Switch buildjdkver back to being featurever, now java-19-openjdk is available in the buildroot

Update release notes to 19.0.0
Rebase FIPS patches from fips-19u branch
Need to include the '.S' suffix in debuginfo checks after JDK-8284661
Add patch to provide translations for Europe/Kyiv added in tzdata2022b
Add test to ensure timezones can be translated
Remove references to sample directory removed by JDK-8284999

.gitignore

@@ -13,3 +13,19 @@
 /jdk-updates-jdk15u-jdk-15.0.1+9.tar.xz
 /tapsets-icedtea-3.15.0.tar.xz
 /jdk-updates-jdk15u-jdk-15.0.2+7.tar.xz
+/openjdk-jdk16-jdk-16+36.tar.xz
+/openjdk-jdk16u-jdk-16.0.1+9.tar.xz
+/openjdk-jdk17-jdk-17+26.tar.xz
+/openjdk-jdk17-jdk-17+33.tar.xz
+/openjdk-jdk17-jdk-17+35.tar.xz
+/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
+/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
+/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
+/openjdk-jdk-jdk-18+27.tar.xz
+/openjdk-jdk18-jdk-18+27.tar.xz
+/openjdk-jdk18-jdk-18+37.tar.xz
+/openjdk-jdk18u-jdk-18.0.1+0.tar.xz
+/openjdk-jdk18u-jdk-18.0.1+10.tar.xz
+/openjdk-jdk18u-jdk-18.0.1.1+2.tar.xz
+/openjdk-jdk18u-jdk-18.0.2+9.tar.xz
+/openjdk-jdk19u-jdk-19+36.tar.xz

CheckVendor.java

@@ -0,0 +1,65 @@
+/* CheckVendor -- Check the vendor properties match specified values.
+   Copyright (C) 2020 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @test
+ */
+public class CheckVendor {
+
+    public static void main(String[] args) {
+        if (args.length < 4) {
+            System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL> <VENDOR-VERSION-STRING>");
+	    System.exit(1);
+	}
+
+	String vendor = System.getProperty("java.vendor");
+	String expectedVendor = args[0];
+	String vendorURL = System.getProperty("java.vendor.url");
+	String expectedVendorURL = args[1];
+	String vendorBugURL = System.getProperty("java.vendor.url.bug");
+	String expectedVendorBugURL = args[2];
+        String vendorVersionString = System.getProperty("java.vendor.version");
+        String expectedVendorVersionString = args[3];
+
+	if (!expectedVendor.equals(vendor)) {
+	    System.err.printf("Invalid vendor %s, expected %s\n",
+			      vendor, expectedVendor);
+	    System.exit(2);
+	}
+
+	if (!expectedVendorURL.equals(vendorURL)) {
+	    System.err.printf("Invalid vendor URL %s, expected %s\n",
+			      vendorURL, expectedVendorURL);
+	    System.exit(3);
+	}
+
+	if (!expectedVendorBugURL.equals(vendorBugURL)) {
+            System.err.printf("Invalid vendor bug URL %s, expected %s\n",
+			      vendorBugURL, expectedVendorBugURL);
+	    System.exit(4);
+	}
+
+        if (!expectedVendorVersionString.equals(vendorVersionString)) {
+            System.err.printf("Invalid vendor version string %s, expected %s\n",
+                              vendorVersionString, expectedVendorVersionString);
+	    System.exit(5);
+        }
+
+        System.err.printf("Vendor information verified as %s, %s, %s, %s\n",
+                          vendor, vendorURL, vendorBugURL, vendorVersionString);
+    }
+}

NEWS

@@ -3,152 +3,124 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
-New in release OpenJDK 15.0.2 (2021-01-19):
+New in release OpenJDK 19.0.0 (2022-09-20):
 ===========================================
-Live versions of these release notes can be found at:
-  * https://builds.shipilev.net/backports-monitor/release-notes-15.0.2.txt
+Major changes are listed below.  Some changes may have been backported
+to earlier releases following their first appearance in OpenJDK 19.
 
-* Security fixes
-  - JDK-8247619: Improve Direct Buffering of Characters
-* Other changes
-  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
-  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
-  - JDK-8247741: Test test/hotspot/jtreg/runtime/7162488/TestUnrecognizedVmOption.java fails when -XX:+IgnoreUnrecognizedVMOptions is set
-  - JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted
-  - JDK-8248596: [TESTBUG] compiler/loopopts/PartialPeelingUnswitch.java times out with Graal enabled
-  - JDK-8248667: Need support for building native libraries located in the test/lib directory
-  - JDK-8249176: Update GlobalSignR6CA test certificates
-  - JDK-8249192: MonitorInfo stores raw oops across safepoints
-  - JDK-8249217: Unexpected StackOverflowError in "process reaper" thread still happens
-  - JDK-8249781: AArch64: AOT compiled code crashes if C2 allocates r27
-  - JDK-8250257: Bump release strings for JDK 15.0.2
-  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
-  - JDK-8251859: sun/security/validator/PKIXValAndRevCheckTests.java fails
-  - JDK-8253191: C2: Masked byte comparisons with large masks produce wrong result on x86
-  - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
-  - JDK-8253566: clazz.isAssignableFrom will return false for interface implementors
-  - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
-  - JDK-8253791: Issue with useAppleColor check in CSystemColors.m
-  - JDK-8253960: Memory leak in Java_java_lang_ClassLoader_defineClass0()
-  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
-  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
-  - JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
-  - JDK-8254319: Shenandoah: Interpreter native-LRB needs to activate during HAS_FORWARDED
-  - JDK-8254320: Shenandoah: C2 native LRB should activate for non-cset objects
-  - JDK-8254790: SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics
-  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
-  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
-  - JDK-8255065: Zero: accessor_entry misses the IRIW case
-  - JDK-8255067: Restore Copyright line in file modified by 8253191
-  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
-  - JDK-8255599: Change jdk 15.0.2 milestone to fcs for build b04
-  - JDK-8255603: Memory/Performance regression after JDK-8210985
-  - JDK-8256051: nmethod_entry_barrier stub miscalculates xmm spill size on x86_32
-  - JDK-8256427: Test com/sun/jndi/dns/ConfigTests/PortUnreachable.java does not work on AIX
-  - JDK-8256618: Zero: Linux x86_32 build still fails
-  - JDK-8257181: s390x builds are very noisy with gc-sections messages
-  - JDK-8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
-  - JDK-8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays
+The full list of changes in 19u can be found at:
+-  * https://builds.shipilev.net/backports-monitor/release-notes-19.txt
 
-Notes on individual issues:
+NEW FEATURES
+============
+
+Language Features
+=================
+
+Pattern Matching for switch
 ===========================
+https://openjdk.org/jeps/406
+https://openjdk.org/jeps/420
+https://openjdk.org/jeps/427
 
-core-libs/java.time:
+Enhance the Java programming language with pattern matching for
+`switch` expressions and statements, along with extensions to the
+language of patterns. Extending pattern matching to `switch` allows an
+expression to be tested against a number of patterns, each with a
+specific action, so that complex data-oriented queries can be
+expressed concisely and safely.
 
-JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
-====================================================================
-Following JDK's update to tzdata2020b, the long-obsolete files
-pacificnew and systemv have been removed. As a result, the
-"US/Pacific-New" zone name declared in the pacificnew data file is no
-longer available for use.
+This was a preview feature (http://openjdk.java.net/jeps/12) in
+OpenJDK 17 (JEP 406) and saw a second preview in OpenJDK 18 (JEP 420).
+It reaches its third preview (JEP 427) in OpenJDK 19.
 
-Information regarding the update can be viewed at
-https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
+Record Patterns
+===============
+https://openjdk.org/jeps/405
 
-New in release OpenJDK 15.0.1 (2020-10-20):
-===========================================
-Live versions of these release notes can be found at:
-  * https://builds.shipilev.net/backports-monitor/release-notes-15.0.1.txt
+Enhance the Java programming language with record patterns to
+deconstruct record values. Record patterns and type patterns can be
+nested to enable a powerful, declarative, and composable form of data
+navigation and processing.
 
-* Security fixes
-  - JDK-8233624: Enhance JNI linkage
-  - JDK-8236196: Improve string pooling
-  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
-  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
-  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
-  - JDK-8240124: Better VM Interning
-  - JDK-8241114, CVE-2020-14792: Better range handling
-  - JDK-8242680, CVE-2020-14796: Improved URI Support
-  - JDK-8242685, CVE-2020-14797: Better Path Validation
-  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
-  - JDK-8243302: Advanced class supports
-  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
-  - JDK-8244479: Further constrain certificates
-  - JDK-8244955: Additional Fix for JDK-8240124
-  - JDK-8245407: Enhance zoning of times
-  - JDK-8245412: Better class definitions
-  - JDK-8245417: Improve certificate chain handling
-  - JDK-8248574: Improve jpeg processing
-  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
-  - JDK-8253019: Enhanced JPEG decoding
-* Other changes
-  - JDK-8232114: JVM crashed at imjpapi.dll in native code
-  - JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp
-  - JDK-8247251: Assert '(_pcs_length == 0 || last_pc()->pc_offset() < pc_offset) failed: must specify a new, larger pc offset' failure
-  - JDK-8248495: [macos] zerovm is broken due to libffi headers location
-  - JDK-8248745: Add jarsigner and keytool tests for restricted algorithms
-  - JDK-8249165: Remove unneeded nops introduced by 8234160 changes
-  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
-  - JDK-8249266: Bump release strings for JDK 15.0.1
-  - JDK-8249266: Change jdk 15.0.1 milestone to fcs for build b02
-  - JDK-8250612: jvmciCompilerToVM.cpp declares jio_printf with "void" return type, should be "int"
-  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
-  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
-  - JDK-8250876: Fix issues with cross-compile on macos
-  - JDK-8250928: JFR: Improve hash algorithm for stack traces
-  - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
-  - JDK-8251458: Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed"
-  - JDK-8251859: sun/security/validator/PKIXValAndRevCheckTests.java fails
-  - JDK-8251910: Shenandoah: Handshake threads between weak-roots and reset phases
-  - JDK-8252120: compiler/oracle/TestCompileCommand.java misspells "occured"
-  - JDK-8252292: 8240795 may cause anti-dependence to be missed
-  - JDK-8252359: HotSpot Not Identifying it is Running in a Container
-  - JDK-8252367: Undo JDK-8245000: Windows GDI functions don't support large pages
-  - JDK-8252368: Undo JDK-8245002: Windows GDI functions don't support NUMA interleaving
-  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
-  - JDK-8252660: Shenandoah: support manageable SoftMaxHeapSize option
-  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
-  - JDK-8253222: Shenandoah: unused AlwaysTrueClosure after JDK-8246591
-  - JDK-8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
-  - JDK-8253226: Shenandoah: remove unimplemented ShenandoahStrDedupQueue::verify
-  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
-  - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
-  - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
-  - JDK-8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
-  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
-  - JDK-8254560: Shenandoah: Concurrent Strong Roots logging is incorrect
+This is a preview feature (http://openjdk.java.net/jeps/12) introduced
+in OpenJDK 19 (JEP 405)
 
-Notes on individual issues:
-===========================
+Library Features
+================
 
-security-libs/java.security:
+Vector API
+==========
+https://openjdk.org/jeps/338
+https://openjdk.org/jeps/414
+https://openjdk.org/jeps/417
+https://openjdk.org/jeps/426
 
-JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
-========================================================================
-The Entrust root certificate has been added to the cacerts truststore:
+Introduce an API to express vector computations that reliably compile
+at runtime to optimal vector hardware instructions on supported CPU
+architectures and thus achieve superior performance to equivalent
+scalar computations.
 
-Alias Name: entrustrootcag4
-Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
+This is an incubation feature (https://openjdk.java.net/jeps/11)
+introduced in OpenJDK 16 (JEP 338). A second round of incubation took
+place in OpenJDK 17 (JEP 414), OpenJDK 18 (JEP 417) saw a third and
+OpenJDK 19 sees its fourth (JEP 426).
 
