initial commit for Enea Linux 5.0 arm

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
author: Tudor Florea <tudor.florea@enea.com> 2015-10-09 22:59:03 +0200
committer: Tudor Florea <tudor.florea@enea.com> 2015-10-09 22:59:03 +0200
commit: 972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch)
tree: 97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-support/gpgme
download: poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz
4 files changed, 147 insertions, 0 deletions
diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/disable_gpgconf_check.patch b/meta/recipes-support/gpgme/gpgme-1.4.3/disable_gpgconf_check.patch
new file mode 100644
index 0000000000..df0953069c
--- /dev/null
+++ b/meta/recipes-support/gpgme/gpgme-1.4.3/disable_gpgconf_check.patch
@@ -0,0 +1,39 @@
+From 1.2.0, gpgme will check if gpgconf & g13(from 1.3.0) exist, and cause
+configure failure if not founding them in cross-compile environment. We can
+add the gnupg-native to get them, but still have some issues:
+1. need add new package: libksba, update libassuan(not in sato), and extend
+   native support in some other packages(libgcrypt, libgpg-error, pth...)
+2. Even we have gnupg, the g13 only exist in development branch, so that we
+   still have the g13 check failure in configure.
+I have searched the compile log, and found gpgconf/g13 are not used. So use a
+simple method here, throw a warning mesg rather than an error here just like in
+non-cross-compile environment.
+Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
+Upstream-Status: Inappropriate [embedded specific]
+Index: gpgme-1.3.0/configure.ac
+===================================================================
+--- gpgme-1.3.0.orig/configure.ac       2010-07-21 09:38:09.000000000 +0800
+++ gpgme-1.3.0/configure.ac    2010-07-21 09:39:19.000000000 +0800
+@@ -574,7 +574,7 @@
+ *** Could not find gpgconf, install gpgconf or use --with-gpgconf=PATH to enable it
+ ***])
+     else
+-      AC_MSG_ERROR([
+      AC_MSG_WARN([
+ ***
+ *** Can not determine path to gpgconf when cross-compiling, use --with-gpgconf=PATH
+ ***])
+@@ -670,7 +670,7 @@
+ *** Could not find g13, install g13 or use --with-g13=PATH to enable it
+ ***])
+     else
+-      AC_MSG_ERROR([
+      AC_MSG_WARN([
+ ***
+ *** Can not determine path to g13 when cross-compiling, use --with-g13=PATH
+ ***])
diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
new file mode 100644
index 0000000000..c728f58658
--- /dev/null
+++ b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
@@ -0,0 +1,56 @@
+Upstream-Status: Backport
+Backport patch to fix CVE-2014-3564.
+http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+From 2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Wed, 30 Jul 2014 11:04:55 +0200
+Subject: [PATCH 1/1] Fix possible realloc overflow for gpgsm and uiserver
+ engines.
+After a realloc (realloc is also used for initial alloc) the allocated
+size if the buffer is not correctly recorded.  Thus an overflow can be
+introduced by receiving data with different line lengths in a specific
+order.  This is not easy exploitable because libassuan constructs the
+line.  However a crash has been reported and thus it might be possible
+to constructs an exploit.
+CVE-id: CVE-2014-3564
+Reported-by: TomÃ¡Å¡ Trnka
+---
+ src/engine-gpgsm.c    | 2 +-
+ src/engine-uiserver.c | 2 +-
+ 3 files changed, 5 insertions(+), 2 deletions(-)
+diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
+index 8ec1598..3a83757 100644
+--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
+@@ -836,7 +836,7 @@ status_handler (void *opaque, int fd)
+              else
+                {
+                  *aline = newline;
+-                 gpgsm->colon.attic.linesize += linelen + 1;
+                 gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
+                }
+            }
+          if (!err)
+diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
+index 2738c36..a7184b7 100644
+--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
+@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd)
+              else
+                {
+                  *aline = newline;
+-                 uiserver->colon.attic.linesize += linelen + 1;
+                 uiserver->colon.attic.linesize = *alinelen + linelen + 1;
+                }
+            }
+          if (!err)
+-- 
+2.1.4
diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme.pc b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme.pc
new file mode 100644
index 0000000000..30a4d56d6e
--- /dev/null
+++ b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme.pc
@@ -0,0 +1,10 @@
+prefix=/usr
+libdir=${prefix}/lib
+includedir=${prefix}/include
+Name: gpgme
+Description: GNU Privacy Guard Made Easy
+Version: 1.4.3
+Requires:
+Libs: -L${libdir} -lgpgme -lassuan -lgpg-error
+Cflags: -I${includedir}
diff --git a/meta/recipes-support/gpgme/gpgme_1.4.3.bb b/meta/recipes-support/gpgme/gpgme_1.4.3.bb
new file mode 100644
index 0000000000..f16677e96e
--- /dev/null
+++ b/meta/recipes-support/gpgme/gpgme_1.4.3.bb
@@ -0,0 +1,42 @@
+SUMMARY = "High-level GnuPG encryption/signing API"
+DESCRIPTION = "GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG easier for applications. It provides a High-Level Crypto API for encryption, decryption, signing, signature verification and key management"
+HOMEPAGE = "http://www.gnupg.org/gpgme.html"
+BUGTRACKER = "https://bugs.g10code.com/gnupg/index"
+LICENSE = "GPLv2+ & LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+                    file://COPYING.LESSER;md5=bbb461211a33b134d42ed5ee802b37ff \
+                    file://src/gpgme.h.in;endline=23;md5=dccb4bb624011e36513c61ef0422d054 \
+                    file://src/engine.h;endline=22;md5=4b6d8ba313d9b564cc4d4cfb1640af9d"
+SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-${PV}.tar.bz2 \
+           file://disable_gpgconf_check.patch \
+           file://gpgme.pc \
+           file://gpgme-fix-CVE-2014-3564.patch \
+          "
+SRC_URI[md5sum] = "334e524cffa8af4e2f43ae8afe585672"
+SRC_URI[sha256sum] = "2d1cc12411753752d9c5b9037e6fd3fd363517af720154768cc7b46b60120496"
+DEPENDS = "libgpg-error libassuan"
+EXTRA_OECONF = "--with-gpg=${bindir}/gpg --without-gpgsm"
+BINCONFIG = "${bindir}/gpgme-config"
+inherit autotools texinfo binconfig-disabled pkgconfig
+PACKAGES =+ "${PN}-pthread"
+FILES_${PN}-pthread = "${libdir}/libgpgme-pthread.so.*"
+FILES_${PN}-dev += "${datadir}/common-lisp/source/gpgme/*"
+do_configure_prepend () {
+        # Else these could be used in preference to those in aclocal-copy
+        rm -f ${S}/m4/gpg-error.m4
+        rm -f ${S}/m4/libassuan.m4
+}
+do_install_append () {
+        install -d ${D}${libdir}/pkgconfig
+        install -m 0644 ${WORKDIR}/gpgme.pc ${D}${libdir}/pkgconfig/
+}
author	Tudor Florea <tudor.florea@enea.com>	2015-10-09 22:59:03 +0200
committer	Tudor Florea <tudor.florea@enea.com>	2015-10-09 22:59:03 +0200
commit	972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch)
tree	97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-support/gpgme
download	poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz

diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/disable_gpgconf_check.patch b/meta/recipes-support/gpgme/gpgme-1.4.3/disable_gpgconf_check.patch new file mode 100644 index 0000000000..df0953069c --- /dev/null +++ b/meta/recipes-support/gpgme/gpgme-1.4.3/disable_gpgconf_check.patch
@@ -0,0 +1,39 @@
	1	From 1.2.0, gpgme will check if gpgconf & g13(from 1.3.0) exist, and cause
	2	configure failure if not founding them in cross-compile environment. We can
	3	add the gnupg-native to get them, but still have some issues:
	4
	5	1. need add new package: libksba, update libassuan(not in sato), and extend
	6	native support in some other packages(libgcrypt, libgpg-error, pth...)
	7	2. Even we have gnupg, the g13 only exist in development branch, so that we
	8	still have the g13 check failure in configure.
	9
	10	I have searched the compile log, and found gpgconf/g13 are not used. So use a
	11	simple method here, throw a warning mesg rather than an error here just like in
	12	non-cross-compile environment.
	13
	14	Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
	15
	16	Upstream-Status: Inappropriate [embedded specific]
	17
	18	Index: gpgme-1.3.0/configure.ac
	19	===================================================================
	20	--- gpgme-1.3.0.orig/configure.ac 2010-07-21 09:38:09.000000000 +0800
	21	+++ gpgme-1.3.0/configure.ac 2010-07-21 09:39:19.000000000 +0800
	22	@@ -574,7 +574,7 @@
	23	*** Could not find gpgconf, install gpgconf or use --with-gpgconf=PATH to enable it
	24	***])
	25	else
	26	- AC_MSG_ERROR([
	27	+ AC_MSG_WARN([
	28	***
	29	*** Can not determine path to gpgconf when cross-compiling, use --with-gpgconf=PATH
	30	***])
	31	@@ -670,7 +670,7 @@
	32	*** Could not find g13, install g13 or use --with-g13=PATH to enable it
	33	***])
	34	else
	35	- AC_MSG_ERROR([
	36	+ AC_MSG_WARN([
	37	***
	38	*** Can not determine path to g13 when cross-compiling, use --with-g13=PATH
	39	***])


diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch new file mode 100644 index 0000000000..c728f58658 --- /dev/null +++ b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
@@ -0,0 +1,56 @@
	1	Upstream-Status: Backport
	2
	3	Backport patch to fix CVE-2014-3564.
	4
	5	http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
	6
	7	Signed-off-by: Kai Kang <kai.kang@windriver.com>
	8	---
	9	From 2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Mon Sep 17 00:00:00 2001
	10	From: Werner Koch <wk@gnupg.org>
	11	Date: Wed, 30 Jul 2014 11:04:55 +0200
	12	Subject: [PATCH 1/1] Fix possible realloc overflow for gpgsm and uiserver
	13	engines.
	14
	15	After a realloc (realloc is also used for initial alloc) the allocated
	16	size if the buffer is not correctly recorded. Thus an overflow can be
	17	introduced by receiving data with different line lengths in a specific
	18	order. This is not easy exploitable because libassuan constructs the
	19	line. However a crash has been reported and thus it might be possible
	20	to constructs an exploit.
	21
	22	CVE-id: CVE-2014-3564
	23	Reported-by: TomÃ¡Å¡ Trnka
	24	---
	25	src/engine-gpgsm.c \| 2 +-
	26	src/engine-uiserver.c \| 2 +-
	27	3 files changed, 5 insertions(+), 2 deletions(-)
	28
	29	diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
	30	index 8ec1598..3a83757 100644
	31	--- a/src/engine-gpgsm.c
	32	+++ b/src/engine-gpgsm.c
	33	@@ -836,7 +836,7 @@ status_handler (void *opaque, int fd)
	34	else
	35	{
	36	*aline = newline;
	37	- gpgsm->colon.attic.linesize += linelen + 1;
	38	+ gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
	39	}
	40	}
	41	if (!err)
	42	diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
	43	index 2738c36..a7184b7 100644
	44	--- a/src/engine-uiserver.c
	45	+++ b/src/engine-uiserver.c
	46	@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd)
	47	else
	48	{
	49	*aline = newline;
	50	- uiserver->colon.attic.linesize += linelen + 1;
	51	+ uiserver->colon.attic.linesize = *alinelen + linelen + 1;
	52	}
	53	}
	54	if (!err)
	55	--
	56	2.1.4


diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme.pc b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme.pc new file mode 100644 index 0000000000..30a4d56d6e --- /dev/null +++ b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme.pc
@@ -0,0 +1,10 @@
	1	prefix=/usr
	2	libdir=${prefix}/lib
	3	includedir=${prefix}/include
	4
	5	Name: gpgme
	6	Description: GNU Privacy Guard Made Easy
	7	Version: 1.4.3
	8	Requires:
	9	Libs: -L${libdir} -lgpgme -lassuan -lgpg-error
	10	Cflags: -I${includedir}


diff --git a/meta/recipes-support/gpgme/gpgme_1.4.3.bb b/meta/recipes-support/gpgme/gpgme_1.4.3.bb new file mode 100644 index 0000000000..f16677e96e --- /dev/null +++ b/meta/recipes-support/gpgme/gpgme_1.4.3.bb
@@ -0,0 +1,42 @@
	1	SUMMARY = "High-level GnuPG encryption/signing API"
	2	DESCRIPTION = "GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG easier for applications. It provides a High-Level Crypto API for encryption, decryption, signing, signature verification and key management"
	3	HOMEPAGE = "http://www.gnupg.org/gpgme.html"
	4	BUGTRACKER = "https://bugs.g10code.com/gnupg/index"
	5
	6	LICENSE = "GPLv2+ & LGPLv2.1+"
	7	LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
	8	file://COPYING.LESSER;md5=bbb461211a33b134d42ed5ee802b37ff \
	9	file://src/gpgme.h.in;endline=23;md5=dccb4bb624011e36513c61ef0422d054 \
	10	file://src/engine.h;endline=22;md5=4b6d8ba313d9b564cc4d4cfb1640af9d"
	11
	12	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-${PV}.tar.bz2 \
	13	file://disable_gpgconf_check.patch \
	14	file://gpgme.pc \
	15	file://gpgme-fix-CVE-2014-3564.patch \
	16	"
	17
	18	SRC_URI[md5sum] = "334e524cffa8af4e2f43ae8afe585672"
	19	SRC_URI[sha256sum] = "2d1cc12411753752d9c5b9037e6fd3fd363517af720154768cc7b46b60120496"
	20
	21	DEPENDS = "libgpg-error libassuan"
	22
	23	EXTRA_OECONF = "--with-gpg=${bindir}/gpg --without-gpgsm"
	24
	25	BINCONFIG = "${bindir}/gpgme-config"
	26
	27	inherit autotools texinfo binconfig-disabled pkgconfig
	28
	29	PACKAGES =+ "${PN}-pthread"
	30	FILES_${PN}-pthread = "${libdir}/libgpgme-pthread.so.*"
	31	FILES_${PN}-dev += "${datadir}/common-lisp/source/gpgme/*"
	32
	33	do_configure_prepend () {
	34	# Else these could be used in preference to those in aclocal-copy
	35	rm -f ${S}/m4/gpg-error.m4
	36	rm -f ${S}/m4/libassuan.m4
	37	}
	38
	39	do_install_append () {
	40	install -d ${D}${libdir}/pkgconfig
	41	install -m 0644 ${WORKDIR}/gpgme.pc ${D}${libdir}/pkgconfig/
	42	}