diff --git a/SOURCES/pr2974-rh1343832.patch b/SOURCES/pr2974-rh1343832.patch
new file mode 100644
index 0000000..1c9af4d
--- /dev/null
+++ b/SOURCES/pr2974-rh1343832.patch
@@ -0,0 +1,148 @@
+# HG changeset patch
+# User andrew
+# Date 1464316115 -3600
+# Fri May 27 03:28:35 2016 +0100
+# Node ID 794541fbbdc323f7da8a5cee75611f977eee66ee
+# Parent 0be28a33e12dfc9ae1e4be381530643f691d351a
+PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings
+Summary: Add -systemlineendings option to keytool to allow system line endings to be used again.
+Adapted for u91 on 2016/06/08
+
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java 2016-04-10 17:59:49.000000000 -0400
++++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java 2016-06-08 13:10:36.593775141 -0400
+@@ -30,6 +30,7 @@
+ import java.io.IOException;
+ import java.math.BigInteger;
+
++import java.security.AccessController;
+ import java.security.cert.CertificateException;
+ import java.security.NoSuchAlgorithmException;
+ import java.security.InvalidKeyException;
+@@ -39,6 +40,7 @@
+
+ import java.util.Base64;
+
++import sun.security.action.GetPropertyAction;
+ import sun.security.util.*;
+ import sun.security.x509.AlgorithmId;
+ import sun.security.x509.X509Key;
+@@ -76,6 +78,14 @@
+ * @author Hemma Prafullchandra
+ */
+ public class PKCS10 {
++
++ private static final byte[] sysLineEndings;
++
++ static {
++ sysLineEndings =
++ AccessController.doPrivileged(new GetPropertyAction("line.separator")).getBytes();
++ }
++
+ /**
+ * Constructs an unsigned PKCS #10 certificate request. Before this
+ * request may be used, it must be encoded and signed. Then it
+@@ -286,12 +296,39 @@
+ */
+ public void print(PrintStream out)
+ throws IOException, SignatureException {
++ print(out, false);
++ }
++
++ /**
++ * Prints an E-Mailable version of the certificate request on the print
++ * stream passed. The format is a common base64 encoded one, supported
++ * by most Certificate Authorities because Netscape web servers have
++ * used this for some time. Some certificate authorities expect some
++ * more information, in particular contact information for the web
++ * server administrator.
++ *
++ * @param out the print stream where the certificate request
++ * will be printed.
++ * @param systemLineEndings true if the request should be terminated
++ * using the system line endings.
++ * @exception IOException when an output operation failed
++ * @exception SignatureException when the certificate request was
++ * not yet signed.
++ */
++ public void print(PrintStream out, boolean systemLineEndings)
++ throws IOException, SignatureException {
++ byte[] lineEndings;
++
+ if (encoded == null)
+ throw new SignatureException("Cert request was not signed");
+
++ if (systemLineEndings)
++ lineEndings = sysLineEndings;
++ else
++ lineEndings = new byte[] {'\r', '\n'}; // CRLF
+
+ out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
+- out.println(Base64.getMimeEncoder().encodeToString(encoded));
++ out.println(Base64.getMimeEncoder(76, lineEndings).encodeToString(encoded));
+ out.println("-----END NEW CERTIFICATE REQUEST-----");
+ }
+
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java 2016-04-10 17:59:49.000000000 -0400
++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java 2016-06-08 13:07:33.272760634 -0400
+@@ -114,6 +114,7 @@
+ private String infilename = null;
+ private String outfilename = null;
+ private String srcksfname = null;
++ private boolean systemLineEndings = false;
+
+ // User-specified providers are added before any command is called.
+ // However, they are not removed before the end of the main() method.
+@@ -160,7 +161,7 @@
+ CERTREQ("Generates.a.certificate.request",
+ ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME,
+ STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
+- PROVIDERARG, PROVIDERPATH, V, PROTECTED),
++ PROVIDERARG, PROVIDERPATH, SYSTEMLINEENDINGS, V, PROTECTED),
+ CHANGEALIAS("Changes.an.entry.s.alias",
+ ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS,
+ STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
+@@ -293,6 +294,7 @@
+ STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"),
+ STOREPASS("storepass", "<arg>", "keystore.password"),
+ STORETYPE("storetype", "<storetype>", "keystore.type"),
++ SYSTEMLINEENDINGS("systemlineendings", null, "system.line.endings"),
+ TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"),
+ V("v", null, "verbose.output"),
+ VALIDITY("validity", "<valDays>", "validity.number.of.days");
+@@ -534,6 +536,8 @@
+ protectedPath = true;
+ } else if (collator.compare(flags, "-srcprotected") == 0) {
+ srcprotectedPath = true;
++ } else if (collator.compare(flags, "-systemlineendings") == 0) {
++ systemLineEndings = true;
+ } else {
+ System.err.println(rb.getString("Illegal.option.") + flags);
+ tinyHelp();
+@@ -1332,7 +1336,7 @@
+
+ // Sign the request and base-64 encode it
+ request.encodeAndSign(subject, signature);
+- request.print(out);
++ request.print(out, systemLineEndings);
+ }
+
+ /**
+@@ -4188,4 +4192,3 @@
+ return new Pair<>(a,b);
+ }
+ }
+-
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java 2016-04-10 17:59:49.000000000 -0400
++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java 2016-06-08 13:07:33.272760634 -0400
+@@ -168,6 +168,8 @@
+ "keystore password"}, //-storepass
+ {"keystore.type",
+ "keystore type"}, //-storetype
++ {"system.line.endings",
++ "use system line endings rather than CRLF to terminate output"}, //-systemlineendings
+ {"trust.certificates.from.cacerts",
+ "trust certificates from cacerts"}, //-trustcacerts
+ {"verbose.output",
diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec
index 55ceeca..1cfd6c0 100644
--- a/SPECS/java-1.8.0-openjdk.spec
+++ b/SPECS/java-1.8.0-openjdk.spec
@@ -715,7 +715,7 @@ OrderWithRequires: %{name}-headless%1 = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}
-Release: 0.%{buildver}%{?dist}
+Release: 1.%{buildver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -785,6 +785,8 @@ Patch504: rh1163501.patch
Patch511: rh1214835.patch
# Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions
Patch512: no_strict_overflow.patch
+# RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings
+Patch523: pr2974-rh1343832.patch
# Arch-specific upstreamable patches
# PR2415: JVM -Xmx requirement is too high on s390
@@ -1110,6 +1112,7 @@ sh %{SOURCE12}
%patch504
%patch511
%patch512
+%patch523
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -1801,6 +1804,10 @@ end
%endif
%changelog
+* Wed Jun 01 2016 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.91-1.b14
+- Add fix for PKCS#10 output regression, adding -systemlineendings option.
+- Resolves: rhbz#1343832
+
* Tue Apr 12 2016 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.91-0.b14
- Add additional fix to Zero patch to properly handle result on 64-bit big-endian
- Resolves: rhbz#1325422