initial commit for Enea Linux 4.0

Migrated from the internal git server on the daisy-enea branch Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
author: Adrian Dudau <adrian.dudau@enea.com> 2014-06-26 14:36:22 +0200
committer: Adrian Dudau <adrian.dudau@enea.com> 2014-06-26 15:32:53 +0200
commit: f4cf9fe05bb3f32fabea4e54dd92d368967a80da (patch)
tree: 487180fa9866985ea7b28e625651765d86f515c3 /meta/recipes-support/gnupg
download: poky-f4cf9fe05bb3f32fabea4e54dd92d368967a80da.tar.gz
9 files changed, 499 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
new file mode 100644
index 0000000000..b29ede4233
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,44 @@
+Upstream-Status: Backport
+Index: gnupg-1.4.7/g10/getkey.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/getkey.c       2007-03-05 16:54:41.000000000 +0800
+++ gnupg-1.4.7/g10/getkey.c    2013-11-28 14:41:59.640212240 +0800
+@@ -1454,7 +1454,11 @@
+ 
+       if(flags)
+        key_usage |= PUBKEY_USAGE_UNKNOWN;
+      if (!key_usage)
+       key_usage |= PUBKEY_USAGE_NONE;
+     }
+  else if (p)
+    key_usage |= PUBKEY_USAGE_NONE;
+ 
+   /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
+      capability that we do not handle.  This serves to distinguish
+Index: gnupg-1.4.7/g10/keygen.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/keygen.c       2007-02-05 00:27:40.000000000 +0800
+++ gnupg-1.4.7/g10/keygen.c    2013-11-28 14:43:05.016670092 +0800
+@@ -209,9 +209,6 @@
+     if (use & PUBKEY_USAGE_AUTH)
+         buf[0] |= 0x20;
+ 
+-    if (!buf[0]) 
+-        return;
+-
+     build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
+ }
+ 
+Index: gnupg-1.4.7/include/cipher.h
+===================================================================
+--- gnupg-1.4.7.orig/include/cipher.h   2006-04-21 20:39:49.000000000 +0800
+++ gnupg-1.4.7/include/cipher.h        2013-11-28 14:49:24.159322744 +0800
+@@ -52,6 +52,7 @@
+ #define PUBKEY_USAGE_CERT    4      /* key is also good to certify other keys*/
+ #define PUBKEY_USAGE_AUTH    8      /* key is good for authentication */
+ #define PUBKEY_USAGE_UNKNOWN 128    /* key has an unknown usage bit */
+#define PUBKEY_USAGE_NONE    256    /* No usage given. */
+ 
+ #define DIGEST_ALGO_MD5       1
+ #define DIGEST_ALGO_SHA1      2
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
new file mode 100644
index 0000000000..b1a22f5853
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
@@ -0,0 +1,153 @@
+Upstream-Status: Backport
+Index: gnupg-1.4.7/cipher/dsa.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/dsa.c       2006-12-12 02:27:21.000000000 +0800
+++ gnupg-1.4.7/cipher/dsa.c    2014-01-23 11:30:17.300915919 +0800
+@@ -287,6 +287,8 @@
+     MPI kinv;
+     MPI tmp;
+ 
+    mpi_normalize (hash);
+
+     /* select a random k with 0 < k < q */
+     k = gen_k( skey->q );
+ 
+Index: gnupg-1.4.7/cipher/elgamal.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/elgamal.c   2006-12-12 03:08:05.000000000 +0800
+++ gnupg-1.4.7/cipher/elgamal.c        2014-01-23 11:30:17.300915919 +0800
+@@ -376,6 +376,9 @@
+ {
+     MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+ 
+    mpi_normalize (a);
+    mpi_normalize (b);
+
+     /* output = b/(a^x) mod p */
+     mpi_powm( t1, a, skey->x, skey->p );
+     mpi_invm( t1, t1, skey->p );
+Index: gnupg-1.4.7/cipher/random.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/random.c    2006-11-03 18:09:39.000000000 +0800
+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
+@@ -273,6 +273,18 @@
+ }
+ 
+ 
+/* Randomize the MPI */ 
+void
+randomize_mpi (MPI mpi, size_t nbits, int level)
+{
+  unsigned char *buffer;
+
+  buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
+  mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
+  xfree (buffer);
+}
+
+
+ int
+ random_is_faked()
+ {
+Index: gnupg-1.4.7/cipher/random.h
+===================================================================
+--- gnupg-1.4.7.orig/cipher/random.h    2006-02-09 19:29:29.000000000 +0800
+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
+@@ -32,6 +32,7 @@
+ int  random_is_faked(void);
+ void random_disable_locking (void);
+ void randomize_buffer( byte *buffer, size_t length, int level );
+void randomize_mpi (MPI mpi, size_t nbits, int level);
+ byte *get_random_bits( size_t nbits, int level, int secure );
+ void fast_random_poll( void );
+ 
+Index: gnupg-1.4.7/cipher/rsa.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/rsa.c       2006-12-12 03:09:00.000000000 +0800
+++ gnupg-1.4.7/cipher/rsa.c    2014-01-23 11:35:04.330639125 +0800
+@@ -301,9 +301,26 @@
+ #if 0
+     mpi_powm( output, input, skey->d, skey->n );
+ #else
+-    MPI m1   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+-    MPI m2   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+-    MPI h    = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+    int nlimbs = mpi_get_nlimbs (skey->n)+1;
+    MPI m1   = mpi_alloc_secure (nlimbs);
+    MPI m2   = mpi_alloc_secure (nlimbs);
+    MPI h    = mpi_alloc_secure (nlimbs);
+# if 1
+    MPI bdata= mpi_alloc_secure (nlimbs);
+    MPI r    = mpi_alloc_secure (nlimbs);
+# endif
+
+    /* Remove superfluous leading zeroes from INPUT.  */
+    mpi_normalize (input);
+
+# if 1 
+    /* Blind:  bdata = (data * r^e) mod n   */
+    randomize_mpi (r, mpi_get_nbits (skey->n), 0);
+    mpi_fdiv_r (r, r, skey->n);
+    mpi_powm (bdata, r, skey->e, skey->n);
+    mpi_mulm (bdata, bdata, input, skey->n);
+    input = bdata;
+# endif
+ 
+     /* m1 = c ^ (d mod (p-1)) mod p */
+     mpi_sub_ui( h, skey->p, 1  );
+@@ -321,8 +338,15 @@
+     /* m = m2 + h * p */
+     mpi_mul ( h, h, skey->p );
+     mpi_add ( output, m1, h );
+-    /* ready */
+-    
+
+# if 1
+    mpi_free (bdata);
+    /* Unblind: output = (output * r^(-1)) mod n  */
+    mpi_invm (r, r, skey->n);
+    mpi_mulm (output, output, r, skey->n);
+    mpi_free (r);
+# endif
+
+     mpi_free ( h );
+     mpi_free ( m1 );
+     mpi_free ( m2 );
+@@ -397,6 +421,7 @@
+ rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+ {
+     RSA_secret_key sk;
+    MPI input;
+ 
+     if( algo != 1 && algo != 2 )
+        return G10ERR_PUBKEY_ALGO;
+@@ -407,8 +432,14 @@
+     sk.p = skey[3];
+     sk.q = skey[4];
+     sk.u = skey[5];
+-    *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
+-    secret( *result, data[0], &sk );
+
+    /* Mitigates side-channel attacks (CVE-2013-4576).  */
+    input = mpi_alloc (0);
+    mpi_normalize (data[0]);
+    mpi_fdiv_r (input, data[0], sk.n);
+    *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
+    secret (*result, input, &sk);
+    mpi_free (input);
+     return 0;
+ }
+ 
+Index: gnupg-1.4.7/g10/gpgv.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
+++ gnupg-1.4.7/g10/gpgv.c      2014-01-23 11:30:17.300915919 +0800
+@@ -390,6 +390,7 @@
+ void random_dump_stats(void) {}
+ int quick_random_gen( int onoff ) { return -1;}
+ void randomize_buffer( byte *buffer, size_t length, int level ) {}
+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
+ int random_is_faked() { return -1;}
+ byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
+ void set_random_seed_file( const char *name ) {}
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
new file mode 100644
index 0000000000..8b5d9a1693
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
+commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
+Author: Werner Koch <wk@gnupg.org>
+Date:   Thu Dec 20 09:43:41 2012 +0100
+    gpg: Import only packets which are allowed in a keyblock.
+    
+    * g10/import.c (valid_keyblock_packet): New.
+    (read_block): Store only valid packets.
+    --
+    
+    A corrupted key, which for example included a mangled public key
+    encrypted packet, used to corrupt the keyring.  This change skips all
+    packets which are not allowed in a keyblock.
+    
+    GnuPG-bug-id: 1455
+    
+    (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
+Upstream-Status: Backport
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+diff --git a/g10/import.c b/g10/import.c
+index bfe02eb..a57b32e 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -384,6 +384,27 @@ import_print_stats (void *hd)
+ }
+ 
+ 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
+ /****************
+  * Read the next keyblock from stream A.
+  * PENDING_PKT should be initialzed to NULL
+@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+            }
+            in_cert = 1;
+          default:
+-           if( in_cert ) {
+           if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+                if( !root )
+                    root = new_kbnode( pkt );
+                else
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
new file mode 100644
index 0000000000..e005ac658f
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+Index: gnupg-1.4.7/configure.ac
+===================================================================
+--- gnupg-1.4.7.orig/configure.ac
+++ gnupg-1.4.7/configure.ac
+@@ -827,7 +827,6 @@ else
+   AC_SUBST(USE_NLS)
+   AC_SUBST(USE_INCLUDED_LIBINTL)
+   AC_SUBST(BUILD_INCLUDED_LIBINTL)
+-  AM_PO_SUBDIRS
+ fi
+ 
+ if test "$try_extensions" = yes || test x"$card_support" = xyes ; then
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
new file mode 100644
index 0000000000..e5fb24aa63
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
@@ -0,0 +1,27 @@
+This has been discussed in a couple of different bug reported
+upstream:
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250
+http://bugs.sourcemage.org/show_bug.cgi?id=14446
+Fix:
+http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
+Upstream-Status: Backport [Debian]
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c
+===================================================================
+--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c
+++ gnupg-1.4.7/keyserver/gpgkeys_curl.c
+@@ -286,7 +286,7 @@ main(int argc,char *argv[])
+       curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
+     }
+ 
+-  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
+  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
+   curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+ 
+   if(proxy)
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
new file mode 100644
index 0000000000..2855cab24b
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
@@ -0,0 +1,19 @@
+Orignal Patch came from OpenWrt via OE-Classic
+https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4
+which is no longer a valid revision!
+Upstream-Status: Inappropriate [configuration]
+--- gnupg/mpi/longlong.h~      2006-02-14 10:09:55.000000000 +0000
+++ gnupg/mpi/longlong.h       2008-10-27 13:11:09.000000000 +0000
+@@ -181,7 +181,7 @@
+ /***************************************
+  **************  ARM  ******************
+  ***************************************/
+-#if defined (__arm__) && W_TYPE_SIZE == 32
+#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__)
+ #define add_ssaaaa(sh, sl, ah, al, bh, bl) \
+   __asm__ ("adds %1, %4, %5\n"                                          \
+          "adc  %0, %2, %3"                                            \
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
new file mode 100644
index 0000000000..9a03b2b705
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
@@ -0,0 +1,50 @@
+From Openembedded-Classic
+    gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support
+Upstream-Status: Inappropriate [embedded-specific]
+Index: gnupg-1.4.10/mpi/longlong.h
+===================================================================
+--- gnupg-1.4.10.orig/mpi/longlong.h    2008-12-11 17:39:43.000000000 +0100
+++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100
+@@ -706,18 +706,35 @@
+ #endif /* __m88110__ */
+ #endif /* __m88000__ */
+ 
+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
+#define __GNUC_PREREQ(maj, min) \
+       ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+#else
+#define __GNUC_PREREQ(maj, min)  0
+#endif
+
+ /***************************************
+  **************  MIPS  *****************
+  ***************************************/
+ #if defined (__mips__) && W_TYPE_SIZE == 32
+-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
+#if __GNUC_PREREQ (4,4)
+#define umul_ppmm(w1, w0, u, v) \
+  do {                                                                 \
+       UDItype __ll = (UDItype)(u) * (v);                                 \
+       w1 = __ll >> 32;                                                   \
+       w0 = __ll;                                                         \
+  } while (0)
+#endif
+#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7)
+ #define umul_ppmm(w1, w0, u, v) \
+   __asm__ ("multu %2,%3"                                                \
+           : "=l" ((USItype)(w0)),                                      \
+             "=h" ((USItype)(w1))                                       \
+           : "d" ((USItype)(u)),                                        \
+             "d" ((USItype)(v)))
+-#else
+#endif
+#if !defined (umul_ppmm)
+ #define umul_ppmm(w1, w0, u, v) \
+   __asm__ ("multu %2,%3 \n" \
+           "mflo %0 \n"     \
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
new file mode 100644
index 0000000000..e8f797d4f4
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -0,0 +1,97 @@
+SUMMARY = "GNU Privacy Guard - encryption and signing tools"
+HOMEPAGE = "http://www.gnupg.org/"
+DEPENDS = "zlib bzip2 readline"
+SECTION = "console/utils"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
+PR = "r9"
+SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
+           file://long-long-thumb.patch \
+           file://configure.patch \
+           file://mips_gcc4.4.patch \
+           file://GnuPG1-CVE-2012-6085.patch \
+           file://curl_typeof_fix_backport.patch \
+           file://CVE-2013-4351.patch \
+           file://CVE-2013-4576.patch \
+          "
+SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
+SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"
+inherit autotools gettext
+#   --with-egd-socket=NAME  use NAME for the EGD socket
+#   --with-photo-viewer=FIXED_VIEWER  set a fixed photo ID viewer
+#   --with-included-zlib    use the zlib code included here
+#   --with-capabilities     use linux capabilities default=no
+#   --with-mailprog=NAME    use "NAME -t" for mail transport
+#   --with-libiconv-prefix[=DIR]  search for libiconv in DIR/include and DIR/lib
+#   --without-libiconv-prefix     don't search for libiconv in includedir and libdir
+#   --with-included-gettext use the GNU gettext library included here
+#   --with-libintl-prefix[=DIR]  search for libintl in DIR/include and DIR/lib
+#   --without-libintl-prefix     don't search for libintl in includedir and libdir
+#   --without-readline      do not support fancy command line editing
+#   --with-included-regex   use the included GNU regex library
+#   --with-zlib=DIR         use libz in DIR
+#   --with-bzip2=DIR        look for bzip2 in DIR
+#   --enable-static-rnd=egd|unix|linux|auto
+#   --disable-dev-random    disable the use of dev random
+#   --disable-asm           do not use assembler modules
+#   --enable-m-guard        enable memory guard facility
+#   --enable-selinux-support
+#                           enable SELinux support
+#   --disable-card-support  disable OpenPGP card support
+#   --disable-gnupg-iconv   disable the new iconv code
+#   --enable-backsigs       enable the experimental backsigs code
+#   --enable-minimal        build the smallest gpg binary possible
+#   --disable-rsa           disable the RSA public key algorithm
+#   --disable-idea          disable the IDEA cipher
+#   --disable-cast5         disable the CAST5 cipher
+#   --disable-blowfish      disable the BLOWFISH cipher
+#   --disable-aes           disable the AES, AES192, and AES256 ciphers
+#   --disable-twofish       disable the TWOFISH cipher
+#   --disable-sha256        disable the SHA-256 digest
+#   --disable-sha512        disable the SHA-384 and SHA-512 digests
+#   --disable-bzip2         disable the BZIP2 compression algorithm
+#   --disable-exec          disable all external program execution
+#   --disable-photo-viewers disable photo ID viewers
+#   --disable-keyserver-helpers  disable all external keyserver support
+#   --disable-ldap          disable LDAP keyserver interface
+#   --disable-hkp           disable HKP keyserver interface
+#   --disable-http          disable HTTP key fetching interface
+#   --disable-finger        disable Finger key fetching interface
+#   --disable-mailto        disable email keyserver interface
+#   --disable-keyserver-path disable the exec-path option for keyserver helpers
+#   --enable-key-cache=SIZE Set key cache to SIZE (default 4096)
+#   --disable-largefile     omit support for large files
+#   --disable-dns-srv       disable the use of DNS SRV in HKP and HTTP
+#   --disable-nls           do not use Native Language Support
+#   --disable-regex         do not handle regular expressions in trust sigs
+EXTRA_OECONF = "--disable-ldap \
+                --with-zlib=${STAGING_LIBDIR}/.. \
+                --with-bzip2=${STAGING_LIBDIR}/.. \
+                --disable-selinux-support \
+                --with-readline=${STAGING_LIBDIR}/.. \
+                ac_cv_sys_symbol_underscore=no \
+                "
+do_install () {
+        autotools_do_install
+        install -d ${D}${docdir}/${BPN}
+        mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ || :
+        mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ || :
+}
+# split out gpgv from main package
+RDEPENDS_${PN} = "gpgv"
+PACKAGES =+ "gpgv"
+FILES_gpgv = "${bindir}/gpgv"
+# Exclude debug files from the main packages
+FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*"
+FILES_${PN}-dbg += "${libexecdir}/${BPN}/.debug"
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.22.bb b/meta/recipes-support/gnupg/gnupg_2.0.22.bb
new file mode 100644
index 0000000000..7f36df5bd3
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg_2.0.22.bb
@@ -0,0 +1,29 @@
+SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)"
+HOMEPAGE = "http://www.gnupg.org/"
+LICENSE = "GPLv3 & LGPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
+                    file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6"
+DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"
+PTH = "pth"
+PTH_libc-uclibc = "npth"
+inherit autotools gettext
+SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2"
+SRC_URI[md5sum] = "ee22e7b4fdbfcb50229c2e6db6db291e"
+SRC_URI[sha256sum] = "437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251"
+EXTRA_OECONF = "--disable-ldap \
+                --disable-ccid-driver \
+                --without-libcurl \
+                --with-zlib=${STAGING_LIBDIR}/.. \
+                --with-bzip2=${STAGING_LIBDIR}/.. \
+                --with-readline=${STAGING_LIBDIR}/.. \
+               "
+do_install_append() {
+        ln -sf gpg2 ${D}${bindir}/gpg
+        ln -sf gpgv2 ${D}${bindir}/gpgv
+}
author	Adrian Dudau <adrian.dudau@enea.com>	2014-06-26 14:36:22 +0200
committer	Adrian Dudau <adrian.dudau@enea.com>	2014-06-26 15:32:53 +0200
commit	f4cf9fe05bb3f32fabea4e54dd92d368967a80da (patch)
tree	487180fa9866985ea7b28e625651765d86f515c3 /meta/recipes-support/gnupg
download	poky-f4cf9fe05bb3f32fabea4e54dd92d368967a80da.tar.gz

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch new file mode 100644 index 0000000000..b29ede4233 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,44 @@
	1	Upstream-Status: Backport
	2
	3	Index: gnupg-1.4.7/g10/getkey.c
	4	===================================================================
	5	--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
	6	+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
	7	@@ -1454,7 +1454,11 @@
	8
	9	if(flags)
	10	key_usage \|= PUBKEY_USAGE_UNKNOWN;
	11	+ if (!key_usage)
	12	+ key_usage \|= PUBKEY_USAGE_NONE;
	13	}
	14	+ else if (p)
	15	+ key_usage \|= PUBKEY_USAGE_NONE;
	16
	17	/* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
	18	capability that we do not handle. This serves to distinguish
	19	Index: gnupg-1.4.7/g10/keygen.c
	20	===================================================================
	21	--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
	22	+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
	23	@@ -209,9 +209,6 @@
	24	if (use & PUBKEY_USAGE_AUTH)
	25	buf[0] \|= 0x20;
	26
	27	- if (!buf[0])
	28	- return;
	29	-
	30	build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
	31	}
	32
	33	Index: gnupg-1.4.7/include/cipher.h
	34	===================================================================
	35	--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
	36	+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
	37	@@ -52,6 +52,7 @@
	38	#define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
	39	#define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
	40	#define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
	41	+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
	42
	43	#define DIGEST_ALGO_MD5 1
	44	#define DIGEST_ALGO_SHA1 2


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch new file mode 100644 index 0000000000..b1a22f5853 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
@@ -0,0 +1,153 @@
	1	Upstream-Status: Backport
	2
	3	Index: gnupg-1.4.7/cipher/dsa.c
	4	===================================================================
	5	--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800
	6	+++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800
	7	@@ -287,6 +287,8 @@
	8	MPI kinv;
	9	MPI tmp;
	10
	11	+ mpi_normalize (hash);
	12	+
	13	/* select a random k with 0 < k < q */
	14	k = gen_k( skey->q );
	15
	16	Index: gnupg-1.4.7/cipher/elgamal.c
	17	===================================================================
	18	--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800
	19	+++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800
	20	@@ -376,6 +376,9 @@
	21	{
	22	MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
	23
	24	+ mpi_normalize (a);
	25	+ mpi_normalize (b);
	26	+
	27	/* output = b/(a^x) mod p */
	28	mpi_powm( t1, a, skey->x, skey->p );
	29	mpi_invm( t1, t1, skey->p );
	30	Index: gnupg-1.4.7/cipher/random.c
	31	===================================================================
	32	--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800
	33	+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
	34	@@ -273,6 +273,18 @@
	35	}
	36
	37
	38	+/* Randomize the MPI */
	39	+void
	40	+randomize_mpi (MPI mpi, size_t nbits, int level)
	41	+{
	42	+ unsigned char *buffer;
	43	+
	44	+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
	45	+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
	46	+ xfree (buffer);
	47	+}
	48	+
	49	+
	50	int
	51	random_is_faked()
	52	{
	53	Index: gnupg-1.4.7/cipher/random.h
	54	===================================================================
	55	--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800
	56	+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
	57	@@ -32,6 +32,7 @@
	58	int random_is_faked(void);
	59	void random_disable_locking (void);
	60	void randomize_buffer( byte *buffer, size_t length, int level );
	61	+void randomize_mpi (MPI mpi, size_t nbits, int level);
	62	byte *get_random_bits( size_t nbits, int level, int secure );
	63	void fast_random_poll( void );
	64
	65	Index: gnupg-1.4.7/cipher/rsa.c
	66	===================================================================
	67	--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800
	68	+++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800
	69	@@ -301,9 +301,26 @@
	70	#if 0
	71	mpi_powm( output, input, skey->d, skey->n );
	72	#else
	73	- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
	74	- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
	75	- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
	76	+ int nlimbs = mpi_get_nlimbs (skey->n)+1;
	77	+ MPI m1 = mpi_alloc_secure (nlimbs);
	78	+ MPI m2 = mpi_alloc_secure (nlimbs);
	79	+ MPI h = mpi_alloc_secure (nlimbs);
	80	+# if 1
	81	+ MPI bdata= mpi_alloc_secure (nlimbs);
	82	+ MPI r = mpi_alloc_secure (nlimbs);
	83	+# endif
	84	+
	85	+ /* Remove superfluous leading zeroes from INPUT. */
	86	+ mpi_normalize (input);
	87	+
	88	+# if 1
	89	+ /* Blind: bdata = (data * r^e) mod n */
	90	+ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
	91	+ mpi_fdiv_r (r, r, skey->n);
	92	+ mpi_powm (bdata, r, skey->e, skey->n);
	93	+ mpi_mulm (bdata, bdata, input, skey->n);
	94	+ input = bdata;
	95	+# endif
	96
	97	/* m1 = c ^ (d mod (p-1)) mod p */
	98	mpi_sub_ui( h, skey->p, 1 );
	99	@@ -321,8 +338,15 @@
	100	/* m = m2 + h * p */
	101	mpi_mul ( h, h, skey->p );
	102	mpi_add ( output, m1, h );
	103	- /* ready */
	104	-
	105	+
	106	+# if 1
	107	+ mpi_free (bdata);
	108	+ /* Unblind: output = (output * r^(-1)) mod n */
	109	+ mpi_invm (r, r, skey->n);
	110	+ mpi_mulm (output, output, r, skey->n);
	111	+ mpi_free (r);
	112	+# endif
	113	+
	114	mpi_free ( h );
	115	mpi_free ( m1 );
	116	mpi_free ( m2 );
	117	@@ -397,6 +421,7 @@
	118	rsa_decrypt( int algo, MPI result, MPI data, MPI *skey )
	119	{
	120	RSA_secret_key sk;
	121	+ MPI input;
	122
	123	if( algo != 1 && algo != 2 )
	124	return G10ERR_PUBKEY_ALGO;
	125	@@ -407,8 +432,14 @@
	126	sk.p = skey[3];
	127	sk.q = skey[4];
	128	sk.u = skey[5];
	129	- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
	130	- secret( *result, data[0], &sk );
	131	+
	132	+ /* Mitigates side-channel attacks (CVE-2013-4576). */
	133	+ input = mpi_alloc (0);
	134	+ mpi_normalize (data[0]);
	135	+ mpi_fdiv_r (input, data[0], sk.n);
	136	+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
	137	+ secret (*result, input, &sk);
	138	+ mpi_free (input);
	139	return 0;
	140	}
	141
	142	Index: gnupg-1.4.7/g10/gpgv.c
	143	===================================================================
	144	--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
	145	+++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800
	146	@@ -390,6 +390,7 @@
	147	void random_dump_stats(void) {}
	148	int quick_random_gen( int onoff ) { return -1;}
	149	void randomize_buffer( byte *buffer, size_t length, int level ) {}
	150	+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
	151	int random_is_faked() { return -1;}
	152	byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
	153	void set_random_seed_file( const char *name ) {}


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch new file mode 100644 index 0000000000..8b5d9a1693 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
	1	commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
	2	Author: Werner Koch <wk@gnupg.org>
	3	Date: Thu Dec 20 09:43:41 2012 +0100
	4
	5	gpg: Import only packets which are allowed in a keyblock.
	6
	7	* g10/import.c (valid_keyblock_packet): New.
	8	(read_block): Store only valid packets.
	9	--
	10
	11	A corrupted key, which for example included a mangled public key
	12	encrypted packet, used to corrupt the keyring. This change skips all
	13	packets which are not allowed in a keyblock.
	14
	15	GnuPG-bug-id: 1455
	16
	17	(cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
	18
	19	Upstream-Status: Backport
	20
	21	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	22
	23	diff --git a/g10/import.c b/g10/import.c
	24	index bfe02eb..a57b32e 100644
	25	--- a/g10/import.c
	26	+++ b/g10/import.c
	27	@@ -384,6 +384,27 @@ import_print_stats (void *hd)
	28	}
	29
	30
	31	+/* Return true if PKTTYPE is valid in a keyblock. */
	32	+static int
	33	+valid_keyblock_packet (int pkttype)
	34	+{
	35	+ switch (pkttype)
	36	+ {
	37	+ case PKT_PUBLIC_KEY:
	38	+ case PKT_PUBLIC_SUBKEY:
	39	+ case PKT_SECRET_KEY:
	40	+ case PKT_SECRET_SUBKEY:
	41	+ case PKT_SIGNATURE:
	42	+ case PKT_USER_ID:
	43	+ case PKT_ATTRIBUTE:
	44	+ case PKT_RING_TRUST:
	45	+ return 1;
	46	+ default:
	47	+ return 0;
	48	+ }
	49	+}
	50	+
	51	+
	52	/****************
	53	* Read the next keyblock from stream A.
	54	* PENDING_PKT should be initialzed to NULL
	55	@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET *pending_pkt, KBNODE ret_root )
	56	}
	57	in_cert = 1;
	58	default:
	59	- if( in_cert ) {
	60	+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
	61	if( !root )
	62	root = new_kbnode( pkt );
	63	else


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch new file mode 100644 index 0000000000..e005ac658f --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
@@ -0,0 +1,17 @@
	1
	2	Upstream-Status: Inappropriate [configuration]
	3
	4	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	5
	6	Index: gnupg-1.4.7/configure.ac
	7	===================================================================
	8	--- gnupg-1.4.7.orig/configure.ac
	9	+++ gnupg-1.4.7/configure.ac
	10	@@ -827,7 +827,6 @@ else
	11	AC_SUBST(USE_NLS)
	12	AC_SUBST(USE_INCLUDED_LIBINTL)
	13	AC_SUBST(BUILD_INCLUDED_LIBINTL)
	14	- AM_PO_SUBDIRS
	15	fi
	16
	17	if test "$try_extensions" = yes \|\| test x"$card_support" = xyes ; then


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch new file mode 100644 index 0000000000..e5fb24aa63 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
@@ -0,0 +1,27 @@
	1
	2	This has been discussed in a couple of different bug reported
	3	upstream:
	4
	5	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250
	6	http://bugs.sourcemage.org/show_bug.cgi?id=14446
	7
	8	Fix:
	9	http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
	10
	11	Upstream-Status: Backport [Debian]
	12
	13	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	14
	15	Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c
	16	===================================================================
	17	--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c
	18	+++ gnupg-1.4.7/keyserver/gpgkeys_curl.c
	19	@@ -286,7 +286,7 @@ main(int argc,char *argv[])
	20	curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
	21	}
	22
	23	- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
	24	+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
	25	curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
	26
	27	if(proxy)


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch new file mode 100644 index 0000000000..2855cab24b --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
@@ -0,0 +1,19 @@
	1	Orignal Patch came from OpenWrt via OE-Classic
	2	https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4
	3	which is no longer a valid revision!
	4
	5	Upstream-Status: Inappropriate [configuration]
	6
	7
	8	--- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000
	9	+++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000
	10	@@ -181,7 +181,7 @@
	11	/***************************************
	12	************ ARM ****************
	13	***************************************/
	14	-#if defined (__arm__) && W_TYPE_SIZE == 32
	15	+#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__)
	16	#define add_ssaaaa(sh, sl, ah, al, bh, bl) \
	17	__asm__ ("adds %1, %4, %5\n" \
	18	"adc %0, %2, %3" \
	19


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch new file mode 100644 index 0000000000..9a03b2b705 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
@@ -0,0 +1,50 @@
	1
	2	From Openembedded-Classic
	3
	4	gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support
	5
	6
	7	Upstream-Status: Inappropriate [embedded-specific]
	8
	9	Index: gnupg-1.4.10/mpi/longlong.h
	10	===================================================================
	11	--- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100
	12	+++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100
	13	@@ -706,18 +706,35 @@
	14	#endif /* __m88110__ */
	15	#endif /* __m88000__ */
	16
	17	+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
	18	+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
	19	+#define __GNUC_PREREQ(maj, min) \
	20	+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
	21	+#else
	22	+#define __GNUC_PREREQ(maj, min) 0
	23	+#endif
	24	+
	25	/***************************************
	26	************ MIPS ***************
	27	***************************************/
	28	#if defined (__mips__) && W_TYPE_SIZE == 32
	29	-#if __GNUC__ > 2 \|\| __GNUC_MINOR__ >= 7
	30	+#if __GNUC_PREREQ (4,4)
	31	+#define umul_ppmm(w1, w0, u, v) \
	32	+ do { \
	33	+ UDItype __ll = (UDItype)(u) * (v); \
	34	+ w1 = __ll >> 32; \
	35	+ w0 = __ll; \
	36	+ } while (0)
	37	+#endif
	38	+#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7)
	39	#define umul_ppmm(w1, w0, u, v) \
	40	__asm__ ("multu %2,%3" \
	41	: "=l" ((USItype)(w0)), \
	42	"=h" ((USItype)(w1)) \
	43	: "d" ((USItype)(u)), \
	44	"d" ((USItype)(v)))
	45	-#else
	46	+#endif
	47	+#if !defined (umul_ppmm)
	48	#define umul_ppmm(w1, w0, u, v) \
	49	__asm__ ("multu %2,%3 \n" \
	50	"mflo %0 \n" \


diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb new file mode 100644 index 0000000000..e8f797d4f4 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -0,0 +1,97 @@
	1	SUMMARY = "GNU Privacy Guard - encryption and signing tools"
	2	HOMEPAGE = "http://www.gnupg.org/"
	3	DEPENDS = "zlib bzip2 readline"
	4	SECTION = "console/utils"
	5
	6	LICENSE = "GPLv2"
	7
	8	LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
	9
	10	PR = "r9"
	11
	12	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
	13	file://long-long-thumb.patch \
	14	file://configure.patch \
	15	file://mips_gcc4.4.patch \
	16	file://GnuPG1-CVE-2012-6085.patch \
	17	file://curl_typeof_fix_backport.patch \
	18	file://CVE-2013-4351.patch \
	19	file://CVE-2013-4576.patch \
	20	"
	21
	22	SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
	23	SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"
	24
	25	inherit autotools gettext
	26
	27	# --with-egd-socket=NAME use NAME for the EGD socket
	28	# --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer
	29	# --with-included-zlib use the zlib code included here
	30	# --with-capabilities use linux capabilities default=no
	31	# --with-mailprog=NAME use "NAME -t" for mail transport
	32	# --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib
	33	# --without-libiconv-prefix don't search for libiconv in includedir and libdir
	34	# --with-included-gettext use the GNU gettext library included here
	35	# --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib
	36	# --without-libintl-prefix don't search for libintl in includedir and libdir
	37	# --without-readline do not support fancy command line editing
	38	# --with-included-regex use the included GNU regex library
	39	# --with-zlib=DIR use libz in DIR
	40	# --with-bzip2=DIR look for bzip2 in DIR
	41	# --enable-static-rnd=egd\|unix\|linux\|auto
	42	# --disable-dev-random disable the use of dev random
	43	# --disable-asm do not use assembler modules
	44	# --enable-m-guard enable memory guard facility
	45	# --enable-selinux-support
	46	# enable SELinux support
	47	# --disable-card-support disable OpenPGP card support
	48	# --disable-gnupg-iconv disable the new iconv code
	49	# --enable-backsigs enable the experimental backsigs code
	50	# --enable-minimal build the smallest gpg binary possible
	51	# --disable-rsa disable the RSA public key algorithm
	52	# --disable-idea disable the IDEA cipher
	53	# --disable-cast5 disable the CAST5 cipher
	54	# --disable-blowfish disable the BLOWFISH cipher
	55	# --disable-aes disable the AES, AES192, and AES256 ciphers
	56	# --disable-twofish disable the TWOFISH cipher
	57	# --disable-sha256 disable the SHA-256 digest
	58	# --disable-sha512 disable the SHA-384 and SHA-512 digests
	59	# --disable-bzip2 disable the BZIP2 compression algorithm
	60	# --disable-exec disable all external program execution
	61	# --disable-photo-viewers disable photo ID viewers
	62	# --disable-keyserver-helpers disable all external keyserver support
	63	# --disable-ldap disable LDAP keyserver interface
	64	# --disable-hkp disable HKP keyserver interface
	65	# --disable-http disable HTTP key fetching interface
	66	# --disable-finger disable Finger key fetching interface
	67	# --disable-mailto disable email keyserver interface
	68	# --disable-keyserver-path disable the exec-path option for keyserver helpers
	69	# --enable-key-cache=SIZE Set key cache to SIZE (default 4096)
	70	# --disable-largefile omit support for large files
	71	# --disable-dns-srv disable the use of DNS SRV in HKP and HTTP
	72	# --disable-nls do not use Native Language Support
	73	# --disable-regex do not handle regular expressions in trust sigs
	74
	75	EXTRA_OECONF = "--disable-ldap \
	76	--with-zlib=${STAGING_LIBDIR}/.. \
	77	--with-bzip2=${STAGING_LIBDIR}/.. \
	78	--disable-selinux-support \
	79	--with-readline=${STAGING_LIBDIR}/.. \
	80	ac_cv_sys_symbol_underscore=no \
	81	"
	82
	83	do_install () {
	84	autotools_do_install
	85	install -d ${D}${docdir}/${BPN}
	86	mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ \|\| :
	87	mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ \|\| :
	88	}
	89
	90	# split out gpgv from main package
	91	RDEPENDS_${PN} = "gpgv"
	92	PACKAGES =+ "gpgv"
	93	FILES_gpgv = "${bindir}/gpgv"
	94
	95	# Exclude debug files from the main packages
	96	FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*"
	97	FILES_${PN}-dbg += "${libexecdir}/${BPN}/.debug"


diff --git a/meta/recipes-support/gnupg/gnupg_2.0.22.bb b/meta/recipes-support/gnupg/gnupg_2.0.22.bb new file mode 100644 index 0000000000..7f36df5bd3 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg_2.0.22.bb
@@ -0,0 +1,29 @@
	1	SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)"
	2	HOMEPAGE = "http://www.gnupg.org/"
	3	LICENSE = "GPLv3 & LGPLv3"
	4	LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
	5	file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6"
	6
	7	DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"
	8	PTH = "pth"
	9	PTH_libc-uclibc = "npth"
	10
	11	inherit autotools gettext
	12
	13	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2"
	14
	15	SRC_URI[md5sum] = "ee22e7b4fdbfcb50229c2e6db6db291e"
	16	SRC_URI[sha256sum] = "437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251"
	17
	18	EXTRA_OECONF = "--disable-ldap \
	19	--disable-ccid-driver \
	20	--without-libcurl \
	21	--with-zlib=${STAGING_LIBDIR}/.. \
	22	--with-bzip2=${STAGING_LIBDIR}/.. \
	23	--with-readline=${STAGING_LIBDIR}/.. \
	24	"
	25
	26	do_install_append() {
	27	ln -sf gpg2 ${D}${bindir}/gpg
	28	ln -sf gpgv2 ${D}${bindir}/gpgv
	29	}