From dad9bb2324171ffed91098801f238c927ddfc2db Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 05 2019 16:15:28 +0000
Subject: import java-1.7.0-openjdk-1.7.0.211-2.6.17.1.el7_6


---

diff --git a/.gitignore b/.gitignore
index 5c871f6..b1986d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 SOURCES/class-rewriter.tar.gz
-SOURCES/openjdk-icedtea-2.6.16.tar.xz
+SOURCES/openjdk-icedtea-2.6.17.tar.xz
 SOURCES/pulseaudio.tar.gz
 SOURCES/systemtap-tapset-2.6.12.tar.xz
diff --git a/.java-1.7.0-openjdk.metadata b/.java-1.7.0-openjdk.metadata
index 0433659..01c6984 100644
--- a/.java-1.7.0-openjdk.metadata
+++ b/.java-1.7.0-openjdk.metadata
@@ -1,4 +1,4 @@
 fcc167de17354efb6e52cb387eb3e7dbb0316b53 SOURCES/class-rewriter.tar.gz
-471e8bbdcb35c648638449e5567ac683ac9518bf SOURCES/openjdk-icedtea-2.6.16.tar.xz
+5e36158f5a97afc1eb3a88294388795f1050c5a8 SOURCES/openjdk-icedtea-2.6.17.tar.xz
 fb72b6b1f4735ad9b5799d0b5058b0b1dec67b17 SOURCES/pulseaudio.tar.gz
 5ea75731a73ec4766b00024c1803d1f86c0af090 SOURCES/systemtap-tapset-2.6.12.tar.xz
diff --git a/SOURCES/8076221-pr2809.patch b/SOURCES/8076221-pr2809.patch
deleted file mode 100644
index d643ff0..0000000
--- a/SOURCES/8076221-pr2809.patch
+++ /dev/null
@@ -1,600 +0,0 @@
-# HG changeset patch
-# User xuelei
-# Date 1453868482 0
-#      Wed Jan 27 04:21:22 2016 +0000
-# Node ID 8d589911411743fa38badf69c10aa067eaa996b7
-# Parent  ceb95f0d38d7ab09762dd7ff33bb855f3088a6b5
-8076221, PR2809: Disable RC4 cipher suites
-Reviewed-by: wetmore
-
-diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
---- openjdk.orig/jdk/src/share/lib/security/java.security-linux
-+++ openjdk/jdk/src/share/lib/security/java.security-linux
-@@ -556,8 +556,8 @@
- #
- # Example:
- #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
--jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
--    EC keySize < 224, RC4_40, 3DES_EDE_CBC
-+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-+    EC keySize < 224, 3DES_EDE_CBC
- 
- # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
- # processing in JSSE implementation.
-diff --git openjdk.orig/jdk/src/share/lib/security/java.security-macosx openjdk/jdk/src/share/lib/security/java.security-macosx
---- openjdk.orig/jdk/src/share/lib/security/java.security-macosx
-+++ openjdk/jdk/src/share/lib/security/java.security-macosx
-@@ -561,8 +561,8 @@
- #
- # Example:
- #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
--jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
--    EC keySize < 224, RC4_40, 3DES_EDE_CBC
-+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-+    EC keySize < 224, 3DES_EDE_CBC
- 
- # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
- # processing in JSSE implementation.
-diff --git openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris
---- openjdk.orig/jdk/src/share/lib/security/java.security-solaris
-+++ openjdk/jdk/src/share/lib/security/java.security-solaris
-@@ -560,8 +560,8 @@
- #
- # Example:
- #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
--jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
--    EC keySize < 224, RC4_40, 3DES_EDE_CBC
-+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-+    EC keySize < 224, 3DES_EDE_CBC
- 
- # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
- # processing in JSSE implementation.
-diff --git openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows
---- openjdk.orig/jdk/src/share/lib/security/java.security-windows
-+++ openjdk/jdk/src/share/lib/security/java.security-windows
-@@ -561,8 +561,8 @@
- #
- # Example:
- #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
--jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
--    EC keySize < 224, RC4_40, 3DES_EDE_CBC
-+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-+    EC keySize < 224, 3DES_EDE_CBC
- 
- # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
- # processing in JSSE implementation.
-diff --git openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
-new file mode 100644
---- /dev/null
-+++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
-@@ -0,0 +1,362 @@
-+/*
-+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+import java.io.BufferedInputStream;
-+import java.io.BufferedOutputStream;
-+import java.io.IOException;
-+import java.io.InputStream;
-+import java.io.OutputStream;
-+import java.security.NoSuchAlgorithmException;
-+import java.security.Security;
-+import java.util.concurrent.TimeUnit;
-+import javax.net.ssl.SSLContext;
-+import javax.net.ssl.SSLHandshakeException;
-+import javax.net.ssl.SSLServerSocket;
-+import javax.net.ssl.SSLServerSocketFactory;
-+import javax.net.ssl.SSLSocket;
-+import javax.net.ssl.SSLSocketFactory;
-+
-+/**
-+ * @test
-+ * @bug 8076221
-+ * @summary Check if weak cipher suites are disabled
-+ * @run main/othervm DisabledAlgorithms default
-+ * @run main/othervm DisabledAlgorithms empty
-+ */
-+public class DisabledAlgorithms {
-+
-+    private static final String pathToStores =
-+            "../../../../sun/security/ssl/etc";
-+    private static final String keyStoreFile = "keystore";
-+    private static final String trustStoreFile = "truststore";
-+    private static final String passwd = "passphrase";
-+
-+    private static final String keyFilename =
-+            System.getProperty("test.src", "./") + "/" + pathToStores +
-+                "/" + keyStoreFile;
-+
-+    private static final String trustFilename =
-+            System.getProperty("test.src", "./") + "/" + pathToStores +
-+                "/" + trustStoreFile;
-+
-+    // supported RC4 cipher suites
-+    // it does not contain KRB5 cipher suites because they need a KDC
-+    private static final String[] rc4_ciphersuites = new String[] {
-+        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-+        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-+        "SSL_RSA_WITH_RC4_128_SHA",
-+        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-+        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
-+        "SSL_RSA_WITH_RC4_128_MD5",
-+        "TLS_ECDH_anon_WITH_RC4_128_SHA",
-+        "SSL_DH_anon_WITH_RC4_128_MD5"
-+    };
-+
-+    public static void main(String[] args) throws Exception {
-+        if (args.length < 1) {
-+            throw new RuntimeException("No parameters specified");
-+        }
-+
-+        System.setProperty("javax.net.ssl.keyStore", keyFilename);
-+        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
-+        System.setProperty("javax.net.ssl.trustStore", trustFilename);
-+        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
-+
-+        switch (args[0]) {
-+            case "default":
-+                // use default jdk.tls.disabledAlgorithms
-+                System.out.println("jdk.tls.disabledAlgorithms = "
-+                        + Security.getProperty("jdk.tls.disabledAlgorithms"));
-+
-+                // check if RC4 cipher suites can't be used by default
-+                checkFailure(rc4_ciphersuites);
-+                break;
-+            case "empty":
-+                // reset jdk.tls.disabledAlgorithms
-+                Security.setProperty("jdk.tls.disabledAlgorithms", "");
-+                System.out.println("jdk.tls.disabledAlgorithms = "
-+                        + Security.getProperty("jdk.tls.disabledAlgorithms"));
-+
-+                // check if RC4 cipher suites can be used
-+                // if jdk.tls.disabledAlgorithms is empty
-+                checkSuccess(rc4_ciphersuites);
-+                break;
-+            default:
-+                throw new RuntimeException("Wrong parameter: " + args[0]);
-+        }
-+    }
-+
-+    /*
-+     * Checks if that specified cipher suites cannot be used.
-+     */
-+    private static void checkFailure(String[] ciphersuites) throws Exception {
-+        try (SSLServer server = SSLServer.init(ciphersuites)) {
-+            startNewThread(server);
-+            while (!server.isRunning()) {
-+                sleep();
-+            }
-+
-+            int port = server.getPort();
-+            for (String ciphersuite : ciphersuites) {
-+                try (SSLClient client = SSLClient.init(port, ciphersuite)) {
-+                    client.connect();
-+                    throw new RuntimeException("Expected SSLHandshakeException "
-+                            + "not thrown");
-+                } catch (SSLHandshakeException e) {
-+                    System.out.println("Expected exception on client side: "
-+                            + e);
-+                }
-+            }
-+
-+            server.stop();
-+            while (server.isRunning()) {
-+                sleep();
-+            }
-+
-+            if (!server.sslError()) {
-+                throw new RuntimeException("Expected SSL exception "
-+                        + "not thrown on server side");
-+            }
-+        }
-+
-+    }
-+
-+    /*
-+     * Checks if specified cipher suites can be used.
-+     */
-+    private static void checkSuccess(String[] ciphersuites) throws Exception {
-+        try (SSLServer server = SSLServer.init(ciphersuites)) {
-+            startNewThread(server);
-+            while (!server.isRunning()) {
-+                sleep();
-+            }
-+
-+            int port = server.getPort();
-+            for (String ciphersuite : ciphersuites) {
-+                try (SSLClient client = SSLClient.init(port, ciphersuite)) {
-+                    client.connect();
-+                    String negotiated = client.getNegotiatedCipherSuite();
-+                    System.out.println("Negotiated cipher suite: "
-+                            + negotiated);
-+                    if (!negotiated.equals(ciphersuite)) {
-+                        throw new RuntimeException("Unexpected cipher suite: "
-+                                + negotiated);
-+                    }
-+                }
-+            }
-+
-+            server.stop();
-+            while (server.isRunning()) {
-+                sleep();
-+            }
-+
-+            if (server.error()) {
-+                throw new RuntimeException("Unexpected error on server side");
-+            }
-+        }
-+
-+    }
-+
-+    private static Thread startNewThread(SSLServer server) {
-+        Thread serverThread = new Thread(server, "SSL server thread");
-+        serverThread.setDaemon(true);
-+        serverThread.start();
-+        return serverThread;
-+    }
-+
-+    private static void sleep() {
-+        try {
-+            TimeUnit.MILLISECONDS.sleep(50);
-+        } catch (InterruptedException e) {
-+            // do nothing
-+        }
-+    }
-+
-+    static class SSLServer implements Runnable, AutoCloseable {
-+
-+        private final SSLServerSocket ssocket;
-+        private volatile boolean stopped = false;
-+        private volatile boolean running = false;
-+        private volatile boolean sslError = false;
-+        private volatile boolean otherError = false;
-+
-+        private SSLServer(SSLServerSocket ssocket) {
-+            this.ssocket = ssocket;
-+        }
-+
-+        @Override
-+        public void run() {
-+            System.out.println("Server: started");
-+            running = true;
-+            while (!stopped) {
-+                try (SSLSocket socket = (SSLSocket) ssocket.accept()) {
-+                    System.out.println("Server: accepted client connection");
-+                    InputStream in = socket.getInputStream();
-+                    OutputStream out = socket.getOutputStream();
-+                    int b = in.read();
-+                    if (b < 0) {
-+                        throw new IOException("Unexpected EOF");
-+                    }
-+                    System.out.println("Server: send data: " + b);
-+                    out.write(b);
-+                    out.flush();
-+                    socket.getSession().invalidate();
-+                } catch (SSLHandshakeException e) {
-+                    System.out.println("Server: run: " + e);
-+                    sslError = true;
-+                } catch (IOException e) {
-+                    if (!stopped) {
-+                        System.out.println("Server: run: " + e);
-+                        e.printStackTrace();
-+                        otherError = true;
-+                    }
-+                }
-+            }
-+
-+            System.out.println("Server: finished");
-+            running = false;
-+        }
-+
-+        int getPort() {
-+            return ssocket.getLocalPort();
-+        }
-+
-+        String[] getEnabledCiperSuites() {
-+            return ssocket.getEnabledCipherSuites();
-+        }
-+
-+        boolean isRunning() {
-+            return running;
-+        }
-+
-+        boolean sslError() {
-+            return sslError;
-+        }
-+
-+        boolean error() {
-+            return sslError || otherError;
-+        }
-+
-+        void stop() {
-+            stopped = true;
-+            if (!ssocket.isClosed()) {
-+                try {
-+                    ssocket.close();
-+                } catch (IOException e) {
-+                    System.out.println("Server: close: " + e);
-+                }
-+            }
-+        }
-+
-+        @Override
-+        public void close() {
-+            stop();
-+        }
-+
-+        static SSLServer init(String[] ciphersuites)
-+                throws IOException {
-+            SSLServerSocketFactory ssf = (SSLServerSocketFactory)
-+                    SSLServerSocketFactory.getDefault();
-+            SSLServerSocket ssocket = (SSLServerSocket)
-+                    ssf.createServerSocket(0);
-+
-+            if (ciphersuites != null) {
-+                System.out.println("Server: enable cipher suites: "
-+                        + java.util.Arrays.toString(ciphersuites));
-+                ssocket.setEnabledCipherSuites(ciphersuites);
-+            }
-+
-+            return new SSLServer(ssocket);
-+        }
-+    }
-+
-+    static class SSLClient implements AutoCloseable {
-+
-+        private final SSLSocket socket;
-+
-+        private SSLClient(SSLSocket socket) {
-+            this.socket = socket;
-+        }
-+
-+        void connect() throws IOException {
-+            System.out.println("Client: connect to server");
-+            try (
-+                    BufferedInputStream bis = new BufferedInputStream(
-+                            socket.getInputStream());
-+                    BufferedOutputStream bos = new BufferedOutputStream(
-+                            socket.getOutputStream())) {
-+                bos.write('x');
-+                bos.flush();
-+
-+                int read = bis.read();
-+                if (read < 0) {
-+                    throw new IOException("Client: couldn't read a response");
-+                }
-+                socket.getSession().invalidate();
-+            }
-+        }
-+
-+        String[] getEnabledCiperSuites() {
-+            return socket.getEnabledCipherSuites();
-+        }
-+
-+        String getNegotiatedCipherSuite() {
-+            return socket.getSession().getCipherSuite();
-+        }
-+
-+        @Override
-+        public void close() throws Exception {
-+            if (!socket.isClosed()) {
-+                try {
-+                    socket.close();
-+                } catch (IOException e) {
-+                    System.out.println("Client: close: " + e);
-+                }
-+            }
-+        }
-+
-+        static SSLClient init(int port)
-+                throws NoSuchAlgorithmException, IOException {
-+            return init(port, null);
-+        }
-+
-+        static SSLClient init(int port, String ciphersuite)
-+                throws NoSuchAlgorithmException, IOException {
-+            SSLContext context = SSLContext.getDefault();
-+            SSLSocketFactory ssf = (SSLSocketFactory)
-+                    context.getSocketFactory();
-+            SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
-+
-+            if (ciphersuite != null) {
-+                System.out.println("Client: enable cipher suite: "
-+                        + ciphersuite);
-+                socket.setEnabledCipherSuites(new String[] { ciphersuite });
-+            }
-+
-+            return new SSLClient(socket);
-+        }
-+
-+    }
-+
-+
-+}
-diff --git openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java openjdk/jdk/test/sun/security/krb5/auto/SSL.java
---- openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java
-+++ openjdk/jdk/test/sun/security/krb5/auto/SSL.java
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
-  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-  *
-  * This code is free software; you can redistribute it and/or modify it
-@@ -40,6 +40,7 @@
- import java.net.InetAddress;
- import javax.net.ssl.*;
- import java.security.Principal;
-+import java.security.Security;
- import java.util.Date;
- import sun.security.jgss.GSSUtil;
- import sun.security.krb5.PrincipalName;
-@@ -54,6 +55,9 @@
-     private static volatile int port;
- 
-     public static void main(String[] args) throws Exception {
-+        // reset the security property to make sure that the algorithms
-+        // and keys used in this test are not disabled.
-+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
- 
-         krb5Cipher = args[0];
- 
-diff --git openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
---- openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
-+++ openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
-@@ -95,12 +95,9 @@
-         allGood &= testEngOnlyDisabled(DES_CS_LIST_NAMES);
- 
-         // Disabled RC4 tests
--        /*
--          RC4 is not yet disabled, as 8076221 has not been backported
-         allGood &= testDefaultCase(RC4_CS_LIST);
-         allGood &= testEngAddDisabled(RC4_CS_LIST_NAMES, RC4_CS_LIST);
-         allGood &= testEngOnlyDisabled(RC4_CS_LIST_NAMES);
--        */
- 
-         if (allGood) {
-             System.err.println("All tests passed");
-diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java
---- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java
-+++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
-  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-  *
-  * This code is free software; you can redistribute it and/or modify it
-@@ -36,7 +36,7 @@
-  */
- 
- import java.io.*;
--import java.net.*;
-+import java.security.Security;
- import javax.net.ssl.*;
- 
- public class CipherSuiteOrder {
-@@ -198,6 +198,10 @@
-     volatile Exception clientException = null;
- 
-     public static void main(String[] args) throws Exception {
-+        // reset the security property to make sure that the algorithms
-+        // and keys used in this test are not disabled.
-+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
-+
-         String keyFilename =
-             System.getProperty("test.src", "./") + "/" + pathToStores +
-                 "/" + keyStoreFile;
-diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
---- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
-+++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
-@@ -103,10 +103,10 @@
- import java.security.Security;
- import java.security.KeyStore;
- import java.security.KeyFactory;
-+import java.security.Security;
- import java.security.cert.Certificate;
- import java.security.cert.CertificateFactory;
- import java.security.spec.PKCS8EncodedKeySpec;
--import java.security.spec.*;
- import java.security.interfaces.*;
- import sun.misc.BASE64Decoder;
- 
-diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
---- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
-+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
-  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-  *
-  * This code is free software; you can redistribute it and/or modify it
-@@ -622,6 +622,9 @@
-     }
- 
-     public static void main(String args[]) throws Exception {
-+        // reset the security property to make sure that the algorithms
-+        // and keys used in this test are not disabled.
-+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
- 
-         CheckStatus cs;
- 
-diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
---- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
-+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
-@@ -33,6 +33,8 @@
-  * The code could certainly be tightened up a lot.
-  *
-  * @author Brad Wetmore
-+ *
-+ * @run main/othervm ConnectionTest
-  */
- 
- import javax.net.ssl.*;
-@@ -672,6 +674,10 @@
-     }
- 
-     public static void main(String args[]) throws Exception {
-+        // reset the security property to make sure that the algorithms
-+        // and keys used in this test are not disabled.
-+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
-+
-         ConnectionTest ct = new ConnectionTest();
-         ct.test();
-     }
-diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
---- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
-+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
-@@ -180,6 +180,9 @@
-     }
- 
-     public static void main(String args[]) throws Exception {
-+        // reset the security property to make sure that the algorithms
-+        // and keys used in this test are not disabled.
-+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
- 
-         LargeBufs test;
- 
-diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
---- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
-+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
-@@ -37,7 +37,7 @@
-  */
- 
- import java.io.*;
--import java.net.*;
-+import java.security.Security;
- import javax.net.ssl.*;
- 
- public class GenericStreamCipher {
-@@ -165,6 +165,10 @@
-     volatile Exception clientException = null;
- 
-     public static void main(String[] args) throws Exception {
-+        // reset the security property to make sure that the algorithms
-+        // and keys used in this test are not disabled.
-+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
-+
-         String keyFilename =
-             System.getProperty("test.src", ".") + "/" + pathToStores +
-                 "/" + keyStoreFile;
diff --git a/SOURCES/abrt_friendly_hs_log_jdk7.patch b/SOURCES/abrt_friendly_hs_log_jdk7.patch
deleted file mode 100644
index dba02bd..0000000
--- a/SOURCES/abrt_friendly_hs_log_jdk7.patch
+++ /dev/null
@@ -1,35 +0,0 @@
---- openjdk/hotspot/src/share/vm/utilities/vmError.cpp	2012-02-02 16:17:24.476664897 +0100
-+++ openjdk/hotspot/src/share/vm/utilities/vmError.cpp	2012-02-02 16:17:24.476664897 +0100
-@@ -929,6 +929,7 @@
-         }
-       }
- 
-+      /*
-       if (fd == -1) {
-         const char *cwd = os::get_current_directory(buffer, sizeof(buffer));
-         size_t len = strlen(cwd);
-@@ -938,6 +939,24 @@
-                      os::file_separator(), os::current_process_id());
-         fd = open(buffer, O_RDWR | O_CREAT | O_EXCL, 0666);
-       }
-+      */
-+
-+      if (fd == -1) {
-+        const char * tmpdir = os::get_temp_directory();
-+        // try temp directory if it exists.
-+        if (tmpdir != NULL && tmpdir[0] != '\0') {
-+          jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u",
-+                       tmpdir, os::file_separator(), os::current_process_id());
-+          // if mkdir() failed, hs_err will be created in temporary directory
-+          if (!mkdir(buffer, 0700)) { // only read+execute flags are needed
-+                                      // but we need to write into the directory too
-+            jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u%shs_error.log",
-+                           tmpdir, os::file_separator(), os::current_process_id(),
-+                           os::file_separator());
-+            fd = open(buffer, O_WRONLY | O_CREAT | O_EXCL, 0444); // read-only file 
-+          }
-+        }
-+      }
- 
-       if (fd == -1) {
-         const char * tmpdir = os::get_temp_directory();
diff --git a/SOURCES/java-1.7.0-openjdk-accessible-toolkit.patch b/SOURCES/java-1.7.0-openjdk-accessible-toolkit.patch
deleted file mode 100644
index 222dcfb..0000000
--- a/SOURCES/java-1.7.0-openjdk-accessible-toolkit.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java openjdk/jdk/src/share/classes/java/awt/Toolkit.java
---- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java	2009-01-23 11:59:47.000000000 -0500
-+++ openjdk/jdk/src/share/classes/java/awt/Toolkit.java	2009-01-23 12:05:20.000000000 -0500
-@@ -871,7 +871,11 @@
-                         return null;
-                     }
-                 });
--                loadAssistiveTechnologies();
-+                try {
-+                    loadAssistiveTechnologies();
-+                } catch ( AWTError error) {
-+                    // ignore silently
-+                }
-             } finally {
-                 // Make sure to always re-enable the JIT.
-                 java.lang.Compiler.enable();
diff --git a/SOURCES/java-1.7.0-openjdk-debugdocs.patch b/SOURCES/java-1.7.0-openjdk-debugdocs.patch
deleted file mode 100644
index 8a130e4..0000000
--- a/SOURCES/java-1.7.0-openjdk-debugdocs.patch
+++ /dev/null
@@ -1,35 +0,0 @@
---- oldMakefile	2008-07-02 17:48:01.000000000 -0400
-+++ openjdk/Makefile	2008-07-02 17:48:09.000000000 -0400
-@@ -199,19 +199,19 @@
- 
- create_fresh_product_bootdir: FRC
- 	$(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \
--		GENERATE_DOCS=false \
-+		GENERATE_DOCS=true \
- 		BOOT_CYCLE_SETTINGS= \
- 		build_product_image
- 
- create_fresh_debug_bootdir: FRC
- 	$(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \
--		GENERATE_DOCS=false \
-+		GENERATE_DOCS=true \
- 		BOOT_CYCLE_DEBUG_SETTINGS= \
- 		build_debug_image
- 
- create_fresh_fastdebug_bootdir: FRC
- 	$(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \
--		GENERATE_DOCS=false \
-+		GENERATE_DOCS=true \
- 		BOOT_CYCLE_DEBUG_SETTINGS= \
- 		build_fastdebug_image
- 
-@@ -262,7 +262,7 @@
- 	$(MAKE) \
- 		ALT_OUTPUTDIR=$(ABS_OUTPUTDIR)/$(REL_JDK_OUTPUTDIR) \
- 	        DEBUG_NAME=$(DEBUG_NAME) \
--		GENERATE_DOCS=false \
-+		GENERATE_DOCS=true \
- 		$(if $(findstring true,$(BUILD_INSTALL)),BUILD_INSTALL_BUNDLES=true,) \
- 		CREATE_DEBUGINFO_BUNDLES=true \
- 	        $(BOOT_CYCLE_DEBUG_SETTINGS) \
-
diff --git a/SOURCES/java-1.7.0-openjdk-debuginfo.patch b/SOURCES/java-1.7.0-openjdk-debuginfo.patch
deleted file mode 100644
index 11776ef..0000000
--- a/SOURCES/java-1.7.0-openjdk-debuginfo.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- openjdk/hotspot/build/linux/makefiles/saproc.make_back	2009-12-14 13:35:46.000000000 +0100
-+++ openjdk/hotspot/make/linux/makefiles/saproc.make	2009-12-14 13:36:47.000000000 +0100
-@@ -95,6 +95,7 @@
- 			   $(ALT_SAINCDIR) 										\
- 	           $(SASRCFILES)                                        \
- 	           $(SA_LFLAGS)                                         \
-+	           -g                                                   \
- 	           $(SA_DEBUG_CFLAGS)                                   \
- 	           $(EXTRA_CFLAGS)                                      \
- 	           -o $@                                                \
---- openjdk/hotspot/build/linux/makefiles/jsig.make_back	2009-12-14 13:34:56.000000000 +0100
-+++ openjdk/hotspot/make/linux/makefiles/jsig.make	2009-12-14 13:35:31.000000000 +0100
-@@ -59,6 +59,7 @@
- $(LIBJSIG): $(JSIGSRCDIR)/jsig.c $(LIBJSIG_MAPFILE)
- 	@echo Making signal interposition lib...
- 	$(QUIETLY) $(CC) $(SYMFLAG) $(ARCHFLAG) $(SHARED_FLAG) $(PICFLAG) \
-+	                     -g							  \
-                          $(LFLAGS_JSIG) $(JSIG_DEBUG_CFLAGS) $(EXTRA_CFLAGS) -o $@ $< -ldl
- 	$(QUIETLY) [ -f $(LIBJSIG_G) ] || { ln -s $@ $(LIBJSIG_G); }
- ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1)
diff --git a/SOURCES/java-1.7.0-openjdk-freetype-check-fix.patch b/SOURCES/java-1.7.0-openjdk-freetype-check-fix.patch
deleted file mode 100644
index 15c2d67..0000000
--- a/SOURCES/java-1.7.0-openjdk-freetype-check-fix.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff -up openjdk/jdk/make/common/shared/Sanity.gmk.sav openjdk/jdk/make/common/shared/Sanity.gmk
---- openjdk/jdk/make/common/shared/Sanity.gmk.sav	2012-02-14 16:12:48.000000000 -0500
-+++ openjdk/jdk/make/common/shared/Sanity.gmk	2012-03-07 17:31:26.153840755 -0500
-@@ -814,12 +814,12 @@ ifdef OPENJDK
- 	@(($(CD) $(BUILDDIR)/tools/freetypecheck && $(MAKE)) || \
- 	    $(ECHO) "Failed to build freetypecheck." ) > $@
- 
--    sane-freetype: $(TEMPDIR)/freetypeinfo
--	@if [ "`$(CAT) $< | $(GREP) Fail`" != "" ]; then \
--	  $(ECHO) "ERROR: FreeType version " $(REQUIRED_FREETYPE_VERSION) \
--	          " or higher is required. \n" \
--		  "`$(CAT) $<`  \n" >> $(ERROR_FILE) ; \
--	fi
-+#    sane-freetype: $(TEMPDIR)/freetypeinfo
-+#	@if [ "`$(CAT) $< | $(GREP) Fail`" != "" ]; then \
-+#	  $(ECHO) "ERROR: FreeType version " $(REQUIRED_FREETYPE_VERSION) \
-+#	          " or higher is required. \n" \
-+#		  "`$(CAT) $<`  \n" >> $(ERROR_FILE) ; \
-+#	fi
-   else
-     #do nothing  (cross-compiling)
-     sane-freetype: 
diff --git a/SOURCES/java-1.7.0-openjdk-java-access-bridge-security.patch b/SOURCES/java-1.7.0-openjdk-java-access-bridge-security.patch
deleted file mode 100644
index bd59cad..0000000
--- a/SOURCES/java-1.7.0-openjdk-java-access-bridge-security.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux
---- openjdk/jdk/src/share/lib/security/java.security-linux
-+++ openjdk/jdk/src/share/lib/security/java.security-linux
-@@ -168,6 +168,8 @@
-                com.sun.org.glassfish.,\
-                jdk.xml.internal.,\
-                oracle.jrockit.jfr.,\
-+               org.GNOME.Accessibility.,\
-+               org.GNOME.Bonobo.,\
-                org.jcp.xml.dsig.internal.
- #
- # List of comma-separated packages that start with or equal this string
-@@ -211,6 +213,8 @@
-                    com.sun.org.glassfish.,\
-                    jdk.xml.internal.,\
-                    oracle.jrockit.jfr.,\
-+                   org.GNOME.Accessibility.,\
-+                   org.GNOME.Bonobo.,\
-                    org.jcp.xml.dsig.internal.
- #
- # Determines whether this properties file can be appended to
diff --git a/SOURCES/java-1.7.0-openjdk-java-access-bridge-tck.patch b/SOURCES/java-1.7.0-openjdk-java-access-bridge-tck.patch
deleted file mode 100644
index 36a23c0..0000000
--- a/SOURCES/java-1.7.0-openjdk-java-access-bridge-tck.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- java-access-bridge-1.22.0/bridge/org/GNOME/Accessibility/JavaBridge.java.orig	2008-05-22 11:27:00.000000000 -0400
-+++ java-access-bridge-1.22.0/bridge/org/GNOME/Accessibility/JavaBridge.java	2008-05-22 11:28:02.000000000 -0400
-@@ -34,6 +34,9 @@
- import javax.accessibility.AccessibleRole;
- import javax.accessibility.AccessibleText;
- import javax.accessibility.AccessibleEditableText;
-+import java.security.PrivilegedAction;
-+import java.security.AccessController;
-+
- 
- public class JavaBridge {
- 
-@@ -332,7 +335,11 @@
- 			System.err.println ("Java Accessibility Bridge for GNOME loaded.\n");
- 
- 		// Not sure what kind of arguments should be sent to ORB
--		String vm_rev = System.getProperty("java.version");
-+		String vm_rev = (String) AccessController.doPrivileged(new PrivilegedAction() {
-+			public java.lang.Object run() {
-+				return System.getProperty("java.version");
-+			}
-+		});	
- 
- 		if (vm_rev.compareTo("1.4.0") < 0) {
- 			System.err.println("WARNING: Java Accessibility Bridge " +
diff --git a/SOURCES/jdk8076221-pr2809-disable_rc4_cipher_suites.patch b/SOURCES/jdk8076221-pr2809-disable_rc4_cipher_suites.patch
new file mode 100644
index 0000000..5aa43ff
--- /dev/null
+++ b/SOURCES/jdk8076221-pr2809-disable_rc4_cipher_suites.patch
@@ -0,0 +1,600 @@
+# HG changeset patch
+# User xuelei
+# Date 1453868482 0
+#      Wed Jan 27 04:21:22 2016 +0000
+# Node ID 8d589911411743fa38badf69c10aa067eaa996b7
+# Parent  ceb95f0d38d7ab09762dd7ff33bb855f3088a6b5
+8076221, PR2809: Disable RC4 cipher suites
+Reviewed-by: wetmore
+
+diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
+--- openjdk.orig/jdk/src/share/lib/security/java.security-linux
++++ openjdk/jdk/src/share/lib/security/java.security-linux
+@@ -556,8 +556,8 @@
+ #
+ # Example:
+ #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
+-    EC keySize < 224, RC4_40, 3DES_EDE_CBC, anon, NULL
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
++    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+ 
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+ # processing in JSSE implementation.
+diff --git openjdk.orig/jdk/src/share/lib/security/java.security-macosx openjdk/jdk/src/share/lib/security/java.security-macosx
+--- openjdk.orig/jdk/src/share/lib/security/java.security-macosx
++++ openjdk/jdk/src/share/lib/security/java.security-macosx
+@@ -561,8 +561,8 @@
+ #
+ # Example:
+ #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
+-    EC keySize < 224, RC4_40, 3DES_EDE_CBC, anon, NULL
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
++    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+ 
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+ # processing in JSSE implementation.
+diff --git openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris
+--- openjdk.orig/jdk/src/share/lib/security/java.security-solaris
++++ openjdk/jdk/src/share/lib/security/java.security-solaris
+@@ -560,8 +560,8 @@
+ #
+ # Example:
+ #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
+-    EC keySize < 224, RC4_40, 3DES_EDE_CBC, anon, NULL
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
++    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+ 
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+ # processing in JSSE implementation.
+diff --git openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows
+--- openjdk.orig/jdk/src/share/lib/security/java.security-windows
++++ openjdk/jdk/src/share/lib/security/java.security-windows
+@@ -561,8 +561,8 @@
+ #
+ # Example:
+ #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
+-    EC keySize < 224, RC4_40, 3DES_EDE_CBC, anon, NULL
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
++    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+ 
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+ # processing in JSSE implementation.
+diff --git openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
+@@ -0,0 +1,362 @@
++/*
++ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++import java.io.BufferedInputStream;
++import java.io.BufferedOutputStream;
++import java.io.IOException;
++import java.io.InputStream;
++import java.io.OutputStream;
++import java.security.NoSuchAlgorithmException;
++import java.security.Security;
++import java.util.concurrent.TimeUnit;
++import javax.net.ssl.SSLContext;
++import javax.net.ssl.SSLHandshakeException;
++import javax.net.ssl.SSLServerSocket;
++import javax.net.ssl.SSLServerSocketFactory;
++import javax.net.ssl.SSLSocket;
++import javax.net.ssl.SSLSocketFactory;
++
++/**
++ * @test
++ * @bug 8076221
++ * @summary Check if weak cipher suites are disabled
++ * @run main/othervm DisabledAlgorithms default
++ * @run main/othervm DisabledAlgorithms empty
++ */
++public class DisabledAlgorithms {
++
++    private static final String pathToStores =
++            "../../../../sun/security/ssl/etc";
++    private static final String keyStoreFile = "keystore";
++    private static final String trustStoreFile = "truststore";
++    private static final String passwd = "passphrase";
++
++    private static final String keyFilename =
++            System.getProperty("test.src", "./") + "/" + pathToStores +
++                "/" + keyStoreFile;
++
++    private static final String trustFilename =
++            System.getProperty("test.src", "./") + "/" + pathToStores +
++                "/" + trustStoreFile;
++
++    // supported RC4 cipher suites
++    // it does not contain KRB5 cipher suites because they need a KDC
++    private static final String[] rc4_ciphersuites = new String[] {
++        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
++        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
++        "SSL_RSA_WITH_RC4_128_SHA",
++        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
++        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
++        "SSL_RSA_WITH_RC4_128_MD5",
++        "TLS_ECDH_anon_WITH_RC4_128_SHA",
++        "SSL_DH_anon_WITH_RC4_128_MD5"
++    };
++
++    public static void main(String[] args) throws Exception {
++        if (args.length < 1) {
++            throw new RuntimeException("No parameters specified");
++        }
++
++        System.setProperty("javax.net.ssl.keyStore", keyFilename);
++        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
++        System.setProperty("javax.net.ssl.trustStore", trustFilename);
++        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
++
++        switch (args[0]) {
++            case "default":
++                // use default jdk.tls.disabledAlgorithms
++                System.out.println("jdk.tls.disabledAlgorithms = "
++                        + Security.getProperty("jdk.tls.disabledAlgorithms"));
++
++                // check if RC4 cipher suites can't be used by default
++                checkFailure(rc4_ciphersuites);
++                break;
++            case "empty":
++                // reset jdk.tls.disabledAlgorithms
++                Security.setProperty("jdk.tls.disabledAlgorithms", "");
++                System.out.println("jdk.tls.disabledAlgorithms = "
++                        + Security.getProperty("jdk.tls.disabledAlgorithms"));
++
++                // check if RC4 cipher suites can be used
++                // if jdk.tls.disabledAlgorithms is empty
++                checkSuccess(rc4_ciphersuites);
++                break;
++            default:
++                throw new RuntimeException("Wrong parameter: " + args[0]);
++        }
++    }
++
++    /*
++     * Checks if that specified cipher suites cannot be used.
++     */
++    private static void checkFailure(String[] ciphersuites) throws Exception {
++        try (SSLServer server = SSLServer.init(ciphersuites)) {
++            startNewThread(server);
++            while (!server.isRunning()) {
++                sleep();
++            }
++
++            int port = server.getPort();
++            for (String ciphersuite : ciphersuites) {
++                try (SSLClient client = SSLClient.init(port, ciphersuite)) {
++                    client.connect();
++                    throw new RuntimeException("Expected SSLHandshakeException "
++                            + "not thrown");
++                } catch (SSLHandshakeException e) {
++                    System.out.println("Expected exception on client side: "
++                            + e);
++                }
++            }
++
++            server.stop();
++            while (server.isRunning()) {
++                sleep();
++            }
++
++            if (!server.sslError()) {
++                throw new RuntimeException("Expected SSL exception "
++                        + "not thrown on server side");
++            }
++        }
++
++    }
++
++    /*
++     * Checks if specified cipher suites can be used.
++     */
++    private static void checkSuccess(String[] ciphersuites) throws Exception {
++        try (SSLServer server = SSLServer.init(ciphersuites)) {
++            startNewThread(server);
++            while (!server.isRunning()) {
++                sleep();
++            }
++
++            int port = server.getPort();
++            for (String ciphersuite : ciphersuites) {
++                try (SSLClient client = SSLClient.init(port, ciphersuite)) {
++                    client.connect();
++                    String negotiated = client.getNegotiatedCipherSuite();
++                    System.out.println("Negotiated cipher suite: "
++                            + negotiated);
++                    if (!negotiated.equals(ciphersuite)) {
++                        throw new RuntimeException("Unexpected cipher suite: "
++                                + negotiated);
++                    }
++                }
++            }
++
++            server.stop();
++            while (server.isRunning()) {
++                sleep();
++            }
++
++            if (server.error()) {
++                throw new RuntimeException("Unexpected error on server side");
++            }
++        }
++
++    }
++
++    private static Thread startNewThread(SSLServer server) {
++        Thread serverThread = new Thread(server, "SSL server thread");
++        serverThread.setDaemon(true);
++        serverThread.start();
++        return serverThread;
++    }
++
++    private static void sleep() {
++        try {
++            TimeUnit.MILLISECONDS.sleep(50);
++        } catch (InterruptedException e) {
++            // do nothing
++        }
++    }
++
++    static class SSLServer implements Runnable, AutoCloseable {
++
++        private final SSLServerSocket ssocket;
++        private volatile boolean stopped = false;
++        private volatile boolean running = false;
++        private volatile boolean sslError = false;
++        private volatile boolean otherError = false;
++
++        private SSLServer(SSLServerSocket ssocket) {
++            this.ssocket = ssocket;
++        }
++
++        @Override
++        public void run() {
++            System.out.println("Server: started");
++            running = true;
++            while (!stopped) {
++                try (SSLSocket socket = (SSLSocket) ssocket.accept()) {
++                    System.out.println("Server: accepted client connection");
++                    InputStream in = socket.getInputStream();
++                    OutputStream out = socket.getOutputStream();
++                    int b = in.read();
++                    if (b < 0) {
++                        throw new IOException("Unexpected EOF");
++                    }
++                    System.out.println("Server: send data: " + b);
++                    out.write(b);
++                    out.flush();
++                    socket.getSession().invalidate();
++                } catch (SSLHandshakeException e) {
++                    System.out.println("Server: run: " + e);
++                    sslError = true;
++                } catch (IOException e) {
++                    if (!stopped) {
++                        System.out.println("Server: run: " + e);
++                        e.printStackTrace();
++                        otherError = true;
++                    }
++                }
++            }
++
++            System.out.println("Server: finished");
++            running = false;
++        }
++
++        int getPort() {
++            return ssocket.getLocalPort();
++        }
++
++        String[] getEnabledCiperSuites() {
++            return ssocket.getEnabledCipherSuites();
++        }
++
++        boolean isRunning() {
++            return running;
++        }
++
++        boolean sslError() {
++            return sslError;
++        }
++
++        boolean error() {
++            return sslError || otherError;
++        }
++
++        void stop() {
++            stopped = true;
++            if (!ssocket.isClosed()) {
++                try {
++                    ssocket.close();
++                } catch (IOException e) {
++                    System.out.println("Server: close: " + e);
++                }
++            }
++        }
++
++        @Override
++        public void close() {
++            stop();
++        }
++
++        static SSLServer init(String[] ciphersuites)
++                throws IOException {
++            SSLServerSocketFactory ssf = (SSLServerSocketFactory)
++                    SSLServerSocketFactory.getDefault();
++            SSLServerSocket ssocket = (SSLServerSocket)
++                    ssf.createServerSocket(0);
++
++            if (ciphersuites != null) {
++                System.out.println("Server: enable cipher suites: "
++                        + java.util.Arrays.toString(ciphersuites));
++                ssocket.setEnabledCipherSuites(ciphersuites);
++            }
++
++            return new SSLServer(ssocket);
++        }
++    }
++
++    static class SSLClient implements AutoCloseable {
++
++        private final SSLSocket socket;
++
++        private SSLClient(SSLSocket socket) {
++            this.socket = socket;
++        }
++
++        void connect() throws IOException {
++            System.out.println("Client: connect to server");
++            try (
++                    BufferedInputStream bis = new BufferedInputStream(
++                            socket.getInputStream());
++                    BufferedOutputStream bos = new BufferedOutputStream(
++                            socket.getOutputStream())) {
++                bos.write('x');
++                bos.flush();
++
++                int read = bis.read();
++                if (read < 0) {
++                    throw new IOException("Client: couldn't read a response");
++                }
++                socket.getSession().invalidate();
++            }
++        }
++
++        String[] getEnabledCiperSuites() {
++            return socket.getEnabledCipherSuites();
++        }
++
++        String getNegotiatedCipherSuite() {
++            return socket.getSession().getCipherSuite();
++        }
++
++        @Override
++        public void close() throws Exception {
++            if (!socket.isClosed()) {
++                try {
++                    socket.close();
++                } catch (IOException e) {
++                    System.out.println("Client: close: " + e);
++                }
++            }
++        }
++
++        static SSLClient init(int port)
++                throws NoSuchAlgorithmException, IOException {
++            return init(port, null);
++        }
++
++        static SSLClient init(int port, String ciphersuite)
++                throws NoSuchAlgorithmException, IOException {
++            SSLContext context = SSLContext.getDefault();
++            SSLSocketFactory ssf = (SSLSocketFactory)
++                    context.getSocketFactory();
++            SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
++
++            if (ciphersuite != null) {
++                System.out.println("Client: enable cipher suite: "
++                        + ciphersuite);
++                socket.setEnabledCipherSuites(new String[] { ciphersuite });
++            }
++
++            return new SSLClient(socket);
++        }
++
++    }
++
++
++}
+diff --git openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java openjdk/jdk/test/sun/security/krb5/auto/SSL.java
+--- openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java
++++ openjdk/jdk/test/sun/security/krb5/auto/SSL.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -40,6 +40,7 @@
+ import java.net.InetAddress;
+ import javax.net.ssl.*;
+ import java.security.Principal;
++import java.security.Security;
+ import java.util.Date;
+ import sun.security.jgss.GSSUtil;
+ import sun.security.krb5.PrincipalName;
+@@ -54,6 +55,9 @@
+     private static volatile int port;
+ 
+     public static void main(String[] args) throws Exception {
++        // reset the security property to make sure that the algorithms
++        // and keys used in this test are not disabled.
++        Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ 
+         krb5Cipher = args[0];
+ 
+diff --git openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
+--- openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
++++ openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
+@@ -95,12 +95,9 @@
+         allGood &= testEngOnlyDisabled(DES_CS_LIST_NAMES);
+ 
+         // Disabled RC4 tests
+-        /*
+-          RC4 is not yet disabled, as 8076221 has not been backported
+         allGood &= testDefaultCase(RC4_CS_LIST);
