[horde] Horde update, not getting errors in log

Hannes Werner jgoethe at gmail.com
Wed Nov 21 07:43:35 UTC 2012


I'm facing the same error logs and obviously others aswell. It may have
been fixed two years ago, but still some are getting this error. So a
simple solution  would be nice.


On Wed, Nov 21, 2012 at 12:28 AM, Michael M Slusarz <slusarz at horde.org>wrote:

> Quoting "John H. Bennett III" <bennettj at thebennetthome.com>:
>
>  Quoting Michael M Slusarz <slusarz at horde.org>:
>>
>>  Quoting "John H. Bennett III" <bennettj at thebennetthome.com>:
>>>
>>>  Hello all,
>>>>
>>>> Today I did a pear update, via pear upgrade -B -c horde, and now I see
>>>> these errors when logging into the system.
>>>>
>>>> Nov 20 12:13:08 www HORDE: [imp] PHP ERROR: openssl_encrypt() [<a
>>>> href='function.openssl-**encrypt'>function.openssl-**encrypt</a>]:
>>>> Using an empty Initialization Vector (iv) is potentially insecure and not
>>>> recommended [pid 2919 on line 37 of "/usr/share/pear/Horde/Crypt/**
>>>> Blowfish/Openssl.php"]
>>>>
>>>
>>> This was fixed over 2 years ago in PHP:
>>>
>>> http://svn.php.net/viewvc?**view=revision&revision=304179<http://svn.php.net/viewvc?view=revision&revision=304179>
>>>
>>
>> Thanks Michael for responding.
>>
>> All I can report is these log messages didn't appear in my log yesterday
>> or today, until after I updated my horde install today.  I don't know what
>> changed that all of a sudden made these appear.  From your link, I believe
>> this is just log noise and I can ignore.  If not, I don't know how to fix
>> it myself anyway, so I'll continue testing and see if they cause any real
>> issues.
>>
>
> This is because we switched from using PEAR's Crypt_Blowfish library to
> our custom Horde_Crypt_Blowfish library as of our package releases on
> monday.  openssl_encrypt() is significantly faster than the PHP-based
> version contained in Crypt_Blowfish, and since openssl is highly
> recommended (and even required) for several Horde features, most people
> will take advantage of this speed increase.
>
> (It is true that both Crypt_Blowfish and Horde_Crypt_Blowfish will also
> try to use mcrypt functions, if available, but we don't personally require
> mcrypt anymore and this optional extension is not commonly included in a
> base PHP distribution install).
>
> The error message is harmless because initialization vectors (IV's) are
> not used in the cipher mode used in Horde (ECB).
>
>
> michael
>
> ______________________________**_____
> Michael Slusarz [slusarz at horde.org]
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.**org<horde-unsubscribe at lists.horde.org>
>


More information about the horde mailing list