I've had a look at the patches. I think the problem being fixed here is
that when a new message comes in, and signature verification fails using
the existing key the local site has stored for that host, it tries to
get a new key from the remote host but fails to check the signature on
the message using that new key. This doesn't seem to be a problem in
Mahara, because the signature verification is always tried again (even
if the key hasn't changed).
I'm removing a bit of duplicated code I noticed there, but I don't think
the important bits of this patch need to be applied.
** Changed in: mahara
Assignee: (unassigned) => Richard Mansfield (richard-mansfield)
** Changed in: mahara
Status: Triaged => Invalid
** Changed in: mahara
Milestone: 1.3.0 => None
--
Potential arbitrary RPC call fix from Moodle might need to be ported to Mahara
https://bugs.launchpad.net/bugs/547506
You received this bug notification because you are a member of Mahara
Core, which is subscribed to Mahara.
Status in Mahara ePortfolio: Invalid
Bug description:
http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=454a6e7c4dedcd907dade197aedc51ffbd8f4fb4;hp=5f6b28faf25fed4f7403b5f1db4696f7c8be48cf
http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=988b0b22607aa3f5ac6e2db6c88a330da2d86155;hp=f213ba93b994030b5558dcf16d46da07934854b9
http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=250f84d6b149251533c235b5aa447f26c27e0b96;hp=988b0b22607aa3f5ac6e2db6c88a330da2d86155
Potentially not an issue in Mahara because we don't have dangerousmode (I
think).
This bug was imported from eduforge.org, see:
https://eduforge.org/tracker/index.php?func=detail&aid=2990&group_id=176&atid=739
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
