-make the Debian package that makes other Debian packages got it's first update for the year.

Not terribly exciting changes, just a bump of the Debian standards and debhelper versions mostly.

I thought I should use something a bit more robust than my pile of shell scripts for firewalling my server so tried out

At first it was a total disaster and would not add rules to the nftables no matter what I did. Digging around, there is a bug with iptables-nft especially around iptables-restore. Updating iptables package fixed things up nicely.

Tonight's plan is to look at the net-snmp packages to see if I should drop the 2 module. I'm pretty sure they don't support python3 and are bad in many ways so they are likely to go.

5.2.2 packages now uploaded to the FTP servers.

Not really sure what they changed between 5.2.1 and 5.2.2 just some tweaks by the look of things.

Also 5.3 should be out soon.


The postfix profiles in the package don't work with the Debian postfix.

At least it's only complain mode but it still kills processes if you try to switch context.

packages of the library written by @halcy uploaded to the Debian FTP servers just now. This is a bump from 1.3.1 to 1.4.2 because I have been slack.

5.2.1 packages just got built and I'm uploading them in a few minutes.

Doesn't seem to be any major security updates despite the third digit. The WordPress website is saying 5.2.2 will be out soon too; now *that* one sounds like a security thing.

I was looking at the net-snmp code trying to work out the differences between the PID file generating code for snmpd and snmptrapd.

πŸ”Ή snmpd uses open() with permissions of 0600
πŸ”Ή snmptrapd uses fopen() with permissions of 0644

Given there on my system there is only one other PID file with 0600 I patched snmpd to use 0644.

If you are running stable on the security update has made it to the repositories. The deb9u5 version is the backport of the 5.0.1 fixes.

That should mean you're ok for most current WordPress security bugs except for CVE-2019-8943 which is a path traversal bug. I think it's fixed for WordPress proper but many modules are still vulnerable.

The backports for the security fixes (based on the bugs in wordpress 5.0.1) are going to be a bit different from now.

Instead of trying to pry apart all the changesets, there is now just a consolidated changeset between 4.7.11 and 4.7.12

4.7.12 is the 4.7 branch of fixes backported from 5.0.1. Just using the entire changeset makes it easier and helps with things like database updates.

I've been triaging a bunch of net-snmp bugs on the bug tracker tonight. There are a lot of old ones for versions of net-snmp long gone.

Strangely there are old bugs that are still there, like why are the permissions for snmp and snmptrapd pid files different?

Clearing out the old ones means I can concentrate on what is left.

I've updated the git repository for -snmp to the latest which is 5.8

The Debian specific patches are now applying cleanly so the next steps are
* to make sure it compiles
* Fix it when it surely won't
* Look at the Debian bugs and fix/close those
* Release!

It's a pretty big codebase that takes forever to compile so it won't be a fast process.

Been also working on the 5.0.3 packages for Yes amazingly this is not a security fix but fix a lot of problems they found when they released the editor out into the wild.

Still need to work on the security fixes for stable distribution. 😭

Version 1.3.1 of @halcy mastodon module was just uploaded to sid

This makes the module compatible with v2.3.4 and even has some basic compatibility

I just uploaded a new version of -snmp. The changes are really only visible for people with odd setups and some other Debian developers.

If you installed (and used) the library but didn't have the snmp package itself installed, your logs were often very busy because the configuration wasn't installed, so it got moved.

The second other main fix was around the shlibs (shared library dependencies) for binary rebuilds.

version 5.0.1 addresses several issues, some going back to version 3.8!


Looks like I'm building WordPress packages tonight. 😭

The changes will take longer. I think I got the shlibs version logic ok but need to check.

This is the thing so when you link to a shared library it knows which version of library package you need. Libsnmp build system fudged it.

-make v201802 released tonight.

About the only thing new is a tiny change so dh_makefont works again.

version 4.9.8 package was uploaded tonight.

This has a few fixes including a security patch. If someone uploads a plugin but its not a zip file, it isn't deleted and the file could be executed.

No sooner than I upload Mastodon.py module 1.3.0 into the ftp master than I work out @halcy has released 1.3.1 a few days ago.


Show more
Mastodon on Dropbear

Welcome to my small corner of the Mastodon fediverse.