nevaforget/moonlock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden release profile, drop dead struct fields (v0.6.18)

Browse Source 
Security-audit follow-up. The release profile had silently drifted from
the hardened profile (v0.6.12): v0.6.14 bundled lto fat->thin, strip
true->false, and debug=true into an unrelated refactor — a debug aid for
the suspend/resume SIGSEGV hunt. That crash is fixed (v0.6.17), so
restore lto=fat + strip=true and drop the debug symbols, which on a
security-critical auth binary only ease reverse-engineering of the auth
path and bloat the binary.

Also remove two vestigial struct fields the audit surfaced: never read,
no behavior change.
- LockscreenHandles.password_entry: the entry is fully wired via internal
  closures before the handles return; no caller read the field.
- User.uid: superseded by getuid() (root check) and username lookups.
This commit is contained in:
nevaforget
2026-06-17 10:46:14 +02:00
parent baae17e1d8
commit d292eaa4c8
5 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Cargo.lock
Generated
+1 -1
View File
@@ -575,7 +575,7 @@ dependencies = [
[[package]]
name = "moonlock"
version = "0.6.17"
version = "0.6.18"
dependencies = [
"gdk-pixbuf",
"gdk4",