Welcome to Centmin Mod Community
Become a Member

Nginx [nginx-announce] nginx-1.13.3

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jul 12, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    11:12 AM
    Nginx 1.13.x
    MariaDB 5.5
    Changes with nginx 1.13.3 11 Jul 2017

    *) Security: a specially crafted request might result in an integer
    overflow and incorrect processing of ranges in the range filter,
    potentially resulting in sensitive information leak (CVE-2017-7529).


    --
    Maxim Dounin
    http://nginx.org/
    _______________________________________________
    nginx-announce mailing list
    nginx-announce@nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx-announce

    Continue reading...
     
    • Informative Informative x 3
    • Like Like x 1
  2. RoldanLT

    RoldanLT Well-Known Member

    3,823
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,257
    Local Time:
    9:12 AM
    1.11
    10.2
     
    • Like Like x 1
  3. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    3:12 AM
    Nginx 1.13.3
    MariaDB 10.1.24
     
    • Like Like x 1
  4. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    11:12 AM
    Nginx 1.13.x
    MariaDB 5.5
    centmin.sh menu option 4 to upgrade nginx specifying version = 1.13.3

    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com    
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
    

    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the 
    YUM install check to speed up upgrade time.
    
     [y/n]: n
    **********************************************************************
    * Nginx Update script - Included in Centmin Extras
    * Version: 1.2.3-eva2000.09.005 - Date: 31/05/2017 - Copyright 2011-2017 CentminMod.com
    **********************************************************************
    
    This software comes with no warranty of any kind. You are free to use
    it for both personal and commercial use as licensed under the GPL.
    
    Nginx Upgrade - Would you like to continue? [y/n] y
    
    Install which version of Nginx? (version i.e. type 1.13.3): 1.13.3
    


    looking good on my end too
     
    Last edited: Jul 12, 2017
    • Like Like x 1
  5. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    11:12 AM
    Nginx 1.13.x
    MariaDB 5.5
  6. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:12 PM
    1.13.0
    MariaDB 10
    Code:
    nginx version: nginx/1.13.3
    built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
    built with LibreSSL 2.5.4
    TLS SNI support enabled
    configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.31 --add-module=../echo-nginx-module-0.60 --add-module=../redis2-nginx-module-0.14 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.32 --with-pcre=../pcre-8.41 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --with-openssl=../libressl-2.5.4
    
     
    • Like Like x 1
  7. Jimmy

    Jimmy Premium Member Premium Member

    1,025
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    9:12 PM
    1.13.x
    MariaDB 10.1.x
    Works great here. (y)
     
    • Like Like x 1
  8. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    11:12 AM
    Nginx 1.13.x
    MariaDB 5.5
    Glad to see some folks are updating. Here's nginx's official security vulnerabilities listing page nginx security advisories

    scary to think some other LEMP stack installers are still stuck on several past nginx versions so they now have numerous security vulnerabilities in their running nginx servers !
     
    • Agree Agree x 3
  9. pamamolf

    pamamolf Well-Known Member

    2,487
    229
    63
    May 31, 2014
    Ratings:
    +390
    Local Time:
    4:12 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    All good for me also :)
     
    • Like Like x 1
  10. Jon Snow

    Jon Snow Member

    97
    18
    8
    Jun 30, 2017
    Ratings:
    +22
    Local Time:
    10:12 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    Everything fine here too.
     
    • Like Like x 1
  11. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    9:12 PM
    Agreed. Another reason Centminmod is the best. :D
     
    • Like Like x 1
  12. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    11:12 AM
    Nginx 1.13.x
    MariaDB 5.5
    Indeed it's why i made sure Centmin Mod's nginx and php-fpm upgrade routines are end user triggered so users don't need to wait for me to update and can initiate an upgrade themselves. @RoldanLT updated his server within 15 mins of this post and ~35 mins of the official Nginx 1.13.3 announcement mailing list post :)
     
    • Like Like x 2
    • Winner Winner x 2
  13. joshuah

    joshuah Member

    115
    14
    18
    Apr 3, 2017
    Ratings:
    +16
    Local Time:
    11:12 AM
    Done on all three servers :)
     
    • Like Like x 2
  14. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    11:12 AM
    Nginx 1.13.x
    MariaDB 5.5
  15. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    9:12 PM
    Is that normal? Must be pretty serious. :unsure:
     
  16. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    11:12 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah for more serious bugs it's standard practice to not reveal the details to give folks time to update IF there are no known exploits of the vulnerability. If there are known exploits out there, then more like to reveal specifics much earlier.
     
