Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-Crypt-JWT for openSUSE:Factory checked in at 2023-10-20 23:18:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Crypt-JWT (Old) and /work/SRC/openSUSE:Factory/.perl-Crypt-JWT.new.1945 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Crypt-JWT" Fri Oct 20 23:18:40 2023 rev:5 rq:1119186 version:0.35.0 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Crypt-JWT/perl-Crypt-JWT.changes 2021-12-07 00:01:08.576190785 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Crypt-JWT.new.1945/perl-Crypt-JWT.changes 2023-10-20 23:21:28.084811106 +0200 @@ -1,0 +2,9 @@ +Wed Oct 4 03:06:08 UTC 2023 - Tina Müller <timueller+p...@suse.de> + +- updated to 0.035 + see /usr/share/doc/packages/perl-Crypt-JWT/Changes + + 0.035 2023-10-03 + - PR #37 Speed up decode_jwt + +------------------------------------------------------------------- Old: ---- Crypt-JWT-0.034.tar.gz New: ---- Crypt-JWT-0.035.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Crypt-JWT.spec ++++++ --- /var/tmp/diff_new_pack.HjVhYH/_old 2023-10-20 23:21:28.600829934 +0200 +++ /var/tmp/diff_new_pack.HjVhYH/_new 2023-10-20 23:21:28.604830079 +0200 @@ -1,7 +1,7 @@ # # spec file for package perl-Crypt-JWT # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,12 +18,13 @@ %define cpan_name Crypt-JWT Name: perl-Crypt-JWT -Version: 0.034 +Version: 0.35.0 Release: 0 -Summary: JSON Web Token (JWT, JWS, JWE) as defined by RFC7519, RFC7515, RFC7516 +%define cpan_version 0.035 License: Artistic-1.0 OR GPL-1.0-or-later +Summary: JSON Web Token URL: https://metacpan.org/release/%{cpan_name} -Source0: https://cpan.metacpan.org/authors/id/M/MI/MIK/%{cpan_name}-%{version}.tar.gz +Source0: https://cpan.metacpan.org/authors/id/M/MI/MIK/%{cpan_name}-%{cpan_version}.tar.gz Source1: cpanspec.yml BuildArch: noarch BuildRequires: perl @@ -31,9 +32,14 @@ BuildRequires: perl(Compress::Raw::Zlib) BuildRequires: perl(CryptX) >= 0.067 BuildRequires: perl(JSON) +BuildRequires: perl(Test::More) >= 0.88 Requires: perl(Compress::Raw::Zlib) Requires: perl(CryptX) >= 0.067 Requires: perl(JSON) +Requires: perl(Test::More) >= 0.88 +Provides: perl(Crypt::JWT) = 0.35.0 +Provides: perl(Crypt::KeyWrap) = 0.35.0 +%define __perllib_provides /bin/true %{perl_requires} %description @@ -49,7 +55,7 @@ serialization, general JSON serialization is not supported yet. %prep -%autosetup -n %{cpan_name}-%{version} +%autosetup -n %{cpan_name}-%{cpan_version} %build perl Makefile.PL INSTALLDIRS=vendor ++++++ Crypt-JWT-0.034.tar.gz -> Crypt-JWT-0.035.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.034/Changes new/Crypt-JWT-0.035/Changes --- old/Crypt-JWT-0.034/Changes 2021-11-28 22:50:26.000000000 +0100 +++ new/Crypt-JWT-0.035/Changes 2023-10-03 12:18:07.000000000 +0200 @@ -1,5 +1,8 @@ Changes for Crypt-JWT distribution +0.035 2023-10-03 + - PR #37 Speed up decode_jwt + 0.034 2021-11-28 - fix #32 ensure payload is serialized consistently (canonical) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.034/META.json new/Crypt-JWT-0.035/META.json --- old/Crypt-JWT-0.034/META.json 2021-11-28 23:06:53.000000000 +0100 +++ new/Crypt-JWT-0.035/META.json 2023-10-03 12:19:06.000000000 +0200 @@ -4,7 +4,7 @@ "Karel Miko" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.62, CPAN::Meta::Converter version 2.150010", + "generated_by" : "ExtUtils::MakeMaker version 7.66, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], @@ -37,7 +37,7 @@ "Exporter" : "5.57", "JSON" : "0", "Scalar::Util" : "0", - "Test::More" : "0", + "Test::More" : "0.88", "perl" : "5.006" } } @@ -51,6 +51,6 @@ "url" : "https://github.com/DCIT/perl-Crypt-JWT"; } }, - "version" : "0.034", - "x_serialization_backend" : "JSON::PP version 4.06" + "version" : "0.035", + "x_serialization_backend" : "JSON::PP version 4.08" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.034/META.yml new/Crypt-JWT-0.035/META.yml --- old/Crypt-JWT-0.034/META.yml 2021-11-28 23:06:50.000000000 +0100 +++ new/Crypt-JWT-0.035/META.yml 2023-10-03 12:19:00.000000000 +0200 @@ -7,7 +7,7 @@ configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.62, CPAN::Meta::Converter version 2.150010' +generated_by: 'ExtUtils::MakeMaker version 7.66, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -23,10 +23,10 @@ Exporter: '5.57' JSON: '0' Scalar::Util: '0' - Test::More: '0' + Test::More: '0.88' perl: '5.006' resources: bugtracker: https://github.com/DCIT/perl-Crypt-JWT/issues repository: https://github.com/DCIT/perl-Crypt-JWT -version: '0.034' +version: '0.035' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.034/Makefile.PL new/Crypt-JWT-0.035/Makefile.PL --- old/Crypt-JWT-0.034/Makefile.PL 2021-03-18 21:54:13.000000000 +0100 +++ new/Crypt-JWT-0.035/Makefile.PL 2023-10-02 14:05:29.000000000 +0200 @@ -16,7 +16,7 @@ 'Compress::Raw::Zlib' => 0, 'CryptX' => '0.067', # we need: Ed25519+X25519 'Scalar::Util' => 0, - 'Test::More' => 0, + 'Test::More' => '0.88', # we need: done_testing }, META_MERGE => { resources => { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.034/README.md new/Crypt-JWT-0.035/README.md --- old/Crypt-JWT-0.034/README.md 2021-11-28 23:06:54.000000000 +0100 +++ new/Crypt-JWT-0.035/README.md 2023-10-03 12:19:07.000000000 +0200 @@ -215,6 +215,17 @@ }; my $payload = decode_jwt(token=>$t, kid_keys=>$keylist); + You can use ["export\_key\_jwk" in Crypt::PK::RSA](https://metacpan.org/pod/Crypt%3A%3APK%3A%3ARSA#export_key_jwk) to generate a JWK for RSA: + + my $pubkey = Crypt::PK::RSA->new('rs256-4096-public.pem'); + my $jwk_hash = $pubkey->export_key_jwk('public', 1); + $jwk_hash->{kid} = 'key1'; + my $keylist = { + keys => [ + $jwk_hash, + ] + }; + The structure described above is used e.g. by [https://www.googleapis.com/oauth2/v2/certs](https://www.googleapis.com/oauth2/v2/certs) use Mojo::UserAgent; @@ -229,7 +240,7 @@ my $payload = decode_jwt(token => $t, kid_keys => $google_certs); When the token header contains `kid` item the corresponding key is looked up in `kid_keys` list and used for token - decoding (you do not need to pass the explicit key via `key` parameter). + decoding (you do not need to pass the explicit key via `key` parameter). Add a kid header using ["extra\_headers"](#extra_headers). **INCOMPATIBLE CHANGE in 0.023:** When `kid_keys` is specified it croaks if token header does not contain `kid` value or if `kid` was not found in `kid_keys`. @@ -535,6 +546,10 @@ my $token = encode_jwt(payload=>$p, key=>$k, alg=>'PBES2-HS512+A256KW', extra_headers=>{p2c=8000, p2s=>32}); #NOTE: handling of p2s header is a special case, in the end it is replaced with the generated salt + You can also use this to specify a kid value (see ["kid\_keys"](#kid_keys)) + + my $token = encode_jwt(payload=>$p, key=>$k, alg => 'RS256', extra_headers=>{kid=>'key1'}); + - unprotected\_headers A hash with additional integrity unprotected headers - JWS and JWE (not available for `compact` serialization); @@ -591,4 +606,4 @@ # COPYRIGHT -Copyright (c) 2015-2021 DCIT, a.s. [https://www.dcit.cz](https://www.dcit.cz) / Karel Miko +Copyright (c) 2015-2023 DCIT, a.s. [https://www.dcit.cz](https://www.dcit.cz) / Karel Miko diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.034/lib/Crypt/JWT.pm new/Crypt-JWT-0.035/lib/Crypt/JWT.pm --- old/Crypt-JWT-0.034/lib/Crypt/JWT.pm 2021-11-28 22:50:55.000000000 +0100 +++ new/Crypt-JWT-0.035/lib/Crypt/JWT.pm 2023-10-03 12:17:09.000000000 +0200 @@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = '0.034'; +our $VERSION = '0.035'; use Exporter 'import'; our %EXPORT_TAGS = ( all => [qw(decode_jwt encode_jwt)] ); @@ -761,13 +761,14 @@ if (!$args{token}) { croak "JWT: missing token"; } - elsif ($args{token} =~ /^([a-zA-Z0-9_-]+)=*\.([a-zA-Z0-9_-]*)=*\.([a-zA-Z0-9_-]+)=*\.([a-zA-Z0-9_-]+)=*\.([a-zA-Z0-9_-]+)=*$/) { - # JWE token (5 segments) - ($header, $payload) = _decode_jwe($1, $2, $3, $4, $5, undef, {}, {}, %args); - } - elsif ($args{token} =~ /^([a-zA-Z0-9_-]+)=*\.([a-zA-Z0-9_-]+)=*\.([a-zA-Z0-9_-]*)=*$/) { - # JWS token (3 segments) - ($header, $payload) = _decode_jws($1, $2, $3, {}, %args); + elsif ($args{token} =~ /^([a-zA-Z0-9_-]+)=*\.([a-zA-Z0-9_-]*)=*\.([a-zA-Z0-9_-]*)=*(?:\.([a-zA-Z0-9_-]+)=*\.([a-zA-Z0-9_-]+)=*)?$/) { + if (length($5)) { + # JWE token (5 segments) + ($header, $payload) = Crypt::JWT::_decode_jwe($1, $2, $3, $4, $5, undef, {}, {}, %args); + } else { + # JWS token (3 segments) + ($header, $payload) = Crypt::JWT::_decode_jws($1, $2, $3, {}, %args); + } } elsif ($args{token} =~ /^\s*\{.*?\}\s*$/s) { my $hash = decode_json($args{token}); @@ -1022,6 +1023,17 @@ }; my $payload = decode_jwt(token=>$t, kid_keys=>$keylist); +You can use L<Crypt::PK::RSA/"export_key_jwk"> to generate a JWK for RSA: + + my $pubkey = Crypt::PK::RSA->new('rs256-4096-public.pem'); + my $jwk_hash = $pubkey->export_key_jwk('public', 1); + $jwk_hash->{kid} = 'key1'; + my $keylist = { + keys => [ + $jwk_hash, + ] + }; + The structure described above is used e.g. by L<https://www.googleapis.com/oauth2/v2/certs> use Mojo::UserAgent; @@ -1036,7 +1048,7 @@ my $payload = decode_jwt(token => $t, kid_keys => $google_certs); When the token header contains C<kid> item the corresponding key is looked up in C<kid_keys> list and used for token -decoding (you do not need to pass the explicit key via C<key> parameter). +decoding (you do not need to pass the explicit key via C<key> parameter). Add a kid header using L</"extra_headers">. B<INCOMPATIBLE CHANGE in 0.023:> When C<kid_keys> is specified it croaks if token header does not contain C<kid> value or if C<kid> was not found in C<kid_keys>. @@ -1346,6 +1358,10 @@ my $token = encode_jwt(payload=>$p, key=>$k, alg=>'PBES2-HS512+A256KW', extra_headers=>{p2c=8000, p2s=>32}); #NOTE: handling of p2s header is a special case, in the end it is replaced with the generated salt +You can also use this to specify a kid value (see L</"kid_keys">) + + my $token = encode_jwt(payload=>$p, key=>$k, alg => 'RS256', extra_headers=>{kid=>'key1'}); + =item unprotected_headers A hash with additional integrity unprotected headers - JWS and JWE (not available for C<compact> serialization); @@ -1404,4 +1420,4 @@ =head1 COPYRIGHT -Copyright (c) 2015-2021 DCIT, a.s. L<https://www.dcit.cz> / Karel Miko +Copyright (c) 2015-2023 DCIT, a.s. L<https://www.dcit.cz> / Karel Miko diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.034/lib/Crypt/KeyWrap.pm new/Crypt-JWT-0.035/lib/Crypt/KeyWrap.pm --- old/Crypt-JWT-0.034/lib/Crypt/KeyWrap.pm 2021-11-28 22:50:49.000000000 +0100 +++ new/Crypt-JWT-0.035/lib/Crypt/KeyWrap.pm 2023-10-03 12:17:14.000000000 +0200 @@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = '0.034'; +our $VERSION = '0.035'; use Exporter 'import'; our %EXPORT_TAGS = ( all => [qw(aes_key_wrap aes_key_unwrap gcm_key_wrap gcm_key_unwrap pbes2_key_wrap pbes2_key_unwrap ecdh_key_wrap ecdh_key_unwrap ecdhaes_key_wrap ecdhaes_key_unwrap rsa_key_wrap rsa_key_unwrap)] ); @@ -612,4 +612,4 @@ =head1 COPYRIGHT -Copyright (c) 2015-2021 DCIT, a.s. L<https://www.dcit.cz> / Karel Miko +Copyright (c) 2015-2023 DCIT, a.s. L<https://www.dcit.cz> / Karel Miko
