Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0
moinmoin-wiki
raw#199.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File raw#199.patch of Package moinmoin-wiki
# HG changeset patch # User Thomas Waldmann <tw AT waldmann-edv DOT de> # Date 1478019392 -3600 # Node ID 561b7a9c2bd91b61d26cd8a5f39aa36bf5c6159e # Parent af23cef9675c698d13974cd330cdfbd7540a4310 fix wrong digestmod of hmac.new calls stdlib default is md5, but we need sha1. this bug was introduced when removing python_compatibility module usage in changeset 500f68d3e2fd594b2f4ea4a272b828a07d9eac1d. diff --git a/MoinMoin/action/cache.py b/MoinMoin/action/cache.py --- a/MoinMoin/action/cache.py +++ b/MoinMoin/action/cache.py @@ -28,7 +28,7 @@ """ from datetime import datetime -import hmac +import hmac, hashlib from MoinMoin import log logging = log.getLogger(__name__) @@ -99,7 +99,7 @@ raise AssertionError('cache_key called with unsupported parameters') hmac_data = hmac_data.encode('utf-8') - key = hmac.new(secret, hmac_data).hexdigest() + key = hmac.new(secret, hmac_data, digestmod=hashlib.sha1).hexdigest() return key diff --git a/MoinMoin/security/textcha.py b/MoinMoin/security/textcha.py --- a/MoinMoin/security/textcha.py +++ b/MoinMoin/security/textcha.py @@ -19,7 +19,7 @@ @copyright: 2007 by MoinMoin:ThomasWaldmann @license: GNU GPL, see COPYING for details. """ -import hmac +import hmac, hashlib import re import random @@ -84,7 +84,7 @@ def _compute_signature(self, question, timestamp): signature = u"%s%d" % (question, timestamp) - return hmac.new(self.secret, signature.encode('utf-8')).hexdigest() + return hmac.new(self.secret, signature.encode('utf-8'), digestmod=hashlib.sha1).hexdigest() def _init_qa(self, question=None): """ Initialize the question / answer. diff --git a/MoinMoin/user.py b/MoinMoin/user.py --- a/MoinMoin/user.py +++ b/MoinMoin/user.py @@ -1260,7 +1260,7 @@ def generate_recovery_token(self): key = random_string(64, "abcdefghijklmnopqrstuvwxyz0123456789") msg = str(int(time.time())) - h = hmac.new(key, msg).hexdigest() + h = hmac.new(key, msg, digestmod=hashlib.sha1).hexdigest() self.recoverpass_key = key self.save() return msg + '-' + h @@ -1278,7 +1278,7 @@ return False # check hmac # key must be of type string - h = hmac.new(str(self.recoverpass_key), str(stamp)).hexdigest() + h = hmac.new(str(self.recoverpass_key), str(stamp), digestmod=hashlib.sha1).hexdigest() if not safe_str_equal(h, parts[1]): return False self.recoverpass_key = "" diff --git a/MoinMoin/wikiutil.py b/MoinMoin/wikiutil.py --- a/MoinMoin/wikiutil.py +++ b/MoinMoin/wikiutil.py @@ -12,7 +12,7 @@ import cgi import codecs -import hmac +import hmac, hashlib import os import re import time @@ -2530,7 +2530,7 @@ hmac_data.append(value) h = hmac.new(request.cfg.secrets['wikiutil/tickets'], - ''.join(hmac_data)) + ''.join(hmac_data), digestmod=hashlib.sha1) return "%s.%s" % (tm, h.hexdigest())
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor