はじめに
Remi's RPM repositoryを利用してCentOS7にPHP-FPM5.5をインストール
親記事:PHP, PHP-FPMの各種インストール方法とEOLまとめ
参考:Remi's RPM repository
サポート
本手法で導入した場合、PHP: Supported Versions/PHP: Unsupported Branchesより、2016-07-21がEOLになると思われる。
それ以降に報告された脆弱性や不具合への対応は実施されない可能性がある。
(メンテナーの御慈悲でその後もアップデートされているが、いつまで続くかはわからない)
note
- インストール後の更新は
yum --enablerepo=remi-php55 update
LOG
インストール
# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
# yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
... 略
# yum install -y --enablerepo=remi-php55 php-fpm which
... 略
==========================================================================
WARNING : PHP 5.5 have reached its "End of Life" in July 2016.
Even, if this package includes some security fix, backported from 5.6,
The UPGRADE to a maintained version is very strongly RECOMMENDED.
==========================================================================
... 略
php-fpm起動/停止
# systemctl start php-fpm
# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2019-09-28 05:47:30 UTC; 4s ago
Main PID: 231 (php-fpm)
Status: "Ready to handle connections"
CGroup: /docker/e61cff2495c31847fb40c070b870cd4c7818be30d13fa6fa04267788514d5c32/system.slice/php-fpm.service
tq231 php-fpm: master process (/etc/php-fpm.conf)
tq232 php-fpm: pool www
tq233 php-fpm: pool www
tq234 php-fpm: pool www
tq235 php-fpm: pool www
mq236 php-fpm: pool www
? 231 php-fpm: master process (/etc/php-fpm.conf)
Sep 28 05:47:30 e61cff2495c3 systemd[1]: Starting The PHP FastCGI Process Manager...
Sep 28 05:47:30 e61cff2495c3 systemd[1]: Started The PHP FastCGI Process Manager.
# systemctl stop php-fpm
# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Sep 28 05:47:30 e61cff2495c3 systemd[1]: Starting The PHP FastCGI Process Manager...
Sep 28 05:47:30 e61cff2495c3 systemd[1]: Started The PHP FastCGI Process Manager.
Sep 28 05:48:12 e61cff2495c3 systemd[1]: Stopping The PHP FastCGI Process Manager...
Sep 28 05:48:12 e61cff2495c3 systemd[1]: Stopped The PHP FastCGI Process Manager.
php-fpm自動起動設定/設定解除
# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
# systemctl list-unit-files --type=service | grep php-fpm
php-fpm.service enabled
# systemctl disable php-fpm
Removed symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service.
# systemctl list-unit-files --type=service |grep php-fpm
php-fpm.service disabled
各種確認
# which php
which: no php in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
# which php-fpm
/usr/sbin/php-fpm
# php-fpm -v
PHP 5.5.38 (fpm-fcgi) (built: Jan 11 2019 14:31:41)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
# yum info php-fpm
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* epel: ftp.riken.jp
* extras: ftp.iij.ad.jp
* remi-safe: ftp.riken.jp
* updates: ftp.iij.ad.jp
Installed Packages
Name : php-fpm
Arch : x86_64
Version : 5.5.38
Release : 11.el7.remi
Size : 4.3 M
Repo : installed
From repo : remi-php55
Summary : PHP FastCGI Process Manager
URL : http://www.php.net/
License : PHP and Zend and BSD
Description : PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI
: implementation with some additional features useful for sites of
: any size, especially busier sites.
パッケージ更新状況
# rpm -q -changelog php-fpm | head -n 20
* Fri Jan 11 2019 Remi Collet <remi@remirepo.net> - 5.5.38-11
- Fix #77242 heap out of bounds read in xmlrpc_decode
- Fix #77380 Global out of bounds read in xmlrpc base64 code
* Mon Dec 10 2018 Remi Collet <remi@remirepo.net> - 5.5.38-10
- Fix #77231 Segfault when using convert.quoted-printable-encode filter
- Fix #77020 null pointer dereference in imap_mail
CVE-2018-19935
- Fix #77153 imap_open allows to run arbitrary shell commands via
mailbox parameter
CVE-2018-19158
* Fri Sep 14 2018 Remi Collet <remi@remirepo.net> - 5.5.38-9
- fix #76582: XSS due to the header Transfer-Encoding: chunked
* Thu Mar 01 2018 Remi Collet <remi@remirepo.net> - 5.5.38-8
- fix #73549: Use after free when stream is passed to imagepng
- fix #75981: stack-buffer-overflow while parsing HTTP response
* Sat Feb 18 2017 Remi Collet <remi@remirepo.net> - 5.5.38-7