Guess what? Another security release of #wordpress This release was 5.5.2 but something broke and they now have 5.5.3
#debian LTS already got their updates in, I'll be working on the update for sir tonight.
Two new fixes for #psmisc tonight.
The first is fuser failed to match mount devices due to the new code checking for duplicate mounts. So it knows the difference between /mnt/a and /mnt/b but ignored /dev/sda1. Now it only checks the pathname if it is not a block device.
pstree had a problem with output alignment when using the colourise option.
The watch program from the #procps package has a new trick. Someone asked if there was a way to truncate the output instead of line-wrapping.
Watch already detects the width of the screen because it uses ncurses to output the lines so it needs to know where on the screen the next character will go. It was just a matter of hooking into the "run out of width" part of the code and eat the input until we hit an end of line.
So soon if you want to chomp those lines, you can!
Upstream of the same version worked fine so it was one of my patches. I found the relevant patch and it was a duplicate.This is where I bring a fix in early but we had now caught up to the version with the fix.
Odd thing was the patch took. So the URL manipulation was done twice.
Recently pushed a change to fix the -C flag in ps. The command name length was increased to 63 characters from 15 but most non kernel threads can only do 15 characters.
So how can ps match both 15 and 63 characters?
If the process' comm is 15 and the match is 15 or more then match the first 15 characters.
Also keep matching the entire string up to 63 characters.
25 Years of Free Software
25 years ago on 24th July 1995 I released my first Free Software program called axdigi.
Time has gone quickly! A lot what was written has fallen away (I completely forgot I wrote ttylinkd for example).
I'm still writing Free Software or Open Source and still enjoy it.
Next step will be to fix the code so when you say use this user the program uses that user and not something else some file somewhere decides is a better idea.
Are you one of those people with some mad system with lots of CPUs? Having a hard time trying to see them all? Well top is coming out with two new features.
The first is two CPUs per row for wide (about over 160 columns) screens.
The second is to be able to group cpus into, um groups, so you can see pairs of cpu stats aggregated or 4 aggregated etc.
#autopkgtest is very useful facility to check for Debian packages as-installed. It probably has the second-worst documentation in history (the first being sendmail).
If I actually understood it, I'd fix the documentation, but I don't.
The #debian project is planning on holding a mini DebConf online.
This will be "4 days of Debianites working together to improve Debian" and will be totally online like all the cool kids are doing.
It will be 28-31st May 2020, more details at https://wiki.debian.org/DebianEvents/internet/2020/MiniDebConfOnline
Guess what? #wordpress have release a new version and its a security fix. There are 6 security bugs fixed, they even have CVE IDs! Much excitement.
Pretty much every version of wordpress is vulnerable except for CVE-2020-11030 because the block editor is new from about WordPress 5.0 or so.
I'll be cooking up the #Debian packages this weekend.
I can't really see much that is different. They have done some enhancements in the editor and there is a new 2020 theme but other than that, its the same WordPress you know and love (or hate, or both, whatever).
Is there anything more confusing than shared library numbering?
There are three numbers: current, revision and age. Depending on what you are doing to the API one or more of those numbers will change. Seems the last #procps relase I did months ago I got it wrong and bumped the age when that can't happen by itself, I think.
Oh and the soname of the library is definitely connected to, but not exactly, those three numbers (I think its C.R.R-A or something like that).
Found a curious bug in the #debian #wordpress package last night. There is a reasonably old security patch for CVE-2017-14990 where the activation key is stored in plaintext for multisite users (normal users it's hashed).
Anyway it's a broken patch because it doesn't decide the user id. Easy to fix but I never used it before.
Free Software programmer, network engineer and Debian developer.
100% tomato verified. 🍅✔
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!