Suhosin

Support/Development for PHP
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Suhosin

Unread post by Imaging »

The Suhosin extension is up to version 0.9.38:

http://www.suhosin.org/stories/download.html

Mentioning for consideration for an update for the php-suhosin-0.9.37.1-5 package.

Thanks.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8337
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Suhosin

Unread post by scott »

Got it, thanks for the heads up. This is going out to the mirrors right now
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Thanks!
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

We're seeing an error:

error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature BAD, key ID 4520afa9

Problem opening package php-suhosin-0.9.38-6.el5.art.x86_64.rpm

on our CentOS 5.x boxes.

Is header v4 versus v3 compatible with CentOS 5.x?

On our CentOS 6.x boxes, the update installs but the suhosin version is still showing 0.9.36 on the commandline and in phpinfo.
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Any update on the signatures?

Seeing the same error on the mysqltuner package now in the asl repo.

The update to the CentOS 6.x package shows the correct version now so the CentOS 5.x signatures appear to be the only remaining issue.

Thanks.
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Any update?

Can you please resign the php-suhosin (and the recent mysqltuner package) with V3 sigs for the CentOS 5.x packages?

Thanks!
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8337
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Suhosin

Unread post by scott »

How about now? Im not seeing any problems with the suhosin packages on el5-64. I did re-export the php & mysqltuner packages earlier
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Thank you. On a quick check with the mysqltuner package, all is working properly now.
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Scott:

Could you check the suhosin EL5 package again?

On an install attempt for:

php-suhosin-0.9.38-7.el5.art.x86_64.rpm via yum, we are again getting:

error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature BAD, key ID 4520afa9

Thanks.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8337
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Suhosin

Unread post by scott »

That means you're missing the newer GPG key, which is in the atomic-release package. Another way to install it is to run the atomic installer again
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Scott:

Thanks.

As best we can see we have the latest version of the atomic-release package so perhaps not the issue. It appears to be related to the V4 sig versus the V3 on other packages.

To double-check, we did a clean all and we reinstalled atomic-release from the repos which pulled down:

atomic-release-1.0-19.el5.art.noarch.rpm

After that install we tried updating and the packages are still giving the error.
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Per the other thread about resolving the issue, was the php-suhosin package redone? Looking through the wwwX atomic mirrors shows a mod date of October for the latest standalone php-suhosin. The only package of the ones reported that I'm seeing a new mod date is mysql.
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Thanks for posting updated clam packages. Once the php-suhosin packages are updated, we should be good to go.

Thanks.
Imaging
Forum Regular
Forum Regular
Posts: 337
Joined: Sat Sep 25, 2010 2:46 pm

Re: Suhosin

Unread post by Imaging »

Can someone please update the sigs on:

php-suhosin-0.9.38-7.el5.art.i386.rpm
php-suhosin-0.9.38-7.el5.art.x86_64.rpm

for CentOS 5.x so we can hopefully put these sig related issues to bed?

Each is showing:

rpm --checksig php-suhosin-0.9.38-7.el5.art.i386.rpm
RSA sha1 MD5 PGP md5 NOT OK

rpm --checksig php-suhosin-0.9.38-7.el5.art.x86_64.rpm
RSA sha1 MD5 PGP md5 NOT OK

Thank you.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8337
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Suhosin

Unread post by scott »

Re-importing along with the other PHP updates addressing the vulnerabilities in: http://securitytracker.com/id/1034608
Post Reply