ports/88572: Security fix: upgrade pear-PEAR to 1.4.4.

Thierry Thomas thierry at pompo.net
Sun Nov 6 22:00:33 UTC 2005 

>Number:         88572
>Category:       ports
>Synopsis:       Security fix: upgrade pear-PEAR to 1.4.4.
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 06 22:00:29 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Thierry Thomas
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
Kabbale Eros
>Environment:
System: FreeBSD graf.pompo.net 6.0-STABLE FreeBSD 6.0-STABLE #1: Fri Nov 4 23:55:27 CET 2005 thierry at graf.pompo.net:/usr/obj/usr/src/sys/GRAF051104 i386


	
>Description:
	This upgrade fixes the problem described at
	<http://www.vuxml.org/freebsd/44e5f5bd-4d76-11da-bf37-000fb586ba73.html>.

>How-To-Repeat:
	N/A.

>Fix:
	Apply the following patch:

--- pear-PEAR.diff begins here ---
diff -urN devel/pear-PEAR.orig/Makefile devel/pear-PEAR/Makefile
--- devel/pear-PEAR.orig/Makefile	Thu Jun 30 21:45:09 2005
+++ devel/pear-PEAR/Makefile	Sun Nov  6 22:00:03 2005
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	PEAR
-PORTVERSION=	1.3.5
-PORTREVISION=	1
+PORTVERSION=	1.4.4
 CATEGORIES=	devel www pear
 
 MAINTAINER=	antonio at php.net
@@ -18,21 +17,61 @@
 		${PEARDIR}/XML/RPC.php:${PORTSDIR}/devel/pear-XML_RPC
 RUN_DEPENDS=	${BUILD_DEPENDS}
 
-FILES=		OS/Guess.php PEAR/Command/Auth.php PEAR/Command/Build.php \
-		PEAR/Command/Common.php PEAR/Command/Config.php \
-		PEAR/Command/Install.php PEAR/Command/Package.php \
-		PEAR/Command/Registry.php PEAR/Command/Remote.php \
-		PEAR/Command/Mirror.php PEAR/Frontend/CLI.php PEAR/Autoloader.php \
-		PEAR/Command.php PEAR/Common.php PEAR/Config.php PEAR/Dependency.php \
-		PEAR/Downloader.php PEAR/Exception.php PEAR/ErrorStack.php \
-		PEAR/Builder.php PEAR/Installer.php PEAR/Packager.php PEAR/Registry.php \
-		PEAR/Remote.php PEAR/RunTest.php PEAR.php System.php \
-		package.dtd template.spec
+USE_REINPLACE=	yes
+
+FILES=		OS/Guess.php PEAR/ChannelFile/Parser.php PEAR/Command/Auth.xml		\
+		PEAR/Command/Auth.php PEAR/Command/Build.xml PEAR/Command/Build.php	\
+		PEAR/Command/Channels.xml PEAR/Command/Channels.php			\
+		PEAR/Command/Common.php PEAR/Command/Config.xml PEAR/Command/Config.php	\
+		PEAR/Command/Install.xml PEAR/Command/Install.php			\
+		PEAR/Command/Package.xml PEAR/Command/Package.php			\
+		PEAR/Command/Pickle.xml PEAR/Command/Pickle.php				\
+		PEAR/Command/Registry.xml PEAR/Command/Registry.php			\
+		PEAR/Command/Remote.xml PEAR/Command/Remote.php				\
+		PEAR/Command/Mirror.xml PEAR/Command/Mirror.php				\
+		PEAR/Command/Test.xml PEAR/Command/Test.php PEAR/Downloader/Package.php	\
+		PEAR/Frontend/CLI.php PEAR/Installer/Role/Common.php			\
+		PEAR/Installer/Role/Data.xml PEAR/Installer/Role/Data.php		\
+		PEAR/Installer/Role/Doc.xml PEAR/Installer/Role/Doc.php			\
+		PEAR/Installer/Role/Ext.xml PEAR/Installer/Role/Ext.php			\
+		PEAR/Installer/Role/Php.xml PEAR/Installer/Role/Php.php			\
+		PEAR/Installer/Role/Script.xml PEAR/Installer/Role/Script.php		\
+		PEAR/Installer/Role/Src.xml PEAR/Installer/Role/Src.php			\
+		PEAR/Installer/Role/Test.xml PEAR/Installer/Role/Test.php		\
+		PEAR/Installer/Role.php PEAR/PackageFile/Generator/v1.php		\
+		PEAR/PackageFile/Generator/v2.php PEAR/PackageFile/Parser/v1.php	\
+		PEAR/PackageFile/Parser/v2.php PEAR/PackageFile/v2/rw.php		\
+		PEAR/PackageFile/v2/Validator.php PEAR/PackageFile/v1.php		\
+		PEAR/PackageFile/v2.php PEAR/REST/10.php PEAR/REST/11.php		\
+		PEAR/Task/Postinstallscript/rw.php PEAR/Task/Replace/rw.php		\
+		PEAR/Task/Unixeol/rw.php PEAR/Task/Windowseol/rw.php			\
+		PEAR/Task/Common.php PEAR/Task/Postinstallscript.php			\
+		PEAR/Task/Replace.php PEAR/Task/Unixeol.php PEAR/Task/Windowseol.php	\
+		PEAR/Validator/PECL.php PEAR/Autoloader.php PEAR/Builder.php		\
+		PEAR/ChannelFile.php PEAR/Command.php PEAR/Common.php PEAR/Config.php	\
+		PEAR/Dependency.php PEAR/DependencyDB.php PEAR/Dependency2.php		\
+		PEAR/Downloader.php PEAR/ErrorStack.php PEAR/Exception.php		\
+		PEAR/Frontend.php PEAR/Installer.php PEAR/Packager.php			\
+		PEAR/PackageFile.php PEAR/Registry.php PEAR/Remote.php PEAR/REST.php	\
+		PEAR/RunTest.php PEAR/Validate.php PEAR/XMLParser.php package.dtd	\
+		template.spec PEAR.php System.php
 SCRIPTFILES=	pear2
 
 .include <bsd.port.pre.mk>
 
+pre-patch:
+.for dosfile in ${FILES} scripts/pearcmd.php
+	@${MV} ${WRKSRC}/${dosfile} ${WRKSRC}/${dosfile}.dos
+	@${TR} -d '\r' < ${WRKSRC}/${dosfile}.dos > ${WRKSRC}/${dosfile}
+.endfor
+
 post-patch:
+.for origfile in ${FILES}
+	@${REINPLACE_CMD} -e 's|@pear_version@|${PORTVERSION}|g'	\
+			-e 's|@PEAR-VER@|${PORTVERSION}|g'		\
+			-e 's|@DATA-DIR@|${PEARDIR}|g'		\
+		${WRKSRC}/${origfile}
+.endfor
 	@${SED} "s|@pear_version@|${PORTVERSION}|g" \
 		${WRKSRC}/scripts/pearcmd.php > ${WRKSRC}/pear-${SCRIPTFILES}
 
diff -urN devel/pear-PEAR.orig/distinfo devel/pear-PEAR/distinfo
--- devel/pear-PEAR.orig/distinfo	Fri Feb 18 12:10:04 2005
+++ devel/pear-PEAR/distinfo	Sun Nov  6 21:06:32 2005
@@ -1,2 +1,2 @@
-MD5 (PEAR/PEAR-1.3.5.tgz) = 8fead7fddb93f9b3cecd740823daafd2
-SIZE (PEAR/PEAR-1.3.5.tgz) = 108423
+MD5 (PEAR/PEAR-1.4.4.tgz) = 20c5d38b16b364bbf5395e6890f048e4
+SIZE (PEAR/PEAR-1.4.4.tgz) = 276978
diff -urN devel/pear-PEAR.orig/files/patch-scripts::pearcmd.php devel/pear-PEAR/files/patch-scripts::pearcmd.php
--- devel/pear-PEAR.orig/files/patch-scripts::pearcmd.php	Thu Jun 30 21:45:09 2005
+++ devel/pear-PEAR/files/patch-scripts::pearcmd.php	Sun Nov  6 21:21:41 2005
@@ -1,20 +1,19 @@
---- scripts/pearcmd.php.orig	Wed Oct 27 02:58:21 2004
-+++ scripts/pearcmd.php	Thu Dec 16 17:30:19 2004
+--- scripts/pearcmd.php.orig	Sun Nov  6 21:17:11 2005
++++ scripts/pearcmd.php	Sun Nov  6 21:19:20 2005
 @@ -1,3 +1,4 @@
 +#!@php_bin@ -nq
  <?php
  //
  // +----------------------------------------------------------------------+
-@@ -24,8 +25,11 @@
+@@ -29,8 +30,10 @@
  /**
   * @nodep Gtk
   */
 +dl('pcre.so');
 +dl('xml.so');
-+
  if ('@include_path@' != '@'.'include_path'.'@') {
 -    ini_set('include_path', '@include_path@');
 +    ini_set('include_path', '@include_path@:@include_path@/bootstrap');
- }
- ini_set('allow_url_fopen', true);
- if (!ini_get('safe_mode')) {
+     $raw = false;
+ } else {
+     // this is a raw, uninstalled pear, either a cvs checkout, or php distro
--- pear-PEAR.diff ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list