Want more timely Centmin Mod News Updates?
Become a Member

Security LibreSSL February 2017: LibreSSL 2.4.5 stable & 2.5.1 dev Releases

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Feb 2, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,166
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:14 AM
    Nginx 1.13.x
    MariaDB 5.5

    Centmin Mod + LibreSSL 2.4.5



    LibreSSL 2.4.5 is now latest stable release https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.5-relnotes.txt. Also LibreSSL 2.5.1 development release is out too https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.1-relnotes.txt

    LibreSSL 2.4.5

    LibreSSL 2.5.1
    Centmin Mod 123.08stable and 123.09beta01 Github branches corresponding to Centmin Mod 1.2.3-eva2000.08 stable and Centmin Mod 1.2.3-eva2000.09 beta01 have been updated to default to LibreSSL 2.4.5 for new fresh installs. For existing folks, follow below update instructions.

    Centmin Mod Nginx Update LibreSSL



    For Centmin Mod 1.2.3-eva2000.08 beta03, .08 stable and higher you can update to LibreSSL 2.4.5 via 2 steps.

    Step 1. Updating centmin.sh LIBRESSL_VERSION variable to 2.4.5. Best way is to use centmin.sh menu option 23 submenu option 2 for auto updating Centmin Mod code as outlined at centminmod.com/upgrade.html and at https://community.centminmod.com/threads/new-08-beta-menu-option-updating-centmin-mod-via-git.3084/. That will auto update centmin.sh to latest version which already has LIBRESSL_VERSION='2.4.5' set.

    Check your updated Centmin Mod centmin.sh to see if LIBRESSL_VERSION='2.4.5' is set. If not set and you do not have centmin.sh menu option 23 submenu option 1 for git environment setup, then you need to manually update and edit in your persistent config file (create it if it doesn't exist) at /etc/centminmod/custom_config.inc and add to it:

    Code (Text):
    # LibreSSL
    LIBRESSL_SWITCH='y'        # if set to 'y' it overrides OpenSSL as the default static compiled option for Nginx server
    LIBRESSL_VERSION='2.4.5'   # Use this version of LibreSSL http://www.libressl.org/


    Step 2. Then select centmin.sh menu option #4 to upgrade/downgrade Nginx recompile Nginx and specify latest Nginx version i.e. 1.11.5+ or newer.

    For example after recompile Nginx version output will show built with LibreSSL 2.4.5

    for 123.09 beta01 with NGINXMODULE_ALTORDER=y enabled

    Use command to verify update
    Code (Text):
    nginx -V
    

    LibreSSL 2.4.5



    You'll find latest LibreSSL 2.4.5 on official site.
     
    Last edited: Feb 2, 2017
    • Like Like x 3
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,166
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    If you want LibreSSL 2.5.1 instead of LibreSSL 2.4.5. Set in persistent config file /etc/centminmod/custom_config.inc the variable
    Code (Text):
    LIBRESSL_VERSION='2.5.1' 
    

    This will override the centmin.sh set LIBRESSL_VERSION='2.4.5' when you run centmin.sh menu option 4 to recompile Nginx

    end result
     
    • Informative Informative x 1
  3. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    3:14 AM
    1
    10
    After the update can
    Code:
    # LibreSSL
    LIBRESSL_SWITCH='y'        # if set to 'y' it overrides OpenSSL as the default static compiled option for Nginx server
    LIBRESSL_VERSION='2.4.5'   # Use this version of LibreSSL http://www.libressl.org/
    be removed from the custom config file or does it have to stay there.

    I'm assuming if it's removed, it won't auto downgrade on subsequent updates
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,166
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    you don't need those set in /etc/centminmod/custom_config.inc if they are already set as such in centmin.sh which is updated by me. Only time you set them is if new LibreSSL version is out but i have yet to update them in centmin.sh
     
    • Like Like x 1
  5. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    3:14 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    Why is centmin on 2.4.5 verison?
    Some incompatible stuff or...?
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,166
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    LibreSSL stable release is 2.4.5. LibreSSL 2.5.1 is development release.
     
    • Like Like x 1
    • Informative Informative x 1