tag 572561 fixed-upstream
reassign 572561 php5-common 5.3.1-5
clone 572561 -1
retitle -1 PHP's bundled crypt implementation is used
severity -1 normal
thanks
Hi,
On 4 March 2010 15:30, Fonso <ulfonk_menn...@gmx.de> wrote:
> Package: php5
> Version: 5.3.1-5
> Severity: important
>
>
> The output of crypt() for certain salts has changed between version
> 5.2.6-1+lenny6 and 5.3.1-5
> The following small test script demonstrates this:
>
> <?php echo crypt("semmel", "1$"); ?>
>
> With php 5.3.1-5 this results in: 1$YZfgMfg2BiI
> With php 5.2.6-1+lenny6 this results in: 1$IjqLeTnxFwo
This has already been fixed by upstream and the fix is included in
5.3.2 which should be uploaded some time soon.
In case you urgently need it to work the way it used to, this commit fixes it:
http://svn.php.net/viewvc?view=revision&revision=295340
> As a side note, the same output is generated, with the following script which
> provides an invalid, but different, salt:
Not sure this can be treated as a bug (if you insist, report it
upstream) as the salt is obviously invalid. The memory where the salt
is copied to is filled with '$'s which in this case leads to the same
result: '1$'.
As a side note... this bug would not have been triggered if php was
actually using the system's crypt(3) instead of the bundled copy. This
in turn means that something failed during the configure checks.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
