Hello community, here is the log from the commit of package ghc-jose for openSUSE:Factory checked in at 2017-08-31 20:48:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-jose (Old) and /work/SRC/openSUSE:Factory/.ghc-jose.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ghc-jose" Thu Aug 31 20:48:01 2017 rev:4 rq:513409 version:0.6.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-jose/ghc-jose.changes 2017-07-07 10:17:44.260039656 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-jose.new/ghc-jose.changes 2017-08-31 20:48:02.310404887 +0200 @@ -1,0 +2,5 @@ +Thu Jul 27 14:07:57 UTC 2017 - psimons@suse.com + +- Update to version 0.6.0.3. + +------------------------------------------------------------------- Old: ---- jose-0.5.0.4.tar.gz New: ---- jose-0.6.0.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-jose.spec ++++++ --- /var/tmp/diff_new_pack.D9mR2E/_old 2017-08-31 20:48:03.378254996 +0200 +++ /var/tmp/diff_new_pack.D9mR2E/_new 2017-08-31 20:48:03.382254435 +0200 @@ -19,7 +19,7 @@ %global pkg_name jose %bcond_with tests Name: ghc-%{pkg_name} -Version: 0.5.0.4 +Version: 0.6.0.3 Release: 0 Summary: Javascript Object Signing and Encryption and JSON Web Token library License: Apache-2.0 @@ -32,8 +32,8 @@ BuildRequires: ghc-aeson-devel BuildRequires: ghc-attoparsec-devel BuildRequires: ghc-base64-bytestring-devel -BuildRequires: ghc-byteable-devel BuildRequires: ghc-bytestring-devel +BuildRequires: ghc-concise-devel BuildRequires: ghc-containers-devel BuildRequires: ghc-cryptonite-devel BuildRequires: ghc-lens-devel @@ -44,6 +44,7 @@ BuildRequires: ghc-quickcheck-instances-devel BuildRequires: ghc-rpm-macros BuildRequires: ghc-safe-devel +BuildRequires: ghc-semigroups-devel BuildRequires: ghc-template-haskell-devel BuildRequires: ghc-text-devel BuildRequires: ghc-time-devel @@ -63,15 +64,15 @@ JSON Web Token (JWT; RFC 7519) formats. The JSON Web Signature (JWS; RFC 7515) implementation is complete. + +EdDSA signatures (RFC 8037) are supported (Ed25519 only). + +JWK Thumbprint (RFC 7638) is supported (requires /aeson/ >= 0.10). + JSON Web Encryption (JWE; RFC 7516) is not yet implemented. -All JWS algorithms (HMAC, ECDSA, RSASSA-PKCS-v1_5 and RSASSA-PSS) are -implemented, however, the ECDSA implementation is is vulnerable to timing -attacks and should therefore only be used for JWS verification. - -The 'Crypto.JOSE.Legacy' module is provided for working with the Mozilla -Persona (formerly BrowserID) key format. Only RSA keys are supported - DSA keys -cannot be used and must be handled as opaque objects. +The __ECDSA implementation is vulnerable to timing attacks__ and should only be +used for verification. %package devel Summary: Haskell %{pkg_name} library development files ++++++ jose-0.5.0.4.tar.gz -> jose-0.6.0.3.tar.gz ++++++ ++++ 4786 lines of diff (skipped)