• Welcome to Simple Machines Community Forum. Please login or sign up.
September 17, 2021, 08:53:47 PM

News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord


SMF 2.0.2 and 1.1.16 critical security patches released

Started by Norv, December 22, 2011, 11:43:01 PM

Previous topic - Next topic

ApplianceJunk


LiroyvH

The download problems SHOULD be solved now.
My apologies for any inconvenience. Enjoy! :)
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

tragidy

Quote from: CoreISP on December 23, 2011, 10:40:52 AM
The download problems SHOULD be solved now.
My apologies for any inconvenience. Enjoy! :)

On SMF 1.1.15

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Is there a server-side cache that should be flushed on my end now?
Open source Matters, the GNU GPL License is one of the most valuable text ever created by mankind.
Support all open source projects when possible as their concepts are paving the future. ~ tragidy

Argonaut

If there's anybody who still has a problem with upgrading to 1.1.16

QuoteAn Error Has Occurred!
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Please see this thread:

www.simplemachines.org/community/index.php?topic=463108.0 (Error when trying to upgrade 1.1.15 to 1.1.16)

LiroyvH

This is from the package manger, right?
Not from the manual update package that you can find here?

-edit-
Nevermind, reading the thread now.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

omidkosari


nwsw

December 23, 2011, 11:08:19 AM #46 Last Edit: December 23, 2011, 11:52:39 AM by ntworthy
In  reviewing the changes for SMF 1.1.16, and I find myself wondering what this change is supposed to do:


if (isset($GLOBALS[$variable]))
unset($GLOBALS[$variable], $GLOBALS[$variable]);


The changelog for 2.0.2 says this:

Quote
Make sure db_character_set doesn't end up set when it shouldn't be. (index.php)

I do not understand how the double unset will do much of anything. Perhaps this is just a quirk of PHP and unset of $GLOBALS that this code is intended to work around...

Update: Never mind...I found the exploit and the need for this with older PHP installs.

billis_2

Updated to 2.0.2 without out any problems.
Good work,
Thanks.

cebu

updated my 2.0.1 forum to 2.0.2 without any problem.

for my 1.1.15 forum, since its giving error when trying to install through package manager, i did a manual update and everything went through as well.
www.toyotaautoclubcebu.com
www.club4efte.com
www.autopartsph.com


Adrek

December 23, 2011, 02:04:15 PM #50 Last Edit: December 23, 2011, 02:07:29 PM by phantomm
Update for SMF 2.0.1 contains fix for problems with downloading attachments by FF?

and this is fixed in this patch?
Quote from: Tjati on September 19, 2011, 03:37:47 AM
Hi there,

in the Changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt) is written:
Quote! A sensitive token was sent in the URL, allowing CSRF vulnerability (Subs-Menu.php)
But comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

Thanks for information!

Update: Since 2.0 RC4 is no change (except a comment) done in Sources/Subs-Menu.php
Polskie wsparcie SMF na simplemachines.org

the simplest solution is most likely the right one

islam2hamy


Arabic Translator - Web Designer
My Mods / My Themes  //  GfxLand






Nolt

Update went smooth and without any problems, but in Admin section I have:

Installed version: 2.0.2
Newest version: 2.0.1

I've installed via package manager because I didn't had notification link about new version.

GlitchPC

Quote from: Nolt on December 23, 2011, 03:39:58 PM
Update went smooth and without any problems, but in Admin section I have:

Installed version: 2.0.2
Newest version: 2.0.1

I've installed via package manager because I didn't had notification link about new version.

run the fetch simple machine files from scheduled tasks

Adish - (F.L.A.M.E.R)


cerbopoli

I get this error: You cannot download or install new packages because the Packages directory or one of the files in it are not writable! 

Yet all of my appropriate folders are set Writable (777).  Any ideas how I can remedy this?

w0kie

1.1.16 auto update worked perfectly on my board.   8)

LiroyvH

Quote from: cerbopoli on December 23, 2011, 03:55:35 PM
I get this error: You cannot download or install new packages because the Packages directory or one of the files in it are not writable! 

Yet all of my appropriate folders are set Writable (777).  Any ideas how I can remedy this?

Set the chmod on that folder properly to 777 using FTP or your hosting control panel's file manager.

For any further questions, please do !NOT! use this topic. It is !NOT! for support.
Please ask your question in the support boards.

Thanks :)
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Illori

no this patch does not include the fix for downloading attachments in firefox, and PLEASE open separate threads for your issues this thread is not for support.

Advertisement: