-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Jun 2026 09:43:05 +0200
Source: libcrypt-pbkdf2-perl
Architecture: source
Version: 0.261630-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1139867
Changes:
 libcrypt-pbkdf2-perl (0.261630-1~deb13u1) trixie; urgency=medium
 .
   * Rebuild for trixie
   * Revert "Annotate test-only build dependencies with <!nocheck>."
   * Revert "Remove «Priority: optional», which is the current default."
   * Revert "Declare compliance with Debian Policy 4.7.4."
 .
 libcrypt-pbkdf2-perl (0.261630-1) unstable; urgency=medium
 .
   * Team upload.
   * Import upstream version 0.261630.
     - Change the default hash algorithm to HMAC-SHA256, and increase the
       default number of iterations to 600,000 (CVE-2026-9641).
     - Generate salts using Crypt::URandom instead of perl's builtin `rand()`
       (CVE-2026-9638).
     - Use a constant-time comparison in `validate` to avoid timing attacks
       (CVE-2017-20240).
     Closes: #1139867
   * Update debian/upstream/metadata.
   * Update years of upstream copyright.
   * debian/control: update build/test/runtime dependencies.
   * Declare compliance with Debian Policy 4.7.4.
   * Remove «Priority: optional», which is the current default.
   * Annotate test-only build dependencies with <!nocheck>.
Checksums-Sha1: 
 5b50379b2f028d5e416f6f080798812216fb33f6 2613 libcrypt-pbkdf2-perl_0.261630-1~deb13u1.dsc
 9b3f328827bffb17edc8bcf43f644df6f6d19745 3116 libcrypt-pbkdf2-perl_0.261630-1~deb13u1.debian.tar.xz
Checksums-Sha256: 
 aee6fab44d722ca1601e7e21df574b9096c09b8508bf07e0b55e062abb237767 2613 libcrypt-pbkdf2-perl_0.261630-1~deb13u1.dsc
 e3425465e0c9d6ac561ca4c44e450787eb29000931cd036b41f6c5933ef4612c 3116 libcrypt-pbkdf2-perl_0.261630-1~deb13u1.debian.tar.xz
Files: 
 29bf7bc46cbac52ece4eeeea1e0d4ab0 2613 perl optional libcrypt-pbkdf2-perl_0.261630-1~deb13u1.dsc
 2a7fbc30855fa0364e3be6ad300b0dcd 3116 perl optional libcrypt-pbkdf2-perl_0.261630-1~deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmotcOJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EmrYP/2KU1hhHpWXvBAfA363MHFipP+UGeNed
DcYUmGT5xjiEebiqFCFDTWDqjKB9wYNziD3xwlaq5HQ2Eg4WhFirUDvMqvwR1Bwu
7DTMNlCiLaPa/NjlNOTUU3kCUvfZA/TRywhffl0OB9DR9eGPWFtmldjkCObNAJMg
rTWqM5qJYGbmvkgApDqoOkuk6nTrZKlXQGRwaJzmIKFo2XelAXQ/ZGhq80mVnpH8
kTrRibYLJa58wwsuzvvCLh3uwYKuG4MXmpfKpwURl8KYgK8rbsgC0CLEAIe2e3OD
gEoSxMY32/3GV44Zm/bEssyZV+Xo+uwDW2GUwVN+EUhJSmtpLJBE5wo17WY5UE4S
M+otMaMFffkfrfT+fLTwYl4CrAgy+jbovdAhFd+lJD+s/KgxjPusMsOrU9EwIHgT
EB8/op2irw+enCCewBt6RYp5FfOxjjlQ2uC3/VvvPTL7mQYRqUu/Zhnl43gVk212
ga3TaPNdUxoB0cXLweOkAaE7myxkD36JOvHU/4lvZHmH4oL7uSR7KsPskTBJCwsw
cZMDiWx8aNtfr/JZ6/OOZRpbszNcwVyv4x4578asvVD7Fs6QXcYddILOGF5SrkfQ
AlTZrKbwPDFVghP5nXfP3VBNneV7aS+7bjWbUhlfltauu5umcAMkSO/VC8bLScZO
4qq1e+izYr8B
=bCj/
-----END PGP SIGNATURE-----