committing changes in /etc made by "/usr/bin/python3 /usr/bin/nala upgrade --purge"

Packages with configuration changes:
-openjdk-11-jre-headless 11.0.22+7-0ubuntu2~22.04.1 amd64
+openjdk-11-jre-headless 11.0.23+9-1ubuntu1~22.04.1 amd64

Package changes:
-bind9 1:9.18.18-0ubuntu0.22.04.2 amd64
-bind9-dnsutils 1:9.18.18-0ubuntu0.22.04.2 amd64
-bind9-doc 1:9.18.18-0ubuntu0.22.04.2 all
-bind9-host 1:9.18.18-0ubuntu0.22.04.2 amd64
-bind9-libs 1:9.18.18-0ubuntu0.22.04.2 amd64
-bind9-utils 1:9.18.18-0ubuntu0.22.04.2 amd64
-bind9utils 1:9.18.18-0ubuntu0.22.04.2 all
+bind9 1:9.18.24-0ubuntu0.22.04.1 amd64
+bind9-dnsutils 1:9.18.24-0ubuntu0.22.04.1 amd64
+bind9-doc 1:9.18.24-0ubuntu0.22.04.1 all
+bind9-host 1:9.18.24-0ubuntu0.22.04.1 amd64
+bind9-libs 1:9.18.24-0ubuntu0.22.04.1 amd64
+bind9-utils 1:9.18.24-0ubuntu0.22.04.1 amd64
+bind9utils 1:9.18.24-0ubuntu0.22.04.1 all
-bluetooth 5.64-0ubuntu1.1 all
-bluez 5.64-0ubuntu1.1 amd64
-bluez-cups 5.64-0ubuntu1.1 amd64
-bluez-obexd 5.64-0ubuntu1.1 amd64
+bluetooth 5.64-0ubuntu1.3 all
+bluez 5.64-0ubuntu1.3 amd64
+bluez-cups 5.64-0ubuntu1.3 amd64
+bluez-obexd 5.64-0ubuntu1.3 amd64
-dnsutils 1:9.18.18-0ubuntu0.22.04.2 all
+dnsutils 1:9.18.24-0ubuntu0.22.04.1 all
-gir1.2-gdkpixbuf-2.0 2.42.8+dfsg-1ubuntu0.2 amd64
+gir1.2-gdkpixbuf-2.0 2.42.8+dfsg-1ubuntu0.3 amd64
-hexchat 2.16.0-4build1 amd64
-hexchat-common 2.16.0-4build1 all
-hexchat-lua 2.16.0-4build1 amd64
+hexchat 2.16.0-4ubuntu0.1 amd64
+hexchat-common 2.16.0-4ubuntu0.1 all
+hexchat-lua 2.16.0-4ubuntu0.1 amd64
-libarchive13 3.6.0-1ubuntu1 amd64
+libarchive13 3.6.0-1ubuntu1.1 amd64
-libbluetooth3 5.64-0ubuntu1.1 amd64
+libbluetooth3 5.64-0ubuntu1.3 amd64
-libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.2 amd64
-libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.2 i386
+libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.3 amd64
+libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.3 i386
-libgdk-pixbuf2.0-bin 2.42.8+dfsg-1ubuntu0.2 amd64
-libgdk-pixbuf2.0-common 2.42.8+dfsg-1ubuntu0.2 all
+libgdk-pixbuf2.0-bin 2.42.8+dfsg-1ubuntu0.3 amd64
+libgdk-pixbuf2.0-common 2.42.8+dfsg-1ubuntu0.3 all
-libvpx7 1.11.0-2ubuntu2.2 amd64
-libvpx7 1.11.0-2ubuntu2.2 i386
+libvpx7 1.11.0-2ubuntu2.3 amd64
+libvpx7 1.11.0-2ubuntu2.3 i386
-linux-libc-dev 5.15.0-107.117 amd64
+linux-libc-dev 5.15.0-112.122 amd64
-nala 0.15.2 all
+nala 0.15.3 all
-openjdk-11-jre 11.0.22+7-0ubuntu2~22.04.1 amd64
-openjdk-11-jre-headless 11.0.22+7-0ubuntu2~22.04.1 amd64
-openjdk-8-jdk 8u402-ga-2ubuntu1~22.04 amd64
-openjdk-8-jdk-headless 8u402-ga-2ubuntu1~22.04 amd64
-openjdk-8-jre 8u402-ga-2ubuntu1~22.04 amd64
-openjdk-8-jre-headless 8u402-ga-2ubuntu1~22.04 amd64
+openjdk-11-jre 11.0.23+9-1ubuntu1~22.04.1 amd64
+openjdk-11-jre-headless 11.0.23+9-1ubuntu1~22.04.1 amd64
+openjdk-8-jdk 8u412-ga-1~22.04.1 amd64
+openjdk-8-jdk-headless 8u412-ga-1~22.04.1 amd64
+openjdk-8-jre 8u412-ga-1~22.04.1 amd64
+openjdk-8-jre-headless 8u412-ga-1~22.04.1 amd64
-qemu-block-extra 1:6.2+dfsg-2ubuntu6.19 amd64
+qemu-block-extra 1:6.2+dfsg-2ubuntu6.21 amd64
-qemu-system-common 1:6.2+dfsg-2ubuntu6.19 amd64
-qemu-system-data 1:6.2+dfsg-2ubuntu6.19 all
-qemu-system-x86 1:6.2+dfsg-2ubuntu6.19 amd64
-qemu-utils 1:6.2+dfsg-2ubuntu6.19 amd64
+qemu-system-common 1:6.2+dfsg-2ubuntu6.21 amd64
+qemu-system-data 1:6.2+dfsg-2ubuntu6.21 all
+qemu-system-x86 1:6.2+dfsg-2ubuntu6.21 amd64
+qemu-utils 1:6.2+dfsg-2ubuntu6.21 amd64
-vim 2:8.2.3995-1ubuntu2.16 amd64
+vim 2:8.2.3995-1ubuntu2.17 amd64
-vim-common 2:8.2.3995-1ubuntu2.16 all
-vim-gtk3 2:8.2.3995-1ubuntu2.16 amd64
-vim-gui-common 2:8.2.3995-1ubuntu2.16 all
+vim-common 2:8.2.3995-1ubuntu2.17 all
+vim-gtk3 2:8.2.3995-1ubuntu2.17 amd64
+vim-gui-common 2:8.2.3995-1ubuntu2.17 all
-vim-runtime 2:8.2.3995-1ubuntu2.16 all
+vim-runtime 2:8.2.3995-1ubuntu2.17 all
-vim-tiny 2:8.2.3995-1ubuntu2.16 amd64
+vim-tiny 2:8.2.3995-1ubuntu2.17 amd64
-xxd 2:8.2.3995-1ubuntu2.16 amd64
+xxd 2:8.2.3995-1ubuntu2.17 amd64

diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy
index 41f5979da2bc0162f4226b220f5def8cbccb2888..f344b05449be91ca97ccf003196fdb7a6832b0c7 100644 (file)
--- a/java-11-openjdk/security/default.policy
+++ b/java-11-openjdk/security/default.policy
@@ -90,6 +90,8 @@ grant codeBase "jrt:/java.xml.crypto" {
                    "removeProviderProperty.XMLDSig";
     permission java.security.SecurityPermission
                    "com.sun.org.apache.xml.internal.security.register";
+    permission java.security.SecurityPermission
+                   "getProperty.jdk.xml.dsig.hereFunctionSupported";
     permission java.security.SecurityPermission
                    "getProperty.jdk.xml.dsig.secureValidationPolicy";
     permission java.lang.RuntimePermission

diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security
index a3113e76aa9b924d3556698ba286150588e46434..177cbc0aa61ffa9d065bf54d973b2b8b3a6a6843 100644 (file)
--- a/java-11-openjdk/security/java.security
+++ b/java-11-openjdk/security/java.security
@@ -933,10 +933,11 @@ jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37, \
 crypto.policy=unlimited
 
 #
-# The policy for the XML Signature secure validation mode. The mode is
-# enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
-# true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
-# or by running the code with a SecurityManager.
+# The policy for the XML Signature secure validation mode. Validation of
+# XML Signatures that violate any of these constraints will fail. The
+# mode is enforced by default. The mode can be disabled by setting the
+# property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the
+# javax.xml.crypto.XMLCryptoContext.setProperty() method.
 #
 #   Policy:
 #       Constraint {"," Constraint }
@@ -963,8 +964,8 @@ crypto.policy=unlimited
 # MaxReferencesConstraint or KeySizeConstraint (for the same key type) is
 # specified more than once, only the last entry is enforced.
 #
-# Note: This property is currently used by the JDK Reference implementation. It
-# is not guaranteed to be examined and used by other implementations.
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
 #
 jdk.xml.dsig.secureValidationPolicy=\
     disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
@@ -1294,6 +1295,23 @@ jdk.security.caDistrustPolicies=SYMANTEC_TLS
 #
 jdk.io.permissionsUseCanonicalPath=false
 
+#
+# Support for the here() function
+#
+# This security property determines whether the here() XPath function is
+# supported in XML Signature generation and verification.
+#
+# If this property is set to false, the here() function is not supported.
+# Generating an XML Signature that uses the here() function will throw an
+# XMLSignatureException. Validating an existing XML Signature that uses the
+# here() function will also throw an XMLSignatureException.
+#
+# The default value for this property is true.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+#jdk.xml.dsig.hereFunctionSupported=true
 
 #
 # Policies for the proxy_impersonator Kerberos ccache configuration entry

diff --git a/java-11-openjdk/security/public_suffix_list.dat b/java-11-openjdk/security/public_suffix_list.dat
index 207d491fdc7a45e47dd4594c3915f8dd6c72e435..2285622ac870680a34f8d864f6a6260cbb92e9af 100644 (file)
Binary files a/java-11-openjdk/security/public_suffix_list.dat and b/java-11-openjdk/security/public_suffix_list.dat differ