Found a curious bug in the #debian #wordpress package last night. There is a reasonably old security patch for CVE-2017-14990 where the activation key is stored in plaintext for multisite users (normal users it's hashed).
Anyway it's a broken patch because it doesn't decide the user id. Easy to fix but I never used it before.
Debian packages now should be source only, otherwise they won't make it to bullseye ( the next release).
So the wiki has the flags to add to build source only, so that's all you need to do?
debsign and debrelease need to be told too. ( Both with -S)
So the #debian toolchain will create a package that is guaranteed to be rejected using the default setup. The only way to fix it is to use two different sets of options.
Installing #debian on a laptop that needs non-free firmware for the wifi to work, is there anything more frustrating?
It's pretty bad if a Debian user of over 20 years still struggles with this process, find the firmware its right there dammit.
WordPress version 5.2.3 is now out which is a security release. It fixes a bunch of XSS problems and some sanitization problems. Debian packages soon.
So I started to work on the new #debian snmp packages that use net-snmp 5.8
The snmpd daemon fails to start and initial debugging shows it attempting to bind to UDP port 161 *twice* ; which is why it bugs out.
So next part of the puzzle is why twice?
At first it was a total disaster and would not add rules to the nftables no matter what I did. Digging around, there is a bug with iptables-nft especially around iptables-restore. Updating iptables package fixed things up nicely.
Not really sure what they changed between 5.2.1 and 5.2.2 just some tweaks by the look of things.
Also 5.3 should be out soon.
I was looking at the net-snmp code trying to work out the differences between the PID file generating code for snmpd and snmptrapd.
🔹 snmpd uses open() with permissions of 0600
🔹 snmptrapd uses fopen() with permissions of 0644
Given there on my system there is only one other PID file with 0600 I patched snmpd to use 0644.
That should mean you're ok for most current WordPress security bugs except for CVE-2019-8943 which is a path traversal bug. I think it's fixed for WordPress proper but many modules are still vulnerable.
Instead of trying to pry apart all the changesets, there is now just a consolidated changeset between 4.7.11 and 4.7.12
4.7.12 is the 4.7 branch of fixes backported from 5.0.1. Just using the entire changeset makes it easier and helps with things like database updates.
Free Software programmer, network engineer and Debian developer.
100% tomato verified. 🍅✔
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!