diff options
Diffstat (limited to 'meta/recipes-support')
24 files changed, 0 insertions, 1366 deletions
diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch deleted file mode 100644 index d3cb43b9b9..0000000000 --- a/meta/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch +++ /dev/null @@ -1,22 +0,0 @@ -Obey LDFLAGS - -Signed-off-by: Christopher Larson <chris_larson@mentor.com> -Upstream-Status: Inappropriate [old version] - ---- gdbm-1.8.3.orig/Makefile.in -+++ gdbm-1.8.3/Makefile.in -@@ -156,12 +156,12 @@ install-compat: - - libgdbm.la: $(LOBJS) gdbm.h - rm -f libgdbm.la -- $(LIBTOOL) --mode=link $(CC) -o libgdbm.la -rpath $(libdir) \ -+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm.la -rpath $(libdir) \ - -version-info $(SHLIB_VER) $(LOBJS) - - libgdbm_compat.la: $(C_LOBJS) gdbm.h - rm -f libgdbm_compat.la -- $(LIBTOOL) --mode=link $(CC) -o libgdbm_compat.la -rpath $(libdir) \ -+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm_compat.la -rpath $(libdir) \ - -version-info $(SHLIB_VER) $(C_LOBJS) - - gdbm.h: gdbm.proto gdbmerrno.h gdbm.proto2 diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch deleted file mode 100644 index 0f9d04f4a1..0000000000 --- a/meta/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch +++ /dev/null @@ -1,22 +0,0 @@ -Upstream-Status: Pending - ---- gdbm-1.8.3/Makefile.in.orig 2006-02-16 15:17:25.000000000 +0000 -+++ gdbm-1.8.3/Makefile.in 2006-02-16 15:18:08.000000000 +0000 -@@ -131,7 +131,7 @@ - $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \ - $(DESTDIR)$(includedir) $(DESTDIR)$(man3dir) \ - $(DESTDIR)$(infodir) -- $(LIBTOOL) $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la -+ $(LIBTOOL) --mode=install $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la - $(INSTALL_DATA) gdbm.h \ - $(DESTDIR)$(includedir)/gdbm.h - $(INSTALL_DATA) $(srcdir)/gdbm.3 \ -@@ -142,7 +142,7 @@ - install-compat: - $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \ - $(DESTDIR)$(includedir) -- $(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \ -+ $(LIBTOOL) --mode=install $(INSTALL) -c libgdbm_compat.la \ - $(DESTDIR)$(libdir)/libgdbm_compat.la - $(INSTALL_DATA) $(srcdir)/dbm.h \ - $(DESTDIR)$(includedir)/dbm.h diff --git a/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch b/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch deleted file mode 100644 index 369145c410..0000000000 --- a/meta/recipes-support/gdbm/gdbm-1.8.3/makefile.patch +++ /dev/null @@ -1,60 +0,0 @@ -Upstream-Status: Pending - -# -# Patch managed by http://www.mn-logistik.de/unsupported/pxa250/patcher -# - ---- gdbm-1.8.3/Makefile.in~makefile -+++ gdbm-1.8.3/Makefile.in -@@ -22,6 +22,7 @@ - TEXI2DVI = texi2dvi - - DEFS = -+DESTDIR = - - # Where the system [n]dbm routines are... - LIBS = @LIBS@ -lc -@@ -127,26 +128,26 @@ - progs: $(PROGS) - - install: libgdbm.la gdbm.h gdbm.info -- $(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \ -- $(INSTALL_ROOT)$(includedir) $(INSTALL_ROOT)$(man3dir) \ -- $(INSTALL_ROOT)$(infodir) -- $(LIBTOOL) $(INSTALL) -c libgdbm.la $(INSTALL_ROOT)$(libdir)/libgdbm.la -- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) gdbm.h \ -- $(INSTALL_ROOT)$(includedir)/gdbm.h -- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.3 \ -- $(INSTALL_ROOT)$(man3dir)/gdbm.3 -- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.info \ -- $(INSTALL_ROOT)$(infodir)/gdbm.info -+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \ -+ $(DESTDIR)$(includedir) $(DESTDIR)$(man3dir) \ -+ $(DESTDIR)$(infodir) -+ $(LIBTOOL) $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la -+ $(INSTALL_DATA) gdbm.h \ -+ $(DESTDIR)$(includedir)/gdbm.h -+ $(INSTALL_DATA) $(srcdir)/gdbm.3 \ -+ $(DESTDIR)$(man3dir)/gdbm.3 -+ $(INSTALL_DATA) $(srcdir)/gdbm.info \ -+ $(DESTDIR)$(infodir)/gdbm.info - - install-compat: -- $(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \ -- $(INSTALL_ROOT)$(includedir) -+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \ -+ $(DESTDIR)$(includedir) - $(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \ -- $(INSTALL_ROOT)$(libdir)/libgdbm_compat.la -- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/dbm.h \ -- $(INSTALL_ROOT)$(includedir)/dbm.h -- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/ndbm.h \ -- $(INSTALL_ROOT)$(includedir)/ndbm.h -+ $(DESTDIR)$(libdir)/libgdbm_compat.la -+ $(INSTALL_DATA) $(srcdir)/dbm.h \ -+ $(DESTDIR)$(includedir)/dbm.h -+ $(INSTALL_DATA) $(srcdir)/ndbm.h \ -+ $(DESTDIR)$(includedir)/ndbm.h - - #libgdbm.a: $(OBJS) gdbm.h - # rm -f libgdbm.a diff --git a/meta/recipes-support/gdbm/gdbm_1.8.3.bb b/meta/recipes-support/gdbm/gdbm_1.8.3.bb deleted file mode 100644 index b253dc1447..0000000000 --- a/meta/recipes-support/gdbm/gdbm_1.8.3.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Key/value database library with extensible hashing" -HOMEPAGE = "http://www.gnu.org/software/gdbm/" -SECTION = "libs" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=d8e20eece214df8ef953ed5857862150" - -PR = "r4" - -SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \ - file://makefile.patch \ - file://libtool-mode.patch \ - file://ldflags.patch" - -SRC_URI[md5sum] = "1d1b1d5c0245b1c00aff92da751e9aa1" -SRC_URI[sha256sum] = "cc340338a2e28b40058ab9eb5354a21d53f88a1582ea21ba0bb185c37a281dc9" - -inherit autotools texinfo - -BBCLASSEXTEND = "native nativesdk" - -do_install_append () { - oe_runmake install-compat DESTDIR=${D} - install -d ${D}${includedir}/gdbm - install -m 0644 ${S}/dbm.h ${D}${includedir}/ - install -m 0644 ${S}/ndbm.h ${D}${includedir}/ - # Create a symlink to ndbm.h and gdbm.h in include/gdbm to let other packages to find - # these headers - ln -sf ../ndbm.h ${D}/${includedir}/gdbm/ndbm.h - ln -sf ../gdbm.h ${D}/${includedir}/gdbm/gdbm.h -} diff --git a/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch b/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch deleted file mode 100644 index 627d71aba9..0000000000 --- a/meta/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 3cb33502bafd04b8ad4ca3454fab16d5ff313297 Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Tue, 22 Sep 2015 13:16:23 +0300 -Subject: [PATCH] Use __gnu_inline__ attribute - -gcc5 uses C11 inline rules. This means the old "extern inline" -semantics are not available without a special attribute. - -See: https://gcc.gnu.org/gcc-5/porting_to.html - -Upstream-Status: Inappropriate [Fixed in current versions] -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> ---- - gmp-h.in | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/gmp-h.in b/gmp-h.in -index eed6fe4..361dd1d 100644 ---- a/gmp-h.in -+++ b/gmp-h.in -@@ -419,8 +419,11 @@ typedef __mpq_struct *mpq_ptr; - /* gcc has __inline__ in all modes, including strict ansi. Give a prototype - for an inline too, so as to correctly specify "dllimport" on windows, in - case the function is called rather than inlined. */ -+ -+/* Use __gnu_inline__ attribute: later gcc uses different "extern inline" -+ behaviour */ - #ifdef __GNUC__ --#define __GMP_EXTERN_INLINE extern __inline__ -+#define __GMP_EXTERN_INLINE extern __inline__ __attribute__ ((__gnu_inline__)) - #define __GMP_INLINE_PROTOTYPES 1 - #endif - --- -2.1.4 - diff --git a/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch b/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch deleted file mode 100644 index 6da0be9ca0..0000000000 --- a/meta/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch +++ /dev/null @@ -1,57 +0,0 @@ -From d50686de0406a88ef9112f5252103f799982e84a Mon Sep 17 00:00:00 2001 -From: Andre McCurdy <armccurdy@gmail.com> -Date: Thu, 4 Feb 2016 14:00:00 -0800 -Subject: [PATCH] avoid h asm constraint for MIPS - -The h asm constrain (to extract the high part of a multiplication -result) has not been recognised since gcc 4.4: - - https://gcc.gnu.org/gcc-4.4/changes.html - -Drop the MIPS umul_ppmm() implementations which rely on "=h" and fall -back to the older implementations (which use explicit mfhi and mflo -instructions to move the high and low parts of the multiplication -result into their destinations). - -Upstream-Status: Inappropriate [upstream has a different solution] - -Signed-off-by: Andre McCurdy <armccurdy@gmail.com> ---- - longlong.h | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/longlong.h b/longlong.h -index b53fbee..0193abb 100644 ---- a/longlong.h -+++ b/longlong.h -@@ -1011,27 +1011,17 @@ extern UWtype __MPN(udiv_qrnnd) _PROTO ((UWtype *, UWtype, UWtype, UWtype)); - #endif /* __m88000__ */ - - #if defined (__mips) && W_TYPE_SIZE == 32 --#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 --#define umul_ppmm(w1, w0, u, v) \ -- __asm__ ("multu %2,%3" : "=l" (w0), "=h" (w1) : "d" (u), "d" (v)) --#else - #define umul_ppmm(w1, w0, u, v) \ - __asm__ ("multu %2,%3\n\tmflo %0\n\tmfhi %1" \ - : "=d" (w0), "=d" (w1) : "d" (u), "d" (v)) --#endif - #define UMUL_TIME 10 - #define UDIV_TIME 100 - #endif /* __mips */ - - #if (defined (__mips) && __mips >= 3) && W_TYPE_SIZE == 64 --#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 --#define umul_ppmm(w1, w0, u, v) \ -- __asm__ ("dmultu %2,%3" : "=l" (w0), "=h" (w1) : "d" (u), "d" (v)) --#else - #define umul_ppmm(w1, w0, u, v) \ - __asm__ ("dmultu %2,%3\n\tmflo %0\n\tmfhi %1" \ - : "=d" (w0), "=d" (w1) : "d" (u), "d" (v)) --#endif - #define UMUL_TIME 20 - #define UDIV_TIME 140 - #endif /* __mips */ --- -1.9.1 - diff --git a/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch b/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch deleted file mode 100644 index 26fd8ef8bc..0000000000 --- a/meta/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch +++ /dev/null @@ -1,56 +0,0 @@ -automake 1.12 has depricated automatic de-ANSI-fication support - -this patch avoids these kinds of errors: - -| configure.in:2240: error: automatic de-ANSI-fication support has been removed -| Makefile.am:28: error: automatic de-ANSI-fication support has been removed - -Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> -2012/05/02 - - -This patch was removed in f181c6ce8b3 when gmp 4.2.1 was mistakenly -dropped. - -Upstream is not interested in patches for ancient versions. - -Upstream-Status: Inappropriate -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> - - -Index: gmp-4.2.1/configure.in -=================================================================== ---- gmp-4.2.1.orig/configure.in -+++ gmp-4.2.1/configure.in -@@ -67,7 +67,7 @@ dnl - dnl Note that there's a copy of these options in the top-level Makefile.am, - dnl so update there too if changing anything. - dnl --AM_INIT_AUTOMAKE([1.8 gnu no-dependencies $(top_builddir)/ansi2knr]) -+AM_INIT_AUTOMAKE([1.8 gnu no-dependencies]) - AM_CONFIG_HEADER(config.h:config.in) - AM_MAINTAINER_MODE - -@@ -2022,9 +2022,6 @@ fi - echo " MPN_PATH=\"$path\"" - - --# Automake ansi2knr support. --AM_C_PROTOTYPES -- - GMP_PROG_AR - GMP_PROG_NM - -Index: gmp-4.2.1/Makefile.am -=================================================================== ---- gmp-4.2.1.orig/Makefile.am -+++ gmp-4.2.1/Makefile.am -@@ -27,7 +27,7 @@ - # Makefiles in subdirectories, but here we must omit it so automake gives - # the actual ansi2knr build rule, not "cd $(top_builddir) && make ansi2knr". - # --AUTOMAKE_OPTIONS = 1.8 gnu no-dependencies ansi2knr -+AUTOMAKE_OPTIONS = 1.8 gnu no-dependencies - - - # Libtool -version-info for libgmp.la and libmp.la. See "Versioning" in the diff --git a/meta/recipes-support/gmp/gmp_4.2.1.bb b/meta/recipes-support/gmp/gmp_4.2.1.bb deleted file mode 100644 index 5e8ee29f36..0000000000 --- a/meta/recipes-support/gmp/gmp_4.2.1.bb +++ /dev/null @@ -1,17 +0,0 @@ -require gmp.inc - -LICENSE = "LGPLv2.1+ & GPLv2+" -LICENSE_${PN} = "LGPLv2.1+" - -LIC_FILES_CHKSUM = "file://COPYING;md5=892f569a555ba9c07a568a7c0c4fa63a \ - file://COPYING.LIB;md5=fbc093901857fcd118f065f900982c24 \ - file://gmp-h.in;beginline=6;endline=21;md5=e056f74a12c3277d730dbcfb85d2ca34" - -SRC_URI = "https://gmplib.org/download/${BPN}/archive/${BP}.tar.bz2 \ - file://Use-__gnu_inline__-attribute.patch \ - file://gmp_fix_for_automake-1.12.patch \ - file://avoid-h-asm-constraint-for-MIPS.patch \ -" - -SRC_URI[md5sum] = "091c56e0e1cca6b09b17b69d47ef18e3" -SRC_URI[sha256sum] = "d07ffcb37eecec35c5ec72516d10b35fdf6e6fef1fcf1dcd37e30b8cbf8bf941" diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch deleted file mode 100644 index f0667741c8..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch +++ /dev/null @@ -1,63 +0,0 @@ -From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Thu, 25 Jul 2013 11:17:52 +0200 -Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret - exponents. - -commit e2202ff2b704623efc6277fb5256e4e15bac5676 from -git://git.gnupg.org/libgcrypt.git - -* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for -exponents in secure memory. - -Upstream-Status: Backport -CVE: CVE-2013-4242 - -Signed-off-by: Kai Kang <kai.kang@windriver.com> --- - -The attack is published as http://eprint.iacr.org/2013/448 : - -Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel -Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. - - Flush+Reload is a cache side-channel attack that monitors access to - data in shared pages. In this paper we demonstrate how to use the - attack to extract private encryption keys from GnuPG. The high - resolution and low noise of the Flush+Reload attack enables a spy - program to recover over 98% of the bits of the private key in a - single decryption or signing round. Unlike previous attacks, the - attack targets the last level L3 cache. Consequently, the spy - program and the victim do not need to share the execution core of - the CPU. The attack is not limited to a traditional OS and can be - used in a virtualised environment, where it can attack programs - executing in a different VM. - -Index: gnupg-1.4.7/mpi/mpi-pow.c -=================================================================== ---- gnupg-1.4.7.orig/mpi/mpi-pow.c -+++ gnupg-1.4.7/mpi/mpi-pow.c -@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen - tp = rp; rp = xp; xp = tp; - rsize = xsize; - -- if( (mpi_limb_signed_t)e < 0 ) { -+ /* To mitigate the Yarom/Falkner flush+reload cache -+ * side-channel attack on the RSA secret exponent, we do -+ * the multiplication regardless of the value of the -+ * high-bit of E. But to avoid this performance penalty -+ * we do it only if the exponent has been stored in secure -+ * memory and we can thus assume it is a secret exponent. */ -+ if (esec || (mpi_limb_signed_t)e < 0) { - /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/ - if( bsize < KARATSUBA_THRESHOLD ) { - mpihelp_mul( xp, rp, rsize, bp, bsize ); -@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen - mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); - xsize = msize; - } -+ } -+ if ( (mpi_limb_signed_t)e < 0 ) { - - tp = rp; rp = xp; xp = tp; - rsize = xsize; diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch deleted file mode 100644 index b50a32f40c..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch +++ /dev/null @@ -1,45 +0,0 @@ -Upstream-Status: Backport -CVE: CVE-2013-4351 - -Index: gnupg-1.4.7/g10/getkey.c -=================================================================== ---- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 -+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 -@@ -1454,7 +1454,11 @@ - - if(flags) - key_usage |= PUBKEY_USAGE_UNKNOWN; -+ if (!key_usage) -+ key_usage |= PUBKEY_USAGE_NONE; - } -+ else if (p) -+ key_usage |= PUBKEY_USAGE_NONE; - - /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a - capability that we do not handle. This serves to distinguish -Index: gnupg-1.4.7/g10/keygen.c -=================================================================== ---- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 -+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 -@@ -209,9 +209,6 @@ - if (use & PUBKEY_USAGE_AUTH) - buf[0] |= 0x20; - -- if (!buf[0]) -- return; -- - build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); - } - -Index: gnupg-1.4.7/include/cipher.h -=================================================================== ---- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 -+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 -@@ -52,6 +52,7 @@ - #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ - #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ - #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ -+#define PUBKEY_USAGE_NONE 256 /* No usage given. */ - - #define DIGEST_ALGO_MD5 1 - #define DIGEST_ALGO_SHA1 2 diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch deleted file mode 100644 index 5dcde1f9cb..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch +++ /dev/null @@ -1,154 +0,0 @@ -Upstream-Status: Backport -CVE: CVE-2013-4576 - -Index: gnupg-1.4.7/cipher/dsa.c -=================================================================== ---- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800 -+++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800 -@@ -287,6 +287,8 @@ - MPI kinv; - MPI tmp; - -+ mpi_normalize (hash); -+ - /* select a random k with 0 < k < q */ - k = gen_k( skey->q ); - -Index: gnupg-1.4.7/cipher/elgamal.c -=================================================================== ---- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800 -+++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800 -@@ -376,6 +376,9 @@ - { - MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); - -+ mpi_normalize (a); -+ mpi_normalize (b); -+ - /* output = b/(a^x) mod p */ - mpi_powm( t1, a, skey->x, skey->p ); - mpi_invm( t1, t1, skey->p ); -Index: gnupg-1.4.7/cipher/random.c -=================================================================== ---- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800 -+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800 -@@ -273,6 +273,18 @@ - } - - -+/* Randomize the MPI */ -+void -+randomize_mpi (MPI mpi, size_t nbits, int level) -+{ -+ unsigned char *buffer; -+ -+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi)); -+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0); -+ xfree (buffer); -+} -+ -+ - int - random_is_faked() - { -Index: gnupg-1.4.7/cipher/random.h -=================================================================== ---- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800 -+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800 -@@ -32,6 +32,7 @@ - int random_is_faked(void); - void random_disable_locking (void); - void randomize_buffer( byte *buffer, size_t length, int level ); -+void randomize_mpi (MPI mpi, size_t nbits, int level); - byte *get_random_bits( size_t nbits, int level, int secure ); - void fast_random_poll( void ); - -Index: gnupg-1.4.7/cipher/rsa.c -=================================================================== ---- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800 -+++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800 -@@ -301,9 +301,26 @@ - #if 0 - mpi_powm( output, input, skey->d, skey->n ); - #else -- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); -- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); -- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); -+ int nlimbs = mpi_get_nlimbs (skey->n)+1; -+ MPI m1 = mpi_alloc_secure (nlimbs); -+ MPI m2 = mpi_alloc_secure (nlimbs); -+ MPI h = mpi_alloc_secure (nlimbs); -+# if 1 -+ MPI bdata= mpi_alloc_secure (nlimbs); -+ MPI r = mpi_alloc_secure (nlimbs); -+# endif -+ -+ /* Remove superfluous leading zeroes from INPUT. */ -+ mpi_normalize (input); -+ -+# if 1 -+ /* Blind: bdata = (data * r^e) mod n */ -+ randomize_mpi (r, mpi_get_nbits (skey->n), 0); -+ mpi_fdiv_r (r, r, skey->n); -+ mpi_powm (bdata, r, skey->e, skey->n); -+ mpi_mulm (bdata, bdata, input, skey->n); -+ input = bdata; -+# endif - - /* m1 = c ^ (d mod (p-1)) mod p */ - mpi_sub_ui( h, skey->p, 1 ); -@@ -321,8 +338,15 @@ - /* m = m2 + h * p */ - mpi_mul ( h, h, skey->p ); - mpi_add ( output, m1, h ); -- /* ready */ -- -+ -+# if 1 -+ mpi_free (bdata); -+ /* Unblind: output = (output * r^(-1)) mod n */ -+ mpi_invm (r, r, skey->n); -+ mpi_mulm (output, output, r, skey->n); -+ mpi_free (r); -+# endif -+ - mpi_free ( h ); - mpi_free ( m1 ); - mpi_free ( m2 ); -@@ -397,6 +421,7 @@ - rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) - { - RSA_secret_key sk; -+ MPI input; - - if( algo != 1 && algo != 2 ) - return G10ERR_PUBKEY_ALGO; -@@ -407,8 +432,14 @@ - sk.p = skey[3]; - sk.q = skey[4]; - sk.u = skey[5]; -- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) ); -- secret( *result, data[0], &sk ); -+ -+ /* Mitigates side-channel attacks (CVE-2013-4576). */ -+ input = mpi_alloc (0); -+ mpi_normalize (data[0]); -+ mpi_fdiv_r (input, data[0], sk.n); -+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n)); -+ secret (*result, input, &sk); -+ mpi_free (input); - return 0; - } - -Index: gnupg-1.4.7/g10/gpgv.c -=================================================================== ---- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800 -+++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800 -@@ -390,6 +390,7 @@ - void random_dump_stats(void) {} - int quick_random_gen( int onoff ) { return -1;} - void randomize_buffer( byte *buffer, size_t length, int level ) {} -+void randomize_mpi (MPI mpi, size_t nbits, int level) {} - int random_is_faked() { return -1;} - byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;} - void set_random_seed_file( const char *name ) {} diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch deleted file mode 100644 index 362717636b..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch +++ /dev/null @@ -1,64 +0,0 @@ -commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 -Author: Werner Koch <wk@gnupg.org> -Date: Thu Dec 20 09:43:41 2012 +0100 - - gpg: Import only packets which are allowed in a keyblock. - - * g10/import.c (valid_keyblock_packet): New. - (read_block): Store only valid packets. - -- - - A corrupted key, which for example included a mangled public key - encrypted packet, used to corrupt the keyring. This change skips all - packets which are not allowed in a keyblock. - - GnuPG-bug-id: 1455 - - (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) - -Upstream-Status: Backport -CVE: CVE-2012-6085 - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -diff --git a/g10/import.c b/g10/import.c -index bfe02eb..a57b32e 100644 ---- a/g10/import.c -+++ b/g10/import.c -@@ -384,6 +384,27 @@ import_print_stats (void *hd) - } - - -+/* Return true if PKTTYPE is valid in a keyblock. */ -+static int -+valid_keyblock_packet (int pkttype) -+{ -+ switch (pkttype) -+ { -+ case PKT_PUBLIC_KEY: -+ case PKT_PUBLIC_SUBKEY: -+ case PKT_SECRET_KEY: -+ case PKT_SECRET_SUBKEY: -+ case PKT_SIGNATURE: -+ case PKT_USER_ID: -+ case PKT_ATTRIBUTE: -+ case PKT_RING_TRUST: -+ return 1; -+ default: -+ return 0; -+ } -+} -+ -+ - /**************** - * Read the next keyblock from stream A. - * PENDING_PKT should be initialzed to NULL -@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) - } - in_cert = 1; - default: -- if( in_cert ) { -+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { - if( !root ) - root = new_kbnode( pkt ); - else diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch deleted file mode 100644 index e005ac658f..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch +++ /dev/null @@ -1,17 +0,0 @@ - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: gnupg-1.4.7/configure.ac -=================================================================== ---- gnupg-1.4.7.orig/configure.ac -+++ gnupg-1.4.7/configure.ac -@@ -827,7 +827,6 @@ else - AC_SUBST(USE_NLS) - AC_SUBST(USE_INCLUDED_LIBINTL) - AC_SUBST(BUILD_INCLUDED_LIBINTL) -- AM_PO_SUBDIRS - fi - - if test "$try_extensions" = yes || test x"$card_support" = xyes ; then diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch deleted file mode 100644 index e5fb24aa63..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch +++ /dev/null @@ -1,27 +0,0 @@ - -This has been discussed in a couple of different bug reported -upstream: - -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250 -http://bugs.sourcemage.org/show_bug.cgi?id=14446 - -Fix: -http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html - -Upstream-Status: Backport [Debian] - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c -=================================================================== ---- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c -+++ gnupg-1.4.7/keyserver/gpgkeys_curl.c -@@ -286,7 +286,7 @@ main(int argc,char *argv[]) - curl_easy_setopt(curl,CURLOPT_VERBOSE,1); - } - -- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert); -+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); - curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); - - if(proxy) diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch deleted file mode 100644 index 2855cab24b..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch +++ /dev/null @@ -1,19 +0,0 @@ -Orignal Patch came from OpenWrt via OE-Classic -https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4 -which is no longer a valid revision! - -Upstream-Status: Inappropriate [configuration] - - ---- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000 -+++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000 -@@ -181,7 +181,7 @@ - /*************************************** - ************** ARM ****************** - ***************************************/ --#if defined (__arm__) && W_TYPE_SIZE == 32 -+#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__) - #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ - __asm__ ("adds %1, %4, %5\n" \ - "adc %0, %2, %3" \ - diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch deleted file mode 100644 index 9a03b2b705..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch +++ /dev/null @@ -1,50 +0,0 @@ - -From Openembedded-Classic - - gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support - - -Upstream-Status: Inappropriate [embedded-specific] - -Index: gnupg-1.4.10/mpi/longlong.h -=================================================================== ---- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100 -+++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100 -@@ -706,18 +706,35 @@ - #endif /* __m88110__ */ - #endif /* __m88000__ */ - -+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */ -+#if defined (__GNUC__) && defined (__GNUC_MINOR__) -+#define __GNUC_PREREQ(maj, min) \ -+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) -+#else -+#define __GNUC_PREREQ(maj, min) 0 -+#endif -+ - /*************************************** - ************** MIPS ***************** - ***************************************/ - #if defined (__mips__) && W_TYPE_SIZE == 32 --#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 -+#if __GNUC_PREREQ (4,4) -+#define umul_ppmm(w1, w0, u, v) \ -+ do { \ -+ UDItype __ll = (UDItype)(u) * (v); \ -+ w1 = __ll >> 32; \ -+ w0 = __ll; \ -+ } while (0) -+#endif -+#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7) - #define umul_ppmm(w1, w0, u, v) \ - __asm__ ("multu %2,%3" \ - : "=l" ((USItype)(w0)), \ - "=h" ((USItype)(w1)) \ - : "d" ((USItype)(u)), \ - "d" ((USItype)(v))) --#else -+#endif -+#if !defined (umul_ppmm) - #define umul_ppmm(w1, w0, u, v) \ - __asm__ ("multu %2,%3 \n" \ - "mflo %0 \n" \ diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb deleted file mode 100644 index 6ccffd54ca..0000000000 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ /dev/null @@ -1,104 +0,0 @@ -SUMMARY = "GNU Privacy Guard - encryption and signing tools" -HOMEPAGE = "http://www.gnupg.org/" -DEPENDS = "zlib bzip2 readline" -SECTION = "console/utils" - -LICENSE = "GPLv2" - -LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" - -PR = "r9" - -SRC_URI = "${GNUPG_MIRROR}/gnupg/gnupg-${PV}.tar.bz2 \ - file://long-long-thumb.patch \ - file://configure.patch \ - file://mips_gcc4.4.patch \ - file://GnuPG1-CVE-2012-6085.patch \ - file://curl_typeof_fix_backport.patch \ - file://CVE-2013-4351.patch \ - file://CVE-2013-4576.patch \ - file://CVE-2013-4242.patch \ - " - -SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" -SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" - -inherit autotools gettext texinfo - -# --with-egd-socket=NAME use NAME for the EGD socket -# --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer -# --with-included-zlib use the zlib code included here -# --with-capabilities use linux capabilities default=no -# --with-mailprog=NAME use "NAME -t" for mail transport -# --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib -# --without-libiconv-prefix don't search for libiconv in includedir and libdir -# --with-included-gettext use the GNU gettext library included here -# --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib -# --without-libintl-prefix don't search for libintl in includedir and libdir -# --without-readline do not support fancy command line editing -# --with-included-regex use the included GNU regex library -# --with-zlib=DIR use libz in DIR -# --with-bzip2=DIR look for bzip2 in DIR -# --enable-static-rnd=egd|unix|linux|auto -# --disable-dev-random disable the use of dev random -# --disable-asm do not use assembler modules -# --enable-m-guard enable memory guard facility -# --enable-selinux-support -# enable SELinux support -# --disable-card-support disable OpenPGP card support -# --disable-gnupg-iconv disable the new iconv code -# --enable-backsigs enable the experimental backsigs code -# --enable-minimal build the smallest gpg binary possible -# --disable-rsa disable the RSA public key algorithm -# --disable-idea disable the IDEA cipher -# --disable-cast5 disable the CAST5 cipher -# --disable-blowfish disable the BLOWFISH cipher -# --disable-aes disable the AES, AES192, and AES256 ciphers -# --disable-twofish disable the TWOFISH cipher -# --disable-sha256 disable the SHA-256 digest -# --disable-sha512 disable the SHA-384 and SHA-512 digests -# --disable-bzip2 disable the BZIP2 compression algorithm -# --disable-exec disable all external program execution -# --disable-photo-viewers disable photo ID viewers -# --disable-keyserver-helpers disable all external keyserver support -# --disable-ldap disable LDAP keyserver interface -# --disable-hkp disable HKP keyserver interface -# --disable-http disable HTTP key fetching interface -# --disable-finger disable Finger key fetching interface -# --disable-mailto disable email keyserver interface -# --disable-keyserver-path disable the exec-path option for keyserver helpers -# --enable-key-cache=SIZE Set key cache to SIZE (default 4096) -# --disable-largefile omit support for large files -# --disable-dns-srv disable the use of DNS SRV in HKP and HTTP -# --disable-nls do not use Native Language Support -# --disable-regex do not handle regular expressions in trust sigs - -EXTRA_OECONF = "--disable-ldap \ - --with-zlib=${STAGING_LIBDIR}/.. \ - --with-bzip2=${STAGING_LIBDIR}/.. \ - --disable-selinux-support \ - --with-readline=${STAGING_LIBDIR}/.. \ - ac_cv_sys_symbol_underscore=no \ - " - -# Force gcc's traditional handling of inline to avoid issues with gcc 5 -CFLAGS += "-fgnu89-inline" - -do_install () { - autotools_do_install - install -d ${D}${docdir}/${BPN} - mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ || : - mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ || : -} - -# split out gpgv from main package -RDEPENDS_${PN} = "gpgv" -PACKAGES =+ "gpgv" -FILES_gpgv = "${bindir}/gpgv" - -# Exclude debug files from the main packages -FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*" - -PACKAGECONFIG ??= "" -PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR},--without-libcurl,curl" -PACKAGECONFIG[libusb] = "--with-libusb=${STAGING_LIBDIR},--without-libusb,libusb-compat" diff --git a/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch b/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch deleted file mode 100644 index 3cbf549d48..0000000000 --- a/meta/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch +++ /dev/null @@ -1,50 +0,0 @@ -It adds the variables that are needed -for autoconf 2.65 to reconfigure libiconv and defines the m4 macros -directory. Its imported from OE. - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: libiconv-1.11.1/configure.ac -=================================================================== ---- libiconv-1.11.1.orig/configure.ac -+++ libiconv-1.11.1/configure.ac -@@ -23,7 +23,7 @@ AC_CONFIG_AUX_DIR(build-aux) - AM_INIT_AUTOMAKE(libiconv, 1.11) - AC_CONFIG_HEADERS(config.h lib/config.h) - AC_PROG_MAKE_SET -- -+AC_CONFIG_MACRO_DIR([m4]) - dnl checks for basic programs - - AC_PROG_CC -Index: libiconv-1.11.1/libcharset/configure.ac -=================================================================== ---- libiconv-1.11.1.orig/libcharset/configure.ac -+++ libiconv-1.11.1/libcharset/configure.ac -@@ -16,17 +16,17 @@ dnl along with the GNU CHARSET Library; - dnl write to the Free Software Foundation, Inc., 51 Franklin Street, - dnl Fifth Floor, Boston, MA 02110-1301, USA. - --AC_PREREQ(2.13) -+AC_PREREQ(2.61) -+AC_INIT([libcharset],[1.4] ) -+AC_CONFIG_SRCDIR([lib/localcharset.c]) - --PACKAGE=libcharset --VERSION=1.4 -- --AC_INIT(lib/localcharset.c) - AC_CONFIG_AUX_DIR(build-aux) - AC_CONFIG_HEADER(config.h) - AC_PROG_MAKE_SET --AC_SUBST(PACKAGE) --AC_SUBST(VERSION) -+dnl AC_SUBST(PACKAGE) -+dnl AC_SUBST(VERSION) -+ -+AC_CONFIG_MACRO_DIR([m4]) - - dnl checks for basic programs - diff --git a/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch b/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch deleted file mode 100644 index fb07f7366b..0000000000 --- a/meta/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch +++ /dev/null @@ -1,26 +0,0 @@ -With libtool generating shared and static version of libraries needs -fPIC flags -without this it will not generate the commands to create shared linked library -Its more enforced by libtool 2.4. I have not checked it with older libtool -libiconv 1.11.x is relatively old release and libtool 2.4 did not exist when it -was released these kind of problem are more likely - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: libiconv-1.11.1/lib/Makefile.in -=================================================================== ---- libiconv-1.11.1.orig/lib/Makefile.in -+++ libiconv-1.11.1/lib/Makefile.in -@@ -70,9 +70,9 @@ preloadable_libiconv.so : preloadable_li - - preloadable_libiconv_linux.so : $(SOURCES) - if test -n "@GCC@"; then \ -- $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -fPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -shared -o preloadable_libiconv_linux.so; \ -+ $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -fPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -rpath $(libdir) -o libpreload_iconv.la && cp .libs/libpreload_iconv.so preloadable_libiconv_linux.so; \ - else \ -- $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -KPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -shared -o preloadable_libiconv_linux.so; \ -+ $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -KPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -rpath $(libdir) -o libpreload_iconv.la && cp .libs/libpreload_iconv.so preloadable_libiconv_linux.so; \ - fi - - preloadable_libiconv_solaris.so : $(SOURCES) diff --git a/meta/recipes-support/libiconv/libiconv_1.11.1.bb b/meta/recipes-support/libiconv/libiconv_1.11.1.bb deleted file mode 100644 index f28e64ae2e..0000000000 --- a/meta/recipes-support/libiconv/libiconv_1.11.1.bb +++ /dev/null @@ -1,47 +0,0 @@ -SUMMARY = "Character encoding support library" -DESCRIPTION = "GNU libiconv - libiconv is for you if your application needs to support \ -multiple character encodings, but that support lacks from your system." -HOMEPAGE = "http://www.gnu.org/software/libiconv" -SECTION = "libs" -NOTES = "Needs to be stripped down to: ascii iso8859-1 eucjp iso-2022jp gb utf8" -PROVIDES = "virtual/libiconv" - -LICENSE = "LGPLv2.0" -LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674 \ - file://libcharset/COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674" - -SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ - file://autoconf.patch \ - file://shared_preloadable_libiconv_linux.patch \ - " - -SRC_URI[md5sum] = "d42b97f6ef5dd0ba4469d520ed732fed" -SRC_URI[sha256sum] = "e78c347a1a0cb15f2648519e9799151f4b4a934b61ad9ee7424478efe2b8257f" - -S = "${WORKDIR}/libiconv-${PV}" - -inherit autotools pkgconfig gettext - -python __anonymous() { - if d.getVar("TCLIBC") == "glibc": - raise bb.parse.SkipPackage("libiconv is provided for use with uClibc only - glibc already provides iconv") -} - -EXTRA_OECONF += "--enable-shared --enable-static --enable-relocatable" - -LEAD_SONAME = "libiconv.so" - -do_configure_prepend () { - rm -f ${S}/m4/libtool.m4 ${S}/m4/ltoptions.m4 ${S}/m4/ltsugar.m4 ${S}/m4/ltversion.m4 ${S}/m4/lt~obsolete.m4 ${S}/libcharset/m4/libtool.m4 ${S}/libcharset/m4/ltoptions.m4 ${S}/libcharset/m4/ltsugar.m4 ${S}/libcharset/m4/ltversion.m4 ${S}/libcharset/m4/lt~obsolete.m4 -} - -do_configure_append () { - # forcibly remove RPATH from libtool - sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' *libtool - sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=_NO_RPATH_|g' *libtool -} - -do_install_append () { - rm -rf ${D}${libdir}/preloadable_libiconv.so - rm -rf ${D}${libdir}/charset.alias -} diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch deleted file mode 100644 index a956f426b8..0000000000 --- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch +++ /dev/null @@ -1,71 +0,0 @@ -Upstream-Status: Backport -https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d - -CVE: CVE-2015-8803 -CVE: CVE-2015-8805 - -Same fix for both. - -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: nettle-2.7.1/ecc-256.c -=================================================================== ---- nettle-2.7.1.orig/ecc-256.c -+++ nettle-2.7.1/ecc-256.c -@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec - q2 += t + (q1 < t); - - assert (q2 < 2); -+ /* -+ n-1 n-2 n-3 n-4 -+ +---+---+---+---+ -+ | u1| u0| u low | -+ +---+---+---+---+ -+ - | q1(2^96-1)| -+ +-------+---+ -+ |q2(2^.)| -+ +-------+ - -- /* We multiply by two low limbs of p, 2^96 - 1, so we could use -- shifts rather than mul. */ -+ We multiply by two low limbs of p, 2^96 - 1, so we could use -+ shifts rather than mul. -+ */ - t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1); - t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1); - t += (-q2) & 0xffffffff; -@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec - u0 -= t; - t = (u1 < cy); - u1 -= cy; -- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3); -+ -+ cy = cnd_add_n (t, rp + n - 4, ecc->p, 2); -+ u0 += cy; -+ u1 += (u0 < cy); - u1 -= (-t) & 0xffffffff; - } - rp[2] = u0; -@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec - - /* Conditional add of p */ - u1 += t; -- u2 += (t<<32) + (u0 < t); -+ u2 += (t<<32) + (u1 < t); - - t = cnd_add_n (t, rp + n - 4, ecc->q, 2); - u1 += t; -Index: nettle-2.7.1/ChangeLog -=================================================================== ---- nettle-2.7.1.orig/ChangeLog -+++ nettle-2.7.1/ChangeLog -@@ -1,3 +1,9 @@ -+2015-12-10 Niels Möller <nisse@lysator.liu.se> -+ -+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem -+ reported by Hanno Böck. -+ (ecc_256_modq): Fixed another carry propagation bug. -+ - 2013-05-28 Niels Möller <nisse@lysator.liu.se> - - * Released nettle-2.7.1. diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch deleted file mode 100644 index 73723a998d..0000000000 --- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch +++ /dev/null @@ -1,272 +0,0 @@ -Upstream-Status: Backport - https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7 - -CVE: CVE-2015-8804 -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: nettle-2.7.1/ChangeLog -=================================================================== ---- nettle-2.7.1.orig/ChangeLog -+++ nettle-2.7.1/ChangeLog -@@ -1,3 +1,11 @@ -+2015-12-15 Niels Möller <nisse@lysator.liu.se> -+ -+ * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem -+ reported by Hanno Böck. Simplified the folding to always use -+ non-negative carry, the old code attempted to add in a carry which -+ could be either positive or negative, but didn't get that case -+ right. -+ - 2015-12-10 Niels Möller <nisse@lysator.liu.se> - - * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem -Index: nettle-2.7.1/x86_64/ecc-384-modp.asm -=================================================================== ---- nettle-2.7.1.orig/x86_64/ecc-384-modp.asm -+++ nettle-2.7.1/x86_64/ecc-384-modp.asm -@@ -20,7 +20,7 @@ C MA 02111-1301, USA. - .file "ecc-384-modp.asm" - - define(<RP>, <%rsi>) --define(<D4>, <%rax>) -+define(<D5>, <%rax>) - define(<T0>, <%rbx>) - define(<T1>, <%rcx>) - define(<T2>, <%rdx>) -@@ -35,8 +35,8 @@ define(<H4>, <%r13>) - define(<H5>, <%r14>) - define(<C2>, <%r15>) - define(<C0>, H5) C Overlap --define(<D0>, RP) C Overlap --define(<TMP>, H4) C Overlap -+define(<TMP>, RP) C Overlap -+ - - PROLOGUE(nettle_ecc_384_modp) - W64_ENTRY(2, 0) -@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp) - push %r14 - push %r15 - -- C First get top 2 limbs, which need folding twice -+ C First get top 2 limbs, which need folding twice. -+ C B^10 = B^6 + B^4 + 2^32 (B-1)B^4. -+ C We handle the terms as follow: - C -- C H5 H4 -- C -H5 -- C ------ -- C H0 D4 -+ C B^6: Folded immediatly. - C -- C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32 -- C and add -+ C B^4: Delayed, added in in the next folding. - C -- C H5 H4 -- C H1 H0 -- C ---------- -- C C2 H1 H0 -- -- mov 80(RP), D4 -- mov 88(RP), H0 -- mov D4, H4 -- mov H0, H5 -- sub H0, D4 -- sbb $0, H0 -- -- mov D4, T2 -- mov H0, H1 -- shl $32, H0 -- shr $32, T2 -+ C 2^32(B-1) B^4: Low half limb delayed until the next -+ C folding. Top 1.5 limbs subtracted and shifter now, resulting -+ C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added -+ C in. -+ -+ mov 80(RP), H4 -+ mov 88(RP), H5 -+ C Shift right 32 bits, into H1, H0 -+ mov H4, H0 -+ mov H5, H1 -+ mov H5, D5 - shr $32, H1 -- or T2, H0 -+ shl $32, D5 -+ shr $32, H0 -+ or D5, H0 -+ -+ C H1 H0 -+ C - H1 H0 -+ C -------- -+ C H1 H0 D5 -+ mov H0, D5 -+ neg D5 -+ sbb H1, H0 -+ sbb $0, H1 - - xor C2, C2 - add H4, H0 -@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp) - adc H3, T5 - adc $0, C0 - -- C H3 H2 H1 H0 0 -- C - H4 H3 H2 H1 H0 -- C --------------- -- C H3 H2 H1 H0 D0 -- -- mov XREG(D4), XREG(D4) -- mov H0, D0 -- neg D0 -- sbb H1, H0 -- sbb H2, H1 -- sbb H3, H2 -- sbb H4, H3 -- sbb $0, D4 -- -- C Shift right. High bits are sign, to be added to C0. -- mov D4, TMP -- sar $32, TMP -- shl $32, D4 -- add TMP, C0 -- -+ C Shift left, including low half of H4 - mov H3, TMP -+ shl $32, H4 - shr $32, TMP -- shl $32, H3 -- or TMP, D4 -+ or TMP, H4 - - mov H2, TMP -+ shl $32, H3 - shr $32, TMP -- shl $32, H2 - or TMP, H3 - - mov H1, TMP -+ shl $32, H2 - shr $32, TMP -- shl $32, H1 - or TMP, H2 - - mov H0, TMP -+ shl $32, H1 - shr $32, TMP -- shl $32, H0 - or TMP, H1 - -- mov D0, TMP -- shr $32, TMP -- shl $32, D0 -- or TMP, H0 -+ shl $32, H0 -+ -+ C H4 H3 H2 H1 H0 0 -+ C - H4 H3 H2 H1 H0 -+ C --------------- -+ C H4 H3 H2 H1 H0 TMP - -- add D0, T0 -+ mov H0, TMP -+ neg TMP -+ sbb H1, H0 -+ sbb H2, H1 -+ sbb H3, H2 -+ sbb H4, H3 -+ sbb $0, H4 -+ -+ add TMP, T0 - adc H0, T1 - adc H1, T2 - adc H2, T3 - adc H3, T4 -- adc D4, T5 -+ adc H4, T5 - adc $0, C0 - - C Remains to add in C2 and C0 -- C C0 C0<<32 (-2^32+1)C0 -- C C2 C2<<32 (-2^32+1)C2 -- C where C2 is always positive, while C0 may be -1. -+ C Set H1, H0 = (2^96 - 2^32 + 1) C0 - mov C0, H0 - mov C0, H1 -- mov C0, H2 -- sar $63, C0 C Get sign - shl $32, H1 -- sub H1, H0 C Gives borrow iff C0 > 0 -+ sub H1, H0 - sbb $0, H1 -- add C0, H2 - -+ C Set H3, H2 = (2^96 - 2^32 + 1) C2 -+ mov C2, H2 -+ mov C2, H3 -+ shl $32, H3 -+ sub H3, H2 -+ sbb $0, H3 -+ add C0, H2 C No carry. Could use lea trick -+ -+ xor C0, C0 - add H0, T0 - adc H1, T1 -- adc $0, H2 -- adc $0, C0 -- -- C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1 -- mov C2, H0 -- mov C2, H1 -- shl $32, H1 -- sub H1, H0 -- sbb $0, H1 -- -- add H2, H0 -- adc C0, H1 -- adc C2, C0 -- mov C0, H2 -- sar $63, C0 -- add H0, T2 -- adc H1, T3 -- adc H2, T4 -- adc C0, T5 -- sbb C0, C0 -+ adc H2, T2 -+ adc H3, T3 -+ adc C2, T4 -+ adc D5, T5 C Value delayed from initial folding -+ adc $0, C0 C Use sbb and switch sign? - - C Final unlikely carry - mov C0, H0 - mov C0, H1 -- mov C0, H2 -- sar $63, C0 - shl $32, H1 - sub H1, H0 - sbb $0, H1 -- add C0, H2 - - pop RP - -- sub H0, T0 -+ add H0, T0 - mov T0, (RP) -- sbb H1, T1 -+ adc H1, T1 - mov T1, 8(RP) -- sbb H2, T2 -+ adc C0, T2 - mov T2, 16(RP) -- sbb C0, T3 -+ adc $0, T3 - mov T3, 24(RP) -- sbb C0, T4 -+ adc $0, T4 - mov T4, 32(RP) -- sbb C0, T5 -+ adc $0, T5 - mov T5, 40(RP) - - pop %r15 diff --git a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch b/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch deleted file mode 100644 index 38d9107ce7..0000000000 --- a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch +++ /dev/null @@ -1,38 +0,0 @@ -From c369dd7049f5a198f8b6c96fde6e294ce5146c2f Mon Sep 17 00:00:00 2001 -From: Haiqing Bai <Haiqing.Bai@windriver.com> -Date: Fri, 9 Dec 2016 16:16:45 +0800 -Subject: [PATCH] nettle: check header files of openssl only if - 'enable_openssl=yes'. - -The original configure script checks openssl header files to generate -config.h even if 'enable_openssl' is not set to yes, this made inconsistent -building for nettle. - -Upstream-Status: Pending -Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> ---- - configure.ac | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 78a3d4e..4f16a98 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -603,9 +603,11 @@ AC_CHECK_ALIGNOF(uint64_t) - ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t" - AC_SUBST(ALIGNOF_UINT64_T) - --AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],, --[enable_openssl=no -- break]) -+if test "x$enable_openssl" = "xyes"; then -+ AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],, -+ [enable_openssl=no -+ break]) -+fi - - LSH_FUNC_ALLOCA - LSH_FUNC_STRERROR --- -1.9.1 - diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb deleted file mode 100644 index 2006146cfe..0000000000 --- a/meta/recipes-support/nettle/nettle_2.7.1.bb +++ /dev/null @@ -1,19 +0,0 @@ -require nettle.inc - -LICENSE = "LGPLv2.1+ & GPLv2" -LICENSE_${PN} = "LGPLv2.1+" - -LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \ - file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d" - -SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5" -SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40" - -SRC_URI += "\ - file://CVE-2015-8803_8805.patch \ - file://CVE-2015-8804.patch \ - file://check-header-files-of-openssl-only-if-enable_.patch \ - " - -DISABLE_STATIC = "" |