aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-support
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:24:31 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:30:01 +0000
commit8ba70a1c28a4e0ee73db5308b38abc923b0be44d (patch)
tree0ed9bff8e4bd70766c81dbb559d32781bdd93ce8 /recipes-support
downloadmeta-gplv2-8ba70a1c28a4e0ee73db5308b38abc923b0be44d.tar.gz
meta-gplv2-8ba70a1c28a4e0ee73db5308b38abc923b0be44d.tar.bz2
meta-gplv2-8ba70a1c28a4e0ee73db5308b38abc923b0be44d.zip
Create meta-gplv2 from files from OE-Core
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'recipes-support')
-rw-r--r--recipes-support/gdbm/gdbm-1.8.3/ldflags.patch22
-rw-r--r--recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch22
-rw-r--r--recipes-support/gdbm/gdbm-1.8.3/makefile.patch60
-rw-r--r--recipes-support/gdbm/gdbm_1.8.3.bb30
-rw-r--r--recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch36
-rw-r--r--recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch57
-rw-r--r--recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch56
-rw-r--r--recipes-support/gmp/gmp.inc12
-rw-r--r--recipes-support/gmp/gmp_4.2.1.bb17
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch63
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch45
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch154
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch64
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/configure.patch17
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch27
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch19
-rw-r--r--recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch50
-rw-r--r--recipes-support/gnupg/gnupg_1.4.7.bb104
-rw-r--r--recipes-support/libiconv/libiconv-1.11.1/autoconf.patch50
-rw-r--r--recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch26
-rw-r--r--recipes-support/libiconv/libiconv_1.11.1.bb47
-rw-r--r--recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch46
-rw-r--r--recipes-support/nettle/files/run-ptest36
-rw-r--r--recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch71
-rw-r--r--recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch272
-rw-r--r--recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch38
-rw-r--r--recipes-support/nettle/nettle.inc37
-rw-r--r--recipes-support/nettle/nettle_2.7.1.bb19
28 files changed, 1497 insertions, 0 deletions
diff --git a/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch b/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch
new file mode 100644
index 0000000..d3cb43b
--- /dev/null
+++ b/recipes-support/gdbm/gdbm-1.8.3/ldflags.patch
@@ -0,0 +1,22 @@
+Obey LDFLAGS
+
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+Upstream-Status: Inappropriate [old version]
+
+--- gdbm-1.8.3.orig/Makefile.in
++++ gdbm-1.8.3/Makefile.in
+@@ -156,12 +156,12 @@ install-compat:
+
+ libgdbm.la: $(LOBJS) gdbm.h
+ rm -f libgdbm.la
+- $(LIBTOOL) --mode=link $(CC) -o libgdbm.la -rpath $(libdir) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm.la -rpath $(libdir) \
+ -version-info $(SHLIB_VER) $(LOBJS)
+
+ libgdbm_compat.la: $(C_LOBJS) gdbm.h
+ rm -f libgdbm_compat.la
+- $(LIBTOOL) --mode=link $(CC) -o libgdbm_compat.la -rpath $(libdir) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm_compat.la -rpath $(libdir) \
+ -version-info $(SHLIB_VER) $(C_LOBJS)
+
+ gdbm.h: gdbm.proto gdbmerrno.h gdbm.proto2
diff --git a/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch b/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch
new file mode 100644
index 0000000..0f9d04f
--- /dev/null
+++ b/recipes-support/gdbm/gdbm-1.8.3/libtool-mode.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Pending
+
+--- gdbm-1.8.3/Makefile.in.orig 2006-02-16 15:17:25.000000000 +0000
++++ gdbm-1.8.3/Makefile.in 2006-02-16 15:18:08.000000000 +0000
+@@ -131,7 +131,7 @@
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \
+ $(DESTDIR)$(includedir) $(DESTDIR)$(man3dir) \
+ $(DESTDIR)$(infodir)
+- $(LIBTOOL) $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la
++ $(LIBTOOL) --mode=install $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la
+ $(INSTALL_DATA) gdbm.h \
+ $(DESTDIR)$(includedir)/gdbm.h
+ $(INSTALL_DATA) $(srcdir)/gdbm.3 \
+@@ -142,7 +142,7 @@
+ install-compat:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \
+ $(DESTDIR)$(includedir)
+- $(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \
++ $(LIBTOOL) --mode=install $(INSTALL) -c libgdbm_compat.la \
+ $(DESTDIR)$(libdir)/libgdbm_compat.la
+ $(INSTALL_DATA) $(srcdir)/dbm.h \
+ $(DESTDIR)$(includedir)/dbm.h
diff --git a/recipes-support/gdbm/gdbm-1.8.3/makefile.patch b/recipes-support/gdbm/gdbm-1.8.3/makefile.patch
new file mode 100644
index 0000000..369145c
--- /dev/null
+++ b/recipes-support/gdbm/gdbm-1.8.3/makefile.patch
@@ -0,0 +1,60 @@
+Upstream-Status: Pending
+
+#
+# Patch managed by http://www.mn-logistik.de/unsupported/pxa250/patcher
+#
+
+--- gdbm-1.8.3/Makefile.in~makefile
++++ gdbm-1.8.3/Makefile.in
+@@ -22,6 +22,7 @@
+ TEXI2DVI = texi2dvi
+
+ DEFS =
++DESTDIR =
+
+ # Where the system [n]dbm routines are...
+ LIBS = @LIBS@ -lc
+@@ -127,26 +128,26 @@
+ progs: $(PROGS)
+
+ install: libgdbm.la gdbm.h gdbm.info
+- $(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \
+- $(INSTALL_ROOT)$(includedir) $(INSTALL_ROOT)$(man3dir) \
+- $(INSTALL_ROOT)$(infodir)
+- $(LIBTOOL) $(INSTALL) -c libgdbm.la $(INSTALL_ROOT)$(libdir)/libgdbm.la
+- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) gdbm.h \
+- $(INSTALL_ROOT)$(includedir)/gdbm.h
+- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.3 \
+- $(INSTALL_ROOT)$(man3dir)/gdbm.3
+- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.info \
+- $(INSTALL_ROOT)$(infodir)/gdbm.info
++ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \
++ $(DESTDIR)$(includedir) $(DESTDIR)$(man3dir) \
++ $(DESTDIR)$(infodir)
++ $(LIBTOOL) $(INSTALL) -c libgdbm.la $(DESTDIR)$(libdir)/libgdbm.la
++ $(INSTALL_DATA) gdbm.h \
++ $(DESTDIR)$(includedir)/gdbm.h
++ $(INSTALL_DATA) $(srcdir)/gdbm.3 \
++ $(DESTDIR)$(man3dir)/gdbm.3
++ $(INSTALL_DATA) $(srcdir)/gdbm.info \
++ $(DESTDIR)$(infodir)/gdbm.info
+
+ install-compat:
+- $(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \
+- $(INSTALL_ROOT)$(includedir)
++ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) \
++ $(DESTDIR)$(includedir)
+ $(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \
+- $(INSTALL_ROOT)$(libdir)/libgdbm_compat.la
+- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/dbm.h \
+- $(INSTALL_ROOT)$(includedir)/dbm.h
+- $(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/ndbm.h \
+- $(INSTALL_ROOT)$(includedir)/ndbm.h
++ $(DESTDIR)$(libdir)/libgdbm_compat.la
++ $(INSTALL_DATA) $(srcdir)/dbm.h \
++ $(DESTDIR)$(includedir)/dbm.h
++ $(INSTALL_DATA) $(srcdir)/ndbm.h \
++ $(DESTDIR)$(includedir)/ndbm.h
+
+ #libgdbm.a: $(OBJS) gdbm.h
+ # rm -f libgdbm.a
diff --git a/recipes-support/gdbm/gdbm_1.8.3.bb b/recipes-support/gdbm/gdbm_1.8.3.bb
new file mode 100644
index 0000000..b253dc1
--- /dev/null
+++ b/recipes-support/gdbm/gdbm_1.8.3.bb
@@ -0,0 +1,30 @@
+SUMMARY = "Key/value database library with extensible hashing"
+HOMEPAGE = "http://www.gnu.org/software/gdbm/"
+SECTION = "libs"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d8e20eece214df8ef953ed5857862150"
+
+PR = "r4"
+
+SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \
+ file://makefile.patch \
+ file://libtool-mode.patch \
+ file://ldflags.patch"
+
+SRC_URI[md5sum] = "1d1b1d5c0245b1c00aff92da751e9aa1"
+SRC_URI[sha256sum] = "cc340338a2e28b40058ab9eb5354a21d53f88a1582ea21ba0bb185c37a281dc9"
+
+inherit autotools texinfo
+
+BBCLASSEXTEND = "native nativesdk"
+
+do_install_append () {
+ oe_runmake install-compat DESTDIR=${D}
+ install -d ${D}${includedir}/gdbm
+ install -m 0644 ${S}/dbm.h ${D}${includedir}/
+ install -m 0644 ${S}/ndbm.h ${D}${includedir}/
+ # Create a symlink to ndbm.h and gdbm.h in include/gdbm to let other packages to find
+ # these headers
+ ln -sf ../ndbm.h ${D}/${includedir}/gdbm/ndbm.h
+ ln -sf ../gdbm.h ${D}/${includedir}/gdbm/gdbm.h
+}
diff --git a/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch b/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch
new file mode 100644
index 0000000..627d71a
--- /dev/null
+++ b/recipes-support/gmp/gmp-4.2.1/Use-__gnu_inline__-attribute.patch
@@ -0,0 +1,36 @@
+From 3cb33502bafd04b8ad4ca3454fab16d5ff313297 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Tue, 22 Sep 2015 13:16:23 +0300
+Subject: [PATCH] Use __gnu_inline__ attribute
+
+gcc5 uses C11 inline rules. This means the old "extern inline"
+semantics are not available without a special attribute.
+
+See: https://gcc.gnu.org/gcc-5/porting_to.html
+
+Upstream-Status: Inappropriate [Fixed in current versions]
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ gmp-h.in | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/gmp-h.in b/gmp-h.in
+index eed6fe4..361dd1d 100644
+--- a/gmp-h.in
++++ b/gmp-h.in
+@@ -419,8 +419,11 @@ typedef __mpq_struct *mpq_ptr;
+ /* gcc has __inline__ in all modes, including strict ansi. Give a prototype
+ for an inline too, so as to correctly specify "dllimport" on windows, in
+ case the function is called rather than inlined. */
++
++/* Use __gnu_inline__ attribute: later gcc uses different "extern inline"
++ behaviour */
+ #ifdef __GNUC__
+-#define __GMP_EXTERN_INLINE extern __inline__
++#define __GMP_EXTERN_INLINE extern __inline__ __attribute__ ((__gnu_inline__))
+ #define __GMP_INLINE_PROTOTYPES 1
+ #endif
+
+--
+2.1.4
+
diff --git a/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch b/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch
new file mode 100644
index 0000000..6da0be9
--- /dev/null
+++ b/recipes-support/gmp/gmp-4.2.1/avoid-h-asm-constraint-for-MIPS.patch
@@ -0,0 +1,57 @@
+From d50686de0406a88ef9112f5252103f799982e84a Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Thu, 4 Feb 2016 14:00:00 -0800
+Subject: [PATCH] avoid h asm constraint for MIPS
+
+The h asm constrain (to extract the high part of a multiplication
+result) has not been recognised since gcc 4.4:
+
+ https://gcc.gnu.org/gcc-4.4/changes.html
+
+Drop the MIPS umul_ppmm() implementations which rely on "=h" and fall
+back to the older implementations (which use explicit mfhi and mflo
+instructions to move the high and low parts of the multiplication
+result into their destinations).
+
+Upstream-Status: Inappropriate [upstream has a different solution]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ longlong.h | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/longlong.h b/longlong.h
+index b53fbee..0193abb 100644
+--- a/longlong.h
++++ b/longlong.h
+@@ -1011,27 +1011,17 @@ extern UWtype __MPN(udiv_qrnnd) _PROTO ((UWtype *, UWtype, UWtype, UWtype));
+ #endif /* __m88000__ */
+
+ #if defined (__mips) && W_TYPE_SIZE == 32
+-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
+-#define umul_ppmm(w1, w0, u, v) \
+- __asm__ ("multu %2,%3" : "=l" (w0), "=h" (w1) : "d" (u), "d" (v))
+-#else
+ #define umul_ppmm(w1, w0, u, v) \
+ __asm__ ("multu %2,%3\n\tmflo %0\n\tmfhi %1" \
+ : "=d" (w0), "=d" (w1) : "d" (u), "d" (v))
+-#endif
+ #define UMUL_TIME 10
+ #define UDIV_TIME 100
+ #endif /* __mips */
+
+ #if (defined (__mips) && __mips >= 3) && W_TYPE_SIZE == 64
+-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
+-#define umul_ppmm(w1, w0, u, v) \
+- __asm__ ("dmultu %2,%3" : "=l" (w0), "=h" (w1) : "d" (u), "d" (v))
+-#else
+ #define umul_ppmm(w1, w0, u, v) \
+ __asm__ ("dmultu %2,%3\n\tmflo %0\n\tmfhi %1" \
+ : "=d" (w0), "=d" (w1) : "d" (u), "d" (v))
+-#endif
+ #define UMUL_TIME 20
+ #define UDIV_TIME 140
+ #endif /* __mips */
+--
+1.9.1
+
diff --git a/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch b/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch
new file mode 100644
index 0000000..26fd8ef
--- /dev/null
+++ b/recipes-support/gmp/gmp-4.2.1/gmp_fix_for_automake-1.12.patch
@@ -0,0 +1,56 @@
+automake 1.12 has depricated automatic de-ANSI-fication support
+
+this patch avoids these kinds of errors:
+
+| configure.in:2240: error: automatic de-ANSI-fication support has been removed
+| Makefile.am:28: error: automatic de-ANSI-fication support has been removed
+
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
+2012/05/02
+
+
+This patch was removed in f181c6ce8b3 when gmp 4.2.1 was mistakenly
+dropped.
+
+Upstream is not interested in patches for ancient versions.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+
+
+Index: gmp-4.2.1/configure.in
+===================================================================
+--- gmp-4.2.1.orig/configure.in
++++ gmp-4.2.1/configure.in
+@@ -67,7 +67,7 @@ dnl
+ dnl Note that there's a copy of these options in the top-level Makefile.am,
+ dnl so update there too if changing anything.
+ dnl
+-AM_INIT_AUTOMAKE([1.8 gnu no-dependencies $(top_builddir)/ansi2knr])
++AM_INIT_AUTOMAKE([1.8 gnu no-dependencies])
+ AM_CONFIG_HEADER(config.h:config.in)
+ AM_MAINTAINER_MODE
+
+@@ -2022,9 +2022,6 @@ fi
+ echo " MPN_PATH=\"$path\""
+
+
+-# Automake ansi2knr support.
+-AM_C_PROTOTYPES
+-
+ GMP_PROG_AR
+ GMP_PROG_NM
+
+Index: gmp-4.2.1/Makefile.am
+===================================================================
+--- gmp-4.2.1.orig/Makefile.am
++++ gmp-4.2.1/Makefile.am
+@@ -27,7 +27,7 @@
+ # Makefiles in subdirectories, but here we must omit it so automake gives
+ # the actual ansi2knr build rule, not "cd $(top_builddir) && make ansi2knr".
+ #
+-AUTOMAKE_OPTIONS = 1.8 gnu no-dependencies ansi2knr
++AUTOMAKE_OPTIONS = 1.8 gnu no-dependencies
+
+
+ # Libtool -version-info for libgmp.la and libmp.la. See "Versioning" in the
diff --git a/recipes-support/gmp/gmp.inc b/recipes-support/gmp/gmp.inc
new file mode 100644
index 0000000..abac8cf
--- /dev/null
+++ b/recipes-support/gmp/gmp.inc
@@ -0,0 +1,12 @@
+SUMMARY = "GNU multiprecision arithmetic library"
+DESCRIPTION = "GMP is a free library for arbitrary precision arithmetic, operating on signed integers, rational numbers, and floating point numbers"
+HOMEPAGE = "http://gmplib.org/"
+SECTION = "devel"
+
+inherit autotools texinfo
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[readline] = "--with-readline=yes,--with-readline=no,readline"
+
+ARM_INSTRUCTION_SET_armv4 = "arm"
+ARM_INSTRUCTION_SET_armv5 = "arm"
diff --git a/recipes-support/gmp/gmp_4.2.1.bb b/recipes-support/gmp/gmp_4.2.1.bb
new file mode 100644
index 0000000..5e8ee29
--- /dev/null
+++ b/recipes-support/gmp/gmp_4.2.1.bb
@@ -0,0 +1,17 @@
+require gmp.inc
+
+LICENSE = "LGPLv2.1+ & GPLv2+"
+LICENSE_${PN} = "LGPLv2.1+"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=892f569a555ba9c07a568a7c0c4fa63a \
+ file://COPYING.LIB;md5=fbc093901857fcd118f065f900982c24 \
+ file://gmp-h.in;beginline=6;endline=21;md5=e056f74a12c3277d730dbcfb85d2ca34"
+
+SRC_URI = "https://gmplib.org/download/${BPN}/archive/${BP}.tar.bz2 \
+ file://Use-__gnu_inline__-attribute.patch \
+ file://gmp_fix_for_automake-1.12.patch \
+ file://avoid-h-asm-constraint-for-MIPS.patch \
+"
+
+SRC_URI[md5sum] = "091c56e0e1cca6b09b17b69d47ef18e3"
+SRC_URI[sha256sum] = "d07ffcb37eecec35c5ec72516d10b35fdf6e6fef1fcf1dcd37e30b8cbf8bf941"
diff --git a/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
new file mode 100644
index 0000000..f066774
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
@@ -0,0 +1,63 @@
+From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 25 Jul 2013 11:17:52 +0200
+Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret
+ exponents.
+
+commit e2202ff2b704623efc6277fb5256e4e15bac5676 from
+git://git.gnupg.org/libgcrypt.git
+
+* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
+exponents in secure memory.
+
+Upstream-Status: Backport
+CVE: CVE-2013-4242
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+--
+
+The attack is published as http://eprint.iacr.org/2013/448 :
+
+Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
+Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
+
+ Flush+Reload is a cache side-channel attack that monitors access to
+ data in shared pages. In this paper we demonstrate how to use the
+ attack to extract private encryption keys from GnuPG. The high
+ resolution and low noise of the Flush+Reload attack enables a spy
+ program to recover over 98% of the bits of the private key in a
+ single decryption or signing round. Unlike previous attacks, the
+ attack targets the last level L3 cache. Consequently, the spy
+ program and the victim do not need to share the execution core of
+ the CPU. The attack is not limited to a traditional OS and can be
+ used in a virtualised environment, where it can attack programs
+ executing in a different VM.
+
+Index: gnupg-1.4.7/mpi/mpi-pow.c
+===================================================================
+--- gnupg-1.4.7.orig/mpi/mpi-pow.c
++++ gnupg-1.4.7/mpi/mpi-pow.c
+@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen
+ tp = rp; rp = xp; xp = tp;
+ rsize = xsize;
+
+- if( (mpi_limb_signed_t)e < 0 ) {
++ /* To mitigate the Yarom/Falkner flush+reload cache
++ * side-channel attack on the RSA secret exponent, we do
++ * the multiplication regardless of the value of the
++ * high-bit of E. But to avoid this performance penalty
++ * we do it only if the exponent has been stored in secure
++ * memory and we can thus assume it is a secret exponent. */
++ if (esec || (mpi_limb_signed_t)e < 0) {
+ /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/
+ if( bsize < KARATSUBA_THRESHOLD ) {
+ mpihelp_mul( xp, rp, rsize, bp, bsize );
+@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen
+ mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
+ xsize = msize;
+ }
++ }
++ if ( (mpi_limb_signed_t)e < 0 ) {
+
+ tp = rp; rp = xp; xp = tp;
+ rsize = xsize;
diff --git a/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
new file mode 100644
index 0000000..b50a32f
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Backport
+CVE: CVE-2013-4351
+
+Index: gnupg-1.4.7/g10/getkey.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
++++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
+@@ -1454,7 +1454,11 @@
+
+ if(flags)
+ key_usage |= PUBKEY_USAGE_UNKNOWN;
++ if (!key_usage)
++ key_usage |= PUBKEY_USAGE_NONE;
+ }
++ else if (p)
++ key_usage |= PUBKEY_USAGE_NONE;
+
+ /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
+ capability that we do not handle. This serves to distinguish
+Index: gnupg-1.4.7/g10/keygen.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
++++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
+@@ -209,9 +209,6 @@
+ if (use & PUBKEY_USAGE_AUTH)
+ buf[0] |= 0x20;
+
+- if (!buf[0])
+- return;
+-
+ build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
+ }
+
+Index: gnupg-1.4.7/include/cipher.h
+===================================================================
+--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
++++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
+@@ -52,6 +52,7 @@
+ #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
+ #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
+ #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
++#define PUBKEY_USAGE_NONE 256 /* No usage given. */
+
+ #define DIGEST_ALGO_MD5 1
+ #define DIGEST_ALGO_SHA1 2
diff --git a/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
new file mode 100644
index 0000000..5dcde1f
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
@@ -0,0 +1,154 @@
+Upstream-Status: Backport
+CVE: CVE-2013-4576
+
+Index: gnupg-1.4.7/cipher/dsa.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800
++++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800
+@@ -287,6 +287,8 @@
+ MPI kinv;
+ MPI tmp;
+
++ mpi_normalize (hash);
++
+ /* select a random k with 0 < k < q */
+ k = gen_k( skey->q );
+
+Index: gnupg-1.4.7/cipher/elgamal.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800
++++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800
+@@ -376,6 +376,9 @@
+ {
+ MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+
++ mpi_normalize (a);
++ mpi_normalize (b);
++
+ /* output = b/(a^x) mod p */
+ mpi_powm( t1, a, skey->x, skey->p );
