From Jules at Zend.To Sun Apr 1 15:25:25 2018 From: Jules at Zend.To (Jules) Date: Sun, 1 Apr 2018 15:25:25 +0100 Subject: [ZendTo] ANNOUNCE: 5.03-1 released Message-ID: <70d0ce01-6bd5-361d-f53b-2078bb751328@Zend.To> Folks, As a present for Easter, I have just released ZendTo version 5.03-1. The only new feature is that the lifetime of a "request a drop-off" code/link is now seen by users, with the lifetime (set by 'requestTTL' in preferences.php) displayed as an approximate time. Otherwise, it's various bug-fixes that have been reported over the past couple of months. Download as usual from ??? http://zend.to/downloads.php Here is the Change log: - The lifetime of a request code is now shown in the user interface and ? included in emails. The length of time displayed is a slight approximation ? of the exact request code lifetime, to make it easier to read. - Fixed minor translation bug in show_dropoff page (wasn't translating "files". - Tiny change to Facebox setup code to work better with load balancers / ? reverse proxies. Thanks to John Thurston for this. - "Request for a drop-off" email now has Subject: line tag. ? Thanks to Stanislav Telipsk? for this. - On the "Unlock Users" page, both "Unlocked ..." and "Unknown user" are ? now translated. - Fixed security bug to do with insufficient checking of MIME type strings. - Reinstated and improved text on About page explaining how to drop-off ? many files at once. And if anyone is feeling generous this Easter, I have added some stuff to my Amazon wishlist at ??? http://amzn.eu/girz6b7 Thanks! Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'One of the deep secrets of life is that all that is really worth doing is what we do for others.' - Lewis Carroll www.Zend.To Twitter: @JulesFM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From Jules at Zend.To Sun Apr 1 19:40:32 2018 From: Jules at Zend.To (Jules) Date: Sun, 1 Apr 2018 19:40:32 +0100 Subject: [ZendTo] Administrivia: The list has moved Message-ID: With any luck, this will reach you all. I hope... Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'I have lost friends, some by death ... others through sheer inability to cross the street.' - Virginia Woolf www.Zend.To Twitter: @JulesFM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From spork at bway.net Sun Apr 1 21:26:35 2018 From: spork at bway.net (Charles Sprickman) Date: Sun, 1 Apr 2018 16:26:35 -0400 Subject: [ZendTo] Administrivia: The list has moved In-Reply-To: References: <636AFD17-1CA9-4E48-A0BB-14248C134B17@bway.net> Message-ID: Where has it moved to? :) The link on the zend.to site leads to a password-protected site... -- Charles Sprickman NetEng/SysAdmin Bway.net - New York's Best Internet www.bway.net spork at bway.net - 212.982.9800 > On Apr 1, 2018, at 2:40 PM, Jules wrote: > > With any luck, this will reach you all. I hope... > > Jules > > -- > Julian Field MEng CEng CITP MBCS MIEEE MACM > > 'I have lost friends, some by death ... others through sheer inability > to cross the street.' - Virginia Woolf > > www.Zend.To > Twitter: @JulesFM > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto From Jules at Zend.To Mon Apr 2 10:57:53 2018 From: Jules at Zend.To (Jules) Date: Mon, 2 Apr 2018 10:57:53 +0100 Subject: [ZendTo] Administrivia: The list has moved In-Reply-To: References: <636AFD17-1CA9-4E48-A0BB-14248C134B17@bway.net> Message-ID: Oops. You should find the link on the zend.to site now works! Sorry about that. On 01/04/2018 9:26 pm, Charles Sprickman via ZendTo wrote: > Where has it moved to? :) > > The link on the zend.to site leads to a password-protected site... Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'One of the deep secrets of life is that all that is really worth doing is what we do for others.' - Lewis Carroll www.Zend.To Twitter: @JulesFM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From john.thurston at alaska.gov Mon Apr 2 16:54:47 2018 From: john.thurston at alaska.gov (John Thurston) Date: Mon, 2 Apr 2018 07:54:47 -0800 Subject: [ZendTo] [NOTSPAM?] Re: ANNOUNCE: 5.03-1 released In-Reply-To: <70d0ce01-6bd5-361d-f53b-2078bb751328@Zend.To> References: <70d0ce01-6bd5-361d-f53b-2078bb751328@Zend.To> <7f611042-39be-ef31-69c7-ad9e1d57ecfa@alaska.gov> Message-ID: On 4/1/2018 6:25 AM, Jules wrote: > As a present for Easter, I have just released ZendTo version 5.03-1. Most excellent, Jules. Thank you for the quick turn around. -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston at alaska.gov Department of Administration State of Alaska From deq at pattishall.com Tue Apr 17 14:51:55 2018 From: deq at pattishall.com (Dale E. Qualls) Date: Tue, 17 Apr 2018 13:51:55 +0000 Subject: [ZendTo] Disable ciphers References: Message-ID: Jules (or anyone :)) My newly built zendto server (on CentOS 7) is testing poorly for sweet32 (using medium strength ciphers). I need to remediate this but I want to be sure it won't break zendto. I don't see why it would but I thought I'd ask before I go to tweaking things. Thanks! [http://images.pattishall.com/images/pattishalllogo-170.jpg] Dale E. Qualls Director of Information Technology Pattishall, McAuliffe, Newbury, Hilliard & Geraldson LLP 200 South Wacker Drive, Suite 2900 Chicago, IL 60606-5896 Direct: (312) 554-7979 Main: (312) 554-8000 Fax: (312) 554-8015 deq at pattishall.com www.pattishall.com Follow us on Twitter [http://images.pattishall.com/images/25pixelimage.gif] [http://images.pattishall.com/images/25pixelimage.gif] [http://images.pattishall.com/images/blf-badge.jpg] [http://images.pattishall.com/images/25pixelimage.gif] Pattishall Ranks GOLD in the United States and in Illinois in the prestigious WTR 1000 [http://images.pattishall.com/images/25pixelimage.gif] [http://images.pattishall.com/images/2014chambers-65.jpg] [http://images.pattishall.com/images/25pixelimage.gif] [http://images.pattishall.com/images/2013gototop500.jpg] ________________________________ The preceding message and any attachments may contain confidential information protected by the attorney-client or other privilege. You may not forward this message or any attachments without the permission of the sender. If you believe that it has been sent to you in error, please reply to the sender that you received the message in error and then delete it. Nothing in this email message, including the typed name of the sender and/or this signature block, is intended to constitute an electronic signature unless a specific statement to the contrary is included in the message. ________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From john.thurston at alaska.gov Tue Apr 17 16:44:40 2018 From: john.thurston at alaska.gov (John Thurston) Date: Tue, 17 Apr 2018 07:44:40 -0800 Subject: [ZendTo] Disable ciphers In-Reply-To: References: <2f44722a-70c8-3252-05b7-1bdb432affde@alaska.gov> Message-ID: On 4/17/2018 5:51 AM, Dale E. Qualls via ZendTo wrote: > Jules (or anyone J) > > My newly built zendto server (on CentOS 7) is testing poorly for sweet32 > (using medium strength ciphers). ?I need to remediate this but I want to > be sure it won't break zendto.? I don't see why it would but I thought > I'd ask before I go to tweaking things. I don't see how this could affect ZendTo. What you are adjusting is the cipher-suite available to the Apache web server. -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston at alaska.gov Department of Administration State of Alaska From deq at pattishall.com Tue Apr 17 17:25:48 2018 From: deq at pattishall.com (Dale E. Qualls) Date: Tue, 17 Apr 2018 16:25:48 +0000 Subject: [ZendTo] Disable ciphers In-Reply-To: References: <2f44722a-70c8-3252-05b7-1bdb432affde@alaska.gov>

Message-ID: Correct, I'm not sure why it would either but it never hurts to ask ? [http://images.pattishall.com/images/pattishalllogo-170.jpg] Dale E. Qualls Director of Information Technology Pattishall, McAuliffe, Newbury, Hilliard & Geraldson LLP 200 South Wacker Drive, Suite 2900 Chicago, IL 60606-5896 Direct: (312) 554-7979 Main: (312) 554-8000 Fax: (312) 554-8015 deq at pattishall.com www.pattishall.com Follow us on Twitter [http://images.pattishall.com/images/25pixelimage.gif] [http://images.pattishall.com/images/25pixelimage.gif] [http://images.pattishall.com/images/blf-badge.jpg] [http://images.pattishall.com/images/25pixelimage.gif] Pattishall Ranks GOLD in the United States and in Illinois in the prestigious WTR 1000 [http://images.pattishall.com/images/25pixelimage.gif] [http://images.pattishall.com/images/2014chambers-65.jpg] [http://images.pattishall.com/images/25pixelimage.gif] [http://images.pattishall.com/images/2013gototop500.jpg] ________________________________ The preceding message and any attachments may contain confidential information protected by the attorney-client or other privilege. You may not forward this message or any attachments without the permission of the sender. If you believe that it has been sent to you in error, please reply to the sender that you received the message in error and then delete it. Nothing in this email message, including the typed name of the sender and/or this signature block, is intended to constitute an electronic signature unless a specific statement to the contrary is included in the message. ________________________________ From: ZendTo [mailto:zendto-bounces at zend.to] On Behalf Of John Thurston via ZendTo Sent: Tuesday, April 17, 2018 10:45 AM To: zendto at zend.to Cc: John Thurston Subject: Re: [ZendTo] Disable ciphers External email, exercise caution. On 4/17/2018 5:51 AM, Dale E. Qualls via ZendTo wrote: > Jules (or anyone J) > > My newly built zendto server (on CentOS 7) is testing poorly for sweet32 > (using medium strength ciphers). I need to remediate this but I want to > be sure it won't break zendto. I don't see why it would but I thought > I'd ask before I go to tweaking things. I don't see how this could affect ZendTo. What you are adjusting is the cipher-suite available to the Apache web server. -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston at alaska.gov Department of Administration State of Alaska _______________________________________________ ZendTo mailing list ZendTo at zend.to http://jul.es/mailman/listinfo/zendto -------------- next part -------------- An HTML attachment was scrubbed... URL: From bret at essex.ac.uk Wed Apr 18 07:51:59 2018 From: bret at essex.ac.uk (Giddings, Bret) Date: Wed, 18 Apr 2018 06:51:59 +0000 Subject: [ZendTo] Migration woes References: Message-ID: Hello, I?m trying to do a migration from 3.71(!!) to the latest version. Using information at http://jul.es/pipermail/zendto/2014-February/002309.html, I have successfully been able to port the DB (sqlite2 to sqlite3) and dropped off files from the older server to a new one. This lets me pick up files that we?re previously on the old server. However, when trying to drop off anything on the new server, I am getting an error of Database Error Database failure writing authentication key. Please notify the system administrator. In the GUI and Error: failed to add authdata for bret at essex.ac.uk to authtable In the zendto.log. I?ve checked that the authtable structure is the same between versions and can insert the data that DBWriteAuthData attempts to write if I interact with the DB via the command line. Have I missed anything? Thanks, Bret -------------- next part -------------- An HTML attachment was scrubbed... URL: From bret at essex.ac.uk Mon Apr 23 16:33:09 2018 From: bret at essex.ac.uk (Giddings, Bret) Date: Mon, 23 Apr 2018 15:33:09 +0000 Subject: [ZendTo] Migration woes In-Reply-To: References: Message-ID: I eventually solved this problem. As part of the migration attempt, I had moved the original /var/zendto directory and created a new one. The new folder needed permissions tweaking to 0755 with owner root and group www-data to match those of the previous folder. It then worked fine. Regards, Bret From: Giddings, Bret Sent: 18 April 2018 07:52 To: zendto at zend.to Subject: Migration woes Hello, I'm trying to do a migration from 3.71(!!) to the latest version. Using information at http://jul.es/pipermail/zendto/2014-February/002309.html, I have successfully been able to port the DB (sqlite2 to sqlite3) and dropped off files from the older server to a new one. This lets me pick up files that we're previously on the old server. However, when trying to drop off anything on the new server, I am getting an error of Database Error Database failure writing authentication key. Please notify the system administrator. In the GUI and Error: failed to add authdata for bret at essex.ac.uk to authtable In the zendto.log. I've checked that the authtable structure is the same between versions and can insert the data that DBWriteAuthData attempts to write if I interact with the DB via the command line. Have I missed anything? Thanks, Bret -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott.birl at temple.edu Thu Apr 26 13:10:42 2018 From: scott.birl at temple.edu (Scott Birl) Date: Thu, 26 Apr 2018 12:10:42 +0000 Subject: [ZendTo] zend.to 4.1 code injection References: <3b0244e411dd41919c3d5087fe0213b9@exch15-mr02.tu.temple.edu> Message-ID: Hello everyone: Our site is currently using an older version of zend.to, 4.11. We have plans of upgrading to the latest version in the works. A recent audit by our security team discovered the 4.11 code is susceptible to spider code injection. Off-hand, I do not know the specifics but should be able to provide them if necessary. The questions become: has this been discovered and fixed already? Is there a way to patch our 4.11 version against it? Thanks in advance Birl -------------- next part -------------- An HTML attachment was scrubbed... URL: