Guess what? Another security release of This release was 5.5.2 but something broke and they now have 5.5.3

LTS already got their updates in, I'll be working on the update for sir tonight.

wordpress.org/news/2020/10/wor

Two new fixes for tonight.

The first is fuser failed to match mount devices due to the new code checking for duplicate mounts. So it knows the difference between /mnt/a and /mnt/b but ignored /dev/sda1. Now it only checks the pathname if it is not a block device.

pstree had a problem with output alignment when using the colourise option.

The watch program from the package has a new trick. Someone asked if there was a way to truncate the output instead of line-wrapping.

Watch already detects the width of the screen because it uses ncurses to output the lines so it needs to know where on the screen the next character will go. It was just a matter of hooking into the "run out of width" part of the code and eat the input until we hit an end of line.

So soon if you want to chomp those lines, you can!

I got a bug report for the version of where the logout redirect failed because it was neither a relative URL or one with a host.

Upstream of the same version worked fine so it was one of my patches. I found the relevant patch and it was a duplicate.This is where I bring a fix in early but we had now caught up to the version with the fix.

Odd thing was the patch took. So the URL manipulation was done twice.

Recently pushed a change to fix the -C flag in ps. The command name length was increased to 63 characters from 15 but most non kernel threads can only do 15 characters.

So how can ps match both 15 and 63 characters?

If the process' comm is 15 and the match is 15 or more then match the first 15 characters.

Also keep matching the entire string up to 63 characters.

25 Years of Free Software

25 years ago on 24th July 1995 I released my first Free Software program called axdigi.

Time has gone quickly! A lot what was written has fallen away (I completely forgot I wrote ttylinkd for example).

I'm still writing Free Software or Open Source and still enjoy it.

dropbear.xyz/2020/07/25/25-yea

The extend MIB is nasty. I'm not sure what it was supposed to do but I now know what it can do. So for installations at least it will be removed.

Next step will be to fix the code so when you say use this user the program uses that user and not something else some file somewhere decides is a better idea.

Are you one of those people with some mad system with lots of CPUs? Having a hard time trying to see them all? Well top is coming out with two new features.

The first is two CPUs per row for wide (about over 160 columns) screens.

The second is to be able to group cpus into, um groups, so you can see pairs of cpu stats aggregated or 4 aggregated etc.

The solution I eventually used was an evil kludge. It just matches the path of the mount point and the real path of the target file (so followed symlinks etc).

Evil, but lsof does this same thing so at least I will have company.

Show thread

The command pgrep will soon have an older command which matches processes that are older than the specified number of seconds.

I've added some autopkgtest test script to check for the version output of in The current versions just report unknown due to a upstream script breakage (which is my fault too).

is very useful facility to check for Debian packages as-installed. It probably has the second-worst documentation in history (the first being sendmail).

If I actually understood it, I'd fix the documentation, but I don't.

The project is planning on holding a mini DebConf online.

This will be "4 days of Debianites working together to improve Debian" and will be totally online like all the cool kids are doing.

It will be 28-31st May 2020, more details at wiki.debian.org/DebianEvents/i

Guess what? have release a new version and its a security fix. There are 6 security bugs fixed, they even have CVE IDs! Much excitement.

Pretty much every version of wordpress is vulnerable except for CVE-2020-11030 because the block editor is new from about WordPress 5.0 or so.

I'll be cooking up the packages this weekend.

packages for 5.4 are now uploaded. Yes, only 2 numbers so it is *not* a security fix, yay!

I can't really see much that is different. They have done some enhancements in the editor and there is a new 2020 theme but other than that, its the same WordPress you know and love (or hate, or both, whatever).

In other ancient package news. I also asked for gjay to be removed. This is a gtk based music sorter that creates playlists. I've not worked on it for four years and needs some major work, so off it goes.

The package just got removed from the archive after I requested it removal. Unfortunately, it is too difficult to maintain in a distribution.

It's a great mud client, it is just a little wild and crazy on its required dependencies.

package for 5.3.2 has just been uploaded. This fixes some important problems introduced in 5.3.1 That version fixed a few security-related bugs, mainly XSS (again).

The update should be available for Debian sid in the next few hours.

Is there anything more confusing than shared library numbering?

There are three numbers: current, revision and age. Depending on what you are doing to the API one or more of those numbers will change. Seems the last relase I did months ago I got it wrong and bumped the age when that can't happen by itself, I think.

Oh and the soname of the library is definitely connected to, but not exactly, those three numbers (I think its C.R.R-A or something like that).

Found a curious bug in the package last night. There is a reasonably old security patch for CVE-2017-14990 where the activation key is stored in plaintext for multisite users (normal users it's hashed).

Anyway it's a broken patch because it doesn't decide the user id. Easy to fix but I never used it before.

version 23.3 was released tonight. This has a few minor changes such as pstree with colouring depending on the process age and a fix for killall finding processes.

Show more

πŸ… Hraig's choices:

Mastodon on Dropbear

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!