Author Topic: FHFS: Is there going to be any update on this?  (Read 5728 times)

0 Members and 1 Guest are viewing this topic.

Offline LeoNeeson

  • Insane poster
  • *****
  • Posts: 433
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
FHFS: Is there going to be any update on this?
« on: August 28, 2016, 10:24:09 PM »
@Raybob: Is there going to be any update on this? Since in the HFS.ini of FHFS v2.1.3, the updates of the internal HFS (server.dll) are not automatic (update-automatically=no), it would be great to have an updated version with the last HFS v2.3i Build #297 running out-of-the-box. There are many users out there who are still using FHFS with a built-in outdated HFS v2.3d Build #292. And since there was a VERY important security update in this last version, many users may be exposed to hackers, like recently happened here. I understand that having the automatic updates disabled is to ensure everything keeps working/compatible with the rest of the FHFS code. I also understand that you may not want (or have the time) to be updating FHFS every time a new version of HFS is out, but this time is critical to have an update (since it fixed a "Remote Command Execution" exploit).
« Last Edit: September 19, 2016, 05:19:55 AM by Mars »
• HFS ahora también disponible en Español! (Clic aqui) :)
• HFS is now also available in Spanish! (Click here)

Offline bmartino1

  • Insane poster
  • *****
  • Posts: 750
  • I'm only trying to help i mean no offense.
    • View Profile
    • none - google translate
Re: Is there going to be any update on this?
« Reply #1 on: August 29, 2016, 04:48:55 PM »
i agree that it should be "recompiled", but you can replce hfs.exe with the updated one and all will work...

install fhfs, download current hfs, open install directory, replace hfs.exe file....

etc..etc...

Last i knew, raybob was working on another project, he emailed me and i looked into it, but i was not able to program or do much with it.
i forget the projects name....

looking at my old mesage:
Andromeda -fhfs 3.0
http://www.rejetto.com/forum/fhfs/fhfs-is-being-superceded-by-new-software-looking-for-developers/msg1059286/?topicseen#msg1059286

so idk the status of his tiem or other...

i don't think fhfs 2.0 will be geting recomplied...
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline LeoNeeson

  • Insane poster
  • *****
  • Posts: 433
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Is there going to be any update on this?
« Reply #2 on: August 30, 2016, 12:04:52 AM »
i agree that it should be "recompiled", but you can replce hfs.exe with the updated one and all will work...
Yes, I know that, but every user who downloads FHFS from SourceForge, would be exposed to vulnerabilities, if doesn't know he should update HFS. I was talking for helping those users, not for me. :-\

i don't think fhfs 2.0 will be geting recomplied...
It doesn't need to be recompiled. Is just as simple as updating the current ZIP file of FHFS v2.1.3, with the latest version of the HFS.exe file (server.dll). Then, rename and upload the updated ZIP file as a new version (FHFS v2.1.4) to SourceForge.

Well, I'm just saying... If it can't be done, it's OK.
It was only a suggestion, not a request.
« Last Edit: August 30, 2016, 02:38:01 AM by LeoNeeson »
• HFS ahora también disponible en Español! (Clic aqui) :)
• HFS is now also available in Spanish! (Click here)

Offline raybob

  • Moderator
  • Insane poster
  • *****
  • Posts: 453
    • View Profile
    • FileSplat.com
Re: Is there going to be any update on this?
« Reply #3 on: September 02, 2016, 09:14:01 AM »
Correct me if I'm wrong but I was under the impression that the security vulnerabilities in HfS were due to its template and not the executable itself.  If that's the case then FHFS is not affected since it uses its own templates.

Offline LeoNeeson

  • Insane poster
  • *****
  • Posts: 433
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Is there going to be any update on this?
« Reply #4 on: September 03, 2016, 10:38:29 PM »
I'm afraid not. It's CVE-2014-6287 (you can check this vulnerability report, here). The vulnerability it's related to the internal HFS search function, so, it's not related to templates at all. But Rejetto will have the final word and confirmation on this.

« Last Edit: September 03, 2016, 11:22:39 PM by LeoNeeson »
• HFS ahora también disponible en Español! (Clic aqui) :)
• HFS is now also available in Spanish! (Click here)

Offline raybob

  • Moderator
  • Insane poster
  • *****
  • Posts: 453
    • View Profile
    • FileSplat.com
Re: Is there going to be any update on this?
« Reply #5 on: September 04, 2016, 05:13:18 PM »
I tried updating all the binaries with FHFS and immediately there was a new bug with logging in.  Apparently HFS now doesn't let you add more than one cookie per request unless you use ; to separate them.  I don't have the time to spend debugging and troubleshooting and updating this project, and unfortunately it's just old and probably more insecure than I can fix.  So, I've removed the Sourceforge pages and I'm calling it officially discontinued.  Anyone who really wants source code or to download it can message me here.
« Last Edit: September 04, 2016, 05:19:02 PM by raybob »

Offline LeoNeeson

  • Insane poster
  • *****
  • Posts: 433
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Is there going to be any update on this?
« Reply #6 on: September 04, 2016, 11:15:02 PM »
Anyone who really wants source code or to download it can message me here.
I've sent you a message. ;)
• HFS ahora también disponible en Español! (Clic aqui) :)
• HFS is now also available in Spanish! (Click here)

Offline rejetto

  • Administrator
  • Insane programmer
  • *
  • Posts: 12844
    • View Profile
Re: Is there going to be any update on this?
« Reply #7 on: September 18, 2016, 03:19:23 AM »
if you pass by Roma, don't forget to write me and we'll have a coffee together :)

Follow members gave a thank to your post:


Offline LeoNeeson

  • Insane poster
  • *****
  • Posts: 433
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Is there going to be any update on this?
« Reply #8 on: September 19, 2016, 12:55:51 AM »
if you pass by Roma, don't forget to write me and we'll have a coffee together :)
I guess this message was intended to raybob, but if it was to me, sure, not problem, thanks for the invitation. I hope to visit Italy some day in the future. 8)
« Last Edit: September 19, 2016, 01:50:50 AM by LeoNeeson »
• HFS ahora también disponible en Español! (Clic aqui) :)
• HFS is now also available in Spanish! (Click here)

Offline jasonslan

  • Occasional poster
  • *
  • Posts: 1
    • View Profile
Re: FHFS: Is there going to be any update on this?
« Reply #9 on: September 26, 2016, 08:40:43 PM »
I noticed that the sourceforge pages no longer exist.. how can somebody get a copy of FHFS just to play with it?

Offline bmartino1

  • Insane poster
  • *****
  • Posts: 750
  • I'm only trying to help i mean no offense.
    • View Profile
    • none - google translate
Re: FHFS: Is there going to be any update on this?
« Reply #10 on: September 27, 2016, 12:25:17 AM »
I noticed that the sourceforge pages no longer exist.. how can somebody get a copy of FHFS just to play with it?

well, i thought they were still here:
http://www.rejetto.com/forum/fhfs/version-2-0-0-release-download/msg1060565/#msg1060565

but i'm wrong... i will see if i still have a download
my downloads are gone for it, and i'm not finding a older source, if another uses still has the download and feels like sharing it
https://web.archive.org/web/20160923113615/https://sourceforge.net/projects/fhfs/files/2.1.x/2.1.3/

https://forum.filezilla-project.org/viewtopic.php?t=22427

lloks like the last know page was recorded the 23 of sep, you could petition Sourceforge via email support to get it back...
« Last Edit: September 27, 2016, 12:38:48 AM by bmartino1 »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline raybob

  • Moderator
  • Insane poster
  • *****
  • Posts: 453
    • View Profile
    • FileSplat.com
Re: FHFS: Is there going to be any update on this?
« Reply #11 on: September 30, 2016, 01:56:09 PM »
Maybe I'll upload FHFS to github or something.  I didn't want it on sourceforge because it gave the impression that it was a solid finished product and while it once was, I haven't maintained it in a while.  Plus, Sourceforge was flagging it as infected due to HFS which was annoying :/

Anyone that really wants to download FHFS in the meantime can go here
https://1drv.ms/f/s!AvtYl4Gpzql2ozMaB8_L4BNzf_HH

Follow members gave a thank to your post:


Offline rejetto

  • Administrator
  • Insane programmer
  • *
  • Posts: 12844
    • View Profile
Re: FHFS: Is there going to be any update on this?
« Reply #12 on: July 15, 2017, 01:28:20 PM »
I guess this message was intended to raybob, but if it was to me, sure, not problem, thanks for the invitation. I hope to visit Italy some day in the future. 8)

i honestly don't remember who was that for, but it's valid for you too Leo, and any other longtimer :)