Want to subscribe to topics you're interested in?
Become a Member

Security PHP 7.4.2, 7.3.14, 7.2.27 Security Updates + Backported PHP 7.1.33, 7.0.33 & 5.6.40

Discussion in 'Centmin Mod News' started by eva2000, Jan 24, 2020.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    5:23 PM
    Nginx 1.25.x
    MariaDB 10.x
    PHP has released security & bug fix updates for PHP 7.4.2 and PHP 7.3.14 and PHP 7.2.27 (CVE-2020-7059, CVE-2020-7060). For Centmin Mod 123.09beta01, the security fixes have also been backported to PHP 7.1.33, 7.0.33 and 5.6.40 EOL versions as well. They have also changed the php.net download mirroring system they had to using a HTTPS secured CDN system (details here). The change in php.net download system, means that Centmin Mod 123.08stable and 123.09beta01 users need to update their Centmin Mod local server code BEFORE they run centmin.sh menu option 5 to update their PHP versions.

    PHP Releases

    PHP Change logs for

    Updating PHP On Centmin Mod LEMP Stacks

    • If you're on Centmin Mod 123.08stable and want PHP 7.1, 7.2, or 7.3 support, you will need to update your server from Centmin Mod 123.08stable to 123.09beta01 first. This can be done via centmin.sh menu option 23 submenu option 3 to switch Centmin Mod branches as outlined in 1st post under heading of How to switch to 123.09beta01 branch ? at Centmin Mod .09 beta branch Testing as well as official update page.
      Code (Text):
             Centmin Mod Updater Sub-Menu           
      1). Setup Centmin Mod Github Environment
      2). Update Centmin Mod Current Branch
      3). Update Centmin Mod Newer Branch
      4). Exit
      Enter option [ 1 - 4 ] 3
    • For Centmin Mod 123.09beta01 and newer, first update to latest version code via SSH command = cmupdate (same equivalent to centmin.sh menu option 23 submenu option 2 method). Then run centmin.sh menu option 5 to update to either PHP versions 7.4.2, 7.3.14, 7.2.27. Example output from cmupdate SSH command run:
      Code (Text):
      No local changes to save
      Updating f9dab55..a4e96a4
       centmin.sh                      |   2 +-
       inc/php_patch.inc               |  29 ++++++++++-
       patches/php/php5640-79037.patch |  93 +++++++++++++++++++++++++++++++++
       patches/php/php5640-79099.patch | 113 ++++++++++++++++++++++++++++++++++++++++
       patches/php/php7033-79037.patch |  93 +++++++++++++++++++++++++++++++++
       patches/php/php7033-79099.patch | 113 ++++++++++++++++++++++++++++++++++++++++
       patches/php/php7133-79037.patch |  96 ++++++++++++++++++++++++++++++++++
       patches/php/php7133-79091.patch |  99 +++++++++++++++++++++++++++++++++++
       patches/php/php7133-79099.patch | 113 ++++++++++++++++++++++++++++++++++++++++
       9 files changed, 748 insertions(+), 3 deletions(-)
       create mode 100644 patches/php/php5640-79037.patch
       create mode 100644 patches/php/php5640-79099.patch
       create mode 100644 patches/php/php7033-79037.patch
       create mode 100644 patches/php/php7033-79099.patch
       create mode 100644 patches/php/php7133-79037.patch
       create mode 100644 patches/php/php7133-79091.patch
       create mode 100644 patches/php/php7133-79099.patch
    • If you are on Centmin Mod 123.08stable and concerned about losing customisations when you upgrade to Centmin Mod 123.09beta01, read this guide on how to upgrade and keep most of your customisations at How to upgrade Centmin Mod + backing up customisations.

    Centmin Mod 123.09beta01 PHP Update Example

    Code (Text):
         Centmin Mod Menu 123.09beta01 centminmod.com
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    Enter option [ 1 - 24 ] 5

    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the
    YUM install check to speed up upgrade time.
     [y/n]: n

    Code (Text):
    PHP Upgrade/Downgrade - Would you like to continue? [y/n] y
    Install which version of PHP? (version i.e. 5.6.40, 7.0.33, NGDEBUG)
    PHP 7.x/7.1.x/7.2.x/7.3.x is GA Stable but still may have broken PHP extensions.
    NGDEBUG is PHP 7.4.0 dev builds minus incompatible PHP extensions
    Current PHP Version: 7.3.13
    Enter PHP Version number you want to upgrade/downgrade to: 7.3.14
    Do you still want to continue? [y/n] y
    existing php.ini will be backed up at /usr/local/lib/php.ini-oldversion_010519-083742
    Want to update to latest php.conf ? (overwrites will auto backup existing php.conf)
    existing php.conf will be backed up at /usr/local/nginx/conf/php.conf-oldversion_010519-083742
    Update & overwrite your existing php.conf [y/n]: n

