From 98b6881409b35e2896cc1fa2786f5e5351596562 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Mon, 25 May 2015 15:35:28 +0200 Subject: [PATCH] Current state --- .etckeeper | 10 ++-- apache2/modules.d/70_mod_php5.conf | 12 ++-- cups/cups-files.conf | 7 +-- init.d/portmap | 59 ------------------- iproute2/nl_protos | 23 ++++++++ iproute2/rt_dsfield | 3 +- iproute2/rt_protos | 1 + lftp/lftp.conf | 3 +- mysql/my.cnf | 3 +- portage/package.keywords | 9 +++ portage/repo.postsync.d/example | 51 ++++++++++++++++ revdep-rebuild/61-icedtea-bin-6 | 1 - revdep-rebuild/61-icedtea-bin-7 | 1 + .../{20icedtea-bin-6 => 20icedtea-bin-7} | 0 14 files changed, 106 insertions(+), 77 deletions(-) delete mode 100755 init.d/portmap create mode 100644 iproute2/nl_protos create mode 100644 portage/repo.postsync.d/example delete mode 100644 revdep-rebuild/61-icedtea-bin-6 create mode 100644 revdep-rebuild/61-icedtea-bin-7 rename sandbox.d/{20icedtea-bin-6 => 20icedtea-bin-7} (100%) diff --git a/.etckeeper b/.etckeeper index 097a1c5..d746477 100755 --- a/.etckeeper +++ b/.etckeeper @@ -6,6 +6,7 @@ mkdir -p './courier-imap/shared.tmp' mkdir -p './dpkg/dpkg.cfg.d' mkdir -p './fail2ban/fail2ban.d' mkdir -p './gtk-2.0/x86_64-pc-linux-gnu' +mkdir -p './lvm/cache' mkdir -p './pango/x86_64-pc-linux-gnu' mkdir -p './postfix/postfix-files.d' mkdir -p './salt/pki/minions_pre' @@ -1171,7 +1172,6 @@ maybe chmod 0755 'init.d/openvpn' maybe chmod 0755 'init.d/pciparm' maybe chmod 0755 'init.d/php-fpm' maybe chmod 0755 'init.d/policyd-weight' -maybe chmod 0755 'init.d/portmap' maybe chmod 0755 'init.d/postfix' maybe chmod 0755 'init.d/postgresql-9.4' maybe chmod 0755 'init.d/postgrey' @@ -1220,6 +1220,7 @@ maybe chmod 0644 'inputrc' maybe chmod 0755 'iproute2' maybe chmod 0644 'iproute2/ematch_map' maybe chmod 0644 'iproute2/group' +maybe chmod 0644 'iproute2/nl_protos' maybe chmod 0644 'iproute2/rt_dsfield' maybe chmod 0644 'iproute2/rt_protos' maybe chmod 0644 'iproute2/rt_realms' @@ -1298,7 +1299,6 @@ maybe chmod 0600 'lvm/archive/vg00_00001-682332803.vg' maybe chmod 0700 'lvm/backup' maybe chmod 0600 'lvm/backup/vg00' maybe chmod 0700 'lvm/cache' -maybe chmod 0600 'lvm/cache/.cache' maybe chmod 0644 'lvm/lvm.conf' maybe chmod 0755 'lvm/profile' maybe chmod 0444 'lvm/profile/command_profile_template.profile' @@ -1587,6 +1587,8 @@ maybe chmod 0644 'portage/package.unmask' maybe chmod 0644 'portage/package.use' maybe chmod 0755 'portage/postsync.d' maybe chmod 0644 'portage/postsync.d/q-reinitialize' +maybe chmod 0755 'portage/repo.postsync.d' +maybe chmod 0644 'portage/repo.postsync.d/example' maybe chmod 0755 'portage/repos.conf' maybe chmod 0644 'portage/repos.conf/gentoo.conf' maybe chmod 0755 'portage/savedconfig' @@ -1661,7 +1663,7 @@ maybe chmod 0644 'request-key.d/cifs.upcall.conf' maybe chmod 0644 'resolv.conf' maybe chmod 0755 'revdep-rebuild' maybe chmod 0644 'revdep-rebuild/60-java' -maybe chmod 0644 'revdep-rebuild/61-icedtea-bin-6' +maybe chmod 0644 'revdep-rebuild/61-icedtea-bin-7' maybe chmod 0644 'revdep-rebuild/99revdep-rebuild' maybe chmod 0644 'rkhunter.conf' maybe chmod 0644 'rkhunter.conf.orig' @@ -1690,7 +1692,7 @@ maybe chmod 0644 'sandbox.conf' maybe chmod 0755 'sandbox.d' maybe chmod 0644 'sandbox.d/00default' maybe chmod 0644 'sandbox.d/10openssl' -maybe chmod 0644 'sandbox.d/20icedtea-bin-6' +maybe chmod 0644 'sandbox.d/20icedtea-bin-7' maybe chmod 0644 'sandbox.d/37fontconfig' maybe chmod 0755 'sasl2' maybe chmod 0644 'sasl2/.keep_dev-libs_cyrus-sasl-2' diff --git a/apache2/modules.d/70_mod_php5.conf b/apache2/modules.d/70_mod_php5.conf index 7ec8739..05deeb6 100644 --- a/apache2/modules.d/70_mod_php5.conf +++ b/apache2/modules.d/70_mod_php5.conf @@ -5,10 +5,14 @@ # Set it to handle the files - - AddHandler application/x-httpd-php .php .php5 .phtml - AddHandler application/x-httpd-php-source .phps - + # NOTE: Avoiding AddHandler/AddType for security (bug #538822) + # NOTE: Please read the related news item! + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + DirectoryIndex index.php index.phtml diff --git a/cups/cups-files.conf b/cups/cups-files.conf index 9cbbad8..44dc3fe 100644 --- a/cups/cups-files.conf +++ b/cups/cups-files.conf @@ -75,11 +75,8 @@ PageLog /var/log/cups/page_log # Location of helper programs... #ServerBin /usr/lib/cups -# SSL/TLS certificate for the scheduler... -#ServerCertificate ssl/server.crt - -# SSL/TLS private key for the scheduler... -#ServerKey ssl/server.key +# SSL/TLS keychain for the scheduler... +#ServerKeychain ssl # Location of other configuration files... #ServerRoot /etc/cups diff --git a/init.d/portmap b/init.d/portmap deleted file mode 100755 index bbffd6c..0000000 --- a/init.d/portmap +++ /dev/null @@ -1,59 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/files/portmap.rc6,v 1.13 2009/05/30 20:50:39 vapier Exp $ - -depend() { - use net - before inetd - before xinetd -} - -checkconfig() { - if [ -e /proc/config.gz ] ; then - if zcat /proc/config.gz | grep -s SUNRPC_REGISTER_V4=y ; then - eerror "portmap does not work with SUNRPC_REGISTER_V4=y;" - eerror "disable it or use the net-nds/rpcbind package." - return 1 - fi - fi - return 0 -} - -start() { - checkconfig || return 1 - - ebegin "Starting portmap" - start-stop-daemon --start --quiet --exec /sbin/portmap -- ${PORTMAP_OPTS} - local ret=$? - eend ${ret} - # without, if a service depending on portmap is started too fast, - # connecting to portmap will fail -- azarah - sleep 1 - return ${ret} -} - -stop() { - ebegin "Stopping portmap" - start-stop-daemon --stop --quiet --exec /sbin/portmap - eend $? -} - -restart() { - # Dump the portmapper's table before stopping - ebegin "Saving portmap table" - local pmap=$(pmap_dump) - eend $? - - # Stop and restart portmapper - svc_stop - sleep 1 - svc_start - - # Reload the portmapper's table - if [ -n "${pmap}" ] ; then - ebegin "Reloading portmap table" - echo "${pmap}" | pmap_set - eend $? - fi -} diff --git a/iproute2/nl_protos b/iproute2/nl_protos new file mode 100644 index 0000000..43418f3 --- /dev/null +++ b/iproute2/nl_protos @@ -0,0 +1,23 @@ +# Netlink protocol names mapping + +0 rtnl +1 unused +2 usersock +3 fw +4 tcpdiag +5 nflog +6 xfrm +7 selinux +8 iscsi +9 audit +10 fiblookup +11 connector +12 nft +13 ip6fw +14 dec-rt +15 uevent +16 genl +18 scsi-trans +19 ecryptfs +20 rdma +21 crypto diff --git a/iproute2/rt_dsfield b/iproute2/rt_dsfield index c0f3679..1426d60 100644 --- a/iproute2/rt_dsfield +++ b/iproute2/rt_dsfield @@ -22,4 +22,5 @@ 0xA0 CS5 0xC0 CS6 0xE0 CS7 -0x5C EF +# RFC 2598 +0xB8 EF diff --git a/iproute2/rt_protos b/iproute2/rt_protos index 38d8ec4..82cf9c4 100644 --- a/iproute2/rt_protos +++ b/iproute2/rt_protos @@ -15,6 +15,7 @@ 14 xorp 15 ntk 16 dhcp +42 babel # # Used by me for gated diff --git a/lftp/lftp.conf b/lftp/lftp.conf index 08d6f7c..956edd6 100644 --- a/lftp/lftp.conf +++ b/lftp/lftp.conf @@ -4,7 +4,6 @@ alias less more alias zless zmore alias bzless bzmore alias reconnect "close; cache flush; cd ." -alias edit "eval -f \"get $0 -o ~/.lftp/edit.tmp.$$ && shell \\\"cp -p ~/.lftp/edit.tmp.$$ ~/.lftp/edit.tmp.$$.orig && $EDITOR ~/.lftp/edit.tmp.$$ && test ~/.lftp/edit.tmp.$$ -nt ~/.lftp/edit.tmp.$$.orig\\\" && put ~/.lftp/edit.tmp.$$ -o $0; shell rm -f ~/.lftp/edit.tmp.$$*\"" ## make prompt look better set prompt "lftp \S\? \u\@\h:\w> " @@ -88,3 +87,5 @@ set cmd:term-status/*rxvt* "\e[11;0]\e]2;\T\007\e[11]" # set ftp:anon-pass "mozilla@" # set ftp:client "" # set http:user-agent "Mozilla/4.7 [en] (WinNT; I)" +set fish:auto-confirm no +set sftp:auto-confirm no diff --git a/mysql/my.cnf b/mysql/my.cnf index dcd08b3..47a2ba6 100644 --- a/mysql/my.cnf +++ b/mysql/my.cnf @@ -1,5 +1,5 @@ # /etc/mysql/my.cnf: The global mysql configuration file. -# $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-5.6,v 1.1 2014/10/08 16:42:41 grknight Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-5.6,v 1.2 2015/03/15 17:31:35 grknight Exp $ # The following options will be passed to all MySQL clients [client] @@ -95,7 +95,6 @@ innodb_buffer_pool_size = 128M # and upstream wants things to be under /var/lib/mysql/, so that's the route # we have to take for the moment #innodb_data_home_dir = /var/lib/mysql/ -#innodb_log_arch_dir = /var/lib/mysql/ #innodb_log_group_home_dir = /var/lib/mysql/ # you may wish to change this size to be more suitable for your system # the max is there to avoid run-away growth on your machine diff --git a/portage/package.keywords b/portage/package.keywords index 6596a18..ec59589 100644 --- a/portage/package.keywords +++ b/portage/package.keywords @@ -26,6 +26,7 @@ app-misc/ddate ~dev-perl/B-Utils-0.170.0 ~dev-perl/B-Utils-0.220.0 ~dev-perl/Capture-Tiny-0.150.0 +~dev-perl/Carp-Always-0.120.0 ~dev-perl/Carp-REPL-0.15 ~dev-perl/Carp-REPL-0.160.0 ~dev-perl/Catalyst-Action-RenderView-0.160.0 @@ -65,6 +66,7 @@ app-misc/ddate ~dev-perl/Catalyst-Plugin-Unicode-Encoding-1.300.0 ~dev-perl/Catalyst-Runtime-5.900.70 ~dev-perl/Catalyst-Runtime-5.900.420 +~dev-perl/Catalyst-Runtime-5.900.850 ~dev-perl/Catalyst-View-Email-0.310 ~dev-perl/Catalyst-View-Email-0.330.0 ~dev-perl/Catalyst-View-TT-0.370.0 @@ -75,6 +77,7 @@ app-misc/ddate ~dev-perl/CatalystX-Profile-0.20.0 ~dev-perl/CatalystX-REPL-0.04 ~dev-perl/CatalystX-SimpleLogin-0.150.0 +~dev-perl/CGI-Struct-1.210.0 ~dev-perl/Class-Accessor-Grouped-0.100.60 ~dev-perl/Class-Accessor-Grouped-0.100.90 ~dev-perl/Class-Base-0.30.0 @@ -152,6 +155,7 @@ app-misc/ddate ~dev-perl/HTTP-Body-1.120.0 ~dev-perl/HTTP-Body-1.170.0 ~dev-perl/HTTP-Body-1.190.0 +~dev-perl/HTTP-Body-1.220.0 ~dev-perl/HTTP-Parser-XS-0.140.0 ~dev-perl/HTTP-Request-AsCGI-1.200.0 ~dev-perl/Import-Into-1.1.0 @@ -278,6 +282,9 @@ app-misc/ddate ~dev-perl/PHP-Serialization-0.340.0 ~dev-perl/Plack-0.998.200 ~dev-perl/Plack-1.1.800 +~dev-perl/Plack-Middleware-FixMissingBodyInRedirect-0.100.0 +~dev-perl/Plack-Middleware-MethodOverride-0.140.0 +~dev-perl/Plack-Middleware-RemoveRedundantBody-0.40.0 ~dev-perl/Plack-Middleware-ReverseProxy-0.100.0 ~dev-perl/Plack-Middleware-ReverseProxy-0.150.0 ~dev-perl/Plack-Test-ExternalServer-0.10.0 @@ -333,7 +340,9 @@ app-misc/ddate ~dev-perl/Unicode-UTF8-0.590.0 ~dev-perl/UNIVERSAL-can-1.201.106.170 ~dev-perl/UNIVERSAL-isa-1.201.106.140 +~dev-perl/URI-1.670.0 ~dev-perl/URI-Find-20111103.0.0 +~dev-perl/URI-ws-0.30.0 ~dev-perl/WWW-Pastebin-PastebinCom-Create-0.4.0 ~dev-perl/YAML-LibYAML-0.350.0 ~dev-perl/YAML-LibYAML-0.410.0 diff --git a/portage/repo.postsync.d/example b/portage/repo.postsync.d/example new file mode 100644 index 0000000..533bf71 --- /dev/null +++ b/portage/repo.postsync.d/example @@ -0,0 +1,51 @@ +#!/bin/sh +# Example /etc/portage/repo.postsync.d script. Make it executable (chmod +x) for +# Portage to process it. +# +# With portage-2.2.16 and newer, all repo.postsync.d hooks will be called multiple +# times after syncing each repository. +# +# Older versions of Portage support syncing only one repository. +# In those versions, the postsync.d hooks will be called only once, +# and they will not be passed any parameters. + +# On a repo.postsync.d hook call, positional parameters contain +# information about the just-synced repository. + +# Your hook can control it's actions depending on any of the three +# parameters passed in to it. +# +# They are as follows: +# +# The repository name. +repository_name=${1} +# The URI to which the repository was synced. +sync_uri=${2} +# The path to the repository. +repository_path=${3} + +# Portage assumes that a hook succeeded if it exits with 0 code. If no +# explicit exit is done, the exit code is the exit code of last spawned +# command. Since our script is a bit more complex, we want to control +# the exit code explicitly. +ret=0 + +if [ -n "${repository_name}" ]; then + # Repository name was provided, so we're in a post-repository hook. + echo "* In post-repository hook for ${repository_name}" + echo "** synced from remote repository ${sync_uri}" + echo "** synced into ${repository_path}" + + # Gentoo comes with pregenerated cache but the other repositories + # usually don't. Generate them to improve performance. + if [ "${repository_name}" != "gentoo" ]; then + if ! egencache --update --repo="${repository_name}" --jobs=4 + then + echo "!!! egencache failed!" + ret=1 + fi + fi +fi + +# Return explicit status. +exit "${ret}" diff --git a/revdep-rebuild/61-icedtea-bin-6 b/revdep-rebuild/61-icedtea-bin-6 deleted file mode 100644 index 134ce4f..0000000 --- a/revdep-rebuild/61-icedtea-bin-6 +++ /dev/null @@ -1 +0,0 @@ -SEARCH_DIRS_MASK="/opt/icedtea-bin-6.1.13.5" diff --git a/revdep-rebuild/61-icedtea-bin-7 b/revdep-rebuild/61-icedtea-bin-7 new file mode 100644 index 0000000..0cfd98b --- /dev/null +++ b/revdep-rebuild/61-icedtea-bin-7 @@ -0,0 +1 @@ +SEARCH_DIRS_MASK="/opt/icedtea-bin-7.2.5.3" diff --git a/sandbox.d/20icedtea-bin-6 b/sandbox.d/20icedtea-bin-7 similarity index 100% rename from sandbox.d/20icedtea-bin-6 rename to sandbox.d/20icedtea-bin-7 -- 2.39.5