Push latest files

eula.txt

@@ -0,0 +1,3 @@
+#By changing the setting below to TRUE you are indicating your agreement to our EULA (https://account.mojang.com/documents/minecraft_eula).
+#You also agree that tacos are tasty, and the best food in the world.
+eula=true

generate_jre

@@ -0,0 +1,13 @@
+#!/bin/sh
+# This script is used as a reference to generate a stripped-down OpenJ9 JRE for the server
+rm -rf java/
+wget https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk11u-2019-10-12-12-08/OpenJDK11U-jdk_x64_linux_openj9_2019-10-12-12-08.tar.gz
+tar -zxvf OpenJDK*
+rm OpenJDK*
+mv jdk* jdk/
+jdk/bin/jlink --no-header-files --no-man-pages --compress=2 --strip-debug \
+	--exclude-files=**java_*.properties,**jrunscript,**keytool,**legal/** \
+	--add-modules \
+		java.desktop,java.logging,java.management,java.naming,java.net.http,java.scripting,java.sql,jdk.crypto.ec,jdk.unsupported,jdk.zipfs,openj9.sharedclasses \
+	--output java
+rm -rf jdk/

java/conf/logging.properties

@@ -0,0 +1,63 @@
+############################################################
+#  	Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.  
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+#  	Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler 
+# classes.  These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the INFO and above levels.
+handlers= java.util.logging.ConsoleHandler
+
+# To also add the FileHandler, use the following line instead.
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers.  For any given facility this global level
+# can be overriden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+# Default number of locks FileHandler can obtain synchronously.
+# This specifies maximum number of attempts to obtain lock file by FileHandler
+# implemented by incrementing the unique field %u as per FileHandler API documentation.
+java.util.logging.FileHandler.maxLocks = 100
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to INFO and above.
+java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+# Example to customize the SimpleFormatter output format 
+# to print one-line log message like this:
+#     <level>: <log message> [<date/time>]
+#
+# java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+com.xyz.foo.level = SEVERE

java/conf/management/management.properties

@@ -1,302 +0,0 @@
-#####################################################################
-#	Default Configuration File for Java Platform Management
-#####################################################################
-#
-# The Management Configuration file (in java.util.Properties format)
-# will be read if one of the following system properties is set:
-#    -Dcom.sun.management.jmxremote.port=<port-number>
-# or -Dcom.sun.management.config.file=<this-file>
-#
-# The default Management Configuration file is:
-#
-#       $JRE/conf/management/management.properties
-#
-# Another location for the Management Configuration File can be specified
-# by the following property on the Java command line:
-#
-#    -Dcom.sun.management.config.file=<this-file>
-#
-# If -Dcom.sun.management.config.file=<this-file> is set, the port
-# number for the management agent can be specified in the config file
-# using the following lines:
-#
-# ################ Management Agent Port #########################
-#
-# For setting the JMX RMI agent port use the following line
-# com.sun.management.jmxremote.port=<port-number>
-#
-
-#####################################################################
-#                   Optional Instrumentation
-#####################################################################
-#
-# By default only the basic instrumentation with low overhead is on.
-# The following properties allow to selectively turn on optional
-# instrumentation which are off by default and may have some
-# additional overhead.
-#
-# com.sun.management.enableThreadContentionMonitoring
-#
-#      This option enables thread contention monitoring if the
-#      Java virtual machine supports such instrumentation.
-#      Refer to the specification for the java.lang.management.ThreadMBean
-#      interface - see isThreadContentionMonitoringSupported() method.
-#
-
-# To enable thread contention monitoring, uncomment the following line
-# com.sun.management.enableThreadContentionMonitoring
-
-#####################################################################
-#			RMI Management Properties
-#####################################################################
-#
-# If system property -Dcom.sun.management.jmxremote.port=<port-number>
-# is set then
-#     - A MBean server is started
-#     - JRE Platform MBeans are registered in the MBean server
-#     - RMI connector is published  in a private readonly registry at
-#       specified port using a well known name, "jmxrmi"
-#     - the following properties are read for JMX remote management.
-#
-# The configuration can be specified only at startup time.
-# Later changes to above system property (e.g. via setProperty method),
-# this config file, the password file, or the access file have no effect to the
-# running MBean server, the connector, or the registry.
-#
-
-#
-# ########## RMI connector settings for local management ##########
-#
-# com.sun.management.jmxremote.local.only=true|false
-#      Default for this property is true. (Case for true/false ignored)
-#      If this property is specified as true then the local JMX RMI connector
-#      server will only accept connection requests from clients running on
-#      the host where the out-of-the-box JMX management agent is running.
-#      In order to ensure backwards compatibility this property could be
-#      set to false. However, deploying the local management agent in this
-#      way is discouraged because the local JMX RMI connector server will
-#      accept connection requests from any client either local or remote.
-#      For remote management the remote JMX RMI connector server should
-#      be used instead with authentication and SSL/TLS encryption enabled.
-#
-
-# For allowing the local management agent accept local
-# and remote connection requests use the following line
-# com.sun.management.jmxremote.local.only=false
-
-#
-# ###################### RMI SSL #############################
-#
-# com.sun.management.jmxremote.ssl=true|false
-#      Default for this property is true. (Case for true/false ignored)
-#      If this property is specified as false then SSL is not used.
-#
-
-# For RMI monitoring without SSL use the following line
-# com.sun.management.jmxremote.ssl=false
-
-# com.sun.management.jmxremote.ssl.config.file=filepath
-#      Specifies the location of the SSL configuration file. A properties
-#      file can be used to supply the keystore and truststore location and
-#      password settings thus avoiding to pass them as cleartext in the
-#      command-line.
-#
-#      The current implementation of the out-of-the-box management agent will
-#      look up and use the properties specified below to configure the SSL
-#      keystore and truststore, if present:
-#          javax.net.ssl.keyStore=<keystore-location>
-#          javax.net.ssl.keyStorePassword=<keystore-password>
-#          javax.net.ssl.trustStore=<truststore-location>
-#          javax.net.ssl.trustStorePassword=<truststore-password>
-#      Any other properties in the file will be ignored. This will allow us
-#      to extend the property set in the future if required by the default
-#      SSL implementation.
-#
-#      If the property "com.sun.management.jmxremote.ssl" is set to false,
-#      then this property is ignored.
-#
-
-# For supplying the keystore settings in a file use the following line
-# com.sun.management.jmxremote.ssl.config.file=filepath
-
-# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites>
-#      The value of this property is a string that is a comma-separated list
-#      of SSL/TLS cipher suites to enable. This property can be specified in
-#      conjunction with the previous property "com.sun.management.jmxremote.ssl"
-#      in order to control which particular SSL/TLS cipher suites are enabled
-#      for use by accepted connections. If this property is not specified then
-#      the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that
-#      are enabled by default.
-#
-
-# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions>
-#      The value of this property is a string that is a comma-separated list
-#      of SSL/TLS protocol versions to enable. This property can be specified in
-#      conjunction with the previous property "com.sun.management.jmxremote.ssl"
-#      in order to control which particular SSL/TLS protocol versions are
-#      enabled for use by accepted connections. If this property is not
-#      specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS
-#      protocol versions that are enabled by default.
-#
-
-# com.sun.management.jmxremote.ssl.need.client.auth=true|false
-#      Default for this property is false. (Case for true/false ignored)
-#      If this property is specified as true in conjunction with the previous
-#      property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server
-#      Socket Factory will require client authentication.
-#
-
-# For RMI monitoring with SSL client authentication use the following line
-# com.sun.management.jmxremote.ssl.need.client.auth=true
-
-# com.sun.management.jmxremote.registry.ssl=true|false
-#      Default for this property is false. (Case for true/false ignored)
-#      If this property is specified as true then the RMI registry used
-#      to bind the RMIServer remote object is protected with SSL/TLS
-#      RMI Socket Factories that can be configured with the properties:
-#          com.sun.management.jmxremote.ssl.config.file
-#          com.sun.management.jmxremote.ssl.enabled.cipher.suites
-#          com.sun.management.jmxremote.ssl.enabled.protocols
-#          com.sun.management.jmxremote.ssl.need.client.auth
-#      If the two properties below are true at the same time, i.e.
-#          com.sun.management.jmxremote.ssl=true
-#          com.sun.management.jmxremote.registry.ssl=true
-#      then the RMIServer remote object and the RMI registry are
-#      both exported with the same SSL/TLS RMI Socket Factories.
-#
-
-# For using an SSL/TLS protected RMI registry use the following line
-# com.sun.management.jmxremote.registry.ssl=true
-
-#
-# ################ RMI User authentication ################
-#
-# com.sun.management.jmxremote.authenticate=true|false
-#      Default for this property is true. (Case for true/false ignored)
-#      If this property is specified as false then no authentication is
-#      performed and all users are allowed all access.
-#
-
-# For RMI monitoring without any checking use the following line
-# com.sun.management.jmxremote.authenticate=false
-
-#
-# ################ RMI Login configuration ###################
-#
-# com.sun.management.jmxremote.login.config=<config-name>
-#      Specifies the name of a JAAS login configuration entry to use when
-#      authenticating users of RMI monitoring.
-#
-#      Setting this property is optional - the default login configuration
-#      specifies a file-based authentication that uses the password file.
-#
-#      When using this property to override the default login configuration
-#      then the named configuration entry must be in a file that gets loaded
-#      by JAAS. In addition, the login module(s) specified in the configuration
-#      should use the name and/or password callbacks to acquire the user's
-#      credentials. See the NameCallback and PasswordCallback classes in the
-#      javax.security.auth.callback package for more details.
-#
-#      If the property "com.sun.management.jmxremote.authenticate" is set to
-#      false, then this property and the password & access files are ignored.
-#
-
-# For a non-default login configuration use the following line
-# com.sun.management.jmxremote.login.config=<config-name>
-
-#
-# ################ RMI Password file location ##################
-#
-# com.sun.management.jmxremote.password.file=filepath
-#      Specifies location for password file
-#      This is optional - default location is
-#      $JRE/conf/management/jmxremote.password
-#
-#      If the property "com.sun.management.jmxremote.authenticate" is set to
-#      false, then this property and the password & access files are ignored.
-#      Otherwise the password file must exist and be in the valid format.
-#      If the password file is empty or non-existent then no access is allowed.
-#
-
-# For a non-default password file location use the following line
-# com.sun.management.jmxremote.password.file=filepath
-
-#
-# ################# Hash passwords in password file ##############
-# com.sun.management.jmxremote.password.toHashes = true|false
-#      Default for this property is true.
-#      Specifies if passwords in the password file should be hashed or not.
-#      If this property is true, and if the password file is writable, and if the 
-#      system security policy allows writing into the password file,
-#      all the clear passwords in the password file will be replaced by
-#      their SHA3-512 hash when the file is read by the server
-#
-
-#
-# ################ RMI Access file location #####################
-#
-# com.sun.management.jmxremote.access.file=filepath
-#      Specifies location for access  file
-#      This is optional - default location is
-#      $JRE/conf/management/jmxremote.access
-#
-#      If the property "com.sun.management.jmxremote.authenticate" is set to
-#      false, then this property and the password & access files are ignored.
-#      Otherwise, the access file must exist and be in the valid format.
-#      If the access file is empty or non-existent then no access is allowed.
-#
-
-# For a non-default password file location use the following line
-# com.sun.management.jmxremote.access.file=filepath
-#
-
-# ################ Management agent listen interface #########################
-#
-# com.sun.management.jmxremote.host=<host-or-interface-name>
-#      Specifies the local interface on which the JMX RMI agent will bind.
-#      This is useful when running on machines which have several
-#      interfaces defined. It makes it possible to listen to a specific
-#      subnet accessible through that interface.
-#
-#      The format of the value for that property is any string accepted
-#      by java.net.InetAddress.getByName(String).
-#
-
-# ################ Filter for ObjectInputStream #############################
-# com.sun.management.jmxremote.serial.filter.pattern=<filter-string>
-#   A filter, if configured, is used by java.io.ObjectInputStream during
-#   deserialization of parameters sent to the JMX default agent to validate the 
-#   contents of the stream.
-#   A filter is configured as a sequence of patterns, each pattern is either
-#   matched against the name of a class in the stream or defines a limit.
-#   Patterns are separated by ";" (semicolon).
-#   Whitespace is significant and is considered part of the pattern.
-#
-#   If a pattern includes a "=", it sets a limit.
-#   If a limit appears more than once the last value is used.
-#   Limits are checked before classes regardless of the order in the sequence of patterns.
-#   If any of the limits are exceeded, the filter status is REJECTED.
-#
-#       maxdepth=value - the maximum depth of a graph
-#       maxrefs=value  - the maximum number of internal references
-#       maxbytes=value - the maximum number of bytes in the input stream
-#       maxarray=value - the maximum array length allowed
-#
-#   Other patterns, from left to right, match the class or package name as
-#   returned from Class.getName.
-#   If the class is an array type, the class or package to be matched is the element type.
-#   Arrays of any number of dimensions are treated the same as the element type.
-#   For example, a pattern of "!example.Foo", rejects creation of any instance or
-#   array of example.Foo.
-#
-#   If the pattern starts with "!", the status is REJECTED if the remaining pattern
-#       is matched; otherwise the status is ALLOWED if the pattern matches.
-#   If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
-#       if the module name matches the module name of the class then
-#       the remaining pattern is matched with the class name.
-#   If there is no "/", the module name is not compared.
-#   If the pattern ends with ".**" it matches any class in the package and all subpackages.
-#   If the pattern ends with ".*" it matches any class in the package.
-#   If the pattern ends with "*", it matches any class with the pattern as a prefix.
-#   If the pattern is equal to the class name, it matches.
-#   Otherwise, the status is UNDECIDED.

java/conf/net.properties

@@ -0,0 +1,121 @@
+############################################################
+#       Default Networking Configuration File
+#
+# This file may contain default values for the networking system properties.
+# These values are only used when the system properties are not specified
+# on the command line or set programmatically.
+# For now, only the various proxy settings can be configured here.
+############################################################
+
+# Whether or not the DefaultProxySelector will default to System Proxy
+# settings when they do exist.
+# Set it to 'true' to enable this feature and check for platform
+# specific proxy settings
+# Note that the system properties that do explicitly set proxies
+# (like http.proxyHost) do take precedence over the system settings
+# even if java.net.useSystemProxies is set to true.
+
+java.net.useSystemProxies=false
+
+#------------------------------------------------------------------------
+# Proxy configuration for the various protocol handlers.
+# DO NOT uncomment these lines if you have set java.net.useSystemProxies
+# to true as the protocol specific properties will take precedence over
+# system settings.
+#------------------------------------------------------------------------
+
+# HTTP Proxy settings. proxyHost is the name of the proxy server
+# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
+# value is 80) and nonProxyHosts is a '|' separated list of hostnames which
+# should be accessed directly, ignoring the proxy server (default value is
+# localhost & 127.0.0.1).
+#
+# http.proxyHost=
+# http.proxyPort=80
+http.nonProxyHosts=localhost|127.*|[::1]
+#
+# HTTPS Proxy Settings. proxyHost is the name of the proxy server
+# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
+# value is 443). The HTTPS protocol handlers uses the http nonProxyHosts list.
+#
+# https.proxyHost=
+# https.proxyPort=443
+#
+# FTP Proxy settings. proxyHost is the name of the proxy server
+# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
+# value is 80) and nonProxyHosts is a '|' separated list of hostnames which
+# should be accessed directly, ignoring the proxy server (default value is
+# localhost & 127.0.0.1).
+#
+# ftp.proxyHost=
+# ftp.proxyPort=80
+ftp.nonProxyHosts=localhost|127.*|[::1]
+#
+# Gopher Proxy settings. proxyHost is the name of the proxy server
+# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
+# value is 80)
+#
+# gopher.proxyHost=
+# gopher.proxyPort=80
+#
+# Socks proxy settings. socksProxyHost is the name of the proxy server
+# (e.g. socks.domain.com), socksProxyPort is the port number to use
+# (default value is 1080)
+#
+# socksProxyHost=
+# socksProxyPort=1080
+#
+# HTTP Keep Alive settings. remainingData is the maximum amount of data
+# in kilobytes that will be cleaned off the underlying socket so that it
+# can be reused (default value is 512K), queuedConnections is the maximum
+# number of Keep Alive connections to be on the queue for clean up (default
+# value is 10).
+# http.KeepAlive.remainingData=512
+# http.KeepAlive.queuedConnections=10
+
+# Authentication Scheme restrictions for HTTP and HTTPS.
+#
+# In some environments certain authentication schemes may be undesirable
+# when proxying HTTP or HTTPS.  For example, "Basic" results in effectively the
+# cleartext transmission of the user's password over the physical network.
+# This section describes the mechanism for disabling authentication schemes
+# based on the scheme name. Disabled schemes will be treated as if they are not
+# supported by the implementation.
+#
+# The 'jdk.http.auth.tunneling.disabledSchemes' property lists the authentication
+# schemes that will be disabled when tunneling HTTPS over a proxy, HTTP CONNECT.
+# The 'jdk.http.auth.proxying.disabledSchemes' property lists the authentication
+# schemes that will be disabled when proxying HTTP.
+#
+# In both cases the property is a comma-separated list of, case-insensitive,
+# authentication scheme names, as defined by their relevant RFCs. An
+# implementation may, but is not required to, support common schemes whose names
+# include: 'Basic', 'Digest', 'NTLM', 'Kerberos', 'Negotiate'.  A scheme that
+# is not known, or not supported, by the implementation is ignored.
+#
+# Note: This property is currently used by the JDK Reference implementation. It
+# is not guaranteed to be examined and used by other implementations.
+#
+#jdk.http.auth.proxying.disabledSchemes=
+jdk.http.auth.tunneling.disabledSchemes=Basic
+
+#
+# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
+# can be used for the NTLM scheme, where the security credentials based on the
+# currently logged in user's name and password can be obtained directly from the
+# operating system, without prompting the user. This property has three possible
+# values which regulate the behavior as shown below. Other unrecognized values
+# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
+# strongly secure authentication scheme and care should be taken before enabling
+# this mechanism.
+#
+# Transparent authentication never used.
+#jdk.http.ntlm.transparentAuth=disabled
+#
+# Enabled for all hosts.
+#jdk.http.ntlm.transparentAuth=allHosts
+#
+# Enabled for hosts that are trusted in Windows Internet settings
+#jdk.http.ntlm.transparentAuth=trustedHosts
+#
+jdk.http.ntlm.transparentAuth=disabled

java/conf/security/java.security

@@ -1063,6 +1063,24 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep
 #
 #jdk.includeInExceptions=hostInfo
 
+#
+# Disabled mechanisms for the Simple Authentication and Security Layer (SASL)
+#
+# Disabled mechanisms will not be negotiated by both SASL clients and servers.
+# These mechanisms will be ignored if they are specified in the "mechanisms"
+# argument of "Sasl.createSaslClient" or the "mechanism" argument of
+# "Sasl.createSaslServer".
+#
+# The value of this property is a comma-separated list of SASL mechanisms.
+# The mechanisms are case-sensitive. Whitespaces around the commas are ignored.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+# Example:
+#   jdk.sasl.disabledMechanisms=PLAIN, CRAM-MD5, DIGEST-MD5
+jdk.sasl.disabledMechanisms=
+
 #
 # Policies for distrusting Certificate Authorities (CAs).
 #

java/conf/security/policy/README.txt

@@ -0,0 +1,54 @@
+
+            Java(TM) Cryptography Extension Policy Files
+    for the Java(TM) Platform, Standard Edition Runtime Environment
+
+                               README
+------------------------------------------------------------------------
+
+Import and export control rules on cryptographic software vary from
+country to country.  The Java Cryptography Extension (JCE) architecture
+allows flexible cryptographic key strength to be configured via the
+jurisdiction policy files which are referenced by the "crypto.policy"
+security property in the <java-home>/conf/security/java.security file.
+
+By default, Java provides two different sets of cryptographic policy
+files:
+
+    unlimited:  These policy files contain no restrictions on cryptographic
+                strengths or algorithms
+
+    limited:    These policy files contain more restricted cryptographic
+                strengths
+
+These files reside in <java-home>/conf/security/policy in the "unlimited"
+or "limited" subdirectories respectively.
+
+Each subdirectory contains a complete policy configuration,
+and subdirectories can be added/edited/removed to reflect your
+import or export control product requirements.
+
+Within a subdirectory, the effective policy is the combined minimum
+permissions of the grant statements in the file(s) matching the filename
+pattern "default_*.policy".  At least one grant is required.  For example:
+
+    limited   =  Export (all) + Import (limited)  =  Limited
+    unlimited =  Export (all) + Import (all)      =  Unlimited
+
+The effective exemption policy is the combined minimum permissions
+of the grant statements in the file(s) matching the filename pattern
+"exempt_*.policy".  Exemption grants are optional.  For example:
+
+    limited   =  grants exemption permissions, by which the
+                 effective policy can be circumvented.
+                 e.g.  KeyRecovery/KeyEscrow/KeyWeakening.
+
+Please see the Java Cryptography Architecture (JCA) documentation for
+additional information on these files and formats.
+
+YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
+TO DETERMINE THE EXACT REQUIREMENTS.
+
+Please note that the JCE for Java SE, including the JCE framework,
+cryptographic policy files, and standard JCE providers provided with
+the Java SE, have been reviewed and approved for export as mass market
+encryption item by the US Bureau of Industry and Security.

