diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-02 12:04:08 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-07 20:05:31 +0000 |
commit | 2345af9b4829ed3eed5abf60f2483055649f8af7 (patch) | |
tree | 96a9a31e4b1957b93c4fe3eb669117d2752caf0d /meta/recipes-support/gnupg | |
parent | c4901328fe5cf912c0965e5b011b64a95a9bcb9d (diff) | |
download | poky-2345af9b4829ed3eed5abf60f2483055649f8af7.tar.gz |
recipes: Move out stale GPLv2 versions to a seperate layeruninative-1.5
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.
There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.
There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.
Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.
I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.
(From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/gnupg')
9 files changed, 0 insertions, 543 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch deleted file mode 100644 index f0667741c8..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch +++ /dev/null | |||
@@ -1,63 +0,0 @@ | |||
1 | From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001 | ||
2 | From: Werner Koch <wk@gnupg.org> | ||
3 | Date: Thu, 25 Jul 2013 11:17:52 +0200 | ||
4 | Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret | ||
5 | exponents. | ||
6 | |||
7 | commit e2202ff2b704623efc6277fb5256e4e15bac5676 from | ||
8 | git://git.gnupg.org/libgcrypt.git | ||
9 | |||
10 | * mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for | ||
11 | exponents in secure memory. | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | CVE: CVE-2013-4242 | ||
15 | |||
16 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
17 | -- | ||
18 | |||
19 | The attack is published as http://eprint.iacr.org/2013/448 : | ||
20 | |||
21 | Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel | ||
22 | Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. | ||
23 | |||
24 | Flush+Reload is a cache side-channel attack that monitors access to | ||
25 | data in shared pages. In this paper we demonstrate how to use the | ||
26 | attack to extract private encryption keys from GnuPG. The high | ||
27 | resolution and low noise of the Flush+Reload attack enables a spy | ||
28 | program to recover over 98% of the bits of the private key in a | ||
29 | single decryption or signing round. Unlike previous attacks, the | ||
30 | attack targets the last level L3 cache. Consequently, the spy | ||
31 | program and the victim do not need to share the execution core of | ||
32 | the CPU. The attack is not limited to a traditional OS and can be | ||
33 | used in a virtualised environment, where it can attack programs | ||
34 | executing in a different VM. | ||
35 | |||
36 | Index: gnupg-1.4.7/mpi/mpi-pow.c | ||
37 | =================================================================== | ||
38 | --- gnupg-1.4.7.orig/mpi/mpi-pow.c | ||
39 | +++ gnupg-1.4.7/mpi/mpi-pow.c | ||
40 | @@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen | ||
41 | tp = rp; rp = xp; xp = tp; | ||
42 | rsize = xsize; | ||
43 | |||
44 | - if( (mpi_limb_signed_t)e < 0 ) { | ||
45 | + /* To mitigate the Yarom/Falkner flush+reload cache | ||
46 | + * side-channel attack on the RSA secret exponent, we do | ||
47 | + * the multiplication regardless of the value of the | ||
48 | + * high-bit of E. But to avoid this performance penalty | ||
49 | + * we do it only if the exponent has been stored in secure | ||
50 | + * memory and we can thus assume it is a secret exponent. */ | ||
51 | + if (esec || (mpi_limb_signed_t)e < 0) { | ||
52 | /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/ | ||
53 | if( bsize < KARATSUBA_THRESHOLD ) { | ||
54 | mpihelp_mul( xp, rp, rsize, bp, bsize ); | ||
55 | @@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen | ||
56 | mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); | ||
57 | xsize = msize; | ||
58 | } | ||
59 | + } | ||
60 | + if ( (mpi_limb_signed_t)e < 0 ) { | ||
61 | |||
62 | tp = rp; rp = xp; xp = tp; | ||
63 | rsize = xsize; | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch deleted file mode 100644 index b50a32f40c..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | CVE: CVE-2013-4351 | ||
3 | |||
4 | Index: gnupg-1.4.7/g10/getkey.c | ||
5 | =================================================================== | ||
6 | --- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 | ||
7 | +++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 | ||
8 | @@ -1454,7 +1454,11 @@ | ||
9 | |||
10 | if(flags) | ||
11 | key_usage |= PUBKEY_USAGE_UNKNOWN; | ||
12 | + if (!key_usage) | ||
13 | + key_usage |= PUBKEY_USAGE_NONE; | ||
14 | } | ||
15 | + else if (p) | ||
16 | + key_usage |= PUBKEY_USAGE_NONE; | ||
17 | |||
18 | /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a | ||
19 | capability that we do not handle. This serves to distinguish | ||
20 | Index: gnupg-1.4.7/g10/keygen.c | ||
21 | =================================================================== | ||
22 | --- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 | ||
23 | +++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 | ||
24 | @@ -209,9 +209,6 @@ | ||
25 | if (use & PUBKEY_USAGE_AUTH) | ||
26 | buf[0] |= 0x20; | ||
27 | |||
28 | - if (!buf[0]) | ||
29 | - return; | ||
30 | - | ||
31 | build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); | ||
32 | } | ||
33 | |||
34 | Index: gnupg-1.4.7/include/cipher.h | ||
35 | =================================================================== | ||
36 | --- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 | ||
37 | +++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 | ||
38 | @@ -52,6 +52,7 @@ | ||
39 | #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ | ||
40 | #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ | ||
41 | #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ | ||
42 | +#define PUBKEY_USAGE_NONE 256 /* No usage given. */ | ||
43 | |||
44 | #define DIGEST_ALGO_MD5 1 | ||
45 | #define DIGEST_ALGO_SHA1 2 | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch deleted file mode 100644 index 5dcde1f9cb..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch +++ /dev/null | |||
@@ -1,154 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | CVE: CVE-2013-4576 | ||
3 | |||
4 | Index: gnupg-1.4.7/cipher/dsa.c | ||
5 | =================================================================== | ||
6 | --- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800 | ||
7 | +++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800 | ||
8 | @@ -287,6 +287,8 @@ | ||
9 | MPI kinv; | ||
10 | MPI tmp; | ||
11 | |||
12 | + mpi_normalize (hash); | ||
13 | + | ||
14 | /* select a random k with 0 < k < q */ | ||
15 | k = gen_k( skey->q ); | ||
16 | |||
17 | Index: gnupg-1.4.7/cipher/elgamal.c | ||
18 | =================================================================== | ||
19 | --- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800 | ||
20 | +++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800 | ||
21 | @@ -376,6 +376,9 @@ | ||
22 | { | ||
23 | MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); | ||
24 | |||
25 | + mpi_normalize (a); | ||
26 | + mpi_normalize (b); | ||
27 | + | ||
28 | /* output = b/(a^x) mod p */ | ||
29 | mpi_powm( t1, a, skey->x, skey->p ); | ||
30 | mpi_invm( t1, t1, skey->p ); | ||
31 | Index: gnupg-1.4.7/cipher/random.c | ||
32 | =================================================================== | ||
33 | --- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800 | ||
34 | +++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800 | ||
35 | @@ -273,6 +273,18 @@ | ||
36 | } | ||
37 | |||
38 | |||
39 | +/* Randomize the MPI */ | ||
40 | +void | ||
41 | +randomize_mpi (MPI mpi, size_t nbits, int level) | ||
42 | +{ | ||
43 | + unsigned char *buffer; | ||
44 | + | ||
45 | + buffer = get_random_bits (nbits, level, mpi_is_secure (mpi)); | ||
46 | + mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0); | ||
47 | + xfree (buffer); | ||
48 | +} | ||
49 | + | ||
50 | + | ||
51 | int | ||
52 | random_is_faked() | ||
53 | { | ||
54 | Index: gnupg-1.4.7/cipher/random.h | ||
55 | =================================================================== | ||
56 | --- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800 | ||
57 | +++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800 | ||
58 | @@ -32,6 +32,7 @@ | ||
59 | int random_is_faked(void); | ||
60 | void random_disable_locking (void); | ||
61 | void randomize_buffer( byte *buffer, size_t length, int level ); | ||
62 | +void randomize_mpi (MPI mpi, size_t nbits, int level); | ||
63 | byte *get_random_bits( size_t nbits, int level, int secure ); | ||
64 | void fast_random_poll( void ); | ||
65 | |||
66 | Index: gnupg-1.4.7/cipher/rsa.c | ||
67 | =================================================================== | ||
68 | --- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800 | ||
69 | +++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800 | ||
70 | @@ -301,9 +301,26 @@ | ||
71 | #if 0 | ||
72 | mpi_powm( output, input, skey->d, skey->n ); | ||
73 | #else | ||
74 | - MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
75 | - MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
76 | - MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
77 | + int nlimbs = mpi_get_nlimbs (skey->n)+1; | ||
78 | + MPI m1 = mpi_alloc_secure (nlimbs); | ||
79 | + MPI m2 = mpi_alloc_secure (nlimbs); | ||
80 | + MPI h = mpi_alloc_secure (nlimbs); | ||
81 | +# if 1 | ||
82 | + MPI bdata= mpi_alloc_secure (nlimbs); | ||
83 | + MPI r = mpi_alloc_secure (nlimbs); | ||
84 | +# endif | ||
85 | + | ||
86 | + /* Remove superfluous leading zeroes from INPUT. */ | ||
87 | + mpi_normalize (input); | ||
88 | + | ||
89 | +# if 1 | ||
90 | + /* Blind: bdata = (data * r^e) mod n */ | ||
91 | + randomize_mpi (r, mpi_get_nbits (skey->n), 0); | ||
92 | + mpi_fdiv_r (r, r, skey->n); | ||
93 | + mpi_powm (bdata, r, skey->e, skey->n); | ||
94 | + mpi_mulm (bdata, bdata, input, skey->n); | ||
95 | + input = bdata; | ||
96 | +# endif | ||
97 | |||
98 | /* m1 = c ^ (d mod (p-1)) mod p */ | ||
99 | mpi_sub_ui( h, skey->p, 1 ); | ||
100 | @@ -321,8 +338,15 @@ | ||
101 | /* m = m2 + h * p */ | ||
102 | mpi_mul ( h, h, skey->p ); | ||
103 | mpi_add ( output, m1, h ); | ||
104 | - /* ready */ | ||
105 | - | ||
106 | + | ||
107 | +# if 1 | ||
108 | + mpi_free (bdata); | ||
109 | + /* Unblind: output = (output * r^(-1)) mod n */ | ||
110 | + mpi_invm (r, r, skey->n); | ||
111 | + mpi_mulm (output, output, r, skey->n); | ||
112 | + mpi_free (r); | ||
113 | +# endif | ||
114 | + | ||
115 | mpi_free ( h ); | ||
116 | mpi_free ( m1 ); | ||
117 | mpi_free ( m2 ); | ||
118 | @@ -397,6 +421,7 @@ | ||
119 | rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) | ||
120 | { | ||
121 | RSA_secret_key sk; | ||
122 | + MPI input; | ||
123 | |||
124 | if( algo != 1 && algo != 2 ) | ||
125 | return G10ERR_PUBKEY_ALGO; | ||
126 | @@ -407,8 +432,14 @@ | ||
127 | sk.p = skey[3]; | ||
128 | sk.q = skey[4]; | ||
129 | sk.u = skey[5]; | ||
130 | - *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) ); | ||
131 | - secret( *result, data[0], &sk ); | ||
132 | + | ||
133 | + /* Mitigates side-channel attacks (CVE-2013-4576). */ | ||
134 | + input = mpi_alloc (0); | ||
135 | + mpi_normalize (data[0]); | ||
136 | + mpi_fdiv_r (input, data[0], sk.n); | ||
137 | + *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n)); | ||
138 | + secret (*result, input, &sk); | ||
139 | + mpi_free (input); | ||
140 | return 0; | ||
141 | } | ||
142 | |||
143 | Index: gnupg-1.4.7/g10/gpgv.c | ||
144 | =================================================================== | ||
145 | --- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800 | ||
146 | +++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800 | ||
147 | @@ -390,6 +390,7 @@ | ||
148 | void random_dump_stats(void) {} | ||
149 | int quick_random_gen( int onoff ) { return -1;} | ||
150 | void randomize_buffer( byte *buffer, size_t length, int level ) {} | ||
151 | +void randomize_mpi (MPI mpi, size_t nbits, int level) {} | ||
152 | int random_is_faked() { return -1;} | ||
153 | byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;} | ||
154 | void set_random_seed_file( const char *name ) {} | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch deleted file mode 100644 index 362717636b..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 | ||
2 | Author: Werner Koch <wk@gnupg.org> | ||
3 | Date: Thu Dec 20 09:43:41 2012 +0100 | ||
4 | |||
5 | gpg: Import only packets which are allowed in a keyblock. | ||
6 | |||
7 | * g10/import.c (valid_keyblock_packet): New. | ||
8 | (read_block): Store only valid packets. | ||
9 | -- | ||
10 | |||
11 | A corrupted key, which for example included a mangled public key | ||
12 | encrypted packet, used to corrupt the keyring. This change skips all | ||
13 | packets which are not allowed in a keyblock. | ||
14 | |||
15 | GnuPG-bug-id: 1455 | ||
16 | |||
17 | (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | CVE: CVE-2012-6085 | ||
21 | |||
22 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
23 | |||
24 | diff --git a/g10/import.c b/g10/import.c | ||
25 | index bfe02eb..a57b32e 100644 | ||
26 | --- a/g10/import.c | ||
27 | +++ b/g10/import.c | ||
28 | @@ -384,6 +384,27 @@ import_print_stats (void *hd) | ||
29 | } | ||
30 | |||
31 | |||
32 | +/* Return true if PKTTYPE is valid in a keyblock. */ | ||
33 | +static int | ||
34 | +valid_keyblock_packet (int pkttype) | ||
35 | +{ | ||
36 | + switch (pkttype) | ||
37 | + { | ||
38 | + case PKT_PUBLIC_KEY: | ||
39 | + case PKT_PUBLIC_SUBKEY: | ||
40 | + case PKT_SECRET_KEY: | ||
41 | + case PKT_SECRET_SUBKEY: | ||
42 | + case PKT_SIGNATURE: | ||
43 | + case PKT_USER_ID: | ||
44 | + case PKT_ATTRIBUTE: | ||
45 | + case PKT_RING_TRUST: | ||
46 | + return 1; | ||
47 | + default: | ||
48 | + return 0; | ||
49 | + } | ||
50 | +} | ||
51 | + | ||
52 | + | ||
53 | /**************** | ||
54 | * Read the next keyblock from stream A. | ||
55 | * PENDING_PKT should be initialzed to NULL | ||
56 | @@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) | ||
57 | } | ||
58 | in_cert = 1; | ||
59 | default: | ||
60 | - if( in_cert ) { | ||
61 | + if (in_cert && valid_keyblock_packet (pkt->pkttype)) { | ||
62 | if( !root ) | ||
63 | root = new_kbnode( pkt ); | ||
64 | else | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch deleted file mode 100644 index e005ac658f..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | |||
2 | Upstream-Status: Inappropriate [configuration] | ||
3 | |||
4 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
5 | |||
6 | Index: gnupg-1.4.7/configure.ac | ||
7 | =================================================================== | ||
8 | --- gnupg-1.4.7.orig/configure.ac | ||
9 | +++ gnupg-1.4.7/configure.ac | ||
10 | @@ -827,7 +827,6 @@ else | ||
11 | AC_SUBST(USE_NLS) | ||
12 | AC_SUBST(USE_INCLUDED_LIBINTL) | ||
13 | AC_SUBST(BUILD_INCLUDED_LIBINTL) | ||
14 | - AM_PO_SUBDIRS | ||
15 | fi | ||
16 | |||
17 | if test "$try_extensions" = yes || test x"$card_support" = xyes ; then | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch deleted file mode 100644 index e5fb24aa63..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | |||
2 | This has been discussed in a couple of different bug reported | ||
3 | upstream: | ||
4 | |||
5 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250 | ||
6 | http://bugs.sourcemage.org/show_bug.cgi?id=14446 | ||
7 | |||
8 | Fix: | ||
9 | http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html | ||
10 | |||
11 | Upstream-Status: Backport [Debian] | ||
12 | |||
13 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
14 | |||
15 | Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c | ||
16 | =================================================================== | ||
17 | --- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c | ||
18 | +++ gnupg-1.4.7/keyserver/gpgkeys_curl.c | ||
19 | @@ -286,7 +286,7 @@ main(int argc,char *argv[]) | ||
20 | curl_easy_setopt(curl,CURLOPT_VERBOSE,1); | ||
21 | } | ||
22 | |||
23 | - curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert); | ||
24 | + curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); | ||
25 | curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); | ||
26 | |||
27 | if(proxy) | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch deleted file mode 100644 index 2855cab24b..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | Orignal Patch came from OpenWrt via OE-Classic | ||
2 | https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4 | ||
3 | which is no longer a valid revision! | ||
4 | |||
5 | Upstream-Status: Inappropriate [configuration] | ||
6 | |||
7 | |||
8 | --- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000 | ||
9 | +++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000 | ||
10 | @@ -181,7 +181,7 @@ | ||
11 | /*************************************** | ||
12 | ************** ARM ****************** | ||
13 | ***************************************/ | ||
14 | -#if defined (__arm__) && W_TYPE_SIZE == 32 | ||
15 | +#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__) | ||
16 | #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ | ||
17 | __asm__ ("adds %1, %4, %5\n" \ | ||
18 | "adc %0, %2, %3" \ | ||
19 | |||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch deleted file mode 100644 index 9a03b2b705..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch +++ /dev/null | |||
@@ -1,50 +0,0 @@ | |||
1 | |||
2 | From Openembedded-Classic | ||
3 | |||
4 | gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support | ||
5 | |||
6 | |||
7 | Upstream-Status: Inappropriate [embedded-specific] | ||
8 | |||
9 | Index: gnupg-1.4.10/mpi/longlong.h | ||
10 | =================================================================== | ||
11 | --- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100 | ||
12 | +++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100 | ||
13 | @@ -706,18 +706,35 @@ | ||
14 | #endif /* __m88110__ */ | ||
15 | #endif /* __m88000__ */ | ||
16 | |||
17 | +/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */ | ||
18 | +#if defined (__GNUC__) && defined (__GNUC_MINOR__) | ||
19 | +#define __GNUC_PREREQ(maj, min) \ | ||
20 | + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) | ||
21 | +#else | ||
22 | +#define __GNUC_PREREQ(maj, min) 0 | ||
23 | +#endif | ||
24 | + | ||
25 | /*************************************** | ||
26 | ************** MIPS ***************** | ||
27 | ***************************************/ | ||
28 | #if defined (__mips__) && W_TYPE_SIZE == 32 | ||
29 | -#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 | ||
30 | +#if __GNUC_PREREQ (4,4) | ||
31 | +#define umul_ppmm(w1, w0, u, v) \ | ||
32 | + do { \ | ||
33 | + UDItype __ll = (UDItype)(u) * (v); \ | ||
34 | + w1 = __ll >> 32; \ | ||
35 | + w0 = __ll; \ | ||
36 | + } while (0) | ||
37 | +#endif | ||
38 | +#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7) | ||
39 | #define umul_ppmm(w1, w0, u, v) \ | ||
40 | __asm__ ("multu %2,%3" \ | ||
41 | : "=l" ((USItype)(w0)), \ | ||
42 | "=h" ((USItype)(w1)) \ | ||
43 | : "d" ((USItype)(u)), \ | ||
44 | "d" ((USItype)(v))) | ||
45 | -#else | ||
46 | +#endif | ||
47 | +#if !defined (umul_ppmm) | ||
48 | #define umul_ppmm(w1, w0, u, v) \ | ||
49 | __asm__ ("multu %2,%3 \n" \ | ||
50 | "mflo %0 \n" \ | ||
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb deleted file mode 100644 index 6ccffd54ca..0000000000 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ /dev/null | |||
@@ -1,104 +0,0 @@ | |||
1 | SUMMARY = "GNU Privacy Guard - encryption and signing tools" | ||
2 | HOMEPAGE = "http://www.gnupg.org/" | ||
3 | DEPENDS = "zlib bzip2 readline" | ||
4 | SECTION = "console/utils" | ||
5 | |||
6 | LICENSE = "GPLv2" | ||
7 | |||
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" | ||
9 | |||
10 | PR = "r9" | ||
11 | |||
12 | SRC_URI = "${GNUPG_MIRROR}/gnupg/gnupg-${PV}.tar.bz2 \ | ||
13 | file://long-long-thumb.patch \ | ||
14 | file://configure.patch \ | ||
15 | file://mips_gcc4.4.patch \ | ||
16 | file://GnuPG1-CVE-2012-6085.patch \ | ||
17 | file://curl_typeof_fix_backport.patch \ | ||
18 | file://CVE-2013-4351.patch \ | ||
19 | file://CVE-2013-4576.patch \ | ||
20 | file://CVE-2013-4242.patch \ | ||
21 | " | ||
22 | |||
23 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" | ||
24 | SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" | ||
25 | |||
26 | inherit autotools gettext texinfo | ||
27 | |||
28 | # --with-egd-socket=NAME use NAME for the EGD socket | ||
29 | # --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer | ||
30 | # --with-included-zlib use the zlib code included here | ||
31 | # --with-capabilities use linux capabilities default=no | ||
32 | # --with-mailprog=NAME use "NAME -t" for mail transport | ||
33 | # --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib | ||
34 | # --without-libiconv-prefix don't search for libiconv in includedir and libdir | ||
35 | # --with-included-gettext use the GNU gettext library included here | ||
36 | # --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib | ||
37 | # --without-libintl-prefix don't search for libintl in includedir and libdir | ||
38 | # --without-readline do not support fancy command line editing | ||
39 | # --with-included-regex use the included GNU regex library | ||
40 | # --with-zlib=DIR use libz in DIR | ||
41 | # --with-bzip2=DIR look for bzip2 in DIR | ||
42 | # --enable-static-rnd=egd|unix|linux|auto | ||
43 | # --disable-dev-random disable the use of dev random | ||
44 | # --disable-asm do not use assembler modules | ||
45 | # --enable-m-guard enable memory guard facility | ||
46 | # --enable-selinux-support | ||
47 | # enable SELinux support | ||
48 | # --disable-card-support disable OpenPGP card support | ||
49 | # --disable-gnupg-iconv disable the new iconv code | ||
50 | # --enable-backsigs enable the experimental backsigs code | ||
51 | # --enable-minimal build the smallest gpg binary possible | ||
52 | # --disable-rsa disable the RSA public key algorithm | ||
53 | # --disable-idea disable the IDEA cipher | ||
54 | # --disable-cast5 disable the CAST5 cipher | ||
55 | # --disable-blowfish disable the BLOWFISH cipher | ||
56 | # --disable-aes disable the AES, AES192, and AES256 ciphers | ||
57 | # --disable-twofish disable the TWOFISH cipher | ||
58 | # --disable-sha256 disable the SHA-256 digest | ||
59 | # --disable-sha512 disable the SHA-384 and SHA-512 digests | ||
60 | # --disable-bzip2 disable the BZIP2 compression algorithm | ||
61 | # --disable-exec disable all external program execution | ||
62 | # --disable-photo-viewers disable photo ID viewers | ||
63 | # --disable-keyserver-helpers disable all external keyserver support | ||
64 | # --disable-ldap disable LDAP keyserver interface | ||
65 | # --disable-hkp disable HKP keyserver interface | ||
66 | # --disable-http disable HTTP key fetching interface | ||
67 | # --disable-finger disable Finger key fetching interface | ||
68 | # --disable-mailto disable email keyserver interface | ||
69 | # --disable-keyserver-path disable the exec-path option for keyserver helpers | ||
70 | # --enable-key-cache=SIZE Set key cache to SIZE (default 4096) | ||
71 | # --disable-largefile omit support for large files | ||
72 | # --disable-dns-srv disable the use of DNS SRV in HKP and HTTP | ||
73 | # --disable-nls do not use Native Language Support | ||
74 | # --disable-regex do not handle regular expressions in trust sigs | ||
75 | |||
76 | EXTRA_OECONF = "--disable-ldap \ | ||
77 | --with-zlib=${STAGING_LIBDIR}/.. \ | ||
78 | --with-bzip2=${STAGING_LIBDIR}/.. \ | ||
79 | --disable-selinux-support \ | ||
80 | --with-readline=${STAGING_LIBDIR}/.. \ | ||
81 | ac_cv_sys_symbol_underscore=no \ | ||
82 | " | ||
83 | |||
84 | # Force gcc's traditional handling of inline to avoid issues with gcc 5 | ||
85 | CFLAGS += "-fgnu89-inline" | ||
86 | |||
87 | do_install () { | ||
88 | autotools_do_install | ||
89 | install -d ${D}${docdir}/${BPN} | ||
90 | mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ || : | ||
91 | mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ || : | ||
92 | } | ||
93 | |||
94 | # split out gpgv from main package | ||
95 | RDEPENDS_${PN} = "gpgv" | ||
96 | PACKAGES =+ "gpgv" | ||
97 | FILES_gpgv = "${bindir}/gpgv" | ||
98 | |||
99 | # Exclude debug files from the main packages | ||
100 | FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*" | ||
101 | |||
102 | PACKAGECONFIG ??= "" | ||
103 | PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR},--without-libcurl,curl" | ||
104 | PACKAGECONFIG[libusb] = "--with-libusb=${STAGING_LIBDIR},--without-libusb,libusb-compat" | ||