1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
|
- urls: [https://github.com/flori/json/pull/567]
tags: [Ruby, JSON, SoftwareFreedom]
desc: |
ruby-json contains code that is not Free under the FSF's
definition, not Open Source under the OSI's definition, and not
GPL-compatible. This has caused much consternation among folks
who care about any of those 3 things.
This PR replaces that non-Free code with Free code, removing
friction for Ruby users on GNU/Linux distros that care about those
3 things.
- urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/328]
id: mkinitcpio-arm-zimage
tags: [ARM, boot]
sponsored-by: Umorpha Systems
desc: |
To do its work, mkinitcpio needs to know the version number of the
Linux kernel that it is generating an image for; the normal way
that it knows this is to sniff the version number from the kernel
file. However, it fails to sniff the version number from ARM
zImage kernels, which means that Arch Linux ARM and Parabola for
ARM need to resort to hacks to get mkinitcpio to work right.
This PR removes that friction by teaching mkinitcpio to understand
ARM zImage files.
See also: [mkinitcpio#362](#contrib-mkinitcpio-arm-zimage-tests)
- urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/277]
tags: [boot]
sponsored-by: Umorpha Systems
desc: |
One of the things going on in the secure-boot world is moving
toward "Unified Kernel Images" (UKI), which are when the kernel
and the init-ramdisk are bundled together into a single file to
reduce the risk of a compromised init-ramdisk being able to
compromise a secured kernel. This PR reduces friction when using
mkinitcpio to generate images directly as UKI without generating a
plain init-ramdisk first.
- urls:
- https://mailman.astron.com/pipermail/file/2024-April/001335.html
- https://github.com/file/file/commit/cf139abf35d07ebfd0c3edcab2fc400a211c0fbb
tags: [ARM]
desc: |
This PR improves its ability to detect information about Linux
kernel ARM zImage files.
- urls:
- https://mailman.astron.com/pipermail/file/2024-March/001327.html
- https://github.com/file/file/commit/3b92878ee277a6b6c0a37429e9edf5e5b55fcdd4
tags: [docs]
desc: |
To do this, `file` reads a "magic" file that describes the magic
numbers that it might see in a file. This PR fixes a mistake in
the `magic(5)` manual for writing such files.
- urls: [https://github.com/diamondburned/gotk4/pull/140]
tags: [Go, GI, docs]
desc: |
The not-quite-markdown format that `.gir` files use for
documentation is under-specified and hard to parse. Right now I'm
focusing on how to properly parse it, so that we can have
top-notch language-specific documentation for GI libraries.
This PR is laying the groundwork for the new parser.
- urls:
- https://lists.ozlabs.org/pipermail/linux-erofs/2023-November/009765.html
- https://github.com/erofs/erofs-utils/commit/f528b82ffbcb15484a7195c1a1d08ece0ff67350
- https://github.com/erofs/erofs-utils/commit/197e3294bcdf93f37d12989cd830a33c055b1a53
- https://github.com/erofs/erofs-utils/commit/f97311883337eb7e0ded55e60995e6599eba73e5
tags: [docs]
sponsored-by: Umorpha Systems
desc: |
This patchset improves the `--help` documentation and man-pages of
the EroFS userspace tools, and reduces friction by having
`fsck.erofs` accept common command line flags that fsck
implementions for other filesystems take.
- urls: [https://github.com/liberapay/liberapay.com/pull/2334]
tags: [federated]
status: merged + deployed
desc: |
When managing your profile, Liberapay nominally supports using
your [Libravatar federated avatar](https://www.libravatar.org/) as
your profile pic. However, it only loads avatars from the
`libravatar.org` instance; not actually supporting federation.
This PR properly implements the Libravatar federation API to load
avatars from any instance.
- urls: [https://github.com/diamondburned/gotk4/pull/109]
tags: [Go, GI, docs]
desc: |
This PR makes it easier to contribute to gotk4 by improving
developer documentation and automated checks.
- urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/362]
id: mkinitcpio-arm-zimage-tests
tags: [ARM, boot, testing]
desc: |
This PR adds tests for the [earlier ARM zImage
work](#contrib-mkinitcpio-arm-zimage). This was split off into a
separate PR from the main ARM zImage PR because the maintainers
had concerns about merging binary test files (very understandable,
especially given the recent XZ issue!), but didn't want to hold up
the main work.
- urls:
- https://github.com/golang/net/pull/208
- https://go-review.googlesource.com/c/net/+/580855
tags: [Go, docs]
desc: |
The functions `html.EscapeString` and `html.UnescapeString` were
once the same between `"golang.org/x/net/html"` and std `"html"`,
but have been slowly drifting apart since 2012. This PR ports
over documentation and performance improvements from std to x/net.
This will provide a consistent base for fixing bugs in
`html.UnescapeString` that were found when working on the
documentation parser in gotk4.
- urls:
- https://github.com/golang/go/pull/66970
- https://go-review.googlesource.com/c/go/+/580896
tags: [Go]
desc: |
The functions `html.EscapeString` and `html.UnescapeString` were
once the same between `"golang.org/x/net/html"` and std `"html"`,
but have been slowly drifting apart since 2012. This PR ports
over documentation and performance improvements from x/net to std.
This will provide a consistent base for fixing bugs in
`html.UnescapeString` that were found when working on the
documentation parser in gotk4.
- urls: [https://github.com/luigifab/awf-extended/pull/9]
tags: [Parabola, GTK]
desc: |
Just a minor touch-up to `configure.ac` that I noticed could be
made when updating Parabola's `pcr/awf` package. Parabola makes
other software better!
- urls: [https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/merge_requests/12]
tags: [Parabola, init-freedom]
desc: |
Some changes to the way that Arch Linux packages systemd that
should make it easier for distros downstream of Arch (certainly
Parabola, hopefully Artix) to provide init-freedom and support
other init systems.
- urls: [https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/5586382]
id: vboot-32
tags: [boot]
desc: |
This fixes a bug in the code that both (1) may allow a
specially-crafted partition to bypass a bounds check, and (2)
makes it so that the code does not compile when `sizeof(size_t)=4`
(that is: x86-32).
See also: [libreboot#218](#contrib-libreboot-32)
- urls: [https://codeberg.org/libreboot/lbmk/pulls/218]
id: libreboot-32
tags: [boot]
desc: |
This has the Libreboot build-system apply the [fix I submitted to
vboot](#contrib-vboot-32), so that Libreboot can be compiled on
x86-32. Libreboot does not use the affected vboot functionality,
but the bug was preventing things from compiling.
- urls:
- https://sourceware.org/pipermail/binutils/2024-June/134608.html
- https://sourceware.org/pipermail/gdb-patches/2024-June/209720.html
tags: [GNU, supply-chain-security]
status: open
desc: |
The binutils-gdb sources bundle a number of files from other
sources (including the autotools, libtools, readline, texinfo,
gnulib, zlib, and GDB). I audited the binutils-gdb sources to
pin-point exactly which versions were being bundled and what
patches were being applied, then wrote a `./bootstrap` script to
automate that bundling.
As the recent XZ issue taught us, this kind of audit is an
important part of supply-chain security. The `./bootstrap` script
will greatly ease this type of audit in the future, and can even
enable enforcing up-to-date-ness of the audit in CI.
Also, hopefully this will make it easier to keep binutils' and
GDB's bundled dependencies more up-to-date in the future; as many
are quite out-of-date right now.
- urls:
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4187
tags: [GTK, docs]
desc: |
While GI-DocGen markup is largely backward-compatible with GTK-Doc
markup, it isn't completely backward-compatible. This fixes some
mistakes from when Glib migrated from GTK-Doc to GI-DocGen. I
scanned for places where GI-DocGen was emitting unknown HTML tags,
which indicate such a mistake. Notably, some of the rendered
gregex docs were unreadable.
- urls: [https://github.com/systemd/systemd/pull/34067]
desc: |
`systemd-nspawn` is a container runtime (like Docker or runc or
whathaveyou). Notably, nspawn is what Parabola's build-system
uses for hermetic builds.
Currently nspawn does not support FUSE filesystems inside of the
container. This PR enhances nspawn to support FUSE.
This is of particular utility for build systems, because it will
allow build scripts to mount a FUSE overlayfs/unionfs of the root
filesystem, which is useful for building software that does not
support a `DESTDIR`-type setting to install to an alternate root.
(Recent versions of the Linux kernel support unprivileged
in-kernel overlayfs, but at this time it is still too restrictive
to support this use-case.)
- urls: [https://github.com/mailprocessing/mailprocessing/pull/16]
desc: |
mailprocessing's `maildirproc`(1) program is a mail-filter daemon
that can sort emails into folders and such. Somewhere between
1.0.1 and 1.2.7 the daemon lost the ability to gracefully
shutdown. This can slow down shutdown of the entire system as the
service manager waits for maildirproc to respond to the SIGINT or
SIGTERM that it was sent... but it never would. This PR fixes
that.
|
