Welcome to Centmin Mod Community
Become a Member

Nginx [nginx-announce] nginx-1.13.3

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jul 12, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    7:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Changes with nginx 1.13.3 11 Jul 2017

    *) Security: a specially crafted request might result in an integer
    overflow and incorrect processing of ranges in the range filter,
    potentially resulting in sensitive information leak (CVE-2017-7529).


    --
    Maxim Dounin
    http://nginx.org/
    _______________________________________________
    nginx-announce mailing list
    nginx-announce@nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx-announce


    Continue reading...
     
  2. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    5:23 AM
    Mainline
    10.2
     
  3. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    11:23 PM
    Nginx 1.17.9
    MariaDB 10.3.22
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    7:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    centmin.sh menu option 4 to upgrade nginx specifying version = 1.13.3

    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com    
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
    

    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the 
    YUM install check to speed up upgrade time.
    
     [y/n]: n
    **********************************************************************
    * Nginx Update script - Included in Centmin Extras
    * Version: 1.2.3-eva2000.09.005 - Date: 31/05/2017 - Copyright 2011-2017 CentminMod.com
    **********************************************************************
    
    This software comes with no warranty of any kind. You are free to use
    it for both personal and commercial use as licensed under the GPL.
    
    Nginx Upgrade - Would you like to continue? [y/n] y
    
    Install which version of Nginx? (version i.e. type 1.13.3): 1.13.3
    


    looking good on my end too
     
    Last edited: Jul 12, 2017
  5. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    7:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. CarpCharacin

    CarpCharacin Member

    267
    21
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +34
    Local Time:
    3:23 PM
    1.15.x
    MariaDB 10.1
    Code:
    nginx version: nginx/1.13.3
    built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
    built with LibreSSL 2.5.4
    TLS SNI support enabled
    configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.31 --add-module=../echo-nginx-module-0.60 --add-module=../redis2-nginx-module-0.14 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.32 --with-pcre=../pcre-8.41 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --with-openssl=../libressl-2.5.4
    
     
  7. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    5:23 PM
    Works great here. (y)
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    7:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Glad to see some folks are updating. Here's nginx's official security vulnerabilities listing page nginx security advisories

    scary to think some other LEMP stack installers are still stuck on several past nginx versions so they now have numerous security vulnerabilities in their running nginx servers !
     
  9. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    12:23 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    All good for me also :)
     
  10. Jon Snow

    Jon Snow Active Member

    766
    157
    43
    Jun 30, 2017
    Ratings:
    +225
    Local Time:
    6:23 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    Everything fine here too.
     
  11. deltahf

    deltahf Premium Member Premium Member

    581
    264
    63
    Jun 8, 2014
    Ratings:
    +482
    Local Time:
    5:23 PM
    Agreed. Another reason Centminmod is the best. :D
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    7:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Indeed it's why i made sure Centmin Mod's nginx and php-fpm upgrade routines are end user triggered so users don't need to wait for me to update and can initiate an upgrade themselves. @RoldanLT updated his server within 15 mins of this post and ~35 mins of the official Nginx 1.13.3 announcement mailing list post :)
     
  13. joshuah

    joshuah Member

    121
    14
    18
    Apr 3, 2017
    Ratings:
    +17
    Local Time:
    7:23 AM
    Done on all three servers :)
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    7:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  15. deltahf

    deltahf Premium Member Premium Member

    581
    264
    63
    Jun 8, 2014
    Ratings:
    +482
    Local Time:
    5:23 PM
    Is that normal? Must be pretty serious. :unsure:
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    7:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah for more serious bugs it's standard practice to not reveal the details to give folks time to update IF there are no known exploits of the vulnerability. If there are known exploits out there, then more like to reveal specifics much earlier.
     
  17. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    4:23 AM
    nginx -version
    Code:
     nginx -V
    nginx version: nginx/1.13.3
    built by gcc 6.2.1 20160916 (Red Hat 6.2.1-3) (GCC)
    built with LibreSSL 2.5.4
    TLS SNI support enabled
    configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.31 --add-module=../echo-nginx-module-0.60 --add-module=../redis2-nginx-module-0.14 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.32 --with-pcre=../pcre-8.41 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --with-http_v2_hpack_enc --with-openssl=../libressl-2.5.4
    pcre with pcretest -C
    Code:
    pcretest -C
    PCRE version 8.40 2017-01-11
    Compiled with
      8-bit support
      UTF-8 support
      16-bit support
      UTF-16 support
      32-bit support
      UTF-32 support
      Unicode properties support
      Just-in-time compiler support: x86 64bit (little endian + unaligned)
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Parentheses nest limit = 250
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
    why with pcretest -c pcre version 8.40 not 8.41 ?
     
  18. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    7:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nginx static compiled pcre version isn't available as binary and the binary you run pcretest against is one compiled for wget 1.19.1 at initial Centmin Mod install time which would of been pcre 8.40 as 8.41 only was just released

    Code (Text):
    wget -V
    GNU Wget 1.19.1 built on linux-gnu.
    
    -cares +digest -gpgme +https +ipv6 -iri +large-file -metalink +nls
    +ntlm +opie -psl +ssl/openssl
    
    Wgetrc:
        /usr/local/etc/wgetrc (system)
    Locale:
        /usr/local/share/locale
    Compile:
        gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc"
        -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -I
        /usr/local/include -DHAVE_LIBSSL -DNDEBUG -O2 -g -pipe -Wall
        -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
        --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
    Link:
        gcc -I /usr/local/include -DHAVE_LIBSSL -DNDEBUG -O2 -g -pipe -Wall
        -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
        --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
        -L /usr/local/lib -lpcre -lssl -lcrypto -lz ftp-opie.o openssl.o
        http-ntlm.o ../lib/libgnu.a 

    Code (Text):
    which pcretest
    /usr/local/bin/pcretest
    

    Code (Text):
    pcretest -C
    PCRE version 8.40 2017-01-11
    Compiled with
      8-bit support
      UTF-8 support
      16-bit support
      UTF-16 support
      32-bit support
      UTF-32 support
      Unicode properties support
      Just-in-time compiler support: x86 64bit (little endian + unaligned)
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Parentheses nest limit = 250
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
    

    If you want to update that version of pcre, run Centmin Mod 123.09beta01's addons/wget.sh install to recompile
    Code (Text):
    cd /usr/local/src/centminmod
    git pull
    /usr/local/src/centminmod/addons/wget.sh install
    

    updated will show
    Code (Text):
    pcretest -C
    PCRE version 8.41 2017-07-05
    Compiled with
      8-bit support
      UTF-8 support
      16-bit support
      UTF-16 support
      32-bit support
      UTF-32 support
      Unicode properties support
      Just-in-time compiler support: x86 64bit (little endian + unaligned)
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Parentheses nest limit = 250
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
    
     
  19. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    4:23 AM
    thank you
    Code:
    Total wget Install Time: 74.092821840 seconds
    #  pcretest -C
    PCRE version 8.41 2017-07-05
    Compiled with
      8-bit support
      UTF-8 support
      16-bit support
      UTF-16 support
      32-bit support
      UTF-32 support
      Unicode properties support
      Just-in-time compiler support: x86 64bit (little endian + unaligned)
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Parentheses nest limit = 250
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack