[horde] [SECURITY] Horde Groupware 5.2.19 (final)

Jan Schneider jan at horde.org
Thu Apr 6 19:54:23 UTC 2017 

Zitat von Maurício José T. Tecles <mtecles at biof.ufrj.br>:

> I have two servers wiht Horde Groupware Webmail Edition, one is the  
> production server and the other the backup/test server. Yesterday I  
> upgraded both to 5.2.19 and notice that they have differences in  
> Pear and Pecl packages, Horde packages have the same versions in  
> both servers.
>
> PHP version is 5.6.30-0+deb8u1.
>
> Packages marked "<---" have different versions.
> The production server have some packages that are not installed in  
> the backup/test server (maybe for another reason than Horde, or not).
>
> Listing only the differences:
>
> INSTALLED PACKAGES, CHANNEL PEAR.PHP.NET:
> =========================================
> ======= Production server =============
> DB                      1.8.2   stable <---
> Date_Holidays_Brazil    0.1.2   alpha
> HTML_Common2            2.1.1   stable
> HTML_QuickForm2         2.0.2   stable
> HTML_QuickForm2_Captcha 0.1.2   alpha
> HTTP_Request2           2.2.1   stable
> Mail                    1.2.0   stable <---
> Math_BigInteger         1.0.2   stable <---
> Net_SMTP                1.7.1   stable <---
> Net_URL2                2.2.0   stable
> PEAR                    1.10.3  stable <---
> Services_ReCaptcha      1.0.3   stable
> Structures_Graph        1.1.1   stable <---
> Text_Password           1.1.1   stable <---
> XML_Util                1.4.2   stable <---
> ======= backup/test server ==========
> DB                  1.9.2   stable <---
> Mail                1.3.0   stable <---
> Math_BigInteger     1.0.3   stable <---
> Net_SMTP            1.7.3   stable <---
> PEAR                1.9.5   stable <---
> Structures_Graph    1.0.4   stable <---
> Text_Password       1.2.1   stable <---
> XML_Util            1.2.3   stable <---
>
>
> INSTALLED PACKAGES, CHANNEL PECL.PHP.NET:
> =========================================
> ======= Production server =============
> mongodb   1.1.8   stable <---
> msgpack   0.5.7   beta
> pecl_http 2.5.5   stable
> propro    1.0.2   stable
> raphf     1.1.2   stable
> ssh2      0.12    beta   <---
> xdiff     1.4.1   stable
> ======= backup/test server ==========
> mongodb   1.2.5   stable <---
> ssh2      0.13    stable <---
>
> The backup/test server where upgraded from Horde Groupware Webmail  
> Edition 5.2.18 to 5.2.19.
>
> The production server where upgraded from Horde Groupware Webmail  
> Edition 5.2.17 to 5.2.19. From the upgrade process on this server, I  
> can see:
>
> downloading ssh2-0.13.tgz ...
> Starting to download ssh2-0.13.tgz (28,984 bytes)
> ...done: 28,984 bytes
>
> and
>
> ERROR: pecl.php.net/ssh2 not installed
>
> Note, as listed above, that it has already installed ssh2 0.12 beta.

You probably had it installed with the -B flag of the pear command.

> Horde Groupware Webmail Edition seems to be working fine on both servers.
>
> Should I force to install ssh2-0.13 (production server)?

Do you use any SSH features in Horde at all? It's only used for SSH  
backends of the VFS. If you don't use it, you don't need to install or  
update it either.

> Should I force upgrade to the newer versions of the packages listed  
> above, on both servers?

Only you can answer this. It makes much sense though to have the same  
packages and package versions installed on your test like on your  
production server, otherwise you are not testing under the same  
conditions.

> What about the packages that are not installed on the backup/test  
> server, should I install them?

See above.

-- 
Jan Schneider
The Horde Project
https://www.horde.org/

More information about the horde mailing list