[php-maint] Bug#397179: php5: consider adding the suhosin patch
Andreas Beckmann
debian at abeckmann.de
Sun Nov 5 17:43:57 CET 2006
Package: php5
Version: 5.1.6-6
Severity: wishlist
Tags: patch
Hi,
please consider including the suhosin patch:
http://www.hardened-php.net/suhosin/index.html
Suhosin is an advanced protection system for PHP installations. It was
designed to protect servers and users from known and unknown flaws in
PHP applications and the PHP core. Suhosin comes in two independent
parts, that can be used separately or in combination. The first part is
a small patch against the PHP core, that implements a few low-level
protections against bufferoverflows or format string vulnerabilities and
the second part is a powerful PHP extension that implements all the
other protections.
Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP
installation, which means it is compatible to 3rd party binary extension
like ZendOptimizer.
The patch is available for PHP 5.1.6 and PHP 5.2.0 and is regularily
updated for new PHP releases. It's distributed under the PHP License.
The Suhosin extension is currently being packaged separately, see
ITP#392119.
I tried to apply the patch to the 5.1.6-6 debian package (as patch
000-suhosin-patch-0.9.6.patch) and it applied well (without conflicts)
except with patch 110, where the suhosin patch seems to implement a
different solution, so I just dropped patch 110.
So far, I cannot make any report on actually using this. But I'll keep
you updated.
Thanks,
Andreas
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (300, 'unstable'), (30, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-k7
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
More information about the pkg-php-maint
mailing list