diff -Nurp Trac-0.11.orig/contrib/htdigest.py Trac-0.11/contrib/htdigest.py
--- Trac-0.11.orig/contrib/htdigest.py	2008-04-30 19:45:36.000000000 +0200
+++ Trac-0.11/contrib/htdigest.py	2008-07-22 23:03:47.000000000 +0200
@@ -17,7 +17,7 @@
 
 import errno
 import fileinput
-import md5
+import hashlib
 import sys
 from optparse import OptionParser
 from getpass import getpass
@@ -36,7 +36,7 @@ def get_digest(userprefix, password=None
     return make_digest(userprefix, password)
 
 def make_digest(userprefix, password):
-    return userprefix + md5.new(userprefix + password).hexdigest()
+    return userprefix + hashlib.md5(userprefix + password).hexdigest()
 
 usage = "%prog [-c] [-b] passwordfile realm username"
 parser = OptionParser(usage=usage)
diff -Nurp Trac-0.11.orig/trac/ticket/notification.py Trac-0.11/trac/ticket/notification.py
--- Trac-0.11.orig/trac/ticket/notification.py	2008-04-30 19:45:33.000000000 +0200
+++ Trac-0.11/trac/ticket/notification.py	2008-07-22 23:03:47.000000000 +0200
@@ -16,7 +16,7 @@
 # Author: Daniel Lundin <daniel@edgewall.com>
 #
 
-import md5
+import hashlib
 
 from trac import __version__
 from trac.core import *
@@ -284,7 +284,7 @@ class TicketNotifyEmail(NotifyEmail):
         s = '%s.%08d.%d.%s' % (self.config.get('project', 'url'),
                                int(self.ticket.id), to_timestamp(modtime),
                                rcpt.encode('ascii', 'ignore'))
-        dig = md5.new(s).hexdigest()
+        dig = hashlib.md5(s).hexdigest()
         host = self.from_email[self.from_email.find('@') + 1:]
         msgid = '<%03d.%s@%s>' % (len(s), dig, host)
         return msgid
diff -Nurp Trac-0.11.orig/trac/util/__init__.py Trac-0.11/trac/util/__init__.py
--- Trac-0.11.orig/trac/util/__init__.py	2008-06-09 17:19:24.000000000 +0200
+++ Trac-0.11/trac/util/__init__.py	2008-07-22 23:08:01.000000000 +0200
@@ -18,7 +18,7 @@
 #         Matthew Good <trac@matt-good.net>
 
 import locale
-import md5
+import hashlib
 import os
 import re
 import sys
@@ -255,9 +255,8 @@ def get_pkginfo(dist):
 # -- crypto utils
 
 def hex_entropy(bytes=32):
-    import sha
     import random
-    return sha.new(str(random.random())).hexdigest()[:bytes]
+    return hashlib.sha1(str(random.random())).hexdigest()[:bytes]
 
 
 # Original license for md5crypt:
@@ -271,11 +270,11 @@ def md5crypt(password, salt, magic='$1$'
     # /* The password first, since that is what is most unknown */
     # /* Then our magic string */
     # /* Then the raw salt */
-    m = md5.new()
+    m = hashlib.md5()
     m.update(password + magic + salt)
 
     # /* Then just as many characters of the MD5(pw,salt,pw) */
-    mixin = md5.md5(password + salt + password).digest()
+    mixin = hashlib.md5(password + salt + password).digest()
     for i in range(0, len(password)):
         m.update(mixin[i % 16])
 
@@ -293,7 +292,7 @@ def md5crypt(password, salt, magic='$1$'
 
     # /* and now, just to make sure things don't run too fast */
     for i in range(1000):
-        m2 = md5.md5()
+        m2 = hashlib.md5()
         if i & 1:
             m2.update(password)
         else:
diff -Nurp Trac-0.11.orig/trac/web/api.py Trac-0.11/trac/web/api.py
--- Trac-0.11.orig/trac/web/api.py	2008-06-03 22:59:21.000000000 +0200
+++ Trac-0.11/trac/web/api.py	2008-07-22 23:03:47.000000000 +0200
@@ -243,8 +243,8 @@ class Request(object):
         so that consecutive requests can be cached.
         """
         if isinstance(extra, list):
-            import md5
-            m = md5.new()
+            import hashlib
+            m = hashlib.md5()
             for elt in extra:
                 m.update(repr(elt))
             extra = m.hexdigest()
diff -Nurp Trac-0.11.orig/trac/web/auth.py Trac-0.11/trac/web/auth.py
--- Trac-0.11.orig/trac/web/auth.py	2008-04-30 19:45:36.000000000 +0200
+++ Trac-0.11/trac/web/auth.py	2008-07-22 23:03:47.000000000 +0200
@@ -22,7 +22,7 @@ try:
     import threading
 except ImportError:
     import dummy_threading as threading
-import md5
+import hashlib
 import os
 import re
 import sys
@@ -367,7 +367,7 @@ class DigestAuthentication(PasswordFileA
             self.send_auth_request(environ, start_response)
             return None
 
-        kd = lambda x: md5.md5(':'.join(x)).hexdigest()
+        kd = lambda x: hashlib.md5(':'.join(x)).hexdigest()
         a1 = self.hash[auth['username']]
         a2 = kd([environ['REQUEST_METHOD'], auth['uri']])
         # Is the response correct?
diff -Nurp Trac-0.11.orig/trac/wiki/default-pages/TracStandalone Trac-0.11/trac/wiki/default-pages/TracStandalone
--- Trac-0.11.orig/trac/wiki/default-pages/TracStandalone	2008-04-30 19:45:34.000000000 +0200
+++ Trac-0.11/trac/wiki/default-pages/TracStandalone	2008-07-22 23:03:47.000000000 +0200
@@ -111,7 +111,7 @@ If you don't have Apache available, you 
 {{{
 #!python
 from optparse import OptionParser
-import md5
+import hashlib
 
 # build the options
 usage = "usage: %prog [options]"
@@ -128,7 +128,7 @@ if (options.username is None) or (option
    
 # Generate the string to enter into the htdigest file
 realm = 'trac'
-kd = lambda x: md5.md5(':'.join(x)).hexdigest()
+kd = lambda x: hashlib.md5(':'.join(x)).hexdigest()
 print ':'.join((options.username, realm, kd([options.username, realm, options.password])))
 }}}