diff --git a/.gitignore b/.gitignore
index 205920d..d259aac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/rustc-1.50.0-src.tar.xz
+SOURCES/rustc-1.51.0-src.tar.xz
diff --git a/.rust.metadata b/.rust.metadata
index 2214478..1d010eb 100644
--- a/.rust.metadata
+++ b/.rust.metadata
@@ -1 +1 @@
-d80e7872b60faebce49dca4008ccd603daabcf1e SOURCES/rustc-1.50.0-src.tar.xz
+3a88f9fa4c3e0ef74ce8396ad80121fd0b6cb349 SOURCES/rustc-1.51.0-src.tar.xz
diff --git a/SOURCES/rustc-1.48.0-no-default-pie.patch b/SOURCES/rustc-1.48.0-no-default-pie.patch
deleted file mode 100644
index bb6b3d1..0000000
--- a/SOURCES/rustc-1.48.0-no-default-pie.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- rustc-1.48.0-src/compiler/rustc_codegen_ssa/src/back/link.rs.orig	2020-11-16 06:01:53.000000000 -0800
-+++ rustc-1.48.0-src/compiler/rustc_codegen_ssa/src/back/link.rs	2020-11-16 09:37:15.779516797 -0800
-@@ -1185,10 +1185,12 @@
- }
- 
- fn link_output_kind(sess: &Session, crate_type: CrateType) -> LinkOutputKind {
--    let kind = match (crate_type, sess.crt_static(Some(crate_type)), sess.relocation_model()) {
--        (CrateType::Executable, false, RelocModel::Pic) => LinkOutputKind::DynamicPicExe,
-+    // Only use PIE if explicity specified.
-+    let explicit_pic = matches!(sess.opts.cg.relocation_model, Some(RelocModel::Pic));
-+    let kind = match (crate_type, sess.crt_static(Some(crate_type)), explicit_pic) {
-+        (CrateType::Executable, false, true) => LinkOutputKind::DynamicPicExe,
-         (CrateType::Executable, false, _) => LinkOutputKind::DynamicNoPicExe,
--        (CrateType::Executable, true, RelocModel::Pic) => LinkOutputKind::StaticPicExe,
-+        (CrateType::Executable, true, true) => LinkOutputKind::StaticPicExe,
-         (CrateType::Executable, true, _) => LinkOutputKind::StaticNoPicExe,
-         (_, true, _) => LinkOutputKind::StaticDylib,
-         (_, false, _) => LinkOutputKind::DynamicDylib,
diff --git a/SOURCES/rustc-1.49.0-disable-http2.patch b/SOURCES/rustc-1.49.0-disable-http2.patch
deleted file mode 100644
index d6c6aa7..0000000
--- a/SOURCES/rustc-1.49.0-disable-http2.patch
+++ /dev/null
@@ -1,66 +0,0 @@
---- rustc-1.49.0-src/Cargo.lock.orig	2021-01-05 12:45:10.456414612 -0800
-+++ rustc-1.49.0-src/Cargo.lock	2021-01-05 12:45:10.458414575 -0800
-@@ -882,7 +882,6 @@
- dependencies = [
-  "cc",
-  "libc",
-- "libnghttp2-sys",
-  "libz-sys",
-  "openssl-sys",
-  "pkg-config",
-@@ -1728,16 +1727,6 @@
- ]
- 
- [[package]]
--name = "libnghttp2-sys"
--version = "0.1.4+1.41.0"
--source = "registry+https://github.com/rust-lang/crates.io-index"
--checksum = "03624ec6df166e79e139a2310ca213283d6b3c30810c54844f307086d4488df1"
--dependencies = [
-- "cc",
-- "libc",
--]
--
--[[package]]
- name = "libz-sys"
- version = "1.1.2"
- source = "registry+https://github.com/rust-lang/crates.io-index"
---- rustc-1.49.0-src/src/tools/cargo/Cargo.toml.orig	2021-01-05 12:45:10.458414575 -0800
-+++ rustc-1.49.0-src/src/tools/cargo/Cargo.toml	2021-01-05 12:47:25.966928554 -0800
-@@ -25,7 +25,7 @@
- crates-io = { path = "crates/crates-io", version = "0.31.1" }
- crossbeam-utils = "0.8"
- crypto-hash = "0.3.1"
--curl = { version = "0.4.23", features = ["http2"] }
-+curl = { version = "0.4.23", features = [] }
- curl-sys = "0.4.22"
- env_logger = "0.8.1"
- pretty_env_logger = { version = "0.4", optional = true }
---- rustc-1.49.0-src/src/tools/cargo/src/cargo/core/package.rs.orig	2020-12-28 19:03:25.000000000 -0800
-+++ rustc-1.49.0-src/src/tools/cargo/src/cargo/core/package.rs	2021-01-05 12:45:10.458414575 -0800
-@@ -408,14 +408,8 @@
-         // Also note that pipelining is disabled as curl authors have indicated
-         // that it's buggy, and we've empirically seen that it's buggy with HTTP
-         // proxies.
--        let mut multi = Multi::new();
--        let multiplexing = config.http_config()?.multiplexing.unwrap_or(true);
--        multi
--            .pipelining(false, multiplexing)
--            .chain_err(|| "failed to enable multiplexing/pipelining in curl")?;
--
--        // let's not flood crates.io with connections
--        multi.set_max_host_connections(2)?;
-+        let multi = Multi::new();
-+        let multiplexing = false;
- 
-         Ok(PackageSet {
-             packages: package_ids
-@@ -584,7 +578,7 @@
- macro_rules! try_old_curl {
-     ($e:expr, $msg:expr) => {
-         let result = $e;
--        if cfg!(target_os = "macos") {
-+        if cfg!(any(target_os = "linux", target_os = "macos")) {
-             if let Err(e) = result {
-                 warn!("ignoring libcurl {} error: {}", $msg, e);
-             }
diff --git a/SOURCES/rustc-1.51.0-backport-pr81910.patch b/SOURCES/rustc-1.51.0-backport-pr81910.patch
new file mode 100644
index 0000000..e2f91b6
--- /dev/null
+++ b/SOURCES/rustc-1.51.0-backport-pr81910.patch
@@ -0,0 +1,48 @@
+From 852684d306cee955ed751f1e8d8eec6adaecff3b Mon Sep 17 00:00:00 2001
+From: Joshua Nelson <jyn514@gmail.com>
+Date: Mon, 8 Feb 2021 22:51:21 -0500
+Subject: [PATCH] Use format string in bootstrap panic instead of a string
+ directly
+
+This fixes the following warning when compiling with nightly:
+
+```
+warning: panic message is not a string literal
+    --> src/bootstrap/builder.rs:1515:24
+     |
+1515 |                 panic!(out);
+     |                        ^^^
+     |
+     = note: `#[warn(non_fmt_panic)]` on by default
+     = note: this is no longer accepted in Rust 2021
+help: add a "{}" format string to Display the message
+     |
+1515 |                 panic!("{}", out);
+     |                        ^^^^^
+help: or use std::panic::panic_any instead
+     |
+1515 |                 std::panic::panic_any(out);
+     |                 ^^^^^^^^^^^^^^^^^^^^^^
+```
+
+(cherry picked from commit 31c93397bde772764cda3058e16f9cef61895090)
+---
+ src/bootstrap/builder.rs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/bootstrap/builder.rs b/src/bootstrap/builder.rs
+index f1a160250dbe..0f5fcb4af400 100644
+--- a/src/bootstrap/builder.rs
++++ b/src/bootstrap/builder.rs
+@@ -1490,7 +1490,7 @@ pub fn ensure<S: Step>(&'a self, step: S) -> S::Output {
+                 for el in stack.iter().rev() {
+                     out += &format!("\t{:?}\n", el);
+                 }
+-                panic!(out);
++                panic!("{}", out);
+             }
+             if let Some(out) = self.cache.get(&step) {
+                 self.verbose(&format!("{}c {:?}", "  ".repeat(stack.len()), step));
+-- 
+2.31.1
+
diff --git a/SOURCES/rustc-1.51.0-disable-http2.patch b/SOURCES/rustc-1.51.0-disable-http2.patch
new file mode 100644
index 0000000..2517a34
--- /dev/null
+++ b/SOURCES/rustc-1.51.0-disable-http2.patch
@@ -0,0 +1,66 @@
+--- rustc-beta-src/Cargo.lock.orig	2021-03-09 10:30:08.626424998 -0800
++++ rustc-beta-src/Cargo.lock	2021-03-09 10:32:38.096207704 -0800
+@@ -899,7 +899,6 @@
+ dependencies = [
+  "cc",
+  "libc",
+- "libnghttp2-sys",
+  "libz-sys",
+  "openssl-sys",
+  "pkg-config",
+@@ -1860,16 +1859,6 @@
+ ]
+ 
+ [[package]]
+-name = "libnghttp2-sys"
+-version = "0.1.4+1.41.0"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "03624ec6df166e79e139a2310ca213283d6b3c30810c54844f307086d4488df1"
+-dependencies = [
+- "cc",
+- "libc",
+-]
+-
+-[[package]]
+ name = "libz-sys"
+ version = "1.1.2"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+--- rustc-beta-src/src/tools/cargo/Cargo.toml.orig	2021-03-05 08:34:15.000000000 -0800
++++ rustc-beta-src/src/tools/cargo/Cargo.toml	2021-03-09 10:32:38.096207704 -0800
+@@ -25,7 +25,7 @@
+ crates-io = { path = "crates/crates-io", version = "0.33.0" }
+ crossbeam-utils = "0.8"
+ crypto-hash = "0.3.1"
+-curl = { version = "0.4.23", features = ["http2"] }
++curl = { version = "0.4.23", features = [] }
+ curl-sys = "0.4.22"
+ env_logger = "0.8.1"
+ pretty_env_logger = { version = "0.4", optional = true }
+--- rustc-beta-src/src/tools/cargo/src/cargo/core/package.rs.orig	2021-03-05 08:34:15.000000000 -0800
++++ rustc-beta-src/src/tools/cargo/src/cargo/core/package.rs	2021-03-09 10:32:38.096207704 -0800
+@@ -412,14 +412,8 @@
+         // Also note that pipelining is disabled as curl authors have indicated
+         // that it's buggy, and we've empirically seen that it's buggy with HTTP
+         // proxies.
+-        let mut multi = Multi::new();
+-        let multiplexing = config.http_config()?.multiplexing.unwrap_or(true);
+-        multi
+-            .pipelining(false, multiplexing)
+-            .chain_err(|| "failed to enable multiplexing/pipelining in curl")?;
+-
+-        // let's not flood crates.io with connections
+-        multi.set_max_host_connections(2)?;
++        let multi = Multi::new();
++        let multiplexing = false;
+ 
+         Ok(PackageSet {
+             packages: package_ids
+@@ -592,7 +586,7 @@
+ macro_rules! try_old_curl {
+     ($e:expr, $msg:expr) => {
+         let result = $e;
+-        if cfg!(target_os = "macos") {
++        if cfg!(any(target_os = "linux", target_os = "macos")) {
+             if let Err(e) = result {
+                 warn!("ignoring libcurl {} error: {}", $msg, e);
+             }
diff --git a/SOURCES/rustc-1.51.0-no-default-pie.patch b/SOURCES/rustc-1.51.0-no-default-pie.patch
new file mode 100644
index 0000000..d24cc75
--- /dev/null
+++ b/SOURCES/rustc-1.51.0-no-default-pie.patch
@@ -0,0 +1,19 @@
+--- rustc-beta-src/compiler/rustc_codegen_ssa/src/back/link.rs.orig	2021-03-09 10:40:09.755485845 -0800
++++ rustc-beta-src/compiler/rustc_codegen_ssa/src/back/link.rs	2021-03-09 10:44:51.257426181 -0800
+@@ -1279,11 +1279,13 @@
+ }
+ 
+ fn link_output_kind(sess: &Session, crate_type: CrateType) -> LinkOutputKind {
+-    let kind = match (crate_type, sess.crt_static(Some(crate_type)), sess.relocation_model()) {
++    // Only use PIE if explicity specified.
++    let explicit_pic = matches!(sess.opts.cg.relocation_model, Some(RelocModel::Pic));
++    let kind = match (crate_type, sess.crt_static(Some(crate_type)), explicit_pic) {
+         (CrateType::Executable, _, _) if sess.is_wasi_reactor() => LinkOutputKind::WasiReactorExe,
+-        (CrateType::Executable, false, RelocModel::Pic) => LinkOutputKind::DynamicPicExe,
++        (CrateType::Executable, false, true) => LinkOutputKind::DynamicPicExe,
+         (CrateType::Executable, false, _) => LinkOutputKind::DynamicNoPicExe,
+-        (CrateType::Executable, true, RelocModel::Pic) => LinkOutputKind::StaticPicExe,
++        (CrateType::Executable, true, true) => LinkOutputKind::StaticPicExe,
+         (CrateType::Executable, true, _) => LinkOutputKind::StaticNoPicExe,
+         (_, true, _) => LinkOutputKind::StaticDylib,
+         (_, false, _) => LinkOutputKind::DynamicDylib,
diff --git a/SPECS/rust.spec b/SPECS/rust.spec
index c6b101e..fe2e695 100644
--- a/SPECS/rust.spec
+++ b/SPECS/rust.spec
@@ -10,10 +10,10 @@
 # e.g. 1.10.0 wants rustc: 1.9.0-2016-05-24
 # or nightly wants some beta-YYYY-MM-DD
 # Note that cargo matches the program version here, not its crate version.
-%global bootstrap_rust 1.49.0
-%global bootstrap_cargo 1.49.0
-%global bootstrap_channel 1.49.0
-%global bootstrap_date 2020-12-31
+%global bootstrap_rust 1.50.0
+%global bootstrap_cargo 1.50.0
+%global bootstrap_channel 1.50.0
+%global bootstrap_date 2021-02-11
 
 # Only the specified arches will use bootstrap binaries.
 #global bootstrap_arches %%{rust_arches}
@@ -53,7 +53,7 @@
 %endif
 
 Name:           rust
-Version:        1.50.0
+Version:        1.51.0
 Release:        1%{?dist}
 Summary:        The Rust Programming Language
 License:        (ASL 2.0 or MIT) and (BSD and MIT)
@@ -72,6 +72,10 @@ Source0:        https://static.rust-lang.org/dist/%{rustc_package}.tar.xz
 # https://github.com/rust-lang/rust/issues/80810#issuecomment-781784032
 Patch1:         0001-Revert-Auto-merge-of-79547.patch
 
+# Fix bootstrap for stage0 rust 1.51
+# https://github.com/rust-lang/rust/pull/81910
+Patch2:         rustc-1.51.0-backport-pr81910.patch
+
 ### RHEL-specific patches below ###
 
 # Disable cargo->libgit2->libssh2 on RHEL, as it's not approved for FIPS (rhbz1732949)
@@ -79,11 +83,11 @@ Patch100:       rustc-1.48.0-disable-libssh2.patch
 
 # libcurl on RHEL7 doesn't have http2, but since cargo requests it, curl-sys
 # will try to build it statically -- instead we turn off the feature.
-Patch101:       rustc-1.49.0-disable-http2.patch
+Patch101:       rustc-1.51.0-disable-http2.patch
 
 # kernel rh1410097 causes too-small stacks for PIE.
 # (affects RHEL6 kernels when building for RHEL7)
-Patch102:       rustc-1.48.0-no-default-pie.patch
+Patch102:       rustc-1.51.0-no-default-pie.patch
 
 
 # Get the Rust triple for any arch.
@@ -166,12 +170,16 @@ BuildRequires:  %{python}
 
 %if %with bundled_llvm
 BuildRequires:  cmake3 >= 3.4.3
-Provides:       bundled(llvm) = 11.0.0
+Provides:       bundled(llvm) = 11.0.1
 %else
 BuildRequires:  cmake >= 2.8.11
 %if 0%{?epel} == 7
 %global llvm llvm9.0
 %endif
+%if 0%{?fedora} >= 34
+# we're not ready for llvm-12 yet
+%global llvm llvm11
+%endif
 %if %defined llvm
 %global llvm_root %{_libdir}/%{llvm}
 %else
@@ -402,6 +410,7 @@ test -f '%{local_rust_root}/bin/rustc'
 %setup -q -n %{rustc_package}
 
 %patch1 -p1
+%patch2 -p1
 
 %if %with disabled_libssh2
 %patch100 -p1
@@ -732,6 +741,10 @@ export %{rust_env}
 
 
 %changelog
+* Mon May 24 2021 Josh Stone <jistone@redhat.com> - 1.51.0-1
+- Update to 1.51.0. Update to 1.51.0. Includes security fixes for
+  CVE-2021-28875 and CVE-2021-28877.
+
 * Mon May 24 2021 Josh Stone <jistone@redhat.com> - 1.50.0-1
 - Update to 1.50.0.