[php-maint] Bug#603012: Bug#603012: php5-cgi: CRYPT_SALT_LENGTH constant is not defined

Ondřej Surý ondrej at debian.org
Thu Feb 24 15:27:22 UTC 2011 

Colin,

I accidentally stripped the CRYPT_SALT_LENGTH in the Debian patch.
Anyway the constant doesn't really make sense, because the SALT length
differs from algorithm to algorithm and Debian always includes all
algorithms:

#define PHP_MAX_STD_DES_SALT_LEN 2
#define PHP_MAX_STD_DES_HASH_LEN 11

#define PHP_MAX_EXT_DES_SALT_LEN 9
#define PHP_MAX_EXT_DES_HASH_LEN 11

#define PHP_MAX_MD5_SALT_LEN 12
#define PHP_MAX_MD5_HASH_LEN 22

#define PHP_MAX_BLOWFISH_SALT_LEN 29
#define PHP_MAX_BLOWFISH_HASH_LEN 31

#define PHP_MAX_SHA256_SALT_LEN 37
#define PHP_MAX_SHA256_HASH_LEN 43

#define PHP_MAX_SHA512_SALT_LEN 37
#define PHP_MAX_SHA512_HASH_LEN 86

e.g. you can use 37 as temporary fix (which is way too big for DES or
MD5). I'll fix that in next unstable upload and we'll try to get this
into stable-updates since it's a regression from upstream.

Kind regards,
Ondrej

On Wed, Nov 10, 2010 at 10:21, Colin Snover
<bugs.debian.org at zetafleet.com> wrote:
> Package: php5-cgi
> Version: 5.3.3-2
> Severity: normal
>
> The CRYPT_SALT_LENGTH constant is missing in 5.3.3-2. It existed in 5.3.2-2
> and does not appear to have been removed upstream.
>
> -- System Information:
> Debian Release: squeeze/sid
>  APT prefers testing
>  APT policy: (990, 'testing'), (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.35.4-x86_64-linode16 (SMP w/4 CPU cores)
> Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5-cgi depends on:
> ii  libbz2-1.0              1.0.5-6          high-quality block-sorting file co
> ii  libc6                   2.11.2-7         Embedded GNU C Library: Shared lib
> ii  libcomerr2              1.41.12-2        common error description library
> ii  libdb4.8                4.8.30-2         Berkeley v4.8 Database Libraries [
> ii  libgssapi-krb5-2        1.8.3+dfsg-2     MIT Kerberos runtime libraries - k
> ii  libk5crypto3            1.8.3+dfsg-2     MIT Kerberos runtime libraries - C
> ii  libkrb5-3               1.8.3+dfsg-2     MIT Kerberos runtime libraries
> ii  libmagic1               5.04-5           File type determination library us
> ii  libonig2                5.9.1-1          Oniguruma regular expressions libr
> ii  libpcre3                8.02-1.1         Perl 5 Compatible Regular Expressi
> ii  libqdbm14               1.8.77-3.1       QDBM Database Libraries [runtime]
> ii  libssl0.9.8             0.9.8o-2         SSL shared libraries
> ii  libxml2                 2.7.7.dfsg-4     GNOME XML library
> ii  mime-support            3.48-1           MIME files 'mime.types' & 'mailcap
> ii  php5-common             5.3.3-2          Common files for packages built fr
> ii  tzdata                  2010l-1          time zone and daylight-saving time
> ii  ucf                     3.0025+nmu1      Update Configuration File: preserv
> ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime
>
> php5-cgi recommends no packages.
>
> Versions of packages php5-cgi suggests:
> ii  php-pear                      5.3.3-2    PEAR - PHP Extension and Applicati
>
> -- no debconf information
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/

More information about the pkg-php-maint mailing list