On 08/19/2011 04:16 PM, Stas Malyshev wrote: > Hi! > > Looks like 5.3.7 shipped with broken crypt() (see bug# 55439 and > http://svn.php.net/viewvc/?view=revision&revision=315218) - and I > think it's a serious problem since this means everybody's md5 passwords > will stop working - so should we make 5.3.7pl1? > > And maybe not do these changes on 5.3, especially this close to the > release?
Yeah, that one was my fault. I had run the tests after switching it to strncat() but I didn't do it after the strlcat() switch and I obviously missed the buffer length difference between strlcat and strncat. The secondary problem is that we are not doing a good job running our tests prior to releases. I think this is mostly because we have way too many tests that fail and one more or less failing test gets lost in the noise. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
