Security update for rust, rust1.72

Announcement ID:	SUSE-SU-2023:3722-1
Rating:	moderate
References:	bsc#1214689
Cross-References:	CVE-2023-40030
CVSS scores:	CVE-2023-40030 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2023-40030 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:	Development Tools Module 15-SP4 Development Tools Module 15-SP5 openSUSE Leap 15.4 openSUSE Leap 15.5 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

Description:

This update for rust, rust1.72 fixes the following issues:

Changes in rust:

Update to version 1.72.0 - for details see the rust1.72 package

Changes in rust1.72:

CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)

Version 1.72.0 (2023-08-24)

Language

Replace const eval limit by a lint and add an exponential backoff warning
expand: Change how #![cfg(FALSE)] behaves on crate root
Stabilize inline asm for LoongArch64
Uplift clippy::undropped_manually_drops lint
Uplift clippy::invalid_utf8_in_unchecked lint
Uplift clippy::cast_ref_to_mut lint
Uplift clippy::cmp_nan lint
resolve: Remove artificial import ambiguity errors
Don't require associated types with Self: Sized bounds in dyn Trait objects

Compiler

Remember names of cfg-ed out items to mention them in diagnostics
Support for native WASM exceptions
Add support for NetBSD/aarch64-be (big-endian arm64).
Write to stdout if - is given as output file
Force all native libraries to be statically linked when linking a static binary
Add Tier 3 support for loongarch64-unknown-none*
Prevent .eh_frame from being emitted for -C panic=abort
Support 128-bit enum variant in debuginfo codegen
compiler: update solaris/illumos to enable tsan support.

Refer to Rust's platform support page for more information on Rust's tiered platform support.

Libraries

Document memory orderings of thread::{park, unpark}
io: soften ‘at most one write attempt’ requirement in io::Write::write
Specify behavior of HashSet::insert
Relax implicit T: Sized bounds on BufReader<T>, BufWriter<T> and LineWriter<T>
Update runtime guarantee for select_nth_unstable
Return Ok on kill if process has already exited
Implement PartialOrd for Vecs over different allocators
Use 128 bits for TypeId hash
Don't drain-on-drop in DrainFilter impls of various collections.
Make {Arc,Rc,Weak}::ptr_eq ignore pointer metadata

Rustdoc

Allow whitespace as path separator like double colon
Add search result item types after their name
Search for slices and arrays by type with []
Clean up type unification and "unboxing"

Stabilized APIs

impl<T: Send> Sync for mpsc::Sender<T>
impl TryFrom<&OsStr> for &str
String::leak

These APIs are now stable in const contexts:

CStr::from_bytes_with_nul
CStr::to_bytes
CStr::to_bytes_with_nul
CStr::to_str

Cargo

Enable -Zdoctest-in-workspace by default. When running each documentation test, the working directory is set to the root directory of the package the test belongs to.
Add support of the "default" keyword to reset previously set build.jobs parallelism back to the default.

Compatibility Notes

Alter Display for Ipv6Addr for IPv4-compatible addresses
Cargo changed feature name validation check to a hard error. The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io, so this should only impact users of other registries, or people who don't publish to a registry.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3722=1 openSUSE-SLE-15.4-2023-3722=1
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3722=1
Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3722=1
Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3722=1

Package List:

openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
- cargo-1.72.0-150400.24.24.1
- rust-1.72.0-150400.24.24.1
- rust1.72-debuginfo-1.72.0-150400.9.3.1
- cargo1.72-debuginfo-1.72.0-150400.9.3.1
- cargo1.72-1.72.0-150400.9.3.1
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc)
- rust1.72-1.72.0-150400.9.3.1
openSUSE Leap 15.4 (nosrc)
- rust1.72-test-1.72.0-150400.9.3.1
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- cargo-1.72.0-150400.24.24.1
- rust-1.72.0-150400.24.24.1
- rust1.72-debuginfo-1.72.0-150400.9.3.1
- cargo1.72-debuginfo-1.72.0-150400.9.3.1
- cargo1.72-1.72.0-150400.9.3.1
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
- rust1.72-1.72.0-150400.9.3.1
Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
- cargo-1.72.0-150400.24.24.1
- rust-1.72.0-150400.24.24.1
- rust1.72-debuginfo-1.72.0-150400.9.3.1
- cargo1.72-debuginfo-1.72.0-150400.9.3.1
- cargo1.72-1.72.0-150400.9.3.1
Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
- rust1.72-1.72.0-150400.9.3.1
Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
- cargo-1.72.0-150400.24.24.1
- rust-1.72.0-150400.24.24.1
- rust1.72-debuginfo-1.72.0-150400.9.3.1
- cargo1.72-debuginfo-1.72.0-150400.9.3.1
- cargo1.72-1.72.0-150400.9.3.1
Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
- rust1.72-1.72.0-150400.9.3.1