bcrypt 3.1.18-java → 3.1.19-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f35948f2d6985ec5e338d0dd89e2481e0c2e91df63a9623b02bad157c1da0967
-  data.tar.gz: c9cdd80dbf146b2497091bc2e09b613fea5784eacf7e570bcebb7e4a0c3b175c
+  metadata.gz: 636cc94d86701d3d34c7ba884587e9ff5429d78eb055f15d88104c3b2f006e9a
+  data.tar.gz: 9f67d235f53ea00410bcc0abfec5cb42a6bd22e7c52ae43923e161828d18e43c
 SHA512:
-  metadata.gz: 3c5d43f9ff8813d14f866a5a87354b0f3152dff9c2b75ab08a7b70e0e84e8f71d2582b36cbdb71b3d45f68fa1a3cd38f30de75db812c5bc23ff613918070a09a
-  data.tar.gz: 8ec660bd584fc110d347dbd5a4d1d0c1cf75e36e7ac9f455a7ed86c100c8111c3f62ef3b4ae5aa15275d30d034d1289756eb1104ed55ad4ff8656c21836cdab6
+  metadata.gz: 4d78ea03482ec52e987617f94a0b5a9108369585961e29746ab8ed65f035b1b40eca0e14137c10dd0a49072312c945e4ecbd91327e21c573d7b7dcd3428e83cf
+  data.tar.gz: f46639b8366442dfbe2ea6db81f56784f4b99443b790392d3e41bd4c6a06f8e16ab26f94fcc9bdca584eee80a1461fcc632eb4ab979a37378808c99a3ce13b47

data/CHANGELOG

@@ -1,3 +1,7 @@
+3.1.19 June 22 2023
+  - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev]
+  - Add GC guards so the C compiler won't optimize out references [GH #270]
+
 3.1.18 May 16 2022
   - Unlock GVL when calculating hashes and salts [GH #260]
   - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]

data/Rakefile

@@ -50,8 +50,8 @@ end
 if RUBY_PLATFORM =~ /java/
   Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
     ext.ext_dir = 'ext/jruby'
-    ext.source_version = "1.7"
-    ext.target_version = "1.7"
+    ext.source_version = "1.8"
+    ext.target_version = "1.8"
   end
 else
   Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|

data/bcrypt.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'bcrypt'
-  s.version = '3.1.18'
+  s.version = '3.1.19'
 
   s.summary = "OpenBSD's bcrypt() password hashing algorithm."
   s.description = <<-EOF

data/ext/mri/bcrypt_ext.c

@@ -49,6 +49,9 @@ static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
     if(!salt) return Qnil;
 
     str_salt = rb_str_new2(salt);
+
+    RB_GC_GUARD(prefix);
+    RB_GC_GUARD(input);
     free(salt);
 
     return str_salt;
@@ -99,6 +102,8 @@ static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
 
     out = rb_str_new2(value);
 
+    RB_GC_GUARD(key);
+    RB_GC_GUARD(setting);
     free(args.data);
 
     return out;

data/lib/bcrypt/engine.rb

@@ -53,6 +53,13 @@ module BCrypt
     # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
     # a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
     def self.hash_secret(secret, salt, _ = nil)
+      unless _.nil?
+        warn "[DEPRECATION] Passing the third argument to " \
+             "`BCrypt::Engine.hash_secret` is deprecated. " \
+             "Please do not pass the third argument which " \
+             "is currently not used."
+      end
+
       if valid_secret?(secret)
         if valid_salt?(salt)
           if RUBY_PLATFORM == "java"

data/spec/bcrypt/password_spec.rb

@@ -31,6 +31,12 @@ describe "Creating a hashed password" do
   specify "should tolerate very long string secrets" do
     expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error
   end
+
+  specify "blows up when null bytes are in the string" do
+    # JRuby can handle the null bytes
+    skip if RUBY_ENGINE == 'jruby'
+    expect { BCrypt::Password.create( "foo\0bar".chop  ) }.to raise_error
+  end
 end
 
 describe "Reading a hashed password" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bcrypt
 version: !ruby/object:Gem::Version
-  version: 3.1.18
+  version: 3.1.19
 platform: java
 authors:
 - Coda Hale
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-16 00:00:00.000000000 Z
+date: 2023-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement