Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:53587
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25566 invoked from network); 26 Jun 2011 21:37:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Jun 2011 21:37:31 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 207.97.245.153 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 207.97.245.153 smtp153.iad.emailsrvr.com Linux 2.6
Received: from [207.97.245.153] ([207.97.245.153:60072] helo=smtp153.iad.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 4A/BA-01045-A96A70E4 for <internals@lists.php.net>; Sun, 26 Jun 2011 17:37:31 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp25.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 2C4E63004E3;
	Sun, 26 Jun 2011 17:37:28 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp25.relay.iad1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id 9B9F2300268;
	Sun, 26 Jun 2011 17:37:27 -0400 (EDT)
Message-ID: <4E07A696.2090602@sugarcrm.com>
Date: Sun, 26 Jun 2011 14:37:26 -0700
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Rasmus Lerdorf <rasmus@lerdorf.com>
CC: PHP internals <internals@lists.php.net>
References: <4E06EF9A.4030603@lerdorf.com>
In-Reply-To: <4E06EF9A.4030603@lerdorf.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] todo: crypt_blowfish issue
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

On 6/26/11 1:36 AM, Rasmus Lerdorf wrote:
> See http://seclists.org/oss-sec/2011/q2/632
> We are using this code in etc/standard/crypt_blowfish.c
>

I've committed the patch for 5.4/trunk, not sure what to do about 5.3 
since there's some BC breakage in the fix for old hashes. See the ML 
thread for more details. Any thoughts about if we want this in 5.3?
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227