aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-support/gnupg/gnupg-1.4.7
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:24:31 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:30:01 +0000
commit8ba70a1c28a4e0ee73db5308b38abc923b0be44d (patch)
tree0ed9bff8e4bd70766c81dbb559d32781bdd93ce8 /recipes-support/gnupg/gnupg-1.4.7
downloadmeta-gplv2-8ba70a1c28a4e0ee73db5308b38abc923b0be44d.tar.gz
meta-gplv2-8ba70a1c28a4e0ee73db5308b38abc923b0be44d.tar.bz2
meta-gplv2-8ba70a1c28a4e0ee73db5308b38abc923b0be44d.zip
Create meta-gplv2 from files from OE-Core
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'recipes-support/gnupg/gnupg-1.4.7')
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch63
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch45
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch154
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch64
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/configure.patch17
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch27
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch19
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch50
8 files changed, 439 insertions, 0 deletions
diff --git a/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
new file mode 100644
index 0000000..f066774
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
@@ -0,0 +1,63 @@
+From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 25 Jul 2013 11:17:52 +0200
+Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret
+ exponents.
+
+commit e2202ff2b704623efc6277fb5256e4e15bac5676 from
+git://git.gnupg.org/libgcrypt.git
+
+* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
+exponents in secure memory.
+
+Upstream-Status: Backport
+CVE: CVE-2013-4242
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+--
+
+The attack is published as http://eprint.iacr.org/2013/448 :
+
+Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
+Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
+
+ Flush+Reload is a cache side-channel attack that monitors access to
+ data in shared pages. In this paper we demonstrate how to use the
+ attack to extract private encryption keys from GnuPG. The high
+ resolution and low noise of the Flush+Reload attack enables a spy
+ program to recover over 98% of the bits of the private key in a
+ single decryption or signing round. Unlike previous attacks, the
+ attack targets the last level L3 cache. Consequently, the spy
+ program and the victim do not need to share the execution core of
+ the CPU. The attack is not limited to a traditional OS and can be
+ used in a virtualised environment, where it can attack programs
+ executing in a different VM.
+
+Index: gnupg-1.4.7/mpi/mpi-pow.c
+===================================================================
+--- gnupg-1.4.7.orig/mpi/mpi-pow.c
++++ gnupg-1.4.7/mpi/mpi-pow.c
+@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen
+ tp = rp; rp = xp; xp = tp;
+ rsize = xsize;
+
+- if( (mpi_limb_signed_t)e < 0 ) {
++ /* To mitigate the Yarom/Falkner flush+reload cache
++ * side-channel attack on the RSA secret exponent, we do
++ * the multiplication regardless of the value of the
++ * high-bit of E. But to avoid this performance penalty
++ * we do it only if the exponent has been stored in secure
++ * memory and we can thus assume it is a secret exponent. */
++ if (esec || (mpi_limb_signed_t)e < 0) {
+ /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/
+ if( bsize < KARATSUBA_THRESHOLD ) {
+ mpihelp_mul( xp, rp, rsize, bp, bsize );
+@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen
+ mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
+ xsize = msize;
+ }
++ }
++ if ( (mpi_limb_signed_t)e < 0 ) {
+
+ tp = rp; rp = xp; xp = tp;
+ rsize = xsize;
diff --git a/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
new file mode 100644
index 0000000..b50a32f
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Backport
+CVE: CVE-2013-4351
+
+Index: gnupg-1.4.7/g10/getkey.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
++++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
+@@ -1454,7 +1454,11 @@
+
+ if(flags)
+ key_usage |= PUBKEY_USAGE_UNKNOWN;
++ if (!key_usage)
++ key_usage |= PUBKEY_USAGE_NONE;
+ }
++ else if (p)
++ key_usage |= PUBKEY_USAGE_NONE;
+
+ /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
+ capability that we do not handle. This serves to distinguish
+Index: gnupg-1.4.7/g10/keygen.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
++++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
+@@ -209,9 +209,6 @@
+ if (use & PUBKEY_USAGE_AUTH)
+ buf[0] |= 0x20;
+
+- if (!buf[0])
+- return;
+-
+ build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
+ }
+
+Index: gnupg-1.4.7/include/cipher.h
+===================================================================
+--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
++++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
+@@ -52,6 +52,7 @@
+ #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
+ #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
+ #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
++#define PUBKEY_USAGE_NONE 256 /* No usage given. */
+
+ #define DIGEST_ALGO_MD5 1
+ #define DIGEST_ALGO_SHA1 2
diff --git a/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
new file mode 100644
index 0000000..5dcde1f
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
@@ -0,0 +1,154 @@
+Upstream-Status: Backport
+CVE: CVE-2013-4576
+
+Index: gnupg-1.4.7/cipher/dsa.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800
++++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800
+@@ -287,6 +287,8 @@
+ MPI kinv;
+ MPI tmp;
+
++ mpi_normalize (hash);
++
+ /* select a random k with 0 < k < q */
+ k = gen_k( skey->q );
+
+Index: gnupg-1.4.7/cipher/elgamal.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800
++++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800
+@@ -376,6 +376,9 @@
+ {
+ MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+
++ mpi_normalize (a);
++ mpi_normalize (b);
++
+ /* output = b/(a^x) mod p */
+ mpi_powm( t1, a, skey->x, skey->p );
+ mpi_invm( t1, t1, skey->p );
+Index: gnupg-1.4.7/cipher/random.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800
++++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
+@@ -273,6 +273,18 @@
+ }
+
+
++/* Randomize the MPI */
++void
++randomize_mpi (MPI mpi, size_t nbits, int level)
++{
++ unsigned char *buffer;
++
++ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
++ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
++ xfree (buffer);
++}
++
++
+ int
+ random_is_faked()
+ {
+Index: gnupg-1.4.7/cipher/random.h
+===================================================================
+--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800
++++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
+@@ -32,6 +32,7 @@
+ int random_is_faked(void);
+ void random_disable_locking (void);
+ void randomize_buffer( byte *buffer, size_t length, int level );
++void randomize_mpi (MPI mpi, size_t nbits, int level);
+ byte *get_random_bits( size_t nbits, int level, int secure );
+ void fast_random_poll( void );
+
+Index: gnupg-1.4.7/cipher/rsa.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800
++++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800
+@@ -301,9 +301,26 @@
+ #if 0
+ mpi_powm( output, input, skey->d, skey->n );
+ #else
+- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
++ int nlimbs = mpi_get_nlimbs (skey->n)+1;
++ MPI m1 = mpi_alloc_secure (nlimbs);
++ MPI m2 = mpi_alloc_secure (nlimbs);
++ MPI h = mpi_alloc_secure (nlimbs);
++# if 1
++ MPI bdata= mpi_alloc_secure (nlimbs);
++ MPI r = mpi_alloc_secure (nlimbs);
++# endif
++
++ /* Remove superfluous leading zeroes from INPUT. */
++ mpi_normalize (input);
++
++# if 1
++ /* Blind: bdata = (data * r^e) mod n */
++ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
++ mpi_fdiv_r (r, r, skey->n);
++ mpi_powm (bdata, r, skey->e, skey->n);
++ mpi_mulm (bdata, bdata, input, skey->n);
++ input = bdata;
++# endif
+
+ /* m1 = c ^ (d mod (p-1)) mod p */
+ mpi_sub_ui( h, skey->p, 1 );
+@@ -321,8 +338,15 @@
+ /* m = m2 + h * p */
+ mpi_mul ( h, h, skey->p );
+ mpi_add ( output, m1, h );
+- /* ready */
+-
++
++# if 1
++ mpi_free (bdata);
++ /* Unblind: output = (output * r^(-1)) mod n */
++ mpi_invm (r, r, skey->n);
++ mpi_mulm (output, output, r, skey->n);
++ mpi_free (r);
++# endif
++
+ mpi_free ( h );
+ mpi_free ( m1 );
+ mpi_free ( m2 );
+@@ -397,6 +421,7 @@
+ rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+ {
+ RSA_secret_key sk;
++ MPI input;
+
+ if( algo != 1 && algo != 2 )
+ return G10ERR_PUBKEY_ALGO;
+@@ -407,8 +432,14 @@
+ sk.p = skey[3];
+ sk.q = skey[4];
+ sk.u = skey[5];
+- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
+- secret( *result, data[0], &sk );
++
++ /* Mitigates side-channel attacks (CVE-2013-4576). */
++ input = mpi_alloc (0);
++ mpi_normalize (data[0]);
++ mpi_fdiv_r (input, data[0], sk.n);
++ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
++ secret (*result, input, &sk);
++ mpi_free (input);
+ return 0;
+ }
+
+Index: gnupg-1.4.7/g10/gpgv.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
++++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800
+@@ -390,6 +390,7 @@
+ void random_dump_stats(void) {}
+ int quick_random_gen( int onoff ) { return -1;}
+ void randomize_buffer( byte *buffer, size_t length, int level ) {}
++void randomize_mpi (MPI mpi, size_t nbits, int level) {}
+ int random_is_faked() { return -1;}
+ byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
+ void set_random_seed_file( const char *name ) {}
diff --git a/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
new file mode 100644
index 0000000..3627176
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,64 @@
+commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
+Author: Werner Koch <wk@gnupg.org>
+Date: Thu Dec 20 09:43:41 2012 +0100
+
+ gpg: Import only packets which are allowed in a keyblock.
+
+ * g10/import.c (valid_keyblock_packet): New.
+ (read_block): Store only valid packets.
+ --
+
+ A corrupted key, which for example included a mangled public key
+ encrypted packet, used to corrupt the keyring. This change skips all
+ packets which are not allowed in a keyblock.
+
+ GnuPG-bug-id: 1455
+
+ (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
+
+Upstream-Status: Backport
+CVE: CVE-2012-6085
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+diff --git a/g10/import.c b/g10/import.c
+index bfe02eb..a57b32e 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -384,6 +384,27 @@ import_print_stats (void *hd)
+ }
+
+
++/* Return true if PKTTYPE is valid in a keyblock. */
++static int
++valid_keyblock_packet (int pkttype)
++{
++ switch (pkttype)
++ {
++ case PKT_PUBLIC_KEY:
++ case PKT_PUBLIC_SUBKEY:
++ case PKT_SECRET_KEY:
++ case PKT_SECRET_SUBKEY:
++ case PKT_SIGNATURE:
++ case PKT_USER_ID:
++ case PKT_ATTRIBUTE:
++ case PKT_RING_TRUST:
++ return 1;
++ default:
++ return 0;
++ }
++}
++
++
+ /****************
+ * Read the next keyblock from stream A.
+ * PENDING_PKT should be initialzed to NULL
+@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+ }
+ in_cert = 1;
+ default:
+- if( in_cert ) {
++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+ if( !root )
+ root = new_kbnode( pkt );
+ else
diff --git a/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/recipes-support/gnupg/gnupg-1.4.7/configure.patch
new file mode 100644
index 0000000..e005ac6
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/configure.patch
@@ -0,0 +1,17 @@
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+Index: gnupg-1.4.7/configure.ac
+===================================================================
+--- gnupg-1.4.7.orig/configure.ac
++++ gnupg-1.4.7/configure.ac
+@@ -827,7 +827,6 @@ else
+ AC_SUBST(USE_NLS)
+ AC_SUBST(USE_INCLUDED_LIBINTL)
+ AC_SUBST(BUILD_INCLUDED_LIBINTL)
+- AM_PO_SUBDIRS
+ fi
+
+ if test "$try_extensions" = yes || test x"$card_support" = xyes ; then
diff --git a/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
new file mode 100644
index 0000000..e5fb24a
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
@@ -0,0 +1,27 @@
+
+This has been discussed in a couple of different bug reported
+upstream:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250
+http://bugs.sourcemage.org/show_bug.cgi?id=14446
+
+Fix:
+http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
+
+Upstream-Status: Backport [Debian]
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c
+===================================================================
+--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c
++++ gnupg-1.4.7/keyserver/gpgkeys_curl.c
+@@ -286,7 +286,7 @@ main(int argc,char *argv[])
+ curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
+ }
+
+- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
++ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
+ curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+
+ if(proxy)
diff --git a/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
new file mode 100644
index 0000000..2855cab
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
@@ -0,0 +1,19 @@
+Orignal Patch came from OpenWrt via OE-Classic
+https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4
+which is no longer a valid revision!
+
+Upstream-Status: Inappropriate [configuration]
+
+
+--- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000
++++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000
+@@ -181,7 +181,7 @@
+ /***************************************
+ ************** ARM ******************
+ ***************************************/
+-#if defined (__arm__) && W_TYPE_SIZE == 32
++#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__)
+ #define add_ssaaaa(sh, sl, ah, al, bh, bl) \
+ __asm__ ("adds %1, %4, %5\n" \
+ "adc %0, %2, %3" \
+
diff --git a/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
new file mode 100644
index 0000000..9a03b2b
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
@@ -0,0 +1,50 @@
+
+From Openembedded-Classic
+
+ gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support
+
+
+Upstream-Status: Inappropriate [embedded-specific]
+
+Index: gnupg-1.4.10/mpi/longlong.h
+===================================================================
+--- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100
++++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100
+@@ -706,18 +706,35 @@
+ #endif /* __m88110__ */
+ #endif /* __m88000__ */
+
++/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
++#if defined (__GNUC__) && defined (__GNUC_MINOR__)
++#define __GNUC_PREREQ(maj, min) \
++ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
++#else
++#define __GNUC_PREREQ(maj, min) 0
++#endif
++
+ /***************************************
+ ************** MIPS *****************
+ ***************************************/
+ #if defined (__mips__) && W_TYPE_SIZE == 32
+-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
++#if __GNUC_PREREQ (4,4)
++#define umul_ppmm(w1, w0, u, v) \
++ do { \
++ UDItype __ll = (UDItype)(u) * (v); \
++ w1 = __ll >> 32; \
++ w0 = __ll; \
++ } while (0)
++#endif
++#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7)
+ #define umul_ppmm(w1, w0, u, v) \
+ __asm__ ("multu %2,%3" \
+ : "=l" ((USItype)(w0)), \
+ "=h" ((USItype)(w1)) \
+ : "d" ((USItype)(u)), \
+ "d" ((USItype)(v)))
+-#else
++#endif
++#if !defined (umul_ppmm)
+ #define umul_ppmm(w1, w0, u, v) \
+ __asm__ ("multu %2,%3 \n" \
+ "mflo %0 \n" \