[Pkg-php-commits] [php/debian-sid] Update use system crypt() patch

Ondřej Surý ondrej at sury.org
Thu Oct 21 09:46:23 UTC 2010


---
 debian/patches/php_crypt_revamped.patch     |   56 +++++++++++++++++----------
 debian/patches/series                       |    6 +--
 debian/patches/use_system_crypt_fixes.patch |   19 +++++----
 3 files changed, 48 insertions(+), 33 deletions(-)

diff --git a/debian/patches/php_crypt_revamped.patch b/debian/patches/php_crypt_revamped.patch
index fe22984..adea8b5 100644
--- a/debian/patches/php_crypt_revamped.patch
+++ b/debian/patches/php_crypt_revamped.patch
@@ -83,12 +83,11 @@
  
    dnl
    dnl Check for __alignof__ support in the compiler
-@@ -268,66 +331,16 @@ if test "$ac_cv_crypt_blowfish" = "no" |
-   if test "$ac_cv_attribute_aligned" = "yes"; then
+@@ -269,74 +332,15 @@ if test "$ac_cv_crypt_blowfish" = "no" |
      AC_DEFINE([HAVE_ATTRIBUTE_ALIGNED], 1, [whether the compiler supports __attribute__ ((__aligned__))])
    fi
--    
- 
+     
+-
 -  AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
 -  AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, 1, [Whether the system supports standard DES salt])
 -  AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, 1, [Whether the system supports BlowFish salt])
@@ -127,6 +126,15 @@
 -  fi
 -  AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, $ac_result, [Whether the system supports extended DES salt])
 -
+-  if test "$ac_cv_crypt_md5" = "yes"; then
+-    ac_result=1
+-    ac_crypt_md5=1
+-  else
+-    ac_result=0
+-    ac_crypt_md5=0
+-  fi
+-  AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, $ac_result, [Whether the system supports MD5 salt])  
+-  
 -  if test "$ac_cv_crypt_sha512" = "yes"; then
 -    ac_result=1
 -    ac_crypt_sha512=1
@@ -134,7 +142,7 @@
 -    ac_result=0
 -    ac_crypt_sha512=0
 -  fi
--  AC_DEFINE_UNQUOTED(PHP_EXT_SHA512_CRYPT, $ac_result, [Whether the system supports SHA512 salt])
+-  AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, $ac_result, [Whether the system supports SHA512 salt])
 -
 -  if test "$ac_cv_crypt_sha256" = "yes"; then
 -    ac_result=1
@@ -143,7 +151,7 @@
 -    ac_result=0
 -    ac_crypt_sha256=0
 -  fi
--  AC_DEFINE_UNQUOTED(PHP_EXT_SHA256_CRYPT, $ac_result, [Whether the system supports SHA256 salt])
+-  AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, $ac_result, [Whether the system supports SHA256 salt])
 -
 -  AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des])
 +  ac_result=0
@@ -157,7 +165,7 @@
 --- a/ext/standard/crypt.c
 +++ b/ext/standard/crypt.c
 @@ -32,13 +32,12 @@
- #ifdef PHP_USE_PHP_CRYPT_R
+ #if PHP_USE_PHP_CRYPT_R
  # include "php_crypt_r.h"
  # include "crypt_freesec.h"
 -#else
@@ -175,7 +183,7 @@
  #endif
  #if TM_IN_SYS_TIME
  #include <sys/time.h>
-@@ -64,51 +63,46 @@
+@@ -64,56 +63,49 @@
   * PHP_EXT_DES_CRYPT, PHP_MD5_CRYPT and PHP_BLOWFISH_CRYPT as appropriate
   * for the target platform. */
  
@@ -203,16 +211,17 @@
 -#undef PHP_MAX_SALT_LEN
 -#define PHP_MAX_SALT_LEN 60
 -#endif
-+#define PHP_MAX_MD5_SALT_LEN 12
-+#define PHP_MAX_MD5_HASH_LEN 22
- 
+-
 -#if PHP_SHA512_CRYPT
 -#undef PHP_MAX_SALT_LEN
 -#define PHP_MAX_SALT_LEN 123
 -#endif
++#define PHP_MAX_MD5_SALT_LEN 12
++#define PHP_MAX_MD5_HASH_LEN 22
+ 
 +#define PHP_MAX_BLOWFISH_SALT_LEN 29
 +#define PHP_MAX_BLOWFISH_HASH_LEN 31
- 
++ 
 +#define PHP_MAX_SHA256_SALT_LEN 37
 +#define PHP_MAX_SHA256_HASH_LEN 43
  
@@ -237,30 +246,35 @@
  
  PHP_MINIT_FUNCTION(crypt) /* {{{ */
  {
- 	REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT);
+-	REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT);
 -	REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT, CONST_CS | CONST_PERSISTENT);
 -	REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT, CONST_CS | CONST_PERSISTENT);
 -	REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT, CONST_CS | CONST_PERSISTENT);
 -	REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT, CONST_CS | CONST_PERSISTENT);
--	REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT, CONST_CS | CONST_PERSISTENT);
--	REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT, CONST_CS | CONST_PERSISTENT);
+-
 +	REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT);
 +	REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT);
 +	REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT);
 +	REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT);
+ #ifdef PHP_SHA256_CRYPT
+-   REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT, CONST_CS | CONST_PERSISTENT);
 +	REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT);
-+	REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT);
+ #endif
  
+ #ifdef PHP_SHA512_CRYPT
+-   REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT, CONST_CS | CONST_PERSISTENT);
++	REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT);
+ #endif
  
- #ifdef PHP_USE_PHP_CRYPT_R
-@@ -119,15 +113,15 @@ PHP_MINIT_FUNCTION(crypt) /* {{{ */
+ #if PHP_USE_PHP_CRYPT_R
+@@ -124,15 +116,15 @@ PHP_MINIT_FUNCTION(crypt) /* {{{ */
  }
  /* }}} */
  
-+#ifdef PHP_USE_PHP_CRYPT_R
++#if PHP_USE_PHP_CRYPT_R
  PHP_MSHUTDOWN_FUNCTION(crypt) /* {{{ */
  {
--#ifdef PHP_USE_PHP_CRYPT_R
+-#if PHP_USE_PHP_CRYPT_R
  	php_shutdown_crypt_r();
 -#endif
  
@@ -271,7 +285,7 @@
  
  static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
  
-@@ -145,158 +139,171 @@ static void php_to64(char *s, long v, in
+@@ -150,158 +142,171 @@ static void php_to64(char *s, long v, in
  PHP_FUNCTION(crypt)
  {
  	char salt[PHP_MAX_SALT_LEN + 1];
diff --git a/debian/patches/series b/debian/patches/series
index ee44a66..2c1b54a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -44,10 +44,8 @@ qdbm-is-usr_include_qdbm.patch
 zend_int_overflow.patch
 use_embedded_timezonedb_fixes.patch
 fix_broken_sha2_test.patch
-# FIXME: needs to be updated:
-#php_crypt_revamped.patch
-# FIXME: needs to be updated:
-#use_system_crypt_fixes.patch
+php_crypt_revamped.patch
+use_system_crypt_fixes.patch
 session_save_path.patch
 #install-programs_parallel_FTBFS.patch
 #581911_pdo_mysql_segfaults.patch
diff --git a/debian/patches/use_system_crypt_fixes.patch b/debian/patches/use_system_crypt_fixes.patch
index 6724f87..14b7dd0 100644
--- a/debian/patches/use_system_crypt_fixes.patch
+++ b/debian/patches/use_system_crypt_fixes.patch
@@ -11,18 +11,21 @@
  ?>
 --- a/ext/standard/tests/strings/crypt_blowfish_variation1.phpt
 +++ b/ext/standard/tests/strings/crypt_blowfish_variation1.phpt
-@@ -3,8 +3,8 @@ Test Blowfish crypt() with invalid round
- --FILE--
- <?php
+@@ -17,9 +17,12 @@ $salts = array(b'32' => b'$2a$32$CCCCCCC
+                b'37' => b'$2a$37$CCCCCCCCCCCCCCCCCCCCCC$',
+                b'38' => b'$2a$38$CCCCCCCCCCCCCCCCCCCCCC$',);
  
--foreach(range(32, 38) as $i) {
--  if (crypt('U*U', '$2a$'.$i.'$CCCCCCCCCCCCCCCCCCCCCC$') === FALSE) {
-+foreach(array_merge(range(00, 03), range(32, 38)) as $i) {
-+  if (crypt('U*U', '$2a$'.$i.'$CCCCCCCCCCCCCCCCCCCCCC$') === '$2SHYF.wPGyfE') {
++$results = array(b'32' => 
++
+ foreach($salts as $i=>$salt) {
+   $crypt = crypt(b'U*U', $salt);
+-  if ($crypt === b'*0' || $crypt === b'*1') {
++  /* Debian patch.  If the invalid salt is used then standard DES is used per system library */
++  if ($crypt === b'$2SHYF.wPGyfE' || $crypt === b'*0' || $crypt === b'*1') {
      echo "$i. OK\n";
    } else {
      echo "$i. Not OK\n";
-@@ -13,6 +13,10 @@ foreach(range(32, 38) as $i) {
+@@ -28,6 +31,10 @@ foreach($salts as $i=>$salt) {
  
  ?>
  --EXPECT--
-- 
1.7.1





More information about the Pkg-php-commits mailing list