Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:54059 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 52940 invoked from network); 18 Jul 2011 21:27:38 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Jul 2011 21:27:38 -0000 Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.83.42 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 74.125.83.42 mail-gw0-f42.google.com Received: from [74.125.83.42] ([74.125.83.42:60843] helo=mail-gw0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C1/61-38309-745A42E4 for ; Mon, 18 Jul 2011 17:27:36 -0400 Received: by gwb17 with SMTP id 17so1622811gwb.29 for ; Mon, 18 Jul 2011 14:27:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=6D3e930p0uXfw2O7wAJnilrhXp4FJ7dFLoNQt4UN8Wk=; b=ej6IwFfGDUooNGQCTdOrY913NiTPiGnMO2hbSBzQMnDhGh59VCipePtHSmDPRVBcLe /WIKk4ekwtTcXxtfwAac1+DaJZQJYnLXCMhz7HDdXQU+cgg1TMVY+flcv2cUgNDUQdP5 sCP22ea0+bB0CpT8nnr30A7Euz8oYDZYWQxTw= MIME-Version: 1.0 Received: by 10.236.192.166 with SMTP id i26mr8451366yhn.114.1311024452368; Mon, 18 Jul 2011 14:27:32 -0700 (PDT) Received: by 10.147.34.16 with HTTP; Mon, 18 Jul 2011 14:27:32 -0700 (PDT) In-Reply-To: <20110717182616.GA17288@openwall.com> References: <20110717182616.GA17288@openwall.com> Date: Mon, 18 Jul 2011 23:27:32 +0200 Message-ID: To: Solar Designer Cc: PHP Internals List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] [PATCH] crypt_blowfish 1.2 From: pierre.php@gmail.com (Pierre Joye) hi! Thanks for the patches, applied to all active branches. About the tests, it would be very good to have them ported as phpt. As far as I remember I did that back then when I first ported it to php. Cheers, On Sun, Jul 17, 2011 at 8:26 PM, Solar Designer wrote: > Hi, > > I released crypt_blowfish 1.2 earlier today: > > http://www.openwall.com/lists/announce/2011/07/17/1 > > Since these updates are so important because of a bug of mine (sorry!), > I felt like saving PHP developers some time and updating both 5.3 and 5.4 > to the new version myself. =A0It turns out 5.4 was already updated to > crypt_blowfish 1.1 (thanks, Stas!), whereas 5.3 was still at 1.0.4. > > The attached patches update both to 1.2. =A0Please apply these before you > release 5.4 and 5.3.7 proper. > > Obviously, I reviewed all changes you had made against the corresponding > versions of crypt_blowfish and I merged the relevant ones of those into > these patches. > > Oh, one thing I did not add yet is additional test vectors from 1.2's > wrapper.c. =A0You may add them, you may skip that, or you may ask me to > add them. =A0Anyhow, the important thing is to update the crypt_blowfish > code itself (which now includes a quick self-test at runtime) before you > release the new versions of PHP. =A0So I suggest that you start by > applying these patches as-is. > > Another thing I forgot is the " (CVE-2011-2483)" reference in NEWS for > 5.3 - please add that. =A0It was not needed for 5.4 because of Stas' > earlier update to 1.1 (which already refers to the CVE). > > Thanks, > > Alexander > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > --=20 Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org