[php-maint] Crypt in PHP 5.3.7
thomas at goirand.fr
Tue Aug 23 00:59:40 UTC 2011
On 08/22/2011 05:24 AM, Ondřej Surý wrote:
> Hi Lior,
> thanks for heads up, fortunately I have some good news. Ccing Debian
> Security Team as well.
> Debian's PHP is fine, because it does use system crypt() implementation
> for available ciphers and uses PHP implementation only for algorithms
> not implemented in the system library (e.g. blowfish).
> Stable with php5-cli 5.3.7-1:
> # php -r 'printf("MD5: %s\n", crypt("password", "\$1\$U7AjYB.O$"));'
> MD5: $1$U7AjYB.O$L1N7ux7twaMIMw0En8UUR1
Reading around, it seems that there is a unit testing thing upstream.
Running it at build time would have shown the issue, and Debian wouldn't
have been affected at all, even for the blowfish encryption.
So, would it be possible to add the unit tests in the debian/rules of
PHP? Just a (lame) suggestion here, since I have no time to prepare a
patch for that...
More information about the pkg-php-maint