File raw#199.patch of Package moinmoin-wiki

# HG changeset patch
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
# Date 1478019392 -3600
# Node ID 561b7a9c2bd91b61d26cd8a5f39aa36bf5c6159e
# Parent  af23cef9675c698d13974cd330cdfbd7540a4310
fix wrong digestmod of hmac.new calls

stdlib default is md5, but we need sha1. this bug was introduced when removing
python_compatibility module usage in changeset 500f68d3e2fd594b2f4ea4a272b828a07d9eac1d.

diff --git a/MoinMoin/action/cache.py b/MoinMoin/action/cache.py
--- a/MoinMoin/action/cache.py
+++ b/MoinMoin/action/cache.py
@@ -28,7 +28,7 @@
 """
 
 from datetime import datetime
-import hmac
+import hmac, hashlib
 
 from MoinMoin import log
 logging = log.getLogger(__name__)
@@ -99,7 +99,7 @@
         raise AssertionError('cache_key called with unsupported parameters')
 
     hmac_data = hmac_data.encode('utf-8')
-    key = hmac.new(secret, hmac_data).hexdigest()
+    key = hmac.new(secret, hmac_data, digestmod=hashlib.sha1).hexdigest()
     return key
 
 
diff --git a/MoinMoin/security/textcha.py b/MoinMoin/security/textcha.py
--- a/MoinMoin/security/textcha.py
+++ b/MoinMoin/security/textcha.py
@@ -19,7 +19,7 @@
     @copyright: 2007 by MoinMoin:ThomasWaldmann
     @license: GNU GPL, see COPYING for details.
 """
-import hmac
+import hmac, hashlib
 import re
 import random
 
@@ -84,7 +84,7 @@
 
     def _compute_signature(self, question, timestamp):
         signature = u"%s%d" % (question, timestamp)
-        return hmac.new(self.secret, signature.encode('utf-8')).hexdigest()
+        return hmac.new(self.secret, signature.encode('utf-8'), digestmod=hashlib.sha1).hexdigest()
 
     def _init_qa(self, question=None):
         """ Initialize the question / answer.
diff --git a/MoinMoin/user.py b/MoinMoin/user.py
--- a/MoinMoin/user.py
+++ b/MoinMoin/user.py
@@ -1260,7 +1260,7 @@
     def generate_recovery_token(self):
         key = random_string(64, "abcdefghijklmnopqrstuvwxyz0123456789")
         msg = str(int(time.time()))
-        h = hmac.new(key, msg).hexdigest()
+        h = hmac.new(key, msg, digestmod=hashlib.sha1).hexdigest()
         self.recoverpass_key = key
         self.save()
         return msg + '-' + h
@@ -1278,7 +1278,7 @@
             return False
         # check hmac
         # key must be of type string
-        h = hmac.new(str(self.recoverpass_key), str(stamp)).hexdigest()
+        h = hmac.new(str(self.recoverpass_key), str(stamp), digestmod=hashlib.sha1).hexdigest()
         if not safe_str_equal(h, parts[1]):
             return False
         self.recoverpass_key = ""
diff --git a/MoinMoin/wikiutil.py b/MoinMoin/wikiutil.py
--- a/MoinMoin/wikiutil.py
+++ b/MoinMoin/wikiutil.py
@@ -12,7 +12,7 @@
 
 import cgi
 import codecs
-import hmac
+import hmac, hashlib
 import os
 import re
 import time
@@ -2530,7 +2530,7 @@
         hmac_data.append(value)
 
     h = hmac.new(request.cfg.secrets['wikiutil/tickets'],
-                 ''.join(hmac_data))
+                 ''.join(hmac_data), digestmod=hashlib.sha1)
     return "%s.%s" % (tm, h.hexdigest())