[php-maint] Crypt in PHP 5.3.7

Ondřej Surý ondrej at debian.org
Tue Aug 23 07:03:00 UTC 2011

Hi Thomas,

you mean the test-results.txt.gz in php5-common? :)

The problem is that the upstream has a number of FAIL tests which really
should be in XFAIL category (expected fail). So you cannot build PHP
and fail if there are any failed tests now.

Anyway I started to discuss this on the php-internals, so now it's probably
good time to change that :).


On Tue, Aug 23, 2011 at 02:59, Thomas Goirand <thomas at goirand.fr> wrote:
> On 08/22/2011 05:24 AM, Ondřej Surý wrote:
>> Hi Lior,
>> thanks for heads up, fortunately I have some good news. Ccing Debian
>> Security Team as well.
>> Debian's PHP is fine, because it does use system crypt() implementation
>> for available ciphers and uses PHP implementation only for algorithms
>> not implemented in the system library (e.g. blowfish).
>> Stable with php5-cli 5.3.7-1:
>> # php -r 'printf("MD5: %s\n", crypt("password", "\$1\$U7AjYB.O$"));'
>> MD5: $1$U7AjYB.O$L1N7ux7twaMIMw0En8UUR1
>> O.
> Hi Ondrej,
> Reading around, it seems that there is a unit testing thing upstream.
> Running it at build time would have shown the issue, and Debian wouldn't
> have been affected at all, even for the blowfish encryption.
> So, would it be possible to add the unit tests in the debian/rules of
> PHP? Just a (lame) suggestion here, since I have no time to prepare a
> patch for that...
> Thomas

Ondřej Surý <ondrej at sury.org>

More information about the pkg-php-maint mailing list