I've just uploaded the backported packages for for Buster. This fixes all security bugs fixed in WordPress 5.2.3 5.2.4 and 5.3.1 ready for buster.

package for 5.3.2 has just been uploaded. This fixes some important problems introduced in 5.3.1 That version fixed a few security-related bugs, mainly XSS (again).

The update should be available for Debian sid in the next few hours.

Found a curious bug in the package last night. There is a reasonably old security patch for CVE-2017-14990 where the activation key is stored in plaintext for multisite users (normal users it's hashed).

Anyway it's a broken patch because it doesn't decide the user id. Easy to fix but I never used it before.

More sagas with net-snmp. It seems that something in the build process is wrecking the modules, so none of the functions are exposed.

The odd thing is, if I compile it by hand it works fine, so what is messing things up?

net-snmp packages version 5.8-1 just got uploaded. The previous upstream version 5.7.2 has been around for 4 years so this has been a long time coming.

5.8 packages also drop support of python modules, use pysnmp instead as its better in most ways.

Debian packages now should be source only, otherwise they won't make it to bullseye ( the next release).

So the wiki has the flags to add to build source only, so that's all you need to do?

Nope.

debsign and debrelease need to be told too. ( Both with -S)

So the toolchain will create a package that is guaranteed to be rejected using the default setup. The only way to fix it is to use two different sets of options.

After a lot of mucking around I got the laptop looking ok. The conky config says its but it's really .

Installing on a laptop that needs non-free firmware for the wifi to work, is there anything more frustrating?

It's pretty bad if a Debian user of over 20 years still struggles with this process, find the firmware its right there dammit.

Uploaded the mastodon module into the repository tonight. This gets it inline with the pypi version 1.4.6

It now conditionally links http_ece, so no more Debian patches :drake_like:

The program can use but there is no package inside Debian yet.

I have now use the system package for libjs-underscore rather than the one shipped with . For once, the Debian version is newer but linking it didn't seem to give any errors on a browser console. It also meant I had to update my profile for wordpress.

WordPress version 5.2.3 is now out which is a security release. It fixes a bunch of XSS problems and some sanitization problems. Debian packages soon.

wordpress.org/news/2019/09/wor

So I started to work on the new snmp packages that use net-snmp 5.8

The snmpd daemon fails to start and initial debugging shows it attempting to bind to UDP port 161 *twice* ; which is why it bugs out.

So next part of the puzzle is why twice?

-make the Debian package that makes other Debian packages got it's first update for the year.

Not terribly exciting changes, just a bump of the Debian standards and debhelper versions mostly.

I thought I should use something a bit more robust than my pile of shell scripts for firewalling my server so tried out

At first it was a total disaster and would not add rules to the nftables no matter what I did. Digging around, there is a bug with iptables-nft especially around iptables-restore. Updating iptables package fixed things up nicely.

Tonight's plan is to look at the net-snmp packages to see if I should drop the 2 module. I'm pretty sure they don't support python3 and are bad in many ways so they are likely to go.

5.2.2 packages now uploaded to the FTP servers.

Not really sure what they changed between 5.2.1 and 5.2.2 just some tweaks by the look of things.

Also 5.3 should be out soon.

wordpress.org/news/2019/06/wor

The postfix profiles in the package don't work with the Debian postfix.

At least it's only complain mode but it still kills processes if you try to switch context.

packages of the library written by @halcy uploaded to the Debian FTP servers just now. This is a bump from 1.3.1 to 1.4.2 because I have been slack.

5.2.1 packages just got built and I'm uploading them in a few minutes.

Doesn't seem to be any major security updates despite the third digit. The WordPress website is saying 5.2.2 will be out soon too; now *that* one sounds like a security thing.

I was looking at the net-snmp code trying to work out the differences between the PID file generating code for snmpd and snmptrapd.

πŸ”Ή snmpd uses open() with permissions of 0600
πŸ”Ή snmptrapd uses fopen() with permissions of 0644

Given there on my system there is only one other PID file with 0600 I patched snmpd to use 0644.

Show more
Mastodon on Dropbear

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!