 \n" \
50 "mflo %0 \n" \
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
deleted file mode 100644
index 6ccffd54ca..0000000000
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ /dev/null
@@ -1,104 +0,0 @@
1SUMMARY = "GNU Privacy Guard - encryption and signing tools"
2HOMEPAGE = "http://www.gnupg.org/"
3DEPENDS = "zlib bzip2 readline"
4SECTION = "console/utils"
5
6LICENSE = "GPLv2"
7
8LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
9
10PR = "r9"
11
12SRC_URI = "${GNUPG_MIRROR}/gnupg/gnupg-${PV}.tar.bz2 \
13 file://long-long-thumb.patch \
14 file://configure.patch \
15 file://mips_gcc4.4.patch \
16 file://GnuPG1-CVE-2012-6085.patch \
17 file://curl_typeof_fix_backport.patch \
18 file://CVE-2013-4351.patch \
19 file://CVE-2013-4576.patch \
20 file://CVE-2013-4242.patch \
21 "
22
23SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
24SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"
25
26inherit autotools gettext texinfo
27
28# --with-egd-socket=NAME use NAME for the EGD socket
29# --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer
30# --with-included-zlib use the zlib code included here
31# --with-capabilities use linux capabilities default=no
32# --with-mailprog=NAME use "NAME -t" for mail transport
33# --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib
34# --without-libiconv-prefix don't search for libiconv in includedir and libdir
35# --with-included-gettext use the GNU gettext library included here
36# --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib
37# --without-libintl-prefix don't search for libintl in includedir and libdir
38# --without-readline do not support fancy command line editing
39# --with-included-regex use the included GNU regex library
40# --with-zlib=DIR use libz in DIR
41# --with-bzip2=DIR look for bzip2 in DIR
42# --enable-static-rnd=egd|unix|linux|auto
43# --disable-dev-random disable the use of dev random
44# --disable-asm do not use assembler modules
45# --enable-m-guard enable memory guard facility
46# --enable-selinux-support
47# enable SELinux support
48# --disable-card-support disable OpenPGP card support
49# --disable-gnupg-iconv disable the new iconv code
50# --enable-backsigs enable the experimental backsigs code
51# --enable-minimal build the smallest gpg binary possible
52# --disable-rsa disable the RSA public key algorithm
53# --disable-idea disable the IDEA cipher
54# --disable-cast5 disable the CAST5 cipher
55# --disable-blowfish disable the BLOWFISH cipher
56# --disable-aes disable the AES, AES192, and AES256 ciphers
57# --disable-twofish disable the TWOFISH cipher
58# --disable-sha256 disable the SHA-256 digest
59# --disable-sha512 disable the SHA-384 and SHA-512 digests
60# --disable-bzip2 disable the BZIP2 compression algorithm
61# --disable-exec disable all external program execution
62# --disable-photo-viewers disable photo ID viewers
63# --disable-keyserver-helpers disable all external keyserver support
64# --disable-ldap disable LDAP keyserver interface
65# --disable-hkp disable HKP keyserver interface
66# --disable-http disable HTTP key fetching interface
67# --disable-finger disable Finger key fetching interface
68# --disable-mailto disable email keyserver interface
69# --disable-keyserver-path disable the exec-path option for keyserver helpers
70# --enable-key-cache=SIZE Set key cache to SIZE (default 4096)
71# --disable-largefile omit support for large files
72# --disable-dns-srv disable the use of DNS SRV in HKP and HTTP
73# --disable-nls do not use Native Language Support
74# --disable-regex do not handle regular expressions in trust sigs
75
76EXTRA_OECONF = "--disable-ldap \
77 --with-zlib=${STAGING_LIBDIR}/.. \
78 --with-bzip2=${STAGING_LIBDIR}/.. \
79 --disable-selinux-support \
80 --with-readline=${STAGING_LIBDIR}/.. \
81 ac_cv_sys_symbol_underscore=no \
82 "
83
84# Force gcc's traditional handling of inline to avoid issues with gcc 5
85CFLAGS += "-fgnu89-inline"
86
87do_install () {
88 autotools_do_install
89 install -d ${D}${docdir}/${BPN}
90 mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ || :
91 mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ || :
92}
93
94# split out gpgv from main package
95RDEPENDS_${PN} = "gpgv"
96PACKAGES =+ "gpgv"
97FILES_gpgv = "${bindir}/gpgv"
98
99# Exclude debug files from the main packages
100FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*"
101
102PACKAGECONFIG ??= ""
103PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR},--without-libcurl,curl"
104PACKAGECONFIG[libusb] = "--with-libusb=${STAGING_LIBDIR},--without-libusb,libusb-compat"