はじめに
Remi's RPM repositoryを利用してCentOS7にPHP-FPM5.4をインストール
親記事:PHP, PHP-FPMの各種インストール方法とEOLまとめ
参考:Remi's RPM repository
サポート
本手法で導入した場合、PHP: Supported Versions/PHP: Unsupported Branchesより、2015-09-03がEOLになると思われる。
それ以降に報告された脆弱性や不具合への対応は実施されない可能性がある。
(メンテナーの御慈悲でその後もアップデートされているが、いつまで続くかはわからない)
note
- インストール後の更新は
yum --enablerepo=remi-php54 update
LOG
インストール
# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
# yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
... 略
# yum install -y --enablerepo=remi-php54 php-fpm which
... 略
==========================================================================
WARNING : PHP 5.4 have reached its "End of Life" in September 2015.
Even, if this package includes some of the important security fix,
backported from 5.5 or 5.6,
The UPGRADE to a maintained version is very strongly RECOMMENDED.
==========================================================================
... 略
php-fpm起動/停止
# systemctl start php-fpm
# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2019-09-28 05:58:03 UTC; 3s ago
Main PID: 222 (php-fpm)
Status: "Ready to handle connections"
CGroup: /docker/cd1058ac8a9632725fc41b94723314be9665c4b645e12e06208d8dd55e888172/system.slice/php-fpm.service
tq222 php-fpm: master process (/etc/php-fpm.conf)
tq223 php-fpm: pool www
tq224 php-fpm: pool www
tq225 php-fpm: pool www
tq226 php-fpm: pool www
mq227 php-fpm: pool www
? 222 php-fpm: master process (/etc/php-fpm.conf)
Sep 28 05:58:03 cd1058ac8a96 systemd[1]: Starting The PHP FastCGI Process Manager...
Sep 28 05:58:03 cd1058ac8a96 systemd[1]: Started The PHP FastCGI Process Manager.
# systemctl stop php-fpm
# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Sep 28 05:58:03 cd1058ac8a96 systemd[1]: Starting The PHP FastCGI Process Manager...
Sep 28 05:58:03 cd1058ac8a96 systemd[1]: Started The PHP FastCGI Process Manager.
Sep 28 05:58:31 cd1058ac8a96 systemd[1]: Stopping The PHP FastCGI Process Manager...
Sep 28 05:58:31 cd1058ac8a96 systemd[1]: Stopped The PHP FastCGI Process Manager.
php-fpm自動起動設定/設定解除
# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
# systemctl list-unit-files --type=service | grep php-fpm
php-fpm.service enabled
# systemctl disable php-fpm
Removed symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service.
# systemctl list-unit-files --type=service |grep php-fpm
php-fpm.service disabled
各種確認
# which php
which: no php in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
# which php-fpm
/usr/sbin/php-fpm
# php-fpm -v
PHP 5.4.45 (fpm-fcgi) (built: Jan 11 2019 13:45:20)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
# yum info php-fpm
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* epel: ftp.riken.jp
* extras: ftp.iij.ad.jp
* remi-safe: ftp.riken.jp
* updates: ftp.iij.ad.jp
Installed Packages
Name : php-fpm
Arch : x86_64
Version : 5.4.45
Release : 17.el7.remi
Size : 3.8 M
Repo : installed
From repo : remi-php54
Summary : PHP FastCGI Process Manager
URL : http://www.php.net/
License : PHP and Zend and BSD
Description : PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI
: implementation with some additional features useful for sites of
: any size, especially busier sites.
パッケージ更新状況
# rpm -q -changelog php-fpm | head -n 20
* Fri Jan 11 2019 Remi Collet <remi@remirepo.net> - 5.4.45-17
- Fix #77242 heap out of bounds read in xmlrpc_decode
- Fix #77380 Global out of bounds read in xmlrpc base64 code
* Mon Dec 10 2018 Remi Collet <remi@remirepo.net> - 5.4.45-16
- Fix #77231 Segfault when using convert.quoted-printable-encode filter
- Fix #77020 null pointer dereference in imap_mail
CVE-2018-19935
- Fix #77153 imap_open allows to run arbitrary shell commands via
mailbox parameter
CVE-2018-19158
* Fri Sep 14 2018 Remi Collet <remi@remirepo.net> - 5.4.45-15
- fix #76582: XSS due to the header Transfer-Encoding: chunked
* Thu Mar 01 2018 Remi Collet <remi@remirepo.net> - 5.4.45-14
- fix #73549: Use after free when stream is passed to imagepng
- fix #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
CVE-2016-10167
- fix #73869: Signed Integer Overflow gd_io.c