Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:54738 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 40886 invoked from network); 20 Aug 2011 00:03:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Aug 2011 00:03:00 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.210.172 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.210.172 mail-iy0-f172.google.com Received: from [209.85.210.172] ([209.85.210.172:50863] helo=mail-iy0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4A/50-37318-2B9FE4E4 for ; Fri, 19 Aug 2011 20:02:59 -0400 Received: by iye7 with SMTP id 7so7146738iye.31 for ; Fri, 19 Aug 2011 17:02:56 -0700 (PDT) Received: by 10.231.45.206 with SMTP id g14mr669031ibf.97.1313798576058; Fri, 19 Aug 2011 17:02:56 -0700 (PDT) Received: from [192.168.200.5] (c-50-131-46-20.hsd1.ca.comcast.net [50.131.46.20]) by mx.google.com with ESMTPS id g21sm1875909ibl.24.2011.08.19.17.02.54 (version=SSLv3 cipher=OTHER); Fri, 19 Aug 2011 17:02:55 -0700 (PDT) Message-ID: <4E4EF9AE.6090102@lerdorf.com> Date: Fri, 19 Aug 2011 17:02:54 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110812 Thunderbird/6.0 MIME-Version: 1.0 To: Stas Malyshev CC: PHP Internals References: <4E4EEED3.4070001@sugarcrm.com> In-Reply-To: <4E4EEED3.4070001@sugarcrm.com> X-Enigmail-Version: 1.2.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] 5.3.7pl1 From: rasmus@lerdorf.com (Rasmus Lerdorf) On 08/19/2011 04:16 PM, Stas Malyshev wrote: > Hi! > > Looks like 5.3.7 shipped with broken crypt() (see bug# 55439 and > http://svn.php.net/viewvc/?view=revision&revision=315218) - and I > think it's a serious problem since this means everybody's md5 passwords > will stop working - so should we make 5.3.7pl1? > > And maybe not do these changes on 5.3, especially this close to the > release? Yeah, that one was my fault. I had run the tests after switching it to strncat() but I didn't do it after the strlcat() switch and I obviously missed the buffer length difference between strlcat and strncat. The secondary problem is that we are not doing a good job running our tests prior to releases. I think this is mostly because we have way too many tests that fail and one more or less failing test gets lost in the noise. -Rasmus