From 2e542f016565ab8013e1f4a3193940fcc8fb3501 Mon Sep 17 00:00:00 2001 From: Stig Palmquist Date: Sat, 27 Jun 2026 11:45:19 +0200 Subject: [PATCH] perlPackages.BytesRandomSecureTiny: add patch for CVE-2026-11702 (cherry picked from commit 78581b87cd0b96d2cd1a36aa5d20aad57b9a1d4e) --- pkgs/top-level/perl-packages.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 56b1538124da..bc8b10a2ddd0 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -2907,6 +2907,17 @@ with self; url = "mirror://cpan/authors/id/D/DA/DAVIDO/Bytes-Random-Secure-Tiny-1.011.tar.gz"; hash = "sha256-A9lntfgoRpCRN9WrmYSsVwrBCkQB4MYC89IgjEZayYI="; }; + patches = [ + (fetchpatch { + name = "CVE-2026-11702.patch"; + url = "https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-11702-r1.patch"; + hash = "sha256-81wvVdtQsF5YeRhjAeaOFa7aE1cgdCni+G28LA7ZLqM="; + }) + ]; + preCheck = '' + # Remove test that CVE patch breaks: "Attempt to access disallowed key '_rng' in a restricted hash" + rm t/35-mrie-cover.t + ''; meta = { description = "Tiny Perl extension to generate cryptographically-secure random bytes"; license = with lib.licenses; [