At first it was a total disaster and would not add rules to the nftables no matter what I did. Digging around, there is a bug with iptables-nft especially around iptables-restore. Updating iptables package fixed things up nicely.
Not really sure what they changed between 5.2.1 and 5.2.2 just some tweaks by the look of things.
Also 5.3 should be out soon.
I was looking at the net-snmp code trying to work out the differences between the PID file generating code for snmpd and snmptrapd.
🔹 snmpd uses open() with permissions of 0600
🔹 snmptrapd uses fopen() with permissions of 0644
Given there on my system there is only one other PID file with 0600 I patched snmpd to use 0644.
That should mean you're ok for most current WordPress security bugs except for CVE-2019-8943 which is a path traversal bug. I think it's fixed for WordPress proper but many modules are still vulnerable.
Instead of trying to pry apart all the changesets, there is now just a consolidated changeset between 4.7.11 and 4.7.12
4.7.12 is the 4.7 branch of fixes backported from 5.0.1. Just using the entire changeset makes it easier and helps with things like database updates.
I've been triaging a bunch of net-snmp bugs on the #debian bug tracker tonight. There are a lot of old ones for versions of net-snmp long gone.
Strangely there are old bugs that are still there, like why are the permissions for snmp and snmptrapd pid files different?
Clearing out the old ones means I can concentrate on what is left.
The Debian specific patches are now applying cleanly so the next steps are
* to make sure it compiles
* Fix it when it surely won't
* Look at the Debian bugs and fix/close those
It's a pretty big codebase that takes forever to compile so it won't be a fast process.
If you installed (and used) the #snmp library but didn't have the snmp package itself installed, your logs were often very busy because the configuration wasn't installed, so it got moved.
The second other main fix was around the shlibs (shared library dependencies) for binary rebuilds.
Looks like I'm building WordPress #debian packages tonight. 😭