5106R/5107R/5108R YUM updates

Posted by: mstauber Category: General

Updates for BlueOnyx have been released which fix SSL certificate and open_basedir issues.

The following updates have been released:

base-apache (5107R + 5108R):

This update fixes the problem that could happen if you have multiple sites with SSL enabled. In such cases it could happen that one or more sites were not comming up via HTTPS and would instead do an endless redirect loop. The cause of it (and the fix) are explained in a devel blog entry in more detail.

base-ssl (5106R, 5107R + 5108R):

The GUI pages for uploading intermediate SSL certificates (named "Manage Certificate Authorities" in the GUI) would refuse to accept uploaded GoDaddy intermediate certificates or intermediate certificates from some other vendors. This has been fixed, too.

base-vsite (5106R, 5107R + 5108R):

This update introduces a somewhat improved and smarter management for PHP's 'open_basedir' directive. The GUI input boxes for 'open_basedir' have been turned into textareas. That makes it easier to see what's entered without much horizontal scrolling.

Under 'Server Management' / 'Security' / 'PHP' you can - as before - define the server wide PHP settings. However: Changing the information here will now also force an update of all PHP settings of all Vsites. If you now change the 'open_basedir' to add something, then it will be automatically added to the PHP settings of all Vsites as well. Note: Only changes to "open_basedir" are immediately pushed out to all Vsites, but none of the other settings.

When you look at the GUI pages for the PHP settings of a Vsite, then you see that there are now two presentations for 'open_basedir':

One read only text area which shows you the server wide 'open_basedir' settings as defined under 'Server Management' / 'Security' / 'PHP' for the whole box. Another text area below that allows to specify extra 'open_basedir' paths that aren't already covered by the server wide settings of this parameter and which apply only for this Vsite.

Duplicates are removed, so if you enter a path that's already covered by the server wide 'open_basedir' settings, then it will be stripped. If you enter nonsense that doesn't start or end with a slash it'll be stripped as well. A single slash (to allow access to everything) is permitted, but of course not recommended. These changes are compatible with existing sites, new sites and also apply when sites are imported with CMU.

May 2, 2012 Category: General Posted by: mstauber
Previous page: Development Next page: Mailing List