recompile PHP with Suhosin

fastsvc

Verified User
Joined
Apr 12, 2009
Messages
21
does anyone know the steps to recompile PHP with Suhosin after installing directadmin?
can you help please?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,936
Location
LT, EU
For PHP 5.2.13:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
cd php-5.2.13
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes
PHP 5.3.2:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.3.2.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.3.2-0.9.9.1.patch.gz
gunzip suhosin-patch-5.3.2-0.9.9.1.patch.gz
patch -p0 < suhosin-patch-5.3.2-0.9.9.1.patch
cd php-5.3.2
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes
Restart apache using the following command on FreeBSD systems (instead of /etc/init.d/httpd restart):
Code:
/usr/local/etc/rc.d/httpd  restart
Alternative way:
Do the same to the "patch -p0 < ....." line, then open "build" file, find:
Code:
FILE=${CWD}/php-${PHP5_VER}.tar.gz
checkFile ${FILE}
echo "Extracting ...";
tar xzf ${FILE}
Replace with (comment tar line out):
Code:
FILE=${CWD}/php-${PHP5_VER}.tar.gz
checkFile ${FILE}
echo "Extracting ...";
#tar xzf ${FILE}
Save the file and run "./build php n".
 
Last edited:

fastsvc

Verified User
Joined
Apr 12, 2009
Messages
21
first I got this error when i try :
tar xzf php-5.3.2.tar.gz



i get this error:

# tar xzf php-5.3.2.tar.gz
tar: php-5.3.2.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors


so i edited options.conf and changed php to 5.3

but then i got this question when i typed :
gunzip suhosin-patch-5.3.2-0.9.9.1.patch.gz


File to patch: /usr/local/lib/php.ini
patching file /usr/local/lib/php.ini
Hunk #1 FAILED at 60.
Hunk #2 FAILED at 92.
2 out of 2 hunks FAILED -- saving rejects to file /usr/local/lib/php.ini.rej
can't find file to patch at input line 141
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -Nura php-5.3.2RC3/Zend/zend.h suhosin-patch-5.3.2-0.9.9.1/Zend/zend.h
|--- php-5.3.2RC3/Zend/zend.h 2010-02-03 21:44:43.000000000 +0100
|+++ suhosin-patch-5.3.2-0.9.9.1/Zend/zend.h 2010-03-04 11:51:11.000000000 +0100
File to patch:


no idea? so what do you think is next?
 
Last edited:

fastsvc

Verified User
Joined
Apr 12, 2009
Messages
21
Check php for Suhosin

i formatted the server and started all over . then i used PHP 5.2.13 , when i was done i checked csf and i still have the message saying :
You should recompile PHP with Suhosin to add greater security to PHP

and i typed php -v i got this :
PHP 5.2.13 (cli) (built: Mar 14 2010 04:08:21)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies


any Idea?
 

pppplus

Verified User
Joined
Dec 19, 2008
Messages
519
Hi, I try

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
./build php n
./build set clean yes
And suhosin is not installed.
No error message
 

pppplus

Verified User
Joined
Dec 19, 2008
Messages
519
Ok, I follow this :

Code:
cd /usr/local/
wget http://www.hardened-php.net/suhosin/_media/suhosin-0.9.18.tgz
tar -zxvf suhosin-0.9.18.tgz
cd suhosin-0.9.18
phpize
(if needed : yum install autoconf )

Code:
./configure
make
make test
make install
ls –lah /usr/local/lib/php/extensions//no-debug-non-zts-20060613/
cp /usr/local/lib/php/extensions//no-debug-non-zts-20060613/suhosin.so /usr/lib64/php
Modify PHP.INI

Write :
extension_dir = /usr/lib64/php

In Dynamic Extensions ;
Write
extension=suhosin.so

Now :
Code:
php -v
PHP 5.2.13 (cli) (built: Mar 17 2010 09:41:38)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
:D

I hope it can help you !!
(note it is the first time I can help someone :) )
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,936
Location
LT, EU
I've updated my how-to post :) PHP package was extracted second time by the CustomBuild script, so the patched files were overwritten with "./build php n". There should be no problems now. Good luck!
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,793
Location
A Coruña, Spain
hi, im having a problem with your guide...

Code:
[14:09:13] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>`../build used_configs | grep PHP5 | cut -d: -f2`
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
/usr/local/directadmin/custombuild/configure/ap2/configure.php5: line 3: ./configure: No such file or directory
[14:09:19] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>ls
[14:09:32] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>cd ..
Has you can see the build give error, ive tryed without ' aswell

Code:
[14:11:11] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>../build used_configs | grep PHP5 | cut -d: -f2
 /usr/local/directadmin/custombuild/configure/ap2/configure.php5
[14:11:24] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>ls
[14:11:26] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>make
make: getcwd: No such file or directory
make: *** No targets specified and no makefile found.  Stop.
Seems that the build command clean the directory after configure (probably is a custombuild option)

What i should do for dont clean the directory after configure and why if is a security patch has not been implemented has option in custombuild system?

thanks
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,936
Location
LT, EU
Make sure you execute "./build set clean no" after "./build update".
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,793
Location
A Coruña, Spain
hehe exact what i was thinkin.. thanks for add in your tutorial...

now i come up with a new error :)

Code:
checking for MySQL UNIX socket location... /var/tmp/mysql.sock
configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!
during compiling, of course im not able to make ^^
 

Sc0rian

Verified User
Joined
Jul 26, 2009
Messages
18
worked perfectly thank you.

I did make test..

Code:
=====================================================================
EXPECTED FAILED TEST SUMMARY
---------------------------------------------------------------------
output buffering - fatalism [tests/output/ob_011.phpt]
ob_start(): Ensure unerasable buffer cannot be flushed by ob_flush() [tests/outp                 ut/ob_start_basic_unerasable_005.phpt]
SPL: ArrayObject::exchangeArray() basic usage with object as underlying data sto                 re. [ext/spl/tests/arrayObject_exchangeArray_basic3.phpt]
=====================================================================
but installed it anyway
 

fastsvc

Verified User
Joined
Apr 12, 2009
Messages
21
error when trying in php 5.3

[root@server custombuild]# patch -p0 < suhosin-patch-5.3.2-0.9.9.1.patch
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -Nura php-5.3.2RC3/Zend/Makefile.am suhosin-patch-5.3.2-0.9.9.1/Zend/Makefile.am
|--- php-5.3.2RC3/Zend/Makefile.am 2009-03-18 11:18:10.000000000 +0100
|+++ suhosin-patch-5.3.2-0.9.9.1/Zend/Makefile.am 2010-03-03 20:19:19.000000000 +0100
--------------------------
File to patch:
 

microz

Verified User
Joined
Jun 10, 2009
Messages
111
Location
Santiago, Chile
not works

hi,

i run this commands, but not appears how installed.

cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
cd php-5.2.13
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes
 
Last edited:

DomainHost360

Verified User
Joined
Jul 26, 2010
Messages
6
It's work fine for me. Thank you a lot

I have a question why after recompile php I check server security from csf it still show " WARNING You should recompile PHP with Suhosin to add greater security to PHP"

Any Idea ?
 
Top