user/openjdk8: [CVE] bump to 8.252.09 (#269)

* Bootstrap using openjdk8. Note that it will need to be manually
  installed when building now...

* Cherrypick patch changes from Alpine:
  icedtea-jdk-tls-nist-curves.patch was integrated upstream, and
  icedtea-hotspot-musl.patch was rebased for 8u232.
  https://git.alpinelinux.org/aports/commit/community/openjdk8?id=04ec13ca9caa9a436001be92e674f230b9894894

* Rebase patches for 8u252-ga:
  In particular, icedtea-jdk-getmntent-buffer.patch is dropped since
  upstream takes a new approach by allocating a buffer according to the
  length of the longest line in mtab.

  https://bugs.openjdk.java.net/browse/JDK-8229872

* Use private variables (_) where applicable

user/openjdk8/APKBUILD

 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=openjdk8
-_icedteaver=3.11.0
+_icedteaver=3.16.0
 # pkgver is <JDK version>.<JDK update>.<JDK build>
 # Check https://icedtea.classpath.org/wiki/Main_Page when updating
-pkgver=8.201.08
+pkgver=8.252.09
 pkgrel=0
 pkgdesc="Libre Java development kit for Java 8"
 url="https://icedtea.classpath.org/"
@@ -13,7 +13,7 @@ license="GPL-2.0-only"
 depends="$pkgname-jre java-cacerts"
 makedepends="bash findutils libarchive-tools zip file util-linux libxslt
 	autoconf automake linux-headers sed xz coreutils
-	openjdk7 ca-certificates libjpeg-turbo-dev cmd:which
+	ca-certificates libjpeg-turbo-dev cmd:which
 	nss-dev nss-static cups-dev giflib-dev libpng-dev libxt-dev
 	lcms2-dev libxp-dev libxtst-dev libxinerama-dev zlib-dev
 	libxrender-dev alsa-lib-dev freetype-dev fontconfig-dev
@@ -29,7 +29,7 @@ ppc64)		_jarch=ppc64
 *)		_jarch="$CARCH";;
 esac
 
-_bootstrap_java_home="/usr/lib/jvm/java-1.7-openjdk"
+_bootstrap_java_home="/usr/lib/jvm/java-1.8-openjdk"
 _java_home="/usr/lib/jvm/java-1.8-openjdk"
 _jrelib="$_java_home/jre/lib/$_jarch"
 
@@ -62,14 +62,58 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x
 	icedtea-jdk-fix-libjvm-load.patch
 	icedtea-jdk-musl.patch
 	icedtea-jdk-includes.patch
-	icedtea-jdk-getmntent-buffer.patch
 	icedtea-autoconf-config.patch
-	icedtea-jdk-tls-nist-curves.patch
 	remove-gawk.patch
 	"
 builddir="$srcdir/icedtea-$_icedteaver"
 
 # secfixes:
+#   8.252.09-r0:
+#     - CVE-2019-2602
+#     - CVE-2019-2684
+#     - CVE-2019-2698
+#     - CVE-2019-2745
+#     - CVE-2019-2762
+#     - CVE-2019-2766
+#     - CVE-2019-2769
+#     - CVE-2019-2786
+#     - CVE-2019-2816
+#     - CVE-2019-2842
+#     - CVE-2019-2894
+#     - CVE-2019-2933
+#     - CVE-2019-2945
+#     - CVE-2019-2949
+#     - CVE-2019-2958
+#     - CVE-2019-2962
+#     - CVE-2019-2964
+#     - CVE-2019-2973
+#     - CVE-2019-2975
+#     - CVE-2019-2978
+#     - CVE-2019-2981
+#     - CVE-2019-2983
+#     - CVE-2019-2987
+#     - CVE-2019-2988
+#     - CVE-2019-2989
+#     - CVE-2019-2992
+#     - CVE-2019-2999
+#     - CVE-2019-7317
+#     - CVE-2020-2583
+#     - CVE-2020-2590
+#     - CVE-2020-2593
+#     - CVE-2020-2601
+#     - CVE-2020-2604
+#     - CVE-2020-2654
+#     - CVE-2020-2659
+#     - CVE-2020-2754
+#     - CVE-2020-2755
+#     - CVE-2020-2756
+#     - CVE-2020-2757
+#     - CVE-2020-2773
+#     - CVE-2020-2781
+#     - CVE-2020-2800
+#     - CVE-2020-2803
+#     - CVE-2020-2805
+#     - CVE-2020-2830
 #   8.201.08-r0:
 #     - CVE-2019-2422
 #     - CVE-2019-2426
@@ -102,22 +146,22 @@ unpack() {
 }
 
