rustc-1.58.1

[ken@…]

From ​https://blog.rust-lang.org/2022/01/20/Rust-1.58.1.html

"Rust 1.58.1 fixes a race condition in the std::fs::remove_dir_all standard library function. This security vulnerability is tracked as CVE-2022-21658, and you can read more about it on the advisory we published earlier today. We recommend all users to update their toolchain immediately and rebuild their programs with the updated compiler."

Their security advisory ​https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html says the vulnerability allows an attacker to use privileged programs to delete files they should not be able to access.

This issue appears to be restricted to privileged programs. A review of the packages in BLFS which use, or optionally use, rust suggests there are no such programs. If both those statements are true, updating rustc should be a sufficient fix.

If you have other rust programs which might be affected, or if those two statements are incorrect, you should rebuild the programs which use rust after updating the compiler, because the pseudo-shared standard library is a static library (parts are pulled into its users).

Unusually, upgrading rustc from 1.56.1 to 1.58.1 did not highlight any new build problems with the rust packages in BLFS.

The link above announcing 1.58.1 mentions several other non-security fixes. For changes in 1.58.0 see ​https://blog.rust-lang.org/2022/01/13/Rust-1.58.0.html and for changes in 1.57.0 see ​https://blog.rust-lang.org/2021/12/02/Rust-1.57.0.html

[ken@…]

Book updated, @ca97a2a1e384fd84b87c2962c188241d87acd7a1 11.0-442.

[ken@…]

Security Advisory SA 11.0-060 (dumbo forgot to push that advisory).