diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-02 12:04:08 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-07 20:05:31 +0000 |
commit | 2345af9b4829ed3eed5abf60f2483055649f8af7 (patch) | |
tree | 96a9a31e4b1957b93c4fe3eb669117d2752caf0d /meta/recipes-support | |
parent | c4901328fe5cf912c0965e5b011b64a95a9bcb9d (diff) | |
download | poky-2345af9b4829ed3eed5abf60f2483055649f8af7.tar.gz |
recipes: Move out stale GPLv2 versions to a seperate layeruninative-1.5
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.
There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.
There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.
Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.
I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.
(From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
24 files changed, 0 insertions, 1366 deletions
diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch deleted file mode 100644 index d3cb43b9b9..0000000000 --- a/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch +++ /dev/null | |||
@@ -1,22 +0,0 @@ | |||
1 | Obey LDFLAGS | ||
2 | |||
3 | Signed-off-by: Christopher Larson <chris_larson@mentor.com> | ||
4 | Upstream-Status: Inappropriate [old version] | ||
5 | |||
6 | --- gdbm-1.8.3.orig/Makefile.in | ||
7 | +++ gdbm-1.8.3/Makefile.in | ||
8 | @@ -156,12 +156,12 @@ install-compat: | ||
9 | |||
10 | libgdbm.la: $(LOBJS) gdbm.h | ||
11 | rm -f libgdbm.la | ||
12 | - $(LIBTOOL) --mode=link $(CC) -o libgdbm.la -rpath $(libdir) \ | ||
13 | + $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm.la -rpath $(libdir) \ | ||
14 | -version-info $(SHLIB_VER) $(LOBJS) | ||
15 | |||
16 | libgdbm_compat.la: $(C_LOBJS) gdbm.h | ||
17 | rm -f libgdbm_compat.la | ||
18 | - $(LIBTOOL) --mode=link $(CC) -o libgdbm_compat.la -rpath $(libdir) \ | ||
19 | + $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm_compat.la -rpath $(libdir) \ | ||
20 | -version-info $(SHLIB_VER) $(C_LOBJS) | ||
21 | |||
22 | gdbm.h: gdbm.proto gdbmerrno.h gdbm.proto2 | ||
diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch deleted file mode 100644 index 0f9d04f4a1..0000000000 --- a/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch +++ /dev/null | |||
@@ -1,22 +0,0 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | --- gdbm-1.8.3/Makefile.in.orig 2006-02-16 15:17:25.000000000 +0000 | ||
4 | +++ gdbm-1.8.3/Makefile.in 2006-02-16 15:18:08.000000000 +0000 | ||
5 | @@ -131,7 +131,7 @@ | ||
6 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \ | ||
7 | $(DESTDIR)$(includedir) $(DESTDIR)$(man3dir) \ | ||
8 | $(DESTDIR)$(infodir) | ||
9 | - $(LIBTOOL) $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la | ||
10 | + $(LIBTOOL) --mode=install $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la | ||
11 | $(INSTALL_DATA) gdbm.h \ | ||
12 | $(DESTDIR)$(includedir)/gdbm.h | ||
13 | $(INSTALL_DATA) $(srcdir)/gdbm.3 \ | ||
14 | @@ -142,7 +142,7 @@ | ||
15 | install-compat: | ||
16 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \ | ||
17 | $(DESTDIR)$(includedir) | ||
18 | - $(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \ | ||
19 | + $(LIBTOOL) --mode=install $(INSTALL) -c libgdbm_compat.la \ | ||
20 | $(DESTDIR)$(libdir)/libgdbm_compat.la | ||
21 | $(INSTALL_DATA) $(srcdir)/dbm.h \ | ||
22 | $(DESTDIR)$(includedir)/dbm.h | ||
diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch deleted file mode 100644 index 369145c410..0000000000 --- a/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch +++ /dev/null | |||
@@ -1,60 +0,0 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | # | ||
4 | # Patch managed by http://www.mn-logistik.de/unsupported/pxa250/patcher | ||
5 | # | ||
6 | |||
7 | --- gdbm-1.8.3/Makefile.in~makefile | ||
8 | +++ gdbm-1.8.3/Makefile.in | ||
9 | @@ -22,6 +22,7 @@ | ||
10 | TEXI2DVI = texi2dvi | ||
11 | |||
12 | DEFS = | ||
13 | +DESTDIR = | ||
14 | |||
15 | # Where the system [n]dbm routines are... | ||
16 | LIBS = @LIBS@ -lc | ||
17 | @@ -127,26 +128,26 @@ | ||
18 | progs: $(PROGS) | ||
19 | |||
20 | install: libgdbm.la gdbm.h gdbm.info | ||
21 | - $(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \ | ||
22 | - $(INSTALL_ROOT)$(includedir) $(INSTALL_ROOT)$(man3dir) \ | ||
23 | - $(INSTALL_ROOT)$(infodir) | ||
24 | - $(LIBTOOL) $(INSTALL) -c libgdbm.la $(INSTALL_ROOT)$(libdir)/libgdbm.la | ||
25 | - $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) gdbm.h \ | ||
26 | - $(INSTALL_ROOT)$(includedir)/gdbm.h | ||
27 | - $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.3 \ | ||
28 | - $(INSTALL_ROOT)$(man3dir)/gdbm.3 | ||
29 | - $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.info \ | ||
30 | - $(INSTALL_ROOT)$(infodir)/gdbm.info | ||
31 | + $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \ | ||
32 | + $(DESTDIR)$(includedir) $(DESTDIR)$(man3dir) \ | ||
33 | + $(DESTDIR)$(infodir) | ||
34 | + $(LIBTOOL) $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la | ||
35 | + $(INSTALL_DATA) gdbm.h \ | ||
36 | + $(DESTDIR)$(includedir)/gdbm.h | ||
37 | + $(INSTALL_DATA) $(srcdir)/gdbm.3 \ | ||
38 | + $(DESTDIR)$(man3dir)/gdbm.3 | ||
39 | + $(INSTALL_DATA) $(srcdir)/gdbm.info \ | ||
40 | + $(DESTDIR)$(infodir)/gdbm.info | ||
41 | |||
42 | install-compat: | ||
43 | - $(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \ | ||
44 | - $(INSTALL_ROOT)$(includedir) | ||
45 | + $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \ | ||
46 | + $(DESTDIR)$(includedir) | ||
47 | $(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \ | ||
48 | - $(INSTALL_ROOT)$(libdir)/libgdbm_compat.la | ||
49 | - $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/dbm.h \ | ||
50 | - $(INSTALL_ROOT)$(includedir)/dbm.h | ||
51 | - $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/ndbm.h \ | ||
52 | - $(INSTALL_ROOT)$(includedir)/ndbm.h | ||
53 | + $(DESTDIR)$(libdir)/libgdbm_compat.la | ||
54 | + $(INSTALL_DATA) $(srcdir)/dbm.h \ | ||
55 | + $(DESTDIR)$(includedir)/dbm.h | ||
56 | + $(INSTALL_DATA) $(srcdir)/ndbm.h \ | ||
57 | + $(DESTDIR)$(includedir)/ndbm.h | ||
58 | |||
59 | #libgdbm.a: $(OBJS) gdbm.h | ||
60 | # rm -f libgdbm.a | ||
diff --git a/meta/recipes-support/gdbm/gdbm_1.8.3.bb b/meta/recipes-support/gdbm/gdbm_1.8.3.bb deleted file mode 100644 index b253dc1447..0000000000 --- a/meta/recipes-support/gdbm/gdbm_1.8.3.bb +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | SUMMARY = "Key/value database library with extensible hashing" | ||
2 | HOMEPAGE = "http://www.gnu.org/software/gdbm/" | ||
3 | SECTION = "libs" | ||
4 | LICENSE = "GPLv2+" | ||
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=d8e20eece214df8ef953ed5857862150" | ||
6 | |||
7 | PR = "r4" | ||
8 | |||
9 | SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \ | ||
10 | file://makefile.patch \ | ||
11 | file://libtool-mode.patch \ | ||
12 | file://ldflags.patch" | ||
13 | |||
14 | SRC_URI[md5sum] = "1d1b1d5c0245b1c00aff92da751e9aa1" | ||
15 | SRC_URI[sha256sum] = "cc340338a2e28b40058ab9eb5354a21d53f88a1582ea21ba0bb185c37a281dc9" | ||
16 | |||
17 | inherit autotools texinfo | ||
18 | |||
19 | BBCLASSEXTEND = "native nativesdk" | ||
20 | |||
21 | do_install_append () { | ||
22 | oe_runmake install-compat DESTDIR=${D} | ||
23 | install -d ${D}${includedir}/gdbm | ||
24 | install -m 0644 ${S}/dbm.h ${D}${includedir}/ | ||
25 | install -m 0644 ${S}/ndbm.h ${D}${includedir}/ | ||
26 | # Create a symlink to ndbm.h and gdbm.h in include/gdbm to let other packages to find | ||
27 | # these headers | ||
28 | ln -sf ../ndbm.h ${D}/${includedir}/gdbm/ndbm.h | ||
29 | ln -sf ../gdbm.h ${D}/${includedir}/gdbm/gdbm.h | ||
30 | } | ||
diff --git a/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch b/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch deleted file mode 100644 index 627d71aba9..0000000000 --- a/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | From 3cb33502bafd04b8ad4ca3454fab16d5ff313297 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
3 | Date: Tue, 22 Sep 2015 13:16:23 +0300 | ||
4 | Subject: [PATCH] Use __gnu_inline__ attribute | ||
5 | |||
6 | gcc5 uses C11 inline rules. This means the old "extern inline" | ||
7 | semantics are not available without a special attribute. | ||
8 | |||
9 | See: https://gcc.gnu.org/gcc-5/porting_to.html | ||
10 | |||
11 | Upstream-Status: Inappropriate [Fixed in current versions] | ||
12 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
13 | --- | ||
14 | gmp-h.in | 5 ++++- | ||
15 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
16 | |||
17 | diff --git a/gmp-h.in b/gmp-h.in | ||
18 | index eed6fe4..361dd1d 100644 | ||
19 | --- a/gmp-h.in | ||
20 | +++ b/gmp-h.in | ||
21 | @@ -419,8 +419,11 @@ typedef __mpq_struct *mpq_ptr; | ||
22 | /* gcc has __inline__ in all modes, including strict ansi. Give a prototype | ||
23 | for an inline too, so as to correctly specify "dllimport" on windows, in | ||
24 | case the function is called rather than inlined. */ | ||
25 | + | ||
26 | +/* Use __gnu_inline__ attribute: later gcc uses different "extern inline" | ||
27 | + behaviour */ | ||
28 | #ifdef __GNUC__ | ||
29 | -#define __GMP_EXTERN_INLINE extern __inline__ | ||
30 | +#define __GMP_EXTERN_INLINE extern __inline__ __attribute__ ((__gnu_inline__)) | ||
31 | #define __GMP_INLINE_PROTOTYPES 1 | ||
32 | #endif | ||
33 | |||
34 | -- | ||
35 | 2.1.4 | ||
36 | |||
diff --git a/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch b/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch deleted file mode 100644 index 6da0be9ca0..0000000000 --- a/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch +++ /dev/null | |||
@@ -1,57 +0,0 @@ | |||
1 | From d50686de0406a88ef9112f5252103f799982e84a Mon Sep 17 00:00:00 2001 | ||
2 | From: Andre McCurdy <armccurdy@gmail.com> | ||
3 | Date: Thu, 4 Feb 2016 14:00:00 -0800 | ||
4 | Subject: [PATCH] avoid h asm constraint for MIPS | ||
5 | |||
6 | The h asm constrain (to extract the high part of a multiplication | ||
7 | result) has not been recognised since gcc 4.4: | ||
8 | |||
9 | https://gcc.gnu.org/gcc-4.4/changes.html | ||
10 | |||
11 | Drop the MIPS umul_ppmm() implementations which rely on "=h" and fall | ||
12 | back to the older implementations (which use explicit mfhi and mflo | ||
13 | instructions to move the high and low parts of the multiplication | ||
14 | result into their destinations). | ||
15 | |||
16 | Upstream-Status: Inappropriate [upstream has a different solution] | ||
17 | |||
18 | Signed-off-by: Andre McCurdy <armccurdy@gmail.com> | ||
19 | --- | ||
20 | longlong.h | 10 ---------- | ||
21 | 1 file changed, 10 deletions(-) | ||
22 | |||
23 | diff --git a/longlong.h b/longlong.h | ||
24 | index b53fbee..0193abb 100644 | ||
25 | --- a/longlong.h | ||
26 | +++ b/longlong.h | ||
27 | @@ -1011,27 +1011,17 @@ extern UWtype __MPN(udiv_qrnnd) _PROTO ((UWtype *, UWtype, UWtype, UWtype)); | ||
28 | #endif /* __m88000__ */ | ||
29 | |||
30 | #if defined (__mips) && W_TYPE_SIZE == 32 | ||
31 | -#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 | ||
32 | -#define umul_ppmm(w1, w0, u, v) \ | ||
33 | - __asm__ ("multu %2,%3" : "=l" (w0), "=h" (w1) : "d" (u), "d" (v)) | ||
34 | -#else | ||
35 | #define umul_ppmm(w1, w0, u, v) \ | ||
36 | __asm__ ("multu %2,%3\n\tmflo %0\n\tmfhi %1" \ | ||
37 | : "=d" (w0), "=d" (w1) : "d" (u), "d" (v)) | ||
38 | -#endif | ||
39 | #define UMUL_TIME 10 | ||
40 | #define UDIV_TIME 100 | ||
41 | #endif /* __mips */ | ||
42 | |||
43 | #if (defined (__mips) && __mips >= 3) && W_TYPE_SIZE == 64 | ||
44 | -#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 | ||
45 | -#define umul_ppmm(w1, w0, u, v) \ | ||
46 | - __asm__ ("dmultu %2,%3" : "=l" (w0), "=h" (w1) : "d" (u), "d" (v)) | ||
47 | -#else | ||
48 | #define umul_ppmm(w1, w0, u, v) \ | ||
49 | __asm__ ("dmultu %2,%3\n\tmflo %0\n\tmfhi %1" \ | ||
50 | : "=d" (w0), "=d" (w1) : "d" (u), "d" (v)) | ||
51 | -#endif | ||
52 | #define UMUL_TIME 20 | ||
53 | #define UDIV_TIME 140 | ||
54 | #endif /* __mips */ | ||
55 | -- | ||
56 | 1.9.1 | ||
57 | |||
diff --git a/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch b/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch deleted file mode 100644 index 26fd8ef8bc..0000000000 --- a/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch +++ /dev/null | |||
@@ -1,56 +0,0 @@ | |||
1 | automake 1.12 has depricated automatic de-ANSI-fication support | ||
2 | |||
3 | this patch avoids these kinds of errors: | ||
4 | |||
5 | | configure.in:2240: error: automatic de-ANSI-fication support has been removed | ||
6 | | Makefile.am:28: error: automatic de-ANSI-fication support has been removed | ||
7 | |||
8 | Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> | ||
9 | 2012/05/02 | ||
10 | |||
11 | |||
12 | This patch was removed in f181c6ce8b3 when gmp 4.2.1 was mistakenly | ||
13 | dropped. | ||
14 | |||
15 | Upstream is not interested in patches for ancient versions. | ||
16 | |||
17 | Upstream-Status: Inappropriate | ||
18 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
19 | |||
20 | |||
21 | Index: gmp-4.2.1/configure.in | ||
22 | =================================================================== | ||
23 | --- gmp-4.2.1.orig/configure.in | ||
24 | +++ gmp-4.2.1/configure.in | ||
25 | @@ -67,7 +67,7 @@ dnl | ||
26 | dnl Note that there's a copy of these options in the top-level Makefile.am, | ||
27 | dnl so update there too if changing anything. | ||
28 | dnl | ||
29 | -AM_INIT_AUTOMAKE([1.8 gnu no-dependencies $(top_builddir)/ansi2knr]) | ||
30 | +AM_INIT_AUTOMAKE([1.8 gnu no-dependencies]) | ||
31 | AM_CONFIG_HEADER(config.h:config.in) | ||
32 | AM_MAINTAINER_MODE | ||
33 | |||
34 | @@ -2022,9 +2022,6 @@ fi | ||
35 | echo " MPN_PATH=\"$path\"" | ||
36 | |||
37 | |||
38 | -# Automake ansi2knr support. | ||
39 | -AM_C_PROTOTYPES | ||
40 | - | ||
41 | GMP_PROG_AR | ||
42 | GMP_PROG_NM | ||
43 | |||
44 | Index: gmp-4.2.1/Makefile.am | ||
45 | =================================================================== | ||
46 | --- gmp-4.2.1.orig/Makefile.am | ||
47 | +++ gmp-4.2.1/Makefile.am | ||
48 | @@ -27,7 +27,7 @@ | ||
49 | # Makefiles in subdirectories, but here we must omit it so automake gives | ||
50 | # the actual ansi2knr build rule, not "cd $(top_builddir) && make ansi2knr". | ||
51 | # | ||
52 | -AUTOMAKE_OPTIONS = 1.8 gnu no-dependencies ansi2knr | ||
53 | +AUTOMAKE_OPTIONS = 1.8 gnu no-dependencies | ||
54 | |||
55 | |||
56 | # Libtool -version-info for libgmp.la and libmp.la. See "Versioning" in the | ||
diff --git a/meta/recipes-support/gmp/gmp_4.2.1.bb b/meta/recipes-support/gmp/gmp_4.2.1.bb deleted file mode 100644 index 5e8ee29f36..0000000000 --- a/meta/recipes-support/gmp/gmp_4.2.1.bb +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | require gmp.inc | ||
2 | |||
3 | LICENSE = "LGPLv2.1+ & GPLv2+" | ||
4 | LICENSE_${PN} = "LGPLv2.1+" | ||
5 | |||
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=892f569a555ba9c07a568a7c0c4fa63a \ | ||
7 | file://COPYING.LIB;md5=fbc093901857fcd118f065f900982c24 \ | ||
8 | file://gmp-h.in;beginline=6;endline=21;md5=e056f74a12c3277d730dbcfb85d2ca34" | ||
9 | |||
10 | SRC_URI = "https://gmplib.org/download/${BPN}/archive/${BP}.tar.bz2 \ | ||
11 | file://Use-__gnu_inline__-attribute.patch \ | ||
12 | file://gmp_fix_for_automake-1.12.patch \ | ||
13 | file://avoid-h-asm-constraint-for-MIPS.patch \ | ||
14 | " | ||
15 | |||
16 | SRC_URI[md5sum] = "091c56e0e1cca6b09b17b69d47ef18e3" | ||
17 | SRC_URI[sha256sum] = "d07ffcb37eecec35c5ec72516d10b35fdf6e6fef1fcf1dcd37e30b8cbf8bf941" | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch deleted file mode 100644 index f0667741c8..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch +++ /dev/null | |||
@@ -1,63 +0,0 @@ | |||
1 | From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001 | ||
2 | From: Werner Koch <wk@gnupg.org> | ||
3 | Date: Thu, 25 Jul 2013 11:17:52 +0200 | ||
4 | Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret | ||
5 | exponents. | ||
6 | |||
7 | commit e2202ff2b704623efc6277fb5256e4e15bac5676 from | ||
8 | git://git.gnupg.org/libgcrypt.git | ||
9 | |||
10 | * mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for | ||
11 | exponents in secure memory. | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | CVE: CVE-2013-4242 | ||
15 | |||
16 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
17 | -- | ||
18 | |||
19 | The attack is published as http://eprint.iacr.org/2013/448 : | ||
20 | |||
21 | Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel | ||
22 | Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. | ||
23 | |||
24 | Flush+Reload is a cache side-channel attack that monitors access to | ||
25 | data in shared pages. In this paper we demonstrate how to use the | ||
26 | attack to extract private encryption keys from GnuPG. The high | ||
27 | resolution and low noise of the Flush+Reload attack enables a spy | ||
28 | program to recover over 98% of the bits of the private key in a | ||
29 | single decryption or signing round. Unlike previous attacks, the | ||
30 | attack targets the last level L3 cache. Consequently, the spy | ||
31 | program and the victim do not need to share the execution core of | ||
32 | the CPU. The attack is not limited to a traditional OS and can be | ||
33 | used in a virtualised environment, where it can attack programs | ||
34 | executing in a different VM. | ||
35 | |||
36 | Index: gnupg-1.4.7/mpi/mpi-pow.c | ||
37 | =================================================================== | ||
38 | --- gnupg-1.4.7.orig/mpi/mpi-pow.c | ||
39 | +++ gnupg-1.4.7/mpi/mpi-pow.c | ||
40 | @@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen | ||
41 | tp = rp; rp = xp; xp = tp; | ||
42 | rsize = xsize; | ||
43 | |||
44 | - if( (mpi_limb_signed_t)e < 0 ) { | ||
45 | + /* To mitigate the Yarom/Falkner flush+reload cache | ||
46 | + * side-channel attack on the RSA secret exponent, we do | ||
47 | + * the multiplication regardless of the value of the | ||
48 | + * high-bit of E. But to avoid this performance penalty | ||
49 | + * we do it only if the exponent has been stored in secure | ||
50 | + * memory and we can thus assume it is a secret exponent. */ | ||
51 | + if (esec || (mpi_limb_signed_t)e < 0) { | ||
52 | /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/ | ||
53 | if( bsize < KARATSUBA_THRESHOLD ) { | ||
54 | mpihelp_mul( xp, rp, rsize, bp, bsize ); | ||
55 | @@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen | ||
56 | mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); | ||
57 | xsize = msize; | ||
58 | } | ||
59 | + } | ||
60 | + if ( (mpi_limb_signed_t)e < 0 ) { | ||
61 | |||
62 | tp = rp; rp = xp; xp = tp; | ||
63 | rsize = xsize; | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch deleted file mode 100644 index b50a32f40c..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | CVE: CVE-2013-4351 | ||
3 | |||
4 | Index: gnupg-1.4.7/g10/getkey.c | ||
5 | =================================================================== | ||
6 | --- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 | ||
7 | +++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 | ||
8 | @@ -1454,7 +1454,11 @@ | ||
9 | |||
10 | if(flags) | ||
11 | key_usage |= PUBKEY_USAGE_UNKNOWN; | ||
12 | + if (!key_usage) | ||
13 | + key_usage |= PUBKEY_USAGE_NONE; | ||
14 | } | ||
15 | + else if (p) | ||
16 | + key_usage |= PUBKEY_USAGE_NONE; | ||
17 | |||
18 | /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a | ||
19 | capability that we do not handle. This serves to distinguish | ||
20 | Index: gnupg-1.4.7/g10/keygen.c | ||
21 | =================================================================== | ||
22 | --- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 | ||
23 | +++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 | ||
24 | @@ -209,9 +209,6 @@ | ||
25 | if (use & PUBKEY_USAGE_AUTH) | ||
26 | buf[0] |= 0x20; | ||
27 | |||
28 | - if (!buf[0]) | ||
29 | - return; | ||
30 | - | ||
31 | build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); | ||
32 | } | ||
33 | |||
34 | Index: gnupg-1.4.7/include/cipher.h | ||
35 | =================================================================== | ||
36 | --- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 | ||
37 | +++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 | ||
38 | @@ -52,6 +52,7 @@ | ||
39 | #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ | ||
40 | #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ | ||
41 | #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ | ||
42 | +#define PUBKEY_USAGE_NONE 256 /* No usage given. */ | ||
43 | |||
44 | #define DIGEST_ALGO_MD5 1 | ||
45 | #define DIGEST_ALGO_SHA1 2 | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch deleted file mode 100644 index 5dcde1f9cb..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch +++ /dev/null | |||
@@ -1,154 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | CVE: CVE-2013-4576 | ||
3 | |||
4 | Index: gnupg-1.4.7/cipher/dsa.c | ||
5 | =================================================================== | ||
6 | --- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800 | ||
7 | +++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800 | ||
8 | @@ -287,6 +287,8 @@ | ||
9 | MPI kinv; | ||
10 | MPI tmp; | ||
11 | |||
12 | + mpi_normalize (hash); | ||
13 | + | ||
14 | /* select a random k with 0 < k < q */ | ||
15 | k = gen_k( skey->q ); | ||
16 | |||
17 | Index: gnupg-1.4.7/cipher/elgamal.c | ||
18 | =================================================================== | ||
19 | --- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800 | ||
20 | +++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800 | ||
21 | @@ -376,6 +376,9 @@ | ||
22 | { | ||
23 | MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); | ||
24 | |||
25 | + mpi_normalize (a); | ||
26 | + mpi_normalize (b); | ||
27 | + | ||
28 | /* output = b/(a^x) mod p */ | ||
29 | mpi_powm( t1, a, skey->x, skey->p ); | ||
30 | mpi_invm( t1, t1, skey->p ); | ||
31 | Index: gnupg-1.4.7/cipher/random.c | ||
32 | =================================================================== | ||
33 | --- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800 | ||
34 | +++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800 | ||
35 | @@ -273,6 +273,18 @@ | ||
36 | } | ||
37 | |||
38 | |||
39 | +/* Randomize the MPI */ | ||
40 | +void | ||
41 | +randomize_mpi (MPI mpi, size_t nbits, int level) | ||
42 | +{ | ||
43 | + unsigned char *buffer; | ||
44 | + | ||
45 | + buffer = get_random_bits (nbits, level, mpi_is_secure (mpi)); | ||
46 | + mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0); | ||
47 | + xfree (buffer); | ||
48 | +} | ||
49 | + | ||
50 | + | ||
51 | int | ||
52 | random_is_faked() | ||
53 | { | ||
54 | Index: gnupg-1.4.7/cipher/random.h | ||
55 | =================================================================== | ||
56 | --- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800 | ||
57 | +++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800 | ||
58 | @@ -32,6 +32,7 @@ | ||
59 | int random_is_faked(void); | ||
60 | void random_disable_locking (void); | ||
61 | void randomize_buffer( byte *buffer, size_t length, int level ); | ||
62 | +void randomize_mpi (MPI mpi, size_t nbits, int level); | ||
63 | byte *get_random_bits( size_t nbits, int level, int secure ); | ||
64 | void fast_random_poll( void ); | ||
65 | |||
66 | Index: gnupg-1.4.7/cipher/rsa.c | ||
67 | =================================================================== | ||
68 | --- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800 | ||
69 | +++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800 | ||
70 | @@ -301,9 +301,26 @@ | ||
71 | #if 0 | ||
72 | mpi_powm( output, input, skey->d, skey->n ); | ||
73 | #else | ||
74 | - MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
75 | - MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
76 | - MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); | ||
77 | + int nlimbs = mpi_get_nlimbs (skey->n)+1; | ||
78 | + MPI m1 = mpi_alloc_secure (nlimbs); | ||
79 | + MPI m2 = mpi_alloc_secure (nlimbs); | ||
80 | + MPI h = mpi_alloc_secure (nlimbs); | ||
81 | +# if 1 | ||
82 | + MPI bdata= mpi_alloc_secure (nlimbs); | ||
83 | + MPI r = mpi_alloc_secure (nlimbs); | ||
84 | +# endif | ||
85 | + | ||
86 | + /* Remove superfluous leading zeroes from INPUT. */ | ||
87 | + mpi_normalize (input); | ||
88 | + | ||
89 | +# if 1 | ||
90 | + /* Blind: bdata = (data * r^e) mod n */ | ||
91 | + randomize_mpi (r, mpi_get_nbits (skey->n), 0); | ||
92 | + mpi_fdiv_r (r, r, skey->n); | ||
93 | + mpi_powm (bdata, r, skey->e, skey->n); | ||
94 | + mpi_mulm (bdata, bdata, input, skey->n); | ||
95 | + input = bdata; | ||
96 | +# endif | ||
97 | |||
98 | /* m1 = c ^ (d mod (p-1)) mod p */ | ||
99 | mpi_sub_ui( h, skey->p, 1 ); | ||
100 | @@ -321,8 +338,15 @@ | ||
101 | /* m = m2 + h * p */ | ||
102 | mpi_mul ( h, h, skey->p ); | ||
103 | mpi_add ( output, m1, h ); | ||
104 | - /* ready */ | ||
105 | - | ||
106 | + | ||
107 | +# if 1 | ||
108 | + mpi_free (bdata); | ||
109 | + /* Unblind: output = (output * r^(-1)) mod n */ | ||
110 | + mpi_invm (r, r, skey->n); | ||
111 | + mpi_mulm (output, output, r, skey->n); | ||
112 | + mpi_free (r); | ||
113 | +# endif | ||
114 | + | ||
115 | mpi_free ( h ); | ||
116 | mpi_free ( m1 ); | ||
117 | mpi_free ( m2 ); | ||
118 | @@ -397,6 +421,7 @@ | ||
119 | rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) | ||
120 | { | ||
121 | RSA_secret_key sk; | ||
122 | + MPI input; | ||
123 | |||
124 | if( algo != 1 && algo != 2 ) | ||
125 | return G10ERR_PUBKEY_ALGO; | ||
126 | @@ -407,8 +432,14 @@ | ||
127 | sk.p = skey[3]; | ||
128 | sk.q = skey[4]; | ||
129 | sk.u = skey[5]; | ||
130 | - *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) ); | ||
131 | - secret( *result, data[0], &sk ); | ||
132 | + | ||
133 | + /* Mitigates side-channel attacks (CVE-2013-4576). */ | ||
134 | + input = mpi_alloc (0); | ||
135 | + mpi_normalize (data[0]); | ||
136 | + mpi_fdiv_r (input, data[0], sk.n); | ||
137 | + *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n)); | ||
138 | + secret (*result, input, &sk); | ||
139 | + mpi_free (input); | ||
140 | return 0; | ||
141 | } | ||
142 | |||
143 | Index: gnupg-1.4.7/g10/gpgv.c | ||
144 | =================================================================== | ||
145 | --- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800 | ||
146 | +++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800 | ||
147 | @@ -390,6 +390,7 @@ | ||
148 | void random_dump_stats(void) {} | ||
149 | int quick_random_gen( int onoff ) { return -1;} | ||
150 | void randomize_buffer( byte *buffer, size_t length, int level ) {} | ||
151 | +void randomize_mpi (MPI mpi, size_t nbits, int level) {} | ||
152 | int random_is_faked() { return -1;} | ||
153 | byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;} | ||
154 | void set_random_seed_file( const char *name ) {} | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch deleted file mode 100644 index 362717636b..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 | ||
2 | Author: Werner Koch <wk@gnupg.org> | ||
3 | Date: Thu Dec 20 09:43:41 2012 +0100 | ||
4 | |||
5 | gpg: Import only packets which are allowed in a keyblock. | ||
6 | |||
7 | * g10/import.c (valid_keyblock_packet): New. | ||
8 | (read_block): Store only valid packets. | ||
9 | -- | ||
10 | |||
11 | A corrupted key, which for example included a mangled public key | ||
12 | encrypted packet, used to corrupt the keyring. This change skips all | ||
13 | packets which are not allowed in a keyblock. | ||
14 | |||
15 | GnuPG-bug-id: 1455 | ||
16 | |||
17 | (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | CVE: CVE-2012-6085 | ||
21 | |||
22 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
23 | |||
24 | diff --git a/g10/import.c b/g10/import.c | ||
25 | index bfe02eb..a57b32e 100644 | ||
26 | --- a/g10/import.c | ||
27 | +++ b/g10/import.c | ||
28 | @@ -384,6 +384,27 @@ import_print_stats (void *hd) | ||
29 | } | ||
30 | |||
31 | |||
32 | +/* Return true if PKTTYPE is valid in a keyblock. */ | ||
33 | +static int | ||
34 | +valid_keyblock_packet (int pkttype) | ||
35 | +{ | ||
36 | + switch (pkttype) | ||
37 | + { | ||
38 | + case PKT_PUBLIC_KEY: | ||
39 | + case PKT_PUBLIC_SUBKEY: | ||
40 | + case PKT_SECRET_KEY: | ||
41 | + case PKT_SECRET_SUBKEY: | ||
42 | + case PKT_SIGNATURE: | ||
43 | + case PKT_USER_ID: | ||
44 | + case PKT_ATTRIBUTE: | ||
45 | + case PKT_RING_TRUST: | ||
46 | + return 1; | ||
47 | + default: | ||
48 | + return 0; | ||
49 | + } | ||
50 | +} | ||
51 | + | ||
52 | + | ||
53 | /**************** | ||
54 | * Read the next keyblock from stream A. | ||
55 | * PENDING_PKT should be initialzed to NULL | ||
56 | @@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) | ||
57 | } | ||
58 | in_cert = 1; | ||
59 | default: | ||
60 | - if( in_cert ) { | ||
61 | + if (in_cert && valid_keyblock_packet (pkt->pkttype)) { | ||
62 | if( !root ) | ||
63 | root = new_kbnode( pkt ); | ||
64 | else | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch deleted file mode 100644 index e005ac658f..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | |||
2 | Upstream-Status: Inappropriate [configuration] | ||
3 | |||
4 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
5 | |||
6 | Index: gnupg-1.4.7/configure.ac | ||
7 | =================================================================== | ||
8 | --- gnupg-1.4.7.orig/configure.ac | ||
9 | +++ gnupg-1.4.7/configure.ac | ||
10 | @@ -827,7 +827,6 @@ else | ||
11 | AC_SUBST(USE_NLS) | ||
12 | AC_SUBST(USE_INCLUDED_LIBINTL) | ||
13 | AC_SUBST(BUILD_INCLUDED_LIBINTL) | ||
14 | - AM_PO_SUBDIRS | ||
15 | fi | ||
16 | |||
17 | if test "$try_extensions" = yes || test x"$card_support" = xyes ; then | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch deleted file mode 100644 index e5fb24aa63..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | |||
2 | This has been discussed in a couple of different bug reported | ||
3 | upstream: | ||
4 | |||
5 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250 | ||
6 | http://bugs.sourcemage.org/show_bug.cgi?id=14446 | ||
7 | |||
8 | Fix: | ||
9 | http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html | ||
10 | |||
11 | Upstream-Status: Backport [Debian] | ||
12 | |||
13 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
14 | |||
15 | Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c | ||
16 | =================================================================== | ||
17 | --- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c | ||
18 | +++ gnupg-1.4.7/keyserver/gpgkeys_curl.c | ||
19 | @@ -286,7 +286,7 @@ main(int argc,char *argv[]) | ||
20 | curl_easy_setopt(curl,CURLOPT_VERBOSE,1); | ||
21 | } | ||
22 | |||
23 | - curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert); | ||
24 | + curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); | ||
25 | curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); | ||
26 | |||
27 | if(proxy) | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch deleted file mode 100644 index 2855cab24b..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | Orignal Patch came from OpenWrt via OE-Classic | ||
2 | https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4 | ||
3 | which is no longer a valid revision! | ||
4 | |||
5 | Upstream-Status: Inappropriate [configuration] | ||
6 | |||
7 | |||
8 | --- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000 | ||
9 | +++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000 | ||
10 | @@ -181,7 +181,7 @@ | ||
11 | /*************************************** | ||
12 | ************** ARM ****************** | ||
13 | ***************************************/ | ||
14 | -#if defined (__arm__) && W_TYPE_SIZE == 32 | ||
15 | +#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__) | ||
16 | #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ | ||
17 | __asm__ ("adds %1, %4, %5\n" \ | ||
18 | "adc %0, %2, %3" \ | ||
19 | |||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch deleted file mode 100644 index 9a03b2b705..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch +++ /dev/null | |||
@@ -1,50 +0,0 @@ | |||
1 | |||
2 | From Openembedded-Classic | ||
3 | |||
4 | gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support | ||
5 | |||
6 | |||
7 | Upstream-Status: Inappropriate [embedded-specific] | ||
8 | |||
9 | Index: gnupg-1.4.10/mpi/longlong.h | ||
10 | =================================================================== | ||
11 | --- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100 | ||
12 | +++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100 | ||
13 | @@ -706,18 +706,35 @@ | ||
14 | #endif /* __m88110__ */ | ||
15 | #endif /* __m88000__ */ | ||
16 | |||
17 | +/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */ | ||
18 | +#if defined (__GNUC__) && defined (__GNUC_MINOR__) | ||
19 | +#define __GNUC_PREREQ(maj, min) \ | ||
20 | + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) | ||
21 | +#else | ||
22 | +#define __GNUC_PREREQ(maj, min) 0 | ||
23 | +#endif | ||
24 | + | ||
25 | /*************************************** | ||
26 | ************** MIPS ***************** | ||
27 | ***************************************/ | ||
28 | #if defined (__mips__) && W_TYPE_SIZE == 32 | ||
29 | -#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 | ||
30 | +#if __GNUC_PREREQ (4,4) | ||
31 | +#define umul_ppmm(w1, w0, u, v) \ | ||
32 | + do { \ | ||
33 | + UDItype __ll = (UDItype)(u) * (v); \ | ||
34 | + w1 = __ll >> 32; \ | ||
35 | + w0 = __ll; \ | ||
36 | + } while (0) | ||
37 | +#endif | ||
38 | +#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7) | ||
39 | #define umul_ppmm(w1, w0, u, v) \ | ||
40 | __asm__ ("multu %2,%3" \ | ||
41 | : "=l" ((USItype)(w0)), \ | ||
42 | "=h" ((USItype)(w1)) \ | ||
43 | : "d" ((USItype)(u)), \ | ||
44 | "d" ((USItype)(v))) | ||
45 | -#else | ||
46 | +#endif | ||
47 | +#if !defined (umul_ppmm) | ||
48 | #define umul_ppmm(w1, w0, u, v) \ | ||
49 | __asm__ ("multu %2,%3 \n" \ | ||
50 | "mflo %0 \n" \ | ||
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb deleted file mode 100644 index 6ccffd54ca..0000000000 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ /dev/null | |||
@@ -1,104 +0,0 @@ | |||
1 | SUMMARY = "GNU Privacy Guard - encryption and signing tools" | ||
2 | HOMEPAGE = "http://www.gnupg.org/" | ||
3 | DEPENDS = "zlib bzip2 readline" | ||
4 | SECTION = "console/utils" | ||
5 | |||
6 | LICENSE = "GPLv2" | ||
7 | |||
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" | ||
9 | |||
10 | PR = "r9" | ||
11 | |||
12 | SRC_URI = "${GNUPG_MIRROR}/gnupg/gnupg-${PV}.tar.bz2 \ | ||
13 | file://long-long-thumb.patch \ | ||
14 | file://configure.patch \ | ||
15 | file://mips_gcc4.4.patch \ | ||
16 | file://GnuPG1-CVE-2012-6085.patch \ | ||
17 | file://curl_typeof_fix_backport.patch \ | ||
18 | file://CVE-2013-4351.patch \ | ||
19 | file://CVE-2013-4576.patch \ | ||
20 | file://CVE-2013-4242.patch \ | ||
21 | " | ||
22 | |||
23 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" | ||
24 | SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" | ||
25 | |||
26 | inherit autotools gettext texinfo | ||
27 | |||
28 | # --with-egd-socket=NAME use NAME for the EGD socket | ||
29 | # --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer | ||
30 | # --with-included-zlib use the zlib code included here | ||
31 | # --with-capabilities use linux capabilities default=no | ||
32 | # --with-mailprog=NAME use "NAME -t" for mail transport | ||
33 | # --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib | ||
34 | # --without-libiconv-prefix don't search for libiconv in includedir and libdir | ||
35 | # --with-included-gettext use the GNU gettext library included here | ||
36 | # --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib | ||
37 | # --without-libintl-prefix don't search for libintl in includedir and libdir | ||
38 | # --without-readline do not support fancy command line editing | ||
39 | # --with-included-regex use the included GNU regex library | ||
40 | # --with-zlib=DIR use libz in DIR | ||
41 | # --with-bzip2=DIR look for bzip2 in DIR | ||
42 | # --enable-static-rnd=egd|unix|linux|auto | ||
43 | # --disable-dev-random disable the use of dev random | ||
44 | # --disable-asm do not use assembler modules | ||
45 | # --enable-m-guard enable memory guard facility | ||
46 | # --enable-selinux-support | ||
47 | # enable SELinux support | ||
48 | # --disable-card-support disable OpenPGP card support | ||
49 | # --disable-gnupg-iconv disable the new iconv code | ||
50 | # --enable-backsigs enable the experimental backsigs code | ||
51 | # --enable-minimal build the smallest gpg binary possible | ||
52 | # --disable-rsa disable the RSA public key algorithm | ||
53 | # --disable-idea disable the IDEA cipher | ||
54 | # --disable-cast5 disable the CAST5 cipher | ||
55 | # --disable-blowfish disable the BLOWFISH cipher | ||
56 | # --disable-aes disable the AES, AES192, and AES256 ciphers | ||
57 | # --disable-twofish disable the TWOFISH cipher | ||
58 | # --disable-sha256 disable the SHA-256 digest | ||
59 | # --disable-sha512 disable the SHA-384 and SHA-512 digests | ||
60 | # --disable-bzip2 disable the BZIP2 compression algorithm | ||
61 | # --disable-exec disable all external program execution | ||
62 | # --disable-photo-viewers disable photo ID viewers | ||
63 | # --disable-keyserver-helpers disable all external keyserver support | ||
64 | # --disable-ldap disable LDAP keyserver interface | ||
65 | # --disable-hkp disable HKP keyserver interface | ||
66 | # --disable-http disable HTTP key fetching interface | ||
67 | # --disable-finger disable Finger key fetching interface | ||
68 | # --disable-mailto disable email keyserver interface | ||
69 | # --disable-keyserver-path disable the exec-path option for keyserver helpers | ||
70 | # --enable-key-cache=SIZE Set key cache to SIZE (default 4096) | ||
71 | # --disable-largefile omit support for large files | ||
72 | # --disable-dns-srv disable the use of DNS SRV in HKP and HTTP | ||
73 | # --disable-nls do not use Native Language Support | ||
74 | # --disable-regex do not handle regular expressions in trust sigs | ||
75 | |||
76 | EXTRA_OECONF = "--disable-ldap \ | ||
77 | --with-zlib=${STAGING_LIBDIR}/.. \ | ||
78 | --with-bzip2=${STAGING_LIBDIR}/.. \ | ||
79 | --disable-selinux-support \ | ||
80 | --with-readline=${STAGING_LIBDIR}/.. \ | ||
81 | ac_cv_sys_symbol_underscore=no \ | ||
82 | " | ||
83 | |||
84 | # Force gcc's traditional handling of inline to avoid issues with gcc 5 | ||
85 | CFLAGS += "-fgnu89-inline" | ||
86 | |||
87 | do_install () { | ||
88 | autotools_do_install | ||
89 | install -d ${D}${docdir}/${BPN} | ||
90 | mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ || : | ||
91 | mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ || : | ||
92 | } | ||
93 | |||
94 | # split out gpgv from main package | ||
95 | RDEPENDS_${PN} = "gpgv" | ||
96 | PACKAGES =+ "gpgv" | ||
97 | FILES_gpgv = "${bindir}/gpgv" | ||
98 | |||
99 | # Exclude debug files from the main packages | ||
100 | FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*" | ||
101 | |||
102 | PACKAGECONFIG ??= "" | ||
103 | PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR},--without-libcurl,curl" | ||
104 | PACKAGECONFIG[libusb] = "--with-libusb=${STAGING_LIBDIR},--without-libusb,libusb-compat" | ||
diff --git a/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch b/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch deleted file mode 100644 index 3cbf549d48..0000000000 --- a/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch +++ /dev/null | |||
@@ -1,50 +0,0 @@ | |||
1 | It adds the variables that are needed | ||
2 | for autoconf 2.65 to reconfigure libiconv and defines the m4 macros | ||
3 | directory. Its imported from OE. | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | |||
7 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
8 | |||
9 | Index: libiconv-1.11.1/configure.ac | ||
10 | =================================================================== | ||
11 | --- libiconv-1.11.1.orig/configure.ac | ||
12 | +++ libiconv-1.11.1/configure.ac | ||
13 | @@ -23,7 +23,7 @@ AC_CONFIG_AUX_DIR(build-aux) | ||
14 | AM_INIT_AUTOMAKE(libiconv, 1.11) | ||
15 | AC_CONFIG_HEADERS(config.h lib/config.h) | ||
16 | AC_PROG_MAKE_SET | ||
17 | - | ||
18 | +AC_CONFIG_MACRO_DIR([m4]) | ||
19 | dnl checks for basic programs | ||
20 | |||
21 | AC_PROG_CC | ||
22 | Index: libiconv-1.11.1/libcharset/configure.ac | ||
23 | =================================================================== | ||
24 | --- libiconv-1.11.1.orig/libcharset/configure.ac | ||
25 | +++ libiconv-1.11.1/libcharset/configure.ac | ||
26 | @@ -16,17 +16,17 @@ dnl along with the GNU CHARSET Library; | ||
27 | dnl write to the Free Software Foundation, Inc., 51 Franklin Street, | ||
28 | dnl Fifth Floor, Boston, MA 02110-1301, USA. | ||
29 | |||
30 | -AC_PREREQ(2.13) | ||
31 | +AC_PREREQ(2.61) | ||
32 | +AC_INIT([libcharset],[1.4] ) | ||
33 | +AC_CONFIG_SRCDIR([lib/localcharset.c]) | ||
34 | |||
35 | -PACKAGE=libcharset | ||
36 | -VERSION=1.4 | ||
37 | - | ||
38 | -AC_INIT(lib/localcharset.c) | ||
39 | AC_CONFIG_AUX_DIR(build-aux) | ||
40 | AC_CONFIG_HEADER(config.h) | ||
41 | AC_PROG_MAKE_SET | ||
42 | -AC_SUBST(PACKAGE) | ||
43 | -AC_SUBST(VERSION) | ||
44 | +dnl AC_SUBST(PACKAGE) | ||
45 | +dnl AC_SUBST(VERSION) | ||
46 | + | ||
47 | +AC_CONFIG_MACRO_DIR([m4]) | ||
48 | |||
49 | dnl checks for basic programs | ||
50 | |||
diff --git a/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch b/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch deleted file mode 100644 index fb07f7366b..0000000000 --- a/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch +++ /dev/null | |||
@@ -1,26 +0,0 @@ | |||
1 | With libtool generating shared and static version of libraries needs -fPIC flags | ||
2 | without this it will not generate the commands to create shared linked library | ||
3 | Its more enforced by libtool 2.4. I have not checked it with older libtool | ||
4 | libiconv 1.11.x is relatively old release and libtool 2.4 did not exist when it | ||
5 | was released these kind of problem are more likely | ||
6 | |||
7 | Upstream-Status: Pending | ||
8 | |||
9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
10 | |||
11 | Index: libiconv-1.11.1/lib/Makefile.in | ||
12 | =================================================================== | ||
13 | --- libiconv-1.11.1.orig/lib/Makefile.in | ||
14 | +++ libiconv-1.11.1/lib/Makefile.in | ||
15 | @@ -70,9 +70,9 @@ preloadable_libiconv.so : preloadable_li | ||
16 | |||
17 | preloadable_libiconv_linux.so : $(SOURCES) | ||
18 | if test -n "@GCC@"; then \ | ||
19 | - $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -fPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -shared -o preloadable_libiconv_linux.so; \ | ||
20 | + $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -fPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -rpath $(libdir) -o libpreload_iconv.la && cp .libs/libpreload_iconv.so preloadable_libiconv_linux.so; \ | ||
21 | else \ | ||
22 | - $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -KPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -shared -o preloadable_libiconv_linux.so; \ | ||
23 | + $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -KPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -rpath $(libdir) -o libpreload_iconv.la && cp .libs/libpreload_iconv.so preloadable_libiconv_linux.so; \ | ||
24 | fi | ||
25 | |||
26 | preloadable_libiconv_solaris.so : $(SOURCES) | ||
diff --git a/meta/recipes-support/libiconv/libiconv_1.11.1.bb b/meta/recipes-support/libiconv/libiconv_1.11.1.bb deleted file mode 100644 index f28e64ae2e..0000000000 --- a/meta/recipes-support/libiconv/libiconv_1.11.1.bb +++ /dev/null | |||
@@ -1,47 +0,0 @@ | |||
1 | SUMMARY = "Character encoding support library" | ||
2 | DESCRIPTION = "GNU libiconv - libiconv is for you if your application needs to support \ | ||
3 | multiple character encodings, but that support lacks from your system." | ||
4 | HOMEPAGE = "http://www.gnu.org/software/libiconv" | ||
5 | SECTION = "libs" | ||
6 | NOTES = "Needs to be stripped down to: ascii iso8859-1 eucjp iso-2022jp gb utf8" | ||
7 | PROVIDES = "virtual/libiconv" | ||
8 | |||
9 | LICENSE = "LGPLv2.0" | ||
10 | LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674 \ | ||
11 | file://libcharset/COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674" | ||
12 | |||
13 | SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ | ||
14 | file://autoconf.patch \ | ||
15 | file://shared_preloadable_libiconv_linux.patch \ | ||
16 | " | ||
17 | |||
18 | SRC_URI[md5sum] = "d42b97f6ef5dd0ba4469d520ed732fed" | ||
19 | SRC_URI[sha256sum] = "e78c347a1a0cb15f2648519e9799151f4b4a934b61ad9ee7424478efe2b8257f" | ||
20 | |||
21 | S = "${WORKDIR}/libiconv-${PV}" | ||
22 | |||
23 | inherit autotools pkgconfig gettext | ||
24 | |||
25 | python __anonymous() { | ||
26 | if d.getVar("TCLIBC") == "glibc": | ||
27 | raise bb.parse.SkipPackage("libiconv is provided for use with uClibc only - glibc already provides iconv") | ||
28 | } | ||
29 | |||
30 | EXTRA_OECONF += "--enable-shared --enable-static --enable-relocatable" | ||
31 | |||
32 | LEAD_SONAME = "libiconv.so" | ||
33 | |||
34 | do_configure_prepend () { | ||
35 | rm -f ${S}/m4/libtool.m4 ${S}/m4/ltoptions.m4 ${S}/m4/ltsugar.m4 ${S}/m4/ltversion.m4 ${S}/m4/lt~obsolete.m4 ${S}/libcharset/m4/libtool.m4 ${S}/libcharset/m4/ltoptions.m4 ${S}/libcharset/m4/ltsugar.m4 ${S}/libcharset/m4/ltversion.m4 ${S}/libcharset/m4/lt~obsolete.m4 | ||
36 | } | ||
37 | |||
38 | do_configure_append () { | ||
39 | # forcibly remove RPATH from libtool | ||
40 | sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' *libtool | ||
41 | sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=_NO_RPATH_|g' *libtool | ||
42 | } | ||
43 | |||
44 | do_install_append () { | ||
45 | rm -rf ${D}${libdir}/preloadable_libiconv.so | ||
46 | rm -rf ${D}${libdir}/charset.alias | ||
47 | } | ||
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch deleted file mode 100644 index a956f426b8..0000000000 --- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch +++ /dev/null | |||
@@ -1,71 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d | ||
3 | |||
4 | CVE: CVE-2015-8803 | ||
5 | CVE: CVE-2015-8805 | ||
6 | |||
7 | Same fix for both. | ||
8 | |||
9 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
10 | |||
11 | Index: nettle-2.7.1/ecc-256.c | ||
12 | =================================================================== | ||
13 | --- nettle-2.7.1.orig/ecc-256.c | ||
14 | +++ nettle-2.7.1/ecc-256.c | ||
15 | @@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec | ||
16 | q2 += t + (q1 < t); | ||
17 | |||
18 | assert (q2 < 2); | ||
19 | + /* | ||
20 | + n-1 n-2 n-3 n-4 | ||
21 | + +---+---+---+---+ | ||
22 | + | u1| u0| u low | | ||
23 | + +---+---+---+---+ | ||
24 | + - | q1(2^96-1)| | ||
25 | + +-------+---+ | ||
26 | + |q2(2^.)| | ||
27 | + +-------+ | ||
28 | |||
29 | - /* We multiply by two low limbs of p, 2^96 - 1, so we could use | ||
30 | - shifts rather than mul. */ | ||
31 | + We multiply by two low limbs of p, 2^96 - 1, so we could use | ||
32 | + shifts rather than mul. | ||
33 | + */ | ||
34 | t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1); | ||
35 | t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1); | ||
36 | t += (-q2) & 0xffffffff; | ||
37 | @@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec | ||
38 | u0 -= t; | ||
39 | t = (u1 < cy); | ||
40 | u1 -= cy; | ||
41 | - u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3); | ||
42 | + | ||
43 | + cy = cnd_add_n (t, rp + n - 4, ecc->p, 2); | ||
44 | + u0 += cy; | ||
45 | + u1 += (u0 < cy); | ||
46 | u1 -= (-t) & 0xffffffff; | ||
47 | } | ||
48 | rp[2] = u0; | ||
49 | @@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec | ||
50 | |||
51 | /* Conditional add of p */ | ||
52 | u1 += t; | ||
53 | - u2 += (t<<32) + (u0 < t); | ||
54 | + u2 += (t<<32) + (u1 < t); | ||
55 | |||
56 | t = cnd_add_n (t, rp + n - 4, ecc->q, 2); | ||
57 | u1 += t; | ||
58 | Index: nettle-2.7.1/ChangeLog | ||
59 | =================================================================== | ||
60 | --- nettle-2.7.1.orig/ChangeLog | ||
61 | +++ nettle-2.7.1/ChangeLog | ||
62 | @@ -1,3 +1,9 @@ | ||
63 | +2015-12-10 Niels Möller <nisse@lysator.liu.se> | ||
64 | + | ||
65 | + * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem | ||
66 | + reported by Hanno Böck. | ||
67 | + (ecc_256_modq): Fixed another carry propagation bug. | ||
68 | + | ||
69 | 2013-05-28 Niels Möller <nisse@lysator.liu.se> | ||
70 | |||
71 | * Released nettle-2.7.1. | ||
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch deleted file mode 100644 index 73723a998d..0000000000 --- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch +++ /dev/null | |||
@@ -1,272 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7 | ||
3 | |||
4 | CVE: CVE-2015-8804 | ||
5 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
6 | |||
7 | Index: nettle-2.7.1/ChangeLog | ||
8 | =================================================================== | ||
9 | --- nettle-2.7.1.orig/ChangeLog | ||
10 | +++ nettle-2.7.1/ChangeLog | ||
11 | @@ -1,3 +1,11 @@ | ||
12 | +2015-12-15 Niels Möller <nisse@lysator.liu.se> | ||
13 | + | ||
14 | + * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem | ||
15 | + reported by Hanno Böck. Simplified the folding to always use | ||
16 | + non-negative carry, the old code attempted to add in a carry which | ||
17 | + could be either positive or negative, but didn't get that case | ||
18 | + right. | ||
19 | + | ||
20 | 2015-12-10 Niels Möller <nisse@lysator.liu.se> | ||
21 | |||
22 | * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem | ||
23 | Index: nettle-2.7.1/x86_64/ecc-384-modp.asm | ||
24 | =================================================================== | ||
25 | --- nettle-2.7.1.orig/x86_64/ecc-384-modp.asm | ||
26 | +++ nettle-2.7.1/x86_64/ecc-384-modp.asm | ||
27 | @@ -20,7 +20,7 @@ C MA 02111-1301, USA. | ||
28 | .file "ecc-384-modp.asm" | ||
29 | |||
30 | define(<RP>, <%rsi>) | ||
31 | -define(<D4>, <%rax>) | ||
32 | +define(<D5>, <%rax>) | ||
33 | define(<T0>, <%rbx>) | ||
34 | define(<T1>, <%rcx>) | ||
35 | define(<T2>, <%rdx>) | ||
36 | @@ -35,8 +35,8 @@ define(<H4>, <%r13>) | ||
37 | define(<H5>, <%r14>) | ||
38 | define(<C2>, <%r15>) | ||
39 | define(<C0>, H5) C Overlap | ||
40 | -define(<D0>, RP) C Overlap | ||
41 | -define(<TMP>, H4) C Overlap | ||
42 | +define(<TMP>, RP) C Overlap | ||
43 | + | ||
44 | |||
45 | PROLOGUE(nettle_ecc_384_modp) | ||
46 | W64_ENTRY(2, 0) | ||
47 | @@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp) | ||
48 | push %r14 | ||
49 | push %r15 | ||
50 | |||
51 | - C First get top 2 limbs, which need folding twice | ||
52 | + C First get top 2 limbs, which need folding twice. | ||
53 | + C B^10 = B^6 + B^4 + 2^32 (B-1)B^4. | ||
54 | + C We handle the terms as follow: | ||
55 | C | ||
56 | - C H5 H4 | ||
57 | - C -H5 | ||
58 | - C ------ | ||
59 | - C H0 D4 | ||
60 | + C B^6: Folded immediatly. | ||
61 | C | ||
62 | - C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32 | ||
63 | - C and add | ||
64 | + C B^4: Delayed, added in in the next folding. | ||
65 | C | ||
66 | - C H5 H4 | ||
67 | - C H1 H0 | ||
68 | - C ---------- | ||
69 | - C C2 H1 H0 | ||
70 | - | ||
71 | - mov 80(RP), D4 | ||
72 | - mov 88(RP), H0 | ||
73 | - mov D4, H4 | ||
74 | - mov H0, H5 | ||
75 | - sub H0, D4 | ||
76 | - sbb $0, H0 | ||
77 | - | ||
78 | - mov D4, T2 | ||
79 | - mov H0, H1 | ||
80 | - shl $32, H0 | ||
81 | - shr $32, T2 | ||
82 | + C 2^32(B-1) B^4: Low half limb delayed until the next | ||
83 | + C folding. Top 1.5 limbs subtracted and shifter now, resulting | ||
84 | + C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added | ||
85 | + C in. | ||
86 | + | ||
87 | + mov 80(RP), H4 | ||
88 | + mov 88(RP), H5 | ||
89 | + C Shift right 32 bits, into H1, H0 | ||
90 | + mov H4, H0 | ||
91 | + mov H5, H1 | ||
92 | + mov H5, D5 | ||
93 | shr $32, H1 | ||
94 | - or T2, H0 | ||
95 | + shl $32, D5 | ||
96 | + shr $32, H0 | ||
97 | + or D5, H0 | ||
98 | + | ||
99 | + C H1 H0 | ||
100 | + C - H1 H0 | ||
101 | + C -------- | ||
102 | + C H1 H0 D5 | ||
103 | + mov H0, D5 | ||
104 | + neg D5 | ||
105 | + sbb H1, H0 | ||
106 | + sbb $0, H1 | ||
107 | |||
108 | xor C2, C2 | ||
109 | add H4, H0 | ||
110 | @@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp) | ||
111 | adc H3, T5 | ||
112 | adc $0, C0 | ||
113 | |||
114 | - C H3 H2 H1 H0 0 | ||
115 | - C - H4 H3 H2 H1 H0 | ||
116 | - C --------------- | ||
117 | - C H3 H2 H1 H0 D0 | ||
118 | - | ||
119 | - mov XREG(D4), XREG(D4) | ||
120 | - mov H0, D0 | ||
121 | - neg D0 | ||
122 | - sbb H1, H0 | ||
123 | - sbb H2, H1 | ||
124 | - sbb H3, H2 | ||
125 | - sbb H4, H3 | ||
126 | - sbb $0, D4 | ||
127 | - | ||
128 | - C Shift right. High bits are sign, to be added to C0. | ||
129 | - mov D4, TMP | ||
130 | - sar $32, TMP | ||
131 | - shl $32, D4 | ||
132 | - add TMP, C0 | ||
133 | - | ||
134 | + C Shift left, including low half of H4 | ||
135 | mov H3, TMP | ||
136 | + shl $32, H4 | ||
137 | shr $32, TMP | ||
138 | - shl $32, H3 | ||
139 | - or TMP, D4 | ||
140 | + or TMP, H4 | ||
141 | |||
142 | mov H2, TMP | ||
143 | + shl $32, H3 | ||
144 | shr $32, TMP | ||
145 | - shl $32, H2 | ||
146 | or TMP, H3 | ||
147 | |||
148 | mov H1, TMP | ||
149 | + shl $32, H2 | ||
150 | shr $32, TMP | ||
151 | - shl $32, H1 | ||
152 | or TMP, H2 | ||
153 | |||
154 | mov H0, TMP | ||
155 | + shl $32, H1 | ||
156 | shr $32, TMP | ||
157 | - shl $32, H0 | ||
158 | or TMP, H1 | ||
159 | |||
160 | - mov D0, TMP | ||
161 | - shr $32, TMP | ||
162 | - shl $32, D0 | ||
163 | - or TMP, H0 | ||
164 | + shl $32, H0 | ||
165 | + | ||
166 | + C H4 H3 H2 H1 H0 0 | ||
167 | + C - H4 H3 H2 H1 H0 | ||
168 | + C --------------- | ||
169 | + C H4 H3 H2 H1 H0 TMP | ||
170 | |||
171 | - add D0, T0 | ||
172 | + mov H0, TMP | ||
173 | + neg TMP | ||
174 | + sbb H1, H0 | ||
175 | + sbb H2, H1 | ||
176 | + sbb H3, H2 | ||
177 | + sbb H4, H3 | ||
178 | + sbb $0, H4 | ||
179 | + | ||
180 | + add TMP, T0 | ||
181 | adc H0, T1 | ||
182 | adc H1, T2 | ||
183 | adc H2, T3 | ||
184 | adc H3, T4 | ||
185 | - adc D4, T5 | ||
186 | + adc H4, T5 | ||
187 | adc $0, C0 | ||
188 | |||
189 | C Remains to add in C2 and C0 | ||
190 | - C C0 C0<<32 (-2^32+1)C0 | ||
191 | - C C2 C2<<32 (-2^32+1)C2 | ||
192 | - C where C2 is always positive, while C0 may be -1. | ||
193 | + C Set H1, H0 = (2^96 - 2^32 + 1) C0 | ||
194 | mov C0, H0 | ||
195 | mov C0, H1 | ||
196 | - mov C0, H2 | ||
197 | - sar $63, C0 C Get sign | ||
198 | shl $32, H1 | ||
199 | - sub H1, H0 C Gives borrow iff C0 > 0 | ||
200 | + sub H1, H0 | ||
201 | sbb $0, H1 | ||
202 | - add C0, H2 | ||
203 | |||
204 | + C Set H3, H2 = (2^96 - 2^32 + 1) C2 | ||
205 | + mov C2, H2 | ||
206 | + mov C2, H3 | ||
207 | + shl $32, H3 | ||
208 | + sub H3, H2 | ||
209 | + sbb $0, H3 | ||
210 | + add C0, H2 C No carry. Could use lea trick | ||
211 | + | ||
212 | + xor C0, C0 | ||
213 | add H0, T0 | ||
214 | adc H1, T1 | ||
215 | - adc $0, H2 | ||
216 | - adc $0, C0 | ||
217 | - | ||
218 | - C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1 | ||
219 | - mov C2, H0 | ||
220 | - mov C2, H1 | ||
221 | - shl $32, H1 | ||
222 | - sub H1, H0 | ||
223 | - sbb $0, H1 | ||
224 | - | ||
225 | - add H2, H0 | ||
226 | - adc C0, H1 | ||
227 | - adc C2, C0 | ||
228 | - mov C0, H2 | ||
229 | - sar $63, C0 | ||
230 | - add H0, T2 | ||
231 | - adc H1, T3 | ||
232 | - adc H2, T4 | ||
233 | - adc C0, T5 | ||
234 | - sbb C0, C0 | ||
235 | + adc H2, T2 | ||
236 | + adc H3, T3 | ||
237 | + adc C2, T4 | ||
238 | + adc D5, T5 C Value delayed from initial folding | ||
239 | + adc $0, C0 C Use sbb and switch sign? | ||
240 | |||
241 | C Final unlikely carry | ||
242 | mov C0, H0 | ||
243 | mov C0, H1 | ||
244 | - mov C0, H2 | ||
245 | - sar $63, C0 | ||
246 | shl $32, H1 | ||
247 | sub H1, H0 | ||
248 | sbb $0, H1 | ||
249 | - add C0, H2 | ||
250 | |||
251 | pop RP | ||
252 | |||
253 | - sub H0, T0 | ||
254 | + add H0, T0 | ||
255 | mov T0, (RP) | ||
256 | - sbb H1, T1 | ||
257 | + adc H1, T1 | ||
258 | mov T1, 8(RP) | ||
259 | - sbb H2, T2 | ||
260 | + adc C0, T2 | ||
261 | mov T2, 16(RP) | ||
262 | - sbb C0, T3 | ||
263 | + adc $0, T3 | ||
264 | mov T3, 24(RP) | ||
265 | - sbb C0, T4 | ||
266 | + adc $0, T4 | ||
267 | mov T4, 32(RP) | ||
268 | - sbb C0, T5 | ||
269 | + adc $0, T5 | ||
270 | mov T5, 40(RP) | ||
271 | |||
272 | pop %r15 | ||
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch b/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch deleted file mode 100644 index 38d9107ce7..0000000000 --- a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | From c369dd7049f5a198f8b6c96fde6e294ce5146c2f Mon Sep 17 00:00:00 2001 | ||
2 | From: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
3 | Date: Fri, 9 Dec 2016 16:16:45 +0800 | ||
4 | Subject: [PATCH] nettle: check header files of openssl only if | ||
5 | 'enable_openssl=yes'. | ||
6 | |||
7 | The original configure script checks openssl header files to generate | ||
8 | config.h even if 'enable_openssl' is not set to yes, this made inconsistent | ||
9 | building for nettle. | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
13 | --- | ||
14 | configure.ac | 8 +++++--- | ||
15 | 1 file changed, 5 insertions(+), 3 deletions(-) | ||
16 | |||
17 | diff --git a/configure.ac b/configure.ac | ||
18 | index 78a3d4e..4f16a98 100644 | ||
19 | --- a/configure.ac | ||
20 | +++ b/configure.ac | ||
21 | @@ -603,9 +603,11 @@ AC_CHECK_ALIGNOF(uint64_t) | ||
22 | ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t" | ||
23 | AC_SUBST(ALIGNOF_UINT64_T) | ||
24 | |||
25 | -AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],, | ||
26 | -[enable_openssl=no | ||
27 | - break]) | ||
28 | +if test "x$enable_openssl" = "xyes"; then | ||
29 | + AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],, | ||
30 | + [enable_openssl=no | ||
31 | + break]) | ||
32 | +fi | ||
33 | |||
34 | LSH_FUNC_ALLOCA | ||
35 | LSH_FUNC_STRERROR | ||
36 | -- | ||
37 | 1.9.1 | ||
38 | |||
diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb deleted file mode 100644 index 2006146cfe..0000000000 --- a/meta/recipes-support/nettle/nettle_2.7.1.bb +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | require nettle.inc | ||
2 | |||
3 | LICENSE = "LGPLv2.1+ & GPLv2" | ||
4 | LICENSE_${PN} = "LGPLv2.1+" | ||
5 | |||
6 | LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ | ||
7 | file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \ | ||
8 | file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d" | ||
9 | |||
10 | SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5" | ||
11 | SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40" | ||
12 | |||
13 | SRC_URI += "\ | ||
14 | file://CVE-2015-8803_8805.patch \ | ||
15 | file://CVE-2015-8804.patch \ | ||
16 | file://check-header-files-of-openssl-only-if-enable_.patch \ | ||
17 | " | ||
18 | |||
19 | DISABLE_STATIC = "" | ||