hi,
On Mon, Aug 22, 2011 at 9:51 PM, Ondřej Surý <ond...@sury.org> wrote: > Hi, > > I wrote this patch sometime ago and Debian package uses it: > > https://bugs.php.net/bug.php?id=51254 > > which in turn made Debian packages not-vulnerable to #55439. That's a bit easy to come up with that, I don't think either that we should explain again why what was done with 5.3.7-final was wrong in all possible ways and why we are all responsible for this mistake :) > (But I > have failed too, I should really start to check to output of the tests > when building the package and compare them for any regressions.) :) > So I will (ab)use this time and ask for a feedback (again). I only > received this from Pierre: > >> Not sure I agree with these changes, they are not supposed to be valid. I >> don't have the time now to reply with a detailed explanation but we will do >> it asap. > > and the detailed explanation never came. > > What the patch does: > - it changes the m4 script to check for each individual cipher and if > found it will use the system library for found ciphers, it will use > PHP implementation for the rest (not-found) In 5.4+ it should be fine to apply it as long as it is well tested (and not only on Debian pls :), MFH once 100% tested (other esoteric systems), incl. phpt passing everywhere. Then main problem here is about systems doing weird or non standard things. Debian does or did that for a couple of things, I prefer true portability. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
