rpms/rust
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Upstream update available: rust 1.88.0 → 1.96.0 #2

New issue
Open
opened 2026-05-29 03:49:42 +03:00 by sbelikov · 0 comments
sbelikov commented 2026-05-29 03:49:42 +03:00
Owner
Copy link

Upstream update available: rust 1.88.01.96.0

Package

  • Package: rust
  • RPM name: rust
  • Branch: niceos-5.2
  • Current EVR: 1.88.0-1
  • Update class: minor
  • Compare method: python_rpm
  • Update policy: leaf
  • Risk tags: github-upstream

Upstream

Signals

  • Security-relevant keywords detected: True
  • Policy blocked: False
  • Policy reason: -
  • Labels: ai-summary, bot, needs-build, needs-triage, priority/high, security-release, update/minor, upstream-update, upstream/github

NiceSOFT AI preliminary stability analysis

Analysis of Rust 1.96.0 Upstream Update for NACS.OS

Key Details

  • Package: Rust (1.88.0 → 1.96.0)
  • Update Type: Minor (non-major)
  • Policy: "Leaf" (no major security implications)
  • Security Keywords: Detected (potential vulnerability)
  • Release Notes: Includes compiler features, API updates, and optimizations (e.g., assert_matches!, ManuallyDrop, and compiler-level improvements).

Risk Evaluation

  1. Severity:

    • Medium Risk: The update includes compiler-level changes (e.g., assert_matches!, ManuallyDrop) and feature additions, which could affect code behavior or compatibility.
    • Potential Vulnerability: The "security keywords" suggest a potential security flaw (e.g., buffer overflows, memory issues, or unpatched vulnerabilities).

  2. Impact on NACS.OS:

    • Compatibility: Minor changes may require testing for ABI stability or platform-specific adjustments.
    • Security: If the update introduces a known vulnerability (e.g., a buffer overflow or memory corruption), it could expose the system to risks.

Recommendations

  1. Apply the Update:

    • Proceed with the update if it aligns with NACS.OS's goals (e.g., improved performance, new features).
    • Monitor for Security Advisories: Check for patches or updates from the Rust team (e.g., Rust's release notes) or community advisories.

  2. Testing:

    • Code Review: Test critical applications (e.g., financial systems, security modules) for ABI stability and behavioral changes.
    • Static Analysis: Use tools like rustfmt, cargo clippy, or cargo audit to detect potential issues.

  3. Documentation:

    • Update documentation to reflect changes in API behavior (e.g., assert_matches! or ManuallyDrop).
    • Note any breaking changes in the release notes.

Conclusion

The Rust 1.96.0 update is minor but includes compiler-level improvements and feature additions. While the risk is medium, it is not a major security vulnerability unless explicitly flagged. Apply the update cautiously, test critical components, and monitor for security advisories.

Action Plan:

  • Apply the update with caution.
  • Test for ABI stability and security risks.
  • Document changes and monitor for patches.

Источники, найденные web_search

  1. GitHub release API: rust-lang/rust 1.96.0
  2. GitHub tag page: rust-lang/rust 1.96.0
  3. GitHub releases page: rust-lang/rust
  4. GitHub compare page: rust-lang/rust 1.88.0...1.96.0
  5. GIF-y z serii Pies | Tenor
  6. 1.96.0 | Rust Changelogs - releases.rs
  7. Piesek GIFs - Find & Share on GIPHY
  8. Rust Release Notes
  9. Парк-отель «Усадьба Морозовка», Московская обл.

Upstream release notes / description

Language

Compiler

Libraries

Stabilized APIs

Cargo

Rustdoc

Compatibility Notes

...[truncated 732 chars]

NiceOS maintainer checklist

  • Confirm that the detected version is a stable upstream release.
  • Check upstream changelog for security fixes, ABI/API changes and build-system changes.
  • Check ABI/API compatibility and reverse dependencies.
  • Download source into NiceOS lookaside storage.
  • Update Version and related fields in SPECS/*.spec only if policy allows it.
  • Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
  • Build SRPM/RPM in a clean NiceOS buildroot.
  • Run package smoke tests.
  • Link PR/build logs and close this issue after update or triage.

Bot metadata

  • Tool: niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages
  • Generated at: 2026-06-12T00:34:03Z
<!-- niceos-upstream-monitor:fingerprint=upstream-update:rust:1.96.0 --> <!-- niceos-upstream-monitor:package=rust --> <!-- niceos-upstream-monitor:current=1.88.0 --> <!-- niceos-upstream-monitor:latest=1.96.0 --> # Upstream update available: `rust` `1.88.0` → `1.96.0` ## Package - Package: `rust` - RPM name: `rust` - Branch: `niceos-5.2` - Current EVR: `1.88.0-1` - Update class: `minor` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream` ## Upstream - Upstream type: `github` - Upstream project: `rust-lang/rust` - Upstream URL: <a href="https://github.com/rust-lang/rust" target="_blank" rel="noopener noreferrer">github.com — rust</a> - Detected version: `1.96.0` - Tag/release: `1.96.0` - Source: `github_release_latest` - Published: `2026-05-28T17:50:42Z` - Release URL: <a href="https://github.com/rust-lang/rust/releases/tag/1.96.0" target="_blank" rel="noopener noreferrer">github.com — 1.96.0</a> - Source URL: <a href="https://api.github.com/repos/rust-lang/rust/tarball/1.96.0" target="_blank" rel="noopener noreferrer">api.github.com — 1.96.0</a> - Pre-release: `False` ## Signals - Security-relevant keywords detected: `True` - Policy blocked: `False` - Policy reason: `-` - Labels: `ai-summary, bot, needs-build, needs-triage, priority/high, security-release, update/minor, upstream-update, upstream/github` ## NiceSOFT AI preliminary stability analysis ### **Analysis of Rust 1.96.0 Upstream Update for NACS.OS** #### **Key Details** - **Package**: Rust (1.88.0 → 1.96.0) - **Update Type**: Minor (non-major) - **Policy**: "Leaf" (no major security implications) - **Security Keywords**: Detected (potential vulnerability) - **Release Notes**: Includes compiler features, API updates, and optimizations (e.g., `assert_matches!`, `ManuallyDrop`, and compiler-level improvements). --- ### **Risk Evaluation** 1. **Severity**: - **Medium Risk**: The update includes **compiler-level changes** (e.g., `assert_matches!`, `ManuallyDrop`) and **feature additions**, which could affect code behavior or compatibility. - **Potential Vulnerability**: The "security keywords" suggest a **potential security flaw** (e.g., buffer overflows, memory issues, or unpatched vulnerabilities). 2. **Impact on NACS.OS**: - **Compatibility**: Minor changes may require testing for ABI stability or platform-specific adjustments. - **Security**: If the update introduces a **known vulnerability** (e.g., a buffer overflow or memory corruption), it could expose the system to risks. --- ### **Recommendations** 1. **Apply the Update**: - Proceed with the update if it aligns with NACS.OS's goals (e.g., improved performance, new features). - **Monitor for Security Advisories**: Check for patches or updates from the Rust team (e.g., <a href="https://doc.rust-lang.org/stable/releases.html" target="_blank" rel="noopener noreferrer">Rust's release notes</a>) or community advisories. 2. **Testing**: - **Code Review**: Test critical applications (e.g., financial systems, security modules) for **ABI stability** and **behavioral changes**. - **Static Analysis**: Use tools like `rustfmt`, `cargo clippy`, or `cargo audit` to detect potential issues. 3. **Documentation**: - Update documentation to reflect changes in API behavior (e.g., `assert_matches!` or `ManuallyDrop`). - Note any **breaking changes** in the release notes. --- ### **Conclusion** The Rust 1.96.0 update is **minor** but includes **compiler-level improvements** and **feature additions**. While the risk is **medium**, it is **not a major security vulnerability** unless explicitly flagged. Apply the update cautiously, test critical components, and monitor for security advisories. **Action Plan**: - Apply the update with caution. - Test for ABI stability and security risks. - Document changes and monitor for patches. ### Источники, найденные web_search 1. <a href="https://github.com/rust-lang/rust/releases/tag/1.96.0" target="_blank" rel="noopener noreferrer">GitHub release API: rust-lang/rust 1.96.0</a> 2. <a href="https://github.com/rust-lang/rust/tree/1.96.0" target="_blank" rel="noopener noreferrer">GitHub tag page: rust-lang/rust 1.96.0</a> 3. <a href="https://github.com/rust-lang/rust/releases" target="_blank" rel="noopener noreferrer">GitHub releases page: rust-lang/rust</a> 4. <a href="https://github.com/rust-lang/rust/compare/1.88.0...1.96.0" target="_blank" rel="noopener noreferrer">GitHub compare page: rust-lang/rust 1.88.0...1.96.0</a> 5. <a href="https://tenor.com/pl/search/pies-gifs" target="_blank" rel="noopener noreferrer">GIF-y z serii Pies | Tenor</a> 6. <a href="https://releases.rs/docs/1.96.0/" target="_blank" rel="noopener noreferrer">1.96.0 | Rust Changelogs - releases.rs</a> 7. <a href="https://giphy.com/explore/piesek" target="_blank" rel="noopener noreferrer">Piesek GIFs - Find &amp; Share on GIPHY</a> 8. <a href="https://doc.rust-lang.org/stable/releases.html" target="_blank" rel="noopener noreferrer">Rust Release Notes</a> 9. <a href="https://morozovka.ru/" target="_blank" rel="noopener noreferrer">Парк-отель «Усадьба Морозовка», Московская обл.</a> ## Upstream release notes / description <a id="1.96.0-Language"></a> ## Language - <a href="https://github.com/rust-lang/rust/pull/146961" target="_blank" rel="noopener noreferrer">Allow passing `expr` metavariable to `cfg`</a> - <a href="https://github.com/rust-lang/rust/pull/147834" target="_blank" rel="noopener noreferrer">Always coerce never types in tuple expressions</a> - <a href="https://github.com/rust-lang/rust/pull/150316" target="_blank" rel="noopener noreferrer">Avoid incorrect inference guidance of function arguments in rare cases</a> - <a href="https://github.com/rust-lang/rust/pull/154184" target="_blank" rel="noopener noreferrer">Support s390x vector registers in inline assembly</a> - <a href="https://github.com/rust-lang/rust/pull/154891" target="_blank" rel="noopener noreferrer">Allow using constants of type `ManuallyDrop` as patterns (fixing a regression introduced in 1.94.0)</a> <a id="1.96.0-Compiler"></a> ## Compiler - <a href="https://github.com/rust-lang/rust/pull/153427" target="_blank" rel="noopener noreferrer">Enable link relaxation feature for LoongArch Linux targets</a> - <a href="https://github.com/rust-lang/rust/pull/155072" target="_blank" rel="noopener noreferrer">Update `riscv64gc-unknown-fuchsia` baseline to RVA22 + vector</a> <a id="1.96.0-Libraries"></a> ## Libraries - <a href="https://github.com/rust-lang/rust/pull/127534" target="_blank" rel="noopener noreferrer">Support iterating over ranges of `NonZero` integers</a> - <a href="https://github.com/rust-lang/rust/pull/152615" target="_blank" rel="noopener noreferrer">refactor 'valid for read/write' definition: exclude null; add that as an exception on individual methods instead</a> - <a href="https://github.com/rust-lang/rust/pull/152851" target="_blank" rel="noopener noreferrer">Fix SGX delayed host lookup via ToSocketAddr</a> <a id="1.96.0-Stabilized-APIs"></a> ## Stabilized APIs - <a href="https://doc.rust-lang.org/stable/std/macro.assert_matches.html" target="_blank" rel="noopener noreferrer">`assert_matches!