Learn about Centmin Mod LEMP Stack today
Become a Member

PHP PHP 7.0.25 & PHP 7.1.11 CVE Security Update Available

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Oct 26, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    For PHP 7.1.11 php-src/NEWS at php-7.1.11 Ā· php/php-src Ā· GitHub

    Continue reading...

     
    Last edited: Oct 27, 2017
  2. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    To update Centmin Mod code first, run centmin.sh menu option 23 submenu option 2 and then exit centmin.sh. Then re-run centmin.sh menu option 5 to update to your desired PHP version when asked i.e. 7.0.25 or 7.1.11
    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com     
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 5
    

    You can skip yum checks and continue to specify PHP version desired.
    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the 
    YUM install check to speed up upgrade time.
    
     [y/n]: N
    

    Code (Text):
         ____   _   _  ____       _   _                                _       
        |  _ \ | | | ||  _ \  _  | | | | _ __    __ _  _ __  __ _   __| |  ___ 
        | |_) || |_| || |_) |(_) | | | || '_ \  / _` || '__|/ _` | / _` | / _ \
        |  __/ |  _  ||  __/  _  | |_| || |_) || (_| || |  | (_| || (_| ||  __/
        |_|    |_| |_||_|    (_)  \___/ | .__/  \__, ||_|   \__,_| \__,_| \___|
                                        |_|     |___/                         
    
    PHP Upgrade/Downgrade - Would you like to continue? [y/n] y
    
    ----------------------------------------------------------------
    Install which version of PHP? (version i.e. 5.6.31, 7.0.18, NGDEBUG)
    PHP 7.x/7.1.x is GA Stable but still may have broken PHP extensions.
    NGDEBUG is PHP 7.2.0 dev builds minus incompatible PHP extensions
    ----------------------------------------------------------------
    Enter PHP Version number you want to upgrade/downgrade to: 7.1.11
    ----------------------------------------------------------------
    existing php.ini will be backed up at /usr/local/lib/php.ini-oldversion_261017-212257
    ----------------------------------------------------------------
    
    -----------------------------------------------------------------------------------------
    Detected PHP 7.1 branch.
    You can compile Zend OPcache (Zend Optimizer Plus+) support
    as an alternative to using APC Cache or Xcache cache.
    But Zend OPcache only provides PHP opcode cache and
    DOESN'T do data caching, so if your web apps such as Wordpress,
    Drupal or vBulletin require data caching to APC or Xcache,
    it won't work with Zend OPcache.
    
    -----------------------------------------------------------------------------------------
    Do you want to use Zend OPcache [y/n] ? y
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Updated
    Code (Text):
    php -v
    PHP 7.1.11 (cli) (built: Oct 26 2017 21:40:20) ( NTS )
    Copyright (c) 1997-2017 The PHP Group
    Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
        with Zend OPcache v7.1.11, Copyright (c) 1999-2017, by Zend Technologies
    
     
  4. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    On the last Centminmod latest beta setup two months ago doesn't provide that question when i try to upgrade:


    Is that default now to not ask for this option?
     
  5. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    it only asks if centmin.sh detects that php-fpm.conf contents differs from default template i.e. if you modified it from default otherwise skips asking
     
  6. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    I don't use defaults :

    Code:
    pm = dynamic
    pm.max_children = 100
    ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
    pm.start_servers = 30
    pm.min_spare_servers = 10
    pm.max_spare_servers = 100
    pm.max_requests = 4000
     
  7. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    will have to look into that.. did you run centmin.sh from /usr/local/src/centminmod or just type centmin shortcut command to bring up centmin.sh menu ? the later method might not pick up the correct directory to compare with default template

    if you run centmin.sh from /usr/local/src/centminmod i.e. via cmdir shortcut to change into /usr/local/src/centminmod first
    Code (Text):
    cmdir
    ./centmin.sh
    

    it should pick up the template

    other reason is if you set in persistent config with PHP_OVERWRITECONF='n' it defaults to yes
    Code (Text):
    PHP_OVERWRITECONF='y'       # whether to show the php upgrade prompt to overwrite php-fpm.conf
    
     
    Last edited: Oct 27, 2017
  8. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    I just type centmin :)
     
  9. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    No i do not have that :

    Can you adjust that so it will work as the rest of my servers? :)
     
  10. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Will look into it a bit later. Kind of busy right now and haven't slept in 15hrs heh :)
     
  11. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    Great no problem take your time :)

    Just keep a note for it :)
     
  12. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    Just a reminder as it is important that fix for me please :)

    Thank you George !!!
     
  13. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    i see the issue the current check is for php.conf include file not php-fpm.conf config file which is originally intended check as only ever want to overwrite php.conf and leave php-fpm.conf alone as users may have customised their php-fpm.conf settings
     
  14. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    It sounds like an easy fix to add .... or not? :)
     
  15. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    maybe something for a bit later when I have time

    1. there is a bug in the text it should prompt to overwrite php.conf not php-fpm.conf
    2. it's actually harder to detect changes in php-fpm.conf as it maybe dynamically tuned after initial install, so you don't have a set default template to compare to
     
  16. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    My issue is not if it will detect any file edits or if it will not adjust any settings...

    My issue is that i use xshell to update all servers at ones when a new php version is out but on that server only I do not get the same prompts when upgrading so for example when I get on most servers a prompt about overwriting the config on the other server as that prompt is missing I will have a prompt about using zend opcache and when I select for all servers ā€˜n’ to not overwrite the config the other server will get ā€˜n’ for the prompt to use zend opcache :-(
     
  17. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    if you always answer no for prompt, then just set in persistent config file /etc/centminmod/custom_config.inc
    Code (Text):
    PHP_OVERWRITECONF='n'
    

    that's what the persistent config file is for ;)
     
  18. Jon Snow

    Jon Snow Active Member

    859
    172
    43
    Jun 30, 2017
    Ratings:
    +264
    Local Time:
    11:44 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    A little off-topic but wow. Xshell is a lot better than putty like I've been hearing. I've been doing it one at a time in putty but I'm not sure if I can update multiple servers at the same time.
     
  19. eva2000

    eva2000 Administrator Staff Member

    55,797
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    12:44 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    see discussion at Sysadmin - What SFTP/FTP and SSH client apps do you use ? with right ssh client you can run one command to update many open ssh sessions

    I use securecrt and can update 20-30 centmin mod servers per ssh window with multiple ssh windows with just a single command(s). So 4 ssh windows of 30 ssh sessions = 120 servers :)
     
  20. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    5:44 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    As i never answer yes to overwrite the php.conf file i think it will break the multiple pools as an edit needed on that file?

    What about phpmyadmin installation?

    Overwriting using the default template would not cause any related issues?
     
    Last edited: Oct 31, 2017