Exiv2 v0.27.5 RC2

[clanmills]

We need to decide what's to be done about Exiv2 v0.27.5 which is currently at RC1. GM is scheduled for 2021-09-30.

I know there have been a couple of security fixes back-ported to 0.27-maintenance. There is enough time to have RC2 in mid-September (say Saturday 11 September = 9/11) and also achieve the GM on schedule.

I'm will be on vacation Friday 18 September through Monday 27 September.

I've opened issue #1890 concerning rehosting Exiv2.org on pixls.us. Let's aim to deal with that in November 2021 and not complicate the release of Exiv2 v0.27.5 with simultaneous changes to the project infrastructure.

[kevinbackhouse]

@clanmills: There are two bug fixes (for issues reported by OSS-Fuzz) that I have back-ported to 0.27-maintenance, but which haven't been merged yet: #1884 and #1889. At this moment, there are no other open OSS-Fuzz issues. So hopefully, we'll be ready for RC2 as soon as those pull requests are merged.

[clanmills]

Right. RC2 next week and GM on 2021-09-30.

I think shipping on schedule is important, so let's only do RC3 if we believe it's essential.

[clanmills]

I believe there are 7 items to be documented for v0.27.5 RC2. These are PRs which have been merged into 0.27-maintenance since RC1 shipped on 2021-08-10. They are:
https://github.com/Exiv2/exiv2/issues?q=is%3Amerged+branch%3A0.27-maintenance+updated%3A2021-08-11

Can you confirm that no other fixes are expected.

If everything is ready, I will update the release notes, preform the builds and get the release ready tomorrow (2021-09-08). I'll update this issue when the pre-release web-site has been updated for review/inspection. If no negative feedback, the release will be tagged and pushed to GitHub on Thursday (2021-09-09).

RC2 is expected to have a life of 3 weeks before promotion to 0.27.5 GM on schedule on 2021-09-30.

[kevinbackhouse]

I'm a bit puzzled by the results of that search because it doesn't include some of my fixes.
I think these are the new pull requests that were merged since RC1: #1870, #1873, #1880, #1884, #1889.

No other fixes are expected.

[clanmills]

Thanks, @kevinbackhouse. The search is a puzzle, however with your input we're in good shape. I've updated the release notes: #1018 (comment) to include:

#1870, #1873, #1880, #1884, #1889 (as you've mentioned)
and
#1862, #1861, #1860, #1859, #1857, #1854, #1828 (from the search)

For RC2, I have a separate table of for RC1->RC2. The two tables of fixes will be consolidated for GM.

Group	PR	Topic	Issue
Build	#1894	Bump revision v0.27.5.2 (RC2)	#1891
Security	#1889	Avoid reading trailing byte in string	None
Security	#1884	Throw if preview is greater than 1MB	#1881
Security	#1880	XML validation	#1877
Build	#1873	Trigger CI	None
Docs	#1870	Update 27.5 docs	None
Build	#1862	Fix macOS workflow	None
Build	#1861	Add doc to release workflow	None
Build	#1860	Update version: 0.27.5 RC1	None
Build	#1859	Enable BMFF in Actions workflows	None
Build	#1857	Fix compiler warning on Apple/M1/Clang	#1856
Build	#1854	Backport actions and fuzzer to 0.27-maintenance	None
Bug	#1828	Check value in range before casting from double to uint32_t	#1827

I've got work to do in the garden today (before the over-night rain). I'll probably do the builds this evening after band practice or first thing tomorrow.

[clanmills]

There is a serious problem with the include path. #1895. I have defeated this on the build-server. I think we should have this fixed for RC2. And there's something wrong with the Windows/CI. #1894

I was just about to release RC2 on https://pre-release.exiv2.org when I discovered the include issue. I'll manually fix the build server and update the web-site. I haven't tagged and published on GitHub as we need to address #1894.

Perhaps we should have RC3 next week with a fix to #1895.

[clanmills]

I'm unable to reproduce #1895 and have therefore closed it. #1894 has been merged into 0.27-maintenance. The builds have been performed on the MacMini and the logs have been inspected.

Thank you @kevinbackhouse for investigating the mystery concerning conan 1.40 which surfaced with #1894. I believe you have fixed this with #1897. The MacMini build server script is totally independent of the CI. Conan is only use to build with Visual Studio. The conan version on the build server has been in service for some time (probably v0.27.3 June 2020) and has given no trouble.

The release is now published at:
https://pre-release.exiv2.org/

The web-site code, scripts and release Checklist are at: URL: svn://dev.exiv2.org/svn/team/website Revision: 5321

I will tag the release and publish it on GitHub later today assuming no-one raises an issue with the build. This issue will be closed when the build has been tagged. I no longer monitor/read the Element ChatServer. Please update this issue report if you wish to STOP the release being tagged.

@alexvanderberkel You may wish to announce this on pixls.us and/or facebook after the release is tagged on GitHub.

We're on track to ship v0.27.5 GM on schedule on 2021-09-30.

[clanmills]

The release has been tagged and published on GitHub. https://github.com/Exiv2/exiv2/releases/tag/v0.27.5-RC2

Thanks to @kevinbackhouse for his efforts on behalf of Exiv2 and for his expertise in security and his build skills.