    Code (Text):
    Detected PHP 7.3 branch.
    You can compile Zend OPcache (Zend Optimizer Plus+) support
    as an alternative to using APC Cache or Xcache cache.
    But Zend OPcache only provides PHP opcode cache and
    DOESN'T do data caching, so if your web apps such as Wordpress,
    Drupal or vBulletin require data caching to APC or Xcache,
    it won't work with Zend OPcache.
    Do you want to use Zend OPcache [y/n] ? y
    * Zend Optimizer Plus OPcache configured
    PHP 7+ detected which uses newer mysqlnd
    or PDO MySQL extensions and removed the
    legacy mysql extension. You can optionally
    re-add the removed legacy mysql extension
    to PHP 7+ by answering yes to next question
    Only answer yes if you know for sure you
    have very old web scripts which need mysql
    legacy extension re-added. Otherwise answer
    no which is recommended for best stability
    Re-add legacy mysql extension to PHP 7+ [y/n] ? n

    Code (Text):
    php -v
    PHP 7.3.14 (cli) (built: Jan 24 2020 00:59:03) ( NTS )
    Copyright (c) 1997-2018 The PHP Group
    Zend Engine v3.3.14, Copyright (c) 1998-2018 Zend Technologies
        with Zend OPcache v7.3.14, Copyright (c) 1999-2018, by Zend Technologies

    with Argon2 hash algorithm support and libsodium PHP extension
    Code (Text):
    php -r 'print_r(get_defined_constants());' | grep -i argon
        [PASSWORD_ARGON2I] => 2
        [PASSWORD_ARGON2ID] => 3
        [SODIUM_CRYPTO_PWHASH_STRPREFIX] => $argon2id$

    Code (Text):
    php --ri sodium
    sodium support => enabled
    libsodium headers version => 1.0.18
    libsodium library version => 1.0.18

  2. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    5:23 PM
    Nginx 1.25.x
    MariaDB 10.x

    PHP 7.4.2 Cookie Bug Patch Fix

    PHP 7.4.2 introduced a cookie bug which prevented Wordpress users from logging into their accounts. The PHP bug id reported PHP :: Bug #79174 :: setcookie() encodes space as `+`, but $_COOKIE no longer decodes them. Other web apps using cookies may have been affected too. Centmin Mod 123.09beta01 has backported a PHP 7.4.3 slated bug fix for this which is applied on centmin.sh menu option 5's PHP recompile/update routines when you specify PHP 7.4.2 version for update/recompile https://community.centminmod.com/threads/patch-fix-php-7-4-2-cookie-bug-in-123-09beta01.19085/.

    output of running cmupdate command to update 123.09beta01 with updated PHP 7.4.2 patch code
    Code (Text):
    Saved working directory and index state WIP on 123.09beta01: 1a997c4 update PHP downgrade routine for 5.6 in 123.09beta01
    HEAD is now at 1a997c4 update PHP downgrade routine for 5.6 in 123.09beta01
    Updating 1a997c4..cb6e345
     centmin.sh                     |  2 +-
     inc/php_patch.inc              | 23 +++++++++++++++++++++++
     patches/php/php742-79174.patch | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
     3 files changed, 76 insertions(+), 1 deletion(-)
     create mode 100644 patches/php/php742-79174.patch

    after running centmin.sh menu option 5 update/recompile of PHP 7.4.2 inspecting php patch log
    Code (Text):
    ls -lahrt /root/centminlogs/ | grep patch_php | tail -1
    -rw-rw-r--   1 root root  302 Jan 29 04:34 patch_php_290120-043335.log

    Code (Text):
    cat /root/centminlogs/patch_php_290120-043335.log
    patching PHP 7.4.2 for bug #79174
    dos2unix: converting file php742-79174.patch to Unix format ...
    patching file NEWS
    Hunk #1 succeeded at 59 with fuzz 2 (offset 50 lines).
    patching file ext/standard/head.c
    patching file ext/standard/tests/network/setcookie.phpt
Thread Status:
Not open for further replies.