]> git.ipfire.org Git - people/ms/ipfire-3.x.git/blobdiff - python/patches/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch
projects / people / ms / ipfire-3.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
python: Update to 2.7.5.
[people/ms/ipfire-3.x.git] / python / patches / 00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch
diff --git a/python/patches/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch b/python/patches/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch
new file mode 100644 (file)
index 0000000..debf92f
--- /dev/null
+++ b/python/patches/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch
@@ -0,0 +1,41 @@
+diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
+--- a/Lib/multiprocessing/connection.py
++++ b/Lib/multiprocessing/connection.py
+@@ -41,6 +41,10 @@
+ # A very generous timeout when it comes to local connections...
+ CONNECTION_TIMEOUT = 20.
++# The hmac module implicitly defaults to using MD5.
++# Support using a stronger algorithm for the challenge/response code:
++HMAC_DIGEST_NAME='sha256'
++
+ _mmap_counter = itertools.count()
+ default_family = 'AF_INET'
+@@ -700,12 +704,16 @@
+ WELCOME = b'#WELCOME#'
+ FAILURE = b'#FAILURE#'
++def get_digestmod_for_hmac():
++    import hashlib
++    return getattr(hashlib, HMAC_DIGEST_NAME)
++
+ def deliver_challenge(connection, authkey):
+     import hmac
+     assert isinstance(authkey, bytes)
+     message = os.urandom(MESSAGE_LENGTH)
+     connection.send_bytes(CHALLENGE + message)
+-    digest = hmac.new(authkey, message).digest()
++    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
+     response = connection.recv_bytes(256)        # reject large message
+     if response == digest:
+         connection.send_bytes(WELCOME)
+@@ -719,7 +727,7 @@
+     message = connection.recv_bytes(256)         # reject large message
+     assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
+     message = message[len(CHALLENGE):]
+-    digest = hmac.new(authkey, message).digest()
++    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
+     connection.send_bytes(digest)
+     response = connection.recv_bytes(256)        # reject large message
+     if response != WELCOME:
Michael's tree of IPFire 3.x.