Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package perl-CGI-Session for 
openSUSE:Factory checked in at 2026-07-01 16:58:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-CGI-Session (Old)
 and      /work/SRC/openSUSE:Factory/.perl-CGI-Session.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "perl-CGI-Session"

Wed Jul  1 16:58:41 2026 rev:27 rq:1362937 version:4.490.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-CGI-Session/perl-CGI-Session.changes        
2025-06-13 18:44:47.521245945 +0200
+++ 
/work/SRC/openSUSE:Factory/.perl-CGI-Session.new.11887/perl-CGI-Session.changes 
    2026-07-01 16:59:29.548590680 +0200
@@ -1,0 +2,9 @@
+Wed Jul  1 08:56:17 UTC 2026 - Tina Müller <[email protected]>
+
+- updated to 4.490.0 (4.49)
+   see /usr/share/doc/packages/perl-CGI-Session/Changelog.ini
+
+   * SECURITY: Strengthen cryptographic randomness of MD5 driver, 
CVE-2026-56016
+     (Robert Rothenberg, Mark Stosberg) bsc#1269983
+
+-------------------------------------------------------------------

Old:
----
  CGI-Session-4.48.tar.gz

New:
----
  CGI-Session-4.49.tar.gz
  README.md
  _scmsync.obsinfo
  build.specials.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ perl-CGI-Session.spec ++++++
--- /var/tmp/diff_new_pack.oH3Ybt/_old  2026-07-01 16:59:32.168681439 +0200
+++ /var/tmp/diff_new_pack.oH3Ybt/_new  2026-07-01 16:59:32.172681577 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package perl-CGI-Session
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,22 +18,25 @@
 
 %define cpan_name CGI-Session
 Name:           perl-CGI-Session
-Version:        4.480.0
+Version:        4.490.0
 Release:        0
-# 4.48 -> normalize -> 4.480.0
-%define cpan_version 4.48
+# 4.49 -> normalize -> 4.490.0
+%define cpan_version 4.49
 #Upstream: Artistic-1.0
 License:        Artistic-1.0 OR GPL-1.0-or-later
 Summary:        Persistent session data in CGI applications
 URL:            https://metacpan.org/release/%{cpan_name}
 Source0:        
https://cpan.metacpan.org/authors/id/M/MA/MARKSTOS/%{cpan_name}-%{cpan_version}.tar.gz
 Source1:        cpanspec.yml
+Source100:      README.md
 BuildArch:      noarch
 BuildRequires:  perl
 BuildRequires:  perl-macros
 BuildRequires:  perl(CGI) >= 3.260
-BuildRequires:  perl(Module::Build) >= 0.38
+BuildRequires:  perl(Crypt::SysRandom) >= 0.7
+BuildRequires:  perl(Module::Build) >= 0.380
 Requires:       perl(CGI) >= 3.260
+Requires:       perl(Crypt::SysRandom) >= 0.7
 Provides:       perl(CGI::Session) = %{version}
 Provides:       perl(CGI::Session::Driver) = 4.430.0
 Provides:       perl(CGI::Session::Driver::DBI) = 4.430.0
@@ -44,7 +47,7 @@
 Provides:       perl(CGI::Session::Driver::sqlite) = 4.430.0
 Provides:       perl(CGI::Session::ErrorHandler) = 4.430.0
 Provides:       perl(CGI::Session::ID::incr) = 4.430.0
-Provides:       perl(CGI::Session::ID::md5) = 4.430.0
+Provides:       perl(CGI::Session::ID::md5) = %{version}
 Provides:       perl(CGI::Session::ID::static) = 4.440.0
 Provides:       perl(CGI::Session::Serialize::default) = 4.430.0
 Provides:       perl(CGI::Session::Serialize::freezethaw) = 4.430.0
@@ -74,8 +77,6 @@
 %prep
 %autosetup -n %{cpan_name}-%{cpan_version} -p1
 
-find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path 
"*/script/*" ! -path "*/scripts/*" ! -name "configure" -print0 | xargs -0 chmod 
644
-
 %build
 perl Build.PL --installdirs=vendor
 ./Build build --flags=%{?_smp_mflags}

++++++ CGI-Session-4.48.tar.gz -> CGI-Session-4.49.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CGI-Session-4.48/Build.PL 
new/CGI-Session-4.49/Build.PL
--- old/CGI-Session-4.48/Build.PL       2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/Build.PL       2026-06-30 15:03:03.000000000 +0200
@@ -137,8 +137,8 @@
        requires =>
        {
         'CGI'          => 3.26,
+               'Crypt::SysRandom' => 0.007,
                'Data::Dumper' => 0,
-               'Digest::MD5'  => 0,
                'Scalar::Util' => 0,
        },
     no_index => {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CGI-Session-4.48/Changes new/CGI-Session-4.49/Changes
--- old/CGI-Session-4.48/Changes        2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/Changes        2026-06-30 15:03:03.000000000 +0200
@@ -1,6 +1,11 @@
 CGI::Session Change Log
 =====================================================================
 
+4.49 - June 30th, 2026
+
+   * SECURITY: Strengthen cryptographic randomness of MD5 driver, 
CVE-2026-56016
+     (Robert Rothenberg, Mark Stosberg)
+
 4.48 - July 11th, 2011
     No code changes.
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CGI-Session-4.48/META.json 
new/CGI-Session-4.49/META.json
--- old/CGI-Session-4.48/META.json      2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/META.json      2026-06-30 15:03:03.000000000 +0200
@@ -4,7 +4,7 @@
       "Sherzod Ruzmetov <[email protected]>"
    ],
    "dynamic_config" : 1,
-   "generated_by" : "Module::Build version 0.38, CPAN::Meta::Converter version 
2.110930",
+   "generated_by" : "Module::Build version 0.4231",
    "keywords" : [
       "session",
       "http"
@@ -14,7 +14,7 @@
    ],
    "meta-spec" : {
       "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec";,
-      "version" : "2"
+      "version" : 2
    },
    "name" : "CGI-Session",
    "no_index" : {
@@ -28,7 +28,7 @@
    "prereqs" : {
       "build" : {
          "requires" : {
-            "Test::More" : 0
+            "Test::More" : "0"
          }
       },
       "configure" : {
@@ -39,90 +39,12 @@
       "runtime" : {
          "requires" : {
             "CGI" : "3.26",
-            "Data::Dumper" : 0,
-            "Digest::MD5" : 0,
-            "Scalar::Util" : 0
+            "Crypt::SysRandom" : "0.007",
+            "Data::Dumper" : "0",
+            "Scalar::Util" : "0"
          }
       }
    },
-   "provides" : {
-      "CGI::Session" : {
-         "file" : "lib/CGI/Session.pm",
-         "version" : "4.48"
-      },
-      "CGI::Session::Driver" : {
-         "file" : "lib/CGI/Session/Driver.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Driver::DBI" : {
-         "file" : "lib/CGI/Session/Driver/DBI.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Driver::db_file" : {
-         "file" : "lib/CGI/Session/Driver/db_file.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Driver::file" : {
-         "file" : "lib/CGI/Session/Driver/file.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Driver::mysql" : {
-         "file" : "lib/CGI/Session/Driver/mysql.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Driver::postgresql" : {
-         "file" : "lib/CGI/Session/Driver/postgresql.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Driver::sqlite" : {
-         "file" : "lib/CGI/Session/Driver/sqlite.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::ErrorHandler" : {
-         "file" : "lib/CGI/Session/ErrorHandler.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::ID::incr" : {
-         "file" : "lib/CGI/Session/ID/incr.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::ID::md5" : {
-         "file" : "lib/CGI/Session/ID/md5.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::ID::static" : {
-         "file" : "lib/CGI/Session/ID/static.pm",
-         "version" : "4.44"
-      },
-      "CGI::Session::Serialize::default" : {
-         "file" : "lib/CGI/Session/Serialize/default.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Serialize::freezethaw" : {
-         "file" : "lib/CGI/Session/Serialize/freezethaw.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Serialize::storable" : {
-         "file" : "lib/CGI/Session/Serialize/storable.pm",
-         "version" : "4.43"
-      },
-      "CGI::Session::Test::Default" : {
-         "file" : "lib/CGI/Session/Test/Default.pm",
-         "version" : "4.47"
-      },
-      "CGI::Session::Test::SimpleObjectClass" : {
-         "file" : "lib/CGI/Session/Test/Default.pm",
-         "version" : 0
-      },
-      "CGI::Session::Tutorial" : {
-         "file" : "lib/CGI/Session/Tutorial.pm",
-         "version" : "4.43"
-      },
-      "OverloadedClass" : {
-         "file" : "lib/CGI/Session/Test/Default.pm",
-         "version" : 0
-      }
-   },
    "release_status" : "stable",
    "resources" : {
       "license" : [
@@ -132,5 +54,6 @@
          "url" : "http://github.com/cromedome/cgi-session";
       }
    },
-   "version" : "4.48"
+   "version" : "4.49",
+   "x_serialization_backend" : "JSON::PP version 4.16"
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CGI-Session-4.48/META.yml 
new/CGI-Session-4.49/META.yml
--- old/CGI-Session-4.48/META.yml       2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/META.yml       2026-06-30 15:03:03.000000000 +0200
@@ -3,18 +3,18 @@
 author:
   - 'Sherzod Ruzmetov <[email protected]>'
 build_requires:
-  Test::More: 0
+  Test::More: '0'
 configure_requires:
-  Module::Build: 0.38
+  Module::Build: '0.38'
 dynamic_config: 1
-generated_by: 'Module::Build version 0.38, CPAN::Meta::Converter version 
2.110930'
+generated_by: 'Module::Build version 0.4231, CPAN::Meta::Converter version 
2.150010'
 keywords:
   - session
   - http
 license: artistic
 meta-spec:
   url: http://module-build.sourceforge.net/META-spec-v1.4.html
-  version: 1.4
+  version: '1.4'
 name: CGI-Session
 no_index:
   package:
@@ -22,70 +22,13 @@
     - CGI::Session::Test::Default
     - OverloadedObjectClass
     - OverloadedClass
-provides:
-  CGI::Session:
-    file: lib/CGI/Session.pm
-    version: 4.48
-  CGI::Session::Driver:
-    file: lib/CGI/Session/Driver.pm
-    version: 4.43
-  CGI::Session::Driver::DBI:
-    file: lib/CGI/Session/Driver/DBI.pm
-    version: 4.43
-  CGI::Session::Driver::db_file:
-    file: lib/CGI/Session/Driver/db_file.pm
-    version: 4.43
-  CGI::Session::Driver::file:
-    file: lib/CGI/Session/Driver/file.pm
-    version: 4.43
-  CGI::Session::Driver::mysql:
-    file: lib/CGI/Session/Driver/mysql.pm
-    version: 4.43
-  CGI::Session::Driver::postgresql:
-    file: lib/CGI/Session/Driver/postgresql.pm
-    version: 4.43
-  CGI::Session::Driver::sqlite:
-    file: lib/CGI/Session/Driver/sqlite.pm
-    version: 4.43
-  CGI::Session::ErrorHandler:
-    file: lib/CGI/Session/ErrorHandler.pm
-    version: 4.43
-  CGI::Session::ID::incr:
-    file: lib/CGI/Session/ID/incr.pm
-    version: 4.43
-  CGI::Session::ID::md5:
-    file: lib/CGI/Session/ID/md5.pm
-    version: 4.43
-  CGI::Session::ID::static:
-    file: lib/CGI/Session/ID/static.pm
-    version: 4.44
-  CGI::Session::Serialize::default:
-    file: lib/CGI/Session/Serialize/default.pm
-    version: 4.43
-  CGI::Session::Serialize::freezethaw:
-    file: lib/CGI/Session/Serialize/freezethaw.pm
-    version: 4.43
-  CGI::Session::Serialize::storable:
-    file: lib/CGI/Session/Serialize/storable.pm
-    version: 4.43
-  CGI::Session::Test::Default:
-    file: lib/CGI/Session/Test/Default.pm
-    version: 4.47
-  CGI::Session::Test::SimpleObjectClass:
-    file: lib/CGI/Session/Test/Default.pm
-    version: 0
-  CGI::Session::Tutorial:
-    file: lib/CGI/Session/Tutorial.pm
-    version: 4.43
-  OverloadedClass:
-    file: lib/CGI/Session/Test/Default.pm
-    version: 0
 requires:
-  CGI: 3.26
-  Data::Dumper: 0
-  Digest::MD5: 0
-  Scalar::Util: 0
+  CGI: '3.26'
+  Crypt::SysRandom: '0.007'
+  Data::Dumper: '0'
+  Scalar::Util: '0'
 resources:
   license: http://opensource.org/licenses/artistic-license.php
   repository: http://github.com/cromedome/cgi-session
-version: 4.48
+version: '4.49'
+x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CGI-Session-4.48/Makefile.PL 
new/CGI-Session-4.49/Makefile.PL
--- old/CGI-Session-4.48/Makefile.PL    2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/Makefile.PL    2026-06-30 15:03:03.000000000 +0200
@@ -124,7 +124,7 @@
     PL_FILES     => {},
     PREREQ_PM    => {
         'CGI'               => 3.26,
-        'Digest::MD5'       => 0,
+               'Crypt::SysRandom'  => 0.007,
         'Data::Dumper'      => 0,
 #              'Test::Differences' => 0,
         'Test::More'        => 0,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CGI-Session-4.48/lib/CGI/Session/ID/md5.pm 
new/CGI-Session-4.49/lib/CGI/Session/ID/md5.pm
--- old/CGI-Session-4.48/lib/CGI/Session/ID/md5.pm      2011-07-11 
15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/lib/CGI/Session/ID/md5.pm      2026-06-30 
15:03:03.000000000 +0200
@@ -3,19 +3,14 @@
 # $Id$
 
 use strict;
-use Digest::MD5;
+use Crypt::SysRandom qw( random_bytes );
 use CGI::Session::ErrorHandler;
 
-$CGI::Session::ID::md5::VERSION = '4.43';
+$CGI::Session::ID::md5::VERSION = '4.49';
 @CGI::Session::ID::md5::ISA     = qw( CGI::Session::ErrorHandler );
 
 *generate = \&generate_id;
-sub generate_id {
-    my $md5 = Digest::MD5->new();
-    $md5->add($$ , time() , rand(time) );
-    return $md5->hexdigest();
-}
-
+sub generate_id { return unpack("H*", random_bytes(16)) }
 
 1;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CGI-Session-4.48/lib/CGI/Session/Tutorial.pm 
new/CGI-Session-4.49/lib/CGI/Session/Tutorial.pm
--- old/CGI-Session-4.48/lib/CGI/Session/Tutorial.pm    2011-07-11 
15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/lib/CGI/Session/Tutorial.pm    2026-06-30 
15:03:03.000000000 +0200
@@ -336,7 +336,7 @@
 
 =head2 SESSION IDs
 
-Session ids are not easily guessed (unless you're using L<incr ID 
generator|CGI::Session::ID::incr>)! Default configuration of CGI::Session uses 
L<Digest::MD5|CGI::Session::ID::md5> to generate random, 32 character long 
identifier. Although this string cannot be guessed as easily by others, if they 
find it out somehow, can they use this identifier against the other person?
+Session ids are not easily guessed (unless you're using L<incr ID 
generator|CGI::Session::ID::incr>)! Default configuration of CGI::Session uses 
L<CGI::Session::ID::md5|CGI::Session::ID::md5> to generate random, 32 character 
long identifier. Although this string cannot be guessed as easily by others, if 
they find it out somehow, can they use this identifier against the other person?
 
 Consider the scenario, where you just give someone either via email or an 
instant messaging a link to a Web site where you're currently logged in. The 
URL you give to that person contains a session id as part of a query string. If 
the site was initializing the session solely using query string parameter, 
after clicking on that link that person now appears to that site as you, and 
might have access to all of your private data instantly.
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CGI-Session-4.48/lib/CGI/Session.pm 
new/CGI-Session-4.49/lib/CGI/Session.pm
--- old/CGI-Session-4.48/lib/CGI/Session.pm     2011-07-11 15:00:41.000000000 
+0200
+++ new/CGI-Session-4.49/lib/CGI/Session.pm     2026-06-30 15:03:03.000000000 
+0200
@@ -4,7 +4,7 @@
 use CGI::Session::ErrorHandler;
 
 @CGI::Session::ISA      = qw( CGI::Session::ErrorHandler );
-$CGI::Session::VERSION  = '4.48';
+$CGI::Session::VERSION  = '4.49';
 $CGI::Session::NAME     = 'CGISESSID';
 $CGI::Session::IP_MATCH = 0;
 
@@ -1314,7 +1314,7 @@
 
 =item *
 
-L<md5|CGI::Session::ID::md5> - generates 32 character long hexadecimal string. 
Requires L<Digest::MD5|Digest::MD5>.
+L<md5|CGI::Session::ID::md5> - generates 32 character long hexadecimal string. 
Requires L<Crypto::SysRandom|Crypto::SysRandom>.
 Full name: B<CGI::Session::ID::md5>.
 
 =item *

++++++ README.md ++++++

## Build Results

Current state of perl in openSUSE:Factory is

![Factory build 
results](https://br.opensuse.org/status/openSUSE:Factory/perl-CGI-Session/standard)

The current state of perl in the devel project build (devel:languages:perl)

![Devel project build 
results](https://br.opensuse.org/status/devel:languages:perl/perl-CGI-Session)



++++++ _scmsync.obsinfo ++++++
mtime: 1782900517
commit: d4a3ae0aa727f718a792761af7c0f6bf23a093c5013402e5ec443e04efcd294e
url: https://src.opensuse.org/perl/perl-CGI-Session
revision: d4a3ae0aa727f718a792761af7c0f6bf23a093c5013402e5ec443e04efcd294e
projectscmsync: https://src.opensuse.org/perl/_ObsPrj

++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore      1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore      2026-07-01 12:08:37.000000000 +0200
@@ -0,0 +1 @@
+.osc

Reply via email to