diff --git a/.etckeeper b/.etckeeper index 028eaa99..a49ff05e 100755 --- a/.etckeeper +++ b/.etckeeper @@ -6,7 +6,6 @@ mkdir -p './X11/xkb' mkdir -p './apache2/mods-available' mkdir -p './apparmor.d/force-complain' mkdir -p './apt/auth.conf.d' -mkdir -p './apt/trusted.gpg.d' mkdir -p './avahi/services' mkdir -p './binfmt.d' mkdir -p './ca-certificates/update.d' @@ -43,6 +42,7 @@ mkdir -p './nginx/modules-available' mkdir -p './opt' mkdir -p './parallel' mkdir -p './perl/CPAN' +mkdir -p './resolvconf/update-libc.d' mkdir -p './rsyslog.d' mkdir -p './security/limits.d' mkdir -p './security/namespace.d' @@ -330,8 +330,10 @@ maybe chmod 0644 'apt/sources.list.d/backports.list' maybe chmod 0644 'apt/sources.list.d/my.list' maybe chmod 0644 'apt/sources.list.d/raspi.list' maybe chmod 0644 'apt/sources.list.d/unstable.list' +maybe chmod 0644 'apt/sources.list.d/vscode.list' maybe chmod 0644 'apt/trusted.gpg' maybe chmod 0755 'apt/trusted.gpg.d' +maybe chmod 0644 'apt/trusted.gpg.d/microsoft.gpg' maybe chgrp 'daemon' 'at.deny' maybe chmod 0640 'at.deny' maybe chmod 0755 'avahi' @@ -13880,7 +13882,6 @@ maybe chmod 0755 'network/if-pre-up.d' maybe chmod 0755 'network/if-pre-up.d/wireless-tools' maybe chmod 0755 'network/if-up.d' maybe chmod 0755 'network/if-up.d/000resolvconf' -maybe chmod 0755 'network/if-up.d/avahi-daemon' maybe chmod 0755 'network/if-up.d/bind9' maybe chmod 0644 'network/interfaces' maybe chmod 0755 'network/interfaces.d' @@ -14108,7 +14109,6 @@ maybe chmod 0644 'resolvconf/resolv.conf.d/head' maybe chmod 0644 'resolvconf/resolv.conf.d/original' maybe chmod 0644 'resolvconf/resolv.conf.d/tail' maybe chmod 0755 'resolvconf/update-libc.d' -maybe chmod 0755 'resolvconf/update-libc.d/avahi-daemon' maybe chmod 0755 'resolvconf/update.d' maybe chmod 0755 'resolvconf/update.d/libc' maybe chmod 0644 'rpc' diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index 22530695..94ddeb47 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,42 +1,42 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-4\.19\.118-v8\+$"; - "^linux-image-4\.19\.75-v7\+$"; - "^linux-headers-4\.19\.118-v8\+$"; - "^linux-headers-4\.19\.75-v7\+$"; - "^linux-image-extra-4\.19\.118-v8\+$"; - "^linux-image-extra-4\.19\.75-v7\+$"; - "^linux-modules-4\.19\.118-v8\+$"; - "^linux-modules-4\.19\.75-v7\+$"; - "^linux-modules-extra-4\.19\.118-v8\+$"; - "^linux-modules-extra-4\.19\.75-v7\+$"; - "^linux-signed-image-4\.19\.118-v8\+$"; - "^linux-signed-image-4\.19\.75-v7\+$"; - "^linux-image-unsigned-4\.19\.118-v8\+$"; - "^linux-image-unsigned-4\.19\.75-v7\+$"; - "^kfreebsd-image-4\.19\.118-v8\+$"; - "^kfreebsd-image-4\.19\.75-v7\+$"; - "^kfreebsd-headers-4\.19\.118-v8\+$"; - "^kfreebsd-headers-4\.19\.75-v7\+$"; - "^gnumach-image-4\.19\.118-v8\+$"; - "^gnumach-image-4\.19\.75-v7\+$"; - "^.*-modules-4\.19\.118-v8\+$"; - "^.*-modules-4\.19\.75-v7\+$"; - "^.*-kernel-4\.19\.118-v8\+$"; - "^.*-kernel-4\.19\.75-v7\+$"; - "^linux-backports-modules-.*-4\.19\.118-v8\+$"; - "^linux-backports-modules-.*-4\.19\.75-v7\+$"; - "^linux-modules-.*-4\.19\.118-v8\+$"; - "^linux-modules-.*-4\.19\.75-v7\+$"; - "^linux-tools-4\.19\.118-v8\+$"; - "^linux-tools-4\.19\.75-v7\+$"; - "^linux-cloud-tools-4\.19\.118-v8\+$"; - "^linux-cloud-tools-4\.19\.75-v7\+$"; - "^linux-buildinfo-4\.19\.118-v8\+$"; - "^linux-buildinfo-4\.19\.75-v7\+$"; - "^linux-source-4\.19\.118-v8\+$"; - "^linux-source-4\.19\.75-v7\+$"; + "^linux-image-4\.19\.118-v7\+$"; + "^linux-image-5\.10\.17-v8\+$"; + "^linux-headers-4\.19\.118-v7\+$"; + "^linux-headers-5\.10\.17-v8\+$"; + "^linux-image-extra-4\.19\.118-v7\+$"; + "^linux-image-extra-5\.10\.17-v8\+$"; + "^linux-modules-4\.19\.118-v7\+$"; + "^linux-modules-5\.10\.17-v8\+$"; + "^linux-modules-extra-4\.19\.118-v7\+$"; + "^linux-modules-extra-5\.10\.17-v8\+$"; + "^linux-signed-image-4\.19\.118-v7\+$"; + "^linux-signed-image-5\.10\.17-v8\+$"; + "^linux-image-unsigned-4\.19\.118-v7\+$"; + "^linux-image-unsigned-5\.10\.17-v8\+$"; + "^kfreebsd-image-4\.19\.118-v7\+$"; + "^kfreebsd-image-5\.10\.17-v8\+$"; + "^kfreebsd-headers-4\.19\.118-v7\+$"; + "^kfreebsd-headers-5\.10\.17-v8\+$"; + "^gnumach-image-4\.19\.118-v7\+$"; + "^gnumach-image-5\.10\.17-v8\+$"; + "^.*-modules-4\.19\.118-v7\+$"; + "^.*-modules-5\.10\.17-v8\+$"; + "^.*-kernel-4\.19\.118-v7\+$"; + "^.*-kernel-5\.10\.17-v8\+$"; + "^linux-backports-modules-.*-4\.19\.118-v7\+$"; + "^linux-backports-modules-.*-5\.10\.17-v8\+$"; + "^linux-modules-.*-4\.19\.118-v7\+$"; + "^linux-modules-.*-5\.10\.17-v8\+$"; + "^linux-tools-4\.19\.118-v7\+$"; + "^linux-tools-5\.10\.17-v8\+$"; + "^linux-cloud-tools-4\.19\.118-v7\+$"; + "^linux-cloud-tools-5\.10\.17-v8\+$"; + "^linux-buildinfo-4\.19\.118-v7\+$"; + "^linux-buildinfo-5\.10\.17-v8\+$"; + "^linux-source-4\.19\.118-v7\+$"; + "^linux-source-5\.10\.17-v8\+$"; }; /* Debug information: # dpkg list: @@ -44,13 +44,13 @@ APT::NeverAutoRemove # list of different kernel versions: -# Installing kernel: (4.19.118-v8+) -# Running kernel: ignored (4.19.75-v7+) +# Installing kernel: (5.10.17-v8+) +# Running kernel: ignored (4.19.118-v7+) # Last kernel: # Previous kernel: # Kernel versions list to keep: # Kernel packages (version part) to protect: -4\.19\.118-v8\+ -4\.19\.75-v7\+ +4\.19\.118-v7\+ +5\.10\.17-v8\+ */ diff --git a/apt/sources.list.d/vscode.list b/apt/sources.list.d/vscode.list new file mode 100644 index 00000000..7b602246 --- /dev/null +++ b/apt/sources.list.d/vscode.list @@ -0,0 +1 @@ +### Disabled by raspberrypi-sys-mods ### diff --git a/apt/trusted.gpg.d/microsoft.gpg b/apt/trusted.gpg.d/microsoft.gpg new file mode 100644 index 00000000..e69de29b diff --git a/debian_version b/debian_version index 1be519cd..73def33c 100644 --- a/debian_version +++ b/debian_version @@ -1 +1 @@ -10.4 +10.9 diff --git a/default/rpi-eeprom-update b/default/rpi-eeprom-update index df7efac2..9e9d0797 100644 --- a/default/rpi-eeprom-update +++ b/default/rpi-eeprom-update @@ -1 +1 @@ -FIRMWARE_RELEASE_STATUS="critical" +FIRMWARE_RELEASE_STATUS="default" diff --git a/network/if-post-down.d/avahi-daemon b/network/if-post-down.d/avahi-daemon deleted file mode 120000 index 3cf33d0f..00000000 --- a/network/if-post-down.d/avahi-daemon +++ /dev/null @@ -1 +0,0 @@ -../if-up.d/avahi-daemon \ No newline at end of file diff --git a/network/if-up.d/avahi-daemon b/network/if-up.d/avahi-daemon deleted file mode 100755 index ee8f3881..00000000 --- a/network/if-up.d/avahi-daemon +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# Don't run the avahi-daemon unicast local check while bringing up -# the loopback device; it's not necessary until we bring up a real network -# device -[ "$IFACE" != "lo" ] || exit 0 -case "$ADDRFAM" in - inet|inet6) ;; - *) exit 0 ;; -esac - -# If we have an unicast .local domain, we immediately disable avahi to avoid -# conflicts with the multicast IP4LL .local domain -if [ -x /usr/lib/avahi/avahi-daemon-check-dns.sh ] ; then - exec /usr/lib/avahi/avahi-daemon-check-dns.sh -fi diff --git a/php/7.3/cgi/php.ini b/php/7.3/cgi/php.ini