From a94afd2afd3d8b11994d802575da317c85077ca0 Mon Sep 17 00:00:00 2001
From: Frost Ming <mianghong@gmail.com>
Date: Thu, 5 Nov 2020 09:17:25 +0800
Subject: [PATCH] Restrict the acceptable hash type to SHA256 only

---
 news/4517.bugfix.rst                           | 1 +
 pipenv/patched/piptools/repositories/pypi.py   | 4 ++--
 tasks/vendoring/patches/patched/piptools.patch | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)
 create mode 100644 news/4517.bugfix.rst

diff --git a/news/4517.bugfix.rst b/news/4517.bugfix.rst
new file mode 100644
index 00000000..d8cd4c3e
--- /dev/null
+++ b/news/4517.bugfix.rst
@@ -0,0 +1 @@
+Restrict the acceptable hash type to SHA256 only.
diff --git a/pipenv/patched/piptools/repositories/pypi.py b/pipenv/patched/piptools/repositories/pypi.py
index 8f742713..c87a4e71 100644
--- a/pipenv/patched/piptools/repositories/pypi.py
+++ b/pipenv/patched/piptools/repositories/pypi.py
@@ -81,8 +81,8 @@ class HashCache(SafeFileCache):
         if can_hash:
             # hash url WITH fragment
             hash_value = self.get(new_location.url)
-            if not hash_value:
-                hash_value = "{}:{}".format(new_location.hash_name, new_location.hash)
+            if not hash_value and new_location.hash_name == FAVORITE_HASH:
+                hash_value = "{}:{}".format(FAVORITE_HASH, new_location.hash)
                 hash_value = hash_value.encode('utf8')
         if not hash_value:
             hash_value = self._get_file_hash(new_location) if not new_location.url.startswith("ssh") else None
diff --git a/tasks/vendoring/patches/patched/piptools.patch b/tasks/vendoring/patches/patched/piptools.patch
index d4bda87b..015399da 100644
--- a/tasks/vendoring/patches/patched/piptools.patch
+++ b/tasks/vendoring/patches/patched/piptools.patch
@@ -285,8 +285,8 @@ index ef5ba4e..8f74271 100644
 +        if can_hash:
 +            # hash url WITH fragment
 +            hash_value = self.get(new_location.url)
-+            if not hash_value:
-+                hash_value = "{}:{}".format(new_location.hash_name, new_location.hash)
++            if not hash_value and new_location.hash_name == FAVORITE_HASH:
++                hash_value = "{}:{}".format(FAVORITE_HASH, new_location.hash)
 +                hash_value = hash_value.encode('utf8')
 +        if not hash_value:
 +            hash_value = self._get_file_hash(new_location) if not new_location.url.startswith("ssh") else None