From 9d9f31b370035de1a8399675ec0214b020a34bcb Mon Sep 17 00:00:00 2001 From: Gordon Woodhull Date: Mon, 27 Apr 2026 09:25:58 -0400 Subject: [PATCH 1/2] Pin Linux release runner to ubuntu-22.04, bump to 0.2.3 ubuntu-latest now resolves to Ubuntu 24.04 (glibc 2.39), which causes gcc to redirect strtol calls to __isoc23_strtol (new in glibc 2.38) when compiling vendored OpenSSL. The resulting binaries fail to load on Ubuntu 22.04, Debian 12, and RHEL 9 with: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found Pinning to ubuntu-22.04 builds against glibc 2.35 headers, which do not emit the C23 redirect. The floor drops to glibc 2.34 (the next-highest symbol used) and binaries again run on the distros Quarto targets. Reported in quarto-dev/quarto-cli#14445. --- .github/workflows/release.yml | 4 ++-- Cargo.lock | 2 +- Cargo.toml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 732873d..dea6786 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,9 +15,9 @@ jobs: matrix: include: - target: x86_64-unknown-linux-gnu - os: ubuntu-latest + os: ubuntu-22.04 - target: aarch64-unknown-linux-gnu - os: ubuntu-latest + os: ubuntu-22.04 - target: x86_64-apple-darwin os: macos-latest - target: aarch64-apple-darwin diff --git a/Cargo.lock b/Cargo.lock index bb3c886..f2f8d15 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2230,7 +2230,7 @@ checksum = "5613cb719a6222fe9b74027c3625d107767ec187bff26b8fc931cf58942c834f" [[package]] name = "typst-gather" -version = "0.2.2" +version = "0.2.3" dependencies = [ "clap", "ecow", diff --git a/Cargo.toml b/Cargo.toml index 06838cb..7cc0373 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "typst-gather" -version = "0.2.2" +version = "0.2.3" edition = "2021" repository = "https://github.com/quarto-dev/typst-gather" rust-version = "1.81" From 696d9f10e86ad060cea225e001bbbcc026f06cef Mon Sep 17 00:00:00 2001 From: Gordon Woodhull Date: Mon, 27 Apr 2026 09:51:54 -0400 Subject: [PATCH 2/2] Use typst-kit's vendor-openssl feature instead of direct openssl dep MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Functionally identical — same vendored OpenSSL ends up in the binary — but we no longer have to track the openssl crate version directly. One less knob to keep in sync on typst-kit upgrades. Verified resolution: - with --features vendored-openssl on x86_64-unknown-linux-gnu, cargo tree shows openssl-src 300.5.4+3.5.4 (the static OpenSSL source build) pulled in transitively as before - without the feature, openssl-src is absent and openssl-sys falls back to dynamic linking against the system libssl --- Cargo.lock | 1 - Cargo.toml | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f2f8d15..82592e9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2235,7 +2235,6 @@ dependencies = [ "clap", "ecow", "globset", - "openssl", "serde", "serde_json", "tempfile", diff --git a/Cargo.toml b/Cargo.toml index 7cc0373..4b84e07 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,11 +15,10 @@ clap = { version = "4", features = ["derive"] } toml = "0.8" walkdir = "2" globset = "0.4" -openssl = { version = "0.10", features = ["vendored"], optional = true } [features] default = [] -vendored-openssl = ["openssl"] +vendored-openssl = ["typst-kit/vendor-openssl"] [dev-dependencies] tempfile = "3"