217665 – [security/kpcli] math/p5-Math-Random-ISA should be added to run dependency

Bug 217665 - [security/kpcli] math/p5-Math-Random-ISA should be added to run dependency

Summary: [security/kpcli] math/p5-Math-Random-ISA should be added to run dependency

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-03-09 17:07 UTC by Emanuel Haupt
Modified:	2017-03-25 10:22 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (alexander.4mail)

Attachments
Add Math::Random::ISAAC as a dependency (664 bytes, patch) 2017-03-09 17:07 UTC, Emanuel Haupt	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Emanuel Haupt freebsd_committer

2017-03-09 17:07:20 UTC

Created attachment 180674 [details]
Add Math::Random::ISAAC as a dependency

"perldoc kpcli" states:

    You can optionally install "Math::Random::ISAAC" in order to use a more
    secure rand() function.

Without it installed you'll see:

    kpcli:/> vers
    VERSIONS

        kpcli: 3.1
        Perl: v5.24.1
        File::KeePass: 2.03
        Term::ShellUI: 0.92
        Term::ReadKey: 2.37
        Term::ReadLine: 1.14
        Capture::Tiny: 0.28
        Clipboard: 0.13
        Sub::Install: 0.928
        Term::ReadLine::Gnu: 1.35
        Math::Random::ISAAC: not installed (optional)

With Math::Random::ISAAC installed:

    kpcli:/> vers
    VERSIONS

        kpcli: 3.1
        Perl: v5.24.1
        File::KeePass: 2.03
        Term::ShellUI: 0.92
        Term::ReadKey: 2.37
        Term::ReadLine: 1.14
        Capture::Tiny: 0.28
        Clipboard: 0.13
        Math::Random::ISAAC: 1.004
        Sub::Install: 0.928
        Term::ReadLine::Gnu: 1.35

In the sense of making sensible default decisions for our users this should be
added as a default run dependency. Alternatively it could be made an option
but this should be on by default (providing secure default values). My
preference would be to make it non-optional.

Comment 1 Emanuel Haupt freebsd_committer

2017-03-09 17:09:35 UTC

Differential review: https://reviews.freebsd.org/D9923

Comment 2 commit-hook freebsd_committer

2017-03-25 10:22:23 UTC

A commit references this bug:

Author: ehaupt
Date: Sat Mar 25 10:22:06 UTC 2017
New revision: 436892
URL: https://svnweb.freebsd.org/changeset/ports/436892

Log:
  Add Math::Random::ISAAC as a dependency as it provides a more secure rand()
  function.

  PR:		217665
  Approved by:	maintainer timeout (alexander.4mail@gmail.com; 16 days)
  Differential Revision:	D9923

Changes:
  head/security/kpcli/Makefile