7 changed files with 343 additions and 3253 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/openjdk-jdk17u-jdk-17.0.7+7.tar.xz
+SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
--- a/.java-17-openjdk.metadata
+++ b/.java-17-openjdk.metadata
@ -1,2 +1,2 @@
-bc3222a9f338eeb1c03f2b95f429b954c5da3fa7 SOURCES/openjdk-jdk17u-jdk-17.0.7+7.tar.xz
+95213324016613e314e5c97dc87f31a0576df00c SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
 c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
--- a/SOURCES/NEWS
+++ b/SOURCES/NEWS
@ -3,351 +3,12 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

-New in release OpenJDK 17.0.7 (2023-04-18):
-===========================================
-Live versions of these release notes can be found at:
-  * https://bit.ly/openjdk1707
-
-* CVEs
-  - CVE-2023-21930
-  - CVE-2023-21937
-  - CVE-2023-21938
-  - CVE-2023-21939
-  - CVE-2023-21954
-  - CVE-2023-21967
-  - CVE-2023-21968
-* Security fixes
-  - JDK-8287404: Improve ping times
-  - JDK-8288436: Improve Xalan supports
-  - JDK-8294474: Better AES support
-  - JDK-8295304: Runtime support improvements
-  - JDK-8296676, JDK-8296622: Improve String platform support
-  - JDK-8296684: Improve String platform support
-  - JDK-8296692: Improve String platform support
-  - JDK-8296832: Improve Swing platform support
-  - JDK-8297371: Improve UTF8 representation redux
-  - JDK-8298191: Enhance object reclamation process
-  - JDK-8298310: Enhance TLS session negotiation
-  - JDK-8298667: Improved path handling
-  - JDK-8299129: Enhance NameService lookups
-* Other changes
-  - JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
-  - JDK-6779701: Wrong defect ID in the code of test LocalRMIServerSocketFactoryTest.java
-  - JDK-8008243: Zero: Implement fast bytecodes
-  - JDK-8048190: NoClassDefFoundError omits original ExceptionInInitializerError
-  - JDK-8065097: [macosx] javax/swing/Popup/TaskbarPositionTest.java fails because Popup is one pixel off
-  - JDK-8144030: [macosx] test java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again)
-  - JDK-8155246: Throw error if default java.security file is missing
-  - JDK-8186765: Speed up test sun/net/www/protocol/https/HttpsClient/ProxyAuthTest.java
-  - JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
-  - JDK-8195809: [TESTBUG] jps and jcmd -l support for containers is not tested
-  - JDK-8208077: File.listRoots performance degradation
-  - JDK-8209935: Test to cover CodeSource.getCodeSigners()
-  - JDK-8210927: JDB tests do not update source path after doing a redefine class
-  - JDK-8212961: [TESTBUG] vmTestbase/nsk/stress/jni/ native code cleanup
-  - JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails
-  - JDK-8223783: sun/net/www/http/HttpClient/MultiThreadTest.java sometimes detect threads+1 connections
-  - JDK-8230374: maxOutputSize, instead of javatest.maxOutputSize, should be used in TEST.properties
-  - JDK-8231491: JDI tc02x004 failed again due to wrong # of breakpoints
-  - JDK-8235297: sun/security/ssl/SSLSessionImpl/ResumptionUpdateBoundValues.java fails intermittent
-  - JDK-8241293: CompressedClassSpaceSizeInJmapHeap.java time out after 8 minutes
-  - JDK-8242115: C2 SATB barriers are not safepoint-safe
-  - JDK-8244669: convert clhsdb "mem" command from javascript to java
-  - JDK-8245654: Add Certigna Root CA
-  - JDK-8251177: [macosx] The text "big" is truncated in JTabbedPane
-  - JDK-8254267: javax/xml/crypto/dsig/LogParameters.java failed with "RuntimeException: Unexpected log output:"
-  - JDK-8258512: serviceability/sa/TestJmapCore.java timed out on macOS 10.13.6
-  - JDK-8262386: resourcehogs/serviceability/sa/TestHeapDumpForLargeArray.java timed out
-  - JDK-8266974: duplicate property key in java.sql.rowset resource bundle
-  - JDK-8267038: Update IANA Language Subtag Registry to Version 2022-03-02
-  - JDK-8270156: Add "randomness" and "stress" keys to JTreg tests which use StressGCM, StressLCM and/or StressIGVN
-  - JDK-8270476: Make floating-point test infrastructure more lambda and method reference friendly
-  - JDK-8271471: [IR Framework] Rare occurrence of "<!-- safepoint while printing -->" in PrintIdeal/PrintOptoAssembly can let tests fail
-  - JDK-8271838: AmazonCA.java interop test fails
-  - JDK-8272702: Resolving URI relative path with no / may lead to incorrect toString
-  - JDK-8272985: Reference discovery is confused about atomicity and degree of parallelism
-  - JDK-8273154: Provide a JavadocTester method for non-overlapping, unordered output matching
-  - JDK-8273410: IR verification framework fails with "Should find method name in validIrRulesMap"
-  - JDK-8274911: testlibrary_tests/ir_framework/tests/TestIRMatching.java fails with "java.lang.RuntimeException: Should have thrown exception"
-  - JDK-8275173: testlibrary_tests/ir_framework/tests/TestCheckedTests.java fails after JDK-8274911
-  - JDK-8275301: Unify C-heap buffer overrun checks into NMT
-  - JDK-8275320: NMT should perform buffer overrun checks
-  - JDK-8275582: Don't purge metaspace mapping lists
-  - JDK-8275704: Metaspace::contains() should be threadsafe
-  - JDK-8275843: Random crashes while the UI code is executed
-  - JDK-8276064: CheckCastPP with raw oop input floats below a safepoint
-  - JDK-8276086: Increase size of metaspace mappings
-  - JDK-8277485: Zero: Fix _fast_{i,f}access_0 bytecodes handling
-  - JDK-8277822: Remove debug-only heap overrun checks in os::malloc and friends
-  - JDK-8277946: NMT: Remove VM.native_memory shutdown jcmd command option
-  - JDK-8277990: NMT: Remove NMT shutdown capability
-  - JDK-8278961: Enable debug logging in java/net/DatagramSocket/SendDatagramToBadAddress.java
-  - JDK-8279024: Remove javascript references from clhsdb.html
-  - JDK-8279119: src/jdk.hotspot.agent/doc/index.html file contains references to scripts that no longer exist
-  - JDK-8279351: [TESTBUG] SADebugDTest.java does not handle "Address already in use" error
-  - JDK-8279614: The left line of the TitledBorder is not painted on 150 scale factor
-  - JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2
-  - JDK-8280048: Missing comma in copyright header
-  - JDK-8280132: Incorrect comparator com.sun.beans.introspect.MethodInfo.MethodOrder
-  - JDK-8280166: Extend java/lang/instrument/GetObjectSizeIntrinsicsTest.java test cases
-  - JDK-8280553: resourcehogs/serviceability/sa/TestHeapDumpForLargeArray.java can fail if GC occurs
-  - JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption
-  - JDK-8280784: VM_Cleanup unnecessarily processes all thread oops
-  - JDK-8280868: LineBodyHandlerTest.java creates and discards too many clients
-  - JDK-8280889: java/lang/instrument/GetObjectSizeIntrinsicsTest.java fails with -XX:-UseCompressedOops
-  - JDK-8280896: java/nio/file/Files/probeContentType/Basic.java fails on Windows 11
-  - JDK-8281122: [IR Framework] Cleanup IR matching code in preparation for JDK-8280378
-  - JDK-8281170: Test jdk/tools/jpackage/windows/WinInstallerIconTest always fails on Windows 11
-  - JDK-8282036: Change java/util/zip/ZipFile/DeleteTempJar.java to stop HttpServer cleanly in case of exceptions
-  - JDK-8282143: Objects.requireNonNull should be ForceInline
-  - JDK-8282577: ICC_Profile.setData(int, byte[]) invalidates the profile
-  - JDK-8282771: Create test case for JDK-8262981
-  - JDK-8282958: Rendering Issues with Borders on Windows High-DPI systems
-  - JDK-8283606: Tests may fail with zh locale on MacOS
-  - JDK-8283717: vmTestbase/nsk/jdi/ThreadStartEvent/thread/thread001 failed due to SocketTimeoutException
-  - JDK-8283719: java/util/logging/CheckZombieLockTest.java failing intermittently
-  - JDK-8283870: jdeprscan --help causes an exception when the locale is ja, zh_CN or de
-  - JDK-8284115: [IR Framework] Compilation is not found due to rare safepoint while dumping PrintIdeal/PrintOptoAssembly
-  - JDK-8284165: Add pid to process reaper thread name
-  - JDK-8284524: Create an automated test for JDK-4422362
-  - JDK-8284726: Print active locale settings in hs_err reports and in VM.info
-  - JDK-8284767: Create an automated test for JDK-4422535
-  - JDK-8285399: JNI exception pending in awt_GraphicsEnv.c:1432
-  - JDK-8285690: CloneableReference subtest should not throw CloneNotSupportedException
-  - JDK-8285755: JDK-8285093 changed the default for --with-output-sync
-  - JDK-8285835: SIGSEGV in PhaseIdealLoop::build_loop_late_post_work
-  - JDK-8285919: Remove debug printout from JDK-8285093
-  - JDK-8285965: TestScenarios.java does not check for "<!-- safepoint while printing -->" correctly
-  - JDK-8286030: Avoid JVM crash when containers share the same /tmp dir
-  - JDK-8286154: Fix 3rd party notices in test files
-  - JDK-8286562: GCC 12 reports some compiler warnings
-  - JDK-8286694: Incorrect argument processing in java launcher
-  - JDK-8286705: GCC 12 reports use-after-free potential bugs
-  - JDK-8286707: JFR: Don't commit JFR internal jdk.JavaMonitorWait events
-  - JDK-8286800: Assert in PhaseIdealLoop::dump_real_LCA is too strong
-  - JDK-8286844: com/sun/jdi/RedefineCrossEvent.java failed with 1 threads completed while VM suspended
-  - JDK-8286873: Improve websocket test execution time
-  - JDK-8286962: java/net/httpclient/ServerCloseTest.java failed once with ConnectException
-  - JDK-8287180: Update IANA Language Subtag Registry to Version 2022-08-08
-  - JDK-8287217: C2: PhaseCCP: remove not visited nodes, prevent type inconsistency
-  - JDK-8287491: compiler/jvmci/errors/TestInvalidDebugInfo.java fails new assert:  assert((uint)t < T_CONFLICT + 1) failed: invalid type #
-  - JDK-8287593: ShortResponseBody could be made more resilient to rogue connections
-  - JDK-8287754: Update jib GNU make dependency on Windows to latest cygwin build
-  - JDK-8288005: HotSpot build with disabled PCH fails for Windows AArch64
-  - JDK-8288130: compiler error with AP and explicit record accessor
-  - JDK-8288332: Tier1 validate-source fails after 8279614
-  - JDK-8288415: java/awt/PopupMenu/PopupMenuLocation.java is unstable in MacOS machines
-  - JDK-8288854: getLocalGraphicsEnvironment() on for multi-screen setups throws exception NPE
-  - JDK-8289400: Improve com/sun/jdi/TestScaffold error reporting
-  - JDK-8289440: Remove vmTestbase/nsk/monitoring/MemoryPoolMBean/isCollectionUsageThresholdExceeded/isexceeded003 from ProblemList.txt
-  - JDK-8289508: Improve test coverage for XPath Axes: ancestor, ancestor-or-self, preceding, and preceding-sibling
-  - JDK-8289511: Improve test coverage for XPath Axes: child
-  - JDK-8289647: AssertionError during annotation processing of record related tests
-  - JDK-8289948: Improve test coverage for XPath functions: Node Set Functions
-  - JDK-8290067: Show stack dimensions in UL logging when attaching threads
-  - JDK-8290083: ResponseBodyBeforeError: AssertionError or SSLException: Unsupported or unrecognized SSL message
-  - JDK-8290197: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails on some systems for the ".rar" extension
-  - JDK-8290322: Optimize Vector.rearrange over byte vectors for AVX512BW targets.
-  - JDK-8290836: Improve test coverage for XPath functions: String Functions
-  - JDK-8290837: Improve test coverage for XPath functions: Boolean Functions
-  - JDK-8290838: Improve test coverage for XPath functions: Number Functions
-  - JDK-8290850: C2: create_new_if_for_predicate() does not clone pinned phi input nodes resulting in a broken graph
-  - JDK-8290899: java/lang/String/StringRepeat.java test requests too much heap on windows x86
-  - JDK-8290964: C2 compilation fails with assert "non-reduction loop contains reduction nodes"
-  - JDK-8291825: java/time/nontestng/java/time/zone/CustomZoneNameTest.java fails if defaultLocale and defaultFormatLocale are different
-  - JDK-8292033: Move jdk.X509Certificate event logic to JCA layer
-  - JDK-8292066: Convert TestInputArgument.sh and TestSystemLoadAvg.sh to java version
-  - JDK-8292159: TYPE_USE annotations on generic type arguments of record components discarded
-  - JDK-8292177: InitialSecurityProperty JFR event
-  - JDK-8292285: C2: remove unreachable block after NeverBranch-to-Goto conversion
-  - JDK-8292297: Fix up loading of override java.security properties file
-  - JDK-8292328: AccessibleActionsTest.java test instruction for show popup on JLabel did not specify shift key
-  - JDK-8292443: Weak CAS VarHandle/Unsafe tests should test always-failing cases
-  - JDK-8292602: ZGC: C2 late barrier analysis uses invalid dominator information
-  - JDK-8292660: C2: blocks made unreachable by NeverBranch-to-Goto conversion are removed incorrectly
-  - JDK-8292780: misc tests failed "assert(false) failed: graph should be schedulable"
-  - JDK-8292877: java/util/concurrent/atomic/Serial.java uses {Double,Long}Accumulator incorrectly
-  - JDK-8293000: Review running times of jshell regression tests
-  - JDK-8293326: jdk/sun/security/tools/jarsigner/compatibility/SignTwice.java slow on Windows
-  - JDK-8293466: libjsig should ignore non-modifying sigaction calls
-  - JDK-8293493: Signal Handlers printout should show signal block state
-  - JDK-8293531: C2: some vectorapi tests fail assert "Not monotonic" with flag -XX:TypeProfileLevel=222
-  - JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections
-  - JDK-8293691: converting a defined BasicType value to a string should not crash the VM
-  - JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings
-  - JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with "RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG"
-  - JDK-8293965: Code signing warnings after JDK-8293550
-  - JDK-8293996: C2: fix and simplify IdealLoopTree::do_remove_empty_loop
-  - JDK-8294160: misc crash dump improvements
-  - JDK-8294217: Assertion failure: parsing found no loops but there are some
-  - JDK-8294310: compare.sh fails on macos after JDK-8293550
-  - JDK-8294378: URLPermission constructor exception when using tr locale
-  - JDK-8294538: missing is_unloading() check in SharedRuntime::fixup_callers_callsite()
-  - JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316
-  - JDK-8294580: frame::interpreter_frame_print_on() crashes if free BasicObjectLock exists in frame
-  - JDK-8294677: chunklevel::MAX_CHUNK_WORD_SIZE too small for some applications
-  - JDK-8294705: Disable an assertion in test/jdk/java/util/DoubleStreamSums/CompensatedSums.java
-  - JDK-8294902: Undefined Behavior in C2 regalloc with null references
-  - JDK-8294947: Use 64bit atomics in patch_verified_entry on x86_64
-  - JDK-8294958: java/net/httpclient/ConnectTimeout tests are slow
-  - JDK-8295000: java/util/Formatter/Basic test cleanup
-  - JDK-8295066: Folding of loads is broken in C2 after JDK-8242115
-  - JDK-8295116: C2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead
-  - JDK-8295211: Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you should use literals"
-  - JDK-8295413: com/sun/jdi/EATests.java fails with compiler flag -XX:+StressReflectiveCode
-  - JDK-8295414: [Aarch64] C2: assert(false) failed: bad AD file
-  - JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
-  - JDK-8295685: Update Libpng to 1.6.38
-  - JDK-8295724: VirtualMachineError: Out of space in CodeCache for method handle intrinsic
-  - JDK-8295774: Write a test to verify List sends ItemEvent/ActionEvent
-  - JDK-8295777: java/net/httpclient/ConnectExceptionTest.java should not rely on system resolver
-  - JDK-8295788: C2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node"
-  - JDK-8296136: Use correct register in aarch64_enc_fast_unlock()
-  - JDK-8296239: ISO 4217 Amendment 174 Update
-  - JDK-8296329: jar validator doesn't account for minor class file version
-  - JDK-8296389: C2: PhaseCFG::convert_NeverBranch_to_Goto must handle both orders of successors
-  - JDK-8296548: Improve MD5 intrinsic for x86_64
-  - JDK-8296611: Problemlist several sun/security tests until JDK-8295343 is resolved
-  - JDK-8296619: Upgrade jQuery to 3.6.1
-  - JDK-8296675: Exclude linux-aarch64 in NSS tests
-  - JDK-8296878: Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters
-  - JDK-8296904: Improve handling of macos xcode toolchain
-  - JDK-8296912: C2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1
-  - JDK-8296924: C2: assert(is_valid_AArch64_address(dest.target())) failed: bad address
-  - JDK-8297088: Update LCMS to 2.14
-  - JDK-8297211: Expensive fillInStackTrace operation in HttpURLConnection.getOutputStream0 when no content-length in response
-  - JDK-8297259: Bump update version for OpenJDK: jdk-17.0.7
-  - JDK-8297264: C2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top
-  - JDK-8297431: [JVMCI] HotSpotJVMCIRuntime.encodeThrowable should not throw an exception
-  - JDK-8297437: javadoc cannot link to old docs (with old style anchors)
-  - JDK-8297480: GetPrimitiveArrayCritical in imageioJPEG misses result - NULL check
-  - JDK-8297489: Modify TextAreaTextEventTest.java as to verify the content change of TextComponent sends TextEvent
-  - JDK-8297523: Various GetPrimitiveArrayCritical miss result - NULL check
-  - JDK-8297569: URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378
-  - JDK-8297642: PhaseIdealLoop::only_has_infinite_loops must detect all loops that never lead to termination
-  - JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication
-  - JDK-8297959: Provide better descriptions for some Operating System JFR events
-  - JDK-8297963: Partially fix string expansion issues in UTIL_DEFUN_NAMED and related macros
-  - JDK-8298027: Remove SCCS id's from awt jtreg tests
-  - JDK-8298035: Provide better descriptions for JIT compiler JFR events
-  - JDK-8298073: gc/metaspace/CompressedClassSpaceSizeInJmapHeap.java causes test task timeout on macosx
-  - JDK-8298093: improve cleanup and error handling of awt_parseColorModel in awt_parseImage.c
-  - JDK-8298108: Add a regression test for JDK-8297684
-  - JDK-8298129: Let checkpoint event sizes grow beyond u4 limit
-  - JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
-  - JDK-8298459: Fix msys2 linking and handling out of tree build directory for source zip creation
-  - JDK-8298472: AArch64: Detect Ampere-1 and Ampere-1A CPUs and set default options
-  - JDK-8298527: Cygwin's uname -m returns different string than before
-  - JDK-8298568: Fastdebug build fails after JDK-8296389
-  - JDK-8298588: WebSockets: HandshakeUrlEncodingTest unnecessarily depends on a response body
-  - JDK-8298649: JFR: RemoteRecordingStream support for checkpoint event sizes beyond u4
-  - JDK-8298726: (fs) Change PollingWatchService to record last modified time as FileTime rather than milliseconds
-  - JDK-8298947: compiler/codecache/MHIntrinsicAllocFailureTest.java fails intermittently
-  - JDK-8299015: Ensure that HttpResponse.BodySubscribers.ofFile writes all bytes
-  - JDK-8299018: java/net/httpclient/HttpsTunnelAuthTest.java fails with java.io.IOException: HTTP/1.1 header parser received no bytes
-  - JDK-8299194: CustomTzIDCheckDST.java may fail at future date
-  - JDK-8299296: Write a test to verify the components selection sends ItemEvent
-  - JDK-8299388: java/util/regex/NegativeArraySize.java fails on Alpine and sometimes Windows
-  - JDK-8299424: containers/docker/TestMemoryWithCgroupV1.java fails on SLES12 ppc64le when testing Memory and Swap Limit
-  - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
-  - JDK-8299470: sun/jvm/hotspot/SALauncher.java handling of negative rmiport args
-  - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
-  - JDK-8299497: Usage of constructors of primitive wrapper classes should be avoided in java.desktop API docs
-  - JDK-8299520: TestPrintXML.java output error messages in case compare fails
-  - JDK-8299597: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.7
-  - JDK-8299657: sun/tools/jhsdb/SAGetoptTest.java fails after 8299470
-  - JDK-8299671: Speed up compiler/intrinsics/string/TestStringLatin1IndexOfChar.java
-  - JDK-8299789: Compilation of gtest causes build to fail if runtime libraries are in different dirs
-  - JDK-8299957: Enhance error logging in instrument coding with additional jplis_assert_msg
-  - JDK-8299970: Speed up compiler/arraycopy/TestArrayCopyConjoint.java
-  - JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems
-  - JDK-8300205: Swing test bug8078268 make latch timeout configurable
-  - JDK-8300266: Detect Virtualization on Linux aarch64
-  - JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550
-  - JDK-8300590: [JVMCI] BytecodeFrame.equals is broken
-  - JDK-8300642: [17u,11u] Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
-  - JDK-8300692: GCC 12 reports some compiler warnings in bundled freetype
-  - JDK-8300751: [17u] Remove duplicate entry in javac.properties
-  - JDK-8300773: Address the inconsistency between the constant array and pool size
-  - JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns
-  - JDK-8301342: Prefer ArrayList to LinkedList in LayoutComparator
-  - JDK-8301397: [11u, 17u] Bump jtreg to fix issue with build JDK 11.0.18
-  - JDK-8301760: Fix possible leak in SpNegoContext dispose
-  - JDK-8301842: JFR: increase checkpoint event size for stacktrace and string pool
-  - JDK-8302152: Speed up tests with infinite loops, sleep less
-  - JDK-8302692: [17u] Update GHA Boot JDK to 17.0.6
-  - JDK-8302879: doc/building.md update link to jtreg builds
-  - JDK-8304871: Use default visibility for static library builds
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate
-==========================================================
-The following root certificate has been added to the cacerts truststore:
-
-Name: Certigna (Dhimyotis)
-Alias Name: certignarootca
-Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR
-
-JDK-8292177: New JFR Event: jdk.InitialSecurityProperty
-=======================================================
-The initial security properties loaded by the java.security.Security class
-are now accessible in the new JFR event, `jdk.InitialSecurityProperty`.
-
-The event contains two fields:
-
-* key - the security property key
-* value - the corresponding security property value
-
-The combination of this new event and the existing
-`jdk.SecurityPropertyModification` event means that security
-properties can now be monitored throughout their lifecycle.
-
-The initial security properties are now also printed to the standard
-error output stream when `-Djava.security.debug=properties` is passed
-to the Java virtual machine.
-
-JDK-8155246: Throw Error If Default java.security File Fails to Load
-====================================================================
-A hardcoded set of security properties was used in previous releases
-when the `java.security` file could not be loaded. This set of
-properties were poorly maintained and it was not obvious to the user
-that they were being utilised. This release instead throws an
-`InternalError` if the `java.security` file can not be loaded.
-
-core-libs/java.io:
-
-JDK-8208077: File::listRoots Changed To Return All Available Drives On Windows
-==============================================================================
-The `java.io.File.listRoots()` method on Windows systems filtered out disk
-drives that could not be accessed or did not have media loaded.  The
-use of this filtering led to observable performance issues. This release
-now returns all available disk drives, unfiltered.
-
 New in release OpenJDK 17.0.6 (2023-01-17):
 ===========================================
 Live versions of these release notes can be found at:
-  * https://bit.ly/openjdk1706
+  * https://bitly.com/openjdk1706
  * https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html

-* CVEs
-  - CVE-2023-21835
-  - CVE-2023-21843
-* Security fixes
-  - JDK-8286070: Improve UTF8 representation
-  - JDK-8286496: Improve Thread labels
-  - JDK-8287411: Enhance DTLS performance
-  - JDK-8288516: Enhance font creation
-  - JDK-8289350: Better media supports
-  - JDK-8293554: Enhanced DH Key Exchanges
-  - JDK-8293598: Enhance InetAddress address handling
-  - JDK-8293717: Objective view of ObjectView
-  - JDK-8293734: Improve BMP image handling
-  - JDK-8293742: Better Banking of Sounds
-  - JDK-8295687: Better BMP bounds
 * Other changes
  - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
  - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
@ -591,15 +252,13 @@ Live versions of these release notes can be found at:
  - JDK-8295554: Move the "sizecalc.h" to the correct location
  - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
  - JDK-8295714: GHA ::set-output is deprecated and will be removed
-  - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
  - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
  - JDK-8295952: Problemlist existing compiler/rtm tests also on x86
  - JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
  - JDK-8296108: (tz) Update Timezone Data to 2022f
-  - JDK-8296239: ISO 4217 Amendment 174 Update
  - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
  - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
-  - JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation
+  - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
  - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
  - JDK-8296715: CLDR v42 update for tzdata 2022f
  - JDK-8296733: JFR: File Read event for RandomAccessFile::write(byte[]) is incorrect
@ -619,33 +278,10 @@ Live versions of these release notes can be found at:
  - JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
  - JDK-8297656: AArch64: Enable AES/GCM Intrinsics
  - JDK-8297804: (tz) Update Timezone Data to 2022g
-  - JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6
-  - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
-  - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java

 Notes on individual issues:
 ===========================

-client-libs/javax.imageio:
-
-JDK-8295687: Better BMP bounds
-==============================
-Loading a linked ICC profile within a BMP image is now disabled by
-default. To re-enable it, set the new system property
-`sun.imageio.bmp.enabledLinkedProfiles` to `true`.  This new property
-replaces the old property,
-`sun.imageio.plugins.bmp.disableLinkedProfiles`.
-
-client-libs/javax.sound:
-
-JDK-8293742: Better Banking of Sounds
-=====================================
-Previously, the SoundbankReader implementation,
-`com.sun.media.sound.JARSoundbankReader`, would download a JAR
-soundbank from a URL.  This behaviour is now disabled by default. To
-re-enable it, set the new system property `jdk.sound.jarsoundbank` to
-`true`.
-
 security-libs/java.security:

 JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
@ -666,18 +302,10 @@ the same change is made in third party modules.  Developers of third
 party modules are advised to verify that their logout() method does not
 throw a NullPointerException.

-security-libs/javax.net.ssl:
-
-JDK-8287411: Enhance DTLS performance
-=====================================
-The JDK now exchanges DTLS cookies for all handshakes, new and
-resumed. The previous behaviour can be re-enabled by setting the new
-system property `jdk.tls.enableDtlsResumeCookie` to `false`.
-
 New in release OpenJDK 17.0.5 (2022-10-18):
 ===========================================
 Live versions of these release notes can be found at:
-  * https://bit.ly/openjdk1705
+  * https://bitly.com/openjdk1705
  * https://builds.shipilev.net/backports-monitor/release-notes-17.0.5.html

 * Security fixes
@ -1045,7 +673,7 @@ Runtime to crash unpredictably.
 New in release OpenJDK 17.0.4 (2022-07-19):
 ===========================================
 Live versions of these release notes can be found at:
-  * https://bit.ly/openjdk1704
+  * https://bitly.com/openjdk1704
  * https://builds.shipilev.net/backports-monitor/release-notes-17.0.4.txt

 * Security fixes
@ -1362,7 +990,7 @@ the use of special devices such as `NUL:`
 New in release OpenJDK 17.0.3 (2022-04-19):
 ===========================================
 Live versions of these release notes can be found at:
-  * https://bit.ly/openjdk1703
+  * https://bitly.com/openjdk1703
  * https://builds.shipilev.net/backports-monitor/release-notes-17.0.3.txt

 * Security fixes
@ -1567,7 +1195,7 @@ An OCSP response signed with the RSASSA-PSS algorithm is now supported.
 New in release OpenJDK 17.0.2 (2022-01-18):
 ===========================================
 Live versions of these release notes can be found at:
-  * https://bit.ly/openjdk1702
+  * https://bitly.com/openjdk1702
  * https://builds.shipilev.net/backports-monitor/release-notes-17.0.2.txt

 * Security fixes
--- a/SOURCES/fips-17u-72d08e3226f.patch
+++ b/SOURCES/fips-17u-72d08e3226f.patch
--- a/SOURCES/jdk8274864-remove_amman_cairo_hacks.patch
+++ b/SOURCES/jdk8274864-remove_amman_cairo_hacks.patch
@ -1,53 +0,0 @@
-commit 1b3825db8631e55771fb723d4fcd10040ea15b7e
-Author: duke <duke@openjdk.org>
-Date:   Wed Apr 12 17:25:27 2023 +0000
-
-    Backport ec199072c5867624d66840238cc8828e16ae8da7
-
-diff --git a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
-index 6f6e190efcd..ef278203182 100644
--- a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
-+++ b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
-@@ -608,34 +608,6 @@ public final class ZoneInfoFile {
-                 params[8] = endRule.secondOfDay * 1000;
-                 params[9] = toSTZTime[endRule.timeDefinition];
-                 dstSavings = (startRule.offsetAfter - startRule.offsetBefore) * 1000;
-
-                // Note: known mismatching -> Asia/Amman
-                // ZoneInfo :      startDayOfWeek=5     <= Thursday
-                //                 startTime=86400000   <= 24 hours
-                // This:           startDayOfWeek=6
-                //                 startTime=0
-                // Similar workaround needs to be applied to Africa/Cairo and
-                // its endDayOfWeek and endTime
-                // Below is the workarounds, it probably slows down everyone a little
-                if (params[2] == 6 && params[3] == 0 &&
-                    (zoneId.equals("Asia/Amman"))) {
-                    params[2] = 5;
-                    params[3] = 86400000;
-                }
-                // Additional check for startDayOfWeek=6 and starTime=86400000
-                // is needed for Asia/Amman;
-                if (params[2] == 7 && params[3] == 0 &&
-                     (zoneId.equals("Asia/Amman"))) {
-                    params[2] = 6;        // Friday
-                    params[3] = 86400000; // 24h
-                }
-                //endDayOfWeek and endTime workaround
-                if (params[7] == 6 && params[8] == 0 &&
-                    (zoneId.equals("Africa/Cairo"))) {
-                    params[7] = 5;
-                    params[8] = 86400000;
-                }
-
-             } else if (nTrans > 0) {  // only do this if there is something in table already
-                 if (lastyear < LASTYEAR) {
-                     // ZoneInfo has an ending entry for 2037
-@@ -908,7 +880,6 @@ public final class ZoneInfoFile {
-             this.dow = dowByte == 0 ? -1 : dowByte;
-             this.secondOfDay = timeByte == 31 ? in.readInt() : timeByte * 3600;
-             this.timeDefinition = (data & (3 << 12)) >>> 12;
-
-             this.standardOffset = stdByte == 255 ? in.readInt() : (stdByte - 128) * 900;
-             this.offsetBefore = beforeByte == 3 ? in.readInt() : standardOffset + beforeByte * 1800;
-             this.offsetAfter = afterByte == 3 ? in.readInt() : standardOffset + afterByte * 1800;
--- a/SOURCES/jdk8305113-tzdata2023c.patch
+++ b/SOURCES/jdk8305113-tzdata2023c.patch
--- a/SPECS/java-17-openjdk.spec
+++ b/SPECS/java-17-openjdk.spec
@ -321,7 +321,7 @@
 # New Version-String scheme-style defines
 %global featurever 17
 %global interimver 0
-%global updatever 7
+%global updatever 6
 %global patchver 0
 # buildjdkver is usually same as %%{featurever},
 # but in time of bootstrap of next jdk, it is featurever-1,
@ -361,16 +361,15 @@
 # Define IcedTea version used for SystemTap tapsets and desktop file
 %global icedteaver      6.0.0pre00-c848b93a8598
 # Define current Git revision for the FIPS support patches
-%global fipsver bf363eecce3
+%global fipsver 72d08e3226f

 # Standard JPackage naming and versioning defines
 %global origin          openjdk
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        7
-%global rpmrelease      1
-#%%global tagsuffix     %%{nil}
+%global buildver        9
+%global rpmrelease      3
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -396,7 +395,7 @@
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           1
+%global is_ga           0
 %if %{is_ga}
 %global build_type GA
 %global ea_designator ""
@ -1128,7 +1127,7 @@ Requires: lksctp-tools%{?_isa}
 # tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
 # not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
 # considered as regression
-Requires: copy-jdk-configs >= 4.0
+Requires: copy-jdk-configs >= 3.3
 OrderWithRequires: copy-jdk-configs
 %endif
 # for printing support
@ -1337,7 +1336,7 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d

 # Crypto policy and FIPS support patches
 # Patch is generated from the fips-17u tree at https://github.com/rh-openjdk/jdk/tree/fips-17u
-# as follows: git diff %%{vcstag} src make test > fips-17u-$(git show -s --format=%h HEAD).patch
+# as follows: git diff %%{vcstag} src make > fips-17u-$(git show -s --format=%h HEAD).patch
 # Diff is limited to src and make subdirectories to exclude .github changes
 # Fixes currently included:
 # PR3183, RH1340845: Follow system wide crypto policy
@ -1366,11 +1365,6 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
 # Add nss.fips.cfg support to OpenJDK tree
 # RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
 # Remove forgotten dead code from RH2020290 and RH2104724
-# OJ1357: Fix issue on FIPS with a SecurityManager in place
-# RH2134669: Add missing attributes when registering services in FIPS mode.
-# test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
-# RH1940064: Enable XML Signature provider in FIPS mode
-# RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized
 Patch1001: fips-17u-%{fipsver}.patch

 #############################################
@ -1381,13 +1375,9 @@ Patch1001: fips-17u-%{fipsver}.patch

 #############################################
 #
-# OpenJDK patches appearing in 17.0.8
+# OpenJDK patches appearing in 17.0.5
 #
 #############################################
-# JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
-Patch2001: jdk8274864-remove_amman_cairo_hacks.patch
-# JDK-8305113: (tz) Update Timezone Data to 2023c
-Patch2002: jdk8305113-tzdata2023c.patch

 #############################################
 #
@ -1427,8 +1417,8 @@ BuildRequires: java-17-openjdk-devel
 %ifarch %{zero_arches}
 BuildRequires: libffi-devel
 %endif
-# 2023c required as of JDK-8305113
-BuildRequires: tzdata-java >= 2023c
+# 2022g required as of JDK-8297804
+BuildRequires: tzdata-java >= 2022g
 # Earlier versions have a bug in tree vectorization on PPC
 BuildRequires: gcc >= 4.8.3-8

@ -1826,9 +1816,6 @@ pushd %{top_level_dir_name}
 %patch1001 -p1
 # nss.cfg PKCS11 support; must come last as it also alters java.security
 %patch1000 -p1
-# tzdata update
-%patch2001 -p1
-%patch2002 -p1
 popd # openjdk

 %patch600
@ -2174,14 +2161,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
 if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
 %endif

-%if ! 0%{?flatpak}
-# Check translations are available for new timezones (during flatpak builds, the
-# tzdb.dat used by this test is not where the test expects it, so this is
-# disabled for flatpak builds)
+# Check translations are available for new timezones
 $JAVA_HOME/bin/javac -d . %{SOURCE18}
 $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
 $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR
-%endif

 %if %{include_staticlibs}
 # Check debug symbols in static libraries (smoke test)
@ -2440,10 +2423,9 @@ else
  return
  end
 end
-arg = nil ;  -- it is better to null the arg up, no meter if they exists or not, and use cjc as module in unified way, instead of relaying on "main" method during require "copy_jdk_configs.lua"
-cjc = require "copy_jdk_configs.lua"
-args = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
-cjc.mainProgram(args)
+-- run content of included file with fake args
+arg = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
+require "copy_jdk_configs.lua"

 %post
 %{post_script %{nil}}
@ -2639,53 +2621,15 @@ cjc.mainProgram(args)
 %endif

 %changelog
-* Thu Apr 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.7.0.7-1
- Update to jdk-17.0.7.0+7
- Update release notes to 17.0.7.0+7
- Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113
- Update generate_tarball.sh to add support for passing a boot JDK to the configure run
- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
- Update FIPS support against 17.0.7+6 and bring in latest changes:
- * RH2134669: Add missing attributes when registering services in FIPS mode.
- * test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
- * RH1940064: Enable XML Signature provider in FIPS mode
- * RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized
- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. **
- Resolves: rhbz#2185182
- Resolves: rhbz#2186804
- Resolves: rhbz#2186811
- Resolves: rhbz#2186807
-
-* Sat Jan 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-3
- Add missing release note for JDK-8295687
- Resolves: rhbz#2160111
-
-* Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-3
- Update FIPS support to bring in latest changes
- * OJ1357: Fix issue on FIPS with a SecurityManager in place
- Related: rhbz#2147476
-
-* Fri Jan 13 2023 Stephan Bergmann <sbergman@redhat.com> - 1:17.0.6.0.10-3
- Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat
- Related: rhbz#2160111
-
-* Wed Jan 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-2
- Update to jdk-17.0.6.0+10
- Update release notes to 17.0.6.0+10
- Switch to GA mode for release
- ** This tarball is embargoed until 2023-01-17 @ 1pm PT. **
- Related: rhbz#2153097
-
-* Wed Jan 04 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.2.ea
+* Wed Jan 04 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.3.ea
 - Update to jdk-17.0.6+9
 - Update release notes to 17.0.6+9
 - Drop local copy of JDK-8293834 now this is upstream
 - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone
- Resolves: rhbz#2153097
+- Resolves: rhbz#2150195

-* Sat Dec 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.1-0.2.ea
+* Sat Dec 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.1-0.3.ea
 - Update to jdk-17.0.6+1
 - Update release notes to 17.0.6+1
 - Switch to EA mode for 17.0.6 pre-release builds.
@ -2693,38 +2637,55 @@ cjc.mainProgram(args)
 - Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream
 - Drop JDK-8275535 local patch now this has been accepted and backported upstream
 - Bump tzdata requirement to 2022e now the package is available in RHEL
- Related: rhbz#2153097
+- Related: rhbz#2150195

-* Wed Nov 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-4
+* Wed Nov 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-5
 - Update FIPS support to bring in latest changes
 - * Add nss.fips.cfg support to OpenJDK tree
 - * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
 - * Remove forgotten dead code from RH2020290 and RH2104724
 - Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build
- Resolves: rhbz#2147476
+- Resolves: rhbz#2117972

-* Wed Oct 26 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-1
+* Wed Oct 26 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-2
 - Update to jdk-17.0.5+8 (GA)
 - Update release notes to 17.0.5+8 (GA)
- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
- Bump FreeType bundled version to 2.12.1 following JDK-8290334
+- Switch to GA mode for final release.
 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
 - Update CLDR data with Europe/Kyiv (JDK-8293834)
 - Drop JDK-8292223 patch which we found to be unnecessary
 - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream
 - The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds
 - Remove freetype sources along with zlib sources
- Resolves: rhbz#2132933
 - Resolves: rhbz#2133695

+* Tue Oct 04 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.7-0.2.ea
+- Update to jdk-17.0.5+7
+- Update release notes to 17.0.5+7
+- Drop JDK-8288985 patch that is now upstream
+- Resolves: rhbz#2130617
+
+* Mon Oct 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.1-0.2.ea
+- Update to jdk-17.0.5+1
+- Update release notes to 17.0.5+1
+- Switch to EA mode for 17.0.5 pre-release builds.
+- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
+- Bump FreeType bundled version to 2.12.1 following JDK-8290334
+- Related: rhbz#2130617
+
+* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-6
+- Backport JDK-8288985 to enable use of ChaCha20-Poly1305 with the PKCS11 provider
+- Upstream backport in progress: https://github.com/openjdk/jdk17u-dev/pull/650
+- Resolves: rhbz#2006351
+
 * Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-5
 - Switch to static builds, reducing system dependencies and making build more portable
- Resolves: rhbz#2121268
+- Resolves: rhbz#2121263

 * Mon Aug 29 2022 Stephan Bergmann <sbergman@redhat.com> - 1:17.0.4.1.1-4
 - Fix flatpak builds (catering for their uncompressed manual pages)
 - Fix flatpak builds by exempting them from bootstrap
- Resolves: rhbz#2102726
+- Resolves: rhbz#2102734

 * Mon Aug 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-3
 - Update FIPS support to bring in latest changes
@ -2733,23 +2694,23 @@ cjc.mainProgram(args)
 - * Build the systemconf library on all platforms
 - * RH2048582: Support PKCS#12 keystores
 - * RH2020290: Support TLS 1.3 in FIPS mode
- Resolves: rhbz#2104725
- Resolves: rhbz#2117758
- Resolves: rhbz#2115164
- Resolves: rhbz#2029665
+- Resolves: rhbz#2104724
+- Resolves: rhbz#2092507
+- Resolves: rhbz#2048582
+- Resolves: rhbz#2020290

 * Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2
 - Update to jdk-17.0.4.1+1
 - Update release notes to 17.0.4.1+1
 - Add patch to provide translations for Europe/Kyiv added in tzdata2022b
 - Add test to ensure timezones can be translated
- Resolves: rhbz#2119532
+- Resolves: rhbz#2119531

 * Fri Jul 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.8-3
 - Update to jdk-17.0.4.0+8
 - Update release notes to 17.0.4.0+8
 - Switch to GA mode for release
- Resolves: rhbz#2106524
+- Resolves: rhbz#2106522

 * Wed Jul 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.2.ea
 - Revert the following changes until copy-java-configs has adapted to relative symlinks:
@ -2759,56 +2720,58 @@ cjc.mainProgram(args)
 - * Use relative symlinks so they work within the image
 - * Run debug symbols check during build stage, before the install strips them
 - The move of turning on system security properties is retained so we don't ship with them off
- Related: rhbz#2084218
+- Related: rhbz#2100674
+
+* Wed Jul 20 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.4.0.7-0.2.ea
+- retutrned absolute symlinks
+- relative symlinks are breaking cjc, and deeper investigations are necessary
+-- why cjc intentionally skips relative symllinks
+- images have to be workarounded differently
+- Related: rhbz#2100674

 * Sat Jul 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.1.ea
- Update to jdk-17.0.3.0+7
- Update release notes to 17.0.3.0+7
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
- Explicitly require crypto-policies during build and runtime for system security properties
- Make use of the vendor version string to store our version & release rather than an upstream release date
- Include a test in the RPM to check the build has the correct vendor information.
- Resolves: rhbz#2084218
-
-* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the shell.
- Related: rhbz#2084218
-
-* Tue Jul 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.1-0.1.ea
- Update to jdk-17.0.4.0+1
- Update release notes to 17.0.4.0+1
+- Update to jdk-17.0.4.0+7
+- Update release notes to 17.0.4.0+7
 - Switch to EA mode for 17.0.4 pre-release builds.
+- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
 - Print release file during build, which should now include a correct SOURCE value from .src-rev
 - Update tarball script with IcedTea GitHub URL and .src-rev generation
 - Include script to generate bug list for release notes
 - Update tzdata requirement to 2022a to match JDK-8283350
 - Move EA designator check to prep so failures can be caught earlier
 - Make EA designator check non-fatal while upstream is not maintaining it
- Related: rhbz#2084218
+- Explicitly require crypto-policies during build and runtime for system security properties
+- Make use of the vendor version string to store our version & release rather than an upstream release date
+- Include a test in the RPM to check the build has the correct vendor information.
+- Resolves: rhbz#2083316

-* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
+* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
+- Fix issue where CheckVendor.java test erroneously passes when it should fail.
+- Add proper quoting so '&' is not treated as a special character by the shell.
+- Related: rhbz#2083316
+
+* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
 - Fix whitespace in spec file
- Related: rhbz#2100677
+- Related: rhbz#2100674

-* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
+* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
 - Sequence spec file sections as they are run by rpmbuild (build, install then test)
- Related: rhbz#2100677
+- Related: rhbz#2100674

-* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
+* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
 - Turn on system security properties as part of the build's install section
 - Move cacerts replacement to install section and retain original of this and tzdb.dat
 - Run tests on the installed image, rather than the build image
 - Introduce variables to refer to the static library installation directories
 - Use relative symlinks so they work within the image
 - Run debug symbols check during build stage, before the install strips them
- Related: rhbz#2100677
+- Related: rhbz#2100674

-* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-4
+* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-5
 - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
- Resolves: rhbz#2102433
+- Resolves: rhbz#2007331

-* Wed Jun 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-3
+* Tue Jun 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-4
 - Update FIPS support to bring in latest changes
 - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
 - * RH2090378: Revert to disabling system security properties and FIPS mode support together
@ -2816,51 +2779,64 @@ cjc.mainProgram(args)
 - Enable system security properties in the RPM (now disabled by default in the FIPS repo)
 - Improve security properties test to check both enabled and disabled behaviour
 - Run security properties test with property debugging on
- Resolves: rhbz#2099844
- Resolves: rhbz#2100677
+- Resolves: rhbz#2099840
+- Resolves: rhbz#2100674
+
+* Tue Jun 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-3
+- Add rpminspect.yaml to turn off Java bytecode inspections
+- java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
+- Resolves: rhbz#2101524

 * Sun Jun 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-2
 - Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
 - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
 - RH2023467: Enable FIPS keys export
 - RH2094027: SunEC runtime permission for FIPS
- Resolves: rhbz#2029657
- Resolves: rhbz#2096117
+- Resolves: rhbz#2023467
+- Resolves: rhbz#2094027

 * Wed Apr 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-1
- April 2022 security update to jdk 17.0.3+6
- Update to jdk-17.0.3.0+6 pre-release tarball (17usec.17.0.3+5-220408)
- Add JDK-8284548 regression fix missing from pre-release tarball but in jdk-17.0.3+6/jdk-17.0.3-ga
+- April 2022 security update to jdk 17.0.3+7
+- Update to jdk-17.0.3.0+7 release tarball
 - Update release notes to 17.0.3.0+6
 - Add missing README.md and generate_source_tarball.sh
 - Switch to GA mode for release
 - JDK-8283911 patch no longer needed now we're GA...
- Resolves: rhbz#2073579
+- Resolves: rhbz#2073577

 * Wed Apr 06 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.5-0.1.ea
 - Update to jdk-17.0.3.0+5
 - Update release notes to 17.0.3.0+5
- Resolves: rhbz#2050460
+- Resolves: rhbz#2050456

 * Tue Mar 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.1-0.1.ea
 - Update to jdk-17.0.3.0+1
 - Update release notes to 17.0.3.0+1
 - Switch to EA mode for 17.0.3 pre-release builds.
 - Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
- Related: rhbz#2050460
+- Related: rhbz#2050456

-* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-13
+* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-15
 - Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
- Resolves: rhbz#2055383
+- Resolves: rhbz#2052070

-* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-12
- Add rpminspect.yaml to turn off Java bytecode inspections
- java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
- Resolves: rhbz#2023540
-
-* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-11
+* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-14
 - Introduce tests/tests.yml, based on the one in java-11-openjdk
- Resolves: rhbz#2058490
+- Resolves: rhbz#2058493
+
+* Sun Feb 27 2022 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.2.0.8-13
+- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
+  secmod.db file as part of nss
+- Resolves: rhbz#2023536
+
+* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-12
+- Detect NSS at runtime for FIPS detection
+- Turn off build-time NSS linking and go back to an explicit Requires on NSS
+- Resolves: rhbz#2051605
+
+* Fri Feb 25 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-11
+- Add JDK-8275535 patch to fix LDAP authentication issue.
+- Resolves: rhbz#2053256

 * Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-10
 - Storing and restoring alterntives during update manually
@ -2872,30 +2848,28 @@ cjc.mainProgram(args)
 -- the selection in family
 -- Thus this fix, is storing the family of manually selected master, and if
 -- stored, then it is restoring the family of the master
- Resolves: rhbz#2008206
+- Resolves: rhbz#2008200

 * Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-9
 - Family extracted to globals
- Related: rhbz#2008206
+- Resolves: rhbz#2008200

-* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-8
- Detect NSS at runtime for FIPS detection
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
- Resolves: rhbz#2052829
+* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-8
+- alternatives creation moved to posttrans
+- Thus fixing the old reisntall issue:
+- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
+- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
+- Resolves: rhbz#2008200

-* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-7
- Add JDK-8275535 patch to fix LDAP authentication issue.
- Resolves: rhbz#2053521
-
-* Mon Feb 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-6
+* Mon Feb 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-7
 - Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
- Resolves: rhbz#2052819
+- Resolves: rhbz#2051590

-* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-5
+* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-6
 - Fix FIPS issues in native code and with initialisation of java.security.Security
- Resolves: rhbz#2023531
+- Resolves: rhbz#2023378

-* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-4
+* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-5
 - Restructure the build so a minimal initial build is then used for the final build (with docs)
 - This reduces pressure on the system JDK and ensures the JDK being built can do a full build
 - Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
@ -2908,108 +2882,92 @@ cjc.mainProgram(args)
 - Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
 - Explicitly list JIT architectures rather than relying on those with slowdebug builds
 - Disable the serviceability agent on Zero architectures even when the architecture itself is supported
- Resolves: rhbz#2022826
+- Resolves: rhbz#2022822

-* Thu Feb 17 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-4
+* Thu Feb 17 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-5
 - Replaced tabs by sets of spaces to make rpmlint happy
 - javadoc-zip gets its own provides next to plain javadoc ones
- Resolves: rhbz#2022826
+- Resolves: rhbz#2022822

-* Wed Feb 16 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-3
+* Tue Feb 08 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-4
 - Minor cosmetic improvements to make spec more comparable between variants
- Related: rhbz#2022826
+- Related: rhbz#2022822

-* Wed Feb 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-2
+* Thu Feb 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-3
 - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@
 - Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
- Related: rhbz#2022826
+- Related: rhbz#2022822

-* Fri Feb 11 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-1
+* Thu Feb 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-2
+- Extend LTS check to exclude EPEL.
+- Related: rhbz#2022822
+
+* Thu Feb 03 2022 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.2.0.8-2
+- Set LTS designator.
+- Related: rhbz#2022822
+
+* Wed Jan 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-1
 - January 2022 security update to jdk 17.0.2+8
 - Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
 - Rename libsvml.so to libjsvml.so following JDK-8276025
- Drop JDK-8276572 patch which is now upstream
- Resolves: rhbz#2039392
+- Resolves: rhbz#2039366

-* Thu Feb 10 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-3
+* Thu Oct 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-3
 - Sync desktop files with upstream IcedTea release 3.15.0 using new script
- Related: rhbz#2022826
+- Related: rhbz#2013842

-* Mon Nov 29 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.1.0.12-2
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
-  secmod.db file as part of nss
- Resolves: rhbz#2023537
+* Tue Oct 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-2
+- Drop JDK-8272332/RH2004078 patch which is upstream in 17.0.1
+- Resolves: rhbz#2013842

-* Tue Nov 16 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-1
- Drop JDK-8272332 patch now included upstream.
- Resolves: rhbz#2013846
-
-* Tue Nov 16 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-1
+* Wed Oct 20 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-2
 - October CPU update to jdk 17.0.1+12
 - Dropped commented-out source line
- Resolves: rhbz#2013846
+- Resolves: rhbz#2013842

-* Tue Nov 09 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-8
- Extend LTS check to exclude EPEL.
- Related: rhbz#2013846
-
-* Tue Nov 09 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.35-8
- Set LTS designator.
- Related: rhbz#2013846
-
-* Mon Nov 08 2021 Jiri Vanek <jvanek@redhat.com> - 1:17.0.0.0.35-7
- alternatives creation moved to posttrans
- Thus fixing the old reinstall issue:
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
- Resolves: rhbz#2008206
-
-* Fri Nov 05 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-6
- Patch syslookup.c so it actually has some code to be compiled into libsyslookup
- Related: rhbz#2013846
-
-* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-5
+* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-6
 - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
- Resolves: rhbz#1994682
+- Resolves: rhbz#1994661

-* Sun Oct 10 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.35-5
+* Sun Oct 10 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.35-6
 - Add patch to allow plain key import.
- Resolves: rhbz#1994682
+- Resolves: rhbz#1994661

-* Mon Sep 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-4
+* Mon Sep 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-5
 - Update release notes to document the major changes between OpenJDK 11 & 17.
- Resolves: rhbz#2000925
+- Resolves: rhbz#2003072

 * Thu Sep 16 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-3
 - Update to jdk-17+35, also known as jdk-17-ga.
 - Switch to GA mode.
 - Add JDK-8272332 fix so we actually link against HarfBuzz.
- Resolves: rhbz#2000925
+- Resolves: rhbz#2003072
+- Resolves: rhbz#2004078

 * Mon Aug 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.5.ea
 - Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
- Resolves: rhbz#1997359
+- Resolves: rhbz#1996182

 * Sat Aug 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.4.ea
 - Fix unused function compiler warning found in systemconf.c
- Related: rhbz#1995889
+- Related: rhbz#1995150

 * Sat Aug 28 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.4.ea
 - Add patch to login to the NSS software token when in FIPS mode.
- Resolves: rhbz#1997359
+- Resolves: rhbz#1996182

 * Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.3.ea
 - Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
- Resolves: rhbz#1995889
+- Resolves: rhbz#1995150

 * Fri Aug 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.2.ea
 - Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
 - Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
- Related: rhbz#1995889
+- Related: rhbz#1995150

 * Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.2.ea
 - Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
- Related: rhbz#1995889
+- Related: rhbz#1995150

 * Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.1.ea
 - Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
@ -3020,56 +2978,51 @@ cjc.mainProgram(args)
 - Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
 - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
 - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
- Related: rhbz#1995889
+- Related: rhbz#1995150

 * Thu Aug 26 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.1.ea
 - Support the FIPS mode crypto policy (RH1655466)
 - Use appropriate keystore types when in FIPS mode (RH1818909)
 - Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
- Related: rhbz#1995889
+- Related: rhbz#1995150

 * Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.0.ea
 - Update to jdk-17+33, including JDWP fix and July 2021 CPU
- Resolves: rhbz#1870625
+- Resolves: rhbz#1959487

 * Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.5.ea
 - Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
 - Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
- Resolves: rhbz#1870625
+- Resolves: rhbz#1959487

-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:17.0.0.0.26-0.4.ea.1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Wed Jul 14 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.4.ea
+* Wed Aug 25 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.4.ea
 - Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch which made the SunPKCS provider show up again
- Resolves: rhbz#1870625
+- Resolves: rhbz#1959487

-* Tue Jul 13 2021 Jiri Vanek <pmikova@redhat.com> - 1:17.0.0.0.26-0.3.ea
- Add gating support
- Resolves: rhbz#1870625
-
-* Fri Jun 25 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.2.ea
+* Wed Aug 25 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.3.ea
 - Re-enable TestSecurityProperties after inclusion of PR3695
- Resolves: rhbz#1870625
+- Resolves: rhbz#1959487

-* Fri Jun 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.2.ea
+* Wed Aug 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.3.ea
 - Add PR3695 to allow the system crypto policy to be turned off
- Resolves: rhbz#1870625
+- Resolves: rhbz#1959487

-* Fri Jun 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.1.ea
+* Wed Jul 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.2.ea
 - Remove boot JDKs in favour of OpenJDK 17 build now in the buildroot.
- Resolves: rhbz#1870625
+- Resolves: rhbz#1959487

-* Thu Jun 24 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.1.ea
+* Wed Jul 14 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.2.ea
 - Update buildjdkver to 17 so as to build with itself
- Resolves: rhbz#1870625
+- Resolves: rhbz#1959487
+
+* Tue Jul 13 2021 Jiri Vanek <jvanek@redhat.com> - 1:17.0.0.0.26-0.1.ea
+- Add gating support
+- Resolves: rhbz#1959487

 * Mon Jun 21 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.0.ea
- Rename to java-17-openjdk and bootstrap using boot JDK in local sources
+- Rename as java-17-openjdk and bootstrap using boot JDK in local sources
 - Exclude x86 as this is not supported by OpenJDK 17
- Use unzip to test src.zip to avoid looking for jar on path
- Resolves: rhbz#1870625
+- Resolves: rhbz#1959487

 * Fri Jun 11 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.0.ea.rolling
 - update sources to jdk 17.0.0+26
@ -3083,9 +3036,6 @@ cjc.mainProgram(args)
 - add lib/libsvml.so for intel
 - skip debuginfo check for libsyslookup.so on s390x

-* Fri May 07 2021 Jiri Vanek <jvanek@redhat.com> - 1:16.0.1.0.9-2.rolling
- removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction
-
 * Thu Apr 29 2021 Jiri Vanek <jvanek@redhat.com> -  1:16.0.1.0.9-2.rolling
 - adapted to debug handling  in newer cjc
 - The rest of the "rpm 4.17" patch must NOT be backported, as on rpm 4.16 and down, it would casue double execution