diff --git a/Changelog.txt b/Changelog.txt index 432b8ae..8408814 100644 --- a/Changelog.txt +++ b/Changelog.txt @@ -7,6 +7,11 @@ Versioning guidelines for SemVer can be found at: https://semver.org/ === Changes made since last versioned release === +(none) + +=== Version/Release 0.2.3 === +PATCH RELEASE. + - [2018.12.19; Sub-minor code change; Maikuolan]: Split apart the YAML handler a little more (doesn't change anything functionally, but should help to slightly reduce complaints sometimes made by certain code quality checkers @@ -16,6 +21,14 @@ Versioning guidelines for SemVer can be found at: https://semver.org/ README to German, Russian, Korean, and Japanese. This totals 14 translations now available. +- [2019.01.25; Sub-minor code change; Maikuolan]: Upped the hashing algo used + for generating checksums by default from MD5 to SHA256, seeing as the latter + is already supported by phpMussel anyhow (thus having zero implementation + cost). + +Caleb M (Maikuolan), +January 25, 2019. + === Version/Release 0.2.2 === PATCH RELEASE. diff --git a/sigtool.php b/sigtool.php index f2cfd4f..816dfc9 100644 --- a/sigtool.php +++ b/sigtool.php @@ -1,6 +1,6 @@ . @@ -19,7 +19,7 @@ class SigTool public $Ver = '0.2.3'; /** Last modified date. */ - public $Modified = '2018.12.20'; + public $Modified = '2019.01.25'; /** Script user agent. */ public $UA = 'SigTool v%s (https://github.com/phpMussel/SigTool)'; @@ -138,7 +138,7 @@ public function read(string $In, &$Arr, int $Depth = 0) } /** - * Process one line of YAML. Parameters reference variables set by calling method. + * Process a single line of YAML. Parameters reference variables set by calling method. * * @param string $ThisLine * @param string $ThisTab @@ -302,7 +302,7 @@ public function fetch($URI, $Timeout = 600) public function shorthand(&$Data) { while (true) { - $Check = md5($Data) . ':' . strlen($Data); + $Check = hash('sha256', $Data) . ':' . strlen($Data); foreach ([ ["\x11", 'Win'], ["\x12", 'W(?:in)?32'], @@ -419,7 +419,7 @@ public function shorthand(&$Data) '', '' ], $Data); - if (md5($Data) . ':' . strlen($Data) === $Check) { + if (hash('sha256', $Data) . ':' . strlen($Data) === $Check) { break; } } @@ -750,7 +750,7 @@ public function fixPath($Path) if (!empty($Set[5]) && !empty($Set[4]) && !empty($Meta[$Set[4]]['Files']['Checksum'][0]) && !empty($Meta[$Set[4]]['Version'])) { /** We use the format Y.z.B for signature file versioning. */ $Meta[$Set[4]]['Version'] = date('Y.z.B', time()); - $Meta[$Set[4]]['Files']['Checksum'][0] = md5($FileData) . ':' . strlen($FileData); + $Meta[$Set[4]]['Files']['Checksum'][0] = hash('sha256', $FileData) . ':' . strlen($FileData); } echo $L10N['Done']; @@ -1065,7 +1065,7 @@ function ($Matches) use ($Char, $Length) { if (!empty($Meta[$FileSet]['Files']['Checksum'][0]) && !empty($Meta[$FileSet]['Version'])) { /** We use the format Y.z.B for signature file versioning. */ $Meta[$FileSet]['Version'] = date('Y.z.B', time()); - $Meta[$FileSet]['Files']['Checksum'][0] = md5($FileData) . ':' . strlen($FileData); + $Meta[$FileSet]['Files']['Checksum'][0] = hash('sha256', $FileData) . ':' . strlen($FileData); } file_put_contents($SigTool->fixPath(__DIR__ . '/' . $FileSet), $FileData); $Handle = gzopen($SigTool->fixPath(__DIR__ . '/' . $FileSet . '.gz'), 'wb');