- update 1.8.0.392
  https://www.oracle.com/java/technologies/javase/8u391-relnotes.html
-Security issues
  https://www.oracle.com/security-alerts/cpuoct2023.html
  . CVE-2023-22067  CORBA    5.3 Network
  . CVE-2023-22081  HTTPS    5.3 Network
  . CVE-2023-22025  Multiple 3.7 Network

- update 1.8.0.382
  https://www.oracle.com/java/technologies/javase/8u381-relnotes.html
-Security issues
  https://www.oracle.com/security-alerts/cpuapr2023.html
  https://www.oracle.com/security-alerts/cpujul2023.html
  . CVE-2023-21930 JSSE          7.4 Network
  . CVE-2023-21967 JSSE          5.9 Network
  . CVE-2023-21954 Hotspot       5.9 Network
  . CVE-2023-21939 Swing         5.3 Network
  . CVE-2023-21938 Libraries     3.7 Network
  . CVE-2023-21968 Libraries     3.7 Network
  . CVE-2023-21937 Networking    3.7 Network
  . CVE-2023-22043 JavaFX        5.9 Network
  . CVE-2023-22041 Hotspot       5.1 Local
  . CVE-2023-22051 Compiler      3.7 Network
  . CVE-2023-25193 2D (Harfbuzz) 3.7 Network
  . CVE-2023-22044 Hotspot       3.7 Network
  . CVE-2023-22045 Hotspot       3.7 Network
  . CVE-2023-22049 Libraries     3.7 Network
  . CVE-2023-22036 Utility       3.7 Network
  . CVE-2023-22006 Networking    3.1 Network

- update 1.8.0.332
  https://www.oracle.com/java/technologies/javase/8u331-relnotes.html
  https://www.oracle.com/java/technologies/javase/8u331-bugfixes.html
-Security issues
  https://www.oracle.com/security-alerts/cpujan2023.html
  . JDK-8272243: Improve DER parsing
  . JDK-8272249: Better properties of loaded Properties
  . JDK-8277608: Address IP Addressing
  . JDK-8281859, CVE-2022-21540: Improve class compilation
  . JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations
  . JDK-8283190: Improve MIDI processing
  . JDK-8284370: Improve zlib usage
  . JDK-8285407, CVE-2022-34169: Improve Xalan supports 
  . JDK-8282252: Improve BigInteger/Decimal validation
  . JDK-8285662: Better permission resolution
  . JDK-8286511: Improve macro allocation
  . JDK-8286519: Better memory handling
  . JDK-8286526, CVE-2022-21619: Improve NTLM support
  . JDK-8286533, CVE-2022-21626: Key X509 usages
  . JDK-8286910, CVE-2022-21624: Improve JNDI lookups
  . JDK-8286918, CVE-2022-21628: Better HttpServer service
  . JDK-8288508: Enhance ECDSA usage 
  . JDK-8285021: Improve CORBA communication
  . JDK-8286496: Improve Thread labels
  . JDK-8288516: Enhance font creation
  . JDK-8289350: Better media supports
  . JDK-8293554: Enhanced DH Key Exchanges
  . JDK-8293598: Enhance InetAddress address handling
  . JDK-8293717: Objective view of ObjectView
  . JDK-8293734: Improve BMP image handling
  . JDK-8293742: Better Banking of Sounds
  . JDK-8295687: Better BMP bounds 
  . CVE-2022-43548 Node Remote 8.1
  . CVE-2023-21835 JSSE Remote 5.3
  . CVE-2023-21830 Serialization Remote 5.3
  . CVE-2023-21843 Sound Remote 3.7

- update 1.8.0.332
  https://www.oracle.com/java/technologies/javase/8u331-relnotes.html
  https://www.oracle.com/java/technologies/javase/8u331-bugfixes.html
- Security fixes
  https://www.oracle.com/security-alerts/cpuapr2022.html
  . JDK-8269938: Enhance XML processing passes redux
  . JDK-8270504, CVE-2022-21426: Better XPath expression handling
  . JDK-8272255: Completely handle MIDI files
  . JDK-8272261: Improve JFR recording file processing
  . JDK-8272594: Better record of recordings
  . JDK-8274221: More definite BER encodings
  . JDK-8275151, CVE-2022-21443: Improved Object Identification
  . JDK-8277227: Better identification of OIDs
  . JDK-8277672, CVE-2022-21434: Better invocation handler handling
  . JDK-8278008, CVE-2022-21476: Improve Santuario processing
  . JDK-8278356: Improve file creation
  . JDK-8278449: Improve keychain support
  . JDK-8278805: Enhance BMP image loading
  . JDK-8278972, CVE-2022-21496: Improve URL supports
  . JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
- Other changes
  . JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl
  . JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl
  . JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java
  . JDK-8037259: xerces update: xpointer update
  . JDK-8041523: Xerces Update: Serializer improvements from Xalan
  . JDK-8141508: java.lang.invoke.LambdaConversionException: Invalid receiver type
  . JDK-8162572: Update License Header for all JAXP sources
  . JDK-8167014: jdeps: Missing message: warn.skipped.entry
  . JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5
  . JDK-8202822: Add .git to .hgignore
  . JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 <cont> commands
  . JDK-8209178: Proxied HttpsURLConnection doesn't send BODY when retrying POST request
  . JDK-8210283: Support git as an SCM alternative in the build
  . JDK-8218682: [TEST_BUG] DashOffset fails in mach5
  . JDK-8225690: Multiple AttachListener threads can be created
  . JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
  . JDK-8227815: Minimal VM: set_state is not a member of AttachListener
  . JDK-8240633: Memory leaks in the implementations of FileChooserUI
  . JDK-8241768: git needs .gitattributes
  . JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn
  . JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
  . JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
  . JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
  . JDK-8270290: NTLM authentication fails if HEAD request is used
  . JDK-8273229: Update OS detection code to recognize Windows Server 2022
  . JDK-8273341: Update Siphash to version 1.0
  . JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated
  . JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
  . JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
  . JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
  . JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
  . JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack()
  . JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
  . JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character
  . JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
  . JDK-8284920: Incorrect Token type causes XPath expression to return empty result
  . JDK-8284936: Fix Java 7 bootstrap breakage due to use of Arrays.stream
- Shenandoah
  . JDK-8260632: Build failures after JDK-8253353
  . JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git

- update 1.8.0.322
  https://www.oracle.com/java/technologies/javase/8u321-relnotes.html
  https://www.oracle.com/java/technologies/javase/8u321-bugfixes.html
- security issues
  https://www.oracle.com/security-alerts/cpujan2022.html
  . JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
  . JDK-8268488: More valuable DerValues
  . JDK-8268494: Better inlining of inlined interfaces
  . JDK-8268512: More content for ContentInfo
  . JDK-8268795: Enhance digests of Jar files
  . JDK-8268801: Improve PKCS attribute handling
  . JDK-8268813, CVE-2022-21283: Better String matching
  . JDK-8269151: Better construction of EncryptedPrivateKeyInfo
  . JDK-8269944: Better HTTP transport redux
  . JDK-8270392, CVE-2022-21293: Improve String constructions
  . JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
  . JDK-8270492, CVE-2022-21282: Better resolution of URIs
  . JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
  . JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
  . JDK-8271962: Better TrueType font loading
  . JDK-8271968: Better canonical naming
  . JDK-8271987: Manifest improved manifest entries
  . JDK-8272014, CVE-2022-21305: Better array indexing
  . JDK-8272026, CVE-2022-21340: Verify Jar Verification
  . JDK-8272236, CVE-2022-21341: Improve serial forms for transport
  . JDK-8272272: Enhance jcmd communication
  . JDK-8272462: Enhance image handling
  . JDK-8273290: Enhance sound handling
  . JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
  . JDK-8273756, CVE-2022-21360: Enhance BMP image support
  . JDK-8273838, CVE-2022-21365: Enhanced BMP processing

- update 1.8.0.312
  https://www.oracle.com/java/technologies/javase/8u311-relnotes.html
  https://www.oracle.com/java/technologies/javase/8u311-bugfixes.html
- security issues
  https://www.oracle.com/security-alerts/cpuoct2021.html
  . CVE-2021-3517  JavaFX (libxml)    Remote 8.6
  . CVE-2021-35560 Deployment         Remote 7.5
  . CVE-2021-35567 Libraries          Local  6.8
  . CVE-2021-35550 JSSE               Remote 5.9
  . CVE-2021-3522  JavaFX (GStreamer) Local 5.5
  . CVE-2021-35586 ImageIO            Remote 5.3
  . CVE-2021-35564 Keytool            Remote 5.3
  . CVE-2021-35556 Swing              Remote 5.3
  . CVE-2021-35559 Swing              Remote 5.3
  . CVE-2021-35561 Utility            Remote 5.3
  . CVE-2021-35565 JSSE               Remote 5.3
  . CVE-2021-35578 JSSE               Remote 5.3
  . CVE-2021-35603 JSSE               Remote 3.7
  . CVE-2021-35588 Hotspot            Remote 3.1

