java-9-openjdk-9.0.4.0-bp152.2.87

- OpenJDK 9.0.4 (January 2018 CPU) - bsc#1076366
  * Security fixes:
    + S8172525, CVE-2018-2579: Improve key keying case
    + S8174962, CVE-2018-2582: Better interface invocations
    + S8178449, CVE-2018-2588: Improve LDAP logins
    + S8182125, CVE-2018-2599: Improve reliability of DNS lookups
    + S8182387, CVE-2018-2603: Improve PKCS usage
    + S8182601, CVE-2018-2602: Improve usage messages
    + S8185292, CVE-2018-2618: Stricter key generation
    + S8185325, CVE-2018-2641: Improve GTK initialization
    + S8186212, CVE-2018-2629: Improve GSS handling
    + S8186600, CVE-2018-2634: Improve property negotiations
    + S8186606, CVE-2018-2633: Improve LDAP lookup robustness
    + S8186998, CVE-2018-2637: Improve JMX supportive features
    + S8189284, CVE-2018-2663: More refactoring for deserialization
    cases
    + S8190289, CVE-2018-2677: More refactoring for client
    deserialization cases
    + S8191142, CVE-2018-2678: More refactoring for naming
    deserialization cases
  * Security-In-Depth fixes:
    + S8160104: CORBA communication improvements
    + S8174756: Extra validation for public keys
    + S8175932: Improve host instance supports
    + S8176450: Revise default document styling
    + S8178458: Better use of certificates in LDAP
    + S8178466: Better RSA parameters
    + S8179533: Cleaner print job handling
    + S8179990: Cleaner palette entry handling
    + S8180011: Cleaner native graphics device handling
    + S8180015: Cleaner AWT robot handling
    + S8180020: Improve SymbolHashMap entry handling
    + S8180869: Cleaner image file reading handling
    + S8180877: More deeply colored ICC spaces
    + S8181664: Improve JVM UTF String handling
    + S8181670: Improve implementation of keystores
    + S8186080: Transform XML interfaces
    + S8186867: Improve native glyph layouts
  * Fixes:
    + S8139653: Freetype bundled on macosx, but not correctly
    linked
    + S8140436: Negotiated Finite Field Diffie-Hellman Ephemeral
    Parameters for TLS
    + S8148421: Transport Layer Security (TLS) Session Hash and
    Extended Master Secret Extension
    + S8159377: JMX Connections need white-list filters
    + S8163237: Restrict the use of EXPORT cipher suites
    + S8163958: Improved garbage collection
    + S8165543: Better window framing
    + S8169026: Handle smartcard clean up better
    + S8169080: Improve documentation examples for crypto
    applications
    + S8169209: Improved image post-processing steps
    + S8169392: Additional jar validation steps
    + S8169966: Larger AWT menus
    + S8170218: Improved Font Metrics
    + S8170966: Right parenthesis issue
    + S8171252: Improve exception checking
    + S8171261: Stability fixes for lcms
    + S8171539: Better script accessibility for JavaScript
    + S8172204: Better Thread Pool execution
    + S8172461: Service Registration Lifecycle
    + S8172465: Better handling of channel groups
    + S8172469: Transform Transformer Exceptions
    + S8173697: Less Active Activations
    + S8173770: Image conversion improvements
    + S8174098: Better image fetching
    + S8174105: Better naming attribution
    + S8174109: Better queuing priorities
    + S8174113: Better sourcing of code
    + S8174770: Check registry registration location
    + S8174873: Improved certificate procesing
    + S8174966: Unreferenced references
    + S8175106: Higher quality DSA operations
    + S8175110: Higher quality ECDSA operations
    + S8175940: More certificate subject checking
    + S8176055: JMX diagnostic improvements
    + S8176067: Proper directory lookup processing
    + S8176731: JCK tests in api/javax_xml/transform/ spec
    conformance started failing after 8172469
    + S8176751: Better URL connections
    + S8176760: Better handling of PKCS8 material
    + S8177549: Typo in Vector.java
    + S8178135: Additional elliptic curve support
    + S8178714: PKIX validator nameConstraints check failing after
    change 8175940
    + S8178728: Check the AlgorithmParameters in algorithm
    constraints
    + S8178794: krb5 client should ignore sname in incoming tickets
    + S8179101: Improve algorithm constraints implementation
    + S8179564: Missing @bug for tests added with JDK-8165367
    + S8179998: Clear certificate chain connections
    + S8180024: Improve construction of objects during
    deserialization
    + S8180711: Better invokespecial checks
    + S8181048: Refactor existing providers to refer to the same
    constants for default values for key length
    + S8181100: Better Base Exceptions
    + S8181191: getUint32 returning Long
    + S8181323: Better timezone processing
    + S8181327: Better X processing
    + S8181370: Better keystore handling
    + S8181420: PPC: Image conversion improvements
    + S8181432: Better processing of unresolved permissions
    + S8181439: Test the jdk.tls.namedGroups System Property
    + S8181597: Process Proxy presentation
    + S8181612: More stable connection processing
    + S8181692: Update storage implementations
    + S8181788: Unable to build JDK10 on SPARC-M8 machines
    + S8182054: Improve wsdl support
    + S8182879: Add warnings to keytool when using JKS and JCEKS
    + S8183028: Improve CMS header processing
    + S8183297: Allow duplicate bugid for changeset in jdk9 update
    forest
    + S8183934: Change version number in 9.0.3 to 9.0.3
    + S8184937: LCMS error 13: Couldn't link the profiles
    + S8185928: Generate OpenJDK builds for Mac platform JDK 9.0.3
    and beyond in Mach 5
    + S8186093: A comment in the java.security configuration file
    incorrectly says that strong but "limited" is the default
    value
    + S8187482: Backout JDK-8159377
    + S8187556: Backout of a fix reintroduced a dependency that had
    since been removed
    + S8187558: Undo JDK-8159377 spec change
    + S8188194: Change version number in 9.0.4 to 9.0.4
    + S8188741: Update milestone to ea for 9.0.4+1
    + S8188789: Update JDK 9.0.1 and Future OpenJDK bundle names
    + S8188880: A JAXB JCK test failure found after 8186080
    + S8189131: Open-source the Oracle JDK Root Certificates
    + S8190258: (tz) Support tzdata2017c
    + S8190259: test tck.java.time.zone.TCKZoneRules is broken by
    tzdata2017c
    + S8190285: s390: Some java boolean checks are not correct
    + S8190464: OpenJDK on macosx needs to bundle freetype
    + S8190543: 9.0.4 L10n resource file update
    + S8190550: Update milestone to fcs for 9.0.4+5
    + S8190718: Change OpenJDK RI builds of Windows to x64
    + S8190725: Freetype license file provided with configure not
    included in images
    + S8190789: sun/security/provider/certpath/LDAPCertStore/
    /TestURICertStoreParameters.java fails after JDK-8186606
    + S8191137: keytool fails to format resource strings for keys
    for some languages after JDK-8171319
    + S8191907: PPC64 and s390 parts of JDK-8174962: Better
    interface invocations
    + S8191940: OpenJDK bundle contains closed repository
    information in release file
    + S8192773: Remove and retag 9.0.4+8 to include 8192772
    + S8192796: 9.0.4 L10n resource file update md20
    + S8192876: MacOS build fails intermittently after JDK-8139653
    + S8193208: Add missing file
    + S8193683: Increase the number of clones in the CloneableDigest
    + S8193758: Update copyright headers of files in src tree that
    are missing Classpath exception

- The macro bits was not defined for aarch64 and some other
  architectures (bsc#1071624)

- Run TestCryptoLevel and TestECDSA as a part of build to assure
  that the crypto works as expected

- Added patch:
  * java9-improved-fonts.patch
    + Imports IMPROVED_FONT_RENDERING from OpenJDK 1.8.0 to use
    system fontconfig settings instead of hardcoded flags
    + Adds fontconfig dependency
- Enabled IMPROVED_FONT_RENDERING

- Modified patch:
  * jaw-misc.patch
    + Do not look for gdk-3.0, since we are building against gtk2
- Added patch:
  * icedtea-sound-soundproperties.patch
    + Even though we build the pulseaudio plugin, disable it by
    default in the configuration file, since the internal openjdk
    provider is reputed to be better

- Removed patch:
  * load_java_atk_wrapper.patch
    + Give up this approach that requires patching of class loaders
- Build java-atk-wrapper as a modular jar inside the OpenJDK build
- Added patches:
  * jaw-misc.patch
    + Fix some build issues and add the manifest.txt that is not
    not distributed by mistake
  * jaw-jdk9.patch
    + Make java-atk-wrapper a java module that implements the
    javax.accessibility.AccessibilityProvider interface

- Packaging improvements:
  * add all binaries in JAVA_HOME/bin to alternatives in order to
    have them in the system binary path when this alternative is
    chosen

- Add back the icedtea-sound plugin and integrate it into the
  system modules
- Added patch:
  * icedtea-sound-1.0.1-jdk9.patch
    + make icedtea-sound.jar modular for jdk9
- Clean some conditionals for very old %%suse_version

- Modified patch
  * alternative-tzdb_dat.patch
    + Place the tz.properties file to JAVA_HOME/conf where OpenJDK9
    expects to have the configuration files
    + Patch also the other place in jdk that loads the tzdb.dat
    file

- Remove the icedtea-sound plugin
  * it is not built or buildable, and does not work
- Removed patches:
  * icedtea-sound-1.0.1-runtime.patch
  * icedtea-sound-source_target.patch

- Remove the alternative for java before reinstalling it, if idlj
  is its slave (bsc#1096420)

- Move idlj to *-devel package (bsc#1096420)

- Added patch:
  * missing-return.patch
    + fix no-return-in-nonvoid-function

- Fix armv6 build with fix_armv6_build.patch

- Modified patch:
  * system-pcsclite.patch
    + Fix merge error in the patch

- Update to upstream tag jdk-9.0.4+12
  * Fixes:
    + S8194739: Zero port of 8174962: Better interface invocations
    + S8195685: AArch64: AArch64 cannot build with JDK-8174962
    + S8195859: AArch64: vtableStubs gtest fails after 8174962
    + S8196136: AArch64: Correct register use in patch for
    JDK-8195685
- Removed patches:
  * JDK-8194739-zero.patch
  * JDK-8195685-aarch64.patch
    + Integrated upstream

- Modified patch:
  * JDK-8195685-aarch64.patch
    + Incorporate S8196136: AArch64: Correct register use in patch
    for JDK-8195685

- Removed patch:
  * revert-8174962-for-zero.patch
    + a proper fix for ZERO exists
- Added patch:
  * JDK-8194739-zero.patch
    + S8194739: Zero port of 8174962: Better interface invocations

- Removed patch:
  * revert-8174962-for-aarch64.patch
    + a proper fix for aarch64 exists
- Added patches:
  * JDK-8195685-aarch64.patch
    + S8195685, AArch64 cannot build with JDK-8174962
  * revert-8174962-for-zero.patch
    + revert "S8174962, CVE-2018-2582: Better interface invocations"
    for ZERO. The patch misses ZERO parts and causes crash
  during build.

- Added patch:
  * revert-8174962-for-aarch64.patch
    + revert "S8174962, CVE-2018-2582: Better interface
    invocations" for aarch64 and zero. The patch misses aarch64
    and zero parts and causes crashes during the build on those
    architectures.