I am building a custom PHP rpm for PHP 5.3.8. Unfortunately, suhosin's download site does not have a 0.9.10 5.3.8 patch while they do for 5.3.7 (http://www.hardened-php.net/suhosin/download.html).
Looking at PHP.net's changelog for 5.3.7, extremely little changed in 5.3.8, mostly fixes for some issue in 5.3.7. Does anyone know if it would be safe to deploy a 5.3.7 suhosin patch to 5.3.8 seeing the two PHP builds are so similar?
I see some distros like CentOS have a PHP 5.3.8 package with suhosin patch 0.9.10, so I am assuming they've managed to make it work somehow.
Cheers,
Tim
Yes, it should be safe. 5.3.8 fixed only two issues in 5.3.7 (a crypt and a mysqlnd+ssl problem).
But you should reconsider applying the Suhosin patch. Nowadays there is little necessity for it, as the important changes are already in PHP itself.