subtree updates: raspberrypi security arm
meta-arm: eb9c47a4e1..9b6c8c95e4:
Abdellatif El Khlifi (1):
CI: append classes to INHERIT in the common fvp.yml
Adam Johnston (1):
arm-bsp/linux-yocto: Update N1SDP PCI quirk patch
Jon Mason (10):
CI: add yml files for defaults
CI: add support for dev kernel, rt kernel, and poky-tiny
arm-bsp/fvp-base: update to u-boot 2023.01
arm-bsp/fvp-base-arm32: remove support
ci: add external-toolchain to qemuarm-secureboot
arm-bsp/optee: remove unused recipes
arm/optee: optee-os include cleanup
arm/optee-os: update to 3.20.0
arm/edk2: update version and relocate edk2-basetools to be with edk2
arm-bsp/fvp-base: Add edk2 build testing
Ross Burton (7):
arm-bsp/linux-arm64-ack: update Upstream-Status tags
CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
arm/scp-firmware: fix up whitespace
arm/scp-firmware: enable verbose builds
arm/scp-firmware: remove textrel from INSANE_SKIP
arm/scp-firmware: improve debug packaging
CI: mask poky's llvm if we're using clang
Rui Miguel Silva (1):
arm-bsp/optee: bump corstone1000 to v3.20
Satish Kumar (1):
arm-bsp/corstone1000: new gpt based disk layout and fwu metadata
Xueliang Zhong (1):
arm-bsp/n1sdp: update to linux yocto kernel 6.1
meta-security: c06b9a18a6..a397a38ed9:
Armin Kuster (16):
openscap: update to 1.3.6
openscap: update to 1.3.7
openscap git: add DEFAULT_PREFERENCE
python3-fail2ban: update to 1.0.2
python3-privacyidea: update to 3.8.1
libhtp: update to 0.5.42
lkrg-modules: update to 0.9.6
chkrootkit: update to 0.57
fscrypt: update to 1.1.0
libmspack: update to 1.11
firejail: update 0.9.72
suricata: update to 6.0.10
apparmor: update to 3.1.3
krill: update 0.12.3
cryptmout: update to 6.2.0
packagegroup-core-security: refactor the inclusion of krill
Eero Aaltonen (1):
dm-verity-img.bbclass: fix syntax warning
Jose Quaresma (3):
meta-hardening/layer: lower the priority from 10 to 6
meta-security-compliance/layer: lower the priority from 10 to 6
meta-tpm/layer: lower the priority from 10 to 6
Kevin Hao (1):
dm-verity-img.bbclass: Fix the hash offset alignment issue
Mikko Rapeli (1):
ima-evm-utils: disable documentation from build
Paul Gortmaker (3):
dm-verity: update beaglebone wic to match meta-yocto
dm-verity: add basic non-arch/non-BSP yocto specific settings
dm-verity: document board specifics for Beaglebone Black
Peter Marko (1):
tpm2-tss: correct CVE product
meta-raspberrypi: e15b876155..3afdbbf782:
Carlos Alberto Lopez Perez (1):
mesa-demos: enable build with userland graphics drivers.
Khem Raj (6):
linux-raspberrypi: Add recipes for 6.1 kernel
psplash: Make psplash wait for the framebuffer to be ready
rpi-default-versions: Use 6.1 kernel as default
gstreamer1.0-plugins-bad: Drop gpl packageconfig
rpidistro-ffmpeg: Pin to use gcc always
rpidistro-vlc: Fix build with clang16
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0003-Enforce-using-good-old-BFD-linker.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0003-Enforce-using-good-old-BFD-linker.patch
new file mode 100644
index 0000000..a921481
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0003-Enforce-using-good-old-BFD-linker.patch
@@ -0,0 +1,32 @@
+From 6673fb1de490575a414de7e4dd9442c921383019 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 7 Apr 2021 00:16:07 -0700
+Subject: [PATCH] Enforce using good old BFD linker
+
+some distros may use gold as system linker and it crashes while linking the app
+
+TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/recipe-sysroot-native/usr/bin/aarch64-yoe-linux/../../libexec/aarch64-yoe-linux/gcc/aarch64-yoe-linux/11.0.1/ld: error: TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/edk2/BaseTools/Scripts/GccBase.lds:54:10: INFO section type is unsupported
+TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/recipe-sysroot-native/usr/bin/aarch64-yoe-linux/../../libexec/aarch64-yoe-linux/gcc/aarch64-yoe-linux/11.0.1/ld: error: TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/edk2/BaseTools/Scripts/GccBase.lds:66:14: INFO section type is unsupported
+TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/recipe-sysroot-native/usr/bin/aarch64-yoe-linux/../../libexec/aarch64-yoe-linux/gcc/aarch64-yoe-linux/11.0.1/ld: internal error in do_layout, at ../../gold/object.cc:1939
+collect2: error: ld returned 1 exit status
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ BaseTools/Conf/tools_def.template | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
+index bca09e4648..b775391675 100755
+--- a/BaseTools/Conf/tools_def.template
++++ b/BaseTools/Conf/tools_def.template
+@@ -1858,7 +1858,7 @@ DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
+ DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-pic -fno-pie -ffixed-x18
+ DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align -mgeneral-regs-only
+ DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie
+-DEFINE GCC_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
++DEFINE GCC_DLINK2_FLAGS_COMMON = -fuse-ld=bfd -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
+ DEFINE GCC_IA32_X64_DLINK_COMMON = DEF(GCC_DLINK_FLAGS_COMMON) --gc-sections
+ DEFINE GCC_ARM_AARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
+ DEFINE GCC_LOONGARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map