Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a new release that includes the libgit2 fixes #10446

Closed
dbrgn opened this issue Mar 2, 2022 · 8 comments
Closed

Create a new release that includes the libgit2 fixes #10446

dbrgn opened this issue Mar 2, 2022 · 8 comments
Labels
A-cargo-api Area: cargo-the-library API and internal code issues C-bug Category: bug

Comments

@dbrgn
Copy link
Contributor

dbrgn commented Mar 2, 2022

Problem

The currently released cargo version transitively depends on a libgit2-sys version that segfault in combination with the current stable libgit2 release (1.4.2). This was fixed in #10442, but wasn't released yet.

Because projects can only link against one version of a -sys crate, projects that depend on cargo cannot bump the dependencies themselves, because otherwise there is a linker conflict.

Affected projects are cargo-outdated, cargo-crev and others. All these projects segfault when being used on an up-to-date Arch Linux system, and the maintainers of these cargo plugins can't do anything about it until a new cargo release is out.

Steps

  1. Install cargo-outdated on an up to date Arch Linux system
  2. Run cargo outdated in a repository that contains git dependencies
  3. Segfault

Possible Solution(s)

Publish a new patch release containing the fix from #10442.

Notes

No response

Version

cargo 0.60.0
@dbrgn dbrgn added the C-bug Category: bug label Mar 2, 2022
@dbrgn dbrgn mentioned this issue Mar 2, 2022
Closed
Frederick888 added a commit to kbknapp/cargo-outdated that referenced this issue Mar 2, 2022
@Frederick888
fix: Pin down git2 dependencies to avoid segfault
6ed10c6 
See also [1][2]. Fixes #307.

[1] rust-lang/git2-rs#813
[2] rust-lang/cargo#10446
@alerque
Copy link
Contributor

alerque commented Mar 3, 2022

Also affected, cargo-edit (I'm the Arch packager)

@Frederick888 did that downgrade patch you did on cargo-outdated actually work?

It seems like besides the immediate fix of getting everybody on the save version of libgit2, this is a bit of a bug in the whole ecosystem. Why is it even possible to build something depending on both cargo and libgit2-sys in such a way that is just going to segfault?

@Frederick888
Copy link
Contributor

No :( I thought I magically fixed it somehow cos my debug build didn't segfault, but --release just brought it back.

If this is really urgent, I guess you can vendor a copy of patched cargo and update cargo-edit's manifest.

@Jake-Shadle Jake-Shadle mentioned this issue Mar 9, 2022
Closed
3 tasks
@dbrgn dbrgn mentioned this issue Mar 26, 2022
Closed
@Mrmaxmeier
Copy link

Note: v0.61.0 was released recently. Unfortunately though, it looks like dd701a1 is not in the rust-1.60.0 branch, which the 0.61.0 cargo release is based on.

@dbrgn
Copy link
Contributor Author

dbrgn commented Apr 8, 2022

@Mark-Simulacrum any chance for a 0.61.1 release that contains this fix? A lot of cargo plugins are broken on distros with a recent libgit2 😕

@Mark-Simulacrum
Copy link
Member

The Cargo team would need to decide whether that makes sense ultimately.

To clarify, we'd just need a crates.io release, right? The published cargo binaries built on our infrastructure aren't affected by this? That makes it pretty easy to do a backport and release I think.

@Mark-Simulacrum Mark-Simulacrum added the I-nominated-to-discuss To be discussed during issue triage on the next Cargo team meeting label Apr 8, 2022
@kpcyrd
Copy link

kpcyrd commented Apr 8, 2022

To clarify, we'd just need a crates.io release, right?

I think so, yes.

@ehuss
Copy link
Contributor

ehuss commented Apr 12, 2022

We'd be fine making a new release. Someone needs to post a PR to backport the change to the rust-1.60.0 branch, and bump the version. I can publish a new release after that.

@ehuss ehuss added A-cargo-api Area: cargo-the-library API and internal code issues and removed I-nominated-to-discuss To be discussed during issue triage on the next Cargo team meeting labels Apr 12, 2022
@Mrmaxmeier Mrmaxmeier mentioned this issue Apr 12, 2022
Merged
bors added a commit that referenced this issue Apr 13, 2022
@bors
Auto merge of #10557 - Mrmaxmeier:backport-libgit2-update, r=ehuss
2ff0b40 
Backport git2 update #10442 as 0.61.1

This is a version bump and backport of the git2 updates in #10442 to the `rust-1.60.0` branch.

Closes #10446
@ehuss
Copy link
Contributor

ehuss commented Apr 13, 2022

I have published v0.61.1.

@ehuss ehuss closed this as completed Apr 13, 2022
@sgued sgued mentioned this issue May 15, 2022
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-cargo-api Area: cargo-the-library API and internal code issues C-bug Category: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ehuss @dbrgn @alerque @Mrmaxmeier @Frederick888 @Mark-Simulacrum @kpcyrd