Simple Machines Community Forum

Simple Machines => News and Updates => Topic started by: emanuele on December 16, 2012, 05:05:30 PM

Title: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 16, 2012, 05:05:30 PM
Dear users,

Simple Machines Forum has released a security patch with version numbers: SMF 1.0.23, SMF 1.1.17 and SMF 2.0.3.
A security issue has been identified in all versions and is fixed with this patch, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe.
In addition to the security patch, a few bug fixes to SMF 2.0.2 are also included within the patch for 2.0.x.
The most relevant bug fix is an issue that will arise in few months with PayPal: starting on February 1, 2013 (https://www.x.com/content/bulletin-ipn-and-pdt-scripts-and-http-1-1) PayPal will only accept headers which comply with the HTTP 1.1 specification.

If you are running 2.0.2, you can update your forum to 2.0.3 using the package manager. You should see the upgrade notification in the Admin panel and in the package manager, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the patch for 2.0.2 from the customize site: smf_patch_2.0.3.tar.gz patch, and install it using the package manager.

If you are running 1.1.16, you can update to 1.1.17 with the smf_patch_1.0.23_1.1.17.tar.gz patch, also using the package manager.
If you are running SMF 1.0.22, take into consideration that this will most likely be the last patch for this version of SMF, which is reaching its "end of life (http://www.simplemachines.org/community/index.php?topic=472913.0)". You can update to 1.0.23 with the smf_patch_1.0.23_1.1.17.tar.gz patch, also using the package manager.

If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page.
Please find the changelog for the latest release, as usual, on the downloads page as well:
http://download.simplemachines.org/
If you are having problems downloading the patch from the admin panel, you can download the package from the upgrades page here:
http://custom.simplemachines.org/upgrades/
and install it like a mod.
Please refer also to the Online Manual for more details about:
* upgrading http://wiki.simplemachines.org/smf/Upgrading
* updating http://wiki.simplemachines.org/smf/Updating
* patching http://wiki.simplemachines.org/smf/Patching

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!


Regards,
Simple Machines Forum

Update: 17/12/2012: there is still some issues with the upgrades page and the language packs that are not yet updated...sorry for the trouble.

Update: 18/12/2012: now everything should be fixed!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Deaks on December 16, 2012, 05:06:36 PM
Great to see well done guys and gal :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: LiroyvH on December 16, 2012, 05:07:09 PM
Congrats and well done! :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Looking on December 16, 2012, 05:18:20 PM
Thanks for the fixes.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Antes on December 16, 2012, 05:22:30 PM
Awesome :) well done
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: DeVIL-I386 on December 16, 2012, 05:24:15 PM
Quote from: emanuele on December 16, 2012, 05:05:30 PM
If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
Where should this option be hidden? Is it Administration Center » Maintenance » Forum Maintenance » Routine » Check all files against current versions?

This approach does not work. Tested in several forums.

That was at 2.0.1 and 2.0.2 also so that the update is displayed after about a week in the Admin Center.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: LiroyvH on December 16, 2012, 05:26:16 PM
That actually works fine here :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Colin on December 16, 2012, 05:26:53 PM
Nice work!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 16, 2012, 05:27:05 PM
Quote from: DeVIL-I386 on December 16, 2012, 05:24:15 PM
Where should this option be hidden? Is it Administration Center » Maintenance » Forum Maintenance » Routine » Check all files against current versions?
Almost but not exactly: admin > maintenance > scheduled tasks > scheduled tasks
Then under the column "run now" select the box corresponding to "Fetch Simple Machines Files", and click the button "run now".
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: DeVIL-I386 on December 16, 2012, 05:32:50 PM
Quote from: emanuele on December 16, 2012, 05:27:05 PM
admin > maintenance > scheduled tasks > scheduled tasks
Then under the column "run now" select the box corresponding to "Fetch Simple Machines Files", and click the button "run now".
This works for me. Thank you!  :)

This way you should write to each announcement.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Lord991 on December 16, 2012, 07:15:03 PM
I need a step by step manual install because of my mods.

Its not added here 1.1.16 to 1.1.17  :-X

http://custom.simplemachines.org/upgrades/

Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Road Rash Jr. on December 16, 2012, 07:42:19 PM
Great work. Can these older files be deleted?
SMF 2.0.1 Update
SMF 2.0.2 Update
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Deaks on December 16, 2012, 07:54:38 PM
from your package manager ... its your choice ... btw nice to see you again :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Road Rash Jr. on December 16, 2012, 08:00:15 PM
Quote from: Scrooge on December 16, 2012, 07:54:38 PM
from your package manager ... its your choice ... btw nice to see you again :)
Thanks Bryan.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Colin on December 16, 2012, 08:05:34 PM
Quote from: Lord991 on December 16, 2012, 07:15:03 PM
I need a step by step manual install because of my mods.

Its not added here 1.1.16 to 1.1.17  :-X

http://custom.simplemachines.org/upgrades/
No need to download anything. Simply go to your package manager and install the upgrade when prompted.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 16, 2012, 08:18:08 PM
@Lord it should be a caching issue. Sooner the new patches should appear.

ETA: anyway, you can view the manual edits at this address: http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.0.23_1.1.17.tar.gz;smf_version=1.1.16
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Eclipse16V on December 17, 2012, 01:22:05 AM
Thanks
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: 4Kstore on December 17, 2012, 02:15:16 AM
Thanks, I just translate this information to spanish.
http://www.simplemachines.org/community/index.php?topic=492796.0

Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: codebirth on December 17, 2012, 02:16:27 AM
Quote from: emanuele on December 16, 2012, 05:27:05 PM
Quote from: DeVIL-I386 on December 16, 2012, 05:24:15 PM
Where should this option be hidden? Is it Administration Center » Maintenance » Forum Maintenance » Routine » Check all files against current versions?
Almost but not exactly: admin > maintenance > scheduled tasks > scheduled tasks
Then under the column "run now" select the box corresponding to "Fetch Simple Machines Files", and click the button "run now".

Thank you. Smooth upgrade.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Colin on December 17, 2012, 02:46:56 AM
Thanks for the feedback. That is what we like to hear.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: sharks on December 17, 2012, 02:56:33 AM
I never thought we'd seen another update in 2012. Things just became so incredibly quiet around here for so many months... But this is great and i'm glad to be proven wrong! :D I look forward to a more fruitful 2013 for the SMF community.

Words out to the entire world: The software still works! It really does! ;)

Great job, SMF team!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Paracelsus on December 17, 2012, 02:58:01 AM
Flawless and quick update, thank you.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Mstcool on December 17, 2012, 02:58:37 AM
Just curious. Yeah 2.0.3 is released (kinda quick don't you think? :)) but this forum isn't updated to it...why?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Daktyl198 on December 17, 2012, 03:00:14 AM
Thanks for the update.
It was quick and painless too.

@Mstcool I think you're mistaking the security update 2.0.3 with the next full release 2.1 :D
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: sharks on December 17, 2012, 03:06:29 AM
There are still 13 bugs which have never been fixed for SMF 1.1.x since several releases! :( I don't know if it's worth updating my forums at this point. Why not fix that small bunch of remaining bugs and release the ultimate Gold/Platinum version of SMF 1.1.x?

Also, i'm trying to download the changelog:
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-17_changelog.txt
But i get the error: Sorry but you can not directly download an archived file without first going through the Simple Machines website.
I am using the latest Firefox 17.0.1
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Mstcool on December 17, 2012, 03:14:03 AM
Wait I'm confused. Is this a new release or what because I just updated my forum to 2.0.3. Successfully I believe.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: joe90 on December 17, 2012, 04:02:09 AM
1.1.16 to 1.1.17 two clicks done in 40 seconds  can't ask for more than that, excellent
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 17, 2012, 04:03:30 AM
Quote from: sharks on December 17, 2012, 02:56:33 AM
I never thought we'd seen another update in 2012. Things just became so incredibly quiet around here for so many months... But this is great and i'm glad to be proven wrong! :D I look forward to a more fruitful 2013 for the SMF community.
Well, I really liked a years without security issues and I hope I'll never have to make another patch available! O:)

Quote from: sharks on December 17, 2012, 03:06:29 AM
There are still 13 bugs which have never been fixed for SMF 1.1.x since several releases! :(
Is there any security issue within those bugs?
Since historically SMF has always fixed only security issues with patches, is not very likely a patch to fix bugs in 1.1.
Anyway, since a patch is a mod, anyone is free to fix those issues and provide the patch somewhere.

Quote from: sharks on December 17, 2012, 03:06:29 AM
I don't know if it's worth updating my forums at this point. Why not fix that small bunch of remaining bugs and release the ultimate Gold/Platinum version of SMF 1.1.x?
Do you mean you are not sure if it is worth updating to 1.1.17?
I now don't know if all the work involved in doing a release is worth if people think bugs are more important than security fixes...

Quote from: sharks on December 17, 2012, 03:06:29 AM
Also, i'm trying to download the changelog:
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-17_changelog.txt
But i get the error: Sorry but you can not directly download an archived file without first going through the Simple Machines website.
I am using the latest Firefox 17.0.1
Changelog download seems broken...

Quote from: Mstcool on December 17, 2012, 03:14:03 AM
Wait I'm confused. Is this a new release or what because I just updated my forum to 2.0.3. Successfully I believe.
Isn't the subject line explicative enough?
SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Account Abandoned on December 17, 2012, 04:16:41 AM
Nice! updated communities :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Crozz on December 17, 2012, 04:33:58 AM
Thanks for the fix, no problems were noticed.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Roph on December 17, 2012, 04:39:52 AM
Updated, thanks :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Nolt on December 17, 2012, 07:32:46 AM
Great news, thank you SMF for next update!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: a10 on December 17, 2012, 11:49:44 AM
Updated to .17, all done in a few seconds. Thanks.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: FrizzleFried on December 17, 2012, 11:52:52 AM
My forum... WITH JUST ABOUT 100 MODS (no,  I am not kidding)... updated WITHOUT A HITCH!

W00t!

Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: NanoSector on December 17, 2012, 11:54:03 AM
Nice job, just tested my mods and they all work fine.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: TrickyRicky on December 17, 2012, 11:59:58 AM
Fantastic job all

Flawless install
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Robert. on December 17, 2012, 12:07:34 PM
Congratulations!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Diego Andrés on December 17, 2012, 01:51:41 PM
There's a problem with language packs. When you go to downloads and select the one that you want to uso/download, the download says that is damaged.

Regards and thanks for the info.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 17, 2012, 02:33:47 PM
Quote from: emanuele on December 16, 2012, 05:05:30 PM
Update: 17/12/2012: there is still some issues with the upgrades page and the language packs that are not yet updated...sorry for the trouble.
;)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Diego Andrés on December 17, 2012, 02:41:19 PM
Not seen today,

Thank you !
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: ehr_aaron on December 17, 2012, 03:16:46 PM
Ahah.. I have some other custom sites that use PayPal and it would explain why there is a flurry of issues with them. I bet it's that HTTP 1.1 thing with those. Thanks for the security + feature update  :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Mstcool on December 17, 2012, 04:29:42 PM
Quote from: emanuele on December 17, 2012, 04:03:30 AM
Quote from: sharks on December 17, 2012, 02:56:33 AM
I never thought we'd seen another update in 2012. Things just became so incredibly quiet around here for so many months... But this is great and i'm glad to be proven wrong! :D I look forward to a more fruitful 2013 for the SMF community.
Well, I really liked a years without security issues and I hope I'll never have to make another patch available! O:)

Quote from: sharks on December 17, 2012, 03:06:29 AM
There are still 13 bugs which have never been fixed for SMF 1.1.x since several releases! :(
Is there any security issue within those bugs?
Since historically SMF has always fixed only security issues with patches, is not very likely a patch to fix bugs in 1.1.
Anyway, since a patch is a mod, anyone is free to fix those issues and provide the patch somewhere.

Quote from: sharks on December 17, 2012, 03:06:29 AM
I don't know if it's worth updating my forums at this point. Why not fix that small bunch of remaining bugs and release the ultimate Gold/Platinum version of SMF 1.1.x?
Do you mean you are not sure if it is worth updating to 1.1.17?
I now don't know if all the work involved in doing a release is worth if people think bugs are more important than security fixes...

Quote from: sharks on December 17, 2012, 03:06:29 AM
Also, i'm trying to download the changelog:
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-17_changelog.txt
But i get the error: Sorry but you can not directly download an archived file without first going through the Simple Machines website.
I am using the latest Firefox 17.0.1
Changelog download seems broken...

Quote from: Mstcool on December 17, 2012, 03:14:03 AM
Wait I'm confused. Is this a new release or what because I just updated my forum to 2.0.3. Successfully I believe.
Isn't the subject line explicative enough?
SMF 2.0.3, 1.1.17 and 1.0.23 security patches released

Thanks and sorry because i was sleepy at that time so i didn't understand it properly. :p thanks anyways! :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Storman™ on December 17, 2012, 04:44:35 PM
Painless update, all seems good, congrats  :D
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Simple Site Designs on December 17, 2012, 08:21:17 PM
Great work!

Just wanted to say the update applied without any trouble on our crazy custom forum (http://procreate.si/forums/).
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: InfoStrides on December 18, 2012, 03:35:50 AM
Thanks.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 18, 2012, 04:42:47 AM
Quote from: emanuele on December 16, 2012, 05:05:30 PM
Update: 18/12/2012: now everything should be fixed!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Colin on December 18, 2012, 04:45:38 AM
Thanks Emanuele.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: inter on December 18, 2012, 05:32:58 AM
Why would immediately and a new pair of hooks is not to add?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 18, 2012, 05:47:37 AM
Because micro releases (2.0.x etc.) are only for security fixes (and in that case very few required fixes to features that are badly "broken").
Minor and major releases are for features. And "a couple" of hooks are a feature, not a security fix. ;)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: FrizzleFried on December 18, 2012, 10:53:02 AM
Odd that this forum still hasn't upgraded.  :o
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: novill on December 18, 2012, 11:18:36 AM
Thanks emanuele.  :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Road Rash Jr. on December 18, 2012, 12:20:57 PM
Quote from: FrizzleFried on December 18, 2012, 10:53:02 AM
Odd that this forum still hasn't upgraded.  :o
Even odder is that this so called fixed security issue has been around since the release of 2.0.2 and it has taken a year to find and fix. What has been done in the past year to fix the known bugs? I realize security is priority for you people but what good is a secure program that is broken? Seems to me fixing the bugs would be a priority also. :o
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 18, 2012, 01:20:42 PM
nope... that's not how releases work, Road Rash.

Once a gold release is done, anyone can release patches to fix minor things which may or may not be actual bugs.
The only thing that we release, after a final is security updates or fixes for major issues.

And I would hardly say that anything in 2.0 is currently "broken".

What's been done in the last year?   Lots of work on 2.1, which is in Alpha and will be the next release towards which we are working.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: David111567 on December 18, 2012, 02:57:36 PM
I would really like it if, after the security patch is applied.... my forums on all my sites wouldn't read "Copyright 2011".

It makes my sites look like there's been nothing done to the software since then. At least the LAST patch (before this one) said 2012!! 

Just a minor gripe.   Nothing big.  Just sayin.  Perhaps SMF could actually get something... as simple as the copyright year... correct?  Would be nice.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 18, 2012, 03:01:57 PM
ummm.... no it didn't.   2.0.2 (patch) reads (c) 2011.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Road Rash Jr. on December 18, 2012, 03:48:29 PM
Quote from: Kindred on December 18, 2012, 03:01:57 PM
ummm.... no it didn't.   2.0.2 (patch) reads (c) 2011.

My 2.0.2 (patch) reads (c) 2012
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: kat on December 18, 2012, 03:50:57 PM
All mine say 2011, for what it's worth.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 18, 2012, 03:51:08 PM
then you edited it yourself.
See the footer of this site... (at least until we do the upgrade here)

2.0.2 was released in December 2011
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 18, 2012, 05:37:38 PM
Mine reads (c) 2112. ::)

I'm impressed how important this BS (a stupid year declared in the footer of a page) could be to some of you...really.
Next patch will just be to increase the year in the copyright string, so that you will be happy.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: br360 on December 18, 2012, 05:43:40 PM
Uploaded to 2.0.3 with no issues, thanks for the patch. I'm sure it wouldn't be very wise to publicly announce exactly what the security issues were in the earlier versions, but I am curious to know. Can someone possibly pm me with what the security issue was, and what this patch updates? (besides the aforementioned paypal issue)

Thanks.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 18, 2012, 06:01:26 PM
See the changelog on he downloads page
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: br360 on December 18, 2012, 06:09:31 PM
Quote from: Kindred on December 18, 2012, 06:01:26 PM
See the changelog on he downloads page

Ah, of course. Thank you.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 18, 2012, 06:11:03 PM
Yeah...well...the commit message is not *that* explicative. :P

Anyway for more details, I'd say bump the topic in a week just to give people a bit of time to update.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Hj Ahmad Rasyid Hj Ismail on December 18, 2012, 09:42:59 PM
Good jobs and thanks for the patches.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: David111567 on December 18, 2012, 10:38:24 PM
Quote from: emanuele on December 18, 2012, 05:37:38 PM
Mine reads (c) 2112. ::)

I'm impressed how important this BS (a stupid year declared in the footer of a page) could be to some of you...really.
Next patch will just be to increase the year in the copyright string, so that you will be happy.

My point was that it read 2012 and now it reads 2011....and yes, it really DOES matter to me...that it appears to my guests as if my sites haven't been updated since 2011.  The question is...why wouldn't that matter to YOU?  It should.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mashby on December 18, 2012, 11:10:27 PM
Yeah, it should likely read 2012, rather than 2011, but if your members are focusing on that detail, aka BS, they are focusing on the wrong thing. Your boards also show dates and times (down to the second) and I would hope your guests view that rather than the copyright year of the software you are using. :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: br360 on December 19, 2012, 12:50:12 AM
Quote from: David111567 on December 18, 2012, 10:38:24 PM
Quote from: emanuele on December 18, 2012, 05:37:38 PM
Mine reads (c) 2112. ::)

I'm impressed how important this BS (a stupid year declared in the footer of a page) could be to some of you...really.
Next patch will just be to increase the year in the copyright string, so that you will be happy.

My point was that it read 2012 and now it reads 2011....and yes, it really DOES matter to me...that it appears to my guests as if my sites haven't been updated since 2011.  The question is...why wouldn't that matter to YOU?  It should.

It's an easy fix if you want to update it manually. From what I read in previous threads on the subject, as long as you don't change the SMF © , and  Simple Machines part, you can change to 2012 if you want.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 19, 2012, 09:15:39 AM
actually, no... you can't.

remember, the copyright to SMF is held by Simple Machines. Therefore, the (c) 2011 is a legal statement by Simple Machines that has nothing to do with your individual forum and is not yours to change.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: LiroyvH on December 19, 2012, 09:34:06 AM
I guess it's a discussion for somewhere else and if a lot of people feel it's really important that it is changed, a tiny little patch could naturally be released by ourselves if it's an issue. :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: impreza on December 19, 2012, 02:01:54 PM
nice work, thansk
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: David111567 on December 19, 2012, 06:49:09 PM
Quote from: Kindred on December 19, 2012, 09:15:39 AM
actually, no... you can't.

remember, the copyright to SMF is held by Simple Machines. Therefore, the (c) 2011 is a legal statement by Simple Machines that has nothing to do with your individual forum and is not yours to change.

Exactly.  That's what I am trying to say.  I don't want to touch it.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Hj Ahmad Rasyid Hj Ismail on December 19, 2012, 09:51:36 PM
Quote from: Kindred on December 19, 2012, 09:15:39 AM
actually, no... you can't.

remember, the copyright to SMF is held by Simple Machines. Therefore, the (c) 2011 is a legal statement by Simple Machines that has nothing to do with your individual forum and is not yours to change.
Not in 2.0 and above. That in the footer can be changed or even removed as so provided by the license.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: LiroyvH on December 19, 2012, 10:28:23 PM
Quote from: Ahmad Rasyid Ismail on December 19, 2012, 09:51:36 PM
Quote from: Kindred on December 19, 2012, 09:15:39 AM
actually, no... you can't.

remember, the copyright to SMF is held by Simple Machines. Therefore, the (c) 2011 is a legal statement by Simple Machines that has nothing to do with your individual forum and is not yours to change.
Not in 2.0 and above. That in the footer can be changed or even removed as so provided by the license.

The part at the top can not be removed, even the license says against it. (Credits)
And yes, the footer could be removed, but usually support is not given to forums who do remove it.

I really urge this discussion, if it must be held, to be moved elsewhere, please. :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Hj Ahmad Rasyid Hj Ismail on December 19, 2012, 10:41:18 PM
I agree that if the year or the license is to be discussed, it can be discussed elsewhere. I just checking up because the non-updated year (together with the copyright in the footer) and whether that can be changed or not was made an issue while the license say it can be changed. Removal is another issue not raised here but merely to stress the earlier point. ;)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 19, 2012, 11:58:05 PM
Ahmad,

You can totally change or remove the footer... But you can not change the copyright year of the SMF software. As I said, that is a legal statement held by simple machines.
For example, you cold not change it to SMF (c) 1999 nor can you change it to SMF (c) 2013
Those changes are reserved for the individual or compan who holds the copyright.
You could change it to my site (c) 2012 if you like, though...
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Hj Ahmad Rasyid Hj Ismail on December 20, 2012, 12:18:38 AM
Quote from: Kindred on December 19, 2012, 11:58:05 PM
But you can not change the copyright year of the SMF software. As I said, that is a legal statement held by simple machines.
For example, you cold not change it to SMF (c) 1999 nor can you change it to SMF (c) 2013
Those changes are reserved for the individual or compan who holds the copyright.

With no doubt I agree on this. But the main issue that was on my mind is what appear to users i.e. in the footer not in the software. So hopefully it is clear to all now. :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Goodman854 on December 20, 2012, 02:53:11 AM
403 Permission Denied
You do not have permission for this request /forum/index.php?action=admin;area=packages;sa=download;get;package=http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.3.tar.gz;a651b3b=93b9453516a3e07c12eabaa962bfe12a

What?

When I try to download the zip and upload and install it manually I get...

An Error Has Occurred!
Package upload failed due to the following error:
"Although the package was downloaded to the server it appears to be empty. Please check the Packages directory, and the "temp" sub-directory are both writable. If you continue to experience this problem you should try extracting the package on your PC and uploading the extracted files into a subdirectory in your Packages directory and try again. For example, if the package was called shout.tar.gz you should:
1) Download the package to your local PC and extract it into files.
2) Using an FTP client create a new directory in your "Packages" folder, in this example you may call it "shout".
3) Upload all the files from the extracted package to this directory.
4) Go back to the package manager browse page and the package will be automatically found by SMF."
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 20, 2012, 04:41:05 AM
Did you download it from here (http://custom.simplemachines.org/upgrades/)?
As double check, try cleaning your browser cache and downloading the file again.

That' really strange, I tested the patch on two quite picky servers that always give me issues with packages, but that patch installed without a problem... ???
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: CVADM on December 20, 2012, 08:35:33 AM
Well, apart the patches what's new faced to 2.0.2?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 20, 2012, 08:47:17 AM
read the changelog.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: avepeachy on December 20, 2012, 09:18:16 AM
I downloaded the patch and tried to install it through the package manager, but I got an error that the package appeared to be empty?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 20, 2012, 09:22:13 AM
Try to download it from this page (http://custom.simplemachines.org/upgrades/) and decompress it on your computer.
If it works, try uploading it from the admin panel.
If you get the same error try to zip and upload it again.
If none of the above works, unzip the package and upload it from ftp...

...that's a very strange situation... :(
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Road Rash Jr. on December 20, 2012, 11:19:36 AM
Quote from: Kindred on December 19, 2012, 09:15:39 AM
actually, no... you can't.

remember, the copyright to SMF is held by Simple Machines. Therefore, the (c) 2011 is a legal statement by Simple Machines that has nothing to do with your individual forum and is not yours to change.

Unless you change it SMF's copyright is only valid until Dec 31, 2011 as stated in SMF's legal statement as you are not declaring copyright for 2012. This needs to be declared and changed yearly (January 1, (year) or prior to year end, to make it legally valid. Copyright declaration must remain current or it is nul and void.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 20, 2012, 11:29:01 AM
Quote from: Road Rash on December 20, 2012, 11:19:36 AM
Unless you change it SMF's copyright is only valid until Dec 31, 2011 as stated in SMF's legal statement as you are not declaring copyright for 2012. This needs to be declared and changed yearly (January 1, (year) or prior to year end, to make it legally valid. Copyright declaration must remain current or it is nul and void.
http://www.copyright.gov/title17/92chap4.html#401
Quote for easier reference:
Quote(a) General Provisions. — Whenever a work protected under this title is published in the United States or elsewhere by authority of the copyright owner, a notice of copyright as provided by this section may be placed on publicly distributed copies from which the work can be visually perceived, either directly or with the aid of a machine or device.

(b) Form of Notice. — If a notice appears on the copies, it shall consist of the following three elements:

(1) the symbol © (the letter C in a circle), or the word "Copyright", or the abbreviation "Copr."; and

(2) the year of first publication of the work; in the case of compilations or derivative works incorporating previously published material, the year date of first publication of the compilation or derivative work is sufficient. The year date may be omitted where a pictorial, graphic, or sculptural work, with accompanying text matter, if any, is reproduced in or on greeting cards, postcards, stationery, jewelry, dolls, toys, or any useful articles; and

(3) the name of the owner of copyright in the work, or an abbreviation by which the name can be recognized, or a generally known alternative designation of the owner.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: FrizzleFried on December 20, 2012, 11:33:32 AM
Jesus... how hard would it be to simply change it to (c) 2011,2012?   This is some seriously ridiculous crap from BOTH sides.

Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 20, 2012, 12:01:53 PM
Frizzle,   multiple years is stupid...

While we all agree that it probably should be changed, some people are obsessing over it AND spreading incorrect information.

here's the correct summary.
1- Copyright does not EXPIRE in the year stated. Copyright STARTS in that year and is valid for 70 years afterwards (of there abouts)
2- You can change your footer and remove the smf copyright, etc... but you can NOT (legally) change the smf copyright statement.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Road Rash Jr. on December 20, 2012, 12:06:08 PM
Thanks for posting that, section 2 clearly qualifies my point. The original work was copyright 2011, the compilation or derivative work of previously published work requires the year of its release which in this case is 2012. ;)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 20, 2012, 12:11:55 PM
actually, if you are trying to be pedantic, by that logic, since 2.0.2 is just an addition to 2.0, leaving the 2.0 release date is completely appropriate -- it's not a NEW compilation.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Road Rash Jr. on December 20, 2012, 01:25:39 PM
What ever, legally any change to the original work is a NEW compilation of the previosly published work.
But then you know that and just want to pick up your petty arguing with me from years past.  ::) When you learn to interpret law properly, I'll learn to code properly. Just sayin :laugh:
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: NanoSector on December 20, 2012, 01:29:28 PM
Quote from: Road Rash on December 20, 2012, 01:25:39 PM
What ever, legally any change to the original work is a NEW compilation of the previosly published work.
Technically the patch is just something that's placed over the original work, so not an all new compilation.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mashby on December 20, 2012, 01:38:28 PM
Thanks to the team for getting this out there! :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: FrizzleFried on December 20, 2012, 01:50:03 PM
Oh... and for the overly anal amongst us...

Why not simple add: "Updated 2012" or some such thing in the footer in ADDITION to the 2011 copyright if it's that big of a deal?

I added "Content (c) 2012 [form name]" to my footer after all the legal hubub...
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Dave Pitman on December 20, 2012, 03:46:45 PM
Fist, some feedback:
I have a clean install of SMF 2.0.2, no mods. When I went to Admin > Package Manager, the update was listed, but when I clicked on the "install now", I received a 404 error from my domain.

I was able to install the update manually.

Secondly, A Question:
I had modified the nav menu in the file "Sources > Sub.php" This file was overwritten in the update. Can I simply overwrite this file with the previous version (that I had modified) without compromising security? I did try to just edit the new file, but was having difficultly. Dropping in the previous file works fine, just want to make sure this is not leaving some security hole open.

Thank You.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mikejmac on December 20, 2012, 03:47:02 PM
Quote from: emanuele on December 16, 2012, 05:27:05 PM
Quote from: DeVIL-I386 on December 16, 2012, 05:24:15 PM
Where should this option be hidden? Is it Administration Center » Maintenance » Forum Maintenance » Routine » Check all files against current versions?
Almost but not exactly: admin > maintenance > scheduled tasks > scheduled tasks
Then under the column "run now" select the box corresponding to "Fetch Simple Machines Files", and click the button "run now".

Hi emanuele.  I did the above but I still get this Forbidden message below on a white page whether I click "update your forum" from my main Administration Center or when I click "this patch (click here to install)" from the Package Manager.  I'm trying to get 2.0.3 from 2.0.2.

-------------------

Forbidden

You don't have permission to access /forum/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at --mysite-- Port 80

-------------------

PS  It doesn't have [nofollow] on the white page.  That showed up when I copied it here.


mod edit - removed link.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 20, 2012, 04:08:54 PM
Quote from: Dave Pitman on December 20, 2012, 03:46:45 PM
Fist, some feedback:
I have a clean install of SMF 2.0.2, no mods. When I went to Admin > Package Manager, the update was listed, but when I clicked on the "install now", I received a 404 error from my domain.

I was able to install the update manually.

Secondly, A Question:
I had modified the nav menu in the file "Sources > Sub.php" This file was overwritten in the update. Can I simply overwrite this file with the previous version (that I had modified) without compromising security? I did try to just edit the new file, but was having difficultly. Dropping in the previous file works fine, just want to make sure this is not leaving some security hole open.

Thank You.

Dave, I don't know why it would have given you an error message like that...

As for subs.php...   Why would it have overwritten the file? The updates were to individual files, not to replace the whole thing.... unless you downloaded the update and overwrite the file on your own, manually...

However, no... you should not use the old version.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Dave Pitman on December 20, 2012, 04:32:57 PM
Quote from: Kindred on December 20, 2012, 04:08:54 PM


Dave, I don't know why it would have given you an error message like that...

As for subs.php...   Why would it have overwritten the file? The updates were to individual files, not to replace the whole thing.... unless you downloaded the update and overwrite the file on your own, manually...

However, no... you should not use the old version.

Thanks for your reply, Kindred.

First, the folder "Sourses" was part of the update package I downloaded from here: (the small package) http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-3_update.zip

Your answer seems a little contradictory to me.

You're telling me that the file "Sub.php" was not a target of the security update, but that I should not use the version from v. 2.0.2

That is what seems contradictory?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: MRM4 on December 20, 2012, 04:42:11 PM
I have version 1.1.16 and am not able to update through the admin panel. When I try to, I get this error:

The package you tried to upload either is not a valid package or has become corrupted.

Any recommendations? Thanks.
 
An Error Has Occurred!
The package you tried to upload either is not a valid package or has become corrupted. [/t][/c][/t]
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mashby on December 20, 2012, 04:42:29 PM
Subs.php wasn't part of the patch:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.3.tar.gz;smf_version=2.0.2
So, I'm not sure how your update affected that file, but you do mention you did it manually.

However, really, this is an announcement topic not meant for support. Maybe this topic should really be read-only, eh?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Dave Pitman on December 20, 2012, 04:48:55 PM
Quote from: merry mashby on December 20, 2012, 04:42:29 PM
I'm not sure how your update affected that file, but you do mention you did it manually.
Yes, manually updated, as I said above, with the package I linked to above. Which did include the "Sources" folder.

Quote from: merry mashby on December 20, 2012, 04:42:29 PM
However, really, this is an announcement topic not meant for support. Maybe this topic should really be read-only, eh?

