Thursday, March 31, 2016

Scheduled Maintenance - POSB

Scheduled Maintenance - POSB

We are constantly upgrading our systems to bring you a more pleasant banking experience. During the mentioned period of scheduled maintenance, some of the services will not be available:

iBanking

Date
Maintenance Period
Services under Maintenance
02 April 2016
0600hrs to 0730hrs
System Maintenance

Credit Card/Debit Card
- New Credit Card Application
- Additional Credit Card Application
- Debit Card Application
- Application Status Overview
- Document Upload

Alerts
- Manage Alerts

Set Preferred Brand
- Set Preferred Brand - DBS or POSB

Funds Transfer Overseas
- Add Payee / Send Money (Send Money to Overseas Bank Account)
- Enquire on Transactions (Send Money to Overseas Bank Account)
- Add Payee / Send Money (DBS India Remit)
- Enquire on Transactions (DBS India Remit)
- Add Payee / Send Money (DBS Indonesia Remit)
- Enquire on Transactions (DBS Indonesia Remit)
- Add Payee / Send Money (DBS China Remit)
- Enquire on Transactions (DBS China Remit)
- Add Payee / Send Money (DBS Hong Kong Remit)
- Enquire on Transactions (DBS Hong Kong Remit)
- Add Payee / Send Money (DBS Malaysia Remit)
- Enquire on Transactions (DBS Malaysia Remit)
- Add Payee / Send Money (DBS UK Remit)
- Enquire on Transactions (DBS UK Remit)
- Add Payee / Send Money (DBS Philippines Remit)
- Enquire on Transactions (DBS Philippines Remit)

Contact Us
- Personal Inbox
- Compose
- Sent Mail
03 April 2016
0000hrs to 0130hrs
System Maintenance

Credit Card/Debit Card
- New Credit Card Application
- Additional Credit Card Application
- Debit Card Application
- Application Status Overview
- Document Upload

Alerts
- Manage Alerts

Set Preferred Brand
- Set Preferred Brand - DBS or POSB

Funds Transfer Overseas
- Add Payee / Send Money (Send Money to Overseas Bank Account)
- Enquire on Transactions (Send Money to Overseas Bank Account)
- Add Payee / Send Money (DBS India Remit)
- Enquire on Transactions (DBS India Remit)
- Add Payee / Send Money (DBS Indonesia Remit)
- Enquire on Transactions (DBS Indonesia Remit)
- Add Payee / Send Money (DBS China Remit)
- Enquire on Transactions (DBS China Remit)
- Add Payee / Send Money (DBS Hong Kong Remit)
- Enquire on Transactions (DBS Hong Kong Remit)
- Add Payee / Send Money (DBS Malaysia Remit)
- Enquire on Transactions (DBS Malaysia Remit)
- Add Payee / Send Money (DBS UK Remit)
- Enquire on Transactions (DBS UK Remit)
- Add Payee / Send Money (DBS Philippines Remit)
- Enquire on Transactions (DBS Philippines Remit)

Contact Us
- Personal Inbox
- Compose
- Sent Mail
03 April 2016
0500hrs to 0800hrs
System Maintenance

Funds Transfer Overseas

- Add Payee / Send Money (Send Money to Overseas Bank Account)
- Enquire on Transactions (Send Money to Overseas Bank Account)
- Add Payee / Send Money (DBS India Remit)
- Enquire on Transactions (DBS India Remit)
- Add Payee / Send Money (DBS Indonesia Remit)
- Enquire on Transactions (DBS Indonesia Remit)
- Add Payee / Send Money (DBS China Remit)
- Enquire on Transactions (DBS China Remit)
- Add Payee / Send Money (DBS Hong Kong Remit)
- Enquire on Transactions (DBS Hong Kong Remit)
- Add Payee / Send Money (DBS Malaysia Remit)
- Enquire on Transactions (DBS Malaysia Remit)
- Add Payee / Send Money (DBS UK Remit)
- Enquire on Transactions (DBS UK Remit)
- Add Payee / Send Money (DBS Philippines Remit)
- Enquire on Transactions (DBS Philippines Remit)
03 April 2016
0600hrs to 0700hrs
System Maintenance

Credit Card/Debit Card
- Document Upload
10 April 2016
0130hrs to 0530hrs
System Maintenance
- Fast Funds Transfer to Other Bank (New/Existing Payee)
- Adhoc Fast Funds Transfer to Other Bank
- Fast Transaction History
- View/Delete Post Dated Funds Transfer
10 April 2016
0200hrs to 0300hrs
System Maintenance
- Intermittent disruption of services
17 April 2016
0200hrs to 0300hrs
System Maintenance
- Intermittent disruption of services
08 May 2016
0000hrs to 0600hrs
System Maintenance
- Fast Funds Transfer to Other Bank (New/Existing Payee)
- Adhoc Fast Funds Transfer to Other Bank
- Fast Transaction History
- View/Delete Post Dated Funds Transfer

mBanking

Date
Maintenance Period
Services under Maintenance
02 April 2016
0600hrs to 0730hrs
System Maintenance

Funds Transfer Overseas
- Add Payee / Send Money (Send Money to Overseas Bank Account)
- Enquire on Transactions (Send Money to Overseas Bank Account)
- Add Payee / Send Money (DBS India Remit)
- Enquire on Transactions (DBS India Remit)
- Add Payee / Send Money (DBS Indonesia Remit)
- Enquire on Transactions (DBS Indonesia Remit)
03 April 2016
0000hrs to 0130hrs
System Maintenance

Funds Transfer Overseas
- Add Payee / Send Money (Send Money to Overseas Bank Account)
- Enquire on Transactions (Send Money to Overseas Bank Account)
- Add Payee / Send Money (DBS India Remit)
- Enquire on Transactions (DBS India Remit)
- Add Payee / Send Money (DBS Indonesia Remit)
- Enquire on Transactions (DBS Indonesia Remit)
03 April 2016
0500hrs to 0800hrs
System Maintenance

Funds Transfer Overseas
- Add Payee / Send Money (Send Money to Overseas Bank Account)
- Enquire on Transactions (Send Money to Overseas Bank Account)
- Add Payee / Send Money (DBS India Remit)
- Enquire on Transactions (DBS India Remit)
10 April 2016
0130hrs to 0530hrs
System Maintenance
- Fast Funds Transfer to Other Bank (New/Existing Payee)
- Adhoc Fast Funds Transfer to Other Bank
- Fast Transaction History
- View/Delete Post Dated Funds Transfer
10 April 2016
0200hrs to 0300hrs
System Maintenance
- Intermittent disruption of services
17 April 2016
0200hrs to 0300hrs
System Maintenance
- Intermittent disruption of services
08 May 2016
0000hrs to 0600hrs
System Maintenance
- Fast Funds Transfer to Other Bank (New/Existing Payee)
- Adhoc Fast Funds Transfer to Other Bank
- Fast Transaction History
- View/Delete Post Dated Funds Transfer

PayLah!

Date
Maintenance Period
Services under Maintenance
10 April 2016
0300hrs to 0500hrs
System Maintenance
- Intermittent disruption of services



- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

南無阿彌陀佛




- wong chee tat :)

MacDonald's Crispy Chicken Sandwich



- Pic from MacDonalds Singapore

Tried this yesterday.

- wong chee tat :)

Changelog EFW-3.0.0-beta2

Changelog EFW-3.0.0-beta2

** Features
  * [UTM-694] - SMTP Delivery Status Notification configuration


** Improvements
  * [UTM-740]  - Connections page for VPN users: frontend
  * [UTM-739]  - Connections page for VPN users: backend
  * [CORE-617] - Add the option "required" to the Multiline validator


** Bugs
  * [UTM-761]  - HTTP proxy information popup is not shown correctly
  * [UTM-752]  - YAML Traceback in Domain Routing until first domain
                 route configuration
  * [UTM-750]  - Spam Black and Whitelists typo in tooltip displayed
                 text
  * [UTM-729]  - IPsec status connection don't explain the right status
  * [UTM-725]  - Serial port speed is set to 115200bps (was 38400bps)
  * [UTM-712]  - GUI of ntopng is not shown correctly
  * [UTM-708]  - Windows 7 cannot connect to IPsec with IKEv2
  * [UTM-704]  - First attempt in establishing a Net-to-Net IPsec
                 connection fails
  * [UTM-703]  - Dedicated smarthost assigned to a specific uplink
                 does not work
  * [UTM-701]  - Generating a certificate from IPsec global settings
                 fails
  * [UTM-699]  - Traceback during ClamAV start/restart
  * [UTM-696]  - Openvpn certificate .pem not migrated after upgrade
                 from 2.5 to 3.0
  * [UTM-695]  - Certificate field in Vpn Users not clear
  * [UTM-676]  - Generating new certificates and having the CA in
                 revoked list as well will sign certificates making
                 them invalid
  * [UTM-664]  - Certificates are allowed to be reuploaded even if
                 were previously revoked
  * [UTM-663]  - Certificate name is represented as "pem" and "p12"
                 on Chrome web browser
  * [UTM-661]  - Certificate Revocation List still includes the CA
                 of a deleted Certificate
  * [UTM-660]  - 'Unable to get local issuer certificate' error message
                 when viewing uploaded certificate
  * [UTM-658]  - System status graphs are lost after every reboot
  * [UTM-655]  - Spam withelisted mail address is being blocked whilst
                 spamassassin shortcircuit is enabled
  * [UTM-629]  - HTTPS Proxy breaks Windows Updates as well as other
                 services
  * [CORE-616] - Changing the root password from the console menu
                 does not work
  * [CORE-613] - /var directory not owned by root
  * [CORE-596] - Traffic through Snort gets dropped
  * [CORE-595] - Sanitized logs
  * [CORE-583] - Redundant subsections in dashboard page
  * [CORE-575] - Unable to add additional addresses to a new ethernet
                 static uplink
  * [COMMUNITY-30] - Images for SMTP mail statistics graphs are not
                     found

Source: README, updated 2013-11-19


- wong chee tat :)

Wednesday, March 30, 2016

Blog Updates:

Blog Updates:

Minor updates:

- Update labels on some old posts

Will continue to make minor improvements for this blog!

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Tuesday, March 29, 2016

Changelog EFW Community 3.0.5-beta1

Changelog EFW Community 3.0.5-beta1
===================================


Webfilter: integrated
---------------------

[UTM-962] - EFW 3.0 Webfiltering - Blanket Blacklist
[UTM-911] - Automatically download URL filter lists after upgrade
[UTM-893] - Web URL filter - "Activate Antivirus Scan" blocks the
            navigation
[UTM-876] - Wrong permissions on migrated content filter profiles file
[UTM-860] - Proxy authentication keep asking credentials
[UTM-814] - Content filter profiles removed after upgrade
[UTM-810] - Optimize memory usage by using 'file' instead of 'hash' for
            urlfilter lookup tables
[UTM-698] - Unable to download the content filter signatures

Antivirus: ClamAV
-----------------

[UTM-1091] - Exclude selected signatures from ClamAV
[UTM-1060] - ClamAV: new version and bugfixes
[UTM-1049] - ClamAV cron is started when ClamAV is stopped
[UTM-909] - ClamAV throws traceback due to AVENGINE DS empty settings
            file
[UTM-894] - Syntax error in clamavsignatureupdate
[UTM-806] - When clamd is not running when c-icap is starting and needs
            clamd, c-icap does not have a virus engine and let all pass.
[UTM-803] - ClamAV safebrowsing is still enabled also if disabled
[UTM-767] - ClamAV engine is outdated

Bootloader
----------

[CORE-587] - Align baud rate for all appliances

EMI
---

[CORE-1058] - Add command 'status.emi.commands' returning all the emi
              commands
[CORE-1053] - Issues in the script upload and validation procedure
[CORE-1046] - After a validation error some checkbox values are inverted
[CORE-1044] - HolisticLock does not delete the lock files
[CORE-1043] - Kendo Grid multi and all item actions support
[CORE-1040] - Traceback from emi core while loading schema
[CORE-1038] - Make PersistenDict locking working with both threads and
              processes
[CORE-1037] - Create a lock for both threads a processes
[CORE-1032] - Add a validator for host, port and protocol
[CORE-1020] - Add a validator for bindable IP address
[CORE-973] - Add is_installed function for check if a module is
             installed
[CORE-947] - jeditable encoding & turns into & when editing
[CORE-946] - Add a validator for network objects
[CORE-932] - UnicodeDecodeError traceback when browsing Events if
             language is other than English
[CORE-907] - Discording legend in VPN > Certificates
[CORE-877] - Kendo grid autorefresh does not works for pages > 1
[CORE-866] - Event notifications => Events page not displayed with
             Russian language
[CORE-861] - Remove excessive mongostorage log
[CORE-857] - JavaScript support broken in Internet Explorer 9
[CORE-843] - Update notifications gui
[CORE-831] - Change pages margins
[CORE-830] - Multiselect widget width is not correct for resizable pages
[CORE-819] - Icons and legend we are using are in conflict
[CORE-818] - Kendo Grid filters cannot be removed
[CORE-815] - Better connected/disconnected icons for connections page
[CORE-814] - Grids don't scale according with the window size
[CORE-813] - Select fields in editable tables are too wide
[CORE-811] - Wrong and missed fields are not clearly highlighted
[CORE-805] - Kendo style upgrade
[CORE-801] - Add tab-based container widget to EMI
[CORE-800] - Add global multicolumn search bar to Kendo grids
[CORE-794] - "Disconnect" Action in VPN connections page has no effect
             on client
[CORE-793] - An invalid jqGrid() method is called for Kendo grids
             actions
[CORE-788] - HTTP 404 on AD Join and HTTPS proxy tabs
[CORE-783] - Add support for server side filtered nested grid
[CORE-773] - Error modifying entities with invalid index
[CORE-768] - Auto-refresh functionality for KendoUI grid
[CORE-766] - Handle custom actions in legend
[CORE-755] - Add MongoDB storage
[CORE-733] - Installing stealth uplink after removal of packages won't
             register menu for EMI
[CORE-731] - Add ad a module endian.core.set_diff for comparing sets and
             lists
[CORE-721] - Grid rows can't be disabled or deleted
[CORE-696] - Browser is stucking at apply setting
[CORE-684] - You can't edit web filter profiles due to an emi error
[CORE-651] - In System Status some sub categories disappear when
             navigating to VPN connections
[CORE-643] - Wrong icon in VPN
[CORE-630] - Dashboard doesn't display status of Network and Service
[CORE-627] - Status menu changes depending on the selected item
[CORE-614] - EMI Package source is wrong
[CORE-457] - Create Kendo Web Grid widget for EMI

Proxy: HTTPS
------------

[UTM-1154] - Web proxy improvements
[UTM-1138] - Update HTTP Proxy User-Agent list
[UTM-1123] - Update CA bundle
[UTM-1105] - Insufficient HTTPS browser certificate lifespan
[UTM-1059] - Unable to use an upstream proxy for HTTPS traffic in
             transparent mode
[UTM-1041] - Squid stops authenticating because uses IPv6 helper
[UTM-1038] - Upstream HTTP Proxy doesn't forward HTTPS traffic
[UTM-1020] - gmail.com cannot be accessed with https proxy enabled
[UTM-951] - Allow subdomains in HTTPS whitelist
[UTM-943] - Ability just to do transparent URL Filtering opposed to
            Decrypt and Scan at the HTTPS Proxy
[UTM-746] - HTTPS input text field to allow to bypass from certain
            destinations
[UTM-629] - HTTPS Proxy breaks Windows Updates as well as other services

Base system
-----------

[CORE-1066] - OpenSSL security fixes
[CORE-1054] - Implement a class ReadOnlyPersistentDict (read only
              version of PersistentDict)
[CORE-1049] - Allow Zone Status Widget to be used for multiple
              configuration options
[CORE-1048] - OpenSSL remote exploit CVE-2015-0291
[CORE-1039] - OpenSSL CVE-2014-3572 Security Bypass Vulnerability
[CORE-1002] - CVE-2015-0235 - glibc gethostbyname buffer overflow -
              GHOST
[CORE-1001] - Vulnerabilities in rpm package manager: CVE-2014-8118,
              CVE-2013-6435
[CORE-996] - httpd fails to start due to semaphore leak
[CORE-981] - Apache xml2enc module "error Charset ISO-8859-1 not
             supported."
[CORE-975] - Introduce lshw
[CORE-945] - setrouting removes the IPSec table 5
[CORE-908] - SSLv3 POODLE and mitigation
[CORE-905] - Apache AH02550 failed to flush CGI output to client
[CORE-901] - Endian appliances are vulnerable to poodle bleed bug
             (CVE-2014-3566)
[CORE-871] - After Shellshock Bash Patches
[CORE-868] - Shell shock: CVE-2014-7169
[CORE-867] - Shell shock: CVE-2014-6271
[CORE-856] - In country selection rename "Taiwan, Province of China"
             into "Taiwan, Republic of China"
[CORE-761] - The /sbin/service script fails to call restart scripts
[CORE-689] - Missing gconv modules
[CORE-688] - Italian translations
[CORE-622] - During boot iptables rule is not applied
[CORE-592] - ClamAV restart action raises traceback
[CORE-587] - Align baud rate for all appliance
[CORE-551] - Implement a class PersistentDict (persistent dictionary
             stored on with pickle)
[CORE-525] - serial ttyUSB devices for USB 3G Modem keys are not created
[CORE-498] - Backup/Restore should allow inclusion/exclusion of hardware
             data as /etc/businfotab
[CORE-420] - Monit must always exec start/stop/restart in sync

Monitoring, Reporting
---------------------

[UTM-1048] - Translate also OpenVPN log to other languages
[UTM-1034] - Add the possibility to send the iptstate output to a remote
             server
[UTM-1001] - Notifications are not sent
[UTM-919] - Endian log files are all empty!
[UTM-841] - No firewall logs displayed in archive or real-time viewer
[UTM-658] - System status graphs are lost after every reboot
[UTM-650] - Traffic Monitoring documentation

Package management
------------------

[CORE-879] - Migration scripts fails - 481 Error calling function:
             'ConfigDict' object has no attribute 'append'
[CORE-640] - Call to JobsEngine's run_parts function fails

Quality of service
------------------

[CORE-624] - QoS is wrongly configured on PPPoE uplinks
[CORE-610] - Error on trying to modify existing QoS rule
[CORE-609] - Marked traffic is not properly redirected to specified QoS
             class
[CORE-12] - Deleting all QoS rules does not disable QoS entirely

Translations
------------

[CORE-1062] - Update russian templates
[CORE-751] - 3.0 translation update
[CORE-675] - Update Russian translations
[CORE-669] - Update Japanese translations
[CORE-658] - Update Portuguese translations

Service: Intrusion Prevention
-----------------------------

[UTM-1149] - Analysis of Snort performances
[UTM-949] - Policy action image not displayed in grid legend in
            /manage/ips/
[UTM-864] - Snort fails to start after upgrade to 3.0
[UTM-757] - IPS Performance
[UTM-735] - Snort establishes wrong pid filename

Certificate Management
----------------------

[UTM-969] - OpenVPN revoked server certificate still being assigned
[UTM-968] - OpenVPN stuck on default certificate
[UTM-696] - Openvpn certificate .pem not migrated after upgrade from 2.5
            to 3.0

Network configuration
---------------------

[CORE-1050] - Command line netwizard does not include Bridged mode
              option
[CORE-1047] - Command line netwizard does not apply changes
[CORE-1023] - Uplink is not correctly configured in Bridge mode
[CORE-993] - Creating a secondary uplink for HSDPA modem disables it by
             default
[CORE-903] - Netwizard shows "Invalid argument" listing nics
[CORE-796] - Bridged mode misleading error "Gateway must be within
             network"
[CORE-777] - When configuring bridged mode in the network wizard, step 4
             asks for the RED zone which does not exist
[CORE-759] - Rename stealth to bridge and gateway no uplink in the info
             and error messages
[CORE-757] - Switching from Bridged Stealth mode to Routed won't clear
             physdev-is-bridged
[CORE-732] - Stealth uplink can't be enabled without a previously
             configure uplink
[CORE-729] - Implement stealth uplink script
[CORE-726] - Implement stealth uplink type in uplinks editor
[CORE-725] - Implement netwizard dialogue for stealth uplink type
[CORE-724] - Implement 'STEALTH' uplink type
[CORE-718] - HSDPA uplink not working
[CORE-631] - Default gateway is lost after adding an uplink on the same
             interface the main one is using

Service: Quality of Service
---------------------------

[UTM-856] - QoS bandwith priority is not working as expected
[UTM-855] - Qos add automatically TOS value even if is not choosen
[UTM-617] - QoS configuration on a PPPoE or PPTP uplink is applied to
            wrong physical interface
[UTM-306] - "Some Error" is shown when adding QoS Rule with Type any
[UTM-300] - QoS device changes to VPN IPSEC after editing

Authentication layer
--------------------

[CORE-918] - HTTPS Cert Expired Date Extend
[CORE-825] - Error messages at boot about an "unexpected keyword"
[CORE-809] - Traceback on fetch_users()
[CORE-549] - Prepare the Endian Authentication Layer for 3.0

Configuration
-------------

[UTM-807] - Enable switch button does not work on IE

Proxy: HTTP
-----------

[UTM-1156] - Proxy allows access to services on localhost
[UTM-1154] - Web proxy improvements
[UTM-1138] - Updates HTTP Proxy User-Agent list
[UTM-1128] - Google Chrome should be in the useragents list
[UTM-1126] - GUI for TProxy settings
[UTM-1125] - Preserve source IP on non-transparent mode
[UTM-1124] - Preserve mark bits to make policy routing work
[UTM-1041] - Squid stops authenticating because uses IPv6 helper
[UTM-1033] - Transparent HTTP proxy does forward HTTPS connections to an
             upstream proxy
[UTM-1032] - Proxy Graphs is shown if proxy module is not installed
[UTM-986] - Use hash lookup for urlfilter tables
[UTM-966] - Squid's "number of different IP's per user" option doesn't
            work
[UTM-965] - Trying to download URLFilter lists raises ValueError
[UTM-962] - EFW 3.0 Webfiltering - Blanket Blacklist
[UTM-956] - Default virus only HTTP Proxy Access policy does not exist.
[UTM-930] - Dansguardian profile blacklist not migrated to Cyren
[UTM-923] - Squid try the DNS resolution with ipv6 firstly
[UTM-911] - Automatically download URL filter lists after upgrade
[UTM-910] - Add Outgoing Firewall which matches for Transparent HTTP
            Proxy traffic
[UTM-895] - Squid complains of unknown adaptation service or group name
[UTM-893] - Web URL filter - "Activate Antivirus Scan" blocks the
            navigation
[UTM-891] - Dansguardian custom blacklist and whitelist malformed after
            migration to webfilter
[UTM-887] - Special characters on webfilter/access policy prevent squid
            to start after upgrade
[UTM-884] - c-icap complains of not having enough threads per child
[UTM-876] - Wrong permissions on migrated content filter profiles file
[UTM-865] - After migrating Webfilter, Access Policy rule will trigger a
            KeyError Exception
[UTM-860] - Proxy authentication keep asking credentials
[UTM-821] - Replace Uncategorized with Others in the URLfilter
            categories
[UTM-814] - Content filter profiles removed after upgrade
[UTM-792] - Webfilter template is not properly shown when user is denied
            access
[UTM-773] - Dansguardian uninstall leaves a pending logrotate
            configuration file
[UTM-763] - LDAP-Authentication
[UTM-631] - Implement jobgroups to squid and icap jobs
[UTM-562] - Winbindd can't hadle more than 200 connections
[UTM-555] - Squid %postun trigger does not restart squid
[UTM-127] - DansGuardian Profile Name Migration

ICAP
----

[UTM-1111] - Improve release of semaphores for c-icap
[UTM-1076] - c-icap-client blocks on 0 bytes files
[UTM-962] - EFW 3.0 Webfiltering - Blanket Blacklist
[UTM-905] - srv_url_check_commtouch missing
[UTM-904] - Webfilter Update Frequency
[UTM-903] - no "virus found" warning when using Panda
[UTM-899] - Configurable setting for c-icap StartServers
[UTM-893] - Web URL filter - "Activate Antivirus Scan" blocks the
            navigation
[UTM-840] - c-icap can't find IT error template
[UTM-837] - c-icap templates are not properly generated
[UTM-810] - Optimize memory usage by using 'file' instead of 'hash' for
            urlfilter lookup tables
[UTM-806] - When clamd is not running when c-icap is starting and needs
            clamd, c-icap does not have a virus engine and let all pass.
[UTM-780] - c-icap daemon fails to start after migration when parsing
            configuration file

