News:

SMF 2.1.2 has been released! Take it for a spin! Read more.

Main Menu

SMF 2.0.3, 1.1.17 and 1.0.23 security patches released

Started by emanuele, December 16, 2012, 05:05:30 PM

Previous topic - Next topic

Goodman854

Quote from: emanuele on December 20, 2012, 04:41:05 AM
Did you download it from here?
As double check, try cleaning your browser cache and downloading the file again.

That' really strange, I tested the patch on two quite picky servers that always give me issues with packages, but that patch installed without a problem... ???
Strange. That worked. I used http://download.simplemachines.org/ Small Update before and didn't work.

But the file on the page you gave me worked. So thanks.

emanuele

Oh, no that's not strange.
The small update is not meant to be used with the package manager. ;)


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Apllicmz





emanuele

The patch didn't change any language file.
The issue with language packs has been solved few days ago.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

dpylant

I have been running 2.03 since it came out.  How do i tell if my version has the patch installed?  Thanks!

mashby

Hiya. Welcome to SMF. :)

If the footer says 2.0.3, as I think you are saying, then you are running the latest.
Always be a little kinder than necessary.
- James M. Barrie

vtel57

Thank you, SMF!

It would have been more difficult to fall off a log than it was to upgrade this software. When I saw the upgrade notice in my email Inbox, I cringed... bad memories of phpBB. ;) This upgrade could not have been simpler!

An outstanding product with fabulous support! Thanks so much SimpleMachines Forums.

Here's wishing the entire SMF staff and community a wonderful, blissful, safe, and warm Holiday Season! :)

~Eric
Tampa, Florida, USA

Matthew K.

Quote from: vtel57 on December 22, 2012, 01:01:28 PM
Thank you, SMF!

It would have been more difficult to fall off a log than it was to upgrade this software. When I saw the upgrade notice in my email Inbox, I cringed... bad memories of phpBB. ;) This upgrade could not have been simpler!

An outstanding product with fabulous support! Thanks so much SimpleMachines Forums.

Here's wishing the entire SMF staff and community a wonderful, blissful, safe, and warm Holiday Season! :)

~Eric
Tampa, Florida, USA
We're very glad to hear that your upgrade process went smoothly :) Thank you for stopping by and posting your feedback!

dpylant

Thank you!  Just wanted to make sure 2.03 didnt need the patch.  Happy Holidays.

Aaron10

I'm getting an error with security.php in 1.1.17 on line 560 (where 'else' is):

// Check the referring site - it should be the same server at least! if (isset($_SESSION['request_referer']))
$referrer = $_SESSION['request_referer'];
else
$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
if (!empty($referrer['host']))

mashby

Need a line break there on the first line that you quoted:
// Check the referring site - it should be the same server at least!
if (isset($_SESSION['request_referer']))
$referrer = $_SESSION['request_referer'];
else
$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
if (!empty($referrer['host']))
Always be a little kinder than necessary.
- James M. Barrie


JHF

Well, this time you don't provide a zip file with the changed files to upload to the server, then, I have a problem, because I never was able to use the Package manager.
Quote
Install Actions
Installations actions for "SMF 1.0.23 / 1.1.17 Update":
Installing this package will perform the following actions:
   Type    Action    Description
1.    Execute Modification    smf_1-1-16_to_1-1-17_patch.mod    Modification parse error



Then, I would really appreciate any guided help you could provide. I ever preferred the old style updates by this reason. Also, because I have slightly theme changes too, so... provide any help.

Thank you.

colas

Hi guys, first off i installed 2.02 to 2.03 update in a few seconds from the package manager, seem to work perfect, thanks guys

I read in the changelog there are a fix for "intermittent session verification failures" but there are not more info about

In my case, i was getting random "session expired"  error, i went crazy triying to fix it (and did not get it) randomly my session expired 3 mins next to create it, sometimes 5, sometimes few seconds... and so

So is this 2.03 fix referred to this problem?

Thanks!

emanuele

Quote from: JHF on December 23, 2012, 12:01:28 PM
Then, I would really appreciate any guided help you could provide. I ever preferred the old style updates by this reason. Also, because I have slightly theme changes too, so... provide any help.
mmm...so the package doesn't work for you.
You can chose:
* manual edits ( http://custom.simplemachines.org/upgrades/ )
* small update ( http://download.simplemachines.org/ ) but since you have theme changes you may want to upload only the Sources directory instead of the whole package.

Quote from: colas on December 23, 2012, 01:30:17 PM
I read in the changelog there are a fix for "intermittent session verification failures" but there are not more info about

In my case, i was getting random "session expired"  error, i went crazy triying to fix it (and did not get it) randomly my session expired 3 mins next to create it, sometimes 5, sometimes few seconds... and so
TBH it depends on the issue.
The fix applied will fix some but not all the issues related to the sessions.
The only thing you can do is try and if it doesn't fix yours then ask for support in the appropriate board. ;)


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

RR144


JHF

Quote from: emanuele on December 23, 2012, 05:06:37 PM
Quote from: JHF on December 23, 2012, 12:01:28 PM
Then, I would really appreciate any guided help you could provide. I ever preferred the old style updates by this reason. Also, because I have slightly theme changes too, so... provide any help.
mmm...so the package doesn't work for you.
You can chose:
* manual edits ( http://custom.simplemachines.org/upgrades/ )

Oh, yes, I could make the manual editing, why not?, but god, the packages system never worked for me. I had those errors every time I tried any package. So, any fix to the problematic packages system? Because, for whatever reason, it doesn't work with my installations in the past (yes, in plural).

Quote from: emanuele on December 23, 2012, 05:06:37 PM* small update ( http://download.simplemachines.org/ ) but since you have theme changes you may want to upload only the Sources directory instead of the whole package.

As far as that download is for 2.x version and I'm sticky with 1.1.16 (before I choose to do manual edits if there is not fix to packages system) that is not a valid option, I think..., is it?

I don't think is a good idea to mix things and I don't plan to make the swith from 1.1.x to 2.x yet (I know I should, but I'm not).

I'd really would like to fix packages system.

emanuele

Quote from: JHF on December 23, 2012, 05:55:37 PM
Oh, yes, I could make the manual editing, why not?, but god, the packages system never worked for me. I had those errors every time I tried any package. So, any fix to the problematic packages system? Because, for whatever reason, it doesn't work with my installations in the past (yes, in plural).
Well...if the package system doesn't work at all with any mod, please open a topic in the support board so that we can discuss it there.

Quote from: JHF on December 23, 2012, 05:55:37 PM
As far as that download is for 2.x version and I'm sticky with 1.1.16 (before I choose to do manual edits if there is not fix to packages system) that is not a valid option, I think..., is it?

I don't think is a good idea to mix things and I don't plan to make the swith from 1.1.x to 2.x yet (I know I should, but I'm not).
Looking into the "archived releases" section you will find 1.1.17 too.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

norm


Advertisement: