Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-Crypt-JWT for openSUSE:Factory checked in at 2026-06-10 16:14:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Crypt-JWT (Old) and /work/SRC/openSUSE:Factory/.perl-Crypt-JWT.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Crypt-JWT" Wed Jun 10 16:14:46 2026 rev:9 rq:1358527 version:0.38.0 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Crypt-JWT/perl-Crypt-JWT.changes 2025-05-26 18:37:16.879822088 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Crypt-JWT.new.2375/perl-Crypt-JWT.changes 2026-06-10 16:18:54.940774126 +0200 @@ -1,0 +2,25 @@ +Sun May 17 07:45:02 UTC 2026 - Tina Müller <[email protected]> + +- updated to 0.38.0 (0.038) + see /usr/share/doc/packages/perl-Crypt-JWT/Changes + + 0.038 2026-05-16 + - SECURITY: + * constant-time MAC compare; + * enforce JWK alg/use/key_ops and EC alg/crv consistency; + * reject mixed-symmetry or duplicate-kid keysets; + * cap PBES2 p2c and inflated payload size; + * new $MIN_HMAC_KEY_LEN (4) and $MIN_RSA_BITS (2048); + * new section SECURITY CONSIDERATIONS in POD + - fix: ConcatKDF: INTEROP BREAK with <=0.037 for ECDH-ES + A192CBC-HS384 / A256CBC-HS512 only + - fix: ECDH-ES apu/apv header values are base64url-decoded before KDF input + - fix: AAD bit-length encoding (only diverged at AAD >= 512 MB) + - fix: accepted_alg / accepted_enc now croak on unsupported types + - aes_key_wrap/unwrap: + * strict RFC 3394 (KW) vs RFC 5649 (KWP) modes; + * ct length validation + * fix unwrap of aligned KWP messages + - require Compress::Raw::Zlib >= 2.057 + - new author-only Wycheproof harness t/wycheproof.t (AUTHOR_MODE=1) + +------------------------------------------------------------------- Old: ---- Crypt-JWT-0.037.tar.gz New: ---- Crypt-JWT-0.038.tar.gz README.md _scmsync.obsinfo build.specials.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Crypt-JWT.spec ++++++ --- /var/tmp/diff_new_pack.v0AGFa/_old 2026-06-10 16:18:55.724806616 +0200 +++ /var/tmp/diff_new_pack.v0AGFa/_new 2026-06-10 16:18:55.732806948 +0200 @@ -1,7 +1,7 @@ # # spec file for package perl-Crypt-JWT # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,24 +18,25 @@ %define cpan_name Crypt-JWT Name: perl-Crypt-JWT -Version: 0.37.0 +Version: 0.38.0 Release: 0 -# 0.037 -> normalize -> 0.37.0 -%define cpan_version 0.037 +# 0.038 -> normalize -> 0.38.0 +%define cpan_version 0.038 License: Artistic-1.0 OR GPL-1.0-or-later Summary: JSON Web Token URL: https://metacpan.org/release/%{cpan_name} Source0: https://cpan.metacpan.org/authors/id/M/MI/MIK/%{cpan_name}-%{cpan_version}.tar.gz Source1: cpanspec.yml +Source100: README.md BuildArch: noarch BuildRequires: perl BuildRequires: perl-macros -BuildRequires: perl(Compress::Raw::Zlib) -BuildRequires: perl(CryptX) >= 0.67.0 +BuildRequires: perl(Compress::Raw::Zlib) >= 2.057 +BuildRequires: perl(CryptX) >= 0.67 BuildRequires: perl(JSON) BuildRequires: perl(Test::More) >= 0.88 -Requires: perl(Compress::Raw::Zlib) -Requires: perl(CryptX) >= 0.67.0 +Requires: perl(Compress::Raw::Zlib) >= 2.057 +Requires: perl(CryptX) >= 0.67 Requires: perl(JSON) Requires: perl(Test::More) >= 0.88 Provides: perl(Crypt::JWT) = %{version} @@ -49,11 +50,12 @@ https://tools.ietf.org/html/rfc7515, but also *JSON Web Encryption (JWE)* - https://tools.ietf.org/html/rfc7516. -The module implements *all (100%) algorithms* defined in +The module implements all algorithms defined in https://tools.ietf.org/html/rfc7518 - *JSON Web Algorithms (JWA)*. This module supports *Compact JWS/JWE* and *Flattened JWS/JWE JSON* -serialization, general JSON serialization is not supported yet. +serialization. General (multi-recipient) JSON serialization is not +supported. %prep %autosetup -n %{cpan_name}-%{cpan_version} -p1 @@ -71,6 +73,6 @@ %perl_gen_filelist %files -f %{name}.files -%doc Changes README.md +%doc Changes README.md SECURITY.md %license LICENSE ++++++ Crypt-JWT-0.037.tar.gz -> Crypt-JWT-0.038.tar.gz ++++++ ++++ 3679 lines of diff (skipped) ++++++ README.md ++++++ ## Build Results Current state of perl in openSUSE:Factory is  The current state of perl in the devel project build (devel:languages:perl)  ++++++ _scmsync.obsinfo ++++++ mtime: 1779003903 commit: bd8139d3d1c61540b8332c93e1df7610432c8979d80054bb5c6b371ac5eaa3b2 url: https://src.opensuse.org/perl/perl-Crypt-JWT revision: bd8139d3d1c61540b8332c93e1df7610432c8979d80054bb5c6b371ac5eaa3b2 projectscmsync: https://src.opensuse.org/perl/_ObsPrj ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-17 09:45:03.000000000 +0200 @@ -0,0 +1 @@ +.osc
