diff options
| -rw-r--r-- | cmd/generate/imworkingon.html.tmpl | 2 | ||||
| -rw-r--r-- | cmd/generate/src_contribs.go | 1 | ||||
| -rw-r--r-- | imworkingon/contribs.yml | 47 | ||||
| -rw-r--r-- | imworkingon/upstreams.yml | 3 |
4 files changed, 42 insertions, 11 deletions
diff --git a/cmd/generate/imworkingon.html.tmpl b/cmd/generate/imworkingon.html.tmpl index 13444be..ad00478 100644 --- a/cmd/generate/imworkingon.html.tmpl +++ b/cmd/generate/imworkingon.html.tmpl @@ -40,7 +40,7 @@ {{- define "contrib" }} {{ $contrib := . }} {{ $upstream := $contrib | getUpstream }} - <article class="contrib {{ $contrib.StatusClass }}-contrib"> + <article class="contrib {{ $contrib.StatusClass }}-contrib" {{- if $contrib.ID }}id="contrib-{{ $contrib.ID }}"{{ end }}> <div class="contrib-upstream-name"><a class="em" href="{{ index $upstream.URLs 0 }}">{{ $upstream.Name }}</a></div> <div class="contrib-upstream-desc">{{ $upstream.Desc | md2html }}</div> <div class="contrib-urls"> diff --git a/cmd/generate/src_contribs.go b/cmd/generate/src_contribs.go index 0ead1cd..39bc04b 100644 --- a/cmd/generate/src_contribs.go +++ b/cmd/generate/src_contribs.go @@ -15,6 +15,7 @@ type User struct { } type Contribution struct { + ID string URLs []string `json:"urls"` Tags []string `json:"tags"` SponsoredBy string `json:"sponsored-by"` diff --git a/imworkingon/contribs.yml b/imworkingon/contribs.yml index 31cd33e..003c6dc 100644 --- a/imworkingon/contribs.yml +++ b/imworkingon/contribs.yml @@ -10,6 +10,7 @@ friction for Ruby users on GNU/Linux distros that care about those 3 things. - urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/328] + id: mkinitcpio-arm-zimage tags: [ARM, boot] sponsored-by: Umorpha Systems desc: | @@ -22,6 +23,8 @@ This PR removes that friction by teaching mkinitcpio to understand ARM zImage files. + + See also: [mkinitcpio#362](#contrib-mkinitcpio-arm-zimage-tests) - urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/277] tags: [boot] sponsored-by: Umorpha Systems @@ -85,13 +88,15 @@ This PR makes it easier to contribute to gotk4 by improving developer documentation and automated checks. - urls: [https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/merge_requests/362] + id: mkinitcpio-arm-zimage-tests tags: [ARM, boot, testing] desc: | - This PR adds tests for the earlier ARM zImage work. This was - split off into a separate PR from the main ARM zImage PR because - the maintainers had concerns about merging binary test files (very - understandable, especially given the recent XZ issue!), but didn't - want to hold up the main work. + This PR adds tests for the [earlier ARM zImage + work](#contrib-mkinitcpio-arm-zimage). This was split off into a + separate PR from the main ARM zImage PR because the maintainers + had concerns about merging binary test files (very understandable, + especially given the recent XZ issue!), but didn't want to hold up + the main work. - urls: - https://github.com/golang/net/pull/208 - https://go-review.googlesource.com/c/net/+/580855 @@ -132,17 +137,41 @@ Parabola, hopefully Artix) to provide init-freedom and support other init systems. - urls: [https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/5586382] + id: vboot-32 tags: [boot] desc: | - TODO + This fixes a bug in the code that both (1) may allow a + specially-crafted partition to bypass a bounds check, and (2) + makes it so that the code does not compile when `sizeof(size_t)=4` + (that is: x86-32). + + See also: [libreboot#218](#contrib-libreboot-32) - urls: [https://codeberg.org/libreboot/lbmk/pulls/218] + id: libreboot-32 tags: [boot] desc: | - TODO + This has the Libreboot build-system apply the [fix I submitted to + vboot](#contrib-vboot-32), so that Libreboot can be compiled on + x86-32. Libreboot does not use the affected vboot functionality, + but the bug was preventing things from compiling. - urls: - https://sourceware.org/pipermail/binutils/2024-June/134608.html - https://sourceware.org/pipermail/gdb-patches/2024-June/209720.html - tags: [GNU] + tags: [GNU, supply-chain-security] status: open desc: | - TODO + The binutils-gdb sources bundle a number of files from other + sources (including the autotools, libtools, readline, texinfo, + gnulib, zlib, and GDB). I audited the binutils-gdb sources to + pin-point exactly which versions were being bundled and what + patches were being applied, then wrote a `./bootstrap` script to + automate that bundling. + + As the recent XZ issue taught us, this kind of audit is an + important part of supply-chain security. The `./bootstrap` script + will greatly ease this type of audit in the future, and can even + enable enforcing up-to-date-ness of the audit in CI. + + Also, hopefully this will make it easier to keep binutils' and + GDB's bundled dependencies more up-to-date in the future; as many + are quite out-of-date right now. diff --git a/imworkingon/upstreams.yml b/imworkingon/upstreams.yml index bb9f14a..11f3af0 100644 --- a/imworkingon/upstreams.yml +++ b/imworkingon/upstreams.yml @@ -75,4 +75,5 @@ - https://chromium-review.googlesource.com/c/chromiumos/platform/vboot/ # v3 rewrite name: vboot desc: | - vboot is Google's Verified Boot reference implementation. + vboot is Google's Verified Boot reference implementation, and is + used by the coreboot userspace tools. |