 prepare() {
-	ver_u="$(sed -En 's/^\s*JDK_UPDATE_VERSION\s*=\s*(\S+).*/\1/p' acinclude.m4)"
-	ver_b="$(sed -En 's/^\s*BUILD_VERSION\s*=\s*b(\S+).*/\1/p' acinclude.m4)"
-	[ "${pkgver#*.}" = "$ver_u.$ver_b" ] \
-		|| die "Version mismatch, source is 8.$ver_u.$ver_b, but abuild defines $pkgver!"
+	_ver_u="$(sed -En 's/^\s*JDK_UPDATE_VERSION\s*=\s*(\S+).*/\1/p' acinclude.m4)"
+	_ver_b="$(sed -En 's/^\s*BUILD_VERSION\s*=\s*b(\S+).*/\1/p' acinclude.m4)"
+	[ "${pkgver#*.}" = "$_ver_u.$_ver_b" ] \
+		|| die "Version mismatch, source is 8.$_ver_u.$_ver_b, but abuild defines $pkgver!"
 
 	# Busybox sha256 does not support longopts.
 	sed -e "s/--check/-c/g" -i Makefile.am
 
-	for patch in $source; do
-		case $patch in
+	for _patch in $source; do
+		case $_patch in
 		icedtea-*.patch)
-			cp ../$patch patches
+			cp ../$_patch patches
 			;;
 		*.patch)
-			msg "Applying patch $patch"
-			patch -p1 -i "$srcdir"/$patch
+			msg "Applying patch $_patch"
+			patch -p1 -i "$srcdir"/$_patch
 			;;
 		esac
 	done
@@ -134,10 +178,10 @@ build() {
 	fi
 
 	DISTRIBUTION_PATCHES=""
-	for patch in $source; do
-		case $patch in
+	for _patch in $source; do
+		case $_patch in
 		icedtea-*.patch)
-			DISTRIBUTION_PATCHES="$DISTRIBUTION_PATCHES patches/$patch"
+			DISTRIBUTION_PATCHES="$DISTRIBUTION_PATCHES patches/$_patch"
 			;;
 		esac
 	done
@@ -200,7 +244,7 @@ jrelib() {
 	pkgdesc="OpenJDK 8 Java Runtime (class libraries)"
 	depends=""
 
-	for file in jre/lib/images \
+	for _file in jre/lib/images \
 			jre/lib/*.jar \
 			jre/lib/security \
 			jre/lib/ext/*.jar \
@@ -209,9 +253,9 @@ jrelib() {
 			jre/THIRD_PARTY_README \
 			jre/LICENSE; do
 
-		dir=${file%/*}
-		mkdir -p "$subpkgdir"/$_java_home/$dir
-		mv "$pkgdir"/$_java_home/$file "$subpkgdir"/$_java_home/$dir
+		_dir=${_file%/*}
+		mkdir -p "$subpkgdir"/$_java_home/$_dir
+		mv "$pkgdir"/$_java_home/$_file "$subpkgdir"/$_java_home/$_dir
 	done
 }
 
@@ -219,7 +263,7 @@ jre() {
 	pkgdesc="OpenJDK 8 Java Runtime"
 
 	mkdir -p "$subpkgdir"
-	for file in jre/bin/policytool \
+	for _file in jre/bin/policytool \
 			bin/appletviewer \
 			bin/policytool \
 			jre/lib/$_jarch/libawt_xawt.so \
@@ -228,9 +272,9 @@ jre() {
 			jre/lib/$_jarch/libjsoundalsa.so \
 			jre/lib/$_jarch/libsplashscreen.so; do
 
-		dir=${file%/*}
-		mkdir -p "$subpkgdir"/$_java_home/$dir
-		mv "$pkgdir"/$_java_home/$file "$subpkgdir"/$_java_home/$dir
+		_dir=${_file%/*}
+		mkdir -p "$subpkgdir"/$_java_home/$_dir
+		mv "$pkgdir"/$_java_home/$_file "$subpkgdir"/$_java_home/$_dir
 	done
 }
 
@@ -244,9 +288,9 @@ jrebase() {
 	mv "$pkgdir"/$_java_home/lib/$_jarch/jli \
 		"$subpkgdir"/$_java_home/lib/$_jarch/
 
-	for file in java orbd rmid servertool unpack200 keytool \
+	for _file in java orbd rmid servertool unpack200 keytool \
 			pack200 rmiregistry tnameserv; do
-		mv "$pkgdir"/$_java_home/bin/$file "$subpkgdir"/$_java_home/bin/
+		mv "$pkgdir"/$_java_home/bin/$_file "$subpkgdir"/$_java_home/bin/
 	done
 
 	# Rest of the jre subdir (which were not taken by -jre subpkg).
@@ -269,24 +313,22 @@ demos() {
 		"$subpkgdir"/$_java_home/
 }
 
-sha512sums="a71c9318d49077f8ae27f5c3e0b61df0709eded241f557c886f6b93aa98c13ad78f713d1286da286989bf62866dfff7538ad783eb804a705a160cbc096dea851  icedtea-3.11.0.tar.xz
-fc3faa7d7b9531f10c40241d89c36854043921f6f1a0851f284bcab36fc54fb0bb8cf8365dd4b2fb22b3ee8ddb8ed4a79e0807f79cb95b4b00f164993f1acc0b  openjdk-3.11.0.tar.xz
-9b8a44dda0bbfba8dc0d659e0fabf22e84b9931518e4b199a238faa103cbc4ed814c97f0f38f0aed263846b46fc7eab4500ba9759503373083e12cb8b5b364b5  corba-3.11.0.tar.xz
-9eba0f6ada2ae8adc1791a91ceb4fba9bd06aee0626cd1b4310ff16c7c8006045fed5fb7f109e490395b70695be4e6bfd6f1f5cbcdb095fb17abf123012a03de  jaxp-3.11.0.tar.xz
-ce5f0c2aced1af59f002dc9dc6cba4b9332167e9e019a3040267901ef7f325e05b8c99ed1f276b88ddb4e43cdd1b0c456e0c4dc2222ae6b3800c0502ffa840de  jaxws-3.11.0.tar.xz
-411508ed91f14ae1c51ea54de72a943db222ff572f3991631fe1a1fa97f9bb42da1e01ca98893f7236b4b44bae2917fc3f8622d7f94a085be30d437451acd272  jdk-3.11.0.tar.xz
-363c376848870c6c28415967561c4b151f1256c38a315fabc69c90425f5255224182045349a00c9433db52c416b7ebffedaa4825c980460541a3f9338adbaa5e  langtools-3.11.0.tar.xz
-13fa35f4a4fe01b3da4efb8476c0cb3482a36596eb422f2ad958a4c51efc286962ac3123a75853e84c4db477ac064a0fd3ee5e03f1ea0ec4f7e2c8ac07aa2d0e  hotspot-3.11.0.tar.xz
-2b46a8599d530a351522420cae8ac780cd2e64a6d7adbff87397a178f12f0a992bccd0f56435582dbd10be2157d4a4540c41b3dca488566162eed680102e58a9  nashorn-3.11.0.tar.xz
-c0776ff52e11a353fee29419319cd9e1fc4e5bb922832547616e8499fd52852a935a6a6fb93b49a67ab7b3fd2f7a63320f917e354cc7123220139e80694a7b5a  icedtea-hotspot-musl.patch
+sha512sums="67964f283b5a220ded7c86141ac359fc51f41077686d3e68568a9f303d2e5e6d62472bef2d6f5f9d53897a55589c84d3212983194607b9a6704192752f8ad2ac  icedtea-3.16.0.tar.xz
+76b32457958c2cdbb0006629bb41652286a1a9bfbda862665eddf822d4653d4858f9f2565e849b0e49f031b7667be73be8fe8c71abc65e1795eb570a96d1fd1e  openjdk-3.16.0.tar.xz
+bf90c95f401d4628e32b9a7ea78b7d43944f82882818a81d2ff368f09e49148091bf823d78ed56c343c175fe6d25492d9b78e25b725f218592ea94c4ae285e56  corba-3.16.0.tar.xz
+86e8c18741c1f4baca27d784b068765e404a5c2ee6ecb172c826fc1d6192b5776133f103b749839c39154fcaec87a0df95e8fd5bcb56b1e9b811711b296a4836  jaxp-3.16.0.tar.xz
+824ef15aa70ec629406fd9b98a69e5699fe8f6a8ab06be00ac546bcda1daf485b20de6ea0310064e000efbaf35b1cebee25bf69033634fdce8434efb3bb16f1d  jaxws-3.16.0.tar.xz
+9202f88b360637ad474920d8a6f85740e6a425679617ef713efd67778b4c7ca0b3eba7e4fc9d33de0bbd5dacda4862c8a9b63a13880204388b01af29d5fb6a55  jdk-3.16.0.tar.xz
+1858bb3b7dd37edd817a52c67a878b48bc9b790623e77d9a6107f54b141638cb101ae3b8df560e3352c9ca2925aa5d493b4924e36a238be5a9628c714cc23642  langtools-3.16.0.tar.xz
+19490ccc377fde5dc3d4396425e945f32e121ad0cc4be394b07f8698a7e3805b16fc41e427bab5fa290cb84efc7edb62acf8ca98072176343f5584d692592d2d  hotspot-3.16.0.tar.xz
+4bf87e7441ac747f133612e1fba5c06946c6731bae76132ffc614b41fcb689fda9d9ceb1e1fee3765765c6109894c85cf0f6e6fa9eb301f9a2d640ea6cd1c16c  nashorn-3.16.0.tar.xz
+bfbeccc931b9eab04fca94167b7569af26195297130e2effd9175d33b74dec3dc5727fea6e0cbf3cce21ba09641ddd868179544d3fabe8b128baaaccb9c2711c  icedtea-hotspot-musl.patch
 e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef  icedtea-hotspot-musl-ppc.patch
 19459dbb922f5a71cd15b53199481498626a783c24f91d2544d55b7dddd2cdb34a64bbf0226b99548612dd1743af01b3f9ff32c30abbbc90ce727ca2dbbbd1f9  icedtea-hotspot-noagent-musl.patch
 f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f  icedtea-jdk-execinfo.patch
 48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774  icedtea-jdk-fix-ipv6-init.patch
 b135991c76b0db8fa7c363e0903624668e11eda7b54a943035c214aa4d7fc8c3e8110ed200edcec82792f3c9393150a9bd628625ddf7f3e55720ff163fbbb471  icedtea-jdk-fix-libjvm-load.patch
-1fbc32ddc528c7c0099dbc1e48f88d29dccf55e7b8997793aa1d3d8408003a1223d898cca4248e1a12d343d3feec5144f875e6cdac8460d763c73ab3ad7e49f9  icedtea-jdk-musl.patch
-e8d9f1b867bf4fc84aa00d1237b264bcf503b1ed5f34735e14b0b747a728953fe0051a5af69ed058d377fbf65d8be1ed9e38fe5fc6edb2d50b31f34bf3ba91dc  icedtea-jdk-includes.patch
-7e6fa46b10c630517bfa46943858aea1d032c12d32ba3fcb7a2143ae1e896c34fa4cb8f925af80cb19f8e29149b835aa054adfd30ebb00539f6c78588d6f5211  icedtea-jdk-getmntent-buffer.patch
+17c78db081a85e37721c23e0c0e7cab85e2201a0969bd4858cb90375b97d1703c9bf867f8ac02f6b33f9775b78bae41e38223b7a887918d4a6c9f29b75f3de28  icedtea-jdk-musl.patch
+974fb54532b7e7d738f4278187fc6bd9f9b2d99866b94f68a617ee4911c89a3b8cc41ecfdcaefecf9157492d006b1844b6b0b41ac4209d84f9e8d13c9e485dd3  icedtea-jdk-includes.patch
 662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167  icedtea-autoconf-config.patch
-9ea7ac942baf29cc619bc2e1acd59201b9f6d38f39a517b495d7613aec746459200c81afb57c5fcdcb856f6bc8b33f7566c8593fed07e5c73f43e08f1072d458  icedtea-jdk-tls-nist-curves.patch
 b0f6d07c6a949acdc8b4a25bf924f134f468e162f01dd440fd4ca80769fb84a0a54210f93efbe88012404fe3db6701aad31cdbc772bc054ad69021c37db5538c  remove-gawk.patch"

user/openjdk8/icedtea-hotspot-musl.patch

@@ -82,8 +82,8 @@ index d2c10e0..20f657f 100644
 -# include <fpu_control.h>
 +# include <linux/types.h>  /* provides __u64 */
  
- #ifdef BUILTIN_SIM
- #define REG_SP REG_RSP
+ #define REG_FP 29
+
 diff --git openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
 index 38388cb..2505ba8 100644
 --- openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp

user/openjdk8/icedtea-jdk-getmntent-buffer.patch

-Give a much bigger buffer to getmntent_r.
-
-https://bugs.alpinelinux.org/issues/7093
-
-diff --git a/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c b/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c
-index c8500db..d0b85d6 100644
---- openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c
-+++ openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c
-@@ -33,6 +33,7 @@
- #include <dlfcn.h>
- #include <errno.h>
- #include <mntent.h>
-+#include <limits.h>
- 
- #include "sun_nio_fs_LinuxNativeDispatcher.h"
- 
-@@ -173,8 +174,8 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this,
-     jlong value, jobject entry)
- {
-     struct mntent ent;
--    char buf[1024];
--    int buflen = sizeof(buf);
-+    char *buf = NULL;
-+    const size_t buflen = PATH_MAX * 4;
-     struct mntent* m;
-     FILE* fp = jlong_to_ptr(value);
-     jsize len;
-@@ -183,10 +184,17 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this,
-     char* dir;
-     char* fstype;
-     char* options;
-+    jint res = -1;
- 
--    m = getmntent_r(fp, &ent, (char*)&buf, buflen);
--    if (m == NULL)
-+    buf = malloc(buflen);
-+    if (buf == NULL) {
-+        JNU_ThrowOutOfMemoryError(env, "native heap");
-         return -1;
-+    }
-+    m = getmntent_r(fp, &ent, buf, buflen);
-+    if (m == NULL)
-+        goto out;
-+
-     name = m->mnt_fsname;
-     dir = m->mnt_dir;
-     fstype = m->mnt_type;
-@@ -195,32 +203,35 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this,
-     len = strlen(name);
-     bytes = (*env)->NewByteArray(env, len);
-     if (bytes == NULL)
--        return -1;
-+        goto out;
-     (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)name);
-     (*env)->SetObjectField(env, entry, entry_name, bytes);
- 
-     len = strlen(dir);
-     bytes = (*env)->NewByteArray(env, len);
-     if (bytes == NULL)
--        return -1;
-+        goto out;
-     (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)dir);
-     (*env)->SetObjectField(env, entry, entry_dir, bytes);
- 
-     len = strlen(fstype);
-     bytes = (*env)->NewByteArray(env, len);
-     if (bytes == NULL)
--        return -1;
-+        goto out;
-     (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)fstype);
-     (*env)->SetObjectField(env, entry, entry_fstype, bytes);
- 
-     len = strlen(options);
-     bytes = (*env)->NewByteArray(env, len);
-     if (bytes == NULL)
--        return -1;
-+        goto out;
-     (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)options);
-     (*env)->SetObjectField(env, entry, entry_options, bytes);
- 
--    return 0;
-+    res = 0;
-+out:
-+    free(buf);
-+    return res;
- }
- 
- JNIEXPORT void JNICALL

user/openjdk8/icedtea-jdk-includes.patch

@@ -53,17 +53,6 @@
  
  /* O Flags */
  
---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c
-+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c
-@@ -28,7 +28,7 @@
- #include <sys/types.h>
- #include <sys/socket.h>
- #if defined(__linux__) && !defined(USE_SELECT)
--#include <sys/poll.h>
-+#include <poll.h>
- #endif
- #include <netinet/tcp.h>        /* Defines TCP_NODELAY, needed for 2.6 */
- #include <netinet/in.h>
 --- openjdk.orig/jdk/src/solaris/native/java/net/bsd_close.c
 +++ openjdk/jdk/src/solaris/native/java/net/bsd_close.c
 @@ -36,7 +36,7 @@
@@ -88,14 +77,14 @@
   * Stack allocated by thread when doing blocking operation
 --- openjdk.orig/jdk/src/solaris/native/java/net/net_util_md.h
 +++ openjdk/jdk/src/solaris/native/java/net/net_util_md.h
-@@ -33,7 +33,7 @@
- #include <unistd.h>
-
- #ifndef USE_SELECT
+@@ -27,7 +27,7 @@
+ #define NET_UTILS_MD_H
+ 
+ #include <netdb.h>
 -#include <sys/poll.h>
 +#include <poll.h>
- #endif
-
+ #include <sys/socket.h>
+ 
  int NET_Timeout(int s, long timeout);
 --- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c
 +++ openjdk/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c

user/openjdk8/icedtea-jdk-musl.patch

@@ -47,32 +47,10 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/Inet4AddressImpl.c openjdk
  #define HAS_GLIBC_GETHOSTBY_R   1
  #endif
  
-diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c
---- openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c	2017-01-25 04:22:03.000000000 +0000
-+++ openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c	2017-02-06 11:23:47.047832009 +0000
-@@ -41,7 +41,6 @@
- #endif
- #ifdef __linux__
- #include <unistd.h>
--#include <sys/sysctl.h>
- #include <sys/utsname.h>
- #include <netinet/ip.h>
- 
-diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c
---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c	2017-01-25 04:22:03.000000000 +0000
-+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c	2017-02-06 11:23:47.047832009 +0000
-@@ -43,7 +43,6 @@
- #endif
- #ifdef __linux__
- #include <unistd.h>
--#include <sys/sysctl.h>
- #endif
- 
- #include "jvm.h"
 diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/src/solaris/native/java/net/linux_close.c
---- openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c	2017-01-25 04:22:03.000000000 +0000
-+++ openjdk/jdk/src/solaris/native/java/net/linux_close.c	2017-02-06 11:23:47.047832009 +0000
-@@ -56,7 +56,7 @@
+--- openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c	2020-04-29 12:33:10.000000000 +0000
++++ openjdk/jdk/src/solaris/native/java/net/linux_close.c	2020-05-02 19:35:51.590000000 +0000
+@@ -58,7 +58,7 @@ typedef struct {
  /*
   * Signal to unblock thread
   */
@@ -80,8 +58,8 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/
 +static int sigWakeup;
  
  /*
-  * The fd table and the number of file descriptors
-@@ -95,6 +95,9 @@
+  * fdTable holds one entry per file descriptor, up to a certain
+@@ -147,6 +147,9 @@ static void __attribute((constructor)) i
      /*
       * Setup the signal handler
       */

user/openjdk8/icedtea-jdk-tls-nist-curves.patch

-Bug #7404 TLS negotiation error in OpenJDK 8 u131
-
-Fixes an OpenJDK 8 regression discovered in docker-library/openjdk#115
-on Alpine Linux 3.5 (u121) and 3.6 (u131) that causes TLS negotiation
-errors for some clients.
-
-Root cause appears to be OpenJDK announcing support for NIST curves the
-underlying NSS library does doesn't. This patch limits OpenJDK's
-announcement to elliptic curves 23 (secp256r1), 24 (secp384r1), and 25
-(secp521r1).
-
-Related issues:
-
-* https://github.com/docker-library/openjdk/issues/115
-* https://bugs.alpinelinux.org/issues/7404
-* https://access.redhat.com/discussions/2339811
-* https://bugzilla.redhat.com/show_bug.cgi?id=1022017
-* https://bugzilla.redhat.com/show_bug.cgi?id=1348525
-
---- openjdk.orig/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java	2017-05-08 20:03:50.000000000 -0700
-+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java	2017-06-14 13:37:00.000000000 -0700
-@@ -168,21 +168,10 @@
-                     "contains no supported elliptic curves");
-             }
-         } else {        // default curves
--            int[] ids;
--            if (requireFips) {
--                ids = new int[] {
--                    // only NIST curves in FIPS mode
--                    23, 24, 25, 9, 10, 11, 12, 13, 14,
--                };
--            } else {
--                ids = new int[] {
--                    // NIST curves first
--                    23, 24, 25, 9, 10, 11, 12, 13, 14,
--                    // non-NIST curves
--                    22,
--                };
--            }
--
-+            int[] ids = new int[] {
-+                // NSS currently only supports these three NIST curves
-+                23, 24, 25
-+            };
-             idList = new ArrayList<>(ids.length);
-             for (int curveId : ids) {
-                 if (isAvailableCurve(curveId)) {