committing changes in /etc after apt run

Package changes:
-apache2-bin 2.4.25-3+deb9u5 amd64
+apache2-bin 2.4.25-3+deb9u6 amd64
-base-files 9.9+deb9u5 amd64
+base-files 9.9+deb9u6 amd64
-clamav-base 0.100.1+dfsg-0+deb9u1 all
-clamav-daemon 0.100.1+dfsg-0+deb9u1 amd64
-clamav-freshclam 0.100.1+dfsg-0+deb9u1 amd64
+clamav-base 0.100.2+dfsg-0+deb9u1 all
+clamav-daemon 0.100.2+dfsg-0+deb9u1 amd64
+clamav-freshclam 0.100.2+dfsg-0+deb9u1 amd64
-curl 7.52.1-5+deb9u7 amd64
+curl 7.52.1-5+deb9u8 amd64
-dirmngr 2.1.18-8~deb9u2 amd64
+dirmngr 2.1.18-8~deb9u3 amd64
-gnupg 2.1.18-8~deb9u2 amd64
-gnupg-agent 2.1.18-8~deb9u2 amd64
-gpgv 2.1.18-8~deb9u2 amd64
+gnupg 2.1.18-8~deb9u3 amd64
+gnupg-agent 2.1.18-8~deb9u3 amd64
+gpgv 2.1.18-8~deb9u3 amd64
-grub-common 2.02~beta3-5 amd64
-grub-pc 2.02~beta3-5 amd64
-grub-pc-bin 2.02~beta3-5 amd64
-grub2-common 2.02~beta3-5 amd64
+grub-common 2.02~beta3-5+deb9u1 amd64
+grub-pc 2.02~beta3-5+deb9u1 amd64
+grub-pc-bin 2.02~beta3-5+deb9u1 amd64
+grub2-common 2.02~beta3-5+deb9u1 amd64
-libclamav7 0.100.1+dfsg-0+deb9u1 amd64
+libclamav7 0.100.2+dfsg-0+deb9u1 amd64
-libcurl3 7.52.1-5+deb9u7 amd64
-libcurl3-gnutls 7.52.1-5+deb9u7 amd64
+libcurl3 7.52.1-5+deb9u8 amd64
+libcurl3-gnutls 7.52.1-5+deb9u8 amd64
-libfuse2 2.9.7-1+deb9u1 amd64
+libfuse2 2.9.7-1+deb9u2 amd64
-libgd3 2.2.4-2+deb9u2 amd64
+libgd3 2.2.4-2+deb9u3 amd64
-libgnutls-openssl27 3.5.8-5+deb9u3 amd64
-libgnutls30 3.5.8-5+deb9u3 amd64
+libgnutls-openssl27 3.5.8-5+deb9u4 amd64
+libgnutls30 3.5.8-5+deb9u4 amd64
-libmspack0 0.5-1+deb9u2 amd64
+libmspack0 0.5-1+deb9u3 amd64
-libnginx-mod-http-auth-pam 1.10.3-1+deb9u1 amd64
-libnginx-mod-http-dav-ext 1.10.3-1+deb9u1 amd64
-libnginx-mod-http-echo 1.10.3-1+deb9u1 amd64
-libnginx-mod-http-geoip 1.10.3-1+deb9u1 amd64
-libnginx-mod-http-image-filter 1.10.3-1+deb9u1 amd64
-libnginx-mod-http-subs-filter 1.10.3-1+deb9u1 amd64
-libnginx-mod-http-upstream-fair 1.10.3-1+deb9u1 amd64
-libnginx-mod-http-xslt-filter 1.10.3-1+deb9u1 amd64
-libnginx-mod-mail 1.10.3-1+deb9u1 amd64
-libnginx-mod-stream 1.10.3-1+deb9u1 amd64
+libnginx-mod-http-auth-pam 1.10.3-1+deb9u2 amd64
+libnginx-mod-http-dav-ext 1.10.3-1+deb9u2 amd64
+libnginx-mod-http-echo 1.10.3-1+deb9u2 amd64
+libnginx-mod-http-geoip 1.10.3-1+deb9u2 amd64
+libnginx-mod-http-image-filter 1.10.3-1+deb9u2 amd64
+libnginx-mod-http-subs-filter 1.10.3-1+deb9u2 amd64
+libnginx-mod-http-upstream-fair 1.10.3-1+deb9u2 amd64
+libnginx-mod-http-xslt-filter 1.10.3-1+deb9u2 amd64
+libnginx-mod-mail 1.10.3-1+deb9u2 amd64
+libnginx-mod-stream 1.10.3-1+deb9u2 amd64
-libpam-systemd 232-25+deb9u4 amd64
+libpam-systemd 232-25+deb9u6 amd64
-libruby2.3 2.3.3-1+deb9u3 amd64
+libruby2.3 2.3.3-1+deb9u4 amd64
-libseccomp2 2.3.1-2.1 amd64
+libseccomp2 2.3.1-2.1+deb9u1 amd64
-libsystemd0 232-25+deb9u4 amd64
+libsystemd0 232-25+deb9u6 amd64
-libudev1 232-25+deb9u4 amd64
-libunbound2 1.6.0-3+deb9u1 amd64
+libudev1 232-25+deb9u6 amd64
+libunbound2 1.6.0-3+deb9u2 amd64
-libx11-6 2:1.6.4-3 amd64
-libx11-data 2:1.6.4-3 all
-libxapian30 1.4.3-2+deb9u1 amd64
+libx11-6 2:1.6.4-3+deb9u1 amd64
+libx11-data 2:1.6.4-3+deb9u1 all
+libxapian30 1.4.3-2+deb9u2 amd64
-linux-image-4.9.0-8-amd64 4.9.110-3+deb9u6 amd64
+linux-image-4.9.0-8-amd64 4.9.130-2 amd64
-nginx-common 1.10.3-1+deb9u1 all
-nginx-full 1.10.3-1+deb9u1 amd64
+nginx-common 1.10.3-1+deb9u2 all
+nginx-full 1.10.3-1+deb9u2 amd64
-ruby2.3 2.3.3-1+deb9u3 amd64
+ruby2.3 2.3.3-1+deb9u4 amd64
-salt-common 2018.3.2+ds-1 all
-salt-minion 2018.3.2+ds-1 all
+salt-common 2018.3.3+ds-2 all
+salt-minion 2018.3.3+ds-2 all
-spamassassin 3.4.1-6+deb9u1 all
+spamassassin 3.4.2-1~deb9u1 all
-systemd 232-25+deb9u4 amd64
-systemd-sysv 232-25+deb9u4 amd64
+systemd 232-25+deb9u6 amd64
+systemd-sysv 232-25+deb9u6 amd64
-tzdata 2018e-0+deb9u1 all
+tzdata 2018g-0+deb9u1 all
-udev 232-25+deb9u4 amd64
+udev 232-25+deb9u6 amd64

diff --git a/.etckeeper b/.etckeeper
index 5966db77d26449babc4eb8640c5c32b8e981b2f6..33b901442df1f8b07d27a0e3c3ef6dede45fbee1 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -1344,6 +1344,7 @@ maybe chmod 0644 'spamassassin/v320.pre'
 maybe chmod 0644 'spamassassin/v330.pre'
 maybe chmod 0644 'spamassassin/v340.pre'
 maybe chmod 0644 'spamassassin/v341.pre'
+maybe chmod 0644 'spamassassin/v342.pre'
 maybe chmod 0755 'ssh'
 maybe chmod 0644 'ssh/moduli'
 maybe chmod 0644 'ssh/ssh_config'

diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels
index 35e5c37f69e4dfc35bf58cbcb017231ac69b5a55..13e44d53d38f2bb2cf045fbab812eba7875e99a6 100644 (file)
--- a/apt/apt.conf.d/01autoremove-kernels
+++ b/apt/apt.conf.d/01autoremove-kernels
@@ -27,20 +27,20 @@ APT::NeverAutoRemove
 /* Debug information:
 # dpkg list:
 ii  linux-image-4.9.0-6-amd64            4.9.88-1+deb9u1                amd64        Linux 4.9 for 64-bit PCs
-iF  linux-image-4.9.0-8-amd64            4.9.110-3+deb9u6               amd64        Linux 4.9 for 64-bit PCs
+iF  linux-image-4.9.0-8-amd64            4.9.130-2                      amd64        Linux 4.9 for 64-bit PCs
 ii  linux-image-amd64                    4.9+80+deb9u6                  amd64        Linux for 64-bit PCs (meta-package)
 # list of installed kernel packages:
 4.9.0-6-amd64 4.9.88-1+deb9u1
-4.9.0-8-amd64 4.9.110-3+deb9u6
+4.9.0-8-amd64 4.9.130-2
 # list of different kernel versions:
-4.9.110-3+deb9u6
+4.9.130-2
 4.9.88-1+deb9u1
-# Installing kernel: 4.9.110-3+deb9u6 (4.9.0-8-amd64)
-# Running kernel: 4.9.110-3+deb9u6 (4.9.0-8-amd64)
-# Last kernel: 4.9.110-3+deb9u6
+# Installing kernel: 4.9.130-2 (4.9.0-8-amd64)
+# Running kernel: 4.9.130-2 (4.9.0-8-amd64)
+# Last kernel: 4.9.130-2
 # Previous kernel: 4.9.88-1+deb9u1
 # Kernel versions list to keep:
-4.9.110-3+deb9u6
+4.9.130-2
 4.9.88-1+deb9u1
 # Kernel packages (version part) to protect:
 4\.9\.0-6-amd64

diff --git a/cron.daily/spamassassin b/cron.daily/spamassassin
index 333caf7496fd59b1890695c3d4e84f788da0b073..52a7d71463aa03316a23ed5fefdb66ee5de49f9d 100755 (executable)
--- a/cron.daily/spamassassin
+++ b/cron.daily/spamassassin
@@ -42,7 +42,8 @@ do_compile() {
         # Fixup perms -- group and other should be able to
         # read and execute, but never write.  Works around
         # sa-compile's failure to obey umask.
-        chmod -R go-w,go+rX /var/lib/spamassassin/compiled
+        runuser -u debian-spamd -- \
+                chmod -R go-w,go+rX /var/lib/spamassassin/compiled
     fi
 }
 

diff --git a/debian_version b/debian_version
index 592f36ef3a918f5e1a189156a0671e73fc408fdd..c026ac828d085bb96917f9390169bf833f83a83e 100644 (file)
--- a/debian_version
+++ b/debian_version
@@ -1 +1 @@
-9.5
+9.6

diff --git a/init.d/spamassassin b/init.d/spamassassin
index 9fb9c06277c894e5b4524aceb3e325a1a55ec356..5e8435b613f3c99d90c094e8a548af0b2bccdfdd 100755 (executable)
--- a/init.d/spamassassin
+++ b/init.d/spamassassin
@@ -36,6 +36,9 @@ test -f /etc/default/spamassassin && . /etc/default/spamassassin
 
 DOPTIONS="-d --pidfile=$PIDFILE"
 
+# Note: check_enabled should go away as soon as possible after the
+# next stable release to complete the transition away from using
+# ENABLED=1 in /etc/default/spamassassin
 check_enabled() {
     if [ "$ENABLED" = "0" ]; then
        echo "$DESC: disabled, see /etc/default/spamassassin"
@@ -51,30 +54,30 @@ case "$1" in
   start)
        check_enabled
        echo -n "Starting $DESC: "
-       start-stop-daemon --start --pidfile $PIDFILE --name $DAEMON \
+       start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
            $NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
        echo "$NAME."
        ;;
 
   stop)
        echo -n "Stopping $DESC: "
-       start-stop-daemon --stop --pidfile $PIDFILE --name $DAEMON --oknodo
+       start-stop-daemon --stop --pidfile $PIDFILE --name $NAME --oknodo
        echo "$NAME."
        ;;
 
   reload|force-reload)
        check_enabled
        echo -n "Reloading $DESC: "
-       start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $DAEMON
+       start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $NAME
        echo "$NAME."
        ;;
 
   restart)
        check_enabled
        echo -n "Restarting $DESC: "
-       start-stop-daemon --stop --pidfile $PIDFILE --name $DAEMON \
+       start-stop-daemon --stop --pidfile $PIDFILE --name $NAME \
            --retry 5 --oknodo
-       start-stop-daemon --start --pidfile $PIDFILE --name $DAEMON \
+       start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
            $NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
 
        echo "$NAME."

diff --git a/spamassassin/v342.pre b/spamassassin/v342.pre
new file mode 100644 (file)
index 0000000..4ab7736
--- /dev/null
+++ b/spamassassin/v342.pre
@@ -0,0 +1,36 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.4.1,
+# and contains plugin loading commands for the new plugins added in that
+# release.  It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read.  Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read.  As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# HashBL - Use EBL email blocklist
+# loadplugin Mail::SpamAssassin::Plugin::HashBL
+
+# ResourceLimits - assure your spamd child processes
+# do not exceed specified CPU or memory limit
+# loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
+
+
+# FromNameSpoof - help stop spam that tries to spoof other domains using 
+# the from name
+# loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof
+
+# Phishing - finds uris used in phishing campaigns detected by
+# OpenPhish or PhishTank feeds.
+# loadplugin Mail::SpamAssassin::Plugin::Phishing
+
+# allow URI rules to look at DKIM headers if they exist
+parse_dkim_uris 1