Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)
Today, when I upgraded my old PC, which is running Debian Testing (currently Debian Wheezy), I was informed of the following: php5 (5.3.9-4) unstable; urgency=low * The Suhosin patch is now disabled in the default build. If you want to re-enable it again for your installation, you can set the option PHP5_SUHOSIN=yes in debian/rules and recompile PHP. -- Ondřej Surý Sat, 28 Jan 2012 08:39:36 +0100 Does anyone know why did the packers decide to reverse the previous policy of installing PHP5 with the Suhosin patch by default? As far as I know, it would be rather inconvenient for a busy sysadmin to re-enable the Suhosin patch in PHP5 and rebuild it. Also, what'll happen if a newer version is released for the package (especially due to newly discovered security vulnerabilities)? --- Omer -- PHP - the language of the Vogons. My own blog is at http://www.zak.co.il/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)
I suspect that digging Debian's usurious tracking site would give you more definitive answers than speculations on a general mailing lists. On Feb 26, 2012 8:42 AM, "Omer Zak" wrote: > Today, when I upgraded my old PC, which is running Debian Testing > (currently Debian Wheezy), I was informed of the following: > > php5 (5.3.9-4) unstable; urgency=low > > * The Suhosin patch is now disabled in the default build. > > If you want to re-enable it again for your installation, you can > set the option PHP5_SUHOSIN=yes in debian/rules and recompile PHP. > > -- Ondřej Surý Sat, 28 Jan 2012 08:39:36 +0100 > > Does anyone know why did the packers decide to reverse the previous > policy of installing PHP5 with the Suhosin patch by default? > > As far as I know, it would be rather inconvenient for a busy sysadmin to > re-enable the Suhosin patch in PHP5 and rebuild it. Also, what'll > happen if a newer version is released for the package (especially due to > newly discovered security vulnerabilities)? > > --- Omer > > > -- > PHP - the language of the Vogons. > My own blog is at http://www.zak.co.il/tddpirate/ > > My opinions, as expressed in this E-mail message, are mine alone. > They do not represent the official policy of any organization with which > I may be affiliated in any way. > WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html > > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
OT: Invitation to help improve Israeli internet [mybroadband]
Hi Linux-il Friends One of the things that I've always felt missing since moving to Israel has been the lack of a place to discuss Israeli internet. Depending on the problem, I usually either use Google and land up on any number of local websites (usually only vaguely related to the topic at hand), or in my case and for the same reasons, I usually post an OT post here on this list, since the people here are the exactly the informed and experienced people I want to hear back from. I will explain the rationale further below, but to jump straight to the point, I am (rather ambitiously) starting a bunch of forums on my MyBroadband.co.il site, here http://mybroadband.co.il/forums/ and would love you to be a part of it. So: 1) Please let me know if something like this already exists and I am wasting my time :) 2) Please feel free to add even just links to relevant existing material on other websites. 3) Please feel free to get involved and add your own material -- go wild. 4) Please feel free to invite anyone else who you feel could contribute, but at this point, no regular users (the idea is that if there is interest, we will first build up a collection of good material before inviting regular users -- if relevant) More info: As mentioned before, my main problem is that this kind of info is dispersed all over the Israeli internet, hard to find and usually on irrelevant websites. I've never been able to find a single site that brings all these kind of discussions together, although I admit my limited Hebrew may have stopped me. The idea is based on a website of the same name and same idea in South Africa, where it has been hugely successful. Even to the extent of the ISPs offering special packages to MyBroadband users there, or responding personally on the forum to accusations, etc. This is way more power than the Israeli consumer currently has, where they are basically all tricked into paying the highest possible amount for their internet package, and generally accept many false promises and poor service from their ISP. Beyond that, I'd also love to create an environment where Israeli internet users can help each other, share experiences, etc, etc. I realize this is also very ambitious, especially since I am not a native language Hebrew speaker, but this is something I felt has been lacking for 10 years and no one else has come to address it (that I'm aware of - again, corrent me if I'm wrong). Obviously the key element is community, and hence my invitation for you to get involved. I'm been a member of this mailing list for about 12 years now I think, and many of you have helped me over the years... in case there is some interest in this project, of course members of this list are eligible to be moderators / admins with suitable investment of time and effort. I'd love to hear your thoughts... if possible on the forum itself, since this is OT, although I do think that a bunch of Linux enthusiasts spearheading this kind of project, would be a very good thing for the Israeli Linux community too :) Gadi P.S. There's a lot of old material on the Wiki part of the site (mostly from 2007) which you can ignore. You might remember the Bank W3C compliance page from back then (I guess I should add a Chrome icon to the list... :)). -- Gadi Cohen aka Kinslayer www.wastelands.net Freelance admin/coding/design HABONIM DROR linux/fantasy enthusiast KeyID 0x93F26EF5: 256A 1FC7 AA2B 6A8F 1D9B 6A5A 4403 F34B 93F2 6EF5 // ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)
I asked on the mailing lists after a quick search in http://bugs.debian.org/ failed to yield results. Now I made more determined search and found the following: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657698 Accoding to it, there are problems with the Suhosin patch and human resources needed to deal with the problems are missing. It is a case of you are doomed if you do, and you are doomed if you don't. At least people need to be aware of this. On Sun, 2012-02-26 at 08:53 +1100, Amos Shapira wrote: > I suspect that digging Debian's usurious tracking site would give you > more definitive answers than speculations on a general mailing lists. > > On Feb 26, 2012 8:42 AM, "Omer Zak" wrote: > Today, when I upgraded my old PC, which is running Debian > Testing > (currently Debian Wheezy), I was informed of the following: > > php5 (5.3.9-4) unstable; urgency=low > > * The Suhosin patch is now disabled in the default build. > > If you want to re-enable it again for your installation, you > can > set the option PHP5_SUHOSIN=yes in debian/rules and recompile > PHP. > > -- Ondřej Surý Sat, 28 Jan 2012 08:39:36 > +0100 > > Does anyone know why did the packers decide to reverse the > previous > policy of installing PHP5 with the Suhosin patch by default? > > As far as I know, it would be rather inconvenient for a busy > sysadmin to > re-enable the Suhosin patch in PHP5 and rebuild it. Also, > what'll > happen if a newer version is released for the package > (especially due to > newly discovered security vulnerabilities)? -- PHP - the language of the Vogons. My own blog is at http://www.zak.co.il/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)
Well, as a new member on the Debian PHP team I could say that maintaining the patch took a lot of time. Each reported PHP problem was needed to understand whether it's because of the patch or not. Also, the upstream for the patch isn't very nice/cooperative so we decided to skip it. Another issue is having future versions support, as (AFAIK) there's not PHP 5.4 version of the patch, which is a problem as we we work towards uploading it as soon as it becomes an official version. Kaplan On Sat, Feb 25, 2012 at 11:21 PM, Omer Zak wrote: > Today, when I upgraded my old PC, which is running Debian Testing > (currently Debian Wheezy), I was informed of the following: > > php5 (5.3.9-4) unstable; urgency=low > > * The Suhosin patch is now disabled in the default build. > > If you want to re-enable it again for your installation, you can > set the option PHP5_SUHOSIN=yes in debian/rules and recompile PHP. > > -- Ondřej Surý Sat, 28 Jan 2012 08:39:36 +0100 > > Does anyone know why did the packers decide to reverse the previous > policy of installing PHP5 with the Suhosin patch by default? > > As far as I know, it would be rather inconvenient for a busy sysadmin to > re-enable the Suhosin patch in PHP5 and rebuild it. Also, what'll > happen if a newer version is released for the package (especially due to > newly discovered security vulnerabilities)? > > --- Omer > > > -- > PHP - the language of the Vogons. > My own blog is at http://www.zak.co.il/tddpirate/ > > My opinions, as expressed in this E-mail message, are mine alone. > They do not represent the official policy of any organization with which > I may be affiliated in any way. > WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html > > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)
Hi Omer,
On Sat, Feb 25, 2012 at 11:21:38PM +0200, Omer Zak wrote:
> Today, when I upgraded my old PC, which is running Debian Testing
> (currently Debian Wheezy), I was informed of the following:
>
> php5 (5.3.9-4) unstable; urgency=low
>
> * The Suhosin patch is now disabled in the default build.
>
> If you want to re-enable it again for your installation, you can
> set the option PHP5_SUHOSIN=yes in debian/rules and recompile PHP.
>
> -- Ondřej Surý Sat, 28 Jan 2012 08:39:36 +0100
>
> Does anyone know why did the packers decide to reverse the previous
> policy of installing PHP5 with the Suhosin patch by default?
See http://lwn.net/Articles/479716/ for the full story.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}ooO--U--Ooo{=
- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
