Advertisement:

Author Topic: SMF 2.0.2 and 1.1.16 critical security patches released  (Read 1374518 times)

Offline cerbopoli

  • Semi-Newbie
  • *
  • Posts: 13
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #60 on: December 23, 2011, 04:29:02 PM »
Thanks CoreISP.  I will ask on the support boards as that is exactly what I have done and it is not working. 

Offline live627

  • Developer
  • SMF Hero
  • *
  • Posts: 3,887
  • Gender: Male
  • Cat: Destroy!
    • live627 on Facebook
    • @live627 on Twitter
    • livemods
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #61 on: December 23, 2011, 06:57:19 PM »
Could you put 2.0.2 on the mod site?
bump. Mods need to say they're compatible.
The kool-aid is bitter. There's something strange about this ride.

Offline KVL

  • Charter Member
  • Semi-Newbie
  • *
  • Posts: 14
  • Gender: Male
  • SMF: 1.1.19, 2.0.8
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #62 on: December 23, 2011, 07:00:11 PM »
Updates is ​​successfully. :) Thank you very much for your work! :) Merry Christmas and Happy New Year! :)

Offline MarkRH

  • Semi-Newbie
  • *
  • Posts: 58
  • Gender: Male
    • @mrheadrick on Twitter
    • Mark Headrick's Web Site
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #63 on: December 23, 2011, 08:24:08 PM »
Weird. My locally installed forum on my PC sees that the update is available but on my production one, the Administration center does not say an update is available. It also does not show the latest message in the "Live from Simple Machines forum" section about SMF 2.0.2 being available, just the SMF 2.0.1 and earlier messages.  Hmmm..

Well, I uploaded the 2.0.2 patch file manually and installed it via the Package Manager.  I still wonder why my local installation sees the 2.0.2 message in the Admin area and the installation at my webhost does not.  Bizarre.  It's like my server and SMF's server aren't on speaking terms for some reason.

I figured it out. The Fetch Simple Machines Files task failed this morning. I saw it in my error log. I manually ran the task and now I see the updated postings about 2.0.2.  I may need to adjust the time of day it does these checks as it seems to correspond with a lot of other server maintenance tasks at my host. At least I know what happened now. :)
« Last Edit: December 23, 2011, 09:39:35 PM by MarkRH »
Mark H.
Pelicar Fantasy RPG Forum using SMF 2.0.4

Offline Jntg4

  • Jr. Member
  • **
  • Posts: 151
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #64 on: December 23, 2011, 11:43:46 PM »
Thanks for Simply Machines Forum 2.0.2, Simple Machines Forum 1.1.16, and Simple Machines Forum 1.0.22!
Free Domain Name: http://www.co.cc/?id=167358

Offline Sapozhnik

  • Semi-Newbie
  • *
  • Posts: 40
    • new.aveo.com.ua on Facebook
    • @AveoNewClub on Twitter
    • Chevrolet Aveo New Клуб (Chevy Sonic Club)
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #65 on: December 24, 2011, 01:25:25 AM »
Update for SMF 2.0.1 contains fix for problems with downloading attachments by FF?

and this is fixed in this patch?

This problem was fix in FF 9.0.1
Update it ;)

Offline Linda.V

  • Jr. Member
  • **
  • Posts: 373
  • Gender: Female
  • SMF 2.0.7
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #66 on: December 24, 2011, 02:07:19 AM »
I would like to manually manage the update, as this is just small update when i update 2.0.1 to 2.0.2 i guess? I have planty of mods installed and many code changes so i want to be sure that everything will be okay, and i want to manually install this patch, if it's possible?

for those that want a parse of the 2.0.1 -> 2.0.2 package http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.2.tar.gz;smf_version=2.0.1

Idem on my forum where I installed some mods manual. So thanks for the parse of the 2.0.1 -> 2.0.2
Groetjes, Linda

Offline Antes

  • Evil Black Cat
  • Marketing
  • SMF Hero
  • *
  • Posts: 5,166
  • Gender: Male
  • Black cat rulz!
    • Antes on GitHub
    • merta on LinkedIn
    • @antesistan on Twitter
    • MMOBrowser
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #67 on: December 24, 2011, 03:58:42 AM »
Thanks for the update :)
[ MMOBrowser ] # [ Raptr ] # [ Paid Translation Service ]

Quote from: Arantor
That's because cats are powered by sunlight and warmth

Offline oziboy

  • Jr. Member
  • **
  • Posts: 119
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #68 on: December 24, 2011, 04:08:46 AM »
Yes, thanks to the Team for the update. I installed 2.02 through Package Manager - so smooth and quick.


bojanbgrd

  • Guest
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #69 on: December 24, 2011, 07:43:01 AM »
Thanks for the update :)

Offline Enc0der

  • Jr. Member
  • **
  • Posts: 358
  • Gender: Male
  • I'm a llama!
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #70 on: December 24, 2011, 09:10:25 AM »
Thank you,

Although I'm very disappointed that this update didn't fix the known "attachments bug" with firefox 8 - since I consider it a major bug, end-user wise.
http://dev.simplemachines.org/mantis/view.php?id=4825
There's already a patch for it (but weird, because there is no file named "Attachment.php" in the /Sources directory.. It should be Display.php), so why it is not included in the release?
« Last Edit: December 24, 2011, 09:18:01 AM by Enc0der »

Offline spiros

  • Language Moderator
  • SMF Hero
  • *
  • Posts: 1,453
  • Gender: Male
  • A different point of view
    • spiros.doikas on Facebook
    • doikas on LinkedIn
    • @greektranslator on Twitter
    • Greek Translation
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #71 on: December 24, 2011, 09:11:41 AM »
Strangely enough this forum appears still unpatched:

SMF 2.0.1 | SMF © 2011, Simple Machines

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 35,828
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #72 on: December 24, 2011, 09:12:48 AM »
we have to wait for the site team to have the time to do the upgrade, they do not use the patches like the rest of us do.

Offline gisfreak

  • Jr. Member
  • **
  • Posts: 317
  • Gender: Male
  • NO TRESPASSING
    • GIS Community
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #73 on: December 24, 2011, 10:49:00 AM »
awesome job, thanx
Me fail English? That’s unpossible.

Offline K@

  • Lead Support Specialist
  • SMF Master
  • *
  • Posts: 46,303
  • Gender: Male
  • Yum!
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #74 on: December 24, 2011, 11:45:55 AM »
why it is not included in the release?

Pure guess: The bug is with Firefox, not SMF. So, we're going to have to figure a fix that won't screw everything for users of proper browsers.

Oddly enough, Firefox v9 works as it should. :)

Offline Enc0der

  • Jr. Member
  • **
  • Posts: 358
  • Gender: Male
  • I'm a llama!
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #75 on: December 24, 2011, 12:56:25 PM »
Pure guess: The bug is with Firefox, not SMF.
Not true :)

Anyway, it is indeed "fixed" in Firefox 9.

Offline Shuban

  • SMF Hero
  • ******
  • Posts: 2,322
    • Free Homework Help
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #76 on: December 24, 2011, 12:59:51 PM »
What were some of the changes?

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 35,828
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #77 on: December 24, 2011, 01:12:13 PM »
you can find the changelog on the downloads page and in the archives.

Offline SleePy

  • Site Team
  • SMF Master
  • *
  • Posts: 28,921
  • Gender: Male
  • Thats his happy face.
    • @jdarwood on Twitter
    • SleePy Code - My personal site
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #78 on: December 24, 2011, 01:57:10 PM »
Strangely enough this forum appears still unpatched:

SMF 2.0.1 | SMF © 2011, Simple Machines
I think you misread the numbers ;D


Although I'm very disappointed that this update didn't fix the known "attachments bug" with firefox 8 - since I consider it a major bug, end-user wise.
http://dev.simplemachines.org/mantis/view.php?id=4825
There's already a patch for it (but weird, because there is no file named "Attachment.php" in the /Sources directory.. It should be Display.php), so why it is not included in the release?

The Attachment.php is for SMF 2.1, so that is why it is the wrong file.

Norv said he forgot about including that fix when making the release.  Getting this release was critical and he was short on time.  Because of the Holiday times, there wasn't enough time to add in the changes and test them after we realized that.
I am glad to hear reports that FF 9 fixed it on their end.  I read somewhere in a Mozilla article/posting (i think a bug post) that their data shows most users are either on 3.6 or following the 6 week updates.  There was a small chunk of them still resisting on FF 7 though.  So this is good news at least :)
Jeremy D — Site Team / SMF Developer
Support the SMF Support team!
Profiles:
GitHub
G+

Offline David111567

  • Semi-Newbie
  • *
  • Posts: 88
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #79 on: December 24, 2011, 03:30:19 PM »
Administration Center tells me there's NO update available...so I go download the upgrade to do it manually.  5th time I've downloaded it and I get the message:

"Package upload failed due to the following error:
"Although the package was downloaded to the server it appears to be empty. Please check the Packages directory, and the "temp" sub-directory are both writable. If you continue to experience this problem you should try extracting the package on your PC and uploading the extracted files into a subdirectory in your Packages directory and try again. For example, if the package was called shout.tar.gz you should:
1) Download the package to your local PC and extract it into files.
2) Using an FTP client create a new directory in your "Packages" folder, in this example you may call it "shout".
3) Upload all the files from the extracted package to this directory.
4) Go back to the package manager browse page and the package will be automatically found by SMF.""


When ADMIN doesn't see an update...and when the zip files from your own site are EMPTY...how the heck can I do an upgrade.  Also...this is a heck of a thing to do on Christmas Eve on 6 production sites!

In 5 years I have never had this much problems with an SMF upgrade.  Ever.

Merry Christmas.