--- a/ChangeLog	Wed Jun 13 15:39:37 2012 +0100
+++ b/ChangeLog	Fri Aug 31 21:57:49 2012 +0100
@@ -1,3 +1,23 @@
+2011-08-31  Andrew John Hughes  <ahughes@redhat.com>
+
+	* Makefile.am:
+	(CORBA_CHANGESET): Update to 2.2 forest head.
+	(HOTSPOT_CHANGESET): Likewise.
+	(JAXP_CHANGESET): Likewise.
+	(JAXWS_CHANGESET): Likewise.
+	(JDK_CHANGESET): Likewise.
+	(LANGTOOLS_CHANGESET): Likewise.
+	(OPENJDK_CHANGESET): Likewise.
+	(CORBA_SHA256SUM): Likewise.
+	(HOTSPOT_SHA256SUM): Likewise.
+	(JAXP_SHA256SUM): Likewise.
+	(JAXWS_SHA256SUM): Likewise.
+	(JDK_SHA256SUM): Likewise.
+	(LANGTOOLS_SHA256SUM): Likewise.
+	(OPENJDK_SHA256SUM): Likewise.
+	* NEWS:
+	List fixes brought in by forest update.
+
 2011-06-13  Andrew John Hughes  <ahughes@redhat.com>
 
 	* NEWS: Add section for 2.2.2.

--- a/Makefile.am	Wed Jun 13 15:39:37 2012 +0100
+++ b/Makefile.am	Fri Aug 31 21:57:49 2012 +0100
@@ -4,21 +4,21 @@
 JDK_UPDATE_VERSION = 05
 COMBINED_VERSION = $(JDK_UPDATE_VERSION)-$(OPENJDK_VERSION)
 
-CORBA_CHANGESET = 38deb372c569
-HOTSPOT_CHANGESET = 889dffcf4a54
-JAXP_CHANGESET = 335fb0b059b7
-JAXWS_CHANGESET = 5471e01ef43b
-JDK_CHANGESET = 6c3b742b735d
-LANGTOOLS_CHANGESET = beea46c7086b
-OPENJDK_CHANGESET = 0b776ef59474
+CORBA_CHANGESET = 64c5506f4a4b
+HOTSPOT_CHANGESET = f36619598d31
+JAXP_CHANGESET = d7e1594436a6
+JAXWS_CHANGESET = e029fce63568
+JDK_CHANGESET = 85680f91b6f9
+LANGTOOLS_CHANGESET = f5e3d40e7849
+OPENJDK_CHANGESET = 0fd1b10097bd
 
-CORBA_SHA256SUM = b892b0db6f3e4f89fd480d46ecb7c9ce5c71a884ae5bfe953b4bda9eedf7ea93
-HOTSPOT_SHA256SUM = b29a8929bb4aadbc033e99dca6a381ca6342f0373b9c3f67827bfc025187ba41
-JAXP_SHA256SUM = ff4ab3710fe316b7adc4e57d4d21ff967ca20e2ccc5267ac26b93cd22db8b3fd
-JAXWS_SHA256SUM = 1ef055749ee46ebf7a5be94403b461d8d32e95c98906da459aeb217a0784ff1d
-JDK_SHA256SUM = 48a513d18c919ec08d44cffdc12ae65f1e8942924c6cfcca5c1ffa8ca38afd0e
-LANGTOOLS_SHA256SUM = 17055cf1490fab1cccc57bf3aa5b32d655c408859790c7f671bfde180ddf70cb
-OPENJDK_SHA256SUM = 15a6eab62f5108efbf7937b1de7697bd789971886fc1fc08ee8199e16a5c10fe
+CORBA_SHA256SUM = b27f4fb21b5873594661b97a325454ad9448e5cd73864270f5f30c07ca082660
+HOTSPOT_SHA256SUM = 02b3b8e4814ac72140a921c7e08ac8967ae6f6904a9b49476bbc3e098d881153
+JAXP_SHA256SUM = 75bd17a9abfb110bde5950229fb343b16ac13916d78d87631b414cc6fc44d80b
+JAXWS_SHA256SUM = 89b6b52b758785d465d1d14c9156872db26e37b5cf13e2b602c28ee9f0e3d56a
+JDK_SHA256SUM = ca95c6c0c70f40c472f22d85092d664d77ab32dc4ef0ccc01a4ada937eb208ce
+LANGTOOLS_SHA256SUM = 57033a023ed8fd3b6222fe7bcad6a240841af7f700ee03f210b86bde9c13f6e0
+OPENJDK_SHA256SUM = f0caa034ee9377dc6b0bd2d71a9489a89c48088be17938ba69e1167afa68932c
 
 CACAO_VERSION = a567bcb7f589
 CACAO_SHA256SUM = d49f79debc131a5694cae6ab3ba2864e7f3249ee8d9dc09aae8afdd4dc6b09f9

--- a/NEWS	Wed Jun 13 15:39:37 2012 +0100
+++ b/NEWS	Fri Aug 31 21:57:49 2012 +0100
@@ -12,6 +12,21 @@
 
 New in release 2.2.2 (2012-XX-XX):
 
+* Security fixes
+  - RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed in 6788531.
+  - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
+  - S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
+  - S7163201, CVE-2012-0547: Simplify toolkit internals references
+* OpenJDK
+  - Fix Zero FTBFS issues
+  - PR1101: Undefined symbols on GNU/Linux SPARC
+  - S7180036: Build failure in Mac platform caused by fix # 7163201
+  - S7182135: Impossible to use some editors directly
+  - S7183701: [TEST] closed/java/beans/security/TestClassFinder.java - compilation failed
+  - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
+  - S7188168: 7071904 broke the DEBUG_BINARIES option on Linux
+  - S7190813: (launcher) RPATH needs to have additional paths
+
 New in release 2.2.1 (2012-06-12):
 
 * Security fixes