Welcome to Centmin Mod Community
Register Now

PHP Security PHP 7.3.0, 7.2.13, 7.1.25, 7.0.33, 5.6.39 Discussion Thread

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Dec 6, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    8:58 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Discussion thread for PHP 7.3.0, 7.2.13, 7.1.25, 7.0.33, 5.6.39 releases.
    For PHP 7.3.0 PHP: News Archive - 2018


     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    8:58 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  3. Revenge

    Revenge Active Member

    430
    91
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +323
    Local Time:
    10:58 PM
    1.9.x
    10.1.x
    PHP 7.3 gives some issues with Invision Power Suite.
     
  4. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    8:58 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah i suspect not all php scripts will be PHP 7.3.0 100% ready yet. Xenforo is same with next release having PHP 7.3.0 support sometime next week Duplicate - PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"?

    Final Wordpress 5.0 stable release is also due out today too with PHP 7.3.0 support WordPress 5.0 RC3

     
  5. Andy

    Andy Premium Member Premium Member

    426
    61
    28
    Aug 6, 2014
    Ratings:
    +85
    Local Time:
    5:58 PM
    when will php 7.3 fully supported by Centminmod?
     
  6. rdan

    rdan Premium Member Premium Member

    4,420
    1,059
    113
    May 25, 2014
    Ratings:
    +1,543
    Local Time:
    6:58 AM
    Mainline
    10.2
    Using PHP 7.3.0 on my Live XF 1.5.22 Forum without issue, except for warning on server logs :D.
     
    • Like Like x 1
  7. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    8:58 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    It is as of today for 123.09beta01 as per PHP 7.3.0, 7.2.13, 7.1.25, 7.0.33, 5.6.39 Released

    Good to hear
     
  8. Andy

    Andy Premium Member Premium Member

    426
    61
    28
    Aug 6, 2014
    Ratings:
    +85
    Local Time:
    5:58 PM
    What kind of warning?
     
  9. rdan

    rdan Premium Member Premium Member

    4,420
    1,059
    113
    May 25, 2014
    Ratings:
    +1,543
    Local Time:
    6:58 AM
    Mainline
    10.2
  10. rdan

    rdan Premium Member Premium Member

    4,420
    1,059
    113
    May 25, 2014
    Ratings:
    +1,543
    Local Time:
    6:58 AM
    Mainline
    10.2
    • Informative Informative x 1
  11. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    8:58 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    see WordPress and PHP 7.3

     
  12. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    8:58 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Posting my Xenforo debug speed numbers on PHP 7.2.13 PGO before I change to PHP 7.3.0 PGO
    • Xenforo 1.5.22 with Centmin Mod 123.09beta01 Nginx 1.15.7 + PHP 7.2.13 PGO (php-fpm)
    • Linode 8GB 4CPU KVM VPS - Intel Xeon E5-2680v2 2.8Ghz
    Code (Text):
    Index - https://community.centminmod.com/
    
    Timing: 0.0463 seconds Memory: 7.101 MB DB Queries: 29
    Timing: 0.0475 seconds Memory: 7.102 MB DB Queries: 29
    Timing: 0.0471 seconds Memory: 7.102 MB DB Queries: 29
    
    Forum News - https://community.centminmod.com/forums/forum-news.2/
    
    Timing: 0.0480 seconds Memory: 7.268 MB DB Queries: 31
    Timing: 0.0481 seconds Memory: 7.268 MB DB Queries: 31
    Timing: 0.0472 seconds Memory: 7.266 MB DB Queries: 31
    
    Forum News Thread - https://community.centminmod.com/threads/forums-update-php-7-2-latest.16187/
    
    Timing: 0.0528 seconds Memory: 8.191 MB DB Queries: 30
    Timing: 0.0538 seconds Memory: 8.192 MB DB Queries: 30
    Timing: 0.0521 seconds Memory: 8.192 MB DB Queries: 30
    
    Members List - https://community.centminmod.com/members/
    
    Timing: 0.0388 seconds Memory: 5.914 MB DB Queries: 18
    Timing: 0.0399 seconds Memory: 5.914 MB DB Queries: 18
    Timing: 0.0390 seconds Memory: 5.914 MB DB Queries: 18
    
    Conversations Index - https://community.centminmod.com/conversations/
    
    Timing: 0.0287 seconds Memory: 5.530 MB DB Queries: 15
    Timing: 0.0276 seconds Memory: 5.530 MB DB Queries: 15
    Timing: 0.0286 seconds Memory: 5.530 MB DB Queries: 15
    
    
    
    
     
  13. Revenge

    Revenge Active Member

    430
    91
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +323
    Local Time:
    10:58 PM
    1.9.x
    10.1.x
     
    • Informative Informative x 2
  14. rdan

    rdan Premium Member Premium Member

    4,420
    1,059
    113
    May 25, 2014
    Ratings:
    +1,543
    Local Time:
    6:58 AM
    Mainline
    10.2
    • Informative Informative x 1
  15. Andy

    Andy Premium Member Premium Member

    426
    61
    28
    Aug 6, 2014
    Ratings:
    +85
    Local Time:
    5:58 PM
    which version of xenforo are you using?
     
  16. rdan

    rdan Premium Member Premium Member

    4,420
    1,059
    113
    May 25, 2014
    Ratings:
    +1,543
    Local Time:
    6:58 AM
    Mainline
    10.2
    1.5.22
     
  17. Andy

    Andy Premium Member Premium Member

    426
    61
    28
    Aug 6, 2014
    Ratings:
    +85
    Local Time:
    5:58 PM
    get it updated to xf 2.1 for better performance
     
  18. rdan

    rdan Premium Member Premium Member

    4,420
    1,059
    113
    May 25, 2014
    Ratings:
    +1,543
    Local Time:
    6:58 AM
    Mainline
    10.2
    Soon :).
    I still have 28 addons needs 2.1 update also.
     
  19. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    8:58 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    FYI, seems PHP 7.1.25 and 7.2.13 missed one security CVE-2018-19935 fix for PHP IMAP mail PHP :: Sec Bug #77020 :: null pointer dereference in imap_mail
    from CVE - CVE-2018-19935
    I just updated Centmin Mod 123.09beta01 to auto patch PHP 7.1.25 and 7.2.13 with the missing CVE security bug fix Beta Branch - auto patch PHP 7.1.25 & 7.2.13 for missing security CVE-2018-19935 fix.

    Be sure to updated 123.09beta01 via cmupdate command before re-running centmin.sh menu option 5 to reinstall PHP 7.2.13 or 7.1.25 if those versions are being used.
    Code (Text):
    cmupdate
    Saved working directory and index state WIP on 123.09beta01: c61c197 update centmin.sh menu option 22 in 123.09beta01
    HEAD is now at c61c197 update centmin.sh menu option 22 in 123.09beta01
    remote: Enumerating objects: 26, done.
    remote: Counting objects: 100% (26/26), done.
    remote: Compressing objects: 100% (4/4), done.
    remote: Total 11 (delta 6), reused 11 (delta 6), pack-reused 0
    Unpacking objects: 100% (11/11), done.
    From https://github.com/centminmod/centminmod
       c61c197..d00c75c  123.09beta01 -> origin/123.09beta01
    Updating c61c197..d00c75c
    Fast-forward
     centmin.sh                 |  8 +++++++-
     example/custom_config.inc  |  1 +
     inc/php_patch.inc          | 33 +++++++++++++++++++++++++++++++++
     inc/php_upgrade.inc        | 14 +++-----------
     patches/php/77020fix.patch | 10 ++++++++++
     5 files changed, 54 insertions(+), 12 deletions(-)
     create mode 100644 inc/php_patch.inc
     create mode 100644 patches/php/77020fix.patch
    

    After PHP 7.2.13 or 7.1.25 recompile, you can inspect /root/centminlogs/patch_php_*.log to see if PHP was auto patched i.e.
    Code (Text):
    cat /root/centminlogs/patch_php_091218-081052.log
    
    patching PHP for CVE-2018-19935
    https://bugs.php.net/bug.php?id=77020
    
    /svr-setup/php-7.2.13/ext/imap /svr-setup/php-7.2.13
    dos2unix: converting file 77020fix.patch to Unix format ...
    patching file php_imap.c
    
     
    • Like Like x 1
  20. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    8:58 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Xenforo folks reported that a bug in PHP 7.3.0 Zend Opcache can potentially result in data loss and would be fixed in PHP 7.3.1 so probably need to hold off on PHP 7.3.0 for production usage.
    I might end up applying the patch to PHP 7.3.0 for Centmin Mod, will see :)

    Edit: updated Centmin Mod 123.09beta01 code to auto patch fix PHP 7.3.0 for this Zend Opcache bug Beta Branch - auto patch PHP 7.3.0 for serious Zend Opcache bug :D
     
    • Like Like x 2
..