CVS commit: pkgsrc/security/p5-Crypt-PBKDF2

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Fri Jun 12 13:50:05 UTC 2026

Modified Files:
        pkgsrc/security/p5-Crypt-PBKDF2: Makefile distinfo

Log Message:
p5-Crypt-PBKDF2: update to 0.261630.

Version 0.261630: 2026-06-11
  * Change the default hash algorithm to HMAC-SHA256, and increase the
    default number of iterations to 600,000, in line with current OWASP
    recommendations (CVE-2026-9641).
  * Generate salts using Crypt::URandom (a strong system RNG) instead of
    perl's builtin `rand()`, which is not cryptographically secure
    (CVE-2026-9638).
  * Use a constant-time comparison in `validate` to avoid timing attacks
    (CVE-2017-20240).


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/p5-Crypt-PBKDF2/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/p5-Crypt-PBKDF2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/p5-Crypt-PBKDF2/Makefile
diff -u pkgsrc/security/p5-Crypt-PBKDF2/Makefile:1.7 pkgsrc/security/p5-Crypt-PBKDF2/Makefile:1.8
--- pkgsrc/security/p5-Crypt-PBKDF2/Makefile:1.7        Fri Jul  4 08:47:59 2025
+++ pkgsrc/security/p5-Crypt-PBKDF2/Makefile    Fri Jun 12 13:50:05 2026
@@ -1,16 +1,16 @@
-# $NetBSD: Makefile,v 1.7 2025/07/04 08:47:59 wiz Exp $
+# $NetBSD: Makefile,v 1.8 2026/06/12 13:50:05 wiz Exp $
 
-DISTNAME=              Crypt-PBKDF2-0.161520
+DISTNAME=              Crypt-PBKDF2-0.261630
 PKGNAME=               p5-${DISTNAME}
-PKGREVISION=           5
 CATEGORIES=            security perl5
-MASTER_SITES=          ${MASTER_SITE_PERL_CPAN:=Crypt/}
+MASTER_SITES=          ${MASTER_SITE_PERL_CPAN:=../../authors/id/A/AR/ARODLAND/}
 
 MAINTAINER=            pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=              https://metacpan.org/release/Crypt-PBKDF2
 COMMENT=               PBKDF2 password hashing algorithm
 LICENSE=               ${PERL5_LICENSE}
 
+DEPENDS+=              p5-Crypt-URandom-[0-9]*:../../security/p5-Crypt-URandom
 DEPENDS+=              p5-Moo-[0-9]*:../../devel/p5-Moo
 DEPENDS+=              p5-Type-Tiny-[0-9]*:../../devel/p5-Type-Tiny
 DEPENDS+=              p5-namespace-autoclean-[0-9]*:../../devel/p5-namespace-autoclean
@@ -18,6 +18,7 @@ DEPENDS+=             p5-Digest-HMAC-[0-9]*:../../s
 DEPENDS+=              p5-Digest-SHA3-[0-9]*:../../security/p5-Digest-SHA3
 TEST_DEPENDS+=         p5-Test-Fatal-[0-9]*:../../devel/p5-Test-Fatal
 
+PERL5_MODULE_TYPE=     Module::Build::Tiny
 PERL5_PACKLIST=                auto/Crypt/PBKDF2/.packlist
 
 .include "../../lang/perl5/module.mk"

Index: pkgsrc/security/p5-Crypt-PBKDF2/distinfo
diff -u pkgsrc/security/p5-Crypt-PBKDF2/distinfo:1.3 pkgsrc/security/p5-Crypt-PBKDF2/distinfo:1.4
--- pkgsrc/security/p5-Crypt-PBKDF2/distinfo:1.3        Tue Oct 26 11:17:28 2021
+++ pkgsrc/security/p5-Crypt-PBKDF2/distinfo    Fri Jun 12 13:50:05 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.3 2021/10/26 11:17:28 nia Exp $
+$NetBSD: distinfo,v 1.4 2026/06/12 13:50:05 wiz Exp $
 
-BLAKE2s (Crypt-PBKDF2-0.161520.tar.gz) = 2fbb69f608f1297e28483d2d66f77a7ce4f017569e443d65d6fd5184f68b8afe
-SHA512 (Crypt-PBKDF2-0.161520.tar.gz) = 0f5dfd6c642fcc3b34bc96f10b6f7344a8f3bac1bda6c610e85099906545bc78953666415240e793deae6db055df6f1007f3a946973ee960921cec4069de3a0a
-Size (Crypt-PBKDF2-0.161520.tar.gz) = 17163 bytes
+BLAKE2s (Crypt-PBKDF2-0.261630.tar.gz) = 26e6e32916a89de25e371ef5cf52e3a678c50a265c140d0ec7540cc6ab45b845
+SHA512 (Crypt-PBKDF2-0.261630.tar.gz) = 47feea99bc9201bfb1cb83858cc62384d820fe99921b442514e2fbf031376b208da3d06a5a0c8ad1272e7b69b0c365e4096bcd82fd7378ee7e3fdc51e908f038
+Size (Crypt-PBKDF2-0.261630.tar.gz) = 17986 bytes