- urls: [https://github.com/flori/json/pull/567]
  tags: [Ruby, JSON, SoftwareFreedom]
  id: ruby-json
  desc: |
    ruby-json contains code that is not Free under the FSF's
    definition, not Open Source under the OSI's definition, and not
    GPL-compatible.  This has caused much consternation among folks
    who care about any of those 3 things.

    This PR replaces that non-Free code with Free code, removing
    friction for Ruby users on GNU/Linux distros that care about those
    3 things.
- urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/328]
  id: mkinitcpio-arm-zimage
  tags: [ARM, boot]
  sponsored-by: Umorpha Systems
  desc: |
    To do its work, mkinitcpio needs to know the version number of the
    Linux kernel that it is generating an image for; the normal way
    that it knows this is to sniff the version number from the kernel
    file.  However, it fails to sniff the version number from ARM
    zImage kernels, which means that Arch Linux ARM and Parabola for
    ARM need to resort to hacks to get mkinitcpio to work right.

    This PR removes that friction by teaching mkinitcpio to understand
    ARM zImage files.

    See also: [mkinitcpio#362](#contrib-mkinitcpio-arm-zimage-tests)
- urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/277]
  tags: [boot]
  sponsored-by: Umorpha Systems
  desc: |
    One of the things going on in the secure-boot world is moving
    toward "Unified Kernel Images" (UKI), which are when the kernel
    and the init-ramdisk are bundled together into a single file to
    reduce the risk of a compromised init-ramdisk being able to
    compromise a secured kernel.  This PR reduces friction when using
    mkinitcpio to generate images directly as UKI without generating a
    plain init-ramdisk first.
- urls:
    - https://mailman.astron.com/pipermail/file/2024-April/001335.html
    - https://github.com/file/file/commit/cf139abf35d07ebfd0c3edcab2fc400a211c0fbb
  tags: [ARM]
  desc: |
    This PR improves its ability to detect information about Linux
    kernel ARM zImage files.
- urls:
    - https://mailman.astron.com/pipermail/file/2024-March/001327.html
    - https://github.com/file/file/commit/3b92878ee277a6b6c0a37429e9edf5e5b55fcdd4
  tags: [docs]
  desc: |
    To do this, `file` reads a "magic" file that describes the magic
    numbers that it might see in a file.  This PR fixes a mistake in
    the `magic(5)` manual for writing such files.
- urls: [https://github.com/diamondburned/gotk4/pull/140]
  tags: [Go, GI, docs]
  desc: |
    The not-quite-markdown format that `.gir` files use for
    documentation is under-specified and hard to parse.  Right now I'm
    focusing on how to properly parse it, so that we can have
    top-notch language-specific documentation for GI libraries.

    This PR is laying the groundwork for the new parser.
- urls:
  - https://lists.ozlabs.org/pipermail/linux-erofs/2023-November/009765.html
  - https://github.com/erofs/erofs-utils/commit/f528b82ffbcb15484a7195c1a1d08ece0ff67350
  - https://github.com/erofs/erofs-utils/commit/197e3294bcdf93f37d12989cd830a33c055b1a53
  - https://github.com/erofs/erofs-utils/commit/f97311883337eb7e0ded55e60995e6599eba73e5
  tags: [docs]
  sponsored-by: Umorpha Systems
  desc: |
    This patchset improves the `--help` documentation and man-pages of
    the EroFS userspace tools, and reduces friction by having
    `fsck.erofs` accept common command line flags that fsck
    implementions for other filesystems take.
- urls: [https://github.com/liberapay/liberapay.com/pull/2334]
  tags: [federated]
  status: merged + deployed
  desc: |
    When managing your profile, Liberapay nominally supports using
    your [Libravatar federated avatar](https://www.libravatar.org/) as
    your profile pic.  However, it only loads avatars from the
    `libravatar.org` instance; not actually supporting federation.
    This PR properly implements the Libravatar federation API to load
    avatars from any instance.
- urls: [https://github.com/diamondburned/gotk4/pull/109]
  tags: [Go, GI, docs]
  desc: |
    This PR makes it easier to contribute to gotk4 by improving
    developer documentation and automated checks.
- urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/362]
  id: mkinitcpio-arm-zimage-tests
  tags: [ARM, boot, testing]
  desc: |
    This PR adds tests for the [earlier ARM zImage
    work](#contrib-mkinitcpio-arm-zimage).  This was split off into a
    separate PR from the main ARM zImage PR because the maintainers
    had concerns about merging binary test files (very understandable,
    especially given the recent XZ issue!), but didn't want to hold up
    the main work.
- urls:
    - https://github.com/golang/net/pull/208
    - https://go-review.googlesource.com/c/net/+/580855
  tags: [Go, docs]
  desc: |
    The functions `html.EscapeString` and `html.UnescapeString` were
    once the same between `"golang.org/x/net/html"` and std `"html"`,
    but have been slowly drifting apart since 2012.  This PR ports
    over documentation and performance improvements from std to x/net.

    This will provide a consistent base for fixing bugs in
    `html.UnescapeString` that were found when working on the
    documentation parser in gotk4.
- urls:
    - https://github.com/golang/go/pull/66970
    - https://go-review.googlesource.com/c/go/+/580896
  tags: [Go]
  desc: |
    The functions `html.EscapeString` and `html.UnescapeString` were
    once the same between `"golang.org/x/net/html"` and std `"html"`,
    but have been slowly drifting apart since 2012.  This PR ports
    over documentation and performance improvements from x/net to std.

    This will provide a consistent base for fixing bugs in
    `html.UnescapeString` that were found when working on the
    documentation parser in gotk4.
- urls: [https://github.com/luigifab/awf-extended/pull/9]
  tags: [Parabola, GTK]
  desc: |
    Just a minor touch-up to `configure.ac` that I noticed could be
    made when updating Parabola's `pcr/awf` package.  Parabola makes
    other software better!
- urls: [https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/merge_requests/12]
  tags: [Parabola, init-freedom]
  desc: |
    Some changes to the way that Arch Linux packages systemd that
    should make it easier for distros downstream of Arch (certainly
    Parabola, hopefully Artix) to provide init-freedom and support
    other init systems.
- urls: [https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/5586382]
  id: vboot-32
  tags: [boot]
  desc: |
    This fixes a bug in the code that both (1) may allow a
    specially-crafted partition to bypass a bounds check, and (2)
    makes it so that the code does not compile when `sizeof(size_t)=4`
    (that is: x86-32).

    See also: [libreboot#218](#contrib-libreboot-32)
- urls: [https://codeberg.org/libreboot/lbmk/pulls/218]
  id: libreboot-32
  tags: [boot]
  desc: |
    This has the Libreboot build-system apply the [fix I submitted to
    vboot](#contrib-vboot-32), so that Libreboot can be compiled on
    x86-32.  Libreboot does not use the affected vboot functionality,
    but the bug was preventing things from compiling.
- urls:
   - https://sourceware.org/pipermail/binutils/2024-June/134608.html
   - https://sourceware.org/pipermail/gdb-patches/2024-June/209720.html
  tags: [GNU, supply-chain-security]
  status: open
  desc: |
    The binutils-gdb sources bundle a number of files from other
    sources (including the autotools, libtools, readline, texinfo,
    gnulib, zlib, and GDB).  I audited the binutils-gdb sources to
    pin-point exactly which versions were being bundled and what
    patches were being applied, then wrote a `./bootstrap` script to
    automate that bundling.

    As the recent XZ issue taught us, this kind of audit is an
    important part of supply-chain security.  The `./bootstrap` script
    will greatly ease this type of audit in the future, and can even
    enable enforcing up-to-date-ness of the audit in CI.

    Also, hopefully this will make it easier to keep binutils' and
    GDB's bundled dependencies more up-to-date in the future; as many
    are quite out-of-date right now.
- urls:
   - https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4187
  tags: [GTK, docs]
  desc: |
    While GI-DocGen markup is largely backward-compatible with GTK-Doc
    markup, it isn't completely backward-compatible.  This fixes some
    mistakes from when Glib migrated from GTK-Doc to GI-DocGen.  I
    scanned for places where GI-DocGen was emitting unknown HTML tags,
    which indicate such a mistake.  Notably, some of the rendered
    gregex docs were unreadable.
- urls: [https://github.com/systemd/systemd/pull/34067]
  desc: |
    `systemd-nspawn` is a container runtime (like Docker or runc or
    whathaveyou).  Notably, nspawn is what Parabola's build-system
    uses for hermetic builds.

    Currently nspawn does not support FUSE filesystems inside of the
    container.  This PR enhances nspawn to support FUSE.

    This is of particular utility for build systems, because it will
    allow build scripts to mount a FUSE overlayfs/unionfs of the root
    filesystem, which is useful for building software that does not
    support a `DESTDIR`-type setting to install to an alternate root.
    (Recent versions of the Linux kernel support unprivileged
    in-kernel overlayfs, but at this time it is still too restrictive
    to support this use-case.)
- urls: [https://github.com/mailprocessing/mailprocessing/pull/16]
  desc: |
    mailprocessing's `maildirproc`(1) program is a mail-filter daemon
    that can sort emails into folders and such.  Somewhere between
    1.0.1 and 1.2.7 the daemon lost the ability to gracefully
    shutdown.  This can slow down shutdown of the entire system as the
    service manager waits for maildirproc to respond to the SIGINT or
    SIGTERM that it was sent... but it never would.  This PR fixes
    that.
- urls: [https://gitlab.archlinux.org/archlinux/packaging/packages/ruby/-/merge_requests/6]
  desc: |
    Ruby's standard library has been going through a process of
    "gemification" where it is converted into a set of Gems that are
    simply vendored into the main Ruby distribution.

    GNU/Linux distros tend to like to de-vendor things.  This
    de-vendoring process is usually inherently a little messy.  This
    MR tries to make it a little less messy in the case of Ruby on
    Arch Linux and downstream distros.

    Besides hopefully making things easier on the Arch devs in the
    future, it should also make it easier for downstream distros that
    patch Ruby, such as applying [flori/json#567](#contrib-ruby-json).
- urls: [https://gitlab.archlinux.org/archlinux/packaging/packages/ruby/-/merge_requests/7]
  desc: |
    Arch Linux's `ruby-docs` package (version 3.2.5-1) is incomplete;
    the `/usr/share/doc/ruby/capi/html/` directory is empty except for
    `doxygen_crawl.html`.  This fixes that, so that it includes the
    full Doxygen output.
- urls: [https://github.com/flori/json/pull/599]
  desc: |
    The benchmark numbers given for the Ruby stdlib JSON
    encoder/decoder are quite outdated, and the benchmark code has
    been removed.  This PR restores and fixes the benchmark code.

    This is helpful for justifying that
    [flori/json#567](#contrib-ruby-json) actually improves performance
    rather than hurting it.  While I believe Software Freedom would be
    worth hurting performance, it doesn't have to!