From: Frank Brehm <frank@brehm-online.com>
Date: Wed, 9 Nov 2022 23:36:57 +0000 (+0100)
Subject: committing changes in /etc made by "/usr/bin/apt full-upgrade -y"
X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=db529279d69499dc1082ad0bae6e4551938137a7;p=config%2Fbruni%2Fetc-mint-new1.git

committing changes in /etc made by "/usr/bin/apt full-upgrade -y"

Packages with configuration changes:
-openjdk-11-jre-headless 11.0.16+8-0ubuntu1~22.04 amd64
-openjdk-8-jre-headless 8u342-b07-0ubuntu1~22.04 amd64
+openjdk-11-jre-headless 11.0.17+8-1ubuntu2~22.04 amd64
+openjdk-8-jre-headless 8u352-ga-1~22.04 amd64

Package changes:
-openjdk-11-jre 11.0.16+8-0ubuntu1~22.04 amd64
-openjdk-11-jre-headless 11.0.16+8-0ubuntu1~22.04 amd64
-openjdk-8-jdk 8u342-b07-0ubuntu1~22.04 amd64
-openjdk-8-jdk-headless 8u342-b07-0ubuntu1~22.04 amd64
-openjdk-8-jre 8u342-b07-0ubuntu1~22.04 amd64
-openjdk-8-jre-headless 8u342-b07-0ubuntu1~22.04 amd64
+openjdk-11-jre 11.0.17+8-1ubuntu2~22.04 amd64
+openjdk-11-jre-headless 11.0.17+8-1ubuntu2~22.04 amd64
+openjdk-8-jdk 8u352-ga-1~22.04 amd64
+openjdk-8-jdk-headless 8u352-ga-1~22.04 amd64
+openjdk-8-jre 8u352-ga-1~22.04 amd64
+openjdk-8-jre-headless 8u352-ga-1~22.04 amd64
---

diff --git a/java-11-openjdk/jfr/default.jfc b/java-11-openjdk/jfr/default.jfc
index 1a1d420..0a2838d 100644
--- a/java-11-openjdk/jfr/default.jfc
+++ b/java-11-openjdk/jfr/default.jfc
@@ -603,6 +603,11 @@
       <setting name="threshold" control="socket-io-threshold">20 ms</setting>
     </event>
 
+    <event name="jdk.Deserialization">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.SecurityPropertyModification">
        <setting name="enabled">false</setting>
        <setting name="stackTrace">true</setting>
diff --git a/java-11-openjdk/jfr/profile.jfc b/java-11-openjdk/jfr/profile.jfc
index edde79c..140aeda 100644
--- a/java-11-openjdk/jfr/profile.jfc
+++ b/java-11-openjdk/jfr/profile.jfc
@@ -603,6 +603,11 @@
       <setting name="threshold" control="socket-io-threshold">10 ms</setting>
     </event>
 
+    <event name="jdk.Deserialization">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.SecurityPropertyModification">
        <setting name="enabled">false</setting>
        <setting name="stackTrace">true</setting>
diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy
index 5db744f..41f5979 100644
--- a/java-11-openjdk/security/default.policy
+++ b/java-11-openjdk/security/default.policy
@@ -78,6 +78,8 @@ grant codeBase "jrt:/java.sql.rowset" {
 
 
 grant codeBase "jrt:/java.xml.crypto" {
+    permission java.lang.RuntimePermission
+                   "getStackWalkerWithClassReference";
     permission java.lang.RuntimePermission
                    "accessClassInPackage.sun.security.util";
     permission java.util.PropertyPermission "*", "read";
diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security
index c3698ea..541b981 100644
--- a/java-11-openjdk/security/java.security
+++ b/java-11-openjdk/security/java.security
@@ -554,7 +554,7 @@ jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
 # can be included in the disabledAlgorithms properties.  These properties are
 # to help manage common actions easier across multiple disabledAlgorithm
 # properties.
-# There is one defined security property:  jdk.disabled.NamedCurves
+# There is one defined security property:  jdk.disabled.namedCurves
 # See the property for more specific details.
 #
 #
@@ -631,6 +631,7 @@ jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    SHA1 usage SignedJAR & denyAfter 2019-01-01, \
     include jdk.disabled.namedCurves
 
 #
@@ -695,7 +696,8 @@ jdk.security.legacyAlgorithms=SHA1, \
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-      DSA keySize < 1024, include jdk.disabled.namedCurves
+      DSA keySize < 1024, SHA1 denyAfter 2019-01-01, \
+      include jdk.disabled.namedCurves
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
@@ -1189,12 +1191,12 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep
 # The algorithm used to calculate the optional MacData at the end of a PKCS12
 # file. This can be any HmacPBE algorithm defined in the Mac section of the
 # Java Security Standard Algorithm Names Specification. When set to "NONE",
-# no Mac is generated. The default value is "HmacPBESHA1".
-#keystore.pkcs12.macAlgorithm = HmacPBESHA1
+# no Mac is generated. The default value is "HmacPBESHA256".
+#keystore.pkcs12.macAlgorithm = HmacPBESHA256
 
 # The iteration count used by the MacData algorithm. This value must be a
-# positive integer. The default value is 100000.
-#keystore.pkcs12.macIterationCount = 100000
+# positive integer. The default value is 10000.
+#keystore.pkcs12.macIterationCount = 10000
 
 #
 # Enhanced exception message information
diff --git a/java-8-openjdk/security/java.policy b/java-8-openjdk/security/java.policy
index ce437f1..39a9b73 100644
--- a/java-8-openjdk/security/java.policy
+++ b/java-8-openjdk/security/java.policy
@@ -86,6 +86,7 @@ grant {
         permission java.util.PropertyPermission "line.separator", "read";
 
         permission java.util.PropertyPermission "java.specification.version", "read";
+        permission java.util.PropertyPermission "java.specification.maintenance.version", "read";
         permission java.util.PropertyPermission "java.specification.vendor", "read";
         permission java.util.PropertyPermission "java.specification.name", "read";