Hide Forgot
Latest upstream release: 0.25.0 Current version/release in rawhide: 0.24.0-1.fc35 URL: https://crates.io/crates/object Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/16629/
Latest upstream release: 0.25.1 Current version/release in rawhide: 0.24.0-1.fc35 URL: https://crates.io/crates/object Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/16629/
Latest upstream release: 0.25.2 Current version/release in rawhide: 0.24.0-1.fc35 URL: https://crates.io/crates/object Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/16629/
I have looked into updating object, but the update to object ^0.25 is blocked because addr2line and gimli don't support 0.25 yet and are stuck at 0.24 for now. Going by previous, similar situations, it should only take days-weeks for that to be resolved upstream :D If you need it earlier, you could try poking the addr2line and gimli upstreams ...
@Fabio: Ok, thank you for the information!
Latest upstream release: 0.25.3 Current version/release in rawhide: 0.24.0-1.fc35 URL: https://crates.io/crates/object Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/16629/
Latest upstream release: 0.26.0 Current version/release in rawhide: 0.24.0-1.fc35 URL: https://crates.io/crates/object Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/16629/
@Fabio Valentini: the crates addr2line, gimli and backtrace have all been updated and now depend on object ^0.26, so we can now update this package. May I join Rust SIG to update these crates?
I don't have the power to manage SIG membership. But I will work on updating these packages starting today.
Thanks Fabio!
It looks like I need to update gimli to version 0.25 to be able to update object, addr2line, and backtrace crates, but the cranelift* and wasmtime* crates still require gimli 0.24. Do you know if it will be possible to update those to use gimli 0.25?
Latest upstream release: 0.26.1 Current version/release in rawhide: 0.24.0-2.fc35 URL: https://crates.io/crates/object Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/16629/
Latest upstream release: 0.26.2 Current version/release in rawhide: 0.24.0-2.fc35 URL: https://crates.io/crates/object Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/16629/
Hi Fabio, > It looks like I need to update gimli to version 0.25 to be able to update object, > addr2line, and backtrace crates, but the cranelift* and wasmtime* crates still > require gimli 0.24. Do you know if it will be possible to update those to use > gimli 0.25? I'm currently updating cranelift* and wasmtime* crates, which now depend on gimli 0.25 and object 0.26.
Thanks, good to know. I'll let you know once I have latest object, gimli, addr2line, and backtrace ready in a rawhide side tag.
The following builds are now available in f36-build-side-46075: - gimli 0.25.0 - object 0.26.2 - addr2line 0.16.0 - backtrace 0.3.61 To run scratch builds against these versions, you can use koji build --scratch f36-build-side-46075 ./foo.src.rpm To build real koji builds in this side tag, use fedpkg build --target f36-build-side-46075 Please ping me once your builds are done, as side tags should not be kept open for too long.
Thank you! Should I: - do all the builds for my cranelift/wasmtime update in this side tag (about 15 packages, including security updates), - or just bump the gimli/object/... dependencies in the sise-tag, then update the cranelift/wasmtime crates in another side tag ?
It's probably easiest to just continue using the f36-build-side-46075 side tag for your builds. Once they are all done, I can submit everything as a bodhi update in one go. And I suppose the whole thing needs to happen in Fedora 35 and 34 as well?
Ok, thanks. Yes, it should also be in f34 and f35. I'll ping you as soon as all the packages are updated.
Hi Fabio, Most cranelift/wasmtime are now updated in f36-build-side-46075. However I haven't updated 2 packages yet: rust-cranelift-wasm and rust-wasmtime-environ (which depends of rust-object). These 2 packages now depend of a new crate "wasmtime-types"; I've just created the review request https://bugzilla.redhat.com/show_bug.cgi?id=2006997 Should we wait for this package being approved and available?
I'll review your package (I already took a first look). There's now two options: - wait for the issues in the package review to be resolved, wait 1-2 days for the repository to be created, build, merge everything - merge side tag now (and ignore the broken dependencies in dependent rust-cranelift-wasm and rust-wasmtime-environ packages for now) If you're alright with those two packages having broken dependencies for 1-2 days, then that's fine with me. Otherwise we'll wait.
Thanks for the package review. I'm ok with merging the side tag right now. I'll update the two remaining packages once rust-wasmtime-types is accepted. As the wasmtime updates provide security fixes, the update should have: - type=security - severity=medium, - "bugs" should include 2006114,2006117,2006116,2006110,2006111,2006113,2006105,2006107,2006108 - notes=Security fix for CVE-2021-39216, CVE-2021-39218, CVE-2021-39219
FEDORA-2021-a6c7dd8296 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.
Feel free to let me know once you have pushed all your remaining updates to rawhide. I can then build everything for Fedora 35 and 34 as well.
rust-wasmtime-types's repository has been created swiftly, so I was able to push to rawhide: - rust-wasmtime-types-0.30.0-2.fc36 - rust-cranelift-wasm-0.77.0-1.fc36 - rust-wasmtime-environ-0.30.0-1.fc36 (3 CVEs)
I've submitted all those builds to fedora 35 and 34 too, as promised: f35: https://bodhi.fedoraproject.org/updates/FEDORA-2021-68713440cb f34: https://bodhi.fedoraproject.org/updates/FEDORA-2021-1805eacb48