bcrypt 3.1.18 → 3.1.19

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ba8b7b14c18d5ad7f8dcd58b2e719925695a8af445b232d50fc21695b3cd4200
4
- data.tar.gz: a3a566bb869dcc9001dbeae8041595152444596253d152c9a374ce9c1503d817
3
+ metadata.gz: 3d928c8b1764d15c593b64010a766c6dd8ed28c6cc634710aa1ef22616e9ce92
4
+ data.tar.gz: '0485ba6c9431e9cef69201de5d207181325385247a32e89d2e33ca87e57d184f'
5
5
  SHA512:
6
- metadata.gz: 9e21ae566338f46280af6576c42b54d6dfe9e75619c35a72b87f6401bef689be8526b3385a556f332c28d9a939ca7cd4f2104ef1483f4cc24d144ba837b69af4
7
- data.tar.gz: 1c2e714911083b8aa457d9d16c5dd084acd6610e67a4f2c489ec137b1c503f2753d4a2c98e06446bc7771caec176b7b24a207f7395541e32c31268c8d8773551
6
+ metadata.gz: ac2844a3ab59a8ca724a362cf68dd68083ae2059769479f00d198097fb3efc7a37e8461aeea3b67fdbf6aa48167ea5de7be520a52339b8991954baa373652dec
7
+ data.tar.gz: 89ab8573f7567b61fa7ad4ed4edbd5c4e222400b7bf8b38e357d36276f853050c3f3d416911d5a74f7a7a5cdae19852cee8a06c5baba3d72e830eb637e331ecc
data/CHANGELOG CHANGED
@@ -1,3 +1,7 @@
1
+ 3.1.19 June 22 2023
2
+ - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev]
3
+ - Add GC guards so the C compiler won't optimize out references [GH #270]
4
+
1
5
  3.1.18 May 16 2022
2
6
  - Unlock GVL when calculating hashes and salts [GH #260]
3
7
  - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
data/Rakefile CHANGED
@@ -50,8 +50,8 @@ end
50
50
  if RUBY_PLATFORM =~ /java/
51
51
  Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
52
52
  ext.ext_dir = 'ext/jruby'
53
- ext.source_version = "1.7"
54
- ext.target_version = "1.7"
53
+ ext.source_version = "1.8"
54
+ ext.target_version = "1.8"
55
55
  end
56
56
  else
57
57
  Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|
data/bcrypt.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'bcrypt'
3
- s.version = '3.1.18'
3
+ s.version = '3.1.19'
4
4
 
5
5
  s.summary = "OpenBSD's bcrypt() password hashing algorithm."
6
6
  s.description = <<-EOF
data/ext/mri/bcrypt_ext.c CHANGED
@@ -49,6 +49,9 @@ static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
49
49
  if(!salt) return Qnil;
50
50
 
51
51
  str_salt = rb_str_new2(salt);
52
+
53
+ RB_GC_GUARD(prefix);
54
+ RB_GC_GUARD(input);
52
55
  free(salt);
53
56
 
54
57
  return str_salt;
@@ -99,6 +102,8 @@ static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
99
102
 
100
103
  out = rb_str_new2(value);
101
104
 
105
+ RB_GC_GUARD(key);
106
+ RB_GC_GUARD(setting);
102
107
  free(args.data);
103
108
 
104
109
  return out;
data/lib/bcrypt/engine.rb CHANGED
@@ -53,6 +53,13 @@ module BCrypt
53
53
  # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
54
54
  # a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
55
55
  def self.hash_secret(secret, salt, _ = nil)
56
+ unless _.nil?
57
+ warn "[DEPRECATION] Passing the third argument to " \
58
+ "`BCrypt::Engine.hash_secret` is deprecated. " \
59
+ "Please do not pass the third argument which " \
60
+ "is currently not used."
61
+ end
62
+
56
63
  if valid_secret?(secret)
57
64
  if valid_salt?(salt)
58
65
  if RUBY_PLATFORM == "java"
@@ -31,6 +31,12 @@ describe "Creating a hashed password" do
31
31
  specify "should tolerate very long string secrets" do
32
32
  expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error
33
33
  end
34
+
35
+ specify "blows up when null bytes are in the string" do
36
+ # JRuby can handle the null bytes
37
+ skip if RUBY_ENGINE == 'jruby'
38
+ expect { BCrypt::Password.create( "foo\0bar".chop ) }.to raise_error
39
+ end
34
40
  end
35
41
 
36
42
  describe "Reading a hashed password" do
metadata CHANGED
@@ -1,38 +1,38 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bcrypt
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.18
4
+ version: 3.1.19
5
5
  platform: ruby
6
6
  authors:
7
7
  - Coda Hale
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-16 00:00:00.000000000 Z
11
+ date: 2023-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: rake-compiler
15
14
  requirement: !ruby/object:Gem::Requirement
16
15
  requirements:
17
16
  - - "~>"
18
17
  - !ruby/object:Gem::Version
19
18
  version: 1.2.0
20
- type: :development
19
+ name: rake-compiler
21
20
  prerelease: false
21
+ type: :development
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: 1.2.0
27
27
  - !ruby/object:Gem::Dependency
28
- name: rspec
29
28
  requirement: !ruby/object:Gem::Requirement
30
29
  requirements:
31
30
  - - ">="
32
31
  - !ruby/object:Gem::Version
33
32
  version: '3'
34
- type: :development
33
+ name: rspec
35
34
  prerelease: false
35
+ type: :development
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
@@ -50,10 +50,10 @@ extra_rdoc_files:
50
50
  - README.md
51
51
  - COPYING
52
52
  - CHANGELOG
53
+ - lib/bcrypt.rb
53
54
  - lib/bcrypt/password.rb
54
55
  - lib/bcrypt/engine.rb
55
56
  - lib/bcrypt/error.rb
56
- - lib/bcrypt.rb
57
57
  files:
58
58
  - ".github/workflows/ruby.yml"
59
59
  - ".gitignore"
@@ -89,7 +89,7 @@ homepage: https://github.com/bcrypt-ruby/bcrypt-ruby
89
89
  licenses:
90
90
  - MIT
91
91
  metadata: {}
92
- post_install_message:
92
+ post_install_message:
93
93
  rdoc_options:
94
94
  - "--title"
95
95
  - bcrypt-ruby
@@ -110,8 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
110
110
  - !ruby/object:Gem::Version
111
111
  version: '0'
112
112
  requirements: []
113
- rubygems_version: 3.1.4
114
- signing_key:
113
+ rubygems_version: 3.2.29
114
+ signing_key:
115
115
  specification_version: 4
116
116
  summary: OpenBSD's bcrypt() password hashing algorithm.
117
117
  test_files: []