Antispam: SpamAssassin
----------------------

[UTM-845] - IMAP training returns invalid option when remove is ticked

Dashboard
---------

[CORE-996] - httpd fails to start due to semaphore leak
[CORE-870] - Update /usr/local/bin/check-kernel.sh to keep the flag
             until reboot regardless of Kernel
[CORE-745] - Traffic Monitoring always present "The configuration has
             been changed...."
[CORE-733] - Installing stealth uplink after removal of packages won't
             register menu for EMI
[CORE-643] - Wrong icon in VPN
[CORE-630] - Dashboard doesn't display status of Network and Service
[CORE-614] - EMI Package source is wrong

Time
----

[CORE-977] - NTP vulnerabilities ICSA-14-353-01
[CORE-520] - ntpd does not sync time in some conditions

Proxy: SMTP
-----------

[UTM-1108] - Cleanup invalid entry in smtpscan settings file
[UTM-730] - Block file extensions list doesn't include archives

System status
-------------

[CORE-825] - Error messages at boot about an "unexpected keyword"
[CORE-747] - Wrap NIC information in network status
[CORE-587] - Align baud rate for all appliance

Backup
------

[CORE-987] - USB Backup fails if there are only numbers in the name
[CORE-812] - Incoherent time usage in backup filenames
[CORE-770] - Backup restoring from initial wizard fails
[CORE-707] - Backup not sent via mail
[CORE-690] - Changes not applied after restoring a backup

Kernel
------

[CORE-1067] - Upgrade for megaraid_sas driver is required
[CORE-870] - Update /usr/local/bin/check-kernel.sh to keep the flag
             until reboot regardless of Kernel
[CORE-799] - installation fails on LSI 9260-4i
[CORE-657] - Kernel panic with python tainted
[CORE-629] - Update Intel network drivers
[CORE-556] - Fix SHA-256 kernel support

VPN
---

[UTM-1152] - Add a method for getting remote port from OpenVPN Status
[UTM-1147] - Missing INPUTFW rules for OpenVPN services
[UTM-1137] - Job method openvpnjob.client_connect in some situation does
             not create correct configuration
[UTM-1131] - Invalid chars in client-[dis]connect-immediate.d scripts
[UTM-1121] - If the options delayed_triggers is enabled, OpenVPN (and
             the switchboard) does not work as espected
[UTM-1120] - Routes to remote VPN networks are not created with
             delayed_triggers
[UTM-1119] - openvpnutils traceback while getting status the with
             delayed_triggers
[UTM-1118] - OpenVPN job traceback with delayed_triggers
[UTM-1113] - Disabling OpenVPN instance won't remove INPUTFW ACCEPT rule
[UTM-1110] - Unable to connect to OpenVPN instance with more than one
             processor
[UTM-1109] - Revert changes introduced with UTM-1019
[UTM-1094] - Periodically synchronize the OpenVPN sessions file with the
             actual daemons status
[UTM-1090] - Add a method for getting the parsed status information from
             OpenVPN servers
[UTM-1080] - Create a script for dumping the OpenVPN user config
[UTM-1073] - OpenVPN server unmonitored when openvpn package is updated
[UTM-1070] - OpenVPN incomplete version number
[UTM-1063] - OpenVPN Denial of Service (CVE-2014-8104)
[UTM-1056] - OpenVPN init.d script errors on status for an instance
[UTM-1054] - "Override OpenVPN options" not working correctly, "direct
             all client traffic through the VPN server" not working
[UTM-1053] - OpenVPN immediatly closing connection
[UTM-1050] - OpenVPN fails to start since 443 is already used by httpd
[UTM-1044] - OpenVPN fails to start having bogus key parameters in
             server config file
[UTM-1026] - Add on option for setting the OpenVPN log verbosity
[UTM-1019] - Unable to establish multiple net-to-net connection with
             IPSec
[UTM-1018] - Cannot create 2 OpenVPN instances with same port but
             different protocol
[UTM-1003] - Multicore DNAT rule fails functionality when client tries
             to connect
[UTM-989] - Disabling OpenVPN instance won't erase iptables rule
[UTM-987] - In the IPsec gui, '3DES' is translated as 'SHA1' in Italian
[UTM-970] - It is impossible to select existing certificates without the
            private key for IPsec tunnels
[UTM-969] - OpenVPN revoked server certificate still being assigned
[UTM-968] - OpenVPN stuck on default certificate
[UTM-959] - 'Bind only to' option is ignored enabling multiple cores or
            binding on 53/udp
[UTM-955] - Icon not found in VPN connections grid and legend
[UTM-952] - setdnat job is not run when OpenVPN is switched down
[UTM-948] - GW2GW Network Bridged not adding networking to routing
[UTM-947] - StrongSWAN security update due to CVE-2014-2338
[UTM-946] - Unable to create OpenVPN servers on the same TCP and UDP
            ports
[UTM-944] - Missing icon in IPsec connections grid legend
[UTM-940] - Permit to use auto=route instead of auto=add for IPsec
            Net2Net tunnels
[UTM-937] - IPsec IKE integrity migration not working for sha
[UTM-934] - Allow OpenVPN to bind to port 53/UDP
[UTM-913] - IPsec connections not showing anymore after "Action could
            not be performed" warning
[UTM-906] - OpenVPN init script does not identify the interface name in
            some cases
[UTM-885] - VPN Firewall won't filter the traffic
[UTM-877] - OpenVPN server fails to start because of default settings is
            missing
[UTM-875] - IPsec migration to 3.0 is not seamless
[UTM-869] - Error selecting Openvpn certificate
[UTM-867] - OpenVPN server tap interface not taken into account when
            having Gateway-to-Gateway configurations
[UTM-862] - After upgrade to 3.0 the SSL certificates are incorrectly
            chosen
[UTM-859] - Optimize concurrent OpenVPN clients connection speed
[UTM-858] - OpenVPN migration missing options
[UTM-857] - OpenVPN gw2gw logs are empty
[UTM-852] - Concurrent connections are limited to 1024 by ARP cache size
[UTM-848] - OpenVPN fails to start when HA is enabled as Master
[UTM-847] - Traceback when first starting OpenVPN on a Virtual system
[UTM-846] - Wrong IPsec status is reported in the System Status page
[UTM-834] - Net-to-Net IPsec connection between two Endian 3.0
            appliances doesn't establish routing
[UTM-833] - Refresh IPsec GUI page after starting for the first time the
            service
[UTM-828] - Routing between clients on different cores
[UTM-819] - When an OpenVPN connection is disconnected from the gui, all
            the connections for the same user are disconnected
[UTM-817] - Decrease OpenVPN connection time
[UTM-801] - IPsec ESP Group Type not migrated to 3.0
[UTM-799] - IPSec deprecated keyword in strongSwan or weakSwan
[UTM-797] - IPSec Target could not be a DNS name
[UTM-796] - Automatic OpenVPN certificate is shown only after a refresh
[UTM-770] - After upgrade IPsec restartscript fails while trying to
            fetch CIDR for local subnet
[UTM-754] - Enabling OpenVPN server doesn't generate default
            certificates on ARM
[UTM-741] - Disabling a Net-to-Net IPsec connection will leave it in a
            Connected or Connecting state
[UTM-739] - Connections page for VPN users: backend
[UTM-708] - Windows 7 cannot connect to IPsec with IKEv2 machine
            certificate authentication because of a missing Extended Key
            Usage parameter
[UTM-697] - IPsec 3.0 migration missing
[UTM-696] - Openvpn certificate .pem not migrated after upgrade from 2.5
            to 3.0
[UTM-695] - Certificate field in VPN Users not clear
[UTM-688] - Gateway to gateway connection is not initialized
[UTM-645] - IPsec GUI documentation rewrite
[UTM-641] - OpenVPN server documentation rewrite
[UTM-594] - OpenVPN client (GW2GW) GUI
[UTM-592] - OpenVPN client (GW2GW) backend
[UTM-583] - OpenVPN rewrite in EMI with multiple processes and support
            for external authentication backends
[UTM-297] - OpenVPN client crash prevents reconnection

Firewall
--------

[CORE-1013] - Wrong iptables rules in inter-zone if source and
              destination are physical interfaces
[CORE-994] - NEWNOTSYN drops lo traffic blocking Hotspot authentication
[CORE-978] - Squid should be able to run in fully transparent mode
[CORE-878] - Should be possible to disable SIP ALG ( nf_nat_sip ) from
             GUI
[CORE-846] - Interzone - ORANGE to GREEN allowed even if OpenVPN server
             is disabled
[CORE-838] - Reinstalling firewall package will move config files to
             .orig suffix
[CORE-787] - DNAT - rule like e.g "80:443" not work anymore
[CORE-769] - New BADTCP_LOGDROP rule drops invalid traffic
[CORE-763] - Stealth's SNAT exclusions results break iptables rules for
             source nat
[CORE-741] - Outgoing firewall needs a default drop policy rule
[CORE-739] - SNAT must exclude stealth uplink in "ANY Uplink" explosions
[CORE-727] - Implement that outgoing firewall handles stealth uplink
             interface as an uplink and create rules for it
[CORE-712] - VPN firewall is bypassed for specific ports if a DNAT rule
             exists for them
[CORE-656] - Introduce TPROXY functionalities to support Policy Routing
             rules for proxied traffic
[CORE-622] - During boot iptables rule is not applied

Logging & Monitoring
--------------------

[CORE-972] - Syslog complains configuration file is too old thus runs in
             compatibility mode
[CORE-955] - Monit reload ends up having all elements unmonitored
[CORE-938] - Introduce improvements in the logs rotation
[CORE-931] - Logrotate fails if destination directory is missing
[CORE-925] - Live Logs back in time
[CORE-881] - Apache is not reachable, httpd dead but pid file exists
[CORE-875] - Samba log is not rotated
[CORE-874] - Obsolete rrdfix script triggered by cron cyclic (every 5
             minutes)
[CORE-842] - Replace current logsurfer configuration
[CORE-795] - Configure monit to monitor OpenVPN Client and restart in
             case the process dies
[CORE-745] - Traffic Monitoring always present "The configuration has
             been changed...."
[CORE-742] - Patch for procps on ARM to get rid of "Unknown HZ value!"
[CORE-715] - Timestamp
[CORE-709] - Logs are not rotated
[CORE-701] - Logrotate fails after upgrading to 3.0
[CORE-700] - Logrotate fails if IPsec was never enabled
[CORE-667] - Hide configuration of trusted timestamping
[CORE-652] - System Status is not reflecting the true state of the
             services it reports
[CORE-602] - PID files removed when daemons are restarted
[CORE-491] - efw-update log is not rotated

Jobsengine
----------

[CORE-1061] - JobsEngine status duplicated
[CORE-1030] - restart job stuck / hanging - contiuously being delayed
              execution
[CORE-1027] - jobsengine restart deadlock state with defunct child and
              no socket file
[CORE-1005] - Continue on parsing error in /var/run/jobsengine.status
[CORE-920] - File descriptors are left open on jobs execution
[CORE-916] - Jobsengine lock is removed
[CORE-782] - Create the settings file path (if not exists) before
             executing require_enabled_service
[CORE-771] - Improve jobsengine module reload
[CORE-710] - Allow jobs to access to its current status
[CORE-640] - Call to JobsEngine's run_parts function fails

Artwork
-------

[COMMUNITY-30] - Images for SMTP mail statistics graphs are not found

Community packages
------------------

[COMMUNITY-98] - Unable to deactive uplinks on Dashboard screen
[COMMUNITY-96] - EFW 3.0 Webfiltering - Blanket Blacklist
[COMMUNITY-87] - Dependency loop between endian-release-community and
                 efw-community

Event Notifications
-------------------

[CORE-1051] - Event notifications improvements
[CORE-1045] - Sort in events notification kendo grid is broken
[CORE-1042] - checkboxes in Events grid are not clickable
[CORE-1041] - Filters are not working for Events grids
[CORE-1035] - Notifications logrotate configuration template is not
              applied
[CORE-1028] - Notifications mail tagged as 'Bad Header' warnings by
              amavis
[CORE-986] - After migration Notifications daemon keeps spawning
[CORE-985] - Provide SysV init script for Notifications daemon
[CORE-984] - Have Notifications daemon monitored
[CORE-983] - Restart notifications after migration and load its plugins
[CORE-974] - Missing configuration migration script for Event
             Notification
[CORE-948] - Mail subject does not contain ID anymore
[CORE-932] - UnicodeDecodeError traceback when browsing Events if
             language is other than English
[CORE-927] - Event notifications->Events page causes traceback
[CORE-898] - Grid colapses if an error is to be shown up
[CORE-895] - Change label to "Use SMTP Proxy service" for Event
             Notifications
[CORE-894] - After using SMTP Proxy settings mails still sent from there
             even if switching back to default
[CORE-890] - Uploading the same custom script twice for Event
             Notifications will raise EMI traceback
[CORE-889] - Assigning a script will prompt BASH syntax error script for
             Events
[CORE-886] - In events notification grid checkboxes aren't editable to
             change the event status
[CORE-885] - Remain on the same page after editing an element
[CORE-883] - Settings for Event Notifications aren't updated if set to
             use SMTP Proxy ones
[CORE-882] - Update settings against SMTP Proxy each time the service is
             reloaded
[CORE-880] - No e-mail notifications sent when triggered using Gmail as
             Smarthost
[CORE-866] - Event notifications => Events page not displayed with
             Russian language
[CORE-845] - Re-engineer current mailfile executable
[CORE-841] - Create a mail plugin for custom notification daemon
[CORE-840] - Custom notification daemon plugin-based
[CORE-839] - Remove logsurfer and create a new notification daemon
[CORE-833] - Permit Smarthost mail delivery for Events Notifications
[CORE-746] - Custom Event to notify
[CORE-603] - In event notification the icons legend is missing

Installer
---------

[CORE-1067] - Upgrade for megaraid_sas driver is required
[CORE-1065] - Adjust disk space calculation for small products (mini-25)
[CORE-799] - installation fails on LSI 9260-4i

Community Updates
-----------------

[COMMUNITY-85] - Unable to ADD second Uplink
[COMMUNITY-77] - setting red interface as a gateway i have the ping to
                 IP addresses
[COMMUNITY-75] - The Device name of Quality of service is changed after
                 modifying
[COMMUNITY-72] - Content filter does not appear to work
[COMMUNITY-71] - No access to webserver or ssh from green to orange
                 network (DMZ)
[COMMUNITY-70] - Can not enable or disable IPSEC connection by GUI
                 ceckbox
[COMMUNITY-66] - Upgraded to 3.0 from 2.5.2
[COMMUNITY-59] - Upgrading to development bleeding edge
[COMMUNITY-56] - Ipsec net-to-net errpr after save
[COMMUNITY-54] - unable to connect to remote ipsec/psk network
[COMMUNITY-39] - Squid package upgrade fails on upgrade to 3.0

Service: DHCP
-------------

[UTM-993] - Push DEFAULT_GATEWAY when in Stealth for DHCP
[UTM-916] - Clients are not registered in local DNS
[UTM-863] - DHCP daemon is not started after upgrade to 3.0 when Hotspot
            is enabled

Source: README, updated 2015-04-08



- wong chee tat :)

Monday, March 28, 2016

Om Mani Padme Hum

Om Mani Padme Hum


- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum


- wong chee tat :)

8u77 Update Release Notes

8u77 Update Release Notes




Java™ SE Development Kit 8, Update 77 (JDK 8u77)

The full version string for this update release is 1.8.0_77-b03 (where "b" means "build"). The version number is 8u77.
This update release contains several enhancements and changes including the following.

IANA Data 2016a

JDK 8u77 contains IANA time zone data version 2016a. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u77 are specified in the following table:
JRE Family VersionJRE Security Baseline
(Full Version String)
81.8.0_77
71.7.0_99
61.6.0_111

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u77) will expire with the release of the next critical patch update scheduled for April 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u77) on May 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

Notes

This Security Alert (8u77) is based off the earlier 8u74 PSU release. All users of earlier JDK 8 releases should update to this release. For more information on the difference between Critical Patch Updates and Patch Set Updates please visit Java CPU and PSU Releases Explained.
The demos, samples, and Documentation bundles for 8u77 are not impacted by the Security Alert for CVE-2016-0636, so version 8u73 demos, samples, and Documentation bundles remain the most up to-date version until the April Critical Patch Update release.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.





- wong chee tat :)

Changelog Endian Firewall Community 3.0.0

Endian Firewall Community 3.0.0 Changelog

** Improvement
  * [UTM-829]      - UTM-828 Disable direct client communication when
                     multiple processes is enabled
  * [UTM-811]      - Optimize memory usage of urlfilter categories by
                     removing those which are not used
  * [UTM-810]      - Optimize memory usage by using 'file' instead of
                     'hash' for urlfilter lookup tables
  * [UTM-739]      - Connections page for VPN users: backend
  * [UTM-733]      - Reflect in GUI transitioning states of IPsec
                     connections
  * [CORE-685]     - Make Apply, Notification and Error box grow with
                     content
  * [CORE-629]     - Update Intel network drivers
  * [CORE-553]     - Configurable logs for trusted timestamping


** Bugfix
  * [UTM-806]      - When clamd is not running when c-icap is starting
                     and needs clamd, c-icap does not have a virus
                     engine and let all pass.
  * [UTM-805]      - Squid need also to be restarted when a file in
                     /etc/squid/squid.conf.d/ changed
  * [UTM-804]      - c-icap does not start when clamAV is enabled
                     instead of Panda Antivirus
  * [UTM-803]      - ClamAV safebrowsing is still enabled also if
                     disabled
  * [UTM-798]      - c-icap uses a very large amount of memory
  * [UTM-795]      - Providers associated to a scope are lost, syncing
  * [UTM-782]      - Virus engine for amavis is failing due to
                     unexpected exit code 255
  * [UTM-775]      - Duplicated lable in DNS Routing page
  * [UTM-771]      - Error signing a certificate request
  * [UTM-742]      - Disabling IPsec Net-to-Net connection displays
                     the status as if it was Connected or Connecting
  * [UTM-728]      - Application Control works only with source ANY
  * [UTM-702]      - HTTP Proxy issues
  * [UTM-698]      - Unable to download the content filter signatures
  * [UTM-697]      - IPsec 3.0 migration missing
  * [CORE-472]     - Remote authentication reply can contain binary
                     values
  * [CORE-462]     - Swap partition dimension reorganization
  * [CORE-423]     - Wrong baud rate on software appliance
  * [CORE-316]     - Values of default settings files are not read
                     when job uses get_config()
  * [COMMUNITY-53] - /var/log/fifo/dansguardian is not a fifo
  * [COMMUNITY-45] - ISSUU slow with Internet Explorer
  * [CORE-591]     - Logrotate removes archives older than 7 days
                     automatically for most daemons
  * [CORE-672]     - Emi commands ignores all but the first param of a
                     param list after the first request
  * [CORE-651]     - In System Status some sub categories disappear
                     when navigating to VPN connections
  * [CORE-644]     - Some log files are not rotated
  * [CORE-642]     - Kernel kmalloc traceback in /var/log/messages
  * [CORE-639]     - Log timestamping doesn't use correctly the
                     pattern variable
  * [CORE-638]     - Freezings and reboots caused by out of memory
  * [CORE-631]     - Default gateway is lost after adding an uplink on
                     the same interface the main one is using
  * [UTM-595]      - OpenVPN user migration
  * [UTM-593]      - OpenVPN server GUI
  * [UTM-591]      - OpenVPN server backend
  * [UTM-590]      - VPN authentication management (service) GUI
  * [UTM-589]      - VPN authentication backend GUI
  * [UTM-588]      - VPN user groups GUI
  * [UTM-587]      - VPN user groups support for remote providers
  * [UTM-586]      - VPN user groups support for local backend
  * [UTM-585]      - VPN user groups backend
  * [UTM-527]      - Outgoing IP address configuration for each domain

Source: README, updated 2014-01-20



- wong chee tat :)

Sunday, March 27, 2016

System Status: Fan Maintenance

System Status: Fan Maintenance

Fan cleaned! ^^

- wong chee tat :)

Weather

Sunny!

- wong chee tat ):

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Blog Updates:

Blog Updates:

Minor updates:

- Update labels on some old posts

Will continue to make minor improvements for this blog!

- wong chee tat :)

Saturday, March 26, 2016

Weather

Sunny

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Friday, March 25, 2016

System Status: File Server Maintenance

System Status: File Server Maintenance

The file servers will down for disk maintenance.

- wong chee tat :)

Weather

Sunny day

- wong chee tat :)

Thursday, March 24, 2016

The Messiah I Know






- wong chee tat :)

Recap提供组屋杂费回扣

提供组屋杂费回扣
李静仪 2016年03月24日 1711

(联合早报网讯)政府将为组屋屋主提供一到三个月的杂费回扣。

一房和二房式组屋今年可享有三个月的杂费回扣,三房和四房式组屋则可享有两个月回扣,五房式组屋可获1.5个月回扣,公寓式组屋及多代同堂家庭1个月回扣。

上述计划将耗资8600万元,让约84万户组屋住户受惠。

财政部长王瑞杰在下午发布的新加坡2016财政年预算案声明中,做出以上宣布。



- wong chee tat :)

Budget 2016: New initiatives to encourage Singaporeans to give back to community

Budget 2016: New initiatives to encourage Singaporeans to give back to community
From tax deductions to a new fund to catalyse ground-up projects, Budget 2016 introduces initiatives to encourage Singaporeans to help those in need.

Posted 24 Mar 2016 17:18

SINGAPORE: To encourage Singaporeans and businesses to give back to the community, Budget 2016 will introduce measures that encourage people to step forward and make it easier for employees to contribute through their workplaces, Finance Minister Heng Swee Keat announced on Thursday (Mar 24).

Currently, businesses receive a tax deduction of 250 per cent for donations of cash and in-kind donations such as computers to certain Institutions of a Public Character (IPCs).

To encourage employee volunteerism, a pilot Business and IPC Partnership scheme will be introduced. From Jul 1 this year until the end of 2018, companies that organise their employees to volunteer and provide services to IPCs, including secondments, will also receive a 250 per cent tax deduction on costs incurred.

This deduction requires the receiving IPC’s agreement, and is subject to a yearly cap of S$250,000 per business and S$50,000 per IPC, Mr Heng said.

The Community Chest’s monthly donation programme SHARE will also get a boost, with dollar-for-dollar matching from the Government for any additional donations over and above the FY2015 level. This will be done for the next three years, starting in April this year, Mr Heng said.

“Where businesses allow their staff to donate regularly, we will allow part of the matching funds to be used by them to organise corporate social responsibility activities,” he added.

COMMUNITY NETWORKS FOR SENIORS

A pilot initiative called the Community Networks for Seniors will be launched, comprising local stakeholders such as Voluntary Welfare Organisations, community volunteers, schools and businesses.

At its core, the network will have a small team of full-time officers, who will study the health and social needs of seniors and draw stakeholders together to provide coordinated support, Mr Heng said.

“We hope to help seniors discover health conditions earlier and manage them well, while connecting those who are healthy and mobile to a wide range of activities to encourage them to stay active, healthy and engaged in the community,” he said.

Seniors who require more help, such as frail elderly living alone, will get more targeted and coordinated health and social support under the networks.

CATALYSING GROUND-UP INITIATIVES

According to Mr Heng, the SG50 Celebration Fund – set up to support ground-up community projects in celebration of Singapore’s Jubilee year – received good response and supported close to 400 projects.

To continue supporting such initiatives, a new S$25 million Our Singapore Fund will be set up by the second half of this year.

“It is Our Singapore Fund because it is about how we all can come together in partnership to share our strengths, share our loves, create something more and better together, to build our Singapore together,” Mr Heng said.

The fund will support projects that build the spirit of caring and resilience, nurture our can-do spirit, and promote unity and our sense of being Singaporean, he added.

“This is the spirit of the society that we are building. It is one where we rise above our circumstances, to build a better life for ourselves and our children. It is a society that cares for those in need, and where those who are helped do their part to help others. It is a society that we are all proud to be a part of,” he said.

- CNA/cy

- wong chee tat :)