Source: libnet-openid-server-perl Version: 1.02-1 Severity: normal User: [email protected] Usertags: digest-sha-perl-transition
Hi Dominic We from the Debian Perl Group -- as you might read already -- would like to drop libdigest-sha1-perl at some point, see [1]. Most of the functionality (except sha1_transform) of Digest::SHA1 is also provided by Digest::SHA. Digest::SHA is in Perl core since version 5.9.3 and thus is in Debian's perl since Lenny. Changing use of Digest::SHA1 to Digest::SHA would thus reduce external dependencies by one. [1] http://deb.li/digestsha This seems indeed "fixed" in developer release upstream, or adapted upstream in version 1.030099_001: 1.030099_001 Nov 06 2010 * Use Crypt::DH::GMP over Crypt::DH for speed (Robert Norris) * Set mode and claimed_id before redirect to setup in checkid_immediate. Without this some implementations (Movable Type) do not have enough context to understand what the client is trying to do (Adam Sjøgren) * Fix potential timing attack when checking signatures (Adam Sjøgren) (see http://lists.openid.net/pipermail/openid-security/2010-July/001156.html) * Support HMAC-SHA256 signatures (Adam Sjøgren) * Merge get_args and post_args into single 'args' parameter. get_args & post_args remain as deprecated parameters (Martin Atkins, Robert Norris) With adding support for HMAC-SHA256 they changed module to use Digest::SHA. Would it be possible to update package version to this, if upstream does not release new version in near future? Bests, Salvatore -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

