PEAR server is down

[ghost]

Describe the bug PEAR server is down

How to reproduce Reproduce Steps to reproduce the behavior please explain how to reproduce the bug: docker-compose up

Logs OK: 436 MiB in 173 packages No releases available for package "pear.php.net/Net_IDNA2" No releases available for package "pear.php.net/Auth_SASL" No releases available for package "pear.php.net/Net_IMAP" No releases available for package "pear.php.net/Net_Sieve" No releases available for package "pear.php.net/NET_SMTP" No releases available for package "pear.php.net/Mail_mime" install failed ERROR: Service 'php-fpm-mailcow' failed to build: The command '/bin/sh -c apk add -U --no-cache autoconf bash c-client cyrus-sasl-dev freetype freetype-dev g++ gettext-dev icu-dev icu-libs imagemagick imagemagick-dev imap-dev jq libjpeg-turbo libjpeg-turbo-dev libmemcached-dev libpng libpng-dev libressl libressl-dev librsvg libtool libwebp-dev libxml2-dev libxpm-dev make mysql-client openldap-dev pcre-dev re2c redis samba-client zlib-dev tzdata && pear install channel://pear.php.net/Net_IDNA2-0.2.0 channel://pear.php.net/Auth_SASL-1.1.0 Net_IMAP Net_Sieve NET_SMTP Mail_mime && pecl install redis-${REDIS_PECL} memcached-${MEMCACHED_PECL} APCu-${APCU_PECL} imagick-${IMAGICK_PECL} mailparse-${MAILPARSE_PECL} && docker-php-ext-enable apcu imagick mailparse memcached redis && pecl clear-cache && docker-php-ext-configure intl && docker-php-ext-configure gd --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/include/ --with-png-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && docker-php-ext-install -j 4 gd gettext intl ldap opcache pcntl pdo pdo_mysql soap sockets xmlrpc zip && docker-php-ext-configure imap --with-imap --with-imap-ssl && docker-php-ext-install -j 4 imap && apk del --purge autoconf cyrus-sasl-dev freetype-dev g++ icu-dev imagemagick-dev imap-dev libjpeg-turbo-dev libpng-dev libressl-dev libwebp-dev libxml2-dev make pcre-dev zlib-dev' returned a non-zero code: 1

System

• OS: Debian 9

Additional context should we take action to circumvent this or wait for the server to come back? no updates and new installations do not work. I tried pear install package.tar.gz (Net_IDNA2 etc) but I could not

[ntimo]

You could simply use docker-compose pull to pull the php-fpm image from Docker Hub that would work fine :)

[chriscroome]

This is not an accident:

PEAR server is down

A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered. The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the PEAR Blog once it's back online.

If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If different, you may have the infected file.

There is no ETA for when the server will be back up.

http://pear.php.net/

[tha80]

I don't get why this ticket has been closed? The problem still exists.

The suggestion to pull the php-fpm image from docker hub is just a workaround for fetching the already released versions of php-fpm, but not a real solution to rebuilding the image.

At the moment there is no solution for people wanting to be able to build their own images (for example to be sure that these are not compromised).

[mkuron]

Since PHP 7.2.14 was released a few weeks ago and we haven't upgraded yet (still running 7.2.13, which has a few known but minor security issues), this has actually become an issue that needs to be solved. As we don't know when PEAR will be available again, we may need to just remove these modules from the Dockerfile. I don't think Mailcow needs them, but people who use Roundcube for their webmail do need them. Unless we can instead install the modules directly from https://github.com/pear/, these people may be out of luck for now.

[ghost]

Hi everyone, thank you for your support. in fact there is a problem, however as the pull downloaded the images that I did I thought it best closed. but since we are going to solve this problem, I believe we have three ways:

• build the necessary extensions (pear install tar.gz does not work)
• use the official image of the roundcube and leave it in charge of saving the extensions (https://hub.docker.com/r/roundcube/roundcubemail/)
• replace the roudcube by Rainloop (https://www.rainloop.net/) with the most impact

Many thanks for the support.

[andryyy]

I will push an image without pear modules and check Roundcube. Iirc it comes with those modules in the complete package.

You cannot tell everybody who uses Roundcube to schuck off and use Rainloop now. Or another container.

I don’t want to break those setups.

[andryyy]

Btw. no 7.3 because of a missing mailparse lib. There is a snapshot that should work though.

[ntimo]

https://pear.php.net/ is back online.

[lukas085]

I'm trying to install Roundcube and added line to phpfpm/Dockerfile:

&& pear install auth_sasl net_smtp net_idna2-beta mail_mime net_ldap3

next I run:

docker build data/Dockerfiles/phpfpm -t mailcow/phpfpm

Console output:

downloading Auth_SASL-1.1.0.tgz ...
Starting to download Auth_SASL-1.1.0.tgz (9,380 bytes)
.....done: 9,380 bytes
downloading Net_SMTP-1.8.1.tgz ...
Starting to download Net_SMTP-1.8.1.tgz (14,931 bytes)
...done: 14,931 bytes
downloading Net_IDNA2-0.2.0.tgz ...
Starting to download Net_IDNA2-0.2.0.tgz (24,624 bytes)
...done: 24,624 bytes
downloading Mail_Mime-1.10.2.tgz ...
Starting to download Mail_Mime-1.10.2.tgz (36,501 bytes)
...done: 36,501 bytes
downloading Net_Socket-1.2.2.tgz ...
Starting to download Net_Socket-1.2.2.tgz (6,903 bytes)
...done: 6,903 bytes
install ok: channel://pear.php.net/Auth_SASL-1.1.0
install ok: channel://pear.php.net/Net_IDNA2-0.2.0
install ok: channel://pear.php.net/Mail_Mime-1.10.2
install ok: channel://pear.php.net/Net_Socket-1.2.2
install ok: channel://pear.php.net/Net_SMTP-1.8.1

next:

docker-compose down && docker-compose up -d

but there is no packages I added:

/opt/mailcow-dockerized# docker-compose exec php-fpm-mailcow /bin/bash
WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string.
bash-4.4# pear list
Installed packages, channel pear.php.net:
=========================================
Package          Version State
Archive_Tar      1.4.4   stable
Console_Getopt   1.4.1   stable
PEAR             1.10.7  stable
Structures_Graph 1.1.1   stable
XML_Util         1.4.3   stable

Why?

[andryyy]

docker-compose build php-fpm-mailcow

You shouldn't need these packages anyway. Roundcube ships with these modules, iirc (the full version).

[lukas085]

Thanks, I had 1.4-rc1 version installed from github. Now I have 1.3.9 from sources and required modules are shipped in package.