Simple Machines Community Forum

Simple Machines => News and Updates => Topic started by: Norv on December 22, 2011, 11:43:01 PM

Title: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Norv on December 22, 2011, 11:43:01 PM
Hello all,

Simple Machines Forum project has released SMF 1.1.16 and SMF 2.0.2 security patches for the SMF community.
Critical security issues have been identified and fixed with this patch, therefore it is highly recommended to make sure you update your forums immediately.
A few bug fixes for SMF 2.0.x are also available with the patch.

If you use 2.0.1, you can update your forum to 2.0.2. using package manager. You should see the notification in Admin panel, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the patch for 2.0.1 from the customize site: smf_2.0.2 patch (http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.2.tar.gz), and install it through package manager.

If you use 1.1.15, you can update to 1.1.16 with the smf_1.0.22_1.1.16 patch (http://custom.simplemachines.org/mods/downloads/smf_patch_1.0.22_1.1.16.tar.gz), also using package manager.

If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page.

Please find the changelog for the latest release as usual, on the downloads page as well:
http://download.simplemachines.org/

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,

Simple Machines Forum project
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: sharks on December 22, 2011, 11:43:59 PM
Thanks!! :D
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: ApplianceJunk on December 22, 2011, 11:48:57 PM
thanks,
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Joomlamz on December 23, 2011, 12:07:48 AM
Yes
good work
thank you

Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: vbgamer45 on December 23, 2011, 12:19:12 AM
Thanks for update.

We need SMF 2.0.2 in the modsite.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GlitchPC on December 23, 2011, 12:26:57 AM
Can this be updated through Package Manager?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Eclipse16V on December 23, 2011, 01:00:24 AM
Thanks
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Robert. on December 23, 2011, 01:46:18 AM
Congrats! :D
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Roph on December 23, 2011, 01:46:53 AM
Thanks for the content-disposition fix for firefox :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: live627 on December 23, 2011, 01:52:52 AM
Could you put 2.0.2 on the mod site?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Ricky. on December 23, 2011, 02:20:24 AM
Could you put 2.0.2 on the mod site?
Yap, its available on download page but not on MOD site so can't update using package manager as of yet !
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Fantasy-Faction on December 23, 2011, 03:49:45 AM
Hey guys!

Trying to update from 1.1.15 and getting the following message:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Any ideas? :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: spiros on December 23, 2011, 04:10:50 AM
I see this on download page

502 Bad Gateway

nginx
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Geek on December 23, 2011, 04:23:14 AM
Tried to update from 1.1.15 from package manager and get this:

Quote
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Y'all might want to fix that ;)

Cheers!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Vincent Volmer on December 23, 2011, 05:09:20 AM
Thanks!

Update went fine!

Cheers..  ;D
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Looking on December 23, 2011, 05:44:14 AM
Took a few tries because the servers here were extremely taxed but all is well now. Thanks.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: AMWebby on December 23, 2011, 05:58:18 AM
Servers must be still taxed. Unable to download or even connect at times.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: MarkoKg on December 23, 2011, 05:59:12 AM
Will we be able to do manual update from 2.0.1 to 2.0.2 versions, as i can't see instructions for it here:
http://custom.simplemachines.org/upgrades/

Servers must be still taxed. Unable to download or even connect at times.
+1, i wrote this reply few times before it's published.  :-X
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Tony Reid on December 23, 2011, 06:01:35 AM
Will we be able to do manual update from 2.0.1 to 2.0.2 versions, as i can't see instructions for it here:
http://custom.simplemachines.org/upgrades/

Servers must be still taxed. Unable to download or even connect at times.
+1, i wrote this reply few times before it's published.  :-X

Use this in package manager...
 http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.2.tar.gz
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: MarkoKg on December 23, 2011, 06:04:50 AM
I would like to manually manage the update, as this is just small update when i update 2.0.1 to 2.0.2 i guess? I have planty of mods installed and many code changes so i want to be sure that everything will be okay, and i want to manually install this patch, if it's possible?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: LG965 on December 23, 2011, 06:08:16 AM
in 1.1.15 I have this one:

An Error Has Occurred!

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

what's the matter?

cheers

Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 23, 2011, 06:13:00 AM
just open the package and read it until it appears on the patch page.

also dont use this thread for support please open a separate thread in the correct support board for support
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Alcor on December 23, 2011, 06:14:10 AM
Thanks, it was very easy to update.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: MarkoKg on December 23, 2011, 06:17:08 AM
Nevermind, i downloaded update file (after 10 minutes of refreshing page), and used external package parser to see changes.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: AMWebby on December 23, 2011, 06:18:31 AM
The file I get, for 1.1.5, is only 2kb in size and package manager refuses to load it as it is corrupt.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: impreza on December 23, 2011, 06:29:23 AM
Thanks as new versions
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 23, 2011, 06:30:02 AM
the file is only 2KB that is correct

for those that want a parse of the 2.0.1 -> 2.0.2 package http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.2.tar.gz;smf_version=2.0.1
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on December 23, 2011, 06:42:34 AM
Any chance that the Package Manager page can put the 1.1.16 download in the right place, as it may confuse some, being where it is...?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 23, 2011, 06:50:39 AM
what "package manager page" ? and where is it putting it that it should not be?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on December 23, 2011, 06:54:43 AM
http://custom.simplemachines.org/upgrades/

It's at the bottom, out of sequence.

The file I get, for 1.1.5, is only 2kb in size and package manager refuses to load it as it is corrupt.

I had the same problem, even uploading the file manually. Try dearchiving it and rearchiving at as a zip.

Worked for me! :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: MrKim on December 23, 2011, 07:08:44 AM
thx but it doesn't work

Pardon me...I got it to work. 

thx
Kim
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 23, 2011, 07:15:22 AM
also dont use this thread for support please open a separate thread in the correct support board for support
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: AMWebby on December 23, 2011, 08:13:00 AM
http://custom.simplemachines.org/upgrades/

It's at the bottom, out of sequence.

The file I get, for 1.1.5, is only 2kb in size and package manager refuses to load it as it is corrupt.

I had the same problem, even uploading the file manually. Try dearchiving it and rearchiving at as a zip.

Worked for me! :)


Just discovered this method myself. Obviously the package manager doesn't like .gz files.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 23, 2011, 08:46:27 AM
no the package manager has no issues with .gz files as not everyone has this issue.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on December 23, 2011, 08:56:26 AM
There sure is something weird, though.

My forum fails on every install with tar/gz.

No idea why.

I've always had to rearchive them.

It's hardly difficult, though. So, I don't worry about it. :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: abhizz on December 23, 2011, 08:59:44 AM
Thank you very much no problem with my updates
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GlitchPC on December 23, 2011, 09:15:16 AM
Thanks...update went without a hitch...except for one issue.  Will post in the appropriate support forum.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 23, 2011, 09:19:42 AM
My forum fails on every install with tar/gz.

sounds like your server does not have the proper packages for tar/gz archives installed
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: spiros on December 23, 2011, 10:06:50 AM
Tried to update from 1.1.15 from package manager and get this:

Quote
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Y'all might want to fix that ;)

Cheers!

Same here
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: omidkosari on December 23, 2011, 10:16:53 AM
Tried to update from 1.1.15 from package manager and get this:

Quote
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Y'all might want to fix that ;)

Cheers!

Same here
Me too
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: ApplianceJunk on December 23, 2011, 10:17:26 AM
Updated to 2.0.2 without out any problems, thanks
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: CoreISP on December 23, 2011, 10:40:52 AM
The download problems SHOULD be solved now.
My apologies for any inconvenience. Enjoy! :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: tragidy on December 23, 2011, 10:41:58 AM
The download problems SHOULD be solved now.
My apologies for any inconvenience. Enjoy! :)

On SMF 1.1.15

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Is there a server-side cache that should be flushed on my end now?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Argonaut on December 23, 2011, 10:42:46 AM
If there's anybody who still has a problem with upgrading to 1.1.16

Quote
An Error Has Occurred!
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Please see this thread:

www.simplemachines.org/community/index.php?topic=463108.0 (Error when trying to upgrade 1.1.15 to 1.1.16)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: CoreISP on December 23, 2011, 10:51:19 AM
This is from the package manger, right?
Not from the manual update package that you can find here?

-edit-
Nevermind, reading the thread now.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: omidkosari on December 23, 2011, 11:00:02 AM
No . i can not install even manually .
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: nwsw on December 23, 2011, 11:08:19 AM
In  reviewing the changes for SMF 1.1.16, and I find myself wondering what this change is supposed to do:

Code: [Select]
if (isset($GLOBALS[$variable]))
unset($GLOBALS[$variable], $GLOBALS[$variable]);

The changelog for 2.0.2 says this:

Quote
Make sure db_character_set doesn't end up set when it shouldn't be. (index.php)

I do not understand how the double unset will do much of anything. Perhaps this is just a quirk of PHP and unset of $GLOBALS that this code is intended to work around...

Update: Never mind...I found the exploit and the need for this with older PHP installs.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: billis_2 on December 23, 2011, 11:32:04 AM
Updated to 2.0.2 without out any problems.
Good work,
Thanks.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: cebu on December 23, 2011, 12:16:09 PM
updated my 2.0.1 forum to 2.0.2 without any problem.

for my 1.1.15 forum, since its giving error when trying to install through package manager, i did a manual update and everything went through as well.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: LAVX6 on December 23, 2011, 01:00:54 PM
great thnx
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: phantomm on December 23, 2011, 02:04:15 PM
Update for SMF 2.0.1 contains fix for problems with downloading attachments by FF?

and this is fixed in this patch?
Hi there,

in the Changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt)) is written:
Quote
! A sensitive token was sent in the URL, allowing CSRF vulnerability (Subs-Menu.php)
But comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

Thanks for information!

Update: Since 2.0 RC4 is no change (except a comment) done in Sources/Subs-Menu.php
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: islam2hamy on December 23, 2011, 02:39:38 PM
Thanks for update.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Mr. Jinx on December 23, 2011, 02:55:33 PM
Thnx. Upgrade went fine!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Nolt on December 23, 2011, 03:39:58 PM
Update went smooth and without any problems, but in Admin section I have:

Installed version: 2.0.2
Newest version: 2.0.1

I've installed via package manager because I didn't had notification link about new version.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GlitchPC on December 23, 2011, 03:45:20 PM
Update went smooth and without any problems, but in Admin section I have:

Installed version: 2.0.2
Newest version: 2.0.1

I've installed via package manager because I didn't had notification link about new version.

run the fetch simple machine files from scheduled tasks
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Adish - (F.L.A.M.E.R) on December 23, 2011, 03:46:32 PM
Good work team!! Well done. :-)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: cerbopoli on December 23, 2011, 03:55:35 PM
I get this error: You cannot download or install new packages because the Packages directory or one of the files in it are not writable! 

Yet all of my appropriate folders are set Writable (777).  Any ideas how I can remedy this?
Title: 1.1.16 auto update worked perfectly on my board.
Post by: w0kie on December 23, 2011, 04:10:06 PM
1.1.16 auto update worked perfectly on my board.   8)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: CoreISP on December 23, 2011, 04:16:15 PM
I get this error: You cannot download or install new packages because the Packages directory or one of the files in it are not writable! 

Yet all of my appropriate folders are set Writable (777).  Any ideas how I can remedy this?

Set the chmod on that folder properly to 777 using FTP or your hosting control panel's file manager.

For any further questions, please do !NOT! use this topic. It is !NOT! for support.
Please ask your question in the support boards.

Thanks :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 23, 2011, 04:22:13 PM
no this patch does not include the fix for downloading attachments in firefox, and PLEASE open separate threads for your issues this thread is not for support.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: cerbopoli on December 23, 2011, 04:29:02 PM
Thanks CoreISP.  I will ask on the support boards as that is exactly what I have done and it is not working. 
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: live627 on December 23, 2011, 06:57:19 PM
Could you put 2.0.2 on the mod site?
bump. Mods need to say they're compatible.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: KVL on December 23, 2011, 07:00:11 PM
Updates is ​​successfully. :) Thank you very much for your work! :) Merry Christmas and Happy New Year! :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: MarkRH on December 23, 2011, 08:24:08 PM
Weird. My locally installed forum on my PC sees that the update is available but on my production one, the Administration center does not say an update is available. It also does not show the latest message in the "Live from Simple Machines forum" section about SMF 2.0.2 being available, just the SMF 2.0.1 and earlier messages.  Hmmm..

Well, I uploaded the 2.0.2 patch file manually and installed it via the Package Manager.  I still wonder why my local installation sees the 2.0.2 message in the Admin area and the installation at my webhost does not.  Bizarre.  It's like my server and SMF's server aren't on speaking terms for some reason.

I figured it out. The Fetch Simple Machines Files task failed this morning. I saw it in my error log. I manually ran the task and now I see the updated postings about 2.0.2.  I may need to adjust the time of day it does these checks as it seems to correspond with a lot of other server maintenance tasks at my host. At least I know what happened now. :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Jntg4 on December 23, 2011, 11:43:46 PM
Thanks for Simply Machines Forum 2.0.2, Simple Machines Forum 1.1.16, and Simple Machines Forum 1.0.22!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Sapozhnik on December 24, 2011, 01:25:25 AM
Update for SMF 2.0.1 contains fix for problems with downloading attachments by FF?

and this is fixed in this patch?

This problem was fix in FF 9.0.1
Update it ;)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Linda.V on December 24, 2011, 02:07:19 AM
I would like to manually manage the update, as this is just small update when i update 2.0.1 to 2.0.2 i guess? I have planty of mods installed and many code changes so i want to be sure that everything will be okay, and i want to manually install this patch, if it's possible?

for those that want a parse of the 2.0.1 -> 2.0.2 package http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.2.tar.gz;smf_version=2.0.1

Idem on my forum where I installed some mods manual. So thanks for the parse of the 2.0.1 -> 2.0.2
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Antes on December 24, 2011, 03:58:42 AM
Thanks for the update :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: oziboy on December 24, 2011, 04:08:46 AM
Yes, thanks to the Team for the update. I installed 2.02 through Package Manager - so smooth and quick.

Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: bojanbgrd on December 24, 2011, 07:43:01 AM
Thanks for the update :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Enc0der on December 24, 2011, 09:10:25 AM
Thank you,

Although I'm very disappointed that this update didn't fix the known "attachments bug" with firefox 8 - since I consider it a major bug, end-user wise.
http://dev.simplemachines.org/mantis/view.php?id=4825 (http://dev.simplemachines.org/mantis/view.php?id=4825)
There's already a patch for it (but weird, because there is no file named "Attachment.php" in the /Sources directory.. It should be Display.php), so why it is not included in the release?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: spiros on December 24, 2011, 09:11:41 AM
Strangely enough this forum appears still unpatched:

SMF 2.0.1 | SMF © 2011, Simple Machines
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 24, 2011, 09:12:48 AM
we have to wait for the site team to have the time to do the upgrade, they do not use the patches like the rest of us do.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: gisfreak on December 24, 2011, 10:49:00 AM
awesome job, thanx
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on December 24, 2011, 11:45:55 AM
why it is not included in the release?

Pure guess: The bug is with Firefox, not SMF. So, we're going to have to figure a fix that won't screw everything for users of proper browsers.

Oddly enough, Firefox v9 works as it should. :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Enc0der on December 24, 2011, 12:56:25 PM
Pure guess: The bug is with Firefox, not SMF.
Not true :)

Anyway, it is indeed "fixed" in Firefox 9.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Study Force on December 24, 2011, 12:59:51 PM
What were some of the changes?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 24, 2011, 01:12:13 PM
you can find the changelog on the downloads page and in the archives.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: SleePy on December 24, 2011, 01:57:10 PM
Strangely enough this forum appears still unpatched:

SMF 2.0.1 | SMF © 2011, Simple Machines
I think you misread the numbers ;D


Although I'm very disappointed that this update didn't fix the known "attachments bug" with firefox 8 - since I consider it a major bug, end-user wise.
http://dev.simplemachines.org/mantis/view.php?id=4825 (http://dev.simplemachines.org/mantis/view.php?id=4825)
There's already a patch for it (but weird, because there is no file named "Attachment.php" in the /Sources directory.. It should be Display.php), so why it is not included in the release?

The Attachment.php is for SMF 2.1, so that is why it is the wrong file.

Norv said he forgot about including that fix when making the release.  Getting this release was critical and he was short on time.  Because of the Holiday times, there wasn't enough time to add in the changes and test them after we realized that.
I am glad to hear reports that FF 9 fixed it on their end.  I read somewhere in a Mozilla article/posting (i think a bug post) that their data shows most users are either on 3.6 or following the 6 week updates.  There was a small chunk of them still resisting on FF 7 though.  So this is good news at least :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: David111567 on December 24, 2011, 03:30:19 PM
Administration Center tells me there's NO update available...so I go download the upgrade to do it manually.  5th time I've downloaded it and I get the message:

"Package upload failed due to the following error:
"Although the package was downloaded to the server it appears to be empty. Please check the Packages directory, and the "temp" sub-directory are both writable. If you continue to experience this problem you should try extracting the package on your PC and uploading the extracted files into a subdirectory in your Packages directory and try again. For example, if the package was called shout.tar.gz you should:
1) Download the package to your local PC and extract it into files.
2) Using an FTP client create a new directory in your "Packages" folder, in this example you may call it "shout".
3) Upload all the files from the extracted package to this directory.
4) Go back to the package manager browse page and the package will be automatically found by SMF.""


When ADMIN doesn't see an update...and when the zip files from your own site are EMPTY...how the heck can I do an upgrade.  Also...this is a heck of a thing to do on Christmas Eve on 6 production sites!

In 5 years I have never had this much problems with an SMF upgrade.  Ever.

Merry Christmas.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: karlbenson on December 24, 2011, 03:48:26 PM
indeed, thx for the update guys.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: sonficyus on December 24, 2011, 06:04:46 PM
Thank you so much...
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Realinfo on December 25, 2011, 08:23:42 AM
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

I have 1.1.15
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 25, 2011, 08:25:50 AM
If there's anybody who still has a problem with upgrading to 1.1.16

Quote
An Error Has Occurred!
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Please see this thread:

www.simplemachines.org/community/index.php?topic=463108.0 (Error when trying to upgrade 1.1.15 to 1.1.16)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: a10 on December 25, 2011, 11:27:25 AM
.15 to .16, a 1\2 minute package manager job, all well. Thanks.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: c23_Mike on December 25, 2011, 11:29:50 AM
Hi there!

Perfect! Tnx for this new update!
How is the road for new features?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Ashley S on December 25, 2011, 03:47:28 PM
Good job guys, another great release!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GravuTrad on December 25, 2011, 04:23:40 PM
Hi Coreisp. Zip corrupted for french packs. Regards.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: 青山 素子 on December 25, 2011, 06:36:39 PM
I can confirm that something's weird with the 1.1.16 patch. Although GNU tar and gzip both extract the package fine, SMF itself does not. If I re-create the archive with "tar czvf ../smf_patch_1.0.22_1.1.16-2.tar.gz *" that file will upload and extract just fine.

The 2.0.2 patch seems to work just fine.

You team guys might want to re-create the package.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: SleePy on December 26, 2011, 12:48:14 AM
Motoko-chan,

Any luck with this one?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GravuTrad on December 26, 2011, 06:21:10 AM
hi sleepy, still corrupted for smf...
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: zhuzhuzhu on December 26, 2011, 10:49:45 AM
thanks good man...
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Argonaut on December 26, 2011, 10:52:27 AM
GravuTrad, do you have 1.1.15 or 2.0.1?
What's your error message?

There's a new language pack available for 2.0.2:
http://download.simplemachines.org/?smflanguages;lang=french

If you are using 1.1.15, try this way:
www.simplemachines.org/community/index.php?topic=463108.msg3234021#msg3234021

or use the small upgrade zip package [SMF 1.1.16 - upgrade]
http://download.simplemachines.org/index.php?archive;version=67
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Elie_X on December 26, 2011, 11:37:51 AM
Hi,Argonaut, the solutions offered didn't work on my forum :'(
Please help me :-X
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 26, 2011, 12:47:05 PM
also dont use this thread for support please open a separate thread in the correct support board for support
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Flavious on December 26, 2011, 03:40:49 PM
What were the security issues on this patch? That would be very helpful to know.

Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 26, 2011, 03:43:12 PM
there is a change log available, but the details of the issues resolved will not be made public.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GravuTrad on December 26, 2011, 04:33:06 PM
The rezip trick has worked well. But tar.gz generation so isn't good for the 1.1.16 actual smf patch.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: mini_one on December 27, 2011, 11:53:00 AM
An Error Has Occurred!
The package you tried to upload either is not a valid package or has become corrupted.

I tried both instal from form link  and also downloaded from here and stil getting same error message.

please help!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on December 27, 2011, 11:53:35 AM
also dont use this thread for support please open a separate thread in the correct support board for support
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GravuTrad on December 27, 2011, 12:00:31 PM
An Error Has Occurred!
The package you tried to upload either is not a valid package or has become corrupted.

I tried both instal from form link  and also downloaded from here and stil getting same error message.

please help!

answer already given above. dezip and rezip it. and retry with the new pack.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: wattachai on December 28, 2011, 12:32:47 AM
Thank you so much...
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.imageporter.com%2F2c3sedcbtc17%2F9400531.png.html&hash=d6974cfcb5eef0e1863987c37055ea47)
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.imageporter.com%2Fpch3u8awzedn%2F9400526.png.html&hash=e337258fb1f8b00e332fb2730ad07459)
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.imageporter.com%2Fhgzbairsgdtl%2F9400570.png.html&hash=cd289e134427ab24cfeb4b7c5dcb3822)
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.imageporter.com%2F14ohbaz3m9yk%2F9409000.png.html&hash=d58eb1c44ecc880e068e1539aa487100)
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.imageporter.com%2F7mce72t2rt1t%2F9400537.png.html&hash=02527bf8cc52ce4571c0e3036f545133)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: boldt on December 28, 2011, 03:13:09 AM
Tried to update using the automatic system under admin - fail with an error message:
"The package you are trying to download or install is either corrupt or not compatible with this version of SMF."

Then tried to update by downloading update package manually and then upload and the error message:
"The package you tried to upload is either not a real package, or is defective."

(maybe the text is not 100% correct because I'm using a translated version)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Argonaut on December 28, 2011, 05:40:45 AM
Boldt, please read this thread:

www.simplemachines.org/community/index.php?topic=463108.0 - [Error when trying to upgrade 1.1.15 to 1.1.16]

www.simplemachines.org/community/index.php?topic=463108.msg3234021#msg3234021
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GravuTrad on December 28, 2011, 12:13:54 PM
I resay the temporary solution until the tar.gz site packing problem is solved, dezip and rezip it.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: karlbenson on December 28, 2011, 05:58:39 PM
Thats probably the best idea in the circs.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: ForoGames.net on December 28, 2011, 08:19:58 PM
El paquete que estás intentando subir no es un paquete válido o bien está estropeado.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Suki on December 28, 2011, 08:22:49 PM
El paquete que estás intentando subir no es un paquete válido o bien está estropeado.

There is already a translated announcement to spanish: SMF 2.0.2 y 1.1.16 parches de seguridad critica lanzados (http://www.simplemachines.org/community/index.php?topic=463138.0)

Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kenvue on December 28, 2011, 11:09:17 PM
I still get an error message when trying to use Package Manager to update to 1.1.16
??
Ken
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: mashby on December 28, 2011, 11:15:34 PM
I still get an error message when trying to use Package Manager to update to 1.1.16
??
Ken
I got many of the same. Have a look here (http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016). :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Aaron10 on December 30, 2011, 06:38:03 AM
Updated. Manual Edits FTW.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: KB on December 30, 2011, 03:30:08 PM
I got a second email announcement today, both it and the first one I recieved just before christmas seem to refer to the same version levels (2.0.2 & 1.1.16)...did I miss something?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: karlbenson on December 30, 2011, 03:31:17 PM
Yeah I seem to have got it twice also.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: GravuTrad on December 30, 2011, 04:24:47 PM
Maybe due to the actual servers upgrade in progress...
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: playful on December 31, 2011, 04:15:54 PM
Fantastic news. Thank you SMF Team for the beautiful work. :)

A quick question:
I am subscribed to this board (Announcements), but I did not receive the 2.0.2 announcement.
The email address is correct, and I cannot find the announcement in my gmail spam folder.
Is anyone having the same problem?
I would love to hear about new releases right away.

Wishing you all a happy new year.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: 青山 素子 on December 31, 2011, 04:19:21 PM
There are a lot of registered users on this site, so the announcement takes several days to send out. Especially as simplemachines.org doesn't mass-send e-mail often, major providers will often rate-limit the mail causing longer delays for users on those providers. I only got the e-mail announcement yesterday, for example.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: playful on December 31, 2011, 04:23:28 PM
Quote
There are a lot of registered users on this site, so the announcement takes several days to send out

Ah, makes sense. Thank you for explaining! :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: K-F on January 01, 2012, 12:34:28 PM
After a lot of tries and effort, I managed to get my patch upgrade installed. At first, I got the message others got about the file being corrupt. I tried several different things as suggested but none worked until ---- I downloaded the file again from a post (http://www.simplemachines.org/community/index.php?topic=463108.msg3234021/) on this forum rather than the file from the upgrade forum. When I unzipped both sets of files and compared them, I noticed there was only one file in the first package whereas the second package I had (that worked at the first attempt) contained three files. I re-zipped the three files, uploaded them and hey presto, they appeared in my admin panel and installed.

Thanks to everyone involved with the patch and thanks to others for trying to solve the issues of installation.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kokoin on January 01, 2012, 03:45:07 PM
update smf 1.1.15 to 1.1.16
error message: Hiçbir kurulum ve kaldırma eylemi tanımlanmadı!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on January 01, 2012, 03:57:38 PM
I'm afraid I don't understand that, Kokoin.

Does this help?

http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Masterd on January 03, 2012, 04:39:45 AM
Congrats on the hard work, team! :D
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: BigJacko on January 03, 2012, 06:27:15 AM
I think I've found a problem with one of the files in the 2.0.2 small-update from the downloads area (alas, I'm using Windows IIS6, and thus package manager is seemingly impossible to get working properly, so I have to do manual updates). This one - http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-2_update.zip

Anyway, the errant file in question is:

Themes/default/PersonalMessage.template.php

and the problem seems to be that it is still reporting as Version 2.0, not version 2.0.2

Is this correct?

I noticed that after I did the manual file-copy followed by running the 'upgrade.php' to sort out my MySQL DB - all of which seemed to work ok - I went back to the Administration Center and confirmed that my board had updated. The Admin Center shows '2.0.2' as the headline version, but when doing the 'more detailed' check, I see Default Templates with a red 2.0 next to it, and when I open that up, I see a red 2.0 next to PersonalMessage.template.php.

I confirmed that I had correctly copied the right files over, so I then looked at the individual files within the 2.0.2 small update distribution file and compared PersonalMessage.template.php from the Core and Default themes in a file-comparison utility. They are vastly different (maybe to be expected? I don't know) - but specifically, the Core instance of the file showed Version 2.0.2 while the Default instance showed 2.0

Is this correct? Did someone forget to include the correct Default Theme file in the small manual upgrade zip?

My forum uses the Default Theme, by default (and I have no idea whether that's a clone of the Core theme, or what) - so will I have a problem at some point when members start using the PM system?

Any help gratefully received - if you need further information or testing please ask away! Thanks.

Neil
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on January 03, 2012, 06:52:46 AM
take a look at http://www.simplemachines.org/community/index.php?topic=463145.0 also this thread is not for support you should open your own thread for issues related to the upgrade.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: BigJacko on January 03, 2012, 11:48:47 AM
Ilori - thanks for the pointer to the other thread. I will continue this discussion there.

However, for the record, I wasn't actually looking for support, and don't consider this a personal support issue. I was merely trying to be helpful, and was reporting an ERROR with the small-update zip's contents (an error which I can see is indeed accepted as such on the other thread).

Thanks anyway.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: OlivierShop on January 04, 2012, 06:26:20 AM
Thanks !

Goog Job  8)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: bassinRN on January 04, 2012, 07:03:17 AM
Hey guys!

Trying to update from 1.1.15 and getting the following message:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Any ideas? :)

Same here...????
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: mashby on January 04, 2012, 07:51:04 AM
Hey guys!

Trying to update from 1.1.15 and getting the following message:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Any ideas? :)

Same here...????
http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: ShastaEXE on January 05, 2012, 01:25:00 AM
Thanks for the updates SMF team, will be sure to update once I have everything else set up but thanks again for all your work

~Shasta
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kokoin on January 06, 2012, 05:16:39 PM
I'm afraid I don't understand that, Kokoin.
Does this help?
http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016


ok K@ , your attached file download. I manuel editing;
index.php
sources/packages.php
sources/messagindex.php

Thank you...
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Lolafish on January 11, 2012, 02:31:23 PM
Do these security updates address DDOS attack vulnerability?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Arantor on January 11, 2012, 02:33:06 PM
Nope. You can't solve a DDOS issue at the application level, if you're being hit by a DDOS, talk to your host.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Lolafish on January 11, 2012, 02:36:27 PM
Nope. You can't solve a DDOS issue at the application level, if you're being hit by a DDOS, talk to your host.

That's what I thought.  Thanks!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kaoss on January 13, 2012, 03:01:11 PM
I've used it before, but can't find it now, the step by step instructions on upgrading from an older version? I'm on SMF 2.0 RC4. Thanks!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kindred on January 13, 2012, 03:15:02 PM
http://wiki.simplemachines.org/smf/Upgrading
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: ForestEB on January 15, 2012, 03:22:57 PM
Hello, I have some problem.
How to fix this?

Not Acceptable

An appropriate representation of the requested resource /forum/index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at mcekvidetibugs.net Port 80
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Arantor on January 15, 2012, 03:23:19 PM
What exactly were you trying to do when you got that message?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Ieazo on January 16, 2012, 03:34:26 PM
Please help our forum has gone down and I am on-line now trying to fix but I must admit to not really having a clue what is going on, any advice greatfully received. It is throwing the following message no matter what I try, won't let me into admin panel or owt???

"Table './planetai_smf924/smf_log_online' is marked as crashed and should be repaired
File: /home/planetai/public_html/Sources/Subs.php
Line: 2608

Note: It appears that your database may require an upgrade. Your forum's files are currently at version SMF 2.0.2, while your database is at version 2.0.1. The above error might possibly go away if you execute the latest version of upgrade.php."

Apologies if I have posted in the wrong section, I'm a bit new to all of this and slightly panicked.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on January 16, 2012, 03:35:58 PM
also dont use this thread for support please open a separate thread in the correct support board for support
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: vbgamer45 on January 16, 2012, 03:36:20 PM
Login to your control panel and phpmyadmin and run this command on your database
Code: [Select]
REPAIR TABLE smf_log_online;
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Ieazo on January 16, 2012, 03:44:32 PM
also dont use this thread for support please open a separate thread in the correct support board for support

My apologies, I panicked.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: flash_os on January 18, 2012, 12:47:35 PM
How to subscribe for SMF critical security patches?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: vbgamer45 on January 18, 2012, 12:48:05 PM
How to subscribe for SMF critical security patches?
We send email announcements or you can do a notify on the annocuments board as well.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kindred on January 18, 2012, 12:51:44 PM
It also gets listed in your SMF admin screen...
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: BlownShovel on January 18, 2012, 07:58:26 PM
I performed the 2.0.1 to 2.0.2 upgrade
Board is working fine
Realized today that the Global Moderators cannot move topics as the move to list does not appear

Scenario:
Click move topic
Move to screen appears
Nothing in the move to box, no down arrow, nothing even if clicking the box

Administrators can move topics as before.

Checked the rights(using default) and all look the same as before.  Since they can get to the move screen I think the rights are OK.  My belief is a template layout design issue?

Anyone else run into this?  Or at least point me in a direction.   

TIA
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on January 18, 2012, 08:22:17 PM
you have a thread already on this, please dont post in multiple places.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: BlownShovel on January 18, 2012, 08:27:29 PM
Sorry about that.  Wasn't sure if support or the original update thread was the correct place for the question
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: clubhammer on January 18, 2012, 09:16:38 PM
Sorry about that.  Wasn't sure if support or the original update thread was the correct place for the question

lets see now, this is a quote from the very first post in this thread:


Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,

Simple Machines Forum project
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: flash_os on January 20, 2012, 05:43:54 PM
How to subscribe for SMF critical security patches?
We send email announcements or you can do a notify on the annocuments board as well.

This time I did not receive announcement about "1.1.16 critical security patches released".
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: ccraciun on January 20, 2012, 06:12:24 PM
Great job SMF!
I just upgraded my 1.1.16 forum to 2.0.2 and everything worked smoothly. Even the integration with Gallery2 went perfect without the need of any modification, at least until this moment. :)
I postponed this upgrade for some months and it took me only a few minutes to perform it!!!
Many thanks for all your work!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: gopher_moi on January 25, 2012, 05:36:18 PM
I'm unable to upgrade from version 1.1.15 to 1.1.16 due to the previously mentioned error message about corrupted files.  I am not a whiz kid when it comes to forum programming, so I do not feel confident messing around with the suggested methods that involve unzipping and re-zipping, and I am sure I am not on my own here.  My own solution, therefore is that as my forum is not "broken" I prefer not to risk trying to fix it and possibly messing it up completely. Instead I will await the release of version 1.1.17 and hope that is released without any problems.

Apologies if this should have been posted elsewhere, but the other thread referred to is locked.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: mashby on January 25, 2012, 05:57:45 PM
I'm unable to upgrade from version 1.1.15 to 1.1.16 due to the previously mentioned error message about corrupted files.  I am not a whiz kid when it comes to forum programming, so I do not feel confident messing around with the suggested methods that involve unzipping and re-zipping, and I am sure I am not on my own here.  My own solution, therefore is that as my forum is not "broken" I prefer not to risk trying to fix it and possibly messing it up completely. Instead I will await the release of version 1.1.17 and hope that is released without any problems.

Apologies if this should have been posted elsewhere, but the other thread referred to is locked.
No worries. How about having a look here (http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016) and download the zip file K@ posted. Upload it via Package Manager. And then apply the mod. That'll get you up to 1.1.16 pretty quickly. :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: gopher_moi on January 26, 2012, 04:50:11 AM
Worked a treat and was uploaded and installed in seconds.  Very many thanks for your help.  :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on January 26, 2012, 06:40:11 AM
Glad it helped, Gopher_You! :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: ColyMar on February 05, 2012, 10:11:24 AM
I am the administrator of the El Portus Forum which is still using SMF 1.1.10 so I need to update it.  Unfortunately the originator of this Forum, Vindinacho, has gone on a worldwide trip and cannot be contacted.  When I click "Update" I am barred from access.  How can I update our Forum, please? We are plagued by spam attacks and need the protection of Verification letters to type into the box and email confirmation.  I assume these are included in the updates we need.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Illori on February 05, 2012, 10:14:20 AM
also dont use this thread for support please open a separate thread in the correct support board for support
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: whelanweb on February 06, 2012, 05:02:28 AM
 :-[ Hi Guys

I'm having a problem with my SMF fourm. I keep getting security errors on IE and when I try install this patch it says its already installed. I'm curently on 1.1.16 and I have tryed to upload this patch but it returns the following message ( You already have this installed. )

The security warning I keep getting on my fourm is ( Virus found JS/Agent ) on IE9

Anybody any thoughts on this.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: ziycon on February 06, 2012, 05:09:47 AM
:-[ Hi Guys

I'm having a problem with my SMF fourm. I keep getting security errors on IE and when I try install this patch it says its already installed. I'm curently on 1.1.16 and I have tryed to upload this patch but it returns the following message ( You already have this installed. )

The security warning I keep getting on my fourm is ( Virus found JS/Agent ) on IE9

Anybody any thoughts on this.

Welcome to the site whelanweb.

This isn't the correct place to post for support, try the support boards (http://www.simplemachines.org/community/index.php#c3) as you'll get a quicker response there.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on February 06, 2012, 08:08:29 AM
I doubt you need support, for the first thing. If you're on v1.1.16, applying a patch to get you to v... er... 1.1.16 ain't gonna achieve much, now is it?

You might with the js thing, though.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: immo_we on February 21, 2012, 10:32:08 AM
HI,

I started the task
>Fetch Simple Machines Files<
but the notification about  the upgrade to 2.0.2 was not shown.

there is still the hint to run 2.0.1 but i did this already...

Hmm
what can I do ?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Oldiesmann on February 22, 2012, 10:35:56 PM
"The hint to run 2.0.1"? If that's showing up, then SMF has detected that you aren't on 2.0.1. Make sure you actually installed the 2.0.1 patch.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: oldfruitanting on February 24, 2012, 08:42:38 AM
Hi,

This seems like a really stupid question but if I am on SMF 2.0.2 does the SMF 2.0.2 Update update my security or does it update my forum version to SMF 2.0.2. Which would obviously not work since I am already using SMF 2.0.2.

Basically, I have, all of a sudden received 130 posts in Polish about Viagra. So I thought I'd check out if there were any security updates available and low and behold there is,........'SMF 2.0.2 and 1.1.16 critical security patches released'. On uploading and installing it I get an error message stating it is not compatible with the forum version I am running, 'SMF 2.0.2'

Am I being stupid, and if so any ideas how to deal with my apparent security breach, can I block an IP address for posting, or are there any other patches I can install.

Any advice would be greatly appreciated.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kindred on February 24, 2012, 11:24:45 AM
the 2.0.2 update is used to update and 2.0.1 forum to 2.0.2. If you are running 2.0.2 then you are at the current security revision.

That ebing said, spam is not usually a security issue, but rather a configuration issue...   you need to configure your registration and/or posting settings to avoid spam. There are dozens of threads discussing what settings and/or mods to add for this.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: headguy on February 25, 2012, 09:16:00 PM
Thanks for the update notification.

My admin section has been rendered useless since you took over my site and any link I click to up date just takes me back to this useless board.

Why do you force us to update and then not have a link to the updated files?

Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kindred on February 25, 2012, 09:49:59 PM
Answered in your other thread.

Please don't double post... Plus, we do not do what you are suggesting
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: fashion99 on February 28, 2012, 11:10:19 PM
Thanks!

Update went fine!

Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: danickent on March 21, 2012, 02:09:17 AM
good work and god bless you all the time   :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: wanchai on April 01, 2012, 12:38:59 AM
Thanks. ;D
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: MLG Tanner on April 02, 2012, 03:29:52 PM
Thanks
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: garry383 on April 22, 2012, 09:18:05 AM
I just started to use SMF.  Thank you for your continued updates.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: searchgr on June 20, 2012, 01:54:30 AM
No updates for the last 6 months. This is very disappointing. What's going on?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: a10 on June 20, 2012, 06:18:15 AM
Quote
No updates for the last 6 months. This is very disappointing. What's going on?
No need for (security) updates for a long time. This is very positive!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Nodaz on June 20, 2012, 02:33:39 PM
I logged into and loder forum i had up and found the upgrade for 1.1.5 to 1.1.16:
SMF File                   Your Version                 Current Version
SMF Package   SMF 1.1.15                           SMF 1.1.16
Sources                  1.1.11                           1.1.16
Default Templates  1.1.12                           1.1.12
Language Files          1.1.9                                   1.1.15

But when i click on : Update your forum, i get :
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.
What do i need to do here.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on June 20, 2012, 03:44:00 PM
Try downloading this:

http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-16_update.zip

Upload it, still archived, into your Packages directory.

Then, go to Package Manager to apply it.

READ MY SIG!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Arantor on June 20, 2012, 03:44:46 PM
Is the 1.1.16 package still broken? I thought it was fixed ages ago >_<
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on June 20, 2012, 03:45:37 PM
It was, supposedly.

Ain't life grand? ;)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: 青山 素子 on June 20, 2012, 05:17:34 PM
The update download is not a modification package. It is designed to be extracted and the contents uploaded over the top of your existing instalation. Updating in this manner will remove any modification changes to the affected files.

Updates which can be applied through the package manager are located at http://custom.simplemachines.org/upgrades/ (http://custom.simplemachines.org/upgrades/).

Note that some hosting configurations have weird issues with compressed files. You can either try re-tarring (I've verified that manually using GNU tar 1.26 and gzip 1.4 will work 98% of the time), or wrapping in a zip if you absolutely must.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Arantor on June 20, 2012, 05:23:10 PM
No, but the 1.1.15 to 1.1.16 patch, the one linked specifically through the admin panel, to be installed like a mod is supposed to be a modification package - except it's been broken since 1.1.16 came out.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: 青山 素子 on June 20, 2012, 05:58:24 PM
No, but the 1.1.15 to 1.1.16 patch, the one linked specifically through the admin panel, to be installed like a mod is supposed to be a modification package - except it's been broken since 1.1.16 came out.

The first part of my response was concerning K@ directing users to use the update archive as a package manager package, which will not work.

As for the actual update patch, the direct-download functionality has always been hit-or-miss. What about the patch at the link I provided?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Nodaz on June 20, 2012, 06:18:34 PM
Try downloading this:

http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-16_update.zip

Upload it, still archived, into your Packages directory.

Then, go to Package Manager to apply it.

READ MY SIG!

When i uploaded it i got the same error:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

BUT then i went to browse packagse, it was there, i clicked on it and it installed fine...
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: sharks on June 21, 2012, 04:35:45 AM
It's been a while since the last SMF updates. I hope 2.1 is coming soon, along with 2.0.3 and 1.1.17? :)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: kat on June 21, 2012, 05:01:22 AM

The first part of my response was concerning K@ directing users to use the update archive as a package manager package, which will not work.

Actually, updates do (At least, they always have, for me). UpGRADES don't.

i went to browse packagse, it was there, i clicked on it and it installed fine...

WoOt!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kindred on June 21, 2012, 08:53:36 AM
why would there be a 2.0.3 or 1.1.17 if there are no security issues to patch?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Antes on June 21, 2012, 06:57:10 PM
why would there be a 2.0.3 or 1.1.17 if there are no security issues to patch?

So you prefer saying we fixed that glitch/bug whatever but included in next big version? If you fixed some bugs in 2.0.x circle you have to make new release. If I'm not wrong there is already 33 bugs (public) resolved/closed. Its enough to release another update.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Arantor on June 21, 2012, 07:05:20 PM
That isn't how it works, that's never been how it works in the 9 year history of SMF.

Once a x.y.0 release is made (like 2.0.0), the ONLY things fixed after are security fixes. There have been no security issues fixed, ergo no new release.

It isn't about whether you'd 'prefer' it or not, it's how SMF development operates - keeping life easier for users and admins to manage upgrades.

You see, by that logic, you could release a new patch every single bug fix, which means we'd be up to 2.0.34 by now - and no-one needs that.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Antes on June 21, 2012, 07:50:03 PM
Things can be changed nothing stands against it.

I didn't say release new update after every single bug/glitch fix. I said X is a good number to release update.

Living with "bugs" never made users life easier.

Beside all I'm completely happy with no-new release (that means there is no security issue in software)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: 青山 素子 on June 22, 2012, 01:41:00 AM
I didn't say release new update after every single bug/glitch fix. I said X is a good number to release update.

Living with "bugs" never made users life easier.

It depends on the bug and how bad it is. Also, if the fixes have been done in a new branch and a lot of code has changed, it may be difficult to backport the fix. Often, in cases like that, it's better to leave the bug in place. Sometimes the actual fix for the bug requires a re-write of code, which may have side-effects in other parts of SMF, especially older code.

Traditionally, updates in a stable release have only been made for security issues or major bugs.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Antes on June 22, 2012, 05:58:37 AM
I didn't say release new update after every single bug/glitch fix. I said X is a good number to release update.

Living with "bugs" never made users life easier.

It depends on the bug and how bad it is. Also, if the fixes have been done in a new branch and a lot of code has changed, it may be difficult to backport the fix. Often, in cases like that, it's better to leave the bug in place. Sometimes the actual fix for the bug requires a re-write of code, which may have side-effects in other parts of SMF, especially older code.

Traditionally, updates in a stable release have only been made for security issues or major bugs.

Oh now i understand thanks for the info.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: searchgr on July 08, 2012, 03:53:07 PM
Quote
No updates for the last 6 months. This is very disappointing. What's going on?
No need for (security) updates for a long time. This is very positive!

Aha! And what about new features?
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Arantor on July 08, 2012, 04:02:37 PM
As has always been the case with SMF, once a stable release (1.0.0, 1.1.0, 2.0.0) is reached, no new features are added until the next one and only security patches get released, which is what 2.0.1 and 2.0.2 were. The next release with new features will be 2.1 and is still under development.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: searchgr on July 08, 2012, 05:03:57 PM
Thank you Arantor.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: NBK*Twitch on July 21, 2012, 09:08:34 PM
As has always been the case with SMF, once a stable release (1.0.0, 1.1.0, 2.0.0) is reached, no new features are added until the next one and only security patches get released, which is what 2.0.1 and 2.0.2 were. The next release with new features will be 2.1 and is still under development.


Bug Fixes are released in small updates like 2.0.2 last time I checked <.< .


I say this because even on the release notes of 2.0.2 it clearly states the version includes bug fixes.


Not trying to start anything just trying to clear things up for myself.


http://www.simplemachines.org/community/index.php?topic=463103.0 (http://www.simplemachines.org/community/index.php?topic=463103.0)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Arantor on July 21, 2012, 09:12:24 PM
The bulk of the 2.0.2 patch is security. There are non-security bug fixes, but nothing that is more than one-line changes, and in low single digits.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: NBK*Twitch on July 21, 2012, 09:14:56 PM
The bulk of the 2.0.2 patch is security. There are non-security bug fixes, but nothing that is more than one-line changes, and in low single digits.


Okay thanks for clearing that up :).
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: gerzok on July 27, 2012, 04:04:49 PM
Thanks a lot man :D
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: HBM on August 03, 2012, 11:46:06 PM
I'm new and taking a spin around. Great software....might replace my bulletin with this,,,
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: trcx on August 26, 2012, 11:27:42 PM
Apologies if some one has already asked this, but is there some kind of mailing list I can subscribe too for alerts of when smf publishes a new release? 
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kindred on August 27, 2012, 12:51:24 AM
no....   if there is a critical security release or a major release, the team usually sends an announcement to all accounts on this system.
The SMF admin on your own forum also will announce when there is an update.

or, you can just keep an eye on this board....
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: sharks on August 28, 2012, 01:23:34 AM
It's been a while since the last update... Only a couple of bugs have been fixed in the past months. :(
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Suki on August 28, 2012, 07:59:12 AM
It's been a while since the last update... Only a couple of bugs have been fixed in the past months. :(

https://github.com/SimpleMachines/SMF2.1
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kindred on August 28, 2012, 09:10:20 AM
Sharks,

Once a release goes to final, only critical/major bugs or security issues get addressed with point releases.
The effort gets put into the next MAJOR release (in this case 2.1) rather than non critical patches to the previous release (2.0.x.)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: inter on August 31, 2012, 11:22:28 AM
The request not to be angry with this question:
already passed 8 months, this year there is a new release?
It would be desirable to hear approximate date.
I don't hurry, simply it is interesting to me.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Suki on August 31, 2012, 11:24:55 AM
The request not to be angry with this question:
already passed 8 months, this year there is a new release?
It would be desirable to hear approximate date.
I don't hurry, simply it is interesting to me.

Again,  https://github.com/SimpleMachines/SMF2.1

Check that page, if you are interested, you can see the progress right there, is open for everyone to see and to participate.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: emanuele on August 31, 2012, 12:02:54 PM
The answer to the question "when there will be a new release" is *always* the same: when it will be (in our opinion) ready. ;)
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: inter on September 01, 2012, 04:54:47 AM
maybe it's good - not in a hurry, and a lot of people do not like to update their sites frequently

The request not to be angry with this question:
already passed 8 months, this year there is a new release?
It would be desirable to hear approximate date.
I don't hurry, simply it is interesting to me.

Again,  https://github.com/SimpleMachines/SMF2.1

Check that page, if you are interested, you can see the progress right there, is open for everyone to see and to participate.

COOL!!!
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: miloacademy on September 03, 2012, 02:59:49 AM
Hi every frd..

Thanks 4 every one sharing information...
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: economia on September 11, 2012, 02:51:25 AM
Hello all,

Simple Machines Forum project has released SMF 1.1.16 and SMF 2.0.2 security patches for the SMF community.
Critical security issues have been identified and fixed with this patch, therefore it is highly recommended to make sure you update your forums immediately.
A few bug fixes for SMF 2.0.x are also available with the patch.

If you use 2.0.1, you can update your forum to 2.0.2. using package manager. You should see the notification in Admin panel, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the patch for 2.0.1 from the customize site: smf_2.0.2 patch (http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.2.tar.gz), and install it through package manager.

If you use 1.1.15, you can update to 1.1.16 with the smf_1.0.22_1.1.16 patch (http://custom.simplemachines.org/mods/downloads/smf_patch_1.0.22_1.1.16.tar.gz), also using package manager.

If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page.

Please find the changelog for the latest release as usual, on the downloads page as well:
http://download.simplemachines.org/

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,

Simple Machines Forum project
I AM A NEW MEMBER HERE, I USE SMF 1.1.16 MY SITE HAS BEEN MARRED BY SPAM. I SAW YOUR POST AND THINK I CAN BE HELPFUL TO ME BUT I DON'T KNOW HOW. CAN YOU PLEASE DIRECT ME ON WHAT TO DO.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: Kindred on September 11, 2012, 07:49:37 AM
1- do not post in all caps.
2- read the bloody message which you quoted: Please do not use this topic for support requests.
3- post in support
4- use search and/or read other messages, since this question has been answered, literally hundreds of times.

and the most important number 5 - do not spam.
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: jasogbe on October 05, 2012, 10:54:56 AM
please my forum is showing:
Sorry, SMF was unable to connect to the database. This may be caused by the server being busy. Please try again later.

after trying to update.

www.NEWinfoCity.com
Title: Re: SMF 2.0.2 and 1.1.16 critical security patches released
Post by: TheListener on October 05, 2012, 11:01:22 AM
@ Jasogbe

Welcome to smf however please consider the following

Post in support
Use search and/or read other messages, since this question has been answered, literally hundreds of times.