Pierre, Thanks for the prompt response.
On Sun, Jul 31, 2011 at 12:12:48PM +0200, Pierre Joye wrote: > On Sun, Jul 31, 2011 at 10:31 AM, Solar Designer <so...@openwall.com> wrote: > > http://news.php.net/php.internals/54098 > > > > at least the crypt.c bugfix is a must to apply before releasing 5.3.7 > > and 5.4.0. > > The patches are applied already, they are in 5.3.7RC4 and should be in > 5.4.0a3 next week. The reason why I sent this reminder was precisely that I could not find the patches in php5.3-201107310630 and php5.4-201107310630 (I downloaded the -latest tarballs). Now I also downloaded php-5.3.7RC4.tar.bz2, and indeed it does not have the patch either. ext/standard/crypt.c in php-5.3.7RC4 has: salt[2] == 'a' && which means that it doesn't support the new $2x$ and $2y$ prefixes. In 5.4, that check is totally ridiculous (weird mix of ANDs with OR): } else if ( salt[0] == '$' && salt[1] == '2' && (salt[2] != 'a' && salt[2] != 'x') || salt[3] == '$' && salt[4] >= '0' && salt[4] <= '3' && salt[5] >= '0' && salt[5] <= '9' && salt[6] == '$') { Both were fixed by the patches I posted on July 19, but those patches were not yet applied to these branches (as of yesterday). I did not check trunk. Am I missing something? Alexander -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