+ mpi_invm( t1, t1, skey->p );
+Index: gnupg-1.4.7/cipher/random.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800
++++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
+@@ -273,6 +273,18 @@
+ }
+
+
++/* Randomize the MPI */
++void
++randomize_mpi (MPI mpi, size_t nbits, int level)
++{
++ unsigned char *buffer;
++
++ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
++ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
++ xfree (buffer);
++}
++
++
+ int
+ random_is_faked()
+ {
+Index: gnupg-1.4.7/cipher/random.h
+===================================================================
+--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800
++++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
+@@ -32,6 +32,7 @@
+ int random_is_faked(void);
+ void random_disable_locking (void);
+ void randomize_buffer( byte *buffer, size_t length, int level );
++void randomize_mpi (MPI mpi, size_t nbits, int level);
+ byte *get_random_bits( size_t nbits, int level, int secure );
+ void fast_random_poll( void );
+
+Index: gnupg-1.4.7/cipher/rsa.c
+===================================================================
+--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800
++++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800
+@@ -301,9 +301,26 @@
+ #if 0
+ mpi_powm( output, input, skey->d, skey->n );
+ #else
+- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
++ int nlimbs = mpi_get_nlimbs (skey->n)+1;
++ MPI m1 = mpi_alloc_secure (nlimbs);
++ MPI m2 = mpi_alloc_secure (nlimbs);
++ MPI h = mpi_alloc_secure (nlimbs);
++# if 1
++ MPI bdata= mpi_alloc_secure (nlimbs);
++ MPI r = mpi_alloc_secure (nlimbs);
++# endif
++
++ /* Remove superfluous leading zeroes from INPUT. */
++ mpi_normalize (input);
++
++# if 1
++ /* Blind: bdata = (data * r^e) mod n */
++ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
++ mpi_fdiv_r (r, r, skey->n);
++ mpi_powm (bdata, r, skey->e, skey->n);
++ mpi_mulm (bdata, bdata, input, skey->n);
++ input = bdata;
++# endif
+
+ /* m1 = c ^ (d mod (p-1)) mod p */
+ mpi_sub_ui( h, skey->p, 1 );
+@@ -321,8 +338,15 @@
+ /* m = m2 + h * p */
+ mpi_mul ( h, h, skey->p );
+ mpi_add ( output, m1, h );
+- /* ready */
+-
++
++# if 1
++ mpi_free (bdata);
++ /* Unblind: output = (output * r^(-1)) mod n */
++ mpi_invm (r, r, skey->n);
++ mpi_mulm (output, output, r, skey->n);
++ mpi_free (r);
++# endif
++
+ mpi_free ( h );
+ mpi_free ( m1 );
+ mpi_free ( m2 );
+@@ -397,6 +421,7 @@
+ rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+ {
+ RSA_secret_key sk;
++ MPI input;
+
+ if( algo != 1 && algo != 2 )
+ return G10ERR_PUBKEY_ALGO;
+@@ -407,8 +432,14 @@
+ sk.p = skey[3];
+ sk.q = skey[4];
+ sk.u = skey[5];
+- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
+- secret( *result, data[0], &sk );
++
++ /* Mitigates side-channel attacks (CVE-2013-4576). */
++ input = mpi_alloc (0);
++ mpi_normalize (data[0]);
++ mpi_fdiv_r (input, data[0], sk.n);
++ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
++ secret (*result, input, &sk);
++ mpi_free (input);
+ return 0;
+ }
+
+Index: gnupg-1.4.7/g10/gpgv.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
++++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800
+@@ -390,6 +390,7 @@
+ void random_dump_stats(void) {}
+ int quick_random_gen( int onoff ) { return -1;}
+ void randomize_buffer( byte *buffer, size_t length, int level ) {}
++void randomize_mpi (MPI mpi, size_t nbits, int level) {}
+ int random_is_faked() { return -1;}
+ byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
+ void set_random_seed_file( const char *name ) {}
diff --git a/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
new file mode 100644
index 0000000..3627176
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,64 @@
+commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
+Author: Werner Koch <wk@gnupg.org>
+Date: Thu Dec 20 09:43:41 2012 +0100
+
+ gpg: Import only packets which are allowed in a keyblock.
+
+ * g10/import.c (valid_keyblock_packet): New.
+ (read_block): Store only valid packets.
+ --
+
+ A corrupted key, which for example included a mangled public key
+ encrypted packet, used to corrupt the keyring. This change skips all
+ packets which are not allowed in a keyblock.
+
+ GnuPG-bug-id: 1455
+
+ (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
+
+Upstream-Status: Backport
+CVE: CVE-2012-6085
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+diff --git a/g10/import.c b/g10/import.c
+index bfe02eb..a57b32e 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -384,6 +384,27 @@ import_print_stats (void *hd)
+ }
+
+
++/* Return true if PKTTYPE is valid in a keyblock. */
++static int
++valid_keyblock_packet (int pkttype)
++{
++ switch (pkttype)
++ {
++ case PKT_PUBLIC_KEY:
++ case PKT_PUBLIC_SUBKEY:
++ case PKT_SECRET_KEY:
++ case PKT_SECRET_SUBKEY:
++ case PKT_SIGNATURE:
++ case PKT_USER_ID:
++ case PKT_ATTRIBUTE:
++ case PKT_RING_TRUST:
++ return 1;
++ default:
++ return 0;
++ }
++}
++
++
+ /****************
+ * Read the next keyblock from stream A.
+ * PENDING_PKT should be initialzed to NULL
+@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+ }
+ in_cert = 1;
+ default:
+- if( in_cert ) {
++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+ if( !root )
+ root = new_kbnode( pkt );
+ else
diff --git a/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/recipes-support/gnupg/gnupg-1.4.7/configure.patch
new file mode 100644
index 0000000..e005ac6
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/configure.patch
@@ -0,0 +1,17 @@
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+Index: gnupg-1.4.7/configure.ac
+===================================================================
+--- gnupg-1.4.7.orig/configure.ac
++++ gnupg-1.4.7/configure.ac
+@@ -827,7 +827,6 @@ else
+ AC_SUBST(USE_NLS)
+ AC_SUBST(USE_INCLUDED_LIBINTL)
+ AC_SUBST(BUILD_INCLUDED_LIBINTL)
+- AM_PO_SUBDIRS
+ fi
+
+ if test "$try_extensions" = yes || test x"$card_support" = xyes ; then
diff --git a/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
new file mode 100644
index 0000000..e5fb24a
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch
@@ -0,0 +1,27 @@
+
+This has been discussed in a couple of different bug reported
+upstream:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250
+http://bugs.sourcemage.org/show_bug.cgi?id=14446
+
+Fix:
+http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
+
+Upstream-Status: Backport [Debian]
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c
+===================================================================
+--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c
++++ gnupg-1.4.7/keyserver/gpgkeys_curl.c
+@@ -286,7 +286,7 @@ main(int argc,char *argv[])
+ curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
+ }
+
+- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
++ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
+ curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+
+ if(proxy)
diff --git a/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
new file mode 100644
index 0000000..2855cab
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch
@@ -0,0 +1,19 @@
+Orignal Patch came from OpenWrt via OE-Classic
+https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4
+which is no longer a valid revision!
+
+Upstream-Status: Inappropriate [configuration]
+
+
+--- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000
++++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000
+@@ -181,7 +181,7 @@
+ /***************************************
+ ************** ARM ******************
+ ***************************************/
+-#if defined (__arm__) && W_TYPE_SIZE == 32
++#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__)
+ #define add_ssaaaa(sh, sl, ah, al, bh, bl) \
+ __asm__ ("adds %1, %4, %5\n" \
+ "adc %0, %2, %3" \
+
diff --git a/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
new file mode 100644
index 0000000..9a03b2b
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch
@@ -0,0 +1,50 @@
+
+From Openembedded-Classic
+
+ gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support
+
+
+Upstream-Status: Inappropriate [embedded-specific]
+
+Index: gnupg-1.4.10/mpi/longlong.h
+===================================================================
+--- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100
++++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100
+@@ -706,18 +706,35 @@
+ #endif /* __m88110__ */
+ #endif /* __m88000__ */
+
++/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
++#if defined (__GNUC__) && defined (__GNUC_MINOR__)
++#define __GNUC_PREREQ(maj, min) \
++ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
++#else
++#define __GNUC_PREREQ(maj, min) 0
++#endif
++
+ /***************************************
+ ************** MIPS *****************
+ ***************************************/
+ #if defined (__mips__) && W_TYPE_SIZE == 32
+-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7
++#if __GNUC_PREREQ (4,4)
++#define umul_ppmm(w1, w0, u, v) \
++ do { \
++ UDItype __ll = (UDItype)(u) * (v); \
++ w1 = __ll >> 32; \
++ w0 = __ll; \
++ } while (0)
++#endif
++#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7)
+ #define umul_ppmm(w1, w0, u, v) \
+ __asm__ ("multu %2,%3" \
+ : "=l" ((USItype)(w0)), \
+ "=h" ((USItype)(w1)) \
+ : "d" ((USItype)(u)), \
+ "d" ((USItype)(v)))
+-#else
++#endif
++#if !defined (umul_ppmm)
+ #define umul_ppmm(w1, w0, u, v) \
+ __asm__ ("multu %2,%3 \n" \
+ "mflo %0 \n" \
diff --git a/recipes-support/gnupg/gnupg_1.4.7.bb b/recipes-support/gnupg/gnupg_1.4.7.bb
new file mode 100644
index 0000000..6ccffd5
--- /dev/null
+++ b/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -0,0 +1,104 @@
+SUMMARY = "GNU Privacy Guard - encryption and signing tools"
+HOMEPAGE = "http://www.gnupg.org/"
+DEPENDS = "zlib bzip2 readline"
+SECTION = "console/utils"
+
+LICENSE = "GPLv2"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
+
+PR = "r9"
+
+SRC_URI = "${GNUPG_MIRROR}/gnupg/gnupg-${PV}.tar.bz2 \
+ file://long-long-thumb.patch \
+ file://configure.patch \
+ file://mips_gcc4.4.patch \
+ file://GnuPG1-CVE-2012-6085.patch \
+ file://curl_typeof_fix_backport.patch \
+ file://CVE-2013-4351.patch \
+ file://CVE-2013-4576.patch \
+ file://CVE-2013-4242.patch \
+ "
+
+SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
+SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"
+
+inherit autotools gettext texinfo
+
+# --with-egd-socket=NAME use NAME for the EGD socket
+# --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer
+# --with-included-zlib use the zlib code included here
+# --with-capabilities use linux capabilities default=no
+# --with-mailprog=NAME use "NAME -t" for mail transport
+# --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib
+# --without-libiconv-prefix don't search for libiconv in includedir and libdir
+# --with-included-gettext use the GNU gettext library included here
+# --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib
+# --without-libintl-prefix don't search for libintl in includedir and libdir
+# --without-readline do not support fancy command line editing
+# --with-included-regex use the included GNU regex library
+# --with-zlib=DIR use libz in DIR
+# --with-bzip2=DIR look for bzip2 in DIR
+# --enable-static-rnd=egd|unix|linux|auto
+# --disable-dev-random disable the use of dev random
+# --disable-asm do not use assembler modules
+# --enable-m-guard enable memory guard facility
+# --enable-selinux-support
+# enable SELinux support
+# --disable-card-support disable OpenPGP card support
+# --disable-gnupg-iconv disable the new iconv code
+# --enable-backsigs enable the experimental backsigs code
+# --enable-minimal build the smallest gpg binary possible
+# --disable-rsa disable the RSA public key algorithm
+# --disable-idea disable the IDEA cipher
+# --disable-cast5 disable the CAST5 cipher
+# --disable-blowfish disable the BLOWFISH cipher
+# --disable-aes disable the AES, AES192, and AES256 ciphers
+# --disable-twofish disable the TWOFISH cipher
+# --disable-sha256 disable the SHA-256 digest
+# --disable-sha512 disable the SHA-384 and SHA-512 digests
+# --disable-bzip2 disable the BZIP2 compression algorithm
+# --disable-exec disable all external program execution
+# --disable-photo-viewers disable photo ID viewers
+# --disable-keyserver-helpers disable all external keyserver support
+# --disable-ldap disable LDAP keyserver interface
+# --disable-hkp disable HKP keyserver interface
+# --disable-http disable HTTP key fetching interface
+# --disable-finger disable Finger key fetching interface
+# --disable-mailto disable email keyserver interface
+# --disable-keyserver-path disable the exec-path option for keyserver helpers
+# --enable-key-cache=SIZE Set key cache to SIZE (default 4096)
+# --disable-largefile omit support for large files
+# --disable-dns-srv disable the use of DNS SRV in HKP and HTTP
+# --disable-nls do not use Native Language Support
+# --disable-regex do not handle regular expressions in trust sigs
+
+EXTRA_OECONF = "--disable-ldap \
+ --with-zlib=${STAGING_LIBDIR}/.. \
+ --with-bzip2=${STAGING_LIBDIR}/.. \
+ --disable-selinux-support \
+ --with-readline=${STAGING_LIBDIR}/.. \
+ ac_cv_sys_symbol_underscore=no \
+ "
+
+# Force gcc's traditional handling of inline to avoid issues with gcc 5
+CFLAGS += "-fgnu89-inline"
+
+do_install () {
+ autotools_do_install
+ install -d ${D}${docdir}/${BPN}
+ mv ${D}${datadir}/${BPN}/* ${D}/${docdir}/${BPN}/ || :
+ mv ${D}${prefix}/doc/* ${D}/${docdir}/${BPN}/ || :
+}
+
+# split out gpgv from main package
+RDEPENDS_${PN} = "gpgv"
+PACKAGES =+ "gpgv"
+FILES_gpgv = "${bindir}/gpgv"
+
+# Exclude debug files from the main packages
+FILES_${PN} = "${bindir}/* ${datadir}/${BPN} ${libexecdir}/${BPN}/*"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR},--without-libcurl,curl"
+PACKAGECONFIG[libusb] = "--with-libusb=${STAGING_LIBDIR},--without-libusb,libusb-compat"
diff --git a/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch b/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch
new file mode 100644
index 0000000..3cbf549
--- /dev/null
+++ b/recipes-support/libiconv/libiconv-1.11.1/autoconf.patch
@@ -0,0 +1,50 @@
+It adds the variables that are needed
+for autoconf 2.65 to reconfigure libiconv and defines the m4 macros
+directory. Its imported from OE.
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: libiconv-1.11.1/configure.ac
+===================================================================
+--- libiconv-1.11.1.orig/configure.ac
++++ libiconv-1.11.1/configure.ac
+@@ -23,7 +23,7 @@ AC_CONFIG_AUX_DIR(build-aux)
+ AM_INIT_AUTOMAKE(libiconv, 1.11)
+ AC_CONFIG_HEADERS(config.h lib/config.h)
+ AC_PROG_MAKE_SET
+-
++AC_CONFIG_MACRO_DIR([m4])
+ dnl checks for basic programs
+
+ AC_PROG_CC
+Index: libiconv-1.11.1/libcharset/configure.ac
+===================================================================
+--- libiconv-1.11.1.orig/libcharset/configure.ac
++++ libiconv-1.11.1/libcharset/configure.ac
+@@ -16,17 +16,17 @@ dnl along with the GNU CHARSET Library;
+ dnl write to the Free Software Foundation, Inc., 51 Franklin Street,
+ dnl Fifth Floor, Boston, MA 02110-1301, USA.
+
+-AC_PREREQ(2.13)
++AC_PREREQ(2.61)
++AC_INIT([libcharset],[1.4] )
++AC_CONFIG_SRCDIR([lib/localcharset.c])
+
+-PACKAGE=libcharset
+-VERSION=1.4
+-
+-AC_INIT(lib/localcharset.c)
+ AC_CONFIG_AUX_DIR(build-aux)
+ AC_CONFIG_HEADER(config.h)
+ AC_PROG_MAKE_SET
+-AC_SUBST(PACKAGE)
+-AC_SUBST(VERSION)
++dnl AC_SUBST(PACKAGE)
++dnl AC_SUBST(VERSION)
++
++AC_CONFIG_MACRO_DIR([m4])
+
+ dnl checks for basic programs
+
diff --git a/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch b/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch
new file mode 100644
index 0000000..fb07f73
--- /dev/null
+++ b/recipes-support/libiconv/libiconv-1.11.1/shared_preloadable_libiconv_linux.patch
@@ -0,0 +1,26 @@
+With libtool generating shared and static version of libraries needs -fPIC flags
+without this it will not generate the commands to create shared linked library
+Its more enforced by libtool 2.4. I have not checked it with older libtool
+libiconv 1.11.x is relatively old release and libtool 2.4 did not exist when it
+was released these kind of problem are more likely
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: libiconv-1.11.1/lib/Makefile.in
+===================================================================
+--- libiconv-1.11.1.orig/lib/Makefile.in
++++ libiconv-1.11.1/lib/Makefile.in
+@@ -70,9 +70,9 @@ preloadable_libiconv.so : preloadable_li
+
+ preloadable_libiconv_linux.so : $(SOURCES)
+ if test -n "@GCC@"; then \
+- $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -fPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -shared -o preloadable_libiconv_linux.so; \
++ $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -fPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -rpath $(libdir) -o libpreload_iconv.la && cp .libs/libpreload_iconv.so preloadable_libiconv_linux.so; \
+ else \
+- $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -KPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -shared -o preloadable_libiconv_linux.so; \
++ $(LIBTOOL_LINK) $(CC) $(LDFLAGS) $(INCLUDES) $(CFLAGS) $(CPPFLAGS) $(DEFS) -KPIC -DPIC -DLIBICONV_PLUG $(SOURCES) -rpath $(libdir) -o libpreload_iconv.la && cp .libs/libpreload_iconv.so preloadable_libiconv_linux.so; \
+ fi
+
+ preloadable_libiconv_solaris.so : $(SOURCES)
diff --git a/recipes-support/libiconv/libiconv_1.11.1.bb b/recipes-support/libiconv/libiconv_1.11.1.bb
new file mode 100644
index 0000000..f28e64a
--- /dev/null
+++ b/recipes-support/libiconv/libiconv_1.11.1.bb
@@ -0,0 +1,47 @@
+SUMMARY = "Character encoding support library"
+DESCRIPTION = "GNU libiconv - libiconv is for you if your application needs to support \
+multiple character encodings, but that support lacks from your system."
+HOMEPAGE = "http://www.gnu.org/software/libiconv"
+SECTION = "libs"
+NOTES = "Needs to be stripped down to: ascii iso8859-1 eucjp iso-2022jp gb utf8"
+PROVIDES = "virtual/libiconv"
+
+LICENSE = "LGPLv2.0"
+LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674 \
+ file://libcharset/COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674"
+
+SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
+ file://autoconf.patch \
+ file://shared_preloadable_libiconv_linux.patch \
+ "
+
+SRC_URI[md5sum] = "d42b97f6ef5dd0ba4469d520ed732fed"
+SRC_URI[sha256sum] = "e78c347a1a0cb15f2648519e9799151f4b4a934b61ad9ee7424478efe2b8257f"
+
+S = "${WORKDIR}/libiconv-${PV}"
+
+inherit autotools pkgconfig gettext
+
+python __anonymous() {
+ if d.getVar("TCLIBC") == "glibc":
+ raise bb.parse.SkipPackage("libiconv is provided for use with uClibc only - glibc already provides iconv")
+}
+
+EXTRA_OECONF += "--enable-shared --enable-static --enable-relocatable"
+
+LEAD_SONAME = "libiconv.so"
+
+do_configure_prepend () {
+ rm -f ${S}/m4/libtool.m4 ${S}/m4/ltoptions.m4 ${S}/m4/ltsugar.m4 ${S}/m4/ltversion.m4 ${S}/m4/lt~obsolete.m4 ${S}/libcharset/m4/libtool.m4 ${S}/libcharset/m4/ltoptions.m4 ${S}/libcharset/m4/ltsugar.m4 ${S}/libcharset/m4/ltversion.m4 ${S}/libcharset/m4/lt~obsolete.m4
+}
+
+do_configure_append () {
+ # forcibly remove RPATH from libtool
+ sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' *libtool
+ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=_NO_RPATH_|g' *libtool
+}
+
+do_install_append () {
+ rm -rf ${D}${libdir}/preloadable_libiconv.so
+ rm -rf ${D}${libdir}/charset.alias
+}
diff --git a/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch b/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
new file mode 100644
index 0000000..23da777
--- /dev/null
+++ b/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
@@ -0,0 +1,46 @@
+From 46edf01cc98db9f9feec984897836dfdd26bdc8d Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Wed, 12 Aug 2015 23:27:27 +0300
+Subject: [PATCH] Add target to only build tests (not run them)
+
+Not sending upstream as this is only a start of a solution to
+installable tests: It's useful for us already as is.
+
+Upstream-Status: Inappropriate [not a complete solution]
+
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ Makefile.in | 3 +++
+ testsuite/Makefile.in | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/Makefile.in b/Makefile.in
+index 08efb7d..7909342 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -55,6 +55,9 @@ clean distclean mostlyclean maintainer-clean tags:
+ echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
+ $(MAKE) $@-here
+
++buildtest:
++ echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@)
++
+ check-here:
+ true
+
+diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
+index 6bc1907..bb65bf0 100644
+--- a/testsuite/Makefile.in
++++ b/testsuite/Makefile.in
+@@ -116,6 +116,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \
+ # data.
+ VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes @IF_ASM@ --partial-loads-ok=yes
+
++buildtest: $(TS_ALL)
++
+ # The PATH update is for locating dlls on w*ndows.
+ check: $(TS_ALL)
+ LD_LIBRARY_PATH=../.lib PATH="../.lib:$$PATH" srcdir="$(srcdir)" \
+--
+2.1.4
+
diff --git a/recipes-support/nettle/files/run-ptest b/recipes-support/nettle/files/run-ptest
new file mode 100644
index 0000000..b90bed6
--- /dev/null
+++ b/recipes-support/nettle/files/run-ptest
@@ -0,0 +1,36 @@
+#! /bin/sh
+
+cd testsuite
+
+failed=0
+all=0
+
+for f in *-test; do
+ if [ "$f" = "sha1-huge-test" ] ; then
+ echo "SKIP: $f (skipped for ludicrous run time)"
+ continue
+ fi
+
+ "./$f"
+ case "$?" in
+ 0)
+ echo "PASS: $f"
+ all=$((all + 1))
+ ;;
+ 77)
+ echo "SKIP: $f"
+ ;;
+ *)
+ echo "FAIL: $f"
+ failed=$((failed + 1))
+ all=$((all + 1))
+ ;;
+ esac
+done
+
+if [ "$failed" -eq 0 ] ; then
+ echo "All $all tests passed"
+else
+ echo "$failed of $all tests failed"
+fi
+
diff --git a/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
new file mode 100644
index 0000000..a956f42
--- /dev/null
+++ b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
@@ -0,0 +1,71 @@
+Upstream-Status: Backport
+https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
+
+CVE: CVE-2015-8803
+CVE: CVE-2015-8805
+
+Same fix for both.
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: nettle-2.7.1/ecc-256.c
+===================================================================
+--- nettle-2.7.1.orig/ecc-256.c
++++ nettle-2.7.1/ecc-256.c
+@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec
+ q2 += t + (q1 < t);
+
+ assert (q2 < 2);
++ /*
++ n-1 n-2 n-3 n-4
++ +---+---+---+---+
++ | u1| u0| u low |
++ +---+---+---+---+
++ - | q1(2^96-1)|
++ +-------+---+
++ |q2(2^.)|
++ +-------+
+
+- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
+- shifts rather than mul. */
++ We multiply by two low limbs of p, 2^96 - 1, so we could use
++ shifts rather than mul.
++ */
+ t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1);
+ t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1);
+ t += (-q2) & 0xffffffff;
+@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec
+ u0 -= t;
+ t = (u1 < cy);
+ u1 -= cy;
+- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
++
++ cy = cnd_add_n (t, rp + n - 4, ecc->p, 2);
++ u0 += cy;
++ u1 += (u0 < cy);
+ u1 -= (-t) & 0xffffffff;
+ }
+ rp[2] = u0;
+@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec
+
+ /* Conditional add of p */
+ u1 += t;
+- u2 += (t<<32) + (u0 < t);
++ u2 += (t<<32) + (u1 < t);
+
+ t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
+ u1 += t;
+Index: nettle-2.7.1/ChangeLog
+===================================================================
+--- nettle-2.7.1.orig/ChangeLog
++++ nettle-2.7.1/ChangeLog
+@@ -1,3 +1,9 @@
++2015-12-10 Niels Möller <nisse@lysator.liu.se>
++
++ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
++ reported by Hanno Böck.
++ (ecc_256_modq): Fixed another carry propagation bug.
++
+ 2013-05-28 Niels Möller <nisse@lysator.liu.se>
+
+ * Released nettle-2.7.1.
diff --git a/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
new file mode 100644
index 0000000..73723a9
--- /dev/null
+++ b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
@@ -0,0 +1,272 @@
+Upstream-Status: Backport
+ https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
+
+CVE: CVE-2015-8804
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: nettle-2.7.1/ChangeLog
+===================================================================
+--- nettle-2.7.1.orig/ChangeLog
++++ nettle-2.7.1/ChangeLog
+@@ -1,3 +1,11 @@
++2015-12-15 Niels Möller <nisse@lysator.liu.se>
++
++ * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
++ reported by Hanno Böck. Simplified the folding to always use
++ non-negative carry, the old code attempted to add in a carry which
++ could be either positive or negative, but didn't get that case
++ right.
++
+ 2015-12-10 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
+Index: nettle-2.7.1/x86_64/ecc-384-modp.asm
+===================================================================
+--- nettle-2.7.1.orig/x86_64/ecc-384-modp.asm
++++ nettle-2.7.1/x86_64/ecc-384-modp.asm
+@@ -20,7 +20,7 @@ C MA 02111-1301, USA.
+ .file "ecc-384-modp.asm"
+
+ define(<RP>, <%rsi>)
+-define(<D4>, <%rax>)
++define(<D5>, <%rax>)
+ define(<T0>, <%rbx>)
+ define(<T1>, <%rcx>)
+ define(<T2>, <%rdx>)
+@@ -35,8 +35,8 @@ define(<H4>, <%r13>)
+ define(<H5>, <%r14>)
+ define(<C2>, <%r15>)
+ define(<C0>, H5) C Overlap
+-define(<D0>, RP) C Overlap
+-define(<TMP>, H4) C Overlap
++define(<TMP>, RP) C Overlap
++
+
+ PROLOGUE(nettle_ecc_384_modp)
+ W64_ENTRY(2, 0)
+@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp)
+ push %r14
+ push %r15
+
+- C First get top 2 limbs, which need folding twice
++ C First get top 2 limbs, which need folding twice.
++ C B^10 = B^6 + B^4 + 2^32 (B-1)B^4.
++ C We handle the terms as follow:
+ C
+- C H5 H4
+- C -H5
+- C ------
+- C H0 D4
++ C B^6: Folded immediatly.
+ C
+- C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32
+- C and add
++ C B^4: Delayed, added in in the next folding.
+ C
+- C H5 H4
+- C H1 H0
+- C ----------
+- C C2 H1 H0
+-
+- mov 80(RP), D4
+- mov 88(RP), H0
+- mov D4, H4
+- mov H0, H5
+- sub H0, D4
+- sbb $0, H0
+-
+- mov D4, T2
+- mov H0, H1
+- shl $32, H0
+- shr $32, T2
++ C 2^32(B-1) B^4: Low half limb delayed until the next
++ C folding. Top 1.5 limbs subtracted and shifter now, resulting
++ C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added
++ C in.
++
++ mov 80(RP), H4
++ mov 88(RP), H5
++ C Shift right 32 bits, into H1, H0
++ mov H4, H0
++ mov H5, H1
++ mov H5, D5
+ shr $32, H1
+- or T2, H0
++ shl $32, D5
++ shr $32, H0
++ or D5, H0
++
++ C H1 H0
++ C - H1 H0
++ C --------
++ C H1 H0 D5
++ mov H0, D5
++ neg D5
++ sbb H1, H0
++ sbb $0, H1
+
+ xor C2, C2
+ add H4, H0
+@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp)
+ adc H3, T5
+ adc $0, C0
+
+- C H3 H2 H1 H0 0
+- C - H4 H3 H2 H1 H0
+- C ---------------
+- C H3 H2 H1 H0 D0
+-
+- mov XREG(D4), XREG(D4)
+- mov H0, D0
+- neg D0
+- sbb H1, H0
+- sbb H2, H1
+- sbb H3, H2
+- sbb H4, H3
+- sbb $0, D4
+-
+- C Shift right. High bits are sign, to be added to C0.
+- mov D4, TMP
+- sar $32, TMP
+- shl $32, D4
+- add TMP, C0
+-
++ C Shift left, including low half of H4
+ mov H3, TMP
++ shl $32, H4
+ shr $32, TMP
+- shl $32, H3
+- or TMP, D4
++ or TMP, H4
+
+ mov H2, TMP
++ shl $32, H3
+ shr $32, TMP
+- shl $32, H2
+ or TMP, H3
+
+ mov H1, TMP
++ shl $32, H2
+ shr $32, TMP
+- shl $32, H1
+ or TMP, H2
+
+ mov H0, TMP
++ shl $32, H1
+ shr $32, TMP
+- shl $32, H0
+ or TMP, H1
+
+- mov D0, TMP
+- shr $32, TMP
+- shl $32, D0
+- or TMP, H0
++ shl $32, H0
++
++ C H4 H3 H2 H1 H0 0
++ C - H4 H3 H2 H1 H0
++ C ---------------
++ C H4 H3 H2 H1 H0 TMP
+
+- add D0, T0
++ mov H0, TMP
++ neg TMP
++ sbb H1, H0
++ sbb H2, H1
++ sbb H3, H2
++ sbb H4, H3
++ sbb $0, H4
++
++ add TMP, T0
+ adc H0, T1
+ adc H1, T2
+ adc H2, T3
+ adc H3, T4
+- adc D4, T5
++ adc H4, T5
+ adc $0, C0
+
+ C Remains to add in C2 and C0
+- C C0 C0<<32 (-2^32+1)C0
+- C C2 C2<<32 (-2^32+1)C2
+- C where C2 is always positive, while C0 may be -1.
++ C Set H1, H0 = (2^96 - 2^32 + 1) C0
+ mov C0, H0
+ mov C0, H1
+- mov C0, H2
+- sar $63, C0 C Get sign
+ shl $32, H1
+- sub H1, H0 C Gives borrow iff C0 > 0
++ sub H1, H0
+ sbb $0, H1
+- add C0, H2
+
++ C Set H3, H2 = (2^96 - 2^32 + 1) C2
++ mov C2, H2
++ mov C2, H3
++ shl $32, H3
++ sub H3, H2
++ sbb $0, H3
++ add C0, H2 C No carry. Could use lea trick
++
++ xor C0, C0
+ add H0, T0
+ adc H1, T1
+- adc $0, H2
+- adc $0, C0
+-
+- C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1
+- mov C2, H0
+- mov C2, H1
+- shl $32, H1
+- sub H1, H0
+- sbb $0, H1
+-
+- add H2, H0
+- adc C0, H1
+- adc C2, C0
+- mov C0, H2
+- sar $63, C0
+- add H0, T2
+- adc H1, T3
+- adc H2, T4
+- adc C0, T5
+- sbb C0, C0
++ adc H2, T2
++ adc H3, T3
++ adc C2, T4
++ adc D5, T5 C Value delayed from initial folding
++ adc $0, C0 C Use sbb and switch sign?
+
+ C Final unlikely carry
+ mov C0, H0
+ mov C0, H1
+- mov C0, H2
+- sar $63, C0
+ shl $32, H1
+ sub H1, H0
+ sbb $0, H1
+- add C0, H2
+
+ pop RP
+
+- sub H0, T0
++ add H0, T0
+ mov T0, (RP)
+- sbb H1, T1
++ adc H1, T1
+ mov T1, 8(RP)
+- sbb H2, T2
++ adc C0, T2
+ mov T2, 16(RP)
+- sbb C0, T3
++ adc $0, T3
+ mov T3, 24(RP)
+- sbb C0, T4
++ adc $0, T4
+ mov T4, 32(RP)
+- sbb C0, T5
++ adc $0, T5
+ mov T5, 40(RP)
+
+ pop %r15
diff --git a/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch b/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
new file mode 100644
index 0000000..38d9107
--- /dev/null
+++ b/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
@@ -0,0 +1,38 @@
+From c369dd7049f5a198f8b6c96fde6e294ce5146c2f Mon Sep 17 00:00:00 2001
+From: Haiqing Bai <Haiqing.Bai@windriver.com>
+Date: Fri, 9 Dec 2016 16:16:45 +0800
+Subject: [PATCH] nettle: check header files of openssl only if
+ 'enable_openssl=yes'.
+
+The original configure script checks openssl header files to generate
+config.h even if 'enable_openssl' is not set to yes, this made inconsistent
+building for nettle.
+
+Upstream-Status: Pending
+Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
+---
+ configure.ac | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 78a3d4e..4f16a98 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -603,9 +603,11 @@ AC_CHECK_ALIGNOF(uint64_t)
+ ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t"
+ AC_SUBST(ALIGNOF_UINT64_T)
+
+-AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
+-[enable_openssl=no
+- break])
++if test "x$enable_openssl" = "xyes"; then
++ AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
++ [enable_openssl=no
++ break])
++fi
+
+ LSH_FUNC_ALLOCA
+ LSH_FUNC_STRERROR
+--
+1.9.1
+
diff --git a/recipes-support/nettle/nettle.inc b/recipes-support/nettle/nettle.inc
new file mode 100644
index 0000000..af51fb6
--- /dev/null
+++ b/recipes-support/nettle/nettle.inc
@@ -0,0 +1,37 @@
+SUMMARY = "A low level cryptographic library"
+HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
+SECTION = "libs"
+
+DEPENDS += "gmp"
+
+SRC_URI = "http://www.lysator.liu.se/~nisse/archive/${BP}.tar.gz \
+ file://Add-target-to-only-build-tests-not-run-them.patch \
+ file://run-ptest \
+ "
+
+UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
+
+inherit autotools ptest
+
+EXTRA_OECONF = "--disable-openssl"
+
+do_configure_prepend() {
+ if [ ! -e ${S}/acinclude.m4 -a -e ${S}/aclocal.m4 ]; then
+ cp ${S}/aclocal.m4 ${S}/acinclude.m4
+ fi
+}
+
+do_compile_ptest() {
+ oe_runmake buildtest
+}
+
+do_install_ptest() {
+ install -d ${D}${PTEST_PATH}/testsuite/
+ install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/
+ install ${S}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/
+ # tools can be found in PATH, not in ../tools/
+ sed -i -e 's|../tools/||' ${D}${PTEST_PATH}/testsuite/*-test
+ install ${B}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-support/nettle/nettle_2.7.1.bb b/recipes-support/nettle/nettle_2.7.1.bb
new file mode 100644
index 0000000..2006146
--- /dev/null
+++ b/recipes-support/nettle/nettle_2.7.1.bb
@@ -0,0 +1,19 @@
+require nettle.inc
+
+LICENSE = "LGPLv2.1+ & GPLv2"
+LICENSE_${PN} = "LGPLv2.1+"
+
+LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+ file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \
+ file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d"
+
+SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
+SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
+
+SRC_URI += "\
+ file://CVE-2015-8803_8805.patch \
+ file://CVE-2015-8804.patch \
+ file://check-header-files-of-openssl-only-if-enable_.patch \
+ "
+
+DISABLE_STATIC = ""