I just noticed that the LTS team have just updated the for Debian

The latest is 4.7.22+dfsg-0+deb9u1

Show thread

:wordpress: 5.8.3 is out and fixes 4 security holes including a SQL injection. That last one needs a badly behaving plugin but we know how rare those are 😜

:debian: Sid packages already uploaded. Bullseye and buster just waiting on reviews to upload and should be available in a day or so.

I have a long opened bug to create a bash completion for dh_make that I decided to tackle today.

The documentation isn't great but that awesome double pair of cut and paste with trial and error helped out and it wasn't as bad as I thought.

So enjoy the bash completion in the next release of dh_make

version 5.7 is out. This is a feature enhancement release with some tweaks done to the editor and the blocks. There are also some colour enhancements and a jQuery update.

packages are built and uploaded so should be available soon.

version 23.4 was released today, both as an upstream source package and package 23.4-1

This release has some minor fixes and updates; if you liked the -Z flag in ps, then pstree has this for you.

Maybe fuser will be less confused about device IDs, but I'm pretty sure someone out there is crafting up an even stranger storage device setup.

Tarballs located at sourceforge.net/projects/psmis or get it from git at gitlab.com/psmisc/psmisc/-/tag

packages for 5.6.1 were just uploaded to the Debian FTP servers.

It fixes 20 bugs and 7 issues; not sure what the difference is but there you go.

While 5.6.1is a short-cycle release, it may be the one that gets frozen in the next Debian stable, due to timing of the freeze and the 5.7 WordPress release.


Well, that took longer than expected.

packages 5.5.3 was uploaded yesterday fixing several security issues. I have also sent version 5.0.11 for review to update Debian Buster.

Guess what? Another security release of This release was 5.5.2 but something broke and they now have 5.5.3

LTS already got their updates in, I'll be working on the update for sir tonight.


I got a bug report for the version of where the logout redirect failed because it was neither a relative URL or one with a host.

Upstream of the same version worked fine so it was one of my patches. I found the relevant patch and it was a duplicate.This is where I bring a fix in early but we had now caught up to the version with the fix.

Odd thing was the patch took. So the URL manipulation was done twice.

has had two security issues which are now fixed in the packages and will be in the soon to be released v5.9 upstream release.

CVE-2020-15862 is a realisation that EXTEND-MIB is bad because you can run arbitrary commands if you have a write community/user.

CVE-2020-15863 is unsafe symlink handling where you can get the snmpd daemon to write files as root. I'm also updating snmp-mibs-downloader to fix the vector used.

25 Years of Free Software

25 years ago on 24th July 1995 I released my first Free Software program called axdigi.

Time has gone quickly! A lot what was written has fallen away (I completely forgot I wrote ttylinkd for example).

I'm still writing Free Software or Open Source and still enjoy it.


The extend MIB is nasty. I'm not sure what it was supposed to do but I now know what it can do. So for installations at least it will be removed.

Next step will be to fix the code so when you say use this user the program uses that user and not something else some file somewhere decides is a better idea.

The next (maybe next next? There is a security update to do) version of net-snmp for will have TLS and DTLS enabled as well as the transport security model. This means the authentication can be done at the lower layers (e.g. the TLS level) instead of in the SNMP layer.

packages for 5.4.2 jut got uploaded. They will be available from your local mirror soon.

They would have been there a day earlier except I forgot to actually sign and upload them!

5.4.2 is a security release and fixes about 6 security vulnerabilities plus an annoying problem where spammers can use the brief time between sending a spammy comment and it getting deleted.

I've added some autopkgtest test script to check for the version output of in The current versions just report unknown due to a upstream script breakage (which is my fault too).

is very useful facility to check for Debian packages as-installed. It probably has the second-worst documentation in history (the first being sendmail).

If I actually understood it, I'd fix the documentation, but I don't.

The project is planning on holding a mini DebConf online.

This will be "4 days of Debianites working together to improve Debian" and will be totally online like all the cool kids are doing.

It will be 28-31st May 2020, more details at wiki.debian.org/DebianEvents/i

Show older
Mastodon on Dropbear

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!