hi! Thanks for the patches, applied to all active branches.
About the tests, it would be very good to have them ported as phpt. As far as I remember I did that back then when I first ported it to php. Cheers, On Sun, Jul 17, 2011 at 8:26 PM, Solar Designer <so...@openwall.com> wrote: > Hi, > > I released crypt_blowfish 1.2 earlier today: > > http://www.openwall.com/lists/announce/2011/07/17/1 > > Since these updates are so important because of a bug of mine (sorry!), > I felt like saving PHP developers some time and updating both 5.3 and 5.4 > to the new version myself. It turns out 5.4 was already updated to > crypt_blowfish 1.1 (thanks, Stas!), whereas 5.3 was still at 1.0.4. > > The attached patches update both to 1.2. Please apply these before you > release 5.4 and 5.3.7 proper. > > Obviously, I reviewed all changes you had made against the corresponding > versions of crypt_blowfish and I merged the relevant ones of those into > these patches. > > Oh, one thing I did not add yet is additional test vectors from 1.2's > wrapper.c. You may add them, you may skip that, or you may ask me to > add them. Anyhow, the important thing is to update the crypt_blowfish > code itself (which now includes a quick self-test at runtime) before you > release the new versions of PHP. So I suggest that you start by > applying these patches as-is. > > Another thing I forgot is the " (CVE-2011-2483)" reference in NEWS for > 5.3 - please add that. It was not needed for 5.4 because of Stas' > earlier update to 1.1 (which already refers to the CVE). > > Thanks, > > Alexander > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
