jwt-pq 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/SECURITY.md +1 -1
- data/ext/jwt/pq/extconf.rb +2 -2
- data/lib/jwt/pq/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3e22fd166db5a77e02477a645fe843107a8615e89f5e33d914754495e28ac112
|
|
4
|
+
data.tar.gz: 8f1a3acd924b82fb720ecff5882ece4c9842fca6a0aab9cf3710d6b3783ad93b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6b9711b89b4edf08e92e379ed6b821107abc0c89468ac8df9c54e97db862948a88f561ce4163deae149d813bcd2259cfdfba45b241985899ba9f2547d1dfce4c
|
|
7
|
+
data.tar.gz: 7dee45f2a9cd096881aaf2f6c8f29fa700b3b6f99419af409c817693d5cb5aaaec85f624fe752e03d9bc5cc5915f266d310961a21805d183d0123232a3ee98b5
|
data/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [0.6.1] - 2026-07-13
|
|
11
|
+
|
|
12
|
+
### Security
|
|
13
|
+
|
|
14
|
+
- Bundled liboqs updated from 0.15.0 to [0.16.0](https://github.com/open-quantum-safe/liboqs/releases/tag/0.16.0), which patches five upstream security issues, including [CVE-2026-44518](https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-wf7v-fhxj-73m2) and [GHSA-2wxh-55qf-c7wg](https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-2wxh-55qf-c7wg) (moderate, out-of-bounds reads in XMSS/XMSS^MT signature verification). None of the patched code paths (XMSS/XMSS^MT, CROSS, FrodoKEM) are compiled into jwt-pq's ML-DSA-only build, so jwt-pq itself was not exposed; the bump keeps the bundled library on a supported upstream release (#57)
|
|
15
|
+
|
|
16
|
+
### Dependencies
|
|
17
|
+
|
|
18
|
+
- Bump `codecov/codecov-action` from 6.0.1 to 7.0.0 (#49)
|
|
19
|
+
- Bump `actions/checkout` from 6.0.3 to 7.0.0 (#52)
|
|
20
|
+
|
|
10
21
|
## [0.6.0] - 2026-04-22
|
|
11
22
|
|
|
12
23
|
### Added
|
|
@@ -151,7 +162,8 @@ Throughput on Ruby 3.4.6, macOS x86_64, liboqs 0.15.0 (benchmark-ips, 2s warmup
|
|
|
151
162
|
- Optional dependency on jwt-eddsa / ed25519
|
|
152
163
|
- Error classes: `LiboqsError`, `KeyError`, `SignatureError`, `MissingDependencyError`
|
|
153
164
|
|
|
154
|
-
[Unreleased]: https://github.com/marcelopazzo/jwt-pq/compare/v0.6.
|
|
165
|
+
[Unreleased]: https://github.com/marcelopazzo/jwt-pq/compare/v0.6.1...HEAD
|
|
166
|
+
[0.6.1]: https://github.com/marcelopazzo/jwt-pq/compare/v0.6.0...v0.6.1
|
|
155
167
|
[0.6.0]: https://github.com/marcelopazzo/jwt-pq/compare/v0.5.1...v0.6.0
|
|
156
168
|
[0.5.1]: https://github.com/marcelopazzo/jwt-pq/compare/v0.5.0...v0.5.1
|
|
157
169
|
[0.5.0]: https://github.com/marcelopazzo/jwt-pq/compare/v0.4.0...v0.5.0
|
data/SECURITY.md
CHANGED
|
@@ -38,7 +38,7 @@ Out of scope (report upstream):
|
|
|
38
38
|
|
|
39
39
|
## Upstream liboqs advisories
|
|
40
40
|
|
|
41
|
-
jwt-pq bundles a pinned version of liboqs (see `LIBOQS_VERSION` in `ext/jwt/pq/extconf.rb`, currently **0.
|
|
41
|
+
jwt-pq bundles a pinned version of liboqs (see `LIBOQS_VERSION` in `ext/jwt/pq/extconf.rb`, currently **0.16.0**, integrity-checked against a SHA-256 of the source tarball).
|
|
42
42
|
|
|
43
43
|
When [liboqs](https://github.com/open-quantum-safe/liboqs/security/advisories) publishes a security advisory affecting an algorithm we ship:
|
|
44
44
|
|
data/ext/jwt/pq/extconf.rb
CHANGED
|
@@ -10,8 +10,8 @@ require "zlib"
|
|
|
10
10
|
require "etc"
|
|
11
11
|
require "tmpdir"
|
|
12
12
|
|
|
13
|
-
LIBOQS_VERSION = "0.
|
|
14
|
-
LIBOQS_SHA256 = "
|
|
13
|
+
LIBOQS_VERSION = "0.16.0"
|
|
14
|
+
LIBOQS_SHA256 = "162d5b510518ee5f285f82fa1f16402a885176e818bf1b1a4c3c91c9a2f01eae"
|
|
15
15
|
LIBOQS_URL = "https://github.com/open-quantum-safe/liboqs/archive/refs/tags/#{LIBOQS_VERSION}.tar.gz"
|
|
16
16
|
|
|
17
17
|
PACKAGE_ROOT_DIR = File.expand_path("../../..", __dir__)
|
data/lib/jwt/pq/version.rb
CHANGED