recompile PHP with Suhosin

fastsvc

Verified User
Joined
Apr 12, 2009
Messages
21
does anyone know the steps to recompile PHP with Suhosin after installing directadmin?
can you help please?
 
For PHP 5.2.13:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
cd php-5.2.13
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes
PHP 5.3.2:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.3.2.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.3.2-0.9.9.1.patch.gz
gunzip suhosin-patch-5.3.2-0.9.9.1.patch.gz
patch -p0 < suhosin-patch-5.3.2-0.9.9.1.patch
cd php-5.3.2
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes
Restart apache using the following command on FreeBSD systems (instead of /etc/init.d/httpd restart):
Code:
/usr/local/etc/rc.d/httpd  restart
Alternative way:
Do the same to the "patch -p0 < ....." line, then open "build" file, find:
Code:
FILE=${CWD}/php-${PHP5_VER}.tar.gz
checkFile ${FILE}
echo "Extracting ...";
tar xzf ${FILE}
Replace with (comment tar line out):
Code:
FILE=${CWD}/php-${PHP5_VER}.tar.gz
checkFile ${FILE}
echo "Extracting ...";
#tar xzf ${FILE}
Save the file and run "./build php n".
 
Last edited:
first I got this error when i try :
tar xzf php-5.3.2.tar.gz



i get this error:

# tar xzf php-5.3.2.tar.gz
tar: php-5.3.2.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors


so i edited options.conf and changed php to 5.3

but then i got this question when i typed :
gunzip suhosin-patch-5.3.2-0.9.9.1.patch.gz


File to patch: /usr/local/lib/php.ini
patching file /usr/local/lib/php.ini
Hunk #1 FAILED at 60.
Hunk #2 FAILED at 92.
2 out of 2 hunks FAILED -- saving rejects to file /usr/local/lib/php.ini.rej
can't find file to patch at input line 141
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -Nura php-5.3.2RC3/Zend/zend.h suhosin-patch-5.3.2-0.9.9.1/Zend/zend.h
|--- php-5.3.2RC3/Zend/zend.h 2010-02-03 21:44:43.000000000 +0100
|+++ suhosin-patch-5.3.2-0.9.9.1/Zend/zend.h 2010-03-04 11:51:11.000000000 +0100
File to patch:


no idea? so what do you think is next?
 
Last edited:
Check php for Suhosin

i formatted the server and started all over . then i used PHP 5.2.13 , when i was done i checked csf and i still have the message saying :
You should recompile PHP with Suhosin to add greater security to PHP

and i typed php -v i got this :
PHP 5.2.13 (cli) (built: Mar 14 2010 04:08:21)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies


any Idea?
 
Hi, I try

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
./build php n
./build set clean yes

And suhosin is not installed.
No error message
 
Ok, I follow this :

Code:
cd /usr/local/
wget http://www.hardened-php.net/suhosin/_media/suhosin-0.9.18.tgz
tar -zxvf suhosin-0.9.18.tgz
cd suhosin-0.9.18
phpize
(if needed : yum install autoconf )

Code:
./configure
make
make test
make install
ls –lah /usr/local/lib/php/extensions//no-debug-non-zts-20060613/
cp /usr/local/lib/php/extensions//no-debug-non-zts-20060613/suhosin.so /usr/lib64/php

Modify PHP.INI

Write :
extension_dir = /usr/lib64/php

In Dynamic Extensions ;
Write
extension=suhosin.so

Now :
Code:
php -v
PHP 5.2.13 (cli) (built: Mar 17 2010 09:41:38)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
:D

I hope it can help you !!
(note it is the first time I can help someone :) )
 
I've updated my how-to post :) PHP package was extracted second time by the CustomBuild script, so the patched files were overwritten with "./build php n". There should be no problems now. Good luck!
 
hi, im having a problem with your guide...

Code:
[14:09:13] [email protected] [/usr/local/directadmin/custombuild/php-5.2.13]
>`../build used_configs | grep PHP5 | cut -d: -f2`
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
/usr/local/directadmin/custombuild/configure/ap2/configure.php5: line 3: ./configure: No such file or directory
[14:09:19] [email protected] [/usr/local/directadmin/custombuild/php-5.2.13]
>ls
[14:09:32] [email protected] [/usr/local/directadmin/custombuild/php-5.2.13]
>cd ..

Has you can see the build give error, ive tryed without ' aswell

Code:
[14:11:11] [email protected] [/usr/local/directadmin/custombuild/php-5.2.13]
>../build used_configs | grep PHP5 | cut -d: -f2
 /usr/local/directadmin/custombuild/configure/ap2/configure.php5
[14:11:24] [email protected] [/usr/local/directadmin/custombuild/php-5.2.13]
>ls
[14:11:26] [email protected] [/usr/local/directadmin/custombuild/php-5.2.13]
>make
make: getcwd: No such file or directory
make: *** No targets specified and no makefile found.  Stop.

Seems that the build command clean the directory after configure (probably is a custombuild option)

What i should do for dont clean the directory after configure and why if is a security patch has not been implemented has option in custombuild system?

thanks
 
Make sure you execute "./build set clean no" after "./build update".
 
hehe exact what i was thinkin.. thanks for add in your tutorial...

now i come up with a new error :)

Code:
checking for MySQL UNIX socket location... /var/tmp/mysql.sock
configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!

during compiling, of course im not able to make ^^
 
worked perfectly thank you.

I did make test..

Code:
=====================================================================
EXPECTED FAILED TEST SUMMARY
---------------------------------------------------------------------
output buffering - fatalism [tests/output/ob_011.phpt]
ob_start(): Ensure unerasable buffer cannot be flushed by ob_flush() [tests/outp                 ut/ob_start_basic_unerasable_005.phpt]
SPL: ArrayObject::exchangeArray() basic usage with object as underlying data sto                 re. [ext/spl/tests/arrayObject_exchangeArray_basic3.phpt]
=====================================================================

but installed it anyway
 
error when trying in php 5.3

[root@server custombuild]# patch -p0 < suhosin-patch-5.3.2-0.9.9.1.patch
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -Nura php-5.3.2RC3/Zend/Makefile.am suhosin-patch-5.3.2-0.9.9.1/Zend/Makefile.am
|--- php-5.3.2RC3/Zend/Makefile.am 2009-03-18 11:18:10.000000000 +0100
|+++ suhosin-patch-5.3.2-0.9.9.1/Zend/Makefile.am 2010-03-03 20:19:19.000000000 +0100
--------------------------
File to patch:
 
not works

hi,

i run this commands, but not appears how installed.

cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
cd php-5.2.13
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes
 
Last edited:
It's work fine for me. Thank you a lot

I have a question why after recompile php I check server security from csf it still show " WARNING You should recompile PHP with Suhosin to add greater security to PHP"

Any Idea ?
 
Back
Top