centos7.6环境编译安装php-7.2.24修复最新 CVE-2019-11043 漏洞

先编译安装php-7.2.24,然后编译安装扩展

主版本地址地址:https://www.php.net/distributions/php-7.2.24.tar.gz


# 编译 php-7.2.24 参数
./configure  --prefix=/usr/local/php-7.2.24_fpm --with-config-file-path=/usr/local/php-7.2.24_fpm/etc --with-openssl=/usr/local/lab/openssl-1.0.2p --with-libxml-dir=/usr --with-zlib-dir=/usr/local/lab/zlib-1.2.11 --with-bz2 --enable-calendar --with-curl=/usr/local/lab/curl-7.36.0 --enable-dba --enable-exif --enable-ftp --with-jpeg-dir=/usr/local/lab/jpeg-9b --with-png-dir=/usr/local/lab/libpng-1.6.10/ --with-freetype-dir=/usr/local/lab/freetype-2.5.4 --with-gd=/usr/local/lab/libgd-2.1.1 --with-gettext --enable-mbstring --with-ldap=/usr/local/openldap-2.4.23 --with-mcrypt=/usr/local/lab/libmcrypt-2.5.8_php7.2 --with-mhash=/usr/local/lab/mhash-0.9.9.9 --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-unixODBC=/usr/local/lab/unixODBC-2.3.2 --with-pdo-dblib=/usr/local/lab/freetds-0.92 --enable-zip --with-iconv-dir=/usr/local/lab/libiconv-1.14 --with-fpm-user=apache --with-fpm-group=users --enable-fpm --with-xmlrpc --enable-soap --enable-mbregex --enable-opcache --enable-inline-optimization --enable-xml --enable-sockets --disable-debug --enable-pcntl --enable-shmop
# make && make install

 

注意:在centos7上编译的php-7.2.24程序,直接拷贝到centos6中无法运行,提示缺少一些组件,需要升级glibc和gcc等底层的软件,建议不要升级glibc和gcc可能引发其他应用故障,如果是centos6,直接在centos6中编译后运行


扩展包的下载地址:
http://pecl.php.net/package-stats.php

# openssl的编译(经过测试1.1.10i 这个版本问题太多,舍弃,使用1.0.2p)

cd /usr/local/src && wget https://www.openssl.org/source/openssl-1.1.0i.tar.gz --no-check-certificate
tar -xzf /usr/local/lab/openssl-1.1.0i.tar.gz
cd /usr/local/lab/openssl-1.1.0i
./config --prefix=/usr/local/lab/openssl-1.1.0i
make && make install


# openssl-OpenSSL_1_0_2p编译安装
unzip openssl-OpenSSL_1_0_2p.zip
cd openssl-OpenSSL_1_0_2p
./config --prefix=/usr/local/lab/openssl-1.0.2p
make && make install

wget https://www.openssl.org/source/openssl-1.0.2p.tar.gz

./config --prefix=/usr/local/lab/openssl-1.0.2p/openssl-1.0.2p

###event安装记录
wget http://pecl.php.net/get/event-2.4.2.tgz
tar -zxf event-2.4.2.tgz
cd event-2.4.2
/usr/local/php/bin/phpize
./configure --with-event-core --with-event-extra --enable-event-debug  --with-php-config=/usr/local/php/bin/php-config
make && make install

# zlib编译
cd /usr/local/src && wget http://www.zlib.net/zlib-1.2.11.tar.gz
tar -xvzf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/lab/zlib-1.2.11
make && make install

# 安装jpeg
#wget:http://ftp.gnu.org/gnu/libtool/libtool-2.2.6a.tar.gz
tar -zxf libtool-2.2.6a.tar.gz -C /usr/local/lab
cd /usr/local/lab/libtool-2.2.6
./configure
make && make install

然后进入jpeg-6b的源码目录,然后执行以下步骤,切记!COPY到当前目录注意后面的点(.)
网上好多都把config.sub和config.guess的路径弄错了,应该是在/usr/share/libtool/config/下,而不是在
/usr/share/libtool/下

cd jpeg
cp /usr/share/libtool/config/config.sub .
cp /usr/share/libtool/config/config.guess .

mkdir -p /usr/local/libjpeg-6b/bin
mkdir -p /usr/local/libjpeg-6b/lib
mkdir -p /usr/local/libjpeg-6b/man/man1

./configure --prefix=/usr/local/libjpeg-6b --enable-shared --enable-static
make && make install

# 安装freetype2.5.4
mkdir -p /usr/local/lab/freetype-2.5.4/include/freetype2/config
mkdir -p /usr/local/lab/freetype-2.5.4/include/freetype2/freetype/config
./configure --prefix=/usr/local/lab/freetype-2.5.4
make && make install

# php7.2安装mcrypt
tar -zxf mcrypt-1.0.1.tgz
cd mcrypt-1.0.1
# 在mcrypt-1.0.1目录下执行phpize命令,会生成configure命令
[root@ws_compile-release:/usr/local/src/mcrypt-1.0.1]# /usr/local/php-7.2.24_fpm/bin/phpize
Configuring for:
PHP Api Version:         20170718
Zend Module Api No:      20170718
Zend Extension Api No:   320170718

./configure --with-php-config=/usr/local/php-7.2.24_fpm/bin/php-config
make && make install

## Redis扩展
echo "*******************install Redis扩展 start*******************"
cd /usr/local/src && wget http://pecl.php.net/get/redis-4.1.1.tgz
tar -zxvf redis-4.1.1.tgz
cd redis-4.1.1/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install

## SeasLog扩展
[root@web01:/usr/local/src]# tar -zxf SeasLog-1.8.6.tgz
[root@web01:/usr/local/src]# cd SeasLog-1.8.6
[root@web01:/usr/local/src/SeasLog-1.8.6]# /usr/local/php-7.2.11_fpm/bin/phpize
Configuring for:
PHP Api Version:         20170718
Zend Module Api No:      20170718
Zend Extension Api No:   320170718
[root@web01:/usr/local/src/SeasLog-1.8.6]# ./configure --with-php-config=/usr/local/php-7.2.11_fpm/bin/php-config
[root@web01:/usr/local/src/SeasLog-1.8.6]# make && make install

### memcached扩展
# 编译安装libmemcached-1.0.18
tar -zxf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
./configure --prefix=/usr/local/lab/libmemcached-1.0.18 --with-memcached

# 安装php-memcached扩展
php使用memcache的扩展有两个,一个memcache,一个memcached,前者比较老,推荐使用第二个,我们这里以第二个为例:

在github上找到适用于php7的分支https://github.com/php-memcached-dev/php-memcached/tree/php7

# 解压
unzip php-memcached-php7.zip
cd php-memcached-php7

# 执行phpize会生成configure文件
/usr/local/php/bin/phpize
# 执行预编译
./configure --enable-memcached --with-php-config=/usr/local/php/bin/php-config --with-libmemcached-dir=/usr/local/lab/libmemcached-1.0.18 --disable-memcached-sasl
make && make install

# 安装rar扩展
tar -zxf rar-4.0.0.tgz
cd rar-4.0.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install

# php7.2.24安装swoole扩展

# wget https://github.com/swoole/swoole-src/archive/v4.4.15.tar.gz
# /usr/local/php-7.2.24_fpm/bin/phpize
# ./configure --with-php-config=/usr/local/php-7.2.24_fpm/bin/php-config
# make && make install

 

# php7.2.24安装swoole扩展,并且开启ssl

cd /usr/local/src/
wget https://github.com/swoole/swoole-src/archive/v4.5.7.tar.gz

tar xf v4.5.7.tar.gz
cd /usr/local/src/swoole-src-4.5.7
/usr/local/php-7.2.24_fpm/bin/phpize
./configure --enable-openssl --enable-http2 --with-php-config=/usr/local/php-7.2.24_fpm/bin/php-config
 make && make install


####安装zmq扩展

1.到zeromq官网查看版本信息:http://zeromq.org/intro:get-the-software

2.Linux服务器跟目录下依次执行以下命令:

wget https://github.com/zeromq/libzmq/releases/download/v4.2.2/zeromq-4.2.5.tar.gz

tar zxvf zeromq-4.2.5.tar.gz
cd zeromq-4.2.5
./configure
make
make install

3.切回根目录,执行以下步骤:

下载https://codeload.github.com/mkoppanen/php-zmq/zip/master/php-zmq-master.zip
unzip php-zmq-master.zip
cd php-zmq-master
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install

# 编辑php配置文件,在最后面加入
# vim /usr/local/php/etc/php.ini

extension=zmq.so

# 编辑php.ini文件添加扩展,并重启php-fpm

extension=rar.so
extension=memcache.so
extension=memcached.so
extension=redis.so
extension=seaslog.so
extension=pcntl.so
extension=rar.so
extension=mcrypt.so

###编译安装bcmath
1.进入PHP源码包目录下的ext/bcmath目录
2.执行phpize命令,phpize命令在PHP安装目录的bin目录下,如 /usr/local/php/bin/phpize
3.执行./configure --with-php-config=/usr/local/php/bin/php-config
make && make install

####安装 amqp扩展
# 安装前要先安装rabbitmq-c
wget -c https://github.com/alanxz/rabbitmq-c/releases/download/v0.8.0/rabbitmq-c-0.8.0.tar.gz
tar zxf rabbitmq-c-0.8.0.tar.gz
cd rabbitmq-c-0.8.0
./configure --prefix=/usr/local/rabbitmq-c-0.8.0
make && make install

# 安装amqp
tar zxf amqp-1.9.3.tgz
cd amqp-1.9.3
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-amqp --with-librabbitmq-dir=/usr/local/rabbitmq-c-0.8.0
make && make install

# 安装amqp的时候报错:
 cc -I. -I/usr/local/src/amqp-1.9.3 -DPHP_ATOM_INC -I/usr/local/src/amqp-1.9.3/include -I/usr/local/src/amqp-1.9.3/main -I/usr/local/src/amqp-1.9.3 -I/usr/local/php-7.2.11_fpm/include/php -I/usr/local/php-7.2.11_fpm/include/php/main -I/usr/local/php-7.2.11_fpm/include/php/TSRM -I/usr/local/php-7.2.11_fpm/include/php/Zend -I/usr/local/php-7.2.11_fpm/include/php/ext -I/usr/local/php-7.2.11_fpm/include/php/ext/date/lib -I/usr/local/rabbitmq-c-0.8.0//include -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/amqp-1.9.3/amqp_connection_resource.c  -fPIC -DPIC -o .libs/amqp_connection_resource.o
/usr/local/src/amqp-1.9.3/amqp_connection_resource.c:45:29: error: amqp_ssl_socket.h: No such file or directory
/usr/local/src/amqp-1.9.3/amqp_connection_resource.c: In function ‘connection_resource_constructor’:
/usr/local/src/amqp-1.9.3/amqp_connection_resource.c:409: warning: assignment makes pointer from integer without a cast
make: *** [amqp_connection_resource.lo] Error 1

解决:

参考:https://github.com/alanxz/rabbitmq-c/issues/463
[root@sz_xx_cmsby01_11_99:/usr/local/src/amqp-1.9.3]# find /usr/local -name amqp_ssl_socket.h
/usr/local/src/rabbitmq-c-0.8.0/librabbitmq/amqp_ssl_socket.h
[root@sz_xx_cmsby01_11_99:/usr/local/src/amqp-1.9.3]# cp /usr/local/src/rabbitmq-c-0.8.0/librabbitmq/amqp_ssl_socket.h ./

# 重新make && make install 即可


# 安装memcache扩展
unzip pecl-memcache-NON_BLOCKING_IO_php7.zip
cd pecl-memcache-NON_BLOCKING_IO_php7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install


####### 安装imap扩展
# 安装imap依赖

yum install -y libc-client-devel freetype-devel libcurl-devel libjpeg-turbo-devel openssl-devel libicu-devel libmcrypt-devel
ln -s /usr/lib64/libc-client.so /usr/lib/libc-client.so
cd /usr/local/src && tar -zxf  php-7.2.24.tar.gz
cd /usr/local/src/php-7.2.24/ext/imap
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-imap=/usr/lib64 --with-imap-ssl --with-kerberos
make && make install


#####安装mysql扩展
# 下载扩展地址,最上面最新的:http://git.php.net/?p=pecl/database/mysql.git;a=summary
unzip mysql-386776d.zip
cd mysql-386776d
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-mysql=mysqlnd
make && make install

# vim /usr/local/php-7.2.11_fpm/etc/php.ini
extension=mysql.so

#### 安装gmp扩展 php5.6.30为例
/usr/local/php5.6.30/bin/phpize
./configure --with-php-config=/usr/local/php5.6.30/bin/php-config --with-gmp

安装kafka模块

cd /usr/local/src
wget https://sourceforge.net/projects/re2c/files/0.16/re2c-0.16.tar.gz
tar zxf re2c-0.16.tar.gz
cd re2c-0.16
./configure
make && make install


cd /usr/local/src
wget https://github.com/edenhill/librdkafka/archive/v1.5.0.tar.gz
tar xf v1.5.0.tar.gz
cd librdkafka-1.5.0
cd librdkafka
./configure
make && make install
ln -s /usr/local/lib/librdkafka.so.1 /usr/lib/

cd /usr/local/src
wget https://github.com/arnaud-lb/php-rdkafka/archive/4.0.3.tar.gz
tar xf 4.0.3.tar.gz
cd php-rdkafka-4.0.3
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install



### 安装php7.2.24版本中自带的扩展intl

一.PHP intl 是国际化扩展,是ICU 库的一个包装器。所以在安装PHP intl扩展前要先安装ICU库,安装ICU库的具体步骤:

mkdir /usr/local/lab/icu
cd /usr/local/lab/icu
wget http://download.icu-project.org/files/icu4c/52.1/icu4c-52_1-src.tgz
tar xf icu4c-52_1-src.tgz
cd icu/source
./configure --prefix=/usr/local/lab/icu
make && make install
安装完毕:
注:icu版本你也可以去官网下载:http://site.icu-project.org/download  。--prefix=/usr/local/icu为icu的安装路径,也可以通过find /  -name  icu查找。

二.安装扩展intl.so

1。进入php7源码:cd /usr/local/src/php-7.2.24/ext/intl

2。运行:phpize ,找不到命令时,将路径补全:/usr/local/php/bin/phpize(是php的安装路径),出现如下:

[root@ws_compile-release:/usr/local/src/php-7.2.24/ext/intl]#  /usr/local/php/bin/phpize
Configuring for:
PHP Api Version:         20170718
Zend Module Api No:      20170718
Zend Extension Api No:   320170718

三。运行配置

./configure --enable-intl --with-icu-dir=/usr/local/lab/icu --with-php-config=/usr/local/php/bin/php-config
make && make install

注:前面路径为icu的安装路径,后面路径为php的安装路径

# 启动脚本

# cat /etc/init.d/php7.24-fpm 
#! /bin/sh

### BEGIN INIT INFO
# Provides:          php-fpm
# Required-Start:    $remote_fs $network
# Required-Stop:     $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts php-fpm
# Description:       starts the PHP FastCGI Process Manager daemon
### END INIT INFO

prefix=/usr/local/php-7.2.24_fpm
exec_prefix=${prefix}

php_fpm_BIN=${exec_prefix}/sbin/php-fpm
php_fpm_CONF=${prefix}/etc/php-fpm.conf
php_fpm_PID=${prefix}/var/run/php-fpm.pid


php_opts="--fpm-config $php_fpm_CONF --pid $php_fpm_PID"


wait_for_pid () {
    try=0

    while test $try -lt 35 ; do

        case "$1" in
            'created')
            if [ -f "$2" ] ; then
                try=''
                break
            fi
            ;;

            'removed')
            if [ ! -f "$2" ] ; then
                try=''
                break
            fi
            ;;
        esac

        echo -n .
        try=`expr $try + 1`
        sleep 1

    done

}

case "$1" in
    start)
        echo -n "Starting php-fpm "

        $php_fpm_BIN --daemonize $php_opts

        if [ "$?" != 0 ] ; then
            echo " failed"
            exit 1
        fi

        wait_for_pid created $php_fpm_PID

        if [ -n "$try" ] ; then
            echo " failed"
            exit 1
        else
            echo " done"
        fi
    ;;

    stop)
        echo -n "Gracefully shutting down php-fpm "

        if [ ! -r $php_fpm_PID ] ; then
            echo "warning, no pid file found - php-fpm is not running ?"
            exit 1
        fi

        kill -QUIT `cat $php_fpm_PID`

        wait_for_pid removed $php_fpm_PID

        if [ -n "$try" ] ; then
            echo " failed. Use force-quit"
            exit 1
        else
            echo " done"
        fi
    ;;

    force-quit)
        echo -n "Terminating php-fpm "

        if [ ! -r $php_fpm_PID ] ; then
            echo "warning, no pid file found - php-fpm is not running ?"
            exit 1
        fi

        kill -TERM `cat $php_fpm_PID`

        wait_for_pid removed $php_fpm_PID

        if [ -n "$try" ] ; then
            echo " failed"
            exit 1
        else
            echo " done"
        fi
    ;;

    restart)
        $0 stop
        $0 start
    ;;

    reload)

        echo -n "Reload service php-fpm "

        if [ ! -r $php_fpm_PID ] ; then
            echo "warning, no pid file found - php-fpm is not running ?"
            exit 1
        fi

        kill -USR2 `cat $php_fpm_PID`

        echo " done"
    ;;

    *)
        echo "Usage: $0 {start|stop|force-quit|restart|reload}"
        exit 1
    ;;

esac

 php.ini配置文件

[root@ws_compile-release:~]# egrep -v '^;|^$' /usr/local/php-7.2.24_fpm/etc/php.ini 
[PHP]
engine = On
short_open_tag = On
asp_tags = Off
precision = 14
y2k_compliance = On
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = -1
allow_call_time_pass_reference = Off
safe_mode = Off
safe_mode_gid = Off
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions = passthru,shell_exec
disable_classes =
expose_php = Off
max_execution_time = 300
max_input_time = 60
memory_limit = 256M
error_reporting = E_ALL & ~E_DEPRECATED  & ~(E_NOTICE) & ~(E_WARNING)
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = Off
error_log = /data/www/logs/php_log/php_error.log 
variables_order = "EGPCS"
request_order = "GP"
register_globals = Off
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 50M
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
doc_root =
user_dir =
enable_dl = On
file_uploads = On
upload_max_filesize = 50M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[Date]
date.timezone = America/Los_Angeles
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[Syslog]
define_syslog_variables  = Off
[mail function]
SMTP = localhost
smtp_port = 25
sendmail_path =/usr/sbin/sendmail -t -i
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgresSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 2440
session.bug_compat_42 = Off
session.bug_compat_warn = Off
session.referer_check =
session.entropy_length = 0
session.cache_limiter = nocache
session.cache_expire = 1200
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatability_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
extension_dir=/usr/local/php-7.2.24_fpm/lib/php/extensions/no-debug-non-zts-20170718/
extension=zmq.so
extension=memcached.so
extension=memcache.so
extension=redis.so
extension=rar.so
extension=mcrypt.so
extension=bcmath.so
extension=amqp.so
extension=imap.so
extension=intl.so
[opcache]
zend_extension=/usr/local/php-7.2.24_fpm/lib/php/extensions/no-debug-non-zts-20170718/opcache.so
opcache.memory_consumption=2048
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=1
opcache.enable=1
opcache.force_restart_timeout=1800
opcache.optimization_level=1

 

posted @ 2019-10-29 17:03  reblue520  阅读(789)  评论(0编辑  收藏  举报