The debian devs broke hardened php on their platform by trying to fix a compile time issue.
“The Debian maintainers tried to fix the problem by replacing the aligned suhosin_config variable with a pointer. They then allocate a single memory mapped page and set it to read only. While this fixes the possible crash it shows that the Debian PHP maintainers did not fully understand the idea behind that code.”
I wonder where debian devs take their eternal righteousness. I bet soon we’ll yet again see statements about how the original author confused the package maintainer or some other reason for why debian isn’t at fault, doesn’t have any issues and knows best[tm].