summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:04:08 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-07 20:05:31 +0000
commit2345af9b4829ed3eed5abf60f2483055649f8af7 (patch)
tree96a9a31e4b1957b93c4fe3eb669117d2752caf0d /meta/recipes-support
parentc4901328fe5cf912c0965e5b011b64a95a9bcb9d (diff)
downloadpoky-2345af9b4829ed3eed5abf60f2483055649f8af7.tar.gz
recipes: Move out stale GPLv2 versions to a seperate layeruninative-1.5
These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. (From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r--meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch22
-rw-r--r--meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch22
-rw-r--r--meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch60
-rw-r--r--meta/recipes-support/gdbm/gdbm_1.8.3.bb30
-rw-r--r--meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch36
-rw-r--r--meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch57
-rw-r--r--meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch56
-rw-r--r--meta/recipes-support/gmp/gmp_4.2.1.bb17
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch63
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch45
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch154
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch64
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch17
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch27
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch19
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch50
-rw-r--r--meta/recipes-support/gnupg/gnupg_1.4.7.bb104
-rw-r--r--meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch50
-rw-r--r--meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch26
-rw-r--r--meta/recipes-support/libiconv/libiconv_1.11.1.bb47
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch71
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch272
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch38
-rw-r--r--meta/recipes-support/nettle/nettle_2.7.1.bb19
24 files changed, 0 insertions, 1366 deletions
diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch
deleted file mode 100644
index d3cb43b9b9..0000000000
--- a/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch
+++ /dev/null
@@ -1,22 +0,0 @@
1Obey LDFLAGS
2
3Signed-off-by: Christopher Larson <chris_larson@mentor.com>
4Upstream-Status: Inappropriate [old version]
5
6--- gdbm-1.8.3.orig/Makefile.in
7+++ gdbm-1.8.3/Makefile.in
8@@ -156,12 +156,12 @@ install-compat:
9
10 libgdbm.la: $(LOBJS) gdbm.h
11 rm -f libgdbm.la
12- $(LIBTOOL) --mode=link $(CC) -o libgdbm.la -rpath $(libdir) \
13+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm.la -rpath $(libdir) \
14 -version-info $(SHLIB_VER) $(LOBJS)
15
16 libgdbm_compat.la: $(C_LOBJS) gdbm.h
17 rm -f libgdbm_compat.la
18- $(LIBTOOL) --mode=link $(CC) -o libgdbm_compat.la -rpath $(libdir) \
19+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm_compat.la -rpath $(libdir) \
20 -version-info $(SHLIB_VER) $(C_LOBJS)
21
22 gdbm.h: gdbm.proto gdbmerrno.h gdbm.proto2
diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch
deleted file mode 100644
index 0f9d04f4a1..0000000000
--- a/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch
+++ /dev/null
@@ -1,22 +0,0 @@
1Upstream-Status: Pending
2
3--- gdbm-1.8.3/Makefile.in.orig 2006-02-16 15:17:25.000000000 +0000
4+++ gdbm-1.8.3/Makefile.in 2006-02-16 15:18:08.000000000 +0000
5@@ -131,7 +131,7 @@
6 $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \
7 $(DESTDIR)$(includedir) $(DESTDIR)$(man3dir) \
8 $(DESTDIR)$(infodir)
9- $(LIBTOOL) $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la
10+ $(LIBTOOL) --mode=install $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la
11 $(INSTALL_DATA) gdbm.h \
12 $(DESTDIR)$(includedir)/gdbm.h
13 $(INSTALL_DATA) $(srcdir)/gdbm.3 \
14@@ -142,7 +142,7 @@
15 install-compat:
16 $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \
17 $(DESTDIR)$(includedir)
18- $(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \
19+ $(LIBTOOL) --mode=install $(INSTALL) -c libgdbm_compat.la \
20 $(DESTDIR)$(libdir)/libgdbm_compat.la
21 $(INSTALL_DATA) $(srcdir)/dbm.h \
22 $(DESTDIR)$(includedir)/dbm.h
diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch
deleted file mode 100644
index 369145c410..0000000000
--- a/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch
+++ /dev/null
@@ -1,60 +0,0 @@
1Upstream-Status: Pending
2
3#
4# Patch managed by http://www.mn-logistik.de/unsupported/pxa250/patcher
5#
6
7--- gdbm-1.8.3/Makefile.in~makefile
8+++ gdbm-1.8.3/Makefile.in
9@@ -22,6 +22,7 @@
10 TEXI2DVI = texi2dvi
11
12 DEFS =
13+DESTDIR =
14
15 # Where the system [n]dbm routines are...
16 LIBS = @LIBS@ -lc
17@@ -127,26 +128,26 @@
18 progs: $(PROGS)
19
20 install: libgdbm.la gdbm.h gdbm.info
21- $(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \
22- $(INSTALL_ROOT)$(includedir) $(INSTALL_ROOT)$(man3dir) \
23- $(INSTALL_ROOT)$(infodir)
24- $(LIBTOOL) $(INSTALL) -c libgdbm.la $(INSTALL_ROOT)$(libdir)/libgdbm.la
25- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) gdbm.h \
26- $(INSTALL_ROOT)$(includedir)/gdbm.h
27- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.3 \
28- $(INSTALL_ROOT)$(man3dir)/gdbm.3
29- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.info \
30- $(INSTALL_ROOT)$(infodir)/gdbm.info
31+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \
32+ $(DESTDIR)$(includedir) $(DESTDIR)$(man3dir) \
33+ $(DESTDIR)$(infodir)
34+ $(LIBTOOL) $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la
35+ $(INSTALL_DATA) gdbm.h \
36+ $(DESTDIR)$(includedir)/gdbm.h
37+ $(INSTALL_DATA) $(srcdir)/gdbm.3 \
38+ $(DESTDIR)$(man3dir)/gdbm.3
39+ $(INSTALL_DATA) $(srcdir)/gdbm.info \
40+ $(DESTDIR)$(infodir)/gdbm.info
41
42 install-compat:
43- $(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \
44- $(INSTALL_ROOT)$(includedir)
45+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \
46+ $(DESTDIR)$(includedir)
47 $(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \
48- $(INSTALL_ROOT)$(libdir)/libgdbm_compat.la
49- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/dbm.h \
50- $(INSTALL_ROOT)$(includedir)/dbm.h
51- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/ndbm.h \
52- $(INSTALL_ROOT)$(includedir)/ndbm.h
53+ $(DESTDIR)$(libdir)/libgdbm_compat.la
54+ $(INSTALL_DATA) $(srcdir)/dbm.h \
55+ $(DESTDIR)$(includedir)/dbm.h
56+ $(INSTALL_DATA) $(srcdir)/ndbm.h \
57+ $(DESTDIR)$(includedir)/ndbm.h
58
59 #libgdbm.a: $(OBJS) gdbm.h
60 # rm -f libgdbm.a
diff --git a/meta/recipes-support/gdbm/gdbm_1.8.3.bb b/meta/recipes-support/gdbm/gdbm_1.8.3.bb
deleted file mode 100644
index b253dc1447..0000000000
--- a/meta/recipes-support/gdbm/gdbm_1.8.3.bb
+++ /dev/null
@@ -1,30 +0,0 @@
1SUMMARY = "Key/value database library with extensible hashing"
2HOMEPAGE = "http://www.gnu.org/software/gdbm/"
3SECTION = "libs"
4LICENSE = "GPLv2+"
5LIC_FILES_CHKSUM = "file://COPYING;md5=d8e20eece214df8ef953ed5857862150"
6
7PR = "r4"
8
9SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \
10 file://makefile.patch \
11 file://libtool-mode.patch \
12 file://ldflags.patch"
13
14SRC_URI[md5sum] = "1d1b1d5c0245b1c00aff92da751e9aa1"
15SRC_URI[sha256sum] = "cc340338a2e28b40058ab9eb5354a21d53f88a1582ea21ba0bb185c37a281dc9"
16
17inherit autotools texinfo
18
19BBCLASSEXTEND = "native nativesdk"
20
21do_install_append () {
22 oe_runmake install-compat DESTDIR=${D}
23 install -d ${D}${includedir}/gdbm
24 install -m 0644 ${S}/dbm.h ${D}${includedir}/
25 install -m 0644 ${S}/ndbm.h ${D}${includedir}/
26 # Create a symlink to ndbm.h and gdbm.h in include/gdbm to let other packages to find
27 # these headers
28 ln -sf ../ndbm.h ${D}/${includedir}/gdbm/ndbm.h
29 ln -sf ../gdbm.h ${D}/${includedir}/gdbm/gdbm.h
30}
diff --git a/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch b/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch
deleted file mode 100644
index 627d71aba9..0000000000
--- a/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1From 3cb33502bafd04b8ad4ca3454fab16d5ff313297 Mon Sep 17 00:00:00 2001
2From: Jussi Kukkonen <jussi.kukkonen@intel.com>
3Date: Tue, 22 Sep 2015 13:16:23 +0300
4Subject: [PATCH] Use __gnu_inline__ attribute
5
6gcc5 uses C11 inline rules. This means the old "extern inline"
7semantics are not available without a special attribute.
8
9See: https://gcc.gnu.org/gcc-5/porting_to.html
10
11Upstream-Status: Inappropriate [Fixed in current versions]
12Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
13---
14 gmp-h.in | 5 ++++-
15 1 file changed, 4 insertions(+), 1 deletion(-)
16
17diff --git a/gmp-h.in b/gmp-h.in
18index eed6fe4..361dd1d 100644
19--- a/gmp-h.in
20+++ b/gmp-h.in
21@@ -419,8 +419,11 @@ typedef __mpq_struct *mpq_ptr;
22 /* gcc has __inline__ in all modes, including strict ansi. Give a prototype
23 for an inline too, so as to correctly specify "dllimport" on windows, in
24 case the function is called rather than inlined. */
25+
26+/* Use __gnu_inline__ attribute: later gcc uses different "extern inline"
27+ behaviour */
28 #ifdef __GNUC__
29-#define __GMP_EXTERN_INLINE extern __inline__
30+#define __GMP_EXTERN_INLINE extern __inline__ __attribute__ ((__gnu_inline__))
31 #define __GMP_INLINE_PROTOTYPES 1
32 #endif
33
34--
352.1.4
36
diff --git a/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch b/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch
deleted file mode 100644
index 6da0be9ca0..0000000000
--- a/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch
+++ /dev/null
@@ -1,57 +0,0 @@
1From d50686de0406a88ef9112f5252103f799982e84a Mon Sep 17 00:00:00 2001
2From: Andre McCurdy <armccurdy@gmail.com>
3Date: Thu, 4 Feb 2016 14:00:00 -0800
4Subject: [PATCH] avoid h asm constraint for MIPS
5
6The h asm constrain (to extract the high part of a multiplication
7result) has not been recognised since gcc 4.4:
8
9 https://gcc.gnu.org/gcc-4.4/changes.html
10
11Drop the MIPS umul_ppmm() implementations which rely on "=h" and fall
12back to the older implementations (which use explicit mfhi and mflo
13instructions to move the high and low parts of the multiplication
14result into their destinations).
15
16Upstream-Status: Inappropriate [upstream has a different solution]
17
18Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
19---
20 longlong.h | 10 ----------
21 1 file changed, 10 deletions(-)
22
23diff --git a/longlong.h b/longlong.h
24index b53fbee..0193abb 100644
25--- a/longlong.h
26+++ b/longlong.h
27@@ -1011,27 +1011,17 @@ extern UWtype __MPN(udiv_qrnnd) _PROTO ((UWtype *, UWtype, UWtype, UWtype));
28 #endif /* __m88000__ */
29
30 #if defined (__mips) && W_TYPE_SIZE == 32
31-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
32-#define umul_ppmm(w1, w0, u, v) \
33- __asm__ ("multu %2,%3" : "=l" (w0), "=h" (w1) : "d" (u), "d" (v))
34-#else
35 #define umul_ppmm(w1, w0, u, v) \
36 __asm__ ("multu %2,%3\n\tmflo %0\n\tmfhi %1" \
37 : "=d" (w0), "=d" (w1) : "d" (u), "d" (v))
38-#endif
39 #define UMUL_TIME 10
40 #define UDIV_TIME 100
41 #endif /* __mips */
42
43 #if (defined (__mips) && __mips >= 3) && W_TYPE_SIZE == 64
44-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
45-#define umul_ppmm(w1, w0, u, v) \
46- __asm__ ("dmultu %2,%3" : "=l" (w0), "=h" (w1) : "d" (u), "d" (v))
47-#else
48 #define umul_ppmm(w1, w0, u, v) \
49 __asm__ ("dmultu %2,%3\n\tmflo %0\n\tmfhi %1" \
50 : "=d" (w0), "=d" (w1) : "d" (u), "d" (v))
51-#endif
52 #define UMUL_TIME 20
53 #define UDIV_TIME 140
54 #endif /* __mips */
55--
561.9.1
57
diff --git a/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch b/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch
deleted file mode 100644
index 26fd8ef8bc..0000000000
--- a/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch
+++ /dev/null
@@ -1,56 +0,0 @@
1automake 1.12 has depricated automatic de-ANSI-fication support
2
3this patch avoids these kinds of errors:
4
5| configure.in:2240: error: automatic de-ANSI-fication support has been removed
6| Makefile.am:28: error: automatic de-ANSI-fication support has been removed
7
8Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
92012/05/02
10
11
12This patch was removed in f181c6ce8b3 when gmp 4.2.1 was mistakenly
13dropped.
14
15Upstream is not interested in patches for ancient versions.
16
17Upstream-Status: Inappropriate
18Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
19
20
21Index: gmp-4.2.1/configure.in
22===================================================================
23--- gmp-4.2.1.orig/configure.in
24+++ gmp-4.2.1/configure.in
25@@ -67,7 +67,7 @@ dnl
26 dnl Note that there's a copy of these options in the top-level Makefile.am,
27 dnl so update there too if changing anything.
28 dnl
29-AM_INIT_AUTOMAKE([1.8 gnu no-dependencies $(top_builddir)/ansi2knr])
30+AM_INIT_AUTOMAKE([1.8 gnu no-dependencies])
31 AM_CONFIG_HEADER(config.h:config.in)
32 AM_MAINTAINER_MODE
33
34@@ -2022,9 +2022,6 @@ fi
35 echo " MPN_PATH=\"$path\""
36
37
38-# Automake ansi2knr support.
39-AM_C_PROTOTYPES
40-
41 GMP_PROG_AR
42 GMP_PROG_NM
43
44Index: gmp-4.2.1/Makefile.am
45===================================================================
46--- gmp-4.2.1.orig/Makefile.am
47+++ gmp-4.2.1/Makefile.am
48@@ -27,7 +27,7 @@
49 # Makefiles in subdirectories, but here we must omit it so automake gives
50 # the actual ansi2knr build rule, not "cd $(top_builddir) && make ansi2knr".
51 #
52-AUTOMAKE_OPTIONS = 1.8 gnu no-dependencies ansi2knr
53+AUTOMAKE_OPTIONS = 1.8 gnu no-dependencies
54
55
56 # Libtool -version-info for libgmp.la and libmp.la. See "Versioning" in the
diff --git a/meta/recipes-support/gmp/gmp_4.2.1.bb b/meta/recipes-support/gmp/gmp_4.2.1.bb
deleted file mode 100644
index 5e8ee29f36..0000000000
--- a/meta/recipes-support/gmp/gmp_4.2.1.bb
+++ /dev/null
@@ -1,17 +0,0 @@
1require gmp.inc
2
3LICENSE = "LGPLv2.1+ & GPLv2+"
4LICENSE_${PN} = "LGPLv2.1+"
5
6LIC_FILES_CHKSUM = "file://COPYING;md5=892f569a555ba9c07a568a7c0c4fa63a \
7 file://COPYING.LIB;md5=fbc093901857fcd118f065f900982c24 \
8 file://gmp-h.in;beginline=6;endline=21;md5=e056f74a12c3277d730dbcfb85d2ca34"
9
10SRC_URI = "https://gmplib.org/download/${BPN}/archive/${BP}.tar.bz2 \
11 file://Use-__gnu_inline__-attribute.patch \
12 file://gmp_fix_for_automake-1.12.patch \
13 file://avoid-h-asm-constraint-for-MIPS.patch \
14"
15
16SRC_URI[md5sum] = "091c56e0e1cca6b09b17b69d47ef18e3"
17SRC_URI[sha256sum] = "d07ffcb37eecec35c5ec72516d10b35fdf6e6fef1fcf1dcd37e30b8cbf8bf941"
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
deleted file mode 100644
index f0667741c8..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
+++ /dev/null
@@ -1,63 +0,0 @@
1From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001
2From: Werner Koch <wk@gnupg.org>
3Date: Thu, 25 Jul 2013 11:17:52 +0200
4Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret
5 exponents.
6
7commit e2202ff2b704623efc6277fb5256e4e15bac5676 from
8git://git.gnupg.org/libgcrypt.git
9
10* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
11exponents in secure memory.
12
13Upstream-Status: Backport
14CVE: CVE-2013-4242
15
16Signed-off-by: Kai Kang <kai.kang@windriver.com>
17--
18
19The attack is published as http://eprint.iacr.org/2013/448 :
20
21Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
22Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
23
24 Flush+Reload is a cache side-channel attack that monitors access to
25 data in shared pages. In this paper we demonstrate how to use the
26 attack to extract private encryption keys from GnuPG. The high
27 resolution and low noise of the Flush+Reload attack enables a spy
28 program to recover over 98% of the bits of the private key in a
29 single decryption or signing round. Unlike previous attacks, the
30 attack targets the last level L3 cache. Consequently, the spy
31 program and the victim do not need to share the execution core of
32 the CPU. The attack is not limited to a traditional OS and can be
33 used in a virtualised environment, where it can attack programs
34 executing in a different VM.
35
36Index: gnupg-1.4.7/mpi/mpi-pow.c
37===================================================================
38--- gnupg-1.4.7.orig/mpi/mpi-pow.c
39+++ gnupg-1.4.7/mpi/mpi-pow.c
40@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen
41 tp = rp; rp = xp; xp = tp;
42 rsize = xsize;
43
44- if( (mpi_limb_signed_t)e < 0 ) {
45+ /* To mitigate the Yarom/Falkner flush+reload cache
46+ * side-channel attack on the RSA secret exponent, we do
47+ * the multiplication regardless of the value of the
48+ * high-bit of E. But to avoid this performance penalty
49+ * we do it only if the exponent has been stored in secure
50+ * memory and we can thus assume it is a secret exponent. */
51+ if (esec || (mpi_limb_signed_t)e < 0) {
52 /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/
53 if( bsize < KARATSUBA_THRESHOLD ) {
54 mpihelp_mul( xp, rp, rsize, bp, bsize );
55@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen
56 mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
57 xsize = msize;
58 }
59+ }
60+ if ( (mpi_limb_signed_t)e < 0 ) {
61
62 tp = rp; rp = xp; xp = tp;
63 rsize = xsize;
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
deleted file mode 100644
index b50a32f40c..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1Upstream-Status: Backport
2CVE: CVE-2013-4351
3
4Index: gnupg-1.4.7/g10/getkey.c
5===================================================================
6--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
7+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
8@@ -1454,7 +1454,11 @@
9
10 if(flags)
11 key_usage |= PUBKEY_USAGE_UNKNOWN;
12+ if (!key_usage)
13+ key_usage |= PUBKEY_USAGE_NONE;
14 }
15+ else if (p)
16+ key_usage |= PUBKEY_USAGE_NONE;
17
18 /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
19 capability that we do not handle. This serves to distinguish
20Index: gnupg-1.4.7/g10/keygen.c
21===================================================================
22--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
23+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
24@@ -209,9 +209,6 @@
25 if (use & PUBKEY_USAGE_AUTH)
26 buf[0] |= 0x20;
27
28- if (!buf[0])
29- return;
30-
31 build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
32 }
33
34Index: gnupg-1.4.7/include/cipher.h
35===================================================================
36--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
37+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
38@@ -52,6 +52,7 @@
39 #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
40 #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
41 #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
42+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
43
44 #define DIGEST_ALGO_MD5 1
45 #define DIGEST_ALGO_SHA1 2
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
deleted file mode 100644
index 5dcde1f9cb..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
+++ /dev/null
@@ -1,154 +0,0 @@
1Upstream-Status: Backport
2CVE: CVE-2013-4576
3
4Index: gnupg-1.4.7/cipher/dsa.c
5===================================================================
6--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800
7+++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800
8@@ -287,6 +287,8 @@
9 MPI kinv;
10 MPI tmp;
11
12+ mpi_normalize (hash);
13+
14 /* select a random k with 0 < k < q */
15 k = gen_k( skey->q );
16
17Index: gnupg-1.4.7/cipher/elgamal.c
18===================================================================
19--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800
20+++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800
21@@ -376,6 +376,9 @@
22 {
23 MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
24
25+ mpi_normalize (a);
26+ mpi_normalize (b);
27+
28 /* output = b/(a^x) mod p */
29 mpi_powm( t1, a, skey->x, skey->p );
30 mpi_invm( t1, t1, skey->p );
31Index: gnupg-1.4.7/cipher/random.c
32===================================================================
33--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800
34+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
35@@ -273,6 +273,18 @@
36 }
37
38
39+/* Randomize the MPI */
40+void
41+randomize_mpi (MPI mpi, size_t nbits, int level)
42+{
43+ unsigned char *buffer;
44+
45+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
46+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
47+ xfree (buffer);
48+}
49+
50+
51 int
52 random_is_faked()
53 {
54Index: gnupg-1.4.7/cipher/random.h
55===================================================================
56--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800
57+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
58@@ -32,6 +32,7 @@
59 int random_is_faked(void);
60 void random_disable_locking (void);
61 void randomize_buffer( byte *buffer, size_t length, int level );
62+void randomize_mpi (MPI mpi, size_t nbits, int level);
63 byte *get_random_bits( size_t nbits, int level, int secure );
64 void fast_random_poll( void );
65
66Index: gnupg-1.4.7/cipher/rsa.c
67===================================================================
68--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800
69+++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800
70@@ -301,9 +301,26 @@
71 #if 0
72 mpi_powm( output, input, skey->d, skey->n );
73 #else
74- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
75- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
76- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
77+ int nlimbs = mpi_get_nlimbs (skey->n)+1;
78+ MPI m1 = mpi_alloc_secure (nlimbs);
79+ MPI m2 = mpi_alloc_secure (nlimbs);
80+ MPI h = mpi_alloc_secure (nlimbs);
81+# if 1
82+ MPI bdata= mpi_alloc_secure (nlimbs);
83+ MPI r = mpi_alloc_secure (nlimbs);
84+# endif
85+
86+ /* Remove superfluous leading zeroes from INPUT. */
87+ mpi_normalize (input);
88+
89+# if 1
90+ /* Blind: bdata = (data * r^e) mod n */
91+ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
92+ mpi_fdiv_r (r, r, skey->n);
93+ mpi_powm (bdata, r, skey->e, skey->n);
94+ mpi_mulm (bdata, bdata, input, skey->n);
95+ input = bdata;
96+# endif
97
98 /* m1 = c ^ (d mod (p-1)) mod p */
99 mpi_sub_ui( h, skey->p, 1 );
100@@ -321,8 +338,15 @@
101 /* m = m2 + h * p */
102 mpi_mul ( h, h, skey->p );
103 mpi_add ( output, m1, h );
104- /* ready */
105-
106+
107+# if 1
108+ mpi_free (bdata);
109+ /* Unblind: output = (output * r^(-1)) mod n */
110+ mpi_invm (r, r, skey->n);
111+ mpi_mulm (output, output, r, skey->n);
112+ mpi_free (r);
113+# endif
114+
115 mpi_free ( h );
116 mpi_free ( m1 );
117 mpi_free ( m2 );
118@@ -397,6 +421,7 @@
119 rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
120 {
121 RSA_secret_key sk;
122+ MPI input;
123
124 if( algo != 1 && algo != 2 )
125 return G10ERR_PUBKEY_ALGO;
126@@ -407,8 +432,14 @@
127 sk.p = skey[3];
128 sk.q = skey[4];
129 sk.u = skey[5];
130- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
131- secret( *result, data[0], &sk );
132+
133+ /* Mitigates side-channel attacks (CVE-2013-4576). */
134+ input = mpi_alloc (0);
135+ mpi_normalize (data[0]);
136+ mpi_fdiv_r (input, data[0], sk.n);
137+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
138+ secret (*result, input, &sk);
139+ mpi_free (input);
140 return 0;
141 }
142
143Index: gnupg-1.4.7/g10/gpgv.c
144===================================================================
145--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
146+++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800
147@@ -390,6 +390,7 @@
148 void random_dump_stats(void) {}
149 int quick_random_gen( int onoff ) { return -1;}
150 void randomize_buffer( byte *buffer, size_t length, int level ) {}
151+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
152 int random_is_faked() { return -1;}
153 byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
154 void set_random_seed_file( const char *name ) {}
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
deleted file mode 100644
index 362717636b..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
+++ /dev/null
@@ -1,64 +0,0 @@
1commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
2Author: Werner Koch <wk@gnupg.org>
3Date: Thu Dec 20 09:43:41 2012 +0100
4
5 gpg: Import only packets which are allowed in a keyblock.
6
7 * g10/import.c (valid_keyblock_packet): New.
8 (read_block): Store only valid packets.
9 --
10
11 A corrupted key, which for example included a mangled public key
12 encrypted packet, used to corrupt the keyring. This change skips all
13 packets which are not allowed in a keyblock.
14
15 GnuPG-bug-id: 1455
16
17 (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
18
19Upstream-Status: Backport
20CVE: CVE-2012-6085
21
22Signed-off-by: Saul Wold <sgw@linux.intel.com>
23
24diff --git a/g10/import.c b/g10/import.c
25index bfe02eb..a57b32e 100644
26--- a/g10/import.c
27+++ b/g10/import.c
28@@ -384,6 +384,27 @@ import_print_stats (void *hd)
29 }
30
31
32+/* Return true if PKTTYPE is valid in a keyblock. */
33+static int
34+valid_keyblock_packet (int pkttype)
35+{
36+ switch (pkttype)
37+ {
38+ case PKT_PUBLIC_KEY:
39+ case PKT_PUBLIC_SUBKEY:
40+ case PKT_SECRET_KEY:
41+ case PKT_SECRET_SUBKEY:
42+ case PKT_SIGNATURE:
43+ case PKT_USER_ID:
44+ case PKT_ATTRIBUTE:
45+ case PKT_RING_TRUST:
46+ return 1;
47+ default:
48+ return 0;
49+ }
50+}
51+
52+
53 /****************
54 * Read the next keyblock from stream A.
55 * PENDING_PKT should be initialzed to NULL
56@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
57 }
58 in_cert = 1;
59 default:
60- if( in_cert ) {
61+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
62 if( !root )
63 root = new_kbnode( pkt );
64 else
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
deleted file mode 100644
index e005ac658f..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
+++ /dev/null
@@ -1,17 +0,0 @@
1
2Upstream-Status: Inappropriate [configuration]
3
4Signed-off-by: Saul Wold <sgw@linux.intel.com>
5
6Index: gnupg-1.4.7/configure.ac
7===================================================================
8--- gnupg-1.4.7.orig/configure.ac
9+++ gnupg-1.4.7/configure.ac
10@@ -827,7 +827,6 @@ else
11 AC_SUBST(USE_NLS)
12 AC_SUBST(USE_INCLUDED_LIBINTL)
13 AC_SUBST(BUILD_INCLUDED_LIBINTL)
14- AM_PO_SUBDIRS
15 fi
16
17 if test "$try_extensions" = yes || test x"$card_support" = xyes ; then
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
deleted file mode 100644
index e5fb24aa63..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
+++ /dev/null
@@ -1,27 +0,0 @@
1
2This has been discussed in a couple of different bug reported
3upstream:
4
5http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250
6http://bugs.sourcemage.org/show_bug.cgi?id=14446
7
8Fix:
9http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
10
11Upstream-Status: Backport [Debian]
12
13Signed-off-by: Saul Wold <sgw@linux.intel.com>
14
15Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c
16===================================================================
17--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c
18+++ gnupg-1.4.7/keyserver/gpgkeys_curl.c
19@@ -286,7 +286,7 @@ main(int argc,char *argv[])
20 curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
21 }
22
23- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
24+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
25 curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
26
27 if(proxy)
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
deleted file mode 100644
index 2855cab24b..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
+++ /dev/null
@@ -1,19 +0,0 @@
1Orignal Patch came from OpenWrt via OE-Classic
2https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4
3which is no longer a valid revision!
4
5Upstream-Status: Inappropriate [configuration]
6
7
8--- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000
9+++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000
10@@ -181,7 +181,7 @@
11 /***************************************
12 ************** ARM ******************
13 ***************************************/
14-#if defined (__arm__) && W_TYPE_SIZE == 32
15+#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__)
16 #define add_ssaaaa(sh, sl, ah, al, bh, bl) \
17 __asm__ ("adds %1, %4, %5\n" \
18 "adc %0, %2, %3" \
19
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
deleted file mode 100644
index 9a03b2b705..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1
2From Openembedded-Classic
3
4 gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support
5
6
7Upstream-Status: Inappropriate [embedded-specific]
8
9Index: gnupg-1.4.10/mpi/longlong.h
10===================================================================
11--- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100
12+++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100
13@@ -706,18 +706,35 @@
14 #endif /* __m88110__ */
15 #endif /* __m88000__ */
16
17+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
18+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
19+#define __GNUC_PREREQ(maj, min) \
20+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
21+#else
22+#define __GNUC_PREREQ(maj, min) 0
23+#endif
24+
25 /***************************************
26 ************** MIPS *****************
27 ***************************************/
28 #if defined (__mips__) && W_TYPE_SIZE == 32
29-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
30+#if __GNUC_PREREQ (4,4)
31+#define umul_ppmm(w1, w0, u, v) \
32+ do { \
33+ UDItype __ll = (UDItype)(u) * (v); \
34+ w1 = __ll >> 32; \
35+ w0 = __ll; \
36+ } while (0)
37+#endif
38+#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7)
39 #define umul_ppmm(w1, w0, u, v) \
40 __asm__ ("multu %2,%3" \
41 : "=l" ((USItype)(w0)), \
42 "=h" ((USItype)(w1)) \
43 : "d" ((USItype)(u)), \
44 "d" ((USItype)(v)))
45-#else
46+#endif
47+#if !defined (umul_ppmm)
48 #define umul_ppmm(w1, w0, u, v) \
49 __asm__ ("multu %2,%3 \n" \
50 "mflo %0 \n" \
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
deleted file mode 100644
index 6ccffd54ca..0000000000
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ /dev/null
@@ -1,104 +0,0 @@
1SUMMARY = "GNU Privacy Guard - encryption and signing tools"
2HOMEPAGE = "http://www.gnupg.org/"
3DEPENDS = "zlib bzip2 readline"
4SECTION = "console/utils"
5
6LICENSE = "GPLv2"
7
8LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
9
10PR = "r9"
11
12SRC_URI = "${GNUPG_MIRROR}/gnupg/gnupg-${PV}.tar.bz2 \
13 file://long-long-thumb.patch \
14 file://configure.patch \
15 file://mips_gcc4.4.patch \
16 file://GnuPG1-CVE-2012-6085.patch \
17 file://curl_typeof_fix_backport.patch \
18 file://CVE-2013-4351.patch \
19 file://CVE-2013-4576.patch \
20 file://CVE-2013-4242.patch \
21 "
22
23SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
24SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"
25
26inherit autotools gettext texinfo
27
28# --with-egd-socket=NAME use NAME for the EGD socket
29# --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer
30# --with-included-zlib use the zlib code included here
31# --with-capabilities use linux capabilities default=no
32# --with-mailprog=NAME use "NAME -t" for mail transport
33# --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib
34# --without-libiconv-prefix don't search for libiconv in includedir and libdir
35# --with-included-gettext use the GNU gettext library included here
36# --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib
37# --without-libintl-prefix don't search for libintl in includedir and libdir
38# --without-readline do not support fancy command line editing
39# --with-included-regex use the included GNU regex library
40# --with-zlib=DIR use libz in DIR
41# --with-bzip2=DIR look for bzip2 in DIR
42# --enable-static-rnd=egd|unix|linux|auto
43# --disable-dev-random disable the use of dev random
44# --disable-asm do not use assembler modules
45# --enable-m-guard enable memory guard facility
46# --enable-selinux-support
47# enable SELinux support
48# --disable-card-support disable OpenPGP card support
49# --disable-gnupg-iconv disable the new iconv code
50# --enable-backsigs enable the experimental backsigs code
51# --enable-minimal build the smallest gpg binary possible
52# --disable-rsa disable the RSA public key algorithm
53# --disable-idea disable the IDEA cipher
54# --disable-cast5 disable the CAST5 cipher
55# --disable-blowfish disable the BLOWFISH cipher
56# --disable-aes disable the AES, AES192, and AES256 ciphers
57# --disable-twofish disable the TWOFISH cipher
58# --disable-sha256 disable the SHA-256 digest
59# --disable-sha512 disable the SHA-384 and SHA-512 digests
60# --disable-bzip2 disable the BZIP2 compression algorithm
61# --disable-exec disable all external program execution
62# --disable-photo-viewers disable photo ID viewers
63# --disable-keyserver-helpers disable all external keyserver support
64# --disable-ldap disable LDAP keyserver interface
65# --disable-hkp disable HKP keyserver interface
66# --disable-http disable HTTP key fetching interface
67# --disable-finger disable Finger key fetching interface
68# --disable-mailto disable email keyserver interface
69# --disable-keyserver-path disable the exec-path option for keyserver helpers
70# --enable-key-cache=SIZE Set key cache to SIZE (default 4096)
71# --disable-largefile omit support for large files
72# --disable-dns-srv disable the use of DNS SRV in HKP and HTTP
73# --disable-nls do not use Native Language Support
74# --disable-regex do not handle regular expressions in trust sigs
75
76EXTRA_OECONF = "--disable-ldap \
77 --with-zlib=${STAGING_LIBDIR}/.. \
78 --with-bzip2=${STAGING_LIBDIR}/.. \
79 --disable-selinux-support \
80 --with-readline=${STAGING_LIBDIR}/.. \
81 ac_cv_sys_symbol_underscore=no \
82 "
83
84# Force gcc's traditional handling of inline to avoid issues with gcc 5
85CFLAGS += "-fgnu89-inline"
86
87do_install () {
88 autotools_do_install
89 install -d ${D}${docdir}/${BPN}
90 mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ || :
91 mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ || :
92}
93
94# split out gpgv from main package
95RDEPENDS_${PN} = "gpgv"
96PACKAGES =+ "gpgv"
97FILES_gpgv = "${bindir}/gpgv"
98
99# Exclude debug files from the main packages
100FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*"
101
102PACKAGECONFIG ??= ""
103PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR},--without-libcurl,curl"
104PACKAGECONFIG[libusb] = "--with-libusb=${STAGING_LIBDIR},--without-libusb,libusb-compat"
diff --git a/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch b/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch
deleted file mode 100644
index 3cbf549d48..0000000000
--- a/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1It adds the variables that are needed
2for autoconf 2.65 to reconfigure libiconv and defines the m4 macros
3directory. Its imported from OE.
4
5Upstream-Status: Pending
6
7Signed-off-by: Khem Raj <raj.khem@gmail.com>
8
9Index: libiconv-1.11.1/configure.ac
10===================================================================
11--- libiconv-1.11.1.orig/configure.ac
12+++ libiconv-1.11.1/configure.ac
13@@ -23,7 +23,7 @@ AC_CONFIG_AUX_DIR(build-aux)
14 AM_INIT_AUTOMAKE(libiconv, 1.11)
15 AC_CONFIG_HEADERS(config.h lib/config.h)
16 AC_PROG_MAKE_SET
17-
18+AC_CONFIG_MACRO_DIR([m4])
19 dnl checks for basic programs
20
21 AC_PROG_CC
22Index: libiconv-1.11.1/libcharset/configure.ac
23===================================================================
24--- libiconv-1.11.1.orig/libcharset/configure.ac
25+++ libiconv-1.11.1/libcharset/configure.ac
26@@ -16,17 +16,17 @@ dnl along with the GNU CHARSET Library;
27 dnl write to the Free Software Foundation, Inc., 51 Franklin Street,
28 dnl Fifth Floor, Boston, MA 02110-1301, USA.
29
30-AC_PREREQ(2.13)
31+AC_PREREQ(2.61)
32+AC_INIT([libcharset],[1.4] )
33+AC_CONFIG_SRCDIR([lib/localcharset.c])
34
35-PACKAGE=libcharset
36-VERSION=1.4
37-
38-AC_INIT(lib/localcharset.c)
39 AC_CONFIG_AUX_DIR(build-aux)
40 AC_CONFIG_HEADER(config.h)
41 AC_PROG_MAKE_SET
42-AC_SUBST(PACKAGE)
43-AC_SUBST(VERSION)
44+dnl AC_SUBST(PACKAGE)
45+dnl AC_SUBST(VERSION)
46+
47+AC_CONFIG_MACRO_DIR([m4])
48
49 dnl checks for basic programs
50
diff --git a/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch b/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch
deleted file mode 100644
index fb07f7366b..0000000000
--- a/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1With libtool generating shared and static version of libraries needs -fPIC flags
2without this it will not generate the commands to create shared linked library
3Its more enforced by libtool 2.4. I have not checked it with older libtool
4libiconv 1.11.x is relatively old release and libtool 2.4 did not exist when it
5was released these kind of problem are more likely
6
7Upstream-Status: Pending
8
9Signed-off-by: Khem Raj <raj.khem@gmail.com>
10
11Index: libiconv-1.11.1/lib/Makefile.in
12===================================================================
13--- libiconv-1.11.1.orig/lib/Makefile.in
14+++ libiconv-1.11.1/lib/Makefile.in
15@@ -70,9 +70,9 @@ preloadable_libiconv.so : preloadable_li
16
17 preloadable_libiconv_linux.so : $(SOURCES)
18 if test -n "@GCC@"; then \
19- $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -fPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -shared -o preloadable_libiconv_linux.so; \
20+ $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -fPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -rpath $(libdir) -o libpreload_iconv.la && cp .libs/libpreload_iconv.so preloadable_libiconv_linux.so; \
21 else \
22- $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -KPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -shared -o preloadable_libiconv_linux.so; \
23+ $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -KPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -rpath $(libdir) -o libpreload_iconv.la && cp .libs/libpreload_iconv.so preloadable_libiconv_linux.so; \
24 fi
25
26 preloadable_libiconv_solaris.so : $(SOURCES)
diff --git a/meta/recipes-support/libiconv/libiconv_1.11.1.bb b/meta/recipes-support/libiconv/libiconv_1.11.1.bb
deleted file mode 100644
index f28e64ae2e..0000000000
--- a/meta/recipes-support/libiconv/libiconv_1.11.1.bb
+++ /dev/null
@@ -1,47 +0,0 @@
1SUMMARY = "Character encoding support library"
2DESCRIPTION = "GNU libiconv - libiconv is for you if your application needs to support \
3multiple character encodings, but that support lacks from your system."
4HOMEPAGE = "http://www.gnu.org/software/libiconv"
5SECTION = "libs"
6NOTES = "Needs to be stripped down to: ascii iso8859-1 eucjp iso-2022jp gb utf8"
7PROVIDES = "virtual/libiconv"
8
9LICENSE = "LGPLv2.0"
10LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674 \
11 file://libcharset/COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674"
12
13SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
14 file://autoconf.patch \
15 file://shared_preloadable_libiconv_linux.patch \
16 "
17
18SRC_URI[md5sum] = "d42b97f6ef5dd0ba4469d520ed732fed"
19SRC_URI[sha256sum] = "e78c347a1a0cb15f2648519e9799151f4b4a934b61ad9ee7424478efe2b8257f"
20
21S = "${WORKDIR}/libiconv-${PV}"
22
23inherit autotools pkgconfig gettext
24
25python __anonymous() {
26 if d.getVar("TCLIBC") == "glibc":
27 raise bb.parse.SkipPackage("libiconv is provided for use with uClibc only - glibc already provides iconv")
28}
29
30EXTRA_OECONF += "--enable-shared --enable-static --enable-relocatable"
31
32LEAD_SONAME = "libiconv.so"
33
34do_configure_prepend () {
35 rm -f ${S}/m4/libtool.m4 ${S}/m4/ltoptions.m4 ${S}/m4/ltsugar.m4 ${S}/m4/ltversion.m4 ${S}/m4/lt~obsolete.m4 ${S}/libcharset/m4/libtool.m4 ${S}/libcharset/m4/ltoptions.m4 ${S}/libcharset/m4/ltsugar.m4 ${S}/libcharset/m4/ltversion.m4 ${S}/libcharset/m4/lt~obsolete.m4
36}
37
38do_configure_append () {
39 # forcibly remove RPATH from libtool
40 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' *libtool
41 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=_NO_RPATH_|g' *libtool
42}
43
44do_install_append () {
45 rm -rf ${D}${libdir}/preloadable_libiconv.so
46 rm -rf ${D}${libdir}/charset.alias
47}
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
deleted file mode 100644
index a956f426b8..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
+++ /dev/null
@@ -1,71 +0,0 @@
1Upstream-Status: Backport
2https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
3
4CVE: CVE-2015-8803
5CVE: CVE-2015-8805
6
7Same fix for both.
8
9Signed-off-by: Armin Kuster <akuster@mvista.com>
10
11Index: nettle-2.7.1/ecc-256.c
12===================================================================
13--- nettle-2.7.1.orig/ecc-256.c
14+++ nettle-2.7.1/ecc-256.c
15@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec
16 q2 += t + (q1 < t);
17
18 assert (q2 < 2);
19+ /*
20+ n-1 n-2 n-3 n-4
21+ +---+---+---+---+
22+ | u1| u0| u low |
23+ +---+---+---+---+
24+ - | q1(2^96-1)|
25+ +-------+---+
26+ |q2(2^.)|
27+ +-------+
28
29- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
30- shifts rather than mul. */
31+ We multiply by two low limbs of p, 2^96 - 1, so we could use
32+ shifts rather than mul.
33+ */
34 t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1);
35 t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1);
36 t += (-q2) & 0xffffffff;
37@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec
38 u0 -= t;
39 t = (u1 < cy);
40 u1 -= cy;
41- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
42+
43+ cy = cnd_add_n (t, rp + n - 4, ecc->p, 2);
44+ u0 += cy;
45+ u1 += (u0 < cy);
46 u1 -= (-t) & 0xffffffff;
47 }
48 rp[2] = u0;
49@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec
50
51 /* Conditional add of p */
52 u1 += t;
53- u2 += (t<<32) + (u0 < t);
54+ u2 += (t<<32) + (u1 < t);
55
56 t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
57 u1 += t;
58Index: nettle-2.7.1/ChangeLog
59===================================================================
60--- nettle-2.7.1.orig/ChangeLog
61+++ nettle-2.7.1/ChangeLog
62@@ -1,3 +1,9 @@
63+2015-12-10 Niels Möller <nisse@lysator.liu.se>
64+
65+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
66+ reported by Hanno Böck.
67+ (ecc_256_modq): Fixed another carry propagation bug.
68+
69 2013-05-28 Niels Möller <nisse@lysator.liu.se>
70
71 * Released nettle-2.7.1.
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
deleted file mode 100644
index 73723a998d..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
+++ /dev/null
@@ -1,272 +0,0 @@
1Upstream-Status: Backport
2 https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
3
4CVE: CVE-2015-8804
5Signed-off-by: Armin Kuster <akuster@mvista.com>
6
7Index: nettle-2.7.1/ChangeLog
8===================================================================
9--- nettle-2.7.1.orig/ChangeLog
10+++ nettle-2.7.1/ChangeLog
11@@ -1,3 +1,11 @@
12+2015-12-15 Niels Möller <nisse@lysator.liu.se>
13+
14+ * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
15+ reported by Hanno Böck. Simplified the folding to always use
16+ non-negative carry, the old code attempted to add in a carry which
17+ could be either positive or negative, but didn't get that case
18+ right.
19+
20 2015-12-10 Niels Möller <nisse@lysator.liu.se>
21
22 * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
23Index: nettle-2.7.1/x86_64/ecc-384-modp.asm
24===================================================================
25--- nettle-2.7.1.orig/x86_64/ecc-384-modp.asm
26+++ nettle-2.7.1/x86_64/ecc-384-modp.asm
27@@ -20,7 +20,7 @@ C MA 02111-1301, USA.
28 .file "ecc-384-modp.asm"
29
30 define(<RP>, <%rsi>)
31-define(<D4>, <%rax>)
32+define(<D5>, <%rax>)
33 define(<T0>, <%rbx>)
34 define(<T1>, <%rcx>)
35 define(<T2>, <%rdx>)
36@@ -35,8 +35,8 @@ define(<H4>, <%r13>)
37 define(<H5>, <%r14>)
38 define(<C2>, <%r15>)
39 define(<C0>, H5) C Overlap
40-define(<D0>, RP) C Overlap
41-define(<TMP>, H4) C Overlap
42+define(<TMP>, RP) C Overlap
43+
44
45 PROLOGUE(nettle_ecc_384_modp)
46 W64_ENTRY(2, 0)
47@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp)
48 push %r14
49 push %r15
50
51- C First get top 2 limbs, which need folding twice
52+ C First get top 2 limbs, which need folding twice.
53+ C B^10 = B^6 + B^4 + 2^32 (B-1)B^4.
54+ C We handle the terms as follow:
55 C
56- C H5 H4
57- C -H5
58- C ------
59- C H0 D4
60+ C B^6: Folded immediatly.
61 C
62- C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32
63- C and add
64+ C B^4: Delayed, added in in the next folding.
65 C
66- C H5 H4
67- C H1 H0
68- C ----------
69- C C2 H1 H0
70-
71- mov 80(RP), D4
72- mov 88(RP), H0
73- mov D4, H4
74- mov H0, H5
75- sub H0, D4
76- sbb $0, H0
77-
78- mov D4, T2
79- mov H0, H1
80- shl $32, H0
81- shr $32, T2
82+ C 2^32(B-1) B^4: Low half limb delayed until the next
83+ C folding. Top 1.5 limbs subtracted and shifter now, resulting
84+ C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added
85+ C in.
86+
87+ mov 80(RP), H4
88+ mov 88(RP), H5
89+ C Shift right 32 bits, into H1, H0
90+ mov H4, H0
91+ mov H5, H1
92+ mov H5, D5
93 shr $32, H1
94- or T2, H0
95+ shl $32, D5
96+ shr $32, H0
97+ or D5, H0
98+
99+ C H1 H0
100+ C - H1 H0
101+ C --------
102+ C H1 H0 D5
103+ mov H0, D5
104+ neg D5
105+ sbb H1, H0
106+ sbb $0, H1
107
108 xor C2, C2
109 add H4, H0
110@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp)
111 adc H3, T5
112 adc $0, C0
113
114- C H3 H2 H1 H0 0
115- C - H4 H3 H2 H1 H0
116- C ---------------
117- C H3 H2 H1 H0 D0
118-
119- mov XREG(D4), XREG(D4)
120- mov H0, D0
121- neg D0
122- sbb H1, H0
123- sbb H2, H1
124- sbb H3, H2
125- sbb H4, H3
126- sbb $0, D4
127-
128- C Shift right. High bits are sign, to be added to C0.
129- mov D4, TMP
130- sar $32, TMP
131- shl $32, D4
132- add TMP, C0
133-
134+ C Shift left, including low half of H4
135 mov H3, TMP
136+ shl $32, H4
137 shr $32, TMP
138- shl $32, H3
139- or TMP, D4
140+ or TMP, H4
141
142 mov H2, TMP
143+ shl $32, H3
144 shr $32, TMP
145- shl $32, H2
146 or TMP, H3
147
148 mov H1, TMP
149+ shl $32, H2
150 shr $32, TMP
151- shl $32, H1
152 or TMP, H2
153
154 mov H0, TMP
155+ shl $32, H1
156 shr $32, TMP
157- shl $32, H0
158 or TMP, H1
159
160- mov D0, TMP
161- shr $32, TMP
162- shl $32, D0
163- or TMP, H0
164+ shl $32, H0
165+
166+ C H4 H3 H2 H1 H0 0
167+ C - H4 H3 H2 H1 H0
168+ C ---------------
169+ C H4 H3 H2 H1 H0 TMP
170
171- add D0, T0
172+ mov H0, TMP
173+ neg TMP
174+ sbb H1, H0
175+ sbb H2, H1
176+ sbb H3, H2
177+ sbb H4, H3
178+ sbb $0, H4
179+
180+ add TMP, T0
181 adc H0, T1
182 adc H1, T2
183 adc H2, T3
184 adc H3, T4
185- adc D4, T5
186+ adc H4, T5
187 adc $0, C0
188
189 C Remains to add in C2 and C0
190- C C0 C0<<32 (-2^32+1)C0
191- C C2 C2<<32 (-2^32+1)C2
192- C where C2 is always positive, while C0 may be -1.
193+ C Set H1, H0 = (2^96 - 2^32 + 1) C0
194 mov C0, H0
195 mov C0, H1
196- mov C0, H2
197- sar $63, C0 C Get sign
198 shl $32, H1
199- sub H1, H0 C Gives borrow iff C0 > 0
200+ sub H1, H0
201 sbb $0, H1
202- add C0, H2
203
204+ C Set H3, H2 = (2^96 - 2^32 + 1) C2
205+ mov C2, H2
206+ mov C2, H3
207+ shl $32, H3
208+ sub H3, H2
209+ sbb $0, H3
210+ add C0, H2 C No carry. Could use lea trick
211+
212+ xor C0, C0
213 add H0, T0
214 adc H1, T1
215- adc $0, H2
216- adc $0, C0
217-
218- C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1
219- mov C2, H0
220- mov C2, H1
221- shl $32, H1
222- sub H1, H0
223- sbb $0, H1
224-
225- add H2, H0
226- adc C0, H1
227- adc C2, C0
228- mov C0, H2
229- sar $63, C0
230- add H0, T2
231- adc H1, T3
232- adc H2, T4
233- adc C0, T5
234- sbb C0, C0
235+ adc H2, T2
236+ adc H3, T3
237+ adc C2, T4
238+ adc D5, T5 C Value delayed from initial folding
239+ adc $0, C0 C Use sbb and switch sign?
240
241 C Final unlikely carry
242 mov C0, H0
243 mov C0, H1
244- mov C0, H2
245- sar $63, C0
246 shl $32, H1
247 sub H1, H0
248 sbb $0, H1
249- add C0, H2
250
251 pop RP
252
253- sub H0, T0
254+ add H0, T0
255 mov T0, (RP)
256- sbb H1, T1
257+ adc H1, T1
258 mov T1, 8(RP)
259- sbb H2, T2
260+ adc C0, T2
261 mov T2, 16(RP)
262- sbb C0, T3
263+ adc $0, T3
264 mov T3, 24(RP)
265- sbb C0, T4
266+ adc $0, T4
267 mov T4, 32(RP)
268- sbb C0, T5
269+ adc $0, T5
270 mov T5, 40(RP)
271
272 pop %r15
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch b/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
deleted file mode 100644
index 38d9107ce7..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
+++ /dev/null
@@ -1,38 +0,0 @@
1From c369dd7049f5a198f8b6c96fde6e294ce5146c2f Mon Sep 17 00:00:00 2001
2From: Haiqing Bai <Haiqing.Bai@windriver.com>
3Date: Fri, 9 Dec 2016 16:16:45 +0800
4Subject: [PATCH] nettle: check header files of openssl only if
5 'enable_openssl=yes'.
6
7The original configure script checks openssl header files to generate
8config.h even if 'enable_openssl' is not set to yes, this made inconsistent
9building for nettle.
10
11Upstream-Status: Pending
12Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
13---
14 configure.ac | 8 +++++---
15 1 file changed, 5 insertions(+), 3 deletions(-)
16
17diff --git a/configure.ac b/configure.ac
18index 78a3d4e..4f16a98 100644
19--- a/configure.ac
20+++ b/configure.ac
21@@ -603,9 +603,11 @@ AC_CHECK_ALIGNOF(uint64_t)
22 ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t"
23 AC_SUBST(ALIGNOF_UINT64_T)
24
25-AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
26-[enable_openssl=no
27- break])
28+if test "x$enable_openssl" = "xyes"; then
29+ AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
30+ [enable_openssl=no
31+ break])
32+fi
33
34 LSH_FUNC_ALLOCA
35 LSH_FUNC_STRERROR
36--
371.9.1
38
diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb
deleted file mode 100644
index 2006146cfe..0000000000
--- a/meta/recipes-support/nettle/nettle_2.7.1.bb
+++ /dev/null
@@ -1,19 +0,0 @@
1require nettle.inc
2
3LICENSE = "LGPLv2.1+ & GPLv2"
4LICENSE_${PN} = "LGPLv2.1+"
5
6LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
7 file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \
8 file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d"
9
10SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
11SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
12
13SRC_URI += "\
14 file://CVE-2015-8803_8805.patch \
15 file://CVE-2015-8804.patch \
16 file://check-header-files-of-openssl-only-if-enable_.patch \
17 "
18
19DISABLE_STATIC = ""