SUSE-CU-2024:5662-1: Security update of bci/rust
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Nov 14 08:14:13 UTC 2024
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5662-1
Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-1.2.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.3
Container Release : 2.3
Severity : moderate
Type : security
References : 1220262 1232528 CVE-2023-50782 CVE-2024-9681
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3903-1
Released: Mon Nov 4 13:37:35 2024
Summary: Recommended update for rust
Type: recommended
Severity: moderate
References:
This update for rust fixes the following issues:
Version 1.82.0 (2024-10-17)
==========================
Language
--------
- Don't make statement nonterminals match pattern nonterminals
- Patterns matching empty types can now be omitted in common cases
- Enforce supertrait outlives obligations when using trait impls
- `addr_of(_mut)!` macros and the newly stabilized `&raw (const|mut)` are now safe to use with all static items
- size_of_val_raw: for length 0 this is safe to call
- Reorder trait bound modifiers *after* `for<...>` binder in trait bounds
- Stabilize opaque type precise capturing (RFC 3617)
- Stabilize `&raw const` and `&raw mut` operators (RFC 2582)
- Stabilize unsafe extern blocks (RFC 3484)
- Stabilize nested field access in `offset_of!`
- Do not require `T` to be live when dropping `[T; 0]`
- Stabilize `const` operands in inline assembly
- Stabilize floating-point arithmetic in `const fn`
- Stabilize explicit opt-in to unsafe attributes
- Document NaN bit patterns guarantees
Compiler
--------
- Promote riscv64gc-unknown-linux-musl to tier 2
- Promote Mac Catalyst targets `aarch64-apple-ios-macabi` and `x86_64-apple-ios-macabi` to Tier 2, and ship them with rustup
- Add tier 3 NuttX based targets for RISC-V and ARM
- Add tier 3 powerpc-unknown-linux-muslspe target
- Improved diagnostics to explain why a pattern is unreachable
- The compiler now triggers the unreachable code warning properly for async functions that don't return/are `-> !`
- Promote `aarch64-apple-darwin` to Tier 1
- Add Trusty OS target `aarch64-unknown-trusty` and `armv7-unknown-trusty` as tier 3 targets
- Promote `wasm32-wasip2` to Tier 2.
Libraries
---------
- Generalize `{Rc,Arc}::make_mut()` to `Path`, `OsStr`, and `CStr`.
Stabilized APIs
---------------
- `std::thread::Builder::spawn_unchecked` https://doc.rust-lang.org/stable/std/thread/struct.Builder.html#method.spawn_unchecked
- `std::str::CharIndices::offset` https://doc.rust-lang.org/nightly/std/str/struct.CharIndices.html#method.offset
- `std::option::Option::is_none_or` https://doc.rust-lang.org/nightly/std/option/enum.Option.html#method.is_none_or
- `[T]::is_sorted` https://doc.rust-lang.org/nightly/std/primitive.slice.html#method.is_sorted
- `[T]::is_sorted_by` https://doc.rust-lang.org/nightly/std/primitive.slice.html#method.is_sorted_by
- `[T]::is_sorted_by_key` https://doc.rust-lang.org/nightly/std/primitive.slice.html#method.is_sorted_by_key
- `Iterator::is_sorted` https://doc.rust-lang.org/nightly/std/iter/trait.Iterator.html#method.is_sorted
- `Iterator::is_sorted_by` https://doc.rust-lang.org/nightly/std/iter/trait.Iterator.html#method.is_sorted_by
- `Iterator::is_sorted_by_key` https://doc.rust-lang.org/nightly/std/iter/trait.Iterator.html#method.is_sorted_by_key
- `std::future::Ready::into_inner` https://doc.rust-lang.org/nightly/std/future/struct.Ready.html#method.into_inner
- `std::iter::repeat_n` https://doc.rust-lang.org/nightly/std/iter/fn.repeat_n.html
- `impl<T: Clone> DoubleEndedIterator for Take<Repeat<T>>` https://doc.rust-lang.org/nightly/std/iter/struct.Take.html#impl-DoubleEndedIterator-for-Take%3CRepeat%3CT%3E%3E
- `impl<T: Clone> ExactSizeIterator for Take<Repeat<T>>` https://doc.rust-lang.org/nightly/std/iter/struct.Take.html#impl-ExactSizeIterator-for-Take%3CRepeat%3CT%3E%3E
- `impl<T: Clone> ExactSizeIterator for Take<RepeatWith<T>>` https://doc.rust-lang.org/nightly/std/iter/struct.Take.html#impl-ExactSizeIterator-for-Take%3CRepeatWith%3CF%3E%3E
- `impl Default for std::collections::binary_heap::Iter` https://doc.rust-lang.org/nightly/std/collections/binary_heap/struct.Iter.html#impl-Default-for-Iter%3C'_,+T%3E
- `impl Default for std::collections::btree_map::RangeMut` https://doc.rust-lang.org/nightly/std/collections/btree_map/struct.RangeMut.html#impl-Default-for-RangeMut%3C'_,+K,+V%3E
- `impl Default for std::collections::btree_map::ValuesMut` https://doc.rust-lang.org/nightly/std/collections/btree_map/struct.ValuesMut.html#impl-Default-for-ValuesMut%3C'_,+K,+V%3E
- `impl Default for std::collections::vec_deque::Iter` https://doc.rust-lang.org/nightly/std/collections/vec_deque/struct.Iter.html#impl-Default-for-Iter%3C'_,+T%3E
