Update hestia-nginx + hestia-php + changes to PCRE + openbase dir (#2324)

* Use of PCRE2 instead PCRE

Nginx 1.21.5 uses by default PCRE2 instead of 1. Probally time to upgrade
2. Update Nginx version to 1.21.5

* Limit access hestia-php

- Limit access hestia-php to /usr/local/hestia and tmp via openbase dir
- Update version to last version

* Include /dev/urandom/

* /dev/urandom/ didn't wor

src/deb/nginx/control

@@ -1,7 +1,7 @@
 Source: hestia-nginx
 Package: hestia-nginx
 Priority: optional
-Version: 1.21.4
+Version: 1.21.5
 Section: admin
 Maintainer: HestiaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com

src/deb/php/control

@@ -1,7 +1,7 @@
 Source: hestia-php
 Package: hestia-php
 Priority: optional
-Version: 7.4.26
+Version: 7.4.27
 Section: admin
 Maintainer: HestaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com

src/deb/php/php-fpm.conf

@@ -41,3 +41,4 @@ php_admin_value[upload_max_filesize] = 256M
 php_admin_value[max_execution_time] = 300
 php_admin_value[max_input_time] = 300
 php_admin_value[session.save_path] = /usr/local/hestia/data/sessions
+php_admin_value[open_basedir] = /usr/local/hestia/:/tmp/:/dev/

src/hst_autocompile.sh

@@ -216,7 +216,7 @@ echo "Build version $BUILD_VER, with Nginx version $NGINX_V and PHP version $PHP
 
 HESTIA_V="${BUILD_VER}_${BUILD_ARCH}"
 OPENSSL_V='1.1.1l'
-PCRE_V='8.45'
+PCRE_V='10.39'
 ZLIB_V='1.2.11'
 
 # Create build directories
@@ -290,7 +290,7 @@ fi
 HESTIA_ARCHIVE_LINK='https://github.com/hestiacp/hestiacp/archive/'$branch'.tar.gz'
 NGINX='https://nginx.org/download/nginx-'$(echo $NGINX_V |cut -d"~" -f1)'.tar.gz'
 OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz'
-PCRE='https://sourceforge.net/projects/pcre/files/pcre/'$PCRE_V'/pcre-'$PCRE_V'.tar.gz/download'
+PCRE='https://github.com/PhilipHazel/pcre2/releases/download/pcre2-'$PCRE_V'/pcre2-'$PCRE_V'.tar.gz'
 ZLIB='https://www.zlib.net/zlib-'$ZLIB_V'.tar.gz'
 PHP='http://de2.php.net/distributions/php-'$(echo $PHP_V |cut -d"~" -f1)'.tar.gz'
 
@@ -342,7 +342,7 @@ if [ "$NGINX_B" = true ] ; then
                       --with-openssl-opt=no-nextprotoneg \
                       --with-openssl-opt=no-weak-ssl-ciphers \
                       --with-openssl-opt=no-ssl3 \
-                      --with-pcre=../pcre-$PCRE_V \
+                      --with-pcre=../pcre2-$PCRE_V \
                       --with-pcre-jit \
                       --with-zlib=../zlib-$ZLIB_V
     fi