    • Informative Informative x 1
  17. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:12 AM
    nginx -version
    Code:
     nginx -V
    nginx version: nginx/1.13.3
    built by gcc 6.2.1 20160916 (Red Hat 6.2.1-3) (GCC)
    built with LibreSSL 2.5.4
    TLS SNI support enabled
    configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.31 --add-module=../echo-nginx-module-0.60 --add-module=../redis2-nginx-module-0.14 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.32 --with-pcre=../pcre-8.41 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --with-http_v2_hpack_enc --with-openssl=../libressl-2.5.4
    pcre with pcretest -C
    Code:
    pcretest -C
    PCRE version 8.40 2017-01-11
    Compiled with
      8-bit support
      UTF-8 support
      16-bit support
      UTF-16 support
      32-bit support
      UTF-32 support
      Unicode properties support
      Just-in-time compiler support: x86 64bit (little endian + unaligned)
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Parentheses nest limit = 250
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
    why with pcretest -c pcre version 8.40 not 8.41 ?
     
  18. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    11:12 AM
    Nginx 1.13.x
    MariaDB 5.5
    nginx static compiled pcre version isn't available as binary and the binary you run pcretest against is one compiled for wget 1.19.1 at initial Centmin Mod install time which would of been pcre 8.40 as 8.41 only was just released

    Code (Text):
    wget -V
    GNU Wget 1.19.1 built on linux-gnu.
    
    -cares +digest -gpgme +https +ipv6 -iri +large-file -metalink +nls
    +ntlm +opie -psl +ssl/openssl
    
    Wgetrc:
        /usr/local/etc/wgetrc (system)
    Locale:
        /usr/local/share/locale
    Compile:
        gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc"
        -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -I
        /usr/local/include -DHAVE_LIBSSL -DNDEBUG -O2 -g -pipe -Wall
        -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
        --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
    Link:
        gcc -I /usr/local/include -DHAVE_LIBSSL -DNDEBUG -O2 -g -pipe -Wall
        -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
        --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
        -L /usr/local/lib -lpcre -lssl -lcrypto -lz ftp-opie.o openssl.o
        http-ntlm.o ../lib/libgnu.a 

    Code (Text):
    which pcretest
    /usr/local/bin/pcretest
    

    Code (Text):
    pcretest -C
    PCRE version 8.40 2017-01-11
    Compiled with
      8-bit support
      UTF-8 support
      16-bit support
      UTF-16 support
      32-bit support
      UTF-32 support
      Unicode properties support
      Just-in-time compiler support: x86 64bit (little endian + unaligned)
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Parentheses nest limit = 250
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
    

    If you want to update that version of pcre, run Centmin Mod 123.09beta01's addons/wget.sh install to recompile
    Code (Text):
    cd /usr/local/src/centminmod
    git pull
    /usr/local/src/centminmod/addons/wget.sh install
    

    updated will show
    Code (Text):
    pcretest -C
    PCRE version 8.41 2017-07-05
    Compiled with
      8-bit support
      UTF-8 support
      16-bit support
      UTF-16 support
      32-bit support
      UTF-32 support
      Unicode properties support
      Just-in-time compiler support: x86 64bit (little endian + unaligned)
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Parentheses nest limit = 250
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
    
     
    • Like Like x 1
  19. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:12 AM
    thank you
    Code:
    Total wget Install Time: 74.092821840 seconds
    #  pcretest -C
    PCRE version 8.41 2017-07-05
    Compiled with
      8-bit support
      UTF-8 support
      16-bit support
      UTF-16 support
      32-bit support
      UTF-32 support
      Unicode properties support
      Just-in-time compiler support: x86 64bit (little endian + unaligned)
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Parentheses nest limit = 250
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
     
    • Like Like x 1