committing changes in /etc made by "/usr/bin/apt full-upgrade -y"

author Frank Brehm <frank@brehm-online.com>

Mon, 27 Jul 2020 07:46:52 +0000 (09:46 +0200)

committer Frank Brehm <root@bruni.home.brehm-online.com>

Mon, 27 Jul 2020 07:46:52 +0000 (09:46 +0200)
author Frank Brehm <frank@brehm-online.com>
Mon, 27 Jul 2020 07:46:52 +0000 (09:46 +0200)
committer Frank Brehm <root@bruni.home.brehm-online.com>
Mon, 27 Jul 2020 07:46:52 +0000 (09:46 +0200)
diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy

index 2c11f4665cfd5e521f35396230a2481a4d335fd6..694e403dd5c9b75eb9d7eb851c63c9f5f74e81ec 100644 (file)
--- a/java-11-openjdk/security/default.policy
+++ b/java-11-openjdk/security/default.policy
@@ -162,10 +162,14 @@ grant codeBase "jrt:/jdk.internal.vm.compiler" {
  };
  
  grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
-    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.vm.compiler.collections";
      permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
-    permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi";
-    permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.core.common";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.debug";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.options";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.phases.common.jmx";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.serviceprovider";
  };
  
  grant codeBase "jrt:/jdk.jsobject" {
diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security

index e922ef3e5be9d76d5e854387fb6e0d6c73dc7c94..788ee8431e5db698731ba69e93b94beef43b7bd2 100644 (file)
--- a/java-11-openjdk/security/java.security
+++ b/java-11-openjdk/security/java.security
@@ -1195,3 +1195,15 @@ jdk.io.permissionsUseCanonicalPath=false
  #
  #jdk.security.krb5.default.initiate.credential=always-impersonate
  
+#
+# Trust Anchor Certificates - CA Basic Constraint check
+#
+# X.509 v3 certificates used as Trust Anchors (to validate signed code or TLS
+# connections) must have the cA Basic Constraint field set to 'true'. Also, if
+# they include a Key Usage extension, the keyCertSign bit must be set. These
+# checks, enabled by default, can be disabled for backward-compatibility
+# purposes with the jdk.security.allowNonCaAnchor System and Security
+# properties. In the case that both properties are simultaneously set, the
+# System value prevails. The default value of the property is "false".
+#
+#jdk.security.allowNonCaAnchor=true
author	Frank Brehm <frank@brehm-online.com>
	Mon, 27 Jul 2020 07:46:52 +0000 (09:46 +0200)
committer	Frank Brehm <root@bruni.home.brehm-online.com>
	Mon, 27 Jul 2020 07:46:52 +0000 (09:46 +0200)
java-11-openjdk/security/default.policy		patch \| blob \| history
java-11-openjdk/security/java.security		patch \| blob \| history