security-patch-2007-10-29.tgz

balinor · #11 11-05-2007, 03:43 PM

That's what I mean, they didn't issue a .diff, they just said 'here, replace your files'. You need to use a compare program and make the changes you find, and there are quite a few depending on how custom your func.php is.

Light Speed · #12 11-05-2007, 09:35 PM

I also did not receive an email regarding this security patch!!!!!!!!

wjbrewer · #13 11-05-2007, 10:01 PM

Quote:

Originally Posted by sunny

...is there any easy way to find what the actual changes are? Our include/func.php file is rather heavily modified (by x-cart, myself and one other mod) and I'm having a difficult time differentiated between the update code and that added for modifications by others. I compared the files and this doesn't do me any good. Is there any way to figure out just the lines changed for this update?

http://www.scootersoftware.com/

ambal · #14 11-06-2007, 12:03 AM

Quote:

Originally Posted by Light Speed

I also did not receive an email regarding this security patch!!!!!!!!

You shouldn't worry about not getting the e-mail from us to the moment as you haven't got the e-mail YET. We send our newsletters in some portions usually in order not to create a huge overload impact on our servers like if we send them all at once. I am sure you'll get the e-mail in some time later.

Also, please make sure your spam filter allows messages from our domains.

balinor · #15 11-06-2007, 04:06 AM

Alexander, is there a reason this patch was not released as a .diff? You guys have created about 20 hours of work for me in having to go into each of my clients stores and compare their func.php file to the new one and make the appropriate changes.

dire_lobo · #16 11-06-2007, 05:46 AM

Howdy folks!'

I contacted X-Cart last night and received the following:

"The software architects informed that a diff patch for X-Cart will be released in the nearest 1-2 business days. We'll let you know as soon as it's available."

I also went in and made sure my contact email address was current - it wasn't (remember the massive spoofing campaign I weathered? - I had to change domains - and concommitantly, emails... and hadn't updated my profile at X-Cart). I updated/fixed that too.

balinor · #17 11-06-2007, 05:47 AM

Excellent...good to hear!

geckoday · #18 11-06-2007, 05:57 AM

Why is func.php full of changes that have nothing to do with patching security, such as discount calculations? A security patch should be just that and that alone. Now I've either got to test a dozen other things or manually pick out the security related changes from the patch.

Sheriff · #19 11-06-2007, 06:03 AM

Quote:

Originally Posted by balinor

Sure, it's in the file area/updates:

security-patch-2007-10-29.tgz

Edited the thread title to reflect this as well.

We've updated security-patch-2007-10-29.tgz in the XB file area and now it contains diff files too.

Also I've attached security-patch-2007-10-29_diffs-only.zip file to this message for further use.

balinor · #20 11-06-2007, 06:12 AM

Well that didn't work...on a fresh install of 4.1.8, the only file that patches is /include/func/func.db.php. The rest result in a 'could not patch' error, even though they are default files. Testing other versions now.