2.0.7a, small concern with downloading

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
GReaper
Registered User
Posts: 3
Joined: Sun Oct 14, 2001 12:33 am

2.0.7a, small concern with downloading

Post by GReaper » Sat Mar 20, 2004 2:24 pm

Looking at this announcement post:
Acyd Burn wrote: We have now updated all archives (for 2.0.7) as made available on the download page here. Therefore all new installations and upgrades will be immune.


The current system appears to be that whenever theres a slight security patch, you name the file as 2.0.7a or whichever patch it is, then modify the existing phpBB-2.0.7.tar.gz archive. However after downloading what I thought was 2.0.7a today, I checked the files to ensure they were patched. I had downloaded the original 2.0.7 and not 2.0.7a.

After checking some of the Sourceforge mirrors, Aleron gave me 2.0.7a, while others like easynews gave me the original 2.0.7. The downloads page says about downloading 2.0.7a, however I got the unpatched 2.0.7. If I didn't check the source code after downloading, I'd still be running the unpatched version which has a possible SQL injection problem.

How many other people have downloaded what they thought was 2.0.7a but got the original 2.0.7 due to Sourceforge mirrors not all being updated? There could be quite a few forum admins out there who believe they're running 2.0.7a but they're not.

Wouldn't it be a better idea to actually name the patched tarballs after their new name? Call the new file phpBB-2.0.7a.tar.gz instead, someone might get an error 404 if all download mirrors haven't updated - however its better than having someone running a potentially old version.

txuspe
Registered User
Posts: 73
Joined: Mon Nov 03, 2003 2:48 pm
Location: Spain

Post by txuspe » Sat Mar 20, 2004 2:32 pm

Could a proxy server be your problem?

GReaper
Registered User
Posts: 3
Joined: Sun Oct 14, 2001 12:33 am

Post by GReaper » Sat Mar 20, 2004 2:39 pm

txuspe wrote: Could a proxy server be your problem?


Have you tried downloading the two files before posting a reply? Please don't rush to post a reply if you haven't tested this yourself. I've tested this on more than one server which does not have a proxy.

Still, if the new tarball was renamed to a new file then there wouldn't be a problem with proxy servers, they'd get the new file instead.

User avatar
timsweb
Registered User
Posts: 329
Joined: Wed Mar 17, 2004 8:17 pm
Contact:

Post by timsweb » Sat Mar 20, 2004 3:06 pm

Hey,
Im runnig 2.0.6 planning today or tommorow to move to the latest which i beliceve is 2.0.7a? where can i get it and make sure it is 2.0.7a not 2.0.7?

Micrologics
Registered User
Posts: 10
Joined: Sat Mar 13, 2004 7:20 pm

Re: 2.0.7a, small concern with downloading

Post by Micrologics » Sat Mar 20, 2004 3:22 pm

GReaper wrote: However after downloading what I thought was 2.0.7a today, I checked the files to ensure they were patched. I had downloaded the original 2.0.7 and not 2.0.7a


Got the exact same problem here, thought I was downloading 2.0.7a but it was actually 2.0.7

User avatar
timsweb
Registered User
Posts: 329
Joined: Wed Mar 17, 2004 8:17 pm
Contact:

Post by timsweb » Sat Mar 20, 2004 3:35 pm

ok, where can i find phpbb 2.0.7a? the correct 1?

Micrologics
Registered User
Posts: 10
Joined: Sat Mar 13, 2004 7:20 pm

Post by Micrologics » Sat Mar 20, 2004 3:46 pm

Update...

I just downloaded from the Zurich server and that seemed to work for me (it was 2.0.7a not 2.0.7).

User avatar
timsweb
Registered User
Posts: 329
Joined: Wed Mar 17, 2004 8:17 pm
Contact:

Post by timsweb » Sat Mar 20, 2004 3:49 pm

whats the servers url?

Micrologics
Registered User
Posts: 10
Joined: Sat Mar 13, 2004 7:20 pm

Post by Micrologics » Sat Mar 20, 2004 3:53 pm

Not sure but just select 'Zurich, Switzerland' from the list...

User avatar
timsweb
Registered User
Posts: 329
Joined: Wed Mar 17, 2004 8:17 pm
Contact:

Post by timsweb » Sat Mar 20, 2004 3:58 pm

what list? please explain? sorry

Micrologics
Registered User
Posts: 10
Joined: Sat Mar 13, 2004 7:20 pm

Post by Micrologics » Sat Mar 20, 2004 4:01 pm

On the download page, click the icon relevant to what you want to download (i did the full zip package) and you should be presented with a list of servers...

User avatar
timsweb
Registered User
Posts: 329
Joined: Wed Mar 17, 2004 8:17 pm
Contact:

Post by timsweb » Sat Mar 20, 2004 4:03 pm

ok i did that choose the ziped change files package and it took me to the server list which then said the file name was 2.0.7 not 2.0.7a look the url is http://prdownloads.sourceforge.net/phpb ... p?download???

Micrologics
Registered User
Posts: 10
Joined: Sat Mar 13, 2004 7:20 pm

Post by Micrologics » Sat Mar 20, 2004 4:14 pm

That's half the point of this thread, try reading the original post...

2.0.7a is still named as 2.0.7 and some proxies do not appear to be updating the file correctly.

You will need to download and check that one or two of the changes are present, if they are, you know you have 2.0.7a

User avatar
timsweb
Registered User
Posts: 329
Joined: Wed Mar 17, 2004 8:17 pm
Contact:

Post by timsweb » Sat Mar 20, 2004 4:15 pm

ok, once download how do i cheack if its 2.07 or 2.0.7a?

Micrologics
Registered User
Posts: 10
Joined: Sat Mar 13, 2004 7:20 pm

Post by Micrologics » Sat Mar 20, 2004 4:18 pm


Locked

Return to “2.0.x Discussion”