CMS Made Simple Forums
https://forum.cmsmadesimple.org/

Announcing CMS Made Simple 1.6.7 – Teremba Bay
https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=41830
Page 2 of 2

Author:  eirik [ Thu Feb 25, 2010 7:54 pm ]
Post subject:  Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

knuta \knuta:
eirik \eirik:
Whatever the cause, reducing the number of changes, tends to help reduce risk.


That's what I said, too. However, I said it in the comments on http://blog.cmsmadesimple.org/2010/02/23/announcing-cms-made-simple-1-6-7-teremba-bay/comment-page-1/#comment-4137. Why there are two separate comment threads in the blog and the forums beats me, but that is another story...


Replied here, as this seemed more active -- and more suitable for discussion. Thought it'd be a good idea to let other's know that we're more people that feel the need for a stable release.

knuta \knuta:
eirik \eirik:
Is there any documentation of the bug anywhere, so that I can evaluate the current risk -- and possibly work out a smaller patch?


The bug is documented at http://0x6a616d6573.blogspot.com/2010/02/cms-made-simple-166-file-inclusion.html. They forgot to link to it from the blog post, but the URL is mentioned in the source code.


Thanks for the link. I was a bit surprised to see the reference to bugtraq -- but I generally read it in bulk, a few times a month, so I hadn't seen the post yet.

knuta \knuta:
I diffed the two releases manually and determined that the security fix seems to be in lib/classes/class.module.inc.php only (and there are no other changes to that file). All the remaining changes seem non-critical, so I simply replaced that file with the new version to be safe before deploying the rest of the new release. It has been running on a relatively busy site for about 34 hours, so at least it didn't break anything.


Thank you for reposting the above information, and details regarding the fix. The original announcement was a bit light on detail.

It appears this is less serious on Linux. Can anyone confirm that ?

Author:  rotezecke [ Sun Feb 28, 2010 5:06 am ]
Post subject:  Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Rolf \Rolf:

Upgrading and skipping the error message you mentioned isn't a problem, everything still works fine afterwards.
It looks like at this point the folder 'safari' must be deleted (overwritten) and it won't for some reason...
This folder isn't there in the 1.6.7 package
I deleted the safari folder in question at my testsite and everything is still working like it should be.  ::)

Regards, Rolf  :)



It appears that the 1.6.6 - 1.6.7 tries to write an empty file named safari into a place where there's a directory named safari.
i moved the directory safari, tar -xzf 'cms...' and realised that the newly written safari is empty. so i deleted the empty file, and moved safari directory back in its place.

i dont know whether the folder safari should be emptied or not.

cheers

Author:  Rolf [ Sun Feb 28, 2010 11:14 am ]
Post subject:  Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Rotezecke,

The folder 'safari' isn't present when installing a brand new base 1.6.7 version...

Grtz. Rolf

Author:  Cherry [ Sun Feb 28, 2010 1:25 pm ]
Post subject:  Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

just a question.....
will there be a corrected version of the base-diff file?

I think it was promised days ago.

Yours
Cherry

Author:  Ted [ Sun Feb 28, 2010 2:04 pm ]
Post subject:  Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

New diff files are uploaded. Sorry for the delay.

Author:  jovo [ Wed Mar 03, 2010 3:04 pm ]
Post subject:  Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Great.

1.6.7 also solved a problem with IE8 and compatibility mode.

I recently created a new website with 1.6.7 based on the standard NCleanBlue-template with some adjustments. Very nice template!
Also the integrated News-module works fine.

Thanks a lot!

Author:  stainless [ Thu Mar 04, 2010 3:31 am ]
Post subject:  Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Ziggywigged \Ziggywigged:
I've upgraded a few sites and noticed that nothing loads under the 'Profiles' tab from TinyMCE.
Has this been intentionally removed?
(I tried a reset all settings)

It's true, no profiles after upgrade. !?

Author:  Cherry [ Thu Mar 04, 2010 7:30 am ]
Post subject:  Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

It seems that these two files are missing in the base-diff file:

\$1:
modules/TinyMCE/function.admin_profiles.php
modules/TinyMCE/templates/profilespanel.tpl


They can be found in the full-diff file.


Yours Cherry

Page 2 of 2 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/