pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2026Q2] pkgsrc/security/p5-Bytes-Random-Secure



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sun Jun 28 18:25:36 UTC 2026

Modified Files:
        pkgsrc/security/p5-Bytes-Random-Secure [pkgsrc-2026Q2]: Makefile
            distinfo
Added Files:
        pkgsrc/security/p5-Bytes-Random-Secure/patches [pkgsrc-2026Q2]:
            patch-lib_Bytes_Random_Secure.pm

Log Message:
Pullup ticket #7147 - requested by taca
security/p5-Bytes-Random-Secure: security fix

Revisions pulled up:
- security/p5-Bytes-Random-Secure/Makefile                      1.17
- security/p5-Bytes-Random-Secure/distinfo                      1.7
- security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm 1.1

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Fri Jun 26 17:01:30 UTC 2026

   Modified Files:
        pkgsrc/security/p5-Bytes-Random-Secure: Makefile distinfo
   Added Files:
        pkgsrc/security/p5-Bytes-Random-Secure/patches:
            patch-lib_Bytes_Random_Secure.pm

   Log Message:
   p5-Bytes-Random-Secure: fix CVE-2026-11625.

   Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.16.8.1 \
    pkgsrc/security/p5-Bytes-Random-Secure/Makefile
cvs rdiff -u -r1.6 -r1.6.38.1 pkgsrc/security/p5-Bytes-Random-Secure/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/p5-Bytes-Random-Secure/Makefile
diff -u pkgsrc/security/p5-Bytes-Random-Secure/Makefile:1.16 pkgsrc/security/p5-Bytes-Random-Secure/Makefile:1.16.8.1
--- pkgsrc/security/p5-Bytes-Random-Secure/Makefile:1.16        Fri Jul  4 08:47:56 2025
+++ pkgsrc/security/p5-Bytes-Random-Secure/Makefile     Sun Jun 28 18:25:36 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2025/07/04 08:47:56 wiz Exp $
+# $NetBSD: Makefile,v 1.16.8.1 2026/06/28 18:25:36 bsiegert Exp $
 
 DISTNAME=      Bytes-Random-Secure-0.29
 PKGNAME=       p5-${DISTNAME}
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES=    security perl5
 MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=Bytes/}
 

Index: pkgsrc/security/p5-Bytes-Random-Secure/distinfo
diff -u pkgsrc/security/p5-Bytes-Random-Secure/distinfo:1.6 pkgsrc/security/p5-Bytes-Random-Secure/distinfo:1.6.38.1
--- pkgsrc/security/p5-Bytes-Random-Secure/distinfo:1.6 Tue Oct 26 11:17:25 2021
+++ pkgsrc/security/p5-Bytes-Random-Secure/distinfo     Sun Jun 28 18:25:36 2026
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2021/10/26 11:17:25 nia Exp $
+$NetBSD: distinfo,v 1.6.38.1 2026/06/28 18:25:36 bsiegert Exp $
 
 BLAKE2s (Bytes-Random-Secure-0.29.tar.gz) = 278c905b8a2ab45fd5fb1be25e59b5acf0862b6948bc18d9dc44a055262fd6e3
 SHA512 (Bytes-Random-Secure-0.29.tar.gz) = 72faf9e9fff1cc9641845d47b8dd1efb39861b4015246b169167d4f6050998e91d30b53d6a3e08daf91a838fcf29a05042073064204270de05b2f2ca9990fe64
 Size (Bytes-Random-Secure-0.29.tar.gz) = 28007 bytes
+SHA1 (patch-lib_Bytes_Random_Secure.pm) = 476970873f7dc3dd2cd37971b7dfb8714cd1a73c

Added files:

Index: pkgsrc/security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm
diff -u /dev/null pkgsrc/security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm:1.1.2.2
--- /dev/null   Sun Jun 28 18:25:36 2026
+++ pkgsrc/security/p5-Bytes-Random-Secure/patches/patch-lib_Bytes_Random_Secure.pm     Sun Jun 28 18:25:36 2026
@@ -0,0 +1,51 @@
+$NetBSD: patch-lib_Bytes_Random_Secure.pm,v 1.1.2.2 2026/06/28 18:25:36 bsiegert Exp $
+
+Fix CVE-2026-11625.
+https://security.metacpan.org/patches/B/Bytes-Random-Secure/0.29/CVE-2026-11625-r1.patch
+
+--- lib/Bytes/Random/Secure.pm.orig    2015-07-13 04:38:06.000000000 +0000
++++ lib/Bytes/Random/Secure.pm
+@@ -156,6 +156,7 @@ sub _build_attributes {
+       $self->{$arg} = exists $args->{$arg} ? $args->{$arg} : $default;
+     }
+ 
++    $self->{_pid} = $$;
+     $self->{_RNG} = undef;    # Lazy initialization.
+     return $self;
+ }
+@@ -171,6 +172,8 @@ sub _instantiate_rng {
+     my @seeds = $self->_generate_seed( %seed_opts );
+     $self->{_RNG} = Math::Random::ISAAC->new(@seeds);
+ 
++    $self->{_pid} = $$;
++
+     return $self->{_RNG};
+ }
+ 
+@@ -224,7 +227,7 @@ sub bytes {
+   $bytes = defined $bytes ? $bytes : 0; # Default to zero bytes.
+   $self->_validate_int( $bytes ); # Throws on violation.
+ 
+-  $self->_instantiate_rng unless defined $self->{_RNG};
++  $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+ 
+   my $str = '';
+ 
+@@ -302,7 +305,7 @@ sub _ranged_randoms {
+     $count = defined $count ? $count : 0;
+ 
+     # Lazily seed the RNG so we don't waste available strong entropy.
+-    $self->_instantiate_rng unless defined $self->{_RNG};
++    $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+ 
+     my $divisor = $self->_closest_divisor($range);
+ 
+@@ -354,7 +357,7 @@ sub irand {
+ 
+ sub irand {
+   my( $self ) = @_;
+-  $self->_instantiate_rng unless defined $self->{_RNG};
++  $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+   return $self->{_RNG}->irand;
+ }
+ 



Home | Main Index | Thread Index | Old Index