public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Paul Howarth <paul@city-fan.org>
To: git-commits@fedoraproject.org
Subject: [rpms/perl-Crypt-DSA] f43: Update to 1.21
Date: Mon, 15 Jun 2026 10:34:23 GMT [thread overview]
Message-ID: <178151966311.1.17314626628314111409.rpms-perl-Crypt-DSA-1864240d1a8b@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/perl-Crypt-DSA
Branch : f43
Commit : 1864240d1a8b420b7b253a76a1d0f2a24f173858
Author : Paul Howarth <paul@city-fan.org>
Date : 2026-06-15T11:17:50+01:00
Stats : +14/-3 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/perl-Crypt-DSA/c/1864240d1a8b420b7b253a76a1d0f2a24f173858?branch=f43
Log:
Update to 1.21
- New upstream release 1.21
- Fixed key material reuse for multiple signing events (CVE-2026-12205,
CWE-323)
- sign() reused the DSA nonce k across signatures (r and k^-1 were cached
on the key and not regenerated), allowing private-key recovery from two
signatures over different messages
- Now generates a fresh nonce per signature
- Keys used to sign more than once with an affected version should be
considered compromised
---
diff --git a/perl-Crypt-DSA.spec b/perl-Crypt-DSA.spec
index da44d1a..d723c54 100644
--- a/perl-Crypt-DSA.spec
+++ b/perl-Crypt-DSA.spec
@@ -1,7 +1,7 @@
Summary: Perl module for DSA signatures and key generation
Name: perl-Crypt-DSA
-Version: 1.20
-Release: 2%{?dist}
+Version: 1.21
+Release: 1%{?dist}
License: GPL-1.0-or-later OR Artistic-1.0-Perl
Url: https://metacpan.org/release/Crypt-DSA
Source0: https://www.cpan.org/modules/by-module/Crypt/Crypt-DSA-%{version}.tar.gz
@@ -88,6 +88,17 @@ make test
%{_mandir}/man3/Crypt::DSA::Util.3*
%changelog
+* Mon Jun 15 2026 Paul Howarth <paul@city-fan.org> - 1.21-1
+- Update to 1.21
+ - Fixed key material reuse for multiple signing events (CVE-2026-12205,
+ CWE-323)
+ - sign() reused the DSA nonce k across signatures (r and k^-1 were cached
+ on the key and not regenerated), allowing private-key recovery from two
+ signatures over different messages
+ - Now generates a fresh nonce per signature
+ - Keys used to sign more than once with an affected version should be
+ considered compromised
+
* Fri Jun 12 2026 Yaakov Selkowitz <yselkowi@redhat.com> - 1.20-2
- Rebuilt for openssl 4.0
diff --git a/sources b/sources
index d094890..804620d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (Crypt-DSA-1.20.tar.gz) = f181e90a605c5b6c9c02993168015fd26cd8351d0e6eff7044223a55324859bffb497ba53bac77970b613e4b01f93ddc915bff24493c09d215f3eada34324bb9
+SHA512 (Crypt-DSA-1.21.tar.gz) = 915bf901ea1513e0b8b942533bb1b8277da9bdded42cf23b4533290f4d0dbb559ceda5d0111c990e3412bf83d86b45dbf0b6521b0b7e973d4ae542bf2574cd4d
reply other threads:[~2026-06-15 10:34 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178151966311.1.17314626628314111409.rpms-perl-Crypt-DSA-1864240d1a8b@fedoraproject.org \
--to=paul@city-fan.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox