committing changes in /etc after apt run

Package changes:
-code-brand 6.4-15 all
+code-brand 6.4-16 all
-collaboraoffice6.4 6.4.10.38-38 amd64
-collaboraoffice6.4-ure 6.4.10.38-38 amd64
+collaboraoffice6.4 6.4.10.39-39 amd64
+collaboraoffice6.4-ure 6.4.10.39-39 amd64
-collaboraofficebasis6.4-calc 6.4.10.38-38 amd64
-collaboraofficebasis6.4-core 6.4.10.38-38 amd64
-collaboraofficebasis6.4-draw 6.4.10.38-38 amd64
-collaboraofficebasis6.4-en-us 6.4.10.38-38 amd64
-collaboraofficebasis6.4-extension-pdf-import 6.4.10.38-38 amd64
-collaboraofficebasis6.4-graphicfilter 6.4.10.38-38 amd64
-collaboraofficebasis6.4-images 6.4.10.38-38 amd64
-collaboraofficebasis6.4-impress 6.4.10.38-38 amd64
-collaboraofficebasis6.4-ooofonts 6.4.10.38-38 amd64
-collaboraofficebasis6.4-ooolinguistic 6.4.10.38-38 amd64
-collaboraofficebasis6.4-writer 6.4.10.38-38 amd64
+collaboraofficebasis6.4-calc 6.4.10.39-39 amd64
+collaboraofficebasis6.4-core 6.4.10.39-39 amd64
+collaboraofficebasis6.4-draw 6.4.10.39-39 amd64
+collaboraofficebasis6.4-en-us 6.4.10.39-39 amd64
+collaboraofficebasis6.4-extension-pdf-import 6.4.10.39-39 amd64
+collaboraofficebasis6.4-graphicfilter 6.4.10.39-39 amd64
+collaboraofficebasis6.4-images 6.4.10.39-39 amd64
+collaboraofficebasis6.4-impress 6.4.10.39-39 amd64
+collaboraofficebasis6.4-ooofonts 6.4.10.39-39 amd64
+collaboraofficebasis6.4-ooolinguistic 6.4.10.39-39 amd64
+collaboraofficebasis6.4-writer 6.4.10.39-39 amd64
-icinga2 2.12.3-1.bionic amd64
-icinga2-bin 2.12.3-1.bionic amd64
-icinga2-common 2.12.3-1.bionic all
-icinga2-ido-mysql 2.12.3-1.bionic amd64
+icinga2 2.12.4-1.bionic amd64
+icinga2-bin 2.12.4-1.bionic amd64
+icinga2-common 2.12.4-1.bionic all
+icinga2-ido-mysql 2.12.4-1.bionic amd64
-isc-dhcp-client 4.3.5-3ubuntu7.2 amd64
-isc-dhcp-common 4.3.5-3ubuntu7.2 amd64
+isc-dhcp-client 4.3.5-3ubuntu7.3 amd64
+isc-dhcp-common 4.3.5-3ubuntu7.3 amd64
-liblz4-1 0.0~r131-2ubuntu3 amd64
-liblz4-1 0.0~r131-2ubuntu3 i386
+liblz4-1 0.0~r131-2ubuntu3.1 amd64
+liblz4-1 0.0~r131-2ubuntu3.1 i386
-libpam-modules 1.1.8-3.6ubuntu2.18.04.2 amd64
-libpam-modules-bin 1.1.8-3.6ubuntu2.18.04.2 amd64
-libpam-runtime 1.1.8-3.6ubuntu2.18.04.2 all
+libpam-modules 1.1.8-3.6ubuntu2.18.04.3 amd64
+libpam-modules-bin 1.1.8-3.6ubuntu2.18.04.3 amd64
+libpam-runtime 1.1.8-3.6ubuntu2.18.04.3 all
-libpam0g 1.1.8-3.6ubuntu2.18.04.2 amd64
+libpam0g 1.1.8-3.6ubuntu2.18.04.3 amd64
-loolwsd 6.4.8-6 amd64
+loolwsd 6.4.9-1 amd64
-vim-icinga2 2.12.3-1.bionic all
+vim-icinga2 2.12.4-1.bionic all

diff --git a/.etckeeper b/.etckeeper
index b01bc92f0a6e2247215a8434d1bf2f453a4ebb6d..61f90db846a12d9ca5ac11b7e062bbade0b97716 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -2774,7 +2774,7 @@ maybe chgrp 'nagios' 'icinga2/conf.d/users.conf'
 maybe chmod 0644 'icinga2/conf.d/users.conf'
 maybe chown 'nagios' 'icinga2/constants.conf'
 maybe chgrp 'nagios' 'icinga2/constants.conf'
-maybe chmod 0644 'icinga2/constants.conf'
+maybe chmod 0640 'icinga2/constants.conf'
 maybe chown 'nagios' 'icinga2/constants.conf.orig'
 maybe chgrp 'nagios' 'icinga2/constants.conf.orig'
 maybe chmod 0640 'icinga2/constants.conf.orig'
@@ -2843,7 +2843,7 @@ maybe chgrp 'nagios' 'icinga2/features-enabled'
 maybe chmod 0750 'icinga2/features-enabled'
 maybe chown 'nagios' 'icinga2/icinga2.conf'
 maybe chgrp 'nagios' 'icinga2/icinga2.conf'
-maybe chmod 0644 'icinga2/icinga2.conf'
+maybe chmod 0640 'icinga2/icinga2.conf'
 maybe chown 'nagios' 'icinga2/icinga2.conf.orig'
 maybe chgrp 'nagios' 'icinga2/icinga2.conf.orig'
 maybe chmod 0640 'icinga2/icinga2.conf.orig'
@@ -2855,7 +2855,7 @@ maybe chmod 0755 'icinga2/scripts/mail-host-notification.sh'
 maybe chmod 0755 'icinga2/scripts/mail-service-notification.sh'
 maybe chown 'nagios' 'icinga2/zones.conf'
 maybe chgrp 'nagios' 'icinga2/zones.conf'
-maybe chmod 0644 'icinga2/zones.conf'
+maybe chmod 0640 'icinga2/zones.conf'
 maybe chown 'nagios' 'icinga2/zones.conf.orig'
 maybe chgrp 'nagios' 'icinga2/zones.conf.orig'
 maybe chmod 0640 'icinga2/zones.conf.orig'
@@ -10174,6 +10174,7 @@ maybe chmod 0644 'securetty'
 maybe chmod 0755 'security'
 maybe chmod 0644 'security/access.conf'
 maybe chmod 0644 'security/capability.conf'
+maybe chmod 0644 'security/faillock.conf'
 maybe chmod 0644 'security/group.conf'
 maybe chmod 0644 'security/limits.conf'
 maybe chmod 0755 'security/limits.d'

diff --git a/apt/apt.conf.d/25loolwsd b/apt/apt.conf.d/25loolwsd
index de34164e39d9d49c3213af7fc5e39067045c5d5b..48a1276352c1eabe58532c8669d9f3ad1b7c9bdc 100644 (file)
--- a/apt/apt.conf.d/25loolwsd
+++ b/apt/apt.conf.d/25loolwsd
@@ -1,2 +1,2 @@
 // Rebuild systemplate of Collabora Online Development Edition
-DPkg::Post-Invoke { "echo Updating loolwsd systemplate;loolwsd-systemplate-setup /opt/lool/systemplate /opt/collaboraoffice6.4 >/dev/null 2>&1"; };
+DPkg::Post-Invoke { "echo Updating loolwsd systemplate;loolwsd-systemplate-setup /opt/lool/systemplate /opt/collaboraoffice6.4 >/dev/null 2>&1 || true"; };

diff --git a/loolwsd/loolkitconfig.xcu b/loolwsd/loolkitconfig.xcu
index 86696a8864e34df84c7d0dfc47359b05d0abf3db..bb9ed68f19d83412b05554ba8e15037c442d887c 100644 (file)
--- a/loolwsd/loolkitconfig.xcu
+++ b/loolwsd/loolkitconfig.xcu
@@ -25,10 +25,8 @@
 <!-- Enable thumbnail generation by default (disabling saves CPU time) -->
 <item oor:path="/org.openoffice.Office.Common/Save/Document"><prop oor:name="GenerateThumbnail" oor:op="fuse"><value>true</value></prop></item>
 
-<!-- Use the collabora_svg theme for the sidebar -->
+<!-- Set the theme and icon size for the sidebar -->
 <item oor:path="/org.openoffice.Office.Common/Misc"><prop oor:name="SymbolStyle" oor:op="fuse"><value>collabora_svg</value></prop></item>
-
-<!-- Use the large icons in the sidebar -->
 <item oor:path="/org.openoffice.Office.Common/Misc"><prop oor:name="SidebarIconSize" oor:op="fuse"><value>2</value></prop></item>
 
 <!-- To show Hidden Characters and Hiddent Text/Paragraph fields -->

diff --git a/security/faillock.conf b/security/faillock.conf
new file mode 100644 (file)
index 0000000..16d93df
--- /dev/null
+++ b/security/faillock.conf
@@ -0,0 +1,62 @@
+# Configuration for locking the user after multiple failed
+# authentication attempts.
+#
+# The directory where the user files with the failure records are kept.
+# The default is /var/run/faillock.
+# dir = /var/run/faillock
+#
+# Will log the user name into the system log if the user is not found.
+# Enabled if option is present.
+# audit
+#
+# Don't print informative messages.
+# Enabled if option is present.
+# silent
+#
+# Don't log informative messages via syslog.
+# Enabled if option is present.
+# no_log_info
+#
+# Only track failed user authentications attempts for local users
+# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
+# The `faillock` command will also no longer track user failed
+# authentication attempts. Enabling this option will prevent a
+# double-lockout scenario where a user is locked out locally and
+# in the centralized mechanism.
+# Enabled if option is present.
+# local_users_only
+#
+# Deny access if the number of consecutive authentication failures
+# for this user during the recent interval exceeds n tries.
+# The default is 3.
+# deny = 3
+#
+# The length of the interval during which the consecutive
+# authentication failures must happen for the user account
+# lock out is <replaceable>n</replaceable> seconds.
+# The default is 900 (15 minutes).
+# fail_interval = 900
+#
+# The access will be re-enabled after n seconds after the lock out.
+# The value 0 has the same meaning as value `never` - the access
+# will not be re-enabled without resetting the faillock
+# entries by the `faillock` command.
+# The default is 600 (10 minutes).
+# unlock_time = 600
+#
+# Root account can become locked as well as regular accounts.
+# Enabled if option is present.
+# even_deny_root
+#
+# This option implies the `even_deny_root` option.
+# Allow access after n seconds to root account after the
+# account is locked. In case the option is not specified
+# the value is the same as of the `unlock_time` option.
+# root_unlock_time = 900
+#
+# If a group name is specified with this option, members
+# of the group will be handled by this module the same as
+# the root account (the options `even_deny_root>` and
+# `root_unlock_time` will apply to them.
+# By default, the option is not set.
+# admin_group = <admin_group_name>