upg btrfs-progs gnupg gnutls libgcrypt libxml2 mkinicpio

2023-11-16 23:13:51 +02:00 · 2023-11-16 23:13:51 +02:00 · 74c9764c0e
parent 1e8b7a758a
commit 74c9764c0e
20 changed files with 417 additions and 88 deletions
--- a/btrfs-progs/PKGBUILD
+++ b/btrfs-progs/PKGBUILD
@ -6,7 +6,7 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------

 pkgname=btrfs-progs
-pkgver=6.6.1
+pkgver=6.6.2
 pkgrel=01
 pkgdesc='Btrfs filesystem utilities w/o systemd'
 makedepends=('asciidoc' 'xmlto' 'python' 'python-setuptools' 'e2fsprogs' 'reiserfsprogs' 'python-sphinx')
@ -71,10 +71,10 @@ license=('GPL-2.0-only')

 validpgpkeys=('F2B41200C54EFB30380C1756C565D5F9D76D583B')

-sha256sums=(3e92cb6d83bdde612318fd8046dd6eff47c786e59d56dd4ece987945d5137c9e  # btrfs-progs-v6.6.1.tar.xz
-	f4fa67e833e3cf5b8bd5b007f75221f7ef8a25e56e424155ec80ddf4a27cb3eb  # btrfs-progs-v6.6.1.tar.sign
+sha256sums=(b426736dc94e2b04b6983e998c4dc427dc166d66ddea246c890ed9c2a450044f  # btrfs-progs-v6.6.2.tar.xz
+	2e0d8ba13a5669596dd759a0a041bd112558c35757de53aedb8fc2163c30e6b8  # btrfs-progs-v6.6.2.tar.sign
 	bbe60b35d1b1e2efc1308a8f54f1fdc6808240a81c5f5b4d75321b7ee86e41f4  # initcpio-install-btrfs
 	35efeee8590d6d60c711ae9cdc918e4841ab61d10cb02359e65e36ebff95ffc5) # initcpio-hook-btrfs

-##  9f535484a8605dc7972f597f074d264caec26e0f36d2a84d3b7b2baf0c6d4dbf  btrfs-progs-6.6.1-01-x86_64.pkg.tar.lz
+##  f1b3cab6896ad04a06fb5e33ee1fe474a2ffa1f3e667ca79ad6799fd927e408d  btrfs-progs-6.6.2-01-x86_64.pkg.tar.lz

--- a/btrfs-progs/PKGBUILD-arch
+++ b/btrfs-progs/PKGBUILD-arch
@ -3,7 +3,7 @@
 # Contributor: Tobias Powalowski <tpowa@archlinux.org>

 pkgname=btrfs-progs
-pkgver=6.6.1
+pkgver=6.6.2
 pkgrel=1
 pkgdesc='Btrfs filesystem utilities'
 arch=('x86_64')
@ -27,7 +27,7 @@ source=("https://www.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs/btrfs-
 install=btrfs-progs.install
 options=(!staticlibs)
 sha256sums=('SKIP'
-            '3e92cb6d83bdde612318fd8046dd6eff47c786e59d56dd4ece987945d5137c9e'
+            'b426736dc94e2b04b6983e998c4dc427dc166d66ddea246c890ed9c2a450044f'
            'bbe60b35d1b1e2efc1308a8f54f1fdc6808240a81c5f5b4d75321b7ee86e41f4'
            '35efeee8590d6d60c711ae9cdc918e4841ab61d10cb02359e65e36ebff95ffc5'
            'eaa7af92d28bfa8940bb551560fd7be777f9f175292eaa72b5f6ef00fb240252'
--- a/gnupg/PKGBUILD
+++ b/gnupg/PKGBUILD
@ -7,7 +7,7 @@

 pkgname=gnupg
 pkgver=2.4.3
-pkgrel=01
+pkgrel=02
 pkgdesc='Complete and free implementation of the OpenPGP standard w/o systemd'
 url='https://www.gnupg.org/'
 depends=(bzip2 libbz2.so glibc gnutls libgcrypt
@ -90,5 +90,5 @@ sha256sums=(a271ae6d732f6f4d80c258ad9ee88dd9c94c8fdc33c3e45328c4d7c126bd219d  #
 	6ade15b536c50a88efc2d9dc958433b0ccfaf2908025b7672753e6bfce51c3c6  # gnupg-2.4-drop_import_clean.patch
 	ef2267eecd9eb59bbbbdb97d55cbfe10236b4979a125c6683a840830bc202905) # gnupg-2.4-revert_default_rfc4880bis.patch

+##  160195f1668cc7dc2cff69c8f6db25f9fcf816cf1d195fa7f5e1ea49d10295ec  gnupg-2.4.3-02-x86_64.pkg.tar.lz

-##  afe19d53f7de3b10f3b1b17d68a0ada506ba5bab922a76e4f665ecb2476e448b  gnupg-2.4.3-01-x86_64.pkg.tar.lz
--- a/gnupg/clean
+++ b/gnupg/clean
@ -1 +1 @@
-rm -rf {src,pkg,gnupg*bz2*,gnupg-2.*patch}
+rm -rf {src,pkg,gnupg*bz2*}
--- a/gnupg/gnupg-2.4-avoid_beta_warning.patch
+++ b/gnupg/gnupg-2.4-avoid_beta_warning.patch
@ -0,0 +1,46 @@
+From: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
+Date: Tue, 14 Apr 2015 10:02:31 -0400
+Subject: avoid-beta-warning
+
+avoid self-describing as a beta
+
+Using autoreconf against the source as distributed in tarball form
+invariably results in a package that thinks it's a "beta" package,
+which produces the "THIS IS A DEVELOPMENT VERSION" warning string.
+
+since we use dh_autoreconf, i need this patch to avoid producing
+builds that announce themselves as DEVELOPMENT VERSIONs.
+
+See discussion at:
+
+ http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
+---
+ autogen.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/debian-packaging/avoid-beta-warning.patch
+
+diff --git a/autogen.sh b/autogen.sh
+index b238550..9b86d3f 100755
+--- a/autogen.sh
+++ b/autogen.sh
+@@ -229,7 +229,7 @@ if [ "$myhost" = "find-version" ]; then
+     esac
+ 
+     beta=no
+-    if [ -e .git ]; then
+    if false; then
+       ingit=yes
+       tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
+       tmp=$(echo "$tmp" | sed s/^"$package"//)
+@@ -245,8 +245,8 @@ if [ "$myhost" = "find-version" ]; then
+       rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
+     else
+       ingit=no
+-      beta=yes
+-      tmp="-unknown"
+      beta=no
+      tmp=""
+       rev="0000000"
+       rvd="0"
+     fi
--- a/gnupg/gnupg-2.4-drop_import_clean.patch
+++ b/gnupg/gnupg-2.4-drop_import_clean.patch
@ -0,0 +1,51 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Mon, 15 Jul 2019 16:24:35 -0400
+Subject: gpg: drop import-clean from default keyserver import options
+
+* g10/gpg.c (main): drop IMPORT_CLEAN from the
+default opt.keyserver_options.import_options
+* doc/gpg.texi: reflect this change in the documentation
+
+Given that SELF_SIGS_ONLY is already set, it's not clear what
+additional benefit IMPORT_CLEAN provides.  Furthermore, IMPORT_CLEAN
+means that receiving an OpenPGP certificate from a keyserver will
+potentially delete data that is otherwise held in the local keyring,
+which is surprising to users who expect retrieval from the keyservers
+to be purely additive.
+
+GnuPG-Bug-Id: 4628
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ doc/gpg.texi | 2 +-
+ g10/gpg.c    | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/gpg-drop-import-clean-from-default-keyserver-import-optio.patch
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 804ecf9..b238278 100644
+--- a/doc/gpg.texi
+++ b/doc/gpg.texi
+@@ -2047,7 +2047,7 @@ are available for all keyserver types, some common options are:
+ 
+ @end table
+ 
+-The default list of options is: "self-sigs-only, import-clean,
+The default list of options is: "self-sigs-only,
+ repair-keys, repair-pks-subkey-bug, export-attributes". However, if
+ the actual used source is an LDAP server "no-self-sigs-only" is
+ assumed unless "self-sigs-only" has been explicitly configured.
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 68c0454..205de60 100644
+--- a/g10/gpg.c
+++ b/g10/gpg.c
+@@ -2441,8 +2441,7 @@ main (int argc, char **argv)
+ 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
+                                             | IMPORT_SELF_SIGS_ONLY
+                                             | IMPORT_COLLAPSE_UIDS
+-                                            | IMPORT_COLLAPSE_SUBKEYS
+-                                            | IMPORT_CLEAN);
+                                            | IMPORT_COLLAPSE_SUBKEYS);
+     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.options = 0;
+     opt.verify_options = (LIST_SHOW_UID_VALIDITY
--- a/gnupg/gnupg-2.4-revert_default_rfc4880bis.patch
+++ b/gnupg/gnupg-2.4-revert_default_rfc4880bis.patch
@ -0,0 +1,200 @@
+From 1e4f1550996334d2a631a5d769e937d29ace47bb Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 9 Feb 2023 16:38:58 +0100
+Subject: [PATCH gnupg] Revert the introduction of the RFC4880bis draft into
+ defaults
+
+This reverts commit 4583f4fe2 (gpg: Merge --rfc4880bis features into
+--gnupg, 2022-10-31).
+---
+ g10/gpg.c    | 35 ++++++++++++++++++++++++++++++++---
+ g10/keygen.c | 30 ++++++++++++++++++------------
+ 2 files changed, 50 insertions(+), 15 deletions(-)
+
+diff --git a/g10/gpg.c b/g10/gpg.c
+index dcab0a11a..796888013 100644
+--- a/g10/gpg.c
+++ b/g10/gpg.c
+@@ -247,6 +247,7 @@ enum cmd_and_opt_values
+     oGnuPG,
+     oRFC2440,
+     oRFC4880,
+    oRFC4880bis,
+     oOpenPGP,
+     oPGP7,
+     oPGP8,
+@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
+   ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
+   ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+  ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
+   ARGPARSE_s_n (oPGP7, "pgp6", "@"),
+   ARGPARSE_s_n (oPGP7, "pgp7", "@"),
+@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
+   ARGPARSE_s_s (oNoop, "aead-algo", "@"),
+   ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
+-  ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
+ 
+ 
+@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option compliance_options[] =
+   {
+     { "gnupg",      oGnuPG },
+     { "openpgp",    oOpenPGP },
+-    { "rfc4880bis", oGnuPG },
+    { "rfc4880bis", oRFC4880bis },
+     { "rfc4880",    oRFC4880 },
+     { "rfc2440",    oRFC2440 },
+     { "pgp6",       oPGP7 },
+@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option compliance_options[] =
+ static void
+ set_compliance_option (enum cmd_and_opt_values option)
+ {
+  opt.flags.rfc4880bis = 0;  /* Clear because it is initially set.  */
+
+   switch (option)
+     {
+    case oRFC4880bis:
+      opt.flags.rfc4880bis = 1;
+      opt.compliance = CO_RFC4880;
+      opt.flags.dsa2 = 1;
+      opt.flags.require_cross_cert = 1;
+      opt.rfc2440_text = 0;
+      opt.allow_non_selfsigned_uid = 1;
+      opt.allow_freeform_uid = 1;
+      opt.escape_from = 1;
+      opt.not_dash_escaped = 0;
+      opt.def_cipher_algo = 0;
+      opt.def_digest_algo = 0;
+      opt.cert_digest_algo = 0;
+      opt.compress_algo = -1;
+      opt.s2k_mode = 3; /* iterated+salted */
+      opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
+      opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
+      break;
+     case oOpenPGP:
+     case oRFC4880:
+       /* This is effectively the same as RFC2440, but with
+@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_values option)
+     case oPGP8:  opt.compliance = CO_PGP8;  break;
+     case oGnuPG:
+       opt.compliance = CO_GNUPG;
+      opt.flags.rfc4880bis = 1;
+       break;
+ 
+     case oDE_VS:
+@@ -2491,6 +2513,7 @@ main (int argc, char **argv)
+     opt.emit_version = 0;
+     opt.weak_digests = NULL;
+     opt.compliance = CO_GNUPG;
+    opt.flags.rfc4880bis = 1;
+ 
+     /* Check special options given on the command line.  */
+     orig_argc = argc;
+@@ -3033,6 +3056,7 @@ main (int argc, char **argv)
+           case oOpenPGP:
+           case oRFC2440:
+           case oRFC4880:
+          case oRFC4880bis:
+           case oPGP7:
+           case oPGP8:
+           case oGnuPG:
+@@ -3862,6 +3886,11 @@ main (int argc, char **argv)
+     if( may_coredump && !opt.quiet )
+ 	log_info(_("WARNING: program may create a core file!\n"));
+ 
+    if (!opt.flags.rfc4880bis)
+      {
+        opt.mimemode = 0; /* This will use text mode instead.  */
+      }
+
+     if (eyes_only) {
+       if (opt.set_filename)
+ 	  log_info(_("WARNING: %s overrides %s\n"),
+@@ -4078,7 +4107,7 @@ main (int argc, char **argv)
+     /* Check our chosen algorithms against the list of legal
+        algorithms. */
+ 
+-    if(!GNUPG)
+    if(!GNUPG && !opt.flags.rfc4880bis)
+       {
+ 	const char *badalg=NULL;
+ 	preftype_t badtype=PREFTYPE_NONE;
+diff --git a/g10/keygen.c b/g10/keygen.c
+index a2cfe3ccf..2a1dd1f81 100644
+--- a/g10/keygen.c
+++ b/g10/keygen.c
+@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string,int personal)
+ 	      strcat(dummy_string,"S7 ");
+ 	    strcat(dummy_string,"S2 "); /* 3DES */
+ 
+-            if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
+            if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ 	      strcat(dummy_string,"A2 ");
+ 
+             if (personal)
+@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
+   /* Make sure that the MDC feature flag is set if needed.  */
+   add_feature_mdc (sig,mdc_available);
+   add_feature_aead (sig, aead_available);
+-  add_feature_v5 (sig, 1);
+  add_feature_v5 (sig, opt.flags.rfc4880bis);
+   add_keyserver_modify (sig,ks_modify);
+   keygen_add_keyserver_url(sig,NULL);
+ 
+@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
+                 }
+             }
+           else if (!ascii_strcasecmp (s, "v5"))
+-            keyversion = 5;
+            {
+              if (opt.flags.rfc4880bis)
+                keyversion = 5;
+            }
+           else if (!ascii_strcasecmp (s, "v4"))
+             keyversion = 4;
+           else
+@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
+  *   ecdsa := Use algorithm ECDSA.
+  *   eddsa := Use algorithm EdDSA.
+  *   ecdh  := Use algorithm ECDH.
+- *   v5    := Create version 5 key
+ *   v5    := Create version 5 key (requires option --rfc4880bis)
+  *
+  * There are several defaults and fallbacks depending on the
+  * algorithm.  PART can be used to select which part of STRING is
+@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
+ 	    }
+ 	}
+ 
+-        if ((keywords[i].key == pVERSION
+-             || keywords[i].key == pSUBVERSION))
+-          ; /* Ignore version.  */
+        if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
+                                      || keywords[i].key == pSUBVERSION))
+          ; /* Ignore version unless --rfc4880bis is active.  */
+         else
+           {
+             r = xmalloc_clear( sizeof *r + strlen( value ) );
+@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
+       para = r;
+     }
+ 
+-  r = xmalloc_clear (sizeof *r + 20);
+-  r->key = for_subkey? pSUBVERSION : pVERSION;
+-  snprintf (r->u.value, 20, "%d", version);
+-  r->next = para;
+-  para = r;
+  if (opt.flags.rfc4880bis)
+    {
+      r = xmalloc_clear (sizeof *r + 20);
+      r->key = for_subkey? pSUBVERSION : pVERSION;
+      snprintf (r->u.value, 20, "%d", version);
+      r->next = para;
+      para = r;
+    }
+ 
+   if (keytime)
+     {
--- a/gnutls/NOTE
+++ b/gnutls/NOTE
@ -0,0 +1 @@
+Patch from hell 11-16-23 adds gtk-doc gettext autoconf automake as make-deps
--- a/gnutls/PKGBUILD
+++ b/gnutls/PKGBUILD
@ -6,26 +6,27 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------

 pkgname=gnutls
-pkgver=3.8.1
-pkgrel=02
-pkgdesc="A library which provides a secure layer over a reliable transport layer"
+pkgver=3.8.2
+pkgrel=01
+pkgdesc="A library which provides a secure layer over a reliable transport layer w/o zstd "
 url="https://www.gnutls.org/"
 options=('!zipman')
 #options=('!zipman' 'debug')  # comment or rm zipman option above, uncomment here to have gnutls-debug pkg produced
 depends=('glibc' 'gcc-libs' 'gmp' 'libtasn1' 'readline' 'zlib' 'nettle'
-         'libp11-kit' 'libidn2' 'zstd' 'libidn2.so' 'libunistring' 'brotli')
-makedepends=('tpm2-tss')
+         'libp11-kit' 'libidn2' 'libidn2.so' 'libunistring' 'brotli')
+makedepends=('tpm2-tss' 'gtk-doc' 'autoconf' 'automake' 'gettext') # gtk-doc required for autoreconf when patching
 checkdepends=('net-tools' 'tpm2-tools')
 optdepends=('tpm2-tss: support for TPM2 wrapped keys')
 backup=(etc/gnutls/config
        etc/modules-load.d/gnutls.conf)
 source=(https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig}
-        config)
+        config
+        gnutls-ktls_disable_keyupdate_test.patch)

 prepare() {
  cd ${pkgname}-${pkgver}
-  # FS#75613 / https://gitlab.com/gnutls/gnutls/-/merge_requests/1631
-#  patch -Np1 -i ../0001-fix-avx-detection.patch
+  patch -Np1 -i ../gnutls-ktls_disable_keyupdate_test.patch
+  autoreconf -vfi
 }

 build() {
@ -46,8 +47,6 @@ build() {

 check() {
  cd ${pkgname}-${pkgver}
-  # disable parallel tests:
-  # FAIL: serv-udp.sh

  make check
 }
@ -79,9 +78,10 @@ license=('GPL3' 'LGPL2.1')
 validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno <ueno@unixuser.org>"
 #validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich <zfridric@redhat.com>"

-sha256sums=(ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c  # gnutls-3.8.1.tar.xz
-	ef357b9d34ae308f06c0989c203521fb768b3db93b81e1041f85f1926f58ca7d  # gnutls-3.8.1.tar.xz.sig
-	22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5) # config
+sha256sums=(e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77  # gnutls-3.8.2.tar.xz
+	683f43b0aa9fc415409a5a213774bd21ce2cbd7eb14cebd67c39d1496910e0da  # gnutls-3.8.2.tar.xz.sig
+	22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5  # config
+	2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708) # gnutls-ktls_disable_keyupdate_test.patch

-##  147938701d2887457a0161911c8ce547e42ce3f29db0d27d15d8d604878dc489  gnutls-3.8.1-02-x86_64.pkg.tar.lz
+##  99fadda6e0dcc9f1f7bc5ebdb09f32a825ee7cb3cda0caf4c9ce165c2e23061f  gnutls-3.8.2-01-x86_64.pkg.tar.lz

--- a/gnutls/PKGBUILD-arch
+++ b/gnutls/PKGBUILD-arch
@ -2,8 +2,8 @@
 # Contributor: Jan de Groot <jgc@archlinux.org>

 pkgname=gnutls
-pkgver=3.8.1
-pkgrel=2
+pkgver=3.8.2
+pkgrel=1
 pkgdesc="A library which provides a secure layer over a reliable transport layer"
 arch=('x86_64')
 license=('GPL3' 'LGPL2.1')
@ -11,19 +11,29 @@ url="https://www.gnutls.org/"
 options=('!zipman')
 depends=('glibc' 'gcc-libs' 'gmp' 'libtasn1' 'readline' 'zlib' 'nettle'
         'libp11-kit' 'libidn2' 'zstd' 'libidn2.so' 'libunistring' 'brotli')
-makedepends=('tpm2-tss')
+makedepends=('tpm2-tss'
+            # required for autoreconf when patching
+            'gtk-doc')
 checkdepends=('net-tools' 'tpm2-tools')
 optdepends=('tpm2-tss: support for TPM2 wrapped keys')
 backup=(etc/gnutls/config
        etc/modules-load.d/gnutls.conf)
 source=(https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig}
-        config)
-sha256sums=('ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c'
+        config
+        gnutls-ktls_disable_keyupdate_test.patch)
+sha256sums=('e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77'
            'SKIP'
-            '22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5')
+            '22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5'
+            '2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708')
 validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno <ueno@unixuser.org>"
 #validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich <zfridric@redhat.com>"

+prepare() {
+  cd ${pkgname}-${pkgver}
+  patch -Np1 -i ../gnutls-ktls_disable_keyupdate_test.patch
+  autoreconf -vfi
+}
+
 build() {
  cd ${pkgname}-${pkgver}
  ./configure --prefix=/usr \
@ -41,9 +51,6 @@ build() {

 check() {
  cd ${pkgname}-${pkgver}
-  # disable parallel tests:
-  # FAIL: serv-udp.sh
-#  make -j1 check
  make check
 }

--- a/gnutls/deps
+++ b/gnutls/deps
@ -1,4 +1,8 @@
 net-tools
 tpm2-tools
+gtk-doc
+autoconf
+gettext


+automake
--- a/gnutls/gnutls-ktls_disable_keyupdate_test.patch
+++ b/gnutls/gnutls-ktls_disable_keyupdate_test.patch
@ -0,0 +1,13 @@
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 2872cb1aa..247dfd3d8 100644
+--- a/tests/Makefile.am
+++ b/tests/Makefile.am
+@@ -504,8 +504,6 @@ endif
+ if ENABLE_KTLS
+ indirect_tests += gnutls_ktls
+ dist_check_SCRIPTS += ktls.sh
+-indirect_tests += ktls_keyupdate
+-dist_check_SCRIPTS += ktls_keyupdate.sh
+ endif
+ 
+ if !WINDOWS
--- a/libgcrypt/PKGBUILD
+++ b/libgcrypt/PKGBUILD
@ -6,7 +6,7 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------

 pkgname=libgcrypt
-pkgver=1.10.2
+pkgver=1.10.3
 pkgrel=01
 pkgdesc="General purpose cryptographic library based on the code from GnuPG w/o systemd"
 url="https://www.gnupg.org"
@ -55,11 +55,11 @@ arch=(x86_64)

 license=('LGPL')

-validpgpkeys=('6DAA6E64A76D2840571B4902528897B826403ADA') # "Werner Koch (dist signing 2020)"
-#validpgpkeys=('AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD') # Niibe Yutaka (GnuPG Release Key)
+#validpgpkeys=('6DAA6E64A76D2840571B4902528897B826403ADA') # "Werner Koch (dist signing 2020)"
+validpgpkeys=('AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD') # Niibe Yutaka (GnuPG Release Key)
 
-sha256sums=(3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03  # libgcrypt-1.10.2.tar.bz2
-	485cbe1c63d2cc40ac9b3e3a5ce4edee6614cfde3e53fe2501f37e46ac529f22) # libgcrypt-1.10.2.tar.bz2.sig
+sha256sums=(8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa  # libgcrypt-1.10.3.tar.bz2
+	267016f908127828556bda0f38aabd1fd3ea501e06de99877cbe453018e4ee56) # libgcrypt-1.10.3.tar.bz2.sig

-##  f6a632e0e99bb27aee674cc71d90ab40914f3c2f9b5ba05859e0b5beec185566  libgcrypt-1.10.2-01-x86_64.pkg.tar.lz
+##  9a85df4401db9f904c1bd79fb88b82d2c740919c3d83568faa556e896a39ab94  libgcrypt-1.10.3-01-x86_64.pkg.tar.lz

--- a/libgcrypt/PKGBUILD-arch
+++ b/libgcrypt/PKGBUILD-arch
@ -5,7 +5,7 @@
 # then cp /usr/lib/libgcrypt.so.11 /var/lib/archbuild/staging-x86_64/root/usr/lib/ and do staging-x86_64-build

 pkgname=libgcrypt
-pkgver=1.10.2
+pkgver=1.10.3
 pkgrel=1
 pkgdesc="General purpose cryptographic library based on the code from GnuPG"
 arch=(x86_64)
@ -15,10 +15,10 @@ depends=('libgpg-error')
 options=('!emptydirs')
 # https://www.gnupg.org/download/integrity_check.html
 source=(https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2{,.sig})
-sha256sums=('3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03'
+sha256sums=('8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa'
            'SKIP')
-validpgpkeys=('6DAA6E64A76D2840571B4902528897B826403ADA') # "Werner Koch (dist signing 2020)"
-#validpgpkeys=('AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD') # Niibe Yutaka (GnuPG Release Key)
+#validpgpkeys=('6DAA6E64A76D2840571B4902528897B826403ADA') # "Werner Koch (dist signing 2020)"
+validpgpkeys=('AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD') # Niibe Yutaka (GnuPG Release Key)

 prepare() {
  cd "${pkgname}"-${pkgver}
--- a/libxml2/PKGBUILD
+++ b/libxml2/PKGBUILD
@ -8,7 +8,7 @@
 #pkgbase=libxml2
 #pkgname=(libxml2 libxml2-docs)
 pkgname=libxml2
-pkgver=2.11.5
+pkgver=2.12.0
 pkgrel=01
 # mixup between jobcore and staging 4/22 rebuild on jobcore used staging PKGBUILD-arch
 # so staging pkgrel is bumped up one to distinguish from jobcore's build
@ -19,7 +19,7 @@ makedepends=(python git)
 optdepends=('python: Python bindings')
 provides=(libxml2.so)
 #options=(debug)   ##  uncomment this to have the debug pkg produced
-_commit=2b998a4ffbdfea04fc6a620721abc690a15743af  # tags/v2.11.5^0
+_commit=5e9b167dce73bd6a804ab107ae4c4b95e6849597  # tags/v2.12.0^0
 source=(
  "git+https://gitlab.gnome.org/GNOME/libxml2.git#commit=$_commit"
  0001-HACK-Don-t-run-fuzzing-tests.patch
@ -50,11 +50,12 @@ build() {
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
+    --disable-static \
    --with-history \
    --with-python=/usr/bin/python \
    --with-icu \
-    --with-threads \
-    --disable-static
+    --with-legacy \
+    --with-threads
  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
  make
 }
@ -95,4 +96,5 @@ sha256sums=(SKIP
 	60921b7894753a079659369b49b718c83d09edd49de76503850e5560af778c3a  # 0001-HACK-Don-t-run-fuzzing-tests.patch
 	9b61db9f5dbffa545f4b8d78422167083a8568c59bd1129f94138f936cf6fc1f) # xmlts20130923.tar.gz

-##  aba63b5793a85bf6f32663edcb9d870d2e8999cdd7aab735f151f8a8f023ce67  libxml2-2.11.5-01-x86_64.pkg.tar.lz
+##  6858027921c8d7aaa082f318cb08f52822fecb021f74490b17685ad192c87946  libxml2-2.12.0-01-x86_64.pkg.tar.lz
+
--- a/libxml2/PKGBUILD-arch
+++ b/libxml2/PKGBUILD-arch
@ -9,7 +9,7 @@ pkgname=(
  libxml2
  libxml2-docs
 )
-pkgver=2.11.5
+pkgver=2.12.0
 pkgrel=1
 pkgdesc="XML C parser and toolkit"
 url="https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home"
@ -26,14 +26,14 @@ makedepends=(
  git
  python
 )
-_commit=2b998a4ffbdfea04fc6a620721abc690a15743af  # tags/v2.11.5^0
+_commit=5e9b167dce73bd6a804ab107ae4c4b95e6849597  # tags/v2.12.0^0
 source=(
  "git+https://gitlab.gnome.org/GNOME/libxml2.git#commit=$_commit"
  0001-HACK-Don-t-run-fuzzing-tests.patch
  https://www.w3.org/XML/Test/xmlts20130923.tar.gz
 )
 b2sums=('SKIP'
-        '5f47a4949e9485c40b5685840d48aef87aa7919eb7e0afd679b598ee054392f18a657947c10c627d3239937e53611f8263c47312d26b093aa5973854307f53aa'
+        '6931b07a467874c3016deb7a68bab1e9cfaabc88fdeaf0ccf6c9cca02bbce9618b18f8c285f5748089138489d04d7c72a659b2bfd4ea5fe24ad273daacbd6d50'
        '63a47bc69278ef510cd0b3779aed729e1b309e30efa0015d28ed051cc03f9dfddb447ab57b07b3393e8f47393d15473b0e199c34cb1f5f746b15ddfaa55670be')

 pkgver() {
@ -58,15 +58,15 @@ build() {
    --prefix=/usr
    --sysconfdir=/etc
    --localstatedir=/var
+    --disable-static
    --with-history
    --with-icu
+    --with-legacy
    --with-python=/usr/bin/python
    --with-threads
-    --disable-static
  )

  cd libxml2
-
  ./configure "${configure_options[@]}"
  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
  make
@ -82,7 +82,6 @@ package_libxml2() {
  provides=(libxml2.so)

  cd libxml2
-
  make DESTDIR="$pkgdir" install

  mkdir -p ../doc/usr/share
--- a/mkinitcpio/PKGBUILD
+++ b/mkinitcpio/PKGBUILD
@ -6,9 +6,9 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------

 pkgname=mkinitcpio
-pkgver=36
+pkgver=37
 pkgrel=01
-pkgdesc="Modular initramfs image creation utility"
+pkgdesc="Modular initramfs image creation utility w/o systemd zstd "
 #url='https://github.com/archlinux/mkinitcpio'
 #url='https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio'
 url="https://sources.archlinux.org/other"
@ -59,10 +59,14 @@ license=(GPL)
 validpgpkeys=('ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB'    # Giancarlo Razzolini
              'C100346676634E80C940FB9E9C02FF419FECBE16')   # Morten Linderud

-sha256sums=(7b3b1cdf546922f47845a3ac4353ca97899a4bb68cfff29098c45135e5fb8b5e  # mkinitcpio-36.tar.gz
-	165f43e438035f7b58ac71be07661c773a7616f69018cee5ab8e7e31f0b76aa7  # mkinitcpio-36.tar.gz.sig
+sha256sums=(a4729c206a4fd7fabdd4432cf338637e85db9be9a96a5643c0a0fb0c5bd7cbe7  # mkinitcpio-37.tar.gz
+	58bd5182828dbe1eb6efa484abbc4d809fe4c6375d59aef89a7d3c183fe5a3da  # mkinitcpio-37.tar.gz.sig
 	c4afeb6b3300c4d50c3f01233705b542f59d6e95a7670f7efde097ea209ef5bd  # nosystemd.patch
-	c8ec2debd54233927dd97bd25ef4ac00e1ac850f9b34a3d414e1a66608c36040) # mkinitcpio.conf
+	9b3c6ffe86be7932efa99408da0f66693b4e36d9d5fcd82f86b24eeaa14611d9) # mkinitcpio.conf

-##  a164e6a08a5f412fd8e2fa7cb9d5db49cef7f7118566529d13d48435215680c4  mkinitcpio-36-01-x86_64.pkg.tar.lz
+##  9c0d2cca1896f9437595f120a811fb42a0c6c286634a39c7969ae14b48584b55  mkinitcpio-37-01-x86_64.pkg.tar.lz

+##  c4afeb6b3300c4d50c3f01233705b542f59d6e95a7670f7efde097ea209ef5bd  # nosystemd.patch
+c4afeb6b3300c4d50c3f01233705b542f59d6e95a7670f7efde097ea209ef5bd  # nosystemd.patch.1
+##  0e33f1894476b2a48402dc126518d85bf5db84bd3594037dce3eb66a92ea3582  # mkinitcpio.install
+0e33f1894476b2a48402dc126518d85bf5db84bd3594037dce3eb66a92ea3582  # mkinitcpio.install.1
--- a/mkinitcpio/PKGBUILD-arch
+++ b/mkinitcpio/PKGBUILD-arch
@ -4,7 +4,7 @@
 # Contributor: Thomas Bächler <thomas@archlinux.org>

 pkgname=mkinitcpio
-pkgver=36
+pkgver=37
 pkgrel=1
 pkgdesc="Modular initramfs image creation utility"
 arch=('any')
@ -23,9 +23,9 @@ provides=('initramfs')
 backup=('etc/mkinitcpio.conf')
 source=("https://sources.archlinux.org/other/$pkgname/$pkgname-$pkgver.tar.gz"{,.sig})
 install=mkinitcpio.install
-sha512sums=('f13cfdfee62dc1a344b75413fde8f35eb594c4c372d4a2ed8bbc22f2c01d93ea59d423807d06d19a6d1789e47b35286845daffeffef0fec4bae022e0e92b7b64'
+sha512sums=('45548350cd66de6ba2ba5260db3c72d0b6153be36c068ebbd81725252d1dc62fd5dd798acd4a0245c7b58710fa2fea7c3066bd99ecd498dfc154177459af2038'
            'SKIP')
-b2sums=('b60d8e61a15167df3316a7336467740efd4888784228dd6a08b1d974c54c479c082ba142eb60d3f356b06053e5c472f747e0ca830d50bed9f31c13d52b549ca1'
+b2sums=('84c5122c3775f136bb768580519cb91a18769184d947cfe0e2c714607fe3e7f3e210cf4b58252fad831be8b211e18d7bef33acede97fa273775437d11f25fe07'
        'SKIP')
 validpgpkeys=('ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB'    # Giancarlo Razzolini
              'C100346676634E80C940FB9E9C02FF419FECBE16')   # Morten Linderud
--- a/mkinitcpio/PKGBUILD-artix
+++ b/mkinitcpio/PKGBUILD-artix
@ -1,17 +1,18 @@
-# Maintainer: artoo <artoo@artixlinux.org>
+# Maintainer: Giancarlo Razzolini <grazzolini@archlinux.org>
 # Maintainer: Morten Linderud <foxboron@archlinux.org>
 # Contributor: Dave Reisner <dreisner@archlinux.org>
 # Contributor: Thomas Bächler <thomas@archlinux.org>

 pkgname=mkinitcpio
-pkgver=32
-pkgrel=2
+pkgver=37
+pkgrel=1
 pkgdesc="Modular initramfs image creation utility"
 arch=('any')
-url='https://github.com/archlinux/mkinitcpio'
+url='https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio'
 license=('GPL')
 depends=('awk' 'mkinitcpio-busybox>=1.19.4-2' 'kmod' 'util-linux>=2.23' 'libarchive' 'coreutils'
         'bash' 'binutils' 'diffutils' 'findutils' 'grep' 'filesystem>=2011.10-1' 'zstd' 'udev')
+checkdepends=('bash-bats' 'bash-bats-assert' 'lzop')
 optdepends=('gzip: Use gzip compression for the initramfs image'
            'xz: Use lzma or xz compression for the initramfs image'
            'bzip2: Use bzip2 compression for the initramfs image'
@ -21,24 +22,20 @@ optdepends=('gzip: Use gzip compression for the initramfs image'
 provides=('initramfs')
 backup=('etc/mkinitcpio.conf')
 source=("https://sources.archlinux.org/other/$pkgname/$pkgname-$pkgver.tar.gz"{,.sig}
-        nosystemd.patch
-        "fix-strip.patch::https://github.com/archlinux/mkinitcpio/commit/dece596d569ca90af902bf2403227b478b629c03.patch")
+        nosystemd.patch)
 install=mkinitcpio.install
-sha512sums=('c180bef8af774305e8c9779b3405daaa5be33588bf89c6625a28eac1cde424f447782737d85d810fed4971d38b31086a072293d42aad08398c090f9538b56a4e'
+sha512sums=('45548350cd66de6ba2ba5260db3c72d0b6153be36c068ebbd81725252d1dc62fd5dd798acd4a0245c7b58710fa2fea7c3066bd99ecd498dfc154177459af2038'
            'SKIP'
-            'f1ad7792b3b42397c2645e834d4b6c6a89122060455954d1ab56a71c673c3b8a8fdbbd6d722d30195211672b9075d09ac07ce6fb5d9723f56ce540709ebe4665'
-            'd19718f92916e00cece4e213bd7bd1cbf55b0094a39c459aaa995442342b64eb3fe8ec0bf023074f7ea26474a6fe2dc0370e0663823ed08ec5d33f6f645b833c')
-b2sums=('0c29659278e662eb58bc776f99e9579b5f0cf3268175382ecf2d635d54a6a8261ae173e387503a0c20a7492656c703a6699b52e1a6693c85c3211225d3e7abf8'
+            'f1ad7792b3b42397c2645e834d4b6c6a89122060455954d1ab56a71c673c3b8a8fdbbd6d722d30195211672b9075d09ac07ce6fb5d9723f56ce540709ebe4665')
+b2sums=('84c5122c3775f136bb768580519cb91a18769184d947cfe0e2c714607fe3e7f3e210cf4b58252fad831be8b211e18d7bef33acede97fa273775437d11f25fe07'
        'SKIP'
-        '92e1969572e0022bd257f44314045f57db47821d99a40ea1290749967b50ead1cb11adaa9b79f4286fbf20a94173e0ba7f2d4f88208e31d7a03a8de4ea014396'
-        '2b404010d5edb4b7eac36e25f0bf1c7958b7bc7b9740a1fda859579de48dc47552d9eee1d40abb8d2ebf1dffc523a64797c834bba59a22bab9e537ad12e991c7')
+        '92e1969572e0022bd257f44314045f57db47821d99a40ea1290749967b50ead1cb11adaa9b79f4286fbf20a94173e0ba7f2d4f88208e31d7a03a8de4ea014396')
 validpgpkeys=('ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB'    # Giancarlo Razzolini
              'C100346676634E80C940FB9E9C02FF419FECBE16')   # Morten Linderud

 prepare() {
-    cd "${pkgname}-${pkgver}"
-    patch -Np1 < "$srcdir/fix-strip.patch"
-    patch -Np1 -i ../nosystemd.patch
+  cd "${pkgname}-${pkgver}"
+  patch -Np1 -i ../nosystemd.patch
 }

 check() {
--- a/mkinitcpio/mkinitcpio.conf
+++ b/mkinitcpio/mkinitcpio.conf
@ -3,7 +3,7 @@
 # The following modules are loaded before any boot hooks are
 # run.  Advanced users may wish to specify all system modules
 # in this array.  For instance:
-#     MODULES=(piix ide_disk reiserfs)
+#     MODULES=(usbhid xhci_hcd)
 MODULES=()

 # BINARIES
@ -29,27 +29,27 @@ FILES=()
 # 'filesystems' is _required_ unless you specify your fs modules in MODULES
 # Examples:
 ##   This setup specifies all modules in the MODULES setting above.
-##   No raid, lvm2, or encrypted root is needed.
+##   No RAID, lvm2, or encrypted root is needed.
 #    HOOKS=(base)
 #
 ##   This setup will autodetect all modules for your system and should
 ##   work as a sane default
-#    HOOKS=(base udev autodetect block filesystems)
+#    HOOKS=(base udev autodetect modconf block filesystems fsck)
 #
 ##   This setup will generate a 'full' image which supports most systems.
 ##   No autodetection is done.
-#    HOOKS=(base udev block filesystems)
+#    HOOKS=(base udev modconf block filesystems fsck)
 #
-##   This setup assembles a pata mdadm array with an encrypted root FS.
-##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
-#    HOOKS=(base udev block mdadm encrypt filesystems)
+##   This setup assembles a mdadm array with an encrypted root file system.
+##   Note: See 'mkinitcpio -H mdadm_udev' for more information on RAID devices.
+#    HOOKS=(base udev modconf keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck)
 #
-##   This setup loads an lvm2 volume group on a usb device.
-#    HOOKS=(base udev block lvm2 filesystems)
+##   This setup loads an lvm2 volume group.
+#    HOOKS=(base udev modconf block lvm2 filesystems fsck)
 #
 ##   NOTE: If you have /usr on a separate partition, you MUST include the
-#    usr, fsck and shutdown hooks.
-HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)
+#    usr and fsck hooks.
+HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block filesystems fsck)

 # COMPRESSION
 # Use this to compress the initramfs image. By default, zstd compression
@ -66,3 +66,8 @@ COMPRESSION="xz"
 # COMPRESSION_OPTIONS
 # Additional options for the compressor
 COMPRESSION_OPTIONS=( -T0 )
+# MODULES_DECOMPRESS
+# Decompress kernel modules during initramfs creation.
+# Enable to speedup boot process, disable to save RAM
+# during early userspace. Switch (yes/no).
+#MODULES_DECOMPRESS="yes"
				`@ -0,0 +1 @@`
				`Patch from hell 11-16-23 adds gtk-doc gettext autoconf automake as make-deps`