Fix CVE-2020-26235

[kimono-koans]

This change should permit cargo audit to no longer flag timer.rs for CVE-2020-26235.

This is required to fix: https://github.com/kimono-koans/httm/issues/54

[kimono-koans]

Can the maintainer please advise on this PR? Pleased to reformulate. Thank you!

[0xpr03]

@kimono-koans I've had contact with the author 2+ years ago. AFAIK they are not active anymore in the rust community and/or not using this crate anymore. So all effort that happened recently is purely for the sake of other people like us.

Regarding the CVE: My personal stance, and experience from my software using chrono and time since some years, is that we're exaggerating the actual impact of a possible segfault due to concurrent environment modifications by a lot.

[Yoric]

Apologies for the silence. Taking a look at it now.

[Yoric]

Thanks for the PR, merged!

I have unfortunately been away from this project and a few others for a while :/

In the future, if you need to get in touch with me, don't hesitate to ping me on Matrix, @yoric:matrix.org .

[jasta]

@Yoric do you have an ETA for when we can get a 0.2.1 release with this fix in it? In addition to the CVE, it also fixes some compatibility issues with embedded Rust as time-rs doesn't have proper support for all targets.