File 2091-Fix-rand-shuffle-1-bitstream-mask-bug-for-weak-low-b.patch of Package erlang

From 65e3f1ccf797da36af395c0fe7f8fd0911aca07f Mon Sep 17 00:00:00 2001
From: Raimo Niskanen <raimo@erlang.org>
Date: Tue, 13 Jan 2026 15:12:36 +0100
Subject: [PATCH] Fix rand:shuffle/1 bitstream mask bug for weak low bits

A generator with weak low bits and less than 58 good bits
would get zero bits just under the top bit in
rand:shuffle_new_bits/1, which could cause exploitable
non-randomness in the shuffle algorithm.
---
 lib/stdlib/src/rand.erl        | 5 +++--
 lib/stdlib/test/rand_SUITE.erl | 8 ++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/stdlib/src/rand.erl b/lib/stdlib/src/rand.erl
index 4ffd09d267..e85d778c8f 100644
--- a/lib/stdlib/src/rand.erl
+++ b/lib/stdlib/src/rand.erl
@@ -3,7 +3,7 @@
 %%
 %% SPDX-License-Identifier: Apache-2.0
 %%
-%% Copyright Ericsson AB 2015-2025. All Rights Reserved.
+%% Copyright Ericsson AB 2015-2026. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -2086,7 +2086,8 @@ shuffle_init_bitstream(R, #{max:=Mask, next:=Next}) ->
 %%
 -dialyzer({no_improper_lists, shuffle_init_bitstream/4}).
 shuffle_init_bitstream(R, Next, Shift, Mask0) ->
-    Mask = ?MASK(58, Mask0),    % Limit the mask to avoid bignum
+    Mask1 = Mask0 bsr Shift,    % Adjust mask for weak low bits
+    Mask = ?MASK(58, Mask1),    % Limit the mask to avoid bignum
     P = 1,                      % Marker for out of random bits
     W = {Next,Shift,Mask},      % Generator
     S = [R|W],                  % Generator state
diff --git a/lib/stdlib/test/rand_SUITE.erl b/lib/stdlib/test/rand_SUITE.erl
index 09aec8305a..27fa5fe513 100644
--- a/lib/stdlib/test/rand_SUITE.erl
+++ b/lib/stdlib/test/rand_SUITE.erl
@@ -3,7 +3,7 @@
 %%
 %% SPDX-License-Identifier: Apache-2.0
 %%
-%% Copyright Ericsson AB 2000-2025. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2026. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -655,15 +655,15 @@ shuffle_reference(Config) when is_list(Config) ->
         exsss =>
             <<124,54,150,191,198,136,245,103,157,213,96,6,210,103,134,107>>,
         exrop =>
-            <<175,236,222,199,129,54,205,86,81,38,92,219,66,71,30,69>>,
+            <<35,166,181,166,83,202,211,92,67,175,87,98,47,232,79,14>>,
         exsp =>
-            <<63,163,228,59,249,88,205,251,225,174,227,65,144,130,169,191>>,
+            <<100,211,162,22,155,200,132,240,228,124,245,32,229,53,223,183>>,
         exs1024s =>
             <<148,169,164,28,198,202,108,206,123,68,189,26,116,210,82,116>>,
         exs64 =>
             <<140,21,239,186,10,173,36,219,210,103,90,225,162,170,89,184>>,
         exsplus =>
-            <<185,111,208,4,144,122,163,193,199,231,62,174,132,99,13,64>>,
+            <<88,174,64,215,153,239,255,12,18,141,139,40,138,62,38,243>>,
         exs1024 =>
             <<69,47,227,233,133,70,168,98,104,150,235,31,61,104,220,203>>,
         exro928ss =>
-- 
2.51.0