Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cargo-auditable for openSUSE:Factory
checked in at 2026-05-28 17:23:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-auditable (Old)
and /work/SRC/openSUSE:Factory/.cargo-auditable.new.1937 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cargo-auditable"
Thu May 28 17:23:48 2026 rev:10 rq:1355260 version:0.7.5~0
Changes:
--------
--- /work/SRC/openSUSE:Factory/cargo-auditable/cargo-auditable.changes
2026-04-23 17:04:25.048264904 +0200
+++
/work/SRC/openSUSE:Factory/.cargo-auditable.new.1937/cargo-auditable.changes
2026-05-28 17:24:13.492977773 +0200
@@ -1,0 +2,14 @@
+Wed May 27 04:13:51 UTC 2026 - [email protected]
+
+- Update to version 0.7.5~0:
+ * Bump cargo-auditable version to 0.7.5
+ * update changelog
+ * simplify trailing path segment extraction in package ID parser
+ * Run CI checks on 1.88 to prevent accidental MSRV drift
+ * fix clippy warning in wasm.rs
+ * handle elided name in git package ID specs
+ * Revert test version bump
+ * Bump version to 0.7.5-test.1 for CI test
+ * Add `aarch64-unknown-linux-musl` to dist targets
+
+-------------------------------------------------------------------
Old:
----
cargo-auditable-0.7.4~0.tar.zst
New:
----
cargo-auditable-0.7.5~0.tar.zst
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cargo-auditable.spec ++++++
--- /var/tmp/diff_new_pack.9gIBg4/_old 2026-05-28 17:24:15.893077121 +0200
+++ /var/tmp/diff_new_pack.9gIBg4/_new 2026-05-28 17:24:15.893077121 +0200
@@ -1,8 +1,7 @@
#
# spec file for package cargo-auditable
#
-# Copyright (c) 2026 SUSE LLC
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +21,7 @@
%define __cargo_common_opts %{?_smp_mflags}
Name: cargo-auditable
-Version: 0.7.4~0
+Version: 0.7.5~0
Release: 0
Summary: A tool to embed auditing information in ELF sections of rust
binaries
# If you know the license, put it's SPDX string here.
++++++ _service ++++++
--- /var/tmp/diff_new_pack.9gIBg4/_old 2026-05-28 17:24:15.933078777 +0200
+++ /var/tmp/diff_new_pack.9gIBg4/_new 2026-05-28 17:24:15.937078942 +0200
@@ -3,7 +3,7 @@
<param
name="url">https://github.com/rust-secure-code/cargo-auditable.git</param>
<param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
<param name="scm">git</param>
- <param name="revision">v0.7.4</param>
+ <param name="revision">v0.7.5</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.9gIBg4/_old 2026-05-28 17:24:15.961079936 +0200
+++ /var/tmp/diff_new_pack.9gIBg4/_new 2026-05-28 17:24:15.977080598 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/rust-secure-code/cargo-auditable.git</param>
- <param
name="changesrevision">1d50810095d1a40d02c4f5c38152cdb9d0ea06bd</param></service></servicedata>
+ <param
name="changesrevision">9dc5ff28ff204b73eae91bd96cde4413fdcb70e0</param></service></servicedata>
(No newline at EOF)
++++++ cargo-auditable-0.7.4~0.tar.zst -> cargo-auditable-0.7.5~0.tar.zst ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cargo-auditable-0.7.4~0/.github/workflows/check.yml
new/cargo-auditable-0.7.5~0/.github/workflows/check.yml
--- old/cargo-auditable-0.7.4~0/.github/workflows/check.yml 2026-03-04
20:15:52.000000000 +0100
+++ new/cargo-auditable-0.7.5~0/.github/workflows/check.yml 2026-05-22
01:24:53.000000000 +0200
@@ -13,7 +13,8 @@
- uses: actions-rs/toolchain@v1
with:
profile: minimal
- toolchain: stable
+ toolchain: 1.88.0
+ components: rustfmt, clippy
override: true
- name: Run cargo check
run: cargo check --workspace --locked
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cargo-auditable-0.7.4~0/Cargo.lock
new/cargo-auditable-0.7.5~0/Cargo.lock
--- old/cargo-auditable-0.7.4~0/Cargo.lock 2026-03-04 20:15:52.000000000
+0100
+++ new/cargo-auditable-0.7.5~0/Cargo.lock 2026-05-22 01:24:53.000000000
+0200
@@ -116,7 +116,7 @@
[[package]]
name = "cargo-auditable"
-version = "0.7.4"
+version = "0.7.5"
dependencies = [
"auditable-info",
"auditable-serde",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cargo-auditable-0.7.4~0/Cargo.toml
new/cargo-auditable-0.7.5~0/Cargo.toml
--- old/cargo-auditable-0.7.4~0/Cargo.toml 2026-03-04 20:15:52.000000000
+0100
+++ new/cargo-auditable-0.7.5~0/Cargo.toml 2026-05-22 01:24:53.000000000
+0200
@@ -19,7 +19,7 @@
# The installers to generate for each app
installers = ["shell", "powershell"]
# Target platforms to build apps for (Rust target-triple syntax)
-targets = ["aarch64-apple-darwin", "aarch64-unknown-linux-gnu",
"aarch64-pc-windows-msvc", "x86_64-apple-darwin", "x86_64-unknown-linux-gnu",
"x86_64-unknown-linux-musl", "x86_64-pc-windows-msvc"]
+targets = ["aarch64-apple-darwin", "aarch64-unknown-linux-gnu",
"aarch64-unknown-linux-musl", "aarch64-pc-windows-msvc", "x86_64-apple-darwin",
"x86_64-unknown-linux-gnu", "x86_64-unknown-linux-musl",
"x86_64-pc-windows-msvc"]
# Which actions to run on pull requests
pr-run-mode = "plan"
# Whether to install an updater program
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cargo-auditable-0.7.4~0/auditable-extract/src/wasm.rs
new/cargo-auditable-0.7.5~0/auditable-extract/src/wasm.rs
--- old/cargo-auditable-0.7.4~0/auditable-extract/src/wasm.rs 2026-03-04
20:15:52.000000000 +0100
+++ new/cargo-auditable-0.7.5~0/auditable-extract/src/wasm.rs 2026-05-22
01:24:53.000000000 +0200
@@ -7,10 +7,8 @@
pub(crate) fn raw_auditable_data_wasm(input: &[u8]) -> Result<&[u8], Error> {
for payload in wasmparser::Parser::new(0).parse_all(input) {
match payload.map_err(|_| Error::MalformedFile)? {
- Payload::CustomSection(reader) => {
- if reader.name() == ".dep-v0" {
- return Ok(reader.data());
- }
+ Payload::CustomSection(reader) if reader.name() == ".dep-v0" => {
+ return Ok(reader.data());
}
// We reached the end without seeing ".dep-v0" custom section
Payload::End(_) => return Err(Error::NoAuditData),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cargo-auditable-0.7.4~0/cargo-auditable/CHANGELOG.md
new/cargo-auditable-0.7.5~0/cargo-auditable/CHANGELOG.md
--- old/cargo-auditable-0.7.4~0/cargo-auditable/CHANGELOG.md 2026-03-04
20:15:52.000000000 +0100
+++ new/cargo-auditable-0.7.5~0/cargo-auditable/CHANGELOG.md 2026-05-22
01:24:53.000000000 +0200
@@ -5,6 +5,12 @@
The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic
Versioning](https://semver.org/spec/v2.0.0.html).
+## [0.7.5] - 2026-05-22
+
+### Fixed
+
+ - Fixed build failures with git dependencies with multiple packages when
using [Cargo's native SBOM
precursor](https://doc.rust-lang.org/cargo/reference/unstable.html#sbom).
+
## [0.7.4] - 2026-03-04
### Fixed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cargo-auditable-0.7.4~0/cargo-auditable/Cargo.toml
new/cargo-auditable-0.7.5~0/cargo-auditable/Cargo.toml
--- old/cargo-auditable-0.7.4~0/cargo-auditable/Cargo.toml 2026-03-04
20:15:52.000000000 +0100
+++ new/cargo-auditable-0.7.5~0/cargo-auditable/Cargo.toml 2026-05-22
01:24:53.000000000 +0200
@@ -1,6 +1,6 @@
[package]
name = "cargo-auditable"
-version = "0.7.4"
+version = "0.7.5"
edition = "2021"
authors = ["Sergey \"Shnatsel\" Davidoff <[email protected]>"]
license = "MIT OR Apache-2.0"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cargo-auditable-0.7.4~0/cargo-auditable/src/sbom_precursor.rs
new/cargo-auditable-0.7.5~0/cargo-auditable/src/sbom_precursor.rs
--- old/cargo-auditable-0.7.4~0/cargo-auditable/src/sbom_precursor.rs
2026-03-04 20:15:52.000000000 +0100
+++ new/cargo-auditable-0.7.5~0/cargo-auditable/src/sbom_precursor.rs
2026-05-22 01:24:53.000000000 +0200
@@ -149,8 +149,11 @@
/// proto := "http" | "git" | "file" | ...
/// ```
/// where:
-/// - the name is always present except when the kind is `path` and the last
segment of the path doesn't match the name
-/// - the query string is only present for git dependencies (which we can
ignore since we don't record git information)
+/// - the `[ name "@" ]` segment is elided when the crate name equals the
URL's last path
+/// segment (i.e. for `path` deps where the directory name matches, and
`git` deps where
+/// the repo name matches)
+/// - the query string is only present for git dependencies (which we can
ignore since we don't
+/// record git information)
fn parse_fully_qualified_package_id(id: &str) -> (String, Version, Source) {
let (kind, rest) = id.split_once('+').expect("Package ID to have a kind");
let (url, rest) = rest
@@ -164,39 +167,114 @@
_ => Source::Other(kind.to_string()),
};
- if source == Source::Local {
- // For local packages, the name might be in the suffix after '#' if it
has
- // a diferent name than the last segment of the path.
- if let Some((name, version)) = rest.split_once('@') {
- (
- name.to_string(),
- semver::Version::parse(version).expect("Version to be valid
SemVer"),
- source,
- )
- } else {
- // If no name is specified, use the last segment of the path as
the name
- let name = url
- .split('/')
- .next_back()
- .unwrap()
- .split('\\')
- .next_back()
- .unwrap();
- (
- name.to_string(),
- semver::Version::parse(rest).expect("Version to be valid
SemVer"),
- source,
- )
- }
- } else {
- // For other sources, the name and version are after the '#',
separated by '@'
- let (name, version) = rest
- .split_once('@')
- .expect("Package ID to have a name and version");
+ // `rest` is usually `name@version`, but cargo elides `name@` when the
crate name
+ // equals the URL's last path segment. This applies to `path` deps and to
git deps
+ // pointing at a repo whose name matches the crate (e.g. top-level
`rayon`); sub-crates
+ // in the same repo still carry the name explicitly.
+ //
+ // path+file:///abs/path/sample-package#0.1.0
+ // git+https://github.com/rayon-rs/rayon?branch=foo#1.11.0
+ // git+https://github.com/rayon-rs/rayon?branch=foo#[email protected]
+ if let Some((name, version)) = rest.split_once('@') {
(
name.to_string(),
semver::Version::parse(version).expect("Version to be valid
SemVer"),
source,
)
+ } else {
+ // Recover the elided name from the URL's last path segment.
+ // Strip the optional `?query` first; accept `\` for Windows local
paths.
+ let path = url.split_once('?').map(|(p, _)| p).unwrap_or(url);
+ let name = path
+ .rsplit(['/', '\\'])
+ .next()
+ .filter(|segment| !segment.is_empty())
+ .expect("Package ID URL to end with a package name");
+ (
+ name.to_string(),
+ semver::Version::parse(rest).expect("Version to be valid SemVer"),
+ source,
+ )
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ fn assert_id(id: &str, expected_name: &str, expected_version: &str,
expected_source: Source) {
+ let (name, version, source) = parse_fully_qualified_package_id(id);
+ assert_eq!(name, expected_name, "name mismatch for {id}");
+ assert_eq!(
+ version.to_string(),
+ expected_version,
+ "version mismatch for {id}"
+ );
+ assert_eq!(source, expected_source, "source mismatch for {id}");
+ }
+
+ #[test]
+ fn registry_with_name() {
+ assert_id(
+
"registry+https://github.com/rust-lang/crates.io-index#[email protected]";,
+ "zerocopy",
+ "0.8.16",
+ Source::CratesIo,
+ );
+ }
+
+ #[test]
+ fn path_with_elided_name() {
+ // Directory name matches crate name, so cargo elides `name@`.
+ assert_id(
+ "path+file:///tmp/sample-package#0.1.0",
+ "sample-package",
+ "0.1.0",
+ Source::Local,
+ );
+ }
+
+ #[test]
+ fn path_with_explicit_name() {
+ // Directory name differs from crate name, so cargo emits `name@`.
+ assert_id(
+ "path+file:///tmp/some-dir#[email protected]",
+ "different-name",
+ "0.1.0",
+ Source::Local,
+ );
+ }
+
+ #[test]
+ fn git_with_explicit_name() {
+ // Sub-crate inside a git repo: name is present.
+ assert_id(
+
"git+https://github.com/rayon-rs/rayon?branch=main#[email protected]";,
+ "rayon-core",
+ "1.13.0",
+ Source::Git,
+ );
+ }
+
+ #[test]
+ fn git_with_elided_name() {
+ // Crate name matches the repo's last path segment, so cargo elides
+ // `name@`. Regression test: this used to panic.
+ assert_id(
+ "git+https://github.com/rayon-rs/rayon?branch=main#1.11.0";,
+ "rayon",
+ "1.11.0",
+ Source::Git,
+ );
+ }
+
+ #[test]
+ fn git_with_elided_name_no_query() {
+ assert_id(
+ "git+https://github.com/rayon-rs/rayon#1.11.0";,
+ "rayon",
+ "1.11.0",
+ Source::Git,
+ );
}
}
++++++ cargo-auditable.obsinfo ++++++
--- /var/tmp/diff_new_pack.9gIBg4/_old 2026-05-28 17:24:16.273092851 +0200
+++ /var/tmp/diff_new_pack.9gIBg4/_new 2026-05-28 17:24:16.277093017 +0200
@@ -1,5 +1,5 @@
name: cargo-auditable
-version: 0.7.4~0
-mtime: 1772651752
-commit: 1d50810095d1a40d02c4f5c38152cdb9d0ea06bd
+version: 0.7.5~0
+mtime: 1779405893
+commit: 9dc5ff28ff204b73eae91bd96cde4413fdcb70e0
++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/cargo-auditable/vendor.tar.zst
/work/SRC/openSUSE:Factory/.cargo-auditable.new.1937/vendor.tar.zst differ:
char 7, line 1
