Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-Crypt-JWT for openSUSE:Factory checked in at 2021-05-04 22:01:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Crypt-JWT (Old) and /work/SRC/openSUSE:Factory/.perl-Crypt-JWT.new.2988 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Crypt-JWT" Tue May 4 22:01:23 2021 rev:3 rq:890406 version:0.033 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Crypt-JWT/perl-Crypt-JWT.changes 2021-03-24 16:13:14.415957128 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Crypt-JWT.new.2988/perl-Crypt-JWT.changes 2021-05-04 22:01:35.612464396 +0200 @@ -1,0 +2,9 @@ +Sun May 2 03:06:09 UTC 2021 - Tina M??ller <[email protected]> + +- updated to 0.033 + see /usr/share/doc/packages/perl-Crypt-JWT/Changes + + 0.033 2021-05-01 + - fix #31 verify_xxx options do not work properly with decode_payload=0 + +------------------------------------------------------------------- Old: ---- Crypt-JWT-0.032.tar.gz New: ---- Crypt-JWT-0.033.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Crypt-JWT.spec ++++++ --- /var/tmp/diff_new_pack.GcRV2b/_old 2021-05-04 22:01:35.992462967 +0200 +++ /var/tmp/diff_new_pack.GcRV2b/_new 2021-05-04 22:01:35.996462953 +0200 @@ -18,7 +18,7 @@ %define cpan_name Crypt-JWT Name: perl-Crypt-JWT -Version: 0.032 +Version: 0.033 Release: 0 Summary: JSON Web Token (JWT, JWS, JWE) as defined by RFC7519, RFC7515, RFC7516 License: Artistic-1.0 OR GPL-1.0-or-later ++++++ Crypt-JWT-0.032.tar.gz -> Crypt-JWT-0.033.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.032/Changes new/Crypt-JWT-0.033/Changes --- old/Crypt-JWT-0.032/Changes 2021-03-18 21:57:49.000000000 +0100 +++ new/Crypt-JWT-0.033/Changes 2021-05-01 19:12:35.000000000 +0200 @@ -1,5 +1,8 @@ Changes for Crypt-JWT distribution +0.033 2021-05-01 + - fix #31 verify_xxx options do not work properly with decode_payload=0 + 0.032 2021-03-18 - fix #30 use lower uid/gid in release tarball diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.032/META.json new/Crypt-JWT-0.033/META.json --- old/Crypt-JWT-0.032/META.json 2021-03-18 21:58:23.000000000 +0100 +++ new/Crypt-JWT-0.033/META.json 2021-05-01 19:14:26.000000000 +0200 @@ -4,7 +4,7 @@ "Karel Miko" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.58, CPAN::Meta::Converter version 2.150010", + "generated_by" : "ExtUtils::MakeMaker version 7.60, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], @@ -51,6 +51,6 @@ "url" : "https://github.com/DCIT/perl-Crypt-JWT"; } }, - "version" : "0.032", - "x_serialization_backend" : "JSON::PP version 4.05" + "version" : "0.033", + "x_serialization_backend" : "JSON::PP version 4.06" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.032/META.yml new/Crypt-JWT-0.033/META.yml --- old/Crypt-JWT-0.032/META.yml 2021-03-18 21:58:19.000000000 +0100 +++ new/Crypt-JWT-0.033/META.yml 2021-05-01 19:14:21.000000000 +0200 @@ -7,7 +7,7 @@ configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.58, CPAN::Meta::Converter version 2.150010' +generated_by: 'ExtUtils::MakeMaker version 7.60, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -28,5 +28,5 @@ resources: bugtracker: https://github.com/DCIT/perl-Crypt-JWT/issues repository: https://github.com/DCIT/perl-Crypt-JWT -version: '0.032' +version: '0.033' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.032/lib/Crypt/JWT.pm new/Crypt-JWT-0.033/lib/Crypt/JWT.pm --- old/Crypt-JWT-0.032/lib/Crypt/JWT.pm 2021-03-18 21:53:40.000000000 +0100 +++ new/Crypt-JWT-0.033/lib/Crypt/JWT.pm 2021-05-01 19:13:08.000000000 +0200 @@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = '0.032'; +our $VERSION = '0.033'; use Exporter 'import'; our %EXPORT_TAGS = ( all => [qw(decode_jwt encode_jwt)] ); @@ -168,6 +168,17 @@ return if $args{ignore_claims}; + if (ref($payload) ne 'HASH') { + # https://github.com/DCIT/perl-Crypt-JWT/issues/31 + # payload needs to be decoded into a HASH for checking any verify_XXXX + for my $claim (qw(exp nbf iat iss sub aud jti)) { + if (defined $args{"verify_$claim"} && $args{"verify_$claim"} != 0) { + croak "JWT: cannot check verify_$claim (payload not decoded JSON/HASH)"; + } + } + return; # nothing to check + } + my $leeway = $args{leeway} || 0; my $now = time; @@ -527,7 +538,7 @@ my $payload = _decrypt_jwe_payload($cek, $header->{enc}, $aad, $ct, $iv, $tag); $payload = _payload_unzip($payload, $header->{zip}) if $header->{zip}; $payload = _payload_dec($payload, $args{decode_payload}); - _verify_claims($payload, %args) if ref $payload eq 'HASH'; # croaks on error + _verify_claims($payload, %args); # croaks on error return ($header, $payload); } @@ -683,7 +694,7 @@ croak "JWS: invalid payload part" if $b64u_payload && !$payload; $payload = _payload_unzip($payload, $header->{zip}) if $header->{zip}; $payload = _payload_dec($payload, $args{decode_payload}); - _verify_claims($payload, %args) if ref $payload eq 'HASH'; # croaks on error + _verify_claims($payload, %args); # croaks on error $header = { %$unprotected_header, %$header }; # merge headers return ($header, $payload); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.032/lib/Crypt/KeyWrap.pm new/Crypt-JWT-0.033/lib/Crypt/KeyWrap.pm --- old/Crypt-JWT-0.032/lib/Crypt/KeyWrap.pm 2021-03-18 21:53:46.000000000 +0100 +++ new/Crypt-JWT-0.033/lib/Crypt/KeyWrap.pm 2021-05-01 19:13:15.000000000 +0200 @@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = '0.032'; +our $VERSION = '0.033'; use Exporter 'import'; our %EXPORT_TAGS = ( all => [qw(aes_key_wrap aes_key_unwrap gcm_key_wrap gcm_key_unwrap pbes2_key_wrap pbes2_key_unwrap ecdh_key_wrap ecdh_key_unwrap ecdhaes_key_wrap ecdhaes_key_unwrap rsa_key_wrap rsa_key_unwrap)] ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-JWT-0.032/t/jwt_encode_decode.t new/Crypt-JWT-0.033/t/jwt_encode_decode.t --- old/Crypt-JWT-0.032/t/jwt_encode_decode.t 2021-01-10 15:03:54.000000000 +0100 +++ new/Crypt-JWT-0.033/t/jwt_encode_decode.t 2021-05-01 19:09:11.000000000 +0200 @@ -202,4 +202,25 @@ is($decoded, "Hello!"); } +{ # https://github.com/DCIT/perl-Crypt-JWT/issues/31 + # verify_xxx options do not work with decode_payload=0 + my $h = { hello => 'world' }; + my $token = encode_jwt(key=>\$rsaPriv, payload=>$h, alg=>'RS256', relative_exp => 1000); + ok($token); + ok( decode_jwt(key=>\$rsaPub, token=>$token) ); + ok( decode_jwt(key=>\$rsaPub, token=>$token, verify_exp=>1, decode_payload=>undef) ); + ok( decode_jwt(key=>\$rsaPub, token=>$token, verify_exp=>1, decode_payload=>1) ); + ok( decode_jwt(key=>\$rsaPub, token=>$token, verify_exp=>0, decode_payload=>1) ); + ok( decode_jwt(key=>\$rsaPub, token=>$token, verify_exp=>0, decode_payload=>0) ); + ok( !eval { decode_jwt(key=>\$rsaPub, token=>$token, verify_exp=>1, decode_payload=>0) } ); + my $tokenex = encode_jwt(key=>\$rsaPriv, payload=>$h, alg=>'RS256', relative_exp => -1000); + ok($tokenex); + ok( !eval { decode_jwt(key=>\$rsaPub, token=>$tokenex) } ); + ok( !eval { decode_jwt(key=>\$rsaPub, token=>$tokenex, verify_exp=>1, decode_payload=>undef) } ); + ok( !eval { decode_jwt(key=>\$rsaPub, token=>$tokenex, verify_exp=>1, decode_payload=>1) } ); + ok( decode_jwt(key=>\$rsaPub, token=>$tokenex, verify_exp=>0, decode_payload=>1) ); + ok( decode_jwt(key=>\$rsaPub, token=>$tokenex, verify_exp=>0, decode_payload=>0) ); + ok( !eval { decode_jwt(key=>\$rsaPub, token=>$tokenex, verify_exp=>1, decode_payload=>0) } ); +} + done_testing;
