/ Register

Welcome to Centmin Mod Community
Register Now

PHP Security PHP 7.3.0, 7.2.13, 7.1.25, 7.0.33, 5.6.39 Discussion Thread

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Dec 6, 2018.

Tags:
Previous Thread Next Thread
Loading...
Page 1 of 2
  1. Dec 6, 2018 #1
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    9:57 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Discussion thread for PHP 7.3.0, 7.2.13, 7.1.25, 7.0.33, 5.6.39 releases.
    For PHP 7.3.0 PHP: News Archive - 2018

     
  2. Dec 7, 2018 #2
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    9:57 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. Dec 7, 2018 #3
    Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    12:57 PM
    1.9.x
    10.1.x
    PHP 7.3 gives some issues with Invision Power Suite.
     
  4. Dec 7, 2018 #4
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    9:57 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah i suspect not all php scripts will be PHP 7.3.0 100% ready yet. Xenforo is same with next release having PHP 7.3.0 support sometime next week Duplicate - PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"?

    Final Wordpress 5.0 stable release is also due out today too with PHP 7.3.0 support WordPress 5.0 RC3

     
  5. Dec 7, 2018 #5
    Andy

    Andy Active Member

    544
    89
    28
    Aug 6, 2014
    Ratings:
    +133
    Local Time:
    6:57 AM
    when will php 7.3 fully supported by Centminmod?
     
  6. Dec 7, 2018 #6
    rdan

    rdan Well-Known Member

    5,449
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    7:57 PM
    Mainline
    10.2
    Using PHP 7.3.0 on my Live XF 1.5.22 Forum without issue, except for warning on server logs :D.
     
  7. Dec 7, 2018 #7
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    9:57 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    It is as of today for 123.09beta01 as per PHP 7.3.0, 7.2.13, 7.1.25, 7.0.33, 5.6.39 Released

    Good to hear
     
  8. Dec 7, 2018 #8
    Andy

    Andy Active Member

    544
    89
    28
    Aug 6, 2014
    Ratings:
    +133
    Local Time:
    6:57 AM
    What kind of warning?
     
  9. Dec 7, 2018 #9
    rdan

    rdan Well-Known Member

    5,449
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    7:57 PM
    Mainline
    10.2
  10. Dec 7, 2018 #10
    rdan

    rdan Well-Known Member

    5,449
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    7:57 PM
    Mainline
    10.2
  11. Dec 7, 2018 #11
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    9:57 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    see WordPress and PHP 7.3

     
  12. Dec 7, 2018 #12
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    9:57 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Posting my Xenforo debug speed numbers on PHP 7.2.13 PGO before I change to PHP 7.3.0 PGO
    • Xenforo 1.5.22 with Centmin Mod 123.09beta01 Nginx 1.15.7 + PHP 7.2.13 PGO (php-fpm)
    • Linode 8GB 4CPU KVM VPS - Intel Xeon E5-2680v2 2.8Ghz
    Code (Text):
    Index - https://community.centminmod.com/

Timing: 0.0463 seconds Memory: 7.101 MB DB Queries: 29
Timing: 0.0475 seconds Memory: 7.102 MB DB Queries: 29
Timing: 0.0471 seconds Memory: 7.102 MB DB Queries: 29

Forum News - https://community.centminmod.com/forums/forum-news.2/

Timing: 0.0480 seconds Memory: 7.268 MB DB Queries: 31
Timing: 0.0481 seconds Memory: 7.268 MB DB Queries: 31
Timing: 0.0472 seconds Memory: 7.266 MB DB Queries: 31

Forum News Thread - https://community.centminmod.com/threads/forums-update-php-7-2-latest.16187/

Timing: 0.0528 seconds Memory: 8.191 MB DB Queries: 30
Timing: 0.0538 seconds Memory: 8.192 MB DB Queries: 30
Timing: 0.0521 seconds Memory: 8.192 MB DB Queries: 30

Members List - https://community.centminmod.com/members/

Timing: 0.0388 seconds Memory: 5.914 MB DB Queries: 18
Timing: 0.0399 seconds Memory: 5.914 MB DB Queries: 18
Timing: 0.0390 seconds Memory: 5.914 MB DB Queries: 18

Conversations Index - https://community.centminmod.com/conversations/

Timing: 0.0287 seconds Memory: 5.530 MB DB Queries: 15
Timing: 0.0276 seconds Memory: 5.530 MB DB Queries: 15
Timing: 0.0286 seconds Memory: 5.530 MB DB Queries: 15
     
  13. Dec 8, 2018 #13
    Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    12:57 PM
    1.9.x
    10.1.x
     
  14. Dec 8, 2018 #14
    rdan

    rdan Well-Known Member

    5,449
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    7:57 PM
    Mainline
    10.2
  15. Dec 9, 2018 #15
    Andy

    Andy Active Member

    544
    89
    28
    Aug 6, 2014
    Ratings:
    +133
    Local Time:
    6:57 AM
    which version of xenforo are you using?
     
  16. Dec 9, 2018 #16
    rdan

    rdan Well-Known Member

    5,449
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    7:57 PM
    Mainline
    10.2
    1.5.22
     
  17. Dec 9, 2018 #17
    Andy

    Andy Active Member

    544
    89
    28
    Aug 6, 2014
    Ratings:
    +133
    Local Time:
    6:57 AM
    get it updated to xf 2.1 for better performance
     
  18. Dec 9, 2018 #18
    rdan

    rdan Well-Known Member

    5,449
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    7:57 PM
    Mainline
    10.2
    Soon :).
    I still have 28 addons needs 2.1 update also.
     
  19. Dec 9, 2018 #19
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    9:57 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FYI, seems PHP 7.1.25 and 7.2.13 missed one security CVE-2018-19935 fix for PHP IMAP mail PHP :: Sec Bug #77020 :: null pointer dereference in imap_mail
    from CVE - CVE-2018-19935
    I just updated Centmin Mod 123.09beta01 to auto patch PHP 7.1.25 and 7.2.13 with the missing CVE security bug fix Beta Branch - auto patch PHP 7.1.25 & 7.2.13 for missing security CVE-2018-19935 fix.

    Be sure to updated 123.09beta01 via cmupdate command before re-running centmin.sh menu option 5 to reinstall PHP 7.2.13 or 7.1.25 if those versions are being used.
    Code (Text):
    cmupdate
Saved working directory and index state WIP on 123.09beta01: c61c197 update centmin.sh menu option 22 in 123.09beta01
HEAD is now at c61c197 update centmin.sh menu option 22 in 123.09beta01
remote: Enumerating objects: 26, done.
remote: Counting objects: 100% (26/26), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 11 (delta 6), reused 11 (delta 6), pack-reused 0
Unpacking objects: 100% (11/11), done.
From https://github.com/centminmod/centminmod
   c61c197..d00c75c  123.09beta01 -> origin/123.09beta01
Updating c61c197..d00c75c
Fast-forward
 centmin.sh                 |  8 +++++++-
 example/custom_config.inc  |  1 +
 inc/php_patch.inc          | 33 +++++++++++++++++++++++++++++++++
 inc/php_upgrade.inc        | 14 +++-----------
 patches/php/77020fix.patch | 10 ++++++++++
 5 files changed, 54 insertions(+), 12 deletions(-)
 create mode 100644 inc/php_patch.inc
 create mode 100644 patches/php/77020fix.patch

    After PHP 7.2.13 or 7.1.25 recompile, you can inspect /root/centminlogs/patch_php_*.log to see if PHP was auto patched i.e.
    Code (Text):
    cat /root/centminlogs/patch_php_091218-081052.log

patching PHP for CVE-2018-19935
https://bugs.php.net/bug.php?id=77020

/svr-setup/php-7.2.13/ext/imap /svr-setup/php-7.2.13
dos2unix: converting file 77020fix.patch to Unix format ...
patching file php_imap.c
     
  20. Dec 12, 2018 #20
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    9:57 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Xenforo folks reported that a bug in PHP 7.3.0 Zend Opcache can potentially result in data loss and would be fixed in PHP 7.3.1 so probably need to hold off on PHP 7.3.0 for production usage.
    I might end up applying the patch to PHP 7.3.0 for Centmin Mod, will see :)

    Edit: updated Centmin Mod 123.09beta01 code to auto patch fix PHP 7.3.0 for this Zend Opcache bug Beta Branch - auto patch PHP 7.3.0 for serious Zend Opcache bug :D
     
Previous Thread Next Thread
Loading...
Page 1 of 2

.