+         allGood &= testEngAddDisabled(RC4_CS_LIST_NAMES, RC4_CS_LIST);
+         allGood &= testEngOnlyDisabled(RC4_CS_LIST_NAMES);
+-        */
+ 
+         if (allGood) {
+             System.err.println("All tests passed");
+diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java
+--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java
++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -36,7 +36,7 @@
+  */
+ 
+ import java.io.*;
+-import java.net.*;
++import java.security.Security;
+ import javax.net.ssl.*;
+ 
+ public class CipherSuiteOrder {
+@@ -198,6 +198,10 @@
+     volatile Exception clientException = null;
+ 
+     public static void main(String[] args) throws Exception {
++        // reset the security property to make sure that the algorithms
++        // and keys used in this test are not disabled.
++        Security.setProperty("jdk.tls.disabledAlgorithms", "");
++
+         String keyFilename =
+             System.getProperty("test.src", "./") + "/" + pathToStores +
+                 "/" + keyStoreFile;
+diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
+--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
+@@ -103,10 +103,10 @@
+ import java.security.Security;
+ import java.security.KeyStore;
+ import java.security.KeyFactory;
++import java.security.Security;
+ import java.security.cert.Certificate;
+ import java.security.cert.CertificateFactory;
+ import java.security.spec.PKCS8EncodedKeySpec;
+-import java.security.spec.*;
+ import java.security.interfaces.*;
+ import sun.misc.BASE64Decoder;
+ 
+diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -622,6 +622,9 @@
+     }
+ 
+     public static void main(String args[]) throws Exception {
++        // reset the security property to make sure that the algorithms
++        // and keys used in this test are not disabled.
++        Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ 
+         CheckStatus cs;
+ 
+diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
+@@ -33,6 +33,8 @@
+  * The code could certainly be tightened up a lot.
+  *
+  * @author Brad Wetmore
++ *
++ * @run main/othervm ConnectionTest
+  */
+ 
+ import javax.net.ssl.*;
+@@ -672,6 +674,10 @@
+     }
+ 
+     public static void main(String args[]) throws Exception {
++        // reset the security property to make sure that the algorithms
++        // and keys used in this test are not disabled.
++        Security.setProperty("jdk.tls.disabledAlgorithms", "");
++
+         ConnectionTest ct = new ConnectionTest();
+         ct.test();
+     }
+diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
+@@ -180,6 +180,9 @@
+     }
+ 
+     public static void main(String args[]) throws Exception {
++        // reset the security property to make sure that the algorithms
++        // and keys used in this test are not disabled.
++        Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ 
+         LargeBufs test;
+ 
+diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
+@@ -37,7 +37,7 @@
+  */
+ 
+ import java.io.*;
+-import java.net.*;
++import java.security.Security;
+ import javax.net.ssl.*;
+ 
+ public class GenericStreamCipher {
+@@ -165,6 +165,10 @@
+     volatile Exception clientException = null;
+ 
+     public static void main(String[] args) throws Exception {
++        // reset the security property to make sure that the algorithms
++        // and keys used in this test are not disabled.
++        Security.setProperty("jdk.tls.disabledAlgorithms", "");
++
+         String keyFilename =
+             System.getProperty("test.src", ".") + "/" + pathToStores +
+                 "/" + keyStoreFile;
diff --git a/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch b/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch
new file mode 100644
index 0000000..8165340
--- /dev/null
+++ b/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch
@@ -0,0 +1,28 @@
+diff --git a/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java b/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
+--- openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
++++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
+@@ -168,20 +168,10 @@
+                     "contains no supported elliptic curves");
+             }
+         } else {        // default curves
+-            int[] ids;
+-            if (requireFips) {
+-                ids = new int[] {
+-                    // only NIST curves in FIPS mode
+-                    23, 24, 25, 9, 10, 11, 12, 13, 14,
+-                };
+-            } else {
+-                ids = new int[] {
+-                    // NIST curves first
+-                    23, 24, 25, 9, 10, 11, 12, 13, 14,
+-                    // non-NIST curves
+-                    22,
+-                };
+-            }
++            int[] ids = new int[] { 
++		// NSS currently only supports these three NIST curves
++		23, 24, 25
++	    };
+ 
+             idList = new ArrayList<>(ids.length);
+             for (int curveId : ids) {
diff --git a/SOURCES/pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch b/SOURCES/pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch
new file mode 100644
index 0000000..6cab1d1
--- /dev/null
+++ b/SOURCES/pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch
@@ -0,0 +1,220 @@
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
+@@ -87,8 +87,8 @@
+     // name of the key algorithm, currently either RSA or DSA
+     private final String keyAlgorithm;
+ 
+-    // mechanism id
+-    private final long mechanism;
++    // mechanism
++    private final CK_MECHANISM mechanism;
+ 
+     // digest algorithm OID, if we encode RSA signature ourselves
+     private final ObjectIdentifier digestOID;
+@@ -138,11 +138,62 @@
+         super();
+         this.token = token;
+         this.algorithm = algorithm;
+-        this.mechanism = mechanism;
++        CK_MECHANISM ckMechanism = new CK_MECHANISM(mechanism);
++        final CK_RSA_PKCS_PSS_PARAMS mechParams;
+         byte[] buffer = null;
+         ObjectIdentifier digestOID = null;
+         MessageDigest md = null;
+         switch ((int)mechanism) {
++        case (int)CKM_SHA1_RSA_PKCS_PSS:
++            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
++            mechParams.hashAlg = CKM_SHA_1;
++            mechParams.mgf = CKG_MGF1_SHA1;
++            mechParams.sLen = 20;
++            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
++            this.keyAlgorithm = "RSA";
++            this.type = T_UPDATE;
++            buffer = new byte[1];
++            break;
++        case (int)CKM_SHA224_RSA_PKCS_PSS:
++            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
++            mechParams.hashAlg = CKM_SHA224;
++            mechParams.mgf = CKG_MGF1_SHA224;
++            mechParams.sLen = 28;
++            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
++            this.keyAlgorithm = "RSA";
++            this.type = T_UPDATE;
++            buffer = new byte[1];
++            break;
++        case (int)CKM_SHA256_RSA_PKCS_PSS:
++            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
++            mechParams.hashAlg = CKM_SHA256;
++            mechParams.mgf = CKG_MGF1_SHA256;
++            mechParams.sLen = 32;
++            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
++            this.keyAlgorithm = "RSA";
++            this.type = T_UPDATE;
++            buffer = new byte[1];
++            break;
++        case (int)CKM_SHA384_RSA_PKCS_PSS:
++            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
++            mechParams.hashAlg = CKM_SHA384;
++            mechParams.mgf = CKG_MGF1_SHA384;
++            mechParams.sLen = 48;
++            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
++            this.keyAlgorithm = "RSA";
++            this.type = T_UPDATE;
++            buffer = new byte[1];
++            break;
++        case (int)CKM_SHA512_RSA_PKCS_PSS:
++            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
++            mechParams.hashAlg = CKM_SHA512;
++            mechParams.mgf = CKG_MGF1_SHA512;
++            mechParams.sLen = 64;
++            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
++            this.keyAlgorithm = "RSA";
++            this.type = T_UPDATE;
++            buffer = new byte[1];
++            break;
+         case (int)CKM_MD2_RSA_PKCS:
+         case (int)CKM_MD5_RSA_PKCS:
+         case (int)CKM_SHA1_RSA_PKCS:
+@@ -232,6 +283,7 @@
+         default:
+             throw new ProviderException("Unknown mechanism: " + mechanism);
+         }
++        this.mechanism = ckMechanism;
+         this.buffer = buffer;
+         this.digestOID = digestOID;
+         this.md = md;
+@@ -314,10 +366,10 @@
+             }
+             if (mode == M_SIGN) {
+                 token.p11.C_SignInit(session.id(),
+-                        new CK_MECHANISM(mechanism), p11Key.keyID);
++                        mechanism, p11Key.keyID);
+             } else {
+                 token.p11.C_VerifyInit(session.id(),
+-                        new CK_MECHANISM(mechanism), p11Key.keyID);
++                        mechanism, p11Key.keyID);
+             }
+             initialized = true;
+         } catch (PKCS11Exception e) {
+@@ -399,7 +451,8 @@
+         } else if (algorithm.equals("SHA512withRSA")) {
+             encodedLength = 83;
+         } else {
+-            throw new ProviderException("Unknown signature algo: " + algorithm);
++            encodedLength = 0;
++            //throw new ProviderException("Unknown signature algo: " + algorithm);
+         }
+         if (encodedLength > maxDataSize) {
+             throw new InvalidKeyException
+@@ -568,7 +621,7 @@
+                 if (type == T_DIGEST) {
+                     digest = md.digest();
+                 } else { // T_RAW
+-                    if (mechanism == CKM_DSA) {
++                    if (mechanism.mechanism == CKM_DSA) {
+                         if (bytesProcessed != buffer.length) {
+                             throw new SignatureException
+                             ("Data for RawDSA must be exactly 20 bytes long");
+@@ -588,7 +641,7 @@
+                     signature = token.p11.C_Sign(session.id(), digest);
+                 } else { // RSA
+                     byte[] data = encodeSignature(digest);
+-                    if (mechanism == CKM_RSA_X_509) {
++                    if (mechanism.mechanism == CKM_RSA_X_509) {
+                         data = pkcs1Pad(data);
+                     }
+                     signature = token.p11.C_Sign(session.id(), data);
+@@ -623,7 +676,7 @@
+                 if (type == T_DIGEST) {
+                     digest = md.digest();
+                 } else { // T_RAW
+-                    if (mechanism == CKM_DSA) {
++                    if (mechanism.mechanism == CKM_DSA) {
+                         if (bytesProcessed != buffer.length) {
+                             throw new SignatureException
+                             ("Data for RawDSA must be exactly 20 bytes long");
+@@ -643,7 +696,7 @@
+                     token.p11.C_Verify(session.id(), digest, signature);
+                 } else { // RSA
+                     byte[] data = encodeSignature(digest);
+-                    if (mechanism == CKM_RSA_X_509) {
++                    if (mechanism.mechanism == CKM_RSA_X_509) {
+                         data = pkcs1Pad(data);
+                     }
+                     token.p11.C_Verify(session.id(), data, signature);
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -729,6 +729,16 @@
+         d(SIG, "SHA512withRSA", P11Signature,
+                 s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
+                 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
++        d(SIG, "SHA1withRSAandMGF1", P11Signature,
++                m(CKM_SHA1_RSA_PKCS_PSS));
++        d(SIG, "SHA224withRSAandMGF1", P11Signature,
++                m(CKM_SHA224_RSA_PKCS_PSS));
++        d(SIG, "SHA256withRSAandMGF1", P11Signature,
++                m(CKM_SHA256_RSA_PKCS_PSS));
++        d(SIG, "SHA384withRSAandMGF1", P11Signature,
++                m(CKM_SHA384_RSA_PKCS_PSS));
++        d(SIG, "SHA512withRSAandMGF1", P11Signature,
++                m(CKM_SHA512_RSA_PKCS_PSS));
+ 
+         d(KG, "SunTlsRsaPremasterSecret",
+                     "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Token.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Token.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Token.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Token.java
+@@ -377,6 +377,10 @@
+         return keyStore;
+     }
+ 
++    CK_MECHANISM_INFO getMechanismInfo(CK_MECHANISM mechanism) throws PKCS11Exception {
++        return getMechanismInfo(mechanism.mechanism);
++    }
++
+     CK_MECHANISM_INFO getMechanismInfo(long mechanism) throws PKCS11Exception {
+         CK_MECHANISM_INFO result = mechInfoMap.get(mechanism);
+         if (result == null) {
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
+@@ -116,6 +116,10 @@
+         init(mechanism, params);
+     }
+ 
++    public CK_MECHANISM(long mechanism, CK_RSA_PKCS_PSS_PARAMS params) {
++        init(mechanism, params);
++    }
++
+     public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
+         init(mechanism, params);
+     }
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
+@@ -458,6 +458,12 @@
+     public static final long  CKM_SHA384_RSA_PKCS            = 0x00000041L;
+     public static final long  CKM_SHA512_RSA_PKCS            = 0x00000042L;
+ 
++    // v2.30
++    public static final long  CKM_SHA256_RSA_PKCS_PSS        = 0x00000043L;
++    public static final long  CKM_SHA384_RSA_PKCS_PSS        = 0x00000044L;
++    public static final long  CKM_SHA512_RSA_PKCS_PSS        = 0x00000045L;
++
++
+     public static final long  CKM_RC2_KEY_GEN                = 0x00000100L;
+     public static final long  CKM_RC2_ECB                    = 0x00000101L;
+     public static final long  CKM_RC2_CBC                    = 0x00000102L;
+@@ -919,6 +925,10 @@
+ 
+     /* The following MGFs are defined */
+     public static final long  CKG_MGF1_SHA1       =  0x00000001L;
++    public static final long  CKG_MGF1_SHA256     =  0x00000002L;
++    public static final long  CKG_MGF1_SHA384     =  0x00000003L;
++    public static final long  CKG_MGF1_SHA512     =  0x00000004L;
++
+     // new for v2.20 amendment 3
+     public static final long  CKG_MGF1_SHA224     = 0x00000005L;
+ 
diff --git a/SOURCES/pr3393-rh1273760.patch b/SOURCES/pr3393-rh1273760.patch
deleted file mode 100644
index cb0764a..0000000
--- a/SOURCES/pr3393-rh1273760.patch
+++ /dev/null
@@ -1,220 +0,0 @@
-diff --git a/src/share/classes/sun/security/pkcs11/P11Signature.java b/src/share/classes/sun/security/pkcs11/P11Signature.java
---- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
-+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
-@@ -87,8 +87,8 @@
-     // name of the key algorithm, currently either RSA or DSA
-     private final String keyAlgorithm;
- 
--    // mechanism id
--    private final long mechanism;
-+    // mechanism
-+    private final CK_MECHANISM mechanism;
- 
-     // digest algorithm OID, if we encode RSA signature ourselves
-     private final ObjectIdentifier digestOID;
-@@ -138,11 +138,62 @@
-         super();
-         this.token = token;
-         this.algorithm = algorithm;
--        this.mechanism = mechanism;
-+        CK_MECHANISM ckMechanism = new CK_MECHANISM(mechanism);
-+        final CK_RSA_PKCS_PSS_PARAMS mechParams;
-         byte[] buffer = null;
-         ObjectIdentifier digestOID = null;
-         MessageDigest md = null;
-         switch ((int)mechanism) {
-+        case (int)CKM_SHA1_RSA_PKCS_PSS:
-+            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
-+            mechParams.hashAlg = CKM_SHA_1;
-+            mechParams.mgf = CKG_MGF1_SHA1;
-+            mechParams.sLen = 20;
-+            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
-+            this.keyAlgorithm = "RSA";
-+            this.type = T_UPDATE;
-+            buffer = new byte[1];
-+            break;
-+        case (int)CKM_SHA224_RSA_PKCS_PSS:
-+            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
-+            mechParams.hashAlg = CKM_SHA224;
-+            mechParams.mgf = CKG_MGF1_SHA224;
-+            mechParams.sLen = 28;
-+            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
-+            this.keyAlgorithm = "RSA";
-+            this.type = T_UPDATE;
-+            buffer = new byte[1];
-+            break;
-+        case (int)CKM_SHA256_RSA_PKCS_PSS:
-+            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
-+            mechParams.hashAlg = CKM_SHA256;
-+            mechParams.mgf = CKG_MGF1_SHA256;
-+            mechParams.sLen = 32;
-+            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
-+            this.keyAlgorithm = "RSA";
-+            this.type = T_UPDATE;
-+            buffer = new byte[1];
-+            break;
-+        case (int)CKM_SHA384_RSA_PKCS_PSS:
-+            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
-+            mechParams.hashAlg = CKM_SHA384;
-+            mechParams.mgf = CKG_MGF1_SHA384;
-+            mechParams.sLen = 48;
-+            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
-+            this.keyAlgorithm = "RSA";
-+            this.type = T_UPDATE;
-+            buffer = new byte[1];
-+            break;
-+        case (int)CKM_SHA512_RSA_PKCS_PSS:
-+            mechParams = new CK_RSA_PKCS_PSS_PARAMS();
-+            mechParams.hashAlg = CKM_SHA512;
-+            mechParams.mgf = CKG_MGF1_SHA512;
-+            mechParams.sLen = 64;
-+            ckMechanism = new CK_MECHANISM(mechanism, mechParams);
-+            this.keyAlgorithm = "RSA";
-+            this.type = T_UPDATE;
-+            buffer = new byte[1];
-+            break;
-         case (int)CKM_MD2_RSA_PKCS:
-         case (int)CKM_MD5_RSA_PKCS:
-         case (int)CKM_SHA1_RSA_PKCS:
-@@ -232,6 +283,7 @@
-         default:
-             throw new ProviderException("Unknown mechanism: " + mechanism);
-         }
-+        this.mechanism = ckMechanism;
-         this.buffer = buffer;
-         this.digestOID = digestOID;
-         this.md = md;
-@@ -309,10 +361,10 @@
-             }
-             if (mode == M_SIGN) {
-                 token.p11.C_SignInit(session.id(),
--                        new CK_MECHANISM(mechanism), p11Key.keyID);
-+                        mechanism, p11Key.keyID);
-             } else {
-                 token.p11.C_VerifyInit(session.id(),
--                        new CK_MECHANISM(mechanism), p11Key.keyID);
-+                        mechanism, p11Key.keyID);
-             }
-             initialized = true;
-         } catch (PKCS11Exception e) {
-@@ -350,7 +402,8 @@
-         } else if (algorithm.equals("SHA512withRSA")) {
-             encodedLength = 83;
-         } else {
--            throw new ProviderException("Unknown signature algo: " + algorithm);
-+            encodedLength = 0;
-+            //throw new ProviderException("Unknown signature algo: " + algorithm);
-         }
-         if (encodedLength > maxDataSize) {
-             throw new InvalidKeyException
-@@ -523,7 +576,7 @@
-                 if (type == T_DIGEST) {
-                     digest = md.digest();
-                 } else { // T_RAW
--                    if (mechanism == CKM_DSA) {
-+                    if (mechanism.mechanism == CKM_DSA) {
-                         if (bytesProcessed != buffer.length) {
-                             throw new SignatureException
-                             ("Data for RawDSA must be exactly 20 bytes long");
-@@ -543,7 +596,7 @@
-                     signature = token.p11.C_Sign(session.id(), digest);
-                 } else { // RSA
-                     byte[] data = encodeSignature(digest);
--                    if (mechanism == CKM_RSA_X_509) {
-+                    if (mechanism.mechanism == CKM_RSA_X_509) {
-                         data = pkcs1Pad(data);
-                     }
-                     signature = token.p11.C_Sign(session.id(), data);
-@@ -578,7 +631,7 @@
-                 if (type == T_DIGEST) {
-                     digest = md.digest();
-                 } else { // T_RAW
--                    if (mechanism == CKM_DSA) {
-+                    if (mechanism.mechanism == CKM_DSA) {
-                         if (bytesProcessed != buffer.length) {
-                             throw new SignatureException
-                             ("Data for RawDSA must be exactly 20 bytes long");
-@@ -598,7 +651,7 @@
-                     token.p11.C_Verify(session.id(), digest, signature);
-                 } else { // RSA
-                     byte[] data = encodeSignature(digest);
--                    if (mechanism == CKM_RSA_X_509) {
-+                    if (mechanism.mechanism == CKM_RSA_X_509) {
-                         data = pkcs1Pad(data);
-                     }
-                     token.p11.C_Verify(session.id(), data, signature);
-diff --git a/src/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/share/classes/sun/security/pkcs11/SunPKCS11.java
---- openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
-+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
-@@ -729,6 +729,16 @@
-         d(SIG, "SHA512withRSA", P11Signature,
-                 s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
-                 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
-+        d(SIG, "SHA1withRSAandMGF1", P11Signature,
-+                m(CKM_SHA1_RSA_PKCS_PSS));
-+        d(SIG, "SHA224withRSAandMGF1", P11Signature,
-+                m(CKM_SHA224_RSA_PKCS_PSS));
-+        d(SIG, "SHA256withRSAandMGF1", P11Signature,
-+                m(CKM_SHA256_RSA_PKCS_PSS));
-+        d(SIG, "SHA384withRSAandMGF1", P11Signature,
-+                m(CKM_SHA384_RSA_PKCS_PSS));
-+        d(SIG, "SHA512withRSAandMGF1", P11Signature,
-+                m(CKM_SHA512_RSA_PKCS_PSS));
- 
-         /*
-          * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
-diff --git a/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java b/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
---- openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
-+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
-@@ -112,6 +112,10 @@
-         init(mechanism, params);
-     }
- 
-+    public CK_MECHANISM(long mechanism, CK_RSA_PKCS_PSS_PARAMS params) {
-+        init(mechanism, params);
-+    }
-+
-     public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
-         init(mechanism, params);
-     }
-diff --git a/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java b/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
---- openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
-+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
-@@ -458,6 +458,12 @@
-     public static final long  CKM_SHA384_RSA_PKCS            = 0x00000041L;
-     public static final long  CKM_SHA512_RSA_PKCS            = 0x00000042L;
- 
-+    // v2.30
-+    public static final long  CKM_SHA256_RSA_PKCS_PSS        = 0x00000043L;
-+    public static final long  CKM_SHA384_RSA_PKCS_PSS        = 0x00000044L;
-+    public static final long  CKM_SHA512_RSA_PKCS_PSS        = 0x00000045L;
-+
-+
-     public static final long  CKM_RC2_KEY_GEN                = 0x00000100L;
-     public static final long  CKM_RC2_ECB                    = 0x00000101L;
-     public static final long  CKM_RC2_CBC                    = 0x00000102L;
-@@ -911,6 +917,10 @@
- 
-     /* The following MGFs are defined */
-     public static final long  CKG_MGF1_SHA1       =  0x00000001L;
-+    public static final long  CKG_MGF1_SHA256     =  0x00000002L;
-+    public static final long  CKG_MGF1_SHA384     =  0x00000003L;
-+    public static final long  CKG_MGF1_SHA512     =  0x00000004L;
-+
-     // new for v2.20 amendment 3
-     public static final long  CKG_MGF1_SHA224     = 0x00000005L;
- 
-diff --git a/src/share/classes/sun/security/pkcs11/Token.java b/src/share/classes/sun/security/pkcs11/Token.java
---- openjdk/jdk/src/share/classes/sun/security/pkcs11/Token.java
-+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Token.java
-@@ -377,6 +377,10 @@
-         return keyStore;
-     }
- 
-+    CK_MECHANISM_INFO getMechanismInfo(CK_MECHANISM mechanism) throws PKCS11Exception {
-+        return getMechanismInfo(mechanism.mechanism);
-+    }
-+
-     CK_MECHANISM_INFO getMechanismInfo(long mechanism) throws PKCS11Exception {
-         CK_MECHANISM_INFO result = mechInfoMap.get(mechanism);
-         if (result == null) {
diff --git a/SOURCES/pulse-soundproperties.patch b/SOURCES/pulse-soundproperties.patch
deleted file mode 100644
index 271a323..0000000
--- a/SOURCES/pulse-soundproperties.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- openjdk/jdk/src/share/lib/sound.properties	2008-08-28 04:15:18.000000000 -0400
-+++ openjdk/jdk/src/share/lib/sound.properties	2008-10-03 16:59:21.000000000 -0400
-@@ -37,3 +37,13 @@
- # Specify the default Receiver by provider and name:
- # javax.sound.midi.Receiver=com.sun.media.sound.MidiProvider#SunMIDI1
- #
-+
-+# javax.sound.sampled.Clip=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider
-+# javax.sound.sampled.Port=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider
-+# javax.sound.sampled.SourceDataLine=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider
-+# javax.sound.sampled.TargetDataLine=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider
-+
-+javax.sound.sampled.Clip=com.sun.media.sound.DirectAudioDeviceProvider
-+javax.sound.sampled.Port=com.sun.media.sound.PortMixerProvider
-+javax.sound.sampled.SourceDataLine=com.sun.media.sound.DirectAudioDeviceProvider
-+javax.sound.sampled.TargetDataLine=com.sun.media.sound.DirectAudioDeviceProvider
diff --git a/SOURCES/rh1022017.patch b/SOURCES/rh1022017.patch
deleted file mode 100644
index 8165340..0000000
--- a/SOURCES/rh1022017.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff --git a/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java b/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
---- openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
-+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
-@@ -168,20 +168,10 @@
-                     "contains no supported elliptic curves");
-             }
-         } else {        // default curves
--            int[] ids;
--            if (requireFips) {
--                ids = new int[] {
--                    // only NIST curves in FIPS mode
--                    23, 24, 25, 9, 10, 11, 12, 13, 14,
--                };
--            } else {
--                ids = new int[] {
--                    // NIST curves first
--                    23, 24, 25, 9, 10, 11, 12, 13, 14,
--                    // non-NIST curves
--                    22,
--                };
--            }
-+            int[] ids = new int[] { 
-+		// NSS currently only supports these three NIST curves
-+		23, 24, 25
-+	    };
- 
-             idList = new ArrayList<>(ids.length);
-             for (int curveId : ids) {
diff --git a/SOURCES/rh1648241-abrt_friendly_hs_log_jdk7.patch b/SOURCES/rh1648241-abrt_friendly_hs_log_jdk7.patch
new file mode 100644
index 0000000..dba02bd
--- /dev/null
+++ b/SOURCES/rh1648241-abrt_friendly_hs_log_jdk7.patch
@@ -0,0 +1,35 @@
+--- openjdk/hotspot/src/share/vm/utilities/vmError.cpp	2012-02-02 16:17:24.476664897 +0100
++++ openjdk/hotspot/src/share/vm/utilities/vmError.cpp	2012-02-02 16:17:24.476664897 +0100
+@@ -929,6 +929,7 @@
+         }
+       }
+ 
++      /*
+       if (fd == -1) {
+         const char *cwd = os::get_current_directory(buffer, sizeof(buffer));
+         size_t len = strlen(cwd);
+@@ -938,6 +939,24 @@
+                      os::file_separator(), os::current_process_id());
+         fd = open(buffer, O_RDWR | O_CREAT | O_EXCL, 0666);
+       }
++      */
++
++      if (fd == -1) {
++        const char * tmpdir = os::get_temp_directory();
++        // try temp directory if it exists.
++        if (tmpdir != NULL && tmpdir[0] != '\0') {
++          jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u",
++                       tmpdir, os::file_separator(), os::current_process_id());
++          // if mkdir() failed, hs_err will be created in temporary directory
++          if (!mkdir(buffer, 0700)) { // only read+execute flags are needed
++                                      // but we need to write into the directory too
++            jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u%shs_error.log",
++                           tmpdir, os::file_separator(), os::current_process_id(),
++                           os::file_separator());
++            fd = open(buffer, O_WRONLY | O_CREAT | O_EXCL, 0444); // read-only file 
++          }
++        }
++      }
+ 
+       if (fd == -1) {
+         const char * tmpdir = os::get_temp_directory();
diff --git a/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
new file mode 100644
index 0000000..222dcfb
--- /dev/null
+++ b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
@@ -0,0 +1,16 @@
+diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java openjdk/jdk/src/share/classes/java/awt/Toolkit.java
+--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java	2009-01-23 11:59:47.000000000 -0500
++++ openjdk/jdk/src/share/classes/java/awt/Toolkit.java	2009-01-23 12:05:20.000000000 -0500
+@@ -871,7 +871,11 @@
+                         return null;
+                     }
+                 });
+-                loadAssistiveTechnologies();
++                try {
++                    loadAssistiveTechnologies();
++                } catch ( AWTError error) {
++                    // ignore silently
++                }
+             } finally {
+                 // Make sure to always re-enable the JIT.
+                 java.lang.Compiler.enable();
diff --git a/SOURCES/rh1648254-javadoc_generated_during_all_variants_of_buid.patch b/SOURCES/rh1648254-javadoc_generated_during_all_variants_of_buid.patch
new file mode 100644
index 0000000..8a130e4
--- /dev/null
+++ b/SOURCES/rh1648254-javadoc_generated_during_all_variants_of_buid.patch
@@ -0,0 +1,35 @@
+--- oldMakefile	2008-07-02 17:48:01.000000000 -0400
++++ openjdk/Makefile	2008-07-02 17:48:09.000000000 -0400
+@@ -199,19 +199,19 @@
+ 
+ create_fresh_product_bootdir: FRC
+ 	$(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \
+-		GENERATE_DOCS=false \
++		GENERATE_DOCS=true \
+ 		BOOT_CYCLE_SETTINGS= \
+ 		build_product_image
+ 
+ create_fresh_debug_bootdir: FRC
+ 	$(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \
+-		GENERATE_DOCS=false \
++		GENERATE_DOCS=true \
+ 		BOOT_CYCLE_DEBUG_SETTINGS= \
+ 		build_debug_image
+ 
+ create_fresh_fastdebug_bootdir: FRC
+ 	$(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \
+-		GENERATE_DOCS=false \
++		GENERATE_DOCS=true \
+ 		BOOT_CYCLE_DEBUG_SETTINGS= \
+ 		build_fastdebug_image
+ 
+@@ -262,7 +262,7 @@
+ 	$(MAKE) \
+ 		ALT_OUTPUTDIR=$(ABS_OUTPUTDIR)/$(REL_JDK_OUTPUTDIR) \
+ 	        DEBUG_NAME=$(DEBUG_NAME) \
+-		GENERATE_DOCS=false \
++		GENERATE_DOCS=true \
+ 		$(if $(findstring true,$(BUILD_INSTALL)),BUILD_INSTALL_BUNDLES=true,) \
+ 		CREATE_DEBUGINFO_BUNDLES=true \
+ 	        $(BOOT_CYCLE_DEBUG_SETTINGS) \
+
diff --git a/SOURCES/rh1648259-libsaproc_libjsig_compiled_with_g_to_provide_correct_debuginfo.patch b/SOURCES/rh1648259-libsaproc_libjsig_compiled_with_g_to_provide_correct_debuginfo.patch
new file mode 100644
index 0000000..11776ef
--- /dev/null
+++ b/SOURCES/rh1648259-libsaproc_libjsig_compiled_with_g_to_provide_correct_debuginfo.patch
@@ -0,0 +1,20 @@
+--- openjdk/hotspot/build/linux/makefiles/saproc.make_back	2009-12-14 13:35:46.000000000 +0100
++++ openjdk/hotspot/make/linux/makefiles/saproc.make	2009-12-14 13:36:47.000000000 +0100
+@@ -95,6 +95,7 @@
