From 1e59fc883c42ae26ed0c94a487da57a8da762386 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 16 Apr 2019 23:43:53 +0200 Subject: [PATCH] committing changes in /etc after apt run Package changes: -apache2 2.4.25-3+deb9u6 amd64 -apache2-bin 2.4.25-3+deb9u6 amd64 -apache2-data 2.4.25-3+deb9u6 all -apache2-utils 2.4.25-3+deb9u6 amd64 +apache2 2.4.25-3+deb9u7 amd64 +apache2-bin 2.4.25-3+deb9u7 amd64 +apache2-data 2.4.25-3+deb9u7 all +apache2-utils 2.4.25-3+deb9u7 amd64 -certbot 0.28.0-1~deb9u1 all +certbot 0.28.0-1~deb9u2 all -icinga2 2.10.3-1.stretch amd64 -icinga2-bin 2.10.3-1.stretch amd64 -icinga2-common 2.10.3-1.stretch all -icinga2-ido-pgsql 2.10.3-1.stretch amd64 +icinga2 2.10.4-1.stretch amd64 +icinga2-bin 2.10.4-1.stretch amd64 +icinga2-common 2.10.4-1.stretch all +icinga2-ido-pgsql 2.10.4-1.stretch amd64 -libpam-systemd 232-25+deb9u9 amd64 +libpam-systemd 232-25+deb9u11 amd64 -libruby2.3 2.3.3-1+deb9u4 amd64 +libruby2.3 2.3.3-1+deb9u6 amd64 -libsmbclient 2:4.5.16+dfsg-1 amd64 +libsmbclient 2:4.5.16+dfsg-1+deb9u1 amd64 -libssh2-1 1.7.0-1 amd64 +libssh2-1 1.7.0-1+deb9u1 amd64 -libsystemd0 232-25+deb9u9 amd64 +libsystemd0 232-25+deb9u11 amd64 -libudev1 232-25+deb9u9 amd64 +libudev1 232-25+deb9u11 amd64 -libwbclient0 2:4.5.16+dfsg-1 amd64 +libwbclient0 2:4.5.16+dfsg-1+deb9u1 amd64 -openjdk-8-jre-headless 8u181-b13-2~deb9u1 amd64 +openjdk-8-jre-headless 8u212-b01-1~deb9u1 amd64 -python3-certbot 0.28.0-1~deb9u1 all +python3-certbot 0.28.0-1~deb9u2 all -ruby2.3 2.3.3-1+deb9u4 amd64 +ruby2.3 2.3.3-1+deb9u6 amd64 -samba-libs 2:4.5.16+dfsg-1 amd64 +samba-libs 2:4.5.16+dfsg-1+deb9u1 amd64 -systemd 232-25+deb9u9 amd64 +systemd 232-25+deb9u11 amd64 -systemd-sysv 232-25+deb9u9 amd64 +systemd-sysv 232-25+deb9u11 amd64 -tzdata 2018i-0+deb9u1 all +tzdata 2019a-0+deb9u1 all -udev 232-25+deb9u9 amd64 +udev 232-25+deb9u11 amd64 -vim-icinga2 2.10.3-1.stretch all +vim-icinga2 2.10.4-1.stretch all -wget 1.18-5+deb9u2 amd64 +wget 1.18-5+deb9u3 amd64 --- alternatives/clhsdb | 1 + alternatives/hsdb | 1 + java-8-openjdk/calendars.properties | 4 +++- java-8-openjdk/net.properties | 28 ++++++++++++++++++---- java-8-openjdk/security/java.security | 34 +++++++++++++++++++++++++-- 5 files changed, 61 insertions(+), 7 deletions(-) create mode 120000 alternatives/clhsdb create mode 120000 alternatives/hsdb diff --git a/alternatives/clhsdb b/alternatives/clhsdb new file mode 120000 index 0000000..567a929 --- /dev/null +++ b/alternatives/clhsdb @@ -0,0 +1 @@ +/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/clhsdb \ No newline at end of file diff --git a/alternatives/hsdb b/alternatives/hsdb new file mode 120000 index 0000000..855fe86 --- /dev/null +++ b/alternatives/hsdb @@ -0,0 +1 @@ +/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/hsdb \ No newline at end of file diff --git a/java-8-openjdk/calendars.properties b/java-8-openjdk/calendars.properties index 49f68ac..8ffee4c 100644 --- a/java-8-openjdk/calendars.properties +++ b/java-8-openjdk/calendars.properties @@ -29,12 +29,14 @@ # Taisho since 1912-07-30 00:00:00 local time (Gregorian) # Showa since 1926-12-25 00:00:00 local time (Gregorian) # Heisei since 1989-01-08 00:00:00 local time (Gregorian) +# NewEra since 2019-05-01 00:00:00 local time (Gregorian) calendar.japanese.type: LocalGregorianCalendar calendar.japanese.eras: \ name=Meiji,abbr=M,since=-3218832000000; \ name=Taisho,abbr=T,since=-1812153600000; \ name=Showa,abbr=S,since=-1357603200000; \ - name=Heisei,abbr=H,since=600220800000 + name=Heisei,abbr=H,since=600220800000; \ + name=NewEra,abbr=N,since=1556668800000 # # Taiwanese calendar diff --git a/java-8-openjdk/net.properties b/java-8-openjdk/net.properties index b490e17..a541eef 100644 --- a/java-8-openjdk/net.properties +++ b/java-8-openjdk/net.properties @@ -1,5 +1,5 @@ ############################################################ -# Default Networking Configuration File +# Default Networking Configuration File # # This file may contain default values for the networking system properties. # These values are only used when the system properties are not specified @@ -14,7 +14,7 @@ # Note that the system properties that do explicitely set proxies # (like http.proxyHost) do take precedence over the system settings # even if java.net.useSystemProxies is set to true. - + java.net.useSystemProxies=false #------------------------------------------------------------------------ @@ -66,8 +66,8 @@ ftp.nonProxyHosts=localhost|127.*|[::1] # socksProxyPort=1080 # # HTTP Keep Alive settings. remainingData is the maximum amount of data -# in kilobytes that will be cleaned off the underlying socket so that it -# can be reused (default value is 512K), queuedConnections is the maximum +# in kilobytes that will be cleaned off the underlying socket so that it +# can be reused (default value is 512K), queuedConnections is the maximum # number of Keep Alive connections to be on the queue for clean up (default # value is 10). # http.KeepAlive.remainingData=512 @@ -99,3 +99,23 @@ ftp.nonProxyHosts=localhost|127.*|[::1] #jdk.http.auth.proxying.disabledSchemes= jdk.http.auth.tunneling.disabledSchemes=Basic +# +# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication +# can be used for the NTLM scheme, where the security credentials based on the +# currently logged in user's name and password can be obtained directly from the +# operating system, without prompting the user. This property has three possible +# values which regulate the behavior as shown below. Other unrecognized values +# are handled the same as 'disabled'. Note, that NTLM is not considered to be a +# strongly secure authentication scheme and care should be taken before enabling +# this mechanism. +# +# Transparent authentication never used. +#jdk.http.ntlm.transparentAuth=disabled +# +# Enabled for all hosts. +#jdk.http.ntlm.transparentAuth=allHosts +# +# Enabled for hosts that are trusted in Windows Internet settings +#jdk.http.ntlm.transparentAuth=trustedHosts +# +jdk.http.ntlm.transparentAuth=disabled diff --git a/java-8-openjdk/security/java.security b/java-8-openjdk/security/java.security index 1e62d67..718f819 100644 --- a/java-8-openjdk/security/java.security +++ b/java-8-openjdk/security/java.security @@ -620,8 +620,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC +jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ + EC keySize < 224, 3DES_EDE_CBC, anon, NULL # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -982,3 +982,33 @@ jdk.xml.dsig.secureValidationPolicy=\ # and javax.crypto.spec.SecretKeySpec and rejects all the others. jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* + +# +# Policies for distrusting Certificate Authorities (CAs). +# +# This is a comma separated value of one or more case-sensitive strings, each +# of which represents a policy for determining if a CA should be distrusted. +# The supported values are: +# +# +# SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec +# root CA and issued after April 16, 2019 unless issued by one of the +# following subordinate CAs which have a later distrust date: +# 1. Apple IST CA 2 - G1, SHA-256 fingerprint: +# AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B +# Distrust after December 31, 2019. +# 2. Apple IST CA 8 - G1, SHA-256 fingerprint: +# A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED +# Distrust after December 31, 2019. +# Leading and trailing whitespace surrounding each value are ignored. +# Unknown values are ignored. If the property is commented out or set to the +# empty String, no policies are enforced. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be supported by other SE implementations. Also, this +# property does not override other security properties which can restrict +# certificates such as jdk.tls.disabledAlgorithms or +# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even +# if this property is not enabled. +# +jdk.security.caDistrustPolicies=SYMANTEC_TLS -- 2.39.5