Learn about Centmin Mod LEMP Stack today
Register Now

PHP Security PHP 7.3.6, 7.2.19, 7.1.30 Security Updates

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, May 29, 2019.

  1. eva2000

    eva2000 Administrator Staff Member

    40,624
    9,016
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,883
    Local Time:
    10:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    PHP has released security & bug fix updates for PHP 7.1.30, 7.2.19 and 7.3.6 versions for CVE-2019-11038 and CVE-2019-11039 security vulnerabilities. Full details at https://community.centminmod.com/th...y-updates-backported-fixes-php-5-6-7-0.17570/. Paying attention to section titled Updating PHP On Centmin Mod LEMP Stacks for differences between max PHP 7.x supported versions for 123.08stable versus 123.09beta01.

    PHP Change logs for

    Centmin Mod 123.09beta01 PHP 7.3.6 update



    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 5
    --------------------------------------------------------
    

    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the
    YUM install check to speed up upgrade time.
    
     [y/n]: n
    

    Code (Text):
    PHP Upgrade/Downgrade - Would you like to continue? [y/n] y
    
    ----------------------------------------------------------------
    Install which version of PHP? (version i.e. 5.6.40, 7.0.33, NGDEBUG)
    PHP 7.x/7.1.x/7.2.x/7.3.x is GA Stable but still may have broken PHP extensions.
    NGDEBUG is PHP 7.4.0 dev builds minus incompatible PHP extensions
    ----------------------------------------------------------------
    
    Current PHP Version: 7.3.5
    
    Enter PHP Version number you want to upgrade/downgrade to: 7.3.6
    
    Do you still want to continue? [y/n] y
    
    ----------------------------------------------------------------
    existing php.ini will be backed up at /usr/local/lib/php.ini-oldversion_010519-083742
    Want to update to latest php.conf ? (overwrites will auto backup existing php.conf)
    existing php.conf will be backed up at /usr/local/nginx/conf/php.conf-oldversion_010519-083742
    ----------------------------------------------------------------
    Update & overwrite your existing php.conf [y/n]: n
    ----------------------------------------------------------------
    

    Code (Text):
    -----------------------------------------------------------------------------------------
    Detected PHP 7.3 branch.
    You can compile Zend OPcache (Zend Optimizer Plus+) support
    as an alternative to using APC Cache or Xcache cache.
    But Zend OPcache only provides PHP opcode cache and
    DOESN'T do data caching, so if your web apps such as Wordpress,
    Drupal or vBulletin require data caching to APC or Xcache,
    it won't work with Zend OPcache.
    
    -----------------------------------------------------------------------------------------
    Do you want to use Zend OPcache [y/n] ? y
    
    *************************************************
    * Zend Optimizer Plus OPcache configured
    *************************************************
    
    PHP 7+ detected which uses newer mysqlnd
    or PDO MySQL extensions and removed the
    legacy mysql extension. You can optionally
    re-add the removed legacy mysql extension
    to PHP 7+ by answering yes to next question
    Only answer yes if you know for sure you
    have very old web scripts which need mysql
    legacy extension re-added. Otherwise answer
    no which is recommended for best stability
    
    Re-add legacy mysql extension to PHP 7+ [y/n] ? n
    

    Code (Text):
    php -v
    PHP 7.3.6 (cli) (built: May 28 2019 19:55:08) ( NTS )
    Copyright (c) 1997-2018 The PHP Group
    Zend Engine v3.3.6, Copyright (c) 1998-2018 Zend Technologies
        with Zend OPcache v7.3.6, Copyright (c) 1999-2018, by Zend Technologies
    
     
    • Informative Informative x 1
  2. EckyBrazzz

    EckyBrazzz Active Member

    462
    94
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +175
    Local Time:
    9:24 AM
    1.17.x
    10.3.x
    Houston, we got a problem.....

    PHP 7.3.6

     
    Last edited: May 29, 2019
  3. eva2000

    eva2000 Administrator Staff Member

    40,624
    9,016
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,883
    Local Time:
    10:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    let me guess you tried enabling persistent config option for PHP_CUSTOMSSL='y' ? that is broken and usually disabled PHP_CUSTOMSSL='n' by default
     
    • Winner Winner x 1
    style="display:inline-block;min-width:400px;max-width:970px;width:95%;height:90px" data-ad-client="ca-pub-6669518204467592" data-ad-slot="4024536743" data-ad-format="auto">
  4. EckyBrazzz

    EckyBrazzz Active Member

    462
    94
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +175
    Local Time:
    9:24 AM
    1.17.x
    10.3.x
    Code (Text):
    PHP_CUSTOMSSL='y'               # compile php-fpm against openssl 1.0.2+ or libressl 2.3+ whichever nginx uses


    Smart one! Gonna change it to 'n'
     
  5. Jimmy

    Jimmy Premium Member Premium Member

    1,556
    321
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +800
    Local Time:
    8:24 AM
    1.15.x
    MariaDB 10.3.x
    7.3.6 won't make for me.

    Tried 7.3.5 and that appears to be making fine (still in process but farther than 7.3.6)

    Code:
                   ____   _   _  ____       __  __         _        
                  |  _ \ | | | ||  _ \  _  |  \/  |  __ _ | | __ ___
                  | |_) || |_| || |_) |(_) | |\/| | / _` || |/ // _ \
                  |  __/ |  _  ||  __/  _  | |  | || (_| ||   <|  __/
                  |_|    |_| |_||_|    (_) |_|  |_| \__,_||_|\_\\___|
                                                                   
    PHPMUVER = 7.3
    PHP_PGO = y
    make -j4 prof-gen
    make: *** No rule to make target `prof-gen'.  Stop.
    
    real    0m0.003s
    user    0m0.000s
    sys    0m0.003s
    /svr-setup/php_pgo_training_scripts /svr-setup/php-7.3.6/fpm-build /usr/local/src/centminmod
    Saved working directory and index state WIP on master: 3f4a289 Merge pull request #1 from bogdanandone/master
    HEAD is now at 3f4a289 Merge pull request #1 from bogdanandone/master
    Already up-to-date.
    /svr-setup/php-7.3.6/fpm-build /usr/local/src/centminmod
    inc/php_upgrade.inc: line 641: ./sapi/cli/php: No such file or directory
    time ./sapi/cgi/php-cgi -T2,80 ../Zend/bench.php
    inc/php_upgrade.inc: line 643: ./sapi/cgi/php-cgi: No such file or directory
    
    real    0m0.003s
    user    0m0.001s
    sys    0m0.002s
    time ./sapi/cgi/php-cgi -T2,80 ../Zend/micro_bench.php
    inc/php_upgrade.inc: line 645: ./sapi/cgi/php-cgi: No such file or directory
    
    real    0m0.003s
    user    0m0.001s
    sys    0m0.002s
    ./sapi/cgi/php-cgi -T80 /svr-setup/php_pgo_training_scripts/index.php
    inc/php_upgrade.inc: line 647: ./sapi/cgi/php-cgi: No such file or directory
    
    real    0m0.003s
    user    0m0.000s
    sys    0m0.003s
    ./sapi/cgi/php-cgi -T80 /home/nginx/domains/xxx/public/index.php
    inc/php_upgrade.inc: line 650: ./sapi/cgi/php-cgi: No such file or directory
    
    real    0m0.003s
    user    0m0.001s
    sys    0m0.002s
    make prof-clean
    make: *** No rule to make target `prof-clean'.  Stop.
    
    real    0m0.004s
    user    0m0.001s
    sys    0m0.003s
    make -j4 prof-use
    make: *** No rule to make target `prof-use'.  Stop.
    
    real    0m0.004s
    user    0m0.001s
    sys    0m0.003s
    
    Wed May 29 01:06:28 UTC 2019
    Error: 2, PHP make failed (123.09beta01.b172)
    
                  total        used        free      shared  buff/cache   available
    Mem:          23948       11070       10436         346        2441       12101
    Swap:          1023        1018           5
    
    report errors on the forums at community.centminmod.com/forums/8/
    
                  total        used        free      shared  buff/cache   available
    Mem:          23948       11070       10436         346        2441       12101
    Swap:          1023        1018           5
    
    Filesystem              Type      Size  Used Avail Use% Mounted on
    /dev/mapper/centos-root xfs       120G   35G   86G  29% /
    devtmpfs                devtmpfs   12G     0   12G   0% /dev
    tmpfs                   tmpfs      12G     0   12G   0% /dev/shm
    tmpfs                   tmpfs      12G  361M   12G   4% /run
    tmpfs                   tmpfs      12G     0   12G   0% /sys/fs/cgroup
    tmpfs                   tmpfs      12G  480K   12G   1% /tmp
    /dev/sda1               xfs       485M  309M  176M  64% /boot
    tmpfs                   tmpfs     2.4G     0  2.4G   0% /run/user/0
    
    CPU: Intel(R) Xeon(R) Gold 6140 CPU @ 2.30GHz (4)
    
    version increment history
    123.09beta01.b165 #Fri May 24 00:56:15 UTC 2019
    123.09beta01.b165 #Fri May 24 00:58:41 UTC 2019
    123.09beta01.b172 #Wed May 29 00:51:33 UTC 2019
    123.09beta01.b172 #Wed May 29 00:53:12 UTC 2019
    123.09beta01.b172 #Wed May 29 01:04:49 UTC 2019
    
    last Centmin Mod local git commit entry
    /usr/local/src/centminmod /svr-setup/php-7.3.6/fpm-build /usr/local/src/centminmod
    
    558abae George Liu Wed, 29 May 2019 09:14:40 +1000
    update openresty lua module install routine in 123.09beta01
    
    1    1    centmin.sh
    20    15    inc/nginx_configure.inc
     2 files changed, 21 insertions(+), 16 deletions(-)
    /svr-setup/php-7.3.6/fpm-build /usr/local/src/centminmod
    Total PHP Upgrade Time: 96.725192697 seconds
    
     
    Last edited: May 29, 2019
  6. Jimmy

    Jimmy Premium Member Premium Member

    1,556
    321
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +800
    Local Time:
    8:24 AM
    1.15.x
    MariaDB 10.3.x
    7.2.19 upgraded fine on my machine which is still running 7.2.x.
     
  7. eva2000

    eva2000 Administrator Staff Member

    40,624
    9,016
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,883
    Local Time:
    10:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    sounds like php 7.3.6 download might not be available for you yet on php.net CDN as it isn't officially being released for 2-3 days more. So maybe php.net CDN hasn't fully populated yet

    You can very if you inspect the full php_upgrade log as you only posted a small part of it

    Every centmin.sh menu option has a full server log created with time stamped file name at /root/centminlogs. You can check that specific error log for clues or copy and paste log contents and post to pastebin.com or gist.github.com for sharing.

    To troubleshoot, you need to check the the php upgrade logs at /root/centminlogs and instructions under Sharing logs and errors heading for using Pastebin.com or Gists to share a sanitised version of the contents of the nginx_upgrade and php_upgrade logs. You can see full details at How to troubleshoot Centmin Mod initial install issues

    if you type this command it lists all logs in date ascending order so latest log at bottom
    Code (Text):
    ls -lArt /root/centminlogs

    so copy the entire contents of latest php_upgrade log to gist.github.com or pastebin.com

    you can use grep to filter the logs, i.e. look for nginx_upgrade or php in log name
    Code (Text):
    ls -lahrt /root/centminlogs/ | egrep 'nginx_upgrade|php_upgrade'
    

    Code (Text):
    ls -lahrt /root/centminlogs/ | egrep 'nginx_upgrade|php_upgrade'
    -rw-r--r--  1 root root  2.6M Oct  3 03:48 centminmod_1.2.3-eva2000.09.001_031016-034409_php_upgrade.log
    -rw-r--r--  1 root root  664K Oct 12 09:24 centminmod_1.2.3-eva2000.09.001_121016-092406_nginx_upgrade.log
    

    So the last php upgrade log was named centminmod_1.2.3-eva2000.09.001_031016-034409_php_upgrade.log and located at /root/centminlogs/centminmod_1.2.3-eva2000.09.001_031016-034409_php_upgrade.log
    then use cat command to output the contents of that log.

    clear your ssh window buffer/screen and type
    Code (Text):
    cat /root/centminlogs/centminmod_1.2.3-eva2000.09.001_031016-034409_php_upgrade.log

    then select and copy and paste output to pastebin.com or gist.github.com file to share. If your SSH client's scroll buffer isn't large enough using cat might not output the entire log file contents, so you may need to download the log and use local text editor to open and copy and paste.

    so only need content of a specific log, in this case most recent php_upgrade.log logs
     
  8. Jimmy

    Jimmy Premium Member Premium Member

    1,556
    321
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +800
    Local Time:
    8:24 AM
    1.15.x
    MariaDB 10.3.x
    Here you go: errors

    I re-built 7.3.5 on the same machine as the errors above and had no issue.
     
    Last edited: May 29, 2019
  9. eva2000

    eva2000 Administrator Staff Member

    40,624
    9,016
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,883
    Local Time:
    10:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    error looks same as @EckyBrazzz as i see php configure option = --with-openssl=/opt/openssl

    did you try enabling persistent config option for PHP_CUSTOMSSL='y' ? that is broken and usually disabled PHP_CUSTOMSSL='n' by default

    PHP_CUSTOMSSL='y' wouldn't of worked with PHP 7.3.5 either as it's broken in every PHP versions hence disabled by default
     
    • Like Like x 1
  10. Jimmy

    Jimmy Premium Member Premium Member

    1,556
    321
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +800
    Local Time:
    8:24 AM
    1.15.x
    MariaDB 10.3.x
    Sorry, you're right I have that in my custom_config. I must have copied the wrong custom_config after I had that previous locked up issue happen. Thanks for looking for me.
     
  11. eva2000

    eva2000 Administrator Staff Member

    40,624
    9,016
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,883
    Local Time:
    10:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Might want to remove that variable from all your copies of custom_config :)
     
    • Agree Agree x 2
  12. Dnyan

    Dnyan New Member

    22
    7
    3
    Sep 16, 2017
    Ratings:
    +7
    Local Time:
    5:54 PM
    1.13.5
    Thank You for the updates
     
    • Like Like x 1