| Age | Commit message (Collapse) | Author | Lines |
|---|
|
r=pietroalbini
[stable] Destabilize the `Error::type_id` function
This commit destabilizes the `Error::type_id` function in the standard library.
This does so by effectively reverting #58048, restoring the `#[unstable]`
attribute. The security mailing list has recently been notified of a
vulnerability relating to the stabilization of this function. First stabilized
in Rust 1.34.0, a stable function here allows users to implement a custom
return value for this function:
struct MyType;
impl Error for MyType {
fn type_id(&self) -> TypeId {
// Enable safe casting to `String` by accident.
TypeId::of::<String>()
}
}
This, when combined with the `Error::downcast` family of functions, allows
safely casting a type to any other type, clearly a memory safety issue! A
formal announcement has been made to the [security mailing list](https://groups.google.com/forum/#!topic/rustlang-security-announcements/aZabeCMUv70) as well as [the blog](https://blog.rust-lang.org/2019/05/13/Security-advisory.html)
This commit simply destabilizes the `Error::type_id` which, although breaking
for users since Rust 1.34.0, is hoped to have little impact and has been deemed
sufficient to mitigate this issue for the stable channel. The long-term fate of
the `Error::type_id` API will be discussed at #60784.
|
|
|
|
|
|
This commit destabilizes the `Error::type_id` function in the standard library.
This does so by effectively reverting #58048, restoring the `#[unstable]`
attribute. The security mailing list has recently been notified of a
vulnerability relating to the stabilization of this function. First stabilized
in Rust 1.34.0, a stable function here allows users to implement a custom
return value for this function:
struct MyType;
impl Error for MyType {
fn type_id(&self) -> TypeId {
// Enable safe casting to `String` by accident.
TypeId::of::<String>()
}
}
This, when combined with the `Error::downcast` family of functions, allows
safely casting a type to any other type, clearly a memory safety issue! A
security announcement will be shortly posted to the security mailing list as
well as the Rust Blog, and when those links are available they'll be filled in
for this PR as well.
This commit simply destabilizes the `Error::type_id` which, although breaking
for users since Rust 1.34.0, is hoped to have little impact and has been deemed
sufficient to mitigate this issue for the stable channel. The long-term fate of
the `Error::type_id` API will be discussed at #60784.
|
|
[stable] 1.34.1 point release
The release date is April 25th.
Included in this point release:
* #59891: Fix the link to sort_by_cached_key
* #59989: Fix links to Atomic* in RELEASES.md
* https://github.com/rust-lang/rust-clippy/pull/3805: Fix ICE https://github.com/rust-lang/rust-clippy/issue/3747
* https://github.com/rust-lang/rust-clippy/pull/3821: do not trigger redundant_closure when there is a difference in borrow...
* https://github.com/rust-lang/rust-clippy/pull/3844: Fix two missing_const_for_fn false positives
|
|
|
|
|
|
|
|
|
|
|
|
It's a primitive slice method, not a standalone function.
|
|
[stable] Cherry-pick stdlib fix
Cherry-picked:
* #59835: Re-export NonZero signed variant in std
r? @Mark-Simulacrum
cc https://github.com/rust-lang/rust/issues/59834 @rust-lang/release
|
|
|
|
|
|
[stable] Rust 1.34.0
cc @rust-lang/release
r? @ghost
|
|
|
|
[beta] Rollup backports
Cherry-picked:
* #58021: Fix fallout from #57667
* #59599: Updated RELEASES.md for 1.34.0
* #59587: Remove #[doc(hidden)] from Error::type_id
* #58994: Hide deprecation warnings inside derive expansions
* #58015: Expand docs for `TryFrom` and `TryInto`.
* #59770: ci: pin android emulator to 28.0.23
* #59704: ci: Update FreeBSD tarball downloads
* #59257: Update CI configuration for building Redox libraries
* #59724: Function arguments should never get promoted
* #59499: Fix broken download link in the armhf-gnu image
* #58330: Add rustdoc JS non-std tests
* #58848: Prevent cache issues on version updates
r? @ghost
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
These appear to have disappeared from the original server, so I acquired
the contents from a different mirror and uploaded them to our S3 bucket
|
|
|
|
|
|
|
|
|
|
Unfortunately trying to run doctests on my local machine is
not really faster than letting Travis do it...
|
|
|
|
|
|
They're not as good as `From` 'cause they don't stringify
the types and generate examples and so on, but it's a start.
|
|
The examples are still lacking for now, both for module docs
and for methods/impl's.
|
|
|
|
|
|
Co-Authored-By: XAMPPRocky <4464295+XAMPPRocky@users.noreply.github.com>
|
|
|
