summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/nettle
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:04:08 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-07 20:04:58 +0000
commit19b7e950346fb1dde6505c45236eba6cd9b33b4b (patch)
tree4e582be23e08321bd04c591be3f37926199d6005 /meta/recipes-support/nettle
parent39f5a05152aa0c3503735e18dd3b4c066b284107 (diff)
downloadopenembedded-core-19b7e950346fb1dde6505c45236eba6cd9b33b4b.tar.gz
recipes: Move out stale GPLv2 versions to a seperate layeruninative-1.5
These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/nettle')
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch71
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch272
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch38
-rw-r--r--meta/recipes-support/nettle/nettle_2.7.1.bb19
4 files changed, 0 insertions, 400 deletions
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
deleted file mode 100644
index a956f426b8..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-Upstream-Status: Backport
-https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
-
-CVE: CVE-2015-8803
-CVE: CVE-2015-8805
-
-Same fix for both.
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: nettle-2.7.1/ecc-256.c
-===================================================================
---- nettle-2.7.1.orig/ecc-256.c
-+++ nettle-2.7.1/ecc-256.c
-@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec
- q2 += t + (q1 < t);
-
- assert (q2 < 2);
-+ /*
-+ n-1 n-2 n-3 n-4
-+ +---+---+---+---+
-+ | u1| u0| u low |
-+ +---+---+---+---+
-+ - | q1(2^96-1)|
-+ +-------+---+
-+ |q2(2^.)|
-+ +-------+
-
-- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
-- shifts rather than mul. */
-+ We multiply by two low limbs of p, 2^96 - 1, so we could use
-+ shifts rather than mul.
-+ */
- t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1);
- t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1);
- t += (-q2) & 0xffffffff;
-@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec
- u0 -= t;
- t = (u1 < cy);
- u1 -= cy;
-- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
-+
-+ cy = cnd_add_n (t, rp + n - 4, ecc->p, 2);
-+ u0 += cy;
-+ u1 += (u0 < cy);
- u1 -= (-t) & 0xffffffff;
- }
- rp[2] = u0;
-@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec
-
- /* Conditional add of p */
- u1 += t;
-- u2 += (t<<32) + (u0 < t);
-+ u2 += (t<<32) + (u1 < t);
-
- t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
- u1 += t;
-Index: nettle-2.7.1/ChangeLog
-===================================================================
---- nettle-2.7.1.orig/ChangeLog
-+++ nettle-2.7.1/ChangeLog
-@@ -1,3 +1,9 @@
-+2015-12-10 Niels Möller <nisse@lysator.liu.se>
-+
-+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
-+ reported by Hanno Böck.
-+ (ecc_256_modq): Fixed another carry propagation bug.
-+
- 2013-05-28 Niels Möller <nisse@lysator.liu.se>
-
- * Released nettle-2.7.1.
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
deleted file mode 100644
index 73723a998d..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
+++ /dev/null
@@ -1,272 +0,0 @@
-Upstream-Status: Backport
- https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
-
-CVE: CVE-2015-8804
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: nettle-2.7.1/ChangeLog
-===================================================================
---- nettle-2.7.1.orig/ChangeLog
-+++ nettle-2.7.1/ChangeLog
-@@ -1,3 +1,11 @@
-+2015-12-15 Niels Möller <nisse@lysator.liu.se>
-+
-+ * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
-+ reported by Hanno Böck. Simplified the folding to always use
-+ non-negative carry, the old code attempted to add in a carry which
-+ could be either positive or negative, but didn't get that case
-+ right.
-+
- 2015-12-10 Niels Möller <nisse@lysator.liu.se>
-
- * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
-Index: nettle-2.7.1/x86_64/ecc-384-modp.asm
-===================================================================
---- nettle-2.7.1.orig/x86_64/ecc-384-modp.asm
-+++ nettle-2.7.1/x86_64/ecc-384-modp.asm
-@@ -20,7 +20,7 @@ C MA 02111-1301, USA.
- .file "ecc-384-modp.asm"
-
- define(<RP>, <%rsi>)
--define(<D4>, <%rax>)
-+define(<D5>, <%rax>)
- define(<T0>, <%rbx>)
- define(<T1>, <%rcx>)
- define(<T2>, <%rdx>)
-@@ -35,8 +35,8 @@ define(<H4>, <%r13>)
- define(<H5>, <%r14>)
- define(<C2>, <%r15>)
- define(<C0>, H5) C Overlap
--define(<D0>, RP) C Overlap
--define(<TMP>, H4) C Overlap
-+define(<TMP>, RP) C Overlap
-+
-
- PROLOGUE(nettle_ecc_384_modp)
- W64_ENTRY(2, 0)
-@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp)
- push %r14
- push %r15
-
-- C First get top 2 limbs, which need folding twice
-+ C First get top 2 limbs, which need folding twice.
-+ C B^10 = B^6 + B^4 + 2^32 (B-1)B^4.
-+ C We handle the terms as follow:
- C
-- C H5 H4
-- C -H5
-- C ------
-- C H0 D4
-+ C B^6: Folded immediatly.
- C
-- C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32
-- C and add
-+ C B^4: Delayed, added in in the next folding.
- C
-- C H5 H4
-- C H1 H0
-- C ----------
-- C C2 H1 H0
--
-- mov 80(RP), D4
-- mov 88(RP), H0
-- mov D4, H4
-- mov H0, H5
-- sub H0, D4
-- sbb $0, H0
--
-- mov D4, T2
-- mov H0, H1
-- shl $32, H0
-- shr $32, T2
-+ C 2^32(B-1) B^4: Low half limb delayed until the next
-+ C folding. Top 1.5 limbs subtracted and shifter now, resulting
-+ C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added
-+ C in.
-+
-+ mov 80(RP), H4
-+ mov 88(RP), H5
-+ C Shift right 32 bits, into H1, H0
-+ mov H4, H0
-+ mov H5, H1
-+ mov H5, D5
- shr $32, H1
-- or T2, H0
-+ shl $32, D5
-+ shr $32, H0
-+ or D5, H0
-+
-+ C H1 H0
-+ C - H1 H0
-+ C --------
-+ C H1 H0 D5
-+ mov H0, D5
-+ neg D5
-+ sbb H1, H0
-+ sbb $0, H1
-
- xor C2, C2
- add H4, H0
-@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp)
- adc H3, T5
- adc $0, C0
-
-- C H3 H2 H1 H0 0
-- C - H4 H3 H2 H1 H0
-- C ---------------
-- C H3 H2 H1 H0 D0
--
-- mov XREG(D4), XREG(D4)
-- mov H0, D0
-- neg D0
-- sbb H1, H0
-- sbb H2, H1
-- sbb H3, H2
-- sbb H4, H3
-- sbb $0, D4
--
-- C Shift right. High bits are sign, to be added to C0.
-- mov D4, TMP
-- sar $32, TMP
-- shl $32, D4
-- add TMP, C0
--
-+ C Shift left, including low half of H4
- mov H3, TMP
-+ shl $32, H4
- shr $32, TMP
-- shl $32, H3
-- or TMP, D4
-+ or TMP, H4
-
- mov H2, TMP
-+ shl $32, H3
- shr $32, TMP
-- shl $32, H2
- or TMP, H3
-
- mov H1, TMP
-+ shl $32, H2
- shr $32, TMP
-- shl $32, H1
- or TMP, H2
-
- mov H0, TMP
-+ shl $32, H1
- shr $32, TMP
-- shl $32, H0
- or TMP, H1
-
-- mov D0, TMP
-- shr $32, TMP
-- shl $32, D0
-- or TMP, H0
-+ shl $32, H0
-+
-+ C H4 H3 H2 H1 H0 0
-+ C - H4 H3 H2 H1 H0
-+ C ---------------
-+ C H4 H3 H2 H1 H0 TMP
-
-- add D0, T0
-+ mov H0, TMP
-+ neg TMP
-+ sbb H1, H0
-+ sbb H2, H1
-+ sbb H3, H2
-+ sbb H4, H3
-+ sbb $0, H4
-+
-+ add TMP, T0
- adc H0, T1
- adc H1, T2
- adc H2, T3
- adc H3, T4
-- adc D4, T5
-+ adc H4, T5
- adc $0, C0
-
- C Remains to add in C2 and C0
-- C C0 C0<<32 (-2^32+1)C0
-- C C2 C2<<32 (-2^32+1)C2
-- C where C2 is always positive, while C0 may be -1.
-+ C Set H1, H0 = (2^96 - 2^32 + 1) C0
- mov C0, H0
- mov C0, H1
-- mov C0, H2
-- sar $63, C0 C Get sign
- shl $32, H1
-- sub H1, H0 C Gives borrow iff C0 > 0
-+ sub H1, H0
- sbb $0, H1
-- add C0, H2
-
-+ C Set H3, H2 = (2^96 - 2^32 + 1) C2
-+ mov C2, H2
-+ mov C2, H3
-+ shl $32, H3
-+ sub H3, H2
-+ sbb $0, H3
-+ add C0, H2 C No carry. Could use lea trick
-+
-+ xor C0, C0
- add H0, T0
- adc H1, T1
-- adc $0, H2
-- adc $0, C0
--
-- C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1
-- mov C2, H0
-- mov C2, H1
-- shl $32, H1
-- sub H1, H0
-- sbb $0, H1
--
-- add H2, H0
-- adc C0, H1
-- adc C2, C0
-- mov C0, H2
-- sar $63, C0
-- add H0, T2
-- adc H1, T3
-- adc H2, T4
-- adc C0, T5
-- sbb C0, C0
-+ adc H2, T2
-+ adc H3, T3
-+ adc C2, T4
-+ adc D5, T5 C Value delayed from initial folding
-+ adc $0, C0 C Use sbb and switch sign?
-
- C Final unlikely carry
- mov C0, H0
- mov C0, H1
-- mov C0, H2
-- sar $63, C0
- shl $32, H1
- sub H1, H0
- sbb $0, H1
-- add C0, H2
-
- pop RP
-
-- sub H0, T0
-+ add H0, T0
- mov T0, (RP)
-- sbb H1, T1
-+ adc H1, T1
- mov T1, 8(RP)
-- sbb H2, T2
-+ adc C0, T2
- mov T2, 16(RP)
-- sbb C0, T3
-+ adc $0, T3
- mov T3, 24(RP)
-- sbb C0, T4
-+ adc $0, T4
- mov T4, 32(RP)
-- sbb C0, T5
-+ adc $0, T5
- mov T5, 40(RP)
-
- pop %r15
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch b/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
deleted file mode 100644
index 38d9107ce7..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From c369dd7049f5a198f8b6c96fde6e294ce5146c2f Mon Sep 17 00:00:00 2001
-From: Haiqing Bai <Haiqing.Bai@windriver.com>
-Date: Fri, 9 Dec 2016 16:16:45 +0800
-Subject: [PATCH] nettle: check header files of openssl only if
- 'enable_openssl=yes'.
-
-The original configure script checks openssl header files to generate
-config.h even if 'enable_openssl' is not set to yes, this made inconsistent
-building for nettle.
-
-Upstream-Status: Pending
-Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
----
- configure.ac | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 78a3d4e..4f16a98 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -603,9 +603,11 @@ AC_CHECK_ALIGNOF(uint64_t)
- ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t"
- AC_SUBST(ALIGNOF_UINT64_T)
-
--AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
--[enable_openssl=no
-- break])
-+if test "x$enable_openssl" = "xyes"; then
-+ AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
-+ [enable_openssl=no
-+ break])
-+fi
-
- LSH_FUNC_ALLOCA
- LSH_FUNC_STRERROR
---
-1.9.1
-
diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb
deleted file mode 100644
index 2006146cfe..0000000000
--- a/meta/recipes-support/nettle/nettle_2.7.1.bb
+++ /dev/null
@@ -1,19 +0,0 @@
-require nettle.inc
-
-LICENSE = "LGPLv2.1+ & GPLv2"
-LICENSE_${PN} = "LGPLv2.1+"
-
-LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
- file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \
- file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d"
-
-SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
-SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
-
-SRC_URI += "\
- file://CVE-2015-8803_8805.patch \
- file://CVE-2015-8804.patch \
- file://check-header-files-of-openssl-only-if-enable_.patch \
- "
-
-DISABLE_STATIC = ""