pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2026Q2] pkgsrc/security/p5-Bytes-Random-Secure
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Jun 28 18:25:36 UTC 2026
Modified Files:
pkgsrc/security/p5-Bytes-Random-Secure [pkgsrc-2026Q2]: Makefile
distinfo
Added Files:
pkgsrc/security/p5-Bytes-Random-Secure/patches [pkgsrc-2026Q2]:
patch-lib_Bytes_Random_Secure.pm
Log Message:
Pullup ticket #7147 - requested by taca
security/p5-Bytes-Random-Secure: security fix
Revisions pulled up:
- security/p5-Bytes-Random-Secure/Makefile 1.17
- security/p5-Bytes-Random-Secure/distinfo 1.7
- security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jun 26 17:01:30 UTC 2026
Modified Files:
pkgsrc/security/p5-Bytes-Random-Secure: Makefile distinfo
Added Files:
pkgsrc/security/p5-Bytes-Random-Secure/patches:
patch-lib_Bytes_Random_Secure.pm
Log Message:
p5-Bytes-Random-Secure: fix CVE-2026-11625.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.16.8.1 \
pkgsrc/security/p5-Bytes-Random-Secure/Makefile
cvs rdiff -u -r1.6 -r1.6.38.1 pkgsrc/security/p5-Bytes-Random-Secure/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/p5-Bytes-Random-Secure/Makefile
diff -u pkgsrc/security/p5-Bytes-Random-Secure/Makefile:1.16 pkgsrc/security/p5-Bytes-Random-Secure/Makefile:1.16.8.1
--- pkgsrc/security/p5-Bytes-Random-Secure/Makefile:1.16 Fri Jul 4 08:47:56 2025
+++ pkgsrc/security/p5-Bytes-Random-Secure/Makefile Sun Jun 28 18:25:36 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2025/07/04 08:47:56 wiz Exp $
+# $NetBSD: Makefile,v 1.16.8.1 2026/06/28 18:25:36 bsiegert Exp $
DISTNAME= Bytes-Random-Secure-0.29
PKGNAME= p5-${DISTNAME}
-PKGREVISION= 9
+PKGREVISION= 10
CATEGORIES= security perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Bytes/}
Index: pkgsrc/security/p5-Bytes-Random-Secure/distinfo
diff -u pkgsrc/security/p5-Bytes-Random-Secure/distinfo:1.6 pkgsrc/security/p5-Bytes-Random-Secure/distinfo:1.6.38.1
--- pkgsrc/security/p5-Bytes-Random-Secure/distinfo:1.6 Tue Oct 26 11:17:25 2021
+++ pkgsrc/security/p5-Bytes-Random-Secure/distinfo Sun Jun 28 18:25:36 2026
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2021/10/26 11:17:25 nia Exp $
+$NetBSD: distinfo,v 1.6.38.1 2026/06/28 18:25:36 bsiegert Exp $
BLAKE2s (Bytes-Random-Secure-0.29.tar.gz) = 278c905b8a2ab45fd5fb1be25e59b5acf0862b6948bc18d9dc44a055262fd6e3
SHA512 (Bytes-Random-Secure-0.29.tar.gz) = 72faf9e9fff1cc9641845d47b8dd1efb39861b4015246b169167d4f6050998e91d30b53d6a3e08daf91a838fcf29a05042073064204270de05b2f2ca9990fe64
Size (Bytes-Random-Secure-0.29.tar.gz) = 28007 bytes
+SHA1 (patch-lib_Bytes_Random_Secure.pm) = 476970873f7dc3dd2cd37971b7dfb8714cd1a73c
Added files:
Index: pkgsrc/security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm
diff -u /dev/null pkgsrc/security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm:1.1.2.2
--- /dev/null Sun Jun 28 18:25:36 2026
+++ pkgsrc/security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm Sun Jun 28 18:25:36 2026
@@ -0,0 +1,51 @@
+$NetBSD: patch-lib_Bytes_Random_Secure.pm,v 1.1.2.2 2026/06/28 18:25:36 bsiegert Exp $
+
+Fix CVE-2026-11625.
+https://security.metacpan.org/patches/B/Bytes-Random-Secure/0.29/CVE-2026-11625-r1.patch
+
+--- lib/Bytes/Random/Secure.pm.orig 2015-07-13 04:38:06.000000000 +0000
++++ lib/Bytes/Random/Secure.pm
+@@ -156,6 +156,7 @@ sub _build_attributes {
+ $self->{$arg} = exists $args->{$arg} ? $args->{$arg} : $default;
+ }
+
++ $self->{_pid} = $$;
+ $self->{_RNG} = undef; # Lazy initialization.
+ return $self;
+ }
+@@ -171,6 +172,8 @@ sub _instantiate_rng {
+ my @seeds = $self->_generate_seed( %seed_opts );
+ $self->{_RNG} = Math::Random::ISAAC->new(@seeds);
+
++ $self->{_pid} = $$;
++
+ return $self->{_RNG};
+ }
+
+@@ -224,7 +227,7 @@ sub bytes {
+ $bytes = defined $bytes ? $bytes : 0; # Default to zero bytes.
+ $self->_validate_int( $bytes ); # Throws on violation.
+
+- $self->_instantiate_rng unless defined $self->{_RNG};
++ $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+
+ my $str = '';
+
+@@ -302,7 +305,7 @@ sub _ranged_randoms {
+ $count = defined $count ? $count : 0;
+
+ # Lazily seed the RNG so we don't waste available strong entropy.
+- $self->_instantiate_rng unless defined $self->{_RNG};
++ $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+
+ my $divisor = $self->_closest_divisor($range);
+
+@@ -354,7 +357,7 @@ sub irand {
+
+ sub irand {
+ my( $self ) = @_;
+- $self->_instantiate_rng unless defined $self->{_RNG};
++ $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+ return $self->{_RNG}->irand;
+ }
+
Home |
Main Index |
Thread Index |
Old Index