Bug 595462 - hmac is not calculated properly.
Summary: hmac is not calculated properly.
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: php-pear-Net-DNS   
(Show other bugs)
Version: 12
Hardware: All Linux
low
medium
Target Milestone: ---
Assignee: Steven Moix
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-24 17:13 UTC by Vadym Chepkov
Modified: 2010-08-26 01:00 UTC (History)
2 users (show)

Fixed In Version: php-pear-Net-DNS-1.0.5-1.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-25 01:17:43 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Vadym Chepkov 2010-05-24 17:13:56 UTC
After upgrading to fedora 12 the TSIG code stopped working.

I took a look and find out this code

$this->mac = mhash(MHASH_MD5, $sigdata, $key);

was replaced with 

$this->mac = $this->hmac($sigdata, $key, 'md5');

and hmac function was added. I assume due to lack of mhash support in PHP 5.3.

I didn't look enough in the function, what it does wrong, but there is no need for it at all.
Instead code should be changed to

$this->mac = hash_hmac('md5', $sigdata, $key, true);

And all works fine with standard PHP5.3 functions

Comment 1 Remi Collet 2010-05-24 17:42:12 UTC
Is this bug reported upstream ? 
Bug ref ?

+

Comment 2 Vadym Chepkov 2010-05-24 17:51:14 UTC
The page says:

This package is not maintained, if you would like to take over please go to this page.

:(

Comment 3 Vadym Chepkov 2010-05-24 18:05:14 UTC
Submitted upstream
17431

Comment 4 Steven Moix 2010-05-24 18:21:18 UTC
By the way, what is "TSIG code"? :)

Comment 5 Vadym Chepkov 2010-05-24 18:31:42 UTC
Sorry for the lingo :)

http://en.wikipedia.org/wiki/TSIG

/usr/share/pear/Net/DNS/RR/TSIG.php

Comment 6 Steven Moix 2010-05-31 09:03:05 UTC
As upstream seems active on http://pear.php.net/bugs/bug.php?id=17431, I'm waiting on a response. If in about 1 month we don't get any, we can apply a patch for Fedora specifically as we don't need PHP4 support.

Comment 7 Steven Moix 2010-07-12 12:24:53 UTC
Ok, we are one month later. Vadym, could tell me if meanwhile the SVN version you are probably using is stable and could be pushed instead of the very old 1.0.1?

Comment 8 Vadym Chepkov 2010-07-13 08:38:37 UTC
Yes, trunk version works as expected, it fixed several other issues as well.

Comment 9 Steven Moix 2010-08-13 16:58:02 UTC
A new upstream version fixing the problems is available, I'll repackage it during the week. Thanks for pushing upstream Vadym.

Comment 10 Fedora Update System 2010-08-14 16:54:59 UTC
php-pear-Net-DNS-1.0.5-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/php-pear-Net-DNS-1.0.5-1.fc13

Comment 11 Fedora Update System 2010-08-14 16:55:50 UTC
php-pear-Net-DNS-1.0.5-1.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/php-pear-Net-DNS-1.0.5-1.fc14

Comment 12 Fedora Update System 2010-08-16 16:03:48 UTC
php-pear-Net-DNS-1.0.5-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update php-pear-Net-DNS'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/php-pear-Net-DNS-1.0.5-1.fc14

Comment 13 Fedora Update System 2010-08-25 01:17:38 UTC
php-pear-Net-DNS-1.0.5-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2010-08-26 01:00:46 UTC
php-pear-Net-DNS-1.0.5-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.