Opened 13 months ago
Last modified 12 months ago
#19557 closed enhancement
rustc-1.78.0 — at Version 6
| Reported by: | Bruce Dubbs | Owned by: | Xi Ruoyao |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by ) ¶
New minor version.
Change History (6)
comment:1 by , 13 months ago
comment:2 by , 13 months ago
| Milestone: | 12.2 → 99-Waiting |
|---|---|
| Summary: | rustc-1.77.1 → rustc-1.77.1 (wait for the next release) |
As it's not affecting Linux at all, let's skip this version.
comment:3 by , 12 months ago
| Milestone: | 99-Waiting → 12.2 |
|---|---|
| Summary: | rustc-1.77.1 (wait for the next release) → rustc-1.77.2 |
comment:4 by , 12 months ago
1.77.2:
This release includes a fix for CVE-2024-24576.
Before this release, the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping.
This vulnerability is CRITICAL if you are invoking batch files on Windows with untrusted arguments. No other platform or use is affected.
comment:5 by , 12 months ago
| Milestone: | 12.2 → 99-Waiting |
|---|---|
| Summary: | rustc-1.77.2 → rustc-1.77.2 (wait for the next release) |
Hmm, still not affecting us. Note that BLFS rustc configuration does not support cross-compiling for Windoge targets.
comment:6 by , 12 months ago
| Description: | modified (diff) |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
| Summary: | rustc-1.77.2 (wait for the next release) → rustc-1.78.0 |
Note that Mozilla SIMD code FTBFS with 1.78.0, thus we need to disable rust-simd for Mozilla trios.
Cargo enabled stripping of debuginfo in release builds by default in Rust 1.77.0. However, due to a pre-existing issue, debuginfo stripping does not behave in the expected way on Windows with the MSVC toolchain.
Rust 1.77.1 therefore disables the new Cargo behavior on Windows for targets that use MSVC. There are no changes for other targets. We plan to eventually re-enable debuginfo stripping in release mode in a later Rust release.