0.8.6

[nwalfield]

Summary

This PR backports #1764 to version 0.8.5 of rand.

Motivation

There are still many packages that use rand 0.8. Leaf crates that depend on such packages are unable to address RUSTSEC-2026-0097 until their dependencies upgrade to a newer version of rand, which is likely to take a long time, or the fix is backported to 0.8. This PR does the latter.

Details

A request for a backport to 0.8 was raised in #1770 .

I work on Sequoia PGP. In Sequoia, we are currently stuck on an old version of Hickory as the latest version of Hickory dropped support for OpenSSL. We are currently looking for a solution to Hickory, but until then we have to live with Hickory and its dependencies, which include a dependency on rand 0.8.

[nwalfield]

Unfortunately there is no 0.8 branch and I don't know how to open a merge request that does not target a branch as such this MR is against master. I think you need to create a branch based on https://github.com/rust-random/rand/releases/tag/0.8.5 and then I can create a PR on top of that.

[dhardy]

@nwalfield I just created https://github.com/rust-random/rand/tree/0.8. I think you need to recreate the PR.

[nwalfield]

Thanks for creating that branch. I've closed this PR and opened #1772 .