Tuesday, April 14, 2026

Re: [UPDATE] net/p5-Net-CIDR-Lite to 0.23

ok.

pretty low impact I think but 7.8-stable makes sense to me. we don't do -stable ports commits for older releases.

-- 
  Sent from a phone, apologies for poor formatting.


On 11 April 2026 17:53:25 Andrew Hewus Fresh <andrew@afresh1.com> wrote:

Two CVE fixes:

- Security: (CVE-2026-40198) Reject invalid uncompressed IPv6.
  https://lists.security.metacpan.org/cve-announce/msg/38785616/

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped
IPv6 addresses, which may allow IP ACL bypass

- Security: (CVE-2026-40199) Fix IPv4 mapped IPv6 packed length. 
  https://lists.security.metacpan.org/cve-announce/msg/38785618/

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6
group count, which may allow IP ACL bypass

OK?  Commit to OPENBSD_7_8? OPENBSD_7_7?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/p5-Net-CIDR-Lite/Makefile,v
diff -u -p -r1.15 Makefile
--- Makefile 11 Mar 2022 19:46:39 -0000 1.15
+++ Makefile 11 Apr 2026 16:48:37 -0000
@@ -2,7 +2,8 @@ COMMENT= Perl extension for merging IPv4
 
 MODULES= cpan
 PKG_ARCH= *
-DISTNAME= Net-CIDR-Lite-0.22
+DISTNAME= Net-CIDR-Lite-0.23
+CPAN_AUTHOR= STIGTSP
 CATEGORIES= net
 
 # GPL/Artistic
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/p5-Net-CIDR-Lite/distinfo,v
diff -u -p -r1.8 distinfo
--- distinfo 5 Apr 2021 13:21:48 -0000 1.8
+++ distinfo 11 Apr 2026 16:48:37 -0000
@@ -1,2 +1,2 @@
-SHA256 (Net-CIDR-Lite-0.22.tar.gz) = QxfYyzQaYXueCIjaQ8Cc3//8sMnt97jJko10KlY7hRc=
-SIZE (Net-CIDR-Lite-0.22.tar.gz) = 10823
+SHA256 (Net-CIDR-Lite-0.23.tar.gz) = mlgnjkmgjN65vsAc7N06lb5zbQ59TQXRP5COOj/hDTI=
+SIZE (Net-CIDR-Lite-0.23.tar.gz) = 11089

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)