Skip to content

[stable] Fix CVE-2024-43402 #129960

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 4, 2024
Merged

[stable] Fix CVE-2024-43402 #129960

merged 3 commits into from
Sep 4, 2024

Conversation

pietroalbini
Copy link
Member

Backport the fix for CVE-2024-43402 in the upcoming 1.81.0. See GHSA-2xg3-7mm6-98jj for more information about it.

This also includes #129944 as a last-minute fix to the relnotes.

cc @BoxyUwU as you are driving this release
r? @ghost

@rustbot rustbot added O-windows Operating system: Windows S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue. T-release Relevant to the release subteam, which will review and decide on the PR/issue. labels Sep 4, 2024
@pietroalbini pietroalbini marked this pull request as ready for review September 4, 2024 15:05
@pietroalbini
Copy link
Member Author

@bors r+ p=1000 rollup=never

@bors
Copy link
Collaborator

bors commented Sep 4, 2024

📌 Commit b666f82 has been approved by pietroalbini

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Sep 4, 2024
@pietroalbini pietroalbini mentioned this pull request Sep 4, 2024
Merged
@bors
Copy link
Collaborator

bors commented Sep 4, 2024

⌛ Testing commit b666f82 with merge eeb90cd...

@pietroalbini pietroalbini mentioned this pull request Sep 4, 2024
Merged
@lqd
Copy link
Member

lqd commented Sep 4, 2024

Good luck with the CI gods, friend 🤞

@bors
Copy link
Collaborator

bors commented Sep 4, 2024

☀️ Test successful - checks-actions
Approved by: pietroalbini
Pushing eeb90cd to stable...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Sep 4, 2024
@bors bors merged commit eeb90cd into rust-lang:stable Sep 4, 2024
7 checks passed
@rustbot rustbot added this to the 1.81.0 milestone Sep 4, 2024
@pietroalbini pietroalbini deleted the pa-cve-2024-43402 branch September 4, 2024 17:38
@tgross35
Copy link
Contributor

tgross35 commented Sep 4, 2024

I'm in disbelief that the stable, beta and nightly PRs all made it in with no retries needed. Thanks Bors!

@pietroalbini pietroalbini mentioned this pull request Jan 23, 2025
Merged
@Hoverbear Hoverbear mentioned this pull request Jan 23, 2025
Merged
bors-ferrocene bot added a commit to ferrocene/ferrocene that referenced this pull request Jan 24, 2025
@bors-ferrocene @pietroalbini
Merge #1245
dddd1c2 
1245: [1.83] Backport KP docs, release notes fix r=pietroalbini a=Hoverbear

Backports

* #1244 

Also backports rust-lang/rust@24906b5 which which upstream is also doing: rust-lang/rust#135934

In the case of 24906b5, this is somewhat of a special circumstance. We noticed during our own release process that our 1.81 (so 24.11) release notes had changed and this change (along with rust-lang/rust#126967 which was removed with rust-lang/rust#129995) had disappeared. We confirmed the fix for rust-lang/rust#129960 is indeed in tree, but upstream never ported the release note update to their main branch. This port is being done in rust-lang/rust#135934.



Co-authored-by: Pietro Albini <pietro.albini@ferrous-systems.com>
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Jan 25, 2025
@matthiaskrgr
Rollup merge of rust-lang#135934 - ferrocene:pa-1.81-relnotes, r=Mark…
f421636 
…-Simulacrum

Include missing item in the 1.81 release notes

It was pointed out to me that when I prepared the CVE-2024-43402 fix in the stable branch, I added the release notes in the stable PR (rust-lang#129960), but I forgot to do so in the beta or nightly PR. Because of that, the relnotes line only appeared in 1.81, and disappeared afterwards.
rust-timer added a commit to rust-lang-ci/rust that referenced this pull request Jan 26, 2025
@rust-timer
Unrolled build for rust-lang#135934
45e2ccb 
Rollup merge of rust-lang#135934 - ferrocene:pa-1.81-relnotes, r=Mark-Simulacrum

Include missing item in the 1.81 release notes

It was pointed out to me that when I prepared the CVE-2024-43402 fix in the stable branch, I added the release notes in the stable PR (rust-lang#129960), but I forgot to do so in the beta or nightly PR. Because of that, the relnotes line only appeared in 1.81, and disappeared afterwards.
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
merged-by-bors This PR was explicitly merged by bors. O-windows Operating system: Windows S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue. T-release Relevant to the release subteam, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.81.0
Development

Successfully merging this pull request may close these issues.
7 participants
@pietroalbini @bors @lqd @tgross35 @rustbot @ChrisDenton @Mark-Simulacrum