From: mhoellein <mhoellein@freenet.de>
Date: Fri, 24 Jul 2020 13:36:22 +0000 (+0200)
Subject: committing changes in /etc after apt run
X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=882d329f630fd740ebf9363e0abe0cbc21e8ef33;p=homeserver

committing changes in /etc after apt run

Package changes:
-code-brand 4.2-25 all
+code-brand 4.2-26 all
-collaboraoffice6.2 6.2.10.18-18 amd64
-collaboraoffice6.2-ure 6.2.10.18-18 amd64
+collaboraoffice6.2 6.2.10.20-20 amd64
+collaboraoffice6.2-ure 6.2.10.20-20 amd64
-collaboraofficebasis6.2-calc 6.2.10.18-18 amd64
-collaboraofficebasis6.2-core 6.2.10.18-18 amd64
-collaboraofficebasis6.2-draw 6.2.10.18-18 amd64
-collaboraofficebasis6.2-en-us 6.2.10.18-18 amd64
-collaboraofficebasis6.2-extension-pdf-import 6.2.10.18-18 amd64
-collaboraofficebasis6.2-graphicfilter 6.2.10.18-18 amd64
-collaboraofficebasis6.2-images 6.2.10.18-18 amd64
-collaboraofficebasis6.2-impress 6.2.10.18-18 amd64
-collaboraofficebasis6.2-ooofonts 6.2.10.18-18 amd64
-collaboraofficebasis6.2-ooolinguistic 6.2.10.18-18 amd64
-collaboraofficebasis6.2-writer 6.2.10.18-18 amd64
+collaboraofficebasis6.2-calc 6.2.10.20-20 amd64
+collaboraofficebasis6.2-core 6.2.10.20-20 amd64
+collaboraofficebasis6.2-draw 6.2.10.20-20 amd64
+collaboraofficebasis6.2-en-us 6.2.10.20-20 amd64
+collaboraofficebasis6.2-extension-pdf-import 6.2.10.20-20 amd64
+collaboraofficebasis6.2-graphicfilter 6.2.10.20-20 amd64
+collaboraofficebasis6.2-images 6.2.10.20-20 amd64
+collaboraofficebasis6.2-impress 6.2.10.20-20 amd64
+collaboraofficebasis6.2-ooofonts 6.2.10.20-20 amd64
+collaboraofficebasis6.2-ooolinguistic 6.2.10.20-20 amd64
+collaboraofficebasis6.2-writer 6.2.10.20-20 amd64
-libseccomp2 2.4.3-1ubuntu3.18.04.2 amd64
+libseccomp2 2.4.3-1ubuntu3.18.04.3 amd64
-libvncclient1 0.9.11+dfsg-1ubuntu1.2 amd64
+libvncclient1 0.9.11+dfsg-1ubuntu1.3 amd64
-libvncserver1 0.9.11+dfsg-1ubuntu1.2 amd64
+libvncserver1 0.9.11+dfsg-1ubuntu1.3 amd64
-loolwsd 4.2.5-4 amd64
+loolwsd 4.2.5-6 amd64
-openjdk-11-jre 11.0.7+10-2ubuntu2~18.04 amd64
-openjdk-11-jre-headless 11.0.7+10-2ubuntu2~18.04 amd64
+openjdk-11-jre 11.0.8+10-0ubuntu1~18.04.1 amd64
+openjdk-11-jre-headless 11.0.8+10-0ubuntu1~18.04.1 amd64
---

diff --git a/java-11-openjdk/security/default.policy b/java-11-openjdk/security/default.policy
index 2c11f466..694e403d 100644
--- a/java-11-openjdk/security/default.policy
+++ b/java-11-openjdk/security/default.policy
@@ -162,10 +162,14 @@ grant codeBase "jrt:/jdk.internal.vm.compiler" {
 };
 
 grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
-    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.vm.compiler.collections";
     permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
-    permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi";
-    permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.core.common";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.debug";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.options";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.phases.common.jmx";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.serviceprovider";
 };
 
 grant codeBase "jrt:/jdk.jsobject" {
diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security
index e922ef3e..788ee843 100644
--- a/java-11-openjdk/security/java.security
+++ b/java-11-openjdk/security/java.security
@@ -1195,3 +1195,15 @@ jdk.io.permissionsUseCanonicalPath=false
 #
 #jdk.security.krb5.default.initiate.credential=always-impersonate
 
+#
+# Trust Anchor Certificates - CA Basic Constraint check
+#
+# X.509 v3 certificates used as Trust Anchors (to validate signed code or TLS
+# connections) must have the cA Basic Constraint field set to 'true'. Also, if
+# they include a Key Usage extension, the keyCertSign bit must be set. These
+# checks, enabled by default, can be disabled for backward-compatibility
+# purposes with the jdk.security.allowNonCaAnchor System and Security
+# properties. In the case that both properties are simultaneously set, the
+# System value prevails. The default value of the property is "false".
+#
+#jdk.security.allowNonCaAnchor=true