SUSE-CU-2025:7493-1: Security update of bci/rust

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Oct 21 10:47:36 UTC 2025 

SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7493-1
Container Tags        : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1
Container Release     : 2.1
Severity              : important
Type                  : security
References            : 1242170 1250232 CVE-2025-9230 
-----------------------------------------------------------------

The container bci/rust was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3635-1
Released:    Fri Oct 17 16:33:06 2025
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:

- CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3678-1
Released:    Mon Oct 20 10:47:02 2025
Summary:     Recommended update for rust, rust1.90
Type:        recommended
Severity:    moderate
References:  1242170
This update for rust, rust1.90 fixes the following issues:

Version 1.90.0 (2025-09-18)
===========================

# Language

- Split up the `unknown_or_malformed_diagnostic_attributes` lint. This lint has been split up into four finer-grained lints, with `unknown_or_malformed_diagnostic_attributes` now being the lint group that contains these lints:
    1. `unknown_diagnostic_attributes`: unknown to the current compiler
    2. `misplaced_diagnostic_attributes`: placed on the wrong item
    3. `malformed_diagnostic_attributes`: malformed attribute syntax or options
    4. `malformed_diagnostic_format_literals`: malformed format string literal
- Allow constants whose final value has references to mutable/external memory, but reject such constants as patterns
- Allow volatile access to non-Rust memory, including address 0

# Compiler

- Use `lld` by default on `x86_64-unknown-linux-gnu`
- Tier 3 `musl` targets now link dynamically by default. Affected targets:
    - `mips64-unknown-linux-muslabi64`
    - `powerpc64-unknown-linux-musl`
    - `powerpc-unknown-linux-musl`
    - `powerpc-unknown-linux-muslspe`
    - `riscv32gc-unknown-linux-musl`
    - `s390x-unknown-linux-musl`
    - `thumbv7neon-unknown-linux-musleabihf`

# Platform Support

- Demote `x86_64-apple-darwin` to Tier 2 with host tools
Refer to Rust's platform support page for more information on Rust's tiered platform support.

# Libraries

- Stabilize `u*::{checked,overflowing,saturating,wrapping}_sub_signed`
- Allow comparisons between `CStr`, `CString`, and `Cow<CStr>`
- Remove some unsized tuple impls since unsized tuples can't be constructed
- Set `MSG_NOSIGNAL` for `UnixStream`
- `proc_macro::Ident::new` now supports `$crate`.
- Guarantee the pointer returned from `Thread::into_raw` has at least 8 bytes of alignment

# Stabilized APIs

- `u{n}::checked_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.checked_sub_signed
- `u{n}::overflowing_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.overflowing_sub_signed
- `u{n}::saturating_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.saturating_sub_signed
- `u{n}::wrapping_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.wrapping_sub_signed)
- `impl Copy for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Copy-for-IntErrorKind
- `impl Hash for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Hash-for-IntErrorKind
- `impl PartialEq<&CStr> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3C%26CStr%3E-for-CStr
- `impl PartialEq<CString> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCString%3E-for-CStr
- `impl PartialEq<Cow<CStr>> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CStr
- `impl PartialEq<&CStr> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3C%26CStr%3E-for-CString
- `impl PartialEq<CStr> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCStr%3E-for-CString
- `impl PartialEq<Cow<CStr>> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CString
- `impl PartialEq<&CStr> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3C%26CStr%3E-for-Cow%3C'_,+CStr%3E
- `impl PartialEq<CStr> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCStr%3E-for-Cow%3C'_,+CStr%3E
- `impl PartialEq<CString> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCString%3E-for-Cow%3C'_,+CStr%3E

These previously stable APIs are now stable in const contexts:

- `<[T]>::reverse` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.reverse
- `f32::floor` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.floor
- `f32::ceil` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.ceil
- `f32::trunc` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.trunc
- `f32::fract` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.fract
- `f32::round` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round
- `f32::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round_ties_even
- `f64::floor` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.floor
- `f64::ceil` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.ceil
- `f64::trunc` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.trunc
- `f64::fract` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.fract
- `f64::round` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round
- `f64::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round_ties_even

# Cargo

- Add `http.proxy-cainfo` config for proxy certs
- Use `gix` for `cargo package`
- feat(publish): Stabilize multi-package publishing

# Rustdoc

- Add ways to collapse all impl blocks. Previously the 'Summary' button and '-' keyboard shortcut would never collapse `impl` blocks, now they do when shift is held
- Display unsafe attributes with `unsafe()` wrappers

# Compatibility Notes

- Use `lld` by default on `x86_64-unknown-linux-gnu`
  See also <https://blog.rust-lang.org/2025/09/01/rust-lld-on-1.90.0-stable/>.
- Make `core::iter::Fuse`'s `Default` impl construct `I::default()` internally as promised in the docs instead of always being empty
- Set `MSG_NOSIGNAL` for `UnixStream`
  This may change program behavior but results in the same behavior as other primitives (e.g., stdout, network sockets).
  Programs relying on signals to terminate them should update handling of sockets to handle errors on write by exiting.
- On Unix `std::env::home_dir` will use the fallback if the `HOME` environment variable is empty
- We now reject unsupported `extern '{abi}'`s consistently in all positions. This primarily affects the use of implementing traits on an `extern '{abi}'` function pointer, like `extern 'stdcall' fn()`, on a platform that doesn't support that, like aarch64-unknown-linux-gnu. Direct usage of these unsupported ABI strings by declaring or defining functions was already rejected, so this is only a change for consistency.
- const-eval: error when initializing a static writes to that static
- Check that the `proc_macro_derive` macro has correct arguments when applied to the crate root


The following package changes have been done:

- libopenssl1_1-1.1.1w-150700.11.6.1 updated
- cpp14-14.3.0+git11799-150000.1.11.1 added
- gcc14-14.3.0+git11799-150000.1.11.1 added
- rust1.90-1.90.0-150300.7.5.1 added
- cargo1.90-1.90.0-150300.7.5.1 added
- cargo1.89-1.89.0-150300.7.3.1 removed
- cpp13-13.3.1+git9426-150000.1.18.1 removed
- gcc13-13.3.1+git9426-150000.1.18.1 removed
- rust1.89-1.89.0-150300.7.3.1 removed

More information about the sle-container-updates mailing list