pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2026Q2] pkgsrc/security/p5-Bytes-Random-Secure-Tiny
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Jun 28 18:26:39 UTC 2026
Modified Files:
pkgsrc/security/p5-Bytes-Random-Secure-Tiny [pkgsrc-2026Q2]: Makefile
distinfo
Added Files:
pkgsrc/security/p5-Bytes-Random-Secure-Tiny/patches [pkgsrc-2026Q2]:
patch-lib_Bytes_Random_Secure_Tiny.pm
Log Message:
Pullup ticket #7148 - requested by taca
p5-Bytes-Random-Secure-Tiny: security fix
Revisions pulled up:
- security/p5-Bytes-Random-Secure-Tiny/Makefile 1.3
- security/p5-Bytes-Random-Secure-Tiny/distinfo 1.2
- security/p5-Bytes-Random-Secure-Tiny/patches/patch-lib_Bytes_Random_Secure_Tiny.pm 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jun 26 17:04:19 UTC 2026
Modified Files:
pkgsrc/security/p5-Bytes-Random-Secure-Tiny: Makefile distinfo
Added Files:
pkgsrc/security/p5-Bytes-Random-Secure-Tiny/patches:
patch-lib_Bytes_Random_Secure_Tiny.pm
Log Message:
p5-Bytes-Random-Secure-Tiny: fix CVE-2026-11702
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.8.1 \
pkgsrc/security/p5-Bytes-Random-Secure-Tiny/Makefile
cvs rdiff -u -r1.1 -r1.1.10.1 \
pkgsrc/security/p5-Bytes-Random-Secure-Tiny/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/security/p5-Bytes-Random-Secure-Tiny/patches/patch-lib_Bytes_Random_Secure_Tiny.pm
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/p5-Bytes-Random-Secure-Tiny/Makefile
diff -u pkgsrc/security/p5-Bytes-Random-Secure-Tiny/Makefile:1.2 pkgsrc/security/p5-Bytes-Random-Secure-Tiny/Makefile:1.2.8.1
--- pkgsrc/security/p5-Bytes-Random-Secure-Tiny/Makefile:1.2 Fri Jul 4 08:47:56 2025
+++ pkgsrc/security/p5-Bytes-Random-Secure-Tiny/Makefile Sun Jun 28 18:26:39 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2025/07/04 08:47:56 wiz Exp $
+# $NetBSD: Makefile,v 1.2.8.1 2026/06/28 18:26:39 bsiegert Exp $
DISTNAME= Bytes-Random-Secure-Tiny-1.011
PKGNAME= p5-${DISTNAME}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= security perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Bytes/}
Index: pkgsrc/security/p5-Bytes-Random-Secure-Tiny/distinfo
diff -u pkgsrc/security/p5-Bytes-Random-Secure-Tiny/distinfo:1.1 pkgsrc/security/p5-Bytes-Random-Secure-Tiny/distinfo:1.1.10.1
--- pkgsrc/security/p5-Bytes-Random-Secure-Tiny/distinfo:1.1 Tue Apr 1 16:59:51 2025
+++ pkgsrc/security/p5-Bytes-Random-Secure-Tiny/distinfo Sun Jun 28 18:26:39 2026
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.1 2025/04/01 16:59:51 abs Exp $
+$NetBSD: distinfo,v 1.1.10.1 2026/06/28 18:26:39 bsiegert Exp $
BLAKE2s (Bytes-Random-Secure-Tiny-1.011.tar.gz) = 55f73a924691060a957a7e0457724d0fef8d68f4b03b37e9b5139d67dd5c7bdc
SHA512 (Bytes-Random-Secure-Tiny-1.011.tar.gz) = b04b765af3d4ecd337571b53ff02d9efc54a08a598ece5df82357c8e364fbeff0f2a97561916a0e362f5e89e83939cdd10c3a3b3288e2952324fa57490d640be
Size (Bytes-Random-Secure-Tiny-1.011.tar.gz) = 28598 bytes
+SHA1 (patch-lib_Bytes_Random_Secure_Tiny.pm) = d88b90ff66add7a2204b6919eb0b036380a98b98
Added files:
Index: pkgsrc/security/p5-Bytes-Random-Secure-Tiny/patches/patch-lib_Bytes_Random_Secure_Tiny.pm
diff -u /dev/null pkgsrc/security/p5-Bytes-Random-Secure-Tiny/patches/patch-lib_Bytes_Random_Secure_Tiny.pm:1.1.2.2
--- /dev/null Sun Jun 28 18:26:39 2026
+++ pkgsrc/security/p5-Bytes-Random-Secure-Tiny/patches/patch-lib_Bytes_Random_Secure_Tiny.pm Sun Jun 28 18:26:39 2026
@@ -0,0 +1,62 @@
+$NetBSD: patch-lib_Bytes_Random_Secure_Tiny.pm,v 1.1.2.2 2026/06/28 18:26:39 bsiegert Exp $
+
+Fix CVE-2026-11702.