java/conf/security/policy/limited/default_US_export.policy

@@ -0,0 +1,6 @@
+// Default US Export policy file.
+
+grant {
+    // There is no restriction to any algorithms.
+    permission javax.crypto.CryptoAllPermission; 
+};

java/conf/security/policy/limited/default_local.policy

@@ -0,0 +1,14 @@
+// Some countries have import limits on crypto strength. This policy file
+// is worldwide importable.
+
+grant {
+    permission javax.crypto.CryptoPermission "DES", 64;
+    permission javax.crypto.CryptoPermission "DESede", *;
+    permission javax.crypto.CryptoPermission "RC2", 128, 
+                                     "javax.crypto.spec.RC2ParameterSpec", 128;
+    permission javax.crypto.CryptoPermission "RC4", 128;
+    permission javax.crypto.CryptoPermission "RC5", 128, 
+          "javax.crypto.spec.RC5ParameterSpec", *, 12, *;
+    permission javax.crypto.CryptoPermission "RSA", *;
+    permission javax.crypto.CryptoPermission *, 128;
+};

java/conf/security/policy/limited/exempt_local.policy

@@ -0,0 +1,13 @@
+// Some countries have import limits on crypto strength, but may allow for
+// these exemptions if the exemption mechanism is used.
+
+grant {
+    // There is no restriction to any algorithms if KeyRecovery is enforced.
+    permission javax.crypto.CryptoPermission *, "KeyRecovery"; 
+
+    // There is no restriction to any algorithms if KeyEscrow is enforced.
+    permission javax.crypto.CryptoPermission *, "KeyEscrow"; 
+
+    // There is no restriction to any algorithms if KeyWeakening is enforced. 
+    permission javax.crypto.CryptoPermission *, "KeyWeakening";
+};

java/conf/security/policy/unlimited/default_US_export.policy

@@ -0,0 +1,6 @@
+// Default US Export policy file.
+
+grant {
+    // There is no restriction to any algorithms.
+    permission javax.crypto.CryptoAllPermission; 
+};

java/conf/sound.properties

@@ -0,0 +1,39 @@
+############################################################
+#               Sound Configuration File
+############################################################
+#
+# This properties file is used to specify default service
+# providers for javax.sound.midi.MidiSystem and
+# javax.sound.sampled.AudioSystem.
+#
+# The following keys are recognized by MidiSystem methods:
+#
+# javax.sound.midi.Receiver
+# javax.sound.midi.Sequencer
+# javax.sound.midi.Synthesizer
+# javax.sound.midi.Transmitter
+#
+# The following keys are recognized by AudioSystem methods:
+#
+# javax.sound.sampled.Clip
+# javax.sound.sampled.Port
+# javax.sound.sampled.SourceDataLine
+# javax.sound.sampled.TargetDataLine
+#
+# The values specify the full class name of the service
+# provider, or the device name.
+#
+# See the class descriptions for details.
+#
+# Example 1:
+# Use MyDeviceProvider as default for SourceDataLines:
+# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider
+#
+# Example 2:
+# Specify the default Synthesizer by its name "InternalSynth".
+# javax.sound.midi.Synthesizer=#InternalSynth
+#
+# Example 3:
+# Specify the default Receiver by provider and name:
+# javax.sound.midi.Receiver=com.sun.media.sound.MidiProvider#SunMIDI1
+#

java/lib/java.properties

@@ -1,4 +1,4 @@
-#Wed Aug 21 18:34:47 UTC 2019
+#Fri Oct 11 18:28:03 UTC 2019
 EXEL070=ROM image is wrong version
 EXEL079=\  -Xscmx<x>       set size of new shared class cache to <x>
 J9VM151=Failed to open jimage library
@@ -169,13 +169,27 @@ DUMP017=Aborting\: Cannot compress file (%s)
 SHRC817=%s value is greater than the shared cache size, so it has been set to unlimited
 SHRC818=Total unstored bytes due to the setting of shared cache soft max is %u. Unstored AOT bytes due to the setting of -Xscmaxaot is %u. Unstored JIT bytes due to the setting of -Xscmaxjitdata is %u.
 SHRC819=Failed to start up the shared cache. The existing shared cache was created by a different JVM build and doesn't match the running JVM.
+SHRC840=Failed to start up the shared cache.
+SHRC841=Specify the top layer number. Create a new shared cache layer if the specified layer does not exist.
+SHRC846=\nCurrent statistics for top layer of cache "%s"\: \n
+SHRC847=cache layer                         %*.c\= %d
+SHRC848=\nCurrent statistics for all layers of cache "%s"\: \n
 J9VM191=%2$.*1$s is not visible
+SHRC849=Print summary of cache statistics from top layer only. Use printTopLayerStats\=help to see available options.
 J9VM190=Superclass %2$.*1$s can't be an interface
+SHRC842=Create a new shared cache layer.
 J9VM193=Since Java 13 -Xverify\:none and -noverify were deprecated for removal and may not be accepted options in the future.
+SHRC843=Invalid layer number %d found for "%s". The layer number should be less than %d.
 J9VM192=%2$.*1$s is not an interface
+SHRC844=Invalid layer number %d. The existing top layer is %d. The new layer number should be %d.
+SHRC845=Don't check free disk space before creating a persistent cache.
+J9VM194=Invalid class loading relationship for child\: %2$.*1$s, parent\: %4$.*3$s
 SHRC830=Failed to use user's home as the default shared cache directory. The path is too long. Cannot get home directory. Please set another directory via environment variable "HOME" or command line option "cacheDir\=", or fix the home directory in the password file entry.
 SHRC835=Check non-bootstrap URL jar/zip file timestamps on every class load.
+SHRC836=Destroy all shared cache layers of the same name (use name parm or default)
+SHRC837=Failed to allocate a cache descriptor
 J9VM180=Module name is invalid.
+SHRC838=Failed to start up the shared cache. Modification to a lower layer shared cache has been detected. Expected Unique Cache ID is %s 
 SHRC831=Failed to use user's home as the default shared cache directory. It is on a Network File System. Cannot get home directory. Please set another directory via environment variable "HOME" or command line option "cacheDir\=", or fix the home directory in the password file entry.
 J9VM182=Only bootstrap or platform classloader can define package java or java.*.
 SHRC832=Failed to use user's home as the default shared cache directory. Error code is %1$d.
@@ -188,7 +202,9 @@ J9VM186=bad object type %2$.*1$s\: object on stack is not a value type
 J9VM185=bad class %2$.*1$s\: classref is not a value type
 J9VM188=Failed to create a thread\: retVal %1$zd, errno %2$zd (0x%3$zx), errno2 0x%4$x
 J9VM187=bad object type %2$.*1$s\: object that is synchronized is a value type
+SHRC839=Failed to start up the shared cache. An error occurred while getting the unique ID of a lower layer prerequisite cache.
 J9VM189=Final superclass %2$.*1$s can't be extended
+SHRC850=Available options for -Xshareclasses\:%1$s<options>. Use '+' to specify multiple options. i.e. %2$saot+url \n  
 VRFY007=final method overridden
 VRFY008=array index not integer
 VRFY009=array not type compatible
@@ -367,6 +383,8 @@ EXEL114=\  -XX\:SharedCacheHardLimit\=<x>   set size of new shared class cache t
 EXEL115=\  -XX\:+ShareAnonymousClasses   enable storing and finding anonymous classes in the shared class cache
 SHRC369=-Xnolinenumbers                      \= true
 EXEL116=\  -XX\:-ShareAnonymousClasses   disable storing and finding anonymous classes in the shared class cache
+EXEL117=\  -XX\:+ShareUnsafeClasses   enable storing and finding non-anonymous unsafe classes in the shared class cache
+EXEL118=\  -XX\:-ShareUnsafeClasses   disable storing and finding non-anonymous unsafe classes in the shared class cache
 EXEL110=\  -XX\:ShareClassesDisableBCI   create shared class cache without support for byte-code instrumentation
 EXEL111=\  -XX\:+StoreIntermediateClassfile   store raw class data to be used during re-transformation
 SHRC354=Failed to find AOT code for ROMMethod 0x%1$p in shared cache.
@@ -498,6 +516,9 @@ CFRE127=bootstrap method index must refer to a MethodHandle constant pool entry
 CFRE128=methodtype signature invalid
 CFRE129=constant pool entry not valid in class files with versions < 51.0
 CFRE163=Class file is a preview version but has the wrong major version or preview is not enabled.
+CFRE164=Index in LocalVariableTable is out of range
+CFRE165=Index in LocalVariableTypeTable is out of range
+CFRE166=Duplicate entries in LocalVariableTypeTable are not allowed
 CFRE160=Constant pool entry not valid in class files with versions < 55.0
 CFRE161=BootstrapMethod (%1$d) arguments contain invalid constantpool entry at index (\#%2$u) of type (%3$u); class\=%5$.*4$s, offset\=%6$u
 CFRE162=ValueTypes are only enabled with the -XX\:+EnableValhalla option

