From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1CBAB15808A for ; Sat, 02 Aug 2025 16:25:33 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id F00DC3406D6 for ; Sat, 02 Aug 2025 16:25:32 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id DBBDD1104DB; Sat, 02 Aug 2025 16:25:31 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id CEBB01104DB for ; Sat, 02 Aug 2025 16:25:31 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 84AF23406D6 for ; Sat, 02 Aug 2025 16:25:31 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E47CF2889 for ; Sat, 02 Aug 2025 16:25:29 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1754151923.a8e57cee43e9cbc73f0e04d5c50bf7a50d25ba6c.sam@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: / X-VCS-Repository: proj/portage X-VCS-Files: NEWS X-VCS-Directories: / X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: a8e57cee43e9cbc73f0e04d5c50bf7a50d25ba6c X-VCS-Branch: master Date: Sat, 02 Aug 2025 16:25:29 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: c5d12729-d8e3-48a5-8b75-ec2b3cfe06d2 X-Archives-Hash: 2248aa775a7b77b0c7e443b8e663cf1b commit: a8e57cee43e9cbc73f0e04d5c50bf7a50d25ba6c Author: Sam James gentoo org> AuthorDate: Sat Aug 2 16:25:15 2025 +0000 Commit: Sam James gentoo org> CommitDate: Sat Aug 2 16:25:23 2025 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=a8e57cee NEWS: update Co-authored-by: Kerin Millar plushkava.net> Signed-off-by: Sam James gentoo.org> NEWS | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/NEWS b/NEWS index 16435ac683..ab60ca61aa 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,86 @@ Release notes take the form of the following optional categories: * Bug fixes * Cleanups +Security: + +* The emerge-webrsync utility will now parse the output of gpg(1) correctly + and safely. This addresses a security issue affecting users that might + run emerge-werbsync in a situation where gemato is unusable, for whatever + reason. + +* The emerge-webrsync utility will now validate the input that it obtains + from the "metadata/timestamp.x" file. + + This addresses a security issue whereby arbitrary code execution was + achievable in the course of bash performing arithmetic operations on + numbers representing unix time. + +Bug fixes: + +* The emerge-webrsync utility will now ensure that the temporary directory + containing an ephemeral keyring is deleted upon editing, in the case that + it chooses to use gpg rather than gemato. + + Further, it will automatically terminate the gpg-agent process that would + otherwise become defunct. + +* The emerge-webrsync utility will no longer attempt to show news in the + case that it was invoked by portage itself. + +* The emerge-webrsync utility will no longer consider executing emerge --metadata + in the case that it was invoked by portage itself. + +* The 90gcc-warnings QA check will now perform so-called ANSI filtering correctly + for instances of 'PORTAGE_LOG_FILE' that have been compresesed with gzip. + +* The 90gcc-warnings QA check is now able to raise -Wparentheses warnings. + Previously, it could not, owing to a defective pattern. + +* The 90gcc-warnings QA check will now de-duplicate all warnings detected, + even if they are not adjacent to one another. + +* The use() function can no longer return true when given an abnormal USE + flag (such as "foo foo"). + +* The estrip utility will no longer produce multiple, redundant warnings + whose lines are unpredictably interleaved (bug 832138). + +Performance: + +* The way in which portage searches for words that are subsumed by scalar + variables containing whitespace-separated words has been changed. The + newly employed method is approximately twice as fast and considerably + less noisy in the case that the "xtrace" shell option is enabled. + + In turn, this change benefits certain functions, such as use(). + +* Patches are now applied more quickly. Previously, portage would apply the + patch twice, once with the --dry-run option in effect, then again without. + + The first of these two phases has been eliminated. + +* The performance of the 60bash-compeletion QA check has been improved by + using associative arrays to track seen completions and file basenames. + +* The 90gcc-warnings QA check will now use much less memory in the course + of collecting and conveying warnings. It should also perform a little + better on account of composing an extended regular expression that is + simpler and shorter than was previously the case. + +* The ecompress utility has been made slightly faster by having GNU find + resolve the targets of symlinks, rather than execute the readlink + utility once for each pathname that is traversed. + +Cleanups: + +* Owing to an effort to modernise the parts of portage that are written in + bash, a number of improvements have been made in terms of code quality and + legibility, with various bash anti-patterns having been eliminated, new + features leveraged (up to bash 4.4) and diagnostic messages improved. + + Though in its early stages, this effort is expected to continue at a brisk + pace through upcoming releases of portage. + portage-3.0.69 (UNRELEASED) --------------