Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-Mojo-JWT for openSUSE:Factory checked in at 2026-06-11 17:29:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Mojo-JWT (Old) and /work/SRC/openSUSE:Factory/.perl-Mojo-JWT.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Mojo-JWT" Thu Jun 11 17:29:53 2026 rev:3 rq:1358714 version:1.20.0 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Mojo-JWT/perl-Mojo-JWT.changes 2025-01-07 20:53:15.952531581 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Mojo-JWT.new.1981/perl-Mojo-JWT.changes 2026-06-11 17:31:18.784274706 +0200 @@ -1,0 +2,10 @@ +Sun Jun 7 00:39:10 UTC 2026 - Tina Müller <[email protected]> + +- updated to 1.20.0 (1.02) + see /usr/share/doc/packages/perl-Mojo-JWT/Changes + + 1.02 2026-06-03 + - This release contains fixes for security issues, everybody should upgrade! + - Improved security of decode to prevent timing side-channel attacks in symmetric signatures + +------------------------------------------------------------------- Old: ---- Mojo-JWT-1.01.tar.gz New: ---- Mojo-JWT-1.02.tar.gz README.md _scmsync.obsinfo build.specials.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Mojo-JWT.spec ++++++ --- /var/tmp/diff_new_pack.oNLjKg/_old 2026-06-11 17:31:19.456302893 +0200 +++ /var/tmp/diff_new_pack.oNLjKg/_new 2026-06-11 17:31:19.456302893 +0200 @@ -1,7 +1,7 @@ # # spec file for package perl-Mojo-JWT # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,24 +18,25 @@ %define cpan_name Mojo-JWT Name: perl-Mojo-JWT -Version: 1.10.0 +Version: 1.20.0 Release: 0 -# 1.01 -> normalize -> 1.10.0 -%define cpan_version 1.01 +# 1.02 -> normalize -> 1.20.0 +%define cpan_version 1.02 License: Artistic-1.0 OR GPL-1.0-or-later Summary: JSON Web Token the Mojo way URL: https://metacpan.org/release/%{cpan_name} Source0: https://cpan.metacpan.org/authors/id/J/JB/JBERGER/%{cpan_name}-%{cpan_version}.tar.gz Source1: cpanspec.yml +Source100: README.md BuildArch: noarch BuildRequires: perl BuildRequires: perl-macros -BuildRequires: perl(CryptX) >= 0.029 +BuildRequires: perl(CryptX) >= 0.29 BuildRequires: perl(Module::Build) BuildRequires: perl(Module::Build::Tiny) -BuildRequires: perl(Mojolicious) >= 5.00 -Requires: perl(CryptX) >= 0.029 -Requires: perl(Mojolicious) >= 5.00 +BuildRequires: perl(Mojolicious) >= 5.0 +Requires: perl(CryptX) >= 0.29 +Requires: perl(Mojolicious) >= 5.0 Provides: perl(Mojo::JWT) = %{version} %undefine __perllib_provides %{perl_requires} @@ -54,7 +55,7 @@ channels. %prep -%autosetup -n %{cpan_name}-%{cpan_version} +%autosetup -n %{cpan_name}-%{cpan_version} -p1 %build perl Build.PL --installdirs=vendor ++++++ Mojo-JWT-1.01.tar.gz -> Mojo-JWT-1.02.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojo-JWT-1.01/Build.PL new/Mojo-JWT-1.02/Build.PL --- old/Mojo-JWT-1.01/Build.PL 2024-10-16 00:09:24.000000000 +0200 +++ new/Mojo-JWT-1.02/Build.PL 2026-06-03 18:39:03.000000000 +0200 @@ -1,4 +1,4 @@ -# This Build.PL for Mojo-JWT was generated by mbtiny 0.042. +# This Build.PL for Mojo-JWT was generated by mbtiny 0.051. use 5.010; use Module::Build::Tiny 0; Build_PL(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojo-JWT-1.01/Changes new/Mojo-JWT-1.02/Changes --- old/Mojo-JWT-1.01/Changes 2024-10-16 00:09:24.000000000 +0200 +++ new/Mojo-JWT-1.02/Changes 2026-06-03 18:39:03.000000000 +0200 @@ -1,5 +1,9 @@ Revision history for Perl module Mojo::JWT +1.02 2026-06-03 + - This release contains fixes for security issues, everybody should upgrade! + - Improved security of decode to prevent timing side-channel attacks in symmetric signatures + 1.01 2024-10-15 - Fix non-portable test diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojo-JWT-1.01/LICENSE new/Mojo-JWT-1.02/LICENSE --- old/Mojo-JWT-1.01/LICENSE 2024-10-16 00:09:24.000000000 +0200 +++ new/Mojo-JWT-1.02/LICENSE 2026-06-03 18:39:03.000000000 +0200 @@ -1,4 +1,4 @@ -This software is copyright (c) 2024 by Joel Berger, <[email protected]>. +This software is copyright (c) 2026 by Joel Berger, <[email protected]>. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. @@ -12,7 +12,7 @@ --- The GNU General Public License, Version 1, February 1989 --- -This software is Copyright (c) 2024 by Joel Berger, <[email protected]>. +This software is Copyright (c) 2026 by Joel Berger, <[email protected]>. This is free software, licensed under: @@ -22,7 +22,7 @@ Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. - 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + <https://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -236,8 +236,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA + along with this program; if not, see <https://www.gnu.org/licenses/>. Also add information on how to contact you by electronic and paper mail. @@ -264,15 +263,15 @@ program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. - <signature of Ty Coon>, 1 April 1989 - Ty Coon, President of Vice + <signature of Moe Ghoul>, 1 April 1989 + Moe Ghoul, President of Vice That's all there is to it! --- The Perl Artistic License 1.0 --- -This software is Copyright (c) 2024 by Joel Berger, <[email protected]>. +This software is Copyright (c) 2026 by Joel Berger, <[email protected]>. This is free software, licensed under: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojo-JWT-1.01/META.json new/Mojo-JWT-1.02/META.json --- old/Mojo-JWT-1.01/META.json 2024-10-16 00:09:24.000000000 +0200 +++ new/Mojo-JWT-1.02/META.json 2026-06-03 18:39:03.000000000 +0200 @@ -4,7 +4,7 @@ "Joel Berger, <[email protected]>" ], "dynamic_config" : 0, - "generated_by" : "App::ModuleBuildTiny version 0.042", + "generated_by" : "App::ModuleBuildTiny version 0.051", "license" : [ "perl_5" ], @@ -36,7 +36,7 @@ "provides" : { "Mojo::JWT" : { "file" : "lib/Mojo/JWT.pm", - "version" : "1.01" + "version" : "1.02" } }, "release_status" : "stable", @@ -51,7 +51,8 @@ "url" : "http://github.com/jberger/Mojo-JWT"; } }, - "version" : "1.01", - "x_serialization_backend" : "JSON::PP version 4.07", + "version" : "1.02", + "x_generated_by_perl" : "v5.38.5", + "x_serialization_backend" : "Cpanel::JSON::XS version 4.40", "x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojo-JWT-1.01/META.yml new/Mojo-JWT-1.02/META.yml --- old/Mojo-JWT-1.01/META.yml 2024-10-16 00:09:24.000000000 +0200 +++ new/Mojo-JWT-1.02/META.yml 2026-06-03 18:39:03.000000000 +0200 @@ -6,7 +6,7 @@ configure_requires: Module::Build::Tiny: '0' dynamic_config: 0 -generated_by: 'App::ModuleBuildTiny version 0.042, CPAN::Meta::Converter version 2.150010' +generated_by: 'App::ModuleBuildTiny version 0.051, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -15,7 +15,7 @@ provides: Mojo::JWT: file: lib/Mojo/JWT.pm - version: '1.01' + version: '1.02' requires: CryptX: '0.029' Mojolicious: '5.00' @@ -24,6 +24,7 @@ bugtracker: http://github.com/jberger/Mojo-JWT/issues license: http://dev.perl.org/licenses/ repository: http://github.com/jberger/Mojo-JWT -version: '1.01' +version: '1.02' +x_generated_by_perl: v5.38.5 x_serialization_backend: 'CPAN::Meta::YAML version 0.018' x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojo-JWT-1.01/README new/Mojo-JWT-1.02/README --- old/Mojo-JWT-1.01/README 2024-10-16 00:09:24.000000000 +0200 +++ new/Mojo-JWT-1.02/README 2026-06-03 18:39:03.000000000 +0200 @@ -234,6 +234,8 @@ Cameron Daniel (ccakes) + Olaf Alders (oalders) + COPYRIGHT AND LICENSE Copyright (C) 2015 by "AUTHOR" and "CONTRIBTORS". diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojo-JWT-1.01/lib/Mojo/JWT.pm new/Mojo-JWT-1.02/lib/Mojo/JWT.pm --- old/Mojo-JWT-1.01/lib/Mojo/JWT.pm 2024-10-16 00:09:24.000000000 +0200 +++ new/Mojo-JWT-1.02/lib/Mojo/JWT.pm 2026-06-03 18:39:03.000000000 +0200 @@ -2,7 +2,7 @@ use Mojo::Base -base; -our $VERSION = '1.01'; +our $VERSION = '1.02'; $VERSION = eval $VERSION; use Scalar::Util (); @@ -72,7 +72,7 @@ unless $self->verify_rsa($1, $payload, $signature); } elsif ($algo =~ $re_hs) { Carp::croak 'Failed HS validation' - unless $signature eq $self->sign_hmac($1, $payload); + unless Mojo::Util::secure_compare($signature, $self->sign_hmac($1, $payload)); } else { Carp::croak 'Unsupported signing algorithm'; } @@ -395,6 +395,8 @@ Cameron Daniel (ccakes) +Olaf Alders (oalders) + =head1 COPYRIGHT AND LICENSE Copyright (C) 2015 by L</AUTHOR> and L</CONTRIBTORS>. ++++++ README.md ++++++ ## Build Results Current state of perl in openSUSE:Factory is  The current state of perl in the devel project build (devel:languages:perl)  ++++++ _scmsync.obsinfo ++++++ mtime: 1780792750 commit: f6ff617dfe17e13cfb84b846fcb476d69fe837ad556aee3e281023ce1ce50a23 url: https://src.opensuse.org/perl/perl-Mojo-JWT revision: f6ff617dfe17e13cfb84b846fcb476d69fe837ad556aee3e281023ce1ce50a23 projectscmsync: https://src.opensuse.org/perl/_ObsPrj ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-07 02:39:10.000000000 +0200 @@ -0,0 +1 @@ +.osc
