From: Frank Brehm <frank@brehm-online.com>
Date: Fri, 27 Sep 2019 21:41:55 +0000 (+0200)
Subject: committing changes in /etc after apt run
X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=094df48ac427bd21b7d2fdaedfe16d07a4e0cbe1;p=config%2Fsarah%2Fetc.git

committing changes in /etc after apt run

Package changes:
-base-files 9.9+deb9u9 amd64
+base-files 9.9+deb9u11 amd64
-clamav-base 0.100.3+dfsg-0+deb9u1 all
-clamav-daemon 0.100.3+dfsg-0+deb9u1 amd64
-clamav-freshclam 0.100.3+dfsg-0+deb9u1 amd64
+clamav-base 0.101.4+dfsg-0+deb9u1 all
+clamav-daemon 0.101.4+dfsg-0+deb9u1 amd64
+clamav-freshclam 0.101.4+dfsg-0+deb9u1 amd64
-gettext 0.19.8.1-2 amd64
-gettext-base 0.19.8.1-2 amd64
+gettext 0.19.8.1-2+deb9u1 amd64
+gettext-base 0.19.8.1-2+deb9u1 amd64
-grub-common 2.02~beta3-5+deb9u1 amd64
-grub-pc 2.02~beta3-5+deb9u1 amd64
-grub-pc-bin 2.02~beta3-5+deb9u1 amd64
-grub2-common 2.02~beta3-5+deb9u1 amd64
+grub-common 2.02~beta3-5+deb9u2 amd64
+grub-pc 2.02~beta3-5+deb9u2 amd64
+grub-pc-bin 2.02~beta3-5+deb9u2 amd64
+grub2-common 2.02~beta3-5+deb9u2 amd64
-libapache2-mod-php7.0 7.0.33-0+deb9u3 amd64
+libapache2-mod-php7.0 7.0.33-0+deb9u5 amd64
+libclamav9 0.101.4+dfsg-0+deb9u1 amd64
-libcups2 2.2.1-8+deb9u3 amd64
+libcups2 2.2.1-8+deb9u4 amd64
-libexpat1 2.2.0-2+deb9u2 amd64
+libexpat1 2.2.0-2+deb9u3 amd64
-libfribidi0 0.19.7-1+b1 amd64
+libfribidi0 0.19.7-1+deb9u1 amd64
-libgd3 2.2.4-2+deb9u4 amd64
+libgd3 2.2.4-2+deb9u5 amd64
-libglib2.0-0 2.50.3-2 amd64
+libglib2.0-0 2.50.3-2+deb9u1 amd64
-libicu57 57.1-6+deb9u2 amd64
+libicu57 57.1-6+deb9u3 amd64
-libldap-2.4-2 2.4.44+dfsg-5+deb9u2 amd64
-libldap-common 2.4.44+dfsg-5+deb9u2 all
+libldap-2.4-2 2.4.44+dfsg-5+deb9u3 amd64
+libldap-common 2.4.44+dfsg-5+deb9u3 all
-libmariadbclient18 10.1.38-0+deb9u1 amd64
+libmariadbclient18 10.1.41-0+deb9u1 amd64
-libpam-systemd 232-25+deb9u11 amd64
+libpam-systemd 232-25+deb9u12 amd64
-libsystemd0 232-25+deb9u11 amd64
+libsystemd0 232-25+deb9u12 amd64
-libudev1 232-25+deb9u11 amd64
+libudev1 232-25+deb9u12 amd64
-libxslt1.1 1.1.29-2.1 amd64
+libxslt1.1 1.1.29-2.1+deb9u1 amd64
+linux-image-4.9.0-11-amd64 4.9.189-3+deb9u1 amd64
-linux-image-amd64 4.9+80+deb9u7 amd64
-linux-libc-dev 4.9.168-1+deb9u5 amd64
+linux-image-amd64 4.9+80+deb9u9 amd64
+linux-libc-dev 4.9.189-3+deb9u1 amd64
-mariadb-client 10.1.38-0+deb9u1 all
-mariadb-client-10.1 10.1.38-0+deb9u1 amd64
-mariadb-client-core-10.1 10.1.38-0+deb9u1 amd64
-mariadb-common 10.1.38-0+deb9u1 all
-mariadb-server 10.1.38-0+deb9u1 all
-mariadb-server-10.1 10.1.38-0+deb9u1 amd64
-mariadb-server-core-10.1 10.1.38-0+deb9u1 amd64
+mariadb-client 10.1.41-0+deb9u1 all
+mariadb-client-10.1 10.1.41-0+deb9u1 amd64
+mariadb-client-core-10.1 10.1.41-0+deb9u1 amd64
+mariadb-common 10.1.41-0+deb9u1 all
+mariadb-server 10.1.41-0+deb9u1 all
+mariadb-server-10.1 10.1.41-0+deb9u1 amd64
+mariadb-server-core-10.1 10.1.41-0+deb9u1 amd64
-openssh-client 1:7.4p1-10+deb9u6 amd64
-openssh-server 1:7.4p1-10+deb9u6 amd64
-openssh-sftp-server 1:7.4p1-10+deb9u6 amd64
+openssh-client 1:7.4p1-10+deb9u7 amd64
+openssh-server 1:7.4p1-10+deb9u7 amd64
+openssh-sftp-server 1:7.4p1-10+deb9u7 amd64
-php7.0 7.0.33-0+deb9u3 all
-php7.0-cli 7.0.33-0+deb9u3 amd64
-php7.0-common 7.0.33-0+deb9u3 amd64
-php7.0-fpm 7.0.33-0+deb9u3 amd64
-php7.0-json 7.0.33-0+deb9u3 amd64
-php7.0-mbstring 7.0.33-0+deb9u3 amd64
-php7.0-mysql 7.0.33-0+deb9u3 amd64
-php7.0-opcache 7.0.33-0+deb9u3 amd64
-php7.0-readline 7.0.33-0+deb9u3 amd64
-php7.0-xml 7.0.33-0+deb9u3 amd64
+php7.0 7.0.33-0+deb9u5 all
+php7.0-cli 7.0.33-0+deb9u5 amd64
+php7.0-common 7.0.33-0+deb9u5 amd64
+php7.0-fpm 7.0.33-0+deb9u5 amd64
+php7.0-json 7.0.33-0+deb9u5 amd64
+php7.0-mbstring 7.0.33-0+deb9u5 amd64
+php7.0-mysql 7.0.33-0+deb9u5 amd64
+php7.0-opcache 7.0.33-0+deb9u5 amd64
+php7.0-readline 7.0.33-0+deb9u5 amd64
+php7.0-xml 7.0.33-0+deb9u5 amd64
-salt-common 2019.2.0+ds-1 all
-salt-minion 2019.2.0+ds-1 all
+salt-common 2019.2.1+ds-1 all
+salt-minion 2019.2.1+ds-1 all
-systemd 232-25+deb9u11 amd64
-systemd-sysv 232-25+deb9u11 amd64
+systemd 232-25+deb9u12 amd64
+systemd-sysv 232-25+deb9u12 amd64
-tzdata 2019b-0+deb9u1 all
+tzdata 2019c-0+deb9u1 all
-udev 232-25+deb9u11 amd64
+udev 232-25+deb9u12 amd64
-unzip 6.0-21+deb9u1 amd64
-usbutils 1:007-4+b1 amd64
+unzip 6.0-21+deb9u2 amd64
+usbutils 1:007-4+deb9u1 amd64
-zsh 5.3.1-4+b2 amd64
+zsh 5.3.1-4+b3 amd64
---

diff --git a/apparmor.d/usr.bin.freshclam b/apparmor.d/usr.bin.freshclam
index 90490ac..df5cb5b 100644
--- a/apparmor.d/usr.bin.freshclam
+++ b/apparmor.d/usr.bin.freshclam
@@ -4,10 +4,11 @@
 
 #include <tunables/global>
 
-/usr/bin/freshclam {
+/usr/bin/freshclam flags=(attach_disconnected) {
   #include <abstractions/base>
   #include <abstractions/nameservice>
   #include <abstractions/user-tmp>
+  #include <abstractions/openssl>
 
   capability setgid,
   capability setuid,
diff --git a/apparmor.d/usr.sbin.clamd b/apparmor.d/usr.sbin.clamd
index 91c67c4..4544759 100644
--- a/apparmor.d/usr.sbin.clamd
+++ b/apparmor.d/usr.sbin.clamd
@@ -7,6 +7,7 @@
 /usr/sbin/clamd {
   #include <abstractions/base>
   #include <abstractions/nameservice>
+  #include <abstractions/openssl>
 
   # LP: #433764:
   capability dac_override,
diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels
index 2129ca0..5b54bc9 100644
--- a/apt/apt.conf.d/01autoremove-kernels
+++ b/apt/apt.conf.d/01autoremove-kernels
@@ -1,48 +1,51 @@
 // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal
 APT::NeverAutoRemove
 {
-   "^linux-image-4\.9\.0-8-amd64$";
+   "^linux-image-4\.9\.0-11-amd64$";
    "^linux-image-4\.9\.0-9-amd64$";
-   "^linux-headers-4\.9\.0-8-amd64$";
+   "^linux-headers-4\.9\.0-11-amd64$";
    "^linux-headers-4\.9\.0-9-amd64$";
-   "^linux-image-extra-4\.9\.0-8-amd64$";
+   "^linux-image-extra-4\.9\.0-11-amd64$";
    "^linux-image-extra-4\.9\.0-9-amd64$";
-   "^linux-signed-image-4\.9\.0-8-amd64$";
+   "^linux-signed-image-4\.9\.0-11-amd64$";
    "^linux-signed-image-4\.9\.0-9-amd64$";
-   "^kfreebsd-image-4\.9\.0-8-amd64$";
+   "^kfreebsd-image-4\.9\.0-11-amd64$";
    "^kfreebsd-image-4\.9\.0-9-amd64$";
-   "^kfreebsd-headers-4\.9\.0-8-amd64$";
+   "^kfreebsd-headers-4\.9\.0-11-amd64$";
    "^kfreebsd-headers-4\.9\.0-9-amd64$";
-   "^gnumach-image-4\.9\.0-8-amd64$";
+   "^gnumach-image-4\.9\.0-11-amd64$";
    "^gnumach-image-4\.9\.0-9-amd64$";
-   "^.*-modules-4\.9\.0-8-amd64$";
+   "^.*-modules-4\.9\.0-11-amd64$";
    "^.*-modules-4\.9\.0-9-amd64$";
-   "^.*-kernel-4\.9\.0-8-amd64$";
+   "^.*-kernel-4\.9\.0-11-amd64$";
    "^.*-kernel-4\.9\.0-9-amd64$";
-   "^linux-backports-modules-.*-4\.9\.0-8-amd64$";
+   "^linux-backports-modules-.*-4\.9\.0-11-amd64$";
    "^linux-backports-modules-.*-4\.9\.0-9-amd64$";
-   "^linux-tools-4\.9\.0-8-amd64$";
+   "^linux-tools-4\.9\.0-11-amd64$";
    "^linux-tools-4\.9\.0-9-amd64$";
 };
 /* Debug information:
 # dpkg list:
+iF  linux-image-4.9.0-11-amd64           4.9.189-3+deb9u1                   amd64        Linux 4.9 for 64-bit PCs
 ii  linux-image-4.9.0-8-amd64            4.9.144-3.1                        amd64        Linux 4.9 for 64-bit PCs
-iF  linux-image-4.9.0-9-amd64            4.9.168-1+deb9u5                   amd64        Linux 4.9 for 64-bit PCs
-ii  linux-image-amd64                    4.9+80+deb9u7                      amd64        Linux for 64-bit PCs (meta-package)
+ii  linux-image-4.9.0-9-amd64            4.9.168-1+deb9u5                   amd64        Linux 4.9 for 64-bit PCs
+iU  linux-image-amd64                    4.9+80+deb9u9                      amd64        Linux for 64-bit PCs (meta-package)
 # list of installed kernel packages:
+4.9.0-11-amd64 4.9.189-3+deb9u1
 4.9.0-8-amd64 4.9.144-3.1
 4.9.0-9-amd64 4.9.168-1+deb9u5
 # list of different kernel versions:
+4.9.189-3+deb9u1
 4.9.168-1+deb9u5
 4.9.144-3.1
-# Installing kernel: 4.9.168-1+deb9u5 (4.9.0-9-amd64)
+# Installing kernel: 4.9.189-3+deb9u1 (4.9.0-11-amd64)
 # Running kernel: 4.9.168-1+deb9u5 (4.9.0-9-amd64)
-# Last kernel: 4.9.168-1+deb9u5
-# Previous kernel: 4.9.144-3.1
+# Last kernel: 4.9.189-3+deb9u1
+# Previous kernel: 4.9.168-1+deb9u5
 # Kernel versions list to keep:
-4.9.144-3.1
 4.9.168-1+deb9u5
+4.9.189-3+deb9u1
 # Kernel packages (version part) to protect:
-4\.9\.0-8-amd64
+4\.9\.0-11-amd64
 4\.9\.0-9-amd64
 */
diff --git a/debian_version b/debian_version
index a61a79b..d4ce17d 100644
--- a/debian_version
+++ b/debian_version
@@ -1 +1 @@
-9.9
+9.11
diff --git a/grub.d/20_linux_xen b/grub.d/20_linux_xen
index 2c05517..4eca448 100755
--- a/grub.d/20_linux_xen
+++ b/grub.d/20_linux_xen
@@ -130,16 +130,16 @@ linux_entry ()
         else
             xen_rm_opts="no-real-mode edd=off"
         fi
-	multiboot	${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts}
+	${xen_loader}	${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts}
 	echo	'$(echo "$lmessage" | grub_quote)'
-	module	${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args}
+	${module_loader}	${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args}
 EOF
   if test -n "${initrd}" ; then
     # TRANSLATORS: ramdisk isn't identifier. Should be translated.
     message="$(gettext_printf "Loading initial ramdisk ...")"
     sed "s/^/$submenu_indentation/" << EOF
 	echo	'$(echo "$message" | grub_quote)'
-	module	--nounzip   ${rel_dirname}/${initrd}
+	${module_loader}	--nounzip   ${rel_dirname}/${initrd}
 EOF
   fi
   sed "s/^/$submenu_indentation/" << EOF
@@ -214,6 +214,13 @@ while [ "x${xen_list}" != "x" ] ; do
     if [ "x$is_top_level" != xtrue ]; then
 	echo "	submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
     fi
+    if ($grub_file --is-x86-multiboot2 $current_xen); then
+	xen_loader="multiboot2"
+	module_loader="module2"
+    else
+	xen_loader="multiboot"
+	module_loader="module"
+    fi
     while [ "x$list" != "x" ] ; do
 	linux=`version_find_latest $list`
 	gettext_printf "Found linux image: %s\n" "$linux" >&2
diff --git a/php/7.0/apache2/php.ini b/php/7.0/apache2/php.ini
index fb7cde3..f8b824a 100644
--- a/php/7.0/apache2/php.ini
+++ b/php/7.0/apache2/php.ini
@@ -969,8 +969,19 @@ cli_server.color = On
 ;intl.use_exceptions = 0
 
 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
 [Pcre]
 ;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit
diff --git a/php/7.0/cli/php.ini b/php/7.0/cli/php.ini
index c879e5e..b98ddb9 100644
--- a/php/7.0/cli/php.ini
+++ b/php/7.0/cli/php.ini
@@ -969,8 +969,19 @@ cli_server.color = On
 ;intl.use_exceptions = 0
 
 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
 [Pcre]
 ;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit