forcemerge 581170 623220 found 581170 5.3.3-7+squeeze1 tag 581170 +squeeze thank you
On Mon, Apr 18, 2011 at 15:04, Michael Neubert <[email protected]> wrote: > Package: php5 > Version: 5.3.3-7+squeeze1 > Severity: normal > > > Since Debian Squeeze the behaviour of the crypt() function changed. > With an empty second argument (salt), the result is always an empty string > instead of a hash string (see documentation for the crypt() function). The documentation says: > "An optional salt string to base the hashing on. If not provided, the > behaviour is defined by the algorithm implementation and can lead to > unexpected results. " There is nothing wrong about returning empty string (aka unexpected result) - which hashing do you want anyway? However this has been fixed in the current unstable + testing by generating SHA512 salt+hash, but I don't think the bug is serious enough to include fix for this in the stable updates, since the function behaves according to a documentation. I am merging this bug and marking it as affecting the squeeze release. O. -- Ondřej Surý <[email protected]> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