java/lib/openj9-notices.html

@@ -13,26 +13,26 @@
 
 This program and the accompanying materials are made available under the terms of the Eclipse Public License 2 which accompanies this distribution and is available at https://www.eclipse.org/legal/epl-2.0/ or the Apache License, Version 2.0 which accompanies this distribution and is available at https://www.apache.org/licenses/LICENSE-2.0.
 <p>
-This Source Code may also be made available under the following Secondary Licenses when the conditions for such availability set forth in the Eclipse Public License, v. 2.0 are satisfied: GNU General Public License, version 2 with the GNU Classpath Exception [1] and GNU General Public License, version 2 with the OpenJDK Assembly Exception [2].
+This Source Code may also be made available under the following Secondary Licenses when the conditions for such availability set forth in the Eclipse Public License, v. 2.0 are satisfied: GNU General Public License, version 2 with the GNU Classpath Exception [1] and GNU General Public License, version 2 with the OpenJDK Assembly Exception [2].
 <p>
-[1] https://www.gnu.org/software/classpath/license.html 
+[1] https://www.gnu.org/software/classpath/license.html
 <BR>
 [2] http://openjdk.java.net/legal/assembly-exception.html
 <BR>
 <BR>
 SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 OR LicenseRef-GPL-2.0 WITH Assembly-exception
 
-<p>If you did not receive this Content directly from the Eclipse Foundation, the Content is 
+<p>If you did not receive this Content directly from the Eclipse Foundation, the Content is
 being redistributed by another party (&quot;Redistributor&quot;) and different terms and conditions may
-apply to your use of any object code in the Content.  Check the Redistributor's license that was 
+apply to your use of any object code in the Content.  Check the Redistributor's license that was
 provided with the Content.  If no such license exists, contact the Redistributor.  Unless otherwise
 indicated below, the terms and conditions of the EPL still apply to any source code in the Content
 and such source code may be obtained at <a href="https://www.eclipse.org/">https://www.eclipse.org</a>.</p>
 
 <h3>Third Party Content</h3>
-<p>The Content includes items that have been sourced from third parties as set out below. If you 
-did not receive this Content directly from the Eclipse Foundation, the following is provided 
-for informational purposes only, and you should look to the Redistributor's license for 
+<p>The Content includes items that have been sourced from third parties as set out below. If you
+did not receive this Content directly from the Eclipse Foundation, the following is provided
+for informational purposes only, and you should look to the Redistributor's license for
 terms and conditions of use.</p>
 
 <h4>Eclipse OMR</h4>
@@ -40,9 +40,9 @@ terms and conditions of use.</p>
 <p>
 This program and the accompanying materials are made available under the terms of the Eclipse Public License 2 which accompanies this distribution and is available at https://www.eclipse.org/legal/epl-2.0/ or the Apache License, Version 2.0 which accompanies this distribution and is available at https://www.apache.org/licenses/LICENSE-2.0.
 <p>
-This Source Code may also be made available under the following Secondary Licenses when the conditions for such availability set forth in the Eclipse Public License, v. 2.0 are satisfied: GNU General Public License, version 2 with the GNU Classpath Exception [1] and GNU General Public License, version 2 with the OpenJDK Assembly Exception [2].
+This Source Code may also be made available under the following Secondary Licenses when the conditions for such availability set forth in the Eclipse Public License, v. 2.0 are satisfied: GNU General Public License, version 2 with the GNU Classpath Exception [1] and GNU General Public License, version 2 with the OpenJDK Assembly Exception [2].
 <p>
-[1] https://www.gnu.org/software/classpath/license.html 
+[1] https://www.gnu.org/software/classpath/license.html
 <BR>
 [2] http://openjdk.java.net/legal/assembly-exception.html
 <BR>
@@ -151,7 +151,7 @@ NOTICE TO USER: Carefully read the following legal agreement. BY DOWNLOADING, IN
 <p>
 COPYRIGHT AND PERMISSION NOTICE
 <p>
-Copyright © 1991-2011 Unicode, Inc. All rights reserved. Distributed under the Terms of Use in http://www.unicode.org/copyright.html.
+Copyright &copy; 1991-2011 Unicode, Inc. All rights reserved. Distributed under the Terms of Use in http://www.unicode.org/copyright.html.
 <p>
 Permission is hereby granted, free of charge, to any person obtaining a copy of the Unicode data files and any associated documentation (the "Data Files") or Unicode software and any associated documentation (the "Software") to deal in the Data Files or Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Data Files or Software, and to permit persons to whom the Data Files or Software are furnished to do so, provided that (a) the above copyright notice(s) and this permission notice appear with all copies of the Data Files or Software, (b) both the above copyright notice(s) and this permission notice appear in associated documentation, and (c) there is clear notice in each modified Data File or in the Software as well as in the documentation associated with the Data File(s) or Software that the data or software has been modified.
 <p>
@@ -238,7 +238,7 @@ distribution.
 musl 1.1.4
 </h4>
 c<p>
-Copyright © 2005-2014 Rich Felker, et al.
+Copyright &copy; 2005-2014 Rich Felker, et al.
 </p><p>
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

java/lib/psfont.properties.ja

@@ -0,0 +1,119 @@
+#
+#
+# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+#
+#	Japanese PostScript printer property file
+#
+font.num=16
+#
+serif=serif
+timesroman=serif
+sansserif=sansserif
+helvetica=sansserif
+monospaced=monospaced
+courier=monospaced
+dialog=sansserif
+dialoginput=monospaced
+#
+serif.latin1.plain=Times-Roman
+serif.latin1.italic=Times-Italic
+serif.latin1.bolditalic=Times-BoldItalic
+serif.latin1.bold=Times-Bold
+#
+sansserif.latin1.plain=Helvetica
+sansserif.latin1.italic=Helvetica-Oblique
+sansserif.latin1.bolditalic=Helvetica-BoldOblique
+sansserif.latin1.bold=Helvetica-Bold
+#
+monospaced.latin1.plain=Courier
+monospaced.latin1.italic=Courier-Oblique
+monospaced.latin1.bolditalic=Courier-BoldOblique
+monospaced.latin1.bold=Courier-Bold
+#
+serif.x11jis0208.plain=Ryumin-Light-H
+serif.x11jis0208.italic=Ryumin-Light-H
+serif.x11jis0208.bolditalic=Ryumin-Light-H
+serif.x11jis0208.bold=Ryumin-Light-H
+#
+sansserif.x11jis0208.plain=GothicBBB-Medium-H
+sansserif.x11jis0208.italic=GothicBBB-Medium-H
+sansserif.x11jis0208.bolditalic=GothicBBB-Medium-H
+sansserif.x11jis0208.bold=GothicBBB-Medium-H
+#
+monospaced.x11jis0208.plain=GothicBBB-Medium-H
+monospaced.x11jis0208.italic=GothicBBB-Medium-H
+monospaced.x11jis0208.bolditalic=GothicBBB-Medium-H
+monospaced.x11jis0208.bold=GothicBBB-Medium-H
+#
+serif.x11jis0201.plain=Ryumin-Light.Hankaku
+serif.x11jis0201.italic=Ryumin-Light.Hankaku
+serif.x11jis0201.bolditalic=Ryumin-Light.Hankaku
+serif.x11jis0201.bold=Ryumin-Light.Hankaku
+#
+sansserif.x11jis0201.plain=GothicBBB-Medium.Hankaku
+sansserif.x11jis0201.italic=GothicBBB-Medium.Hankaku
+sansserif.x11jis0201.bolditalic=GothicBBB-Medium.Hankaku
+sansserif.x11jis0201.bold=GothicBBB-Medium.Hankaku
+#
+monospaced.x11jis0201.plain=GothicBBB-Medium.Hankaku
+monospaced.x11jis0201.italic=GothicBBB-Medium.Hankaku
+monospaced.x11jis0201.bolditalic=GothicBBB-Medium.Hankaku
+monospaced.x11jis0201.bold=GothicBBB-Medium.Hankaku
+#
+Helvetica=0
+Helvetica-Bold=1
+Helvetica-Oblique=2
+Helvetica-BoldOblique=3
+Times-Roman=4
+Times-Bold=5
+Times-Italic=6
+Times-BoldItalic=7
+Courier=8
+Courier-Bold=9
+Courier-Oblique=10
+Courier-BoldOblique=11
+GothicBBB-Medium-H=12
+Ryumin-Light-H=13
+GothicBBB-Medium.Hankaku=14
+Ryumin-Light.Hankaku=15
+#
+font.0=Helvetica ISOF
+font.1=Helvetica-Bold ISOF
+font.2=Helvetica-Oblique ISOF
+font.3=Helvetica-BoldOblique ISOF
+font.4=Times-Roman ISOF
+font.5=Times-Bold ISOF
+font.6=Times-Italic ISOF
+font.7=Times-BoldItalic ISOF
+font.8=Courier ISOF
+font.9=Courier-Bold ISOF
+font.10=Courier-Oblique ISOF
+font.11=Courier-BoldOblique ISOF
+font.12=GothicBBB-Medium-H findfont
+font.13=Ryumin-Light-H findfont
+font.14=GothicBBB-Medium.Hankaku findfont
+font.15=Ryumin-Light.Hankaku findfont
+#

java/lib/psfontj2d.properties

@@ -0,0 +1,323 @@
+#
+#
+# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+
+#
+#	PostScript printer property file for Java 2D printing.
+#
+# WARNING: This is an internal implementation file, not a public file.
+# Any customisation or reliance on the existence of this file and its
+# contents or syntax is discouraged and unsupported.
+# It may be incompatibly changed or removed without any notice.
+#
+#
+font.num=35
+#
+# Legacy logical font family names and logical font aliases should all
+# map to the primary logical font names.
+#
+serif=serif
+times=serif
+timesroman=serif
+sansserif=sansserif
+helvetica=sansserif
+dialog=sansserif
+dialoginput=monospaced
+monospaced=monospaced
+courier=monospaced
+#
+# Next, physical fonts which can be safely mapped to standard postscript fonts
+# These keys generally map to a value which is the same as the key, so
+# the key/value is just a way to say the font has a mapping.
+# Sometimes however we map more than one screen font to the same PS font.
+#
+avantgarde=avantgarde_book
+avantgarde_book=avantgarde_book
+avantgarde_demi=avantgarde_demi
+avantgarde_book_oblique=avantgarde_book_oblique
+avantgarde_demi_oblique=avantgarde_demi_oblique
+#
+itcavantgarde=avantgarde_book
+itcavantgarde=avantgarde_book
+itcavantgarde_demi=avantgarde_demi
+itcavantgarde_oblique=avantgarde_book_oblique
+itcavantgarde_demi_oblique=avantgarde_demi_oblique
+#
+bookman=bookman_light
+bookman_light=bookman_light
+bookman_demi=bookman_demi
+bookman_light_italic=bookman_light_italic
+bookman_demi_italic=bookman_demi_italic
+#
+# Exclude "helvetica" on its own as that's a legacy name for a logical font
+helvetica_bold=helvetica_bold
+helvetica_oblique=helvetica_oblique
+helvetica_bold_oblique=helvetica_bold_oblique
+#
+itcbookman_light=bookman_light
+itcbookman_demi=bookman_demi
+itcbookman_light_italic=bookman_light_italic
+itcbookman_demi_italic=bookman_demi_italic
+#
+# Exclude "courier" on its own as that's a legacy name for a logical font
+courier_bold=courier_bold
+courier_oblique=courier_oblique
+courier_bold_oblique=courier_bold_oblique
+#
+courier_new=courier
+courier_new_bold=courier_bold
+#
+monotype_century_schoolbook=newcenturyschoolbook
+monotype_century_schoolbook_bold=newcenturyschoolbook_bold
+monotype_century_schoolbook_italic=newcenturyschoolbook_italic
+monotype_century_schoolbook_bold_italic=newcenturyschoolbook_bold_italic
+#
+newcenturyschoolbook=newcenturyschoolbook
+newcenturyschoolbook_bold=newcenturyschoolbook_bold
+newcenturyschoolbook_italic=newcenturyschoolbook_italic
+newcenturyschoolbook_bold_italic=newcenturyschoolbook_bold_italic
+#
+palatino=palatino
+palatino_bold=palatino_bold
+palatino_italic=palatino_italic
+palatino_bold_italic=palatino_bold_italic
+#
+# Exclude "times" on its own as that's a legacy name for a logical font
+times_bold=times_roman_bold
+times_italic=times_roman_italic
+times_bold_italic=times_roman_bold_italic
+#
+times_roman=times_roman
+times_roman_bold=times_roman_bold
+times_roman_italic=times_roman_italic
+times_roman_bold_italic=times_roman_bold_italic
+#
+times_new_roman=times_roman
+times_new_roman_bold=times_roman_bold
+times_new_roman_italic=times_roman_italic
+times_new_roman_bold_italic=times_roman_bold_italic
+#
+zapfchancery_italic=zapfchancery_italic
+itczapfchancery_italic=zapfchancery_italic
+#
+# Next the mapping of the font name + charset + style to Postscript font name
+# for the logical fonts.
+#
+serif.latin1.plain=Times-Roman
+serif.latin1.bold=Times-Bold
+serif.latin1.italic=Times-Italic
+serif.latin1.bolditalic=Times-BoldItalic
+serif.symbol.plain=Symbol
+serif.dingbats.plain=ZapfDingbats
+serif.symbol.bold=Symbol
+serif.dingbats.bold=ZapfDingbats
+serif.symbol.italic=Symbol
+serif.dingbats.italic=ZapfDingbats
+serif.symbol.bolditalic=Symbol
+serif.dingbats.bolditalic=ZapfDingbats
+#
+sansserif.latin1.plain=Helvetica
+sansserif.latin1.bold=Helvetica-Bold
+sansserif.latin1.italic=Helvetica-Oblique
+sansserif.latin1.bolditalic=Helvetica-BoldOblique
+sansserif.symbol.plain=Symbol
+sansserif.dingbats.plain=ZapfDingbats
+sansserif.symbol.bold=Symbol
+sansserif.dingbats.bold=ZapfDingbats
+sansserif.symbol.italic=Symbol
+sansserif.dingbats.italic=ZapfDingbats
+sansserif.symbol.bolditalic=Symbol
+sansserif.dingbats.bolditalic=ZapfDingbats
+#
+monospaced.latin1.plain=Courier
+monospaced.latin1.bold=Courier-Bold
+monospaced.latin1.italic=Courier-Oblique
+monospaced.latin1.bolditalic=Courier-BoldOblique
+monospaced.symbol.plain=Symbol
+monospaced.dingbats.plain=ZapfDingbats
+monospaced.symbol.bold=Symbol
+monospaced.dingbats.bold=ZapfDingbats
+monospaced.symbol.italic=Symbol
+monospaced.dingbats.italic=ZapfDingbats
+monospaced.symbol.bolditalic=Symbol
+monospaced.dingbats.bolditalic=ZapfDingbats
+#
+# Next the mapping of the font name + charset + style to Postscript font name
+# for the physical fonts. Since these always report style as plain, the
+# style key is always plain. So we map using the face name to the correct
+# style for the postscript font. This is possible since the face names can
+# be replied upon to be different for each style.
+# However an application may try to create a Font applying a style to an
+# physical name. We want to map to the correct Postscript font there too
+# if possible but we do not map cases where the application tries to
+# augment a style (eg ask for a bold version of a bold font)
+# Defer to the 2D package to attempt create an artificially styled version
+#
+avantgarde_book.latin1.plain=AvantGarde-Book
+avantgarde_demi.latin1.plain=AvantGarde-Demi
+avantgarde_book_oblique.latin1.plain=AvantGarde-BookOblique
+avantgarde_demi_oblique.latin1.plain=AvantGarde-DemiOblique
+#
+avantgarde_book.latin1.bold=AvantGarde-Demi
+avantgarde_book.latin1.italic=AvantGarde-BookOblique
+avantgarde_book.latin1.bolditalic=AvantGarde-DemiOblique
+avantgarde_demi.latin1.italic=AvantGarde-DemiOblique
+avantgarde_book_oblique.latin1.bold=AvantGarde-DemiOblique
+#
+bookman_light.latin1.plain=Bookman-Light
+bookman_demi.latin1.plain=Bookman-Demi
+bookman_light_italic.latin1.plain=Bookman-LightItalic
+bookman_demi_italic.latin1.plain=Bookman-DemiItalic
+#
+bookman_light.latin1.bold=Bookman-Demi
+bookman_light.latin1.italic=Bookman-LightItalic
+bookman_light.latin1.bolditalic=Bookman-DemiItalic
+bookman_light_bold.latin1.italic=Bookman-DemiItalic
+bookman_light_italic.latin1.bold=Bookman-DemiItalic
+#
+courier.latin1.plain=Courier
+courier_bold.latin1.plain=Courier-Bold
+courier_oblique.latin1.plain=Courier-Oblique
+courier_bold_oblique.latin1.plain=Courier-BoldOblique
+courier.latin1.bold=Courier-Bold
+courier.latin1.italic=Courier-Oblique
+courier.latin1.bolditalic=Courier-BoldOblique
+courier_bold.latin1.italic=Courier-BoldOblique
+courier_italic.latin1.bold=Courier-BoldOblique
+#
+helvetica_bold.latin1.plain=Helvetica-Bold
+helvetica_oblique.latin1.plain=Helvetica-Oblique
+helvetica_bold_oblique.latin1.plain=Helvetica-BoldOblique
+helvetica.latin1.bold=Helvetica-Bold
+helvetica.latin1.italic=Helvetica-Oblique
+helvetica.latin1.bolditalic=Helvetica-BoldOblique
+helvetica_bold.latin1.italic=Helvetica-BoldOblique
+helvetica_italic.latin1.bold=Helvetica-BoldOblique
+#
+newcenturyschoolbook.latin1.plain=NewCenturySchlbk-Roman
+newcenturyschoolbook_bold.latin1.plain=NewCenturySchlbk-Bold
+newcenturyschoolbook_italic.latin1.plain=NewCenturySchlbk-Italic
+newcenturyschoolbook_bold_italic.latin1.plain=NewCenturySchlbk-BoldItalic
+newcenturyschoolbook.latin1.bold=NewCenturySchlbk-Bold
+newcenturyschoolbook.latin1.italic=NewCenturySchlbk-Italic
+newcenturyschoolbook.latin1.bolditalic=NewCenturySchlbk-BoldItalic
+newcenturyschoolbook_bold.latin1.italic=NewCenturySchlbk-BoldItalic
+newcenturyschoolbook_italic.latin1.bold=NewCenturySchlbk-BoldItalic
+#
+palatino.latin1.plain=Palatino-Roman
+palatino_bold.latin1.plain=Palatino-Bold
+palatino_italic.latin1.plain=Palatino-Italic
+palatino_bold_italic.latin1.plain=Palatino-BoldItalic
+palatino.latin1.bold=Palatino-Bold
+palatino.latin1.italic=Palatino-Italic
+palatino.latin1.bolditalic=Palatino-BoldItalic
+palatino_bold.latin1.italic=Palatino-BoldItalic
+palatino_italic.latin1.bold=Palatino-BoldItalic
+#
+times_roman.latin1.plain=Times-Roman
+times_roman_bold.latin1.plain=Times-Bold
+times_roman_italic.latin1.plain=Times-Italic
+times_roman_bold_italic.latin1.plain=Times-BoldItalic
+times_roman.latin1.bold=Times-Bold
+times_roman.latin1.italic=Times-Italic
+times_roman.latin1.bolditalic=Times-BoldItalic
+times_roman_bold.latin1.italic=Times-BoldItalic
+times_roman_italic.latin1.bold=Times-BoldItalic
+#
+zapfchancery_italic.latin1.plain=ZapfChancery-MediumItalic
+#
+# Finally the mappings of PS font names to indexes.
+#
+AvantGarde-Book=0
+AvantGarde-BookOblique=1
+AvantGarde-Demi=2
+AvantGarde-DemiOblique=3
+Bookman-Demi=4
+Bookman-DemiItalic=5
+Bookman-Light=6
+Bookman-LightItalic=7
+Courier=8
+Courier-Bold=9
+Courier-BoldOblique=10
+Courier-Oblique=11
+Helvetica=12
+Helvetica-Bold=13
+Helvetica-BoldOblique=14
+Helvetica-Narrow=15
+Helvetica-Narrow-Bold=16
+Helvetica-Narrow-BoldOblique=17
+Helvetica-Narrow-Oblique=18
+Helvetica-Oblique=19
+NewCenturySchlbk-Bold=20
+NewCenturySchlbk-BoldItalic=21
+NewCenturySchlbk-Italic=22
+NewCenturySchlbk-Roman=23
+Palatino-Bold=24
+Palatino-BoldItalic=25
+Palatino-Italic=26
+Palatino-Roman=27
+Symbol=28
+Times-Bold=29
+Times-BoldItalic=30
+Times-Italic=31
+Times-Roman=32
+ZapfDingbats=33
+ZapfChancery-MediumItalic=34
+#
+font.0=AvantGarde-Book ISOF
+font.1=AvantGarde-BookOblique ISOF
+font.2=AvantGarde-Demi ISOF
+font.3=AvantGarde-DemiOblique ISOF
+font.4=Bookman-Demi ISOF
+font.5=Bookman-DemiItalic ISOF
+font.6=Bookman-Light ISOF
+font.7=Bookman-LightItalic ISOF
+font.8=Courier ISOF
+font.9=Courier-Bold ISOF
+font.10=Courier-BoldOblique ISOF
+font.11=Courier-Oblique ISOF
+font.12=Helvetica ISOF
+font.13=Helvetica-Bold ISOF
+font.14=Helvetica-BoldOblique ISOF
+font.15=Helvetica-Narrow ISOF
+font.16=Helvetica-Narrow-Bold ISOF
+font.17=Helvetica-Narrow-BoldOblique ISOF
+font.18=Helvetica-Narrow-Oblique ISOF
+font.19=Helvetica-Oblique ISOF
+font.20=NewCenturySchlbk-Bold ISOF
+font.21=NewCenturySchlbk-BoldItalic ISOF
+font.22=NewCenturySchlbk-Italic ISOF
+font.23=NewCenturySchlbk-Roman ISOF
+font.24=Palatino-Bold ISOF
+font.25=Palatino-BoldItalic ISOF
+font.26=Palatino-Italic ISOF
+font.27=Palatino-Roman ISOF
+font.28=Symbol findfont
+font.29=Times-Bold ISOF
+font.30=Times-BoldItalic ISOF
+font.31=Times-Italic ISOF
+font.32=Times-Roman ISOF
+font.33=ZapfDingbats findfont
+font.34=ZapfChancery-MediumItalic ISOF
+#

java/lib/security/blacklisted.certs

@@ -0,0 +1,20 @@
+Algorithm=SHA-256
+14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD
+31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133
+3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66
+450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2
+4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE
+4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176
+5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B
+76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645
+8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF
+9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC
+A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083
+B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD
+D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F
+D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967
+DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E951B49BE
+EC30C9C3065A06BB07DC5B1C6B497F370C1CA65C0F30C08E042BA6BCECC78F2C
+F5B6F88F75D391A4B1EB336F9E201239FB6B1377DB8CFA7B84736216E5AFFFD7
+FC02FD48DB92D4DCE6F11679D38354CF750CFC7F584A520EB90BDE80E241F2BD
+FDEDB5BDFCB67411513A61AEE5CB5B5D7C52AF06028EFC996CC1B05B1D6CEA2B

java/lib/security/default.policy

@@ -105,12 +105,12 @@ grant codeBase "jrt:/jdk.accessibility" {
 
 grant codeBase "jrt:/jdk.attach" {
     permission java.lang.RuntimePermission "accessClassInPackage.com.ibm.oti.util";
-    permission java.lang.RuntimePermission "accessClassInPackage.com.ibm.tools.attach.target";
-    permission java.lang.RuntimePermission "accessClassInPackage.openj9.tools.attach.diagnostics.base";
+    permission java.lang.RuntimePermission "accessClassInPackage.openj9.internal.tools.attach.target";
+    permission java.lang.RuntimePermission "accessClassInPackage.openj9.internal.tools.attach.diagnostics.base";
     permission java.util.PropertyPermission "com.ibm.tools.attach.*", "read";
     // required by com.ibm.tools.attach.attacher.OpenJ9AttachProvider.listVirtualMachinesImp():commonDir.exists(),
-    // com.ibm.tools.attach.target.Reply.writeReply():new RandomAccessFile(replyFile, "rw"),
-    // and com.ibm.tools.attach.target.Reply.deleteReply():replyFile.delete()
+    // openj9.internal.tools.attach.target.Reply.writeReply():new RandomAccessFile(replyFile, "rw"),
+    // and openj9.internal.tools.attach.target.Reply.deleteReply():replyFile.delete()
     permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
     // required by com.ibm.tools.attach.attacher.OpenJ9VirtualMachine.tryAttachTarget():targetServer.accept()
     permission java.net.SocketPermission "localhost:1024-", "accept,resolve";

java/release

@@ -0,0 +1,2 @@
+JAVA_VERSION="11.0.5"
+MODULES="java.base java.datatransfer java.xml java.prefs java.desktop java.logging java.management java.security.sasl java.naming java.net.http java.scripting java.transaction.xa java.sql jdk.crypto.ec jdk.unsupported jdk.zipfs openj9.sharedclasses"

paper.yml

@@ -54,7 +54,7 @@ messages:
     flying-player: Flying is not enabled on this server
     flying-vehicle: Flying is not enabled on this server
 timings:
-  enabled: true
+  enabled: false
   verbose: true
   server-name-privacy: false
   hidden-config-entries:

permissions.yml

@@ -20,6 +20,7 @@ op:
         essentials.vanish.interact: false
         essentials.vanish.see: false
         fawe.bypass: false
+        worldedit.schematic.save.other: false
 deop:
     default: not-op
     children:

plugins/Essentials/upgrades-done.yml

@@ -0,0 +1,13 @@
+updateSpawnsToNewSpawnsConfig: true
+updateJailsToNewJailsConfig: true
+warnMetrics: true
+movemotdToFile: true
+moverulesToFile: true
+sanitizeAllUserFilenames: true
+updateUsersPowerToolsFormat: true
+updateUsersHomesFormat: true
+banFormatChange: true
+userMapRepaired: true
+kitsyml: true
+deleteOldItemsCsv: true
+uuidFileChange: true

plugins/ViaVersion/config.yml

@@ -23,6 +23,50 @@ block-disconnect-msg: You are using an unsupported Minecraft version!
 # You can customise the message we kick people with if you use ProtocolLib here.
 reload-disconnect-msg: Server reload, please rejoin!
 # 
+#----------------------------------------------------------#
+#                     BUNGEE OPTIONS                       #
+#----------------------------------------------------------#
+#
+# BungeeCord allows you to have different server versions inside.
+# Instead of you entering all the versions of these servers, we can ping them.
+#
+# What interval would you like us to ping at? (in seconds)
+# Use -1 to disable.
+bungee-ping-interval: -1
+# If the above is enabled, should we save the info to the config (in the section below)
+bungee-ping-save: true
+# To get a servers protocol, ViaVersion will do the following:
+# Look for the server in the following section, then look for the last ping if bungee-ping is enabled
+# otherwise use default.
+#
+# The format for the following is:
+#  servername: protocolversion
+# You can find protocol ids on http://wiki.vg/Protocol_version_numbers
+# It will fallback to the default option if none found.
+bungee-servers: {}
+#
+#----------------------------------------------------------#
+#                    VELOCITY OPTIONS                      #
+#----------------------------------------------------------#
+#
+# Velocity allows you to have different server versions inside.
+# Instead of you entering all the versions of these servers, we can ping them.
+#
+# What interval would you like us to ping at? (in seconds)
+# Use -1 to disable.
+velocity-ping-interval: -1
+# If the above is enabled, should we save the info to the config (in the section below)
+velocity-ping-save: true
+# To get a servers protocol, ViaVersion will do the following:
+# Look for the server in the following section, then look for the last ping if velocity-ping is enabled
+# otherwise use default.
+#
+# The format for the following is:
+#  servername: protocolversion
+# You can find protocol ids on http://wiki.vg/Protocol_version_numbers
+# It will fallback to the default option if none found.
+velocity-servers: {}
+#
 # ----------------------------------------------------------#
 #                  GLOBAL PACKET LIMITER                   #
 # ----------------------------------------------------------#
@@ -82,6 +126,10 @@ change-1_9-hitbox: false
 # WARNING: This gives 1.14+ players the ability to sneak under blocks, that players under that version cannot (sneaking in places that are only 1.5 blocks high)!
 # Another thing to remember is that those players might be missed by projectiles and other hits directed at the very top of their head whilst sneaking.
 change-1_14-hitbox: true
+# Fixes 1.14+ clients on sub 1.14 servers having a light value of 0 for non full blocks.
+fix-non-full-blocklight: true
+# Fixes walk animation not shown when health is set to Float.NaN
+fix-1_14-health-nan: true
 # 
 # Enable serverside block-connections for 1.13+ clients
 serverside-blockconnections: true