When a user has more than m_cron::MAX_SOCKETS actions to run when the
cron script is invoked, it uses a rolling window while running the
batch execution in CURL. The followin warning happens because the
url key isn't being used when getting the information out of the array.
When they both watch the same directory, when a file is touched - eg,
/run/alternc/incron/inotify_do_action.lock both scripts are started
running in children of the top-level /usr/sbin/incrond script. When
those scripts finish, one or the other tends to start watching for all
the incron tables again (created more and more children each time).
Maybe it's a bug in incron.
Test:
* Check number of running processes with ps faux | grep incron
* Do an action, eg. chmod a folder in the web interace
* Re-check the number of running processes, they should stay the same
not increase
While working on #424, I discovered that actions that were run were unable
to record their run state into the database because the return code value
being passed to m_action::finish was a string and not an integer.
I added a shim to try to normalize the data passed onwards to m_action::finish,
although in the long term I think a proper cleanup of the cases should be done.
This should help with #424 by switching the watched directories to a
sub-directory of /run/alternc. There are many other scripts create and
handle files in the /run/alternc that were causing incrond to start up
quite often.
Users made in the Matomo interface and given an access to a site
that's in AlternC show up without this restriction. When that happens,
the user is no longer able to modify permissions for any of the Matomo
users from their AlternC account.
If the apparmor configuration file is there, an extra include will be added
and the install/app/usr.sbin.named-alternc file deployed to the apparmor local
configuration directory.
This allows bind to work with AlternC and apparmor enabled out of the box on
Debian Buster.
Fixes#382
The maxlength attribute will silently drop all characters after the
indicated limit. Users will not have feedback that their password
is (now) wrong.
There seems to a password policy that is actively checked, and may be
defined by the admin (default: 64 character limit).
Fixes#341
When applying LIMIT X, Y the ordering before the limit and offset do
not seem to be guaranteed. For example, if you have a large number of
e-mail addresses, and you page between the same e-mail address can appear twice.
The case where this was happening there were 2-3 mail boxes and ~90 aliases.
I'm not sure if this tied somehow to the database version used, but making the
desired ordering explicit ensures that all mails will eventually be shown and
shouldn't be shown twice.
Fix#247: escape mysql passwords at install
Backport from merge set in stable-3.1
Merge remote-tracking branch 'remotes/koumbit/247_escape-mysql-passwords-at-install'
This reverts commit 1ba7a2f475, reversing
changes made to a85ccd043b.
* If we want only IP from remote then we must disable Lookup option
* Prevent problem with remote_ip (is not installed by default) and it's better to set proxy allowed and return correctly %h value
The current comparison can only work on debian stretch, that ships php
7.0, but debian buster has a more recent version and bullseye will have
an even more recent version.
This change was suggested by @ulvida (Daniel Viñar Ulriksen) on Github.
Thanks!
Closes: #459
Co-authored-by: Gabriel Filion <gabriel@koumbit.org>
# Rationale
TLSv1.2 has been out for more than 10 years, and is now widely available. TLSv1.0 and TLSv1.1 are known to be unsufficient for a few years and have been officially deprecated by the IETF recently.
TLSv1.3 is starting to be widely available, however it had implementation bugs, such as https://github.com/proftpd/proftpd/issues/959. This is fixed upstream, but fixed versions are not available in Debian 10 yet.
# Changes
* ProFTPd now defaults to TLSv1.2
* Add a comment for suggesting other values like TLSv1.3, but with a comment about buggy versions
* Add a comment for downgrading to deprecated TLSv1 TLSv1.1
Kienan Stewart
Guillaume Est Une Palourde