Hi, I wrote this patch sometime ago and Debian package uses it:
https://bugs.php.net/bug.php?id=51254 which in turn made Debian packages not-vulnerable to #55439. (But I have failed too, I should really start to check to output of the tests when building the package and compare them for any regressions.) So I will (ab)use this time and ask for a feedback (again). I only received this from Pierre: > Not sure I agree with these changes, they are not supposed to be valid. I > don't have the time now to reply with a detailed explanation but we will do > it asap. and the detailed explanation never came. What the patch does: - it changes the m4 script to check for each individual cipher and if found it will use the system library for found ciphers, it will use PHP implementation for the rest (not-found) O. -- Ondřej Surý <ond...@sury.org> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
