WordPress 5.4

Debian packages for WordPress version 5.4 will be uploaded shortly. I’m just going through the install testing now.

One problem I have noticed is, at least for my setup, there is an issue with network updates. The problem is that WordPress will ask me if I want to update the network sites, I say yes and get a SSL error.

After lots of debugging, the problem is that the fsockopen option to use SNI is turned off for network updates. My sites need SNI so without this they just bomb out with a SSL handshake error.

I’m not sure what the real fix is, but my work-around was to temporary set the SNI in the fsockopen transport while doing the site updates.

The file you want wp-includes/Requests/Transport/fsockopen.php and in the request method of Requests_Transport_fsockopen you’ll see something like:

                       stream_context_set_option($context, array('ssl' => $context_options)); 
                } 
                else { 
                        $remote_socket = 'tcp://' . $host; 
                }

Just before the stream_context_set_option put the line:

                        $context_options['SNI_enabled'] = true;

Ugly but it works

wordpress 4.9.7

No sooner than I had patched WordPress 4.9.5 to fix the arbitrary unlink bug than I realised there is a WordPress 4.9.7 out there. This release (just out for Debian, if my Internet behaves) fixes the unlink bug found by RIPS Technologies.  However, the WordPress developers used a different method to fix it.

There will be Debian backports for WordPress that use one of these methods. It will come down to do those older versions use hooks and how different the code is in post.php

You should update, and if you don’t like WordPress deleting or editing its own files, perhaps consider using AppArmor.

Changing Jabber IDs

I’ve shuffled some domains around, using less of enc.com.au and more of my new domain dropbear.xyz The website should work with both, but the primary domain is dropbear.xyz

 

Another change is my Jabber ID which used to be csmall at enc but now is same username at dropbear.xyz I think I have done all the required changes in prosody for it to work, even with a certbot certificate!