argon2 2.1.2 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bff7ddef087d3f6715d16badbd5e9c5751445fb1016e5e1b7c28a3e1be7969fa
-  data.tar.gz: bc1bd994565169c1d2b30cdb29ad47fc9ad6b2fcd7667ec567357e4beae644fa
+  metadata.gz: f926025634562667dbc1575383b09a6d3178248f1551325726f1dc194472b0e5
+  data.tar.gz: a4876cbbaf99df1062ac39f668e3af254c5b45b1d431bf5e7180e3076fd20d3d
 SHA512:
-  metadata.gz: db612e16de69bd3a6e680a163d3af9bbc59834dff17546dc603d0f6adfd0035f0b15a5e6f4779a8c7e578ac03217dca93d4771efea8af675aeaaf691c911685d
-  data.tar.gz: 711745dd87ae4add9e23154ff3efd1b8674a73b3f2e5b0693c10a968f8f4060b51379f5c11d56678996fdd79f1ba8b69f368f5810e4c9c4c6a04e5a01cf0956e
+  metadata.gz: e5c592dc870390af4ad6fbce1ea4b3b4b5be6fa25574f18ac44d0509dab1adef3bb21e1e1c5a84b01d364e335f4b4b01460a0a4207c96734ae67f0b4ff12289a
+  data.tar.gz: c59f5baeea0c7ff436f77a4dadc267c5619ceccf2749ee25a428173abbf4842606a48bbd90f74a89cbd6347cc31dc643447b926cb6caccdcbcf04d7eabfb19a8

data/.github/workflows/codeql.yml

@@ -0,0 +1,74 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '34 3 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'ruby' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

data/.github/workflows/ruby.yml

@@ -13,9 +13,9 @@ jobs:
           - ubuntu
           - macos
         ruby:
-          - 2.6
           - 2.7
           - 3.1
+          - 3.2
 
     runs-on: ${{ matrix.os }}-latest
 

data/README.md

@@ -13,7 +13,7 @@ This project has several key tenets to its design:
 * The reference Argon2 implementation is to be used "unaltered". To ensure compliance with this goal, and encourage regular updates from upstream, the upstream library is implemented as a git submodule, and is intended to stay that way.
 * The FFI interface is kept as slim as possible, with wrapper classes preferred to implementing context structs in FFI
 * Security and maintainability take top priority. This can have an impact on platform support. A PR that contains platform specific code paths is unlikely to be accepted.
-* Tested platforms are MRI Ruby 2.2, 2.3 and JRuby 9000. No assertions are made on other platforms.
+* Tested platforms are MRI Ruby 2.7 and 3.0. No assertions are made on other platforms.
 * Errors from the C interface are raised as Exceptions. There are a lot of exception classes, but they tend to relate to things like very broken input, and code bugs. Calls to this library should generally not require a rescue.
 * Test suites should aim for 100% code coverage.
 * Default work values should not be considered constants. I will increase them from time to time.

data/argon2.gemspec

@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-  spec.add_dependency 'ffi', '~> 1.14'
+  spec.add_dependency 'ffi', '~> 1.15'
   spec.add_dependency 'ffi-compiler', '~> 1.0'
 
   spec.add_development_dependency "bundler", '~> 2.0'

data/bin/setup

@@ -10,5 +10,6 @@ git submodule update --init --recursive
 # Build the Argon2 C Library. Git submodules must be initialized first!
 bundle install
 cd ext/argon2_wrap/
+ruby extconf.rb
 make
 cd ../..

data/ext/argon2_wrap/{Makefile → Makefile.real}

@@ -60,6 +60,7 @@ LIB_SH := lib$(LIB_NAME).$(LIB_EXT)
 all: libs 
 libs: $(SRC)
 		$(CC) $(CFLAGS) $(LIB_CFLAGS) $^ -o libargon2_wrap.$(LIB_EXT)
+		cp libargon2_wrap.$(LIB_EXT) ../../lib
 
 #Deliberately avoiding the CFLAGS for our test cases - disable optimise and
 #C89

data/ext/argon2_wrap/extconf.rb

@@ -1,2 +1,5 @@
 # frozen_string_literal: true
-#I must admit I have no understanding of why this empty file works.
+
+require 'mkmf'
+
+File.rename('Makefile.real', 'Makefile')

data/lib/argon2/version.rb

@@ -3,5 +3,5 @@
 # Standard Gem version constant.
 
 module Argon2
-  VERSION = "2.1.2"
+  VERSION = "2.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: argon2
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.2.0
 platform: ruby
 authors:
 - Technion
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-10-24 00:00:00.000000000 Z
+date: 2022-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '1.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '1.15'
 - !ruby/object:Gem::Dependency
   name: ffi-compiler
   requirement: !ruby/object:Gem::Requirement
@@ -144,6 +144,7 @@ extensions:
 - ext/argon2_wrap/extconf.rb
 extra_rdoc_files: []
 files:
+- ".github/workflows/codeql.yml"
 - ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".gitmodules"
@@ -159,10 +160,10 @@ files:
 - bin/console
 - bin/setup
 - bin/test
-- ext/argon2_wrap/Makefile
+- ext/argon2_wrap/Makefile.real
 - ext/argon2_wrap/argon_wrap.c
+- ext/argon2_wrap/argon_wrap.o
 - ext/argon2_wrap/extconf.rb
-- ext/argon2_wrap/libargon2_wrap.so
 - ext/argon2_wrap/test.c
 - ext/phc-winner-argon2/.git
 - ext/phc-winner-argon2/.gitattributes