diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 7a726ecd3d..70bf6c1fd5 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -28,4 +28,4 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
- name: 'Dependency Review'
- uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0
+ uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
diff --git a/.github/workflows/ossar-scan.yml b/.github/workflows/ossar-scan.yml
index d639cec8d4..677970ef13 100644
--- a/.github/workflows/ossar-scan.yml
+++ b/.github/workflows/ossar-scan.yml
@@ -81,6 +81,6 @@ jobs:
- name: Upload results to Security tab
if: steps.skip_check.outputs.should_skip != 'true'
- uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885
+ uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml
index c4f9eaaad4..1f5b142be0 100644
--- a/.github/workflows/reusable-build.yml
+++ b/.github/workflows/reusable-build.yml
@@ -137,7 +137,7 @@ jobs:
- name: Initialize CodeQL
if: inputs.build_codeql == true && steps.skip_check.outputs.should_skip != 'true'
- uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885
+ uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5
with:
languages: 'cpp'
@@ -356,4 +356,4 @@ jobs:
- name: Perform CodeQL Analysis
if: inputs.build_codeql == true && steps.skip_check.outputs.should_skip != 'true'
- uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885
+ uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 18c65185a0..6eae0d6646 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -80,6 +80,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
if: github.ref_name == 'main'
- uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885
+ uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5
with:
sarif_file: results.sarif
diff --git a/Directory.Build.props b/Directory.Build.props
index 08197292d0..add5db8536 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -8,7 +8,10 @@
0
22
0
- $(EbpfVersion_Major).$(EbpfVersion_Minor).$(EbpfVersion_Revision)
+
+ $(EbpfVersion_Major).$(EbpfVersion_Minor).$(EbpfVersion_Revision)
+ $(EbpfVersion_Major).$(EbpfVersion_Minor).$(EbpfVersion_Revision)
+ $(EbpfVersion_Major).$(EbpfVersion_Minor).$(EbpfVersion_Revision)-$(EbpfVersion_Modifier)
diff --git a/external/ebpf-verifier b/external/ebpf-verifier
index 76c49ccf2b..1d1d24600f 160000
--- a/external/ebpf-verifier
+++ b/external/ebpf-verifier
@@ -1 +1 @@
-Subproject commit 76c49ccf2b6a876eba6881120c7438b02467611c
+Subproject commit 1d1d24600fc4a771b83064de41bdce0e2f5c030b
diff --git a/external/ubpf b/external/ubpf
index 1ad22f374d..8c0dc65ddb 160000
--- a/external/ubpf
+++ b/external/ubpf
@@ -1 +1 @@
-Subproject commit 1ad22f374df28cd37052620fdb602e93c5a9a604
+Subproject commit 8c0dc65ddb7dd2eff53aed958b1a2f9424855cdb
diff --git a/external/usersim b/external/usersim
index 7b5f0d775f..3ddd922355 160000
--- a/external/usersim
+++ b/external/usersim
@@ -1 +1 @@
-Subproject commit 7b5f0d775fe3292c2c85a693bbc4cec7d72a4fab
+Subproject commit 3ddd92235525af1e08f61072c12e2ccfa29d2c14
diff --git a/installer/Product.wxs b/installer/Product.wxs
index ca29a694cf..2de5fea484 100644
--- a/installer/Product.wxs
+++ b/installer/Product.wxs
@@ -7,7 +7,7 @@ SPDX-License-Identifier: MIT
-
+
- $(DefineConstants);EbpfVersion=$(EbpfVersion)
+ $(DefineConstants);EbpfVersionNoModifier=$(EbpfVersionNoModifier)
$(SolutionDir)$(Platform)\$(Configuration)\
diff --git a/scripts/Set-Version.ps1 b/scripts/Set-Version.ps1
index 1b2020f41a..6a3fef9191 100644
--- a/scripts/Set-Version.ps1
+++ b/scripts/Set-Version.ps1
@@ -3,6 +3,124 @@
param ($InputFile, $OutputFile, [parameter(Mandatory=$false)]$VCToolsRedistDir, [parameter(Mandatory=$false)]$architecture, [parameter(Mandatory=$false)]$configuration)
+function Get-CurrentBranch {
+ $env:GIT_REDIRECT_STDERR = '2>&1'
+ $CurrentBranch = git branch --show-current
+ if ([string]::IsNullOrWhiteSpace($CurrentBranch)) {
+ Write-Warning "Failed to get branch from git"
+ return $null
+ }
+ return $CurrentBranch
+}
+
+# Returns the target or current git branch.
+function Get-BuildBranch {
+ if (![string]::IsNullOrWhiteSpace($env:SYSTEM_PULLREQUEST_TARGETBRANCH)) {
+ # We are in a (AZP) pull request build.
+ Write-Host "Using SYSTEM_PULLREQUEST_TARGETBRANCH=$env:SYSTEM_PULLREQUEST_TARGETBRANCH to compute branch"
+ return $env:SYSTEM_PULLREQUEST_TARGETBRANCH
+
+ } elseif (![string]::IsNullOrWhiteSpace($env:GITHUB_BASE_REF)) {
+ # We are in a (GitHub Action) pull request build.
+ Write-Host "Using GITHUB_BASE_REF=$env:GITHUB_BASE_REF to compute branch"
+ return $env:GITHUB_BASE_REF
+
+ } elseif (![string]::IsNullOrWhiteSpace($env:BUILD_SOURCEBRANCH)) {
+ # We are in a (AZP) main build.
+ Write-Host "Using BUILD_SOURCEBRANCH=$env:BUILD_SOURCEBRANCH to compute branch"
+ $env:BUILD_SOURCEBRANCH -match 'refs/(?:heads/)?(.+)' | Out-Null
+ return $Matches[1]
+
+ } elseif (![string]::IsNullOrWhiteSpace($env:GITHUB_REF_NAME)) {
+ # We are in a (GitHub Action) main build.
+ Write-Host "Using GITHUB_REF_NAME=$env:GITHUB_REF_NAME to compute branch"
+ return $env:GITHUB_REF_NAME
+
+ } else {
+ # Fallback to the current branch.
+ return Get-CurrentBranch
+ }
+}
+
+function Test-IsReleaseBuild {
+ $buildBranch = Get-BuildBranch
+
+ # First check if it matches release/ or tags/ pattern
+ $matchesReleasePattern = $buildBranch -match '^release/|^tags/'
+
+ # If it doesn't match the pattern, it's not a release build
+ if (-not $matchesReleasePattern) {
+ return $false
+ }
+
+ # If it matches the pattern but contains 'prerelease', it's not a release build
+ if ($buildBranch -match 'prerelease') {
+ return $false
+ }
+
+ # It matches the pattern and doesn't contain 'prerelease', so it's a release build
+ return $true
+}
+
+<#
+.SYNOPSIS
+ Get the eBPF version string, optionally with git hash appended for non-release branches.
+
+.DESCRIPTION
+ This function constructs the version string from the Directory.Build.props file.
+ For non-release branches, it appends the git commit hash to the version only for nuspec.in files.
+
+.PARAMETER GitCommitId
+ The git commit ID to append for non-release branches
+
+.PARAMETER InputFilePath
+ The path to the input file being processed to determine if prerelease versioning should be applied
+
+.RETURNS
+ The version string, potentially with git hash appended for nuspec.in files
+#>
+function Get-EbpfVersionString {
+ param(
+ [Parameter(Mandatory=$true)][string]$GitCommitId,
+ [Parameter(Mandatory=$true)][string]$InputFilePath
+ )
+
+ # Read and parse the Directory.Build.props file
+ $content = Get-Content -path "$PSScriptRoot\..\Directory.Build.props" -Raw -Encoding UTF8
+ [xml]$xml = $content
+
+ $VersionPropertyGroup = $xml.Project.PropertyGroup | Where-Object {$_.PSObject.Properties.Name -contains "Label" -and $_.Label -eq "Version"}
+
+ # Build the base version number
+ $baseVersion = ""
+ $baseVersion += $VersionPropertyGroup.EbpfVersion_Major + "."
+ $baseVersion += $VersionPropertyGroup.EbpfVersion_Minor + "."
+ $baseVersion += $VersionPropertyGroup.EbpfVersion_Revision
+
+ # Check if this is a release build
+ $isReleaseBuild = Test-IsReleaseBuild
+ $buildBranch = Get-BuildBranch
+
+ # Check if we're processing a nuspec.in file
+ $isNuspecFile = $InputFilePath -match '\.nuspec\.in$'
+
+ if ($isReleaseBuild) {
+ Write-Host "Release build detected (branch: $buildBranch). Using base version: $baseVersion"
+ return $baseVersion
+ } else {
+ # For non-release builds, only append git hash for nuspec.in files
+ if ($isNuspecFile) {
+ $shortHash = $GitCommitId.Substring(0, [Math]::Min(8, $GitCommitId.Length))
+ $versionWithHash = "$($baseVersion)-prerelease-$($shortHash)"
+ Write-Host "Non-release build detected (branch: $buildBranch) for nuspec.in file. Using version with git hash: $versionWithHash"
+ return $versionWithHash
+ } else {
+ Write-Host "Non-release build detected (branch: $buildBranch) for non-nuspec file. Using base version: $baseVersion"
+ return $baseVersion
+ }
+ }
+}
+
# The git commit ID is in the include directory and is in the format:
# #define GIT_COMMIT_ID "some commit id"
$git_commit_id = Get-Content -Path "$PSScriptRoot\..\include\git_commit_id.h" -Raw -Encoding UTF8
@@ -15,14 +133,16 @@ $content = Get-Content -path "$PSScriptRoot\..\Directory.Build.props" -Raw -Enco
$VersionPropertyGroup = $xml.Project.PropertyGroup | Where-Object {$_.PSObject.Properties.Name -contains "Label" -and $_.Label -eq "Version"}
-# Get the version number
-$version = ""
-$version += $VersionPropertyGroup.EbpfVersion_Major + "."
-$version += $VersionPropertyGroup.EbpfVersion_Minor + "."
-$version += $VersionPropertyGroup.EbpfVersion_Revision
+# Get the final version string (with git hash if not a release branch and processing nuspec.in file)
+$version_no_modifier = Get-EbpfVersionString -GitCommitId $git_commit_id -InputFilePath $InputFile
+$version = $version_no_modifier
+if ($VersionPropertyGroup.EbpfVersion_Modifier -ne "") {
+ $version += "-" + $VersionPropertyGroup.EbpfVersion_Modifier
+}
$content = Get-Content $InputFile
$content = $content.Replace("{version}", $version)
+$content = $content.Replace("{version_no_modifier}", $version_no_modifier)
$content = $content.Replace("{VCToolsRedistDir}", $VCToolsRedistDir)
$content = $content.Replace("{git_commit_id}", $git_commit_id)
$content = $content.Replace("{architecture}", $architecture)
diff --git a/scripts/update-product-version.ps1 b/scripts/update-product-version.ps1
index fa73ae6303..2f545de914 100644
--- a/scripts/update-product-version.ps1
+++ b/scripts/update-product-version.ps1
@@ -1,10 +1,14 @@
# Copyright (c) eBPF for Windows contributors
# SPDX-License-Identifier: MIT
-param ($majorVersion, $minorVersion, $revisionNumber)
+param (
+ [parameter(Mandatory=$true)] $majorVersion,
+ [parameter(Mandatory=$true)] $minorVersion,
+ [parameter(Mandatory=$true)] $revisionNumber,
+ [parameter(Mandatory=$false)]$modifier = "")
# Check if the version number is in the format X.Y.Z
-if ("$majorVersion.$minorVersion.$revisionNumber" -match '^\d+\.\d+\.\d+$') {
+if ("$majorVersion.$minorVersion.$revisionNumber" -match '^\d+\.\d+\.\d+.*$') {
if (Test-Path -Path ".\ebpf-for-windows.sln") {
# Set the new version number in the ebpf_version.h file.
@@ -12,13 +16,26 @@ if ("$majorVersion.$minorVersion.$revisionNumber" -match '^\d+\.\d+\.\d+$') {
Write-Host -ForegroundColor DarkGreen "Updating the version number in the '$ebpf_version_file' file..."
# Replace 0 with $majorVersion
- $newcontent = (Get-Content $ebpf_version_file -Raw -Encoding UTF8) `
+ $newcontent = Get-Content $ebpf_version_file -Raw -Encoding UTF8
+
+ $newcontent = $newcontent `
-replace '(?<=)\d+', $majorVersion `
-replace '(?<=)\d+', $minorVersion `
-replace '(?<=)\d+', $revisionNumber
+ if ($modifier -ne "") {
+ $newcontent = $newcontent -replace '(?<=)(.*?)(?=)', $modifier
+ $newcontent = $newcontent -replace '(?<=)(.*?)(?=)', "$majorVersion.$minorVersion.$revisionNumber-$modifier"
+ } else {
+ $newcontent = $newcontent -replace '(?<=)(.*?)(?=)', ''
+ $newcontent = $newcontent -replace '(?<=)(.*?)(?=)', "$majorVersion.$minorVersion.$revisionNumber"
+ }
$newcontent | Set-Content $ebpf_version_file -NoNewline
- Write-Host -ForegroundColor DarkGreen "Version number updated to '$majorVersion.$minorVersion.$revisionNumber' in $ebpf_version_file"
+ $version_string = "$majorVersion.$minorVersion.$revisionNumber"
+ if ($modifier -ne "") {
+ $version_string += "-$modifier"
+ }
+ Write-Host -ForegroundColor DarkGreen "Version number updated to '$version_string' in $ebpf_version_file"
# Rebuild the solution, so to regenerate the NuGet packages and the '.o' files with the new version number.
Write-Host -ForegroundColor DarkGreen "Rebuilding the solution, please wait..."
diff --git a/tools/bpf2c/bpf2c.exe.manifest.in b/tools/bpf2c/bpf2c.exe.manifest.in
index 03e55a67d5..fa8f668ea6 100644
--- a/tools/bpf2c/bpf2c.exe.manifest.in
+++ b/tools/bpf2c/bpf2c.exe.manifest.in
@@ -6,7 +6,7 @@
Overrides the default heap implementation with segment heap.
-->
-
+
SegmentHeap
diff --git a/tools/redist-package/ebpf-for-windows-redist.nuspec.in b/tools/redist-package/ebpf-for-windows-redist.nuspec.in
index 67e2e0b955..fe42de4302 100644
--- a/tools/redist-package/ebpf-for-windows-redist.nuspec.in
+++ b/tools/redist-package/ebpf-for-windows-redist.nuspec.in
@@ -28,6 +28,9 @@
+
+
+
diff --git a/tools/redist-package/redist-package.vcxproj b/tools/redist-package/redist-package.vcxproj
index 7bc53a871a..97b3bdbf73 100644
--- a/tools/redist-package/redist-package.vcxproj
+++ b/tools/redist-package/redist-package.vcxproj
@@ -146,6 +146,9 @@ NuGet.exe pack $(OutDir)ebpf-for-windows-redist.nuspec -OutputDirectory $(OutDir
{97e52abb-2f1e-4ad2-aefd-6eb7fdc0a41d}
+
+ {ba065b6a-38f8-4197-8f66-87c84afad513}
+
{55499e36-37d4-4f86-b694-9f2990315758}