Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rubygem-bcrypt for openSUSE:Factory checked in at 2023-11-02 20:22:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-bcrypt (Old) and /work/SRC/openSUSE:Factory/.rubygem-bcrypt.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-bcrypt" Thu Nov 2 20:22:32 2023 rev:14 rq:1122647 version:3.1.19 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-bcrypt/rubygem-bcrypt.changes 2022-06-15 00:32:17.818526271 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-bcrypt.new.17445/rubygem-bcrypt.changes 2023-11-02 20:23:06.939469085 +0100 @@ -1,0 +2,8 @@ +Thu Nov 2 10:11:44 UTC 2023 - Dan Äermák <[email protected]> + +- 3.1.19 June 22 2023 + - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev] + - Add GC guards so the C compiler won't optimize out references [GH #270] + + +------------------------------------------------------------------- Old: ---- bcrypt-3.1.18.gem New: ---- bcrypt-3.1.19.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-bcrypt.spec ++++++ --- /var/tmp/diff_new_pack.16MOiw/_old 2023-11-02 20:23:07.423486895 +0100 +++ /var/tmp/diff_new_pack.16MOiw/_new 2023-11-02 20:23:07.423486895 +0100 @@ -1,7 +1,7 @@ # # spec file for package rubygem-bcrypt # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ # Name: rubygem-bcrypt -Version: 3.1.18 +Version: 3.1.19 Release: 0 %define mod_name bcrypt %define mod_full_name %{mod_name}-%{version} ++++++ bcrypt-3.1.18.gem -> bcrypt-3.1.19.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG new/CHANGELOG --- old/CHANGELOG 2022-05-17 00:55:39.000000000 +0200 +++ new/CHANGELOG 2023-06-22 20:39:28.000000000 +0200 @@ -1,3 +1,7 @@ +3.1.19 June 22 2023 + - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev] + - Add GC guards so the C compiler won't optimize out references [GH #270] + 3.1.18 May 16 2022 - Unlock GVL when calculating hashes and salts [GH #260] - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Rakefile new/Rakefile --- old/Rakefile 2022-05-17 00:55:39.000000000 +0200 +++ new/Rakefile 2023-06-22 20:39:28.000000000 +0200 @@ -50,8 +50,8 @@ if RUBY_PLATFORM =~ /java/ Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext| ext.ext_dir = 'ext/jruby' - ext.source_version = "1.7" - ext.target_version = "1.7" + ext.source_version = "1.8" + ext.target_version = "1.8" end else Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext| diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt.gemspec new/bcrypt.gemspec --- old/bcrypt.gemspec 2022-05-17 00:55:39.000000000 +0200 +++ new/bcrypt.gemspec 2023-06-22 20:39:28.000000000 +0200 @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'bcrypt' - s.version = '3.1.18' + s.version = '3.1.19' s.summary = "OpenBSD's bcrypt() password hashing algorithm." s.description = <<-EOF Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ext/mri/bcrypt_ext.c new/ext/mri/bcrypt_ext.c --- old/ext/mri/bcrypt_ext.c 2022-05-17 00:55:39.000000000 +0200 +++ new/ext/mri/bcrypt_ext.c 2023-06-22 20:39:28.000000000 +0200 @@ -49,6 +49,9 @@ if(!salt) return Qnil; str_salt = rb_str_new2(salt); + + RB_GC_GUARD(prefix); + RB_GC_GUARD(input); free(salt); return str_salt; @@ -99,6 +102,8 @@ out = rb_str_new2(value); + RB_GC_GUARD(key); + RB_GC_GUARD(setting); free(args.data); return out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bcrypt/engine.rb new/lib/bcrypt/engine.rb --- old/lib/bcrypt/engine.rb 2022-05-17 00:55:39.000000000 +0200 +++ new/lib/bcrypt/engine.rb 2023-06-22 20:39:28.000000000 +0200 @@ -53,6 +53,13 @@ # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates # a bcrypt() password hash. Secrets longer than 72 bytes are truncated. def self.hash_secret(secret, salt, _ = nil) + unless _.nil? + warn "[DEPRECATION] Passing the third argument to " \ + "`BCrypt::Engine.hash_secret` is deprecated. " \ + "Please do not pass the third argument which " \ + "is currently not used." + end + if valid_secret?(secret) if valid_salt?(salt) if RUBY_PLATFORM == "java" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2022-05-17 00:55:39.000000000 +0200 +++ new/metadata 2023-06-22 20:39:28.000000000 +0200 @@ -1,38 +1,38 @@ --- !ruby/object:Gem::Specification name: bcrypt version: !ruby/object:Gem::Version - version: 3.1.18 + version: 3.1.19 platform: ruby authors: - Coda Hale -autorequire: +autorequire: bindir: bin cert_chain: [] -date: 2022-05-16 00:00:00.000000000 Z +date: 2023-06-22 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency - name: rake-compiler requirement: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version version: 1.2.0 - type: :development + name: rake-compiler prerelease: false + type: :development version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version version: 1.2.0 - !ruby/object:Gem::Dependency - name: rspec requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '3' - type: :development + name: rspec prerelease: false + type: :development version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" @@ -50,10 +50,10 @@ - README.md - COPYING - CHANGELOG +- lib/bcrypt.rb - lib/bcrypt/password.rb - lib/bcrypt/engine.rb - lib/bcrypt/error.rb -- lib/bcrypt.rb files: - ".github/workflows/ruby.yml" - ".gitignore" @@ -89,7 +89,7 @@ licenses: - MIT metadata: {} -post_install_message: +post_install_message: rdoc_options: - "--title" - bcrypt-ruby @@ -110,8 +110,8 @@ - !ruby/object:Gem::Version version: '0' requirements: [] -rubygems_version: 3.1.4 -signing_key: +rubygems_version: 3.2.29 +signing_key: specification_version: 4 summary: OpenBSD's bcrypt() password hashing algorithm. test_files: [] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/bcrypt/password_spec.rb new/spec/bcrypt/password_spec.rb --- old/spec/bcrypt/password_spec.rb 2022-05-17 00:55:39.000000000 +0200 +++ new/spec/bcrypt/password_spec.rb 2023-06-22 20:39:28.000000000 +0200 @@ -31,6 +31,12 @@ specify "should tolerate very long string secrets" do expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error end + + specify "blows up when null bytes are in the string" do + # JRuby can handle the null bytes + skip if RUBY_ENGINE == 'jruby' + expect { BCrypt::Password.create( "foo\0bar".chop ) }.to raise_error + end end describe "Reading a hashed password" do