`</a> - <a href="https://doc.rust-lang.org/stable/std/macro.debug_assert_matches.html" target="_blank" rel="noopener noreferrer">`debug_assert_matches!`</a> - <a href="https://doc.rust-lang.org/stable/std/panic/struct.AssertUnwindSafe.html#impl-From%3CT%3E-for-AssertUnwindSafe%3CT%3E" target="_blank" rel="noopener noreferrer">`From&lt;T&gt; for AssertUnwindSafe&lt;T&gt;`</a> - <a href="https://doc.rust-lang.org/stable/std/cell/struct.LazyCell.html#impl-From%3CT%3E-for-LazyCell%3CT,+F%3E" target="_blank" rel="noopener noreferrer">`From&lt;T&gt; for LazyCell&lt;T, F&gt;`</a> - <a href="https://doc.rust-lang.org/stable/std/sync/struct.LazyLock.html#impl-From%3CT%3E-for-LazyLock%3CT,+F%3E" target="_blank" rel="noopener noreferrer">`From&lt;T&gt; for LazyLock&lt;T, F&gt;`</a> - <a href="https://doc.rust-lang.org/stable/core/range/struct.RangeToInclusive.html" target="_blank" rel="noopener noreferrer">`core::range::RangeToInclusive`</a> - <a href="https://doc.rust-lang.org/stable/core/range/struct.RangeToInclusiveIter.html" target="_blank" rel="noopener noreferrer">`core::range::RangeToInclusiveIter`</a> - <a href="https://doc.rust-lang.org/stable/core/ops/struct.RangeFrom.html" target="_blank" rel="noopener noreferrer">`core::range::RangeFrom`</a> - <a href="https://doc.rust-lang.org/stable/core/ops/struct.RangeFromIter.html" target="_blank" rel="noopener noreferrer">`core::range::RangeFromIter`</a> - <a href="https://doc.rust-lang.org/stable/std/range/struct.Range.html" target="_blank" rel="noopener noreferrer">`core::range::Range`</a> - <a href="https://doc.rust-lang.org/stable/std/range/struct.RangeIter.html" target="_blank" rel="noopener noreferrer">`core::range::RangeIter`</a> <a id="1.96.0-Cargo"></a> ## Cargo - <a href="https://github.com/rust-lang/cargo/pull/16810/" target="_blank" rel="noopener noreferrer">Allow a dependency to specify both a git repository and an alternate registry.</a> Just like with crates.io, the git repository will be used locally, but the registry version will be used when published. - <a href="https://github.com/rust-lang/cargo/pull/16846" target="_blank" rel="noopener noreferrer">Added `target.'cfg(..)'.rustdocflags` support in configuration.</a> - Fixed <a href="https://blog.rust-lang.org/2026/05/25/cve-2026-5222/" target="_blank" rel="noopener noreferrer">CVE-2026-5222</a> and <a href="https://blog.rust-lang.org/2026/05/25/cve-2026-5223/" target="_blank" rel="noopener noreferrer">CVE-2026-5223</a>. <a id="1.96-Rustdoc"></a> ## Rustdoc - <a href="https://github.com/rust-lang/rust/pull/149931" target="_blank" rel="noopener noreferrer">Deprecation notes are now rendered like any other documentation</a>. Previously they used the css `white-space: pre-wrap;` property and stripped any `<p>` elements from the rendered html, however this caused issues and unintuitive behavior. The new behavior should be more predictable, however some multi-line deprecation notes will now be rendered as as single lines. If this is undesirable, you can use the standard markdown method of forcing a linebreak, which is two spaces followed by a newline (`"\n"`). - <a href="https://github.com/rust-lang/rust/pull/154048" target="_blank" rel="noopener noreferrer">Don't emit rustdoc `missing_doc_code_examples` lint on impl items</a> - <a href="https://github.com/rust-lang/rust/pull/154644" target="_blank" rel="noopener noreferrer">Separate methods and associated functions in sidebar</a> <a id="1.96.0-Compatibility-Notes"></a> ## Compatibility Notes - [Fix layout of `#[repr(Int)]` enums in some edge cases involving fields of uninhabited zero-sized types](<a href="https://github.com/rust-lang/rust/pull/146989" target="_blank" rel="noopener noreferrer">github.com — 146989</a>) - <a href="https://github.com/rust-lang/rust/pull/149218" target="_blank" rel="noopener noreferrer">Prevent unsize-coercing into `Pin&lt;Foo&gt;` where `Foo` doesn't implement `Deref`. Some such coercions were previously allowed, but produce a type with no useful public API.</a> - <a href="https://github.com/rust-lang/rust/pull/149868" target="_blank" rel="noopener noreferrer">rustc: Stop passing `--allow-undefined` on wasm targets</a> - [Gate the accidentally stabilized `#![reexport_test_harness_main]` attribute](<a href="https://github.com/rust-lang/rust/pull/152210" target="_blank" rel="noopener noreferrer">github.com — 152210</a>) - <a href="https://github.com/rust-lang/rust/pull/152543" target="_blank" rel="noopener noreferrer">Error on return-position-impl-trait-in-traits whose types are too private</a> - <a href="https://github.com/rust-lang/rust/pull/152853" target="_blank" rel="noopener noreferrer">Report the `uninhabited_static` lint in dependencies and make it deny-by-default</a> - <a href="https://github.com/rust-lang/rust/pull/152870" target="_blank" rel="noopener noreferrer">Distributed builds now contain non-split debuginfo for windows-gnu</a> This appears to improve the quality of backtraces. This change has no effect on the defaults for the output of rustc/cargo on these targets. - <a href="https://github.com/rust-lang/rust/pull/152931" target="_blank" rel="noopener noreferrer">Check const generic arguments are correctly typed in more positions</a> - <a href="https://github.com/rust-lang/rust/pull/152973" target="_blank" rel="noopener noreferrer">Remove `-Csoft-float`</a> - [Importing structs with `::{self [as name]}`, e.g., `struct S {}; use S::{self as Other};`, is now no longer permitted because `{self}` imports require a module parent.](<a href="https://github.com/rust-lang/rust/pull/152996" target="_blank" rel="noopener noreferrer">github.com — 152996</a>) - <a href="https://github.com/rust-lang/rust/pull/153041" target="_blank" rel="noopener noreferrer">For `export_name`, `link_name`, and `link_section` attributes, if multiple of the same attribute is present, the first one now takes precedence.</a> - <a href="https://github.com/rust-lang/rust/pull/153684" target="_blank" rel="noopener noreferrer">Update the minimum external LLVM to 21</a> - On `avr` targets, C's `double` type is 32-bit by default, so <a href="https://github.com/rust-lang/rust/pull/154647" target="_blank" rel="noopener noreferrer">change `c_double` to `f32` on `avr` targets to match</a>. This is ...[truncated 732 chars] ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages` - Generated at: `2026-06-12T00:34:03Z`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
niceos-5.2
No results found.
Labels
Clear labels   
ai-summary
Issue contains local NiceSOFT AI generated preliminary analysis

  
bot
Created by automation

  
needs-build
Needs build verification

  
needs-triage
Needs maintainer triage

  
priority/high
High priority

  
security-release
Release notes mention security fixes or CVE

  
update/minor
Minor update

  
upstream-update
New upstream version is available

  
upstream/github
GitHub upstream

No labels
ai-summary
bot
needs-build
needs-triage
priority/high
security-release
update/minor
upstream-update
upstream/github
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rpms/rust#2
No description provided.