- urls: [https://github.com/flori/json/pull/567] tags: [Ruby, JSON, SoftwareFreedom] desc: | ruby-json contains code that is not Free under the FSF's definition, not Open Source under the OSI's definition, and not GPL-compatible. This has caused much consternation among folks who care about any of those 3 things. This PR replaces that non-Free code with Free code, removing friction for Ruby users on GNU/Linux distros that care about those 3 things. - urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/328] id: mkinitcpio-arm-zimage tags: [ARM, boot] sponsored-by: Umorpha Systems desc: | To do its work, mkinitcpio needs to know the version number of the Linux kernel that it is generating an image for; the normal way that it knows this is to sniff the version number from the kernel file. However, it fails to sniff the version number from ARM zImage kernels, which means that Arch Linux ARM and Parabola for ARM need to resort to hacks to get mkinitcpio to work right. This PR removes that friction by teaching mkinitcpio to understand ARM zImage files. See also: [mkinitcpio#362](#contrib-mkinitcpio-arm-zimage-tests) - urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/277] tags: [boot] sponsored-by: Umorpha Systems desc: | One of the things going on in the secure-boot world is moving toward "Unified Kernel Images" (UKI), which are when the kernel and the init-ramdisk are bundled together into a single file to reduce the risk of a compromised init-ramdisk being able to compromise a secured kernel. This PR reduces friction when using mkinitcpio to generate images directly as UKI without generating a plain init-ramdisk first. - urls: - https://mailman.astron.com/pipermail/file/2024-April/001335.html - https://github.com/file/file/commit/cf139abf35d07ebfd0c3edcab2fc400a211c0fbb tags: [ARM] desc: | This PR improves its ability to detect information about Linux kernel ARM zImage files. - urls: - https://mailman.astron.com/pipermail/file/2024-March/001327.html - https://github.com/file/file/commit/3b92878ee277a6b6c0a37429e9edf5e5b55fcdd4 tags: [docs] desc: | To do this, `file` reads a "magic" file that describes the magic numbers that it might see in a file. This PR fixes a mistake in the `magic(5)` manual for writing such files. - urls: [https://github.com/diamondburned/gotk4/pull/140] tags: [Go, GI, docs] desc: | The not-quite-markdown format that `.gir` files use for documentation is under-specified and hard to parse. Right now I'm focusing on how to properly parse it, so that we can have top-notch language-specific documentation for GI libraries. This PR is laying the groundwork for the new parser. - urls: - https://lists.ozlabs.org/pipermail/linux-erofs/2023-November/009765.html - https://github.com/erofs/erofs-utils/commit/f528b82ffbcb15484a7195c1a1d08ece0ff67350 - https://github.com/erofs/erofs-utils/commit/197e3294bcdf93f37d12989cd830a33c055b1a53 - https://github.com/erofs/erofs-utils/commit/f97311883337eb7e0ded55e60995e6599eba73e5 tags: [docs] sponsored-by: Umorpha Systems desc: | This patchset improves the `--help` documentation and man-pages of the EroFS userspace tools, and reduces friction by having `fsck.erofs` accept common command line flags that fsck implementions for other filesystems take. - urls: [https://github.com/liberapay/liberapay.com/pull/2334] tags: [federated] status: merged + deployed desc: | When managing your profile, Liberapay nominally supports using your [Libravatar federated avatar](https://www.libravatar.org/) as your profile pic. However, it only loads avatars from the `libravatar.org` instance; not actually supporting federation. This PR properly implements the Libravatar federation API to load avatars from any instance. - urls: [https://github.com/diamondburned/gotk4/pull/109] tags: [Go, GI, docs] desc: | This PR makes it easier to contribute to gotk4 by improving developer documentation and automated checks. - urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/362] id: mkinitcpio-arm-zimage-tests tags: [ARM, boot, testing] desc: | This PR adds tests for the [earlier ARM zImage work](#contrib-mkinitcpio-arm-zimage). This was split off into a separate PR from the main ARM zImage PR because the maintainers had concerns about merging binary test files (very understandable, especially given the recent XZ issue!), but didn't want to hold up the main work. - urls: - https://github.com/golang/net/pull/208 - https://go-review.googlesource.com/c/net/+/580855 tags: [Go, docs] desc: | The functions `html.EscapeString` and `html.UnescapeString` were once the same between `"golang.org/x/net/html"` and std `"html"`, but have been slowly drifting apart since 2012. This PR ports over documentation and performance improvements from std to x/net. This will provide a consistent base for fixing bugs in `html.UnescapeString` that were found when working on the documentation parser in gotk4. - urls: - https://github.com/golang/go/pull/66970 - https://go-review.googlesource.com/c/go/+/580896 tags: [Go] desc: | The functions `html.EscapeString` and `html.UnescapeString` were once the same between `"golang.org/x/net/html"` and std `"html"`, but have been slowly drifting apart since 2012. This PR ports over documentation and performance improvements from x/net to std. This will provide a consistent base for fixing bugs in `html.UnescapeString` that were found when working on the documentation parser in gotk4. - urls: [https://github.com/luigifab/awf-extended/pull/9] tags: [Parabola, GTK] desc: | Just a minor touch-up to `configure.ac` that I noticed could be made when updating Parabola's `pcr/awf` package. Parabola makes other software better! - urls: [https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/merge_requests/12] tags: [Parabola, init-freedom] desc: | Some changes to the way that Arch Linux packages systemd that should make it easier for distros downstream of Arch (certainly Parabola, hopefully Artix) to provide init-freedom and support other init systems. - urls: [https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/5586382] id: vboot-32 tags: [boot] desc: | This fixes a bug in the code that both (1) may allow a specially-crafted partition to bypass a bounds check, and (2) makes it so that the code does not compile when `sizeof(size_t)=4` (that is: x86-32). See also: [libreboot#218](#contrib-libreboot-32) - urls: [https://codeberg.org/libreboot/lbmk/pulls/218] id: libreboot-32 tags: [boot] desc: | This has the Libreboot build-system apply the [fix I submitted to vboot](#contrib-vboot-32), so that Libreboot can be compiled on x86-32. Libreboot does not use the affected vboot functionality, but the bug was preventing things from compiling. - urls: - https://sourceware.org/pipermail/binutils/2024-June/134608.html - https://sourceware.org/pipermail/gdb-patches/2024-June/209720.html tags: [GNU, supply-chain-security] status: open desc: | The binutils-gdb sources bundle a number of files from other sources (including the autotools, libtools, readline, texinfo, gnulib, zlib, and GDB). I audited the binutils-gdb sources to pin-point exactly which versions were being bundled and what patches were being applied, then wrote a `./bootstrap` script to automate that bundling. As the recent XZ issue taught us, this kind of audit is an important part of supply-chain security. The `./bootstrap` script will greatly ease this type of audit in the future, and can even enable enforcing up-to-date-ness of the audit in CI. Also, hopefully this will make it easier to keep binutils' and GDB's bundled dependencies more up-to-date in the future; as many are quite out-of-date right now. - urls: - https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4187 tags: [GTK, docs] desc: | While GI-DocGen markup is largely backward-compatible with GTK-Doc markup, it isn't completely backward-compatible. This fixes some mistakes from when Glib migrated from GTK-Doc to GI-DocGen. I scanned for places where GI-DocGen was emitting unknown HTML tags, which indicate such a mistake. Notably, some of the rendered gregex docs were unreadable. - urls: [https://github.com/systemd/systemd/pull/34067] desc: | `systemd-nspawn` is a container runtime (like Docker or runc or whathaveyou). Notably, nspawn is what Parabola's build-system uses for hermetic builds. Currently nspawn does not support FUSE filesystems inside of the container. This PR enhances nspawn to support FUSE. This is of particular utility for build systems, because it will allow build scripts to mount a FUSE overlayfs/unionfs of the root filesystem, which is useful for building software that does not support a `DESTDIR`-type setting to install to an alternate root. (Recent versions of the Linux kernel support unprivileged in-kernel overlayfs, but at this time it is still too restrictive to support this use-case.) - urls: [https://github.com/mailprocessing/mailprocessing/pull/16] desc: | mailprocessing's `maildirproc`(1) program is a mail-filter daemon that can sort emails into folders and such. Somewhere between 1.0.1 and 1.2.7 the daemon lost the ability to gracefully shutdown. This can slow down shutdown of the entire system as the service manager waits for maildirproc to respond to the SIGINT or SIGTERM that it was sent... but it never would. This PR fixes that.