Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-CGI-Session for
openSUSE:Factory checked in at 2026-07-01 16:58:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-CGI-Session (Old)
and /work/SRC/openSUSE:Factory/.perl-CGI-Session.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-CGI-Session"
Wed Jul 1 16:58:41 2026 rev:27 rq:1362937 version:4.490.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-CGI-Session/perl-CGI-Session.changes
2025-06-13 18:44:47.521245945 +0200
+++
/work/SRC/openSUSE:Factory/.perl-CGI-Session.new.11887/perl-CGI-Session.changes
2026-07-01 16:59:29.548590680 +0200
@@ -1,0 +2,9 @@
+Wed Jul 1 08:56:17 UTC 2026 - Tina Müller <[email protected]>
+
+- updated to 4.490.0 (4.49)
+ see /usr/share/doc/packages/perl-CGI-Session/Changelog.ini
+
+ * SECURITY: Strengthen cryptographic randomness of MD5 driver,
CVE-2026-56016
+ (Robert Rothenberg, Mark Stosberg) bsc#1269983
+
+-------------------------------------------------------------------
Old:
----
CGI-Session-4.48.tar.gz
New:
----
CGI-Session-4.49.tar.gz
README.md
_scmsync.obsinfo
build.specials.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-CGI-Session.spec ++++++
--- /var/tmp/diff_new_pack.oH3Ybt/_old 2026-07-01 16:59:32.168681439 +0200
+++ /var/tmp/diff_new_pack.oH3Ybt/_new 2026-07-01 16:59:32.172681577 +0200
@@ -1,7 +1,7 @@
#
# spec file for package perl-CGI-Session
#
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,22 +18,25 @@
%define cpan_name CGI-Session
Name: perl-CGI-Session
-Version: 4.480.0
+Version: 4.490.0
Release: 0
-# 4.48 -> normalize -> 4.480.0
-%define cpan_version 4.48
+# 4.49 -> normalize -> 4.490.0
+%define cpan_version 4.49
#Upstream: Artistic-1.0
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Persistent session data in CGI applications
URL: https://metacpan.org/release/%{cpan_name}
Source0:
https://cpan.metacpan.org/authors/id/M/MA/MARKSTOS/%{cpan_name}-%{cpan_version}.tar.gz
Source1: cpanspec.yml
+Source100: README.md
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl-macros
BuildRequires: perl(CGI) >= 3.260
-BuildRequires: perl(Module::Build) >= 0.38
+BuildRequires: perl(Crypt::SysRandom) >= 0.7
+BuildRequires: perl(Module::Build) >= 0.380
Requires: perl(CGI) >= 3.260
+Requires: perl(Crypt::SysRandom) >= 0.7
Provides: perl(CGI::Session) = %{version}
Provides: perl(CGI::Session::Driver) = 4.430.0
Provides: perl(CGI::Session::Driver::DBI) = 4.430.0
@@ -44,7 +47,7 @@
Provides: perl(CGI::Session::Driver::sqlite) = 4.430.0
Provides: perl(CGI::Session::ErrorHandler) = 4.430.0
Provides: perl(CGI::Session::ID::incr) = 4.430.0
-Provides: perl(CGI::Session::ID::md5) = 4.430.0
+Provides: perl(CGI::Session::ID::md5) = %{version}
Provides: perl(CGI::Session::ID::static) = 4.440.0
Provides: perl(CGI::Session::Serialize::default) = 4.430.0
Provides: perl(CGI::Session::Serialize::freezethaw) = 4.430.0
@@ -74,8 +77,6 @@
%prep
%autosetup -n %{cpan_name}-%{cpan_version} -p1
-find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path
"*/script/*" ! -path "*/scripts/*" ! -name "configure" -print0 | xargs -0 chmod
644
-
%build
perl Build.PL --installdirs=vendor
./Build build --flags=%{?_smp_mflags}
++++++ CGI-Session-4.48.tar.gz -> CGI-Session-4.49.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Session-4.48/Build.PL
new/CGI-Session-4.49/Build.PL
--- old/CGI-Session-4.48/Build.PL 2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/Build.PL 2026-06-30 15:03:03.000000000 +0200
@@ -137,8 +137,8 @@
requires =>
{
'CGI' => 3.26,
+ 'Crypt::SysRandom' => 0.007,
'Data::Dumper' => 0,
- 'Digest::MD5' => 0,
'Scalar::Util' => 0,
},
no_index => {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Session-4.48/Changes new/CGI-Session-4.49/Changes
--- old/CGI-Session-4.48/Changes 2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/Changes 2026-06-30 15:03:03.000000000 +0200
@@ -1,6 +1,11 @@
CGI::Session Change Log
=====================================================================
+4.49 - June 30th, 2026
+
+ * SECURITY: Strengthen cryptographic randomness of MD5 driver,
CVE-2026-56016
+ (Robert Rothenberg, Mark Stosberg)
+
4.48 - July 11th, 2011
No code changes.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Session-4.48/META.json
new/CGI-Session-4.49/META.json
--- old/CGI-Session-4.48/META.json 2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/META.json 2026-06-30 15:03:03.000000000 +0200
@@ -4,7 +4,7 @@
"Sherzod Ruzmetov <[email protected]>"
],
"dynamic_config" : 1,
- "generated_by" : "Module::Build version 0.38, CPAN::Meta::Converter version
2.110930",
+ "generated_by" : "Module::Build version 0.4231",
"keywords" : [
"session",
"http"
@@ -14,7 +14,7 @@
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
- "version" : "2"
+ "version" : 2
},
"name" : "CGI-Session",
"no_index" : {
@@ -28,7 +28,7 @@
"prereqs" : {
"build" : {
"requires" : {
- "Test::More" : 0
+ "Test::More" : "0"
}
},
"configure" : {
@@ -39,90 +39,12 @@
"runtime" : {
"requires" : {
"CGI" : "3.26",
- "Data::Dumper" : 0,
- "Digest::MD5" : 0,
- "Scalar::Util" : 0
+ "Crypt::SysRandom" : "0.007",
+ "Data::Dumper" : "0",
+ "Scalar::Util" : "0"
}
}
},
- "provides" : {
- "CGI::Session" : {
- "file" : "lib/CGI/Session.pm",
- "version" : "4.48"
- },
- "CGI::Session::Driver" : {
- "file" : "lib/CGI/Session/Driver.pm",
- "version" : "4.43"
- },
- "CGI::Session::Driver::DBI" : {
- "file" : "lib/CGI/Session/Driver/DBI.pm",
- "version" : "4.43"
- },
- "CGI::Session::Driver::db_file" : {
- "file" : "lib/CGI/Session/Driver/db_file.pm",
- "version" : "4.43"
- },
- "CGI::Session::Driver::file" : {
- "file" : "lib/CGI/Session/Driver/file.pm",
- "version" : "4.43"
- },
- "CGI::Session::Driver::mysql" : {
- "file" : "lib/CGI/Session/Driver/mysql.pm",
- "version" : "4.43"
- },
- "CGI::Session::Driver::postgresql" : {
- "file" : "lib/CGI/Session/Driver/postgresql.pm",
- "version" : "4.43"
- },
- "CGI::Session::Driver::sqlite" : {
- "file" : "lib/CGI/Session/Driver/sqlite.pm",
- "version" : "4.43"
- },
- "CGI::Session::ErrorHandler" : {
- "file" : "lib/CGI/Session/ErrorHandler.pm",
- "version" : "4.43"
- },
- "CGI::Session::ID::incr" : {
- "file" : "lib/CGI/Session/ID/incr.pm",
- "version" : "4.43"
- },
- "CGI::Session::ID::md5" : {
- "file" : "lib/CGI/Session/ID/md5.pm",
- "version" : "4.43"
- },
- "CGI::Session::ID::static" : {
- "file" : "lib/CGI/Session/ID/static.pm",
- "version" : "4.44"
- },
- "CGI::Session::Serialize::default" : {
- "file" : "lib/CGI/Session/Serialize/default.pm",
- "version" : "4.43"
- },
- "CGI::Session::Serialize::freezethaw" : {
- "file" : "lib/CGI/Session/Serialize/freezethaw.pm",
- "version" : "4.43"
- },
- "CGI::Session::Serialize::storable" : {
- "file" : "lib/CGI/Session/Serialize/storable.pm",
- "version" : "4.43"
- },
- "CGI::Session::Test::Default" : {
- "file" : "lib/CGI/Session/Test/Default.pm",
- "version" : "4.47"
- },
- "CGI::Session::Test::SimpleObjectClass" : {
- "file" : "lib/CGI/Session/Test/Default.pm",
- "version" : 0
- },
- "CGI::Session::Tutorial" : {
- "file" : "lib/CGI/Session/Tutorial.pm",
- "version" : "4.43"
- },
- "OverloadedClass" : {
- "file" : "lib/CGI/Session/Test/Default.pm",
- "version" : 0
- }
- },
"release_status" : "stable",
"resources" : {
"license" : [
@@ -132,5 +54,6 @@
"url" : "http://github.com/cromedome/cgi-session"
}
},
- "version" : "4.48"
+ "version" : "4.49",
+ "x_serialization_backend" : "JSON::PP version 4.16"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Session-4.48/META.yml
new/CGI-Session-4.49/META.yml
--- old/CGI-Session-4.48/META.yml 2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/META.yml 2026-06-30 15:03:03.000000000 +0200
@@ -3,18 +3,18 @@
author:
- 'Sherzod Ruzmetov <[email protected]>'
build_requires:
- Test::More: 0
+ Test::More: '0'
configure_requires:
- Module::Build: 0.38
+ Module::Build: '0.38'
dynamic_config: 1
-generated_by: 'Module::Build version 0.38, CPAN::Meta::Converter version
2.110930'
+generated_by: 'Module::Build version 0.4231, CPAN::Meta::Converter version
2.150010'
keywords:
- session
- http
license: artistic
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
- version: 1.4
+ version: '1.4'
name: CGI-Session
no_index:
package:
@@ -22,70 +22,13 @@
- CGI::Session::Test::Default
- OverloadedObjectClass
- OverloadedClass
-provides:
- CGI::Session:
- file: lib/CGI/Session.pm
- version: 4.48
- CGI::Session::Driver:
- file: lib/CGI/Session/Driver.pm
- version: 4.43
- CGI::Session::Driver::DBI:
- file: lib/CGI/Session/Driver/DBI.pm
- version: 4.43
- CGI::Session::Driver::db_file:
- file: lib/CGI/Session/Driver/db_file.pm
- version: 4.43
- CGI::Session::Driver::file:
- file: lib/CGI/Session/Driver/file.pm
- version: 4.43
- CGI::Session::Driver::mysql:
- file: lib/CGI/Session/Driver/mysql.pm
- version: 4.43
- CGI::Session::Driver::postgresql:
- file: lib/CGI/Session/Driver/postgresql.pm
- version: 4.43
- CGI::Session::Driver::sqlite:
- file: lib/CGI/Session/Driver/sqlite.pm
- version: 4.43
- CGI::Session::ErrorHandler:
- file: lib/CGI/Session/ErrorHandler.pm
- version: 4.43
- CGI::Session::ID::incr:
- file: lib/CGI/Session/ID/incr.pm
- version: 4.43
- CGI::Session::ID::md5:
- file: lib/CGI/Session/ID/md5.pm
- version: 4.43
- CGI::Session::ID::static:
- file: lib/CGI/Session/ID/static.pm
- version: 4.44
- CGI::Session::Serialize::default:
- file: lib/CGI/Session/Serialize/default.pm
- version: 4.43
- CGI::Session::Serialize::freezethaw:
- file: lib/CGI/Session/Serialize/freezethaw.pm
- version: 4.43
- CGI::Session::Serialize::storable:
- file: lib/CGI/Session/Serialize/storable.pm
- version: 4.43
- CGI::Session::Test::Default:
- file: lib/CGI/Session/Test/Default.pm
- version: 4.47
- CGI::Session::Test::SimpleObjectClass:
- file: lib/CGI/Session/Test/Default.pm
- version: 0
- CGI::Session::Tutorial:
- file: lib/CGI/Session/Tutorial.pm
- version: 4.43
- OverloadedClass:
- file: lib/CGI/Session/Test/Default.pm
- version: 0
requires:
- CGI: 3.26
- Data::Dumper: 0
- Digest::MD5: 0
- Scalar::Util: 0
+ CGI: '3.26'
+ Crypt::SysRandom: '0.007'
+ Data::Dumper: '0'
+ Scalar::Util: '0'
resources:
license: http://opensource.org/licenses/artistic-license.php
repository: http://github.com/cromedome/cgi-session
-version: 4.48
+version: '4.49'
+x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Session-4.48/Makefile.PL
new/CGI-Session-4.49/Makefile.PL
--- old/CGI-Session-4.48/Makefile.PL 2011-07-11 15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/Makefile.PL 2026-06-30 15:03:03.000000000 +0200
@@ -124,7 +124,7 @@
PL_FILES => {},
PREREQ_PM => {
'CGI' => 3.26,
- 'Digest::MD5' => 0,
+ 'Crypt::SysRandom' => 0.007,
'Data::Dumper' => 0,
# 'Test::Differences' => 0,
'Test::More' => 0,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Session-4.48/lib/CGI/Session/ID/md5.pm
new/CGI-Session-4.49/lib/CGI/Session/ID/md5.pm
--- old/CGI-Session-4.48/lib/CGI/Session/ID/md5.pm 2011-07-11
15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/lib/CGI/Session/ID/md5.pm 2026-06-30
15:03:03.000000000 +0200
@@ -3,19 +3,14 @@
# $Id$
use strict;
-use Digest::MD5;
+use Crypt::SysRandom qw( random_bytes );
use CGI::Session::ErrorHandler;
-$CGI::Session::ID::md5::VERSION = '4.43';
+$CGI::Session::ID::md5::VERSION = '4.49';
@CGI::Session::ID::md5::ISA = qw( CGI::Session::ErrorHandler );
*generate = \&generate_id;
-sub generate_id {
- my $md5 = Digest::MD5->new();
- $md5->add($$ , time() , rand(time) );
- return $md5->hexdigest();
-}
-
+sub generate_id { return unpack("H*", random_bytes(16)) }
1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Session-4.48/lib/CGI/Session/Tutorial.pm
new/CGI-Session-4.49/lib/CGI/Session/Tutorial.pm
--- old/CGI-Session-4.48/lib/CGI/Session/Tutorial.pm 2011-07-11
15:00:41.000000000 +0200
+++ new/CGI-Session-4.49/lib/CGI/Session/Tutorial.pm 2026-06-30
15:03:03.000000000 +0200
@@ -336,7 +336,7 @@
=head2 SESSION IDs
-Session ids are not easily guessed (unless you're using L<incr ID
generator|CGI::Session::ID::incr>)! Default configuration of CGI::Session uses
L<Digest::MD5|CGI::Session::ID::md5> to generate random, 32 character long
identifier. Although this string cannot be guessed as easily by others, if they
find it out somehow, can they use this identifier against the other person?
+Session ids are not easily guessed (unless you're using L<incr ID
generator|CGI::Session::ID::incr>)! Default configuration of CGI::Session uses
L<CGI::Session::ID::md5|CGI::Session::ID::md5> to generate random, 32 character
long identifier. Although this string cannot be guessed as easily by others, if
they find it out somehow, can they use this identifier against the other person?
Consider the scenario, where you just give someone either via email or an
instant messaging a link to a Web site where you're currently logged in. The
URL you give to that person contains a session id as part of a query string. If
the site was initializing the session solely using query string parameter,
after clicking on that link that person now appears to that site as you, and
might have access to all of your private data instantly.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Session-4.48/lib/CGI/Session.pm
new/CGI-Session-4.49/lib/CGI/Session.pm
--- old/CGI-Session-4.48/lib/CGI/Session.pm 2011-07-11 15:00:41.000000000
+0200
+++ new/CGI-Session-4.49/lib/CGI/Session.pm 2026-06-30 15:03:03.000000000
+0200
@@ -4,7 +4,7 @@
use CGI::Session::ErrorHandler;
@CGI::Session::ISA = qw( CGI::Session::ErrorHandler );
-$CGI::Session::VERSION = '4.48';
+$CGI::Session::VERSION = '4.49';
$CGI::Session::NAME = 'CGISESSID';
$CGI::Session::IP_MATCH = 0;
@@ -1314,7 +1314,7 @@
=item *
-L<md5|CGI::Session::ID::md5> - generates 32 character long hexadecimal string.
Requires L<Digest::MD5|Digest::MD5>.
+L<md5|CGI::Session::ID::md5> - generates 32 character long hexadecimal string.
Requires L<Crypto::SysRandom|Crypto::SysRandom>.
Full name: B<CGI::Session::ID::md5>.
=item *
++++++ README.md ++++++
## Build Results
Current state of perl in openSUSE:Factory is

The current state of perl in the devel project build (devel:languages:perl)

++++++ _scmsync.obsinfo ++++++
mtime: 1782900517
commit: d4a3ae0aa727f718a792761af7c0f6bf23a093c5013402e5ec443e04efcd294e
url: https://src.opensuse.org/perl/perl-CGI-Session
revision: d4a3ae0aa727f718a792761af7c0f6bf23a093c5013402e5ec443e04efcd294e
projectscmsync: https://src.opensuse.org/perl/_ObsPrj
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-07-01 12:08:37.000000000 +0200
@@ -0,0 +1 @@
+.osc