From owner-freebsd-questions@FreeBSD.ORG  Sat Sep 26 17:34:05 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F27231065670
	for <freebsd-questions@freebsd.org>;
	Sat, 26 Sep 2009 17:34:05 +0000 (UTC)
	(envelope-from freebsd-questions@m.gmane.org)
Received: from lo.gmane.org (lo.gmane.org [80.91.229.12])
	by mx1.freebsd.org (Postfix) with ESMTP id AF3848FC19
	for <freebsd-questions@freebsd.org>;
	Sat, 26 Sep 2009 17:34:05 +0000 (UTC)
Received: from list by lo.gmane.org with local (Exim 4.50) id 1Mrb9o-0004o8-Ih
	for freebsd-questions@freebsd.org; Sat, 26 Sep 2009 19:34:04 +0200
Received: from pool-141-156-220-164.res.east.verizon.net ([141.156.220.164])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Sat, 26 Sep 2009 19:34:04 +0200
Received: from nightrecon by pool-141-156-220-164.res.east.verizon.net with
	local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Sat, 26 Sep 2009 19:34:04 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: Michael Powell <nightrecon@hotmail.com>
Followup-To: gmane.os.freebsd.questions
Date: Sat, 26 Sep 2009 13:34:25 -0400
Lines: 17
Message-ID: <h9lj9l$6si$1@ger.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7Bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: pool-141-156-220-164.res.east.verizon.net
Sender: news <news@ger.gmane.org>
Subject: Warning: PHP Update from 5.2.10 to 5.2.11 and FastCGI
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: nightrecon@hotmail.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2009 17:34:06 -0000

Today I did a portupgrade of PHP from 5.2.10 to 5.2.11. 

This broke both lighttpd and Apache web servers, on which I run PHP as 
FastCGI. I do not know if this affects those who use mod_php as I do not use 
it. I use mod_fcgid instead.

Execute php -v at a prompt and it will spew the following and segfault.

testbed suhosin[48982]: ALERT - canary mismatch on efree() - heap overflow 
detected (attacker 'REMOTE_ADDR not set', file 'unknown') 

If you are using FastCGI the workaround is to do make config in lang/php5 
and deselect the Suhosin option. There is something very broken in the 
Suhosin patch as far as CLI and FastCGI is concerned.

-Mike