From db529279d69499dc1082ad0bae6e4551938137a7 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 10 Nov 2022 00:36:57 +0100 Subject: [PATCH] committing changes in /etc made by "/usr/bin/apt full-upgrade -y" Packages with configuration changes: -openjdk-11-jre-headless 11.0.16+8-0ubuntu1~22.04 amd64 -openjdk-8-jre-headless 8u342-b07-0ubuntu1~22.04 amd64 +openjdk-11-jre-headless 11.0.17+8-1ubuntu2~22.04 amd64 +openjdk-8-jre-headless 8u352-ga-1~22.04 amd64 Package changes: -openjdk-11-jre 11.0.16+8-0ubuntu1~22.04 amd64 -openjdk-11-jre-headless 11.0.16+8-0ubuntu1~22.04 amd64 -openjdk-8-jdk 8u342-b07-0ubuntu1~22.04 amd64 -openjdk-8-jdk-headless 8u342-b07-0ubuntu1~22.04 amd64 -openjdk-8-jre 8u342-b07-0ubuntu1~22.04 amd64 -openjdk-8-jre-headless 8u342-b07-0ubuntu1~22.04 amd64 +openjdk-11-jre 11.0.17+8-1ubuntu2~22.04 amd64 +openjdk-11-jre-headless 11.0.17+8-1ubuntu2~22.04 amd64 +openjdk-8-jdk 8u352-ga-1~22.04 amd64 +openjdk-8-jdk-headless 8u352-ga-1~22.04 amd64 +openjdk-8-jre 8u352-ga-1~22.04 amd64 +openjdk-8-jre-headless 8u352-ga-1~22.04 amd64 --- java-11-openjdk/jfr/default.jfc | 5 +++++ java-11-openjdk/jfr/profile.jfc | 5 +++++ java-11-openjdk/security/default.policy | 2 ++ java-11-openjdk/security/java.security | 14 ++++++++------ java-8-openjdk/security/java.policy | 1 + 5 files changed, 21 insertions(+), 6 deletions(-) diff --git a/java-11-openjdk/jfr/default.jfc b/java-11-openjdk/jfr/default.jfc index 1a1d420..0a2838d 100644 --- a/java-11-openjdk/jfr/default.jfc +++ b/java-11-openjdk/jfr/default.jfc @@ -603,6 +603,11 @@ 20 ms + + false + true + + false true diff --git a/java-11-openjdk/jfr/profile.jfc b/java-11-openjdk/jfr/profile.jfc index edde79c..140aeda 100644 --- a/java-11-openjdk/jfr/profile.jfc +++ b/java-11-openjdk/jfr/profile.jfc @@ -603,6 +603,11 @@ 10 ms + + false + true + + false true diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy index 5db744f..41f5979 100644 --- a/java-11-openjdk/security/default.policy +++ b/java-11-openjdk/security/default.policy @@ -78,6 +78,8 @@ grant codeBase "jrt:/java.sql.rowset" { grant codeBase "jrt:/java.xml.crypto" { + permission java.lang.RuntimePermission + "getStackWalkerWithClassReference"; permission java.lang.RuntimePermission "accessClassInPackage.sun.security.util"; permission java.util.PropertyPermission "*", "read"; diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security index c3698ea..541b981 100644 --- a/java-11-openjdk/security/java.security +++ b/java-11-openjdk/security/java.security @@ -554,7 +554,7 @@ jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \ # can be included in the disabledAlgorithms properties. These properties are # to help manage common actions easier across multiple disabledAlgorithm # properties. -# There is one defined security property: jdk.disabled.NamedCurves +# There is one defined security property: jdk.disabled.namedCurves # See the property for more specific details. # # @@ -631,6 +631,7 @@ jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \ # jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \ + SHA1 usage SignedJAR & denyAfter 2019-01-01, \ include jdk.disabled.namedCurves # @@ -695,7 +696,8 @@ jdk.security.legacyAlgorithms=SHA1, \ # See "jdk.certpath.disabledAlgorithms" for syntax descriptions. # jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ - DSA keySize < 1024, include jdk.disabled.namedCurves + DSA keySize < 1024, SHA1 denyAfter 2019-01-01, \ + include jdk.disabled.namedCurves # # Algorithm restrictions for Secure Socket Layer/Transport Layer Security @@ -1189,12 +1191,12 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep # The algorithm used to calculate the optional MacData at the end of a PKCS12 # file. This can be any HmacPBE algorithm defined in the Mac section of the # Java Security Standard Algorithm Names Specification. When set to "NONE", -# no Mac is generated. The default value is "HmacPBESHA1". -#keystore.pkcs12.macAlgorithm = HmacPBESHA1 +# no Mac is generated. The default value is "HmacPBESHA256". +#keystore.pkcs12.macAlgorithm = HmacPBESHA256 # The iteration count used by the MacData algorithm. This value must be a -# positive integer. The default value is 100000. -#keystore.pkcs12.macIterationCount = 100000 +# positive integer. The default value is 10000. +#keystore.pkcs12.macIterationCount = 10000 # # Enhanced exception message information diff --git a/java-8-openjdk/security/java.policy b/java-8-openjdk/security/java.policy index ce437f1..39a9b73 100644 --- a/java-8-openjdk/security/java.policy +++ b/java-8-openjdk/security/java.policy @@ -86,6 +86,7 @@ grant { permission java.util.PropertyPermission "line.separator", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; + permission java.util.PropertyPermission "java.specification.maintenance.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; -- 2.39.5