Join the community today
Register Now

Beta Branch auto patch PHP 7.1.25 & 7.2.13 for missing security CVE-2018-19935 fix

Discussion in 'Centmin Mod Github Commits' started by eva2000, Dec 9, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    45,459
    10,315
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,000
    Local Time:
    8:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    auto patch PHP 7.1.25 & 7.2.13 for missing security CVE-2018-19935 fix

    - for 123.0beta01, auto patch PHP 7.1.25 & 7.2.13 for missing security CVE-2018-19935 fix for PHP IMAP mail https://bugs.php.net/bug.php?id=77020. The missed fixes are scheduled for PHP 7.1.26 and 7.2.14 for non-Centmin Mod systems.
    - patched PHP routines are logged to /root/centminlogs/patch_php_*.log date timestamped logs

    Continue reading...

    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,459
    10,315
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,000
    Local Time:
    8:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    be sure to updated 123.09beta01 via cmupdate command before re-running centmin.sh menu option 5 to reinstall PHP 7.2.13 or 7.1.25 if those versions are being used.
    Code (Text):
    cmupdate
    Saved working directory and index state WIP on 123.09beta01: c61c197 update centmin.sh menu option 22 in 123.09beta01
    HEAD is now at c61c197 update centmin.sh menu option 22 in 123.09beta01
    remote: Enumerating objects: 26, done.
    remote: Counting objects: 100% (26/26), done.
    remote: Compressing objects: 100% (4/4), done.
    remote: Total 11 (delta 6), reused 11 (delta 6), pack-reused 0
    Unpacking objects: 100% (11/11), done.
    From https://github.com/centminmod/centminmod
       c61c197..d00c75c  123.09beta01 -> origin/123.09beta01
    Updating c61c197..d00c75c
    Fast-forward
     centmin.sh                 |  8 +++++++-
     example/custom_config.inc  |  1 +
     inc/php_patch.inc          | 33 +++++++++++++++++++++++++++++++++
     inc/php_upgrade.inc        | 14 +++-----------
     patches/php/77020fix.patch | 10 ++++++++++
     5 files changed, 54 insertions(+), 12 deletions(-)
     create mode 100644 inc/php_patch.inc
     create mode 100644 patches/php/77020fix.patch
    
     
  3. rdan

    rdan Well-Known Member

    4,992
    1,191
    113
    May 25, 2014
    Ratings:
    +1,813
    Local Time:
    6:10 AM
    Mainline
    10.2
    If we don't use IMAP it's fine to skip this patch?
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,459
    10,315
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,000
    Local Time:
    8:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Yeah but won't hurt to have it in place either :)
     
  5. rdan

    rdan Well-Known Member

    4,992
    1,191
    113
    May 25, 2014
    Ratings:
    +1,813
    Local Time:
    6:10 AM
    Mainline
    10.2
    Hm 10+ minutes to recompile each server with PGO :D.
     
  6. eva2000

    eva2000 Administrator Staff Member

    45,459
    10,315
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,000
    Local Time:
    8:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    With SecureCRT or any decent tab based SSH client, you can run updates simultaneously - I can easily upgrade 20x Centmin Mod LEMP servers per SecureCRT SSH client window with the just 1 command line. So 5 windows with 20x servers each = upgrading 100 servers in the time it takes to upgrade 1 single server :)

    Though I am working on standalone scripts to update Centmin Mod Nginx and PHP-FPM that can run solely from command line to script updating.