Recent changes to bugs

#4 Bad file role on Crypt_RSA

Jim Wigginton — Wed, 19 Nov 2014 14:33:03 -0000

See https://github.com/phpseclib/phpseclib/pull/286

#5 PEAR channel totally broken

Jim Wigginton — Wed, 19 Nov 2014 14:22:45 -0000

I was able to install phpseclib/Net_SFTP just fine using the instructions at http://phpseclib.sourceforge.net/pear.htm.

As for your point # 1:

Here's the channel.xml file:

<channel version="1.0" xmlns="http://pear.php.net/channel-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/channel-1.0 http://pear.php.net/dtd/channel-1.0.xsd"> <name>phpseclib.sourceforge.net</name> <summary>PHP Secure Communications Library PEAR channel</summary> <suggestedalias>phpseclib</suggestedalias> <servers> <primary> <rest> <baseurl type="REST1.0">http://phpseclib.sourceforge.net//rest/</baseurl> <baseurl type="REST1.1">http://phpseclib.sourceforge.net//rest/</baseurl> <baseurl type="REST1.2">http://phpseclib.sourceforge.net//rest/</baseurl> <baseurl type="REST1.3">http://phpseclib.sourceforge.net//rest/</baseurl> </rest> </primary> </servers> </channel>

I assume the URL you're talking about is http://phpseclib.sourceforge.net//rest/ ? Because although you're not able to view the directory contents by visiting that URL it does exist as evidenced by this:

http://phpseclib.sourceforge.net//rest/p/packages.xml

I could put a .htaccess there with "Options +Indexes" but you have not convinced me of it's necessity.

As for your point # 2:

wget http://download.pear.php.net/package/Archive_Tar-1.3.13.tgz
tar tf Archive_Tar-1.3.13.tgz

That outputs this:

package.xml
Archive_Tar-1.3.13/Archive/Tar.php
Archive_Tar-1.3.13/docs/Archive_Tar.txt

As for your point # 3:

From Archive_Tar's package.xml:

So basically, phpseclib's PEAR channel behaves in the exact same way as php.net's PEAR channel. At least w.r.t. your #2 and #3 points. Does that mean you're going to open up bug reports against pear.php.net as well?

PEAR channel totally broken

Remi COLLET — Tue, 25 Feb 2014 13:22:59 -0000

1st/ http://phpseclib.sourceforge.net/channel.xml contains URL to http://phpseclib.sourceforge.org which doesn't exist.

2nd/ packages are broken
$ tar tf Crypt_AES-0.3.6.tgz
/Crypt_AES-0.3.6/Crypt/AES.php
package.xml

And in package.xml
...file baseinstalldir="Crypt" name="AES.php" role="php"...

So pear expect Crypt_AES-0.3.6/AES.php which doesn't exists.

Bad file role on Crypt_RSA

Remi COLLET — Tue, 07 Jan 2014 14:17:17 -0000

When installed from PEAR channel, openssl.conf role is set to "php" when it's obviously a configuration file.

Patch proposal (on https://bugzilla.redhat.com/1047608)
https://bugzilla.redhat.com/attachment.cgi?id=846562

This patch allow to find the file when executed from manual installation and when installed from pear channel.

SFTP can't delete directory

Anonymous — Tue, 27 Dec 2011 18:20:21 -0000

Can't delete directories over SFTP (0.2.2).
Can't even delete empty directories.
Can delete files ok.
Tried with and without trailing slash.

SFTP delete not working

Anonymous — Wed, 20 Oct 2010 09:33:12 -0000

I'm download version 0.2.1a , and try to call the SFTP::delete.

I guess prob on NET/SFTP.php at line:1173
change variable $path to $remote_file, and delete working now.

PHP notice output during unserialization of Math_BigInteger

Brion Vibber — Mon, 22 Mar 2010 20:17:19 -0000

Tested with current CVS (version 1.31 of Math/BigInteger.php).

If a Math_BigInteger with value 0 is serialized, the hex representation saved from __sleep() is empty. When this is fed back into the constructor by __wakeup() at unserialize time, we end up at some point getting a notice output trying to access the first character in the string.

Since Crypt_RSA objects store a bigint 0 value, this hits anything that serializes Crypt_RSA objects.

Example code:

<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

require "Math/BigInteger.php";

$zero = new Math_BigInteger();
print "Original: " . $zero->toString() . "\n";

$ser = serialize($zero);
print "Serialized: $ser\n";

$zero2 = unserialize($ser);
print "Unserialized: " . $zero2->toString() . "\n";

Expected output:
$ php demo.php
Original: 0
Serialized: O:15:"Math_BigInteger":1:{s:3:"hex";s:0:"";}
Unserialized: 0

Actual output:
$ php demo.php
Original: 0
Serialized: O:15:"Math_BigInteger":1:{s:3:"hex";s:0:"";}

Notice: Uninitialized string offset: 0 in /home/brion/src/bigint/phpseclib/Math/BigInteger.php on line 354
Unserialized: 0

Patch attached, avoids using the empty string when waking.