+https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-11702-r1.patch
+
+--- lib/Bytes/Random/Secure/Tiny.pm.orig 2020-09-25 17:56:00.000000000 +0000
++++ lib/Bytes/Random/Secure/Tiny.pm
+@@ -310,18 +310,46 @@ sub new {
+ $bits = delete $args{bits} if exists $args{bits};
+ croak "Number of bits must be 64 <= n <= 8192, and a multipe in 2^n: $bits"
+ if $bits < 64 || $bits > 8192 || !_ispowerof2($bits);
+- return Hash::Util::lock_hashref bless {
+- bits => $bits,
+- _rng => Math::Random::ISAAC::Embedded->new(do{
+- my $source = Crypt::Random::Seed::Embedded->new(%args)
+- or croak 'Could not get a seed source.';
+- $source->random_values($bits/32);
+- }),
++ # Fork safety: the engine + the PID that seeded it live in a nested hash.
++ # lock_hashref (below) makes the top-level _state *reference* read-only, but
++ # the hash it points to stays mutable, so a forked child can swap in a fresh
++ # engine and record its own PID without unlocking. _seed_args/bits are kept
++ # so the child can re-seed identically.
++ $self = bless {
++ bits => $bits,
++ _seed_args => {%args},
++ _state => { pid => $$ },
+ }, $class;
++ $self->{_state}{rng} = $self->_seed_rng;
++ return Hash::Util::lock_hashref $self;
+ }
+
++sub _seed_rng {
++ my $self = shift;
++ return Math::Random::ISAAC::Embedded->new(do{
++ my $source = Crypt::Random::Seed::Embedded->new(%{$self->{_seed_args}})
++ or croak 'Could not get a seed source.';
++ $source->random_values($self->{bits}/32);
++ });
++}
++
+ sub _ispowerof2 {my $n = shift; return ($n >= 0) && (($n & ($n-1)) ==0 )}
+-sub irand {shift->{'_rng'}->irand}
++
++# All random output (bytes, bytes_hex, string_from, shuffle) funnels through
++# irand, so the fork guard lives here once. If the PID changed, this process is
++# a fork() child that inherited the parent's ISAAC state; re-seed from fresh
++# entropy and record the new PID so the re-seed happens at most once per fork.
++# Reading $$ is a cached variable (no syscall). Threads are out of scope (a new
++# thread keeps $$) and remain caller-responsibility per the POD.
++sub irand {
++ my $self = shift;
++ my $state = $self->{'_state'};
++ if ($state->{pid} != $$) {
++ $state->{rng} = $self->_seed_rng;
++ $state->{pid} = $$;
++ }
++ return $state->{rng}->irand;
++}
+ sub bytes_hex {unpack 'H*', shift->bytes(shift)} # lc Hex digits only, no '0x'
+
+ sub bytes {
Home |
Main Index |
Thread Index |
Old Index