Oct 4, 2014:

10:42 PM Changeset [2621] by andersk
Enforce a modern TLS cipher suite order This configuration was copied from the backward compatibility configuration at https://wiki.mozilla.org/Security/Server_Side_TLS, version 3/3.1/3.2.

Sep 30, 2014:

2:37 PM Ticket #404 (Use tmpl_context, not threading.local(), for request-local state) created by andersk
Pony tries to use threading.local() to store request-local state, …

Sep 26, 2014:

5:20 AM Changeset [2620] by andersk
Revert r2619 “bash: Disable function imports” The fixes applied in bash 4.2.48-2 are convincing. Specifically, function exports now use the variable ‘BASH_FUNC_foo()’ instead of ‘foo’, and will be blocked by suexec or anything that puts nonzero effort into sanitizing the environment. And we don’t want to maintain bash forever.

Sep 24, 2014:

9:13 PM Changeset [2619] by andersk
bash: Disable function imports The upstream fix for CVE-2014-6271 isn’t good enough. Furthermore, even if they were completely fixed to operate as intended, they are still a bad idea to begin with. Disable this feature entirely.

Sep 22, 2014:

6:45 PM Changeset [2618] by andersk
ip[6]tables: Really ignore SMTP to localhost Packets in OUTPUT have an output interface, not an input interface.
5:08 PM Ticket #403 (‘service ip6tables restart’ angers /etc/scripts/modprobe, fails) created by andersk
4:59 PM Changeset [2617] by andersk
ip[6]tables: Ignore SMTP to localhost

Sep 16, 2014:

11:37 PM Changeset [2616] by mitchb
Certificate and reified vhost config for linguistics

Sep 15, 2014:

11:08 PM Changeset [2615] by andersk
Upgrade OpenAFS to 1.6.10pre1 for kernel 3.16 support

Sep 14, 2014:

10:23 PM Changeset [2614] by quentin
Configure iptables for logging user-generated direct SMTP traffic.
10:12 PM Changeset [2613] by quentin
Upstream stock version of ip6tables-config

Sep 13, 2014:

4:19 PM Changeset [2612] by glasgall
Add /etc/securetty, since we need to add ttyS0 to it now.

Sep 11, 2014:

2:37 PM Changeset [2611] by mitchb
Certificate and reified vhost config for la-casa
2:35 PM Changeset [2610] by mitchb
Remove errant SSLCertificateChainFile directives

Sep 9, 2014:

8:35 PM Changeset [2609] by mitchb
Spammers get you coming and going Enhance prune-mailq to be able to give you a list of top offenders, either by sender or by first recipient, and to allow you to purge all mail from a specific sender or all mail solely destined for a specific recipient. Also fix a tiny bit of grammar.
1:52 AM Changeset [2608] by achernya
Block a spammy user

Sep 5, 2014:

11:39 PM Changeset [2607] by glasgall
re-reify dnd.mit.edu vhost
4:35 PM Ticket #131 (Better package management for eggs, gems, and other vaguely ...) closed by andersk
fixed: Scripts F20 is now sphereoid-free.
Note: See TracTimeline for information about the timeline view.