jruby-openssl 0.15.0-java → 0.15.4-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: 73eeedd4b229adfc00f06a3732179a5f720e5c03224dc8c4e68f42755286d78a
-  data.tar.gz: c293cce41dbef1214cdfc4d7971990ab936cd37d62ea33752e9073c00284d0f6
+SHA1:
+  metadata.gz: e8bb3c7e2f2f97edfd979f79912f344dc7a28fea
+  data.tar.gz: 20b63ae82b2287f2c589fae82a40136087520e62
 SHA512:
-  metadata.gz: 28daa5aa8813cfb50db8ae65b4b03c9ea8d968f8e4f0c68e28446801513d2bff3bf9b6f991521f87042028e8710a6424a64947b1db197309fe1f00e6ff8e9750
-  data.tar.gz: 72c86427b868059f3d97875d33bdab8daf75d6a34902053dc7559d80d2b352a903b0d19612d0b96ad8963f6980ed1e0ab927d9920aa3720c1d0e89c963b5082b
+  metadata.gz: 77810561ee1d964842f7be3e7568c8891288bef32b958677528464ce9b3e38e51c27d3739c23b0693b999ac0b9343be562db792889a990eb0a1aca6209b576a0
+  data.tar.gz: 0b55e12fe6a730e4c1be62d7671074614bfc2713d6bf9bc296b576db2f4464f9368392d9c89281c8ea7b4e403a33dd517e21014ef05d04d1356b34dfe011628e

data/History.md

@@ -1,3 +1,36 @@
+## 0.15.4
+
+* [fix] Verify hostname by default (CVE-2025-46551)
+
+## 0.15.3
+
+* [fix] keep curve name when group is set into another key
+* [fix] make sure `OpenSSL::PKey::EC#dup` (copying) works
+* [compat] make sure `OpenSSL::PKey::EC#generate_key!` exists
+* [compat] missing OpenSSL:BN `to_int`, `-@`, `+@`, `abs`, `negative?`
+* [compat] implement PKey::EC `public_to_pem` and `xxx_to_der`
+* [fix] initialize @unused_bits = 0 for BitString
+* [fix] raise ASN1Error when unused_bits out of range
+* [fix] respect @unused_bits in BitString (#323)
+* [fix] missing `OpenSSL::ASN1::ObjectId#==` (#311)
+* [compat] implement PKey::DSA `public_to_der` and `public_to_pem`
+* [compat] implement PKey::RSA `public_to_der` and `public_to_pem`
+* [fix] DSA private key should generate after `set_key`
+* [refactor] RSA key internals to always consider params
+* [fix] DSA key compatibility when `set_pqg`
+* [fix] RSA private key should generate after `set_key`
+* [compat] add private? and public? methods on `PKey::EC`
+
+## 0.15.2
+
+* [deps] upgrade BC to version 1.79
+* [fix] avoid PKey::EC.new failing with specific DER (#318)
+* [fix] have a useful OPENSSL_VERSION_NUMBER
+
+## 0.15.1
+
+* [deps] upgrade BC to version 1.78.1
+
 ## 0.15.0
 
 This version upgraded to latest Bouncy-Castle (1.78) and the minimum supported

data/README.md

@@ -28,7 +28,7 @@ the JRuby [mailing list][1] or the [bug tracker][2].
 | ~>0.12.x      | 9.1.x-9.3.x  |  Java 8-15 |    1.65-1.68 |
 | ~>0.13.x      | 9.1.x-9.4.x  |  Java 8-17 |    1.68-1.69 |
 | ~>0.14.x      | 9.1.x-9.4.x  |  Java 8-21 |    1.71-1.74 |
-| ~>0.15.x      | 9.2.x-9.4.x  |  Java 8-21 |    1.76-1.78 |
+| ~>0.15.x      | 9.2.x-9.4.x  |  Java 8-21 |    1.76-1.79 |
 
 NOTE: backwards JRuby compatibility was not handled for versions <= **0.9.6** 
 

data/lib/jopenssl/load.rb

@@ -1,5 +1,3 @@
-warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUBY_VERSION
-
 require 'jopenssl/version'
 
