Package: python-openid / 2.2.5-7.2
Patch seriesview the series file
|do no crash long salts.patch | (download)||
6 3 + 3 - 0 !
do-no-crash-long-salts The OpenID 2.0 specification indicates that the response_nonce as a whole can be up to 255 characters, and must be prefixed by an ISO-8601 timestamp in UTC: https://openid.net/specs/openid-authentication-2_0.html#positive_assertions even assuming the a very long timestamp, this suggests that the latter part of the nonce could be over 200 characters long. The current table definitions in sqlstore.py all assume that the nonce should be 40 characters. This causes a crash when used with existing OpenID providers (e.g. the drupal openid_provider module generates nonces with a 64-byte salt). Note: this patch doesn't address in-place upgrades of existing python-openid servers that use an sqlstore. The right thing to do is something like (in PostgreSQL, e.g.): ALTER TABLE %(nonces) ALTER COLUMN salt TYPE VARCHAR(255); I don't see any database versioning or upgrade mechanisms, so it's not clear how to apply this change dynamically (or to detect that it needs to be applied). Some sqlstore backends (sqlite?) may not be able to do an in-place type change of a column. Those backends may need to drop the nonces table and recreate it. Patch-Name: do-no-crash-long-salts.patch
|fix version.patch | (download)||
2 1 + 1 - 0 !
fix-version Fix version reported by the package (Bug #754774) Patch-Name: fix-version.patch