-JDK-8250860: Added 3 SSL Corporation Root CA Certificates
-=========================================================
-The following root certificates have been added to the cacerts truststore for the SSL Corporation:
+Foreign Function & Memory API
+=============================
+https://openjdk.org/jeps/412
+https://openjdk.org/jeps/419
+https://openjdk.org/jeps/424
 
-Alias Name: sslrootrsaca
-Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
+Introduce an API by which Java programs can interoperate with code and
+data outside of the Java runtime. By efficiently invoking foreign
+functions (i.e., code outside the JVM), and by safely accessing
+foreign memory (i.e., memory not managed by the JVM), the API enables
+Java programs to call native libraries and process native data without
+the brittleness and danger of JNI.
 
-Alias Name: sslrootevrsaca
-Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
+This API is now a preview feature (http://openjdk.java.net/jeps/12).
+It was first introduced in incubation
+(https://openjdk.java.net/jeps/11) in OpenJDK 17 (JEP 412), and is an
+evolution of the Foreign Memory Access API (OpenJDK 14 through 16) and
+Foreign Linker API (OpenJDK 16) (see release notes for
+java-17-openjdk). OpenJDK 18 saw a second round of incubation (JEP
+419) before its inclusion as a preview in OpenJDK 19 (JEP 424).
 
-Alias Name: sslrooteccca
-Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
+Virtual Threads
+===============
+https://openjdk.org/jeps/425
+
+Introduce virtual threads to the Java Platform. Virtual threads are
+lightweight threads that dramatically reduce the effort of writing,
+maintaining, and observing high-throughput concurrent applications.
+
+This is a preview feature (http://openjdk.java.net/jeps/12) introduced
+in OpenJDK 19 (JEP 425)
+
+Structured Concurrency
+======================
+https://openjdk.org/jeps/428
+
+Simplify multithreaded programming by introducing an API for
+structured concurrency. Structured concurrency treats multiple tasks
+running in different threads as a single unit of work, thereby
+streamlining error handling and cancellation, improving reliability,
+and enhancing observability.
+
+This is an incubation feature (https://openjdk.java.net/jeps/11)
+introduced in OpenJDK 19 (JEP 428).
+
+Ports
+=====
+
+Linux/RISC-V Port
+=================
+https://openjdk.org/jeps/422
+
+RISC-V is a free and open-source RISC instruction set architecture
+(ISA) designed originally at the University of California, Berkeley,
+and now developed collaboratively under the sponsorship of RISC-V
+International. It is already supported by a wide range of language
+toolchains. With the increasing availability of RISC-V hardware, a
+port of the JDK would be valuable.

TestSecurityProperties.java

@@ -1,3 +1,20 @@
+/* TestSecurityProperties -- Ensure system security properties can be used to
+                             enable the crypto policies.
+   Copyright (C) 2022 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
 import java.io.File;
 import java.io.FileInputStream;
 import java.security.Security;
@@ -9,35 +26,59 @@ public class TestSecurityProperties {
     // JDK 8
     private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
 
+    private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config";
+
+    private static final String MSG_PREFIX = "DEBUG: ";
+
     public static void main(String[] args) {
+        if (args.length == 0) {
+            System.err.println("TestSecurityProperties <true|false>");
+            System.err.println("Invoke with 'true' if system security properties should be enabled.");
+            System.err.println("Invoke with 'false' if system security properties should be disabled.");
+            System.exit(1);
+        }
+        boolean enabled = Boolean.valueOf(args[0]);
+        System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled);
         Properties jdkProps = new Properties();
         loadProperties(jdkProps);
+        if (enabled) {
+            loadPolicy(jdkProps);
+        }
         for (Object key: jdkProps.keySet()) {
             String sKey = (String)key;
             String securityVal = Security.getProperty(sKey);
             String jdkSecVal = jdkProps.getProperty(sKey);
             if (!securityVal.equals(jdkSecVal)) {
-                String msg = "Expected value '" + jdkSecVal + "' for key '" + 
+                String msg = "Expected value '" + jdkSecVal + "' for key '" +
                              sKey + "'" + " but got value '" + securityVal + "'";
                 throw new RuntimeException("Test failed! " + msg);
             } else {
-                System.out.println("DEBUG: " + sKey + " = " + jdkSecVal + " as expected.");
+                System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected.");
             }
         }
         System.out.println("TestSecurityProperties PASSED!");
     }
-    
+
     private static void loadProperties(Properties props) {
         String javaVersion = System.getProperty("java.version");
-        System.out.println("Debug: Java version is " + javaVersion);
+        System.out.println(MSG_PREFIX + "Java version is " + javaVersion);
         String propsFile = JDK_PROPS_FILE_JDK_11;
         if (javaVersion.startsWith("1.8.0")) {
             propsFile = JDK_PROPS_FILE_JDK_8;
         }
-        try (FileInputStream fin = new FileInputStream(new File(propsFile))) {
+        try (FileInputStream fin = new FileInputStream(propsFile)) {
             props.load(fin);
         } catch (Exception e) {
             throw new RuntimeException("Test failed!", e);
         }
     }
+
+    private static void loadPolicy(Properties props) {
+        try (FileInputStream fin = new FileInputStream(POLICY_FILE)) {
+            props.load(fin);
+        } catch (Exception e) {
+            throw new RuntimeException("Test failed!", e);
+        }
+    }
+
 }

TestTranslations.java

@@ -0,0 +1,35 @@
+/* TestTranslations -- Ensure translations are available for new timezones
+   Copyright (C) 2022 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.util.Arrays;
+import java.util.Locale;
+import java.util.ResourceBundle;
+
+import sun.util.resources.LocaleData;
+import sun.util.locale.provider.LocaleProviderAdapter;
+
+public class TestTranslations {
+    public static void main(String[] args) {
+        for (String zone : args) {
+            System.out.printf("Translations for %s\n", zone);
+            for (Locale l : Locale.getAvailableLocales()) {
+                ResourceBundle bundle = new LocaleData(LocaleProviderAdapter.Type.JRE).getTimeZoneNames(l);
+                System.out.printf("Locale: %s, language: %s, translations: %s\n", l, l.getDisplayLanguage(), Arrays.toString(bundle.getStringArray(zone)));
+            }
+        }
+    }
+}

generate_source_tarball.sh

@@ -7,9 +7,9 @@
 # If you want to use a local copy of patch PR3788, set the path to it in the PR3788 variable
 #
 # In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=jdk
-# REPO_NAME=jdk
-# VERSION=tip
+# PROJECT_NAME=openjdk
+# REPO_NAME=jdk18u
+# VERSION=jdk-18.0.1+10
 # or to eg prepare systemtap:
 # icedtea7's jstack and other tapsets
 # VERSION=6327cf1cea9e
@@ -26,17 +26,19 @@
 # level folder, name is created, based on parameter
 #
 
-if [ ! "x$PR3803" = "x" ] ; then
-  if [ ! -f "$PR3803" ] ; then
-    echo "You have specified PR3803 as $PR3803 but it does not exist. Exiting"
+if [ ! "x$PR3823" = "x" ] ; then
+  if [ ! -f "$PR3823" ] ; then
+    echo "You have specified PR3823 as $PR3823 but it does not exist. Exiting"
     exit 1
   fi
 fi
 
 set -e
 
-OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
+OPENJDK_URL_DEFAULT=https://github.com
 COMPRESSION_DEFAULT=xz
+# Corresponding IcedTea version
+ICEDTEA_VERSION=13.0
 
 if [ "x$1" = "xhelp" ] ; then
     echo -e "Behaviour may be specified by setting the following variables:\n"
@@ -47,7 +49,7 @@ if [ "x$1" = "xhelp" ] ; then
     echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
     echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
     echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
-    echo "PR3788 - the path to the PR3788 patch to apply (optional; downloaded if unavailable)"
+    echo "PR3823 - the path to the PR3823 patch to apply (optional; downloaded if unavailable)"
     exit 1;
 fi
 
@@ -90,7 +92,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
     echo "No file name root specified; default to ${FILE_NAME_ROOT}"
 fi
 if [ "x$REPO_ROOT" = "x" ] ; then
-    REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
+    REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
     echo "No repository root specified; default to ${REPO_ROOT}"
 fi;
 
@@ -107,7 +109,7 @@ else
   mkdir "${FILE_NAME_ROOT}"
   pushd "${FILE_NAME_ROOT}"
     echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
-    hg clone ${REPO_ROOT} openjdk -r ${VERSION}
+    git clone -b ${VERSION} ${REPO_ROOT} openjdk
   popd
 fi
 pushd "${FILE_NAME_ROOT}"
@@ -125,23 +127,30 @@ pushd "${FILE_NAME_ROOT}"
 	    rm -vf ${CRYPTO_PATH}/ecp_224.c
 
             echo "Syncing EC list with NSS"
-            if [ "x$PR3803" = "x" ] ; then
-                # originally for 8:
-                # get PR3803.patch (from http://icedtea.classpath.org/hg/icedtea15) from most correct tag
-                # Do not push it or publish it (see https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3803)
-		echo "PR3803 not found. Downloading..."
-		wget https://icedtea.classpath.org/hg/icedtea15/raw-file/d68ffcc9a497/patches/pr3803.patch
-	        echo "Applying ${PWD}/pr3803.patch"
-		patch -Np1 < pr3803.patch
-		rm pr3803.patch
+            if [ "x$PR3823" = "x" ] ; then
+                # get PR3823.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
+                # Do not push it or publish it
+		echo "PR3823 not found. Downloading..."
+		wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/pr3823.patch
+	        echo "Applying ${PWD}/pr3823.patch"
+		patch -Np1 < pr3823.patch
+		rm pr3823.patch
 	    else
-		echo "Applying ${PR3803}"
-		patch -Np1 < $PR3803
+		echo "Applying ${PR3823}"
+		patch -Np1 < $PR3823
             fi;
             find . -name '*.orig' -exec rm -vf '{}' ';'
         popd
     fi
 
+    # Generate .src-rev so build has knowledge of the revision the tarball was created from
+    mkdir build
+    pushd build
+    sh ${PWD}/../openjdk/configure
+    make store-source-revision
+    popd
+    rm -rf build
+
     echo "Compressing remaining forest"
     if [ "X$COMPRESSION" = "Xxz" ] ; then
         SWITCH=cJf
@@ -152,5 +161,3 @@ pushd "${FILE_NAME_ROOT}"
     mv ${FILE_NAME_ROOT}.tar.${COMPRESSION}  ..
 popd
 echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."
-
-

icedtea_sync.sh

@@ -16,12 +16,31 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+ICEDTEA_USE_VCS=true
+
 ICEDTEA_VERSION=3.15.0
 ICEDTEA_URL=https://icedtea.classpath.org/download/source
 ICEDTEA_SIGNING_KEY=CFDA0F9B35964222
 
+ICEDTEA_HG_URL=https://icedtea.classpath.org/hg/icedtea11
+
 set -e
 
+RPM_DIR=${PWD}
+if [ ! -f ${RPM_DIR}/jconsole.desktop.in ] ; then
+    echo "Not in RPM source tree.";
+    exit 1;
+fi
+
+if test "x${TMPDIR}" = "x"; then
+    TMPDIR=/tmp;
+fi
+WORKDIR=${TMPDIR}/it.sync
+
+echo "Using working directory ${WORKDIR}"
+mkdir ${WORKDIR}
+pushd ${WORKDIR}
+
 if test "x${WGET}" = "x"; then
     WGET=$(which wget);
     if test "x${WGET}" = "x"; then
@@ -30,68 +49,144 @@ if test "x${WGET}" = "x"; then
     fi
 fi
 
-if test "x${CHECKSUM}" = "x"; then
-    CHECKSUM=$(which sha256sum)
-    if test "x${CHECKSUM}" = "x"; then
-	echo "sha256sum not found";
-	exit 2;
-    fi
-fi
-
-if test "x${PGP}" = "x"; then
-    PGP=$(which gpg)
-    if test "x${PGP}" = "x"; then
-	echo "gpg not found";
-	exit 3;
-    fi
-fi
-
 if test "x${TAR}" = "x"; then
     TAR=$(which tar)
     if test "x${TAR}" = "x"; then
 	echo "tar not found";
-	exit 4;
+	exit 2;
     fi
 fi
 
 echo "Dependencies:";
 echo -e "\tWGET: ${WGET}";
-echo -e "\tCHECKSUM: ${CHECKSUM}";
-echo -e "\tPGP: ${PGP}\n";
 echo -e "\tTAR: ${TAR}\n";
 
-echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
-if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
-    echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
-    exit 5;
-fi
+if test "x${ICEDTEA_USE_VCS}" = "xtrue"; then
+    echo "Mode: Using VCS";
 
-echo "Downloading IcedTea release tarball...";
-${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
-echo "Downloading IcedTea tarball signature...";
-${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
-echo "Downloading IcedTea tarball checksums...";
-${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
+    if test "x${GREP}" = "x"; then
+	GREP=$(which grep);
+	if test "x${GREP}" = "x"; then
+	    echo "grep not found";
+	    exit 3;
+	fi
+    fi
 
-echo "Verifying checksums...";
-${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
+    if test "x${CUT}" = "x"; then
+	CUT=$(which cut);
+	if test "x${CUT}" = "x"; then
+	    echo "cut not found";
+	    exit 4;
+	fi
+    fi
 
-echo "Checking signature...";
-${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
+    if test "x${TR}" = "x"; then
+	TR=$(which tr);
+	if test "x${TR}" = "x"; then
+	    echo "tr not found";
+	    exit 5;
+	fi
+    fi
 
-echo "Extracting files...";
-${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
+    if test "x${HG}" = "x"; then
+	HG=$(which hg);
+	if test "x${HG}" = "x"; then
+	    echo "hg not found";
+	    exit 6;
+	fi
+    fi
+
+    echo "Dependencies:";
+    echo -e "\tGREP: ${GREP}";
+    echo -e "\tCUT: ${CUT}";
+    echo -e "\tTR: ${TR}";
+    echo -e "\tHG: ${HG}";
+
+    echo "Checking out repository from VCS...";
+    ${HG} clone ${ICEDTEA_HG_URL} icedtea
+
+    echo "Obtaining version from configure.ac...";
+    ROOT_VER=$(${GREP} '^AC_INIT' icedtea/configure.ac|${CUT} -d ',' -f 2|${TR} -d '[][:space:]')
+    echo "Root version from configure: ${ROOT_VER}";
+
+    VCS_REV=$(${HG} log -R icedtea --template '{node|short}' -r tip)
+    echo "VCS revision: ${VCS_REV}";
+
+    ICEDTEA_VERSION="${ROOT_VER}-${VCS_REV}"
+    echo "Creating icedtea-${ICEDTEA_VERSION}";
+    mkdir icedtea-${ICEDTEA_VERSION}
+    echo "Copying required files from checkout to icedtea-${ICEDTEA_VERSION}";
+    # Commented out for now as IcedTea 6's jconsole.desktop.in is outdated
+    #cp -a icedtea/jconsole.desktop.in ../icedtea-${ICEDTEA_VERSION}
+    cp -a ${RPM_DIR}/jconsole.desktop.in icedtea-${ICEDTEA_VERSION}
+    cp -a icedtea/tapset icedtea-${ICEDTEA_VERSION}
+
+    rm -rf icedtea
+else
+    echo "Mode: Using tarball";
+
+    if test "x${ICEDTEA_VERSION}" = "x"; then
+	echo "No IcedTea version specified for tarball download.";
+	exit 3;
+    fi
+
+    if test "x${CHECKSUM}" = "x"; then
+	CHECKSUM=$(which sha256sum)
+	if test "x${CHECKSUM}" = "x"; then
+	    echo "sha256sum not found";
+	    exit 4;
+	fi
+    fi
+
+    if test "x${PGP}" = "x"; then
+	PGP=$(which gpg)
+	if test "x${PGP}" = "x"; then
+	    echo "gpg not found";
+	    exit 5;
+	fi
+    fi
+
+    echo "Dependencies:";
+    echo -e "\tCHECKSUM: ${CHECKSUM}";
+    echo -e "\tPGP: ${PGP}\n";
+
+    echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
+    if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
+	echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
+	exit 6;
+    fi
+
+    echo "Downloading IcedTea release tarball...";
+    ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
+    echo "Downloading IcedTea tarball signature...";
+    ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
+    echo "Downloading IcedTea tarball checksums...";
+    ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
+
+    echo "Verifying checksums...";
+    ${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
+
+    echo "Checking signature...";
+    ${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
+
+    echo "Extracting files...";
+    ${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
        icedtea-${ICEDTEA_VERSION}/tapset \
        icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in
 
+    rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
+    rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
+    rm -vf icedtea-${ICEDTEA_VERSION}.sha256
+fi
+
 echo "Replacing desktop files...";
-mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in .
+mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in ${RPM_DIR}
 
 echo "Creating new tapset tarball...";
 mv -v icedtea-${ICEDTEA_VERSION} openjdk
-${TAR} cJf tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk
+${TAR} cJf ${RPM_DIR}/tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk
 
 rm -rvf openjdk
-rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
-rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
-rm -vf icedtea-${ICEDTEA_VERSION}.sha256
+
+popd
+rm -rf ${WORKDIR}

jconsole.desktop.in

@@ -1,8 +1,8 @@
 [Desktop Entry]
-Name=OpenJDK @JAVA_MAJOR_VERSION@ Monitoring & Management Console @ARCH@
-Comment=Monitor and manage OpenJDK @JAVA_MAJOR_VERSION@ applications for @ARCH@
-Exec=@JAVA_HOME@/jconsole
-Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
+Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
+Comment=Monitor and manage OpenJDK applications
+Exec=_SDKBINDIR_/jconsole
+Icon=java-@JAVA_VER@-@JAVA_VENDOR@
 Terminal=false
 Type=Application
 StartupWMClass=sun-tools-jconsole-JConsole

jdk8259949-allow_cf-protection_on_x86.patch

@@ -1,27 +0,0 @@
-diff --git openjdk.orig/make/autoconf/flags-cflags.m4 openjdk/make/autoconf/flags-cflags.m4
---- openjdk.orig/make/autoconf/flags-cflags.m4
-+++ openjdk/make/autoconf/flags-cflags.m4
-@@ -715,9 +715,21 @@
-   # CFLAGS PER CPU
-   if test "x$TOOLCHAIN_TYPE" = xgcc || test "x$TOOLCHAIN_TYPE" = xclang; then
-     # COMMON to gcc and clang
-+    AC_MSG_CHECKING([if $1 is x86])
-     if test "x$FLAGS_CPU" = xx86; then
--      # Force compatibility with i586 on 32 bit intel platforms.
--      $1_CFLAGS_CPU="-march=i586"
-+      AC_MSG_RESULT([yes])
-+      AC_MSG_CHECKING([if control flow protection is enabled by additional compiler flags])
-+      if echo "${EXTRA_CFLAGS}${EXTRA_CXXFLAGS}${EXTRA_ASFLAGS}" | ${GREP} -q 'fcf-protection' ; then
-+        # cf-protection requires CMOV and thus i686
-+        $1_CFLAGS_CPU="-march=i686"
-+        AC_MSG_RESULT([yes, forcing ${$1_CFLAGS_CPU}])
-+      else
-+        # Force compatibility with i586 on 32 bit intel platforms.
-+        $1_CFLAGS_CPU="-march=i586"
-+        AC_MSG_RESULT([no, forcing ${$1_CFLAGS_CPU}])
-+      fi
-+    else
-+      AC_MSG_RESULT([no])
-     fi
-   fi
- 

jdk8292223-tzdata2022b-kyiv.patch

@@ -0,0 +1,132 @@
+diff --git a/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java b/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
+index 8759aab3995..11ccbf73839 100644
+--- a/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
++++ b/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
+@@ -847,6 +847,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
+             {"Europe/Kirov", new String[] {"Kirov Standard Time", "GMT+03:00",
+                                            "Kirov Daylight Time", "GMT+03:00",
+                                            "Kirov Time", "GMT+03:00"}},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
+index f007c1a8d3b..617268e4cf3 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
+index 386414e16e6..14c5d89b9c5 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
+index d23f5fd49e6..44117125619 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
+index b4f57d4568c..efa818f3865 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
+index 1a10a9f96dc..7c0565461ad 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
+index 9a2d9e5c57c..8a2c805997f 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
+index de5e5c82daa..e3c06417f09 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
+index b53de4d8c89..3e46b6a063e 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
+index 7797cda19d5..590908409a8 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
+@@ -825,6 +825,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},
+diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
+index 2cd10554853..23c5f180b6d 100644
+--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
++++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
+@@ -827,6 +827,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
+             {"Europe/Jersey", GMTBST},
+             {"Europe/Kaliningrad", EET},
+             {"Europe/Kiev", EET},
++            {"Europe/Kyiv", EET},
+             {"Europe/Lisbon", WET},
+             {"Europe/Ljubljana", CET},
+             {"Europe/London", GMTBST},

nss.fips.cfg.in

@@ -0,0 +1,8 @@
+name = NSS-FIPS
+nssLibraryDirectory = @NSS_LIBDIR@
+nssSecmodDirectory = sql:/etc/pki/nssdb
+nssDbMode = readOnly
+nssModule = fips
+
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
+

openjdk_news.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# Copyright (C) 2022 Red Hat, Inc.
+# Written by Andrew John Hughes <gnu.andrew@redhat.com>, 2012-2022
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+OLD_RELEASE=$1
+NEW_RELEASE=$2
+SUBDIR=$3
+REPO=$4
+SCRIPT_DIR=$(dirname ${0})
+
+if test "x${SUBDIR}" = "x"; then
+    echo "No subdirectory specified; using .";
+    SUBDIR=".";
+fi
+
+if test "x$REPO" = "x"; then
+    echo "No repository specified; using ${PWD}"
+    REPO=${PWD}
+fi
+
+if test x${TMPDIR} = x; then
+    TMPDIR=/tmp;
+fi
+
+echo "Repository: ${REPO}"
+
+if [ -e ${REPO}/.git ] ; then
+    TYPE=git;
+elif [ -e ${REPO}/.hg ] ; then
+    TYPE=hg;
+else
+    echo "No Mercurial or Git repository detected.";
+    exit 1;
+fi
+
+if test "x$OLD_RELEASE" = "x" || test "x$NEW_RELEASE" = "x"; then
+    echo "ERROR: Need to specify old and new release";
+    exit 2;
+fi
+
+echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
+rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 ${TMPDIR}/fixes
+for repos in . $(${SCRIPT_DIR}/discover_trees.sh ${REPO});
+do
+    if test "x$TYPE" = "xhg"; then
+	hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
+	    egrep '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])#  - JDK-\1#'| \
+	    sed 's#^[o:| ]*summary:\W*#  - #' >> ${TMPDIR}/fixes2;
+	hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
+	    egrep '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})#  - JDK-\1#' >> ${TMPDIR}/fixes3;
+    else
+	git -C ${REPO} log --no-merges --pretty=format:%B ${NEW_RELEASE}...${OLD_RELEASE} -- ${SUBDIR} |egrep '^[0-9]{7}' | \
+	    sed -r 's#^([0-9])#  - JDK-\1#' >> ${TMPDIR}/fixes2;
+	touch ${TMPDIR}/fixes3 ; # unused
+    fi
+done
+
+sort ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 | uniq > ${TMPDIR}/fixes
+rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3
+
+echo "In ${TMPDIR}/fixes:"
+cat ${TMPDIR}/fixes

pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch

@@ -1,88 +0,0 @@
-
-# HG changeset patch
-# User andrew
-# Date 1478057514 0
-# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
-# Parent  3d53f19b48384e5252f4ec8891f7a3a82d77af2a
-PR3183: Support Fedora/RHEL system crypto policy
-diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
---- a/src/java.base/share/classes/java/security/Security.java	Wed Oct 26 03:51:39 2016 +0100
-+++ b/src/java.base/share/classes/java/security/Security.java	Wed Nov 02 03:31:54 2016 +0000
-@@ -43,6 +43,9 @@
-  * implementation-specific location, which is typically the properties file
-  * {@code conf/security/java.security} in the Java installation directory.
-  *
-+ * <p>Additional default values of security properties are read from a
-+ * system-specific location, if available.</p>
-+ *
-  * @author Benjamin Renaud
-  * @since 1.1
-  */
-@@ -52,6 +55,10 @@
-     private static final Debug sdebug =
-                         Debug.getInstance("properties");
- 
-+    /* System property file*/
-+    private static final String SYSTEM_PROPERTIES =
-+        "/etc/crypto-policies/back-ends/java.config";
-+
-     /* The java.security properties */
-     private static Properties props;
- 
-@@ -93,6 +100,7 @@
-                 if (sdebug != null) {
-                     sdebug.println("reading security properties file: " +
-                                 propFile);
-+                    sdebug.println(props.toString());
-                 }
-             } catch (IOException e) {
-                 if (sdebug != null) {
-@@ -114,6 +122,31 @@
-         }
- 
-         if ("true".equalsIgnoreCase(props.getProperty
-+                ("security.useSystemPropertiesFile"))) {
-+
-+            // now load the system file, if it exists, so its values
-+            // will win if they conflict with the earlier values
-+            try (BufferedInputStream bis =
-+                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
-+                props.load(bis);
-+                loadedProps = true;
-+
-+                if (sdebug != null) {
-+                    sdebug.println("reading system security properties file " +
-+                                   SYSTEM_PROPERTIES);
-+                    sdebug.println(props.toString());
-+                }
-+            } catch (IOException e) {
-+                if (sdebug != null) {
-+                    sdebug.println
-+                        ("unable to load security properties from " +
-+                         SYSTEM_PROPERTIES);
-+                    e.printStackTrace();
-+                }
-+            }
-+        }
-+
-+        if ("true".equalsIgnoreCase(props.getProperty
-                 ("security.overridePropertiesFile"))) {
- 
-             String extraPropFile = System.getProperty
-diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security
---- a/src/java.base/share/conf/security/java.security	Wed Oct 26 03:51:39 2016 +0100
-+++ b/src/java.base/share/conf/security/java.security	Wed Nov 02 03:31:54 2016 +0000
-@@ -276,6 +276,13 @@
- security.overridePropertiesFile=true
- 
- #
-+# Determines whether this properties file will be appended to
-+# using the system properties file stored at
-+# /etc/crypto-policies/back-ends/java.config
-+#
-+security.useSystemPropertiesFile=true
-+
-+#
- # Determines the default key and trust manager factory algorithms for
- # the javax.net.ssl package.
- #

remove-intree-libraries.sh

@@ -1,24 +1,52 @@
 #!/bin/sh
 
+# Arguments: <JDK TREE> <MINIMAL|FULL>
+TREE=${1}
+TYPE=${2}
+
 ZIP_SRC=src/java.base/share/native/libzip/zlib/
 JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
 GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
 PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
 LCMS_SRC=src/java.desktop/share/native/liblcms/
 
-cd openjdk
+if test "x${TREE}" = "x"; then
+    echo "$0 <JDK_TREE> (MINIMAL|FULL)";
+    exit 1;
+fi
+
+if test "x${TYPE}" = "x"; then
+    TYPE=minimal;
+fi
+
+if test "x${TYPE}" != "xminimal" -a "x${TYPE}" != "xfull"; then
+    echo "Type must be minimal or full";
+    exit 2;
+fi
+
+echo "Removing in-tree libraries from ${TREE}"
+echo "Cleansing operation: ${TYPE}";
+
+cd ${TREE}
 
 echo "Removing built-in libs (they will be linked)"
 
+# On full runs, allow for zlib having already been deleted by minimal
 echo "Removing zlib"
-if [ ! -d ${ZIP_SRC} ]; then
+if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
 	echo "${ZIP_SRC} does not exist. Refusing to proceed."
 	exit 1
 fi	
 rm -rvf ${ZIP_SRC}
 
+# Minimal is limited to just zlib so finish here
+if test "x${TYPE}" = "xminimal"; then
+    echo "Finished.";
+    exit 0;
+fi
+
 echo "Removing libjpeg"
-if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
+if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that should definitely exist
 	echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
 	exit 1
 fi	

rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch

@@ -1,12 +1,12 @@
-diff -r e3f940bd3c8f src/java.base/share/conf/security/java.security
---- openjdk/src/java.base/share/conf/security/java.security	Thu Jun 11 21:54:51 2020 +0530
-+++ openjdk/src/java.base/share/conf/security/java.security	Mon Aug 24 10:14:31 2020 +0200
-@@ -77,7 +77,7 @@
- #ifdef macosx
+diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
+index 68a9c1a2d08..7aa25eb2cb7 100644
+--- openjdk.orig/src/java.base/share/conf/security/java.security
++++ openjdk/src/java.base/share/conf/security/java.security
+@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI
  security.provider.tbd=Apple
  #endif
--security.provider.tbd=SunPKCS11
+ security.provider.tbd=SunPKCS11
 +#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
  
  #
- # A list of preferred providers for specific algorithms. These providers will
+ # Security providers used when FIPS mode support is active

rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch

@@ -1,13 +1,15 @@
---- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java	2013-03-01 10:48:12.038189968 +0100
-+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java	2013-03-01 10:48:11.913188505 +0100
-@@ -48,8 +48,8 @@
+diff --git a/openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
+index bacff32efbc..ff7b3dcc81c 100644
+--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
++++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
+@@ -46,8 +46,8 @@ class PlatformPCSC {
  
-     private final static String PROP_NAME = "sun.security.smartcardio.library";
+     private static final String PROP_NAME = "sun.security.smartcardio.library";
  
--    private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so";
--    private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
-+    private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
-+    private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
-     private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
+-    private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
+-    private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
++    private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
++    private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
+     private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
  
      PlatformPCSC() {

rh1750419-redhat_alt_java.patch

@@ -1,25 +1,27 @@
-diff -r 1356affa5e44 make/modules/java.base/Launcher.gmk
---- openjdk/make/modules/java.base/Launcher.gmk
+diff --git openjdk.orig/make/modules/java.base/Launcher.gmk openjdk/make/modules/java.base/Launcher.gmk
+index 700ddefda49..2882de68eb2 100644
+--- openjdk.orig/make/modules/java.base/Launcher.gmk
 +++ openjdk/make/modules/java.base/Launcher.gmk
-@@ -37,6 +37,14 @@
+@@ -41,6 +41,14 @@ $(eval $(call SetupBuildLauncher, java, \
+     OPTIMIZATION := HIGH, \
+ ))
  
- $(eval $(call SetupBuildLauncher, java, \
-     CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
-+    EXTRA_RC_FLAGS := $(JAVA_RC_FLAGS), \
++#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
++$(eval $(call SetupBuildLauncher, alt-java, \
++    CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
++    EXTRA_RCFLAGS := $(JAVA_RCFLAGS), \
 +    VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
 +    OPTIMIZATION := HIGH, \
 +))
 +
-+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
-+$(eval $(call SetupBuildLauncher, alt-java, \
-+    CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
-     EXTRA_RC_FLAGS := $(JAVA_RC_FLAGS), \
-     VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
-     OPTIMIZATION := HIGH, \
-
-diff -r 25e94aa812b2 src/share/bin/alt_main.h
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ openjdk/src/java.base/share/native/launcher/alt_main.h	Tue Jun 02 17:15:28 2020 +0100
+ ifeq ($(call isTargetOs, windows), true)
+   $(eval $(call SetupBuildLauncher, javaw, \
+       CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
+diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
+new file mode 100644
+index 00000000000..697df2898ac
+--- /dev/null
++++ openjdk/src/java.base/share/native/launcher/alt_main.h
 @@ -0,0 +1,73 @@
 +/*
 + * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
@@ -94,9 +96,10 @@ diff -r 25e94aa812b2 src/share/bin/alt_main.h
 +}
 +
 +#endif // REDHAT_ALT_JAVA
-diff -r 25e94aa812b2 src/share/bin/main.c
---- openjdk/src/java.base/share/native/launcher/main.c	Wed Feb 05 12:20:36 2020 -0300
-+++ openjdk/src/java.base/share/native/launcher/main.c	Tue Jun 02 17:15:28 2020 +0100
+diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
+index b734fe2ba78..79dc8307650 100644
+--- openjdk.orig/src/java.base/share/native/launcher/main.c
++++ openjdk/src/java.base/share/native/launcher/main.c
 @@ -34,6 +34,14 @@
  #include "jli_util.h"
  #include "jni.h"

sources

@@ -1,2 +1,2 @@
-SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (jdk-updates-jdk15u-jdk-15.0.2+7.tar.xz) = d82e932671464d5c3643bda95c66bccb8cff7f22fdfb242e8b17f41b8b07cdf843ce5e85388edff8ab81ccad09f17575451440039adada2cd49d479ea600bf18
+SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
+SHA512 (openjdk-jdk19u-jdk-19+36.tar.xz) = c441e1f7dbabe3e66e062a7f661f953e06c10dd165995e2996e614d32f2333cd4532f45064ba4d098dfc8fa3637448d4dc9869c235d086ef80499a7a262f4ede

update_package.sh

@@ -1,69 +0,0 @@
-#!/bin/bash -x
-#  this file contains defaults for currently generated source tarballs
-
-set -e
-
-# TAPSET
-export PROJECT_NAME="hg"
-export REPO_NAME="icedtea8"
-export VERSION="9d464368e06d"
-export COMPRESSION=xz
-export OPENJDK_URL=http://icedtea.classpath.org
-export FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
-export TO_COMPRESS="*/tapset"
-# warning, filename  and filenameroot creation is duplicated here from generate_source_tarball.sh
-CLONED_FILENAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
-TAPSET_VERSION=3.2
-TAPSET=systemtap_"$TAPSET_VERSION"_tapsets_$CLONED_FILENAME
-if [ ! -f ${TAPSET} ] ; then
-  if [ ! -f ${CLONED_FILENAME} ] ; then
-  echo "Generating ${CLONED_FILENAME}"
-    sh ./generate_source_tarball.sh
-  else 
-    echo "exists exists exists exists exists exists exists "
-    echo "reusing reusing reusing reusing reusing reusing "
-    echo ${CLONED_FILENAME}
-  fi
-  mv -v $CLONED_FILENAME  $TAPSET
-else 
-  echo "exists exists exists exists exists exists exists "
-  echo "reusing reusing reusing reusing reusing reusing "
-  echo ${TAPSET}
-fi
-
-# OpenJDK from Shenandoah project
-export PROJECT_NAME="jdk"
-export REPO_NAME="jdk15"
-export VERSION="jdk-15+36"
-export COMPRESSION=xz
-# unset tapsets overrides
-export OPENJDK_URL=""
-export TO_COMPRESS=""
-# warning, filename  and filenameroot creation is duplicated here from generate_source_tarball.sh
-export FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
-FILENAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
-
-if [ ! -f ${FILENAME} ] ; then
-echo "Generating ${FILENAME}"
-  sh ./generate_source_tarball.sh
-else 
-  echo "exists exists exists exists exists exists exists "
-  echo "reusing reusing reusing reusing reusing reusing "
-  echo ${FILENAME}
-fi
-
-set +e
-
-major=`echo $REPO_NAME | sed 's/[a-zA-Z]*//g'`
-build=`echo $VERSION | sed 's/.*+//g'`
-name_helper=`echo $FILENAME | sed s/$major/'%{majorver}'/g `
-name_helper=`echo $name_helper | sed s/$build/'%{buildver}'/g `
-echo "align specfile acordingly:" 
-echo " sed 's/^Source0:.*/Source0: $name_helper/' -i *.spec"
-echo " sed 's/^Source8:.*/Source8: $TAPSET/'   -i *.spec"
-echo " sed 's/^%global buildver.*/%global buildver        $build/'   -i *.spec"
-echo " sed 's/Release:.*/Release: 1%{?dist}/'   -i *.spec"
-echo "and maybe others...."
-echo "you should fedpkg/rhpkg new-sources $TAPSET $FILENAME"
-echo "you should fedpkg/rhpkg prep --arch XXXX on all architectures: x86_64 i386 i586 i686 ppc ppc64 ppc64le s390 s390x aarch64 armv7hl"
-