SUSE-CU-2023:3093-1: Security update of bci/rust

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Sep 22 07:05:18 UTC 2023 

SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3093-1
Container Tags        : bci/rust:1.72 , bci/rust:1.72-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1
Container Release     : 2.1
Severity              : moderate
Type                  : security
References            : 1214689 CVE-2023-40030 
-----------------------------------------------------------------

The container bci/rust was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3722-1
Released:    Thu Sep 21 10:53:20 2023
Summary:     Security update for rust, rust1.72
Type:        security
Severity:    moderate
References:  1214689,CVE-2023-40030
This update for rust, rust1.72 fixes the following issues:

Changes in rust:

- Update to version 1.72.0 - for details see the rust1.72 package

Changes in rust1.72:

- CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)


Version 1.72.0 (2023-08-24)
==========================

Language
--------

- Replace const eval limit by a lint and add an exponential backoff warning
- expand: Change how `#![cfg(FALSE)]` behaves on crate root
- Stabilize inline asm for LoongArch64
- Uplift `clippy::undropped_manually_drops` lint
- Uplift `clippy::invalid_utf8_in_unchecked` lint
- Uplift `clippy::cast_ref_to_mut` lint
- Uplift `clippy::cmp_nan` lint
- resolve: Remove artificial import ambiguity errors
- Don't require associated types with Self: Sized bounds in `dyn Trait` objects

Compiler
--------

- Remember names of `cfg`-ed out items to mention them in diagnostics
- Support for native WASM exceptions
- Add support for NetBSD/aarch64-be (big-endian arm64).
- Write to stdout if `-` is given as output file
- Force all native libraries to be statically linked when linking a static binary
- Add Tier 3 support for `loongarch64-unknown-none*`
- Prevent `.eh_frame` from being emitted for `-C panic=abort`
- Support 128-bit enum variant in debuginfo codegen
- compiler: update solaris/illumos to enable tsan support.

Refer to Rust's platform support page for more information on Rust's tiered platform support.

Libraries
---------

- Document memory orderings of `thread::{park, unpark}`
- io: soften ‘at most one write attempt’ requirement in io::Write::write
- Specify behavior of HashSet::insert
- Relax implicit `T: Sized` bounds on `BufReader<T>`, `BufWriter<T>` and `LineWriter<T>`
- Update runtime guarantee for `select_nth_unstable`
- Return `Ok` on kill if process has already exited
- Implement PartialOrd for `Vec`s over different allocators
- Use 128 bits for TypeId hash
- Don't drain-on-drop in DrainFilter impls of various collections.
- Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata

Rustdoc
-------

- Allow whitespace as path separator like double colon
- Add search result item types after their name
- Search for slices and arrays by type with `[]`
- Clean up type unification and 'unboxing'

Stabilized APIs
---------------

- `impl<T: Send> Sync for mpsc::Sender<T>`
- `impl TryFrom<&OsStr> for &str`
- `String::leak`

These APIs are now stable in const contexts:

- `CStr::from_bytes_with_nul`
- `CStr::to_bytes`
- `CStr::to_bytes_with_nul`
- `CStr::to_str`

Cargo
-----

- Enable `-Zdoctest-in-workspace` by default. When running each documentation
  test, the working directory is set to the root directory of the package the
  test belongs to.
- Add support of the 'default' keyword to reset previously set `build.jobs`
  parallelism back to the default.

Compatibility Notes
-------------------

- Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses
- Cargo changed feature name validation check to a hard error. The warning was
  added in Rust 1.49. These extended characters aren't allowed on crates.io, so
  this should only impact users of other registries, or people who don't publish
  to a registry.
  

The following package changes have been done:

- rust1.72-1.72.0-150400.9.3.1 added
- cargo1.72-1.72.0-150400.9.3.1 added
- cargo1.71-1.71.1-150400.9.6.1 removed
- rust1.71-1.71.1-150400.9.6.1 removed

More information about the sle-security-updates mailing list