From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
From: Paul Howarth <paul@city-fan.org>
To: git-commits@fedoraproject.org
Subject: [rpms/perl-Crypt-DSA] epel9: Fix key material reuse for multiple signing events (CVE-2026-12205, CWE-323)
Date: Mon, 15 Jun 2026 11:36:36 GMT
Message-ID: <178152339615.1.14024573353154674575.rpms-perl-Crypt-DSA-2df3c51a0ebc@fedoraproject.org>
List-ID: <git-commits.fedoraproject.org>
X-Git-Repo: rpms/perl-Crypt-DSA
X-Git-Branch: epel9
X-Git-Rev: 2df3c51a0ebc662250d7d996641d9331407a069f

QSBuZXcgY29tbWl0IGhhcyBiZWVuIHB1c2hlZC4KClJlcG8gICA6IHJwbXMvcGVybC1DcnlwdC1E
U0EKQnJhbmNoIDogZXBlbDkKQ29tbWl0IDogMmRmM2M1MWEwZWJjNjYyMjUwZDdkOTk2NjQxZDkz
MzE0MDdhMDY5ZgpBdXRob3IgOiBQYXVsIEhvd2FydGggPHBhdWxAY2l0eS1mYW4ub3JnPgpEYXRl
ICAgOiAyMDI2LTA2LTE1VDEyOjMxOjQ1KzAxOjAwClN0YXRzICA6ICs4Ni8tMSBpbiAyIGZpbGUo
cykKVVJMICAgIDogaHR0cHM6Ly9zcmMuZmVkb3JhcHJvamVjdC5vcmcvcnBtcy9wZXJsLUNyeXB0
LURTQS9jLzJkZjNjNTFhMGViYzY2MjI1MGQ3ZDk5NjY0MWQ5MzMxNDA3YTA2OWY/YnJhbmNoPWVw
ZWw5CgpMb2c6CkZpeCBrZXkgbWF0ZXJpYWwgcmV1c2UgZm9yIG11bHRpcGxlIHNpZ25pbmcgZXZl
bnRzIChDVkUtMjAyNi0xMjIwNSwgQ1dFLTMyMykKCi0tLQpkaWZmIC0tZ2l0IGEvQ3J5cHQtRFNB
LTEuMTctQ1ZFLTIwMjYtMTIyMDUucGF0Y2ggYi9DcnlwdC1EU0EtMS4xNy1DVkUtMjAyNi0xMjIw
NS5wYXRjaApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwLi41YTI4MDU0Ci0tLSAv
ZGV2L251bGwKKysrIGIvQ3J5cHQtRFNBLTEuMTctQ1ZFLTIwMjYtMTIyMDUucGF0Y2gKQEAgLTAs
MCArMSw3OCBAQAorLS0tIGxpYi9DcnlwdC9EU0EucG0KKysrKyBsaWIvQ3J5cHQvRFNBLnBtCitA
QCAtNDQsOCArNDQsMTEgQEAgc3ViIHNpZ24geworICAgICBjcm9hayAiRGF0YSB0b28gbGFyZ2Ug
Zm9yIGtleSBzaXplIgorICAgICAgICAgaWYgJGRsZW4gPiAkaSB8fCAkZGxlbiA+IDUwOworIAor
LSAgICAkZHNhLT5fc2lnbl9zZXR1cCgka2V5KQorLSAgICAgICAgdW5sZXNzICRrZXktPmtpbnYg
JiYgJGtleS0+cjsKKysgICAgIyBTRUNVUklUWTogYSBEU0Egbm9uY2UgKGspIG11c3QgTkVWRVIg
YmUgcmV1c2VkIGFjcm9zcyBzaWduYXR1cmVzOworKyAgICAjIHR3byBzaWduYXR1cmVzIHNoYXJp
bmcgayBkaXNjbG9zZSB0aGUgcHJpdmF0ZSBrZXkuIEFsd2F5cyBnZW5lcmF0ZQorKyAgICAjIGZy
ZXNoIHIva2ludiBwZXIgc2lnbmF0dXJlIC0tIGRvIE5PVCByZXVzZSBhbnkgdmFsdWVzIGNhY2hl
ZCBvbiB0aGUKKysgICAgIyBLZXkgb2JqZWN0IGZyb20gYSBwcmV2aW91cyBzaWduKCkuCisrICAg
ICRkc2EtPl9zaWduX3NldHVwKCRrZXkpOworIAorICAgICBteSAkbSA9IGJpbjJtcCgkZGdzdCk7
CisgICAgIG15ICR4ciA9ICgka2V5LT5wcml2X2tleSAqICRrZXktPnIpICUgJGtleS0+cTsKKy0t
LSBNQU5JRkVTVAorKysrIE1BTklGRVNUCitAQCAtMTgsNiArMTgsNyBAQCB0LzAzLWtleWdlbi50
CisgdC8wNC1wZW0udAorIHQvMDYtZmlwcy50CisgdC8wNy1vcGVuaWQudAorK3QvMDgtY3ZlLTIw
MjYtMTIyMDUudAorIHh0L21ldGEudAorIHh0L3Btdi50CisgeHQvcG9kLnQKKy0tLSB0LzA4LWN2
ZS0yMDI2LTEyMjA1LnQKKysrKyB0LzA4LWN2ZS0yMDI2LTEyMjA1LnQKK0BAIC0wLDAgKzEsNDkg
QEAKKyt1c2Ugc3RyaWN0OworK3VzZSB3YXJuaW5nczsKKyt1c2UgVGVzdDo6TW9yZTsKKyt1c2Ug
Q3J5cHQ6OkRTQTsKKyt1c2UgQ3J5cHQ6OkRTQTo6VXRpbCBxdyggYmluMm1wICk7CisrdXNlIERp
Z2VzdDo6U0hBIHF3KCBzaGExICk7CisrdXNlIE1hdGg6OkJpZ0ludDsKKysjCisrIyBDcnlwdDo6
RFNBIGstcmV1c2UgKERTQSBub25jZSByZXVzZSkgLT4gZnVsbCBwcml2YXRlLWtleSByZWNvdmVy
eSB0ZXN0LgorKworK215ICRkc2EgPSBDcnlwdDo6RFNBLT5uZXcoKTsKKytpc2Ffb2soJGRzYSwg
J0NyeXB0OjpEU0EnKTsKKysKKytteSAka2V5ID0gJGRzYS0+a2V5Z2VuKCBTaXplID0+IDUxMiAp
OworKworK215ICRtc2cxID0gInRyYW5zZmVyIFwkMTAgdG8gYWxpY2UiOworK215ICRtc2cyID0g
InRyYW5zZmVyIFwkMTAwMDAgdG8gbWFsbG9yeSI7CisrCisrbXkgJHNpZzEgPSAkZHNhLT5zaWdu
KCBNZXNzYWdlID0+ICRtc2cxLCBLZXkgPT4gJGtleSApOworK215ICRzaWcyID0gJGRzYS0+c2ln
biggTWVzc2FnZSA9PiAkbXNnMiwgS2V5ID0+ICRrZXkgKTsKKysKKytteSAkcSA9IE1hdGg6OkJp
Z0ludC0+bmV3KCAka2V5LT5xLT5ic3RyICk7CisrbXkgJHIxID0gTWF0aDo6QmlnSW50LT5uZXco
ICRzaWcxLT5yLT5ic3RyICk7CisrbXkgJHIyID0gTWF0aDo6QmlnSW50LT5uZXcoICRzaWcyLT5y
LT5ic3RyICk7CisrbXkgJHMxID0gTWF0aDo6QmlnSW50LT5uZXcoICRzaWcxLT5zLT5ic3RyICk7
CisrbXkgJHMyID0gTWF0aDo6QmlnSW50LT5uZXcoICRzaWcyLT5zLT5ic3RyICk7CisrCisrb2sg
KCAkcjEgIT0gJHIyLCAibm9uY2UgayB3YXMgcmVnZW5lcmF0ZWQgcGVyIHNpZ25hdHVyZS4iKTsK
KysKKysjIG1lc3NhZ2UgcmVwcmVzZW50YXRpdmVzLCBleGFjdGx5IGFzIHNpZ24oKSBjb21wdXRl
cyB0aGVtOgorKyMgICBtID0gYmluMm1wKHNoYTEoTWVzc2FnZSkpICAgKG5vIHJlZHVjdGlvbjsg
ZmluYWwgcmVzdWx0IGlzIG1vZCBxKQorK215ICRtMSA9IE1hdGg6OkJpZ0ludC0+bmV3KCBiaW4y
bXAoIHNoYTEoJG1zZzEpICktPmJzdHIgKTsKKytteSAkbTIgPSBNYXRoOjpCaWdJbnQtPm5ldygg
YmluMm1wKCBzaGExKCRtc2cyKSApLT5ic3RyICk7CisrCisrIyBrID0gKG0xIC0gbTIpICogKHMx
IC0gczIpXi0xIG1vZCBxCisrbXkgJG51bSA9ICggJG0xIC0gJG0yICkgJSAkcTsKKytteSAkZGVu
ID0gKCAoICRzMSAtICRzMiApICUgJHEgKS0+Ym1vZGludigkcSk7CisrbXkgJGsgICA9ICggJG51
bSAqICRkZW4gKSAlICRxOworKworKyMgeCA9IChzMSprIC0gbTEpICogcl4tMSBtb2QgcQorK215
ICRyaW52ID0gJHIxLT5jb3B5LT5ibW9kaW52KCRxKTsKKytteSAkeCAgICA9ICggKCAoICRzMSAq
ICRrIC0gJG0xICkgJSAkcSApICogJHJpbnYgKSAlICRxOworKyR4ICs9ICRxIHdoaWxlICR4IDwg
MDsKKysKKytteSAkcmVhbF94ID0gTWF0aDo6QmlnSW50LT5uZXcoICRrZXktPnByaXZfa2V5LT5i
c3RyICk7CisrCisrb2sgKCAkeCBuZSAkcmVhbF94LCAiUmVjb3ZlcmVkIHByaXZhdGUga2V5IGRv
ZXMgbm90IG1hdGNoIHRoZSByZWFsIHByaXZhdGUga2V5Iik7CisrCisrZG9uZV90ZXN0aW5nKCkK
CmRpZmYgLS1naXQgYS9wZXJsLUNyeXB0LURTQS5zcGVjIGIvcGVybC1DcnlwdC1EU0Euc3BlYwpp
bmRleCAxYjdiYWU0Li41NTI2YzIwIDEwMDY0NAotLS0gYS9wZXJsLUNyeXB0LURTQS5zcGVjCisr
KyBiL3BlcmwtQ3J5cHQtRFNBLnNwZWMKQEAgLTEsNyArMSw3IEBACiBTdW1tYXJ5OglQZXJsIG1v
ZHVsZSBmb3IgRFNBIHNpZ25hdHVyZXMgYW5kIGtleSBnZW5lcmF0aW9uCiBOYW1lOgkJcGVybC1D
cnlwdC1EU0EKIFZlcnNpb246CTEuMTcKLVJlbGVhc2U6CTI5JXs/ZGlzdH0KK1JlbGVhc2U6CTMw
JXs/ZGlzdH0KIExpY2Vuc2U6CUdQTC0xLjAtb3ItbGF0ZXIgT1IgQXJ0aXN0aWMtMS4wLVBlcmwK
IFVybDoJCWh0dHBzOi8vbWV0YWNwYW4ub3JnL3JlbGVhc2UvQ3J5cHQtRFNBCiBTb3VyY2UwOglo
dHRwczovL2NwYW4ubWV0YWNwYW4ub3JnL21vZHVsZXMvYnktbW9kdWxlL0NyeXB0L0NyeXB0LURT
QS0le3ZlcnNpb259LnRhci5negpAQCAtOSw2ICs5LDcgQEAgUGF0Y2gwOgkJcmVtb3ZlLWZhbGxi
YWNrLnBhdGNoCiBQYXRjaDE6CQlDcnlwdC1EU0EtMS4xNy1DVkUtMjAyNi04NzAwLnBhdGNoCiBQ
YXRjaDI6CQlDcnlwdC1EU0EtMS4xNy1DVkUtMjAyNi04NzA0LnBhdGNoCiBQYXRjaDM6CQlDcnlw
dC1EU0EtMS4xNy10aWR5LnBhdGNoCitQYXRjaDQ6CQlDcnlwdC1EU0EtMS4xNy1DVkUtMjAyNi0x
MjIwNS5wYXRjaAogQnVpbGRBcmNoOglub2FyY2gKICMgTW9kdWxlIEJ1aWxkCiBCdWlsZFJlcXVp
cmVzOgljb3JldXRpbHMKQEAgLTk0LDYgKzk1LDkgQEAgc2VkIC1pIC1lICcvXmluY1wvLyBkJyBN
QU5JRkVTVAogIyAtIEZpeCB0eXBvIGluIENyeXB0OjpEU0E6OlV0aWwKICVwYXRjaCAtUDMgLXAx
CiAKKyMgRml4IGtleSBtYXRlcmlhbCByZXVzZSBmb3IgbXVsdGlwbGUgc2lnbmluZyBldmVudHMg
KENWRS0yMDI2LTEyMjA1LCBDV0UtMzIzKQorJXBhdGNoIC1QNAorCiAlYnVpbGQKIHBlcmwgTWFr
ZWZpbGUuUEwgSU5TVEFMTERJUlM9dmVuZG9yIE5PX1BBQ0tMSVNUPTEgTk9fUEVSTExPQ0FMPTEK
ICV7bWFrZV9idWlsZH0KQEAgLTExOCw2ICsxMjIsOSBAQCBtYWtlIHRlc3QgQVVUT01BVEVEX1RF
U1RJTkc9MQogJXtfbWFuZGlyfS9tYW4zL0NyeXB0OjpEU0E6OlV0aWwuMyoKIAogJWNoYW5nZWxv
ZworKiBNb24gSnVuIDE1IDIwMjYgUGF1bCBIb3dhcnRoIDxwYXVsQGNpdHktZmFuLm9yZz4gLSAx
LjE3LTMwCistIEZpeCBrZXkgbWF0ZXJpYWwgcmV1c2UgZm9yIG11bHRpcGxlIHNpZ25pbmcgZXZl
bnRzIChDVkUtMjAyNi0xMjIwNSwgQ1dFLTMyMykKKwogKiBNb24gTWF5IDE4IDIwMjYgUGF1bCBI
b3dhcnRoIDxwYXVsQGNpdHktZmFuLm9yZz4gLSAxLjE3LTI5CiAtIFJlcGxhY2UgdXNlIG9mIGNy
eXB0b2dyYXBoaWNhbGx5LWluc2VjdXJlIHJhbmQoKSBmdW5jdGlvbiAoQ1ZFLTIwMjYtODcwMCk7
CiAgIHVzZSBDcnlwdDo6VVJhbmRvbSBpbnN0ZWFkLCB3aGljaCBoYXMgYSBiYWNrZW5kIHRoYXQg
Y2FsbHMgZ2V0cmFuZG9tKCkgb24K