[rpms/perl-Crypt-DSA] epel10: Update to 1.21

[Paul Howarth <paul@city-fan.org>]

            A new commit has been pushed.

            Repo   : rpms/perl-Crypt-DSA
            Branch : epel10
            Commit : 49923906d8cd0c76bb4a2fc8edfcb3ee345f8c22
            Author : Paul Howarth <paul@city-fan.org>
            Date   : 2026-06-15T11:48:36+01:00
            Stats  : +81/-70 in 4 file(s)
            URL    : https://src.fedoraproject.org/rpms/perl-Crypt-DSA/c/49923906d8cd0c76bb4a2fc8edfcb3ee345f8c22?branch=epel10

            Log:
            Update to 1.21

- New upstream release 1.21
  - Fixed key material reuse for multiple signing events (CVE-2026-12205,
    CWE-323)
    - sign() reused the DSA nonce k across signatures (r and k^-1 were cached
      on the key and not regenerated), allowing private-key recovery from two
      signatures over different messages
    - Now generates a fresh nonce per signature
    - Keys used to sign more than once with an affected version should be
      considered compromised

---
diff --git a/Crypt-DSA-1.20-use-Crypt::URandom-instead-of-Crypt::SysRandom.patch b/Crypt-DSA-1.20-use-Crypt::URandom-instead-of-Crypt::SysRandom.patch
deleted file mode 100644
index afd9dd9..0000000
--- a/Crypt-DSA-1.20-use-Crypt::URandom-instead-of-Crypt::SysRandom.patch
+++ /dev/null
@@ -1,67 +0,0 @@
---- lib/Crypt/DSA/KeyChain.pm
-+++ lib/Crypt/DSA/KeyChain.pm
-@@ -9,7 +9,7 @@ use IPC::Open3;
- use File::Spec;
- use File::Which ();
- use Symbol qw( gensym );
--use Crypt::SysRandom qw( random_bytes );
-+use Crypt::URandom qw( urandom );
- 
- our $VERSION = '1.20'; #VERSION
- 
-@@ -83,7 +83,7 @@ sub generate_params {
-     SCOPE: {
-         print STDERR "." if $v;
-         $seed = $param{Seed} ? delete $param{Seed} :
--            Crypt::SysRandom::random_bytes(20);
-+            Crypt::URandom::urandom(20);
-         $seedp1 = _seed_plus_one($seed);
-         my $md = sha1($seed) ^ sha1($seedp1);
-         vec($md, 0, 8) |= 0x80;
-@@ -235,7 +235,7 @@ found.
- This is entirely optional, and if not provided a random seed will
- be generated automatically.
- 
--B<Note>: This module now uses Crypt::SysRandom to generate a seed.
-+B<Note>: This module now uses Crypt::URandom to generate a seed.
- If you are not using one of the sources of randomness recommended at
- L<https://security.metacpan.org/docs/guides/random-data-for-security.html>
- you B<should not (must not)> provide your own Seed value.
---- Makefile.PL
-+++ Makefile.PL
-@@ -26,7 +26,6 @@ my %WriteMakefileArgs = (
-   "PREREQ_PM" => {
-     "Convert::ASN1" => 0,
-     "Convert::PEM" => "0.13",
--    "Crypt::SysRandom" => 0,
-     "Crypt::URandom" => 0,
-     "Data::Buffer" => "0.01",
-     "Digest::SHA" => 0,
-@@ -51,7 +50,6 @@ my %FallbackPrereqs = (
-   "Convert::ASN1" => 0,
-   "Convert::PEM" => "0.13",
-   "Crypt::DES_EDE3" => 0,
--  "Crypt::SysRandom" => 0,
-   "Crypt::URandom" => 0,
-   "Data::Buffer" => "0.01",
-   "Digest::SHA" => 0,
---- META.json
-+++ META.json
-@@ -37,7 +37,6 @@
-          "requires" : {
-             "Convert::ASN1" : "0",
-             "Convert::PEM" : "0.13",
--            "Crypt::SysRandom" : "0",
-             "Crypt::URandom" : "0",
-             "Data::Buffer" : "0.01",
-             "Digest::SHA" : "0",
---- META.yml
-+++ META.yml
-@@ -22,7 +22,6 @@ name: Crypt-DSA
- requires:
-   Convert::ASN1: '0'
-   Convert::PEM: '0.13'
--  Crypt::SysRandom: '0'
-   Crypt::URandom: '0'
-   Data::Buffer: '0.01'
-   Digest::SHA: '0'

diff --git a/Crypt-DSA-1.21-use-Crypt::URandom-instead-of-Crypt::SysRandom.patch b/Crypt-DSA-1.21-use-Crypt::URandom-instead-of-Crypt::SysRandom.patch
new file mode 100644
index 0000000..22e719c
--- /dev/null
+++ b/Crypt-DSA-1.21-use-Crypt::URandom-instead-of-Crypt::SysRandom.patch
@@ -0,0 +1,67 @@
+--- lib/Crypt/DSA/KeyChain.pm
++++ lib/Crypt/DSA/KeyChain.pm
+@@ -9,7 +9,7 @@ use IPC::Open3;
+ use File::Spec;
+ use File::Which ();
+ use Symbol qw( gensym );
+-use Crypt::SysRandom qw( random_bytes );
++use Crypt::URandom qw( urandom );
+ 
+ our $VERSION = '1.21'; #VERSION
+ 
+@@ -83,7 +83,7 @@ sub generate_params {
+     SCOPE: {
+         print STDERR "." if $v;
+         $seed = $param{Seed} ? delete $param{Seed} :
+-            Crypt::SysRandom::random_bytes(20);
++            Crypt::URandom::urandom(20);
+         $seedp1 = _seed_plus_one($seed);
+         my $md = sha1($seed) ^ sha1($seedp1);
+         vec($md, 0, 8) |= 0x80;
+@@ -235,7 +235,7 @@ found.
+ This is entirely optional, and if not provided a random seed will
+ be generated automatically.
+ 
+-B<Note>: This module now uses Crypt::SysRandom to generate a seed.
++B<Note>: This module now uses Crypt::URandom to generate a seed.
+ If you are not using one of the sources of randomness recommended at
+ L<https://security.metacpan.org/docs/guides/random-data-for-security.html>
+ you B<should not (must not)> provide your own Seed value.
+--- Makefile.PL
++++ Makefile.PL
+@@ -26,7 +26,6 @@ my %WriteMakefileArgs = (
+   "PREREQ_PM" => {
+     "Convert::ASN1" => 0,
+     "Convert::PEM" => "0.13",
+-    "Crypt::SysRandom" => 0,
+     "Crypt::URandom" => 0,
+     "Data::Buffer" => "0.01",
+     "Digest::SHA" => 0,
+@@ -51,7 +50,6 @@ my %FallbackPrereqs = (
+   "Convert::ASN1" => 0,
+   "Convert::PEM" => "0.13",
+   "Crypt::DES_EDE3" => 0,
+-  "Crypt::SysRandom" => 0,
+   "Crypt::URandom" => 0,
+   "Data::Buffer" => "0.01",
+   "Digest::SHA" => 0,
+--- META.json
++++ META.json
+@@ -37,7 +37,6 @@
+          "requires" : {
+             "Convert::ASN1" : "0",
+             "Convert::PEM" : "0.13",
+-            "Crypt::SysRandom" : "0",
+             "Crypt::URandom" : "0",
+             "Data::Buffer" : "0.01",
+             "Digest::SHA" : "0",
+--- META.yml
++++ META.yml
+@@ -22,7 +22,6 @@ name: Crypt-DSA
+ requires:
+   Convert::ASN1: '0'
+   Convert::PEM: '0.13'
+-  Crypt::SysRandom: '0'
+   Crypt::URandom: '0'
+   Data::Buffer: '0.01'
+   Digest::SHA: '0'

diff --git a/perl-Crypt-DSA.spec b/perl-Crypt-DSA.spec
index f04c609..41dba80 100644
--- a/perl-Crypt-DSA.spec
+++ b/perl-Crypt-DSA.spec
@@ -1,11 +1,11 @@
 Summary:	Perl module for DSA signatures and key generation
 Name:		perl-Crypt-DSA
-Version:	1.20
+Version:	1.21
 Release:	1%{?dist}
 License:	GPL-1.0-or-later OR Artistic-1.0-Perl
 Url:		https://metacpan.org/release/Crypt-DSA
 Source0:	https://www.cpan.org/modules/by-module/Crypt/Crypt-DSA-%{version}.tar.gz
-Patch0:		Crypt-DSA-1.20-use-Crypt::URandom-instead-of-Crypt::SysRandom.patch
+Patch0:		Crypt-DSA-1.21-use-Crypt::URandom-instead-of-Crypt::SysRandom.patch
 BuildArch:	noarch
 # Module Build
 BuildRequires:	coreutils
@@ -94,6 +94,17 @@ make test
 %{_mandir}/man3/Crypt::DSA::Util.3*
 
 %changelog
+* Mon Jun 15 2026 Paul Howarth <paul@city-fan.org> - 1.21-1
+- Update to 1.21
+  - Fixed key material reuse for multiple signing events (CVE-2026-12205,
+    CWE-323)
+    - sign() reused the DSA nonce k across signatures (r and k^-1 were cached
+      on the key and not regenerated), allowing private-key recovery from two
+      signatures over different messages
+    - Now generates a fresh nonce per signature
+    - Keys used to sign more than once with an affected version should be
+      considered compromised
+
 * Mon May 18 2026 Paul Howarth <paul@city-fan.org> - 1.20-1
 - Update to 1.20
   - This module is now marked as deprecated: Crypt-DSA-GMP is a possible

diff --git a/sources b/sources
index d094890..804620d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (Crypt-DSA-1.20.tar.gz) = f181e90a605c5b6c9c02993168015fd26cd8351d0e6eff7044223a55324859bffb497ba53bac77970b613e4b01f93ddc915bff24493c09d215f3eada34324bb9
+SHA512 (Crypt-DSA-1.21.tar.gz) = 915bf901ea1513e0b8b942533bb1b8277da9bdded42cf23b4533290f4d0dbb559ceda5d0111c990e3412bf83d86b45dbf0b6521b0b7e973d4ae542bf2574cd4d