- update 1.8.0.302
  https://www.oracle.com/java/technologies/javase/8u301-relnotes.html
  https://www.oracle.com/java/technologies/javase/8u301-bugfixes.html
- security issues
  https://www.oracle.com/security-alerts/cpujul2021.html
  . CVE-2021-2388 Hotspot    Remote 7.5
  . CVE-2021-2369 Library    Remote 4.3
  . CVE-2021-2341 Networking Remote 3.1

- update 1.8.0.292
  https://www.oracle.com/java/technologies/javase/8u291-relnotes.html
- security issues
  https://www.oracle.com/security-alerts/cpujan2021.html
  . CVE-2021-2161 Libraries Remote 5.9
  . CVE-2021-2163 Libraries Remote 5.3

- update 1.8.0.282
  https://www.oracle.com/java/technologies/javase/8u281-relnotes.html
  - Extend RH1750419 alt-java fix to include external debuginfo, following JDK-8252395 in 8u282-b01
  - Resolves: rhbz#1901690
- security issues
  https://www.oracle.com/security-alerts/cpujan2021.html

- Update to aarch64-shenandoah-jdk8u275-b01 (GA)
- Update release notes for 8u275.
- Resolves: rhbz#1895062

- update 1.8.0.272
  https://www.oracle.com/java/technologies/javase/8u271-relnotes.html
  - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
  - update tzdata IANA 2020a
- security issues
  https://www.oracle.com/security-alerts/cpuoct2020.html
  . JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
  . JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
  . JDK-8237995, CVE-2020-14782: Enhance certificate processing
  . JDK-8241114, CVE-2020-14792: Better range handling
  . JDK-8242680, CVE-2020-14796: Improved URI Support
  . JDK-8242685, CVE-2020-14797: Better Path Validation
  . JDK-8242695, CVE-2020-14798: Enhanced buffer support
  . JDK-8244136, CVE-2020-14803: Improved Buffer supports

- update 1.8.0.262
  https://www.oracle.com/java/technologies/javase/8u261-relnotes.html
- security issues
  https://www.oracle.com/security-alerts/cpujul2020.html
  . CVE-2020-14556: Better ForkJoinPool behavior
  . CVE-2020-14577: Enhance certificate verification
  . CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
  . CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
  . CVE-2020-14581: Better matrix operations
  . CVE-2020-14583: Better Buffer support
  . CVE-2020-14593: Less Affine Transformations
  . CVE-2020-14621: Better XML namespace handling

- update 1.8.0.252
  https://www.oracle.com/technetwork/java/javase/8u251-relnotes-5972664.html
- security issues
  https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixJAVA
  . CVE-2020-2803  Libraries                Remote  8.3
  . CVE-2020-2805  Libraries                Remote  8.3
  . CVE-2019-18197 JavaFX(libxslt)          Remote  8.1
  . CVE-2020-2781  JSSE                     Remote  5.3
  . CVE-2020-2830  Concurrency              Remote 5.3
  . CVE-2020-2800  Lightweight HTTP Server  Remote  4.8
  . CVE-2020-2754  Scripting                Remote  3.7
  . CVE-2020-2755  Scripting                Remote  3.7
  . CVE-2020-2773  Security                 Remote  3.7
  . CVE-2020-2756  Serialization            Remote  3.7
  . CVE-2020-2757  Serialization            Remote  3.7

- update 1.8.0.242
  https://www.oracle.com/technetwork/java/javase/8u241-relnotes-5813177.html
- security issues
  https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA
  . CVE-2020-2604  Serialization      Remote 8.1
  . CVE-2019-16168 JavaFX (SQLite)    Remote 7.5
  . CVE-2019-13117 JavaFX (libxslt)   Remote 7.5
  . CVE-2019-13118 JavaFX (libxslt)   Remote 7.5
  . CVE-2020-2601  Security(Kerberos) Remote 6.8
  . CVE-2020-2585  JavaFX             Remote 5.9
  . CVE-2020-2655  JSSE(HTTPS)        Remote 4.8
  . CVE-2020-2593  Networking         Remote 4.8
  . CVE-2020-2654  Libraries          Remote 3.7
  . CVE-2020-2590  Security(Kerberos) Remote 3.7
  . CVE-2020-2659  Networking         Remote 3.7
  . CVE-2020-2583  Serialization      Remote 3.7

- Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately.
- Drop unused use_shenandoah_hotspot variable.
- Resolves: rhbz#1705328

- update 1.8.0.232
  https://www.oracle.com/technetwork/java/javase/documentation/8u-relnotes-2225394.html
- security issues
  https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA
  . CVE-2019-2949  Kerberos         Remote  6.8
  . CVE-2019-2989  Networking       Remote  6.8
  . CVE-2019-2958  Libraries        Remote  5.9
  . CVE-2019-11068 JavaFX (libxslt) Remote  5.6
  . CVE-2019-2975  Scripting        Remote  4.8
  . CVE-2019-2999  Javadoc          Remote  4.7
  . CVE-2019-2996  Deployment       Remote  4.2
  . CVE-2019-2962  2D               Remote  3.7
  . CVE-2019-2988  2D               Remote  3.7
  . CVE-2019-2992  2D               Remote  3.7
  . CVE-2019-2964  Concurrency      Remote  3.7
  . CVE-2019-2973  JAXP             Remote  3.7
  . CVE-2019-2981  JAXP             Remote  3.7
  . CVE-2019-2978  Networking       Remote  3.7
  . CVE-2019-2894  Security         Remote  3.7
  . CVE-2019-2983  Serialization    Remote  3.7
  . CVE-2019-2933  Libraries        Remote  3.1
  . CVE-2019-2945  Networking       Remote  3.1

- update 1.8.0.222
  https://www.oracle.com/technetwork/java/javase/8u221-relnotes-5480116.html
  https://www.oracle.com/technetwork/java/javase/2col/8u221-bugfixes-5480117.html
- security issues
  https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
  . CVE-2019-7317 AWT (libpng) Remote 6.8
  . CVE-2019-2762 Utilities    Remote 5.3
  . CVE-2019-2769 Utilities    Remote 5.3
  . CVE-2019-2745 Security     Local  5.1
  . CVE-2019-2816 Networking   Remote 4.8
  . CVE-2019-2842 JCE          Remote 3.7
  . CVE-2019-2786 Security     Remote 3.4
  . CVE-2019-2766 Networking   Remote 3.1

- update 1.8.0.212
  https://www.oracle.com/technetwork/java/javase/8u212-relnotes-5292913.html
  https://www.oracle.com/technetwork/java/javase/2col/8u212-bugfixes-5292916.html
- security issues
  https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  . CVE-2018-11212  ImageIO (libjpeg)  Remote  5.3
  . CVE-2019-2426   Networking         Remote  3.7
  . CVE-2019-2449   Deployment         Remote  3.1
  . CVE-2019-2422   Libraries          Remote  3.1

- update 1.8.0.201
  https://www.oracle.com/technetwork/java/javase/8u201-relnotes-5209271.html
  https://www.oracle.com/technetwork/java/javase/2col/8u201-bugfixes-5209275.html
- security issues
  https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
  . CVE-2018-11212  ImageIO (libjpeg)  Remote  5.3
  . CVE-2019-2426   Networking         Remote  3.7
  . CVE-2019-2449   Deployment         Remote  3.1
  . CVE-2019-2422   Libraries          Remote  3.1

- Update to aarch64-shenandoah-jdk8u191-b12.

- update 1.8.0.191
  https://www.oracle.com/technetwork/java/javase/8u191-relnotes-5032181.html

- security issues
  https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  . CVE-2018-3183  JRockit        Remote 9.0
  . CVE-2018-3209  JavaFX         Remote 8.3
  . CVE-2018-3169  Hotspot        Remote 8.3
  . CVE-2018-3149  JNDI           Remote 8.3
  . CVE-2018-3211  Serviceability No     6.6
  . CVE-2018-3180  JSSE           Remote 5.6
  . CVE-2018-3214  Sound          Remote 5.3
  . CVE-2018-13785 Deployment (libpng) Remote 3.7
  . CVE-2018-3136  Security       Remote 3.4
  . CVE-2018-3139  Networking     Remote 3.1

- security issues
  . CVE-2018-2938 	Java DB
  . CVE-2018-2964 	Deployment
  . CVE-2018-2941 	JavaFX
  . CVE-2018-2942 	Windows DLL
  . CVE-2018-2972 	Security
  . CVE-2018-2973 	JSSE SSL/TLS
  . CVE-2018-2940 	Libraries
  . CVE-2018-2952 	Concurrency

- added and applied 1566890_embargoed20180521.patch
- Resolves: rhbz#1578555
- security issues
  . CVE-2018-3639 hw: cpu: speculative store bypass

- security issues
  . CVE-2018-2814 Hotspot
  . CVE-2018-2811 Install (Local)
  . CVE-2018-2794 Security (Local)
  . CVE-2018-2783 Security
  . CVE-2018-2798 AWT
  . CVE-2018-2796 Concurrency
  . CVE-2018-2799 JAXP
  . CVE-2018-2797 JMX
  . CVE-2018-2795 Security
  . CVE-2018-2815 Serialization
  . CVE-2018-2800 RMI
  . CVE-2018-2790 Security

- Update to b14 with updated Zero fix for 8174962 (S8194828)
- Resolves: rhbz#1528233

- Backport "8180048: Interned string and symbol table leak memory during parallel unlinking" (gnu_andrew)
- Resolves: rhbz#1515212

- security issues
  CVE-2017-10346 Hotspot component. Enabled remote attack without auth
  CVE-2017-10285 RMI component. Enabled remote attack without auth
  CVE-2017-10388 Libraries component(Kerberos). Enabled remote attack without auth
  CVE-2017-10309 Deployment component. Enabled remote attack without auth
  CVE-2017-10274 Smart Card IO component. Enabled remote attack without auth
  CVE-2017-10356 Security component. No
  CVE-2017-10293 Javadoc component(HTTP). Enabled remote attack without auth
  CVE-2017-10350 JAX-WS component. Enabled remote attack without auth
  CVE-2017-10349 JAXP component. Enabled remote attack without auth
  CVE-2017-10348 Libraries component. Enabled remote attack without auth
  CVE-2017-10357 Serialization component. Enabled remote attack without auth
  CVE-2016-9841 Util (zlib) component. Enabled remote attack without auth
  CVE-2016-10165 2D (Little CMS 2) component. Enabled remote attack without auth
  CVE-2017-10355 Networking component. Enabled remote attack without auth
  CVE-2017-10281 Serialization component. Enabled remote attack without auth
  CVE-2017-10347 Serialization component. Enabled remote attack without auth
  CVE-2017-10295 Networking component(HTTP). Enabled remote attack without auth
  CVE-2017-10345 Serialization component. Enabled remote attack without auth

- Update to aarch64-jdk8u144-b01 and aarch64-shenandoah-jdk8u144-b01.
- Exclude 8175887 from Shenandoah builds as it has been included in that repo.
- Resolves: rhbz#1481947

- Update to aarch64-jdk8u141-b16 and aarch64-shenandoah-jdk8u141-b16.
- Revert change to remove-intree-libraries.sh following backout of 8173207
- Resolves: rhbz#1466509

- update 1.8.0-141.b16
- security fix
  . CVE-2017-10053
  . CVE-2017-10067
  . CVE-2017-10074
  . CVE-2017-10078
  . CVE-2017-10081
  . CVE-2017-10087
  . CVE-2017-10089
  . CVE-2017-10090
  . CVE-2017-10096
  . CVE-2017-10101
  . CVE-2017-10102
  . CVE-2017-10107
  . CVE-2017-10108
  . CVE-2017-10109
  . CVE-2017-10110
  . CVE-2017-10111
  . CVE-2017-10115
  . CVE-2017-10116
  . CVE-2017-10135
  . CVE-2017-10193
  . CVE-2017-10198

- Update to aarch64-jdk8u131-b12 and aarch64-shenandoah-jdk8u131-b12 for AArch64 8168699 fix
- Resolves: rhbz#1449258

- update 1.8.0-131.b11
- security fix
  . CVE-2017-3509
  . CVE-2017-3511
  . CVE-2017-3526
  . CVE-2017-3533
  . CVE-2017-3539
  . CVE-2017-3544

- update 1.8.0-121.b13
- security fix
  . CVE-2016-5546
    It was discovered that the Libraries component of OpenJDK accepted ECSDA
    signatures using non-canonical DER encoding. This could cause a Java application
    to accept signature in an incorrect format not accepted by other cryptographic
    tools.
  . CVE-2016-5547
    It was discovered that the Libraries component of OpenJDK did not validate the
    length of the object identifier read from the DER input before allocating memory
    to store the OID. An attacker able to make a Java application decode a specially
    crafted DER input could cause the application to consume an excessive amount of
    memory.
  . CVE-2016-5548
    A covert timing channel flaw was found in the DSA implementation in the
    Libraries component of OpenJDK. A remote attacker could possibly use this flaw
    to extract certain information about the used key via a timing side channel.
  . CVE-2016-5552
    It was discovered that the Networking component of OpenJDK failed to properly
    parse user info from the URL. A remote attacker could cause a Java application
    to incorrectly parse an attacker supplied URL and interpret it differently from
    other applications processing the same URL.
  . CVE-2017-3231, CVE-2017-3261
    Multiple flaws were found in the Networking components in OpenJDK. An
    untrusted Java application or applet could use these flaws to bypass certain
    Java sandbox restrictions.
  . CVE-2017-3241
    It was discovered that the RMI registry and DCG implementations in the RMI
    component of OpenJDK performed deserialization of untrusted inputs. A remote
    attacker could possibly use this flaw to execute arbitrary code with the
    privileges of RMI registry or a Java RMI application.
  . CVE-2017-3252
    It was discovered that the JAAS component of OpenJDK did not use the correct
    way to extract user DN from the result of the user search LDAP query. A
    specially crafted user LDAP entry could cause the application to use an
    incorrect DN.
  . CVE-2017-3253
    It was discovered that the 2D component of OpenJDK performed parsing of iTXt
    and zTXt PNG image chunks even when configured to ignore metadata. An attacker
    able to make a Java application parse a specially crafted PNG image could cause
    the application to consume an excessive amount of memory.
  . CVE-2017-3272, CVE-2017-3289
    Multiple flaws were discovered in the Libraries and Hotspot components in
    OpenJDK. An untrusted Java application or applet could use these flaws to
    completely bypass Java sandbox restrictions.
  . CVE-2016-2183
    A flaw was found in the way the DES/3DES cipher was used as part of the
    TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover
    some plaintext data by capturing large amounts of encrypted traffic between
    TLS/SSL server and client if the communication used a DES/3DES based
    ciphersuite.

- update 1.8.0.111-2.b15 with RHEL 7.3

- update 1.8.0-111.b15
- Keep debug architecture set the same on RHEL 7.2
- Resolves: rhbz#1381990
- Bump release for rebuild.
- Resolves: rhbz#1381990
- Turn debug builds on for all JIT architectures. Always AssumeMP on RHEL.
- Resolves: rhbz#1381990
- Update to aarch64-jdk8u111-b15, with AArch64 fix for S8160591.
- Swap java.security md5sum for 7.2.z version with ECC patch.
- Resolves: rhbz#1381990
- Update to aarch64-jdk8u111-b14.
- Add latest md5sum for java.security file due to jar signing property addition.
- Drop S8157306 and the CORBA typo fix, both of which appear upstream in u111.
- Add LCMS 2 patch to fix Red Hat security issue RH1367357 in the local OpenJDK copy.
- Resolves: rhbz#1381990
- declared check_sum_presented_in_spec and used in prep and check
- it is checking that latest packed java.security is mentioned in listing
- Resolves: rhbz#1368440
- New variable, @prefix@, needs to be substituted in tapsets (rhbz1371005)
- Resolves: rhbz#1368440
- Update to aarch64-jdk8u102-b14.
- Drop 8140620, 8148752 and 6961123, all of which appear upstream in u102.
- Move 8159244 to 8u111 section as it only appears to be in unpublished u102 b31.
- Move 8158260 to 8u112 section following its backport to 8u.
- Resolves: rhbz#1368440
- Update to aarch64-jdk8u101-b15.
- Rebase SystemTap tarball on IcedTea 3.1.0 versions so as to avoid patching.
- Drop additional hunk for 8147771 which is now applied upstream.
- Resolves: rhbz#1368440

- security fix
  . CVE-2016-5542
    allows remote attackers to affect integrity via vectors related to Libraries.
  . CVE-2016-5554
    allows remote attackers to affect integrity via vectors related to JMX.
  . CVE-2016-5573
    allows remote attackers to affect confidentiality, integrity, and availability
    via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.
  . CVE-2016-5582
    allows remote attackers to affect confidentiality, integrity, and availability
    via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.
  . CVE-2016-5597
    allows remote attackers to affect confidentiality via vectors related to Networking.

- update 1.8.0-102.b14
- Fix regression in SSL debug output when no ECC provider is available. (rhbz#1365618)

- update 1.8.0-101.b13
- security fix
  . CVE-2016-3458
  . CVE-2016-3500
    Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An
    untrusted Java application or applet could use these flaws to bypass certain
    Java sandbox restrictions.
  . CVE-2016-3508
  . CVE-2016-3550
    Multiple denial of service flaws were found in the JAXP component in OpenJDK.
    A specially crafted XML file could cause a Java application using JAXP to
    consume an excessive amount of CPU and memory when parsed.
  . CVE-2016-3587
  . CVE-2016-3598
  . CVE-2016-3606
  . CVE-2016-3610
    Multiple flaws were discovered in the Hotspot and Libraries components in
    OpenJDK. An untrusted Java application or applet could use these flaws to
    completely bypass Java sandbox restrictions.

- Add fix for PKCS#10 output regression, adding -systemlineendings option.
- Resolves: rhbz#1343832

- security fix
  . CVE-2016-0686, CVE-2016-0687
    Multiple flaws were discovered in the Serialization and Hotspot components in
    OpenJDK. An untrusted Java application or applet could use these flaws to
    completely bypass Java sandbox restrictions.
  . CVE-2016-3427
    It was discovered that the RMI server implementation in the JMX component in
    OpenJDK did not restrict which classes can be deserialized when deserializing
    authentication credentials. A remote, unauthenticated attacker able to connect
    to a JMX port could possibly use this flaw to trigger deserialization flaws.
  . CVE-2016-3425
    It was discovered that the JAXP component in OpenJDK failed to properly handle
    Unicode surrogate pairs used as part of the XML attribute values. Specially
    crafted XML input could cause a Java application to use an excessive amount of
    memory when parsed.
  . CVE-2016-3426
    It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE
    component in OpenJDK used a non-constant time comparison when comparing GCM
    authentication tags. A remote attacker could possibly use this flaw to determine
    the value of the authentication tag.
  . CVE-2016-0695
    It was discovered that the Security component in OpenJDK failed to check the
    digest algorithm strength when generating DSA signatures. The use of a digest
    weaker than the key strength could lead to the generation of signatures that
    were weaker than expected.
- Update to u91b14.
  Resolves: rhbz#1325422
- Enable a full bootstrap on JIT archs. Full build held back by Zero archs anyway.
  Resolves: rhbz#1325422
- Add 8132051 port to AArch64.
  Resolves: rhbz#1325422
- Turn on bootstrap build for all to ensure we are now good to go.
  Resolves: rhbz#1325422
- Add additional fix to Zero patch to properly handle result on 64-bit big-endian
  Resolves: rhbz#1325422
- Revert settings to production defaults so we can at least get a build.
  Resolves: rhbz#1325422
- Switch to a slowdebug build to try and unearth remaining issue on s390x.
  Resolves: rhbz#1325422
- Add missing comma in 8132051 patch.
  Resolves: rhbz#1325422
- Add 8132051 port to Zero.

- Remove what remains of the SunEC sources in the remove-intree-libraries script.
- Resolves: rhbz#1320664
- Update to u77b03.
- Drop 8146566 which is applied upstream.
- Replace s390 Java options patch with general version from IcedTea.
- Apply s390 patches unconditionally to avoid arch-specific patch failures.
- Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le.
- Remove aarch64-specific suffix as update/build version are now the same as for other archs.
- Only use z format specifier on s390, not s390x.
- Adjust tarball generation script to allow ecc_impl.h to be included.
- Correct spelling mistakes in tarball generation script.
- Synchronise minor changes from Fedora.
- Use a simple backport for PR2462/8074839.
- Don't backport the crc check for pack.gz. It's not tested well upstream.
- Resolves: rhbz#1320664

- Add md5sum for previous java.security file so it gets updated.
- Resolves: rhbz#1295753