From thierry@pompo.net  Sun Nov  6 21:52:53 2005
Return-Path: <thierry@pompo.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C5F0C16A420
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  6 Nov 2005 21:52:53 +0000 (GMT)
	(envelope-from thierry@pompo.net)
Received: from graf.pompo.net (graf.pompo.net [81.56.186.139])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D040843D45
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  6 Nov 2005 21:52:52 +0000 (GMT)
	(envelope-from thierry@pompo.net)
Received: by graf.pompo.net (Postfix, from userid 1001)
	id B9DB080AC; Sun,  6 Nov 2005 22:52:46 +0100 (CET)
Message-Id: <20051106215246.B9DB080AC@graf.pompo.net>
Date: Sun,  6 Nov 2005 22:52:46 +0100 (CET)
From: Thierry Thomas <thierry@pompo.net>
Reply-To: Thierry Thomas <thierry@pompo.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Antnio Carlos Venncio Jnior <antonio@php.net>
Subject: Security fix: upgrade pear-PEAR to 1.4.4.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         88572
>Category:       ports
>Synopsis:       Security fix: upgrade pear-PEAR to 1.4.4.
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    thierry
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 06 22:00:29 GMT 2005
>Closed-Date:    Mon Nov 07 18:02:11 GMT 2005
>Last-Modified:  Mon Nov 07 18:02:11 GMT 2005
>Originator:     Thierry Thomas
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
Kabbale Eros
>Environment:
System: FreeBSD graf.pompo.net 6.0-STABLE FreeBSD 6.0-STABLE #1: Fri Nov 4 23:55:27 CET 2005 thierry@graf.pompo.net:/usr/obj/usr/src/sys/GRAF051104 i386


	
>Description:
	This upgrade fixes the problem described at
	<http://www.vuxml.org/freebsd/44e5f5bd-4d76-11da-bf37-000fb586ba73.html>.

>How-To-Repeat:
	N/A.

>Fix:
	Apply the following patch:

--- pear-PEAR.diff begins here ---
diff -urN devel/pear-PEAR.orig/Makefile devel/pear-PEAR/Makefile
--- devel/pear-PEAR.orig/Makefile	Thu Jun 30 21:45:09 2005
+++ devel/pear-PEAR/Makefile	Sun Nov  6 22:00:03 2005
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	PEAR
-PORTVERSION=	1.3.5
-PORTREVISION=	1
+PORTVERSION=	1.4.4
 CATEGORIES=	devel www pear
 
 MAINTAINER=	antonio@php.net
@@ -18,21 +17,61 @@
 		${PEARDIR}/XML/RPC.php:${PORTSDIR}/devel/pear-XML_RPC
 RUN_DEPENDS=	${BUILD_DEPENDS}
 
-FILES=		OS/Guess.php PEAR/Command/Auth.php PEAR/Command/Build.php \
-		PEAR/Command/Common.php PEAR/Command/Config.php \
-		PEAR/Command/Install.php PEAR/Command/Package.php \
-		PEAR/Command/Registry.php PEAR/Command/Remote.php \
-		PEAR/Command/Mirror.php PEAR/Frontend/CLI.php PEAR/Autoloader.php \
-		PEAR/Command.php PEAR/Common.php PEAR/Config.php PEAR/Dependency.php \
-		PEAR/Downloader.php PEAR/Exception.php PEAR/ErrorStack.php \
-		PEAR/Builder.php PEAR/Installer.php PEAR/Packager.php PEAR/Registry.php \
-		PEAR/Remote.php PEAR/RunTest.php PEAR.php System.php \
-		package.dtd template.spec
+USE_REINPLACE=	yes
+
+FILES=		OS/Guess.php PEAR/ChannelFile/Parser.php PEAR/Command/Auth.xml		\
+		PEAR/Command/Auth.php PEAR/Command/Build.xml PEAR/Command/Build.php	\
+		PEAR/Command/Channels.xml PEAR/Command/Channels.php			\
+		PEAR/Command/Common.php PEAR/Command/Config.xml PEAR/Command/Config.php	\
+		PEAR/Command/Install.xml PEAR/Command/Install.php			\
+		PEAR/Command/Package.xml PEAR/Command/Package.php			\
+		PEAR/Command/Pickle.xml PEAR/Command/Pickle.php				\
+		PEAR/Command/Registry.xml PEAR/Command/Registry.php			\
+		PEAR/Command/Remote.xml PEAR/Command/Remote.php				\
+		PEAR/Command/Mirror.xml PEAR/Command/Mirror.php				\
+		PEAR/Command/Test.xml PEAR/Command/Test.php PEAR/Downloader/Package.php	\
+		PEAR/Frontend/CLI.php PEAR/Installer/Role/Common.php			\
+		PEAR/Installer/Role/Data.xml PEAR/Installer/Role/Data.php		\
+		PEAR/Installer/Role/Doc.xml PEAR/Installer/Role/Doc.php			\
+		PEAR/Installer/Role/Ext.xml PEAR/Installer/Role/Ext.php			\
+		PEAR/Installer/Role/Php.xml PEAR/Installer/Role/Php.php			\
+		PEAR/Installer/Role/Script.xml PEAR/Installer/Role/Script.php		\
+		PEAR/Installer/Role/Src.xml PEAR/Installer/Role/Src.php			\
+		PEAR/Installer/Role/Test.xml PEAR/Installer/Role/Test.php		\
+		PEAR/Installer/Role.php PEAR/PackageFile/Generator/v1.php		\
+		PEAR/PackageFile/Generator/v2.php PEAR/PackageFile/Parser/v1.php	\
+		PEAR/PackageFile/Parser/v2.php PEAR/PackageFile/v2/rw.php		\
+		PEAR/PackageFile/v2/Validator.php PEAR/PackageFile/v1.php		\
+		PEAR/PackageFile/v2.php PEAR/REST/10.php PEAR/REST/11.php		\
+		PEAR/Task/Postinstallscript/rw.php PEAR/Task/Replace/rw.php		\
+		PEAR/Task/Unixeol/rw.php PEAR/Task/Windowseol/rw.php			\
+		PEAR/Task/Common.php PEAR/Task/Postinstallscript.php			\
+		PEAR/Task/Replace.php PEAR/Task/Unixeol.php PEAR/Task/Windowseol.php	\
+		PEAR/Validator/PECL.php PEAR/Autoloader.php PEAR/Builder.php		\
+		PEAR/ChannelFile.php PEAR/Command.php PEAR/Common.php PEAR/Config.php	\
+		PEAR/Dependency.php PEAR/DependencyDB.php PEAR/Dependency2.php		\
+		PEAR/Downloader.php PEAR/ErrorStack.php PEAR/Exception.php		\
+		PEAR/Frontend.php PEAR/Installer.php PEAR/Packager.php			\
+		PEAR/PackageFile.php PEAR/Registry.php PEAR/Remote.php PEAR/REST.php	\
+		PEAR/RunTest.php PEAR/Validate.php PEAR/XMLParser.php package.dtd	\
+		template.spec PEAR.php System.php
 SCRIPTFILES=	pear2
 
 .include <bsd.port.pre.mk>
 
+pre-patch:
+.for dosfile in ${FILES} scripts/pearcmd.php
+	@${MV} ${WRKSRC}/${dosfile} ${WRKSRC}/${dosfile}.dos
+	@${TR} -d '\r' < ${WRKSRC}/${dosfile}.dos > ${WRKSRC}/${dosfile}
+.endfor
+
 post-patch:
+.for origfile in ${FILES}
+	@${REINPLACE_CMD} -e 's|@pear_version@|${PORTVERSION}|g'	\
+			-e 's|@PEAR-VER@|${PORTVERSION}|g'		\
+			-e 's|@DATA-DIR@|${PEARDIR}|g'		\
+		${WRKSRC}/${origfile}
+.endfor
 	@${SED} "s|@pear_version@|${PORTVERSION}|g" \
 		${WRKSRC}/scripts/pearcmd.php > ${WRKSRC}/pear-${SCRIPTFILES}
 
diff -urN devel/pear-PEAR.orig/distinfo devel/pear-PEAR/distinfo
--- devel/pear-PEAR.orig/distinfo	Fri Feb 18 12:10:04 2005
+++ devel/pear-PEAR/distinfo	Sun Nov  6 21:06:32 2005
@@ -1,2 +1,2 @@
-MD5 (PEAR/PEAR-1.3.5.tgz) = 8fead7fddb93f9b3cecd740823daafd2
-SIZE (PEAR/PEAR-1.3.5.tgz) = 108423
+MD5 (PEAR/PEAR-1.4.4.tgz) = 20c5d38b16b364bbf5395e6890f048e4
+SIZE (PEAR/PEAR-1.4.4.tgz) = 276978
diff -urN devel/pear-PEAR.orig/files/patch-scripts::pearcmd.php devel/pear-PEAR/files/patch-scripts::pearcmd.php
--- devel/pear-PEAR.orig/files/patch-scripts::pearcmd.php	Thu Jun 30 21:45:09 2005
+++ devel/pear-PEAR/files/patch-scripts::pearcmd.php	Sun Nov  6 21:21:41 2005
@@ -1,20 +1,19 @@
---- scripts/pearcmd.php.orig	Wed Oct 27 02:58:21 2004
-+++ scripts/pearcmd.php	Thu Dec 16 17:30:19 2004
+--- scripts/pearcmd.php.orig	Sun Nov  6 21:17:11 2005
++++ scripts/pearcmd.php	Sun Nov  6 21:19:20 2005
 @@ -1,3 +1,4 @@
 +#!@php_bin@ -nq
  <?php
  //
  // +----------------------------------------------------------------------+
-@@ -24,8 +25,11 @@
+@@ -29,8 +30,10 @@
  /**
   * @nodep Gtk
   */
 +dl('pcre.so');
 +dl('xml.so');
-+
  if ('@include_path@' != '@'.'include_path'.'@') {
 -    ini_set('include_path', '@include_path@');
 +    ini_set('include_path', '@include_path@:@include_path@/bootstrap');
- }
- ini_set('allow_url_fopen', true);
- if (!ini_get('safe_mode')) {
+     $raw = false;
+ } else {
+     // this is a raw, uninstalled pear, either a cvs checkout, or php distro
--- pear-PEAR.diff ends here ---

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: thierry 
State-Changed-When: Sun Nov 6 22:26:32 GMT 2005 
State-Changed-Why:  

Waiting for maintainer's approval. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=88572 

From: Marcus Alves Grando <mnag@FreeBSD.org>
To: bug-followup@FreeBSD.org,  antonio@php.net
Cc:  
Subject: Re: ports/88572: Security fix: upgrade pear-PEAR to 1.4.4.
Date: Sun, 06 Nov 2005 21:29:01 -0200

 Dear maintainer,
 
 Do you approve this update?
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=88572
 
 Thanks
 
 -- 
 Marcus Alves Grando
 marcus(at)corp.grupos.com.br  |  Grupos Internet S/A
   mnag(at)FreeBSD.org         |  FreeBSD.org

From: Antonio Carlos Venancio Junior <antonio@php.net>
To: bug-followup@FreeBSD.org,  mnag@FreeBSD.org
Cc: Thierry Thomas <thierry@FreeBSD.org>
Subject: Re: ports/88572: Security fix: upgrade pear-PEAR to 1.4.4.
Date: Mon, 07 Nov 2005 14:25:32 -0200

 Marcus,
 
 	Approved. Thank you!
 
 Marcus Alves Grando wrote:
 > Dear maintainer,
 > 
 > Do you approve this update?
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=88572
 > 
 > Thanks
 > 
 
 
 -- 
 Cya
 
 Antonio
 echo antonio php net | sed 's/ /@/;s/ /./g'
 FreeBSD/OpenBSD | PHP/MySQL | PGP Key ID 0x5BBEB073
 "Can't buy what I want because its FREE!" - Pearl Jam
 
State-Changed-From-To: feedback->open 
State-Changed-By: thierry 
State-Changed-When: Mon Nov 7 17:54:54 GMT 2005 
State-Changed-Why:  

Feedback received. Thanks! 



Responsible-Changed-From-To: freebsd-ports-bugs->thierry 
Responsible-Changed-By: thierry 
Responsible-Changed-When: Mon Nov 7 17:54:54 GMT 2005 
Responsible-Changed-Why:  

Take it. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=88572 
State-Changed-From-To: open->closed 
State-Changed-By: thierry 
State-Changed-When: Mon Nov 7 18:00:59 GMT 2005 
State-Changed-Why:  

Committed. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=88572 
>Unformatted:
