Package: php5 Version: 5.1.6-6 Severity: wishlist Tags: patch Hi,
please consider including the suhosin patch: http://www.hardened-php.net/suhosin/index.html Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections. Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer. The patch is available for PHP 5.1.6 and PHP 5.2.0 and is regularily updated for new PHP releases. It's distributed under the PHP License. The Suhosin extension is currently being packaged separately, see ITP#392119. I tried to apply the patch to the 5.1.6-6 debian package (as patch 000-suhosin-patch-0.9.6.patch) and it applied well (without conflicts) except with patch 110, where the suhosin patch seems to implement a different solution, so I just dropped patch 110. So far, I cannot make any report on actually using this. But I'll keep you updated. Thanks, Andreas -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (300, 'unstable'), (30, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-k7 Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]