From 6ecef7d6d8028a2f29c46f32bc3336ef53532881 Mon Sep 17 00:00:00 2001 From: mhoellein Date: Fri, 27 Sep 2019 08:34:34 +0200 Subject: [PATCH] committing changes in /etc after apt run Package changes: -apache2 2.4.29-1ubuntu4.11 amd64 -apache2-bin 2.4.29-1ubuntu4.11 amd64 -apache2-data 2.4.29-1ubuntu4.11 all -apache2-utils 2.4.29-1ubuntu4.11 amd64 +apache2 2.4.41-1+ubuntu18.04.1+deb.sury.org+5 amd64 +apache2-bin 2.4.41-1+ubuntu18.04.1+deb.sury.org+5 amd64 +apache2-data 2.4.41-1+ubuntu18.04.1+deb.sury.org+5 all +apache2-utils 2.4.41-1+ubuntu18.04.1+deb.sury.org+5 amd64 -dpkg 1.19.0.5ubuntu2.2 amd64 -dpkg-dev 1.19.0.5ubuntu2.2 all +dpkg 1.19.0.5ubuntu2.3 amd64 +dpkg-dev 1.19.0.5ubuntu2.3 all -file-roller 3.28.0-1ubuntu1 amd64 +file-roller 3.28.0-1ubuntu1.1 amd64 -firefox 69.0+linuxmint1+tina amd64 -firefox-locale-de 69.0+linuxmint1+tina amd64 -firefox-locale-en 69.0+linuxmint1+tina amd64 +firefox 69.0.1+linuxmint1+tina amd64 +firefox-locale-de 69.0.1+linuxmint1+tina amd64 +firefox-locale-en 69.0.1+linuxmint1+tina amd64 -fonts-opensymbol 2:102.10+LibO6.0.7-0ubuntu0.18.04.9 all +fonts-opensymbol 2:102.10+LibO6.0.7-0ubuntu0.18.04.10 all -gdb 8.1-0ubuntu3 amd64 +gdb 8.1-0ubuntu3.1 amd64 -gir1.2-ibus-1.0 1.5.17-3ubuntu5.1 amd64 +gir1.2-ibus-1.0 1.5.17-3ubuntu5.2 amd64 -gnome-control-center-data 1:3.28.2-0ubuntu0.18.04.4 all +gnome-control-center-data 1:3.28.2-0ubuntu0.18.04.5 all -grep 3.1-2 amd64 +grep 3.1-2build1 amd64 -ibus-gtk 1.5.17-3ubuntu5.1 i386 +ibus-gtk 1.5.17-3ubuntu5.2 i386 -libaprutil1 1.6.1-2 amd64 -libaprutil1-dbd-sqlite3 1.6.1-2 amd64 -libaprutil1-ldap 1.6.1-2 amd64 +libaprutil1 1.6.1-5+ubuntu18.04.1+deb.sury.org+1 amd64 +libaprutil1-dbd-sqlite3 1.6.1-5+ubuntu18.04.1+deb.sury.org+1 amd64 +libaprutil1-ldap 1.6.1-5+ubuntu18.04.1+deb.sury.org+1 amd64 -libbrotli1 1.0.3-1ubuntu1.2 amd64 +libbrotli1 1.0.7-2+ubuntu18.04.1+deb.sury.org+1 amd64 -libdpkg-perl 1.19.0.5ubuntu2.2 all +libdpkg-perl 1.19.0.5ubuntu2.3 all -libegl-mesa0 19.0.8-0ubuntu0~18.04.1 amd64 -libegl-mesa0 19.0.8-0ubuntu0~18.04.1 i386 +libegl-mesa0 19.0.8-0ubuntu0~18.04.2 amd64 +libegl-mesa0 19.0.8-0ubuntu0~18.04.2 i386 -libegl1-mesa 19.0.8-0ubuntu0~18.04.1 amd64 +libegl1-mesa 19.0.8-0ubuntu0~18.04.2 amd64 -libgbm1 19.0.8-0ubuntu0~18.04.1 amd64 -libgbm1 19.0.8-0ubuntu0~18.04.1 i386 +libgbm1 19.0.8-0ubuntu0~18.04.2 amd64 +libgbm1 19.0.8-0ubuntu0~18.04.2 i386 -libgl1-mesa-dri 19.0.8-0ubuntu0~18.04.1 amd64 -libgl1-mesa-dri 19.0.8-0ubuntu0~18.04.1 i386 -libgl1-mesa-glx 19.0.8-0ubuntu0~18.04.1 amd64 -libgl1-mesa-glx 19.0.8-0ubuntu0~18.04.1 i386 +libgl1-mesa-dri 19.0.8-0ubuntu0~18.04.2 amd64 +libgl1-mesa-dri 19.0.8-0ubuntu0~18.04.2 i386 +libgl1-mesa-glx 19.0.8-0ubuntu0~18.04.2 amd64 +libgl1-mesa-glx 19.0.8-0ubuntu0~18.04.2 i386 -libglapi-mesa 19.0.8-0ubuntu0~18.04.1 amd64 -libglapi-mesa 19.0.8-0ubuntu0~18.04.1 i386 +libglapi-mesa 19.0.8-0ubuntu0~18.04.2 amd64 +libglapi-mesa 19.0.8-0ubuntu0~18.04.2 i386 -libgles2-mesa 19.0.8-0ubuntu0~18.04.1 amd64 +libgles2-mesa 19.0.8-0ubuntu0~18.04.2 amd64 -libglx-mesa0 19.0.8-0ubuntu0~18.04.1 amd64 -libglx-mesa0 19.0.8-0ubuntu0~18.04.1 i386 +libglx-mesa0 19.0.8-0ubuntu0~18.04.2 amd64 +libglx-mesa0 19.0.8-0ubuntu0~18.04.2 i386 -libibus-1.0-5 1.5.17-3ubuntu5.1 amd64 -libibus-1.0-5 1.5.17-3ubuntu5.1 i386 +libibus-1.0-5 1.5.17-3ubuntu5.2 amd64 +libibus-1.0-5 1.5.17-3ubuntu5.2 i386 -libreoffice-avmedia-backend-gstreamer 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-base 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-base-core 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-base-drivers 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-calc 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-common 1:6.0.7-0ubuntu0.18.04.9 all -libreoffice-core 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-draw 1:6.0.7-0ubuntu0.18.04.9 amd64 +libreoffice-avmedia-backend-gstreamer 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-base 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-base-core 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-base-drivers 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-calc 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-common 1:6.0.7-0ubuntu0.18.04.10 all +libreoffice-core 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-draw 1:6.0.7-0ubuntu0.18.04.10 amd64 -libreoffice-gnome 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-gtk 1:6.0.7-0ubuntu0.18.04.9 all -libreoffice-gtk2 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-gtk3 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-help-en-us 1:6.0.7-0ubuntu0.18.04.9 all -libreoffice-impress 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-java-common 1:6.0.7-0ubuntu0.18.04.9 all -libreoffice-math 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-ogltrans 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-pdfimport 1:6.0.7-0ubuntu0.18.04.9 all +libreoffice-gnome 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-gtk 1:6.0.7-0ubuntu0.18.04.10 all +libreoffice-gtk2 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-gtk3 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-help-en-us 1:6.0.7-0ubuntu0.18.04.10 all +libreoffice-impress 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-java-common 1:6.0.7-0ubuntu0.18.04.10 all +libreoffice-math 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-ogltrans 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-pdfimport 1:6.0.7-0ubuntu0.18.04.10 all -libreoffice-sdbc-firebird 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-sdbc-hsqldb 1:6.0.7-0ubuntu0.18.04.9 amd64 -libreoffice-style-galaxy 1:6.0.7-0ubuntu0.18.04.9 all +libreoffice-sdbc-firebird 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-sdbc-hsqldb 1:6.0.7-0ubuntu0.18.04.10 amd64 +libreoffice-style-galaxy 1:6.0.7-0ubuntu0.18.04.10 all -libreoffice-style-tango 1:6.0.7-0ubuntu0.18.04.9 all -libreoffice-writer 1:6.0.7-0ubuntu0.18.04.9 amd64 +libreoffice-style-tango 1:6.0.7-0ubuntu0.18.04.10 all +libreoffice-writer 1:6.0.7-0ubuntu0.18.04.10 amd64 -libssl-dev 1.1.1-1ubuntu2.1~18.04.4 amd64 +libssl-dev 1.1.1c-1+ubuntu18.04.1+deb.sury.org+1 amd64 -libssl1.1 1.1.1-1ubuntu2.1~18.04.4 amd64 +libssl1.1 1.1.1c-1+ubuntu18.04.1+deb.sury.org+1 amd64 -libwayland-egl1-mesa 19.0.8-0ubuntu0~18.04.1 amd64 -libwayland-egl1-mesa 19.0.8-0ubuntu0~18.04.1 i386 +libwayland-egl1-mesa 19.0.8-0ubuntu0~18.04.2 amd64 +libwayland-egl1-mesa 19.0.8-0ubuntu0~18.04.2 i386 -libxatracker2 19.0.8-0ubuntu0~18.04.1 amd64 +libxatracker2 19.0.8-0ubuntu0~18.04.2 amd64 -linux-libc-dev 4.15.0-62.69 amd64 +linux-libc-dev 4.15.0-64.73 amd64 -openssl 1.1.1-1ubuntu2.1~18.04.4 amd64 +openssl 1.1.1c-1+ubuntu18.04.1+deb.sury.org+1 amd64 -python-httplib2 0.9.2+dfsg-1ubuntu0.1 all +python-httplib2 0.11.3-1+ubuntu18.04.1+deb.sury.org+1 all -python3-httplib2 0.9.2+dfsg-1ubuntu0.1 all +python3-httplib2 0.11.3-1+ubuntu18.04.1+deb.sury.org+1 all -python3-uno 1:6.0.7-0ubuntu0.18.04.9 amd64 +python3-uno 1:6.0.7-0ubuntu0.18.04.10 amd64 -uno-libs3 6.0.7-0ubuntu0.18.04.9 amd64 +uno-libs3 6.0.7-0ubuntu0.18.04.10 amd64 -ure 6.0.7-0ubuntu0.18.04.9 amd64 +ure 6.0.7-0ubuntu0.18.04.10 amd64 -wpasupplicant 2:2.6-15ubuntu2.4 amd64 +wpasupplicant 2:2.6-15ubuntu2.5 amd64 --- .etckeeper | 6 +++-- apache2/mods-available/brotli.load | 1 + apache2/mods-available/http2.conf | 34 +++++++++++++++++++++++++ apache2/mods-available/md.load | 1 + apache2/mods-available/proxy_uwsgi.load | 2 ++ ssl/openssl.cnf | 6 ++--- 6 files changed, 44 insertions(+), 6 deletions(-) create mode 100644 apache2/mods-available/brotli.load create mode 100644 apache2/mods-available/http2.conf create mode 100644 apache2/mods-available/md.load create mode 100644 apache2/mods-available/proxy_uwsgi.load diff --git a/.etckeeper b/.etckeeper index cc200266..9573a8a3 100755 --- a/.etckeeper +++ b/.etckeeper @@ -68,7 +68,6 @@ mkdir -p './security/namespace.d' mkdir -p './smartmontools/smartd_warning.d' mkdir -p './systemd/user' mkdir -p './udev/hwdb.d' -mkdir -p './ufw/applications.d/apache2' mkdir -p './update-manager/release-upgrades.d' mkdir -p './update-notifier' mkdir -p './usb_modeswitch.d' @@ -300,6 +299,7 @@ maybe chmod 0644 'apache2/mods-available/authz_owner.load' maybe chmod 0644 'apache2/mods-available/authz_user.load' maybe chmod 0644 'apache2/mods-available/autoindex.conf' maybe chmod 0644 'apache2/mods-available/autoindex.load' +maybe chmod 0644 'apache2/mods-available/brotli.load' maybe chmod 0644 'apache2/mods-available/buffer.load' maybe chmod 0644 'apache2/mods-available/cache.load' maybe chmod 0644 'apache2/mods-available/cache_disk.conf' @@ -335,6 +335,7 @@ maybe chmod 0644 'apache2/mods-available/filter.load' maybe chmod 0644 'apache2/mods-available/headers.load' maybe chmod 0644 'apache2/mods-available/heartbeat.load' maybe chmod 0644 'apache2/mods-available/heartmonitor.load' +maybe chmod 0644 'apache2/mods-available/http2.conf' maybe chmod 0644 'apache2/mods-available/http2.load' maybe chmod 0644 'apache2/mods-available/ident.load' maybe chmod 0644 'apache2/mods-available/imagemap.load' @@ -351,6 +352,7 @@ maybe chmod 0644 'apache2/mods-available/log_debug.load' maybe chmod 0644 'apache2/mods-available/log_forensic.load' maybe chmod 0644 'apache2/mods-available/lua.load' maybe chmod 0644 'apache2/mods-available/macro.load' +maybe chmod 0644 'apache2/mods-available/md.load' maybe chmod 0644 'apache2/mods-available/mime.conf' maybe chmod 0644 'apache2/mods-available/mime.load' maybe chmod 0644 'apache2/mods-available/mime_magic.conf' @@ -388,6 +390,7 @@ maybe chmod 0644 'apache2/mods-available/proxy_html.load' maybe chmod 0644 'apache2/mods-available/proxy_http.load' maybe chmod 0644 'apache2/mods-available/proxy_http2.load' maybe chmod 0644 'apache2/mods-available/proxy_scgi.load' +maybe chmod 0644 'apache2/mods-available/proxy_uwsgi.load' maybe chmod 0644 'apache2/mods-available/proxy_wstunnel.load' maybe chmod 0644 'apache2/mods-available/ratelimit.load' maybe chmod 0644 'apache2/mods-available/reflector.load' @@ -7252,7 +7255,6 @@ maybe chmod 0640 'ufw/after.init' maybe chmod 0640 'ufw/after.rules' maybe chmod 0640 'ufw/after6.rules' maybe chmod 0755 'ufw/applications.d' -maybe chmod 0755 'ufw/applications.d/apache2' maybe chmod 0644 'ufw/applications.d/apache2-utils.ufw.profile' maybe chmod 0644 'ufw/applications.d/bind9' maybe chmod 0644 'ufw/applications.d/cups' diff --git a/apache2/mods-available/brotli.load b/apache2/mods-available/brotli.load new file mode 100644 index 00000000..ebd48ed1 --- /dev/null +++ b/apache2/mods-available/brotli.load @@ -0,0 +1 @@ +LoadModule brotli_module /usr/lib/apache2/modules/mod_brotli.so diff --git a/apache2/mods-available/http2.conf b/apache2/mods-available/http2.conf new file mode 100644 index 00000000..f45db4d4 --- /dev/null +++ b/apache2/mods-available/http2.conf @@ -0,0 +1,34 @@ + +# mod_http2 doesn't work with mpm_prefork + + Protocols h2 h2c http/1.1 + + # # HTTP/2 push configuration + # + # H2Push on + # + # # Default Priority Rule + # + # H2PushPriority * After 16 + # + # # More complex ruleset: + # + # H2PushPriority * after + # H2PushPriority text/css before + # H2PushPriority image/jpeg after 32 + # H2PushPriority image/png after 32 + # H2PushPriority application/javascript interleaved + # + # # Configure some stylesheet and script to be pushed by the webserver + # + # + # Header add Link "; rel=preload; as=style" + # Header add Link "; rel=preload; as=script" + # + # Since mod_http2 doesn't support the mod_logio module (which provide the %O format), + # you may want to change your LogFormat directive as follow: + # + # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined + # LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined + # LogFormat "%h %l %u %t \"%r\" %>s %B" common + diff --git a/apache2/mods-available/md.load b/apache2/mods-available/md.load new file mode 100644 index 00000000..812a6a6c --- /dev/null +++ b/apache2/mods-available/md.load @@ -0,0 +1 @@ +LoadModule md_module /usr/lib/apache2/modules/mod_md.so diff --git a/apache2/mods-available/proxy_uwsgi.load b/apache2/mods-available/proxy_uwsgi.load new file mode 100644 index 00000000..79ebd428 --- /dev/null +++ b/apache2/mods-available/proxy_uwsgi.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so diff --git a/ssl/openssl.cnf b/ssl/openssl.cnf index 7d1a8bb6..4acca4b0 100644 --- a/ssl/openssl.cnf +++ b/ssl/openssl.cnf @@ -10,7 +10,6 @@ # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid @@ -19,7 +18,7 @@ oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: -# extensions = +# extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -57,7 +56,6 @@ crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extensions to add to the cert @@ -117,7 +115,7 @@ x509_extensions = v3_ca # The extensions to add to the self signed cert # input_password = secret # output_password = secret -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString (PKIX recommendation before 2004) # utf8only: only UTF8Strings (PKIX recommendation after 2004). -- 2.43.0