Well, I don't really think this is a support question. It is a technical question relating to this update to determine if the file "Subs.php" can be used from v.2.0.2 without compromising the security update.  Looking at the file you linked to, it would appear that is is indeed fine to use the older Subs.php file.

If you are actually involved in the coding of the software, this will be a yes or no answer. If you are not, please, lets just wait for one of them to respond.

Thank You.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mashby on December 20, 2012, 05:21:43 PM
The file you linked to is the whole kit and kaboodle. If you look at the date of Subs.php in the Sources folder, you'll see it's dated 6/6/2011. If you used the file you linked to, you are essentially wiping out any mods/edits you've made since 2.0.2. If you look at the link I provided, you'll see the changes made from 2.0.2 to 2.0.3 of which Sources/Subs.php was not affected.

I don't have to be in the developer group to know this either so I hope you can appreciate what I've written.

Thank you.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 20, 2012, 05:39:06 PM
basically, you updated the wrong way.  There was no need for you to replace all the files with new copies.  That is the entire purpose of the patch package...   to make file edits without requiring an overwrite.

Do note, if you had any mods, they will have been removed when you did the update in the manner that you did.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Dave Pitman on December 20, 2012, 05:44:55 PM
Quote from: merry mashby on December 20, 2012, 05:21:43 PM
The file you linked to is the whole kit and kaboodle. If you look at the date of Subs.php in the Sources folder, you'll see it's dated 6/6/2011. If you used the file you linked to, you are essentially wiping out any mods/edits you've made since 2.0.2. If you look at the link I provided, you'll see the changes made from 2.0.2 to 2.0.3 of which Sources/Subs.php was not affected.

I don't have to be in the developer group to know this either so I hope you can appreciate what I've written.

Thank you.

I meant no offense. As I also stated above, the security update through the software was unsuccessful. The update package I installed was all that I could find.

If Subs.php is not part of the security update, then great, you have answered my question.
Thank You.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Dave Pitman on December 20, 2012, 05:52:05 PM
Quote from: Kindred on December 20, 2012, 05:39:06 PM
basically, you updated the wrong way.  There was no need for you to replace all the files with new copies.  That is the entire purpose of the patch package...   to make file edits without requiring an overwrite.

Do note, if you had any mods, they will have been removed when you did the update in the manner that you did.

I would have been happy if the update worked from within SM via the Package Manager. Unfortunately, in my case, it did not work.

I'm not blaming anyone for anything. I'm just relating my experience with applying this patch. I am new to this software, but not new to web applications.

I used the official manual to find how to update manually, and followed the steps exactly. Perhaps there should be a link to the security update on the download page, so that when someone follows the manual, the file that they should use will be there. The "what to do if the auto update doesn't work" part at the beginning of this thread was vague to me.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Oldiesmann on December 20, 2012, 05:55:44 PM
Quote from: mikejmac on December 20, 2012, 03:47:02 PM
Quote from: emanuele on December 16, 2012, 05:27:05 PM
Quote from: DeVIL-I386 on December 16, 2012, 05:24:15 PM
Where should this option be hidden? Is it Administration Center » Maintenance » Forum Maintenance » Routine » Check all files against current versions?
Almost but not exactly: admin > maintenance > scheduled tasks > scheduled tasks
Then under the column "run now" select the box corresponding to "Fetch Simple Machines Files", and click the button "run now".

Hi emanuele.  I did the above but I still get this Forbidden message below on a white page whether I click "update your forum" from my main Administration Center or when I click "this patch (click here to install)" from the Package Manager.  I'm trying to get 2.0.3 from 2.0.2.

-------------------

Forbidden

You don't have permission to access /forum/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at --mysite-- Port 80

-------------------

PS  It doesn't have [nofollow] on the white page.  That showed up when I copied it here.


mod edit - removed link.

That is likely a problem with Apache's "mod_security" extension, which seems to have problems with ";id=" in URLs. It's actually pretty easy to get around that for now, so you can install the patch. When you get the "403 forbidden" error, look for ";id=" in the URL and change it to "&id=" instead, then hit enter. This should allow you to bypass the rules, and install the package. After you've done that, you can either try disabling mod_security via .htaccess (see the manual (http://wiki.simplemachines.org/smf/Mod_security_-_Having_problems_with_mod_security) for more info), or ask your host to disable it for you.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 20, 2012, 06:09:03 PM
Quote from: Dave Pitman on December 20, 2012, 05:52:05 PM
I used the official manual to find how to update manually, and followed the steps exactly. Perhaps there should be a link to the security update on the download page, so that when someone follows the manual, the file that they should use will be there. The "what to do if the auto update doesn't work" part at the beginning of this thread was vague to me.
Thank you for the feedback, I updated the first post with additional informations about where to find the package and with the relevant links to the online manual.
I hope that it will help others. :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Dave Pitman on December 20, 2012, 06:16:31 PM
Quote from: emanuele on December 20, 2012, 06:09:03 PM
Thank you for the feedback, I updated the first post with additional informations about where to find the package and with the relevant links to the online manual.
I hope that it will help others. :)

You're welcome.

I realize it is sometimes a challenge for experienced users of software to know how an explanation will appear to someone new to the software.

Yes, the update options are more concise now, thank you!

Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: hartiberlin on December 20, 2012, 09:39:38 PM
I am getting the following error:

You cannot download or install new packages because the Packages directory or one of the files in it are not writable!


I looked up the Packages directory,
but all files inclusive the Patch file are set to 0777.

In the Patch file I found just only these 2 files:

List files in package
Files in archive smf_patch_2.0.3.tar.gz:

    package-info.xml (1265 bytes)
    smf_2-0-3_patch.xml (13645 bytes)


Is that correct ?
I already disabled the SEF engine of PortaMX,
but maybe it is a permission thing with the PHP-User or Website owner
for these files.

I recently changed to a new hoster and there I have the possibility to
set files for ownership to PHP-User or web-account owner...

Hmm,
how can I run these 2 XML files if I upload them via FTP ?

Many thanks.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: hartiberlin on December 20, 2012, 10:02:28 PM
Okay,
at my site a
/temp
directory was missing in the
/Packages
folder.

So the update went through now...

but at the bottom of my forum it still says:

SMF 2.0.2 | SMF © 2011, Simple Machines

So why is there no
SMF 2.0.3 ?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Hj Ahmad Rasyid Hj Ismail on December 20, 2012, 10:08:49 PM
It should say 2.0.3. The upgrade might not working right. Try to uninstall and delete the package that you have. Then get a new package and reinstall.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 20, 2012, 10:14:33 PM
This topic is not for support
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: hartiberlin on December 20, 2012, 10:38:31 PM
Please post the link to the support thread.

It seems I don´t get this Patch installed right...

Many thanks.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mikejmac on December 20, 2012, 10:39:20 PM
Quote from: Oldiesmann on December 20, 2012, 05:55:44 PM
Quote from: mikejmac on December 20, 2012, 03:47:02 PM
Quote from: emanuele on December 16, 2012, 05:27:05 PM
Quote from: DeVIL-I386 on December 16, 2012, 05:24:15 PM
Where should this option be hidden? Is it Administration Center » Maintenance » Forum Maintenance » Routine » Check all files against current versions?
Almost but not exactly: admin > maintenance > scheduled tasks > scheduled tasks
Then under the column "run now" select the box corresponding to "Fetch Simple Machines Files", and click the button "run now".

Hi emanuele.  I did the above but I still get this Forbidden message below on a white page whether I click "update your forum" from my main Administration Center or when I click "this patch (click here to install)" from the Package Manager.  I'm trying to get 2.0.3 from 2.0.2.

-------------------

Forbidden

You don't have permission to access /forum/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at --mysite-- Port 80

-------------------

PS  It doesn't have [nofollow] on the white page.  That showed up when I copied it here.


mod edit - removed link.

That is likely a problem with Apache's "mod_security" extension, which seems to have problems with ";id=" in URLs. It's actually pretty easy to get around that for now, so you can install the patch. When you get the "403 forbidden" error, look for ";id=" in the URL and change it to "&id=" instead, then hit enter. This should allow you to bypass the rules, and install the package. After you've done that, you can either try disabling mod_security via .htaccess (see the manual (http://wiki.simplemachines.org/smf/Mod_security_-_Having_problems_with_mod_security) for more info), or ask your host to disable it for you.

Thanks Oldiesmann but there is no ";id=" in the "403 forbidden" URL.

I read the manual that you posted and it looks like it would be easiest to have my host disable mod_security.  Should that be my next step?  Once my host disables mod_security should I be able to get the 2.0.3 package from my Administration Center?     
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: hartiberlin on December 20, 2012, 11:47:50 PM
I got it to work.
Was a file permission error.
It seems on my new hoster I can only set CHMOD settings via FTP but not via
the SMF scripts...

Strange...

Regards, Stefan.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Oldiesmann on December 21, 2012, 12:40:08 AM
Quote from: mikejmac on December 20, 2012, 10:39:20 PM
Quote from: Oldiesmann on December 20, 2012, 05:55:44 PM
Quote from: mikejmac on December 20, 2012, 03:47:02 PM
Quote from: emanuele on December 16, 2012, 05:27:05 PM
Quote from: DeVIL-I386 on December 16, 2012, 05:24:15 PM
Where should this option be hidden? Is it Administration Center » Maintenance » Forum Maintenance » Routine » Check all files against current versions?
Almost but not exactly: admin > maintenance > scheduled tasks > scheduled tasks
Then under the column "run now" select the box corresponding to "Fetch Simple Machines Files", and click the button "run now".

Hi emanuele.  I did the above but I still get this Forbidden message below on a white page whether I click "update your forum" from my main Administration Center or when I click "this patch (click here to install)" from the Package Manager.  I'm trying to get 2.0.3 from 2.0.2.

-------------------

Forbidden

You don't have permission to access /forum/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at --mysite-- Port 80

-------------------

PS  It doesn't have [nofollow] on the white page.  That showed up when I copied it here.


mod edit - removed link.

That is likely a problem with Apache's "mod_security" extension, which seems to have problems with ";id=" in URLs. It's actually pretty easy to get around that for now, so you can install the patch. When you get the "403 forbidden" error, look for ";id=" in the URL and change it to "&id=" instead, then hit enter. This should allow you to bypass the rules, and install the package. After you've done that, you can either try disabling mod_security via .htaccess (see the manual (http://wiki.simplemachines.org/smf/Mod_security_-_Having_problems_with_mod_security) for more info), or ask your host to disable it for you.

Thanks Oldiesmann but there is no ";id=" in the "403 forbidden" URL.

I read the manual that you posted and it looks like it would be easiest to have my host disable mod_security.  Should that be my next step?  Once my host disables mod_security should I be able to get the 2.0.3 package from my Administration Center?     

Yes, if they're willing to disable it for you, then it should go through. mod_security is usually the cause of random "403 Forbidden" errors.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: johnpaul2k2 on December 21, 2012, 12:51:11 AM
where will i click to upgrade??
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: themavesite on December 21, 2012, 02:52:03 AM
Hi. I'm running SMF 2.0.2 with a lot of big modifications (such as eZportal).
I don't want to re-install them all :/
What packages should I use?

The small update / large upgrade ?

Please get back to me.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 21, 2012, 03:14:59 AM
Did you try to use the link in the admin panel that says "click here to install"?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: themavesite on December 21, 2012, 04:26:51 AM
Quote from: emanuele on December 21, 2012, 03:14:59 AM
Did you try to use the link in the admin panel that says "click here to install"?

That link doesn't work, because it requires ftp information and I use SFTP instead of FTP.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 21, 2012, 04:30:51 AM
Did you try that:
Quote from: emanuele on December 16, 2012, 05:05:30 PM
If you are having problems downloading the patch from the admin panel, you can download the package from the upgrades page here:
http://custom.simplemachines.org/upgrades/
and install it like a mod.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Darkness_Black on December 21, 2012, 05:52:40 AM
Thanks for the fixes.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Goodman854 on December 21, 2012, 07:34:52 AM
Quote from: emanuele on December 20, 2012, 04:41:05 AM
Did you download it from here (http://custom.simplemachines.org/upgrades/)?
As double check, try cleaning your browser cache and downloading the file again.

That' really strange, I tested the patch on two quite picky servers that always give me issues with packages, but that patch installed without a problem... ???
Strange. That worked. I used http://download.simplemachines.org/ Small Update before and didn't work.

But the file on the page you gave me worked. So thanks.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 21, 2012, 07:54:20 AM
Oh, no that's not strange.
The small update is not meant to be used with the package manager. ;)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Apllicmz on December 22, 2012, 02:14:49 AM
Thank you all
good work

Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: jaideejung007 on December 22, 2012, 07:13:57 AM
Thai language, updated?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 22, 2012, 08:30:49 AM
The patch didn't change any language file.
The issue with language packs has been solved few days ago.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: dpylant on December 22, 2012, 12:28:50 PM
I have been running 2.03 since it came out.  How do i tell if my version has the patch installed?  Thanks!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mashby on December 22, 2012, 12:53:20 PM
Hiya. Welcome to SMF. :)

If the footer says 2.0.3, as I think you are saying, then you are running the latest.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: vtel57 on December 22, 2012, 01:01:28 PM
Thank you, SMF!

It would have been more difficult to fall off a log than it was to upgrade this software. When I saw the upgrade notice in my email Inbox, I cringed... bad memories of phpBB. ;) This upgrade could not have been simpler!

An outstanding product with fabulous support! Thanks so much SimpleMachines Forums.

Here's wishing the entire SMF staff and community a wonderful, blissful, safe, and warm Holiday Season! :)

~Eric
Tampa, Florida, USA
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Matthew K. on December 22, 2012, 01:21:55 PM
Quote from: vtel57 on December 22, 2012, 01:01:28 PM
Thank you, SMF!

It would have been more difficult to fall off a log than it was to upgrade this software. When I saw the upgrade notice in my email Inbox, I cringed... bad memories of phpBB. ;) This upgrade could not have been simpler!

An outstanding product with fabulous support! Thanks so much SimpleMachines Forums.

Here's wishing the entire SMF staff and community a wonderful, blissful, safe, and warm Holiday Season! :)

~Eric
Tampa, Florida, USA
We're very glad to hear that your upgrade process went smoothly :) Thank you for stopping by and posting your feedback!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: dpylant on December 22, 2012, 03:02:13 PM
Thank you!  Just wanted to make sure 2.03 didnt need the patch.  Happy Holidays.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Aaron10 on December 22, 2012, 10:35:55 PM
I'm getting an error with security.php in 1.1.17 on line 560 (where 'else' is):

// Check the referring site - it should be the same server at least! if (isset($_SESSION['request_referer']))
$referrer = $_SESSION['request_referer'];
else
$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
if (!empty($referrer['host']))
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mashby on December 22, 2012, 10:38:54 PM
Need a line break there on the first line that you quoted:
// Check the referring site - it should be the same server at least!
if (isset($_SESSION['request_referer']))
$referrer = $_SESSION['request_referer'];
else
$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
if (!empty($referrer['host']))
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Aaron10 on December 22, 2012, 11:12:12 PM
Thanks, I shouldve seen that lol

It was a direct copy and paste from here:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.0.23_1.1.17.tar.gz;smf_version=1.1.16
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: JHF on December 23, 2012, 12:01:28 PM
Well, this time you don't provide a zip file with the changed files to upload to the server, then, I have a problem, because I never was able to use the Package manager.
Quote
Install Actions
Installations actions for "SMF 1.0.23 / 1.1.17 Update":
Installing this package will perform the following actions:
   Type    Action    Description
1.    Execute Modification    smf_1-1-16_to_1-1-17_patch.mod    Modification parse error



Then, I would really appreciate any guided help you could provide. I ever preferred the old style updates by this reason. Also, because I have slightly theme changes too, so... provide any help.

Thank you.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: colas on December 23, 2012, 01:30:17 PM
Hi guys, first off i installed 2.02 to 2.03 update in a few seconds from the package manager, seem to work perfect, thanks guys

I read in the changelog there are a fix for "intermittent session verification failures" but there are not more info about

In my case, i was getting random "session expired"  error, i went crazy triying to fix it (and did not get it) randomly my session expired 3 mins next to create it, sometimes 5, sometimes few seconds... and so

So is this 2.03 fix referred to this problem?

Thanks!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 23, 2012, 05:06:37 PM
Quote from: JHF on December 23, 2012, 12:01:28 PM
Then, I would really appreciate any guided help you could provide. I ever preferred the old style updates by this reason. Also, because I have slightly theme changes too, so... provide any help.
mmm...so the package doesn't work for you.
You can chose:
* manual edits ( http://custom.simplemachines.org/upgrades/ )
* small update ( http://download.simplemachines.org/ ) but since you have theme changes you may want to upload only the Sources directory instead of the whole package.

Quote from: colas on December 23, 2012, 01:30:17 PM
I read in the changelog there are a fix for "intermittent session verification failures" but there are not more info about

In my case, i was getting random "session expired"  error, i went crazy triying to fix it (and did not get it) randomly my session expired 3 mins next to create it, sometimes 5, sometimes few seconds... and so
TBH it depends on the issue.
The fix applied will fix some but not all the issues related to the sessions.
The only thing you can do is try and if it doesn't fix yours then ask for support in the appropriate board. ;)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: RR144 on December 23, 2012, 05:34:03 PM
Thanks, it installed just fine!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: JHF on December 23, 2012, 05:55:37 PM
Quote from: emanuele on December 23, 2012, 05:06:37 PM
Quote from: JHF on December 23, 2012, 12:01:28 PM
Then, I would really appreciate any guided help you could provide. I ever preferred the old style updates by this reason. Also, because I have slightly theme changes too, so... provide any help.
mmm...so the package doesn't work for you.
You can chose:
* manual edits ( http://custom.simplemachines.org/upgrades/ )

Oh, yes, I could make the manual editing, why not?, but god, the packages system never worked for me. I had those errors every time I tried any package. So, any fix to the problematic packages system? Because, for whatever reason, it doesn't work with my installations in the past (yes, in plural).

Quote from: emanuele on December 23, 2012, 05:06:37 PM* small update ( http://download.simplemachines.org/ ) but since you have theme changes you may want to upload only the Sources directory instead of the whole package.

As far as that download is for 2.x version and I'm sticky with 1.1.16 (before I choose to do manual edits if there is not fix to packages system) that is not a valid option, I think..., is it?

I don't think is a good idea to mix things and I don't plan to make the swith from 1.1.x to 2.x yet (I know I should, but I'm not).

I'd really would like to fix packages system.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 23, 2012, 06:06:30 PM
Quote from: JHF on December 23, 2012, 05:55:37 PM
Oh, yes, I could make the manual editing, why not?, but god, the packages system never worked for me. I had those errors every time I tried any package. So, any fix to the problematic packages system? Because, for whatever reason, it doesn't work with my installations in the past (yes, in plural).
Well...if the package system doesn't work at all with any mod, please open a topic in the support board so that we can discuss it there.

Quote from: JHF on December 23, 2012, 05:55:37 PM
As far as that download is for 2.x version and I'm sticky with 1.1.16 (before I choose to do manual edits if there is not fix to packages system) that is not a valid option, I think..., is it?

I don't think is a good idea to mix things and I don't plan to make the swith from 1.1.x to 2.x yet (I know I should, but I'm not).
Looking into the "archived releases" section you will find 1.1.17 too.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mack420 on December 24, 2012, 12:38:07 PM
smooth update, thanks for smf
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Colin on December 24, 2012, 09:43:32 PM
Quote from: mack420 on December 24, 2012, 12:38:07 PM
smooth update, thanks for smf
Awesome. Thanks for the feedback.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: prachsportsedge on December 25, 2012, 08:08:49 PM
Ok Im having problems with fake emails, here the 1.1.17 is the patch im currently using ive been having this problem for months, i went to package manager and it says i cant download the latest security patch. What can I do to stop these fake bots emails??
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 25, 2012, 11:20:34 PM
first of all, you can read the original post which says that this thread is not for support.
second you can post in the support area
third you can read several of the many posts that detail how to deal with spammer registrations
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Wood_Jedi on December 26, 2012, 09:50:50 PM
Not sure where to post this... I have backed up my forum, and through the "Package Manager" I updated the patch.. said it was successfully uploaded... when I clicked install this mod... I got this message.

"Error in Package Installation
At least one error was encountered during a test installation of this package. It is strongly recommended that you do not continue with installation unless you know what you are doing, and have made a backup very recently. This error may be caused by a conflict between the package you're trying to install and another package you have already installed, an error in the package, a package which requires another package that you don't have installed yet, or a package designed for another version of SMF." 

I had version 2.02  can you let me know this reason for this error.. ?

during the test run, this was the results..

Execute Modification                    ./index.php                      Test successful
   2.   Execute Modification   ./SSI.php                              Test successful
   3.   Execute Modification   ./Sources/Modlog.php      Test successful
   4.   Execute Modification   ./Sources/Security.php      Test successful
   5.   Execute Modification   ./Sources/Subscriptions-PayPal.php     Test successful
   6.   Execute Modification   ./Sources/ManagePaid.php   Test successful
   7.   Execute Modification   ./Sources/QueryString.php   Test successful
   8.   Execute Modification   ./Sources/Load.php                   Test failed
   1.   Replace                           ./Sources/Load.php                   Test successful
   2.   Replace                           ./Sources/Load.php             Test failed
   3.   Replace                           ./Sources/Load.php                   Test failed
   4.   Replace                           ./Sources/Load.php                   Test failed
   5.   Replace                           ./Sources/Load.php                   Test failed

a quick response would be great, since i now have my forum closed from members until i can update it...

Thank you,
Laney Shaughnessy
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on December 26, 2012, 10:03:56 PM
THis topic is not for support, p,ease open a support topic I'm the 2.0 support or the upgrading support boards. However....
http://wiki.simplemachines.org/smf/Error_in_mod_installation
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 27, 2012, 04:05:36 AM
You already applied the fix for the intermittent session verification errors.
The how to proceed is another thing: you can apply the patch ignoring the errors (and then you can verify the changes are in place accordingly to the patch, or you can revert your changes and apply the patch.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: ksbharath86 on December 30, 2012, 07:41:31 AM
Where can I get the security update for 2.0.3 version. And please are there any links which show the steps on how to update them.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: LiroyvH on December 30, 2012, 09:33:37 AM
Quote from: ksbharath86 on December 30, 2012, 07:41:31 AM
Where can I get the security update for 2.0.3 version. And please are there any links which show the steps on how to update them.

Read this, it's filled with awesome information:
http://www.simplemachines.org/community/index.php?topic=492786.msg3454223#msg3454223

It's also the first post in this topic.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: tacticalguy on December 30, 2012, 09:57:34 PM
Issue. I went ahead and scheduled the update. I was notified by email of it's successful installation. Now, I find that all of the mods that I had downloaded and installed onto my site are no longer installed. When I attempt to re-install them from my package manager, it tells me that the directory isn't writeable. I've had this issue for a while and no one seems to be able to figure it out. GoDaddy says that it's not a hosting issue so, they can't help me. No one on here has been able to help me address it and until recently, I've just been willing to limp along without downloading anything else. Now, I want my mods back. Any thoughts as to why the update might have uninstalled my mods?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mashby on December 30, 2012, 10:09:32 PM
QuotePlease do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 31, 2012, 12:49:01 PM
Quote from: tacticalguy on December 30, 2012, 09:57:34 PM
Any thoughts as to why the update might have uninstalled my mods?
The update is a mod, it doesn't uninstall anything.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Arantor on December 31, 2012, 12:50:31 PM
Unless it was carried out as the small or large update (rather than the package manager version)... in which case it would have removed things.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on December 31, 2012, 12:55:24 PM
But not from the database. (AFAIR not even running upgrade.php, but I may be wrong)

I probably misinterpreted that one. O:)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Bob Perry of Web Presence Consulting on December 31, 2012, 07:21:07 PM
Quote from: Santa Paws on December 22, 2012, 01:21:55 PM
Quote from: vtel57 on December 22, 2012, 01:01:28 PM
Thank you, SMF!

