Updating Patch(s)

Started by TMR Guy, December 12, 2017, 10:25:10 PM

Previous topic - Next topic

TMR Guy

When trying to update from 2.0.9 to 2.0.10. I get this error (see the first pic). I installed it anyway (yes I did a backup) and everything seemed fine until I tried to install the 2.0.14 patch, then I got this error (see the second pic). This locked up my site so I had to restore it from the backup. It seems to be working fine now running the 2.0.9 version but I still need to update the patches to 2.0.15.

Is the 2.0.10 patch causing the problem and if so how do I fix it?

Thank you in advance,

TMR Guy

Sir Osis of Liver

Which php version are you running?  2.0.14 requires php 5.4 or higher.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Kindred

he's not getting to 2.0.14, Sir Osis -- he stopped with the error at 2.0.10


TMR --   did you manually make the change that is required in the errored file?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Steve

Is 2.0.9 -> 2.0.10 the update that had the minor version number error on some systems? Can't recall for sure.
DO NOT pm me for support!

Sir Osis of Liver

Quote from: TMR Guy on December 12, 2017, 10:25:10 PM
When trying to update from 2.0.9 to 2.0.10. I get this error (see the first pic). I installed it anyway (yes I did a backup) and everything seemed fine until I tried to install the 2.0.14 patch

A language error in 2.0.10 shouldn't have crashed the .14 patch.

Quote from: Sir Osis of Liver on December 13, 2017, 12:00:04 AM
Which php version are you running?  2.0.14 requires php 5.4 or higher.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

TMR Guy

Quote from: Sir Osis of Liver on December 13, 2017, 12:00:04 AM
Which php version are you running?  2.0.14 requires php 5.4 or higher.
I didn't know that, I'm running php 5.3 What should I change it to, PHP 5.5.38, PHP 5.6.32 - System Default, PHP 7.0.26, PHP 7.1.12, PHP 7.2.0?


Sir Osis of Liver

Php 5.6 is still supported, and works well for all things SMF.  Php 7 may cause problems with some mods and other scripts you may be running on same server.

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

TMR Guy

Quote from: Kindred on December 13, 2017, 12:47:57 PM
he's not getting to 2.0.14, Sir Osis -- he stopped with the error at 2.0.10
I'm running 2.0.9, when I try to install 2.0.10 I get this error message (see the first pic). I ignored the error warning and clicked on "Install Now" and the site seemed to work fine until I tried to install the 2.0.14 patch, that's when I got this error (see the second pic). I installed the patches in order, 2.0.9, 2.0.10 (got error, see first pic), 2.0.11, 2.0.12, 2.0.13, and when I tried to install the 2.0.14 patch I got the error message in the second pic, but I'm running php 5.3


Quote from: Kindred on December 13, 2017, 12:47:57 PMTMR --   did you manually make the change that is required in the errored file?
No, I ignored the error and just went ahead and installed the 2.0.10 patch anyway. I have no idea how to do it manually, my computer skills are very limited. Even after installing the 2.0.10 patch (ignoring the error warning) everything seemed to work fine on the site. Does that mean the 2.0.10 patch would of worked 100% correctly?

TMR Guy

Quote from: Sir Osis of Liver on December 13, 2017, 09:46:53 PM
Php 5.6 is still supported, and works well for all things SMF.  Php 7 may cause problems with some mods and other scripts you may be running on same server.
By 5.6 do you mean PHP 5.6.32 - System Default?

Sir Osis of Liver

All of my forums are running in php 5.6.32.  As per this, all php versions prior to 5.6.x are eol, and should be considered insecure.  Php 7.x are latest/greatest, but some mods and other non-SMF scripts may not support it yet and could give you problems.  Errors in a language file should not prevent upgrade from working.  Package manager skips the error code, but completes all other edits, so upgrade should work.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

tinoest

Quote from: Sir Osis of Liver on December 13, 2017, 10:22:14 PM
All of my forums are running in php 5.6.32.  As per this, all php versions prior to 5.6.x are eol, and should be considered insecure. 

That's incorrect, PHP versions on RedHat or CentOS are patched and secure. For example PHP 5.3.3 is patched and maintained and will be until the EOL of CentOS 6 in 2020.

Sir Osis of Liver

Everything prior to 5.6 is officially eol and unsupported (http://php.net/eol.php).  Security updates made specifically for Redhat or Centos are not be applicable to many SMF installs.  From a support standpoint, all eol php versions should be considered insecure.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Arantor

So it's 5.3.3 but with what bug fixes again? Does it have any of the patches that would make it useful for products that want to do secure passwords (i.e. effectively 5.3.8) or is it 5.3.3 with all the patches for security but still all of the behavioural bugs?

This is why it should be treated as suspicious if not exclusively insecure.

tinoest

It has the bug fixes to the passwords you refer to Arantor, but you already knew that.

RedHat is used by numerous large corporations and there security and stability are what makes them popular. I could get all the CVE patches they have done on PHP 5.3

I'm just saying it's secure and stable and is supported.

Arantor

No, I don't know that. That's the point. If you're telling me it is 5.3.3 with all the patches, why not call it 5.3.29 which is what you're telling me it is.

No way to do bcrypt on 5.3.3 but there is on 5.3.8... would that work on your patched 5.3.3?

tinoest

Quote from: Arantor on December 14, 2017, 06:16:38 PM
No, I don't know that. That's the point. If you're telling me it is 5.3.3 with all the patches, why not call it 5.3.29 which is what you're telling me it is.

No way to do bcrypt on 5.3.3 but there is on 5.3.8... would that work on your patched 5.3.3?

Ask RedHat, it's their standard policy not to update the package number after first release but to issue security patches. One from PHP 5.6 went in recently as they still support and patch the release they have.

It does have the bcrypt fix as the password backport on github states.

Arantor

The problem is, I now have no way to reliably tell whether a given version of PHP on a given server can reliably be used for something. At least, if I have a version that declares itself to be 5.3.8, I can know that bcrypt would be available. I can't know that with 5.3.3 with patches because it could easily have the problem that 5.3.7 had.

Which is why I take the simpler option for the sake of sanity and assume anything that has been EOL'd by PHP itself should be considered EOL for all other purposes, regardless of what RedHat or CentOS think, because I don't have the time to fart-ass around to make these determinations when I could just find a host that has a modern version of PHP with the extra useful features that have come into the language since.

TMR Guy

#17
I updated the PHP to 5.6.32 - System Default and everything seems to be working fine now (running SMF version 2.0.15).

I really want to thank all of you for helping me with this, I would NEVER have figured it out on my own.

Advertisement: