rust: Upgrade to 1.90.0

[KavyaSree2610]

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

• The toolchain has been rebuilt successfully (or no changes were made to it)
• The toolchain/worker package manifests are up-to-date
• Any updated packages successfully build (or no packages were changed)
• Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
• Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
• All package sources are available
• cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
• LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
• All source files have up-to-date hashes in the *.signatures.json files
• sudo make go-tidy-all and sudo make go-test-coverage pass
• Documentation has been updated to match any changes to the build system
• Ready to merge

---

Summary

• Upgrades Rust from 1.86.0 to 1.90.0
• Updates all Rust-dependent packages to ensure compatibility with the new toolchain
• Kata Containers Compatibility Patch (0001_warning.patch)
  A new patch has been introduced to resolve compilation warnings in kata-containers and kata-containers-cc that emerged with Rust 1.90.0. This patch is necessary because the kata-containers spec file requires rust >= 1.85.0, and newer Rust versions (1.88+) have stricter compiler warnings and linting rules.

Specific Fixes in the Patch:

1. Dead Code Warning Suppression for s390x CCW Device Handlers
   Adds #[allow(dead_code)] annotations to Channel Command Word (CCW) device handler structs
   Root Cause: These CCW device handlers are implemented for s390x architecture support, but since kata-containers is built exclusively for x86_64 (as specified in the spec file), these structs are defined but never actually used

2. Explicit Lifetime Annotation for Iterator
   Updates iterator lifetime annotations from elided lifetimes to explicit '_ (anonymous lifetime)
   Root Cause: Rust 1.88+ enforces more explicit lifetime annotations for iterators to improve code clarity and prevent potential lifetime-related bugs

What does the PR accomplish, why was it needed?

• Upgrade rust to 1.90.0

Change Log

• Bump release for all the dependent packages
• Update cgmanifest and signatures for new rust
• Suppress dead_code warnings for architecture-specific CCW handlers and fix lifetime elision warning in U32Set iterator implementation in katacontainers/kata-containers-cc
• Add a patch to 389-ds-base to fix lifetime elision warning

Does this affect the toolchain?

NO

Associated issues

• https://microsoft.visualstudio.com/OS/_workitems/edit/58943486

Links to CVEs

• https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXX

Test Methodology

• Buddy Build(SPECS): https://dev.azure.com/mariner-org/mariner/_build/results?buildId=972270&view=results
• Buddy Build(SPECS-EXTENDED): https://dev.azure.com/mariner-org/mariner/_build/results?buildId=972436&view=results
  (Ptests failing in rust-cbindgen and python-argcomplete is a known issue)
• Full build id: 3.0.20251030-kkaitepalli-967858

[CBL-Mariner-Bot]

⚠️ PR Check Passed with Warnings

Found 7 warning(s) that should be reviewed.

🤖 AI Analysis Summary:

Brief Analysis:
This PR updates the Rust package version from 1.86.0 to 1.88.0 and bumps the stage0 compiler to 1.87.0 while revising the patch order. However, a discrepancy between spec patch references and the changelog has been detected.

Critical Issues Found:
• ERROR: The changelog still mentions a patch for CVE-2025-4574 although the current spec no longer references it.

Recommended Actions:
• Either reintroduce the CVE-2025-4574.patch into the spec (if still needed) or update the changelog to remove the obsolete reference.
• Clean up the patch files in the directory to avoid maintaining unused patches.
• Verify that all version bumps are security-audited and documented.

---

📋 For detailed analysis and recommendations, check the Azure DevOps pipeline logs.

[CBL-Mariner-Bot]

⚠️ PR Check Passed with Warnings

Found 7 warning(s) that should be reviewed.

🤖 AI Analysis Summary:

Brief Analysis:
This update bumps the Rust package from 1.86.0 to 1.88.0 (and stage0 from 1.85.0 to 1.87.0) and refreshes source signatures accordingly. The security patches for CVE-2025-53605 and CVE-2024-11738 remain listed, while the previously referenced CVE-2025-4574 patch has been removed from the Patch directives even though its fix is still noted in the changelog.

Critical Issues Found:
• Removed CVE-2025-4574 patch reference in the spec versus its appearance in the changelog (potential inconsistency).

Recommended Actions:
• Confirm that the upstream 1.88.0 release includes the fix for CVE-2025-4574 and update the changelog or remove legacy entries accordingly.
• Clean up any now-unused patch files, if appropriate.
• Double-check patch numbering and application (via %autosetup) for consistency.

---

📋 For detailed analysis and recommendations, check the Azure DevOps pipeline logs.

[CBL-Mariner-Bot]

⚠️ PR Check Passed with Warnings

Found 7 warning(s) that should be reviewed.

🤖 AI Analysis Summary:

Brief Analysis:
This update bumps the Rust package from 1.86.0 to 1.88.0 and updates several source signatures and stage0 versions. However, there is an inconsistency between the patch list and the changelog regarding CVE-2025-4574.

Critical Issues Found:
• ERROR: The changelog still references “Patch CVE-2025-4574” (from Jun 13 2025) even though the spec patch list now omits it.

Recommended Actions:
• Reconcile the patch references by either reintroducing CVE-2025-4574 in the spec (e.g. as Patch2) or updating the changelog to remove its mention.
• Verify that all patches are applied (via %autosetup/%patch macros) and their numbering remains sequential.
• Confirm that upstream CVE details and patch attributions are clearly documented in the changelog.

---

📋 For detailed analysis and recommendations, check the Azure DevOps pipeline logs.

[CBL-Mariner-Bot]

⚠️ PR Check Passed with Warnings

Found 6 warning(s) that should be reviewed.

🤖 AI Analysis Summary:

Brief Analysis:
This PR updates the Rust package from version 1.86.0 to 1.88.0, updates the stage0_version from 1.85.0 to 1.87.0, and removes the now-unreferenced CVE‑2025‑4574 patch. The changes appear to streamline the CVE patch application with sequential, valid patch listings.

Critical Issues Found:
• No critical security issues detected.

Recommended Actions:
• Remove any leftover CVE‑2025‑4574_1.75.patch from the directory to avoid confusion.
• Confirm that upstream fixes for CVE‑2025‑4574 justify its removal and that changelog documentation clearly reflects this decision.
• Verify patch application via %autosetup is functioning as expected with the remaining CVE‑2025‑53605.patch and CVE‑2024‑11738.patch.

---

📋 For detailed analysis and recommendations, check the Azure DevOps pipeline logs.

[KavyaSree2610]

The failing github PR checks are unrelated to this PR
Full build successful, fullbuild id: 3.0.20251022-kkaitepalli-960899

[sprt]

Could we use a more descriptive subject and commit message here (and same for kata-containers-cc)? Seems there are 2 aspects at play: stricter dead code linting & stricter lifetime linting.

[KavyaSree2610]

@sprt Could you please review the PR once again? I have added more details in the description of this PR

[sprt]

Suggested change

	Subject: [PATCH] Suppress dead_code warnings and add explicit lifetime for U32Set iterator
	Subject: [PATCH] Suppress dead_code warnings and add explicit lifetime for U32Set iterator for Rust 1.90

[sprt]

Suggested change

	Patch0: 0001-warnings.patch
	Patch0: rust-1.90-fixes.patch

[mfrw]

Changes look good to me overall.
I think once the suggestions from others are addressed, we should be good.

[kgodara912]

Awaiting approval.