Topic: PunBB 1.1.5 - Impressions

I really hadn't planned on releasing any more versions before 1.2, but the two security problems popped up and they couldn't wait.

Thanks to rADo and s0da for reporting the security problems. I haven't been able to reach s0da though. If you read this, thank you :)

"Programming is like sex: one mistake and you have to support it for the rest of your life."

2

Re: PunBB 1.1.5 - Impressions

Rickard,
I'm trying to use the patch file to go from 1.1.2 to 1.1.5.
I've edited a few files but i've kicked it off anyway to see how much it can do. How long should it take to run...it's been going over 5 mins now.

Cheers,
fred

Re: PunBB 1.1.5 - Impressions

It should finish more or less instantly. At least within a few seconds. Are you sure you've placed the patch in the correct directory according to the instructions?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

4

Re: PunBB 1.1.5 - Impressions

Got the update, copied over changed files, ran the update.

All seems fine, fast as ever. Updated the source xref.

5

Re: PunBB 1.1.5 - Impressions

I used the changed files in the end and just copied them over.

As far as I was aware I was running the patch file correctly. Ah well, it's late...maybe I didn't!

Anyway, all working now.

Re: PunBB 1.1.5 - Impressions

fred: It's just that I remember having the same problem once. Not when patching PunBB, but when patching the Linux kernel. It just sits there and doesn't even output anything. What I had done wrong that time was that I was "standing" in the wrong directory.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

7

Re: PunBB 1.1.5 - Impressions

@Rickard: Thanks for your very fast reaction on the security issue.

Re: PunBB 1.1.5 - Impressions

PunBB 1.1.5 is the top story at http://www.foruminsider.com - very nice :-)

9

Re: PunBB 1.1.5 - Impressions

CodeDuck, I like your avatar. :-)

10

Re: PunBB 1.1.5 - Impressions

CodeDuck wrote:

PunBB 1.1.5 is the top story at http://www.foruminsider.com - very nice :-)

I never knew such a site existed, damn I thought I had reached the end of the internet smile

Very nicely done site, clean to the point.

11 (edited by Julius 2004-07-16 19:24)

Re: PunBB 1.1.5 - Impressions

Only thing is that since 1.1.5 my who's online list (online.php) from punbb plus doesn't work anymore. The location of every user is now unknown linked to online.php.... ( http://forum.coloseum.nl/online.php )
IP Adress is blank too.

Re: PunBB 1.1.5 - Impressions

Julius: I don't know why that happens. Perhaps you can fire off an e-mail to the author of the mod?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

13 (edited by Julius 2004-07-16 20:44)

Re: PunBB 1.1.5 - Impressions

You're right, but first this (maybe it has something to do with it):

Oh, if I run the script 11 to 115 (I was forgotten this) I get this error:
--
An error was encountered
File: /home/httpd/vhosts/coloseum.nl/subdomains/forum/httpdocs/11_to_115_update.php
Line: 66
PunBB reported: Version mismatch. This script updates version 1.1 and 1.1.1 and 1.1.2 and 1.1.3 and 1.1.4 to version 1.1.5. The database 'punbb' doesn't seem to be running a supported version
--
This is probely cause I run punbb++, but maybe this is allso the cause of the thing with the online list.

And does this allso means that I haven't completely installed 1.1.5?

Re: PunBB 1.1.5 - Impressions

The only thing the update script from 1.1.* to 1.1.5 does is to change the version number, so it should affect anything. You can change the value manually with the help of a database management tool (such as phpmyadmin).

"Programming is like sex: one mistake and you have to support it for the rest of your life."

15

Re: PunBB 1.1.5 - Impressions

Thanx for your fast reply.
I'll check it out.

Re: PunBB 1.1.5 - Impressions

Nice :)

As soon I'm away for a few days, there's a new release ;P

17

Re: PunBB 1.1.5 - Impressions

Upgraded from 1.0 beta 3 to 1.1.5 (six steps) yesterday and it all went smooth. smile
Thanks for a great forum Rickard!

/IoR_Kongo @swec

18

Re: PunBB 1.1.5 - Impressions

I want 1.2...

Re: PunBB 1.1.5 - Impressions

Henke wrote:

Upgraded from 1.0 beta 3 to 1.1.5 (six steps) yesterday and it all went smooth. :)
Thanks for a great forum Rickard!

That's the biggest PunBB upgrade I've heard of. Nice to hear it worked out :)

"Programming is like sex: one mistake and you have to support it for the rest of your life."

20

Re: PunBB 1.1.5 - Impressions

Hello, I had your forum (1.1.4) installed on my website for a few months.  Recently I see there has been a security patch.  I'm wondering if any files other than the forum files could have been effected by this vulnerability.  This is pretty important as I host multiple websites from the same hosting account.

Thanks

21

Re: PunBB 1.1.5 - Impressions

Thank you Rickard ,do so good forum
could you tell me how make my board show 90%  in center ?

Re: PunBB 1.1.5 - Impressions

yuking: Read this topic.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

23

Re: PunBB 1.1.5 - Impressions

I don't mean to sound whiney, but this is rather important....

Did the security vulnerability allow changes to files or databases other than the forums own database/files.


Thanks

Re: PunBB 1.1.5 - Impressions

If you have register_globals and allow_url_fopen on, then maybe yes. You would have to research it a bit more though.

Re: PunBB 1.1.5 - Impressions

bbqchips wrote:

I don't mean to sound whiney, but this is rather important....

Did the security vulnerability allow changes to files or databases other than the forums own database/files.


Thanks

The vulnerability allowed inclusion of pretty much any code the attacker would want. Deleting files, dropping tables, you name it. Obsiously not good at all.

"Programming is like sex: one mistake and you have to support it for the rest of your life."