update nginx, openssl & imagick PHP routines in 123.08stable

- switch to LIBRESSL_SWITCH='n' default to move nginx back to openssl 1.0.2u builds due to libressl errors with nginx 1.17.10. So if you have persistent config file /etc/centminmod/custom_config.inc set to LIBRESSL_SWITCH='y', remove that line or set to  LIBRESSL_SWITCH='n'
- update to nginx 1.17.10 & pcre 8.44
- update /usr/local/nginx/conf/nginx.conf template for 123.08stable due to 'nginx: [warn] could not build optimal variables_hash' error with nginx 1.17.10. Existing users can update via centmin.sh menu option 23, submenu option 2, then exit centmin.sh menu and then re-run centmin.sh once for fix to apply
- update download link for openssl 1.0.2 branch
- update imagick PHP routines and imagemagick remi routine backported from 123.09beta01
- Existing users can update all above via centmin.sh menu option 23, submenu option 2 for 123.08stable before running centmin.sh menu option 4 and 15

centmin.sh

@@ -308,7 +308,7 @@ NGINX_LIBATOMIC=y            # Nginx configured with libatomic support
 NGINX_HTTPREDIS=y            # Nginx redis http://wiki.nginx.org/HttpRedisModule
 NGINX_HTTPREDISVER='0.3.7'   # Nginx redis version
 NGINX_PCREJIT=y              # Nginx configured with pcre & pcre-jit support
-NGINX_PCREVER='8.42'         # Version of PCRE used for pcre-jit support in Nginx
+NGINX_PCREVER='8.44'         # Version of PCRE used for pcre-jit support in Nginx
 NGINX_HEADERSMORE='0.33'
 NGINX_CACHEPURGEVER='2.3'
 NGINX_STICKY='n'             # nginx sticky module https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng
@@ -386,7 +386,7 @@ MYSQL_INSTALL=n              # Install official Oracle MySQL Server (MariaDB alt
 SENDMAIL_INSTALL=n           # Install Sendmail (and mailx) set to y and POSTFIX_INSTALL=n for sendmail
 POSTFIX_INSTALL=y            # Install Postfix (and mailx) set to n and SENDMAIL_INSTALL=y for sendmail
 # Nginx
-NGINX_VERSION='1.17.6'        # Use this version of Nginx
+NGINX_VERSION='1.17.10'        # Use this version of Nginx
 NGINX_VHOSTSSL='y'           # enable centmin.sh menu 2 prompt to create self signed SSL vhost 2nd vhost conf
 NGINXBACKUP='y'
 NGINXDIR='/usr/local/nginx'
@@ -397,11 +397,11 @@ NGINXBACKUPDIR='/usr/local/nginxbackup'
 ## Nginx SSL options
 # OpenSSL
 NOSOURCEOPENSSL='y'        # set to 'y' to disable OpenSSL source compile for system default YUM package setup
-OPENSSL_VERSION='1.0.2t'   # Use this version of OpenSSL http://openssl.org/
+OPENSSL_VERSION='1.0.2u'   # Use this version of OpenSSL http://openssl.org/
 CLOUDFLARE_PATCHSSL='n'    # set 'y' to implement Cloudflare's kill RC4 patch https://github.com/cloudflare/sslconfig
 
 # LibreSSL
-LIBRESSL_SWITCH='y'        # if set to 'y' it overrides OpenSSL as the default static compiled option for Nginx server
+LIBRESSL_SWITCH='n'        # if set to 'y' it overrides OpenSSL as the default static compiled option for Nginx server
 LIBRESSL_VERSION='3.0.2'   # Use this version of LibreSSL http://www.libressl.org/
 ##################################
 
@@ -413,7 +413,7 @@ GPERFTOOLS_VERSION='1.8.3'     # Use this version of google-perftools
 
 # Choose whether to compile PCRE from source. Note PHP 5.3.8 already includes PCRE v8.12
 PCRE_SOURCEINSTALL=n     
-PCRE_VERSION='8.42'          # PCRE version
+PCRE_VERSION='8.44'          # PCRE version
 
 # PHP and Cache/Acceleration
 IMAGICKPHP_VER='3.4.3'   # PHP extension for imagick

config/nginx/nginx.conf

@@ -18,6 +18,12 @@ events {
 }
 
 http {
+ map_hash_bucket_size 128;
+ map_hash_max_size 4096;
+ server_names_hash_bucket_size 128;
+ server_names_hash_max_size 2048;
+ variables_hash_max_size 2048;
+
 limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
 #limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;
 
@@ -84,7 +90,6 @@ error_log   logs/error.log warn;
  reset_timedout_connection on;
  send_timeout     15s;
  types_hash_max_size 2048;
- server_names_hash_bucket_size 64;
 
 # for nginx proxy backends to prevent redirects to backend port 
 # port_in_redirect off;

inc/cpcheck.inc

@@ -1,3 +1,9 @@
+fix_variables_hash_max_size() {
+  if [[ -f /usr/local/nginx/conf/nginx.conf && "$(grep 'variables_hash_max_size 64' /usr/local/nginx/conf/nginx.conf)" ]]; then
+    sed -i 's|variables_hash_max_size 64;|variables_hash_max_size 2048;|' /usr/local/nginx/conf/nginx.conf
+  fi
+}
+
 c7mariadb_tmpdir() {
   # fix for mariadb 10.1.16 introduced ProtecHome=true setting
   # https://jira.mariadb.org/browse/MDEV-10399
@@ -734,6 +740,7 @@ if [[ "$INITIALINSTALL" != [yY] ]]; then
   libc_fix
   varnishfour_setup
   c7mariadb_tmpdir
+  fix_variables_hash_max_size
 fi
 
 }

inc/downloadlinks.inc

@@ -346,7 +346,7 @@ NGX_LINK="http://nginx.org/download/${NGX_LINKFILE}"
 NGX_VTSLINK='https://github.com/vozlt/nginx-module-vts.git'
 
 OPENSSL_LINKFILE="openssl-${OPENSSL_VERSION}.tar.gz"
-OPENSSL_LINK="http://www.openssl.org/source/${OPENSSL_LINKFILE}"
+OPENSSL_LINK="https://www.openssl.org/source/old/1.0.2/${OPENSSL_LINKFILE}"
 # OPENSSL_LINK="http://centminmod.com/centminmodparts/openssl/${OPENSSL_LINKFILE}"
 
 LIBRESSL_LINKFILE="libressl-${LIBRESSL_VERSION}.tar.gz"

inc/imagick_install.inc

@@ -40,15 +40,15 @@ checkimagicksys() {
     cecho "Check for ImageMagicK System Updates (YUM)" $boldyellow
     if [[ "$REMIREPO_DISABLE" = [nN] ]]; then
         if [ -f /etc/yum.repos.d/remi.repo ]; then
-            if [[ $(rpm -q ImageMagick6 >/dev/null 2>&1; echo $?) = '0' ]] && [[ $(rpm -q ImageMagick >/dev/null 2>&1; echo $?) != '0' ]]; then
+            if [[ "$(rpm -qi ImageMagick | grep 'Release' | grep -o remi >/dev/null 2>&1; echo $?)" = '0' || "$(rpm -qi ImageMagick6 | grep 'Release' | grep -o remi >/dev/null 2>&1; echo $?)" = '0' ]]; then
                 # skip for initial installs to speed up install
                 if [[ "$INITIALINSTALL" != [yY] ]]; then
                     yum clean all >/dev/null 2>&1
                     if [[ "$CENTOS_SEVEN" = '7' && "$(rpm -qa libwebp-devel)" ]]; then
                         yum -y swap libwebp-devel libwebp7-devel --enablerepo=remi
-                        time yum -y install ImageMagick6-devel ImageMagick6-c++-devel --enablerepo=remi${DISABLEREPO_DNF} --disableplugin=priorities${VERSIONLOCK_REPO}
+                        time yum -y install ImageMagick-devel ImageMagick-c++-devel --enablerepo=remi${DISABLEREPO_DNF} --disableplugin=priorities${VERSIONLOCK_REPO}
                     fi
-                    yum -y update ImageMagick6 ImageMagick6-devel ImageMagick6-c++ ImageMagick6-c++-devel --enablerepo=remi --disableplugin=priorities
+                    yum -y update ImageMagick ImageMagick-devel ImageMagick-c++ ImageMagick-c++-devel --enablerepo=remi --disableplugin=priorities
                 fi
             else
                 if [[ "$CENTOS_SIX" = '6' ]]; then
@@ -60,7 +60,7 @@ checkimagicksys() {
                     if [[ "$(rpm -qa libwebp-devel)" ]]; then
                         yum -y swap libwebp-devel libwebp7-devel --enablerepo=remi
                     fi
-                    yum -y install ImageMagick6 ImageMagick6-devel ImageMagick6-c++ ImageMagick6-c++-devel --enablerepo=remi --disableplugin=priorities
+                    yum -y install ImageMagick ImageMagick-devel ImageMagick-c++ ImageMagick-c++-devel --enablerepo=remi --disableplugin=priorities
                 fi
             fi
         elif [ ! -f /etc/yum.repos.d/remi.repo ]; then
@@ -92,7 +92,7 @@ checkimagicksys() {
                     if [[ "$(rpm -qa libwebp-devel)" ]]; then
                         yum -y swap libwebp-devel libwebp7-devel --enablerepo=remi
                     fi
-                    yum -y install ImageMagick6 ImageMagick6-devel ImageMagick6-c++ ImageMagick6-c++-devel --enablerepo=remi --disableplugin=priorities
+                    yum -y install ImageMagick ImageMagick-devel ImageMagick-c++ ImageMagick-c++-devel --enablerepo=remi --disableplugin=priorities
                 fi
                 echo
             else
@@ -113,7 +113,7 @@ checkimagicksys() {
                     if [[ "$(rpm -qa libwebp-devel)" ]]; then
                         yum -y swap libwebp-devel libwebp7-devel --enablerepo=remi
                     fi
-                    yum -y install ImageMagick6 ImageMagick6-devel ImageMagick6-c++ ImageMagick6-c++-devel --enablerepo=remi --disableplugin=priorities
+                    yum -y install ImageMagick ImageMagick-devel ImageMagick-c++ ImageMagick-c++-devel --enablerepo=remi --disableplugin=priorities
                 fi
             fi
         fi
@@ -159,10 +159,10 @@ if [[ "$PHPMUVER" = '7.0' || "$PHPMUVER" = 'NGDEBUG' || "$PHPSEVEN_CHECKVER" = '
         git log -3
     elif [[ -d "imagick-php7" && ! -d "imagick-php7/.git" ]]; then
         rm -rf imagick-php7
-        git clone -b phpseven https://github.com/mkoppanen/imagick.git imagick-php7
+        git clone https://github.com/mkoppanen/imagick.git imagick-php7
     else
         rm -rf imagick-php7
-        git clone -b phpseven https://github.com/mkoppanen/imagick.git imagick-php7
+        git clone https://github.com/mkoppanen/imagick.git imagick-php7
     fi
     echo
     echo "compiling imagick PHP extension for PHP 7.x ..."
@@ -180,7 +180,7 @@ else
         make clean
     fi
     /usr/local/bin/phpize
-    ./configure --with-php-config=/usr/local/bin/php-config
+    ./configure --with-php-config=/usr/local/bin/php-config --with-imagick=/usr
     make${MAKETHREADS}
     make install
 fi # php 7 or not

inc/nginx_upgrade.inc

@@ -263,7 +263,7 @@ if [[ "$UALL" = 'y' ]]; then
     recompileopenssl='n'
 else
     echo ""
-    read -ep "Install which version of Nginx? (version i.e. $NGINX_VERSION}): " ngver
+    read -ep "Install which version of Nginx? (version i.e. $NGINX_VERSION): " ngver
 
     # auto check if static compiled Nginx openssl version matches
     # the one defined in centmin.sh OPENSSL_VERSION variable
@@ -382,6 +382,7 @@ then
     cd pcre-${PCRE_VERSION}
     if [[ "$INITIALINSTALL" != [yY] ]]; then
         make clean
+        autoreconf -f -i
     fi
     ./configure
     make${MAKETHREADS}
@@ -439,6 +440,13 @@ fi
 
 funct_nginxconfigure
 
+if [[ "$LIBRESSL_SWITCH" = [yY] ]]; then
+    # workaround for pcre error
+    pushd "${DIR_TMP}/pcre-${PCRE_VERSION}"
+    autoreconf -f -i
+    popd
+fi
+
 ################
 # error check
 

inc/openssl_install.inc

@@ -68,9 +68,11 @@ installopenssl() {
         if [[ "$CENTOS_SIX" -eq '6' ]]; then
             if [ ! -f /usr/bin/automake-1.5 ]; then
                 yum -y install automake15
+                autoreconf -f -i
             fi
             if [ ! -f /usr/bin/automake-1.6 ]; then
                 yum -y install automake16
+                autoreconf -f -i
             fi
         fi
         if [[ "$INITIALINSTALL" != [yY] ]]; then

versions.txt

@@ -1,9 +1,9 @@
 NSD_VERSION='3.2.18'
-NGINX_VERSION='1.9.3'
+NGINX_VERSION='1.17.10'
 NGXPGSPEED_VER='1.9.32.4-beta'
 NGINX_PAGESPEEDPSOL_VER='1.9.32.4'
 NGINX_EXTWEBDAVVER='0.0.3'
-NGINX_PCREVER='8.37'
+NGINX_PCREVER='8.42'
 NGINX_HEADERSMORE='0.261'
 NGINX_CACHEPURGEVER='2.3'
 NGINX_STICKYVER='1.2.5'
@@ -33,7 +33,7 @@ ORESTY_LUALOGGERSOCKETVER='0.1'
 ORESTY_LUACOOKIEVER='master'
 ORESTY_LUAUPSTREAMCACHEVER='0.1.1'
 LUACJSONVER='2.1.0.2'
-OPENSSL_VERSION='1.0.2d'
+OPENSSL_VERSION='1.0.2u'
 LIBRESSL_VERSION='2.1.6'
 IMAGICKPHP_VER='3.3.0RC2'
 LIBEVENT_VERSION='2.0.22'
@@ -46,7 +46,7 @@ REDISPHP_VER='2.2.7'
 MONGODBPHP_VER='1.6.9'
 FFMPEGVER='0.6.0'
 SUHOSINVER='0.9.37.1'
-PHP_VERSION='5.4.43'
+PHP_VERSION='5.5.58'
 XCACHE_VERSION='3.2.0'
 APCCACHE_VERSION='3.1.13'
 IGBINARY_VERSION='1.2.1'