committing changes in /etc made by "/usr/bin/apt full-upgrade -y"

Packages with configuration changes:
-openjdk-11-jre-headless 11.0.16+8-0ubuntu1~22.04 amd64
-openjdk-8-jre-headless 8u342-b07-0ubuntu1~22.04 amd64
+openjdk-11-jre-headless 11.0.17+8-1ubuntu2~22.04 amd64
+openjdk-8-jre-headless 8u352-ga-1~22.04 amd64

Package changes:
-openjdk-11-jre 11.0.16+8-0ubuntu1~22.04 amd64
-openjdk-11-jre-headless 11.0.16+8-0ubuntu1~22.04 amd64
-openjdk-8-jdk 8u342-b07-0ubuntu1~22.04 amd64
-openjdk-8-jdk-headless 8u342-b07-0ubuntu1~22.04 amd64
-openjdk-8-jre 8u342-b07-0ubuntu1~22.04 amd64
-openjdk-8-jre-headless 8u342-b07-0ubuntu1~22.04 amd64
+openjdk-11-jre 11.0.17+8-1ubuntu2~22.04 amd64
+openjdk-11-jre-headless 11.0.17+8-1ubuntu2~22.04 amd64
+openjdk-8-jdk 8u352-ga-1~22.04 amd64
+openjdk-8-jdk-headless 8u352-ga-1~22.04 amd64
+openjdk-8-jre 8u352-ga-1~22.04 amd64
+openjdk-8-jre-headless 8u352-ga-1~22.04 amd64

diff --git a/java-11-openjdk/jfr/default.jfc b/java-11-openjdk/jfr/default.jfc
index 1a1d420d73fd1006f66e485ea792b1e0470b2b62..0a2838d90dea62daedf8c014483f204a38957437 100644 (file)
--- a/java-11-openjdk/jfr/default.jfc
+++ b/java-11-openjdk/jfr/default.jfc
@@ -603,6 +603,11 @@
       <setting name="threshold" control="socket-io-threshold">20 ms</setting>
     </event>
 
+    <event name="jdk.Deserialization">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.SecurityPropertyModification">
        <setting name="enabled">false</setting>
        <setting name="stackTrace">true</setting>

diff --git a/java-11-openjdk/jfr/profile.jfc b/java-11-openjdk/jfr/profile.jfc
index edde79ce7c3c2b155afd00b114275bce55623480..140aeda7040bd20f7301e35aab8ade6cc9a6281a 100644 (file)
--- a/java-11-openjdk/jfr/profile.jfc
+++ b/java-11-openjdk/jfr/profile.jfc
@@ -603,6 +603,11 @@
       <setting name="threshold" control="socket-io-threshold">10 ms</setting>
     </event>
 
+    <event name="jdk.Deserialization">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.SecurityPropertyModification">
        <setting name="enabled">false</setting>
        <setting name="stackTrace">true</setting>

diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy
index 5db744ff17adb8d053bc1b50112a679ad17cbebd..41f5979da2bc0162f4226b220f5def8cbccb2888 100644 (file)
--- a/java-11-openjdk/security/default.policy
+++ b/java-11-openjdk/security/default.policy
@@ -78,6 +78,8 @@ grant codeBase "jrt:/java.sql.rowset" {
 
 
 grant codeBase "jrt:/java.xml.crypto" {
+    permission java.lang.RuntimePermission
+                   "getStackWalkerWithClassReference";
     permission java.lang.RuntimePermission
                    "accessClassInPackage.sun.security.util";
     permission java.util.PropertyPermission "*", "read";

diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security
index c3698ea62bbd7e4880b5d05e821bedcc30e8279c..541b981016c127a1db09de3804fec7405bc307e8 100644 (file)
--- a/java-11-openjdk/security/java.security
+++ b/java-11-openjdk/security/java.security
@@ -554,7 +554,7 @@ jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
 # can be included in the disabledAlgorithms properties.  These properties are
 # to help manage common actions easier across multiple disabledAlgorithm
 # properties.
-# There is one defined security property:  jdk.disabled.NamedCurves
+# There is one defined security property:  jdk.disabled.namedCurves
 # See the property for more specific details.
 #
 #
@@ -631,6 +631,7 @@ jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    SHA1 usage SignedJAR & denyAfter 2019-01-01, \
     include jdk.disabled.namedCurves
 
 #
@@ -695,7 +696,8 @@ jdk.security.legacyAlgorithms=SHA1, \
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-      DSA keySize < 1024, include jdk.disabled.namedCurves
+      DSA keySize < 1024, SHA1 denyAfter 2019-01-01, \
+      include jdk.disabled.namedCurves
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
@@ -1189,12 +1191,12 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep
 # The algorithm used to calculate the optional MacData at the end of a PKCS12
 # file. This can be any HmacPBE algorithm defined in the Mac section of the
 # Java Security Standard Algorithm Names Specification. When set to "NONE",
-# no Mac is generated. The default value is "HmacPBESHA1".
-#keystore.pkcs12.macAlgorithm = HmacPBESHA1
+# no Mac is generated. The default value is "HmacPBESHA256".
+#keystore.pkcs12.macAlgorithm = HmacPBESHA256
 
 # The iteration count used by the MacData algorithm. This value must be a
-# positive integer. The default value is 100000.
-#keystore.pkcs12.macIterationCount = 100000
+# positive integer. The default value is 10000.
+#keystore.pkcs12.macIterationCount = 10000
 
 #
 # Enhanced exception message information

diff --git a/java-8-openjdk/security/java.policy b/java-8-openjdk/security/java.policy
index ce437f105ef7e0b0a26fd14a37eaa60efb3006b8..39a9b73be6fb1881c48755f0b881b86dcb8f9f40 100644 (file)
--- a/java-8-openjdk/security/java.policy
+++ b/java-8-openjdk/security/java.policy
@@ -86,6 +86,7 @@ grant {
         permission java.util.PropertyPermission "line.separator", "read";
 
         permission java.util.PropertyPermission "java.specification.version", "read";
+        permission java.util.PropertyPermission "java.specification.maintenance.version", "read";
         permission java.util.PropertyPermission "java.specification.vendor", "read";
         permission java.util.PropertyPermission "java.specification.name", "read";