committing changes in /etc after apt run

Package changes:
-chromium-codecs-ffmpeg-extra 105.0.5195.102-0ubuntu0.18.04.1 amd64
+chromium-codecs-ffmpeg-extra 107.0.5304.87-0ubuntu11.18.04.1 amd64
-code-brand 22.05-17 all
-collaboraoffice 22.05.7-3 amd64
-collaboraoffice-ure 22.05.7-3 amd64
+code-brand 22.05-18 all
+collaboraoffice 22.05.8-2 amd64
+collaboraoffice-ure 22.05.8-2 amd64
-collaboraofficebasis-calc 22.05.7-3 amd64
-collaboraofficebasis-core 22.05.7-3 amd64
-collaboraofficebasis-draw 22.05.7-3 amd64
-collaboraofficebasis-en-us 22.05.7-3 amd64
-collaboraofficebasis-extension-pdf-import 22.05.7-3 amd64
-collaboraofficebasis-graphicfilter 22.05.7-3 amd64
-collaboraofficebasis-images 22.05.7-3 amd64
-collaboraofficebasis-impress 22.05.7-3 amd64
-collaboraofficebasis-math 22.05.7-3 amd64
-collaboraofficebasis-ooofonts 22.05.7-3 amd64
-collaboraofficebasis-ooolinguistic 22.05.7-3 amd64
-collaboraofficebasis-writer 22.05.7-3 amd64
+collaboraofficebasis-calc 22.05.8-2 amd64
+collaboraofficebasis-core 22.05.8-2 amd64
+collaboraofficebasis-draw 22.05.8-2 amd64
+collaboraofficebasis-en-us 22.05.8-2 amd64
+collaboraofficebasis-extension-pdf-import 22.05.8-2 amd64
+collaboraofficebasis-graphicfilter 22.05.8-2 amd64
+collaboraofficebasis-images 22.05.8-2 amd64
+collaboraofficebasis-impress 22.05.8-2 amd64
+collaboraofficebasis-math 22.05.8-2 amd64
+collaboraofficebasis-ooofonts 22.05.8-2 amd64
+collaboraofficebasis-ooolinguistic 22.05.8-2 amd64
+collaboraofficebasis-writer 22.05.8-2 amd64
-coolwsd 22.05.7.3-1 amd64
+coolwsd 22.05.8.2-1 amd64
-distro-info-data 0.37ubuntu0.14 all
+distro-info-data 0.37ubuntu0.15 all
-expat 2.2.5-3ubuntu0.7 amd64
+expat 2.2.5-3ubuntu0.8 amd64
-firefox 106.0.3+linuxmint1+tricia amd64
-firefox-locale-de 106.0.3+linuxmint1+tricia amd64
-firefox-locale-en 106.0.3+linuxmint1+tricia amd64
+firefox 107.0+linuxmint1+tricia amd64
+firefox-locale-de 107.0+linuxmint1+tricia amd64
+firefox-locale-en 107.0+linuxmint1+tricia amd64
-kpartx 0.7.4-2ubuntu3.1 amd64
-kpartx-boot 0.7.4-2ubuntu3.1 all
+kpartx 0.7.4-2ubuntu3.2 amd64
+kpartx-boot 0.7.4-2ubuntu3.2 all
-libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.13 amd64
+libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.15 amd64
-libexpat1 2.2.5-3ubuntu0.7 amd64
-libexpat1 2.2.5-3ubuntu0.7 i386
-libexpat1-dev 2.2.5-3ubuntu0.7 amd64
+libexpat1 2.2.5-3ubuntu0.8 amd64
+libexpat1 2.2.5-3ubuntu0.8 i386
+libexpat1-dev 2.2.5-3ubuntu0.8 amd64
-libmariadb3 1:10.3.36+maria~ubu1804 amd64
+libmariadb3 1:10.3.37+maria~ubu1804 amd64
-libmysqlclient18 1:10.3.36+maria~ubu1804 amd64
+libmysqlclient18 1:10.3.37+maria~ubu1804 amd64
-libpixman-1-0 0.34.0-2 amd64
-libpixman-1-0 0.34.0-2 i386
+libpixman-1-0 0.34.0-2ubuntu0.1 amd64
+libpixman-1-0 0.34.0-2ubuntu0.1 i386
-libraw16 0.18.8-1ubuntu0.3 amd64
+libraw16 0.18.8-1ubuntu0.4 amd64
-libsqlite3-0 3.22.0-1ubuntu0.6 amd64
-libsqlite3-0 3.22.0-1ubuntu0.6 i386
+libsqlite3-0 3.22.0-1ubuntu0.7 amd64
+libsqlite3-0 3.22.0-1ubuntu0.7 i386
-libtiff5 4.0.9-5ubuntu0.7 amd64
-libtiff5 4.0.9-5ubuntu0.7 i386
+libtiff5 4.0.9-5ubuntu0.8 amd64
+libtiff5 4.0.9-5ubuntu0.8 i386
-linux-libc-dev 4.15.0-196.207 amd64
+linux-libc-dev 4.15.0-197.208 amd64
-mariadb-client-10.3 1:10.3.36+maria~ubu1804 amd64
-mariadb-client-core-10.3 1:10.3.36+maria~ubu1804 amd64
-mariadb-common 1:10.3.36+maria~ubu1804 all
-mariadb-server 1:10.3.36+maria~ubu1804 all
-mariadb-server-10.3 1:10.3.36+maria~ubu1804 amd64
-mariadb-server-core-10.3 1:10.3.36+maria~ubu1804 amd64
+mariadb-client-10.3 1:10.3.37+maria~ubu1804 amd64
+mariadb-client-core-10.3 1:10.3.37+maria~ubu1804 amd64
+mariadb-common 1:10.3.37+maria~ubu1804 all
+mariadb-server 1:10.3.37+maria~ubu1804 all
+mariadb-server-10.3 1:10.3.37+maria~ubu1804 amd64
+mariadb-server-core-10.3 1:10.3.37+maria~ubu1804 amd64
-mysql-common 1:10.3.36+maria~ubu1804 all
+mysql-common 1:10.3.37+maria~ubu1804 all
-openjdk-11-jre 11.0.16+8-0ubuntu1~18.04 amd64
-openjdk-11-jre-headless 11.0.16+8-0ubuntu1~18.04 amd64
-openjdk-17-jre 17.0.4+8-1~18.04 amd64
-openjdk-17-jre-headless 17.0.4+8-1~18.04 amd64
+openjdk-11-jre 11.0.17+8-1ubuntu2~18.04 amd64
+openjdk-11-jre-headless 11.0.17+8-1ubuntu2~18.04 amd64
+openjdk-17-jre 17.0.5+8-2ubuntu1~18.04 amd64
+openjdk-17-jre-headless 17.0.5+8-2ubuntu1~18.04 amd64
-openjdk-8-jre 8u342-b07-0ubuntu1~18.04 amd64
-openjdk-8-jre-headless 8u342-b07-0ubuntu1~18.04 amd64
+openjdk-8-jre 8u352-ga-1~18.04 amd64
+openjdk-8-jre-headless 8u352-ga-1~18.04 amd64
-php7.2 7.2.24-0ubuntu0.18.04.13 all
-php7.2-bcmath 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-bz2 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-cli 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-common 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-curl 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-fpm 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-gd 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-gmp 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-intl 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-json 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-ldap 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-mbstring 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-mysql 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-opcache 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-readline 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-soap 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-sqlite3 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-xml 7.2.24-0ubuntu0.18.04.13 amd64
-php7.2-zip 7.2.24-0ubuntu0.18.04.13 amd64
+php7.2 7.2.24-0ubuntu0.18.04.15 all
+php7.2-bcmath 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-bz2 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-cli 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-common 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-curl 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-fpm 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-gd 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-gmp 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-intl 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-json 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-ldap 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-mbstring 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-mysql 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-opcache 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-readline 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-soap 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-sqlite3 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-xml 7.2.24-0ubuntu0.18.04.15 amd64
+php7.2-zip 7.2.24-0ubuntu0.18.04.15 amd64
-sqlite3 3.22.0-1ubuntu0.6 amd64
+sqlite3 3.22.0-1ubuntu0.7 amd64
-thunderbird 1:102.2.2+build1-0ubuntu0.18.04.1 amd64
-thunderbird-gnome-support 1:102.2.2+build1-0ubuntu0.18.04.1 amd64
-thunderbird-locale-en 1:102.2.2+build1-0ubuntu0.18.04.1 amd64
-thunderbird-locale-en-us 1:102.2.2+build1-0ubuntu0.18.04.1 all
+thunderbird 1:102.4.2+build2-0ubuntu0.18.04.1 amd64
+thunderbird-gnome-support 1:102.4.2+build2-0ubuntu0.18.04.1 amd64
+thunderbird-locale-en 1:102.4.2+build2-0ubuntu0.18.04.1 amd64
+thunderbird-locale-en-us 1:102.4.2+build2-0ubuntu0.18.04.1 all
-tzdata 2022e-0ubuntu0.18.04.0 all
-ubuntu-advantage-tools 27.11.2~18.04.1 amd64
+tzdata 2022f-0ubuntu0.18.04.0 all
+ubuntu-advantage-tools 27.11.3~18.04.1 amd64

diff --git a/apt/apt.conf.d/20apt-esm-hook.conf b/apt/apt.conf.d/20apt-esm-hook.conf
index 0cc6823911bf822bc97ba08a3c237621ace9dfd7..07c3362945733181d6d90a5377d06236eb717f14 100644 (file)
--- a/apt/apt.conf.d/20apt-esm-hook.conf
+++ b/apt/apt.conf.d/20apt-esm-hook.conf
@@ -10,6 +10,6 @@ APT::Install::Pre-Invoke {
        "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true";
 };
 
-AptCli::Hooks::Upgrade {
+binary::apt::AptCli::Hooks::Upgrade {
        "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-json-hook ] || /usr/lib/ubuntu-advantage/apt-esm-json-hook || true";
 };

diff --git a/java-11-openjdk/jfr/default.jfc b/java-11-openjdk/jfr/default.jfc
index 1a1d420d73fd1006f66e485ea792b1e0470b2b62..0a2838d90dea62daedf8c014483f204a38957437 100644 (file)
--- a/java-11-openjdk/jfr/default.jfc
+++ b/java-11-openjdk/jfr/default.jfc
@@ -603,6 +603,11 @@
       <setting name="threshold" control="socket-io-threshold">20 ms</setting>
     </event>
 
+    <event name="jdk.Deserialization">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.SecurityPropertyModification">
        <setting name="enabled">false</setting>
        <setting name="stackTrace">true</setting>

diff --git a/java-11-openjdk/jfr/profile.jfc b/java-11-openjdk/jfr/profile.jfc
index edde79ce7c3c2b155afd00b114275bce55623480..140aeda7040bd20f7301e35aab8ade6cc9a6281a 100644 (file)
--- a/java-11-openjdk/jfr/profile.jfc
+++ b/java-11-openjdk/jfr/profile.jfc
@@ -603,6 +603,11 @@
       <setting name="threshold" control="socket-io-threshold">10 ms</setting>
     </event>
 
+    <event name="jdk.Deserialization">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.SecurityPropertyModification">
        <setting name="enabled">false</setting>
        <setting name="stackTrace">true</setting>

diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy
index 5db744ff17adb8d053bc1b50112a679ad17cbebd..41f5979da2bc0162f4226b220f5def8cbccb2888 100644 (file)
--- a/java-11-openjdk/security/default.policy
+++ b/java-11-openjdk/security/default.policy
@@ -78,6 +78,8 @@ grant codeBase "jrt:/java.sql.rowset" {
 
 
 grant codeBase "jrt:/java.xml.crypto" {
+    permission java.lang.RuntimePermission
+                   "getStackWalkerWithClassReference";
     permission java.lang.RuntimePermission
                    "accessClassInPackage.sun.security.util";
     permission java.util.PropertyPermission "*", "read";

diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security
index c3698ea62bbd7e4880b5d05e821bedcc30e8279c..541b981016c127a1db09de3804fec7405bc307e8 100644 (file)
--- a/java-11-openjdk/security/java.security
+++ b/java-11-openjdk/security/java.security
@@ -554,7 +554,7 @@ jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
 # can be included in the disabledAlgorithms properties.  These properties are
 # to help manage common actions easier across multiple disabledAlgorithm
 # properties.
-# There is one defined security property:  jdk.disabled.NamedCurves
+# There is one defined security property:  jdk.disabled.namedCurves
 # See the property for more specific details.
 #
 #
@@ -631,6 +631,7 @@ jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    SHA1 usage SignedJAR & denyAfter 2019-01-01, \
     include jdk.disabled.namedCurves
 
 #
@@ -695,7 +696,8 @@ jdk.security.legacyAlgorithms=SHA1, \
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-      DSA keySize < 1024, include jdk.disabled.namedCurves
+      DSA keySize < 1024, SHA1 denyAfter 2019-01-01, \
+      include jdk.disabled.namedCurves
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
@@ -1189,12 +1191,12 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep
 # The algorithm used to calculate the optional MacData at the end of a PKCS12
 # file. This can be any HmacPBE algorithm defined in the Mac section of the
 # Java Security Standard Algorithm Names Specification. When set to "NONE",
-# no Mac is generated. The default value is "HmacPBESHA1".
-#keystore.pkcs12.macAlgorithm = HmacPBESHA1
+# no Mac is generated. The default value is "HmacPBESHA256".
+#keystore.pkcs12.macAlgorithm = HmacPBESHA256
 
 # The iteration count used by the MacData algorithm. This value must be a
-# positive integer. The default value is 100000.
-#keystore.pkcs12.macIterationCount = 100000
+# positive integer. The default value is 10000.
+#keystore.pkcs12.macIterationCount = 10000
 
 #
 # Enhanced exception message information

diff --git a/java-17-openjdk/security/java.security b/java-17-openjdk/security/java.security
index cab50bb4098ec53fffcce3c79dbf91f3659c909d..0f251ed95b1691790a84c9e03dfd14d89f1a92cf 100644 (file)
--- a/java-17-openjdk/security/java.security
+++ b/java-17-openjdk/security/java.security
@@ -548,7 +548,7 @@ sun.security.krb5.maxReferrals=5
 # can be included in the disabledAlgorithms properties.  These properties are
 # to help manage common actions easier across multiple disabledAlgorithm
 # properties.
-# There is one defined security property:  jdk.disabled.NamedCurves
+# There is one defined security property:  jdk.disabled.namedCurves
 # See the property for more specific details.
 #
 #
@@ -624,7 +624,8 @@ sun.security.krb5.maxReferrals=5
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    SHA1 usage SignedJAR & denyAfter 2019-01-01
 
 #
 # Legacy algorithms for certification path (CertPath) processing and
@@ -688,7 +689,7 @@ jdk.security.legacyAlgorithms=SHA1, \
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-      DSA keySize < 1024
+      DSA keySize < 1024, SHA1 denyAfter 2019-01-01
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security

diff --git a/java-8-openjdk/security/java.policy b/java-8-openjdk/security/java.policy
index ce437f105ef7e0b0a26fd14a37eaa60efb3006b8..39a9b73be6fb1881c48755f0b881b86dcb8f9f40 100644 (file)
--- a/java-8-openjdk/security/java.policy
+++ b/java-8-openjdk/security/java.policy
@@ -86,6 +86,7 @@ grant {
         permission java.util.PropertyPermission "line.separator", "read";
 
         permission java.util.PropertyPermission "java.specification.version", "read";
+        permission java.util.PropertyPermission "java.specification.maintenance.version", "read";
         permission java.util.PropertyPermission "java.specification.vendor", "read";
         permission java.util.PropertyPermission "java.specification.name", "read";