From 290c6c366be513e8356dab34a8d804d876d40158 Mon Sep 17 00:00:00 2001
From: root <root@localhost>
Date: Thu, 30 Jan 2020 08:20:06 +0100
Subject: [PATCH] committing changes in /etc made by "/usr/bin/python3
 /usr/bin/unattended-upgrade"

Package changes:
-openjdk-11-jre 11.0.5+10-0ubuntu1.1 amd64
-openjdk-11-jre-headless 11.0.5+10-0ubuntu1.1 amd64
+openjdk-11-jre 11.0.6+10-1ubuntu1~19.10.1 amd64
+openjdk-11-jre-headless 11.0.6+10-1ubuntu1~19.10.1 amd64
---
 alternatives/jfr                       |  1 +
 java-11-openjdk/jfr/default.jfc        | 46 ++++++++++++++++++++----
 java-11-openjdk/jfr/profile.jfc        | 48 ++++++++++++++++++++++----
 java-11-openjdk/security/java.security | 39 +++++++++++++++++++--
 4 files changed, 119 insertions(+), 15 deletions(-)
 create mode 120000 alternatives/jfr

diff --git a/alternatives/jfr b/alternatives/jfr
new file mode 120000
index 0000000..d5fda24
--- /dev/null
+++ b/alternatives/jfr
@@ -0,0 +1 @@
+/usr/lib/jvm/java-11-openjdk-amd64/bin/jfr
\ No newline at end of file
diff --git a/java-11-openjdk/jfr/default.jfc b/java-11-openjdk/jfr/default.jfc
index 04e02e9..d55eeea 100644
--- a/java-11-openjdk/jfr/default.jfc
+++ b/java-11-openjdk/jfr/default.jfc
@@ -115,12 +115,12 @@
 
     <event name="jdk.ExecutionSample">
       <setting name="enabled" control="method-sampling-enabled">true</setting>
-      <setting name="period" control="method-sampling-interval">20 ms</setting>
+      <setting name="period" control="method-sampling-java-interval">20 ms</setting>
     </event>
 
     <event name="jdk.NativeMethodSample">
       <setting name="enabled" control="method-sampling-enabled">true</setting>
-      <setting name="period" control="method-sampling-interval">20 ms</setting>
+      <setting name="period" control="method-sampling-native-interval">20 ms</setting>
     </event>
 
     <event name="jdk.SafepointBegin">
@@ -488,6 +488,11 @@
       <setting name="period">beginChunk</setting>
     </event>
 
+    <event name="jdk.VirtualizationInformation">
+     <setting name="enabled">true</setting>
+     <setting name="period">beginChunk</setting>
+    </event>
+
     <event name="jdk.CPUInformation">
       <setting name="enabled">true</setting>
       <setting name="period">beginChunk</setting>
@@ -773,13 +778,42 @@
       </condition>
 
       <selection name="method-sampling-interval" default="normal" label="Method Sampling">
-        <option label="Off" name="off">999 d</option>
-        <option label="Normal" name="normal">20 ms</option>
-        <option label="Maximum" name="maximum">10 ms</option>
+        <option label="Off" name="off">off</option>
+        <option label="Normal" name="normal">normal</option>
+        <option label="High" name="high">high</option>
+        <option label="Ludicrous (High Overhead)" name="ludicrous">ludicrous</option>
       </selection>
+      
+      <condition name="method-sampling-java-interval" true="999 d">
+        <test name="method-sampling-interval" operator="equal" value="off"/>
+      </condition>
+
+      <condition name="method-sampling-java-interval" true="20 ms">
+        <test name="method-sampling-interval" operator="equal" value="normal"/>
+      </condition>
+
+      <condition name="method-sampling-java-interval" true="10 ms">
+        <test name="method-sampling-interval" operator="equal" value="high"/>
+      </condition>
+
+      <condition name="method-sampling-java-interval" true="1 ms">
+        <test name="method-sampling-interval" operator="equal" value="ludicrous"/>
+      </condition>
+      
+      <condition name="method-sampling-native-interval" true="999 d">
+        <test name="method-sampling-interval" operator="equal" value="off"/>
+      </condition>
+
+      <condition name="method-sampling-native-interval" true="20 ms">
+        <or>
+          <test name="method-sampling-interval" operator="equal" value="normal"/>
+          <test name="method-sampling-interval" operator="equal" value="high"/>
+          <test name="method-sampling-interval" operator="equal" value="ludicrous"/>
+        </or>
+      </condition>  
 
       <condition name="method-sampling-enabled" true="false" false="true">
-        <test name="method-sampling-interval" operator="equal" value="999 d"/>
+        <test name="method-sampling-interval" operator="equal" value="off"/>
       </condition>
 
       <selection name="thread-dump-interval" default="normal" label="Thread Dump">
diff --git a/java-11-openjdk/jfr/profile.jfc b/java-11-openjdk/jfr/profile.jfc
index fec835f..9023cd0 100644
--- a/java-11-openjdk/jfr/profile.jfc
+++ b/java-11-openjdk/jfr/profile.jfc
@@ -115,12 +115,12 @@
 
     <event name="jdk.ExecutionSample">
       <setting name="enabled" control="method-sampling-enabled">true</setting>
-      <setting name="period" control="method-sampling-interval">10 ms</setting>
+      <setting name="period" control="method-sampling-java-interval">10 ms</setting>
     </event>
 
     <event name="jdk.NativeMethodSample">
       <setting name="enabled" control="method-sampling-enabled">true</setting>
-      <setting name="period" control="method-sampling-interval">10 ms</setting>
+      <setting name="period" control="method-sampling-native-interval">20 ms</setting>
     </event>
 
     <event name="jdk.SafepointBegin">
@@ -488,6 +488,11 @@
       <setting name="period">beginChunk</setting>
     </event>
 
+    <event name="jdk.VirtualizationInformation">
+     <setting name="enabled">true</setting>
+     <setting name="period">beginChunk</setting>
+    </event>
+
     <event name="jdk.CPUInformation">
       <setting name="enabled">true</setting>
       <setting name="period">beginChunk</setting>
@@ -773,14 +778,43 @@
         <test name="compiler-level" operator="equal" value="all"/>
       </condition>
 
-      <selection name="method-sampling-interval" default="maximum" label="Method Sampling">
-        <option label="Off" name="off">999 d</option>
-        <option label="Normal" name="normal">20 ms</option>
-        <option label="Maximum" name="maximum">10 ms</option>
+      <selection name="method-sampling-interval" default="normal" label="Method Sampling">
+        <option label="Off" name="off">off</option>
+        <option label="Normal" name="normal">normal</option>
+        <option label="High" name="high">high</option>
+        <option label="Ludicrous (High Overhead)" name="ludicrous">ludicrous</option>
       </selection>
+      
+      <condition name="method-sampling-java-interval" true="999 d">
+        <test name="method-sampling-interval" operator="equal" value="off"/>
+      </condition>
+
+      <condition name="method-sampling-java-interval" true="20 ms">
+        <test name="method-sampling-interval" operator="equal" value="normal"/>
+      </condition>
 
+      <condition name="method-sampling-java-interval" true="10 ms">
+        <test name="method-sampling-interval" operator="equal" value="high"/>
+      </condition>
+
+      <condition name="method-sampling-java-interval" true="1 ms">
+        <test name="method-sampling-interval" operator="equal" value="ludicrous"/>
+      </condition>
+      
+      <condition name="method-sampling-native-interval" true="999 d">
+        <test name="method-sampling-interval" operator="equal" value="off"/>
+      </condition>
+
+      <condition name="method-sampling-native-interval" true="20 ms">
+        <or>
+          <test name="method-sampling-interval" operator="equal" value="normal"/>
+          <test name="method-sampling-interval" operator="equal" value="high"/>
+          <test name="method-sampling-interval" operator="equal" value="ludicrous"/>
+        </or>
+      </condition>    
+      
       <condition name="method-sampling-enabled" true="false" false="true">
-        <test name="method-sampling-interval" operator="equal" value="999 d"/>
+        <test name="method-sampling-interval" operator="equal" value="off"/>
       </condition>
 
       <selection name="thread-dump-interval" default="everyMinute" label="Thread Dump">
diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security
index 0c87fe1..e922ef3 100644
--- a/java-11-openjdk/security/java.security
+++ b/java-11-openjdk/security/java.security
@@ -452,6 +452,31 @@ networkaddress.cache.negative.ttl=10
 #
 krb5.kdc.bad.policy = tryLast
 
+#
+# Kerberos cross-realm referrals (RFC 6806)
+#
+# OpenJDK's Kerberos client supports cross-realm referrals as defined in
+# RFC 6806. This allows to setup more dynamic environments in which clients
+# do not need to know in advance how to reach the realm of a target principal
+# (either a user or service).
+#
+# When a client issues an AS or a TGS request, the "canonicalize" option
+# is set to announce support of this feature. A KDC server may fulfill the
+# request or reply referring the client to a different one. If referred,
+# the client will issue a new request and the cycle repeats.
+#
+# In addition to referrals, the "canonicalize" option allows the KDC server
+# to change the client name in response to an AS request. For security reasons,
+# RFC 6806 (section 11) FAST scheme is enforced.
+#
+# Disable Kerberos cross-realm referrals. Value may be overwritten with a
+# System property (-Dsun.security.krb5.disableReferrals).
+sun.security.krb5.disableReferrals=false
+
+# Maximum number of AS or TGS referrals to avoid infinite loops. Value may
+# be overwritten with a System property (-Dsun.security.krb5.maxReferrals).
+sun.security.krb5.maxReferrals=5
+
 #
 # Algorithm restrictions for certification path (CertPath) processing
 #
@@ -907,8 +932,8 @@ jdk.xml.dsig.secureValidationPolicy=\
 # Patterns are separated by ";" (semicolon).
 # Whitespace is significant and is considered part of the pattern.
 #
-# If the system property jdk.serialFilter is also specified, it supersedes
-# the security property value defined here.
+# If the system property jdk.serialFilter is also specified on the command
+# line, it supersedes the security property value defined here.
 #
 # If a pattern includes a "=", it sets a limit.
 # If a limit appears more than once the last value is used.
@@ -1021,6 +1046,16 @@ jdk.xml.dsig.secureValidationPolicy=\
 #
 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name
 
+# The iteration count used for password-based encryption (PBE) in JCEKS
+# keystores. Values in the range 10000 to 5000000 are considered valid.
+# If the value is out of this range, or is not a number, or is unspecified;
+# a default of 200000 is used.
+#
+# If the system property jdk.jceks.iterationCount is also specified, it
+# supersedes the security property value defined here.
+#
+#jdk.jceks.iterationCount = 200000
+
 #
 # JCEKS Encrypted Key Serial Filter
 #
-- 
2.43.0