description changed

sam — Thu, 27 Feb 2014 16:20:58 GMT

description modified (diff)

paul — Fri, 28 Feb 2014 17:05:16 GMT

Hi, Sam,

I'll test these updates over the weekend and update the ticket on Monday

paul — Sat, 01 Mar 2014 15:07:35 GMT

Update.

I'll test these Monday afternoon and update the ticket. Hopefully we can update the server before then end of Monday.

hours, totalhours changed

paul — Mon, 03 Mar 2014 16:51:31 GMT

hours changed from 0.0 to 0.75
totalhours changed from 0.0 to 0.75

I have put all the code under git version control on my localhost so that I can always go back in time :)

Replies given inline ..

Replying to sam:

Hi Paul

You'll see from this ticket; https://trac.transitionnetwork.org/trac/ticket/582

That the 6.29 > 6.30 core update patches bugs that don't affect us.

I haven't looked at that ticket, as I noticed that we are already on 6.30

However some recent security updates for modules have been released recently; https://www.transitionnetwork.org/admin/reports/updates

Affected modules are;

ctools; https://drupal.org/node/2194547

The new release also provides a patch for cleanstring.inc, that overrides the patch that was applied to the previous version.

After switching to the new version of ctools, and clicking around, I couldn't see the problems:

Constant CTOOLS_PREG_CLASS_ALNUM in includes/cleanstring.inc contains \x{d800}- which is ill-formed code point. PHP issues this warning:

Warning: preg_match(): Compilation failed: disallowed Unicode code point (>= 0xd800 && <= 0xdfff) at offset 1811 in ctools_cleanstring() (line 157 of /srv/http/XXXX/www/sites/all/modules/contrib/ctools/includes/cleanstring.inc)

reported in watchdog. I have updated the makefile on my localhost.

Here are the changes for includes/cleanstring.inc that come with the latest version of ctools:

diff --git a/sites/all/modules/contrib/ctools/includes/cleanstring.inc b/sites/all/modules/contrib/ctools/includes/cleanstring.inc index 324d070..027def1 100644 --- a/sites/all/modules/contrib/ctools/includes/cleanstring.inc +++ b/sites/all/modules/contrib/ctools/includes/cleanstring.inc @@ -56,11 +56,12 @@ define('CTOOLS_PREG_CLASS_ALNUM',

'\x{2108}\x{2109}\x{2114}\x{2116}-\x{2118}\x{211e}-\x{2123}\x{2125}\x{2127}'. '\x{2129}\x{212e}\x{2132}\x{213a}\x{213b}\x{2140}-\x{2144}\x{214a}-\x{2b13}'. '\x{2ce5}-\x{2cff}\x{2d6f}\x{2e00}-\x{3005}\x{3007}-\x{303b}\x{303d}-\x{303f}'.

-'\x{3099}-\x{309e}\x{30a0}\x{30fb}\x{30fd}\x{30fe}\x{3190}-\x{319f}\x{31c0}-'. -'\x{31cf}\x{3200}-\x{33ff}\x{4dc0}-\x{4dff}\x{a015}\x{a490}-\x{a716}\x{a802}'. -'\x{a806}\x{a80b}\x{a823}-\x{a82b}\x{e000}-\x{f8ff}\x{fb1e}\x{fb29}\x{fd3e}'. -'\x{fd3f}\x{fdfc}-\x{fe6b}\x{feff}-\x{ff0f}\x{ff1a}-\x{ff20}\x{ff3b}-\x{ff40}'. -'\x{ff5b}-\x{ff65}\x{ff70}\x{ff9e}\x{ff9f}\x{ffe0}-\x{fffd}'); +'\x{3099}-\x{309e}\x{30a0}\x{30fb}-\x{30fe}\x{3190}-\x{319f}\x{31c0}-\x{31cf}'. +'\x{3200}-\x{33ff}\x{4dc0}-\x{4dff}\x{a015}\x{a490}-\x{a716}\x{a802}\x{a806}'. +'\x{a80b}\x{a823}-\x{a82b}\x{e000}-\x{f8ff}\x{fb1e}\x{fb29}\x{fd3e}\x{fd3f}'. +'\x{fdfc}-\x{fe6b}\x{feff}-\x{ff0f}\x{ff1a}-\x{ff20}\x{ff3b}-\x{ff40}\x{ff5b}-'. +'\x{ff65}\x{ff70}\x{ff9e}\x{ff9f}\x{ffe0}-\x{fffd}'); +

filefield https://drupal.org/node/2194103

Already patched.

image resizer https://drupal.org/node/2194063

Already patched.

mimemail https://drupal.org/node/2205939

Come back to this one later, as it sounds tricky.

webform https://drupal.org/node/2194181

Already patched.

The ctools & webform ones look like ones we should get on top of soonish, the mimemail one looks like it could be a pain.

Are you up for testing the updates on your local box? We can then figure out how to roll them out to the live site.

Thanks

Sam

I think I need to look again at the wiki pages to see how to get the latest version of the makefile on the server, and the process of staging and pushing changes through to production.

sam — Tue, 04 Mar 2014 17:23:00 GMT

Hi Paul

Thanks for this.

I was going to have a go at building a stg.tn.org on Ageir using your new Makefile to do a bit of testing.

Could you stick it on your github and I'll have a go?

https://github.com/paulbooker/transitionnetwork.org-d6.profile

Thanks

Sam

hours, totalhours changed

paul — Wed, 05 Mar 2014 14:24:07 GMT

hours changed from 0.0 to 0.25
totalhours changed from 0.75 to 1.0

Hi Sam,

Pushed the changes to Github.

Would you document what you do or advise what part of the wiki you followed.

paul — Wed, 05 Mar 2014 14:26:16 GMT

If you have any problems building a stage environment, let me know, and I'll see if I can help.

Best, Paul

ed — Wed, 16 Apr 2014 11:07:14 GMT

has this moved on to #712? it's gone quiet.

paul — Wed, 30 Apr 2014 18:04:59 GMT

I would say it has.

sam — Thu, 15 May 2014 09:00:11 GMT

Resolved via https://trac.transitionnetwork.org/trac/ticket/712

status changed; resolution set

sam — Thu, 15 May 2014 09:00:36 GMT

status changed from new to closed
resolution set to fixed

Transition Technology: Ticket #693: Module security updates: February 2014

description changed

hours, totalhours changed

hours, totalhours changed

status changed; resolution set