diff options
author | Adrian Dudau <adrian.dudau@enea.com> | 2014-06-26 14:36:22 +0200 |
---|---|---|
committer | Adrian Dudau <adrian.dudau@enea.com> | 2014-06-26 15:32:53 +0200 |
commit | f4cf9fe05bb3f32fabea4e54dd92d368967a80da (patch) | |
tree | 487180fa9866985ea7b28e625651765d86f515c3 /meta/recipes-support/gnupg | |
download | poky-f4cf9fe05bb3f32fabea4e54dd92d368967a80da.tar.gz |
initial commit for Enea Linux 4.0
Migrated from the internal git server on the daisy-enea branch
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-support/gnupg')
9 files changed, 499 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch new file mode 100644 index 0000000000..b29ede4233 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | Index: gnupg-1.4.7/g10/getkey.c | ||
4 | =================================================================== | ||
5 | --- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 | ||
6 | +++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 | ||
7 | @@ -1454,7 +1454,11 @@ | ||
8 | |||
9 | if(flags) | ||
10 | key_usage |= PUBKEY_USAGE_UNKNOWN; | ||
11 | + if (!key_usage) | ||
12 | + key_usage |= PUBKEY_USAGE_NONE; | ||
13 | } | ||
14 | + else if (p) | ||
15 | + key_usage |= PUBKEY_USAGE_NONE; | ||
16 | |||
17 | /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a | ||
18 | capability that we do not handle. This serves to distinguish | ||
19 | Index: gnupg-1.4.7/g10/keygen.c | ||
20 | =================================================================== | ||
21 | --- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 | ||
22 | +++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 | ||
23 | @@ -209,9 +209,6 @@ | ||
24 | if (use & PUBKEY_USAGE_AUTH) | ||
25 | buf[0] |= 0x20; | ||
26 | |||
27 | - if (!buf[0]) | ||
28 | - return; | ||
29 | - | ||
30 | build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); | ||
31 | } | ||
32 | |||
33 | Index: gnupg-1.4.7/include/cipher.h | ||
34 | =================================================================== | ||
35 | --- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 | ||
36 | +++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 | ||
37 | @@ -52,6 +52,7 @@ | ||
38 | #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ | ||
39 | #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ | ||
40 | #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ | ||
41 | +#define PUBKEY_USAGE_NONE 256 /* No usage given. */ | ||
42 | |||
43 | #define DIGEST_ALGO_MD5 1 | ||
44 | #define DIGEST_ALGO_SHA1 2 | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch new file mode 100644 index 0000000000..b1a22f5853 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch | |||
@@ -0,0 +1,153 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | Index: gnupg-1.4.7/cipher/dsa.c | ||
4 | =================================================================== | ||
5 | --- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800 | ||
6 | +++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800 | ||
7 | @@ -287,6 +287,8 @@ | ||
8 | MPI kinv; | ||
9 | MPI tmp; | ||
10 | |||
11 | + mpi_normalize (hash); | ||
12 | + | ||
13 | /* select a random k with 0 < k < q */ | ||
14 | k = gen_k( skey->q ); | ||
15 | |||
16 | Index: gnupg-1.4.7/cipher/elgamal.c | ||
17 | =================================================================== | ||
18 | --- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800 | ||
19 | +++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800 | ||
20 | @@ -376,6 +376,9 @@ | ||
21 | { | ||
22 | MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); | ||
23 | |||
24 | + mpi_normalize (a); | ||
25 | + mpi_normalize (b); | ||
26 | + | ||
27 | /* output = b/(a^x) mod p */ | ||
28 | mpi_powm( t1, a, skey->x, skey->p ); | ||
29 | mpi_invm( t1, t1, skey->p ); | ||
30 | Index: gnupg-1.4.7/cipher/random.c | ||
31 | =================================================================== | ||
32 | --- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800 | ||
33 | +++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800 | ||
34 | @@ -273,6 +273,18 @@ | ||
35 | } | ||
36 | |||
37 | |||
38 | +/* Randomize the MPI */ | ||
39 | +void | ||
40 | +randomize_mpi (MPI mpi, size_t nbits, int level) | ||
41 | +{ | ||
42 | + unsigned char *buffer; | ||
43 | + | ||
44 | + buffer = get_random_bits (nbits, level, mpi_is_secure (mpi)); | ||
45 | + mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0); | ||
46 | + xfree (buffer); | ||
47 | +} | ||
48 | + | ||
49 | + | ||
50 | int | ||
51 | random_is_faked() | ||
52 | { | ||
53 | Index: gnupg-1.4.7/cipher/random.h | ||
54 | =================================================================== | ||
55 | --- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800 | ||
56 | +++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800 | ||
57 | @@ -32,6 +32,7 @@ | ||
58 | int random_is_faked(void); | ||
59 | void random_disable_locking (void); | ||
60 | void randomize_buffer( byte *buffer, size_t length, int level ); | ||
61 | +void randomize_mpi (MPI mpi, size_t nbits, int level); | ||
62 | byte *get_random_bits( size_t nbits, int level, int secure ); | ||
63 | void fast_random_poll( void ); | ||
64 | |||
65 | Index: gnupg-1.4.7/cipher/rsa.c | ||
66 | =================================================================== | ||
67 | --- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800 | ||
68 | +++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800 | ||
69 | @@ -301,9 +301,26 @@ | ||
70 | #if 0 | ||
71 | mpi_powm( output, input, skey->d, skey->n ); | ||
72 | #else | ||
73 | - MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
74 | - MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
75 | - MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
76 | + int nlimbs = mpi_get_nlimbs (skey->n)+1; | ||
77 | + MPI m1 = mpi_alloc_secure (nlimbs); | ||
78 | + MPI m2 = mpi_alloc_secure (nlimbs); | ||
79 | + MPI h = mpi_alloc_secure (nlimbs); | ||
80 | +# if 1 | ||
81 | + MPI bdata= mpi_alloc_secure (nlimbs); | ||
82 | + MPI r = mpi_alloc_secure (nlimbs); | ||
83 | +# endif | ||
84 | + | ||
85 | + /* Remove superfluous leading zeroes from INPUT. */ | ||
86 | + mpi_normalize (input); | ||
87 | + | ||
88 | +# if 1 | ||
89 | + /* Blind: bdata = (data * r^e) mod n */ | ||
90 | + randomize_mpi (r, mpi_get_nbits (skey->n), 0); | ||
91 | + mpi_fdiv_r (r, r, skey->n); | ||
92 | + mpi_powm (bdata, r, skey->e, skey->n); | ||
93 | + mpi_mulm (bdata, bdata, input, skey->n); | ||
94 | + input = bdata; | ||
95 | +# endif | ||
96 | |||
97 | /* m1 = c ^ (d mod (p-1)) mod p */ | ||
98 | mpi_sub_ui( h, skey->p, 1 ); | ||
99 | @@ -321,8 +338,15 @@ | ||
100 | /* m = m2 + h * p */ | ||
101 | mpi_mul ( h, h, skey->p ); | ||
102 | mpi_add ( output, m1, h ); | ||
103 | - /* ready */ | ||
104 | - | ||
105 | + | ||
106 | +# if 1 | ||
107 | + mpi_free (bdata); | ||
108 | + /* Unblind: output = (output * r^(-1)) mod n */ | ||
109 | + mpi_invm (r, r, skey->n); | ||
110 | + mpi_mulm (output, output, r, skey->n); | ||
111 | + mpi_free (r); | ||
112 | +# endif | ||
113 | + | ||
114 | mpi_free ( h ); | ||
115 | mpi_free ( m1 ); | ||
116 | mpi_free ( m2 ); | ||
117 | @@ -397,6 +421,7 @@ | ||
118 | rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) | ||
119 | { | ||
120 | RSA_secret_key sk; | ||
121 | + MPI input; | ||
122 | |||
123 | if( algo != 1 && algo != 2 ) | ||
124 | return G10ERR_PUBKEY_ALGO; | ||
125 | @@ -407,8 +432,14 @@ | ||
126 | sk.p = skey[3]; | ||
127 | sk.q = skey[4]; | ||
128 | sk.u = skey[5]; | ||
129 | - *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) ); | ||
130 | - secret( *result, data[0], &sk ); | ||
131 | + | ||
132 | + /* Mitigates side-channel attacks (CVE-2013-4576). */ | ||
133 | + input = mpi_alloc (0); | ||
134 | + mpi_normalize (data[0]); | ||
135 | + mpi_fdiv_r (input, data[0], sk.n); | ||
136 | + *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n)); | ||
137 | + secret (*result, input, &sk); | ||
138 | + mpi_free (input); | ||
139 | return 0; | ||
140 | } | ||
141 | |||
142 | Index: gnupg-1.4.7/g10/gpgv.c | ||
143 | =================================================================== | ||
144 | --- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800 | ||
145 | +++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800 | ||
146 | @@ -390,6 +390,7 @@ | ||
147 | void random_dump_stats(void) {} | ||
148 | int quick_random_gen( int onoff ) { return -1;} | ||
149 | void randomize_buffer( byte *buffer, size_t length, int level ) {} | ||
150 | +void randomize_mpi (MPI mpi, size_t nbits, int level) {} | ||
151 | int random_is_faked() { return -1;} | ||
152 | byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;} | ||
153 | void set_random_seed_file( const char *name ) {} | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch new file mode 100644 index 0000000000..8b5d9a1693 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 | ||
2 | Author: Werner Koch <wk@gnupg.org> | ||
3 | Date: Thu Dec 20 09:43:41 2012 +0100 | ||
4 | |||
5 | gpg: Import only packets which are allowed in a keyblock. | ||
6 | |||
7 | * g10/import.c (valid_keyblock_packet): New. | ||
8 | (read_block): Store only valid packets. | ||
9 | -- | ||
10 | |||
11 | A corrupted key, which for example included a mangled public key | ||
12 | encrypted packet, used to corrupt the keyring. This change skips all | ||
13 | packets which are not allowed in a keyblock. | ||
14 | |||
15 | GnuPG-bug-id: 1455 | ||
16 | |||
17 | (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | |||
21 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
22 | |||
23 | diff --git a/g10/import.c b/g10/import.c | ||
24 | index bfe02eb..a57b32e 100644 | ||
25 | --- a/g10/import.c | ||
26 | +++ b/g10/import.c | ||
27 | @@ -384,6 +384,27 @@ import_print_stats (void *hd) | ||
28 | } | ||
29 | |||
30 | |||
31 | +/* Return true if PKTTYPE is valid in a keyblock. */ | ||
32 | +static int | ||
33 | +valid_keyblock_packet (int pkttype) | ||
34 | +{ | ||
35 | + switch (pkttype) | ||
36 | + { | ||
37 | + case PKT_PUBLIC_KEY: | ||
38 | + case PKT_PUBLIC_SUBKEY: | ||
39 | + case PKT_SECRET_KEY: | ||
40 | + case PKT_SECRET_SUBKEY: | ||
41 | + case PKT_SIGNATURE: | ||
42 | + case PKT_USER_ID: | ||
43 | + case PKT_ATTRIBUTE: | ||
44 | + case PKT_RING_TRUST: | ||
45 | + return 1; | ||
46 | + default: | ||
47 | + return 0; | ||
48 | + } | ||
49 | +} | ||
50 | + | ||
51 | + | ||
52 | /**************** | ||
53 | * Read the next keyblock from stream A. | ||
54 | * PENDING_PKT should be initialzed to NULL | ||
55 | @@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) | ||
56 | } | ||
57 | in_cert = 1; | ||
58 | default: | ||
59 | - if( in_cert ) { | ||
60 | + if (in_cert && valid_keyblock_packet (pkt->pkttype)) { | ||
61 | if( !root ) | ||
62 | root = new_kbnode( pkt ); | ||
63 | else | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch new file mode 100644 index 0000000000..e005ac658f --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch | |||
@@ -0,0 +1,17 @@ | |||
1 | |||
2 | Upstream-Status: Inappropriate [configuration] | ||
3 | |||
4 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
5 | |||
6 | Index: gnupg-1.4.7/configure.ac | ||
7 | =================================================================== | ||
8 | --- gnupg-1.4.7.orig/configure.ac | ||
9 | +++ gnupg-1.4.7/configure.ac | ||
10 | @@ -827,7 +827,6 @@ else | ||
11 | AC_SUBST(USE_NLS) | ||
12 | AC_SUBST(USE_INCLUDED_LIBINTL) | ||
13 | AC_SUBST(BUILD_INCLUDED_LIBINTL) | ||
14 | - AM_PO_SUBDIRS | ||
15 | fi | ||
16 | |||
17 | if test "$try_extensions" = yes || test x"$card_support" = xyes ; then | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch new file mode 100644 index 0000000000..e5fb24aa63 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | |||
2 | This has been discussed in a couple of different bug reported | ||
3 | upstream: | ||
4 | |||
5 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250 | ||
6 | http://bugs.sourcemage.org/show_bug.cgi?id=14446 | ||
7 | |||
8 | Fix: | ||
9 | http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html | ||
10 | |||
11 | Upstream-Status: Backport [Debian] | ||
12 | |||
13 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
14 | |||
15 | Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c | ||
16 | =================================================================== | ||
17 | --- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c | ||
18 | +++ gnupg-1.4.7/keyserver/gpgkeys_curl.c | ||
19 | @@ -286,7 +286,7 @@ main(int argc,char *argv[]) | ||
20 | curl_easy_setopt(curl,CURLOPT_VERBOSE,1); | ||
21 | } | ||
22 | |||
23 | - curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert); | ||
24 | + curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); | ||
25 | curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); | ||
26 | |||
27 | if(proxy) | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch new file mode 100644 index 0000000000..2855cab24b --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch | |||
@@ -0,0 +1,19 @@ | |||
1 | Orignal Patch came from OpenWrt via OE-Classic | ||
2 | https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4 | ||
3 | which is no longer a valid revision! | ||
4 | |||
5 | Upstream-Status: Inappropriate [configuration] | ||
6 | |||
7 | |||
8 | --- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000 | ||
9 | +++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000 | ||
10 | @@ -181,7 +181,7 @@ | ||
11 | /*************************************** | ||
12 | ************** ARM ****************** | ||
13 | ***************************************/ | ||
14 | -#if defined (__arm__) && W_TYPE_SIZE == 32 | ||
15 | +#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__) | ||
16 | #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ | ||
17 | __asm__ ("adds %1, %4, %5\n" \ | ||
18 | "adc %0, %2, %3" \ | ||
19 | |||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch new file mode 100644 index 0000000000..9a03b2b705 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | |||
2 | From Openembedded-Classic | ||
3 | |||
4 | gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support | ||
5 | |||
6 | |||
7 | Upstream-Status: Inappropriate [embedded-specific] | ||
8 | |||
9 | Index: gnupg-1.4.10/mpi/longlong.h | ||
10 | =================================================================== | ||
11 | --- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100 | ||
12 | +++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100 | ||
13 | @@ -706,18 +706,35 @@ | ||
14 | #endif /* __m88110__ */ | ||
15 | #endif /* __m88000__ */ | ||
16 | |||
17 | +/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */ | ||
18 | +#if defined (__GNUC__) && defined (__GNUC_MINOR__) | ||
19 | +#define __GNUC_PREREQ(maj, min) \ | ||
20 | + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) | ||
21 | +#else | ||
22 | +#define __GNUC_PREREQ(maj, min) 0 | ||
23 | +#endif | ||
24 | + | ||
25 | /*************************************** | ||
26 | ************** MIPS ***************** | ||
27 | ***************************************/ | ||
28 | #if defined (__mips__) && W_TYPE_SIZE == 32 | ||
29 | -#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 | ||
30 | +#if __GNUC_PREREQ (4,4) | ||
31 | +#define umul_ppmm(w1, w0, u, v) \ | ||
32 | + do { \ | ||
33 | + UDItype __ll = (UDItype)(u) * (v); \ | ||
34 | + w1 = __ll >> 32; \ | ||
35 | + w0 = __ll; \ | ||
36 | + } while (0) | ||
37 | +#endif | ||
38 | +#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7) | ||
39 | #define umul_ppmm(w1, w0, u, v) \ | ||
40 | __asm__ ("multu %2,%3" \ | ||
41 | : "=l" ((USItype)(w0)), \ | ||
42 | "=h" ((USItype)(w1)) \ | ||
43 | : "d" ((USItype)(u)), \ | ||
44 | "d" ((USItype)(v))) | ||
45 | -#else | ||
46 | +#endif | ||
47 | +#if !defined (umul_ppmm) | ||
48 | #define umul_ppmm(w1, w0, u, v) \ | ||
49 | __asm__ ("multu %2,%3 \n" \ | ||
50 | "mflo %0 \n" \ | ||
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb new file mode 100644 index 0000000000..e8f797d4f4 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb | |||
@@ -0,0 +1,97 @@ | |||
1 | SUMMARY = "GNU Privacy Guard - encryption and signing tools" | ||
2 | HOMEPAGE = "http://www.gnupg.org/" | ||
3 | DEPENDS = "zlib bzip2 readline" | ||
4 | SECTION = "console/utils" | ||
5 | |||
6 | LICENSE = "GPLv2" | ||
7 | |||
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" | ||
9 | |||
10 | PR = "r9" | ||
11 | |||
12 | SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ | ||
13 | file://long-long-thumb.patch \ | ||
14 | file://configure.patch \ | ||
15 | file://mips_gcc4.4.patch \ | ||
16 | file://GnuPG1-CVE-2012-6085.patch \ | ||
17 | file://curl_typeof_fix_backport.patch \ | ||
18 | file://CVE-2013-4351.patch \ | ||
19 | file://CVE-2013-4576.patch \ | ||
20 | " | ||
21 | |||
22 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" | ||
23 | SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" | ||
24 | |||
25 | inherit autotools gettext | ||
26 | |||
27 | # --with-egd-socket=NAME use NAME for the EGD socket | ||
28 | # --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer | ||
29 | # --with-included-zlib use the zlib code included here | ||
30 | # --with-capabilities use linux capabilities default=no | ||
31 | # --with-mailprog=NAME use "NAME -t" for mail transport | ||
32 | # --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib | ||
33 | # --without-libiconv-prefix don't search for libiconv in includedir and libdir | ||
34 | # --with-included-gettext use the GNU gettext library included here | ||
35 | # --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib | ||
36 | # --without-libintl-prefix don't search for libintl in includedir and libdir | ||
37 | # --without-readline do not support fancy command line editing | ||
38 | # --with-included-regex use the included GNU regex library | ||
39 | # --with-zlib=DIR use libz in DIR | ||
40 | # --with-bzip2=DIR look for bzip2 in DIR | ||
41 | # --enable-static-rnd=egd|unix|linux|auto | ||
42 | # --disable-dev-random disable the use of dev random | ||
43 | # --disable-asm do not use assembler modules | ||
44 | # --enable-m-guard enable memory guard facility | ||
45 | # --enable-selinux-support | ||
46 | # enable SELinux support | ||
47 | # --disable-card-support disable OpenPGP card support | ||
48 | # --disable-gnupg-iconv disable the new iconv code | ||
49 | # --enable-backsigs enable the experimental backsigs code | ||
50 | # --enable-minimal build the smallest gpg binary possible | ||
51 | # --disable-rsa disable the RSA public key algorithm | ||
52 | # --disable-idea disable the IDEA cipher | ||
53 | # --disable-cast5 disable the CAST5 cipher | ||
54 | # --disable-blowfish disable the BLOWFISH cipher | ||
55 | # --disable-aes disable the AES, AES192, and AES256 ciphers | ||
56 | # --disable-twofish disable the TWOFISH cipher | ||
57 | # --disable-sha256 disable the SHA-256 digest | ||
58 | # --disable-sha512 disable the SHA-384 and SHA-512 digests | ||
59 | # --disable-bzip2 disable the BZIP2 compression algorithm | ||
60 | # --disable-exec disable all external program execution | ||
61 | # --disable-photo-viewers disable photo ID viewers | ||
62 | # --disable-keyserver-helpers disable all external keyserver support | ||
63 | # --disable-ldap disable LDAP keyserver interface | ||
64 | # --disable-hkp disable HKP keyserver interface | ||
65 | # --disable-http disable HTTP key fetching interface | ||
66 | # --disable-finger disable Finger key fetching interface | ||
67 | # --disable-mailto disable email keyserver interface | ||
68 | # --disable-keyserver-path disable the exec-path option for keyserver helpers | ||
69 | # --enable-key-cache=SIZE Set key cache to SIZE (default 4096) | ||
70 | # --disable-largefile omit support for large files | ||
71 | # --disable-dns-srv disable the use of DNS SRV in HKP and HTTP | ||
72 | # --disable-nls do not use Native Language Support | ||
73 | # --disable-regex do not handle regular expressions in trust sigs | ||
74 | |||
75 | EXTRA_OECONF = "--disable-ldap \ | ||
76 | --with-zlib=${STAGING_LIBDIR}/.. \ | ||
77 | --with-bzip2=${STAGING_LIBDIR}/.. \ | ||
78 | --disable-selinux-support \ | ||
79 | --with-readline=${STAGING_LIBDIR}/.. \ | ||
80 | ac_cv_sys_symbol_underscore=no \ | ||
81 | " | ||
82 | |||
83 | do_install () { | ||
84 | autotools_do_install | ||
85 | install -d ${D}${docdir}/${BPN} | ||
86 | mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ || : | ||
87 | mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ || : | ||
88 | } | ||
89 | |||
90 | # split out gpgv from main package | ||
91 | RDEPENDS_${PN} = "gpgv" | ||
92 | PACKAGES =+ "gpgv" | ||
93 | FILES_gpgv = "${bindir}/gpgv" | ||
94 | |||
95 | # Exclude debug files from the main packages | ||
96 | FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*" | ||
97 | FILES_${PN}-dbg += "${libexecdir}/${BPN}/.debug" | ||
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.22.bb b/meta/recipes-support/gnupg/gnupg_2.0.22.bb new file mode 100644 index 0000000000..7f36df5bd3 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg_2.0.22.bb | |||
@@ -0,0 +1,29 @@ | |||
1 | SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)" | ||
2 | HOMEPAGE = "http://www.gnupg.org/" | ||
3 | LICENSE = "GPLv3 & LGPLv3" | ||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \ | ||
5 | file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6" | ||
6 | |||
7 | DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt" | ||
8 | PTH = "pth" | ||
9 | PTH_libc-uclibc = "npth" | ||
10 | |||
11 | inherit autotools gettext | ||
12 | |||
13 | SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2" | ||
14 | |||
15 | SRC_URI[md5sum] = "ee22e7b4fdbfcb50229c2e6db6db291e" | ||
16 | SRC_URI[sha256sum] = "437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251" | ||
17 | |||
18 | EXTRA_OECONF = "--disable-ldap \ | ||
19 | --disable-ccid-driver \ | ||
20 | --without-libcurl \ | ||
21 | --with-zlib=${STAGING_LIBDIR}/.. \ | ||
22 | --with-bzip2=${STAGING_LIBDIR}/.. \ | ||
23 | --with-readline=${STAGING_LIBDIR}/.. \ | ||
24 | " | ||
25 | |||
26 | do_install_append() { | ||
27 | ln -sf gpg2 ${D}${bindir}/gpg | ||
28 | ln -sf gpgv2 ${D}${bindir}/gpgv | ||
29 | } | ||