centos7.6环境编译安装php-7.2.24修复最新 CVE-2019-11043 漏洞
先编译安装php-7.2.24,然后编译安装扩展
主版本地址地址:https://www.php.net/distributions/php-7.2.24.tar.gz
# 编译 php-7.2.24 参数
./configure --prefix=/usr/local/php-7.2.24_fpm --with-config-file-path=/usr/local/php-7.2.24_fpm/etc --with-openssl=/usr/local/lab/openssl-1.0.2p --with-libxml-dir=/usr --with-zlib-dir=/usr/local/lab/zlib-1.2.11 --with-bz2 --enable-calendar --with-curl=/usr/local/lab/curl-7.36.0 --enable-dba --enable-exif --enable-ftp --with-jpeg-dir=/usr/local/lab/jpeg-9b --with-png-dir=/usr/local/lab/libpng-1.6.10/ --with-freetype-dir=/usr/local/lab/freetype-2.5.4 --with-gd=/usr/local/lab/libgd-2.1.1 --with-gettext --enable-mbstring --with-ldap=/usr/local/openldap-2.4.23 --with-mcrypt=/usr/local/lab/libmcrypt-2.5.8_php7.2 --with-mhash=/usr/local/lab/mhash-0.9.9.9 --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-unixODBC=/usr/local/lab/unixODBC-2.3.2 --with-pdo-dblib=/usr/local/lab/freetds-0.92 --enable-zip --with-iconv-dir=/usr/local/lab/libiconv-1.14 --with-fpm-user=apache --with-fpm-group=users --enable-fpm --with-xmlrpc --enable-soap --enable-mbregex --enable-opcache --enable-inline-optimization --enable-xml --enable-sockets --disable-debug --enable-pcntl --enable-shmop
# make && make install
注意:在centos7上编译的php-7.2.24程序,直接拷贝到centos6中无法运行,提示缺少一些组件,需要升级glibc和gcc等底层的软件,建议不要升级glibc和gcc可能引发其他应用故障,如果是centos6,直接在centos6中编译后运行
扩展包的下载地址:
http://pecl.php.net/package-stats.php
# openssl的编译(经过测试1.1.10i 这个版本问题太多,舍弃,使用1.0.2p)
cd /usr/local/src && wget https://www.openssl.org/source/openssl-1.1.0i.tar.gz --no-check-certificate
tar -xzf /usr/local/lab/openssl-1.1.0i.tar.gz
cd /usr/local/lab/openssl-1.1.0i
./config --prefix=/usr/local/lab/openssl-1.1.0i
make && make install
# openssl-OpenSSL_1_0_2p编译安装
unzip openssl-OpenSSL_1_0_2p.zip
cd openssl-OpenSSL_1_0_2p
./config --prefix=/usr/local/lab/openssl-1.0.2p
make && make install
wget https://www.openssl.org/source/openssl-1.0.2p.tar.gz
./config --prefix=/usr/local/lab/openssl-1.0.2p/openssl-1.0.2p
###event安装记录
wget http://pecl.php.net/get/event-2.4.2.tgz
tar -zxf event-2.4.2.tgz
cd event-2.4.2
/usr/local/php/bin/phpize
./configure --with-event-core --with-event-extra --enable-event-debug --with-php-config=/usr/local/php/bin/php-config
make && make install
# zlib编译
cd /usr/local/src && wget http://www.zlib.net/zlib-1.2.11.tar.gz
tar -xvzf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/lab/zlib-1.2.11
make && make install
# 安装jpeg
#wget:http://ftp.gnu.org/gnu/libtool/libtool-2.2.6a.tar.gz
tar -zxf libtool-2.2.6a.tar.gz -C /usr/local/lab
cd /usr/local/lab/libtool-2.2.6
./configure
make && make install
然后进入jpeg-6b的源码目录,然后执行以下步骤,切记!COPY到当前目录注意后面的点(.)
网上好多都把config.sub和config.guess的路径弄错了,应该是在/usr/share/libtool/config/下,而不是在
/usr/share/libtool/下
cd jpeg
cp /usr/share/libtool/config/config.sub .
cp /usr/share/libtool/config/config.guess .
mkdir -p /usr/local/libjpeg-6b/bin
mkdir -p /usr/local/libjpeg-6b/lib
mkdir -p /usr/local/libjpeg-6b/man/man1
./configure --prefix=/usr/local/libjpeg-6b --enable-shared --enable-static
make && make install
# 安装freetype2.5.4
mkdir -p /usr/local/lab/freetype-2.5.4/include/freetype2/config
mkdir -p /usr/local/lab/freetype-2.5.4/include/freetype2/freetype/config
./configure --prefix=/usr/local/lab/freetype-2.5.4
make && make install
# php7.2安装mcrypt
tar -zxf mcrypt-1.0.1.tgz
cd mcrypt-1.0.1
# 在mcrypt-1.0.1目录下执行phpize命令,会生成configure命令
[root@ws_compile-release:/usr/local/src/mcrypt-1.0.1]# /usr/local/php-7.2.24_fpm/bin/phpize
Configuring for:
PHP Api Version: 20170718
Zend Module Api No: 20170718
Zend Extension Api No: 320170718
./configure --with-php-config=/usr/local/php-7.2.24_fpm/bin/php-config
make && make install
## Redis扩展
echo "*******************install Redis扩展 start*******************"
cd /usr/local/src && wget http://pecl.php.net/get/redis-4.1.1.tgz
tar -zxvf redis-4.1.1.tgz
cd redis-4.1.1/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
## SeasLog扩展
[root@web01:/usr/local/src]# tar -zxf SeasLog-1.8.6.tgz
[root@web01:/usr/local/src]# cd SeasLog-1.8.6
[root@web01:/usr/local/src/SeasLog-1.8.6]# /usr/local/php-7.2.11_fpm/bin/phpize
Configuring for:
PHP Api Version: 20170718
Zend Module Api No: 20170718
Zend Extension Api No: 320170718
[root@web01:/usr/local/src/SeasLog-1.8.6]# ./configure --with-php-config=/usr/local/php-7.2.11_fpm/bin/php-config
[root@web01:/usr/local/src/SeasLog-1.8.6]# make && make install
### memcached扩展
# 编译安装libmemcached-1.0.18
tar -zxf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
./configure --prefix=/usr/local/lab/libmemcached-1.0.18 --with-memcached
# 安装php-memcached扩展
php使用memcache的扩展有两个,一个memcache,一个memcached,前者比较老,推荐使用第二个,我们这里以第二个为例:
在github上找到适用于php7的分支https://github.com/php-memcached-dev/php-memcached/tree/php7
# 解压
unzip php-memcached-php7.zip
cd php-memcached-php7
# 执行phpize会生成configure文件
/usr/local/php/bin/phpize
# 执行预编译
./configure --enable-memcached --with-php-config=/usr/local/php/bin/php-config --with-libmemcached-dir=/usr/local/lab/libmemcached-1.0.18 --disable-memcached-sasl
make && make install
# 安装rar扩展
tar -zxf rar-4.0.0.tgz
cd rar-4.0.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
# php7.2.24安装swoole扩展
# wget https://github.com/swoole/swoole-src/archive/v4.4.15.tar.gz
# /usr/local/php-7.2.24_fpm/bin/phpize
# ./configure --with-php-config=/usr/local/php-7.2.24_fpm/bin/php-config
# make && make install
# php7.2.24安装swoole扩展,并且开启ssl
cd /usr/local/src/
wget https://github.com/swoole/swoole-src/archive/v4.5.7.tar.gz
tar xf v4.5.7.tar.gz
cd /usr/local/src/swoole-src-4.5.7
/usr/local/php-7.2.24_fpm/bin/phpize
./configure --enable-openssl --enable-http2 --with-php-config=/usr/local/php-7.2.24_fpm/bin/php-config
make && make install
####安装zmq扩展
1.到zeromq官网查看版本信息:http://zeromq.org/intro:get-the-software
2.Linux服务器跟目录下依次执行以下命令:
wget https://github.com/zeromq/libzmq/releases/download/v4.2.2/zeromq-4.2.5.tar.gz
tar zxvf zeromq-4.2.5.tar.gz
cd zeromq-4.2.5
./configure
make
make install
3.切回根目录,执行以下步骤:
下载https://codeload.github.com/mkoppanen/php-zmq/zip/master/php-zmq-master.zip
unzip php-zmq-master.zip
cd php-zmq-master
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
# 编辑php配置文件,在最后面加入
# vim /usr/local/php/etc/php.ini
extension=zmq.so
# 编辑php.ini文件添加扩展,并重启php-fpm
extension=rar.so
extension=memcache.so
extension=memcached.so
extension=redis.so
extension=seaslog.so
extension=pcntl.so
extension=rar.so
extension=mcrypt.so
###编译安装bcmath
1.进入PHP源码包目录下的ext/bcmath目录
2.执行phpize命令,phpize命令在PHP安装目录的bin目录下,如 /usr/local/php/bin/phpize
3.执行./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
####安装 amqp扩展
# 安装前要先安装rabbitmq-c
wget -c https://github.com/alanxz/rabbitmq-c/releases/download/v0.8.0/rabbitmq-c-0.8.0.tar.gz
tar zxf rabbitmq-c-0.8.0.tar.gz
cd rabbitmq-c-0.8.0
./configure --prefix=/usr/local/rabbitmq-c-0.8.0
make && make install
# 安装amqp
tar zxf amqp-1.9.3.tgz
cd amqp-1.9.3
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-amqp --with-librabbitmq-dir=/usr/local/rabbitmq-c-0.8.0
make && make install
# 安装amqp的时候报错:
cc -I. -I/usr/local/src/amqp-1.9.3 -DPHP_ATOM_INC -I/usr/local/src/amqp-1.9.3/include -I/usr/local/src/amqp-1.9.3/main -I/usr/local/src/amqp-1.9.3 -I/usr/local/php-7.2.11_fpm/include/php -I/usr/local/php-7.2.11_fpm/include/php/main -I/usr/local/php-7.2.11_fpm/include/php/TSRM -I/usr/local/php-7.2.11_fpm/include/php/Zend -I/usr/local/php-7.2.11_fpm/include/php/ext -I/usr/local/php-7.2.11_fpm/include/php/ext/date/lib -I/usr/local/rabbitmq-c-0.8.0//include -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/amqp-1.9.3/amqp_connection_resource.c -fPIC -DPIC -o .libs/amqp_connection_resource.o
/usr/local/src/amqp-1.9.3/amqp_connection_resource.c:45:29: error: amqp_ssl_socket.h: No such file or directory
/usr/local/src/amqp-1.9.3/amqp_connection_resource.c: In function ‘connection_resource_constructor’:
/usr/local/src/amqp-1.9.3/amqp_connection_resource.c:409: warning: assignment makes pointer from integer without a cast
make: *** [amqp_connection_resource.lo] Error 1
解决:
参考:https://github.com/alanxz/rabbitmq-c/issues/463
[root@sz_xx_cmsby01_11_99:/usr/local/src/amqp-1.9.3]# find /usr/local -name amqp_ssl_socket.h
/usr/local/src/rabbitmq-c-0.8.0/librabbitmq/amqp_ssl_socket.h
[root@sz_xx_cmsby01_11_99:/usr/local/src/amqp-1.9.3]# cp /usr/local/src/rabbitmq-c-0.8.0/librabbitmq/amqp_ssl_socket.h ./
# 重新make && make install 即可
# 安装memcache扩展
unzip pecl-memcache-NON_BLOCKING_IO_php7.zip
cd pecl-memcache-NON_BLOCKING_IO_php7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
####### 安装imap扩展
# 安装imap依赖
yum install -y libc-client-devel freetype-devel libcurl-devel libjpeg-turbo-devel openssl-devel libicu-devel libmcrypt-devel
ln -s /usr/lib64/libc-client.so /usr/lib/libc-client.so
cd /usr/local/src && tar -zxf php-7.2.24.tar.gz
cd /usr/local/src/php-7.2.24/ext/imap
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-imap=/usr/lib64 --with-imap-ssl --with-kerberos
make && make install
#####安装mysql扩展
# 下载扩展地址,最上面最新的:http://git.php.net/?p=pecl/database/mysql.git;a=summary
unzip mysql-386776d.zip
cd mysql-386776d
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-mysql=mysqlnd
make && make install
# vim /usr/local/php-7.2.11_fpm/etc/php.ini
extension=mysql.so
#### 安装gmp扩展 php5.6.30为例
/usr/local/php5.6.30/bin/phpize
./configure --with-php-config=/usr/local/php5.6.30/bin/php-config --with-gmp
安装kafka模块
cd /usr/local/src
wget https://sourceforge.net/projects/re2c/files/0.16/re2c-0.16.tar.gz
tar zxf re2c-0.16.tar.gz
cd re2c-0.16
./configure
make && make install
cd /usr/local/src
wget https://github.com/edenhill/librdkafka/archive/v1.5.0.tar.gz
tar xf v1.5.0.tar.gz
cd librdkafka-1.5.0
cd librdkafka
./configure
make && make install
ln -s /usr/local/lib/librdkafka.so.1 /usr/lib/
cd /usr/local/src
wget https://github.com/arnaud-lb/php-rdkafka/archive/4.0.3.tar.gz
tar xf 4.0.3.tar.gz
cd php-rdkafka-4.0.3
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
### 安装php7.2.24版本中自带的扩展intl
一.PHP intl 是国际化扩展,是ICU 库的一个包装器。所以在安装PHP intl扩展前要先安装ICU库,安装ICU库的具体步骤:
mkdir /usr/local/lab/icu
cd /usr/local/lab/icu
wget http://download.icu-project.org/files/icu4c/52.1/icu4c-52_1-src.tgz
tar xf icu4c-52_1-src.tgz
cd icu/source
./configure --prefix=/usr/local/lab/icu
make && make install
安装完毕:
注:icu版本你也可以去官网下载:http://site.icu-project.org/download 。--prefix=/usr/local/icu为icu的安装路径,也可以通过find / -name icu查找。
二.安装扩展intl.so
1。进入php7源码:cd /usr/local/src/php-7.2.24/ext/intl
2。运行:phpize ,找不到命令时,将路径补全:/usr/local/php/bin/phpize(是php的安装路径),出现如下:
[root@ws_compile-release:/usr/local/src/php-7.2.24/ext/intl]# /usr/local/php/bin/phpize
Configuring for:
PHP Api Version: 20170718
Zend Module Api No: 20170718
Zend Extension Api No: 320170718
三。运行配置
./configure --enable-intl --with-icu-dir=/usr/local/lab/icu --with-php-config=/usr/local/php/bin/php-config
make && make install
注:前面路径为icu的安装路径,后面路径为php的安装路径
# 启动脚本
# cat /etc/init.d/php7.24-fpm #! /bin/sh ### BEGIN INIT INFO # Provides: php-fpm # Required-Start: $remote_fs $network # Required-Stop: $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: starts php-fpm # Description: starts the PHP FastCGI Process Manager daemon ### END INIT INFO prefix=/usr/local/php-7.2.24_fpm exec_prefix=${prefix} php_fpm_BIN=${exec_prefix}/sbin/php-fpm php_fpm_CONF=${prefix}/etc/php-fpm.conf php_fpm_PID=${prefix}/var/run/php-fpm.pid php_opts="--fpm-config $php_fpm_CONF --pid $php_fpm_PID" wait_for_pid () { try=0 while test $try -lt 35 ; do case "$1" in 'created') if [ -f "$2" ] ; then try='' break fi ;; 'removed') if [ ! -f "$2" ] ; then try='' break fi ;; esac echo -n . try=`expr $try + 1` sleep 1 done } case "$1" in start) echo -n "Starting php-fpm " $php_fpm_BIN --daemonize $php_opts if [ "$?" != 0 ] ; then echo " failed" exit 1 fi wait_for_pid created $php_fpm_PID if [ -n "$try" ] ; then echo " failed" exit 1 else echo " done" fi ;; stop) echo -n "Gracefully shutting down php-fpm " if [ ! -r $php_fpm_PID ] ; then echo "warning, no pid file found - php-fpm is not running ?" exit 1 fi kill -QUIT `cat $php_fpm_PID` wait_for_pid removed $php_fpm_PID if [ -n "$try" ] ; then echo " failed. Use force-quit" exit 1 else echo " done" fi ;; force-quit) echo -n "Terminating php-fpm " if [ ! -r $php_fpm_PID ] ; then echo "warning, no pid file found - php-fpm is not running ?" exit 1 fi kill -TERM `cat $php_fpm_PID` wait_for_pid removed $php_fpm_PID if [ -n "$try" ] ; then echo " failed" exit 1 else echo " done" fi ;; restart) $0 stop $0 start ;; reload) echo -n "Reload service php-fpm " if [ ! -r $php_fpm_PID ] ; then echo "warning, no pid file found - php-fpm is not running ?" exit 1 fi kill -USR2 `cat $php_fpm_PID` echo " done" ;; *) echo "Usage: $0 {start|stop|force-quit|restart|reload}" exit 1 ;; esac
php.ini配置文件
