Kolab 3.2 and php

[Christian Hügel]

Good morning Timotheus,

Am 02-03-2015 08:47, schrieb Timotheus Pokorra:
> Hello Christian,
> 
>> yes you're right but RedHat/CentOS doesn't ship any updated versions 
>> of
>> php. The latest version is 5.3.3 which is pretty outdated. Some new
>> applications like owncloud etc. doesn't even support 5.3 any more. So 
>> I
>> have to switch to a third party repo to upgrade my php.
> 
> I am glad that you are wrong on this :)
> There are two things: security updates, and feature updates.
> 

of course, you´re right. When I wrote that I meant the feature updates 
:)

> With CentOS, you get all the security updates even for PHP 5.3, until
> the lifetime of CentOS/RHEL 6 ends (in the year 2020).
> 
> I checked this:
> rpm -qa | grep php
>   php-cli-5.3.3-40.el6_6.x86_64
>   php-common-5.3.3-40.el6_6.x86_64
>   php-5.3.3-40.el6_6.x86_64
> 
> And downloaded the source rpm:
> http://vault.centos.org/6.6/updates/Source/SPackages/php-5.3.3-40.el6_6.src.rpm
> 
> inside the spec file you can see:
> %changelog
> * Thu Oct 23 2014 Jan Kaluza <jkaluza at redhat.com> - 5.3.3-40
> - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
> 
> * Tue Oct 21 2014 Remi Collet <rcollet at redhat.com> - 5.3.3-39
> - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
> - core: fix integer overflow in unserialize() CVE-2014-3669
> - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
> 
> So this means, that php 5.3.3 on CentOS6 is uptodate regarding security 
> updates.
> 
> Of course, there are no functionality updates from later php releases.
> But for Kolab, php 5.3.3 is enough, and I think it is better not to
> have several other services running on the same virtual machine beside
> Kolab. Nowadays it is so easy to just create another virtual machine,
> where you can run your ownCloud etc.
> 
> This makes more sense than packaging your own Kolab packages, I think.
> 

OK, are you thinking about containers? ;)

Christian