From: Frank Brehm Date: Fri, 7 Jun 2024 21:04:53 +0000 (+0200) Subject: committing changes in /etc made by "/usr/bin/python3 /usr/bin/nala upgrade --purge" X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=0026bf2a7e5f2df24a94c80b4d887a2360cd1710;p=config%2Fbruni%2Fetc-mint-new1.git committing changes in /etc made by "/usr/bin/python3 /usr/bin/nala upgrade --purge" Packages with configuration changes: -openjdk-11-jre-headless 11.0.22+7-0ubuntu2~22.04.1 amd64 +openjdk-11-jre-headless 11.0.23+9-1ubuntu1~22.04.1 amd64 Package changes: -bind9 1:9.18.18-0ubuntu0.22.04.2 amd64 -bind9-dnsutils 1:9.18.18-0ubuntu0.22.04.2 amd64 -bind9-doc 1:9.18.18-0ubuntu0.22.04.2 all -bind9-host 1:9.18.18-0ubuntu0.22.04.2 amd64 -bind9-libs 1:9.18.18-0ubuntu0.22.04.2 amd64 -bind9-utils 1:9.18.18-0ubuntu0.22.04.2 amd64 -bind9utils 1:9.18.18-0ubuntu0.22.04.2 all +bind9 1:9.18.24-0ubuntu0.22.04.1 amd64 +bind9-dnsutils 1:9.18.24-0ubuntu0.22.04.1 amd64 +bind9-doc 1:9.18.24-0ubuntu0.22.04.1 all +bind9-host 1:9.18.24-0ubuntu0.22.04.1 amd64 +bind9-libs 1:9.18.24-0ubuntu0.22.04.1 amd64 +bind9-utils 1:9.18.24-0ubuntu0.22.04.1 amd64 +bind9utils 1:9.18.24-0ubuntu0.22.04.1 all -bluetooth 5.64-0ubuntu1.1 all -bluez 5.64-0ubuntu1.1 amd64 -bluez-cups 5.64-0ubuntu1.1 amd64 -bluez-obexd 5.64-0ubuntu1.1 amd64 +bluetooth 5.64-0ubuntu1.3 all +bluez 5.64-0ubuntu1.3 amd64 +bluez-cups 5.64-0ubuntu1.3 amd64 +bluez-obexd 5.64-0ubuntu1.3 amd64 -dnsutils 1:9.18.18-0ubuntu0.22.04.2 all +dnsutils 1:9.18.24-0ubuntu0.22.04.1 all -gir1.2-gdkpixbuf-2.0 2.42.8+dfsg-1ubuntu0.2 amd64 +gir1.2-gdkpixbuf-2.0 2.42.8+dfsg-1ubuntu0.3 amd64 -hexchat 2.16.0-4build1 amd64 -hexchat-common 2.16.0-4build1 all -hexchat-lua 2.16.0-4build1 amd64 +hexchat 2.16.0-4ubuntu0.1 amd64 +hexchat-common 2.16.0-4ubuntu0.1 all +hexchat-lua 2.16.0-4ubuntu0.1 amd64 -libarchive13 3.6.0-1ubuntu1 amd64 +libarchive13 3.6.0-1ubuntu1.1 amd64 -libbluetooth3 5.64-0ubuntu1.1 amd64 +libbluetooth3 5.64-0ubuntu1.3 amd64 -libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.2 amd64 -libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.2 i386 +libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.3 amd64 +libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.3 i386 -libgdk-pixbuf2.0-bin 2.42.8+dfsg-1ubuntu0.2 amd64 -libgdk-pixbuf2.0-common 2.42.8+dfsg-1ubuntu0.2 all +libgdk-pixbuf2.0-bin 2.42.8+dfsg-1ubuntu0.3 amd64 +libgdk-pixbuf2.0-common 2.42.8+dfsg-1ubuntu0.3 all -libvpx7 1.11.0-2ubuntu2.2 amd64 -libvpx7 1.11.0-2ubuntu2.2 i386 +libvpx7 1.11.0-2ubuntu2.3 amd64 +libvpx7 1.11.0-2ubuntu2.3 i386 -linux-libc-dev 5.15.0-107.117 amd64 +linux-libc-dev 5.15.0-112.122 amd64 -nala 0.15.2 all +nala 0.15.3 all -openjdk-11-jre 11.0.22+7-0ubuntu2~22.04.1 amd64 -openjdk-11-jre-headless 11.0.22+7-0ubuntu2~22.04.1 amd64 -openjdk-8-jdk 8u402-ga-2ubuntu1~22.04 amd64 -openjdk-8-jdk-headless 8u402-ga-2ubuntu1~22.04 amd64 -openjdk-8-jre 8u402-ga-2ubuntu1~22.04 amd64 -openjdk-8-jre-headless 8u402-ga-2ubuntu1~22.04 amd64 +openjdk-11-jre 11.0.23+9-1ubuntu1~22.04.1 amd64 +openjdk-11-jre-headless 11.0.23+9-1ubuntu1~22.04.1 amd64 +openjdk-8-jdk 8u412-ga-1~22.04.1 amd64 +openjdk-8-jdk-headless 8u412-ga-1~22.04.1 amd64 +openjdk-8-jre 8u412-ga-1~22.04.1 amd64 +openjdk-8-jre-headless 8u412-ga-1~22.04.1 amd64 -qemu-block-extra 1:6.2+dfsg-2ubuntu6.19 amd64 +qemu-block-extra 1:6.2+dfsg-2ubuntu6.21 amd64 -qemu-system-common 1:6.2+dfsg-2ubuntu6.19 amd64 -qemu-system-data 1:6.2+dfsg-2ubuntu6.19 all -qemu-system-x86 1:6.2+dfsg-2ubuntu6.19 amd64 -qemu-utils 1:6.2+dfsg-2ubuntu6.19 amd64 +qemu-system-common 1:6.2+dfsg-2ubuntu6.21 amd64 +qemu-system-data 1:6.2+dfsg-2ubuntu6.21 all +qemu-system-x86 1:6.2+dfsg-2ubuntu6.21 amd64 +qemu-utils 1:6.2+dfsg-2ubuntu6.21 amd64 -vim 2:8.2.3995-1ubuntu2.16 amd64 +vim 2:8.2.3995-1ubuntu2.17 amd64 -vim-common 2:8.2.3995-1ubuntu2.16 all -vim-gtk3 2:8.2.3995-1ubuntu2.16 amd64 -vim-gui-common 2:8.2.3995-1ubuntu2.16 all +vim-common 2:8.2.3995-1ubuntu2.17 all +vim-gtk3 2:8.2.3995-1ubuntu2.17 amd64 +vim-gui-common 2:8.2.3995-1ubuntu2.17 all -vim-runtime 2:8.2.3995-1ubuntu2.16 all +vim-runtime 2:8.2.3995-1ubuntu2.17 all -vim-tiny 2:8.2.3995-1ubuntu2.16 amd64 +vim-tiny 2:8.2.3995-1ubuntu2.17 amd64 -xxd 2:8.2.3995-1ubuntu2.16 amd64 +xxd 2:8.2.3995-1ubuntu2.17 amd64 --- diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy index 41f5979..f344b05 100644 --- a/java-11-openjdk/security/default.policy +++ b/java-11-openjdk/security/default.policy @@ -90,6 +90,8 @@ grant codeBase "jrt:/java.xml.crypto" { "removeProviderProperty.XMLDSig"; permission java.security.SecurityPermission "com.sun.org.apache.xml.internal.security.register"; + permission java.security.SecurityPermission + "getProperty.jdk.xml.dsig.hereFunctionSupported"; permission java.security.SecurityPermission "getProperty.jdk.xml.dsig.secureValidationPolicy"; permission java.lang.RuntimePermission diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security index a3113e7..177cbc0 100644 --- a/java-11-openjdk/security/java.security +++ b/java-11-openjdk/security/java.security @@ -933,10 +933,11 @@ jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37, \ crypto.policy=unlimited # -# The policy for the XML Signature secure validation mode. The mode is -# enabled by setting the property "org.jcp.xml.dsig.secureValidation" to -# true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, -# or by running the code with a SecurityManager. +# The policy for the XML Signature secure validation mode. Validation of +# XML Signatures that violate any of these constraints will fail. The +# mode is enforced by default. The mode can be disabled by setting the +# property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the +# javax.xml.crypto.XMLCryptoContext.setProperty() method. # # Policy: # Constraint {"," Constraint } @@ -963,8 +964,8 @@ crypto.policy=unlimited # MaxReferencesConstraint or KeySizeConstraint (for the same key type) is # specified more than once, only the last entry is enforced. # -# Note: This property is currently used by the JDK Reference implementation. It -# is not guaranteed to be examined and used by other implementations. +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. # jdk.xml.dsig.secureValidationPolicy=\ disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\ @@ -1294,6 +1295,23 @@ jdk.security.caDistrustPolicies=SYMANTEC_TLS # jdk.io.permissionsUseCanonicalPath=false +# +# Support for the here() function +# +# This security property determines whether the here() XPath function is +# supported in XML Signature generation and verification. +# +# If this property is set to false, the here() function is not supported. +# Generating an XML Signature that uses the here() function will throw an +# XMLSignatureException. Validating an existing XML Signature that uses the +# here() function will also throw an XMLSignatureException. +# +# The default value for this property is true. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. +# +#jdk.xml.dsig.hereFunctionSupported=true # # Policies for the proxy_impersonator Kerberos ccache configuration entry diff --git a/java-11-openjdk/security/public_suffix_list.dat b/java-11-openjdk/security/public_suffix_list.dat index 207d491..2285622 100644 Binary files a/java-11-openjdk/security/public_suffix_list.dat and b/java-11-openjdk/security/public_suffix_list.dat differ