oraclejdk: 10.0.1 -> 10.0.2 [Critical security fixes]

(cherry picked from commit defa760)

Highlights in this release include:

This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.

CVE-2018-16802
CVE-2018-17183

Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.

Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.

As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.

IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).

The usual round of bug fixes, compatibility changes, and incremental improvements.

(cherry picked from commit 5b77b0d2f1eda9a42fe188eafb499230741e7925)
(cherry picked from commit dbcbf7c)

Backport of #43811 jdk updates (help needed)

This is a sort port of 4d6f880 (#43811). The mentioned issues are not
being fixed in the release. The CPU release should be used instead.

Since someone might still need the PSU version it will just be marked as
insecure allowing the user to whitelist it, if required.

[18.03] oraclejdk8psu: mark as insecure