From 63ad06f1c88bc5bbe9e360f0b27ab7c68f3720d4 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 15 May 2019 00:04:39 +0200 Subject: [PATCH] committing changes in /etc after apt run Package changes: -adobe-flashplugin 1:20190409.1-0ubuntu0.18.04.1 amd64 +adobe-flashplugin 1:20190514.1-0ubuntu0.18.04.1 amd64 -ctdb 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 +ctdb 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 -google-chrome-stable 74.0.3729.131-1 amd64 +google-chrome-stable 74.0.3729.157-1 amd64 -intel-microcode 3.20180807a.0ubuntu0.18.04.1 amd64 +intel-microcode 3.20190514.0ubuntu0.18.04.2 amd64 -libsmbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 +libsmbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 -libwbclient0 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 +libwbclient0 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 -linux-generic 4.15.0.48.50 amd64 +linux-generic 4.15.0.50.52 amd64 -linux-headers-generic 4.15.0.48.50 amd64 +linux-headers-4.15.0-50 4.15.0-50.54 all +linux-headers-4.15.0-50-generic 4.15.0-50.54 amd64 +linux-headers-generic 4.15.0.50.52 amd64 -linux-image-generic 4.15.0.48.50 amd64 +linux-image-4.15.0-50-generic 4.15.0-50.54 amd64 +linux-image-generic 4.15.0.50.52 amd64 -linux-libc-dev 4.15.0-48.51 amd64 +linux-libc-dev 4.15.0-50.54 amd64 +linux-modules-4.15.0-50-generic 4.15.0-50.54 amd64 +linux-modules-extra-4.15.0-50-generic 4.15.0-50.54 amd64 -openjdk-11-jre 11.0.2+9-3ubuntu1~18.04.3 amd64 -openjdk-11-jre-headless 11.0.2+9-3ubuntu1~18.04.3 amd64 -openjdk-8-jdk 8u191-b12-2ubuntu0.18.04.1 amd64 -openjdk-8-jdk-headless 8u191-b12-2ubuntu0.18.04.1 amd64 -openjdk-8-jre 8u191-b12-2ubuntu0.18.04.1 amd64 -openjdk-8-jre-headless 8u191-b12-2ubuntu0.18.04.1 amd64 +openjdk-11-jre 11.0.3+7-1ubuntu2~18.04.1 amd64 +openjdk-11-jre-headless 11.0.3+7-1ubuntu2~18.04.1 amd64 +openjdk-8-jdk 8u212-b03-0ubuntu1.18.04.1 amd64 +openjdk-8-jdk-headless 8u212-b03-0ubuntu1.18.04.1 amd64 +openjdk-8-jre 8u212-b03-0ubuntu1.18.04.1 amd64 +openjdk-8-jre-headless 8u212-b03-0ubuntu1.18.04.1 amd64 -python-samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 +python-samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 -python3-distupgrade 1:18.04.31 all +python3-distupgrade 1:18.04.32 all -qemu-block-extra 1:2.11+dfsg-1ubuntu7.12 amd64 -qemu-kvm 1:2.11+dfsg-1ubuntu7.12 amd64 -qemu-system-common 1:2.11+dfsg-1ubuntu7.12 amd64 -qemu-system-x86 1:2.11+dfsg-1ubuntu7.12 amd64 -qemu-utils 1:2.11+dfsg-1ubuntu7.12 amd64 +qemu-block-extra 1:2.11+dfsg-1ubuntu7.13 amd64 +qemu-kvm 1:2.11+dfsg-1ubuntu7.13 amd64 +qemu-system-common 1:2.11+dfsg-1ubuntu7.13 amd64 +qemu-system-x86 1:2.11+dfsg-1ubuntu7.13 amd64 +qemu-utils 1:2.11+dfsg-1ubuntu7.13 amd64 -samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 -samba-common 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 all -samba-common-bin 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 -samba-dsdb-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 -samba-libs 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 -samba-vfs-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 +samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 +samba-common 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 all +samba-common-bin 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 +samba-dsdb-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 +samba-libs 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 +samba-vfs-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 -smbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 +smbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 -ubuntu-release-upgrader-core 1:18.04.31 all +ubuntu-release-upgrader-core 1:18.04.32 all -winbind 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 amd64 +winbind 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 amd64 --- alternatives/clhsdb | 1 + alternatives/hsdb | 1 + apt/apt.conf.d/01autoremove-kernels | 52 ++++++++++++------------ chromium-browser/customizations/10-flash | 2 +- java-11-openjdk/jvm-amd64.cfg | 1 + java-11-openjdk/security/java.security | 31 ++++++++++++++ java-8-openjdk/calendars.properties | 4 +- java-8-openjdk/security/java.security | 32 ++++++++++++++- 8 files changed, 95 insertions(+), 29 deletions(-) create mode 120000 alternatives/clhsdb create mode 120000 alternatives/hsdb diff --git a/alternatives/clhsdb b/alternatives/clhsdb new file mode 120000 index 0000000..567a929 --- /dev/null +++ b/alternatives/clhsdb @@ -0,0 +1 @@ +/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/clhsdb \ No newline at end of file diff --git a/alternatives/hsdb b/alternatives/hsdb new file mode 120000 index 0000000..855fe86 --- /dev/null +++ b/alternatives/hsdb @@ -0,0 +1 @@ +/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/hsdb \ No newline at end of file diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index 9befd5d..e907472 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,65 +1,65 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-4\.15\.0-47-generic$"; "^linux-image-4\.15\.0-48-generic$"; - "^linux-headers-4\.15\.0-47-generic$"; + "^linux-image-4\.15\.0-50-generic$"; "^linux-headers-4\.15\.0-48-generic$"; - "^linux-image-extra-4\.15\.0-47-generic$"; + "^linux-headers-4\.15\.0-50-generic$"; "^linux-image-extra-4\.15\.0-48-generic$"; - "^linux-modules-4\.15\.0-47-generic$"; + "^linux-image-extra-4\.15\.0-50-generic$"; "^linux-modules-4\.15\.0-48-generic$"; - "^linux-modules-extra-4\.15\.0-47-generic$"; + "^linux-modules-4\.15\.0-50-generic$"; "^linux-modules-extra-4\.15\.0-48-generic$"; - "^linux-signed-image-4\.15\.0-47-generic$"; + "^linux-modules-extra-4\.15\.0-50-generic$"; "^linux-signed-image-4\.15\.0-48-generic$"; - "^kfreebsd-image-4\.15\.0-47-generic$"; + "^linux-signed-image-4\.15\.0-50-generic$"; "^kfreebsd-image-4\.15\.0-48-generic$"; - "^kfreebsd-headers-4\.15\.0-47-generic$"; + "^kfreebsd-image-4\.15\.0-50-generic$"; "^kfreebsd-headers-4\.15\.0-48-generic$"; - "^gnumach-image-4\.15\.0-47-generic$"; + "^kfreebsd-headers-4\.15\.0-50-generic$"; "^gnumach-image-4\.15\.0-48-generic$"; - "^.*-modules-4\.15\.0-47-generic$"; + "^gnumach-image-4\.15\.0-50-generic$"; "^.*-modules-4\.15\.0-48-generic$"; - "^.*-kernel-4\.15\.0-47-generic$"; + "^.*-modules-4\.15\.0-50-generic$"; "^.*-kernel-4\.15\.0-48-generic$"; - "^linux-backports-modules-.*-4\.15\.0-47-generic$"; + "^.*-kernel-4\.15\.0-50-generic$"; "^linux-backports-modules-.*-4\.15\.0-48-generic$"; - "^linux-modules-.*-4\.15\.0-47-generic$"; + "^linux-backports-modules-.*-4\.15\.0-50-generic$"; "^linux-modules-.*-4\.15\.0-48-generic$"; - "^linux-tools-4\.15\.0-47-generic$"; + "^linux-modules-.*-4\.15\.0-50-generic$"; "^linux-tools-4\.15\.0-48-generic$"; - "^linux-cloud-tools-4\.15\.0-47-generic$"; + "^linux-tools-4\.15\.0-50-generic$"; "^linux-cloud-tools-4\.15\.0-48-generic$"; + "^linux-cloud-tools-4\.15\.0-50-generic$"; }; /* Debug information: # dpkg list: ii linux-image-4.15.0-20-generic 4.15.0-20.21 amd64 Signed kernel image generic ii linux-image-4.15.0-24-generic 4.15.0-24.26 amd64 Signed kernel image generic -ii linux-image-4.15.0-46-generic 4.15.0-46.49 amd64 Signed kernel image generic ii linux-image-4.15.0-47-generic 4.15.0-47.50 amd64 Signed kernel image generic -iF linux-image-4.15.0-48-generic 4.15.0-48.51 amd64 Signed kernel image generic -ii linux-image-generic 4.15.0.48.50 amd64 Generic Linux kernel image +ii linux-image-4.15.0-48-generic 4.15.0-48.51 amd64 Signed kernel image generic +iF linux-image-4.15.0-50-generic 4.15.0-50.54 amd64 Signed kernel image generic +ii linux-image-generic 4.15.0.50.52 amd64 Generic Linux kernel image # list of installed kernel packages: 4.15.0-20-generic 4.15.0-20.21 4.15.0-24-generic 4.15.0-24.26 -4.15.0-46-generic 4.15.0-46.49 4.15.0-47-generic 4.15.0-47.50 4.15.0-48-generic 4.15.0-48.51 +4.15.0-50-generic 4.15.0-50.54 # list of different kernel versions: +4.15.0-50.54 4.15.0-48.51 4.15.0-47.50 -4.15.0-46.49 4.15.0-24.26 4.15.0-20.21 -# Installing kernel: 4.15.0-48.51 (4.15.0-48-generic) -# Running kernel: 4.15.0-47.50 (4.15.0-47-generic) -# Last kernel: 4.15.0-48.51 -# Previous kernel: 4.15.0-47.50 +# Installing kernel: 4.15.0-50.54 (4.15.0-50-generic) +# Running kernel: 4.15.0-48.51 (4.15.0-48-generic) +# Last kernel: 4.15.0-50.54 +# Previous kernel: 4.15.0-48.51 # Kernel versions list to keep: -4.15.0-47.50 4.15.0-48.51 +4.15.0-50.54 # Kernel packages (version part) to protect: -4\.15\.0-47-generic 4\.15\.0-48-generic +4\.15\.0-50-generic */ diff --git a/chromium-browser/customizations/10-flash b/chromium-browser/customizations/10-flash index 803df0e..5d81f3e 100644 --- a/chromium-browser/customizations/10-flash +++ b/chromium-browser/customizations/10-flash @@ -1,6 +1,6 @@ flashso="/usr/lib/adobe-flashplugin/libpepflashplayer.so" if test -f "$flashso"; then - CHROMIUM_FLAGS="$CHROMIUM_FLAGS --ppapi-flash-path=$flashso --ppapi-flash-version=32.0.0.171" + CHROMIUM_FLAGS="$CHROMIUM_FLAGS --ppapi-flash-path=$flashso --ppapi-flash-version=32.0.0.192" echo "Using PPAPI flash." else echo "PPAPI flash has config file in /etc, but library does not exist and won't be used. Package is uninstalled, not purged." diff --git a/java-11-openjdk/jvm-amd64.cfg b/java-11-openjdk/jvm-amd64.cfg index 76516d1..cf721fd 100644 --- a/java-11-openjdk/jvm-amd64.cfg +++ b/java-11-openjdk/jvm-amd64.cfg @@ -1,3 +1,4 @@ -server KNOWN -client IGNORE -zero KNOWN +-dcevm KNOWN diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security index f07aacf..c6a2c2e 100644 --- a/java-11-openjdk/security/java.security +++ b/java-11-openjdk/security/java.security @@ -1063,3 +1063,34 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep # the same name, with the same syntax and possible values. # #jdk.includeInExceptions=hostInfo + +# +# Policies for distrusting Certificate Authorities (CAs). +# +# This is a comma separated value of one or more case-sensitive strings, each +# of which represents a policy for determining if a CA should be distrusted. +# The supported values are: +# +# SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec +# root CA and issued after April 16, 2019 unless issued by one of the +# following subordinate CAs which have a later distrust date: +# 1. Apple IST CA 2 - G1, SHA-256 fingerprint: +# AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B +# Distrust after December 31, 2019. +# 2. Apple IST CA 8 - G1, SHA-256 fingerprint: +# A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED +# Distrust after December 31, 2019. +# +# Leading and trailing whitespace surrounding each value are ignored. +# Unknown values are ignored. If the property is commented out or set to the +# empty String, no policies are enforced. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be supported by other SE implementations. Also, this +# property does not override other security properties which can restrict +# certificates such as jdk.tls.disabledAlgorithms or +# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even +# if this property is not enabled. +# +jdk.security.caDistrustPolicies=SYMANTEC_TLS + diff --git a/java-8-openjdk/calendars.properties b/java-8-openjdk/calendars.properties index 49f68ac..6007d7a 100644 --- a/java-8-openjdk/calendars.properties +++ b/java-8-openjdk/calendars.properties @@ -29,12 +29,14 @@ # Taisho since 1912-07-30 00:00:00 local time (Gregorian) # Showa since 1926-12-25 00:00:00 local time (Gregorian) # Heisei since 1989-01-08 00:00:00 local time (Gregorian) +# Reiwa since 2019-05-01 00:00:00 local time (Gregorian) calendar.japanese.type: LocalGregorianCalendar calendar.japanese.eras: \ name=Meiji,abbr=M,since=-3218832000000; \ name=Taisho,abbr=T,since=-1812153600000; \ name=Showa,abbr=S,since=-1357603200000; \ - name=Heisei,abbr=H,since=600220800000 + name=Heisei,abbr=H,since=600220800000; \ + name=Reiwa,abbr=R,since=1556668800000 # # Taiwanese calendar diff --git a/java-8-openjdk/security/java.security b/java-8-openjdk/security/java.security index 8ca0288..718f819 100644 --- a/java-8-openjdk/security/java.security +++ b/java-8-openjdk/security/java.security @@ -621,7 +621,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC + EC keySize < 224, 3DES_EDE_CBC, anon, NULL # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -982,3 +982,33 @@ jdk.xml.dsig.secureValidationPolicy=\ # and javax.crypto.spec.SecretKeySpec and rejects all the others. jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* + +# +# Policies for distrusting Certificate Authorities (CAs). +# +# This is a comma separated value of one or more case-sensitive strings, each +# of which represents a policy for determining if a CA should be distrusted. +# The supported values are: +# +# +# SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec +# root CA and issued after April 16, 2019 unless issued by one of the +# following subordinate CAs which have a later distrust date: +# 1. Apple IST CA 2 - G1, SHA-256 fingerprint: +# AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B +# Distrust after December 31, 2019. +# 2. Apple IST CA 8 - G1, SHA-256 fingerprint: +# A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED +# Distrust after December 31, 2019. +# Leading and trailing whitespace surrounding each value are ignored. +# Unknown values are ignored. If the property is commented out or set to the +# empty String, no policies are enforced. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be supported by other SE implementations. Also, this +# property does not override other security properties which can restrict +# certificates such as jdk.tls.disabledAlgorithms or +# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even +# if this property is not enabled. +# +jdk.security.caDistrustPolicies=SYMANTEC_TLS -- 2.39.5