[BlueOnyx:23400] BlueOnyx 5210R: Updates, new ISO image and PHP PKGs

Fri Oct 25 17:16:05 -05 2019

Hi all,

With BlueOnyx 5210R being out for a bit now I'd like to summarize the
fixes that were published since release:

base-shell:
============

A critical flaw was found in the JailKit integration of 5210R and this
has been fixed today via YUM update. Many thanks to Dirk Estenfeld for
reporting this. A siteAdmin with chrooted SFTP and FTP access
incorrectly would get the wrong shell assigned, leading to his ability
to see folders outside of his jail.

base-vsite:
===========

If a Vsite was created with PHP disabled, then it was impossible to
enable PHP via "Site Management" / "Services" / "PHP". This has been
fixed as well.

Additionally error handling on Vsite create failures has been overhauled
a little and two PHP-7.2 related errors in the GUI have been fixed.

base-ssl:
=========

If someone set the value for "Renew after" to 90 days, then the
certificate could expire before the cronjob had a chance to do the
renewal. Additionally setting the value to 90 caused issues with the
renewal process as well, so in fact the certificate had a good chance to
never renew in that case. The new span of allowed values for "Renew
after" used to be 30-90 days and has now been changed to 30-85 days to
prevent this.

That change has been published for *all* BlueOnyx versions as well as
Aventurin{e} 6108R and 6109R.

base-nginx:
===========

Missing error page "502-bad-gateway.html" has been added.

base-apache:
=============

Ownership of the directory "wwwroot" is now changed from root:root to
either nobody:<GID-of-Vsite> or to <siteAdmin>:<GID-of-Vsite> in order
for suPHP to work correctly.

Additionally the CentOS 8 AppStream does some funky stuff
with/etc/httpd/conf.d/php.conf, which entirely conflicts with our PHP
integration. These changes also randomly come back, so
/etc/httpd/conf.perl/00-default-vsite.pl has been modified that it (on
Apache startup) detects if our changes have been rolled back or not. If
they have been rolled back by the AppStream, then php.conf is
automatically fixed and Apache is restarted. Self-fixing and
self-restarting Apache - yay! :p

New ISO image:
==============

As these amounts to quite some updates since the last ISO release I
rolled up a new 5210R ISO image that contains all fixes as of now.

5210R PHP PKGs (in the BlueOnyx Shop)
=======================================

PHP Packages for the following PHP versions are now available in the
BlueOnyx shop:

- 5210R-PHP73-7.3.11-1.pkg
- 5210R-PHP72-7.2.24-1.pkg
- 5210R-PHP71-7.1.33-1.pkg
- 5210R-PHP70-7.0.33-1.pkg (EOL)
- 5210R-PHP56-5.6.40-1.pkg (EOL)

PHP packages for older PHP versions such as PHP-5.5, PHP-5.4 and
(possibly) PHP-5.3 will also be provided shortly.

Please note that anything older than PHP-7.1.33 is already EOL.

While it's potentially dangerous to use EOL'ed versions of PHP we all
know how it goes: There always is that silly old site (or two, or three)
that still use something that doesn't run on modern PHP. So it makes
some limited sense to still provide PKGs of the latest release of an
already EOL'd PHP release. While my PHP builds for 5210R *do* contain
some unofficial and after the fact patches for the most egregious flaws
in these EOL'ed PHP versions they are provided *with* this warning, as
is and without any guarantee that they are still safe for usage. Please
use them at your own risk.

-- 
With best regards

Michael Stauber