[BlueOnyx:10423] 5106R/5107R/5108R YUM updates (SSL and 'open_basedir' related)

Michael Stauber mstauber at blueonyx.it
Wed May 2 12:07:11 -05 2012 

Hi all,

Updates for BlueOnyx have been released which fix SSL certificate and 
open_basedir issues.

The HTML page of the news is avaialble through this short URL: 
http://tinyurl.com/7fve24t


base-apache (5107R + 5108R):
==========================

This update fixes the problem that could happen if you have multiple sites 
with SSL enabled. In such cases it could happen that one or more sites were 
not comming up via HTTPS and would instead do an endless redirect loop. The 
cause of it (and the fix) are explained in a devel blog entry 
(http://tinyurl.com/88pm5r7) in more detail.


base-ssl (5106R, 5107R + 5108R):
============================

The GUI pages for uploading intermediate SSL certificates (named "Manage 
Certificate Authorities" in the GUI) would refuse to accept uploaded GoDaddy 
intermediate certificates or intermediate certificates from some other 
vendors. This has been fixed, too.


base-vsite (5106R, 5107R + 5108R):
=============================

This update introduces a somewhat improved and smarter management for PHP's 
'open_basedir' directive. The GUI input boxes for 'open_basedir' have been 
turned into textareas. That makes it easier to see what's entered without much 
horizontal scrolling.

Under 'Server Management' / 'Security' / 'PHP' you can - as before - define 
the server wide PHP settings. However: Changing the information here will now 
also force an update of all PHP settings of all Vsites. If you now change the 
'open_basedir' to add something, then it will be automatically added to the 
PHP settings of all Vsites as well. Note: Only changes to "open_basedir" are 
immediately pushed out to all Vsites, but none of the other settings.

When you look at the GUI pages for the PHP settings of a Vsite, then you see 
that there are now two presentations for 'open_basedir':

One read only text area which shows you the server wide 'open_basedir' 
settings as defined under 'Server Management' / 'Security' / 'PHP' for the 
whole box. Another text area below that allows to specify extra 'open_basedir' 
paths that aren't already covered by the server wide settings of this 
parameter and which apply only for this Vsite.

Duplicates are removed, so if you enter a path that's already covered by the 
server wide 'open_basedir' settings, then it will be stripped. If you enter 
nonsense that doesn't start or end with a slash it'll be stripped as well. A 
single slash (to allow access to everything) is permitted, but of course not 
recommended. These changes are compatible with existing sites, new sites and 
also apply when sites are imported with CMU.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list