+ 			   $(ALT_SAINCDIR) 										\
+ 	           $(SASRCFILES)                                        \
+ 	           $(SA_LFLAGS)                                         \
++	           -g                                                   \
+ 	           $(SA_DEBUG_CFLAGS)                                   \
+ 	           $(EXTRA_CFLAGS)                                      \
+ 	           -o $@                                                \
+--- openjdk/hotspot/build/linux/makefiles/jsig.make_back	2009-12-14 13:34:56.000000000 +0100
++++ openjdk/hotspot/make/linux/makefiles/jsig.make	2009-12-14 13:35:31.000000000 +0100
+@@ -59,6 +59,7 @@
+ $(LIBJSIG): $(JSIGSRCDIR)/jsig.c $(LIBJSIG_MAPFILE)
+ 	@echo Making signal interposition lib...
+ 	$(QUIETLY) $(CC) $(SYMFLAG) $(ARCHFLAG) $(SHARED_FLAG) $(PICFLAG) \
++	                     -g							  \
+                          $(LFLAGS_JSIG) $(JSIG_DEBUG_CFLAGS) $(EXTRA_CFLAGS) -o $@ $< -ldl
+ 	$(QUIETLY) [ -f $(LIBJSIG_G) ] || { ln -s $@ $(LIBJSIG_G); }
+ ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1)
diff --git a/SOURCES/rh1648643-comment_out_freetype_check.patch b/SOURCES/rh1648643-comment_out_freetype_check.patch
new file mode 100644
index 0000000..15c2d67
--- /dev/null
+++ b/SOURCES/rh1648643-comment_out_freetype_check.patch
@@ -0,0 +1,22 @@
+diff -up openjdk/jdk/make/common/shared/Sanity.gmk.sav openjdk/jdk/make/common/shared/Sanity.gmk
+--- openjdk/jdk/make/common/shared/Sanity.gmk.sav	2012-02-14 16:12:48.000000000 -0500
++++ openjdk/jdk/make/common/shared/Sanity.gmk	2012-03-07 17:31:26.153840755 -0500
+@@ -814,12 +814,12 @@ ifdef OPENJDK
+ 	@(($(CD) $(BUILDDIR)/tools/freetypecheck && $(MAKE)) || \
+ 	    $(ECHO) "Failed to build freetypecheck." ) > $@
+ 
+-    sane-freetype: $(TEMPDIR)/freetypeinfo
+-	@if [ "`$(CAT) $< | $(GREP) Fail`" != "" ]; then \
+-	  $(ECHO) "ERROR: FreeType version " $(REQUIRED_FREETYPE_VERSION) \
+-	          " or higher is required. \n" \
+-		  "`$(CAT) $<`  \n" >> $(ERROR_FILE) ; \
+-	fi
++#    sane-freetype: $(TEMPDIR)/freetypeinfo
++#	@if [ "`$(CAT) $< | $(GREP) Fail`" != "" ]; then \
++#	  $(ECHO) "ERROR: FreeType version " $(REQUIRED_FREETYPE_VERSION) \
++#	          " or higher is required. \n" \
++#		  "`$(CAT) $<`  \n" >> $(ERROR_FILE) ; \
++#	fi
+   else
+     #do nothing  (cross-compiling)
+     sane-freetype: 
diff --git a/SOURCES/rh1648644-java_access_bridge_privlidged_security.patch b/SOURCES/rh1648644-java_access_bridge_privlidged_security.patch
new file mode 100644
index 0000000..bd59cad
--- /dev/null
+++ b/SOURCES/rh1648644-java_access_bridge_privlidged_security.patch
@@ -0,0 +1,21 @@
+diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux
+--- openjdk/jdk/src/share/lib/security/java.security-linux
++++ openjdk/jdk/src/share/lib/security/java.security-linux
+@@ -168,6 +168,8 @@
+                com.sun.org.glassfish.,\
+                jdk.xml.internal.,\
+                oracle.jrockit.jfr.,\
++               org.GNOME.Accessibility.,\
++               org.GNOME.Bonobo.,\
+                org.jcp.xml.dsig.internal.
+ #
+ # List of comma-separated packages that start with or equal this string
+@@ -211,6 +213,8 @@
+                    com.sun.org.glassfish.,\
+                    jdk.xml.internal.,\
+                    oracle.jrockit.jfr.,\
++                   org.GNOME.Accessibility.,\
++                   org.GNOME.Bonobo.,\
+                    org.jcp.xml.dsig.internal.
+ #
+ # Determines whether this properties file can be appended to
diff --git a/SOURCES/rh1648645-java_access_bridge_loading_java_version_privileged_tck.patch b/SOURCES/rh1648645-java_access_bridge_loading_java_version_privileged_tck.patch
new file mode 100644
index 0000000..36a23c0
--- /dev/null
+++ b/SOURCES/rh1648645-java_access_bridge_loading_java_version_privileged_tck.patch
@@ -0,0 +1,25 @@
+--- java-access-bridge-1.22.0/bridge/org/GNOME/Accessibility/JavaBridge.java.orig	2008-05-22 11:27:00.000000000 -0400
++++ java-access-bridge-1.22.0/bridge/org/GNOME/Accessibility/JavaBridge.java	2008-05-22 11:28:02.000000000 -0400
+@@ -34,6 +34,9 @@
+ import javax.accessibility.AccessibleRole;
+ import javax.accessibility.AccessibleText;
+ import javax.accessibility.AccessibleEditableText;
++import java.security.PrivilegedAction;
++import java.security.AccessController;
++
+ 
+ public class JavaBridge {
+ 
+@@ -332,7 +335,11 @@
+ 			System.err.println ("Java Accessibility Bridge for GNOME loaded.\n");
+ 
+ 		// Not sure what kind of arguments should be sent to ORB
+-		String vm_rev = System.getProperty("java.version");
++		String vm_rev = (String) AccessController.doPrivileged(new PrivilegedAction() {
++			public java.lang.Object run() {
++				return System.getProperty("java.version");
++			}
++		});	
+ 
+ 		if (vm_rev.compareTo("1.4.0") < 0) {
+ 			System.err.println("WARNING: Java Accessibility Bridge " +
diff --git a/SOURCES/rh1649760-make_alsa_based_mixer_default_when_pulseaudio_build.patch b/SOURCES/rh1649760-make_alsa_based_mixer_default_when_pulseaudio_build.patch
new file mode 100644
index 0000000..271a323
--- /dev/null
+++ b/SOURCES/rh1649760-make_alsa_based_mixer_default_when_pulseaudio_build.patch
@@ -0,0 +1,16 @@
+--- openjdk/jdk/src/share/lib/sound.properties	2008-08-28 04:15:18.000000000 -0400
++++ openjdk/jdk/src/share/lib/sound.properties	2008-10-03 16:59:21.000000000 -0400
+@@ -37,3 +37,13 @@
+ # Specify the default Receiver by provider and name:
+ # javax.sound.midi.Receiver=com.sun.media.sound.MidiProvider#SunMIDI1
+ #
++
++# javax.sound.sampled.Clip=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider
++# javax.sound.sampled.Port=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider
++# javax.sound.sampled.SourceDataLine=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider
++# javax.sound.sampled.TargetDataLine=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider
++
++javax.sound.sampled.Clip=com.sun.media.sound.DirectAudioDeviceProvider
++javax.sound.sampled.Port=com.sun.media.sound.PortMixerProvider
++javax.sound.sampled.SourceDataLine=com.sun.media.sound.DirectAudioDeviceProvider
++javax.sound.sampled.TargetDataLine=com.sun.media.sound.DirectAudioDeviceProvider
diff --git a/SOURCES/rh1649777-add_rhino_support_jdk7.patch b/SOURCES/rh1649777-add_rhino_support_jdk7.patch
new file mode 100644
index 0000000..bd8ab68
--- /dev/null
+++ b/SOURCES/rh1649777-add_rhino_support_jdk7.patch
@@ -0,0 +1,157 @@
+diff -ur openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile
+--- openjdk.orig/jdk/make/com/sun/Makefile	2012-02-14 16:12:48.000000000 -0500
++++ openjdk/jdk/make/com/sun/Makefile	2012-02-22 14:25:10.327518016 -0500
+@@ -31,13 +31,6 @@
+ PRODUCT = sun
+ include $(BUILDDIR)/common/Defs.gmk
+ 
+-ifndef OPENJDK
+-  ORG_EXISTS := $(call DirExists,$(CLOSED_SRC)/share/classes/sun/org,,)
+-  ifneq ("$(ORG_EXISTS)", "") 
+-    SCRIPT_SUBDIR = script
+-  endif
+-endif
+-
+ # jarsigner is part of JRE
+ SUBDIRS = java security net/ssl jarsigner
+ 
+@@ -45,7 +38,7 @@
+ SUBDIRS_desktop    = image
+ SUBDIRS_enterprise = crypto/provider jndi \
+                      org rowset net/httpserver
+-SUBDIRS_misc       = $(SCRIPT_SUBDIR) tracing nio demo
++SUBDIRS_misc       = script tracing nio demo
+ 
+ # Omit mirror since it's built with the apt tool.
+ SUBDIRS_tools      = tools
+diff -ur openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile
+--- openjdk.orig/jdk/make/com/sun/script/Makefile	2012-02-14 16:12:48.000000000 -0500
++++ openjdk/jdk/make/com/sun/script/Makefile	2012-02-22 14:10:53.325225237 -0500
+@@ -31,6 +31,8 @@
+ 
+ AUTO_FILES_JAVA_DIRS = com/sun/script
+ 
++OTHER_JAVACFLAGS = -classpath $(RHINO_JAR)
++
+ #
+ # Files that need to be copied
+ #
+diff -ur openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk
+--- openjdk.orig/jdk/make/common/Release.gmk	2012-02-14 16:12:48.000000000 -0500
++++ openjdk/jdk/make/common/Release.gmk	2012-02-22 14:10:53.325225237 -0500
+@@ -766,6 +766,7 @@
+ 	$(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar
+ 	$(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar
+ 	$(CP) $(JSSE_JAR) $(JRE_IMAGE_DIR)/lib/jsse.jar
++	$(CP) $(RHINO_JAR) $(JRE_IMAGE_DIR)/lib/rhino.jar
+ ifneq ($(JFR_JAR),)
+ 	$(CP) $(JFR_JAR) $(JRE_IMAGE_DIR)/lib/jfr.jar
+ endif
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java	2012-02-22 14:10:53.325225237 -0500
+@@ -24,7 +24,7 @@
+  */
+ 
+ package com.sun.script.javascript;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ import javax.script.*;
+ import java.util.*;
+ 
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java	2012-02-22 14:10:53.325225237 -0500
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+ 
+ import javax.script.Invocable;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ 
+ /**
+  * This class implements Rhino-like JavaAdapter to help implement a Java
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java	2012-02-22 14:10:53.326225216 -0500
+@@ -25,7 +25,7 @@
+ 
+ package com.sun.script.javascript;
+ 
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ import java.util.*;
+ 
+ /**
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java	2012-02-22 14:10:53.326225216 -0500
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+ 
+ import java.util.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ 
+ /**
+  * This class prevents script access to certain sensitive classes.
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java	2012-02-22 14:10:53.326225216 -0500
+@@ -25,7 +25,7 @@
+ 
+ package com.sun.script.javascript;
+ import javax.script.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ 
+ /**
+  * Represents compiled JavaScript code.
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java	2012-02-22 14:10:53.326225216 -0500
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+ import javax.script.*;
+ import java.util.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ import com.sun.script.util.*;
+ 
+ /**
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	2012-02-22 14:10:53.327225198 -0500
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+ import com.sun.script.util.*;
+ import javax.script.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ import java.lang.reflect.Method;
+ import java.io.*;
+ import java.security.*;
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java	2012-02-22 14:10:53.327225198 -0500
+@@ -25,7 +25,7 @@
+ 
+ package com.sun.script.javascript;
+ 
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ import javax.script.*;
+ import java.security.AccessControlContext;
+ 
+diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java	2012-02-14 16:12:49.000000000 -0500
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java	2012-02-22 14:10:53.327225198 -0500
+@@ -27,7 +27,7 @@
+ 
+ import java.lang.reflect.*;
+ import static sun.security.util.SecurityConstants.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ 
+ /**
+  * This wrap factory is used for security reasons. JSR 223 script
diff --git a/SOURCES/rhino.patch b/SOURCES/rhino.patch
deleted file mode 100644
index bd8ab68..0000000
--- a/SOURCES/rhino.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-diff -ur openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile
---- openjdk.orig/jdk/make/com/sun/Makefile	2012-02-14 16:12:48.000000000 -0500
-+++ openjdk/jdk/make/com/sun/Makefile	2012-02-22 14:25:10.327518016 -0500
-@@ -31,13 +31,6 @@
- PRODUCT = sun
- include $(BUILDDIR)/common/Defs.gmk
- 
--ifndef OPENJDK
--  ORG_EXISTS := $(call DirExists,$(CLOSED_SRC)/share/classes/sun/org,,)
--  ifneq ("$(ORG_EXISTS)", "") 
--    SCRIPT_SUBDIR = script
--  endif
--endif
--
- # jarsigner is part of JRE
- SUBDIRS = java security net/ssl jarsigner
- 
-@@ -45,7 +38,7 @@
- SUBDIRS_desktop    = image
- SUBDIRS_enterprise = crypto/provider jndi \
-                      org rowset net/httpserver
--SUBDIRS_misc       = $(SCRIPT_SUBDIR) tracing nio demo
-+SUBDIRS_misc       = script tracing nio demo
- 
- # Omit mirror since it's built with the apt tool.
- SUBDIRS_tools      = tools
-diff -ur openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile
---- openjdk.orig/jdk/make/com/sun/script/Makefile	2012-02-14 16:12:48.000000000 -0500
-+++ openjdk/jdk/make/com/sun/script/Makefile	2012-02-22 14:10:53.325225237 -0500
-@@ -31,6 +31,8 @@
- 
- AUTO_FILES_JAVA_DIRS = com/sun/script
- 
-+OTHER_JAVACFLAGS = -classpath $(RHINO_JAR)
-+
- #
- # Files that need to be copied
- #
-diff -ur openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk
---- openjdk.orig/jdk/make/common/Release.gmk	2012-02-14 16:12:48.000000000 -0500
-+++ openjdk/jdk/make/common/Release.gmk	2012-02-22 14:10:53.325225237 -0500
-@@ -766,6 +766,7 @@
- 	$(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar
- 	$(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar
- 	$(CP) $(JSSE_JAR) $(JRE_IMAGE_DIR)/lib/jsse.jar
-+	$(CP) $(RHINO_JAR) $(JRE_IMAGE_DIR)/lib/rhino.jar
- ifneq ($(JFR_JAR),)
- 	$(CP) $(JFR_JAR) $(JRE_IMAGE_DIR)/lib/jfr.jar
- endif
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java	2012-02-22 14:10:53.325225237 -0500
-@@ -24,7 +24,7 @@
-  */
- 
- package com.sun.script.javascript;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- import javax.script.*;
- import java.util.*;
- 
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java	2012-02-22 14:10:53.325225237 -0500
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
- 
- import javax.script.Invocable;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- 
- /**
-  * This class implements Rhino-like JavaAdapter to help implement a Java
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java	2012-02-22 14:10:53.326225216 -0500
-@@ -25,7 +25,7 @@
- 
- package com.sun.script.javascript;
- 
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- import java.util.*;
- 
- /**
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java	2012-02-22 14:10:53.326225216 -0500
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
- 
- import java.util.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- 
- /**
-  * This class prevents script access to certain sensitive classes.
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java	2012-02-22 14:10:53.326225216 -0500
-@@ -25,7 +25,7 @@
- 
- package com.sun.script.javascript;
- import javax.script.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- 
- /**
-  * Represents compiled JavaScript code.
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java	2012-02-22 14:10:53.326225216 -0500
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
- import javax.script.*;
- import java.util.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- import com.sun.script.util.*;
- 
- /**
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	2012-02-22 14:10:53.327225198 -0500
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
- import com.sun.script.util.*;
- import javax.script.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- import java.lang.reflect.Method;
- import java.io.*;
- import java.security.*;
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java	2012-02-22 14:10:53.327225198 -0500
-@@ -25,7 +25,7 @@
- 
- package com.sun.script.javascript;
- 
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- import javax.script.*;
- import java.security.AccessControlContext;
- 
-diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java	2012-02-14 16:12:49.000000000 -0500
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java	2012-02-22 14:10:53.327225198 -0500
-@@ -27,7 +27,7 @@
- 
- import java.lang.reflect.*;
- import static sun.security.util.SecurityConstants.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- 
- /**
-  * This wrap factory is used for security reasons. JSR 223 script
diff --git a/SPECS/java-1.7.0-openjdk.spec b/SPECS/java-1.7.0-openjdk.spec
index 267d056..f407ea1 100644
--- a/SPECS/java-1.7.0-openjdk.spec
+++ b/SPECS/java-1.7.0-openjdk.spec
@@ -5,8 +5,9 @@
 # conflicting) files in the -debuginfo package
 %undefine _missing_build_ids_terminate_build
 
-%global icedtea_version 2.6.16
-%global hg_tag icedtea-{icedtea_version}
+%global icedtea_version 2.6.17
+%global icedtea_snapshot %{nil}
+%global hg_tag icedtea-%{icedtea_version}%{icedtea_snapshot}
 
 %global aarch64			aarch64 arm64 armv8
 #sometimes we need to distinguish big and little endian PPC64
@@ -159,8 +160,8 @@
 # Standard JPackage naming and versioning defines.
 %global origin          openjdk
 %global top_level_dir_name   %{origin}
-%global updatever       201
-%global buildver        00
+%global updatever       211
+%global buildver        02
 # Keep priority on 7digits in case updatever>9
 %global priority        1700%{updatever}
 %global javaver         1.7.0
@@ -205,7 +206,7 @@
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}
-Release: %{icedtea_version}.1%{?dist}
+Release: %{icedtea_version}%{icedtea_snapshot}.1%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
 # and this change was brought into RHEL-4.  java-1.5.0-ibm packages
 # also included the epoch in their virtual provides.  This created a
@@ -236,7 +237,7 @@ URL:      http://openjdk.java.net/
 # Source from upstream IcedTea 2.x project. To regenerate, use
 # VERSION=icedtea-${icedtea_version} FILE_NAME_ROOT=openjdk-${VERSION}
 # REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
-Source0:  openjdk-icedtea-%{icedtea_version}.tar.xz
+Source0:  openjdk-icedtea-%{icedtea_version}%{icedtea_snapshot}.tar.xz
 
 # README file
 # This source is under maintainer's/java-team's control
@@ -283,31 +284,31 @@ Source20: repackReproduciblePolycies.sh
 # RPM/distribution specific patches
 
 # Allow TCK to pass with access bridge wired in
-Patch1:   java-1.7.0-openjdk-java-access-bridge-tck.patch
+Patch1:   rh1648645-java_access_bridge_loading_java_version_privileged_tck.patch
 
 # Disable access to access-bridge packages by untrusted apps
-Patch3:   java-1.7.0-openjdk-java-access-bridge-security.patch
+Patch3:   rh1648644-java_access_bridge_privlidged_security.patch
 
 # Ignore AWTError when assistive technologies are loaded 
-Patch4:   java-1.7.0-openjdk-accessible-toolkit.patch
+Patch4:   rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
 
 # Build docs even in debug
-Patch5:   java-1.7.0-openjdk-debugdocs.patch
+Patch5:   rh1648254-javadoc_generated_during_all_variants_of_buid.patch
 
 # Add debuginfo where missing
-Patch6:   %{name}-debuginfo.patch
+Patch6:   rh1648259-libsaproc_libjsig_compiled_with_g_to_provide_correct_debuginfo.patch
 
 #
 # OpenJDK specific patches
 #
 
 # Add rhino support
-Patch100: rhino.patch
+Patch100: rh1649777-add_rhino_support_jdk7.patch
 
-Patch106: %{name}-freetype-check-fix.patch
+Patch106: rh1648643-comment_out_freetype_check.patch
 
 # allow to create hs_pid.log in tmp (in 700 permissions) if working directory is unwritable
-Patch200: abrt_friendly_hs_log_jdk7.patch
+Patch200: rh1648241-abrt_friendly_hs_log_jdk7.patch
 
 #
 # Optional component packages
@@ -315,17 +316,17 @@ Patch200: abrt_friendly_hs_log_jdk7.patch
 
 # Make the ALSA based mixer the default when building with the pulseaudio based
 # mixer
-Patch300: pulse-soundproperties.patch
+Patch300: rh1649760-make_alsa_based_mixer_default_when_pulseaudio_build.patch
 
 # Make the curves reported by Java's SSL implementation match those of NSS
-Patch400: rh1022017.patch
+Patch400: pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch
 
 # Temporary patches
 
 # 8076221, PR2809: Backport "8076221: Disable RC4 cipher suites" (will appear in 2.7.0)
-Patch500: 8076221-pr2809.patch
+Patch500: jdk8076221-pr2809-disable_rc4_cipher_suites.patch
 # PR3393, RH1273760: Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider (will appear in 2.7.0)
-Patch501: pr3393-rh1273760.patch
+Patch501: pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch
 # End of tmp patches
 
 BuildRequires: autoconf
@@ -858,7 +859,9 @@ sed -i -e s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g $JAVA_HOME/jre/lib/security/nss.cfg
 # Build pulseaudio and install it to JDK build location
 %if %{with_pulseaudio}
 pushd pulseaudio
-make JAVA_HOME=$JAVA_HOME -f Makefile.pulseaudio
+# IT_CFLAGS="-g" is needed so that debug info symbols get produced.
+# See RHBZ#1657863.
+make JAVA_HOME=$JAVA_HOME -f Makefile.pulseaudio IT_CFLAGS="-g"
 cp -pPRf build/native/libpulse-java.so $JAVA_HOME/jre/lib/%{archinstall}/
 cp -pPRf build/pulse-java.jar $JAVA_HOME/jre/lib/ext/
 popd
@@ -1502,6 +1505,24 @@ exit 0
 %{_jvmdir}/%{jredir}/lib/accessibility.properties
 
 %changelog
+* Wed Feb 27 2019 Severin Gehwolf <sgehwolf@redhat.com> - 1:1.7.0.211-2.6.17.1
+- Produce debug symbols for libpulse-java.so
+- Set IT_CFLAGS=-g so that debug symbols for the pulse audio
+- native library are being produced. This is needed to fix
+- rpmdiff errors of missing .debug_info in pulse-java.so.debug.
+- Resolves: rhbz#1661577
+
+* Mon Feb 25 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.7.0.211-2.6.17.0
+- Bump to 2.6.17.
+- Adjust jdk8076221-pr2809-disable_rc4_cipher_suites.patch to apply after 8211883
+- Regenerate pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch against current sources
+- Resolves: rhbz#1661577
+
+* Thu Feb 21 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.7.0.201-2.6.17pre01.0
+- Bump to 2.6.17pre01.
+- Add support for icedtea_snapshot so we can build pre-releases.
+- Resolves: rhbz#1661577
+
 * Mon Oct 22 2018 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.7.0.201-2.6.16.1
 - Bump to 2.6.16 and u201b00.
 - Update 8076221/PR2809 (disable RC4) to apply after 8208350 (disable DES)
@@ -1605,7 +1626,7 @@ exit 0
 - Resolves: rhbz#1528233
 
 * Wed Feb 14 2018 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.7.0.171-2.6.13.1
-- Extend pr3393-rh1273760.patch so Token.getMechanismInfo can handle CK_MECHANISM
+- Extend pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch so Token.getMechanismInfo can handle CK_MECHANISM
 - Fix missing return statement in hotspot/src/cpu/aarch64/vm/vm_version_aarch64.cpp
 - Resolves: rhbz#1528233
 
@@ -1620,7 +1641,7 @@ exit 0
 
 * Tue Feb 13 2018 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.7.0.171-2.6.13.1
 - Bump to 2.6.13 and u171b01.
-- Update java-1.7.0-openjdk-java-access-bridge-security.patch to apply after 8186080
+- Update rh1648644-java_access_bridge_privlidged_security.patch to apply after 8186080
 - Drop PR3497 AArch64 patch now applied upstream.
 - Update RC4 patch (8076221/PR2809) to apply after 8148108 (DH lower limit increase)
 - Resolves: rhbz#1528233
@@ -2090,7 +2111,7 @@ exit 0
 * Fri Jan 09 2015 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.7.0.75-2.5.4.0
 - Bump to 2.5.4 using OpenJDK 7u75 b13.
 - Bump AArch64 port to 2.6.0pre17.
-- Fix abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs.
+- Fix rh1648241-rh1648241-abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs.
 - Remove OpenJDK 8 / AArch64 version of PStack patch as this is no longer needed.
 - Resolves: rhbz#1180298