Found a curious bug in the package last night. There is a reasonably old security patch for CVE-2017-14990 where the activation key is stored in plaintext for multisite users (normal users it's hashed).

Anyway it's a broken patch because it doesn't decide the user id. Easy to fix but I never used it before.

version 23.3 was released tonight. This has a few minor changes such as pstree with colouring depending on the process age and a fix for killall finding processes.

I just found out someone still maintains one of the first free software programs I wrote so many years ago. Checked the changelog and it was 25 July 1995! A 24 -year old program still in use.

There has been a bit of a clean up and all my comment out debug code removed (good!) but its basically the same.

Fortunately the Linux kernel driver I wrote has long gone 😱

psmisc is almost ready for release. I have sent a pre-release version over to the translation project for the updated translated files. Give them a few days and then it will be ready.

I added a new feature to pstree last night. It will now can show the age of processes in colour. The colours and ages of processes (minute, hour, other) are fixed for now but there is room for expansion later. That should be the last thing before the next release.

5.2.4 is now available! This security release fixes 6 security issues.

WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2

wordpress.org/news/2019/10/wor

net-snmp packages version 5.8-1 just got uploaded. The previous upstream version 5.7.2 has been around for 4 years so this has been a long time coming.

5.8 packages also drop support of python modules, use pysnmp instead as its better in most ways.

Every time I have to interact with sourceforge it reminds me how backward the site is. I have had so many 503 errors, comments disappearing from bug reports or some truly bizzare happenings in text boxes where the words repeat.

I'm so glad I moved my stuff off it, originally due to the previous owners dodgy behavior but now for all this.

An update! They looked at the net-snmp bug again and there was a fix already, just not in the current release.

Amazing how two simple lines can ruin your day.

sourceforge.net/p/net-snmp/cod

Uploaded the mastodon module into the repository tonight. This gets it inline with the pypi version 1.4.6

It now conditionally links http_ece, so no more Debian patches :drake_like:

The program can use but there is no package inside Debian yet.

I have now use the system package for libjs-underscore rather than the one shipped with . For once, the Debian version is newer but linking it didn't seem to give any errors on a browser console. It also meant I had to update my profile for wordpress.

WordPress version 5.2.3 is now out which is a security release. It fixes a bunch of XSS problems and some sanitization problems. Debian packages soon.

wordpress.org/news/2019/09/wor

OK future me, it looks like the resolver does some 'good at the time but dumb now' assumption about localhost + no port = port 161, this sits under the tdomain debugs.

Done some work on tonight, mainly some merge requests and bug fixes.

Matching NFS still can cause problems (they changed the way NFS "looks" in the proc filesystem) but I merged in some changes so it hangs less, I hope.

peekd will also work with ARM64 CPUs after someone gave me a patch for that.

I was looking at the net-snmp code trying to work out the differences between the PID file generating code for snmpd and snmptrapd.

πŸ”Ή snmpd uses open() with permissions of 0600
πŸ”Ή snmptrapd uses fopen() with permissions of 0644

Given there on my system there is only one other PID file with 0600 I patched snmpd to use 0644.

If you are running stable on the security update has made it to the repositories. The deb9u5 version is the backport of the 5.0.1 fixes.

That should mean you're ok for most current WordPress security bugs except for CVE-2019-8943 which is a path traversal bug. I think it's fixed for WordPress proper but many modules are still vulnerable.

which finds processes based on your selection criteria and part of now lets you select processes based on state.

Now if you want to go zombie hunting on your server, you can!

gitlab.com/procps-ng/procps/is

I've been triaging a bunch of net-snmp bugs on the bug tracker tonight. There are a lot of old ones for versions of net-snmp long gone.

Strangely there are old bugs that are still there, like why are the permissions for snmp and snmptrapd pid files different?

Clearing out the old ones means I can concentrate on what is left.

I've updated the git repository for -snmp to the latest which is 5.8

The Debian specific patches are now applying cleanly so the next steps are
* to make sure it compiles
* Fix it when it surely won't
* Look at the Debian bugs and fix/close those
* Release!

It's a pretty big codebase that takes forever to compile so it won't be a fast process.

Show more
Mastodon on Dropbear

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!