Re: [PHP-CVS] com php-src: Merge branch '5.4': ext/openssl/openssl.c
hi, This is a new feature, what does it do in 5.4? Also it was clearly not tested (did not build with 1.0.0 f.e.). I am totally not in favour of having that in 5.4 yet, even if it looks non intrusive. The overall stability and reliability is a key, not only specific functions. Cheers, On Tue, Jun 12, 2012 at 1:04 AM, Scott MacVicar scott...@php.net wrote: Commit: bcd671d999bcb9aac3691c59e632d91575ea87a0 Author: Scott MacVicar scott...@php.net Mon, 11 Jun 2012 16:04:01 -0700 Parents: aadf59dfa4be09147671de33786dc157716705df bccd1e672fabc3c788e93075221d47d9f077b167 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bcd671d999bcb9aac3691c59e632d91575ea87a0 Log: Merge branch '5.4' * 5.4: Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. Add PBKDF2 support via openssl() Conflicts: ext/openssl/openssl.c Changed paths: MM ext/openssl/openssl.c Diff: diff --cc ext/openssl/openssl.c index f7db37b,4d482e8..d0ed15e --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@@ -3328,6 -3332,7 +3328,10 @@@ PHP_FUNCTION(openssl_pkey_get_details /* }}} */ #if OPENSSL_VERSION_NUMBER = 0x1000L ++ HEAD ++=== + ++ 5.4 /* {{{ proto string openssl_pbkdf2(string password, string salt, long key_length, long iterations [, string digest_method = sha1]) Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */ PHP_FUNCTION(openssl_pbkdf2) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] com php-src: Merge branch '5.4': ext/openssl/openssl.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stas did you ACK that change? It seems rather intrusive and I am not sure if we want that in a minor version just 24 h before releasing. can we solve that before tagging 5.4.4? thx On Tue, Jun 12, 2012 at 1:04 AM, Scott MacVicar scott...@php.net wrote: Commit:bcd671d999bcb9aac3691c59e632d91575ea87a0 Author: Scott MacVicar scott...@php.net Mon, 11 Jun 2012 16:04:01 -0700 Parents: aadf59dfa4be09147671de33786dc157716705df bccd1e672fabc3c788e93075221d47d9f077b167 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bcd671d999bcb9aac3691c59e632d91575ea87a0 Log: Merge branch '5.4' * 5.4: Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. Add PBKDF2 support via openssl() Conflicts: ext/openssl/openssl.c Changed paths: MM ext/openssl/openssl.c Diff: diff --cc ext/openssl/openssl.c index f7db37b,4d482e8..d0ed15e --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@@ -3328,6 -3332,7 +3328,10 @@@ PHP_FUNCTION(openssl_pkey_get_details /* }}} */ #if OPENSSL_VERSION_NUMBER = 0x1000L ++ HEAD ++=== + ++ 5.4 /* {{{ proto string openssl_pbkdf2(string password, string salt, long key_length, long iterations [, string digest_method = sha1]) Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */ PHP_FUNCTION(openssl_pbkdf2) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP1z9hAAoJEKSanlo0ToXKTUMQAJH9+HTUMRuRGfHk6dvdK+3j d+fc447uDlNlxcMttgui1NDe7QdjDEkaKWFaKPvv6GIVTPYY4zzHM62okIzx+6V3 lzwbzRUCsER+9p1LD2pbIDNyxCbpenIeI6M1mLP5KfxFnsBx61ok0QghzKBjnnUQ Ci0IF8Ns5B5oj1Kmi5fqMrvgVNV1lRS0RjyiOGh0CyY+IYM1qqJ1VlrZ3LqyDb7s T+xx2MTpfvcyKSFHK1hEmooxYsReikqakJ5yC87k4jVAmSNDpuLDaibnUo/5o0aq 3ZRA8EoBUIeC+Ty0JF9MN+osZVmdD7cMd6q7h0e76HNupW/La2mdbKpQRy80P40N iH1v4HAX+N4k9Ut8bIjbViswWnEqoE/EY5ZSeLdYgR+W6J+R4abPfjR1I4KdLoCH /APyFwpcjGtErlaAPT8Z3iE+eelQ7a92WLz+yVWG70Qq8EG7HBV2234yTYJAsRlw GGDUMgGkmNxh+yCHyNGVqF8bO6Z4ghpUsz031pNhGRYlZrFFko5m9Is6VJsSN+g5 nNqi6xzdnCfVN5o2AZF/cvICO/NnWjpm2UI56gb14J4CtusvwDD8lek8MD+KQ+TQ /5T6JXtOkr8+BzkXna0e6/eqKqcxC34Kh2WuA2JsoUTkSDnK0UmPnP3ENfGnY6Uo SRlNfnuob0ebiLjC8DLN =ydGd -END PGP SIGNATURE- -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] com php-src: Merge branch '5.4': ext/openssl/openssl.c
I checked with Stas and he said ok for 5.4. On 12 Jun 2012, at 06:08, David Soria Parra dso...@gmx.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stas did you ACK that change? It seems rather intrusive and I am not sure if we want that in a minor version just 24 h before releasing. can we solve that before tagging 5.4.4? thx On Tue, Jun 12, 2012 at 1:04 AM, Scott MacVicar scott...@php.net wrote: Commit:bcd671d999bcb9aac3691c59e632d91575ea87a0 Author: Scott MacVicar scott...@php.net Mon, 11 Jun 2012 16:04:01 -0700 Parents: aadf59dfa4be09147671de33786dc157716705df bccd1e672fabc3c788e93075221d47d9f077b167 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bcd671d999bcb9aac3691c59e632d91575ea87a0 Log: Merge branch '5.4' * 5.4: Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. Add PBKDF2 support via openssl() Conflicts: ext/openssl/openssl.c Changed paths: MM ext/openssl/openssl.c Diff: diff --cc ext/openssl/openssl.c index f7db37b,4d482e8..d0ed15e --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@@ -3328,6 -3332,7 +3328,10 @@@ PHP_FUNCTION(openssl_pkey_get_details /* }}} */ #if OPENSSL_VERSION_NUMBER = 0x1000L ++ HEAD ++=== + ++ 5.4 /* {{{ proto string openssl_pbkdf2(string password, string salt, long key_length, long iterations [, string digest_method = sha1]) Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */ PHP_FUNCTION(openssl_pbkdf2) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP1z9hAAoJEKSanlo0ToXKTUMQAJH9+HTUMRuRGfHk6dvdK+3j d+fc447uDlNlxcMttgui1NDe7QdjDEkaKWFaKPvv6GIVTPYY4zzHM62okIzx+6V3 lzwbzRUCsER+9p1LD2pbIDNyxCbpenIeI6M1mLP5KfxFnsBx61ok0QghzKBjnnUQ Ci0IF8Ns5B5oj1Kmi5fqMrvgVNV1lRS0RjyiOGh0CyY+IYM1qqJ1VlrZ3LqyDb7s T+xx2MTpfvcyKSFHK1hEmooxYsReikqakJ5yC87k4jVAmSNDpuLDaibnUo/5o0aq 3ZRA8EoBUIeC+Ty0JF9MN+osZVmdD7cMd6q7h0e76HNupW/La2mdbKpQRy80P40N iH1v4HAX+N4k9Ut8bIjbViswWnEqoE/EY5ZSeLdYgR+W6J+R4abPfjR1I4KdLoCH /APyFwpcjGtErlaAPT8Z3iE+eelQ7a92WLz+yVWG70Qq8EG7HBV2234yTYJAsRlw GGDUMgGkmNxh+yCHyNGVqF8bO6Z4ghpUsz031pNhGRYlZrFFko5m9Is6VJsSN+g5 nNqi6xzdnCfVN5o2AZF/cvICO/NnWjpm2UI56gb14J4CtusvwDD8lek8MD+KQ+TQ /5T6JXtOkr8+BzkXna0e6/eqKqcxC34Kh2WuA2JsoUTkSDnK0UmPnP3ENfGnY6Uo SRlNfnuob0ebiLjC8DLN =ydGd -END PGP SIGNATURE- -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] com php-src: Merge branch '5.4': ext/openssl/openssl.c
On Tue, Jun 12, 2012 at 4:50 PM, Scott MacVicar sc...@macvicar.net wrote: I checked with Stas and he said ok for 5.4. Make it public next time. RFC says no new feature but very very small ones. RMs apply this rule. -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: add CVE: NEWS
Commit:f8cc363841ecd126c0c43f2773e4d85a54b8484c Author:Stanislav Malyshev s...@php.net Tue, 12 Jun 2012 11:18:43 -0700 Parents: bccd1e672fabc3c788e93075221d47d9f077b167 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=f8cc363841ecd126c0c43f2773e4d85a54b8484c Log: add CVE Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index b91b5d7..4950763 100644 --- a/NEWS +++ b/NEWS @@ -7,8 +7,8 @@ PHP NEWS crash during execution). (Dmitry) . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon). (Pierrick) - . Fixed potential overflow in _php_stream_scandir. (Jason Powell, -Stas) + . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). +(Jason Powell, Stas) - EXIF: . Fixed information leak in ext exif (discovered by Martin Noga, -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] com php-src: Merge branch '5.4': ext/openssl/openssl.c
Hi! I checked with Stas and he said ok for 5.4. Looks like there's a disagreement about this one and whether it should be in hash or openssl, so I'll revert this for now from 5.4 and after we discuss it on internals and decide where we want it, we'll decide where it goes. Sorry for misunderstanding. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Revert Add PBKDF2 support via openssl(): ext/openssl/openssl.c ext/openssl/php_openssl.h ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt
Commit:c7be96b08fb457f8a2b4e2a64f59437b230886c1 Author:Stanislav Malyshev s...@php.net Tue, 12 Jun 2012 11:22:49 -0700 Parents: a2bfad051df022058f19afc5f09fd835cbbcf145 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=c7be96b08fb457f8a2b4e2a64f59437b230886c1 Log: Revert Add PBKDF2 support via openssl() This reverts commit b5b8ea1050837fba5a6cee55e41b4574ed64158e. Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now. Changed paths: M ext/openssl/openssl.c M ext/openssl/php_openssl.h D ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt Diff: diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 28f7618..7187a96 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -242,16 +242,6 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_get_details, 0) ZEND_ARG_INFO(0, key) ZEND_END_ARG_INFO() -#if OPENSSL_VERSION_NUMBER = 0x1000L -ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs5_pbkdf2_hmac, 0, 0, 4) -ZEND_ARG_INFO(0, password) -ZEND_ARG_INFO(0, salt) -ZEND_ARG_INFO(0, key_length) -ZEND_ARG_INFO(0, iterations) -ZEND_ARG_INFO(0, digest_algorithm) -ZEND_END_ARG_INFO() -#endif - ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs7_verify, 0, 0, 2) ZEND_ARG_INFO(0, filename) ZEND_ARG_INFO(0, flags) @@ -438,10 +428,6 @@ const zend_function_entry openssl_functions[] = { PHP_FE(openssl_seal,arginfo_openssl_seal) PHP_FE(openssl_open,arginfo_openssl_open) -#if OPENSSL_VERSION_NUMBER = 0x1000L - PHP_FE(openssl_pkcs5_pbkdf2_hmac, arginfo_openssl_pkcs5_pbkdf2_hmac) -#endif - /* for S/MIME handling */ PHP_FE(openssl_pkcs7_verify,arginfo_openssl_pkcs7_verify) PHP_FE(openssl_pkcs7_decrypt, arginfo_openssl_pkcs7_decrypt) @@ -3331,57 +3317,6 @@ PHP_FUNCTION(openssl_pkey_get_details) /* }}} */ -#if OPENSSL_VERSION_NUMBER = 0x1000L - -/* {{{ proto string openssl_pkcs5_pbkdf2_hmac(string password, string salt, long key_length, long iterations [, string digest_method = sha1]) - Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */ -PHP_FUNCTION(openssl_pkcs5_pbkdf2_hmac) -{ - long key_length = 0, iterations = 0; - char *password; int password_len; - char *salt; int salt_len; - char *method; int method_len = 0; - unsigned char *out_buffer; - - const EVP_MD *digest; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ssll|s, - password, password_len, - salt, salt_len, - key_length, iterations, - method, method_len) == FAILURE) { - return; - } - - if (key_length = 0) { - RETURN_FALSE; - } - - if (method_len) { - digest = EVP_get_digestbyname(method); - } else { - digest = EVP_sha1(); - } - - if (!digest) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown signature algorithm); - RETURN_FALSE; - } - - out_buffer = emalloc(key_length + 1); - out_buffer[key_length] = '\0'; - - if (PKCS5_PBKDF2_HMAC(password, password_len, (unsigned char *)salt, salt_len, iterations, digest, key_length, out_buffer) == 1) { - RETVAL_STRINGL((char *)out_buffer, key_length, 0); - } else { - efree(out_buffer); - RETURN_FALSE; - } -} -/* }}} */ - -#endif - /* {{{ PKCS7 S/MIME functions */ /* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts [, string content) diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h index 0dbe7d2..fc118db 100644 --- a/ext/openssl/php_openssl.h +++ b/ext/openssl/php_openssl.h @@ -52,8 +52,6 @@ PHP_FUNCTION(openssl_private_decrypt); PHP_FUNCTION(openssl_public_encrypt); PHP_FUNCTION(openssl_public_decrypt); -PHP_FUNCTION(openssl_pkcs5_pbkdf2_hmac); - PHP_FUNCTION(openssl_pkcs7_verify); PHP_FUNCTION(openssl_pkcs7_decrypt); PHP_FUNCTION(openssl_pkcs7_sign); diff --git a/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt b/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt deleted file mode 100644 index af1fcb1..000 --- a/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt +++ /dev/null @@ -1,26 +0,0 @@ ---TEST-- -openssl_pkcs5_pbkdf2_hmac() tests ---SKIPIF-- -?php if (!extension_loaded(openssl) || !function_exists(openssl_pkcs5_pbkdf2_hmac)) print skip; ? ---FILE-- -?php -// official test vectors -var_dump(bin2hex(openssl_pkcs5_pbkdf2_hmac('password', 'salt', 20, 1))); -var_dump(bin2hex(openssl_pkcs5_pbkdf2_hmac('password', 'salt', 20, 2))); -var_dump(bin2hex(openssl_pkcs5_pbkdf2_hmac('password', 'salt', 20, 4096))); - -/* really slow but should be: -string(40)
[PHP-CVS] com php-src: Revert Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell.: ext/openssl/CREDITS ext/openssl/openssl.c ext/openssl/php_openssl.h ext/openssl/tests/
Commit:a2bfad051df022058f19afc5f09fd835cbbcf145 Author:Stanislav Malyshev s...@php.net Tue, 12 Jun 2012 11:21:54 -0700 Parents: f8cc363841ecd126c0c43f2773e4d85a54b8484c Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=a2bfad051df022058f19afc5f09fd835cbbcf145 Log: Revert Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. This reverts commit bccd1e672fabc3c788e93075221d47d9f077b167. Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now. Changed paths: M ext/openssl/CREDITS M ext/openssl/openssl.c M ext/openssl/php_openssl.h D ext/openssl/tests/openssl_pbkdf2.phpt A ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt Diff: diff --git a/ext/openssl/CREDITS b/ext/openssl/CREDITS index b685ce1..c2f50d6 100644 --- a/ext/openssl/CREDITS +++ b/ext/openssl/CREDITS @@ -1,2 +1,2 @@ OpenSSL -Stig Venaas, Wez Furlong, Sascha Kettler, Scott MacVicar +Stig Venaas, Wez Furlong, Sascha Kettler diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 4d482e8..28f7618 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -243,7 +243,7 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_get_details, 0) ZEND_END_ARG_INFO() #if OPENSSL_VERSION_NUMBER = 0x1000L -ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pbkdf2, 0, 0, 4) +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs5_pbkdf2_hmac, 0, 0, 4) ZEND_ARG_INFO(0, password) ZEND_ARG_INFO(0, salt) ZEND_ARG_INFO(0, key_length) @@ -439,7 +439,7 @@ const zend_function_entry openssl_functions[] = { PHP_FE(openssl_open,arginfo_openssl_open) #if OPENSSL_VERSION_NUMBER = 0x1000L - PHP_FE(openssl_pbkdf2, arginfo_openssl_pbkdf2) + PHP_FE(openssl_pkcs5_pbkdf2_hmac, arginfo_openssl_pkcs5_pbkdf2_hmac) #endif /* for S/MIME handling */ @@ -,9 +,9 @@ PHP_FUNCTION(openssl_pkey_get_details) #if OPENSSL_VERSION_NUMBER = 0x1000L -/* {{{ proto string openssl_pbkdf2(string password, string salt, long key_length, long iterations [, string digest_method = sha1]) +/* {{{ proto string openssl_pkcs5_pbkdf2_hmac(string password, string salt, long key_length, long iterations [, string digest_method = sha1]) Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */ -PHP_FUNCTION(openssl_pbkdf2) +PHP_FUNCTION(openssl_pkcs5_pbkdf2_hmac) { long key_length = 0, iterations = 0; char *password; int password_len; diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h index 2de211a..0dbe7d2 100644 --- a/ext/openssl/php_openssl.h +++ b/ext/openssl/php_openssl.h @@ -52,7 +52,7 @@ PHP_FUNCTION(openssl_private_decrypt); PHP_FUNCTION(openssl_public_encrypt); PHP_FUNCTION(openssl_public_decrypt); -PHP_FUNCTION(openssl_pbkdf2); +PHP_FUNCTION(openssl_pkcs5_pbkdf2_hmac); PHP_FUNCTION(openssl_pkcs7_verify); PHP_FUNCTION(openssl_pkcs7_decrypt); diff --git a/ext/openssl/tests/openssl_pbkdf2.phpt b/ext/openssl/tests/openssl_pbkdf2.phpt deleted file mode 100644 index 3ec4dce..000 --- a/ext/openssl/tests/openssl_pbkdf2.phpt +++ /dev/null @@ -1,26 +0,0 @@ ---TEST-- -openssl_pbkdf2() tests ---SKIPIF-- -?php if (!extension_loaded(openssl) || !function_exists(openssl_pbkdf2)) print skip; ? ---FILE-- -?php -// official test vectors -var_dump(bin2hex(openssl_pbkdf2('password', 'salt', 20, 1))); -var_dump(bin2hex(openssl_pbkdf2('password', 'salt', 20, 2))); -var_dump(bin2hex(openssl_pbkdf2('password', 'salt', 20, 4096))); - -/* really slow but should be: -string(40) eefe3d61cd4da4e4e9945b3d6ba2158c2634e984 -var_dump(bin2hex(openssl_pbkdf2('password', 'salt', 20, 16777216))); -*/ - -var_dump(bin2hex(openssl_pbkdf2('passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 25, 4096))); -var_dump(bin2hex(openssl_pbkdf2(pass\0word, sa\0lt, 16, 4096))); - -? ---EXPECTF-- -string(40) 0c60c80f961f0e71f3a9b524af6012062fe037a6 -string(40) ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957 -string(40) 4b007901b765489abead49d926f721d065a429c1 -string(50) 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038 -string(32) 56fa6aa75548099dcc37d7f03425e0c3 diff --git a/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt b/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt new file mode 100644 index 000..af1fcb1 --- /dev/null +++ b/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt @@ -0,0 +1,26 @@ +--TEST-- +openssl_pkcs5_pbkdf2_hmac() tests +--SKIPIF-- +?php if (!extension_loaded(openssl) || !function_exists(openssl_pkcs5_pbkdf2_hmac)) print skip; ? +--FILE-- +?php +// official test vectors +var_dump(bin2hex(openssl_pkcs5_pbkdf2_hmac('password', 'salt', 20, 1))); +var_dump(bin2hex(openssl_pkcs5_pbkdf2_hmac('password', 'salt', 20, 2))); +var_dump(bin2hex(openssl_pkcs5_pbkdf2_hmac('password', 'salt', 20, 4096))); + +/* really slow but should be: +string(40) eefe3d61cd4da4e4e9945b3d6ba2158c2634e984 +var_dump(bin2hex(openssl_pkcs5_pbkdf2_hmac('password', 'salt', 20, 16777216)));
[PHP-CVS] com php-src: re-add 61755 to NEWS: NEWS
Commit:79e44c394fe34c4c902b8a25ffac27a178ab5211 Author:Stanislav Malyshev s...@php.net Tue, 12 Jun 2012 11:53:24 -0700 Parents: c7be96b08fb457f8a2b4e2a64f59437b230886c1 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=79e44c394fe34c4c902b8a25ffac27a178ab5211 Log: re-add 61755 to NEWS Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 4950763..dfad253 100644 --- a/NEWS +++ b/NEWS @@ -112,6 +112,10 @@ PHP NEWS set to null). (Anatoliy) . Changed php://fd to be available only for CLI. +- PDO: + . Fixed bug #61755 (A parsing bug in the prepared statements can lead to +access violations). (Johannes) + - Phar: . Fix bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: re-add 61755 to NEWS: NEWS
Commit:f0d6059389c0d00e6fa4a890b69d422aab8c3b0d Author:Stanislav Malyshev s...@php.net Tue, 12 Jun 2012 11:49:35 -0700 Parents: f464ffd78046d31eb4bbd6d44dced3cd39d12c69 Branches: PHP-5.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=f0d6059389c0d00e6fa4a890b69d422aab8c3b0d Log: re-add 61755 to NEWS Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 380979b..0541499 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,10 @@ PHP NEWS pattern). (Gustavo) . Fixed bug #60785 (memory leak in IntlDateFormatter constructor). (Gustavo) +- PDO: + . Fixed bug #61755 (A parsing bug in the prepared statements can lead to +access violations). (Johannes) + - Phar: . Fixed bug #62227 (Invalid phar stream path causes crash). (Felipe) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: merge NEWS, add #61755: NEWS
Commit:d939ce5d1bcd6cc9dd4454642f76efc744ae9fa0 Author:Stanislav Malyshev s...@php.net Tue, 12 Jun 2012 11:59:02 -0700 Parents: 4c3575fa02da6ad8bd69fb59b57b0755363e8039 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=d939ce5d1bcd6cc9dd4454642f76efc744ae9fa0 Log: merge NEWS, add #61755 Bugs: https://bugs.php.net/61755 Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index d21e44d..c4e6279 100644 --- a/NEWS +++ b/NEWS @@ -1,18 +1,6 @@ PHPNEWS ||| -30 May 2012, PHP 5.4.4 RC2 -- COM: - . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) - -- Core: - . Fixed CVE-2012-2143. (Solar Designer) - . Fixed bug #62097 (fix for for bug #54547). (Gustavo) - -- Intl: - . Fixed bug #62082 (Memory corruption in internal function -get_icu_disp_value_src_php()). (Gustavo) - -17 May 2012, PHP 5.4.4 RC1 +14 Jun 2012, PHP 5.4.4 - CLI Server: . Implemented FR #61977 (Need CLI web-server support for files with .htm @@ -23,12 +11,13 @@ PHP NEWS . Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi). (Laruence, reeze@gmail.com) -- CURL: - . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). -(Laruence) +- COM: + . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) - Core: . Fixed missing bound check in iptcparse(). (chris at chiappa.net) + . Fixed CVE-2012-2143. (Solar Designer) + . Fixed bug #62097 (fix for for bug #54547). (Gustavo) . Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object). (Laruence) . Fixed bug #61978 (Object recursion not detected for classes that implement @@ -54,6 +43,18 @@ PHP NEWS set to null). (Anatoliy) . Changed php://fd to be available only for CLI. +- CURL: + . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). +(Laruence) + +- Intl: + . Fixed bug #62082 (Memory corruption in internal function +get_icu_disp_value_src_php()). (Gustavo) + +- PDO: + . Fixed bug #61755 (A parsing bug in the prepared statements can lead to +access violations). (Johannes) + - Phar: . Fix bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: 5.4.4: configure.in main/php_version.h
Commit:e961c76a0bf81dbf7322fbd87fafc0642b6bef62 Author:Stanislav Malyshev s...@php.net Tue, 12 Jun 2012 21:54:23 -0700 Parents: d939ce5d1bcd6cc9dd4454642f76efc744ae9fa0 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e961c76a0bf81dbf7322fbd87fafc0642b6bef62 Log: 5.4.4 Changed paths: M configure.in M main/php_version.h Diff: diff --git a/configure.in b/configure.in index 1642737..32ebde1 100644 --- a/configure.in +++ b/configure.in @@ -120,7 +120,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=4 -PHP_EXTRA_VERSION=-RC2 +PHP_EXTRA_VERSION= PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 7127f60..4f95346 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 4 -#define PHP_EXTRA_VERSION -RC2 -#define PHP_VERSION 5.4.4-RC2 +#define PHP_EXTRA_VERSION +#define PHP_VERSION 5.4.4 #define PHP_VERSION_ID 50404 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] tag php-src: create tag php-5.4.4
Tag php-5.4.4 in php-src.git was created Tag: 0b90e0277aa760ccfdd9537eb09c8cc143afe1c5 Tagger: Stanislav Malyshevs...@php.net Tue Jun 12 22:18:26 2012 -0700 Log: 5.4.4 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iF4EABEIAAYFAk/YIqUACgkQL3lWvF2gS12JQQD/XVZ+M1ti/wtnEmqaUw34yirE BoqnquQlTnJAYtZezlwA/RYTtkDaw9IqaBtLMrRHU788hdHCCVBA/lhJD9mfKQCi =JqSV -END PGP SIGNATURE- Link: http://git.php.net/?p=php-src.git;a=tag;h=0b90e0277aa760ccfdd9537eb09c8cc143afe1c5 Target: e961c76a0bf81dbf7322fbd87fafc0642b6bef62 Author: Stanislav Malyshev s...@php.net Tue, 12 Jun 2012 21:54:23 -0700 Parents: d939ce5d1bcd6cc9dd4454642f76efc744ae9fa0 Target link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e961c76a0bf81dbf7322fbd87fafc0642b6bef62 Target log: 5.4.4 Changed paths: M configure.in M main/php_version.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php