[php-maint] Crypt in PHP 5.3.7
Ondřej Surý
ondrej at debian.org
Tue Aug 23 07:03:00 UTC 2011
Hi Thomas,
you mean the test-results.txt.gz in php5-common? :)
The problem is that the upstream has a number of FAIL tests which really
should be in XFAIL category (expected fail). So you cannot build PHP
and fail if there are any failed tests now.
Anyway I started to discuss this on the php-internals, so now it's probably
good time to change that :).
O.
On Tue, Aug 23, 2011 at 02:59, Thomas Goirand <thomas at goirand.fr> wrote:
> On 08/22/2011 05:24 AM, Ondřej Surý wrote:
>> Hi Lior,
>>
>> thanks for heads up, fortunately I have some good news. Ccing Debian
>> Security Team as well.
>>
>> Debian's PHP is fine, because it does use system crypt() implementation
>> for available ciphers and uses PHP implementation only for algorithms
>> not implemented in the system library (e.g. blowfish).
>>
>> Stable with php5-cli 5.3.7-1:
>> # php -r 'printf("MD5: %s\n", crypt("password", "\$1\$U7AjYB.O$"));'
>> MD5: $1$U7AjYB.O$L1N7ux7twaMIMw0En8UUR1
>>
>> O.
>
> Hi Ondrej,
>
> Reading around, it seems that there is a unit testing thing upstream.
> Running it at build time would have shown the issue, and Debian wouldn't
> have been affected at all, even for the blowfish encryption.
>
> So, would it be possible to add the unit tests in the debian/rules of
> PHP? Just a (lame) suggestion here, since I have no time to prepare a
> patch for that...
>
> Thomas
>
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list