Debian packages now should be source only, otherwise they won't make it to bullseye ( the next release).
So the wiki has the flags to add to build source only, so that's all you need to do?
debsign and debrelease need to be told too. ( Both with -S)
So the #debian toolchain will create a package that is guaranteed to be rejected using the default setup. The only way to fix it is to use two different sets of options.
Installing #debian on a laptop that needs non-free firmware for the wifi to work, is there anything more frustrating?
It's pretty bad if a Debian user of over 20 years still struggles with this process, find the firmware its right there dammit.
WordPress version 5.2.3 is now out which is a security release. It fixes a bunch of XSS problems and some sanitization problems. Debian packages soon.
So I started to work on the new #debian snmp packages that use net-snmp 5.8
The snmpd daemon fails to start and initial debugging shows it attempting to bind to UDP port 161 *twice* ; which is why it bugs out.
So next part of the puzzle is why twice?
At first it was a total disaster and would not add rules to the nftables no matter what I did. Digging around, there is a bug with iptables-nft especially around iptables-restore. Updating iptables package fixed things up nicely.
Not really sure what they changed between 5.2.1 and 5.2.2 just some tweaks by the look of things.
Also 5.3 should be out soon.
I was looking at the net-snmp code trying to work out the differences between the PID file generating code for snmpd and snmptrapd.
🔹 snmpd uses open() with permissions of 0600
🔹 snmptrapd uses fopen() with permissions of 0644
Given there on my system there is only one other PID file with 0600 I patched snmpd to use 0644.
That should mean you're ok for most current WordPress security bugs except for CVE-2019-8943 which is a path traversal bug. I think it's fixed for WordPress proper but many modules are still vulnerable.
Instead of trying to pry apart all the changesets, there is now just a consolidated changeset between 4.7.11 and 4.7.12
4.7.12 is the 4.7 branch of fixes backported from 5.0.1. Just using the entire changeset makes it easier and helps with things like database updates.
I've been triaging a bunch of net-snmp bugs on the #debian bug tracker tonight. There are a lot of old ones for versions of net-snmp long gone.
Strangely there are old bugs that are still there, like why are the permissions for snmp and snmptrapd pid files different?
Clearing out the old ones means I can concentrate on what is left.
The Debian specific patches are now applying cleanly so the next steps are
* to make sure it compiles
* Fix it when it surely won't
* Look at the Debian bugs and fix/close those
It's a pretty big codebase that takes forever to compile so it won't be a fast process.
Free Software programmer, network engineer and Debian developer.
100% tomato verified. 🍅✔
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!