diff --git a/fix-CVE-2024-24575.patch b/fix-CVE-2024-24575.patch
deleted file mode 100644
index 82eb0430c08bbe1c05b6cd5335f4a37854b33e0e..0000000000000000000000000000000000000000
--- a/fix-CVE-2024-24575.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From c9d31b711e8906cf248566f43142f20b03e20cbf Mon Sep 17 00:00:00 2001
-From: Edward Thomson <ethomson@edwardthomson.com>
-Date: Fri, 17 Nov 2023 16:54:47 +0000
-Subject: [PATCH] revparse: fix parsing bug for trailing `@`
-
-Origin: https://github.com/libgit2/libgit2/commit/c9d31b711e8906cf248566f43142f20b03e20cbf
-
-When parsing a revspec that ends with a trailing `@`, explicitly stop
-parsing. Introduce a sentinel variable to explicitly stop parsing.
-
-Prior to this, we would set `spec` to `HEAD`, but were looping on the
-value of `spec[pos]`, so we would continue walking the (new) `spec`
-at offset `pos`, looking for a NUL. This is obviously an out-of-bounds
-read.
-
-Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
----
- vendor/libgit2-sys/libgit2/src/libgit2/revparse.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/vendor/libgit2-sys/libgit2/src/libgit2/revparse.c b/vendor/libgit2-sys/libgit2/src/libgit2/revparse.c
-index 964afe378da..06d92f82bf2 100644
---- a/vendor/libgit2-sys/libgit2/src/libgit2/revparse.c
-+++ b/vendor/libgit2-sys/libgit2/src/libgit2/revparse.c
-@@ -701,6 +701,7 @@ static int revparse(
- 	git_object *base_rev = NULL;
- 
- 	bool should_return_reference = true;
-+	bool parsed = false;
- 
- 	GIT_ASSERT_ARG(object_out);
- 	GIT_ASSERT_ARG(reference_out);
-@@ -710,7 +711,7 @@ static int revparse(
- 	*object_out = NULL;
- 	*reference_out = NULL;
- 
--	while (spec[pos]) {
-+	while (!parsed && spec[pos]) {
- 		switch (spec[pos]) {
- 		case '^':
- 			should_return_reference = false;
-@@ -817,6 +818,8 @@ static int revparse(
- 				break;
- 			} else if (spec[pos+1] == '\0') {
- 				spec = "HEAD";
-+				identifier_len = 4;
-+				parsed = true;
- 				break;
- 			}
- 			/* fall through */
diff --git a/fix-CVE-2024-24577.patch b/fix-CVE-2024-24577.patch
deleted file mode 100644
index f69477e0901cf92494dd1dcdc3611d122c83e740..0000000000000000000000000000000000000000
--- a/fix-CVE-2024-24577.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From eb4c1716cd92bf56f2770653a915d5fc01eab8f3 Mon Sep 17 00:00:00 2001
-From: Edward Thomson <ethomson@edwardthomson.com>
-Date: Sat, 16 Dec 2023 11:19:07 +0000
-Subject: [PATCH] index: correct index has_dir_name check
-
-Origin: https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3
-
-`has_dir_name` is used to check for directory/file collisions,
-and attempts to determine whether the index contains a file with
-a directory name that is a proper subset of the new index entry
-that we're trying to add.
-
-To determine directory name, the function would walk the path string
-backwards to identify a `/`, stopping at the end of the string. However,
-the function assumed that the strings did not start with a `/`. If the
-paths contain only a single `/` at the beginning of the string, then the
-function would continue the loop, erroneously, when they should have
-stopped at the first character.
-
-Correct the order of the tests to terminate properly.
-
-Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
-
----
- vendor/libgit2-sys/libgit2/src/libgit2/index.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/vendor/libgit2-sys/libgit2/src/libgit2/index.c b/vendor/libgit2-sys/libgit2/src/libgit2/index.c
-index 7ebe075..7862273 100644
---- a/vendor/libgit2-sys/libgit2/src/libgit2/index.c
-+++ b/vendor/libgit2-sys/libgit2/src/libgit2/index.c
-@@ -1155,10 +1155,14 @@ static int has_dir_name(git_index *index,
- 		size_t len, pos;
- 
- 		for (;;) {
--			if (*--slash == '/')
--				break;
-+			slash--;
-+
- 			if (slash <= entry->path)
- 				return 0;
-+
-+
-+			if (*slash == '/')
-+				break;
- 		}
- 		len = slash - name;
- 
--- 
-2.23.0
-
diff --git a/rust.spec b/rust.spec
index e96a076becad2d2954655e045032a146160560da..925da0325db268767d7c9bed0d3c925ddbbcabd5 100644
--- a/rust.spec
+++ b/rust.spec
@@ -1,7 +1,7 @@
 # bootstrap from scratch, set the channel and date from src/stage0.json
-%global bootstrap_version 1.75.0
-%global bootstrap_channel 1.75.0
-%global bootstrap_date 2023-12-28
+%global bootstrap_version 1.76.0
+%global bootstrap_channel 1.76.0
+%global bootstrap_date 2024-02-08
 
 # only the specified arch will use the bootstrap binary
 # run spectool -g rust.spec to get the tarball.
@@ -103,16 +103,12 @@ end}
 
 Summary:        The Rust Programming Language
 Name:           rust
-Version:        1.76.0
+Version:        1.77.2
 Release:        1%{?dist}
 License:        (ASL 2.0 or MIT) and (BSD and MIT)
 URL:            https://www.rust-lang.org
 Source0:        https://static.rust-lang.org/dist/rustc-%{version}-src.tar.xz
 
-# fix CVEs in bundled libgit2-1.7.1
-Patch0001:      fix-CVE-2024-24575.patch
-Patch0002:      fix-CVE-2024-24577.patch
-
 Patch3000:      0001-Use-lld-provided-by-system.patch
 Patch3001:      rustc-1.70.0-rust-gdb-substitute-path.patch
 
@@ -341,6 +337,7 @@ test -r "%{profiler}"
   --set build.doc-stage=2 \
   --set build.install-stage=2 \
   --set build.test-stage=2 \
+  --set build.optimized-compiler-builtins=false \
   --enable-extended \
   --tools=cargo,clippy,rust-analyzer,rustfmt,src \
   --enable-vendor \
@@ -363,15 +360,15 @@ mkdir -p "$PROFRAW"
 %{__python3} ./x.py build -j "$ncpus" sysroot --rust-profile-generate="$PROFRAW"
 # Build cargo to generate compiler profiles
 env LLVM_PROFILE_FILE="$PROFRAW/default_%%m_%%p.profraw" %{__python3} ./x.py --keep-stage=0 --keep-stage=1 build cargo
-llvm-profdata merge -o "$PROFDATA" "$PROFRAW"
+%{_prefix}/bin/llvm-profdata merge -o "$PROFDATA" "$PROFRAW"
 rm -r "$PROFRAW" build/%{rust_triple}/stage2*/
 # Rebuild the compiler using the profile data  
 %{__python3} ./x.py build -j "$ncpus" sysroot --rust-profile-use="$PROFDATA"
-%else
-# Build the compiler without PGO
-%{__python3} ./x.py build -j "$ncpus" sysroot
 %endif
 
+# Build the compiler normally (with or without PGO)
+%{__python3} ./x.py build -j "$ncpus" sysroot
+
 # Build everything else normally
 %{__python3} ./x.py build
 %{__python3} ./x.py doc
@@ -547,6 +544,9 @@ rm -rf "./build/%{rust_triple}/stage2-tools/%{rust_triple}/cit/"
 %{rustlibdir}/src
 
 %changelog
+* Tue Jul 9 2024 Wang Guodong <gordonwwang@tencent.com> - 1.77.2-1
+- Upgrade to 1.77.2
+
 * Fri Jun 21 2024 Wang Guodong <gordonwwang@tencent.com> - 1.76.0-1
 - Upgrade to 1.76.0
 - Enable thin-LTO and PGO for rustc
diff --git a/rustc-1.76.0-unbundle-sqlite.patch b/rustc-1.76.0-unbundle-sqlite.patch
index 6c1c66776b5b80b06fb623ef52a560d01ea55ab6..50aa4a817680901ddb22013925fdf3b74de4c0a7 100644
--- a/rustc-1.76.0-unbundle-sqlite.patch
+++ b/rustc-1.76.0-unbundle-sqlite.patch
@@ -1,6 +1,7 @@
---- rustc-beta-src/src/tools/cargo/Cargo.lock.orig	2024-01-07 18:12:08.000000000 -0800
-+++ rustc-beta-src/src/tools/cargo/Cargo.lock	2024-01-09 15:36:23.808367445 -0800
-@@ -2109,7 +2109,6 @@
+diff -up rustc-beta-src/src/tools/cargo/Cargo.lock.orig rustc-beta-src/src/tools/cargo/Cargo.lock
+--- rustc-beta-src/src/tools/cargo/Cargo.lock.orig	2024-02-14 13:00:20.318976752 +0100
++++ rustc-beta-src/src/tools/cargo/Cargo.lock	2024-02-14 13:00:28.447051475 +0100
+@@ -2110,7 +2110,6 @@ version = "0.27.0"
  source = "registry+https://github.com/rust-lang/crates.io-index"
  checksum = "cf4e226dcd58b4be396f7bd3c20da8fdee2911400705297ba7d2d7cc2c30f716"
  dependencies = [
@@ -8,14 +9,15 @@
   "pkg-config",
   "vcpkg",
  ]
---- rustc-beta-src/src/tools/cargo/Cargo.toml.orig	2024-01-07 18:12:08.000000000 -0800
-+++ rustc-beta-src/src/tools/cargo/Cargo.toml	2024-01-09 15:36:18.534437627 -0800
-@@ -73,7 +73,7 @@
+diff -up rustc-beta-src/src/tools/cargo/Cargo.toml.orig rustc-beta-src/src/tools/cargo/Cargo.toml
+--- rustc-beta-src/src/tools/cargo/Cargo.toml.orig	2024-02-14 13:00:14.942927327 +0100
++++ rustc-beta-src/src/tools/cargo/Cargo.toml	2024-02-14 13:00:40.688164017 +0100
+@@ -77,7 +77,7 @@ proptest = "1.4.0"
  pulldown-cmark = { version = "0.9.3", default-features = false }
  rand = "0.8.5"
  regex = "1.10.2"
 -rusqlite = { version = "0.30.0", features = ["bundled"] }
 +rusqlite = { version = "0.30.0", features = [] }
- rustfix = { version = "0.7.0", path = "crates/rustfix" }
+ rustfix = { version = "0.8.0", path = "crates/rustfix" }
  same-file = "1.0.6"
  security-framework = "2.9.2"
diff --git a/sources b/sources
index 528677b39f611f8fbd1d189bc74672ed36bf5d3b..d8b71a24a1c85ff428e915570f9d91ca0875c544 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (rustc-1.76.0-src.tar.xz) = 92e16cfdeb91bde341fe6c2774d92868275b07aa1d46d870ddc9291eadfe4ea9af93e06586fa7d6b8d60534903945cbbe706d354c90272712989c58d2bf174bf
+SHA512 (rustc-1.77.2-src.tar.xz) = ab099a5e545892f145af9f4c21f41693463248697accf1c92d9afbe6c711639c3859e89c1bb99b84854c462784cc5970fb84dd7c89260ff92174e3684f76920c