From: Frank Brehm Date: Tue, 16 Apr 2019 22:08:46 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=a6a403e43982da87eca214d10628ccbbd81ef164;p=config%2Fbruni%2Fetc-mint.git committing changes in /etc after apt run Package changes: -autopoint 0.19.8.1-6ubuntu0.1 all +autopoint 0.19.8.1-6ubuntu0.3 all -console-setup 1.178ubuntu2.7 all -console-setup-linux 1.178ubuntu2.7 all +console-setup 1.178ubuntu2.8 all +console-setup-linux 1.178ubuntu2.8 all -default-jre 2:1.10-63ubuntu1~02 amd64 -default-jre-headless 2:1.10-63ubuntu1~02 amd64 +default-jre 2:1.11-68ubuntu1~18.04.1 amd64 +default-jre-headless 2:1.11-68ubuntu1~18.04.1 amd64 -fonts-liberation2 2.00.1-7~18.04.1 all +fonts-liberation2 2.00.1-7~18.04.2 all -fonts-opensymbol 2:102.10+LibO6.0.7-0ubuntu0.18.04.2 all +fonts-opensymbol 2:102.10+LibO6.0.7-0ubuntu0.18.04.5 all -gettext 0.19.8.1-6ubuntu0.1 amd64 -gettext-base 0.19.8.1-6ubuntu0.1 amd64 +gettext 0.19.8.1-6ubuntu0.3 amd64 +gettext-base 0.19.8.1-6ubuntu0.3 amd64 -gir1.2-javascriptcoregtk-4.0 2.22.6-0ubuntu0.18.04.1 amd64 +gir1.2-javascriptcoregtk-4.0 2.24.1-0ubuntu0.18.04.1 amd64 -gir1.2-webkit2-4.0 2.22.6-0ubuntu0.18.04.1 amd64 +gir1.2-webkit2-4.0 2.24.1-0ubuntu0.18.04.1 amd64 -java-common 0.63ubuntu1~02 all +java-common 0.68ubuntu1~18.04.1 all -keyboard-configuration 1.178ubuntu2.7 all +keyboard-configuration 1.178ubuntu2.8 all -libaio1 0.3.110-5 amd64 +libaio1 0.3.110-5ubuntu0.1 amd64 +libel-api-java 3.0.0-2~18.04 all -libhsqldb1.8.0-java 1.8.0.10+dfsg-8 all +libhsqldb1.8.0-java 1.8.0.10+dfsg-10~18.04 all -libjavascriptcoregtk-4.0-18 2.22.6-0ubuntu0.18.04.1 amd64 +libjavascriptcoregtk-4.0-18 2.24.1-0ubuntu0.18.04.1 amd64 +libjsp-api-java 2.3.4-2~18.04 all -libreoffice-avmedia-backend-gstreamer 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-base 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-base-core 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-base-drivers 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-calc 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-common 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-core 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-draw 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-gnome 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-gtk3 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-help-de 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-en-gb 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-en-us 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-es 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-fr 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-it 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-pt 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-pt-br 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-ru 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-zh-cn 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-help-zh-tw 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-impress 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-java-common 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-de 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-en-gb 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-en-za 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-es 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-fr 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-it 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-pt 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-pt-br 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-ru 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-zh-cn 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-l10n-zh-tw 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-math 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-ogltrans 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-pdfimport 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-sdbc-hsqldb 1:6.0.7-0ubuntu0.18.04.2 amd64 -libreoffice-style-galaxy 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-style-tango 1:6.0.7-0ubuntu0.18.04.2 all -libreoffice-writer 1:6.0.7-0ubuntu0.18.04.2 amd64 +libreoffice-avmedia-backend-gstreamer 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-base 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-base-core 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-base-drivers 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-calc 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-common 1:6.0.7-0ubuntu0.18.04.5 all +libreoffice-core 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-draw 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-gnome 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-gtk3 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-help-de 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-en-gb 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-en-us 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-es 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-fr 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-it 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-pt 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-pt-br 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-ru 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-zh-cn 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-help-zh-tw 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-impress 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-java-common 1:6.0.7-0ubuntu0.18.04.5 all +libreoffice-l10n-de 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-en-gb 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-en-za 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-es 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-fr 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-it 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-pt 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-pt-br 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-ru 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-zh-cn 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-l10n-zh-tw 1:6.0.7-0ubuntu0.18.04.4 all +libreoffice-math 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-ogltrans 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-pdfimport 1:6.0.7-0ubuntu0.18.04.5 all +libreoffice-sdbc-hsqldb 1:6.0.7-0ubuntu0.18.04.5 amd64 +libreoffice-style-galaxy 1:6.0.7-0ubuntu0.18.04.5 all +libreoffice-style-tango 1:6.0.7-0ubuntu0.18.04.5 all +libreoffice-writer 1:6.0.7-0ubuntu0.18.04.5 amd64 -libservlet3.1-java 8.5.30-1ubuntu1.4 all +libservlet-api-java 4.0.1-2~18.04 all +libservlet3.1-java 1:4.0.1-2~18.04 all -libwebkit2gtk-4.0-37 2.22.6-0ubuntu0.18.04.1 amd64 +libwebkit2gtk-4.0-37 2.24.1-0ubuntu0.18.04.1 amd64 +libwebsocket-api-java 1.1-1~18.04 all -openjdk-11-jre 10.0.2+13-1ubuntu0.18.04.4 amd64 -openjdk-11-jre-headless 10.0.2+13-1ubuntu0.18.04.4 amd64 +openjdk-11-jre 11.0.2+9-3ubuntu1~18.04.3 amd64 +openjdk-11-jre-headless 11.0.2+9-3ubuntu1~18.04.3 amd64 -python3-uno 1:6.0.7-0ubuntu0.18.04.2 amd64 +python3-uno 1:6.0.7-0ubuntu0.18.04.5 amd64 -uno-libs3 6.0.7-0ubuntu0.18.04.2 amd64 +uno-libs3 6.0.7-0ubuntu0.18.04.5 amd64 -ure 6.0.7-0ubuntu0.18.04.2 amd64 +ure 6.0.7-0ubuntu0.18.04.5 amd64 --- diff --git a/.etckeeper b/.etckeeper index 931cbe4..0d9c142 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1983,6 +1983,9 @@ maybe chmod 0644 'issue' maybe chmod 0644 'issue.net' maybe chmod 0755 'java-11-openjdk' maybe chmod 0644 'java-11-openjdk/accessibility.properties' +maybe chmod 0755 'java-11-openjdk/jfr' +maybe chmod 0644 'java-11-openjdk/jfr/default.jfc' +maybe chmod 0644 'java-11-openjdk/jfr/profile.jfc' maybe chmod 0644 'java-11-openjdk/jvm-amd64.cfg' maybe chmod 0644 'java-11-openjdk/logging.properties' maybe chmod 0755 'java-11-openjdk/management' @@ -2006,6 +2009,7 @@ maybe chmod 0644 'java-11-openjdk/security/policy/limited/exempt_local.policy' maybe chmod 0755 'java-11-openjdk/security/policy/unlimited' maybe chmod 0644 'java-11-openjdk/security/policy/unlimited/default_US_export.policy' maybe chmod 0644 'java-11-openjdk/security/policy/unlimited/default_local.policy' +maybe chmod 0644 'java-11-openjdk/security/public_suffix_list.dat' maybe chmod 0644 'java-11-openjdk/sound.properties' maybe chmod 0644 'java-11-openjdk/swing.properties' maybe chmod 0755 'java-8-openjdk' diff --git a/console-setup/cached_setup_keyboard.sh b/console-setup/cached_setup_keyboard.sh index 2bcb41f..30b46c1 100755 --- a/console-setup/cached_setup_keyboard.sh +++ b/console-setup/cached_setup_keyboard.sh @@ -10,4 +10,4 @@ kbd_mode '-u' < '/dev/tty3' kbd_mode '-u' < '/dev/tty4' kbd_mode '-u' < '/dev/tty5' kbd_mode '-u' < '/dev/tty6' -loadkeys '/tmp/tmpkbd.Ag4AHM' > '/dev/null' +loadkeys '/etc/console-setup/cached_UTF-8_del.kmap.gz' > '/dev/null' diff --git a/java-11-openjdk/jfr/default.jfc b/java-11-openjdk/jfr/default.jfc new file mode 100644 index 0000000..6164a4e --- /dev/null +++ b/java-11-openjdk/jfr/default.jfc @@ -0,0 +1,826 @@ + + + + + + + + true + everyChunk + + + + true + 1000 ms + + + + true + everyChunk + + + + true + 1000 ms + + + + true + + + + true + + + + true + true + 20 ms + + + + true + true + 20 ms + + + + true + true + 20 ms + + + + true + true + 20 ms + + + + false + true + 20 ms + + + + true + true + 0 ms + + + + true + true + 0 ms + + + + true + true + 0 ms + + + + true + true + + + + false + true + 0 ms + + + + false + true + + + + false + + + + true + beginChunk + + + + true + beginChunk + + + + true + 20 ms + + + + true + 20 ms + + + + true + 10 ms + + + + false + 10 ms + + + + false + 10 ms + + + + false + 10 ms + + + + false + 10 ms + + + + false + 10 ms + + + + true + 10 ms + + + + true + true + + + + true + everyChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + false + everyChunk + + + + true + everyChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + false + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + true + + + + true + true + + + + true + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + false + 0 ms + + + + false + 0 ms + + + + true + 0 ms + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + false + + + + false + + + + true + + + + false + true + + + + true + + + + false + everyChunk + + + + false + + + + true + false + 0 ns + + + + true + beginChunk + + + + true + 1000 ms + + + + true + 1000 ms + + + + true + 60 s + + + + false + + + + false + + + + true + beginChunk + + + + true + everyChunk + + + + true + 100 ms + + + + true + beginChunk + + + + true + everyChunk + + + + true + + + + true + beginChunk + + + + true + beginChunk + + + + true + 10 s + + + + true + 1000 ms + + + + true + 10 s + + + + true + beginChunk + + + + true + endChunk + + + + true + 5 s + + + + true + beginChunk + + + + true + everyChunk + + + + false + true + + + + false + true + + + + true + everyChunk + + + + true + endChunk + + + + true + endChunk + + + + true + true + 20 ms + + + + true + true + 20 ms + + + + true + true + 20 ms + + + + true + true + 20 ms + + + + true + true + 20 ms + + + + false + true + + + + true + true + + + + true + 1000 ms + + + + true + + + + true + + + + true + + + + true + + + + true + 10 ms + + + + true + 0 ms + + + + true + 10 ms + + + + true + 10 ms + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 20 ms + + 20 ms + + 20 ms + + false + + + + diff --git a/java-11-openjdk/jfr/profile.jfc b/java-11-openjdk/jfr/profile.jfc new file mode 100644 index 0000000..267064a --- /dev/null +++ b/java-11-openjdk/jfr/profile.jfc @@ -0,0 +1,827 @@ + + + + + + + + true + everyChunk + + + + true + 1000 ms + + + + true + everyChunk + + + + true + 1000 ms + + + + true + + + + true + + + + true + true + 10 ms + + + + true + true + 10 ms + + + + true + true + 10 ms + + + + true + true + 10 ms + + + + true + true + 10 ms + + + + true + true + 0 ms + + + + true + true + 0 ms + + + + true + true + 0 ms + + + + true + true + + + + false + true + 0 ms + + + + false + true + + + + false + + + + true + beginChunk + + + + true + beginChunk + + + + true + 10 ms + + + + true + 10 ms + + + + true + 0 ms + + + + false + 0 ms + + + + false + 0 ms + + + + false + 0 ms + + + + false + 0 ms + + + + false + 0 ms + + + + true + 0 ms + + + + true + true + + + + true + 60 s + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + false + everyChunk + + + + true + everyChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + true + beginChunk + + + + false + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + true + + + + true + true + + + + true + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + true + 0 ms + + + + false + 0 ms + + + + false + 0 ms + + + + true + 0 ms + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + true + + + + false + true + + + + true + + + + false + everyChunk + + + + false + + + + true + true + 0 ns + + + + true + beginChunk + + + + true + 1000 ms + + + + true + 100 ms + + + + true + 10 s + + + + true + + + + false + + + + true + beginChunk + + + + true + everyChunk + + + + true + 100 ms + + + + true + beginChunk + + + + true + everyChunk + + + + true + + + + true + beginChunk + + + + true + beginChunk + + + + true + 10 s + + + + true + 1000 ms + + + + true + 10 s + + + + true + beginChunk + + + + true + endChunk + + + + true + 5 s + + + + true + beginChunk + + + + true + everyChunk + + + + true + true + + + + true + true + + + + true + everyChunk + + + + true + endChunk + + + + true + endChunk + + + + true + true + 10 ms + + + + true + true + 10 ms + + + + true + true + 10 ms + + + + true + true + 10 ms + + + + true + true + 10 ms + + + + false + true + + + + true + true + + + + true + 1000 ms + + + + true + + + + true + + + + true + + + + true + + + + true + 10 ms + + + + true + 0 ms + + + + 10 ms + true + + + + true + 10 ms + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 10 ms + + 10 ms + + 10 ms + + false + + + + diff --git a/java-11-openjdk/jvm-amd64.cfg b/java-11-openjdk/jvm-amd64.cfg index 6cebec3..76516d1 100644 --- a/java-11-openjdk/jvm-amd64.cfg +++ b/java-11-openjdk/jvm-amd64.cfg @@ -1,35 +1,3 @@ -# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. Oracle designates this -# particular file as subject to the "Classpath" exception as provided -# by Oracle in the LICENSE file that accompanied this code. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# -# List of JVMs that can be used as an option to java, javac, etc. -# Order is important -- first in this list is the default JVM. -# NOTE that both this file and its format are UNSUPPORTED and -# WILL GO AWAY in a future release. -# -# You may also select a JVM in an arbitrary location with the -# "-XXaltjvm=" option, but that too is unsupported -# and may not be available in a future release. -# -server KNOWN -client IGNORE -zero KNOWN diff --git a/java-11-openjdk/management/management.properties b/java-11-openjdk/management/management.properties index 1f8d86e..0c14bd6 100644 --- a/java-11-openjdk/management/management.properties +++ b/java-11-openjdk/management/management.properties @@ -5,7 +5,6 @@ # The Management Configuration file (in java.util.Properties format) # will be read if one of the following system properties is set: # -Dcom.sun.management.jmxremote.port= -# or -Dcom.sun.management.snmp.port= # or -Dcom.sun.management.config.file= # # The default Management Configuration file is: @@ -26,8 +25,6 @@ # For setting the JMX RMI agent port use the following line # com.sun.management.jmxremote.port= # -# For setting the SNMP agent port use the following line -# com.sun.management.snmp.port= ##################################################################### # Optional Instrumentation @@ -49,82 +46,6 @@ # To enable thread contention monitoring, uncomment the following line # com.sun.management.enableThreadContentionMonitoring -##################################################################### -# SNMP Management Properties -##################################################################### -# -# If the system property -Dcom.sun.management.snmp.port= -# is set then -# - The SNMP agent (with the Java virtual machine MIB) is started -# that listens on the specified port for incoming SNMP requests. -# - the following properties for read for SNMP management. -# -# The configuration can be specified only at startup time. -# Later changes to the above system property (e.g. via setProperty method), this -# config file, or the ACL file has no effect to the running SNMP agent. -# - -# -# ##################### SNMP Trap Port ######################### -# -# com.sun.management.snmp.trap= -# Specifies the remote port number at which managers are expected -# to listen for trap. For each host defined in the ACL file, -# the SNMP agent will send traps at : -# Default for this property is 162. -# - -# To set port for sending traps to a different port use the following line -# com.sun.management.snmp.trap= - -# -# ################ SNMP listen interface ######################### -# -# com.sun.management.snmp.interface= -# Specifies the local interface on which the SNMP agent will bind. -# This is useful when running on machines which have several -# interfaces defined. It makes it possible to listen to a specific -# subnet accessible through that interface. -# Default for this property is "localhost". -# -# The format of the value for that property is any string accepted -# by java.net.InetAddress.getByName(String). -# - -# For restricting the port on which SNMP agent listens use the following line -# com.sun.management.snmp.interface= - -# -# #################### SNMP ACL file ######################### -# -# com.sun.management.snmp.acl=true|false -# Default for this property is true. (Case for true/false ignored) -# If this property is specified as false then the ACL file -# is not checked: all manager hosts are allowed all access. -# - -# For SNMP without checking ACL file uncomment the following line -# com.sun.management.snmp.acl=false - -# -# com.sun.management.snmp.acl.file=filepath -# Specifies location for ACL file -# This is optional - default location is -# $JRE/conf/management/snmp.acl -# -# If the property "com.sun.management.snmp.acl" is set to false, -# then this property and the ACL file are ignored. -# Otherwise the ACL file must exist and be in the valid format. -# If the ACL file is empty or non existent then no access is allowed. -# -# The SNMP agent will read the ACL file at startup time. -# Modification to the ACL file has no effect to any running SNMP -# agents which read that ACL file at startup. -# - -# For a non-default acl file location use the following line -# com.sun.management.snmp.acl.file=filepath - ##################################################################### # RMI Management Properties ##################################################################### diff --git a/java-11-openjdk/net.properties b/java-11-openjdk/net.properties index ac94b30..d95715d 100644 --- a/java-11-openjdk/net.properties +++ b/java-11-openjdk/net.properties @@ -1,5 +1,5 @@ ############################################################ -# Default Networking Configuration File +# Default Networking Configuration File # # This file may contain default values for the networking system properties. # These values are only used when the system properties are not specified @@ -14,7 +14,7 @@ # Note that the system properties that do explicitly set proxies # (like http.proxyHost) do take precedence over the system settings # even if java.net.useSystemProxies is set to true. - + java.net.useSystemProxies=false #------------------------------------------------------------------------ @@ -66,8 +66,8 @@ ftp.nonProxyHosts=localhost|127.