.gitignore

@@ -1,2 +1,2 @@
-SOURCES/openjdk-17.0.14+7.tar.xz
+SOURCES/openjdk-jdk17u-jdk-17.0.7+7.tar.xz
 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

.java-17-openjdk.metadata

@@ -1,2 +1,2 @@
-9a22dd5bbab0d3755b8d391790dd63650b19f5bc SOURCES/openjdk-17.0.14+7.tar.xz
+bc3222a9f338eeb1c03f2b95f429b954c5da3fa7 SOURCES/openjdk-jdk17u-jdk-17.0.7+7.tar.xz
 c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

SOURCES/fips-17u-bf363eecce3.patch

@@ -116,7 +116,7 @@ index 00000000000..f48fc7f7e80
 +  AC_SUBST(NSS_LIBDIR)
 +])
 diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
-index 62db5b16c31..f0bb4333fc9 100644
+index a65d91ee974..a8f054c1397 100644
 --- a/make/autoconf/libraries.m4
 +++ b/make/autoconf/libraries.m4
 @@ -33,6 +33,7 @@ m4_include([lib-std.m4])
@@ -136,10 +136,10 @@ index 62db5b16c31..f0bb4333fc9 100644
    BASIC_JDKLIB_LIBS=""
    if test "x$TOOLCHAIN_TYPE" != xmicrosoft; then
 diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
-index 807ba27589b..47cb6b7753b 100644
+index 537c3e3043c..16ad3df6f09 100644
 --- a/make/autoconf/spec.gmk.in
 +++ b/make/autoconf/spec.gmk.in
-@@ -844,6 +844,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
+@@ -841,6 +841,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
  # Libraries
  #
  
@@ -2508,7 +2508,7 @@ index 00000000000..dc8bc72fccb
 +    }
 +}
 diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
-index 8f6e1e12a7e..2726391bcea 100644
+index fab52688c04..29337576f37 100644
 --- a/src/java.base/share/conf/security/java.security
 +++ b/src/java.base/share/conf/security/java.security
 @@ -82,6 +82,17 @@ security.provider.tbd=Apple
@@ -2606,10 +2606,10 @@ index 00000000000..55bbba98b7a
 +attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
 +
 diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
-index 4e3c326cb2f..c39faee2f43 100644
+index b22f26947af..02bea84e210 100644
 --- a/src/java.base/share/lib/security/default.policy
 +++ b/src/java.base/share/lib/security/default.policy
-@@ -123,6 +123,7 @@ grant codeBase "jrt:/jdk.charsets" {
+@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
  grant codeBase "jrt:/jdk.crypto.ec" {
      permission java.lang.RuntimePermission
                     "accessClassInPackage.sun.security.*";
@@ -2617,7 +2617,7 @@ index 4e3c326cb2f..c39faee2f43 100644
      permission java.lang.RuntimePermission "loadLibrary.sunec";
      permission java.security.SecurityPermission "putProviderProperty.SunEC";
      permission java.security.SecurityPermission "clearProviderProperties.SunEC";
-@@ -132,6 +133,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
+@@ -130,6 +131,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
  grant codeBase "jrt:/jdk.crypto.cryptoki" {
      permission java.lang.RuntimePermission
                     "accessClassInPackage.com.sun.crypto.provider";
@@ -2625,7 +2625,7 @@ index 4e3c326cb2f..c39faee2f43 100644
      permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
      permission java.lang.RuntimePermission
                     "accessClassInPackage.sun.security.*";
-@@ -142,6 +144,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
+@@ -140,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
      permission java.util.PropertyPermission "os.name", "read";
      permission java.util.PropertyPermission "os.arch", "read";
      permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
@@ -3496,7 +3496,7 @@ index 00000000000..f8d505ca815
 +}
 \ No newline at end of file
 diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
-index d12244337a5..f2e8e4094c8 100644
+index 9b69072280e..5696b904979 100644
 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
 +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
 @@ -37,6 +37,8 @@ import javax.crypto.*;
@@ -3518,27 +3518,35 @@ index d12244337a5..f2e8e4094c8 100644
      private static final long serialVersionUID = -2575874101938349339L;
  
      private static final String PUBLIC = "public";
-@@ -393,9 +398,10 @@ abstract class P11Key implements Key, Length {
-                     new CK_ATTRIBUTE(CKA_EXTRACTABLE),
+@@ -136,9 +141,7 @@ abstract class P11Key implements Key, Length {
+         this.tokenObject = tokenObject;
+         this.sensitive = sensitive;
+         this.extractable = extractable;
+-        char[] tokenLabel = this.token.tokenInfo.label;
+-        boolean isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
+-                && tokenLabel[2] == 'S');
++        boolean isNSS = P11Util.isNSS(this.token);
+         boolean extractKeyInfo = (!DISABLE_NATIVE_KEYS_EXTRACTION && isNSS &&
+                 extractable && !tokenObject);
+         this.keyIDHolder = new NativeKeyHolder(this, keyID, session,
+@@ -379,7 +382,9 @@ abstract class P11Key implements Key, Length {
+             new CK_ATTRIBUTE(CKA_SENSITIVE),
+             new CK_ATTRIBUTE(CKA_EXTRACTABLE),
          });
- 
--        boolean keySensitive =
--                (attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
--                attrs[1].getBoolean() || !attrs[2].getBoolean();
+-        if (attributes[1].getBoolean() || (attributes[2].getBoolean() == false)) {
 +        boolean exportable = plainKeySupportEnabled && !algorithm.equals("DH");
-+        boolean keySensitive = (!exportable &&
-+            ((attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
-+             attrs[1].getBoolean() || !attrs[2].getBoolean()));
- 
-         switch (algorithm) {
-         case "RSA":
-@@ -450,7 +456,8 @@ abstract class P11Key implements Key, Length {
- 
++        if (!exportable && (attributes[1].getBoolean() ||
++                (attributes[2].getBoolean() == false))) {
+             return new P11PrivateKey
+                 (session, keyID, algorithm, keyLength, attributes);
+         } else {
+@@ -461,7 +466,8 @@ abstract class P11Key implements Key, Length {
+         }
          public String getFormat() {
              token.ensureValid();
--            if (sensitive || !extractable || (isNSS && tokenObject)) {
+-            if (sensitive || (extractable == false)) {
 +            if (!plainKeySupportEnabled &&
-+                    (sensitive || !extractable || (isNSS && tokenObject))) {
++                    (sensitive || (extractable == false))) {
                  return null;
              } else {
                  return "RAW";
@@ -3963,7 +3971,7 @@ index 8d1b8ccb0ae..7ea9b4c5e7f 100644
      }
  
 diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
-index cabee449346..72b64f72c0a 100644
+index 262cfc062ad..72b64f72c0a 100644
 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
 +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
 @@ -27,6 +27,10 @@ package sun.security.pkcs11;
@@ -3977,7 +3985,7 @@ index cabee449346..72b64f72c0a 100644
  
  /**
   * Collection of static utility methods.
-@@ -40,6 +44,93 @@ public final class P11Util {
+@@ -40,10 +44,106 @@ public final class P11Util {
  
      private static volatile Provider sun, sunRsaSign, sunJce;
  
@@ -4071,6 +4079,19 @@ index cabee449346..72b64f72c0a 100644
      private P11Util() {
          // empty
      }
+ 
++    static boolean isNSS(Token token) {
++        char[] tokenLabel = token.tokenInfo.label;
++        if (tokenLabel != null && tokenLabel.length >= 3) {
++            return (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
++                    && tokenLabel[2] == 'S');
++        }
++        return false;
++    }
++
+     static Provider getSunProvider() {
+         Provider p = sun;
+         if (p == null) {
 diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
 index aa35e8fa668..1855e5631bd 100644
 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -4506,7 +4527,7 @@ index aa35e8fa668..1855e5631bd 100644
                  debug.println("logout succeeded");
              }
 diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
-index 1f94fe3e18a..99eec2114e4 100644
+index 9858a5faedf..e63585486d9 100644
 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
 +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
 @@ -33,6 +33,7 @@ import java.lang.ref.*;

SOURCES/jdk8274864-remove_amman_cairo_hacks.patch

@@ -0,0 +1,53 @@
+commit 1b3825db8631e55771fb723d4fcd10040ea15b7e
+Author: duke <duke@openjdk.org>
+Date:   Wed Apr 12 17:25:27 2023 +0000
+
+    Backport ec199072c5867624d66840238cc8828e16ae8da7
+
+diff --git a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
+index 6f6e190efcd..ef278203182 100644
+--- a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
++++ b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
+@@ -608,34 +608,6 @@ public final class ZoneInfoFile {
+                 params[8] = endRule.secondOfDay * 1000;
+                 params[9] = toSTZTime[endRule.timeDefinition];
+                 dstSavings = (startRule.offsetAfter - startRule.offsetBefore) * 1000;
+-
+-                // Note: known mismatching -> Asia/Amman
+-                // ZoneInfo :      startDayOfWeek=5     <= Thursday
+-                //                 startTime=86400000   <= 24 hours
+-                // This:           startDayOfWeek=6
+-                //                 startTime=0
+-                // Similar workaround needs to be applied to Africa/Cairo and
+-                // its endDayOfWeek and endTime
+-                // Below is the workarounds, it probably slows down everyone a little
+-                if (params[2] == 6 && params[3] == 0 &&
+-                    (zoneId.equals("Asia/Amman"))) {
+-                    params[2] = 5;
+-                    params[3] = 86400000;
+-                }
+-                // Additional check for startDayOfWeek=6 and starTime=86400000
+-                // is needed for Asia/Amman;
+-                if (params[2] == 7 && params[3] == 0 &&
+-                     (zoneId.equals("Asia/Amman"))) {
+-                    params[2] = 6;        // Friday
+-                    params[3] = 86400000; // 24h
+-                }
+-                //endDayOfWeek and endTime workaround
+-                if (params[7] == 6 && params[8] == 0 &&
+-                    (zoneId.equals("Africa/Cairo"))) {
+-                    params[7] = 5;
+-                    params[8] = 86400000;
+-                }
+-
+             } else if (nTrans > 0) {  // only do this if there is something in table already
+                 if (lastyear < LASTYEAR) {
+                     // ZoneInfo has an ending entry for 2037
+@@ -908,7 +880,6 @@ public final class ZoneInfoFile {
+             this.dow = dowByte == 0 ? -1 : dowByte;
+             this.secondOfDay = timeByte == 31 ? in.readInt() : timeByte * 3600;
+             this.timeDefinition = (data & (3 << 12)) >>> 12;
+-
+             this.standardOffset = stdByte == 255 ? in.readInt() : (stdByte - 128) * 900;
+             this.offsetBefore = beforeByte == 3 ? in.readInt() : standardOffset + beforeByte * 1800;
+             this.offsetAfter = afterByte == 3 ? in.readInt() : standardOffset + afterByte * 1800;

SOURCES/rh1648644-java_access_bridge_privileged_security.patch

@@ -0,0 +1,20 @@
+--- openjdk/src/java.base/share/conf/security/java.security
++++ openjdk/src/java.base/share/conf/security/java.security
+@@ -304,6 +304,8 @@
+ #
+ package.access=sun.misc.,\
+                sun.reflect.,\
++               org.GNOME.Accessibility.,\
++               org.GNOME.Bonobo.,\
+ 
+ #
+ # List of comma-separated packages that start with or equal this string
+@@ -316,6 +318,8 @@
+ #
+ package.definition=sun.misc.,\
+                    sun.reflect.,\
++                   org.GNOME.Accessibility.,\
++                   org.GNOME.Bonobo.,\
+ 
+ #
+ # Determines whether this properties file can be appended to

SOURCES/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch

@@ -0,0 +1,19 @@
+Remove uses of FAR in jpeg code
+
+Upstream libjpeg-trubo removed the (empty) FAR macro:
+http://sourceforge.net/p/libjpeg-turbo/code/1312/
+
+Adjust our code to not use the undefined FAR macro anymore.
+
+diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
+--- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
++++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
+@@ -1385,7 +1385,7 @@
+     /* and fill it in */
+     dst_ptr = icc_data;
+     for (seq_no = first; seq_no < last; seq_no++) {
+-        JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
++        JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
+         unsigned int length =
+             icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN;
+