It would have been more difficult to fall off a log than it was to upgrade this software. When I saw the upgrade notice in my email Inbox, I cringed... bad memories of phpBB. ;) This upgrade could not have been simpler!

An outstanding product with fabulous support! Thanks so much SimpleMachines Forums.

Here's wishing the entire SMF staff and community a wonderful, blissful, safe, and warm Holiday Season! :)

~Eric
Tampa, Florida, USA
We're very glad to hear that your upgrade process went smoothly :) Thank you for stopping by and posting your feedback!

Well said, my sentiments exactly... I see some newbies have made sort of a bad move by not examining the instructions in the package manager message more closely. Normally you won't want to actually do a manual download & install unless it becomes absolutely necessary when you have a number of third party mods installed, and even if you do, it's essential to uninstall them all first... I have quite a number of mods and have been running SMF several years now and learned the hard way about updates, it's normally very safe to use the embedded link in the message itself and this time is no exception...
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Matthew K. on December 31, 2012, 07:24:34 PM
One of the few times that you'll need to grab something from the Downloads page would be a major version upgrade (ie. SMF 1.x -> SMF 2.0.x.)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Bob Perry of Web Presence Consulting on December 31, 2012, 07:44:12 PM
Quote from: Santa Paws on December 31, 2012, 07:24:34 PM
One of the few times that you'll need to grab something from the Downloads page would be a major version upgrade (ie. SMF 1.x -> SMF 2.0.x.)

I update the version of the repair_settings.php file that I keep on hand after an update to make sure I can do that with the latest version available if necessary (usually not)...

I'm in the market for some help with a new paying project idea that I have, a new boardgame module involving dice... if you are interested PM me or visit my site...
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: telcy on January 03, 2013, 09:26:23 AM
awesome work guys!!  ;)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: James--- on January 05, 2013, 11:05:45 AM
I use an SEO mod called "SMF Packs". Should I first delete this mod in order to make an update to smf 2.0.3.?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on January 05, 2013, 11:26:50 AM
Did you get the notification in the admin panel?
Did you try to click on the "update your forum" link?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Chalky on January 05, 2013, 11:37:43 AM
I have 62 mods on my forum plus lots of custom edits and template hacks and the 2.0.3 patch worked for me smoothly, perfectly, stress-free and within seconds!  Thanks guys!!!  :D
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Matthew K. on January 05, 2013, 01:42:45 PM
Quote from: James--- on January 05, 2013, 11:05:45 AM
I use an SEO mod called "SMF Packs". Should I first delete this mod in order to make an update to smf 2.0.3.?
If you use the patch through Package Manager, it's just like installing any other modification. You should not need to uninstall any other modifications.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Mstcool on January 06, 2013, 12:51:37 AM
And before you update just make an backup! Just in case. ;) :D :) good luck!
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Nodaz on January 06, 2013, 06:36:14 PM
so if the update doesn't show in package manager, Ive already installed it?
current version says 1.1.7
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Colin on January 06, 2013, 06:48:56 PM
What version is indicated at the footer of your forum?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: rentner on January 07, 2013, 03:16:10 PM
Hello community,

I am a new administrator in the field SMF because our administrator has died tragically.
So it is very helpful that SMF is relatively easy to use and the update was quick and easy.

I hope for the future that further updates are just as easy and I can keep on running our forum.

Thanks for that.

Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Matthew K. on January 07, 2013, 03:24:10 PM
Quote from: rentner on January 07, 2013, 03:16:10 PM
Hello community,

I am a new administrator in the field SMF because our administrator has died tragically.
So it is very helpful that SMF is relatively easy to use and the update was quick and easy.

I hope for the future that further updates are just as easy and I can keep on running our forum.

Thanks for that.


Hello rentner!

Quite sorry to hear about the previous forum administrator. But thank you very much for stopping by and leaving your feedback.

Best Regards,
Labradoodle-360
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: lucas-ruroken on January 12, 2013, 12:24:17 AM
Good news
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Lidia Koifman on January 12, 2013, 01:03:48 PM
 :) :)
Quote from: CoreISP on December 16, 2012, 05:07:09 PM
Congrats and well done! :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Chairem on January 15, 2013, 02:28:49 PM
Quote from: emanuele on December 16, 2012, 05:27:05 PM
Quote from: DeVIL-I386 on December 16, 2012, 05:24:15 PM
Where should this option be hidden? Is it Administration Center » Maintenance » Forum Maintenance » Routine » Check all files against current versions?
Almost but not exactly: admin > maintenance > scheduled tasks > scheduled tasks
Then under the column "run now" select the box corresponding to "Fetch Simple Machines Files", and click the button "run now".

I did this... no change. What did I do wrong? It's still RC2
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Arantor on January 15, 2013, 02:31:17 PM
Um... RC2? That would imply you need to upgrade...
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Kindred on January 15, 2013, 03:29:46 PM
you can not use the patch package to upgrade from any RC version. You will have to use the large upgrade from the downloads section and then reinstall all of your mods (also note, themes for 2.0RC2 will likely have issues if you try to run them on 2.0.x)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Arantor on January 15, 2013, 03:37:57 PM
Quotealso note, themes for 2.0RC2 will likely have issues if you try to run them on 2.0.x

And on top of that, most mods for 2.0 RC4+ won't work on 2.0 RC2 themes either.


The advice to update 'fetch SM files' is nothing to do with actually updating or not, it is simply to update the information inside SMF's admin panel about what is the most recent version of SMF, as in whether to notify you about whether an update is required. It won't *do* the update.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: babeshorty on January 18, 2013, 07:33:14 PM
Is there anyone in Adelaide Australia that i can contact about doing upgrades as i have tried to do the upgrade through the forum and it does not work. Not real computer wise, so if i could have someone show me it would be better for me.  Thanks
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Antes on January 18, 2013, 07:55:05 PM
Quote from: babeshorty on January 18, 2013, 07:33:14 PM
Is there anyone in Adelaide Australia that i can contact about doing upgrades as i have tried to do the upgrade through the forum and it does not work. Not real computer wise, so if i could have someone show me it would be better for me.  Thanks

Please open a support topic in suitable board (But first search for the issue)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Colin on January 20, 2013, 11:32:41 AM
Quote from: babeshorty on January 18, 2013, 07:33:14 PM
Is there anyone in Adelaide Australia that i can contact about doing upgrades as i have tried to do the upgrade through the forum and it does not work. Not real computer wise, so if i could have someone show me it would be better for me.  Thanks
You may also look into a charter membership. http://www.simplemachines.org/charter/
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: simzman on January 20, 2013, 09:51:01 PM
Our forum is currently 2.0.2 and the package manager stopped working in the last upgrade from 1.1.12 to 2.0.2. All our mods have been installed manually. Is the 2.0.3 manual upgrade possible?

Also considering a re-install to 2.0.3 to get package manager working and complete the latest upgrade. Is there a major security issue in using 2.0.2 for the short-term?
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: emanuele on January 21, 2013, 11:43:55 AM
If you search around there are several topics covering issues with the package maanger.
Please feel free to open a topic in the support board and ask for advices on how to solve your specific issue. ;)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: simzman on January 23, 2013, 06:50:14 AM
Thanks Emanuele. I'll have a search :)
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: wyckliffe on January 30, 2013, 11:17:55 AM
Hello,

Could this be responsible for why the message, " Default theme not configured properly" comes out at top of page after logging in as administrator? How do i configure my theme properly please...
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: Deaks on January 30, 2013, 11:20:11 AM
no this patch would not cause that issue, this would be more something else you have done, also I would adviosing posting in the correct support board.
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: wyckliffe on January 30, 2013, 12:08:21 PM
@Runic

where is the correct support board.

Also i just installed from simplescripts. Did nothing really
Title: Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
Post by: mashby on January 30, 2013, 12:25:14 PM
http://www.simplemachines.org/community/index.php?board=147.0