Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:54803
Return-Path: <ondrej@sury.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 5197 invoked from network); 22 Aug 2011 19:52:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Aug 2011 19:52:31 -0000
Authentication-Results: pb1.pair.com smtp.mail=ondrej@sury.org; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ondrej@sury.org; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sury.org designates 74.125.82.54 as permitted sender)
X-PHP-List-Original-Sender: ondrej@sury.org
X-Host-Fingerprint: 74.125.82.54 mail-ww0-f54.google.com  
Received: from [74.125.82.54] ([74.125.82.54:45181] helo=mail-ww0-f54.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BC/20-03148-D73B25E4 for <internals@lists.php.net>; Mon, 22 Aug 2011 15:52:30 -0400
Received: by wwg11 with SMTP id 11so5006351wwg.11
        for <internals@lists.php.net>; Mon, 22 Aug 2011 12:52:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sury.org; s=google;
        h=mime-version:from:date:message-id:subject:to:content-type
         :content-transfer-encoding;
        bh=XITPgW+h27nXfO8VdqmatR3RueKM8CLyDHJOvtEutqA=;
        b=KjPwpr3GngIGBjgESFdA7XQdVqTCoQlaX6bOOmSi0Asvuimjy7YzYOhlzku/WqjrxS
         CF4gyrU3jj7f9mHL/roBN5QpizJ7MKezR9z9hmverJGPq+d7baK/91Il8DTHhgeMRCWf
         1npauII3A4a0KWo/XkaewV/JhnVYoD/3mjCvY=
Received: by 10.227.39.134 with SMTP id g6mr19166wbe.47.1314042746075; Mon, 22
 Aug 2011 12:52:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.142.71 with HTTP; Mon, 22 Aug 2011 12:51:08 -0700 (PDT)
Date: Mon, 22 Aug 2011 21:51:08 +0200
Message-ID: <CALjhHG-WyQFarFK7pWW=nMfpwMA2yn3=_C_B2NMZzDRRBMOHdQ@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Use system crypt() when possible
From: ondrej@sury.org (=?UTF-8?B?T25kxZllaiBTdXLDvQ==?=)

Hi,

I wrote this patch sometime ago and Debian package uses it:

https://bugs.php.net/bug.php?id=3D51254

which in turn made Debian packages not-vulnerable to #55439. (But I
have failed too, I should really start to check to output of the tests
when building the package and compare them for any regressions.)

So I will (ab)use this time and ask for a feedback (again). I only
received this from Pierre:

> Not sure I agree with these changes, they are not supposed to be valid. I=
 don't have the time now to reply with a detailed explanation but we will d=
o it asap.

and the detailed explanation never came.

What the patch does:
- it changes the m4 script to check for each individual cipher and if
found it will use the system library for found ciphers, it will use
PHP implementation for the rest (not-found)

O.
--=20
=EF=BB=BFOnd=C5=99ej Sur=C3=BD <ondrej@sury.org>