- Update to aarch64-shenandoah-jdk8u191-b12.

- update 1.8.0.191
  https://www.oracle.com/technetwork/java/javase/8u191-relnotes-5032181.html

- security issues
  https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  . CVE-2018-3183  JRockit        Remote 9.0
  . CVE-2018-3209  JavaFX         Remote 8.3
  . CVE-2018-3169  Hotspot        Remote 8.3
  . CVE-2018-3149  JNDI           Remote 8.3
  . CVE-2018-3211  Serviceability No     6.6
  . CVE-2018-3180  JSSE           Remote 5.6
  . CVE-2018-3214  Sound          Remote 5.3
  . CVE-2018-13785 Deployment (libpng) Remote 3.7
  . CVE-2018-3136  Security       Remote 3.4
  . CVE-2018-3139  Networking     Remote 3.1

- security issues
  . CVE-2018-2938 	Java DB
  . CVE-2018-2964 	Deployment
  . CVE-2018-2941 	JavaFX
  . CVE-2018-2942 	Windows DLL
  . CVE-2018-2972 	Security
  . CVE-2018-2973 	JSSE SSL/TLS
  . CVE-2018-2940 	Libraries
  . CVE-2018-2952 	Concurrency

- added and applied 1566890_embargoed20180521.patch
- Resolves: rhbz#1578555
- security issues
  . CVE-2018-3639 hw: cpu: speculative store bypass

- security issues
  . CVE-2018-2814 Hotspot
  . CVE-2018-2811 Install (Local)
  . CVE-2018-2794 Security (Local)
  . CVE-2018-2783 Security
  . CVE-2018-2798 AWT
  . CVE-2018-2796 Concurrency
  . CVE-2018-2799 JAXP
  . CVE-2018-2797 JMX
  . CVE-2018-2795 Security
  . CVE-2018-2815 Serialization
  . CVE-2018-2800 RMI
  . CVE-2018-2790 Security

- Update to b14 with updated Zero fix for 8174962 (S8194828)
- Resolves: rhbz#1528233

- Backport "8180048: Interned string and symbol table leak memory during parallel unlinking" (gnu_andrew)
- Resolves: rhbz#1515212

- security issues
  CVE-2017-10346 Hotspot component. Enabled remote attack without auth
  CVE-2017-10285 RMI component. Enabled remote attack without auth
  CVE-2017-10388 Libraries component(Kerberos). Enabled remote attack without auth
  CVE-2017-10309 Deployment component. Enabled remote attack without auth
  CVE-2017-10274 Smart Card IO component. Enabled remote attack without auth
  CVE-2017-10356 Security component. No
  CVE-2017-10293 Javadoc component(HTTP). Enabled remote attack without auth
  CVE-2017-10350 JAX-WS component. Enabled remote attack without auth
  CVE-2017-10349 JAXP component. Enabled remote attack without auth
  CVE-2017-10348 Libraries component. Enabled remote attack without auth
  CVE-2017-10357 Serialization component. Enabled remote attack without auth
  CVE-2016-9841 Util (zlib) component. Enabled remote attack without auth
  CVE-2016-10165 2D (Little CMS 2) component. Enabled remote attack without auth
  CVE-2017-10355 Networking component. Enabled remote attack without auth
  CVE-2017-10281 Serialization component. Enabled remote attack without auth
  CVE-2017-10347 Serialization component. Enabled remote attack without auth
  CVE-2017-10295 Networking component(HTTP). Enabled remote attack without auth
  CVE-2017-10345 Serialization component. Enabled remote attack without auth

- Update to aarch64-jdk8u144-b01 and aarch64-shenandoah-jdk8u144-b01.
- Exclude 8175887 from Shenandoah builds as it has been included in that repo.
- Resolves: rhbz#1481947

- Update to aarch64-jdk8u141-b16 and aarch64-shenandoah-jdk8u141-b16.
- Revert change to remove-intree-libraries.sh following backout of 8173207
- Resolves: rhbz#1466509

- update 1.8.0-141.b16
- security fix
  . CVE-2017-10053
  . CVE-2017-10067
  . CVE-2017-10074
  . CVE-2017-10078
  . CVE-2017-10081
  . CVE-2017-10087
  . CVE-2017-10089
  . CVE-2017-10090
  . CVE-2017-10096
  . CVE-2017-10101
  . CVE-2017-10102
  . CVE-2017-10107
  . CVE-2017-10108
  . CVE-2017-10109
  . CVE-2017-10110
  . CVE-2017-10111
  . CVE-2017-10115
  . CVE-2017-10116
  . CVE-2017-10135
  . CVE-2017-10193
  . CVE-2017-10198

- Update to aarch64-jdk8u131-b12 and aarch64-shenandoah-jdk8u131-b12 for AArch64 8168699 fix
- Resolves: rhbz#1449258

- update 1.8.0-131.b11
- security fix
  . CVE-2017-3509
  . CVE-2017-3511
  . CVE-2017-3526
  . CVE-2017-3533
  . CVE-2017-3539
  . CVE-2017-3544

- update 1.8.0-121.b13
- security fix
  . CVE-2016-5546
    It was discovered that the Libraries component of OpenJDK accepted ECSDA
    signatures using non-canonical DER encoding. This could cause a Java application
    to accept signature in an incorrect format not accepted by other cryptographic
    tools.
  . CVE-2016-5547
    It was discovered that the Libraries component of OpenJDK did not validate the
    length of the object identifier read from the DER input before allocating memory
    to store the OID. An attacker able to make a Java application decode a specially
    crafted DER input could cause the application to consume an excessive amount of
    memory.
  . CVE-2016-5548
    A covert timing channel flaw was found in the DSA implementation in the
    Libraries component of OpenJDK. A remote attacker could possibly use this flaw
    to extract certain information about the used key via a timing side channel.
  . CVE-2016-5552
    It was discovered that the Networking component of OpenJDK failed to properly
    parse user info from the URL. A remote attacker could cause a Java application
    to incorrectly parse an attacker supplied URL and interpret it differently from
    other applications processing the same URL.
  . CVE-2017-3231, CVE-2017-3261
    Multiple flaws were found in the Networking components in OpenJDK. An
    untrusted Java application or applet could use these flaws to bypass certain
    Java sandbox restrictions.
  . CVE-2017-3241
    It was discovered that the RMI registry and DCG implementations in the RMI
    component of OpenJDK performed deserialization of untrusted inputs. A remote
    attacker could possibly use this flaw to execute arbitrary code with the
    privileges of RMI registry or a Java RMI application.
  . CVE-2017-3252
    It was discovered that the JAAS component of OpenJDK did not use the correct
    way to extract user DN from the result of the user search LDAP query. A
    specially crafted user LDAP entry could cause the application to use an
    incorrect DN.
  . CVE-2017-3253
    It was discovered that the 2D component of OpenJDK performed parsing of iTXt
    and zTXt PNG image chunks even when configured to ignore metadata. An attacker
    able to make a Java application parse a specially crafted PNG image could cause
    the application to consume an excessive amount of memory.
  . CVE-2017-3272, CVE-2017-3289
    Multiple flaws were discovered in the Libraries and Hotspot components in
    OpenJDK. An untrusted Java application or applet could use these flaws to
    completely bypass Java sandbox restrictions.
  . CVE-2016-2183
    A flaw was found in the way the DES/3DES cipher was used as part of the
    TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover
    some plaintext data by capturing large amounts of encrypted traffic between
    TLS/SSL server and client if the communication used a DES/3DES based
    ciphersuite.

- update 1.8.0.111-2.b15 with RHEL 7.3

- update 1.8.0-111.b15
- Keep debug architecture set the same on RHEL 7.2
- Resolves: rhbz#1381990
- Bump release for rebuild.
- Resolves: rhbz#1381990
- Turn debug builds on for all JIT architectures. Always AssumeMP on RHEL.
- Resolves: rhbz#1381990
- Update to aarch64-jdk8u111-b15, with AArch64 fix for S8160591.
- Swap java.security md5sum for 7.2.z version with ECC patch.
- Resolves: rhbz#1381990
- Update to aarch64-jdk8u111-b14.
- Add latest md5sum for java.security file due to jar signing property addition.
- Drop S8157306 and the CORBA typo fix, both of which appear upstream in u111.
- Add LCMS 2 patch to fix Red Hat security issue RH1367357 in the local OpenJDK copy.
- Resolves: rhbz#1381990
- declared check_sum_presented_in_spec and used in prep and check
- it is checking that latest packed java.security is mentioned in listing
- Resolves: rhbz#1368440
- New variable, @prefix@, needs to be substituted in tapsets (rhbz1371005)
- Resolves: rhbz#1368440
- Update to aarch64-jdk8u102-b14.
- Drop 8140620, 8148752 and 6961123, all of which appear upstream in u102.
- Move 8159244 to 8u111 section as it only appears to be in unpublished u102 b31.
- Move 8158260 to 8u112 section following its backport to 8u.
- Resolves: rhbz#1368440
- Update to aarch64-jdk8u101-b15.
- Rebase SystemTap tarball on IcedTea 3.1.0 versions so as to avoid patching.
- Drop additional hunk for 8147771 which is now applied upstream.
- Resolves: rhbz#1368440

- security fix
  . CVE-2016-5542
    allows remote attackers to affect integrity via vectors related to Libraries.
  . CVE-2016-5554
    allows remote attackers to affect integrity via vectors related to JMX.
  . CVE-2016-5573
    allows remote attackers to affect confidentiality, integrity, and availability
    via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.
  . CVE-2016-5582
    allows remote attackers to affect confidentiality, integrity, and availability
    via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.
  . CVE-2016-5597
    allows remote attackers to affect confidentiality via vectors related to Networking.

- update 1.8.0-102.b14
- Fix regression in SSL debug output when no ECC provider is available. (rhbz#1365618)

- update 1.8.0-101.b13
- security fix
  . CVE-2016-3458
  . CVE-2016-3500
    Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An
    untrusted Java application or applet could use these flaws to bypass certain
    Java sandbox restrictions.
  . CVE-2016-3508
  . CVE-2016-3550
    Multiple denial of service flaws were found in the JAXP component in OpenJDK.
    A specially crafted XML file could cause a Java application using JAXP to
    consume an excessive amount of CPU and memory when parsed.
  . CVE-2016-3587
  . CVE-2016-3598
  . CVE-2016-3606
  . CVE-2016-3610
    Multiple flaws were discovered in the Hotspot and Libraries components in
    OpenJDK. An untrusted Java application or applet could use these flaws to
    completely bypass Java sandbox restrictions.

- Add fix for PKCS#10 output regression, adding -systemlineendings option.
- Resolves: rhbz#1343832

- security fix
  . CVE-2016-0686, CVE-2016-0687
    Multiple flaws were discovered in the Serialization and Hotspot components in
    OpenJDK. An untrusted Java application or applet could use these flaws to
    completely bypass Java sandbox restrictions.
  . CVE-2016-3427
    It was discovered that the RMI server implementation in the JMX component in
    OpenJDK did not restrict which classes can be deserialized when deserializing
    authentication credentials. A remote, unauthenticated attacker able to connect
    to a JMX port could possibly use this flaw to trigger deserialization flaws.
  . CVE-2016-3425
    It was discovered that the JAXP component in OpenJDK failed to properly handle
    Unicode surrogate pairs used as part of the XML attribute values. Specially
    crafted XML input could cause a Java application to use an excessive amount of
    memory when parsed.
  . CVE-2016-3426
    It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE
    component in OpenJDK used a non-constant time comparison when comparing GCM
    authentication tags. A remote attacker could possibly use this flaw to determine
    the value of the authentication tag.
  . CVE-2016-0695
    It was discovered that the Security component in OpenJDK failed to check the
    digest algorithm strength when generating DSA signatures. The use of a digest
    weaker than the key strength could lead to the generation of signatures that
    were weaker than expected.
- Update to u91b14.
  Resolves: rhbz#1325422
- Enable a full bootstrap on JIT archs. Full build held back by Zero archs anyway.
  Resolves: rhbz#1325422
- Add 8132051 port to AArch64.
  Resolves: rhbz#1325422
- Turn on bootstrap build for all to ensure we are now good to go.
  Resolves: rhbz#1325422
- Add additional fix to Zero patch to properly handle result on 64-bit big-endian
  Resolves: rhbz#1325422
- Revert settings to production defaults so we can at least get a build.
  Resolves: rhbz#1325422
- Switch to a slowdebug build to try and unearth remaining issue on s390x.
  Resolves: rhbz#1325422
- Add missing comma in 8132051 patch.
  Resolves: rhbz#1325422
- Add 8132051 port to Zero.

- Remove what remains of the SunEC sources in the remove-intree-libraries script.
- Resolves: rhbz#1320664
- Update to u77b03.
- Drop 8146566 which is applied upstream.
- Replace s390 Java options patch with general version from IcedTea.
- Apply s390 patches unconditionally to avoid arch-specific patch failures.
- Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le.
- Remove aarch64-specific suffix as update/build version are now the same as for other archs.
- Only use z format specifier on s390, not s390x.
- Adjust tarball generation script to allow ecc_impl.h to be included.
- Correct spelling mistakes in tarball generation script.
- Synchronise minor changes from Fedora.
- Use a simple backport for PR2462/8074839.
- Don't backport the crc check for pack.gz. It's not tested well upstream.
- Resolves: rhbz#1320664

- Add md5sum for previous java.security file so it gets updated.
- Resolves: rhbz#1295753