Bug 1966865 - rust-object-0.26.2 is available
Summary: rust-object-0.26.2 is available
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rust-object
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Rust SIG
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1967769 1967823 1969737
TreeView+ depends on / blocked
 
Reported: 2021-06-02 05:46 UTC by Upstream Release Monitoring
Modified: 2021-09-25 21:33 UTC (History)
4 users (show)

Fixed In Version: rust-object-0.26.2-1.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-09-22 20:43:25 UTC
Type: ---


Attachments (Terms of Use)

Description Upstream Release Monitoring 2021-06-02 05:46:04 UTC
Latest upstream release: 0.25.0
Current version/release in rawhide: 0.24.0-1.fc35
URL: https://crates.io/crates/object

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/16629/

Comment 1 Upstream Release Monitoring 2021-06-03 07:24:59 UTC
Latest upstream release: 0.25.1
Current version/release in rawhide: 0.24.0-1.fc35
URL: https://crates.io/crates/object

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/16629/

Comment 2 Upstream Release Monitoring 2021-06-04 06:37:15 UTC
Latest upstream release: 0.25.2
Current version/release in rawhide: 0.24.0-1.fc35
URL: https://crates.io/crates/object

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/16629/

Comment 3 Fabio Valentini 2021-06-10 21:54:15 UTC
I have looked into updating object, but the update to object ^0.25 is blocked because addr2line and gimli don't support 0.25 yet and are stuck at 0.24 for now.
Going by previous, similar situations, it should only take days-weeks for that to be resolved upstream :D
If you need it earlier, you could try poking the addr2line and gimli upstreams ...

Comment 4 Olivier Lemasle 2021-06-11 13:54:58 UTC
@Fabio: Ok, thank you for the information!

Comment 5 Upstream Release Monitoring 2021-06-12 05:37:33 UTC
Latest upstream release: 0.25.3
Current version/release in rawhide: 0.24.0-1.fc35
URL: https://crates.io/crates/object

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/16629/

Comment 6 Upstream Release Monitoring 2021-07-26 08:27:59 UTC
Latest upstream release: 0.26.0
Current version/release in rawhide: 0.24.0-1.fc35
URL: https://crates.io/crates/object

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/16629/

Comment 7 Olivier Lemasle 2021-07-26 19:03:56 UTC
@Fabio Valentini: the crates addr2line, gimli and backtrace have all been updated and now depend on object ^0.26, so we can now update this package.

May I join Rust SIG to update these crates?

Comment 8 Fabio Valentini 2021-07-28 12:02:57 UTC
I don't have the power to manage SIG membership. But I will work on updating these packages starting today.

Comment 9 Olivier Lemasle 2021-07-28 12:37:06 UTC
Thanks Fabio!

Comment 10 Fabio Valentini 2021-07-28 20:14:09 UTC
It looks like I need to update gimli to version 0.25 to be able to update object, addr2line, and backtrace crates, but the cranelift* and wasmtime* crates still require gimli 0.24. Do you know if it will be possible to update those to use gimli 0.25?

Comment 11 Upstream Release Monitoring 2021-08-19 03:09:57 UTC
Latest upstream release: 0.26.1
Current version/release in rawhide: 0.24.0-2.fc35
URL: https://crates.io/crates/object

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/16629/

Comment 12 Upstream Release Monitoring 2021-08-28 03:16:13 UTC
Latest upstream release: 0.26.2
Current version/release in rawhide: 0.24.0-2.fc35
URL: https://crates.io/crates/object

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/16629/

Comment 13 Olivier Lemasle 2021-09-21 19:35:33 UTC
Hi Fabio,

> It looks like I need to update gimli to version 0.25 to be able to update object,
> addr2line, and backtrace crates, but the cranelift* and wasmtime* crates still
> require gimli 0.24. Do you know if it will be possible to update those to use
> gimli 0.25?

I'm currently updating cranelift* and wasmtime* crates, which now depend on gimli 0.25 and object 0.26.

Comment 14 Fabio Valentini 2021-09-21 20:54:29 UTC
Thanks, good to know. I'll let you know once I have latest object, gimli, addr2line, and backtrace ready in a rawhide side tag.

Comment 15 Fabio Valentini 2021-09-21 22:45:46 UTC
The following builds are now available in f36-build-side-46075:

- gimli 0.25.0
- object 0.26.2
- addr2line 0.16.0
- backtrace 0.3.61

To run scratch builds against these versions, you can use
koji build --scratch f36-build-side-46075 ./foo.src.rpm

To build real koji builds in this side tag, use
fedpkg build --target f36-build-side-46075

Please ping me once your builds are done, as side tags should not be kept open for too long.

Comment 16 Olivier Lemasle 2021-09-22 14:03:19 UTC
Thank you!

Should I:

- do all the builds for my cranelift/wasmtime update in this side tag (about 15 packages, including security updates),

- or just bump the gimli/object/... dependencies in the sise-tag, then update the cranelift/wasmtime crates in another side tag

?

Comment 17 Fabio Valentini 2021-09-22 14:42:37 UTC
It's probably easiest to just continue using the f36-build-side-46075 side tag for your builds.
Once they are all done, I can submit everything as a bodhi update in one go.

And I suppose the whole thing needs to happen in Fedora 35 and 34 as well?

Comment 18 Olivier Lemasle 2021-09-22 14:50:14 UTC
Ok, thanks.
Yes, it should also be in f34 and f35.

I'll ping you as soon as all the packages are updated.

Comment 19 Olivier Lemasle 2021-09-22 19:30:03 UTC
Hi Fabio,

Most cranelift/wasmtime are now updated in f36-build-side-46075.

However I haven't updated 2 packages yet: rust-cranelift-wasm and rust-wasmtime-environ (which depends of rust-object). These 2 packages now depend of a new crate "wasmtime-types"; I've just created the review request https://bugzilla.redhat.com/show_bug.cgi?id=2006997

Should we wait for this package being approved and available?

Comment 20 Fabio Valentini 2021-09-22 19:43:19 UTC
I'll review your package (I already took a first look).

There's now two options:

- wait for the issues in the package review to be resolved, wait 1-2 days for the repository to be created, build, merge everything
- merge side tag now (and ignore the broken dependencies in dependent rust-cranelift-wasm and rust-wasmtime-environ packages for now)

If you're alright with those two packages having broken dependencies for 1-2 days, then that's fine with me. Otherwise we'll wait.

Comment 21 Olivier Lemasle 2021-09-22 20:25:33 UTC
Thanks for the package review.

I'm ok with merging the side tag right now. I'll update the two remaining packages once rust-wasmtime-types is accepted.

As the wasmtime updates provide security fixes, the update should have:
- type=security
- severity=medium,
- "bugs" should include 2006114,2006117,2006116,2006110,2006111,2006113,2006105,2006107,2006108
- notes=Security fix for CVE-2021-39216, CVE-2021-39218, CVE-2021-39219

Comment 22 Fedora Update System 2021-09-22 20:43:25 UTC
FEDORA-2021-a6c7dd8296 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 23 Fabio Valentini 2021-09-22 20:46:10 UTC
Feel free to let me know once you have pushed all your remaining updates to rawhide.
I can then build everything for Fedora 35 and 34 as well.

Comment 24 Olivier Lemasle 2021-09-22 22:47:30 UTC
rust-wasmtime-types's repository has been created swiftly, so I was able to push to rawhide:

- rust-wasmtime-types-0.30.0-2.fc36
- rust-cranelift-wasm-0.77.0-1.fc36
- rust-wasmtime-environ-0.30.0-1.fc36 (3 CVEs)

Comment 25 Fabio Valentini 2021-09-25 21:33:21 UTC
I've submitted all those builds to fedora 35 and 34 too, as promised:

f35: https://bodhi.fedoraproject.org/updates/FEDORA-2021-68713440cb
f34: https://bodhi.fedoraproject.org/updates/FEDORA-2021-1805eacb48


Note You need to log in before you can comment on or make changes to this bug.