diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2023-03-31 17:57:23 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2023-03-31 18:06:58 +0300 |
commit | 2daf84b2d486da0b21344da999553c8fa1228195 (patch) | |
tree | 04a2402d258019103ad1a4c9da71d78301cd5d42 /meta-raspberrypi | |
parent | ced6278a187ae9eefe16fe59398f714857b7f76e (diff) | |
download | openbmc-2daf84b2d486da0b21344da999553c8fa1228195.tar.xz |
subtree updates: raspberrypi security arm
meta-arm: eb9c47a4e1..9b6c8c95e4:
Abdellatif El Khlifi (1):
CI: append classes to INHERIT in the common fvp.yml
Adam Johnston (1):
arm-bsp/linux-yocto: Update N1SDP PCI quirk patch
Jon Mason (10):
CI: add yml files for defaults
CI: add support for dev kernel, rt kernel, and poky-tiny
arm-bsp/fvp-base: update to u-boot 2023.01
arm-bsp/fvp-base-arm32: remove support
ci: add external-toolchain to qemuarm-secureboot
arm-bsp/optee: remove unused recipes
arm/optee: optee-os include cleanup
arm/optee-os: update to 3.20.0
arm/edk2: update version and relocate edk2-basetools to be with edk2
arm-bsp/fvp-base: Add edk2 build testing
Ross Burton (7):
arm-bsp/linux-arm64-ack: update Upstream-Status tags
CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
arm/scp-firmware: fix up whitespace
arm/scp-firmware: enable verbose builds
arm/scp-firmware: remove textrel from INSANE_SKIP
arm/scp-firmware: improve debug packaging
CI: mask poky's llvm if we're using clang
Rui Miguel Silva (1):
arm-bsp/optee: bump corstone1000 to v3.20
Satish Kumar (1):
arm-bsp/corstone1000: new gpt based disk layout and fwu metadata
Xueliang Zhong (1):
arm-bsp/n1sdp: update to linux yocto kernel 6.1
meta-security: c06b9a18a6..a397a38ed9:
Armin Kuster (16):
openscap: update to 1.3.6
openscap: update to 1.3.7
openscap git: add DEFAULT_PREFERENCE
python3-fail2ban: update to 1.0.2
python3-privacyidea: update to 3.8.1
libhtp: update to 0.5.42
lkrg-modules: update to 0.9.6
chkrootkit: update to 0.57
fscrypt: update to 1.1.0
libmspack: update to 1.11
firejail: update 0.9.72
suricata: update to 6.0.10
apparmor: update to 3.1.3
krill: update 0.12.3
cryptmout: update to 6.2.0
packagegroup-core-security: refactor the inclusion of krill
Eero Aaltonen (1):
dm-verity-img.bbclass: fix syntax warning
Jose Quaresma (3):
meta-hardening/layer: lower the priority from 10 to 6
meta-security-compliance/layer: lower the priority from 10 to 6
meta-tpm/layer: lower the priority from 10 to 6
Kevin Hao (1):
dm-verity-img.bbclass: Fix the hash offset alignment issue
Mikko Rapeli (1):
ima-evm-utils: disable documentation from build
Paul Gortmaker (3):
dm-verity: update beaglebone wic to match meta-yocto
dm-verity: add basic non-arch/non-BSP yocto specific settings
dm-verity: document board specifics for Beaglebone Black
Peter Marko (1):
tpm2-tss: correct CVE product
meta-raspberrypi: e15b876155..3afdbbf782:
Carlos Alberto Lopez Perez (1):
mesa-demos: enable build with userland graphics drivers.
Khem Raj (6):
linux-raspberrypi: Add recipes for 6.1 kernel
psplash: Make psplash wait for the framebuffer to be ready
rpi-default-versions: Use 6.1 kernel as default
gstreamer1.0-plugins-bad: Drop gpl packageconfig
rpidistro-ffmpeg: Pin to use gcc always
rpidistro-vlc: Fix build with clang16
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
Diffstat (limited to 'meta-raspberrypi')
10 files changed, 86 insertions, 4 deletions
diff --git a/meta-raspberrypi/conf/machine/include/rpi-default-versions.inc b/meta-raspberrypi/conf/machine/include/rpi-default-versions.inc index a29fd5efbb..2f76db961b 100644 --- a/meta-raspberrypi/conf/machine/include/rpi-default-versions.inc +++ b/meta-raspberrypi/conf/machine/include/rpi-default-versions.inc @@ -1,4 +1,4 @@ # RaspberryPi BSP default versions -PREFERRED_VERSION_linux-raspberrypi ??= "5.15.%" +PREFERRED_VERSION_linux-raspberrypi ??= "6.1.%" PREFERRED_VERSION_linux-raspberrypi-v7 ??= "${PREFERRED_VERSION_linux-raspberrypi}" diff --git a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/files/0008-configure-Disable-incompatible-function-pointer-type.patch b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/files/0008-configure-Disable-incompatible-function-pointer-type.patch new file mode 100644 index 0000000000..3dbd08dff5 --- /dev/null +++ b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/files/0008-configure-Disable-incompatible-function-pointer-type.patch @@ -0,0 +1,26 @@ +From 048e4fdd08ac588feb27b03e3ec1824e24f77d62 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 5 Mar 2023 14:13:25 -0800 +Subject: [PATCH 3/3] configure: Disable incompatible-function-pointer-types + warning + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.ac | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/configure.ac ++++ b/configure.ac +@@ -105,6 +105,11 @@ AC_SUBST([AM_CFLAGS], [-fcommon]) + dnl Prevent clang from accepting unknown flags with a mere warning + AX_APPEND_COMPILE_FLAGS([-Werror=unknown-warning-option -Werror=invalid-command-line-argument], [CFLAGS]) + AX_APPEND_COMPILE_FLAGS([-Werror=unknown-warning-option -Werror=invalid-command-line-argument], [CXXFLAGS]) ++dnl disable clang from erroring on function pointer protype mismatch, vlc seems to rely on that ++dnl especially in modules/video_filter/deinterlace/algo_yadif.c how it interpolates 'filter` variable ++dnl between different functions yadif_filter_line_c_16bit() and yadif_filter_line_c() ++AX_APPEND_COMPILE_FLAGS([-Wno-error=incompatible-function-pointer-types -Wno-error=incompatible-function-pointer-types], [CFLAGS]) ++AX_APPEND_COMPILE_FLAGS([-Wno-error=incompatible-function-pointer-types -Wno-error=incompatible-function-pointer-types], [CXXFLAGS]) + + dnl + dnl Check the operating system diff --git a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/rpidistro-vlc_3.0.17.bb b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/rpidistro-vlc_3.0.17.bb index 2653b28f90..8b8ac4aa5b 100644 --- a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/rpidistro-vlc_3.0.17.bb +++ b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/rpidistro-vlc_3.0.17.bb @@ -14,6 +14,7 @@ SRC_URI = "\ file://0005-mmal_exit_fix.patch \ file://0006-mmal_chain.patch \ file://0007-armv6.patch \ + file://0008-configure-Disable-incompatible-function-pointer-type.patch \ file://2001-fix-luaL-checkint.patch \ file://2002-use-vorbisidec.patch \ file://3001-configure.ac-setup-for-OE-usage.patch \ diff --git a/meta-raspberrypi/recipes-core/psplash/files/framebuf.conf b/meta-raspberrypi/recipes-core/psplash/files/framebuf.conf new file mode 100644 index 0000000000..44e1dedd64 --- /dev/null +++ b/meta-raspberrypi/recipes-core/psplash/files/framebuf.conf @@ -0,0 +1,4 @@ +[Unit] +Requires=sys-devices-platform-gpu-graphics-fb0.device +After=sys-devices-platform-gpu-graphics-fb0.device + diff --git a/meta-raspberrypi/recipes-core/psplash/psplash_%.bbappend b/meta-raspberrypi/recipes-core/psplash/psplash_%.bbappend index bf99b2bff7..57cade8ffc 100644 --- a/meta-raspberrypi/recipes-core/psplash/psplash_%.bbappend +++ b/meta-raspberrypi/recipes-core/psplash/psplash_%.bbappend @@ -1,2 +1,12 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SPLASH_IMAGES:rpi = "file://psplash-raspberrypi-img.h;outsuffix=raspberrypi" + +SRC_URI:append:rpi = " file://framebuf.conf" + +do_install:append:rpi() { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then + install -Dm 0644 ${WORKDIR}/framebuf.conf ${D}${systemd_system_unitdir}/psplash-start.service.d/framebuf.conf + fi +} + +FILES:${PN}:append:rpi = " ${systemd_system_unitdir}/psplash-start.service.d" diff --git a/meta-raspberrypi/recipes-graphics/mesa/mesa-demos_%.bbappend b/meta-raspberrypi/recipes-graphics/mesa/mesa-demos_%.bbappend index abb11ec8ff..efcaf06c84 100644 --- a/meta-raspberrypi/recipes-graphics/mesa/mesa-demos_%.bbappend +++ b/meta-raspberrypi/recipes-graphics/mesa/mesa-demos_%.bbappend @@ -1,2 +1,3 @@ -# mesa-demos need libgles1 and userland driver does not have it -COMPATIBLE_HOST:rpi = "${@bb.utils.contains('MACHINE_FEATURES', 'vc4graphics', '(.*)', 'null', d)}" +# mesa-demos userland driver doesn't provide libgles1 and the EGL headers it provides break the mesa-demos build. +# And enabling the `wayland` option without enabling `egl` is useless. +PACKAGECONFIG:remove:rpi = "${@bb.utils.contains('MACHINE_FEATURES', 'vc4graphics', '', 'egl gles1 wayland', d)}" diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_6.1.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_6.1.bb new file mode 100644 index 0000000000..ef77b0b5e8 --- /dev/null +++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_6.1.bb @@ -0,0 +1,6 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +require linux-raspberrypi-v7.inc +require linux-raspberrypi_6.1.bb diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb new file mode 100644 index 0000000000..c523457e20 --- /dev/null +++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb @@ -0,0 +1,31 @@ +LINUX_VERSION ?= "6.1.20" +LINUX_RPI_BRANCH ?= "rpi-6.1.y" +LINUX_RPI_KMETA_BRANCH ?= "yocto-6.1" + +SRCREV_machine = "a1cd5351f431caf7cf472825aff0e1c66bf31de4" +SRCREV_meta = "1a97a82e62ebf4ef3787768a1f5937e2d2f280ce" + +KMETA = "kernel-meta" + +SRC_URI = " \ + git://github.com/raspberrypi/linux.git;name=machine;branch=${LINUX_RPI_BRANCH};protocol=https \ + git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=${LINUX_RPI_KMETA_BRANCH};destsuffix=${KMETA} \ + file://powersave.cfg \ + file://android-drivers.cfg \ + " + +require linux-raspberrypi.inc + +KERNEL_DTC_FLAGS += "-@ -H epapr" + +RDEPENDS:${KERNEL_PACKAGE_NAME}:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}" +RDEPENDS:${KERNEL_PACKAGE_NAME}-base:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-base" +RDEPENDS:${KERNEL_PACKAGE_NAME}-image:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-image" +RDEPENDS:${KERNEL_PACKAGE_NAME}-dev:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-dev" +RDEPENDS:${KERNEL_PACKAGE_NAME}-vmlinux:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-vmlinux" +RDEPENDS:${KERNEL_PACKAGE_NAME}-modules:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-modules" +RDEPENDS:${KERNEL_PACKAGE_NAME}-dbg:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-dbg" + +DEPLOYDEP = "" +DEPLOYDEP:raspberrypi-armv7 = "${RASPBERRYPI_v7_KERNEL}:do_deploy" +do_deploy[depends] += "${DEPLOYDEP}" diff --git a/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend b/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend index 2bf628134c..5b3f945dd0 100644 --- a/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend +++ b/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend @@ -1,2 +1,2 @@ PACKAGECONFIG:append:rpi = " hls \ - ${@bb.utils.contains('LICENSE_FLAGS_ACCEPTED', 'commercial', 'gpl faad', '', d)}" + ${@bb.utils.contains('LICENSE_FLAGS_ACCEPTED', 'commercial', 'faad', '', d)}" diff --git a/meta-raspberrypi/recipes-multimedia/rpidistro-ffmpeg/rpidistro-ffmpeg_4.3.4.bb b/meta-raspberrypi/recipes-multimedia/rpidistro-ffmpeg/rpidistro-ffmpeg_4.3.4.bb index 30e7c575e3..a4a7f90edf 100644 --- a/meta-raspberrypi/recipes-multimedia/rpidistro-ffmpeg/rpidistro-ffmpeg_4.3.4.bb +++ b/meta-raspberrypi/recipes-multimedia/rpidistro-ffmpeg/rpidistro-ffmpeg_4.3.4.bb @@ -144,6 +144,9 @@ EXTRA_OECONF = " \ " EXTRA_OECONF:append:linux-gnux32 = " --disable-asm" +# Some patches introduce assembly files which needs preprocessing with +# gcc e.g. src/libavutil/aarch64/rpi_sand_neon.S +TOOLCHAIN = "gcc" # gold crashes on x86, another solution is to --disable-asm but thats more hacky # ld.gold: internal error in relocate_section, at ../../gold/i386.cc:3684 LDFLAGS:append:x86 = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}" |