index aedc4731..1af6007d 100644 --- a/php/7.3/cgi/php.ini +++ b/php/7.3/cgi/php.ini @@ -1415,7 +1415,8 @@ session.cookie_domain = session.cookie_httponly = ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) -; Current valid values are "Lax" or "Strict" +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 session.cookie_samesite = @@ -1423,12 +1424,9 @@ session.cookie_samesite = ; http://php.net/session.serialize-handler session.serialize_handler = php -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any given request. +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 @@ -1436,13 +1434,9 @@ session.serialize_handler = php session.gc_probability = 0 ; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 100 -; when the session.gc_probability value is 1 will give you approximately a 1% chance -; the gc will run on any given request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any given request. For high volume production servers, -; this is a more efficient approach. +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 @@ -1458,8 +1452,8 @@ session.gc_maxlifetime = 1440 ; (see session.save_path above), then garbage collection does *not* ; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ; find /path/to/sessions -cmin +24 -type f | xargs rm ; Check HTTP Referer to invalidate externally stored URLs containing ids. diff --git a/php/7.3/cli/php.ini b/php/7.3/cli/php.ini index d9c24a87..080d0445 100644 --- a/php/7.3/cli/php.ini +++ b/php/7.3/cli/php.ini @@ -1415,7 +1415,8 @@ session.cookie_domain = session.cookie_httponly = ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) -; Current valid values are "Lax" or "Strict" +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 session.cookie_samesite = @@ -1423,12 +1424,9 @@ session.cookie_samesite = ; http://php.net/session.serialize-handler session.serialize_handler = php -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any given request. +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 @@ -1436,13 +1434,9 @@ session.serialize_handler = php session.gc_probability = 0 ; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 100 -; when the session.gc_probability value is 1 will give you approximately a 1% chance -; the gc will run on any given request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any given request. For high volume production servers, -; this is a more efficient approach. +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 @@ -1458,8 +1452,8 @@ session.gc_maxlifetime = 1440 ; (see session.save_path above), then garbage collection does *not* ; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ; find /path/to/sessions -cmin +24 -type f | xargs rm ; Check HTTP Referer to invalidate externally stored URLs containing ids. diff --git a/php/7.3/fpm/php.ini b/php/7.3/fpm/php.ini index aedc4731..1af6007d 100644 --- a/php/7.3/fpm/php.ini +++ b/php/7.3/fpm/php.ini @@ -1415,7 +1415,8 @@ session.cookie_domain = session.cookie_httponly = ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) -; Current valid values are "Lax" or "Strict" +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 session.cookie_samesite = @@ -1423,12 +1424,9 @@ session.cookie_samesite = ; http://php.net/session.serialize-handler session.serialize_handler = php -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any given request. +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 @@ -1436,13 +1434,9 @@ session.serialize_handler = php session.gc_probability = 0 ; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 100 -; when the session.gc_probability value is 1 will give you approximately a 1% chance -; the gc will run on any given request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any given request. For high volume production servers, -; this is a more efficient approach. +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 @@ -1458,8 +1452,8 @@ session.gc_maxlifetime = 1440 ; (see session.save_path above), then garbage collection does *not* ; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ; find /path/to/sessions -cmin +24 -type f | xargs rm ; Check HTTP Referer to invalidate externally stored URLs containing ids. diff --git a/php/7.3/fpm/pool.d/www.conf b/php/7.3/fpm/pool.d/www.conf index 484403cc..03ce7b03 100644 --- a/php/7.3/fpm/pool.d/www.conf +++ b/php/7.3/fpm/pool.d/www.conf @@ -41,7 +41,8 @@ listen = /run/php/php7.3-fpm.sock ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data diff --git a/resolvconf/update-libc.d/avahi-daemon b/resolvconf/update-libc.d/avahi-daemon deleted file mode 100755 index 7b70815d..00000000 --- a/resolvconf/update-libc.d/avahi-daemon +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -# -# If we have an unicast .local domain, we immediately disable avahi to avoid -# conflicts with the multicast IP4LL .local domain - -if [ -x /usr/lib/avahi/avahi-daemon-check-dns.sh ]; then - exec /usr/lib/avahi/avahi-daemon-check-dns.sh -fi diff --git a/udev/rules.d/99-com.rules b/udev/rules.d/99-com.rules index 406f6e35..b41e9dbf 100644 --- a/udev/rules.d/99-com.rules +++ b/udev/rules.d/99-com.rules @@ -5,6 +5,7 @@ SUBSYSTEM=="bcm2835-gpiomem", GROUP="gpio", MODE="0660" SUBSYSTEM=="rpivid-*", GROUP="video", MODE="0660" KERNEL=="vcsm-cma", GROUP="video", MODE="0660" +SUBSYSTEM=="dma_heap", GROUP="video", MODE="0660" SUBSYSTEM=="gpio", GROUP="gpio", MODE="0660" SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c '\ @@ -18,11 +19,24 @@ SUBSYSTEM=="pwm*", PROGRAM="/bin/sh -c '\ chown -R root:gpio /sys/devices/platform/soc/*.pwm/pwm/pwmchip* && chmod -R 770 /sys/devices/platform/soc/*.pwm/pwm/pwmchip*\ '" -KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\ +KERNEL=="ttyAMA0", PROGRAM="/bin/sh -c '\ ALIASES=/proc/device-tree/aliases; \ - if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \ + if cmp -s $$ALIASES/uart0 $$ALIASES/serial0; then \ echo 0;\ - elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \ + elif cmp -s $$ALIASES/uart0 $$ALIASES/serial1; then \ + echo 1; \ + else \ + exit 1; \ + fi\ +'", SYMLINK+="serial%c" + +KERNEL=="ttyAMA1", PROGRAM="/bin/sh -c '\ + ALIASES=/proc/device-tree/aliases; \ + if [ -e /dev/ttyAMA0 ]; then \ + exit 1; \ + elif cmp -s $$ALIASES/uart0 $$ALIASES/serial0; then \ + echo 0;\ + elif cmp -s $$ALIASES/uart0 $$ALIASES/serial1; then \ echo 1; \ else \ exit 1; \ @@ -31,11 +45,17 @@ KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\ KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\ ALIASES=/proc/device-tree/aliases; \ - if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \ + if cmp -s $$ALIASES/uart1 $$ALIASES/serial0; then \ echo 0; \ - elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \ + elif cmp -s $$ALIASES/uart1 $$ALIASES/serial1; then \ echo 1; \ else \ exit 1; \ fi \ '", SYMLINK+="serial%c" + +ACTION=="add", SUBSYSTEM=="vtconsole", KERNEL=="vtcon1", RUN+="/bin/sh -c '\ + if echo RPi-Sense FB | cmp -s /sys/class/graphics/fb0/name; then \ + echo 0 > /sys$devpath/bind; \ + fi; \ +'"