- `impl Default for std::collections::vec_deque::IterMut` https://doc.rust-lang.org/nightly/std/collections/vec_deque/struct.IterMut.html#impl-Default-for-IterMut%3C'_,+T%3E
- `Rc<T>::new_uninit` https://doc.rust-lang.org/nightly/std/rc/struct.Rc.html#method.new_uninit
- `Rc<T>::assume_init` https://doc.rust-lang.org/nightly/std/rc/struct.Rc.html#method.assume_init
- `Rc<[T]>::new_uninit_slice` https://doc.rust-lang.org/nightly/std/rc/struct.Rc.html#method.new_uninit_slice
- `Rc<[MaybeUninit<T>]>::assume_init` https://doc.rust-lang.org/nightly/std/rc/struct.Rc.html#method.assume_init-1
- `Arc<T>::new_uninit` https://doc.rust-lang.org/nightly/std/sync/struct.Arc.html#method.new_uninit
- `Arc<T>::assume_init` https://doc.rust-lang.org/nightly/std/sync/struct.Arc.html#method.assume_init
- `Arc<[T]>::new_uninit_slice` https://doc.rust-lang.org/nightly/std/sync/struct.Arc.html#method.new_uninit_slice
- `Arc<[MaybeUninit<T>]>::assume_init` https://doc.rust-lang.org/nightly/std/sync/struct.Arc.html#method.assume_init-1
- `Box<T>::new_uninit` https://doc.rust-lang.org/nightly/std/boxed/struct.Box.html#method.new_uninit
- `Box<T>::assume_init` https://doc.rust-lang.org/nightly/std/boxed/struct.Box.html#method.assume_init
- `Box<[T]>::new_uninit_slice` https://doc.rust-lang.org/nightly/std/boxed/struct.Box.html#method.new_uninit_slice
- `Box<[MaybeUninit<T>]>::assume_init` https://doc.rust-lang.org/nightly/std/boxed/struct.Box.html#method.assume_init-1
- `core::arch::x86_64::_bextri_u64` https://doc.rust-lang.org/stable/core/arch/x86_64/fn._bextri_u64.html
- `core::arch::x86_64::_bextri_u32` https://doc.rust-lang.org/stable/core/arch/x86_64/fn._bextri_u32.html
- `core::arch::x86::_mm_broadcastsi128_si256` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_broadcastsi128_si256.html
- `core::arch::x86::_mm256_stream_load_si256` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm256_stream_load_si256.html
- `core::arch::x86::_tzcnt_u16` https://doc.rust-lang.org/stable/core/arch/x86/fn._tzcnt_u16.html
- `core::arch::x86::_mm_extracti_si64` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_extracti_si64.html
- `core::arch::x86::_mm_inserti_si64` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_inserti_si64.html
- `core::arch::x86::_mm_storeu_si16` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_storeu_si16.html
- `core::arch::x86::_mm_storeu_si32` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_storeu_si32.html
- `core::arch::x86::_mm_storeu_si64` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_storeu_si64.html
- `core::arch::x86::_mm_loadu_si16` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_loadu_si16.html
- `core::arch::x86::_mm_loadu_si32` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_loadu_si32.html
- `core::arch::wasm32::u8x16_relaxed_swizzle` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u8x16_relaxed_swizzle.html
- `core::arch::wasm32::i8x16_relaxed_swizzle` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i8x16_relaxed_swizzle.html
- `core::arch::wasm32::i32x4_relaxed_trunc_f32x4` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i32x4_relaxed_trunc_f32x4.html
- `core::arch::wasm32::u32x4_relaxed_trunc_f32x4` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u32x4_relaxed_trunc_f32x4.html
- `core::arch::wasm32::i32x4_relaxed_trunc_f64x2_zero` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i32x4_relaxed_trunc_f64x2_zero.html
- `core::arch::wasm32::u32x4_relaxed_trunc_f64x2_zero` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u32x4_relaxed_trunc_f64x2_zero.html
- `core::arch::wasm32::f32x4_relaxed_madd` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f32x4_relaxed_madd.html
- `core::arch::wasm32::f32x4_relaxed_nmadd` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f32x4_relaxed_nmadd.html
- `core::arch::wasm32::f64x2_relaxed_madd` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f64x2_relaxed_madd.html
- `core::arch::wasm32::f64x2_relaxed_nmadd` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f64x2_relaxed_nmadd.html
- `core::arch::wasm32::i8x16_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i8x16_relaxed_laneselect.html
- `core::arch::wasm32::u8x16_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u8x16_relaxed_laneselect.html
- `core::arch::wasm32::i16x8_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i16x8_relaxed_laneselect.html
- `core::arch::wasm32::u16x8_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u16x8_relaxed_laneselect.html
- `core::arch::wasm32::i32x4_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i32x4_relaxed_laneselect.html
- `core::arch::wasm32::u32x4_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u32x4_relaxed_laneselect.html
- `core::arch::wasm32::i64x2_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i64x2_relaxed_laneselect.html
- `core::arch::wasm32::u64x2_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u64x2_relaxed_laneselect.html
- `core::arch::wasm32::f32x4_relaxed_min` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f32x4_relaxed_min.html
- `core::arch::wasm32::f32x4_relaxed_max` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f32x4_relaxed_max.html
- `core::arch::wasm32::f64x2_relaxed_min` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f64x2_relaxed_min.html
- `core::arch::wasm32::f64x2_relaxed_max` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f64x2_relaxed_max.html
- `core::arch::wasm32::i16x8_relaxed_q15mulr` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i16x8_relaxed_q15mulr.html
- `core::arch::wasm32::u16x8_relaxed_q15mulr` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u16x8_relaxed_q15mulr.html
- `core::arch::wasm32::i16x8_relaxed_dot_i8x16_i7x16` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i16x8_relaxed_dot_i8x16_i7x16.html
- `core::arch::wasm32::u16x8_relaxed_dot_i8x16_i7x16` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u16x8_relaxed_dot_i8x16_i7x16.html
- `core::arch::wasm32::i32x4_relaxed_dot_i8x16_i7x16_add` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i32x4_relaxed_dot_i8x16_i7x16_add.html
- `core::arch::wasm32::u32x4_relaxed_dot_i8x16_i7x16_add` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u32x4_relaxed_dot_i8x16_i7x16_add.html
These APIs are now stable in const contexts:
- `std::task::Waker::from_raw` https://doc.rust-lang.org/nightly/std/task/struct.Waker.html#method.from_raw
- `std::task::Context::from_waker` https://doc.rust-lang.org/nightly/std/task/struct.Context.html#method.from_waker
- `std::task::Context::waker` https://doc.rust-lang.org/nightly/std/task/struct.Context.html#method.waker
- `$integer::from_str_radix` https://doc.rust-lang.org/nightly/std/primitive.u32.html#method.from_str_radix
- `std::num::ParseIntError::kind` https://doc.rust-lang.org/nightly/std/num/struct.ParseIntError.html#method.kind
Cargo
-----
- feat: Add `info` cargo subcommand
Compatibility Notes
-------------------
- We now [disallow setting some built-in cfgs via the command-line with the newly added `explicit_builtin_cfgs_in_flags` https://doc.rust-lang.org/rustc/lints/listing/deny-by-default.html#explicit-builtin-cfgs-in-flags lint in order to prevent incoherent state, eg. `windows` cfg active but target is Linux based. The appropriate `rustc` flag https://doc.rust-lang.org/rustc/command-line-arguments.html should be used instead.
- The standard library has a new implementation of `binary_search` which is significantly improves performance. However when a sorted slice has multiple values which compare equal, the new implementation may select a different value among the equal ones than the old implementation.
- Removes a problematic hack that always passed the --whole-archive linker flag for tests, which may cause linker errors for code accidentally relying on it.
- The WebAssembly target features `multivalue` and `reference-types` are now
both enabled by default. These two features both have subtle changes implied
for generated WebAssembly binaries. For the `multivalue` feature, WebAssembly
target support has changed when upgrading to LLVM 19. Support for generating
functions with multiple returns no longer works and
`-Ctarget-feature=+multivalue` has a different meaning than it did in LLVM 18
and prior. There is no longer any supported means to generate a module that has
a function with multiple returns in WebAssembly from Rust source code. For the
`reference-types` feature the encoding of immediates in the `call_indirect`, a
commonly used instruction by the WebAssembly backend, has changed. Validators
and parsers which don't understand the `reference-types` proposal will no
longer accept modules produced by LLVM due to this change in encoding of
immediates. Additionally these features being enabled are encoded in the
`target_features` custom section and may affect downstream tooling such as
`wasm-opt` consuming the module. Generating a WebAssembly module that disables
default features requires `-Zbuild-std` support from Cargo and more information
can be found at [rust-lang/rust#128511]
- Rust now raises unsafety errors for union patterns in parameter-position
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released: Thu Nov 7 11:12:00 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
The following package changes have been done:
- libopenssl3-3.1.4-150600.5.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- libcurl4-8.6.0-150600.4.12.1 updated
- rust1.82-1.82.0-150500.11.3.1 added
- cargo1.82-1.82.0-150500.11.3.1 added
- container:registry.suse.com-bci-bci-base-15.6-3b6c9e2466a0c491b923ea6d8513a31f093ac93572312cb8d6c2136de1bbc534-0 updated
- cargo1.81-1.81.0-150500.11.3.1 removed
- rust1.81-1.81.0-150500.11.3.1 removed
More information about the sle-container-updates
mailing list