suhosin-0.9.21 was released yesterday (0 day, zomg ;)). We should get it in the tree as soon as possible as it fixes the regression regarding .htaccess which prevented us from requesting stabilization for anything newer than 0.9.18. ChangeLog: * Fixed function_exists() now checks the Suhosin permissions * Fixed crypt() salt no longer uses Blowfish by default * Fixed .htaccess/perdir support * Fixed compilation problem on OS/X * Added protection against some attacks through _SERVER variables * Added suhosin.server.strip and suhosin.server.encode * Added error message that warns about the LFS binary incompatibility Feel free to bump it, I won't have time until next week.
Just renaming the ebuild to suhosin-0.9.21.ebuild in an overlay and doing ebuild suhosin-0.9.21.ebuild digest && ebuild suhosin-0.9.21.ebuild merge worked fine. I tried with PHP 5.2.5 from portage. phpinfo() shows the suhosin options, everyhing looks ok. I'm on x86. Would be cool to see it in portage :)
While looking around at hardened-php I noticed there is already Version 0.9.22 out which fixes a critical bug with the "LFS warning message". http://www.hardened-php.net/suhosin/changelog.html 0.9.22 also runs well here.
Thanks for the update, Craig. I'll add it Wednesday evening if nobody else has done it by then (I'm busy doing school work until then).
Committed to the tree. Also committed dev-php4/suhosin, but haven't tested it at all.
