rubysl-cgi-session 2.0.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4d088553a5e245623a542a656a6cb6432660ba64
-  data.tar.gz: 8529b1a506ff74f4cb91e39d782f748575f87c3c
+  metadata.gz: 26ddaaae4f815c0c26d3bc998c30839fe7e8ffca
+  data.tar.gz: 66fcf294aae7f3bed56b6def187313004648279c
 SHA512:
-  metadata.gz: f047f931c5c0de2b61b71158f18833028b15d25e2b5692b6ad9859b265414f4f5bde68d321f89a9d08e2aec7bc3d718c9d4a137440f8825632ffb3f2db0edfde
-  data.tar.gz: 5f87fe86e6f4cc8b5e4d22a15c41977c5094cb9fdb00ae8601153ad94b311a4cb732c12b52ad540a15a8c60fb040a017bdf2e83f741b88634f82ac09b4f312b7
+  metadata.gz: e6cf43c1c58ca67750542b2a077d6a235aa7f36135c95ca65a04611086864369445916c3805e0c61e806ec55bc0d7e7ae93bbb705c2abe03e6e5c6b4b40c4c09
+  data.tar.gz: 2c0ca9519a3080c8d6e7be6e830266b03bd8df1abfc895dfc0553b17bda550daadf27233517f15199b42f447d64b1a794db0d879d672ebbad9615fa70dda2c01

data/.travis.yml

@@ -5,10 +5,10 @@ env:
 script: mspec spec
 rvm:
   - 2.0.0
-  - rbx-2.1.1
+  - rbx-2.2.1
 matrix:
   exclude:
     - rvm: 2.0.0
       env: RUBYLIB=lib
-    - rvm: rbx-2.1.1
+    - rvm: rbx-2.2.1
       env: RUBYLIB=

data/MRI_LICENSE

@@ -0,0 +1,56 @@
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
+You can redistribute it and/or modify it under either the terms of the
+2-clause BSDL (see the file BSDL), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+	  modifications to Usenet or an equivalent medium, or by allowing
+	  the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or binary form,
+     provided that you do at least ONE of the following:
+
+       a) distribute the binaries and library files of the software,
+	  together with instructions (in the manual page or equivalent)
+	  on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+	  the software.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under these terms.
+
+     For the list of those files and their copying conditions, see the
+     file LEGAL.
+
+  5. The scripts and library files supplied as input to or produced as 
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them, 
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.

data/lib/rubysl/cgi/session/session.rb

@@ -163,24 +163,26 @@ class CGI
 
     # Create a new session id.
     #
-    # The session id is an MD5 hash based upon the time,
-    # a random number, and a constant string.  This routine
-    # is used internally for automatically generated
-    # session ids.
+    # The session id is a secure random number by SecureRandom
+    # if possible, otherwise an SHA512 hash based upon the time,
+    # a random number, and a constant string.  This routine is
+    # used internally for automatically generated session ids.
     def create_new_id
       require 'securerandom'
       begin
+        # by OpenSSL, or system provided entropy pool
         session_id = SecureRandom.hex(16)
       rescue NotImplementedError
-        require 'digest/md5'
-        md5 = Digest::MD5::new
+        # never happens on modern systems
+        require 'digest'
+        d = Digest('SHA512').new
         now = Time::now
-        md5.update(now.to_s)
-        md5.update(String(now.usec))
-        md5.update(String(rand(0)))
-        md5.update(String($$))
-        md5.update('foobar')
-        session_id = md5.hexdigest
+        d.update(now.to_s)
+        d.update(String(now.usec))
+        d.update(String(rand(0)))
+        d.update(String($$))
+        d.update('foobar')
+        session_id = d.hexdigest[0, 32]
       end
       session_id
     end
@@ -453,7 +455,7 @@ class CGI
       #
       # +session+ is the session this instance is associated with.
       # +option+ is a list of initialisation options.  None are
-      # currently recognised.
+      # currently recognized.
       def initialize(session, option=nil)
         @session_id = session.session_id
         unless GLOBAL_HASH_TABLE.key?(@session_id)

data/lib/rubysl/cgi/session/version.rb

@@ -1,7 +1,7 @@
 module RubySL
   module CGI
     module Session
-      VERSION = "2.0.1"
+      VERSION = "2.1.0"
     end
   end
 end

metadata

@@ -1,24 +1,24 @@
 --- !ruby/object:Gem::Specification
 name: rubysl-cgi-session
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Brian Shirai
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-09 00:00:00.000000000 Z
+date: 2015-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
+  type: :development
+  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
-  type: :development
-  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -26,13 +26,13 @@ dependencies:
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
+  type: :development
+  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
-  type: :development
-  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -40,13 +40,13 @@ dependencies:
         version: '10.0'
 - !ruby/object:Gem::Dependency
   name: mspec
+  type: :development
+  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.5'
-  type: :development
-  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -54,13 +54,13 @@ dependencies:
         version: '1.5'
 - !ruby/object:Gem::Dependency
   name: rubysl-prettyprint
+  type: :development
+  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-  type: :development
-  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -77,6 +77,7 @@ files:
 - ".travis.yml"
 - Gemfile
 - LICENSE
+- MRI_LICENSE
 - README.md
 - Rakefile
 - lib/cgi/session.rb
@@ -105,9 +106,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.7
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: Ruby standard library cgi-session.
 test_files: []
-has_rdoc: