From: root <root@mail.hoellein.online>
Date: Fri, 26 Apr 2019 09:10:34 +0000 (+0200)
Subject: committing changes in /etc after apt run
X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=ae8e4f7d5b4861e53000c4891fd0a088468a2985;p=vserver

committing changes in /etc after apt run

Package changes:
-apache2 2.4.29-1ubuntu4.5 amd64
-apache2-bin 2.4.29-1ubuntu4.5 amd64
-apache2-data 2.4.29-1ubuntu4.5 all
-apache2-utils 2.4.29-1ubuntu4.5 amd64
+apache2 2.4.29-1ubuntu4.6 amd64
+apache2-bin 2.4.29-1ubuntu4.6 amd64
+apache2-data 2.4.29-1ubuntu4.6 all
+apache2-utils 2.4.29-1ubuntu4.6 amd64
-bind9 1:9.11.3+dfsg-1ubuntu1.5 amd64
-bind9-host 1:9.11.3+dfsg-1ubuntu1.5 amd64
-bind9utils 1:9.11.3+dfsg-1ubuntu1.5 amd64
+bind9 1:9.11.3+dfsg-1ubuntu1.7 amd64
+bind9-host 1:9.11.3+dfsg-1ubuntu1.7 amd64
+bind9utils 1:9.11.3+dfsg-1ubuntu1.7 amd64
-busybox-initramfs 1:1.27.2-2ubuntu3.1 amd64
-busybox-static 1:1.27.2-2ubuntu3.1 amd64
+busybox-initramfs 1:1.27.2-2ubuntu3.2 amd64
+busybox-static 1:1.27.2-2ubuntu3.2 amd64
-console-setup 1.178ubuntu2.7 all
-console-setup-linux 1.178ubuntu2.7 all
+console-setup 1.178ubuntu2.8 all
+console-setup-linux 1.178ubuntu2.8 all
-distro-info-data 0.37ubuntu0.3 all
+distro-info-data 0.37ubuntu0.4 all
-dnsutils 1:9.11.3+dfsg-1ubuntu1.5 amd64
+dnsutils 1:9.11.3+dfsg-1ubuntu1.7 amd64
-gettext-base 0.19.8.1-6ubuntu0.1 amd64
+gettext-base 0.19.8.1-6ubuntu0.3 amd64
-grub-common 2.02-2ubuntu8.12 amd64
+grub-common 2.02-2ubuntu8.13 amd64
-grub-pc 2.02-2ubuntu8.12 amd64
-grub-pc-bin 2.02-2ubuntu8.12 amd64
-grub2-common 2.02-2ubuntu8.12 amd64
+grub-pc 2.02-2ubuntu8.13 amd64
+grub-pc-bin 2.02-2ubuntu8.13 amd64
+grub2-common 2.02-2ubuntu8.13 amd64
-keyboard-configuration 1.178ubuntu2.7 all
+keyboard-configuration 1.178ubuntu2.8 all
-language-selector-common 0.188.1 all
+language-selector-common 0.188.2 all
-libaio1 0.3.110-5 amd64
-libapache2-mod-php7.2 7.2.15-0ubuntu0.18.04.2 amd64
+libaio1 0.3.110-5ubuntu0.1 amd64
+libapache2-mod-php7.2 7.2.17-0ubuntu0.18.04.1 amd64
-libbind9-160 1:9.11.3+dfsg-1ubuntu1.5 amd64
+libbind9-160 1:9.11.3+dfsg-1ubuntu1.7 amd64
-libdns-export1100 1:9.11.3+dfsg-1ubuntu1.5 amd64
-libdns1100 1:9.11.3+dfsg-1ubuntu1.5 amd64
+libdns-export1100 1:9.11.3+dfsg-1ubuntu1.7 amd64
+libdns1100 1:9.11.3+dfsg-1ubuntu1.7 amd64
-libidn11 1.33-2.1ubuntu1.1 amd64
+libidn11 1.33-2.1ubuntu1.2 amd64
-libirs160 1:9.11.3+dfsg-1ubuntu1.5 amd64
-libisc-export169 1:9.11.3+dfsg-1ubuntu1.5 amd64
-libisc169 1:9.11.3+dfsg-1ubuntu1.5 amd64
-libisccc160 1:9.11.3+dfsg-1ubuntu1.5 amd64
-libisccfg160 1:9.11.3+dfsg-1ubuntu1.5 amd64
+libirs160 1:9.11.3+dfsg-1ubuntu1.7 amd64
+libisc-export169 1:9.11.3+dfsg-1ubuntu1.7 amd64
+libisc169 1:9.11.3+dfsg-1ubuntu1.7 amd64
+libisccc160 1:9.11.3+dfsg-1ubuntu1.7 amd64
+libisccfg160 1:9.11.3+dfsg-1ubuntu1.7 amd64
-liblwres160 1:9.11.3+dfsg-1ubuntu1.5 amd64
+liblwres160 1:9.11.3+dfsg-1ubuntu1.7 amd64
-libnss-systemd 237-3ubuntu10.15 amd64
-libntfs-3g88 1:2017.3.23-2ubuntu0.18.04.1 amd64
+libnss-systemd 237-3ubuntu10.21 amd64
+libntfs-3g88 1:2017.3.23-2ubuntu0.18.04.2 amd64
-libnuma1 2.0.11-2.1 amd64
+libnuma1 2.0.11-2.1ubuntu0.1 amd64
-libpam-systemd 237-3ubuntu10.15 amd64
+libpam-systemd 237-3ubuntu10.21 amd64
-libplymouth4 0.9.3-1ubuntu7.18.04.1 amd64
+libplymouth4 0.9.3-1ubuntu7.18.04.2 amd64
-libpolkit-gobject-1-0 0.105-20ubuntu0.18.04.4 amd64
+libpolkit-gobject-1-0 0.105-20ubuntu0.18.04.5 amd64
-libsystemd0 237-3ubuntu10.15 amd64
+libsystemd0 237-3ubuntu10.21 amd64
-libudev1 237-3ubuntu10.15 amd64
+libudev1 237-3ubuntu10.21 amd64
-libunistring2 0.9.9-0ubuntu1 amd64
+libunistring2 0.9.9-0ubuntu2 amd64
-libxslt1.1 1.1.29-5 amd64
+libxslt1.1 1.1.29-5ubuntu0.1 amd64
-linux-firmware 1.173.3 all
+linux-firmware 1.173.5 all
-linux-libc-dev 4.15.0-46.49 amd64
+linux-libc-dev 4.15.0-48.51 amd64
-login 1:4.5-1ubuntu1 amd64
+login 1:4.5-1ubuntu2 amd64
-ntfs-3g 1:2017.3.23-2ubuntu0.18.04.1 amd64
+ntfs-3g 1:2017.3.23-2ubuntu0.18.04.2 amd64
-passwd 1:4.5-1ubuntu1 amd64
+passwd 1:4.5-1ubuntu2 amd64
-php7.2 7.2.15-0ubuntu0.18.04.2 all
-php7.2-bz2 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-cli 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-common 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-curl 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-gd 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-intl 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-json 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-mbstring 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-mysql 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-opcache 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-readline 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-xml 7.2.15-0ubuntu0.18.04.2 amd64
-php7.2-zip 7.2.15-0ubuntu0.18.04.2 amd64
+php7.2 7.2.17-0ubuntu0.18.04.1 all
+php7.2-bz2 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-cli 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-common 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-curl 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-gd 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-intl 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-json 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-mbstring 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-mysql 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-opcache 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-readline 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-xml 7.2.17-0ubuntu0.18.04.1 amd64
+php7.2-zip 7.2.17-0ubuntu0.18.04.1 amd64
-plymouth 0.9.3-1ubuntu7.18.04.1 amd64
-plymouth-theme-ubuntu-text 0.9.3-1ubuntu7.18.04.1 amd64
+plymouth 0.9.3-1ubuntu7.18.04.2 amd64
+plymouth-theme-ubuntu-text 0.9.3-1ubuntu7.18.04.2 amd64
-python3-distupgrade 1:18.04.30 all
+python3-distupgrade 1:18.04.31 all
-python3-update-manager 1:18.04.11.9 all
+python3-update-manager 1:18.04.11.10 all
-systemd 237-3ubuntu10.15 amd64
-systemd-sysv 237-3ubuntu10.15 amd64
+systemd 237-3ubuntu10.21 amd64
+systemd-sysv 237-3ubuntu10.21 amd64
-tzdata 2018i-0ubuntu0.18.04 all
+tzdata 2019a-0ubuntu0.18.04 all
-ubuntu-minimal 1.417 amd64
-ubuntu-release-upgrader-core 1:18.04.30 all
-ubuntu-standard 1.417 amd64
+ubuntu-minimal 1.417.1 amd64
+ubuntu-release-upgrader-core 1:18.04.31 all
+ubuntu-standard 1.417.1 amd64
-udev 237-3ubuntu10.15 amd64
-ufw 0.35-5 all
+udev 237-3ubuntu10.21 amd64
+ufw 0.36-0ubuntu0.18.04.1 all
-update-manager-core 1:18.04.11.9 all
-ureadahead 0.100.0-20 amd64
+update-manager-core 1:18.04.11.10 all
+ureadahead 0.100.0-21 amd64
-wget 1.19.4-1ubuntu2.1 amd64
+wget 1.19.4-1ubuntu2.2 amd64
---

diff --git a/console-setup/cached_setup_keyboard.sh b/console-setup/cached_setup_keyboard.sh
index 30b46c1b7..e740e959d 100755
--- a/console-setup/cached_setup_keyboard.sh
+++ b/console-setup/cached_setup_keyboard.sh
@@ -10,4 +10,4 @@ kbd_mode '-u' < '/dev/tty3'
 kbd_mode '-u' < '/dev/tty4' 
 kbd_mode '-u' < '/dev/tty5' 
 kbd_mode '-u' < '/dev/tty6' 
-loadkeys '/etc/console-setup/cached_UTF-8_del.kmap.gz' > '/dev/null' 
+loadkeys '/run/tmpkbd.TqMNs8' > '/dev/null' 
diff --git a/default/ufw b/default/ufw
index 665806f3e..83c9ac3e6 100644
--- a/default/ufw
+++ b/default/ufw
@@ -41,5 +41,6 @@ IPT_SYSCTL=/etc/ufw/sysctl.conf
 # nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
 # nf_conntrack_ftp, nf_nat_ftp: active FTP support
 # nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
+# nf_conntrack_sane: sane support
 IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"
 
diff --git a/fonts/conf.avail/69-language-selector-ja.conf b/fonts/conf.avail/69-language-selector-ja.conf
index 216a1a64d..d562429f2 100644
--- a/fonts/conf.avail/69-language-selector-ja.conf
+++ b/fonts/conf.avail/69-language-selector-ja.conf
@@ -2,11 +2,22 @@
 <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
 <fontconfig>
 	<match target="font">
-		<test qual="all" name="family" compare="contains">
-			<string>Noto</string>
+		<test name="family" compare="contains">
+			<string>Noto Sans CJK JP</string>
 		</test>
-		<test qual="all" name="family" compare="contains">
-			<string>JP</string>
+		<test qual="all" name="pixelsize" compare="less_eq">
+			<double>18</double>
+		</test>
+		<edit mode="assign" name="embeddedbitmap">
+			<bool>false</bool>
+		</edit>
+		<edit mode="assign" name="hintstyle">
+			<const>hintnone</const>
+		</edit>
+	</match>
+	<match target="font">
+		<test name="family" compare="contains">
+			<string>Noto Serif CJK JP</string>
 		</test>
 		<test qual="all" name="pixelsize" compare="less_eq">
 			<double>18</double>
diff --git a/php/7.2/cli/php.ini b/php/7.2/cli/php.ini
index bdb75eb6a..737b619e2 100644
--- a/php/7.2/cli/php.ini
+++ b/php/7.2/cli/php.ini
@@ -993,8 +993,19 @@ cli_server.color = On
 ;intl.use_exceptions = 0
 
 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
 [Pcre]
 ;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit
diff --git a/ufw/before.rules b/ufw/before.rules
index 0addd54c6..23b384eb0 100644
--- a/ufw/before.rules
+++ b/ufw/before.rules
@@ -32,14 +32,12 @@
 
 # ok icmp codes for INPUT
 -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
--A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
 -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
 -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
 -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
 
 # ok icmp code for FORWARD
 -A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
--A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT
 -A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
 -A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
 -A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT
diff --git a/ufw/before6.rules b/ufw/before6.rules
index 30e90c7db..abebbe74d 100644
--- a/ufw/before6.rules
+++ b/ufw/before6.rules
@@ -30,6 +30,11 @@
 -A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
+# multicast ping replies are part of the ok icmp codes for INPUT (rfc4890,
+# 4.4.1 and 4.4.2), but don't have an associated connection and are otherwise
+# be marked INVALID, so allow here instead.
+-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+
 # drop INVALID packets (logs these in loglevel medium and higher)
 -A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
 -A ufw6-before-input -m conntrack --ctstate INVALID -j DROP
@@ -39,10 +44,9 @@
 -A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
 # codes 0 and 1
 -A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
-# codes 0-2
+# codes 0-2 (echo-reply needs to be before INVALID, see above)
 -A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
--A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT