subtree updates:raspberrypi:arm:security: Jan 27 2023

meta-raspberrypi: 896566aa92..6c57b92708:
  Martin Jansa (2):
        pi-bluetooth: fix typo in Upstream-Status
        gstreamer1.0-omx: fix Upstream-Status format

meta-arm: 5c42f084f7..3d51e1117d:
  Abdellatif El Khlifi (1):
        arm-bsp/u-boot: Corstone1000: bump to v2022.10

  Anton Antonov (1):
        arm/kernel: Update ARM-FFA kernel drivers

  Daniel Díaz (1):
        arm-bsp/firmware-image-juno: Fix deployment of compressed Image

  Jon Mason (8):
        arm-bsp/juno: move to compressed initramfs image
        arm-bsp/juno: Update kernel patches to the latest
        arm-bsp/trusted-firmware-m: corstone1000: TFM file clean-ups
        arm/trusted-firmware-m: disable fatal warnings
        arm-toolchain: update Arm GCC to 12.2
        external-arm-toolchain: Enable 12.2.rel1 support
        arm-bsp: add u-boot v2022.10 support
        arm-bsp: add u-boot v2022.10 support

  Peter Hoyes (8):
        arm/scp-firmware: Ensure CMAKE_BUILD_TYPE is capitalized
        arm/scp-firmware: Disable cppcheck
        arm: Add addpylib declaration
        arm/lib: Add XAUTHORITY to runfvp environment
        classes: Define FVP_ENV_PASSTHROUGH variable dependencies
        classes: Prevent passing None to the runfvp environment
        classes: Set ARMLMD_LICENSE_FILE in the runfvp environment
        arm: Use SRC* variables consistently

  Qi Feng (1):
        arm-bsp/fvp-baser-aemv8r64: Rebase u-boot patches onto v2022.10

  Ross Burton (9):
        meta-*: mark layers as compatible with mickledore only
        arm-toolchain: remove obsolete oe_import
        CI: switch back to master
        CI: remove obsolete linux-yocto workarounds
        Revert "CI: revert a meta-clang change which breaks pixman (thus, xserver)"
        arm-bsp/fvp-base*: no need to remove rng-tools from openssh
        CI: pass --update and --force-checkout to kas in pending-updates job
        CI: use 'kas dump' instead of manually catting files
        CI: remove obsolete install

  Rui Miguel Silva (1):
        arm-bsp/u-boot: corstone500: bump to 2022.10

  Theodore A. Roth (1):
        arm/optee-os: Fix FILESEXTRAPATHS

meta-security: f991b20f56..3d9dab6d14:
  Chen Qi (1):
        openscap: add libpcre DEPEDNS to fix do_configure failure

  Markus Volk (1):
        bubblewrap: remove recipe

  Martin Jansa (1):
        layer.conf: update LAYERSERIES_COMPAT for mickledore

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I5abd2487fbf395b33b1934ff90bd6d97c7953e6c

9 files changed, 9 insertions, 31 deletions

diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index 84346a1c9c..b5a74f1ea0 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "security"
 BBFILE_PATTERN_security = "^${LAYERDIR}/"
 BBFILE_PRIORITY_security = "8"
 
-LAYERSERIES_COMPAT_security = "langdale mickledore"
+LAYERSERIES_COMPAT_security = "mickledore"
 
 LAYERDEPENDS_security = "core openembedded-layer"
 
diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf
index a150085b33..add3cbc53d 100644
--- a/meta-security/meta-hardening/conf/layer.conf
+++ b/meta-security/meta-hardening/conf/layer.conf
@@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "harden-layer"
 BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/"
 BBFILE_PRIORITY_harden-layer = "10"
 
-LAYERSERIES_COMPAT_harden-layer = "langdale mickledore"
+LAYERSERIES_COMPAT_harden-layer = "mickledore"
 
 LAYERDEPENDS_harden-layer = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index 237306dc65..b273b5b492 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -20,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}'
 # interactive shell is enough.
 OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
 
-LAYERSERIES_COMPAT_integrity = "langdale mickledore"
+LAYERSERIES_COMPAT_integrity = "mickledore"
 # ima-evm-utils depends on keyutils from meta-oe
 LAYERDEPENDS_integrity = "core openembedded-layer"
 
diff --git a/meta-security/meta-parsec/conf/layer.conf b/meta-security/meta-parsec/conf/layer.conf
index 3495235a49..0a71694cd6 100644
--- a/meta-security/meta-parsec/conf/layer.conf
+++ b/meta-security/meta-parsec/conf/layer.conf
@@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "parsec-layer"
 BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/"
 BBFILE_PRIORITY_parsec-layer = "5"
 
-LAYERSERIES_COMPAT_parsec-layer = "langdale mickledore"
+LAYERSERIES_COMPAT_parsec-layer = "mickledore"
 
 LAYERDEPENDS_parsec-layer = "core clang-layer"
 BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec"
diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf
index a250f5c45d..f07532c537 100644
--- a/meta-security/meta-security-compliance/conf/layer.conf
+++ b/meta-security/meta-security-compliance/conf/layer.conf
@@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "scanners-layer"
 BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
 BBFILE_PRIORITY_scanners-layer = "10"
 
-LAYERSERIES_COMPAT_scanners-layer = "langdale mickledore"
+LAYERSERIES_COMPAT_scanners-layer = "mickledore"
 
 LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python"
 
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index 4babcf946a..e8752270d3 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -6,8 +6,8 @@ HOME_URL = "https://www.open-scap.org/tools/openscap-base/"
 LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
 LICENSE = "LGPL-2.1-only"
 
-DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig"
-DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native"
+DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre"
+DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-security/meta-security-isafw/conf/layer.conf b/meta-security/meta-security-isafw/conf/layer.conf
index bc8853087d..550cceda21 100644
--- a/meta-security/meta-security-isafw/conf/layer.conf
+++ b/meta-security/meta-security-isafw/conf/layer.conf
@@ -14,4 +14,4 @@ LAYERVERSION_security-isafw = "1"
 
 LAYERDEPENDS_security-isafw = "core"
 
-LAYERSERIES_COMPAT_security-isafw = "langdale mickledore"
+LAYERSERIES_COMPAT_security-isafw = "mickledore"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index 0dd19b65a8..81690ca4c5 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer"
 BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
 BBFILE_PRIORITY_tpm-layer = "10"
 
-LAYERSERIES_COMPAT_tpm-layer = "langdale mickledore"
+LAYERSERIES_COMPAT_tpm-layer = "mickledore"
 
 LAYERDEPENDS_tpm-layer = " \
     core \
diff --git a/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb b/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb
deleted file mode 100644
index a48b012520..0000000000
--- a/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-DESCRIPTION = "Unprivileged sandboxing tool"
-HOMEPAGE = "https://github.com/containers/bubblewrap"
-LICENSE = "LGPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
-
-DEPENDS = "libcap"
-
-SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "764ab7100bd037ea53d440d362e099d7a425966bc62d1f00ab26b8fbb882a9dc"
-
-inherit autotools bash-completion github-releases manpages pkgconfig
-
-GITHUB_BASE_URI = "https://github.com/containers/${BPN}/releases/"
-
-PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
-PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native docbook-xsl-stylesheets-native xmlto-native"
-PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
-PACKAGECONFIG[setuid] = "--with-priv-mode=setuid,--with-priv-mode=none"
-
-PACKAGES += "${PN}-zsh-completion"
-
-FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"