3 releases 3 tags

RSS feed

• v5.5 2c37d59539

  Compare

  protocol7-core-v5.5 Stable

  amnesia released this 2026-06-25 00:50:51 +02:00 | 5 commits to main since this release

  Protocol 7 Core ~ Changelog

  v5.5 (2026-06-24)

  v5.5 is a hardening and reliability release. Here's what changed and why it matters:

  Security

  Binary hardening flags — every compiled binary now builds with -pie -fstack-protector-strong -D_FORTIFY_SOURCE=2. In v5.4 the binaries had no stack protection or position-independent hardening, making them easier targets for memory corruption exploits.

  Root check re-hardened in lainos-init — v5.4 had the root check removed with a comment saying it "prevents login loop." v5.5 hard-fails on root unless P7_ALLOW_ROOT=1 is explicitly set, closing a silent path to root sessions if greetd/PAM misconfigures.

  P7_CMD compositor whitelist — v5.4 exec'd whatever P7_CMD contained without validation. v5.5 validates against a known-safe compositor list before exec, blocking arbitrary command injection through the environment.

  drop_privileges() fallback — v5.4 silently returned without dropping privileges if the nobody user didn't exist. v5.5 falls back to UID/GID 65534 unconditionally.

  Ghost directory permissions — 0755 → 0750. These are placeholder dirs; world-execute was unnecessarily permissive.

  Reliability

  D-Bus socket readiness — v5.4 used a fixed 500ms blind wait. v5.5 polls /run/dbus/system_bus_socket every 100ms up to 3 seconds, connecting the moment the socket is ready. Eliminates the timing race on any hardware.

  Audio zombie fix — v5.4's spawn_daemon() never called waitpid() on the intermediate child, creating a zombie process on every audio daemon spawn. v5.5 reaps it immediately.

  Signal handling in lainos-notifyd — v5.4 had no signal handler, so SIGTERM killed the process mid-recv() without cleanup, leaving the socket file behind. v5.5 handles SIGTERM/SIGINT cleanly and unlinks the socket on exit.

  Dynamic wireless interface detection — v5.4 hardcoded wlan0. v5.5 enumerates /sys/class/net/ and checks uevent for DEVTYPE=wlan, working correctly on any hardware regardless of interface naming.

  Cleanliness

  Debug artifacts removed — v5.4 wrote /tmp/lainos-init.debug on every single login and had fprintf(stderr) debug calls throughout lainos-dbus-bridge. Both removed in v5.5.

  ldconfig removed from install hook — leftover from when the mock shared libraries existed. No-op in v5.4, removed in v5.5.

  rc-update del in pre_remove — v5.4 only stopped services on removal, leaving stale runlevel symlinks behind. v5.5 deregisters them properly.

  makedepends corrected — v5.4 listed dbus and libseccomp in both depends and makedepends. v5.5 keeps them only in depends where they belong as runtime dependencies.

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download

  ---

  • protocol7-core-5.5-1-x86_64.pkg.tar.zst
    0 downloads · 2026-06-25 00:50:39 +02:00 · 38 KiB
  • protocol7-core-5.5-1-x86_64.pkg.tar.zst.sig
    0 downloads · 2026-06-25 00:50:39 +02:00 · 119 B