Blame SOURCES/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch

6e8c2f
diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
6e8c2f
--- a/Lib/multiprocessing/connection.py
6e8c2f
+++ b/Lib/multiprocessing/connection.py
6e8c2f
@@ -41,6 +41,10 @@
6e8c2f
 # A very generous timeout when it comes to local connections...
6e8c2f
 CONNECTION_TIMEOUT = 20.
6e8c2f
 
6e8c2f
+# The hmac module implicitly defaults to using MD5.
6e8c2f
+# Support using a stronger algorithm for the challenge/response code:
6e8c2f
+HMAC_DIGEST_NAME='sha256'
6e8c2f
+
6e8c2f
 _mmap_counter = itertools.count()
6e8c2f
 
6e8c2f
 default_family = 'AF_INET'
6e8c2f
@@ -700,12 +704,16 @@
6e8c2f
 WELCOME = b'#WELCOME#'
6e8c2f
 FAILURE = b'#FAILURE#'
6e8c2f
 
6e8c2f
+def get_digestmod_for_hmac():
6e8c2f
+    import hashlib
6e8c2f
+    return getattr(hashlib, HMAC_DIGEST_NAME)
6e8c2f
+
6e8c2f
 def deliver_challenge(connection, authkey):
6e8c2f
     import hmac
6e8c2f
     assert isinstance(authkey, bytes)
6e8c2f
     message = os.urandom(MESSAGE_LENGTH)
6e8c2f
     connection.send_bytes(CHALLENGE + message)
6e8c2f
-    digest = hmac.new(authkey, message).digest()
6e8c2f
+    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
6e8c2f
     response = connection.recv_bytes(256)        # reject large message
6e8c2f
     if response == digest:
6e8c2f
         connection.send_bytes(WELCOME)
6e8c2f
@@ -719,7 +727,7 @@
6e8c2f
     message = connection.recv_bytes(256)         # reject large message
6e8c2f
     assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
6e8c2f
     message = message[len(CHALLENGE):]
6e8c2f
-    digest = hmac.new(authkey, message).digest()
6e8c2f
+    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
6e8c2f
     connection.send_bytes(digest)
6e8c2f
     response = connection.recv_bytes(256)        # reject large message
6e8c2f
     if response != WELCOME: