From: Frank Brehm <frank@brehm-online.com>
Date: Sat, 5 Apr 2014 06:41:09 +0000 (+0200)
Subject: Current state
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=8ac3f723629ed476f46f2ec569e6daaee79eb050;p=config%2Fbruni%2Fetc.git

Current state
---

diff --git a/ca-certificates.conf b/ca-certificates.conf
index e20b338c..20163d4d 100644
--- a/ca-certificates.conf
+++ b/ca-certificates.conf
@@ -1,5 +1,5 @@
-# Automatically generated by app-misc/ca-certificates-20130906
-# Fr 14. Mär 20:53:31 UTC 2014
+# Automatically generated by app-misc/ca-certificates-20130906-r1
+# Di 1. Apr 20:52:14 UTC 2014
 # Do not edit.
 cacert.org/cacert.org_class3.crt
 cacert.org/cacert.org_root.crt
diff --git a/config-archive/etc/ssh/sshd_config b/config-archive/etc/ssh/sshd_config
index fac258de..75517570 100644
--- a/config-archive/etc/ssh/sshd_config
+++ b/config-archive/etc/ssh/sshd_config
@@ -27,8 +27,8 @@
 
 # "key type names" for X.509 certificates with RSA key
 # Note first defined is used in signature operations!
-#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
 #X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
+#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
 
 # "key type names" for X.509 certificates with DSA key
 # Note first defined is used in signature operations!
@@ -95,6 +95,9 @@
 #KeyRegenerationInterval 1h
 #ServerKeyBits 1024
 
+# Ciphers and keying
+#RekeyLimit default none
+
 # Logging
 # obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
@@ -116,6 +119,11 @@ PermitRootLogin yes
 # but this is overridden so installations will only check .ssh/authorized_keys
 #AuthorizedKeysFile	.ssh/authorized_keys
 
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2
@@ -166,16 +174,17 @@ PrintMotd no
 PrintLastLog no
 #TCPKeepAlive yes
 #UseLogin no
-#UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox		# Default for new installations.
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 #UseDNS yes
 #PidFile /var/run/sshd.pid
-#MaxStartups 10
+#MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
+#VersionAddendum none
 
 # no default banner path
 #Banner none
@@ -190,18 +199,21 @@ Subsystem	sftp	/usr/lib64/misc/sftp-server
 # tcp receive buffer polling. disable in non autotuning kernels
 #TcpRcvBufPoll yes
  
-# allow the use of the none cipher
-#NoneEnabled no
-
-# disable hpn performance boosts. 
+# disable hpn performance boosts
 #HPNDisabled no
 
 # buffer size for hpn to non-hpn connections
 #HPNBufferSize 2048
 
 
+# allow the use of the none cipher
+#NoneEnabled no
+
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no
 #	AllowTcpForwarding no
 #	ForceCommand cvs server
+
+# Allow client to pass locale environment variables #367017
+AcceptEnv LANG LC_*
diff --git a/config-archive/etc/ssh/sshd_config.1 b/config-archive/etc/ssh/sshd_config.1
index 176bf48d..fac258de 100644
--- a/config-archive/etc/ssh/sshd_config.1
+++ b/config-archive/etc/ssh/sshd_config.1
@@ -7,7 +7,7 @@
 
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
-# possible, but leave them commented.  Uncommented options change a
+# possible, but leave them commented.  Uncommented options override the
 # default value.
 
 #Port 22
@@ -103,13 +103,17 @@
 # Authentication:
 
 #LoginGraceTime 2m
-PermitRootLogin no
+#PermitRootLogin no
+PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 
 #RSAAuthentication yes
 #PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
 #AuthorizedKeysFile	.ssh/authorized_keys
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
@@ -139,6 +143,7 @@ PasswordAuthentication no
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
 
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
@@ -175,6 +180,9 @@ PrintLastLog no
 # no default banner path
 #Banner none
 
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
 # override default of no subsystems
 Subsystem	sftp	/usr/lib64/misc/sftp-server
 
diff --git a/config-archive/etc/ssh/sshd_config.2 b/config-archive/etc/ssh/sshd_config.2
index 9f5583ea..176bf48d 100644
--- a/config-archive/etc/ssh/sshd_config.2
+++ b/config-archive/etc/ssh/sshd_config.2
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
+#	$OpenBSD$
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -175,22 +175,6 @@ PrintLastLog no
 # no default banner path
 #Banner none
 
-# here are the new patched ldap related tokens
-# entries in your LDAP must have posixAccount & ldapPublicKey objectclass
-#UseLPK yes
-#LpkLdapConf /etc/ldap.conf
-#LpkServers  ldap://10.1.7.1/ ldap://10.1.7.2/
-#LpkUserDN   ou=users,dc=phear,dc=org
-#LpkGroupDN  ou=groups,dc=phear,dc=org
-#LpkBindDN cn=Manager,dc=phear,dc=org
-#LpkBindPw secret
-#LpkServerGroup mail
-#LpkFilter (hostAccess=master.phear.org)
-#LpkForceTLS no
-#LpkSearchTimelimit 3
-#LpkBindTimelimit 3
-#LpkPubKeyAttr sshPublicKey
-
 # override default of no subsystems
 Subsystem	sftp	/usr/lib64/misc/sftp-server
 
diff --git a/config-archive/etc/ssh/sshd_config.3 b/config-archive/etc/ssh/sshd_config.3
index f3c6c252..9f5583ea 100644
--- a/config-archive/etc/ssh/sshd_config.3
+++ b/config-archive/etc/ssh/sshd_config.3
@@ -1,4 +1,4 @@
-#	$OpenBSD$
+#	$OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -175,8 +175,24 @@ PrintLastLog no
 # no default banner path
 #Banner none
 
+# here are the new patched ldap related tokens
+# entries in your LDAP must have posixAccount & ldapPublicKey objectclass
+#UseLPK yes
+#LpkLdapConf /etc/ldap.conf
+#LpkServers  ldap://10.1.7.1/ ldap://10.1.7.2/
+#LpkUserDN   ou=users,dc=phear,dc=org
+#LpkGroupDN  ou=groups,dc=phear,dc=org
+#LpkBindDN cn=Manager,dc=phear,dc=org
+#LpkBindPw secret
+#LpkServerGroup mail
+#LpkFilter (hostAccess=master.phear.org)
+#LpkForceTLS no
+#LpkSearchTimelimit 3
+#LpkBindTimelimit 3
+#LpkPubKeyAttr sshPublicKey
+
 # override default of no subsystems
-Subsystem	sftp	/usr/lib/misc/sftp-server
+Subsystem	sftp	/usr/lib64/misc/sftp-server
 
 # the following are HPN related configuration options
 # tcp receive buffer polling. disable in non autotuning kernels
diff --git a/config-archive/etc/ssh/sshd_config.dist b/config-archive/etc/ssh/sshd_config.dist
index e8186236..c76351aa 100644
--- a/config-archive/etc/ssh/sshd_config.dist
+++ b/config-archive/etc/ssh/sshd_config.dist
@@ -24,6 +24,7 @@
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
 
 # "key type names" for X.509 certificates with RSA key
 # Note first defined is used in signature operations!
@@ -151,8 +152,8 @@ PasswordAuthentication no
 #GSSAPICleanupCredentials yes
 #GSSAPIStrictAcceptorCheck yes
 
-# Set this to 'yes' to enable PAM authentication, account processing, 
-# and session processing. If this is enabled, PAM authentication will 
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
@@ -168,6 +169,7 @@ UsePAM yes
 #X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
+#PermitTTY yes
 PrintMotd no
 PrintLastLog no
 #TCPKeepAlive yes
@@ -208,6 +210,7 @@ Subsystem	sftp	/usr/lib64/misc/sftp-server
 #Match User anoncvs
 #	X11Forwarding no
 #	AllowTcpForwarding no
+#	PermitTTY no
 #	ForceCommand cvs server
 
 # Allow client to pass locale environment variables #367017
diff --git a/drirc b/drirc
index a13941f6..ebc04cd9 100644
--- a/drirc
+++ b/drirc
@@ -1,29 +1,77 @@
+<!--
+
+============================================
+Application bugs worked around in this file:
+============================================
+
+* Various Unigine products don't use the #version and #extension GLSL
+  directives, meaning they only get GLSL 1.10 and no extensions for their
+  shaders.
+  Enabling all extensions for Unigine fixes most issues, but the GLSL version
+  is still 1.10.
+
+* Unigine Heaven 3.0 with ARB_texture_multisample uses a "ivec4 * vec4"
+  expression, which fails to compile with GLSL 1.10.
+  Adding "#version 130" fixes this.
+
+* Unigine Heaven 3.0 with ARB_shader_bit_encoding uses the uint keyword, which
+  fails to compile with GLSL 1.10.
+  Adding "#version 130" fixes this.
+
+* Unigine Heaven 3.0 with ARB_shader_bit_encoding uses a "uint & int"
+  expression, which fails (and should fail) to compile with any GLSL version.
+  Disabling ARB_shader_bit_encoding fixes this.
+
+TODO: document the other workarounds.
+
+-->
+
 <driconf>
-    <device screen="0" driver="i965">
+    <!-- Please always enable app-specific workarounds for all drivers and
+         screens. -->
+    <device>
         <application name="Unigine Sanctuary" executable="Sanctuary">
             <option name="force_glsl_extensions_warn" value="true" />
             <option name="disable_blend_func_extended" value="true" />
 	</application>
+
         <application name="Unigine Tropics" executable="Tropics">
             <option name="force_glsl_extensions_warn" value="true" />
             <option name="disable_blend_func_extended" value="true" />
 	</application>
+
         <application name="Unigine Heaven (32-bit)" executable="heaven_x86">
             <option name="force_glsl_extensions_warn" value="true" />
             <option name="disable_blend_func_extended" value="true" />
+            <option name="force_glsl_version" value="130" />
+            <option name="disable_shader_bit_encoding" value="true" />
 	</application>
+
         <application name="Unigine Heaven (64-bit)" executable="heaven_x64">
             <option name="force_glsl_extensions_warn" value="true" />
             <option name="disable_blend_func_extended" value="true" />
+            <option name="force_glsl_version" value="130" />
+            <option name="disable_shader_bit_encoding" value="true" />
 	</application>
+
         <application name="Unigine OilRush (32-bit)" executable="OilRush_x86">
             <option name="disable_blend_func_extended" value="true" />
 	</application>
+
         <application name="Unigine OilRush (64-bit)" executable="OilRush_x64">
             <option name="disable_blend_func_extended" value="true" />
 	</application>
+
         <application name="Savage 2" executable="savage2.bin">
             <option name="disable_glsl_line_continuations" value="true" />
         </application>
+
+        <application name="Topogun (32-bit)" executable="topogun32">
+            <option name="always_have_depth_buffer" value="true" />
+        </application>
+
+        <application name="Topogun (64-bit)" executable="topogun64">
+            <option name="always_have_depth_buffer" value="true" />
+        </application>
     </device>
 </driconf>
diff --git a/group b/group
index ee06b050..fd630fe5 100644
--- a/group
+++ b/group
@@ -72,3 +72,4 @@ qemu:x:77:
 systemd-journal:x:984:
 colord:x:983:
 geoclue:x:982:
+samba:x:981:
diff --git a/group- b/group-
index f429f411..ee06b050 100644
--- a/group-
+++ b/group-
@@ -71,3 +71,4 @@ kvm:x:78:qemu
 qemu:x:77:
 systemd-journal:x:984:
 colord:x:983:
+geoclue:x:982:
diff --git a/gshadow b/gshadow
index c0095c26..214156e3 100644
--- a/gshadow
+++ b/gshadow
@@ -70,3 +70,4 @@ qemu:!::
 systemd-journal:!::
 colord:!::
 geoclue:!::
+samba:!::
diff --git a/gshadow- b/gshadow-
index a372a8d7..c0095c26 100644
--- a/gshadow-
+++ b/gshadow-
@@ -69,3 +69,4 @@ kvm:!::qemu
 qemu:!::
 systemd-journal:!::
 colord:!::
+geoclue:!::
diff --git a/init.d/samba b/init.d/samba
index 779ec09b..96bb94ec 100755
--- a/init.d/samba
+++ b/init.d/samba
@@ -1,9 +1,10 @@
 #!/sbin/runscript
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License, v2 or later
-# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/samba.initd,v 1.3 2011/09/14 22:52:33 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/samba.initd,v 1.4 2014/03/14 09:30:41 polynomial-c Exp $
 
 extra_started_commands="reload"
+piddir="/var/run/samba"
 
 depend() {
 	after slapd
@@ -34,7 +35,7 @@ signal_do() {
 }
 
 mkdir_sambadirs() {
-	[ -d /var/run/samba ] || mkdir -p /var/run/samba
+	[ -d "${piddir}" ] || mkdir -p ${piddir}
 }
 
 start() {
diff --git a/portage/package.keywords b/portage/package.keywords
index ce687b6d..bacc7fef 100644
--- a/portage/package.keywords
+++ b/portage/package.keywords
@@ -7,7 +7,9 @@
 # ~app-admin/openrc-settingsd-1.0.1
 
 ~app-arch/mate-file-archiver-1.6.0
+~app-arch/mate-file-archiver-1.6.1
 
+~app-editors/mate-text-editor-1.6.2
 ~app-editors/mate-text-editor-1.6.2
 
 ~app-emulation/emul-linux-x86-baselibs-20120520
@@ -29,6 +31,7 @@ app-emulation/virtualbox-modules
 ~app-misc/g15mpd-1.0.0
 
 ~app-text/mate-document-viewer-1.6.1
+~app-text/mate-document-viewer-1.6.2
 ~app-text/mate-doc-utils-1.6.2
 
 ~dev-db/virtuoso-odbc-6.1.4
@@ -48,9 +51,12 @@ app-emulation/virtualbox-modules
 # ~dev-libs/folks-0.8.0
 # ~dev-libs/gjs-1.34.0
 ~dev-libs/icu-51.1
-# ~dev-libs/libzeitgeist-0.3.18
+~dev-libs/libappindicator-12.10.0
+~dev-libs/libdbusmenu-12.10.2
 ~dev-libs/libgcrypt-1.5.0
+~dev-libs/libindicator-12.10.1
 ~dev-libs/libmateweather-1.6.2
+# ~dev-libs/libzeitgeist-0.3.18
 ~dev-libs/nspr-4.9.1
 ~dev-libs/nspr-4.9.6
 ~dev-libs/nspr-4.10
@@ -126,12 +132,18 @@ mail-client/thunderbird
 ~mate-base/mate-settings-daemon-1.6.2
 
 ~mate-extra/mate-calc-1.6.0
+~mate-extra/mate-calc-1.6.1
 ~mate-extra/mate-character-map-1.6.0
 ~mate-extra/mate-dialogs-1.6.2
+~mate-extra/mate-file-manager-image-converter-1.6.0
+~mate-extra/mate-file-manager-open-terminal-1.6.0
+~mate-extra/mate-file-manager-sendto-1.6.0
+~mate-extra/mate-file-manager-share-1.6.0
 ~mate-extra/mate-media-1.6.1
 ~mate-extra/mate-polkit-1.6.1
 ~mate-extra/mate-power-manager-1.6.3
 ~mate-extra/mate-screensaver-1.6.1
+~mate-extra/mate-sensors-applet-1.6.1
 ~mate-extra/mate-system-monitor-1.6.1
 ~mate-extra/mate-utils-1.6.1
 
diff --git a/ssh/sshd_config b/ssh/sshd_config
index 75517570..7bbd37f7 100644
--- a/ssh/sshd_config
+++ b/ssh/sshd_config
@@ -24,6 +24,7 @@
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
 
 # "key type names" for X.509 certificates with RSA key
 # Note first defined is used in signature operations!
@@ -153,8 +154,8 @@ PasswordAuthentication no
 #GSSAPICleanupCredentials yes
 #GSSAPIStrictAcceptorCheck yes
 
-# Set this to 'yes' to enable PAM authentication, account processing, 
-# and session processing. If this is enabled, PAM authentication will 
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
@@ -170,6 +171,7 @@ UsePAM yes
 X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
+#PermitTTY yes
 PrintMotd no
 PrintLastLog no
 #TCPKeepAlive yes
@@ -213,6 +215,7 @@ Subsystem	sftp	/usr/lib64/misc/sftp-server
 #Match User anoncvs
 #	X11Forwarding no
 #	AllowTcpForwarding no
+#	PermitTTY no
 #	ForceCommand cvs server
 
 # Allow client to pass locale environment variables #367017
diff --git a/udev/hwdb.bin b/udev/hwdb.bin
index fab0c348..c7be4096 100644
Binary files a/udev/hwdb.bin and b/udev/hwdb.bin differ