Page 1 of 3

2.0.7a, small concern with downloading

Posted: Sat Mar 20, 2004 2:24 pm
by GReaper
Looking at this announcement post:
Acyd Burn wrote: We have now updated all archives (for 2.0.7) as made available on the download page here. Therefore all new installations and upgrades will be immune.


The current system appears to be that whenever theres a slight security patch, you name the file as 2.0.7a or whichever patch it is, then modify the existing phpBB-2.0.7.tar.gz archive. However after downloading what I thought was 2.0.7a today, I checked the files to ensure they were patched. I had downloaded the original 2.0.7 and not 2.0.7a.

After checking some of the Sourceforge mirrors, Aleron gave me 2.0.7a, while others like easynews gave me the original 2.0.7. The downloads page says about downloading 2.0.7a, however I got the unpatched 2.0.7. If I didn't check the source code after downloading, I'd still be running the unpatched version which has a possible SQL injection problem.

How many other people have downloaded what they thought was 2.0.7a but got the original 2.0.7 due to Sourceforge mirrors not all being updated? There could be quite a few forum admins out there who believe they're running 2.0.7a but they're not.

Wouldn't it be a better idea to actually name the patched tarballs after their new name? Call the new file phpBB-2.0.7a.tar.gz instead, someone might get an error 404 if all download mirrors haven't updated - however its better than having someone running a potentially old version.

Posted: Sat Mar 20, 2004 2:32 pm
by txuspe
Could a proxy server be your problem?

Posted: Sat Mar 20, 2004 2:39 pm
by GReaper
txuspe wrote: Could a proxy server be your problem?


Have you tried downloading the two files before posting a reply? Please don't rush to post a reply if you haven't tested this yourself. I've tested this on more than one server which does not have a proxy.

Still, if the new tarball was renamed to a new file then there wouldn't be a problem with proxy servers, they'd get the new file instead.

Posted: Sat Mar 20, 2004 3:06 pm
by timsweb
Hey,
Im runnig 2.0.6 planning today or tommorow to move to the latest which i beliceve is 2.0.7a? where can i get it and make sure it is 2.0.7a not 2.0.7?

Re: 2.0.7a, small concern with downloading

Posted: Sat Mar 20, 2004 3:22 pm
by Micrologics
GReaper wrote: However after downloading what I thought was 2.0.7a today, I checked the files to ensure they were patched. I had downloaded the original 2.0.7 and not 2.0.7a


Got the exact same problem here, thought I was downloading 2.0.7a but it was actually 2.0.7

Posted: Sat Mar 20, 2004 3:35 pm
by timsweb
ok, where can i find phpbb 2.0.7a? the correct 1?

Posted: Sat Mar 20, 2004 3:46 pm
by Micrologics
Update...

I just downloaded from the Zurich server and that seemed to work for me (it was 2.0.7a not 2.0.7).

Posted: Sat Mar 20, 2004 3:49 pm
by timsweb
whats the servers url?

Posted: Sat Mar 20, 2004 3:53 pm
by Micrologics
Not sure but just select 'Zurich, Switzerland' from the list...

Posted: Sat Mar 20, 2004 3:58 pm
by timsweb
what list? please explain? sorry

Posted: Sat Mar 20, 2004 4:01 pm
by Micrologics
On the download page, click the icon relevant to what you want to download (i did the full zip package) and you should be presented with a list of servers...

Posted: Sat Mar 20, 2004 4:03 pm
by timsweb
ok i did that choose the ziped change files package and it took me to the server list which then said the file name was 2.0.7 not 2.0.7a look the url is http://prdownloads.sourceforge.net/phpb ... p?download???

Posted: Sat Mar 20, 2004 4:14 pm
by Micrologics
That's half the point of this thread, try reading the original post...

2.0.7a is still named as 2.0.7 and some proxies do not appear to be updating the file correctly.

You will need to download and check that one or two of the changes are present, if they are, you know you have 2.0.7a

Posted: Sat Mar 20, 2004 4:15 pm
by timsweb
ok, once download how do i cheack if its 2.07 or 2.0.7a?

Posted: Sat Mar 20, 2004 4:18 pm
by Micrologics