[rpms/perl-Crypt-PBKDF2] epel8: Update to 0.261630 (rhbz#2488228)

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/perl-Crypt-PBKDF2] epel8: Update to 0.261630 (rhbz#2488228)
@ 2026-06-24 13:39 Paul Howarth
  0 siblings, 0 replies; only message in thread
From: Paul Howarth @ 2026-06-24 13:39 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/perl-Crypt-PBKDF2
            Branch : epel8
            Commit : 3731a45533c1ccbfa05808a78e0ffdfca6c2e33b
            Author : Paul Howarth <paul@city-fan.org>
            Date   : 2026-06-12T11:06:13+01:00
            Stats  : +25/-12 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/perl-Crypt-PBKDF2/c/3731a45533c1ccbfa05808a78e0ffdfca6c2e33b?branch=epel8

            Log:
            Update to 0.261630 (rhbz#2488228)

- New upstream release 0.261630
  - Change the default hash algorithm to HMAC-SHA256, and increase the default
    number of iterations to 600,000, in line with current OWASP recommendations
    (CVE-2026-9641)
  - Generate salts using Crypt::URandom (a strong system RNG) instead of perl's
    builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  - Use a constant-time comparison in 'validate' to avoid timing attacks
    (CVE-2017-20240)
- Switch to Module::Build::Tiny flow
- Package new README file

---
diff --git a/perl-Crypt-PBKDF2.spec b/perl-Crypt-PBKDF2.spec
index 1e8ae1d..a810609 100644
--- a/perl-Crypt-PBKDF2.spec
+++ b/perl-Crypt-PBKDF2.spec
@@ -1,21 +1,21 @@
 Summary:	The PBKDF2 password hashing algorithm
 Name:		perl-Crypt-PBKDF2
-Version:	0.161520
-Release:	25%{?dist}
+Version:	0.261630
+Release:	1%{?dist}
 License:	GPL-1.0-or-later OR Artistic-1.0-Perl
 URL:		https://metacpan.org/release/Crypt-PBKDF2
 Source0:	https://cpan.metacpan.org/modules/by-module/Crypt/Crypt-PBKDF2-%{version}.tar.gz
 BuildArch:	noarch
 # Module Build
 BuildRequires:	coreutils
-BuildRequires:	make
 BuildRequires:	perl-generators
 BuildRequires:	perl-interpreter
-BuildRequires:	perl(ExtUtils::MakeMaker) >= 6.76
+BuildRequires:	perl(Module::Build::Tiny) >= 0.034
 BuildRequires:	perl(strict)
 BuildRequires:	perl(warnings)
 # Module Runtime
 BuildRequires:	perl(Carp)
+BuildRequires:	perl(Crypt::URandom)
 BuildRequires:	perl(Digest) >= 1.16
 BuildRequires:	perl(Digest::HMAC) >= 1.01
 BuildRequires:	perl(Digest::SHA)
@@ -35,13 +35,14 @@ BuildRequires:	perl(constant)
 BuildRequires:	perl(Encode)
 BuildRequires:	perl(Test::Fatal)
 BuildRequires:	perl(Test::More)
-# Runtime
+# Dependencies
+# (none)
 
 %description
 PBKDF2 is a secure password hashing algorithm that uses the techniques of "key
 strengthening" to make the complexity of a brute-force attack arbitrarily high.
 PBKDF2 uses any other cryptographic hash or cipher (by convention, usually
-HMAC-SHA1, but Crypt::PBKDF2 is fully pluggable), and allows for an arbitrary
+HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable), and allows for an arbitrary
 number of iterations of the hashing function, and a nearly unlimited output
 hash size (up to 2**32-1 times the size of the output of the backend hash).
 The hash is salted, as any password hash should be, and the salt may also be of
@@ -51,19 +52,19 @@ arbitrary size.
 %setup -q -n Crypt-PBKDF2-%{version}
 
 %build
-perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
-%{make_build}
+perl Build.PL --installdirs=vendor
+./Build
 
 %install
-%{make_install}
+./Build install --destdir=%{buildroot} --create_packlist=0
 %{_fixperms} -c %{buildroot}
 
 %check
-make test
+./Build test --verbose
 
 %files
 %license LICENSE
-%doc Changes
+%doc Changes README
 %{perl_vendorlib}/Crypt/
 %{_mandir}/man3/Crypt::PBKDF2.3*
 %{_mandir}/man3/Crypt::PBKDF2::Hash.3*
@@ -73,6 +74,18 @@ make test
 %{_mandir}/man3/Crypt::PBKDF2::Hash::HMACSHA3.3*
 
 %changelog
+* Fri Jun 12 2026 Paul Howarth <paul@city-fan.org> - 0.261630-1
+- Update to 0.261630 (rhbz#2488228)
+  - Change the default hash algorithm to HMAC-SHA256, and increase the default
+    number of iterations to 600,000, in line with current OWASP recommendations
+    (CVE-2026-9641)
+  - Generate salts using Crypt::URandom (a strong system RNG) instead of perl's
+    builtin rand(), which is not cryptographically secure (CVE-2026-9638)
+  - Use a constant-time comparison in 'validate' to avoid timing attacks
+    (CVE-2017-20240)
+- Switch to Module::Build::Tiny flow
+- Package new README file
+
 * Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 0.161520-25
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
 

diff --git a/sources b/sources
index 46f209d..319b92e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (Crypt-PBKDF2-0.161520.tar.gz) = 0f5dfd6c642fcc3b34bc96f10b6f7344a8f3bac1bda6c610e85099906545bc78953666415240e793deae6db055df6f1007f3a946973ee960921cec4069de3a0a
+SHA512 (Crypt-PBKDF2-0.261630.tar.gz) = 47feea99bc9201bfb1cb83858cc62384d820fe99921b442514e2fbf031376b208da3d06a5a0c8ad1272e7b69b0c365e4096bcd82fd7378ee7e3fdc51e908f038

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-24 13:39 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-24 13:39 [rpms/perl-Crypt-PBKDF2] epel8: Update to 0.261630 (rhbz#2488228) Paul Howarth

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox