bcrypt 3.1.11 → 3.1.12.rc1

checksums.yaml

@@ -1,15 +1,17 @@
 ---
-!binary "U0hBMQ==":
+!binary "U0hBMjU2":
   metadata.gz: !binary |-
-    ODFjNzllODAzY2QwNzEzMzBkMjgwNTA0MzA2NGU0Y2FlOWVlNmIxZg==
+    MzFlOTc3ZGIxZjAwMzAzMTE5YzdlMDk2ZTNlMzVjZjkwMWM5MmVjYzczNWZl
+    OGM5YmFiY2Y2MmU0MjliMTc0Nw==
   data.tar.gz: !binary |-
-    OWRiZmFhODBmYjk4YzVlM2FhYTlmNTM4ODVlMDgyMDNhODAxNWYzZQ==
+    YTlmNWYxNjBkNjBkNjhkYTc2YzQxZjNmYjAwZTE5NjcyYjg3YmMwZjlkN2I3
+    YWMwYTNlMTYwNmMwZmYzNzM0Mg==
 SHA512:
   metadata.gz: !binary |-
-    M2IzMDVmMDcwZTY5ZjBkNzc1ZDFkNGNlYjNiN2FiNjU5ZGUwZWFiMzc3YjI2
-    YmI5MTI1YmJmZTU2NDJlNjE2YzJiYmVmYjM4Mzk2YTcyYjQ3NDIxMDIyYWM0
-    YmJlMGE3MWNhNzRjY2VjYzVlZTUxN2RhNzBkYWNlOTM0NTRmN2Q=
+    ZGQxMmVkMzkwY2ExZjQwZWQ2NmU1YjJhZWU0MzI4ZTgxMzhmOTA4ZmJmYWI0
+    NGJkYjg5NDIzM2UzYzdkNWFjMmRmODI2OWE2NjAwOGNjZmI2ZTM3ZGVlYzM4
+    ZTIxNTI5YmQ1NmI1Njg3MjU5MWNjOWJmNGY2NzExMWQ3ZjU3NTc=
   data.tar.gz: !binary |-
-    MjA0MTQxZTk1YjNmZTU3NjlhYzliYWQzOWJhMzZlZjFlNWNkZGMzMzYzMDk4
-    YWRlMjg0ZDA4MWNlMDNkZWIzOWIxZjQ2MDQ0Njg1YzkwODZmMDJlMmEwNDgx
-    NDA4ZThjZDhhNzJiNzg2ZWM2ZWIyNmNjMmY3MDY1NzNhYzBiODc=
+    ZDk4MDk4ZDllOWY3OTgxZjBjODM5ZDUyMDNiYjE0YjI1ZmIzM2NlNTNmZDVl
+    ZjJiZTY2NWM5OTQzOGE2MTcwMTZjOTkxOGM0YjViZWVmOGExODRjYTg5YjA5
+    YzhmZDYzMjIzNDdkYmRmOTdhYjFiOTBkNDA1MTdjYTM0MGZhMWU=

data/.travis.yml

@@ -1,16 +1,21 @@
 language: ruby
+before_install:
+  - gem update --system
+  - gem install bundler
 rvm:
-  - 1.8.7
-  - 1.9.2
-  - 1.9.3
-  - 2.0.0
-  - 2.1.0
-  - 2.2.0
-  - 2.3.0
+  - 1.8
+  - 1.9
+  - 2.0
+  - 2.1
+  - 2.2
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
   - ruby-head
   - jruby-18mode
   - jruby-19mode
   - jruby-head
-  - rbx-2
+  - rbx-3
   - ree
 script: bundle exec rake

data/CHANGELOG

@@ -82,3 +82,7 @@
 
 3.1.11 Mar 06 2016
   - Add support for Ruby 2.2 in compiled Windows binaries
+
+3.1.12 May 15 2018
+  - Add support for Ruby 2.3, 2.4, and 2.5 in compiled Windows binaries
+  - Fix compatibility with libxcrypt [GH #164 by @besser82]

data/Gemfile.lock

@@ -1,14 +1,14 @@
 PATH
   remote: .
   specs:
-    bcrypt (3.1.11)
+    bcrypt (3.1.12.rc1)
 
 GEM
   remote: https://rubygems.org/
   specs:
     diff-lcs (1.2.5)
-    json (1.8.3)
-    json (1.8.3-java)
+    json (1.8.6)
+    json (1.8.6-java)
     rake (10.4.2)
     rake-compiler (0.9.5)
       rake
@@ -41,4 +41,4 @@ DEPENDENCIES
   rspec (>= 3)
 
 BUNDLED WITH
-   1.11.2
+   1.16.1

data/README.md

@@ -30,8 +30,8 @@ re-hash those passwords. This vulnerability only affected the JRuby gem.
 The bcrypt gem is available on the following ruby platforms:
 
 * JRuby
-* RubyInstaller 1.8, 1.9, 2.0, 2.1, and 2.2 builds on win32
-* Any 1.8, 1.9, 2.0, 2.1, 2.2, or 2.3 Ruby on a BSD/OS X/Linux system with a compiler
+* RubyInstaller 1.8, 1.9, 2.0, 2.1, 2.2, 2.3, 2.4, and 2.5 builds on Windows
+* Any 1.8, 1.9, 2.0, 2.1, 2.2, 2.3, 2.4, or 2.5 Ruby on a BSD/OS X/Linux system with a compiler
 
 ## How to use `bcrypt()` in your Rails application
 
@@ -40,69 +40,58 @@ The bcrypt gem is available on the following ruby platforms:
 implements a similar authentication strategy to the code below.
 
 ### The _User_ model
-
-    require 'bcrypt'
-
-    class User < ActiveRecord::Base
-      # users.password_hash in the database is a :string
-      include BCrypt
-
-      def password
-        @password ||= Password.new(password_hash)
-      end
-
-      def password=(new_password)
-        @password = Password.create(new_password)
-        self.password_hash = @password
-      end
-    end
-
+```ruby
+require 'bcrypt'
+
+class User < ActiveRecord::Base
+  # users.password_hash in the database is a :string
+  include BCrypt
+
+  def password
+    @password ||= Password.new(password_hash)
+  end
+
+  def password=(new_password)
+    @password = Password.create(new_password)
+    self.password_hash = @password
+  end
+end
+```
 ### Creating an account
-
-    def create
-      @user = User.new(params[:user])
-      @user.password = params[:password]
-      @user.save!
-    end
-
+```ruby
+def create
+  @user = User.new(params[:user])
+  @user.password = params[:password]
+  @user.save!
+end
+```
 ### Authenticating a user
-
-    def login
-      @user = User.find_by_email(params[:email])
-      if @user.password == params[:password]
-        give_token
-      else
-        redirect_to home_url
-      end
-    end
-
-### If a user forgets their password?
-
-    # assign them a random one and mail it to them, asking them to change it
-    def forgot_password
-      @user = User.find_by_email(params[:email])
-      random_password = Array.new(10).map { (65 + rand(58)).chr }.join
-      @user.password = random_password
-      @user.save!
-      Mailer.create_and_deliver_password_change(@user, random_password)
-    end
-
+```ruby
+def login
+  @user = User.find_by_email(params[:email])
+  if @user.password == params[:password]
+    give_token
+  else
+    redirect_to home_url
+  end
+end
+```
 ## How to use bcrypt-ruby in general
+```ruby
+require 'bcrypt'
 
-    require 'bcrypt'
-
-    my_password = BCrypt::Password.create("my password")
-      #=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
-
-    my_password.version              #=> "2a"
-    my_password.cost                 #=> 10
-    my_password == "my password"     #=> true
-    my_password == "not my password" #=> false
+my_password = BCrypt::Password.create("my password")
+#=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
 
-    my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
-    my_password == "my password"     #=> true
-    my_password == "not my password" #=> false
+my_password.version              #=> "2a"
+my_password.cost                 #=> 10
+my_password == "my password"     #=> true
+my_password == "not my password" #=> false
 
+my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
+my_password == "my password"     #=> true
+my_password == "not my password" #=> false
+```
 Check the rdocs for more details -- BCrypt, BCrypt::Password.
 
 ## How `bcrypt()` works
@@ -171,15 +160,15 @@ stateless authentication architecture (e.g., HTTP Basic Auth), you will want to
 server load and keep your request times down. This will lower the security provided you, but there are few alternatives.
 
 To change the default cost factor used by bcrypt-ruby, use `BCrypt::Engine.cost = new_value`:
-
-    BCrypt::Password.create('secret').cost
-      #=> 10, the default provided by bcrypt-ruby
-
-    # set a new default cost
-    BCrypt::Engine.cost = 8
-    BCrypt::Password.create('secret').cost
-      #=> 8
-
+```ruby
+BCrypt::Password.create('secret').cost
+  #=> 10, the default provided by bcrypt-ruby
+
+# set a new default cost
+BCrypt::Engine.cost = 8
+BCrypt::Password.create('secret').cost
+  #=> 8
+```
 The default cost can be overridden as needed by passing an options hash with a different cost:
 
     BCrypt::Password.create('secret', :cost => 6).cost  #=> 6

data/Rakefile

@@ -12,6 +12,10 @@ CLEAN.include(
   "lib/1.9",
   "lib/2.0",
   "lib/2.1",
+  "lib/2.2",
+  "lib/2.3",
+  "lib/2.4",
+  "lib/2.5",
   "lib/bcrypt_ext.jar",
   "lib/bcrypt_ext.so"
 )

data/appveyor.yml

@@ -0,0 +1,50 @@
+###############################################################################
+#
+# This AppVeyor config is *NOT* for running the tests on Windows.
+#
+# This is to ensure that the latest version of the bcrypt gem can be installed
+# on Windows across all of the currently supported versions of Ruby.
+#
+###############################################################################
+
+version: "{branch}-{build}"
+build: off
+clone_depth: 1
+
+init:
+  # Install Ruby 1.8.7
+  - if %RUBY_VERSION%==187 (
+      appveyor DownloadFile https://dl.bintray.com/oneclick/rubyinstaller/rubyinstaller-1.8.7-p374.exe -FileName C:\ruby_187.exe &
+      C:\ruby_187.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
+    )
+
+environment:
+  matrix:
+    - RUBY_VERSION: "187"
+    - RUBY_VERSION: "193"
+    - RUBY_VERSION: "200"
+    - RUBY_VERSION: "200-x64"
+    - RUBY_VERSION: "21"
+    - RUBY_VERSION: "21-x64"
+    - RUBY_VERSION: "22"
+    - RUBY_VERSION: "22-x64"
+    - RUBY_VERSION: "23"
+    - RUBY_VERSION: "23-x64"
+    - RUBY_VERSION: "24"
+    - RUBY_VERSION: "24-x64"
+    - RUBY_VERSION: "25"
+    - RUBY_VERSION: "25-x64"
+
+install:
+  - set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH%
+  - if %RUBY_VERSION%==187 (
+      gem update --system 2.0.17
+    )
+
+before_test:
+  - ruby -v
+  - gem -v
+
+test_script:
+  - gem install bcrypt --prerelease --no-ri --no-rdoc
+  - ruby -e "require 'rubygems'; require 'bcrypt'"

data/bcrypt.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'bcrypt'
-  s.version = '3.1.11'
+  s.version = '3.1.12.rc1'
 
   s.summary = "OpenBSD's bcrypt() password hashing algorithm."
   s.description = <<-EOF

data/ext/mri/bcrypt_ext.c

@@ -45,7 +45,7 @@ static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
 
     if(!value) return Qnil;
 
-    out = rb_str_new(data, size - 1);
+    out = rb_str_new2(value);
 
     xfree(data);
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bcrypt
 version: !ruby/object:Gem::Version
-  version: 3.1.11
+  version: 3.1.12.rc1
 platform: ruby
 authors:
 - Coda Hale
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-06 00:00:00.000000000 Z
+date: 2018-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake-compiler
@@ -63,9 +63,9 @@ extra_rdoc_files:
 - README.md
 - COPYING
 - CHANGELOG
+- lib/bcrypt/password.rb
 - lib/bcrypt/engine.rb
 - lib/bcrypt/error.rb
-- lib/bcrypt/password.rb
 - lib/bcrypt.rb
 files:
 - .gitignore
@@ -77,6 +77,7 @@ files:
 - Gemfile.lock
 - README.md
 - Rakefile
+- appveyor.yml
 - bcrypt.gemspec
 - ext/jruby/bcrypt_jruby/BCrypt.java
 - ext/mri/bcrypt_ext.c
@@ -117,12 +118,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: OpenBSD's bcrypt() password hashing algorithm.