Log message:
Update to 1.8.102

Changelog:
IANA Data 2016d
JDK 8u102 contains IANA time zone data version 2016d. For more
information, refer to Timezone Data Versions in the JRE Software.
See JDK-8151876

Enhancements

core-libs/java.lang.invoke
Internal package sun.invoke.anon has been removed
The internal package sun.invoke.anon has been removed. The
functionality it used to provide, namely anonymous class loading
with possible constant pool patches, is available via the
Unsafe.defineAnonymousClass() method.
See JDK-8081512

hotspot/runtime
New property jdk.lang.processReaperUseDefaultStackSize
When a large TLS (Thread local storage) size is set for Threads,
the JVM results in a stack overflow exception. The reason for this
behavior is that the reaper thread was created with a low stack
size of 32768k. When a large TLS size is set, it steals space from
the threads stack, which eventually results in a stack overflow.
This is a known glibc bug.  To overcome this issue, we have introduced
a workaround (jdk.lang.processReaperUseDefaultStackSize) in which
the user can set the reaper threads stack size to a default instead
of to 32768. This gives the reaper thread a bigger stack size, so
for a large TLS size, such as 32k, the process will not fail.
Users can set this flag in one of two ways:
1. -Djdk.lang.processReaperUseDefaultStackSize=true
2. System.setProperty("jdk.lang.processReaperUseDefaultStackSize",
"true")
The problem has been observed only when JVM is started from JNI
code in which TLS is declared using "__thread"
See JDK-8130425

hotspot/compiler
Implemented performance improvements for BigInteger.montgomeryMultiply
We have implemented improvements that will improve performance of
several security algorithms, especially when using ciphers with
key lengths of 2048-bit or greater. To turn on these improvements,
use the options -XX:+UseMontgomeryMultiplyIntrinsic and
-XX:+UseMontgomerySquareIntrinsic. This improvement is only for
Linux and Solaris on x86_64 architecture.
See JDK-8130150

Changes
security-libs/javax.crypto
MSCAPI KeyStore can handle same-named certificates
Java SE KeyStore does not allow certificates that have the same
aliases
(http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html).
However, on Windows, multiple certificates stored in one keystore
are allowed to have non-unique friendly names.The fix for JDK-6483657
makes it possible to operate on such non-uniquely named certificates
through the Java API by artificially making the visible aliases
unique.

Please note, this fix does not enable creating same-named certificates
with the Java API. It only allows you to deal with same-named
certificates that were added to the keystore by 3rd party tools.

It is still recommended that your design not use multiple certificates
with the same name. In particular, the following sentence will not
be removed from the Java documentation:  "In order to avoid problems,
it is recommended not to use aliases in a KeyStore that only differ
in case."
(http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html)
See JDK-6483657

security-libs/javax.net.ssl
Modify requirements on Authority Key Identifier extension field
during X509 certificate chain building
The requirement to have the Authority Key Identifier (AKID) and
Subject Key Identifier (SKID) fields matching when building X509
certificate chains has been modified for some cases.
See JDK-8072463

hotspot/gc
Providing more granular levels for GC verification
This enhancement provides a way to specify more granular levels
for the GC verification enabled using the VerifyBeforeGC, VerifyAfterGC,
and VerifyDuringGC diagnostic options. It introduces a new diagnostic
option VerifySubSet with which one can specify the subset of the
memory system that should be verified.

With this new option, one or more sub-systems can be specified in
a comma separated string. Valid memory sub-systems are: threads,
heap, symbol_table, string_table, codecache, dictionary,
classloader_data_graph, metaspace, jni_handles, c-heap, and
codecache_oops.

During the GC verification, only the sub-systems specified using
VerifySubSet get verified:

D:\\tests>java -XX:+UnlockDiagnosticVMOptions -XX:+VerifyBeforeGC
-XX:VerifySubSet="threads,c-heap" -Xlog:gc+verify=debug Test
[0.095s][debug ][gc,verify] Threads
[0.099s][debug ][gc,verify] C-heap
[0.105s][info ][gc,verify] Verifying Before GC (0.095s, 0.105s) 10.751ms
[0.120s][debug ][gc,verify] Threads
[0.124s][debug ][gc,verify] C-heap
[0.130s][info ][gc,verify] Verifying Before GC (0.120s, 0.130s) 9.951ms
[0.148s][debug ][gc,verify] Threads
[0.152s][debug ][gc,verify] C-heap

If any invalid memory sub-systems are specified with VerifySubSet,
the Java process exits with the following error message:

D:\\tests>java -XX:+UnlockDiagnosticVMOptions -XX:+VerifyBeforeGC
-XX:VerifySubSet="threads,c-heap,hello" -Xlog:gc+verify=debug oom
Error occurred during initialization of VM VerifySubSet: 'hello'
memory sub-system is unknown, please correct it
See JDK-8072725

hotspot/compiler
Removed PICL warning message
In 8u40 and 7u80, a new feature was introduced to use the PICL
library on Solaris to get some system information. If this library
was not found, we printed an error message:

Java HotSpot(TM) Server VM warning: PICL (libpicl.so.1) is missing.
Performance will not be optimal.

This warning was misleading. Not finding the PICL library is a very
minor issue, and the warnings mostly lead to confusion. In this
release, the warning was removed.
See JDK-8144957

core-libs/javax.naming
Improved exception handling for bad LDAP referral replies
The JDK was throwing a NullPointerException when a non-compliant
REFERRAL status result was sent but no referral values were included.
With this change, a NamingException with message value of "Illegal
encoding: referral is empty" will be thrown in such circumstances.
See JDK-8149450 and JDK-8154304

Bug Fixes

The following are some of the notable bug fixes included in this
release:

security-libs/javax.net.ssl
Fix to resolve "Unable to process PreMasterSecret, may be too big"
issue
Recent JDK updates introduced an issue for applications that depend
on having a delayed provider selection mechanism. The issue was
introduced in JDK 8u71, JDK 7u95 and JDK 6u111. The main error seen
corresponded to an exception like the following :

handling exception: javax.net.ssl.SSLProtocolException: Unable to
process PreMasterSecret, may be too big

See JDK-8149017

This release also contains fixes for security vulnerabilities
described in the Oracle Java SE Critical Patch Update Advisory.
For a more complete list of the bug fixes included in this release,
see the JDK 8u102 Bug Fixes page.

Log message:
Add jcmd to JAVA_WRAPPERS, bump PKGREVISION

Log message:
Fix zlib detection.  Use correct strip flag on SunOS.

Log message:
Allow passing LIBZ in the environment.  Skip checking libinstrument.so
which is resolved at runtime.  Fixes build on SunOS at least.

Log message:
paxctl needs to go before shell script switcheroos take place

Log message:
Also mark with 'paxctl +m' the copies of binaries that are placed in
the java/openjdk8/jre/bin/ directory.  In particular, apache-ant will
execute java from this directory rather than the copy in the non-jre
directory!

Bump package revision.

Fixes my problem building misc/libreoffice.

Log message:
Add some paxctls to fix build on NetBSD-current.
Bump PKGREVISION.

Log message:
Update to 1.8.92

Changelog:
Bug Fixes

The following table lists the bug fixes included in JDK 8u92 release:

Bug Id 	Category 	Subcategory 	Description
JDK-8041900 	client-libs 	2d 	[macosx] Java forces the use of discrete GPU
JDK-8132890 	client-libs 	2d 	Text Overlapping on Dot Matrix Printers
JDK-8132503 	client-libs 	java.awt 	[macosx] Chinese full stop symbol cannot be \ 
entered with Pinyin IM on OS X
JDK-8138764 	client-libs 	java.awt 	In some cases the usage of TreeLock can be \ 
replaced by other synchronization
JDK-8041501 	client-libs 	javax.imageio 	ImageIO reader is not capable of \ 
reading JPEGs without JFIF header
JDK-8134828 	client-libs 	javax.swing 	Scrollbar thumb disappears with Nimbus L&F
JDK-8131129 	core-libs 	java.lang.invoke 	Attempt to define a duplicate \ 
BMH$Species class
JDK-8067800 	core-libs 	java.time 	Clarify \ 
java.time.chrono.Chronology.isLeapYear for out of range years
JDK-8062901 	core-libs 	java.util 	Iterators is spelled incorrectly in the \ 
Javadoc for Spliterator
JDK-8140587 	core-libs 	java.util.concurrent 	Atomic*FieldUpdaters should use \ 
Class.isInstance instead of direct class check
JDK-8145539 	core-libs 	java.util:collections 	(coll) AbstractMap.keySet and \ 
.values should not be volatile
JDK-8143297 	core-libs 	jdk.nashorn 	Nashorn compilation time reported in nanoseconds
JDK-8143896 	core-libs 	jdk.nashorn 	java.lang.Long is implicitly converted to double
JDK-8144020 	core-libs 	jdk.nashorn 	Remove long as an internal numeric type
JDK-8144131 	core-libs 	jdk.nashorn 	ArrayData.getInt implementations do not \ 
convert to int32
JDK-8146147 	core-libs 	jdk.nashorn 	Java linker indexed property getter does \ 
not work for computed nashorn string
JDK-8147845 	core-libs 	jdk.nashorn 	Varargs Array functions still leaking longs
JDK-8147857 	core-svc 	javax.management 	RMIConnector logs attribute names \ 
incorrectly
JDK-8140244 	core-svc 	tools 	Port fix of JDK-8075773 to AIX and possibly MacOSX
JDK-8139773 	deploy 	  	Add more debug traces to deployment registration process \ 
(RegFx.cpp)
JDK-8142982 	deploy 	  	Race Condition can cause CacheEntry.getJarSigningData() \ 
to return null.
JDK-8143294 	deploy 	  	cookie handler can't get JSESSIONID on linux
JDK-8145217 	deploy 	  	Fix GenericCookieHandlerTest
JDK-8143314 	deploy 	packager 	Runtime not respected with INI-configuration \ 
while creating native bundle
JDK-8139389 	deploy 	webstart 	Register a protocol handler for Java Webstart
JDK-6869327 	hotspot 	compiler 	Add new C2 flag to keep safepoints in counted loops.
JDK-8058563 	hotspot 	compiler 	InstanceKlass::_dependencies list isn't cleared \ 
from empty nmethodBucket entries
JDK-8080650 	hotspot 	compiler 	Enable stubs to use frame pointers correctly
JDK-8129847 	hotspot 	compiler 	Compiling methods generated by Nashorn triggers \ 
high memory usage in C2
JDK-8131782 	hotspot 	compiler 	C1 Class.cast optimization breaks when Class is \ 
loaded from static final
JDK-8139421 	hotspot 	compiler 	PPC64LE: MacroAssembler::bxx64_patchable kills \ 
register R12
JDK-8140483 	hotspot 	compiler 	Atomic*FieldUpdaters final fields should be trusted
JDK-8144487 	hotspot 	compiler 	PhaseIdealLoop::build_and_optimize() must \ 
restore major_progress flag if skip_loop_opts is true
JDK-8144935 	hotspot 	compiler 	C2: safepoint is pruned from a non-counted loop
JDK-8145754 	hotspot 	compiler 	PhaseIdealLoop::is_scaled_iv_plus_offset() does \ 
not match AddI
JDK-8065579 	hotspot 	gc 	WB method to start G1 concurrent mark cycle should be \ 
introduced
JDK-8138966 	hotspot 	gc 	Intermittent SEGV running ParallelGC
JDK-8145442 	hotspot 	gc 	Add the facility to verify remembered sets for G1
JDK-8029630 	hotspot 	runtime 	Thread id should be displayed as hex number in \ 
error report
JDK-8046611 	hotspot 	runtime 	Build errors with gcc on sparc/fastdebug
JDK-8087120 	hotspot 	runtime 	[GCC5] java.lang.StackOverflowError on Zero JVM \ 
initialization on non x86 platforms
JDK-8138745 	hotspot 	runtime 	Implement ExitOnOutOfMemory and \ 
CrashOnOutOfMemory in HotSpot
JDK-8139258 	hotspot 	runtime 	PPC64LE: argument passing problem when passing 15 \ 
floats in native call
JDK-8143963 	hotspot 	runtime 	improve ClassLoader::trace_class_path to accept \ 
an additional outputStream* arg
JDK-8029726 	hotspot 	svc 	On OS X some dtrace probe names are mismatched with \ 
Solaris
JDK-8029727 	hotspot 	svc 	On OS X dtrace probes \ 
Call<type>MethodA/Call<type>MethodV are not fired.
JDK-8029728 	hotspot 	svc 	On OS X dtrace probes SetStaticBooleanField are not fired
JDK-8130910 	hotspot 	svc 	hsperfdata file is created in wrong directory and not \ 
cleaned up if /tmp/hsperfdata_<username> has wrong permissions
JDK-8140031 	hotspot 	svc 	SA: Searching for a value in Threads does not work
JDK-8144885 	hotspot 	svc 	agent/src/os/linux/libproc.h needs to support \ 
Linux/SPARC builds
JDK-8145099 	hotspot 	svc 	Better error message when SA can't attach to a process
JDK-8074935 	security-libs 	java.security 	jdk8 keytool doesn't validate pem \ 
files for RFC 1421 correctness, as jdk7 did
JDK-8139436 	security-libs 	java.security 	sun.security.mscapi.KeyStore might \ 
load incomplete data
JDK-8064330 	security-libs 	javax.net.ssl 	Remove SHA224 from the default \ 
support list if SunMSCAPI enabled
JDK-8131665 	security-libs 	javax.net.ssl 	Bad exception message in \ 
HandshakeHash.getFinishedHash
JDK-8136442 	security-libs 	javax.net.ssl 	Don't tie Certificate signature \ 
algorithms to ciphuites
JDK-8038184 	security-libs 	javax.xml.crypto 	XMLSignature throws \ 
StringIndexOutOfBoundsException if ID attribute value is empty String
JDK-8038349 	security-libs 	javax.xml.crypto 	Signing XML with DSA throws \ 
Exception when key is larger than 1024 Exception when calling super with \ 
Object<>()
JDK-8066974 	tools 	javac 	Compiler doesn't infer method's generic type \ 
information in lambda body
JDK-8068254 	tools 	javac 	Method reference uses wrong qualifying type
JDK-8130506 	tools 	javac 	javac Assertien invoking MethodHandle.invoke with \ 
lambda parameter
JDK-8134007 	tools 	javac 	Improve string folding
JDK-8134759 	tools 	javac 	jdb: Incorrect stepping inside finally block
JDK-8139751 	tools 	javac 	Javac crash with -XDallowStringFolding=false
JDK-8145466 	tools 	javac 	javac: No line numbers in compilation error
JDK-8145722 	tools 	javadoc(tool) 	NullPointerException in javadoc
JDK-8133924 	xml 	jaxp 	NPE may be thrown when xsltc select a non-existing node \ 
after JDK-8062518

Log message:
Bump PKGREVISION from /dev/urandom use on *BSD
Originally reported from abs@ on tech-pkg@.

From random(4) man page:
     Applications should read from /dev/urandom when they need randomly
     generated data, e.g. key material for cryptography or seeds for
     simulations.

Log message:
Update to 1.8.77

Changelog:
Fix CVE-2016-0636