• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 23 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay
PostPosted: Thu Feb 25, 2010 7:54 pm 
Offline
New Member
New Member

Joined: Wed Mar 26, 2008 6:46 am
Posts: 2
knuta \knuta:
eirik \eirik:
Whatever the cause, reducing the number of changes, tends to help reduce risk.


That's what I said, too. However, I said it in the comments on http://blog.cmsmadesimple.org/2010/02/23/announcing-cms-made-simple-1-6-7-teremba-bay/comment-page-1/#comment-4137. Why there are two separate comment threads in the blog and the forums beats me, but that is another story...


Replied here, as this seemed more active -- and more suitable for discussion. Thought it'd be a good idea to let other's know that we're more people that feel the need for a stable release.

knuta \knuta:
eirik \eirik:
Is there any documentation of the bug anywhere, so that I can evaluate the current risk -- and possibly work out a smaller patch?


The bug is documented at http://0x6a616d6573.blogspot.com/2010/02/cms-made-simple-166-file-inclusion.html. They forgot to link to it from the blog post, but the URL is mentioned in the source code.


Thanks for the link. I was a bit surprised to see the reference to bugtraq -- but I generally read it in bulk, a few times a month, so I hadn't seen the post yet.

knuta \knuta:
I diffed the two releases manually and determined that the security fix seems to be in lib/classes/class.module.inc.php only (and there are no other changes to that file). All the remaining changes seem non-critical, so I simply replaced that file with the new version to be safe before deploying the rest of the new release. It has been running on a relatively busy site for about 34 hours, so at least it didn't break anything.


Thank you for reposting the above information, and details regarding the fix. The original announcement was a bit light on detail.

It appears this is less serious on Linux. Can anyone confirm that ?


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay
PostPosted: Sun Feb 28, 2010 5:06 am 
Offline
Power Poster
Power Poster
User avatar

Joined: Fri Apr 18, 2008 9:34 pm
Posts: 355
Location: Nimbin, Australia
Rolf \Rolf:

Upgrading and skipping the error message you mentioned isn't a problem, everything still works fine afterwards.
It looks like at this point the folder 'safari' must be deleted (overwritten) and it won't for some reason...
This folder isn't there in the 1.6.7 package
I deleted the safari folder in question at my testsite and everything is still working like it should be.  ::)

Regards, Rolf  :)



It appears that the 1.6.6 - 1.6.7 tries to write an empty file named safari into a place where there's a directory named safari.
i moved the directory safari, tar -xzf 'cms...' and realised that the newly written safari is empty. so i deleted the empty file, and moved safari directory back in its place.

i dont know whether the folder safari should be emptied or not.

cheers


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay
PostPosted: Sun Feb 28, 2010 11:14 am 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 7707
Location: The Netherlands
Rotezecke,

The folder 'safari' isn't present when installing a brand new base 1.6.7 version...

Grtz. Rolf

_________________
$1

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return!



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay
PostPosted: Sun Feb 28, 2010 1:25 pm 
just a question.....
will there be a corrected version of the base-diff file?

I think it was promised days ago.

Yours
Cherry


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay
PostPosted: Sun Feb 28, 2010 2:04 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jun 11, 2004 6:58 pm
Posts: 3329
Location: Fairless Hills, Pa USA
New diff files are uploaded. Sorry for the delay.

_________________
http://about.me/tedkulp


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay
PostPosted: Wed Mar 03, 2010 3:04 pm 
Offline
Forum Members
Forum Members

Joined: Fri Dec 23, 2005 4:10 pm
Posts: 30
Great.

1.6.7 also solved a problem with IE8 and compatibility mode.

I recently created a new website with 1.6.7 based on the standard NCleanBlue-template with some adjustments. Very nice template!
Also the integrated News-module works fine.

Thanks a lot!


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay
PostPosted: Thu Mar 04, 2010 3:31 am 
Offline
Forum Members
Forum Members

Joined: Wed Apr 16, 2008 9:04 pm
Posts: 27
Ziggywigged \Ziggywigged:
I've upgraded a few sites and noticed that nothing loads under the 'Profiles' tab from TinyMCE.
Has this been intentionally removed?
(I tried a reset all settings)

It's true, no profiles after upgrade. !?


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay
PostPosted: Thu Mar 04, 2010 7:30 am 
It seems that these two files are missing in the base-diff file:

\$1:
modules/TinyMCE/function.admin_profiles.php
modules/TinyMCE/templates/profilespanel.tpl


They can be found in the full-diff file.


Yours Cherry


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 23 posts ]  Go to page Previous  1, 2

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting