phar "C:\wamp\bin\php\php5.3.1\PEAR\go-pear.phar" does not have a signature Warning: require_once(phar://go-pear.phar/index.php): failed to open stream: pha r error: invalid url or non-existent phar "phar://go-pear.phar/index.php" in C:\ wamp\bin\php\php5.3.1\PEAR\go-pear.phar on line 1236 Press any key to continue . . .
manifest cannot be larger than 100 MB in phar "K:\xampp\php\PEAR\go-pear.phar"PH P Warning: require_once(phar://go-pear.phar/index.php): failed to open stream: phar error: invalid url or non-existent phar "phar://go-pear.phar/index.php" in K:\xampp\php\PEAR\go-pear.phar on line 1236
Warning: require_once(phar://go-pear.phar/index.php): failed to open stream: pha r error: invalid url or non-existent phar "phar://go-pear.phar/index.php" in K:\ xampp\php\PEAR\go-pear.phar on line 1236 Press any key to continue
c:\php\go-pear in the command line. This should install the Package installer, but I only get this error: Could not open input file: PEAR\go-pear.phar PEAR\go-pear.phar does exist. Does anybody have a possible solution for this? Am I doing something wrong? Kneek Msg#:3016322 6:48 pm on Jul 20, 2006 (gmt 0)
There was a PEAR installer go-pear.bat that referred to ./PEAR/go-pear.phar in php versions prior to 5.3 on Windows. But since version 5.3 this installer is absent. Strange enough but official PEAR installation guide still refers to the absent go-pear.bat file. But then it writes about update of PEAR installation by requesting a new go-pear.phar and that is what we should actually do at the beginning.
1. Download go-pear.phar from -pear.phar and save it in the php root folder.
If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If different, you may have the infected file.
I tried to create a go-pear.phar from github pear-core, but I could not.
So, I have to wait a little more, I think. Besides, NodeJs and other issues, the last problem completely stopped my progress.
Best Regards,
Ugur
On Jan. 19, 2019, the @pear Twitter account for the PHP Extension and Application Repository (PEAR) put out a notification that a security breach had been found on the pear.php.net web server. The only information that has been communicated thus far is that a compromised version of the PHP PEAR package manager go-pear.phar was found in the core PEAR filesystem. Administrators have taken down the website while they perform a forensic investigation to determine when they can restore it to clean state. As of Jan. 22, 2019, the site is still serving an outage notification page instead of the usual package archive page.
If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If different, you may have the infected file.
PHP developers can use the PEAR version that ships with their PHP distribution, but they can also download an updated PEAR (go-pear.phar) version from the PEAR website (which also hosts all PEAR-compatible PHP libraries).
"If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes," said the message on the official website. "If different, you may have the infected file."
According to a VirusTotal scan of the tainted go-pear.phar file, the malicious version made available through the official PEAR website appears to contain what some antivirus vendors are describing as a backdoor.
All PHP web servers where administrators installed an update to the PHP PEAR executable (go-pear.phar) that they downloaded from the PEAR website should be considered compromised and treated accordingly.
The PHP PEAR team says it's still auditing and rebuilding its website, looking for the security hole that attackers exploited six months ago to plant the backdoored go-pear.phar file in the first place.
The framework developers havetaken the website offline after noticing that the original PHP PEAR package manager(go-pear.phar) was swapped in their file system. The malicious version seems tohave been available for download for more than six months, meaning everyone whodownloaded the package from the official webpage in that time could have beencompromised.
cPanel & WHM users have nothing to fear, as we build our RPMs from GitHub, which does not pull in the compromised go-pear.phar archive to our RPMs. This means there are no indications that any cPanel RPMs containing PEAR packages are compromised.
9738318194