hi!

Thanks for the patches, applied to all active branches.

About the tests, it would be very good to have them ported as phpt. As
far as I remember I did that back then when I first ported it to php.

Cheers,

On Sun, Jul 17, 2011 at 8:26 PM, Solar Designer <so...@openwall.com> wrote:
> Hi,
>
> I released crypt_blowfish 1.2 earlier today:
>
> http://www.openwall.com/lists/announce/2011/07/17/1
>
> Since these updates are so important because of a bug of mine (sorry!),
> I felt like saving PHP developers some time and updating both 5.3 and 5.4
> to the new version myself.  It turns out 5.4 was already updated to
> crypt_blowfish 1.1 (thanks, Stas!), whereas 5.3 was still at 1.0.4.
>
> The attached patches update both to 1.2.  Please apply these before you
> release 5.4 and 5.3.7 proper.
>
> Obviously, I reviewed all changes you had made against the corresponding
> versions of crypt_blowfish and I merged the relevant ones of those into
> these patches.
>
> Oh, one thing I did not add yet is additional test vectors from 1.2's
> wrapper.c.  You may add them, you may skip that, or you may ask me to
> add them.  Anyhow, the important thing is to update the crypt_blowfish
> code itself (which now includes a quick self-test at runtime) before you
> release the new versions of PHP.  So I suggest that you start by
> applying these patches as-is.
>
> Another thing I forgot is the " (CVE-2011-2483)" reference in NEWS for
> 5.3 - please add that.  It was not needed for 5.4 because of Stas'
> earlier update to 1.1 (which already refers to the CVE).
>
> Thanks,
>
> Alexander
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to