fish/fish-webconfig-CVE-2014-291...

commit f5d81d3beac2542d675af15bf7f71762c456f30d
Author: Andy Lutomirski <luto@amacapital.net>
Date:   Mon Aug 11 17:52:27 2014 -0700

    webconfig: Get the auth token from os.urandom
    
    random.getrandbits shouldn't be used for security.

diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
index 2ceb67e..f36f63f 100755
--- a/share/tools/web_config/webconfig.py
+++ b/share/tools/web_config/webconfig.py
@@ -654,7 +654,7 @@ where = os.path.dirname(sys.argv[0])
 os.chdir(where)
 
 # Generate a 16-byte random key as a hexadecimal string
-authkey = hex(random.getrandbits(16*8))[2:]
+authkey = hex(os.urandom(16))[2:]
 
 # Try to find a suitable port
 PORT = 8000
Improve fixes for CVE-2014-2905 and CVE-2014-2914 This includes upstream work and my own followups. 11 years ago			`commit f5d81d3beac2542d675af15bf7f71762c456f30d`
			`Author: Andy Lutomirski <luto@amacapital.net>`
			`Date: Mon Aug 11 17:52:27 2014 -0700`

			`webconfig: Get the auth token from os.urandom`

			`random.getrandbits shouldn't be used for security.`

			`diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py`
			`index 2ceb67e..f36f63f 100755`
			`--- a/share/tools/web_config/webconfig.py`
			`+++ b/share/tools/web_config/webconfig.py`
			`@@ -654,7 +654,7 @@ where = os.path.dirname(sys.argv[0])`
			`os.chdir(where)`

			`# Generate a 16-byte random key as a hexadecimal string`
			`-authkey = hex(random.getrandbits(16*8))[2:]`
			`+authkey = hex(os.urandom(16))[2:]`

			`# Try to find a suitable port`
			`PORT = 8000`