 # NOTE: assuming user does pull in BC .jars from somewhere else on the CP
@@ -25,16 +23,7 @@ unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
 end
 
 require 'jopenssl.jar'
-
-if JRuby::Util.respond_to?(:load_ext) # JRuby 9.2
-  JRuby::Util.load_ext('org.jruby.ext.openssl.OpenSSL')
-else; require 'jruby'
-  org.jruby.ext.openssl.OpenSSL.load(JRuby.runtime)
-end
-
-if RUBY_VERSION > '2.3'
-  load 'jopenssl/_compat23.rb'
-end
+JRuby::Util.load_ext('org.jruby.ext.openssl.OpenSSL')
 
 # NOTE: content bellow should live in *lib/openssl.rb* but due RubyGems/Bundler
 # `autoload :OpenSSL` this will cause issues if an older version (0.11) is the
@@ -61,7 +50,6 @@ end
 require 'openssl/bn'
 require 'openssl/pkey'
 require 'openssl/cipher'
-#require 'openssl/config' if OpenSSL.const_defined?(:Config, false)
 require 'openssl/digest'
 require 'openssl/hmac'
 require 'openssl/x509'
@@ -80,4 +68,4 @@ module OpenSSL
     hashed_b = OpenSSL::Digest.digest('SHA256', b)
     OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b
   end
-end
+end

data/lib/jopenssl/version.rb

@@ -1,6 +1,6 @@
 module JOpenSSL
-  VERSION = '0.15.0'
-  BOUNCY_CASTLE_VERSION = '1.78'
+  VERSION = '0.15.4'
+  BOUNCY_CASTLE_VERSION = '1.79'
 end
 
 Object.class_eval do

data/lib/openssl/ssl.rb

@@ -20,7 +20,7 @@ module OpenSSL
       DEFAULT_PARAMS = { # :nodoc:
         :min_version => OpenSSL::SSL::TLS1_VERSION,
         :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-        :verify_hostname => nil, # TODO => true needs JRuby support to call verify_certificate_identity
+        :verify_hostname => true,
         :options => OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_COMPRESSION
       }
 

data/pom.xml

@@ -11,7 +11,7 @@ DO NOT MODIFY - GENERATED CODE
   <modelVersion>4.0.0</modelVersion>
   <groupId>rubygems</groupId>
   <artifactId>jruby-openssl</artifactId>
-  <version>0.15.0</version>
+  <version>0.15.4</version>
   <packaging>gem</packaging>
   <name>JRuby OpenSSL</name>
   <description>JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.</description>
@@ -60,13 +60,13 @@ DO NOT MODIFY - GENERATED CODE
     </snapshotRepository>
   </distributionManagement>
   <properties>
-    <bc.versions>1.78</bc.versions>
+    <bc.versions>1.79</bc.versions>
     <invoker.skip>${maven.test.skip}</invoker.skip>
     <invoker.test>${bc.versions}</invoker.test>
     <jruby.plugins.version>3.0.2</jruby.plugins.version>
     <jruby.switches>-W0</jruby.switches>
-    <jruby.version>9.2.19.0</jruby.version>
-    <jruby.versions>9.2.19.0</jruby.versions>
+    <jruby.version>9.1.17.0</jruby.version>
+    <jruby.versions>9.1.17.0</jruby.versions>
     <mavengem-wagon.version>2.0.2</mavengem-wagon.version>
     <mavengem.wagon.version>2.0.2</mavengem.wagon.version>
     <polyglot.dump.pom>pom.xml</polyglot.dump.pom>
@@ -77,22 +77,22 @@ DO NOT MODIFY - GENERATED CODE
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.78</version>
+      <version>1.79</version>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.78</version>
+      <version>1.79</version>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bctls-jdk18on</artifactId>
-      <version>1.78</version>
+      <version>1.79</version>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.78</version>
+      <version>1.79</version>
     </dependency>
     <dependency>
       <groupId>org.jruby</groupId>
@@ -274,7 +274,6 @@ DO NOT MODIFY - GENERATED CODE
         <configuration>
           <source>1.8</source>
           <target>1.8</target>
-          <release>8</release>
           <encoding>UTF-8</encoding>
           <debug>true</debug>
           <showWarnings>true</showWarnings>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jruby-openssl
 version: !ruby/object:Gem::Version
-  version: 0.15.0
+  version: 0.15.4
 platform: java
 authors:
 - Karol Bucek
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-21 00:00:00.000000000 Z
+date: 2025-05-07 00:00:00.000000000 Z
 dependencies: []
 description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL
   native library.
@@ -25,7 +25,6 @@ files:
 - README.md
 - Rakefile
 - lib/jopenssl.jar
-- lib/jopenssl/_compat23.rb
 - lib/jopenssl/load.rb
 - lib/jopenssl/version.rb
 - lib/jruby-openssl.rb
@@ -42,10 +41,10 @@ files:
 - lib/openssl/pkey.rb
 - lib/openssl/ssl.rb
 - lib/openssl/x509.rb
-- lib/org/bouncycastle/bcpkix-jdk18on/1.78/bcpkix-jdk18on-1.78.jar
-- lib/org/bouncycastle/bcprov-jdk18on/1.78/bcprov-jdk18on-1.78.jar
-- lib/org/bouncycastle/bctls-jdk18on/1.78/bctls-jdk18on-1.78.jar
-- lib/org/bouncycastle/bcutil-jdk18on/1.78/bcutil-jdk18on-1.78.jar
+- lib/org/bouncycastle/bcpkix-jdk18on/1.79/bcpkix-jdk18on-1.79.jar
+- lib/org/bouncycastle/bcprov-jdk18on/1.79/bcprov-jdk18on-1.79.jar
+- lib/org/bouncycastle/bctls-jdk18on/1.79/bctls-jdk18on-1.79.jar
+- lib/org/bouncycastle/bcutil-jdk18on/1.79/bcutil-jdk18on-1.79.jar
 - pom.xml
 homepage: https://github.com/jruby/jruby-openssl
 licenses:
@@ -68,11 +67,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements:
-- jar org.bouncycastle:bcprov-jdk18on, 1.78
-- jar org.bouncycastle:bcpkix-jdk18on, 1.78
-- jar org.bouncycastle:bctls-jdk18on,  1.78
-- jar org.bouncycastle:bcutil-jdk18on, 1.78
-rubygems_version: 3.1.6
+- jar org.bouncycastle:bcprov-jdk18on, 1.79
+- jar org.bouncycastle:bcpkix-jdk18on, 1.79
+- jar org.bouncycastle:bctls-jdk18on,  1.79
+- jar org.bouncycastle:bcutil-jdk18on, 1.79
+rubyforge_project:
+rubygems_version: 2.6.14.1
 signing_key:
 specification_version: 4
 summary: JRuby OpenSSL

data/lib/jopenssl/_compat23.rb

@@ -1,71 +0,0 @@
-# frozen_string_literal: false
-
-module OpenSSL
-
-  module PKey
-
-    class DH
-
-      def set_key(pub_key, priv_key)
-        self.pub_key = pub_key
-        self.priv_key = priv_key
-        self
-      end
-
-      def set_pqg(p, q, g)
-        self.p = p
-        if respond_to?(:q=)
-          self.q = q
-        else
-          OpenSSL.warn "JRuby-OpenSSL does not support setting q param on #{inspect}" if q
-        end
-        self.g = g
-        self
-      end
-
-    end
-
-    class DSA
-
-      def set_key(pub_key, priv_key)
-        self.pub_key = pub_key
-        self.priv_key = priv_key
-        self
-      end
-
-      def set_pqg(p, q, g)
-        self.p = p
-        self.q = q
-        self.g = g
-        self
-      end
-
-    end
-
-    class RSA
-
-      def set_key(n, e, d)
-        self.n = n
-        self.e = e
-        self.d = d
-        self
-      end
-
-      def set_factors(p, q)
-        self.p = p
-        self.q = q
-        self
-      end
-
-      def set_crt_params(dmp1, dmq1, iqmp)
-        self.dmp1 = dmp1
-        self.dmq1 = dmq1
-        self.iqmp = iqmp
-        self
-      end
-
-    end
-
-  end
-
-end