8 files changed, 435 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
new file mode 100644
index 0000000000..c9addca28e
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
@@ -0,0 +1,62 @@
+From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 25 Jul 2013 11:17:52 +0200
+Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret
+ exponents.
+commit e2202ff2b704623efc6277fb5256e4e15bac5676 from
+git://git.gnupg.org/libgcrypt.git
+* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
+exponents in secure memory.
+Upstream-Status: Backport
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+--
+The attack is published as http://eprint.iacr.org/2013/448 :
+Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
+Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
+  Flush+Reload is a cache side-channel attack that monitors access to
+  data in shared pages. In this paper we demonstrate how to use the
+  attack to extract private encryption keys from GnuPG.  The high
+  resolution and low noise of the Flush+Reload attack enables a spy
+  program to recover over 98% of the bits of the private key in a
+  single decryption or signing round. Unlike previous attacks, the
+  attack targets the last level L3 cache. Consequently, the spy
+  program and the victim do not need to share the execution core of
+  the CPU. The attack is not limited to a traditional OS and can be
+  used in a virtualised environment, where it can attack programs
+  executing in a different VM.
+Index: gnupg-1.4.7/mpi/mpi-pow.c
+===================================================================
+--- gnupg-1.4.7.orig/mpi/mpi-pow.c
+++ gnupg-1.4.7/mpi/mpi-pow.c
+@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen
+                tp = rp; rp = xp; xp = tp;
+                rsize = xsize;
+ 
+-               if( (mpi_limb_signed_t)e < 0 ) {
+            /* To mitigate the Yarom/Falkner flush+reload cache
+             * side-channel attack on the RSA secret exponent, we do
+             * the multiplication regardless of the value of the
+             * high-bit of E.  But to avoid this performance penalty
+             * we do it only if the exponent has been stored in secure
+             * memory and we can thus assume it is a secret exponent.  */
+               if (esec || (mpi_limb_signed_t)e < 0) {
+                    /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/
+                    if( bsize < KARATSUBA_THRESHOLD ) {
+                        mpihelp_mul( xp, rp, rsize, bp, bsize );
+@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen
+                        mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
+                        xsize = msize;
+                    }
+               }
+               if ( (mpi_limb_signed_t)e < 0 ) {
+ 
+                    tp = rp; rp = xp; xp = tp;
+                    rsize = xsize;
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
new file mode 100644
index 0000000000..b29ede4233
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,44 @@
+Upstream-Status: Backport
+Index: gnupg-1.4.7/g10/getkey.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/getkey.c       2007-03-05 16:54:41.000000000 +0800
+++ gnupg-1.4.7/g10/getkey.c    2013-11-28 14:41:59.640212240 +0800
+@@ -1454,7 +1454,11 @@
+ 
+       if(flags)
+        key_usage |= PUBKEY_USAGE_UNKNOWN;
+      if (!key_usage)
+       key_usage |= PUBKEY_USAGE_NONE;
+     }
+  else if (p)
+    key_usage |= PUBKEY_USAGE_NONE;
+ 
+   /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
+      capability that we do not handle.  This serves to distinguish
+Index: gnupg-1.4.7/g10/keygen.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/keygen.c       2007-02-05 00:27:40.000000000 +0800
+++ gnupg-1.4.7/g10/keygen.c    2013-11-28 14:43:05.016670092 +0800
+@@ -209,9 +209,6 @@
+     if (use & PUBKEY_USAGE_AUTH)
+         buf[0] |= 0x20;
+ 
+-    if (!buf[0]) 
+-        return;
+-
+     build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
+ }
+ 
+Index: gnupg-1.4.7/include/cipher.h
+===================================================================
+--- gnupg-1.4.7.orig/include/cipher.h   2006-04-21 20:39:49.000000000 +0800
+++ gnupg-1.4.7/include/cipher.h        2013-11-28 14:49:24.159322744 +0800
+@@ -52,6 +52,7 @@
+ #define PUBKEY_USAGE_CERT    4      /* key is also good to certify other keys*/
+ #define PUBKEY_USAGE_AUTH    8      /* key is good for authentication */
+ #define PUBKEY_USAGE_UNKNOWN 128    /* key has an unknown usage bit */
+#define PUBKEY_USAGE_NONE    256    /* No usage given. */
+ 
+ #define DIGEST_ALGO_MD5       1
+ #define DIGEST_ALGO_SHA1      2
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
new file mode 100644
index 0000000000..b1a22f5853
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
@@ -0,0 +1,153 @@
+Upstream-Status: Backport
+Index: gnupg-1.4.7/cipher/dsa.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/dsa.c       2006-12-12 02:27:21.000000000 +0800
+++ gnupg-1.4.7/cipher/dsa.c    2014-01-23 11:30:17.300915919 +0800
+@@ -287,6 +287,8 @@
+     MPI kinv;
+     MPI tmp;
+ 
+    mpi_normalize (hash);
+
+     /* select a random k with 0 < k < q */
+     k = gen_k( skey->q );
+ 
+Index: gnupg-1.4.7/cipher/elgamal.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/elgamal.c   2006-12-12 03:08:05.000000000 +0800
+++ gnupg-1.4.7/cipher/elgamal.c        2014-01-23 11:30:17.300915919 +0800
+@@ -376,6 +376,9 @@
+ {
+     MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+ 
+    mpi_normalize (a);
+    mpi_normalize (b);
+
+     /* output = b/(a^x) mod p */
+     mpi_powm( t1, a, skey->x, skey->p );
+     mpi_invm( t1, t1, skey->p );
+Index: gnupg-1.4.7/cipher/random.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/random.c    2006-11-03 18:09:39.000000000 +0800
+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
+@@ -273,6 +273,18 @@
+ }
+ 
+ 
+/* Randomize the MPI */ 
+void
+randomize_mpi (MPI mpi, size_t nbits, int level)
+{
+  unsigned char *buffer;
+
+  buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
+  mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
+  xfree (buffer);
+}
+
+
+ int
+ random_is_faked()
+ {
+Index: gnupg-1.4.7/cipher/random.h
+===================================================================
+--- gnupg-1.4.7.orig/cipher/random.h    2006-02-09 19:29:29.000000000 +0800
+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
+@@ -32,6 +32,7 @@
+ int  random_is_faked(void);
+ void random_disable_locking (void);
+ void randomize_buffer( byte *buffer, size_t length, int level );
+void randomize_mpi (MPI mpi, size_t nbits, int level);
+ byte *get_random_bits( size_t nbits, int level, int secure );
+ void fast_random_poll( void );
+ 
+Index: gnupg-1.4.7/cipher/rsa.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/rsa.c       2006-12-12 03:09:00.000000000 +0800
+++ gnupg-1.4.7/cipher/rsa.c    2014-01-23 11:35:04.330639125 +0800
+@@ -301,9 +301,26 @@
+ #if 0
+     mpi_powm( output, input, skey->d, skey->n );
+ #else
+-    MPI m1   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+-    MPI m2   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+-    MPI h    = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+    int nlimbs = mpi_get_nlimbs (skey->n)+1;
+    MPI m1   = mpi_alloc_secure (nlimbs);
+    MPI m2   = mpi_alloc_secure (nlimbs);
+    MPI h    = mpi_alloc_secure (nlimbs);
+# if 1
+    MPI bdata= mpi_alloc_secure (nlimbs);
+    MPI r    = mpi_alloc_secure (nlimbs);
+# endif
+
+    /* Remove superfluous leading zeroes from INPUT.  */
+    mpi_normalize (input);
+
+# if 1 
+    /* Blind:  bdata = (data * r^e) mod n   */
+    randomize_mpi (r, mpi_get_nbits (skey->n), 0);
+    mpi_fdiv_r (r, r, skey->n);
+    mpi_powm (bdata, r, skey->e, skey->n);
+    mpi_mulm (bdata, bdata, input, skey->n);
+    input = bdata;
+# endif
+ 
+     /* m1 = c ^ (d mod (p-1)) mod p */
+     mpi_sub_ui( h, skey->p, 1  );
+@@ -321,8 +338,15 @@
+     /* m = m2 + h * p */
+     mpi_mul ( h, h, skey->p );
+     mpi_add ( output, m1, h );
+-    /* ready */
+-    
+
+# if 1
+    mpi_free (bdata);
+    /* Unblind: output = (output * r^(-1)) mod n  */
+    mpi_invm (r, r, skey->n);
+    mpi_mulm (output, output, r, skey->n);
+    mpi_free (r);
+# endif
+
+     mpi_free ( h );
+     mpi_free ( m1 );
+     mpi_free ( m2 );
+@@ -397,6 +421,7 @@
+ rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+ {
+     RSA_secret_key sk;
+    MPI input;
+ 
+     if( algo != 1 && algo != 2 )
+        return G10ERR_PUBKEY_ALGO;
+@@ -407,8 +432,14 @@
+     sk.p = skey[3];
+     sk.q = skey[4];
+     sk.u = skey[5];
+-    *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
+-    secret( *result, data[0], &sk );
+
+    /* Mitigates side-channel attacks (CVE-2013-4576).  */
+    input = mpi_alloc (0);
+    mpi_normalize (data[0]);
+    mpi_fdiv_r (input, data[0], sk.n);
+    *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
+    secret (*result, input, &sk);
+    mpi_free (input);
+     return 0;
+ }
+ 
+Index: gnupg-1.4.7/g10/gpgv.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
+++ gnupg-1.4.7/g10/gpgv.c      2014-01-23 11:30:17.300915919 +0800
+@@ -390,6 +390,7 @@
+ void random_dump_stats(void) {}
+ int quick_random_gen( int onoff ) { return -1;}
+ void randomize_buffer( byte *buffer, size_t length, int level ) {}
+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
+ int random_is_faked() { return -1;}
+ byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
+ void set_random_seed_file( const char *name ) {}
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
new file mode 100644
index 0000000000..8b5d9a1693
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
+commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
+Author: Werner Koch <wk@gnupg.org>
+Date:   Thu Dec 20 09:43:41 2012 +0100
+    gpg: Import only packets which are allowed in a keyblock.
+    
+    * g10/import.c (valid_keyblock_packet): New.
+    (read_block): Store only valid packets.
+    --
+    
+    A corrupted key, which for example included a mangled public key
+    encrypted packet, used to corrupt the keyring.  This change skips all
+    packets which are not allowed in a keyblock.
+    
+    GnuPG-bug-id: 1455
+    
+    (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
+Upstream-Status: Backport
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+diff --git a/g10/import.c b/g10/import.c
+index bfe02eb..a57b32e 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -384,6 +384,27 @@ import_print_stats (void *hd)
+ }
+ 
+ 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
+ /****************
+  * Read the next keyblock from stream A.
+  * PENDING_PKT should be initialzed to NULL
+@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+            }
+            in_cert = 1;
+          default:
+-           if( in_cert ) {
+           if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+                if( !root )
+                    root = new_kbnode( pkt );
+                else
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
new file mode 100644
index 0000000000..e005ac658f
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+Index: gnupg-1.4.7/configure.ac
+===================================================================
+--- gnupg-1.4.7.orig/configure.ac
+++ gnupg-1.4.7/configure.ac
+@@ -827,7 +827,6 @@ else
+   AC_SUBST(USE_NLS)
+   AC_SUBST(USE_INCLUDED_LIBINTL)
+   AC_SUBST(BUILD_INCLUDED_LIBINTL)
+-  AM_PO_SUBDIRS
+ fi
+ 
+ if test "$try_extensions" = yes || test x"$card_support" = xyes ; then
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
new file mode 100644
index 0000000000..e5fb24aa63
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
@@ -0,0 +1,27 @@
+This has been discussed in a couple of different bug reported
+upstream:
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250
+http://bugs.sourcemage.org/show_bug.cgi?id=14446
+Fix:
+http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
+Upstream-Status: Backport [Debian]
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c
+===================================================================
+--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c
+++ gnupg-1.4.7/keyserver/gpgkeys_curl.c
+@@ -286,7 +286,7 @@ main(int argc,char *argv[])
+       curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
+     }
+ 
+-  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
+  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
+   curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+ 
+   if(proxy)
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
new file mode 100644
index 0000000000..2855cab24b
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
@@ -0,0 +1,19 @@
+Orignal Patch came from OpenWrt via OE-Classic
+https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4
+which is no longer a valid revision!
+Upstream-Status: Inappropriate [configuration]
+--- gnupg/mpi/longlong.h~      2006-02-14 10:09:55.000000000 +0000
+++ gnupg/mpi/longlong.h       2008-10-27 13:11:09.000000000 +0000
+@@ -181,7 +181,7 @@
+ /***************************************
+  **************  ARM  ******************
+  ***************************************/
+-#if defined (__arm__) && W_TYPE_SIZE == 32
+#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__)
+ #define add_ssaaaa(sh, sl, ah, al, bh, bl) \
+   __asm__ ("adds %1, %4, %5\n"                                          \
+          "adc  %0, %2, %3"                                            \
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
new file mode 100644
index 0000000000..9a03b2b705
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
@@ -0,0 +1,50 @@
+From Openembedded-Classic
+    gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support
+Upstream-Status: Inappropriate [embedded-specific]
+Index: gnupg-1.4.10/mpi/longlong.h
+===================================================================
+--- gnupg-1.4.10.orig/mpi/longlong.h    2008-12-11 17:39:43.000000000 +0100
+++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100
+@@ -706,18 +706,35 @@
+ #endif /* __m88110__ */
+ #endif /* __m88000__ */
+ 
+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
+#define __GNUC_PREREQ(maj, min) \
+       ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+#else
+#define __GNUC_PREREQ(maj, min)  0
+#endif
+
+ /***************************************
+  **************  MIPS  *****************
+  ***************************************/
+ #if defined (__mips__) && W_TYPE_SIZE == 32
+-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
+#if __GNUC_PREREQ (4,4)
+#define umul_ppmm(w1, w0, u, v) \
+  do {                                                                 \
+       UDItype __ll = (UDItype)(u) * (v);                                 \
+       w1 = __ll >> 32;                                                   \
+       w0 = __ll;                                                         \
+  } while (0)
+#endif
+#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7)
+ #define umul_ppmm(w1, w0, u, v) \
+   __asm__ ("multu %2,%3"                                                \
+           : "=l" ((USItype)(w0)),                                      \
+             "=h" ((USItype)(w1))                                       \
+           : "d" ((USItype)(u)),                                        \
+             "d" ((USItype)(v)))
+-#else
+#endif
+#if !defined (umul_ppmm)
+ #define umul_ppmm(w1, w0, u, v) \
+   __asm__ ("multu %2,%3 \n" \
+           "mflo %0 \n"     \

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch new file mode 100644 index 0000000000..c9addca28e --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
@@ -0,0 +1,62 @@
	1	From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001
	2	From: Werner Koch <wk@gnupg.org>
	3	Date: Thu, 25 Jul 2013 11:17:52 +0200
	4	Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret
	5	exponents.
	6
	7	commit e2202ff2b704623efc6277fb5256e4e15bac5676 from
	8	git://git.gnupg.org/libgcrypt.git
	9
	10	* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
	11	exponents in secure memory.
	12
	13	Upstream-Status: Backport
	14
	15	Signed-off-by: Kai Kang <kai.kang@windriver.com>
	16	--
	17
	18	The attack is published as http://eprint.iacr.org/2013/448 :
	19
	20	Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
	21	Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
	22
	23	Flush+Reload is a cache side-channel attack that monitors access to
	24	data in shared pages. In this paper we demonstrate how to use the
	25	attack to extract private encryption keys from GnuPG. The high
	26	resolution and low noise of the Flush+Reload attack enables a spy
	27	program to recover over 98% of the bits of the private key in a
	28	single decryption or signing round. Unlike previous attacks, the
	29	attack targets the last level L3 cache. Consequently, the spy
	30	program and the victim do not need to share the execution core of
	31	the CPU. The attack is not limited to a traditional OS and can be
	32	used in a virtualised environment, where it can attack programs
	33	executing in a different VM.
	34
	35	Index: gnupg-1.4.7/mpi/mpi-pow.c
	36	===================================================================
	37	--- gnupg-1.4.7.orig/mpi/mpi-pow.c
	38	+++ gnupg-1.4.7/mpi/mpi-pow.c
	39	@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen
	40	tp = rp; rp = xp; xp = tp;
	41	rsize = xsize;
	42
	43	- if( (mpi_limb_signed_t)e < 0 ) {
	44	+ /* To mitigate the Yarom/Falkner flush+reload cache
	45	+ * side-channel attack on the RSA secret exponent, we do
	46	+ * the multiplication regardless of the value of the
	47	+ * high-bit of E. But to avoid this performance penalty
	48	+ * we do it only if the exponent has been stored in secure
	49	+ * memory and we can thus assume it is a secret exponent. */
	50	+ if (esec \|\| (mpi_limb_signed_t)e < 0) {
	51	/mpihelp_mul( xp, rp, rsize, bp, bsize );/
	52	if( bsize < KARATSUBA_THRESHOLD ) {
	53	mpihelp_mul( xp, rp, rsize, bp, bsize );
	54	@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen
	55	mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
	56	xsize = msize;
	57	}
	58	+ }
	59	+ if ( (mpi_limb_signed_t)e < 0 ) {
	60
	61	tp = rp; rp = xp; xp = tp;
	62	rsize = xsize;


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch new file mode 100644 index 0000000000..b29ede4233 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,44 @@
	1	Upstream-Status: Backport
	2
	3	Index: gnupg-1.4.7/g10/getkey.c
	4	===================================================================
	5	--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
	6	+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
	7	@@ -1454,7 +1454,11 @@
	8
	9	if(flags)
	10	key_usage \|= PUBKEY_USAGE_UNKNOWN;
	11	+ if (!key_usage)
	12	+ key_usage \|= PUBKEY_USAGE_NONE;
	13	}
	14	+ else if (p)
	15	+ key_usage \|= PUBKEY_USAGE_NONE;
	16
	17	/* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
	18	capability that we do not handle. This serves to distinguish
	19	Index: gnupg-1.4.7/g10/keygen.c
	20	===================================================================
	21	--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
	22	+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
	23	@@ -209,9 +209,6 @@
	24	if (use & PUBKEY_USAGE_AUTH)
	25	buf[0] \|= 0x20;
	26
	27	- if (!buf[0])
	28	- return;
	29	-
	30	build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
	31	}
	32
	33	Index: gnupg-1.4.7/include/cipher.h
	34	===================================================================
	35	--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
	36	+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
	37	@@ -52,6 +52,7 @@
	38	#define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
	39	#define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
	40	#define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
	41	+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
	42
	43	#define DIGEST_ALGO_MD5 1
	44	#define DIGEST_ALGO_SHA1 2


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch new file mode 100644 index 0000000000..b1a22f5853 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
@@ -0,0 +1,153 @@
	1	Upstream-Status: Backport
	2
	3	Index: gnupg-1.4.7/cipher/dsa.c
	4	===================================================================
	5	--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800
	6	+++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800
	7	@@ -287,6 +287,8 @@
	8	MPI kinv;
	9	MPI tmp;
	10
	11	+ mpi_normalize (hash);
	12	+
	13	/* select a random k with 0 < k < q */
	14	k = gen_k( skey->q );
	15
	16	Index: gnupg-1.4.7/cipher/elgamal.c
	17	===================================================================
	18	--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800
	19	+++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800
	20	@@ -376,6 +376,9 @@
	21	{
	22	MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
	23
	24	+ mpi_normalize (a);
	25	+ mpi_normalize (b);
	26	+
	27	/* output = b/(a^x) mod p */
	28	mpi_powm( t1, a, skey->x, skey->p );
	29	mpi_invm( t1, t1, skey->p );
	30	Index: gnupg-1.4.7/cipher/random.c
	31	===================================================================
	32	--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800
	33	+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
	34	@@ -273,6 +273,18 @@
	35	}
	36
	37
	38	+/* Randomize the MPI */
	39	+void
	40	+randomize_mpi (MPI mpi, size_t nbits, int level)
	41	+{
	42	+ unsigned char *buffer;
	43	+
	44	+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
	45	+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
	46	+ xfree (buffer);
	47	+}
	48	+
	49	+
	50	int
	51	random_is_faked()
	52	{
	53	Index: gnupg-1.4.7/cipher/random.h
	54	===================================================================
	55	--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800
	56	+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
	57	@@ -32,6 +32,7 @@
	58	int random_is_faked(void);
	59	void random_disable_locking (void);
	60	void randomize_buffer( byte *buffer, size_t length, int level );
	61	+void randomize_mpi (MPI mpi, size_t nbits, int level);
	62	byte *get_random_bits( size_t nbits, int level, int secure );
	63	void fast_random_poll( void );
	64
	65	Index: gnupg-1.4.7/cipher/rsa.c
	66	===================================================================
	67	--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800
	68	+++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800
	69	@@ -301,9 +301,26 @@
	70	#if 0
	71	mpi_powm( output, input, skey->d, skey->n );
	72	#else
	73	- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
	74	- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
	75	- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
	76	+ int nlimbs = mpi_get_nlimbs (skey->n)+1;
	77	+ MPI m1 = mpi_alloc_secure (nlimbs);
	78	+ MPI m2 = mpi_alloc_secure (nlimbs);
	79	+ MPI h = mpi_alloc_secure (nlimbs);
	80	+# if 1
	81	+ MPI bdata= mpi_alloc_secure (nlimbs);
	82	+ MPI r = mpi_alloc_secure (nlimbs);
	83	+# endif
	84	+
	85	+ /* Remove superfluous leading zeroes from INPUT. */
	86	+ mpi_normalize (input);
	87	+
	88	+# if 1
	89	+ /* Blind: bdata = (data * r^e) mod n */
	90	+ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
	91	+ mpi_fdiv_r (r, r, skey->n);
	92	+ mpi_powm (bdata, r, skey->e, skey->n);
	93	+ mpi_mulm (bdata, bdata, input, skey->n);
	94	+ input = bdata;
	95	+# endif
	96
	97	/* m1 = c ^ (d mod (p-1)) mod p */
	98	mpi_sub_ui( h, skey->p, 1 );
	99	@@ -321,8 +338,15 @@
	100	/* m = m2 + h * p */
	101	mpi_mul ( h, h, skey->p );
	102	mpi_add ( output, m1, h );
	103	- /* ready */
	104	-
	105	+
	106	+# if 1
	107	+ mpi_free (bdata);
	108	+ /* Unblind: output = (output * r^(-1)) mod n */
	109	+ mpi_invm (r, r, skey->n);
	110	+ mpi_mulm (output, output, r, skey->n);
	111	+ mpi_free (r);
	112	+# endif
	113	+
	114	mpi_free ( h );
	115	mpi_free ( m1 );
	116	mpi_free ( m2 );
	117	@@ -397,6 +421,7 @@
	118	rsa_decrypt( int algo, MPI result, MPI data, MPI *skey )
	119	{
	120	RSA_secret_key sk;
	121	+ MPI input;
	122
	123	if( algo != 1 && algo != 2 )
	124	return G10ERR_PUBKEY_ALGO;
	125	@@ -407,8 +432,14 @@
	126	sk.p = skey[3];
	127	sk.q = skey[4];
	128	sk.u = skey[5];
	129	- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
	130	- secret( *result, data[0], &sk );
	131	+
	132	+ /* Mitigates side-channel attacks (CVE-2013-4576). */
	133	+ input = mpi_alloc (0);
	134	+ mpi_normalize (data[0]);
	135	+ mpi_fdiv_r (input, data[0], sk.n);
	136	+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
	137	+ secret (*result, input, &sk);
	138	+ mpi_free (input);
	139	return 0;
	140	}
	141
	142	Index: gnupg-1.4.7/g10/gpgv.c
	143	===================================================================
	144	--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
	145	+++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800
	146	@@ -390,6 +390,7 @@
	147	void random_dump_stats(void) {}
	148	int quick_random_gen( int onoff ) { return -1;}
	149	void randomize_buffer( byte *buffer, size_t length, int level ) {}
	150	+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
	151	int random_is_faked() { return -1;}
	152	byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
	153	void set_random_seed_file( const char *name ) {}


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch new file mode 100644 index 0000000000..8b5d9a1693 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
	1	commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
	2	Author: Werner Koch <wk@gnupg.org>
	3	Date: Thu Dec 20 09:43:41 2012 +0100
	4
	5	gpg: Import only packets which are allowed in a keyblock.
	6
	7	* g10/import.c (valid_keyblock_packet): New.
	8	(read_block): Store only valid packets.
	9	--
	10
	11	A corrupted key, which for example included a mangled public key
	12	encrypted packet, used to corrupt the keyring. This change skips all
	13	packets which are not allowed in a keyblock.
	14
	15	GnuPG-bug-id: 1455
	16
	17	(cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
	18
	19	Upstream-Status: Backport
	20
	21	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	22
	23	diff --git a/g10/import.c b/g10/import.c
	24	index bfe02eb..a57b32e 100644
	25	--- a/g10/import.c
	26	+++ b/g10/import.c
	27	@@ -384,6 +384,27 @@ import_print_stats (void *hd)
	28	}
	29
	30
	31	+/* Return true if PKTTYPE is valid in a keyblock. */
	32	+static int
	33	+valid_keyblock_packet (int pkttype)
	34	+{
	35	+ switch (pkttype)
	36	+ {
	37	+ case PKT_PUBLIC_KEY:
	38	+ case PKT_PUBLIC_SUBKEY:
	39	+ case PKT_SECRET_KEY:
	40	+ case PKT_SECRET_SUBKEY:
	41	+ case PKT_SIGNATURE:
	42	+ case PKT_USER_ID:
	43	+ case PKT_ATTRIBUTE:
	44	+ case PKT_RING_TRUST:
	45	+ return 1;
	46	+ default:
	47	+ return 0;
	48	+ }
	49	+}
	50	+
	51	+
	52	/****************
	53	* Read the next keyblock from stream A.
	54	* PENDING_PKT should be initialzed to NULL
	55	@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET *pending_pkt, KBNODE ret_root )
	56	}
	57	in_cert = 1;
	58	default:
	59	- if( in_cert ) {
	60	+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
	61	if( !root )
	62	root = new_kbnode( pkt );
	63	else


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch new file mode 100644 index 0000000000..e005ac658f --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch
@@ -0,0 +1,17 @@
	1
	2	Upstream-Status: Inappropriate [configuration]
	3
	4	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	5
	6	Index: gnupg-1.4.7/configure.ac
	7	===================================================================
	8	--- gnupg-1.4.7.orig/configure.ac
	9	+++ gnupg-1.4.7/configure.ac
	10	@@ -827,7 +827,6 @@ else
	11	AC_SUBST(USE_NLS)
	12	AC_SUBST(USE_INCLUDED_LIBINTL)
	13	AC_SUBST(BUILD_INCLUDED_LIBINTL)
	14	- AM_PO_SUBDIRS
	15	fi
	16
	17	if test "$try_extensions" = yes \|\| test x"$card_support" = xyes ; then


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch new file mode 100644 index 0000000000..e5fb24aa63 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
@@ -0,0 +1,27 @@
	1
	2	This has been discussed in a couple of different bug reported
	3	upstream:
	4
	5	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250
	6	http://bugs.sourcemage.org/show_bug.cgi?id=14446
	7
	8	Fix:
	9	http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
	10
	11	Upstream-Status: Backport [Debian]
	12
	13	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	14
	15	Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c
	16	===================================================================
	17	--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c
	18	+++ gnupg-1.4.7/keyserver/gpgkeys_curl.c
	19	@@ -286,7 +286,7 @@ main(int argc,char *argv[])
	20	curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
	21	}
	22
	23	- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
	24	+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
	25	curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
	26
	27	if(proxy)


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch new file mode 100644 index 0000000000..2855cab24b --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
@@ -0,0 +1,19 @@
	1	Orignal Patch came from OpenWrt via OE-Classic
	2	https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4
	3	which is no longer a valid revision!
	4
	5	Upstream-Status: Inappropriate [configuration]
	6
	7
	8	--- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000
	9	+++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000
	10	@@ -181,7 +181,7 @@
	11	/***************************************
	12	************ ARM ****************
	13	***************************************/
	14	-#if defined (__arm__) && W_TYPE_SIZE == 32
	15	+#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__)
	16	#define add_ssaaaa(sh, sl, ah, al, bh, bl) \
	17	__asm__ ("adds %1, %4, %5\n" \
	18	"adc %0, %2, %3" \
	19


diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch new file mode 100644 index 0000000000..9a03b2b705 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
@@ -0,0 +1,50 @@
	1
	2	From Openembedded-Classic
	3
	4	gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support
	5
	6
	7	Upstream-Status: Inappropriate [embedded-specific]
	8
	9	Index: gnupg-1.4.10/mpi/longlong.h
	10	===================================================================
	11	--- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100
	12	+++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100
	13	@@ -706,18 +706,35 @@
	14	#endif /* __m88110__ */
	15	#endif /* __m88000__ */
	16
	17	+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
	18	+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
	19	+#define __GNUC_PREREQ(maj, min) \
	20	+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
	21	+#else
	22	+#define __GNUC_PREREQ(maj, min) 0
	23	+#endif
	24	+
	25	/***************************************
	26	************ MIPS ***************
	27	***************************************/
	28	#if defined (__mips__) && W_TYPE_SIZE == 32
	29	-#if __GNUC__ > 2 \|\| __GNUC_MINOR__ >= 7
	30	+#if __GNUC_PREREQ (4,4)
	31	+#define umul_ppmm(w1, w0, u, v) \
	32	+ do { \
	33	+ UDItype __ll = (UDItype)(u) * (v); \
	34	+ w1 = __ll >> 32; \
	35	+ w0 = __ll; \
	36	+ } while (0)
	37	+#endif
	38	+#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7)
	39	#define umul_ppmm(w1, w0, u, v) \
	40	__asm__ ("multu %2,%3" \
	41	: "=l" ((USItype)(w0)), \
	42	"=h" ((USItype)(w1)) \
	43	: "d" ((USItype)(u)), \
	44	"d" ((USItype)(v)))
	45	-#else
	46	+#endif
	47	+#if !defined (umul_ppmm)
	48	#define umul_ppmm(w1, w0, u, v) \
	49	__asm__ ("multu %2,%3 \n" \
	50	"mflo %0 \n" \