[root@ws_compile-release:~]# egrep -v '^;|^$' /usr/local/php-7.2.24_fpm/etc/php.ini [PHP] engine = On short_open_tag = On asp_tags = Off precision = 14 y2k_compliance = On output_buffering = 4096 zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = -1 allow_call_time_pass_reference = Off safe_mode = Off safe_mode_gid = Off safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH disable_functions = passthru,shell_exec disable_classes = expose_php = Off max_execution_time = 300 max_input_time = 60 memory_limit = 256M error_reporting = E_ALL & ~E_DEPRECATED & ~(E_NOTICE) & ~(E_WARNING) display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = Off error_log = /data/www/logs/php_log/php_error.log variables_order = "EGPCS" request_order = "GP" register_globals = Off register_argc_argv = Off auto_globals_jit = On post_max_size = 50M magic_quotes_runtime = Off magic_quotes_sybase = Off auto_prepend_file = auto_append_file = default_mimetype = "text/html" doc_root = user_dir = enable_dl = On file_uploads = On upload_max_filesize = 50M max_file_uploads = 20 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 60 [Date] date.timezone = America/Los_Angeles [filter] [iconv] [intl] [sqlite] [sqlite3] [Pcre] [Pdo] [Pdo_mysql] pdo_mysql.cache_size = 2000 pdo_mysql.default_socket= [Phar] [Syslog] define_syslog_variables = Off [mail function] SMTP = localhost smtp_port = 25 sendmail_path =/usr/sbin/sendmail -t -i mail.add_x_header = On [SQL] sql.safe_mode = Off [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] ibase.allow_persistent = 1 ibase.max_persistent = -1 ibase.max_links = -1 ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ibase.dateformat = "%Y-%m-%d" ibase.timeformat = "%H:%M:%S" [MySQL] mysql.allow_local_infile = On mysql.allow_persistent = On mysql.cache_size = 2000 mysql.max_persistent = -1 mysql.max_links = -1 mysql.default_port = mysql.default_socket = mysql.default_host = mysql.default_user = mysql.default_password = mysql.connect_timeout = 60 mysql.trace_mode = Off [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.cache_size = 2000 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [OCI8] [PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [Sybase-CT] sybct.allow_persistent = On sybct.max_persistent = -1 sybct.max_links = -1 sybct.min_server_severity = 10 sybct.min_client_severity = 10 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 1000 session.gc_maxlifetime = 2440 session.bug_compat_42 = Off session.bug_compat_warn = Off session.referer_check = session.entropy_length = 0 session.cache_limiter = nocache session.cache_expire = 1200 session.use_trans_sid = 0 session.hash_function = 0 session.hash_bits_per_character = 5 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" [MSSQL] mssql.allow_persistent = On mssql.max_persistent = -1 mssql.max_links = -1 mssql.min_error_severity = 10 mssql.min_message_severity = 10 mssql.compatability_mode = Off mssql.secure_connection = Off [Assertion] [COM] [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [mcrypt] [dba] extension_dir=/usr/local/php-7.2.24_fpm/lib/php/extensions/no-debug-non-zts-20170718/ extension=zmq.so extension=memcached.so extension=memcache.so extension=redis.so extension=rar.so extension=mcrypt.so extension=bcmath.so extension=amqp.so extension=imap.so extension=intl.so [opcache] zend_extension=/usr/local/php-7.2.24_fpm/lib/php/extensions/no-debug-non-zts-20170718/opcache.so opcache.memory_consumption=2048 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=4000 opcache.revalidate_freq=60 opcache.fast_shutdown=1 opcache.enable_cli=1 opcache.enable=1 opcache.force_restart_timeout=1800 opcache.optimization_level=1