*|[::1] # socksProxyPort=1080 # # HTTP Keep Alive settings. remainingData is the maximum amount of data -# in kilobytes that will be cleaned off the underlying socket so that it -# can be reused (default value is 512K), queuedConnections is the maximum +# in kilobytes that will be cleaned off the underlying socket so that it +# can be reused (default value is 512K), queuedConnections is the maximum # number of Keep Alive connections to be on the queue for clean up (default # value is 10). # http.KeepAlive.remainingData=512 @@ -99,3 +99,23 @@ ftp.nonProxyHosts=localhost|127.*|[::1] #jdk.http.auth.proxying.disabledSchemes= jdk.http.auth.tunneling.disabledSchemes=Basic +# +# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication +# can be used for the NTLM scheme, where the security credentials based on the +# currently logged in user's name and password can be obtained directly from the +# operating system, without prompting the user. This property has three possible +# values which regulate the behavior as shown below. Other unrecognized values +# are handled the same as 'disabled'. Note, that NTLM is not considered to be a +# strongly secure authentication scheme and care should be taken before enabling +# this mechanism. +# +# Transparent authentication never used. +#jdk.http.ntlm.transparentAuth=disabled +# +# Enabled for all hosts. +#jdk.http.ntlm.transparentAuth=allHosts +# +# Enabled for hosts that are trusted in Windows Internet settings +#jdk.http.ntlm.transparentAuth=trustedHosts +# +jdk.http.ntlm.transparentAuth=disabled diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy index 6495d08..b0ffc99 100644 --- a/java-11-openjdk/security/default.policy +++ b/java-11-openjdk/security/default.policy @@ -8,16 +8,27 @@ // ${java.home}/conf/security/java.policy. // -grant codeBase "jrt:/java.activation" { - permission java.security.AllPermission; -}; grant codeBase "jrt:/java.compiler" { permission java.security.AllPermission; }; -grant codeBase "jrt:/java.corba" { - permission java.security.AllPermission; + +grant codeBase "jrt:/java.net.http" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.net"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www"; + permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; + permission java.net.SocketPermission "*","connect,resolve"; + permission java.net.URLPermission "http:*","*:*"; + permission java.net.URLPermission "https:*","*:*"; + permission java.net.URLPermission "ws:*","*:*"; + permission java.net.URLPermission "wss:*","*:*"; + permission java.net.URLPermission "socket:*","CONNECT"; // proxy + // For request/response body processors, fromFile, asFile + permission java.io.FilePermission "<>","read,write,delete"; + permission java.util.PropertyPermission "*","read"; + permission java.net.NetPermission "getProxySelector"; }; grant codeBase "jrt:/java.scripting" { @@ -65,9 +76,6 @@ grant codeBase "jrt:/java.sql.rowset" { permission java.security.AllPermission; }; -grant codeBase "jrt:/java.xml.bind" { - permission java.security.AllPermission; -}; grant codeBase "jrt:/java.xml.crypto" { permission java.lang.RuntimePermission @@ -90,9 +98,6 @@ grant codeBase "jrt:/java.xml.crypto" { "accessClassInPackage.com.sun.org.apache.xpath.internal.*"; }; -grant codeBase "jrt:/java.xml.ws" { - permission java.security.AllPermission; -}; grant codeBase "jrt:/jdk.accessibility" { permission java.lang.RuntimePermission "accessClassInPackage.sun.awt"; diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security index 5a857b9..f07aacf 100644 --- a/java-11-openjdk/security/java.security +++ b/java-11-openjdk/security/java.security @@ -653,8 +653,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC +jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ + EC keySize < 224, 3DES_EDE_CBC, anon, NULL # # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) @@ -777,6 +777,40 @@ jdk.tls.legacyAlgorithms= \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} +# +# TLS key limits on symmetric cryptographic algorithms +# +# This security property sets limits on algorithms key usage in TLS 1.3. +# When the amount of data encrypted exceeds the algorithm value listed below, +# a KeyUpdate message will trigger a key change. This is for symmetric ciphers +# with TLS 1.3 only. +# +# The syntax for the property is described below: +# KeyLimits: +# " KeyLimit { , KeyLimit } " +# +# WeakKeyLimit: +# AlgorithmName Action Length +# +# AlgorithmName: +# A full algorithm transformation. +# +# Action: +# KeyUpdate +# +# Length: +# The amount of encrypted data in a session before the Action occurs +# This value may be an integer value in bytes, or as a power of two, 2^29. +# +# KeyUpdate: +# The TLS 1.3 KeyUpdate handshake process begins when the Length amount +# is fulfilled. +# +# Note: This property is currently used by OpenJDK's JSSE implementation. It +# is not guaranteed to be examined and used by other implementations. +# +jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37 + # # Cryptographic Jurisdiction Policy defaults # @@ -790,14 +824,14 @@ jdk.tls.legacyAlgorithms= \ # limited: These policy files contain more restricted cryptographic # strengths # -# The default setting is determined by the value of the ���crypto.policy��� +# The default setting is determined by the value of the "crypto.policy" # Security property below. If your country or usage requires the -# traditional restrictive policy, the ���limited��� Java cryptographic +# traditional restrictive policy, the "limited" Java cryptographic # policy is still available and may be appropriate for your environment. # # If you have restrictions that do not fit either use case mentioned # above, Java provides the capability to customize these policy files. -# The ���crypto.policy��� security property points to a subdirectory +# The "crypto.policy" security property points to a subdirectory # within /conf/security/policy/ which can be customized. # Please see the /conf/security/policy/README.txt file or consult # the Java Security Guide/JCA documentation for more information. @@ -971,10 +1005,10 @@ jdk.xml.dsig.secureValidationPolicy=\ # # An IOR type check filter, if configured, is used by an ORB during # an ORB::string_to_object invocation to check the veracity of the type encoded -# in the ior string. +# in the ior string. # # The filter pattern consists of a semi-colon separated list of class names. -# The configured list contains the binary class names of the IDL interface types +# The configured list contains the binary class names of the IDL interface types # corresponding to the IDL stub class to be instantiated. # As such, a filter specifies a list of IDL stub classes that will be # allowed by an ORB when an ORB::string_to_object is invoked. @@ -1003,3 +1037,29 @@ jdk.xml.dsig.secureValidationPolicy=\ # and javax.crypto.spec.SecretKeySpec and rejects all the others. jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\ java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!* + +# +# Enhanced exception message information +# +# By default, exception messages should not include potentially sensitive +# information such as file names, host names, or port numbers. This property +# accepts one or more comma separated values, each of which represents a +# category of enhanced exception message information to enable. Values are +# case-insensitive. Leading and trailing whitespaces, surrounding each value, +# are ignored. Unknown values are ignored. +# +# NOTE: Use caution before setting this property. Setting this property +# exposes sensitive information in Exceptions, which could, for example, +# propagate to untrusted code or be emitted in stack traces that are +# inadvertently disclosed and made accessible over a public network. +# +# The categories are: +# +# hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the +# java.nio.channels package will contain enhanced exception +# message information +# +# The property setting in this file can be overridden by a system property of +# the same name, with the same syntax and possible values. +# +#jdk.includeInExceptions=hostInfo diff --git a/java-11-openjdk/security/policy/README.txt b/java-11-openjdk/security/policy/README.txt index e9138e7..fdf77d3 100644 --- a/java-11-openjdk/security/policy/README.txt +++ b/java-11-openjdk/security/policy/README.txt @@ -8,7 +8,7 @@ Import and export control rules on cryptographic software vary from country to country. The Java Cryptography Extension (JCE) architecture allows flexible cryptographic key strength to be configured via the -jurisdiction policy files which are referenced by the “crypto.policy” +jurisdiction policy files which are referenced by the "crypto.policy" security property in the /conf/security/java.security file. By default, Java provides two different sets of cryptographic policy @@ -20,8 +20,8 @@ files: limited: These policy files contain more restricted cryptographic strengths -These files reside in /conf/security/policy in the “unlimited” -or “limited” subdirectories respectively. +These files reside in /conf/security/policy in the "unlimited" +or "limited" subdirectories respectively. Each subdirectory contains a complete policy configuration, and subdirectories can be added/edited/removed to reflect your diff --git a/java-11-openjdk/security/public_suffix_list.dat b/java-11-openjdk/security/public_suffix_list.dat new file mode 100644 index 0000000..9b0f023 Binary files /dev/null and b/java-11-openjdk/security/public_suffix_list.dat differ