Catalyst-Authentication-Credential-HTTP-1.018.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6fa1816dee644b0db5ea0cc15c5e711dc2ced2083625abce7096521f1d65a529
-size 39956

perl-Catalyst-Authentication-Credential-HTTP.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Aug 21 21:50:36 UTC 2025 - Tina Müller <timueller+perl@suse.de>
+
+- updated to 1.19.0 (1.019)
+   see /usr/share/doc/packages/perl-Catalyst-Authentication-Credential-HTTP/Changes
+
+  1.019     2025-08-20 17:36:50Z
+     - fix CVE-2025-40920
+       by using Crypt::SysRandom to generate nonces instead of Data::UUID
+
 -------------------------------------------------------------------
 Sun Jul  2 05:10:45 UTC 2017 - coolo@suse.com
 

perl-Catalyst-Authentication-Credential-HTTP.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package perl-Catalyst-Authentication-Credential-HTTP
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,14 +18,14 @@
 
 %define cpan_name Catalyst-Authentication-Credential-HTTP
 Name:           perl-Catalyst-Authentication-Credential-HTTP
-Version:        1.18.0
+Version:        1.19.0
 Release:        0
-# 1.018 -> normalize -> 1.18.0
+# 1.019 -> normalize -> 1.19.0
-%define cpan_version 1.018
+%define cpan_version 1.019
 License:        Artistic-1.0 OR GPL-1.0-or-later
 Summary:        HTTP Basic and Digest authentication for Catalyst
 URL:            https://metacpan.org/release/%{cpan_name}
-Source0:        https://cpan.metacpan.org/authors/id/E/ET/ETHER/%{cpan_name}-%{cpan_version}.tar.gz
+Source0:        https://cpan.metacpan.org/authors/id/A/AB/ABRAXXA/%{cpan_name}-%{cpan_version}.tar.gz
 Source1:        cpanspec.yml
 Source100:      README.md
 BuildArch:      noarch
@@ -36,11 +36,11 @@ BuildRequires:  perl(Catalyst::Authentication::Credential::Password)
 BuildRequires:  perl(Catalyst::Controller)
 BuildRequires:  perl(Catalyst::Plugin::Authentication) >= 0.100.50
 BuildRequires:  perl(Class::Accessor::Fast)
-BuildRequires:  perl(Data::UUID) >= 0.110
+BuildRequires:  perl(Crypt::SysRandom) >= 0.7
 BuildRequires:  perl(HTTP::Headers)
 BuildRequires:  perl(HTTP::Request)
 BuildRequires:  perl(Module::Build)
-BuildRequires:  perl(Module::Build::Tiny) >= 0.034
+BuildRequires:  perl(Module::Build::Tiny) >= 0.34
 BuildRequires:  perl(Module::Metadata)
 BuildRequires:  perl(String::Escape)
 BuildRequires:  perl(Test::Exception)
@@ -52,11 +52,12 @@ Requires:       perl(Catalyst)
 Requires:       perl(Catalyst::Authentication::Credential::Password)
 Requires:       perl(Catalyst::Plugin::Authentication) >= 0.100.50
 Requires:       perl(Class::Accessor::Fast)
-Requires:       perl(Data::UUID) >= 0.110
+Requires:       perl(Crypt::SysRandom) >= 0.7
 Requires:       perl(String::Escape)
 Requires:       perl(URI::Escape)
 Provides:       perl(Catalyst::Authentication::Credential::HTTP) = %{version}
 %undefine       __perllib_provides
+Recommends:     perl(Crypt::SysRandom::XS) >= 0.9
 %{perl_requires}
 
 %description
@@ -70,7 +71,7 @@ your own content, check for the '$c->res->status == 401' in your 'end'
 action, and change the body accordingly.
 
 %prep
-%autosetup  -n %{cpan_name}-%{cpan_version}
+%autosetup -n %{cpan_name}-%{cpan_version} -p1
 
 %build
 perl Build.PL --installdirs=vendor