Welcome to Centmin Mod Community
Become a Member

CentOS 7.x CentOS Linux 7.4 (1708) Release

Discussion in 'CentOS, Redhat & Oracle Linux News' started by bassie, Aug 3, 2017.

  1. bassie

    bassie Active Member

    525
    109
    43
    Apr 29, 2016
    Ratings:
    +334
    Local Time:
    5:56 PM
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    29,747
    6,720
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,033
    Local Time:
    1:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    sweet they fixed the iptables bug too before upstream did :)
    Centmin Mod does use alot of 3rd party repos, EPEL, CentOS Plus, Remi, etc so will be interesting to test CR repo updates on a test Centmin Mod server.
     
  3. bassie

    bassie Active Member

    525
    109
    43
    Apr 29, 2016
    Ratings:
    +334
    Local Time:
    5:56 PM
    Mixed feelings about this bugfix.
    If it stays with fasttrack, bug blocker etc, and change it until the upstream patch has been issued, thats fine to me.

    But stick to upstream if possible.
    It's not upstream released yet with a reason, there is always a reason.

    For example CentOS released this patch yesterday 'Wed, 23 Aug 2017 01:53:30 +0000'.
    You can't test all the known 'Enterprise' test scenarios with new code in only one single day.
     
    Last edited: Aug 25, 2017
    • Informative Informative x 1
  4. eva2000

    eva2000 Administrator Staff Member

    29,747
    6,720
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,033
    Local Time:
    1:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    Indeed it's a fine line to walk along when it comes to critical bugs though. How many folks follow so closely to such changes /bugs other than just run yum update when they see a new release and assume all works properly after update ? :)
     
  5. bassie

    bassie Active Member

    525
    109
    43
    Apr 29, 2016
    Ratings:
    +334
    Local Time:
    5:56 PM
    After hitting so many errors, bugs, weird shit and kernel panics in my life, more then enough to write a book, you will :)
     
    • Funny Funny x 1
  6. eva2000

    eva2000 Administrator Staff Member

    29,747
    6,720
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,033
    Local Time:
    1:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    Testing CentOS 7.4 CR repo packages on test CentOS 7 server

    Beautiful sight to see OpenSSL 1.0.2k making it's debut via CR packages
    Code (Text):
    yum info openssl -q
    Installed Packages
    Name        : openssl
    Arch        : x86_64
    Epoch       : 1
    Version     : 1.0.2k
    Release     : 8.el7
    Size        : 814 k
    Repo        : installed
    From repo   : cr
    Summary     : Utilities from the general purpose cryptography library with TLS implementation
    URL         : http://www.openssl.org/
    License     : OpenSSL
    Description : The OpenSSL toolkit provides support for secure communications between
                : machines. OpenSSL includes a certificate management tool and shared
                : libraries which provide various cryptographic algorithms and
                : protocols.
    

    Code (Text):
    rpm -qa --changelog openssl | head -n34
    * Wed May 17 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-8
    - fix regression in openssl req -x509 command (#1450015)
    
    * Thu Apr 13 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-7
    - handle incorrect size gracefully in aes_p8_cbc_encrypt()
    
    * Mon Mar 27 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-6
    - allow long client hellos to be received by server
    
    * Mon Mar 27 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-5
    - fix CPU features detection on new AMD processors
    
    * Thu Mar 09 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-4
    - add support for additional STARTTLS protocols to s_client
      original backported patch by Robert Scheck (#1396209)
    
    * Wed Mar 01 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-3
    - properly document the SSLv2 support removal
    
    * Mon Feb 20 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-2
    - add PPC assembler updates
    
    * Tue Feb 07 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-1
    - minor upstream release 1.0.2k fixing security issues
    
    * Tue Jan 10 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-2
    - deprecate and disable verification of insecure hash algorithms
    - add support for /etc/pki/tls/legacy-settings also for minimum DH length
      accepted by SSL client
    - compare the encrypt and tweak key in XTS as required by FIPS
    
    * Thu Jan 05 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-1
    - rebase to latest upstream release from the 1.0.2 branch, ABI compatible
    
    

    OpenSSH 7.4p1
    Code (Text):
    yum info openssh -q
    Installed Packages
    Name        : openssh
    Arch        : x86_64
    Version     : 7.4p1
    Release     : 11.el7
    Size        : 1.9 M
    Repo        : installed
    From repo   : cr
    Summary     : An open source implementation of SSH protocol versions 1 and 2
    URL         : http://www.openssh.com/portable.html
    License     : BSD
    Description : SSH (Secure SHell) is a program for logging into and executing
                : commands on a remote machine. SSH is intended to replace rlogin and
                : rsh, and to provide secure encrypted communications between two
                : untrusted hosts over an insecure network. X11 connections and
                : arbitrary TCP/IP ports can also be forwarded over the secure channel.
                :
                : OpenSSH is OpenBSD's version of the last free version of SSH, bringing
                : it up to date in terms of security and features.
                :
                : This package includes the core files necessary for both the OpenSSH
                : client and server. To make this package useful, you should also
                : install openssh-clients, openssh-server, or both.
    
    

    recompiling PHP via centmin.sh menu option 5 and then checking the OpenSSL version used after OpenSSL 1.0.2k CR yum update
    Code (Text):
    ldd $(which php) | grep libssl
            libssl.so.10 => /lib64/libssl.so.10 (0x00007fc167249000)
            libssl3.so => /lib64/libssl3.so (0x00007fc1633b9000)
    

    Code (Text):
    rpm -ql openssl-devel | grep libssl.so    
    /usr/lib64/libssl.so
    

    Code (Text):
    ls -lah /usr/lib64/libssl.so
    lrwxrwxrwx 1 root root 16 Sep  7 07:37 /usr/lib64/libssl.so -> libssl.so.1.0.2k
    
    ls -lah /lib64/libssl.so.10
    lrwxrwxrwx 1 root root 16 Sep  7 07:37 /lib64/libssl.so.10 -> libssl.so.1.0.2k
    

    Code (Text):
    php --ri openssl
    
    openssl
    
    OpenSSL support => enabled
    OpenSSL Library Version => OpenSSL 1.0.2k-fips  26 Jan 2017
    OpenSSL Header Version => OpenSSL 1.0.2k-fips  26 Jan 2017
    Openssl default config => /etc/pki/tls/openssl.cnf
    
    Directive => Local Value => Master Value
    openssl.cafile => no value => no value
    openssl.capath => no value => no value
    
     
  7. bassie

    bassie Active Member

    525
    109
    43
    Apr 29, 2016
    Ratings:
    +334
    Local Time:
    5:56 PM
    Something else. Upstream released 7.4, also termed Update 4, August 1, 2017; That's 34 days ago. It's ridiculous for a full time paid team, who can not release a copy in 34 days. All they have to do is rebuild and test.

    I have said it before. STOP! unofficial projects like x86 and Aarch64.
    Which are none upstream, unofficial and not supported.

    Just started with everything at the same time with limited resources. There is no line and structure at all.
     
    • Funny Funny x 1
  8. eva2000

    eva2000 Administrator Staff Member

    29,747
    6,720
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,033
    Local Time:
    1:56 AM
    Nginx 1.13.x
    MariaDB 5.5
  9. bassie

    bassie Active Member

    525
    109
    43
    Apr 29, 2016
    Ratings:
    +334
    Local Time:
    5:56 PM
    Already released;) but the most mirrors are locked, via the master sync server to give time for all mirrors to sync correctly. And wait for the official start. However, some have forgotten this, like this one below:

    mirror.plusserver.com

    Happy downloading and installing.
    (Verified. It works correctly, installed with CentOS-7-x86_64-Everything-1708.iso, + latest updates installed via the same mirror)
     
    • Informative Informative x 1
  10. eva2000

    eva2000 Administrator Staff Member

    29,747
    6,720
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,033
    Local Time:
    1:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    cheers - yay openssl 1.02+ :D
     
  11. bassie

    bassie Active Member

    525
    109
    43
    Apr 29, 2016
    Ratings:
    +334
    Local Time:
    5:56 PM
    • Informative Informative x 1
  12. eva2000

    eva2000 Administrator Staff Member

    29,747
    6,720
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,033
    Local Time:
    1:56 AM
    Nginx 1.13.x
    MariaDB 5.5
  13. bassie

    bassie Active Member

    525
    109
    43
    Apr 29, 2016
    Ratings:
    +334
    Local Time:
    5:56 PM
    • Informative Informative x 1
  14. pamamolf

    pamamolf Well-Known Member

    2,675
    240
    63
    May 31, 2014
    Ratings:
    +425
    Local Time:
    6:56 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Is a server restart needed after the update from 7.3 to 7.4 ?
     
  15. eva2000

    eva2000 Administrator Staff Member

    29,747
    6,720
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,033
    Local Time:
    1:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    technically well yes as update has kernel update too to 3.10.0-693.2.2.el7 so if on non-openvz or non-linode servers, reboot. OpenVZ don't use the system kernel and Linode has custom kernel so do not require reboots
     
    • Informative Informative x 1