OpenJDK / jdk / jdk12
changeset 26186:dc0034c79fa4
Merge
| author | lana |
|---|---|
| date | Fri, 29 Aug 2014 11:57:22 -0700 |
| parents | f179c0827318 6ee101c1180e |
| children | b50907e0a329 |
| files | jdk/make/src/classes/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java jdk/src/demo/share/jfc/Font2DTest/resources/TextResources.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_de.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_en.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_en_GB.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_ja.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_ko.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_zh_CN.properties jdk/src/demo/share/jfc/Font2DTest/resources/resource.data jdk/src/java.base/share/conf/security/java.security-aix jdk/src/java.base/share/conf/security/java.security-linux jdk/src/java.base/share/conf/security/java.security-macosx jdk/src/java.base/share/conf/security/java.security-solaris jdk/src/java.base/share/conf/security/java.security-windows jdk/test/sun/tools/jps/jps-Defaults.sh jdk/test/sun/tools/jps/jps-V_2.sh jdk/test/sun/tools/jps/jps-V_Output2.awk jdk/test/sun/tools/jps/jps-Vm_2.sh jdk/test/sun/tools/jps/jps-Vm_Output2.awk jdk/test/sun/tools/jps/jps-Vvm.sh jdk/test/sun/tools/jps/jps-Vvm_Output1.awk jdk/test/sun/tools/jps/jps-Vvml.sh jdk/test/sun/tools/jps/jps-Vvml_2.sh jdk/test/sun/tools/jps/jps-Vvml_Output1.awk jdk/test/sun/tools/jps/jps-Vvml_Output2.awk jdk/test/sun/tools/jps/jps-help.sh jdk/test/sun/tools/jps/jps-l_1.sh jdk/test/sun/tools/jps/jps-l_2.sh jdk/test/sun/tools/jps/jps-l_Output1.awk jdk/test/sun/tools/jps/jps-l_Output2.awk jdk/test/sun/tools/jps/jps-lm.sh jdk/test/sun/tools/jps/jps-lm_Output1.awk jdk/test/sun/tools/jps/jps-m.sh jdk/test/sun/tools/jps/jps-m_2.sh jdk/test/sun/tools/jps/jps-m_Output1.awk jdk/test/sun/tools/jps/jps-m_Output2.awk jdk/test/sun/tools/jps/jps-q.sh jdk/test/sun/tools/jps/jps-q_Output1.awk jdk/test/sun/tools/jps/jps-v_1.sh jdk/test/sun/tools/jps/jps-v_Output1.awk jdk/test/sun/tools/jps/jps-vm_1.sh jdk/test/sun/tools/jps/jps-vm_Output1.awk jdk/test/sun/tools/jps/jps_Output1.awk jdk/test/sun/tools/jps/vmflags langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/comp/JavacServiceImpl.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/CompilerPool.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/CompilerThread.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/JavacServer.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/JavacService.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/JavacServiceClient.java langtools/test/tools/javac/lib/ToolBox.java nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/CompiledFunctions.java nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/CompiledScript.java |
| diffstat | 785 files changed, 25732 insertions(+), 15549 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Fri Aug 22 09:55:49 2014 -0700 +++ b/.hgtags Fri Aug 29 11:57:22 2014 -0700 @@ -269,3 +269,4 @@ d9ce05f36ffec3e5e8af62a92455c1c66a63c320 jdk9-b24 13a5c76976fe48e55c9727c25fae2d2ce7c05da0 jdk9-b25 cd6f4557e7fea5799ff3762ed7a80a743e75d5fd jdk9-b26 +d06a6d3c66c08293b2a9650f3cc01fd55c620e65 jdk9-b27
--- a/.hgtags-top-repo Fri Aug 22 09:55:49 2014 -0700 +++ b/.hgtags-top-repo Fri Aug 29 11:57:22 2014 -0700 @@ -269,3 +269,4 @@ 1d4a293fbec19dc2d5790bbb2c7dd0ed8f265484 jdk9-b24 aefd8899a8d6615fb34ba99b2e38996a7145baa8 jdk9-b25 d3ec8d048e6c3c46b6e0ee011cc551ad386dfba5 jdk9-b26 +ba5645f2735b41ed085d07ba20fa7b322afff318 jdk9-b27
--- a/common/autoconf/basics.m4 Fri Aug 22 09:55:49 2014 -0700 +++ b/common/autoconf/basics.m4 Fri Aug 29 11:57:22 2014 -0700 @@ -377,7 +377,6 @@ BASIC_REQUIRE_PROGS(CMP, cmp) BASIC_REQUIRE_PROGS(COMM, comm) BASIC_REQUIRE_PROGS(CP, cp) - BASIC_REQUIRE_PROGS(CPIO, cpio) BASIC_REQUIRE_PROGS(CUT, cut) BASIC_REQUIRE_PROGS(DATE, date) BASIC_REQUIRE_PROGS(DIFF, [gdiff diff]) @@ -427,6 +426,7 @@ BASIC_PATH_PROGS(READLINK, [greadlink readlink]) BASIC_PATH_PROGS(DF, df) BASIC_PATH_PROGS(SETFILE, SetFile) + BASIC_PATH_PROGS(CPIO, [cpio bsdcpio]) ]) # Setup basic configuration paths, and platform-specific stuff related to PATHs. @@ -954,7 +954,7 @@ # not be the case in cygwin in certain conditions. AC_DEFUN_ONCE([BASIC_CHECK_SRC_PERMS], [ - if test x"$OPENJDK_BUILD_OS" = xwindows; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then file_to_test="$SRC_ROOT/LICENSE" if test `$STAT -c '%a' "$file_to_test"` -lt 400; then AC_MSG_ERROR([Bad file permissions on src files. This is usually caused by cloning the repositories with a non cygwin hg in a directory not created in cygwin.])
--- a/common/autoconf/basics_windows.m4 Fri Aug 22 09:55:49 2014 -0700 +++ b/common/autoconf/basics_windows.m4 Fri Aug 29 11:57:22 2014 -0700 @@ -266,6 +266,14 @@ BASIC_WINDOWS_REWRITE_AS_UNIX_PATH(new_path) new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + BASIC_WINDOWS_REWRITE_AS_UNIX_PATH(new_path) + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error.
--- a/common/autoconf/flags.m4 Fri Aug 22 09:55:49 2014 -0700 +++ b/common/autoconf/flags.m4 Fri Aug 29 11:57:22 2014 -0700 @@ -900,7 +900,7 @@ case "${TOOLCHAIN_TYPE}" in microsoft) - CFLAGS_WARNINGS_ARE_ERRORS="/WX" + CFLAGS_WARNINGS_ARE_ERRORS="-WX" ;; solstudio) CFLAGS_WARNINGS_ARE_ERRORS="-errtags -errwarn=%all"
--- a/common/autoconf/generated-configure.sh Fri Aug 22 09:55:49 2014 -0700 +++ b/common/autoconf/generated-configure.sh Fri Aug 29 11:57:22 2014 -0700 @@ -920,12 +920,14 @@ OPENJDK_TARGET_CPU_BITS OPENJDK_TARGET_CPU_ARCH OPENJDK_TARGET_CPU +OPENJDK_TARGET_OS_ENV OPENJDK_TARGET_OS_API OPENJDK_TARGET_OS OPENJDK_BUILD_CPU_ENDIAN OPENJDK_BUILD_CPU_BITS OPENJDK_BUILD_CPU_ARCH OPENJDK_BUILD_CPU +OPENJDK_BUILD_OS_ENV OPENJDK_BUILD_OS_API OPENJDK_BUILD_OS OPENJDK_BUILD_AUTOCONF_NAME @@ -942,6 +944,7 @@ build_vendor build_cpu build +CPIO SETFILE DF READLINK @@ -980,7 +983,6 @@ DIFF DATE CUT -CPIO CP COMM CMP @@ -1120,7 +1122,6 @@ CMP COMM CP -CPIO CUT DATE DIFF @@ -1159,6 +1160,7 @@ READLINK DF SETFILE +CPIO UNZIP ZIP LDD @@ -1990,7 +1992,6 @@ CMP Override default value for CMP COMM Override default value for COMM CP Override default value for CP - CPIO Override default value for CPIO CUT Override default value for CUT DATE Override default value for DATE DIFF Override default value for DIFF @@ -2029,6 +2030,7 @@ READLINK Override default value for READLINK DF Override default value for DF SETFILE Override default value for SETFILE + CPIO Override default value for CPIO UNZIP Override default value for UNZIP ZIP Override default value for ZIP LDD Override default value for LDD @@ -4319,7 +4321,7 @@ #CUSTOM_AUTOCONF_INCLUDE # Do not change or remove the following line, it is needed for consistency checks: -DATE_WHEN_GENERATED=1407143049 +DATE_WHEN_GENERATED=1408448519 ############################################################################### # @@ -5724,199 +5726,6 @@ # Publish this variable in the help. - if test "x$CPIO" = x; then - # The variable is not set by user, try to locate tool using the code snippet - for ac_prog in cpio -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_CPIO+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $CPIO in - [\\/]* | ?:[\\/]*) - ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -CPIO=$ac_cv_path_CPIO -if test -n "$CPIO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5 -$as_echo "$CPIO" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CPIO" && break -done - - else - # The variable is set, but is it from the command line or the environment? - - # Try to remove the string !CPIO! from our list. - try_remove_var=${CONFIGURE_OVERRIDDEN_VARIABLES//!CPIO!/} - if test "x$try_remove_var" = "x$CONFIGURE_OVERRIDDEN_VARIABLES"; then - # If it failed, the variable was not from the command line. Ignore it, - # but warn the user (except for BASH, which is always set by the calling BASH). - if test "xCPIO" != xBASH; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring value of CPIO from the environment. Use command line variables instead." >&5 -$as_echo "$as_me: WARNING: Ignoring value of CPIO from the environment. Use command line variables instead." >&2;} - fi - # Try to locate tool using the code snippet - for ac_prog in cpio -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_CPIO+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $CPIO in - [\\/]* | ?:[\\/]*) - ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -CPIO=$ac_cv_path_CPIO -if test -n "$CPIO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5 -$as_echo "$CPIO" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CPIO" && break -done - - else - # If it succeeded, then it was overridden by the user. We will use it - # for the tool. - - # First remove it from the list of overridden variables, so we can test - # for unknown variables in the end. - CONFIGURE_OVERRIDDEN_VARIABLES="$try_remove_var" - - # Check if the provided tool contains a complete path. - tool_specified="$CPIO" - tool_basename="${tool_specified##*/}" - if test "x$tool_basename" = "x$tool_specified"; then - # A command without a complete path is provided, search $PATH. - { $as_echo "$as_me:${as_lineno-$LINENO}: Will search for user supplied tool CPIO=$tool_basename" >&5 -$as_echo "$as_me: Will search for user supplied tool CPIO=$tool_basename" >&6;} - # Extract the first word of "$tool_basename", so it can be a program name with args. -set dummy $tool_basename; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_CPIO+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $CPIO in - [\\/]* | ?:[\\/]*) - ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -CPIO=$ac_cv_path_CPIO -if test -n "$CPIO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5 -$as_echo "$CPIO" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test "x$CPIO" = x; then - as_fn_error $? "User supplied tool $tool_basename could not be found" "$LINENO" 5 - fi - else - # Otherwise we believe it is a complete path. Use it as it is. - { $as_echo "$as_me:${as_lineno-$LINENO}: Will use user supplied tool CPIO=$tool_specified" >&5 -$as_echo "$as_me: Will use user supplied tool CPIO=$tool_specified" >&6;} - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CPIO" >&5 -$as_echo_n "checking for CPIO... " >&6; } - if test ! -x "$tool_specified"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } - as_fn_error $? "User supplied tool CPIO=$tool_specified does not exist or is not executable" "$LINENO" 5 - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tool_specified" >&5 -$as_echo "$tool_specified" >&6; } - fi - fi - fi - - - - if test "x$CPIO" = x; then - as_fn_error $? "Could not find required tool for CPIO" "$LINENO" 5 - fi - - - - - - # Publish this variable in the help. - - if test "x$CUT" = x; then # The variable is not set by user, try to locate tool using the code snippet for ac_prog in cut @@ -13386,6 +13195,192 @@ + # Publish this variable in the help. + + + if test "x$CPIO" = x; then + # The variable is not set by user, try to locate tool using the code snippet + for ac_prog in cpio bsdcpio +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_CPIO+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $CPIO in + [\\/]* | ?:[\\/]*) + ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +CPIO=$ac_cv_path_CPIO +if test -n "$CPIO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5 +$as_echo "$CPIO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CPIO" && break +done + + else + # The variable is set, but is it from the command line or the environment? + + # Try to remove the string !CPIO! from our list. + try_remove_var=${CONFIGURE_OVERRIDDEN_VARIABLES//!CPIO!/} + if test "x$try_remove_var" = "x$CONFIGURE_OVERRIDDEN_VARIABLES"; then + # If it failed, the variable was not from the command line. Ignore it, + # but warn the user (except for BASH, which is always set by the calling BASH). + if test "xCPIO" != xBASH; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring value of CPIO from the environment. Use command line variables instead." >&5 +$as_echo "$as_me: WARNING: Ignoring value of CPIO from the environment. Use command line variables instead." >&2;} + fi + # Try to locate tool using the code snippet + for ac_prog in cpio bsdcpio +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_CPIO+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $CPIO in + [\\/]* | ?:[\\/]*) + ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +CPIO=$ac_cv_path_CPIO +if test -n "$CPIO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5 +$as_echo "$CPIO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CPIO" && break +done + + else + # If it succeeded, then it was overridden by the user. We will use it + # for the tool. + + # First remove it from the list of overridden variables, so we can test + # for unknown variables in the end. + CONFIGURE_OVERRIDDEN_VARIABLES="$try_remove_var" + + # Check if the provided tool contains a complete path. + tool_specified="$CPIO" + tool_basename="${tool_specified##*/}" + if test "x$tool_basename" = "x$tool_specified"; then + # A command without a complete path is provided, search $PATH. + { $as_echo "$as_me:${as_lineno-$LINENO}: Will search for user supplied tool CPIO=$tool_basename" >&5 +$as_echo "$as_me: Will search for user supplied tool CPIO=$tool_basename" >&6;} + # Extract the first word of "$tool_basename", so it can be a program name with args. +set dummy $tool_basename; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_CPIO+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $CPIO in + [\\/]* | ?:[\\/]*) + ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +CPIO=$ac_cv_path_CPIO +if test -n "$CPIO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5 +$as_echo "$CPIO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "x$CPIO" = x; then + as_fn_error $? "User supplied tool $tool_basename could not be found" "$LINENO" 5 + fi + else + # Otherwise we believe it is a complete path. Use it as it is. + { $as_echo "$as_me:${as_lineno-$LINENO}: Will use user supplied tool CPIO=$tool_specified" >&5 +$as_echo "$as_me: Will use user supplied tool CPIO=$tool_specified" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CPIO" >&5 +$as_echo_n "checking for CPIO... " >&6; } + if test ! -x "$tool_specified"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + as_fn_error $? "User supplied tool CPIO=$tool_specified does not exist or is not executable" "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tool_specified" >&5 +$as_echo "$tool_specified" >&6; } + fi + fi + fi + + + + # Now we can determine OpenJDK build and target platforms. This is required to # have early on. # Make sure we can run config.sub. @@ -13644,6 +13639,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking openjdk-build os-cpu" >&5 $as_echo_n "checking openjdk-build os-cpu... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OPENJDK_BUILD_OS-$OPENJDK_BUILD_CPU" >&5 @@ -13775,6 +13771,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking openjdk-target os-cpu" >&5 $as_echo_n "checking openjdk-target os-cpu... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OPENJDK_TARGET_OS-$OPENJDK_TARGET_CPU" >&5 @@ -15611,6 +15608,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -15967,6 +15981,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -16320,6 +16351,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -16678,6 +16726,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -17030,6 +17095,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -27493,6 +27575,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -28136,6 +28235,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -28576,6 +28692,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -29842,6 +29975,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -30282,6 +30432,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -31127,6 +31294,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -31525,6 +31709,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -31852,6 +32053,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -32330,6 +32548,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -32941,6 +33176,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -33460,6 +33712,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -33911,6 +34180,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -34235,6 +34521,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -34555,6 +34858,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -34857,6 +35177,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -35311,6 +35648,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -35762,6 +36116,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -36213,6 +36584,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -36665,6 +37053,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -37228,6 +37633,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -37789,6 +38211,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -38359,6 +38798,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -38926,6 +39382,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -39402,6 +39875,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -39853,6 +40343,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -40304,6 +40811,23 @@ new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi if test "x$new_path" = x; then # It's still not found. Now this is an unrecoverable error. @@ -42629,7 +43153,7 @@ case "${TOOLCHAIN_TYPE}" in microsoft) - CFLAGS_WARNINGS_ARE_ERRORS="/WX" + CFLAGS_WARNINGS_ARE_ERRORS="-WX" ;; solstudio) CFLAGS_WARNINGS_ARE_ERRORS="-errtags -errwarn=%all" @@ -48711,12 +49235,22 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5 $as_echo_n "checking found msvcr100.dll architecture... " >&6; } MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"` - if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then - CORRECT_MSVCR_ARCH=386 - else - CORRECT_MSVCR_ARCH=x86-64 - fi - if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit" + # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems. + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH="PE32 executable" + else + CORRECT_MSVCR_ARCH="PE32+ executable" + fi + else + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH=386 + else + CORRECT_MSVCR_ARCH=x86-64 + fi + fi + if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } MSVCR_DLL="$POSSIBLE_MSVCR_DLL" @@ -48767,12 +49301,22 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5 $as_echo_n "checking found msvcr100.dll architecture... " >&6; } MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"` - if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then - CORRECT_MSVCR_ARCH=386 - else - CORRECT_MSVCR_ARCH=x86-64 - fi - if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit" + # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems. + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH="PE32 executable" + else + CORRECT_MSVCR_ARCH="PE32+ executable" + fi + else + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH=386 + else + CORRECT_MSVCR_ARCH=x86-64 + fi + fi + if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } MSVCR_DLL="$POSSIBLE_MSVCR_DLL" @@ -48805,12 +49349,22 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5 $as_echo_n "checking found msvcr100.dll architecture... " >&6; } MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"` - if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then - CORRECT_MSVCR_ARCH=386 - else - CORRECT_MSVCR_ARCH=x86-64 - fi - if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit" + # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems. + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH="PE32 executable" + else + CORRECT_MSVCR_ARCH="PE32+ executable" + fi + else + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH=386 + else + CORRECT_MSVCR_ARCH=x86-64 + fi + fi + if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } MSVCR_DLL="$POSSIBLE_MSVCR_DLL" @@ -48853,12 +49407,22 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5 $as_echo_n "checking found msvcr100.dll architecture... " >&6; } MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"` - if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then - CORRECT_MSVCR_ARCH=386 - else - CORRECT_MSVCR_ARCH=x86-64 - fi - if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit" + # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems. + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH="PE32 executable" + else + CORRECT_MSVCR_ARCH="PE32+ executable" + fi + else + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH=386 + else + CORRECT_MSVCR_ARCH=x86-64 + fi + fi + if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } MSVCR_DLL="$POSSIBLE_MSVCR_DLL" @@ -48906,12 +49470,22 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5 $as_echo_n "checking found msvcr100.dll architecture... " >&6; } MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"` - if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then - CORRECT_MSVCR_ARCH=386 - else - CORRECT_MSVCR_ARCH=x86-64 - fi - if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit" + # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems. + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH="PE32 executable" + else + CORRECT_MSVCR_ARCH="PE32+ executable" + fi + else + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH=386 + else + CORRECT_MSVCR_ARCH=x86-64 + fi + fi + if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } MSVCR_DLL="$POSSIBLE_MSVCR_DLL" @@ -48955,12 +49529,22 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5 $as_echo_n "checking found msvcr100.dll architecture... " >&6; } MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"` - if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then - CORRECT_MSVCR_ARCH=386 - else - CORRECT_MSVCR_ARCH=x86-64 - fi - if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit" + # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems. + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH="PE32 executable" + else + CORRECT_MSVCR_ARCH="PE32+ executable" + fi + else + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH=386 + else + CORRECT_MSVCR_ARCH=x86-64 + fi + fi + if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } MSVCR_DLL="$POSSIBLE_MSVCR_DLL" @@ -49903,7 +50487,7 @@ # Check for some common pitfalls - if test x"$OPENJDK_BUILD_OS" = xwindows; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then file_to_test="$SRC_ROOT/LICENSE" if test `$STAT -c '%a' "$file_to_test"` -lt 400; then as_fn_error $? "Bad file permissions on src files. This is usually caused by cloning the repositories with a non cygwin hg in a directory not created in cygwin." "$LINENO" 5
--- a/common/autoconf/platform.m4 Fri Aug 22 09:55:49 2014 -0700 +++ b/common/autoconf/platform.m4 Fri Aug 29 11:57:22 2014 -0700 @@ -173,6 +173,7 @@ OPENJDK_BUILD_CPU_ENDIAN="$VAR_CPU_ENDIAN" AC_SUBST(OPENJDK_BUILD_OS) AC_SUBST(OPENJDK_BUILD_OS_API) + AC_SUBST(OPENJDK_BUILD_OS_ENV) AC_SUBST(OPENJDK_BUILD_CPU) AC_SUBST(OPENJDK_BUILD_CPU_ARCH) AC_SUBST(OPENJDK_BUILD_CPU_BITS) @@ -194,6 +195,7 @@ OPENJDK_TARGET_CPU_ENDIAN="$VAR_CPU_ENDIAN" AC_SUBST(OPENJDK_TARGET_OS) AC_SUBST(OPENJDK_TARGET_OS_API) + AC_SUBST(OPENJDK_TARGET_OS_ENV) AC_SUBST(OPENJDK_TARGET_CPU) AC_SUBST(OPENJDK_TARGET_CPU_ARCH) AC_SUBST(OPENJDK_TARGET_CPU_BITS)
--- a/common/autoconf/spec.gmk.in Fri Aug 22 09:55:49 2014 -0700 +++ b/common/autoconf/spec.gmk.in Fri Aug 29 11:57:22 2014 -0700 @@ -106,6 +106,7 @@ # When not cross-compiling, it is the same as the target. OPENJDK_BUILD_OS:=@OPENJDK_BUILD_OS@ OPENJDK_BUILD_OS_API:=@OPENJDK_BUILD_OS_API@ +OPENJDK_BUILD_OS_ENV:=@OPENJDK_BUILD_OS_ENV@ OPENJDK_BUILD_CPU:=@OPENJDK_BUILD_CPU@ OPENJDK_BUILD_CPU_ARCH:=@OPENJDK_BUILD_CPU_ARCH@
--- a/common/autoconf/toolchain_windows.m4 Fri Aug 22 09:55:49 2014 -0700 +++ b/common/autoconf/toolchain_windows.m4 Fri Aug 29 11:57:22 2014 -0700 @@ -244,12 +244,22 @@ # Need to check if the found msvcr is correct architecture AC_MSG_CHECKING([found msvcr100.dll architecture]) MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"` - if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then - CORRECT_MSVCR_ARCH=386 + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit" + # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems. + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH="PE32 executable" + else + CORRECT_MSVCR_ARCH="PE32+ executable" + fi else - CORRECT_MSVCR_ARCH=x86-64 + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then + CORRECT_MSVCR_ARCH=386 + else + CORRECT_MSVCR_ARCH=x86-64 + fi fi - if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then + if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then AC_MSG_RESULT([ok]) MSVCR_DLL="$POSSIBLE_MSVCR_DLL" AC_MSG_CHECKING([for msvcr100.dll])
--- a/corba/.hgtags Fri Aug 22 09:55:49 2014 -0700 +++ b/corba/.hgtags Fri Aug 29 11:57:22 2014 -0700 @@ -269,3 +269,4 @@ 8a44142bb7fc8118f70f91a1b97c12dfc50563ee jdk9-b24 da08cca6b97f41b7081a3e176dcb400af6e4bb26 jdk9-b25 6c777df597bbf5abba3488d44c401edfe73c74af jdk9-b26 +7e06bf1dcb0907b80ddf59315426ce9ce775e56d jdk9-b27
--- a/corba/src/java.corba/share/classes/org/omg/CORBA/FloatSeqHelper.java Fri Aug 22 09:55:49 2014 -0700 +++ b/corba/src/java.corba/share/classes/org/omg/CORBA/FloatSeqHelper.java Fri Aug 29 11:57:22 2014 -0700 @@ -38,11 +38,11 @@ * OMG specifications : * <ul> * <li> ORB core as defined by CORBA 2.3.1 -* (<a href="http://cgi.omg.org/cgi-bin/doc?formal/99-10-07">formal/99-10-07</a>) +* (<a href="http://www.omg.org/cgi-bin/doc?formal/99-10-07">formal/99-10-07</a>) * </li> * * <li> IDL/Java Language Mapping as defined in -* <a href="http://cgi.omg.org/cgi-bin/doc?ptc/00-01-08">ptc/00-01-08</a> +* <a href="http://www.omg.org/cgi-bin/doc?ptc/00-01-08">ptc/00-01-08</a> * </li> * </ul> */
--- a/hotspot/.hgtags Fri Aug 22 09:55:49 2014 -0700 +++ b/hotspot/.hgtags Fri Aug 29 11:57:22 2014 -0700 @@ -429,3 +429,5 @@ dde2d03b0ea46a27650839e3a1d212c7c1f7b4c8 jdk9-b24 6de94e8693240cec8aae11f6b42f43433456a733 jdk9-b25 48b95a073d752d6891cc0d1d2836b321ecf3ce0c jdk9-b26 +f95347244306affc32ce3056f27ceff7b2100810 jdk9-b27 +657294869d7ff063e055f5492cab7ce5612ca851 jdk9-b28
--- a/jaxp/.hgtags Fri Aug 22 09:55:49 2014 -0700 +++ b/jaxp/.hgtags Fri Aug 29 11:57:22 2014 -0700 @@ -269,3 +269,4 @@ 345af113f57206711f75089c3ebf84a36a789122 jdk9-b24 73757f4b8aa353ca8937abc07e79e7ece4c011a1 jdk9-b25 a5aea8318ae4a9c2105228568688875142d70344 jdk9-b26 +2bfaf29cc90b19948938e3ef1a0983eee68806c7 jdk9-b27
--- a/jaxws/.hgtags Fri Aug 22 09:55:49 2014 -0700 +++ b/jaxws/.hgtags Fri Aug 29 11:57:22 2014 -0700 @@ -272,3 +272,4 @@ 0b35542d6bf32af23a9fc59a37c52aa091fee388 jdk9-b24 ab8726a0fcde897e4cfd1ea581ed90b0d8a7cbb7 jdk9-b25 9b43f3993b96c2213428e95127a2d3fd0e709d3a jdk9-b26 +dcaa586ab756420e9a62643793bacef2c84bf637 jdk9-b27
--- a/jdk/.hgtags Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/.hgtags Fri Aug 29 11:57:22 2014 -0700 @@ -269,3 +269,4 @@ 875450e7ef8dde8f59db662ec1351ea30b8cb35d jdk9-b24 a31efe49556a7c12f9ea2c9ee8b4fae8aa67723a jdk9-b25 dde9f5cfde5f46e62ceb5fab81151578e5277aef jdk9-b26 +f0870554049807d3392bd7976ab114f7f2b7bafa jdk9-b27
--- a/jdk/make/CopyIntoClasses.gmk Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/make/CopyIntoClasses.gmk Fri Aug 29 11:57:22 2014 -0700 @@ -164,15 +164,15 @@ ################################################################################ ifneq ($(OPENJDK_TARGET_OS), macosx) - OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes/sun/awt/datatransfer/flavormap.properties + OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/java.desktop/$(OPENJDK_TARGET_OS_API_DIR)/classes/sun/datatransfer/resources/flavormap.properties else - OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/macosx/classes/sun/awt/datatransfer/flavormap.properties + OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/java.desktop/macosx/classes/sun/datatransfer/resources/flavormap.properties endif -$(JDK_OUTPUTDIR)/classes/sun/awt/datatransfer/flavormap.properties: $(OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES) +$(JDK_OUTPUTDIR)/classes/sun/datatransfer/resources/flavormap.properties: $(OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES) $(install-file) -COPY_EXTRA += $(JDK_OUTPUTDIR)/classes/sun/awt/datatransfer/flavormap.properties +COPY_EXTRA += $(JDK_OUTPUTDIR)/classes/sun/datatransfer/resources/flavormap.properties ################################################################################
--- a/jdk/make/Tools.gmk Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/make/Tools.gmk Fri Aug 29 11:57:22 2014 -0700 @@ -101,6 +101,9 @@ TOOL_BLACKLISTED_CERTS = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \ build.tools.blacklistedcertsconverter.BlacklistedCertsConverter +TOOL_MAKEJAVASECURITY = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \ + build.tools.makejavasecurity.MakeJavaSecurity + # TODO: There are references to the jdwpgen.jar in jdk/make/netbeans/jdwpgen/build.xml # and nbproject/project.properties in the same dir. Needs to be looked at. @@ -136,9 +139,6 @@ -cp "$(JDK_OUTPUTDIR)/btclasses$(PATH_SEP)$(JDK_OUTPUTDIR)" \ build.tools.module.GenerateModulesXml -TOOL_ADDTORESTRICTEDPKGS = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \ - build.tools.addtorestrictedpkgs.AddToRestrictedPkgs - ########################################################################################## # Tools needed on solaris because OBJCOPY is broken.
--- a/jdk/make/gendata/Gendata-java.base.gmk Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/make/gendata/Gendata-java.base.gmk Fri Aug 29 11:57:22 2014 -0700 @@ -62,25 +62,18 @@ ########################################################################################## -PROPS_SRC := $(JDK_TOPDIR)/src/java.base/share/conf/security/java.security-$(OPENJDK_TARGET_OS) -PROPS_DST := $(JDK_OUTPUTDIR)/lib/security/java.security - -# Optionally set this variable to a file to add extra restricted packages. -ifneq ($(RESTRICTED_PKGS_SRC), ) - - $(PROPS_DST): $(PROPS_SRC) $(RESTRICTED_PKGS_SRC) +GENDATA_JAVA_SECURITY_SRC := $(JDK_TOPDIR)/src/java.base/share/conf/security/java.security +GENDATA_JAVA_SECURITY := $(JDK_OUTPUTDIR)/lib/security/java.security + +# RESTRICTED_PKGS_SRC is optionally set in custom extension for this makefile + +$(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS) $(GENDATA_JAVA_SECURITY_SRC) $(RESTRICTED_PKGS_SRC) + $(ECHO) "Generating java.security" $(MKDIR) -p $(@D) - $(TOOL_ADDTORESTRICTEDPKGS) $(PROPS_SRC) $@.tmp `$(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " "` - $(MV) $@.tmp $@ - -else - - $(PROPS_DST): $(PROPS_SRC) - $(call install-file) - -endif - -GENDATA += $(PROPS_DST) + $(TOOL_MAKEJAVASECURITY) $(GENDATA_JAVA_SECURITY_SRC) $@ $(OPENJDK_TARGET_OS) \ + $(RESTRICTED_PKGS_SRC) || exit 1 + +GENDATA += $(GENDATA_JAVA_SECURITY) ##########################################################################################
--- a/jdk/make/gensrc/GensrcLocaleDataMetaInfo.gmk Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/make/gensrc/GensrcLocaleDataMetaInfo.gmk Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ # -# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -34,7 +34,8 @@ -name "TimeZoneNames_*.java" -o -name "TimeZoneNames_*.properties" -o \ -name "LocaleNames_*.java" -o -name "LocaleNames_*.properties" -o \ -name "CurrencyNames_*.java" -o -name "CurrencyNames_*.properties" -o \ - -name "CalendarData_*.java" -o -name "CalendarData_*.properties") + -name "CalendarData_*.java" -o -name "CalendarData_*.properties" -o \ + -name "BreakIteratorInfo_*.java" -o -name "BreakIteratorRules_*.java") # Then translate the locale files into for example: FormatData_sv LOCALE_RESOURCES := $(sort $(subst .properties,,$(subst .java,,$(notdir $(LOCALE_FILES))))) @@ -86,6 +87,12 @@ #sun.text.resources.CollationData $(eval $(call CaptureLocale,CollationData)) +#sun.text.resources.BreakIteratorInfo +$(eval $(call CaptureLocale,BreakIteratorInfo)) + +#sun.text.resources.BreakIteratorRules +$(eval $(call CaptureLocale,BreakIteratorRules)) + #sun.util.resources.TimeZoneNames $(eval $(call CaptureLocale,TimeZoneNames))
--- a/jdk/make/lib/Awt2dLibraries.gmk Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/make/lib/Awt2dLibraries.gmk Fri Aug 29 11:57:22 2014 -0700 @@ -973,7 +973,6 @@ # ifeq ($(OPENJDK_TARGET_OS), macosx) - LIBSPLASHSCREEN_CFLAGS += -F/System/Library/Frameworks/JavaVM.framework/Frameworks LIBSPLASHSCREEN_CFLAGS += -DWITH_MACOSX LIBSPLASHSCREEN_CFLAGS += -I$(JDK_TOPDIR)/src/java.desktop/macosx/native/libosxapp
--- a/jdk/make/src/classes/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package build.tools.addtorestrictedpkgs; - -import java.io.*; - -/** - * Adds additional packages to the package.access and package.definition - * security properties. - */ -public class AddToRestrictedPkgs { - - private static final String PKG_ACC = "package.access"; - private static final String PKG_DEF = "package.definition"; - private static final int PKG_ACC_INDENT = 15; - private static final int PKG_DEF_INDENT = 19; - - public static void main(String[] args) throws Exception { - - if (args.length < 3) { - System.err.println("Usage: java AddToRestrictedPkgs " + - "[input java.security file name] " + - "[output java.security file name] " + - "[packages ...]"); - System.exit(1); - } - - try (FileReader fr = new FileReader(args[0]); - BufferedReader br = new BufferedReader(fr); - FileWriter fw = new FileWriter(args[1]); - BufferedWriter bw = new BufferedWriter(fw)) - { - // parse the file line-by-line, looking for pkg access properties - String line = br.readLine(); - while (line != null) { - if (line.startsWith(PKG_ACC)) { - writePackages(br, bw, line, PKG_ACC_INDENT, args); - } else if (line.startsWith(PKG_DEF)) { - writePackages(br, bw, line, PKG_DEF_INDENT, args); - } else { - writeLine(bw, line); - } - line = br.readLine(); - } - bw.flush(); - } - } - - private static void writePackages(BufferedReader br, BufferedWriter bw, - String line, int numSpaces, - String[] args) throws IOException { - // parse property until EOL, not including line breaks - while (line.endsWith("\\")) { - writeLine(bw, line); - line = br.readLine(); - } - // append comma and line-break to last package - writeLine(bw, line + ",\\"); - // add new packages, one per line - for (int i = 2; i < args.length - 1; i++) { - indent(bw, numSpaces); - writeLine(bw, args[i] + ",\\"); - } - indent(bw, numSpaces); - writeLine(bw, args[args.length - 1]); - } - - private static void writeLine(BufferedWriter bw, String line) - throws IOException - { - bw.write(line); - bw.newLine(); - } - - private static void indent(BufferedWriter bw, int numSpaces) - throws IOException - { - for (int i = 0; i < numSpaces; i++) { - bw.append(' '); - } - } -}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java Fri Aug 29 11:57:22 2014 -0700 @@ -0,0 +1,168 @@ +/* + * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package build.tools.makejavasecurity; + +import java.io.*; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.*; + +/** + * Builds the java.security file, including + * + * 1. Adds additional packages to the package.access and + * package.definition security properties. + * 2. Filter out platform-unrelated parts + * + * In order to easily maintain platform-related entries, every item + * (including the last line) in package.access and package.definition + * MUST end with ',\'. A blank line MUST exist after the last line. + */ +public class MakeJavaSecurity { + + private static final String PKG_ACC = "package.access"; + private static final String PKG_DEF = "package.definition"; + private static final int PKG_ACC_INDENT = 15; + private static final int PKG_DEF_INDENT = 19; + + public static void main(String[] args) throws Exception { + + if (args.length < 3) { + System.err.println("Usage: java MakeJavaSecurity " + + "[input java.security file name] " + + "[output java.security file name] " + + "[openjdk target os] " + + "[more restricted packages file name?]"); + System.exit(1); + } + + // more restricted packages + List<String> extraLines; + if (args.length == 4) { + extraLines = Files.readAllLines(Paths.get(args[3])); + } else { + extraLines = Collections.emptyList(); + } + + List<String> lines = new ArrayList<>(); + + // read raw java.security and add more restricted packages + try (FileReader fr = new FileReader(args[0]); + BufferedReader br = new BufferedReader(fr)) { + // looking for pkg access properties + String line = br.readLine(); + while (line != null) { + if (line.startsWith(PKG_ACC)) { + addPackages(br, lines, line, PKG_ACC_INDENT, extraLines); + } else if (line.startsWith(PKG_DEF)) { + addPackages(br, lines, line, PKG_DEF_INDENT, extraLines); + } else { + lines.add(line); + } + line = br.readLine(); + } + } + + // Filter out platform-unrelated ones. We only support + // #ifdef, #ifndef, and #endif. + int mode = 0; // 0: out of block, 1: in match, 2: in non-match + Iterator<String> iter = lines.iterator(); + while (iter.hasNext()) { + String line = iter.next(); + if (line.startsWith("#endif")) { + mode = 0; + iter.remove(); + } else if (line.startsWith("#ifdef ")) { + mode = line.endsWith(args[2])?1:2; + iter.remove(); + } else if (line.startsWith("#ifndef ")) { + mode = line.endsWith(args[2])?2:1; + iter.remove(); + } else { + if (mode == 2) iter.remove(); + } + } + + // Update .tbd to .1, .2, etc. + Map<String,Integer> count = new HashMap<>(); + for (int i=0; i<lines.size(); i++) { + String line = lines.get(i); + int index = line.indexOf(".tbd"); + if (index >= 0) { + String prefix = line.substring(0, index); + int n = count.getOrDefault(prefix, 1); + count.put(prefix, n+1); + lines.set(i, prefix + "." + n + line.substring(index+4)); + } + } + + // Clean up the last line of PKG_ACC and PKG_DEF blocks. + // Not really necessary since a blank line follows. + boolean inBlock = false; + for (int i=0; i<lines.size(); i++) { + String line = lines.get(i); + if (line.startsWith(PKG_ACC) || line.startsWith(PKG_DEF)) { + inBlock = true; + } + if (inBlock) { + if (line.isEmpty()) { + String lastLine = lines.get(i-1); + lines.set(i-1, lastLine.substring(0, lastLine.length()-2)); + inBlock = false; + } + } + } + + Files.write(Paths.get(args[1]), lines); + } + + private static void addPackages(BufferedReader br, List<String> lines, + String line, int numSpaces, + List<String> args) throws IOException { + // parse property until EOL, not including line breaks + boolean first = true; + while (!line.isEmpty()) { + if (!line.startsWith("#")) { + if (!line.endsWith(",\\") || + (!first && line.contains("="))) { + throw new IOException("Invalid line: " + line); + } + } + lines.add(line); + line = br.readLine(); + first = false; + } + // add new packages, one per line + for (String arg: args) { + if (arg.startsWith("#")) { + lines.add(arg); + } else { + lines.add(String.format("%"+numSpaces+"s", "") + arg + ",\\"); + } + } + lines.add(line); + } +}
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources.properties Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -string=This is Java 2D! (Default)
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_de.properties Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -string=This is Java 2D! (German) \u00f6 \u00df \u00dc
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_en.properties Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -string=This is Java 2D! (English) A B C
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_en_GB.properties Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -string=This is Java 2D! (English in Great Britain) \u0075 \u006b Z
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_ja.properties Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -string=Java 2D\u3067\u3059\u3002(\u30C7\u30D5\u30A9\u30EB\u30C8)
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_ko.properties Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -string=This is Java 2D! (Korean)
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_zh_CN.properties Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -string=\u8FD9\u662F Java 2D! (\u9ED8\u8BA4\u503C)
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/resource.data Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ -en US -en GB -ko KO -ab KO -de DE
--- a/jdk/src/java.base/share/classes/java/lang/Class.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/Class.java Fri Aug 29 11:57:22 2014 -0700 @@ -1322,7 +1322,7 @@ // (for anonymous classes): 1 or more digits. // Since getSimpleBinaryName() will strip the binary name of - // the immediatly enclosing class, we are now looking at a + // the immediately enclosing class, we are now looking at a // string that matches the regular expression "\$[0-9]*" // followed by a simple name (considering the simple of an // anonymous class to be the empty string).
--- a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java Fri Aug 29 11:57:22 2014 -0700 @@ -205,7 +205,7 @@ } /** - * Registers the given class loader type as parallel capabale. + * Registers the given class loader type as parallel capable. * Returns {@code true} is successfully registered; {@code false} if * loader's super class is not registered. */ @@ -832,7 +832,7 @@ { int len = b.remaining(); - // Use byte[] if not a direct ByteBufer: + // Use byte[] if not a direct ByteBuffer: if (!b.isDirect()) { if (b.hasArray()) { return defineClass(name, b.array(),
--- a/jdk/src/java.base/share/classes/java/lang/StringCoding.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/StringCoding.java Fri Aug 29 11:57:22 2014 -0700 @@ -196,19 +196,19 @@ static char[] decode(Charset cs, byte[] ba, int off, int len) { // (1)We never cache the "external" cs, the only benefit of creating // an additional StringDe/Encoder object to wrap it is to share the - // de/encode() method. These SD/E objects are short-lifed, the young-gen - // gc should be able to take care of them well. But the best approash + // de/encode() method. These SD/E objects are short-lived, the young-gen + // gc should be able to take care of them well. But the best approach // is still not to generate them if not really necessary. // (2)The defensive copy of the input byte/char[] has a big performance // impact, as well as the outgoing result byte/char[]. Need to do the // optimization check of (sm==null && classLoader0==null) for both. // (3)getClass().getClassLoader0() is expensive // (4)There might be a timing gap in isTrusted setting. getClassLoader0() - // is only chcked (and then isTrusted gets set) when (SM==null). It is + // is only checked (and then isTrusted gets set) when (SM==null). It is // possible that the SM==null for now but then SM is NOT null later // when safeTrim() is invoked...the "safe" way to do is to redundant // check (... && (isTrusted || SM == null || getClassLoader0())) in trim - // but it then can be argued that the SM is null when the opertaion + // but it then can be argued that the SM is null when the operation // is started... CharsetDecoder cd = cs.newDecoder(); int en = scale(len, cd.maxCharsPerByte());
--- a/jdk/src/java.base/share/classes/java/lang/System.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/System.java Fri Aug 29 11:57:22 2014 -0700 @@ -1193,7 +1193,7 @@ // Setup Java signal handlers for HUP, TERM, and INT (where available). Terminator.setup(); - // Initialize any miscellenous operating system settings that need to be + // Initialize any miscellaneous operating system settings that need to be // set for the class libraries. Currently this is no-op everywhere except // for Windows where the process-wide error mode is set before the java.io // classes are used.
--- a/jdk/src/java.base/share/classes/java/lang/Throwable.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/Throwable.java Fri Aug 29 11:57:22 2014 -0700 @@ -139,7 +139,7 @@ * {@linkplain #setStackTrace(StackTraceElement[]) Setting the * stack trace} to a one-element array containing this sentinel * value indicates future attempts to set the stack trace will be - * ignored. The sentinal is equal to the result of calling:<br> + * ignored. The sentinel is equal to the result of calling:<br> * {@code new StackTraceElement("", "", null, Integer.MIN_VALUE)} */ public static final StackTraceElement STACK_TRACE_ELEMENT_SENTINEL =
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java Fri Aug 29 11:57:22 2014 -0700 @@ -98,7 +98,7 @@ private final String implMethodClassName; // Name of type containing implementation "CC" private final String implMethodName; // Name of implementation method "impl" private final String implMethodDesc; // Type descriptor for implementation methods "(I)Ljava/lang/String;" - private final Class<?> implMethodReturnClass; // class for implementaion method return type "Ljava/lang/String;" + private final Class<?> implMethodReturnClass; // class for implementation method return type "Ljava/lang/String;" private final MethodType constructorType; // Generated class constructor type "(CC)void" private final ClassWriter cw; // ASM class writer private final String[] argNames; // Generated names for the constructor arguments
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java Fri Aug 29 11:57:22 2014 -0700 @@ -209,7 +209,7 @@ throw new InternalError("observed CP placeholder twice: " + cpPlaceholder); } // insert placeholder in CP and remember the patch - int index = cw.newConst((Object) cpPlaceholder); // TODO check if aready in the constant pool + int index = cw.newConst((Object) cpPlaceholder); // TODO check if already in the constant pool cpPatches.put(cpPlaceholder, new CpPatch(index, cpPlaceholder, arg)); return cpPlaceholder; }
--- a/jdk/src/java.base/share/classes/java/lang/invoke/Invokers.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/Invokers.java Fri Aug 29 11:57:22 2014 -0700 @@ -37,7 +37,7 @@ * @author jrose */ class Invokers { - // exact type (sans leading taget MH) for the outgoing call + // exact type (sans leading target MH) for the outgoing call private final MethodType targetType; // FIXME: Get rid of the invokers that are not useful.
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java Fri Aug 29 11:57:22 2014 -0700 @@ -59,7 +59,7 @@ * and properly use the named member. * <p> * When resolved, a member name's internal implementation may include references to JVM metadata. - * This representation is stateless and only decriptive. + * This representation is stateless and only descriptive. * It provides no private information and no capability to use the member. * <p> * By contrast, a {@linkplain java.lang.reflect.Method} contains fuller information
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandle.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandle.java Fri Aug 29 11:57:22 2014 -0700 @@ -679,7 +679,7 @@ * This method provides the crucial behavioral difference between * {@link #invokeExact invokeExact} and plain, inexact {@link #invoke invoke}. * The two methods - * perform the same steps when the caller's type descriptor exactly m atches + * perform the same steps when the caller's type descriptor exactly matches * the callee's, but when the types differ, plain {@link #invoke invoke} * also calls {@code asType} (or some internal equivalent) in order * to match up the caller's and callee's types.
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java Fri Aug 29 11:57:22 2014 -0700 @@ -621,7 +621,7 @@ } /** - * The LambaForm shape for catchException combinator is the following: + * The LambdaForm shape for catchException combinator is the following: * <blockquote><pre>{@code * guardWithCatch=Lambda(a0:L,a1:L,a2:L)=>{ * t3:L=BoundMethodHandle$Species_LLLLL.argL0(a0:L); @@ -702,7 +702,7 @@ MethodType type = target.type(); LambdaForm form = makeGuardWithCatchForm(type.basicType()); - // Prepare auxiliary method handles used during LambdaForm interpreation. + // Prepare auxiliary method handles used during LambdaForm interpretation. // Box arguments and wrap them into Object[]: ValueConversions.array(). MethodType varargsType = type.changeReturnType(Object[].class); MethodHandle collectArgs = ValueConversions.varargsArray(type.parameterCount())
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java Fri Aug 29 11:57:22 2014 -0700 @@ -509,7 +509,7 @@ /** * Is this method a caller-sensitive method? - * I.e., does it call Reflection.getCallerClass or a similer method + * I.e., does it call Reflection.getCallerClass or a similar method * to ask about the identity of its caller? */ static boolean isCallerSensitive(MemberName mem) {
--- a/jdk/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java Fri Aug 29 11:57:22 2014 -0700 @@ -78,7 +78,7 @@ * object is a {@link Constructor} object for the class {@link * java.lang.Class}). In the event of such a SecurityException, the * accessibility of objects is set to {@code flag} for array elements - * upto (and excluding) the element for which the exception occurred; the + * up to (and excluding) the element for which the exception occurred; the * accessibility of elements beyond (and including) the element for which * the exception occurred is unchanged. *
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Constructor.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/reflect/Constructor.java Fri Aug 29 11:57:22 2014 -0700 @@ -544,15 +544,33 @@ */ @Override public AnnotatedType getAnnotatedReceiverType() { - if (getDeclaringClass().getEnclosingClass() == null) - return super.getAnnotatedReceiverType(); + Class<?> thisDeclClass = getDeclaringClass(); + Class<?> enclosingClass = thisDeclClass.getEnclosingClass(); + + if (enclosingClass == null) { + // A Constructor for a top-level class + return null; + } + Class<?> outerDeclaringClass = thisDeclClass.getDeclaringClass(); + if (outerDeclaringClass == null) { + // A constructor for a local or anonymous class + return null; + } + + // Either static nested or inner class + if (Modifier.isStatic(thisDeclClass.getModifiers())) { + // static nested + return null; + } + + // A Constructor for an inner class return TypeAnnotationParser.buildAnnotatedType(getTypeAnnotationBytes0(), sun.misc.SharedSecrets.getJavaLangAccess(). - getConstantPool(getDeclaringClass()), + getConstantPool(thisDeclClass), this, - getDeclaringClass(), - getDeclaringClass().getEnclosingClass(), + thisDeclClass, + enclosingClass, TypeAnnotation.TypeAnnotationTarget.METHOD_RECEIVER); } }
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Executable.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/reflect/Executable.java Fri Aug 29 11:57:22 2014 -0700 @@ -585,21 +585,24 @@ /** * Returns an {@code AnnotatedType} object that represents the use of a * type to specify the receiver type of the method/constructor represented - * by this Executable object. The receiver type of a method/constructor is - * available only if the method/constructor has a <em>receiver - * parameter</em> (JLS 8.4.1). + * by this {@code Executable} object. * - * If this {@code Executable} object represents a constructor or instance - * method that does not have a receiver parameter, or has a receiver - * parameter with no annotations on its type, then the return value is an - * {@code AnnotatedType} object representing an element with no + * The receiver type of a method/constructor is available only if the + * method/constructor has a receiver parameter (JLS 8.4.1). If this {@code + * Executable} object <em>represents an instance method or represents a + * constructor of an inner member class</em>, and the + * method/constructor <em>either</em> has no receiver parameter or has a + * receiver parameter with no annotations on its type, then the return + * value is an {@code AnnotatedType} object representing an element with no * annotations. * - * If this {@code Executable} object represents a static method, then the - * return value is null. + * If this {@code Executable} object represents a static method or + * represents a constructor of a top level, static member, local, or + * anoymous class, then the return value is null. * * @return an object representing the receiver type of the method or - * constructor represented by this {@code Executable} + * constructor represented by this {@code Executable} or {@code null} if + * this {@code Executable} can not have a receiver parameter */ public AnnotatedType getAnnotatedReceiverType() { if (Modifier.isStatic(this.getModifiers()))
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Parameter.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/reflect/Parameter.java Fri Aug 29 11:57:22 2014 -0700 @@ -173,7 +173,7 @@ * a name. */ public String getName() { - // Note: empty strings as paramete names are now outlawed. + // Note: empty strings as parameter names are now outlawed. // The .equals("") is for compatibility with current JVM // behavior. It may be removed at some point. if(name == null || name.equals(""))
--- a/jdk/src/java.base/share/classes/java/security/SecureRandom.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/SecureRandom.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,15 +39,16 @@ * * <p>A cryptographically strong random number * minimally complies with the statistical random number generator tests - * specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm"> + * specified in + * <a href="http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf"> * <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>, * section 4.9.1. * Additionally, SecureRandom must produce non-deterministic output. * Therefore any seed material passed to a SecureRandom object must be * unpredictable, and all SecureRandom output sequences must be * cryptographically strong, as described in - * <a href="http://www.ietf.org/rfc/rfc1750.txt"> - * <i>RFC 1750: Randomness Recommendations for Security</i></a>. + * <a href="http://tools.ietf.org/html/rfc4086"> + * <i>RFC 4086: Randomness Requirements for Security</i></a>. * * <p>A caller obtains a SecureRandom instance via the * no-argument constructor or one of the {@code getInstance} methods:
--- a/jdk/src/java.base/share/classes/java/time/Duration.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/time/Duration.java Fri Aug 29 11:57:22 2014 -0700 @@ -388,19 +388,21 @@ Matcher matcher = PATTERN.matcher(text); if (matcher.matches()) { // check for letter T but no time sections - if ("T".equals(matcher.group(3)) == false) { - boolean negate = "-".equals(matcher.group(1)); - String dayMatch = matcher.group(2); - String hourMatch = matcher.group(4); - String minuteMatch = matcher.group(5); - String secondMatch = matcher.group(6); - String fractionMatch = matcher.group(7); - if (dayMatch != null || hourMatch != null || minuteMatch != null || secondMatch != null) { - long daysAsSecs = parseNumber(text, dayMatch, SECONDS_PER_DAY, "days"); - long hoursAsSecs = parseNumber(text, hourMatch, SECONDS_PER_HOUR, "hours"); - long minsAsSecs = parseNumber(text, minuteMatch, SECONDS_PER_MINUTE, "minutes"); - long seconds = parseNumber(text, secondMatch, 1, "seconds"); - int nanos = parseFraction(text, fractionMatch, seconds < 0 ? -1 : 1); + if (!charMatch(text, matcher.start(3), matcher.end(3), 'T')) { + boolean negate = charMatch(text, matcher.start(1), matcher.end(1), '-'); + + int dayStart = matcher.start(2), dayEnd = matcher.end(2); + int hourStart = matcher.start(4), hourEnd = matcher.end(4); + int minuteStart = matcher.start(5), minuteEnd = matcher.end(5); + int secondStart = matcher.start(6), secondEnd = matcher.end(6); + int fractionStart = matcher.start(7), fractionEnd = matcher.end(7); + + if (dayStart >= 0 || hourStart >= 0 || minuteStart >= 0 || secondStart >= 0) { + long daysAsSecs = parseNumber(text, dayStart, dayEnd, SECONDS_PER_DAY, "days"); + long hoursAsSecs = parseNumber(text, hourStart, hourEnd, SECONDS_PER_HOUR, "hours"); + long minsAsSecs = parseNumber(text, minuteStart, minuteEnd, SECONDS_PER_MINUTE, "minutes"); + long seconds = parseNumber(text, secondStart, secondEnd, 1, "seconds"); + int nanos = parseFraction(text, fractionStart, fractionEnd, seconds < 0 ? -1 : 1); try { return create(negate, daysAsSecs, hoursAsSecs, minsAsSecs, seconds, nanos); } catch (ArithmeticException ex) { @@ -412,27 +414,37 @@ throw new DateTimeParseException("Text cannot be parsed to a Duration", text, 0); } - private static long parseNumber(CharSequence text, String parsed, int multiplier, String errorText) { + private static boolean charMatch(CharSequence text, int start, int end, char c) { + return (start >= 0 && end == start + 1 && text.charAt(start) == c); + } + + private static long parseNumber(CharSequence text, int start, int end, int multiplier, String errorText) { // regex limits to [-+]?[0-9]+ - if (parsed == null) { + if (start < 0 || end < 0) { return 0; } try { - long val = Long.parseLong(parsed); + long val = Long.parseLong(text, 10, start, end); return Math.multiplyExact(val, multiplier); } catch (NumberFormatException | ArithmeticException ex) { throw (DateTimeParseException) new DateTimeParseException("Text cannot be parsed to a Duration: " + errorText, text, 0).initCause(ex); } } - private static int parseFraction(CharSequence text, String parsed, int negate) { + private static int parseFraction(CharSequence text, int start, int end, int negate) { // regex limits to [0-9]{0,9} - if (parsed == null || parsed.length() == 0) { + if (start < 0 || end < 0 || end - start == 0) { return 0; } try { - parsed = (parsed + "000000000").substring(0, 9); - return Integer.parseInt(parsed) * negate; + int fraction = Integer.parseInt(text, 10, start, end); + + // for number strings smaller than 9 digits, interpret as if there + // were trailing zeros + for (int i = end - start; i < 9; i++) { + fraction *= 10; + } + return fraction * negate; } catch (NumberFormatException | ArithmeticException ex) { throw (DateTimeParseException) new DateTimeParseException("Text cannot be parsed to a Duration: fraction", text, 0).initCause(ex); }
--- a/jdk/src/java.base/share/classes/java/time/Period.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/time/Period.java Fri Aug 29 11:57:22 2014 -0700 @@ -329,17 +329,17 @@ Objects.requireNonNull(text, "text"); Matcher matcher = PATTERN.matcher(text); if (matcher.matches()) { - int negate = ("-".equals(matcher.group(1)) ? -1 : 1); - String yearMatch = matcher.group(2); - String monthMatch = matcher.group(3); - String weekMatch = matcher.group(4); - String dayMatch = matcher.group(5); - if (yearMatch != null || monthMatch != null || dayMatch != null || weekMatch != null) { + int negate = (charMatch(text, matcher.start(1), matcher.end(1), '-') ? -1 : 1); + int yearStart = matcher.start(2), yearEnd = matcher.end(2); + int monthStart = matcher.start(3), monthEnd = matcher.end(3); + int weekStart = matcher.start(4), weekEnd = matcher.end(4); + int dayStart = matcher.start(5), dayEnd = matcher.end(5); + if (yearStart >= 0 || monthStart >= 0 || weekStart >= 0 || dayStart >= 0) { try { - int years = parseNumber(text, yearMatch, negate); - int months = parseNumber(text, monthMatch, negate); - int weeks = parseNumber(text, weekMatch, negate); - int days = parseNumber(text, dayMatch, negate); + int years = parseNumber(text, yearStart, yearEnd, negate); + int months = parseNumber(text, monthStart, monthEnd, negate); + int weeks = parseNumber(text, weekStart, weekEnd, negate); + int days = parseNumber(text, dayStart, dayEnd, negate); days = Math.addExact(days, Math.multiplyExact(weeks, 7)); return create(years, months, days); } catch (NumberFormatException ex) { @@ -350,11 +350,15 @@ throw new DateTimeParseException("Text cannot be parsed to a Period", text, 0); } - private static int parseNumber(CharSequence text, String str, int negate) { - if (str == null) { + private static boolean charMatch(CharSequence text, int start, int end, char c) { + return (start >= 0 && end == start + 1 && text.charAt(start) == c); + } + + private static int parseNumber(CharSequence text, int start, int end, int negate) { + if (start < 0 || end < 0) { return 0; } - int val = Integer.parseInt(str); + int val = Integer.parseInt(text, 10, start, end); try { return Math.multiplyExact(val, negate); } catch (ArithmeticException ex) {
--- a/jdk/src/java.base/share/classes/java/util/JapaneseImperialCalendar.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/util/JapaneseImperialCalendar.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,20 +38,20 @@ import sun.util.calendar.ZoneInfo; /** - * <code>JapaneseImperialCalendar</code> implements a Japanese + * {@code JapaneseImperialCalendar} implements a Japanese * calendar system in which the imperial era-based year numbering is * supported from the Meiji era. The following are the eras supported * by this calendar system. - * <pre><tt> + * <pre>{@code * ERA value Era name Since (in Gregorian) * ------------------------------------------------------ * 0 N/A N/A - * 1 Meiji 1868-01-01 midnight local time - * 2 Taisho 1912-07-30 midnight local time - * 3 Showa 1926-12-25 midnight local time - * 4 Heisei 1989-01-08 midnight local time + * 1 Meiji 1868-01-01T00:00:00 local time + * 2 Taisho 1912-07-30T00:00:00 local time + * 3 Showa 1926-12-25T00:00:00 local time + * 4 Heisei 1989-01-08T00:00:00 local time * ------------------------------------------------------ - * </tt></pre> + * }</pre> * * <p><code>ERA</code> value 0 specifies the years before Meiji and * the Gregorian year values are used. Unlike {@link @@ -63,6 +63,31 @@ * with time differences for applying the era transitions. This * calendar implementation assumes local time for all transitions. * + * <p>A new era can be specified using property + * jdk.calendar.japanese.supplemental.era. The new era is added to the + * predefined eras. The syntax of the property is as follows. + * <p><pre> + * {@code name=<name>,abbr=<abbr>,since=<time['u']>} + * </pre> + * where + * <dl> + * <dt>{@code <name>:}<dd>the full name of the new era (non-ASCII characters allowed) + * <dt>{@code <abbr>:}<dd>the abbreviation of the new era (non-ASCII characters allowed) + * <dt>{@code <time['u']>:}<dd>the start time of the new era represented by + * milliseconds from 1970-01-01T00:00:00 local time or UTC if {@code 'u'} is + * appended to the milliseconds value. (ASCII digits only) + * </dl> + * + * <p>If the given era is invalid, such as the since value before the + * beginning of the last predefined era, the given era will be + * ignored. + * + * <p>The following is an example of the property usage. + * <p><pre> + * java -Djdk.calendar.japanese.supplemental.era="name=NewEra,abbr=N,since=253374307200000" + * </pre> + * The property specifies an era change to NewEra at 9999-02-11T00:00:00 local time. + * * @author Masayoshi Okutsu * @since 1.6 */ @@ -102,7 +127,6 @@ public static final int HEISEI = 4; private static final int EPOCH_OFFSET = 719163; // Fixed date of January 1, 1970 (Gregorian) - private static final int EPOCH_YEAR = 1970; // Useful millisecond constants. Although ONE_DAY and ONE_WEEK can fit // into ints, they must be longs in order to prevent arithmetic overflow @@ -111,7 +135,6 @@ private static final int ONE_MINUTE = 60*ONE_SECOND; private static final int ONE_HOUR = 60*ONE_MINUTE; private static final long ONE_DAY = 24*ONE_HOUR; - private static final long ONE_WEEK = 7*ONE_DAY; // Reference to the sun.util.calendar.LocalGregorianCalendar instance (singleton). private static final LocalGregorianCalendar jcal @@ -217,6 +240,7 @@ }; // Proclaim serialization compatibility with JDK 1.6 + @SuppressWarnings("FieldNameHidesFieldInSuperclass") private static final long serialVersionUID = -3364572813905467929L; static { @@ -340,6 +364,7 @@ * <code>false</code> otherwise. * @see Calendar#compareTo(Calendar) */ + @Override public boolean equals(Object obj) { return obj instanceof JapaneseImperialCalendar && super.equals(obj); @@ -349,6 +374,7 @@ * Generates the hash code for this * <code>JapaneseImperialCalendar</code> object. */ + @Override public int hashCode() { return super.hashCode() ^ jdate.hashCode(); } @@ -381,6 +407,7 @@ * or if any calendar fields have out-of-range values in * non-lenient mode. */ + @Override public void add(int field, int amount) { // If amount == 0, do nothing even the given field is out of // range. This is tested by JCK. @@ -509,6 +536,7 @@ } } + @Override public void roll(int field, boolean up) { roll(field, up ? +1 : -1); } @@ -533,6 +561,7 @@ * @see #add(int,int) * @see #set(int,int) */ + @Override public void roll(int field, int amount) { // If amount == 0, do nothing even the given field is out of // range. This is tested by JCK.
--- a/jdk/src/java.base/share/classes/java/util/StringJoiner.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/util/StringJoiner.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,9 @@ */ package java.util; +import sun.misc.JavaLangAccess; +import sun.misc.SharedSecrets; + /** * {@code StringJoiner} is used to construct a sequence of characters separated * by a delimiter and optionally starting with a supplied prefix @@ -67,22 +70,24 @@ private final String delimiter; private final String suffix; - /* - * StringBuilder value -- at any time, the characters constructed from the - * prefix, the added element separated by the delimiter, but without the - * suffix, so that we can more easily add elements without having to jigger - * the suffix each time. - */ - private StringBuilder value; + /** Contains all the string components added so far. */ + private String[] elts; + + /** The number of string components added so far. */ + private int size; - /* - * By default, the string consisting of prefix+suffix, returned by - * toString(), or properties of value, when no elements have yet been added, - * i.e. when it is empty. This may be overridden by the user to be some - * other value including the empty String. + /** Total length in chars so far, excluding prefix and suffix. */ + private int len; + + /** + * When overriden by the user to be non-null via {@link setEmptyValue}, the + * string returned by toString() when no elements have yet been added. + * When null, prefix + suffix is used as the empty value. */ private String emptyValue; + private static final JavaLangAccess jla = SharedSecrets.getJavaLangAccess(); + /** * Constructs a {@code StringJoiner} with no characters in it, with no * {@code prefix} or {@code suffix}, and a copy of the supplied @@ -125,7 +130,6 @@ this.prefix = prefix.toString(); this.delimiter = delimiter.toString(); this.suffix = suffix.toString(); - this.emptyValue = this.prefix + this.suffix; } /** @@ -148,29 +152,44 @@ return this; } + private static int getChars(String s, char[] chars, int start) { + int len = s.length(); + s.getChars(0, len, chars, start); + return len; + } + /** * Returns the current value, consisting of the {@code prefix}, the values * added so far separated by the {@code delimiter}, and the {@code suffix}, * unless no elements have been added in which case, the - * {@code prefix + suffix} or the {@code emptyValue} characters are returned + * {@code prefix + suffix} or the {@code emptyValue} characters are returned. * * @return the string representation of this {@code StringJoiner} */ @Override public String toString() { - if (value == null) { + final String[] elts = this.elts; + if (elts == null && emptyValue != null) { return emptyValue; - } else { - if (suffix.equals("")) { - return value.toString(); - } else { - int initialLength = value.length(); - String result = value.append(suffix).toString(); - // reset value to pre-append initialLength - value.setLength(initialLength); - return result; + } + final int size = this.size; + final int addLen = prefix.length() + suffix.length(); + if (addLen == 0) { + compactElts(); + return size == 0 ? "" : elts[0]; + } + final String delimiter = this.delimiter; + final char[] chars = new char[len + addLen]; + int k = getChars(prefix, chars, 0); + if (size > 0) { + k += getChars(elts[0], chars, k); + for (int i = 1; i < size; i++) { + k += getChars(delimiter, chars, k); + k += getChars(elts[i], chars, k); } } + k += getChars(suffix, chars, k); + return jla.newStringUnsafe(chars); } /** @@ -182,7 +201,16 @@ * @return a reference to this {@code StringJoiner} */ public StringJoiner add(CharSequence newElement) { - prepareBuilder().append(newElement); + final String elt = String.valueOf(newElement); + if (elts == null) { + elts = new String[8]; + } else { + if (size == elts.length) + elts = Arrays.copyOf(elts, 2 * size); + len += delimiter.length(); + } + len += elt.length(); + elts[size++] = elt; return this; } @@ -207,24 +235,25 @@ */ public StringJoiner merge(StringJoiner other) { Objects.requireNonNull(other); - if (other.value != null) { - final int length = other.value.length(); - // lock the length so that we can seize the data to be appended - // before initiate copying to avoid interference, especially when - // merge 'this' - StringBuilder builder = prepareBuilder(); - builder.append(other.value, other.prefix.length(), length); + if (other.elts == null) { + return this; } - return this; + other.compactElts(); + return add(other.elts[0]); } - private StringBuilder prepareBuilder() { - if (value != null) { - value.append(delimiter); - } else { - value = new StringBuilder().append(prefix); + private void compactElts() { + if (size > 1) { + final char[] chars = new char[len]; + int i = 1, k = getChars(elts[0], chars, 0); + do { + k += getChars(delimiter, chars, k); + k += getChars(elts[i], chars, k); + elts[i] = null; + } while (++i < size); + size = 1; + elts[0] = jla.newStringUnsafe(chars); } - return value; } /** @@ -238,10 +267,7 @@ * @return the length of the current value of {@code StringJoiner} */ public int length() { - // Remember that we never actually append the suffix unless we return - // the full (present) value or some sub-string or length of it, so that - // we can add on more if we need to. - return (value != null ? value.length() + suffix.length() : - emptyValue.length()); + return (size == 0 && emptyValue != null) ? emptyValue.length() : + len + prefix.length() + suffix.length(); } }
--- a/jdk/src/java.base/share/classes/javax/security/auth/Subject.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/javax/security/auth/Subject.java Fri Aug 29 11:57:22 2014 -0700 @@ -182,21 +182,20 @@ * {@code AuthPermission("modifyPublicCredentials")}. * To modify the private credential Set, the caller must have * {@code AuthPermission("modifyPrivateCredentials")}. - * <p> * * @param readOnly true if the {@code Subject} is to be read-only, - * and false otherwise. <p> + * and false otherwise. * * @param principals the {@code Set} of Principals - * to be associated with this {@code Subject}. <p> + * to be associated with this {@code Subject}. * * @param pubCredentials the {@code Set} of public credentials - * to be associated with this {@code Subject}. <p> + * to be associated with this {@code Subject}. * * @param privCredentials the {@code Set} of private credentials * to be associated with this {@code Subject}. * - * @exception NullPointerException if the specified + * @throws NullPointerException if the specified * {@code principals}, {@code pubCredentials}, * or {@code privCredentials} are {@code null}, * or a null value exists within any of these three @@ -233,10 +232,11 @@ * Also, once a {@code Subject} is read-only, * it can not be reset to being writable again. * - * <p> - * - * @exception SecurityException if the caller does not have permission - * to set this {@code Subject} to be read-only. + * @throws SecurityException if a security manager is installed and the + * caller does not have an + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("setReadOnly")} permission to set this + * {@code Subject} to be read-only. */ public void setReadOnly() { java.lang.SecurityManager sm = System.getSecurityManager(); @@ -250,8 +250,6 @@ /** * Query whether this {@code Subject} is read-only. * - * <p> - * * @return true if this {@code Subject} is read-only, false otherwise. */ public boolean isReadOnly() { @@ -267,8 +265,6 @@ * In this situation, the most recent {@code Subject} associated * with the {@code AccessControlContext} is returned. * - * <p> - * * @param acc the {@code AccessControlContext} from which to retrieve * the {@code Subject}. * @@ -277,10 +273,13 @@ * if no {@code Subject} is associated * with the provided {@code AccessControlContext}. * - * @exception SecurityException if the caller does not have permission - * to get the {@code Subject}. <p> + * @throws SecurityException if a security manager is installed and the + * caller does not have an + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("getSubject")} permission to get the + * {@code Subject}. * - * @exception NullPointerException if the provided + * @throws NullPointerException if the provided * {@code AccessControlContext} is {@code null}. */ public static Subject getSubject(final AccessControlContext acc) { @@ -321,26 +320,27 @@ * passing it the provided {@code PrivilegedAction}, * as well as the newly constructed {@code AccessControlContext}. * - * <p> - * * @param subject the {@code Subject} that the specified * {@code action} will run as. This parameter - * may be {@code null}. <p> + * may be {@code null}. * * @param <T> the type of the value returned by the PrivilegedAction's * {@code run} method. * * @param action the code to be run as the specified - * {@code Subject}. <p> + * {@code Subject}. * * @return the value returned by the PrivilegedAction's * {@code run} method. * - * @exception NullPointerException if the {@code PrivilegedAction} - * is {@code null}. <p> + * @throws NullPointerException if the {@code PrivilegedAction} + * is {@code null}. * - * @exception SecurityException if the caller does not have permission - * to invoke this method. + * @throws SecurityException if a security manager is installed and the + * caller does not have an + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("doAs")} permission to invoke this + * method. */ public static <T> T doAs(final Subject subject, final java.security.PrivilegedAction<T> action) { @@ -377,31 +377,32 @@ * passing it the provided {@code PrivilegedExceptionAction}, * as well as the newly constructed {@code AccessControlContext}. * - * <p> - * * @param subject the {@code Subject} that the specified * {@code action} will run as. This parameter - * may be {@code null}. <p> + * may be {@code null}. * * @param <T> the type of the value returned by the * PrivilegedExceptionAction's {@code run} method. * * @param action the code to be run as the specified - * {@code Subject}. <p> + * {@code Subject}. * * @return the value returned by the * PrivilegedExceptionAction's {@code run} method. * - * @exception PrivilegedActionException if the + * @throws PrivilegedActionException if the * {@code PrivilegedExceptionAction.run} - * method throws a checked exception. <p> + * method throws a checked exception. * - * @exception NullPointerException if the specified + * @throws NullPointerException if the specified * {@code PrivilegedExceptionAction} is - * {@code null}. <p> + * {@code null}. * - * @exception SecurityException if the caller does not have permission - * to invoke this method. + * @throws SecurityException if a security manager is installed and the + * caller does not have an + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("doAs")} permission to invoke this + * method. */ public static <T> T doAs(final Subject subject, final java.security.PrivilegedExceptionAction<T> action) @@ -435,29 +436,30 @@ * this method instantiates a new {@code AccessControlContext} * with an empty collection of ProtectionDomains. * - * <p> - * * @param subject the {@code Subject} that the specified * {@code action} will run as. This parameter - * may be {@code null}. <p> + * may be {@code null}. * * @param <T> the type of the value returned by the PrivilegedAction's * {@code run} method. * * @param action the code to be run as the specified - * {@code Subject}. <p> + * {@code Subject}. * * @param acc the {@code AccessControlContext} to be tied to the - * specified <i>subject</i> and <i>action</i>. <p> + * specified <i>subject</i> and <i>action</i>. * * @return the value returned by the PrivilegedAction's * {@code run} method. * - * @exception NullPointerException if the {@code PrivilegedAction} - * is {@code null}. <p> + * @throws NullPointerException if the {@code PrivilegedAction} + * is {@code null}. * - * @exception SecurityException if the caller does not have permission - * to invoke this method. + * @throws SecurityException if a security manager is installed and the + * caller does not have a + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("doAsPrivileged")} permission to invoke + * this method. */ public static <T> T doAsPrivileged(final Subject subject, final java.security.PrivilegedAction<T> action, @@ -495,34 +497,35 @@ * this method instantiates a new {@code AccessControlContext} * with an empty collection of ProtectionDomains. * - * <p> - * * @param subject the {@code Subject} that the specified * {@code action} will run as. This parameter - * may be {@code null}. <p> + * may be {@code null}. * * @param <T> the type of the value returned by the * PrivilegedExceptionAction's {@code run} method. * * @param action the code to be run as the specified - * {@code Subject}. <p> + * {@code Subject}. * * @param acc the {@code AccessControlContext} to be tied to the - * specified <i>subject</i> and <i>action</i>. <p> + * specified <i>subject</i> and <i>action</i>. * * @return the value returned by the * PrivilegedExceptionAction's {@code run} method. * - * @exception PrivilegedActionException if the + * @throws PrivilegedActionException if the * {@code PrivilegedExceptionAction.run} - * method throws a checked exception. <p> + * method throws a checked exception. * - * @exception NullPointerException if the specified + * @throws NullPointerException if the specified * {@code PrivilegedExceptionAction} is - * {@code null}. <p> + * {@code null}. * - * @exception SecurityException if the caller does not have permission - * to invoke this method. + * @throws SecurityException if a security manager is installed and the + * caller does not have a + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("doAsPrivileged")} permission to invoke + * this method. */ public static <T> T doAsPrivileged(final Subject subject, final java.security.PrivilegedExceptionAction<T> action, @@ -577,9 +580,12 @@ * to the returned {@code Set} affects the internal * {@code Principal} {@code Set} as well. * - * <p> + * <p> If a security manager is installed, the caller must have a + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("modifyPrincipals")} permission to modify + * the returned set, or a {@code SecurityException} will be thrown. * - * @return The {@code Set} of Principals associated with this + * @return the {@code Set} of Principals associated with this * {@code Subject}. */ public Set<Principal> getPrincipals() { @@ -600,8 +606,6 @@ * Modifications to the returned {@code Set} * will not affect the internal {@code Principal} {@code Set}. * - * <p> - * * @param <T> the type of the class modeled by {@code c} * * @param c the returned {@code Set} of Principals will all be @@ -610,8 +614,8 @@ * @return a {@code Set} of Principals that are instances of the * specified {@code Class}. * - * @exception NullPointerException if the specified {@code Class} - * is {@code null}. + * @throws NullPointerException if the specified {@code Class} + * is {@code null}. */ public <T extends Principal> Set<T> getPrincipals(Class<T> c) { @@ -632,9 +636,12 @@ * to the returned {@code Set} affects the internal public * Credential {@code Set} as well. * - * <p> + * <p> If a security manager is installed, the caller must have a + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("modifyPublicCredentials")} permission to modify + * the returned set, or a {@code SecurityException} will be thrown. * - * @return A {@code Set} of public credentials held by this + * @return a {@code Set} of public credentials held by this * {@code Subject}. */ public Set<Object> getPublicCredentials() { @@ -653,20 +660,18 @@ * to the returned {@code Set} affects the internal private * Credential {@code Set} as well. * - * <p> A caller requires permissions to access the Credentials - * in the returned {@code Set}, or to modify the - * {@code Set} itself. A {@code SecurityException} - * is thrown if the caller does not have the proper permissions. + * <p> If a security manager is installed, the caller must have a + * {@link AuthPermission#AuthPermission(String) + * AuthPermission("modifyPrivateCredentials")} permission to modify + * the returned set, or a {@code SecurityException} will be thrown. * * <p> While iterating through the {@code Set}, - * a {@code SecurityException} is thrown - * if the caller does not have permission to access a - * particular Credential. The {@code Iterator} - * is nevertheless advanced to next element in the {@code Set}. + * a {@code SecurityException} is thrown if a security manager is installed + * and the caller does not have a {@link PrivateCredentialPermission} + * to access a particular Credential. The {@code Iterator} + * is nevertheless advanced to the next element in the {@code Set}. * - * <p> - * - * @return A {@code Set} of private credentials held by this + * @return a {@code Set} of private credentials held by this * {@code Subject}. */ public Set<Object> getPrivateCredentials() { @@ -695,8 +700,6 @@ * Modifications to the returned {@code Set} * will not affect the internal public Credential {@code Set}. * - * <p> - * * @param <T> the type of the class modeled by {@code c} * * @param c the returned {@code Set} of public credentials will all be @@ -705,7 +708,7 @@ * @return a {@code Set} of public credentials that are instances * of the specified {@code Class}. * - * @exception NullPointerException if the specified {@code Class} + * @throws NullPointerException if the specified {@code Class} * is {@code null}. */ public <T> Set<T> getPublicCredentials(Class<T> c) { @@ -723,9 +726,9 @@ * {@code Subject} that are instances or subclasses of the specified * {@code Class}. * - * <p> The caller must have permission to access all of the - * requested Credentials, or a {@code SecurityException} - * will be thrown. + * <p> If a security manager is installed, the caller must have a + * {@link PrivateCredentialPermission} to access all of the requested + * Credentials, or a {@code SecurityException} will be thrown. * * <p> The returned {@code Set} is not backed by this Subject's * internal private Credential {@code Set}. A new @@ -733,8 +736,6 @@ * Modifications to the returned {@code Set} * will not affect the internal private Credential {@code Set}. * - * <p> - * * @param <T> the type of the class modeled by {@code c} * * @param c the returned {@code Set} of private credentials will all be @@ -743,7 +744,7 @@ * @return a {@code Set} of private credentials that are instances * of the specified {@code Class}. * - * @exception NullPointerException if the specified {@code Class} + * @throws NullPointerException if the specified {@code Class} * is {@code null}. */ public <T> Set<T> getPrivateCredentials(Class<T> c) { @@ -772,19 +773,18 @@ * equal if their {@code Principal} and {@code Credential} * Sets are equal. * - * <p> - * * @param o Object to be compared for equality with this * {@code Subject}. * * @return true if the specified Object is equal to this * {@code Subject}. * - * @exception SecurityException if the caller does not have permission - * to access the private credentials for this {@code Subject}, - * or if the caller does not have permission to access the - * private credentials for the provided {@code Subject}. + * @throws SecurityException if a security manager is installed and the + * caller does not have a {@link PrivateCredentialPermission} + * permission to access the private credentials for this + * {@code Subject} or the provided {@code Subject}. */ + @Override public boolean equals(Object o) { if (o == null) { @@ -834,10 +834,9 @@ /** * Return the String representation of this {@code Subject}. * - * <p> - * * @return the String representation of this {@code Subject}. */ + @Override public String toString() { return toString(true); } @@ -895,13 +894,13 @@ /** * Returns a hashcode for this {@code Subject}. * - * <p> - * * @return a hashcode for this {@code Subject}. * - * @exception SecurityException if the caller does not have permission - * to access this Subject's private credentials. + * @throws SecurityException if a security manager is installed and the + * caller does not have a {@link PrivateCredentialPermission} + * permission to access this Subject's private credentials. */ + @Override public int hashCode() { /** @@ -996,7 +995,7 @@ * * @param coll A {@code Collection} to be tested for null references * - * @exception NullPointerException if the specified collection is either + * @throws NullPointerException if the specified collection is either * {@code null} or contains a {@code null} element */ private static void collectionNullClean(Collection<?> coll) { @@ -1546,7 +1545,7 @@ } } - static class AuthPermissionHolder { + static final class AuthPermissionHolder { static final AuthPermission DO_AS_PERMISSION = new AuthPermission("doAs");
--- a/jdk/src/java.base/share/classes/sun/util/calendar/Era.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/calendar/Era.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,20 +41,15 @@ * <code>CalendarDate</code>. * * <p>The following era names are defined in this release. - * <!-- TODO: use HTML table --> - * <pre><tt> + * <pre>{@code * Calendar system Era name Since (in Gregorian) * ----------------------------------------------------------------------- - * Japanese calendar Meiji 1868-01-01 midnight local time - * Taisho 1912-07-30 midnight local time - * Showa 1926-12-26 midnight local time - * Heisei 1989-01-08 midnight local time - * Julian calendar BeforeCommonEra -292275055-05-16T16:47:04.192Z - * CommonEra 0000-12-30 midnight local time - * Taiwanese calendar MinGuo 1911-01-01 midnight local time - * Thai Buddhist calendar BuddhistEra -543-01-01 midnight local time + * Japanese calendar Meiji 1868-01-01T00:00:00 local time + * Taisho 1912-07-30T00:00:00 local time + * Showa 1926-12-25T00:00:00 local time + * Heisei 1989-01-08T00:00:00 local time * ----------------------------------------------------------------------- - * </tt></pre> + * }</pre> * * @author Masayoshi Okutsu * @since 1.5
--- a/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,11 +25,7 @@ package sun.util.calendar; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.Properties; -import java.util.StringTokenizer; +import java.security.AccessController; import java.util.TimeZone; /** @@ -39,6 +35,28 @@ */ public class LocalGregorianCalendar extends BaseCalendar { + private static final Era[] JAPANESE_ERAS = { + new Era("Meiji", "M", -3218832000000L, true), + new Era("Taisho", "T", -1812153600000L, true), + new Era("Showa", "S", -1357603200000L, true), + new Era("Heisei", "H", 600220800000L, true), + }; + + private static boolean isValidEra(Era newEra, Era[] eras) { + Era last = eras[eras.length - 1]; + if (last.getSinceDate().getYear() >= newEra.getSinceDate().getYear()) { + return false; + } + // The new era name should be unique. Its abbr may not. + String newName = newEra.getName(); + for (Era era : eras) { + if (era.getName().equals(newName)) { + return false; + } + } + return true; + } + private String name; private Era[] eras; @@ -118,58 +136,70 @@ } static LocalGregorianCalendar getLocalGregorianCalendar(String name) { - Properties calendarProps; - try { - calendarProps = CalendarSystem.getCalendarProperties(); - } catch (IOException | IllegalArgumentException e) { - throw new InternalError(e); - } - // Parse calendar.*.eras - String props = calendarProps.getProperty("calendar." + name + ".eras"); - if (props == null) { + // Only the Japanese calendar is supported. + if (!"japanese".equals(name)) { return null; } - List<Era> eras = new ArrayList<>(); - StringTokenizer eraTokens = new StringTokenizer(props, ";"); - while (eraTokens.hasMoreTokens()) { - String items = eraTokens.nextToken().trim(); - StringTokenizer itemTokens = new StringTokenizer(items, ","); - String eraName = null; - boolean localTime = true; - long since = 0; - String abbr = null; + + // Append an era to the predefined eras if it's given by the property. + String prop = AccessController.doPrivileged( + new sun.security.action.GetPropertyAction("jdk.calendar.japanese.supplemental.era")); + if (prop != null) { + Era era = parseEraEntry(prop); + if (era != null) { + if (isValidEra(era, JAPANESE_ERAS)) { + int length = JAPANESE_ERAS.length; + Era[] eras = new Era[length + 1]; + System.arraycopy(JAPANESE_ERAS, 0, eras, 0, length); + eras[length] = era; + return new LocalGregorianCalendar(name, eras); + } + } + } + return new LocalGregorianCalendar(name, JAPANESE_ERAS); + } - while (itemTokens.hasMoreTokens()) { - String item = itemTokens.nextToken(); - int index = item.indexOf('='); - // it must be in the key=value form. - if (index == -1) { + private static Era parseEraEntry(String entry) { + String[] keyValuePairs = entry.split(","); + String eraName = null; + boolean localTime = true; + long since = 0; + String abbr = null; + + for (String item : keyValuePairs) { + String[] keyvalue = item.split("="); + if (keyvalue.length != 2) { + return null; + } + String key = keyvalue[0].trim(); + String value = keyvalue[1].trim(); + switch (key) { + case "name": + eraName = value; + break; + case "since": + if (value.endsWith("u")) { + localTime = false; + value = value.substring(0, value.length() - 1); + } + try { + since = Long.parseLong(value); + } catch (NumberFormatException e) { return null; } - String key = item.substring(0, index); - String value = item.substring(index + 1); - if ("name".equals(key)) { - eraName = value; - } else if ("since".equals(key)) { - if (value.endsWith("u")) { - localTime = false; - since = Long.parseLong(value.substring(0, value.length() - 1)); - } else { - since = Long.parseLong(value); - } - } else if ("abbr".equals(key)) { - abbr = value; - } else { - throw new RuntimeException("Unknown key word: " + key); - } + break; + case "abbr": + abbr = value; + break; + default: + return null; } - Era era = new Era(eraName, abbr, since, localTime); - eras.add(era); } - Era[] eraArray = new Era[eras.size()]; - eras.toArray(eraArray); - - return new LocalGregorianCalendar(name, eraArray); + if (eraName == null || eraName.isEmpty() + || abbr == null || abbr.isEmpty()) { + return null; + } + return new Era(eraName, abbr, since, localTime); } private LocalGregorianCalendar(String name, Era[] eras) { @@ -262,9 +292,8 @@ } private boolean validateEra(Era era) { - // Validate the era - for (int i = 0; i < eras.length; i++) { - if (era == eras[i]) { + for (Era era1 : eras) { + if (era == era1) { return true; } } @@ -333,6 +362,7 @@ } if (i >= 0) { ldate.setLocalEra(era); + @SuppressWarnings("null") int y = ldate.getNormalizedYear() - era.getSinceDate().getYear() + 1; ldate.setLocalYear(y); } else {
--- a/jdk/src/java.base/share/classes/sun/util/cldr/CLDRLocaleProviderAdapter.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/cldr/CLDRLocaleProviderAdapter.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ import java.security.PrivilegedAction; import java.text.spi.BreakIteratorProvider; import java.text.spi.CollatorProvider; +import java.util.Collections; import java.util.HashSet; import java.util.Locale; import java.util.ResourceBundle; @@ -102,6 +103,9 @@ @Override protected Set<String> createLanguageTagSet(String category) { ResourceBundle rb = ResourceBundle.getBundle("sun.util.cldr.CLDRLocaleDataMetaInfo", Locale.ROOT); + if (rb.containsKey(category)) { + return Collections.emptySet(); + } String supportedLocaleString = rb.getString(category); Set<String> tagset = new HashSet<>(); StringTokenizer tokens = new StringTokenizer(supportedLocaleString);
--- a/jdk/src/java.base/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,7 @@ import java.text.spi.DateFormatSymbolsProvider; import java.text.spi.DecimalFormatSymbolsProvider; import java.text.spi.NumberFormatProvider; +import java.util.Collections; import java.util.HashSet; import java.util.Locale; import java.util.Set; @@ -356,6 +357,9 @@ protected Set<String> createLanguageTagSet(String category) { String supportedLocaleString = LocaleDataMetaInfo.getSupportedLocaleString(category); + if (supportedLocaleString == null) { + return Collections.emptySet(); + } Set<String> tagset = new HashSet<>(); StringTokenizer tokens = new StringTokenizer(supportedLocaleString); while (tokens.hasMoreTokens()) {
--- a/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleDataMetaInfo-XLocales.java.template Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleDataMetaInfo-XLocales.java.template Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,6 +57,12 @@ resourceNameToLocales.put("CollationData", " #CollationData_ENLocales# | #CollationData_NonENLocales# "); + resourceNameToLocales.put("BreakIteratorInfo", + " #BreakIteratorInfo_ENLocales# | #BreakIteratorInfo_NonENLocales# "); + + resourceNameToLocales.put("BreakIteratorRules", + " #BreakIteratorRules_ENLocales# | #BreakIteratorRules_NonENLocales# "); + resourceNameToLocales.put("TimeZoneNames", " #TimeZoneNames_ENLocales# | #TimeZoneNames_NonENLocales# ");
--- a/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleProviderAdapter.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleProviderAdapter.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -295,7 +295,7 @@ * A utility method for implementing the default LocaleServiceProvider.isSupportedLocale * for the JRE, CLDR, and FALLBACK adapters. */ - static boolean isSupportedLocale(Locale locale, LocaleProviderAdapter.Type type, Set<String> langtags) { + public static boolean isSupportedLocale(Locale locale, LocaleProviderAdapter.Type type, Set<String> langtags) { assert type == Type.JRE || type == Type.CLDR || type == Type.FALLBACK; if (Locale.ROOT.equals(locale)) { return true;
--- a/jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java Fri Aug 29 11:57:22 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -48,8 +48,11 @@ import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; +import java.util.Set; +import sun.util.locale.provider.JRELocaleProviderAdapter; import sun.util.locale.provider.LocaleDataMetaInfo; import sun.util.locale.provider.LocaleProviderAdapter; +import static sun.util.locale.provider.LocaleProviderAdapter.Type.CLDR; import static sun.util.locale.provider.LocaleProviderAdapter.Type.JRE; /** @@ -204,35 +207,23 @@ @Override public List<Locale> getCandidateLocales(String baseName, Locale locale) { List<Locale> candidates = super.getCandidateLocales(baseName, locale); - /* Get the locale string list from LocaleDataMetaInfo class. */ - String localeString = LocaleDataMetaInfo.getSupportedLocaleString(baseName); - - if (localeString != null && localeString.length() != 0) { - for (Iterator<Locale> l = candidates.iterator(); l.hasNext();) { - Locale loc = l.next(); - String lstr; - if (loc.getScript().length() > 0) { - lstr = loc.toLanguageTag().replace('-', '_'); - } else { - lstr = loc.toString(); - int idx = lstr.indexOf("_#"); - if (idx >= 0) { - lstr = lstr.substring(0, idx); - } - } - /* Every locale string in the locale string list returned from - the above getSupportedLocaleString is enclosed - within two white spaces so that we could check some locale - such as "en". - */ - if (lstr.length() != 0 && localeString.indexOf(" " + lstr + " ") == -1) { - l.remove(); + // Weed out Locales which are known to have no resource bundles + int lastDot = baseName.lastIndexOf('.'); + String category = (lastDot >= 0) ? baseName.substring(lastDot + 1) : baseName; + LocaleProviderAdapter.Type type = baseName.contains(DOTCLDR) ? CLDR : JRE; + LocaleProviderAdapter adapter = LocaleProviderAdapter.forType(type); + Set<String> langtags = ((JRELocaleProviderAdapter)adapter).getLanguageTagSet(category); + if (!langtags.isEmpty()) { + for (Iterator<Locale> itr = candidates.iterator(); itr.hasNext();) { + if (!LocaleProviderAdapter.isSupportedLocale(itr.next(), type, langtags)) { + itr.remove(); } } } + // Force fallback to Locale.ENGLISH for CLDR time zone names support if (locale.getLanguage() != "en" - && baseName.contains(CLDR) && baseName.endsWith("TimeZoneNames")) { + && type == CLDR && category.equals("TimeZoneNames")) { candidates.add(candidates.size() - 1, Locale.ENGLISH); } return candidates; @@ -254,7 +245,7 @@ return null; } - private static final String CLDR = ".cldr"; + private static final String DOTCLDR = ".cldr"; /** * Changes baseName to its per-language package name and @@ -275,8 +266,8 @@ assert JRE.getUtilResourcesPackage().length() == JRE.getTextResourcesPackage().length(); int index = JRE.getUtilResourcesPackage().length(); - if (baseName.indexOf(CLDR, index) > 0) { - index += CLDR.length(); + if (baseName.indexOf(DOTCLDR, index) > 0) { + index += DOTCLDR.length(); } newBaseName = baseName.substring(0, index + 1) + lang + baseName.substring(index);
--- a/jdk/src/java.base/share/conf/calendars.properties Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/share/conf/calendars.properties Fri Aug 29 11:57:22 2014 -0700 @@ -1,4 +1,4 @@ -# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -23,37 +23,6 @@ # # -# Japanese imperial calendar -# -# Meiji since 1868-01-01 00:00:00 local time (Gregorian) -# Taisho since 1912-07-30 00:00:00 local time (Gregorian) -# Showa since 1926-12-25 00:00:00 local time (Gregorian) -# Heisei since 1989-01-08 00:00:00 local time (Gregorian) -calendar.japanese.type: LocalGregorianCalendar -calendar.japanese.eras: \ - name=Meiji,abbr=M,since=-3218832000000; \ - name=Taisho,abbr=T,since=-1812153600000; \ - name=Showa,abbr=S,since=-1357603200000; \ - name=Heisei,abbr=H,since=600220800000 - -# -# Taiwanese calendar -# Minguo since 1911-01-01 00:00:00 local time (Gregorian) -calendar.taiwanese.type: LocalGregorianCalendar -calendar.taiwanese.eras: \ - name=MinGuo,since=-1830384000000 - -# -# Thai Buddhist calendar -# Buddhist Era since -542-01-01 00:00:00 local time (Gregorian) -calendar.thai-buddhist.type: LocalGregorianCalendar -calendar.thai-buddhist.eras: \ - name=BuddhistEra,abbr=B.E.,since=-79302585600000 -calendar.thai-buddhist.year-boundary: \ - day1=4-1,since=-79302585600000; \ - day1=1-1,since=-915148800000 - -# # Hijrah calendars # calendar.hijrah.Hijrah-umalqura: hijrah-config-umalqura.properties
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/java.base/share/conf/security/java.security Fri Aug 29 11:57:22 2014 -0700 @@ -0,0 +1,517 @@ +# +# This is the "master security properties file". +# +# An alternate java.security properties file may be specified +# from the command line via the system property +# +# -Djava.security.properties=<URL> +# +# This properties file appends to the master security properties file. +# If both properties files specify values for the same key, the value +# from the command-line properties file is selected, as it is the last +# one loaded. +# +# Also, if you specify +# +# -Djava.security.properties==<URL> (2 equals), +# +# then that properties file completely overrides the master security +# properties file. +# +# To disable the ability to specify an additional properties file from +# the command line, set the key security.overridePropertiesFile +# to false in the master security properties file. It is set to true +# by default. + +# In this file, various security properties are set for use by +# java.security classes. This is where users can statically register +# Cryptography Package Providers ("providers" for short). The term +# "provider" refers to a package or set of packages that supply a +# concrete implementation of a subset of the cryptography aspects of +# the Java Security API. A provider may, for example, implement one or +# more digital signature algorithms or message digest algorithms. +# +# Each provider must implement a subclass of the Provider class. +# To register a provider in this master security properties file, +# specify the Provider subclass name and priority in the format +# +# security.provider.<n>=<className> +# +# This declares a provider, and specifies its preference +# order n. The preference order is the order in which providers are +# searched for requested algorithms (when no specific provider is +# requested). The order is 1-based; 1 is the most preferred, followed +# by 2, and so on. +# +# <className> must specify the subclass of the Provider class whose +# constructor sets the values of various properties that are required +# for the Java Security API to look up the algorithms or other +# facilities implemented by the provider. +# +# There must be at least one provider specification in java.security. +# There is a default provider that comes standard with the JDK. It +# is called the "SUN" provider, and its Provider subclass +# named Sun appears in the sun.security.provider package. Thus, the +# "SUN" provider is registered via the following: +# +# security.provider.1=sun.security.provider.Sun +# +# (The number 1 is used for the default provider.) +# +# Note: Providers can be dynamically registered instead by calls to +# either the addProvider or insertProviderAt method in the Security +# class. + +# +# List of providers and their preference orders (see above): +# +#ifdef solaris +security.provider.tbd=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg +security.provider.tbd=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg +#endif +security.provider.tbd=sun.security.provider.Sun +security.provider.tbd=sun.security.rsa.SunRsaSign +security.provider.tbd=sun.security.ec.SunEC +security.provider.tbd=com.sun.net.ssl.internal.ssl.Provider +security.provider.tbd=com.sun.crypto.provider.SunJCE +security.provider.tbd=sun.security.jgss.SunProvider +security.provider.tbd=com.sun.security.sasl.Provider +security.provider.tbd=org.jcp.xml.dsig.internal.dom.XMLDSigRI +security.provider.tbd=sun.security.smartcardio.SunPCSC +#ifdef windows +security.provider.tbd=sun.security.mscapi.SunMSCAPI +#endif +#ifdef macosx +security.provider.tbd=apple.security.AppleProvider +#endif + +# +# Sun Provider SecureRandom seed source. +# +# Select the primary source of seed data for the "SHA1PRNG" and +# "NativePRNG" SecureRandom implementations in the "Sun" provider. +# (Other SecureRandom implementations might also use this property.) +# +# On Unix-like systems (for example, Solaris/Linux/MacOS), the +# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from +# special device files such as file:/dev/random. +# +# On Windows systems, specifying the URLs "file:/dev/random" or +# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding +# mechanism for SHA1PRNG. +# +# By default, an attempt is made to use the entropy gathering device +# specified by the "securerandom.source" Security property. If an +# exception occurs while accessing the specified URL: +# +# SHA1PRNG: +# the traditional system/thread activity algorithm will be used. +# +# NativePRNG: +# a default value of /dev/random will be used. If neither +# are available, the implementation will be disabled. +# "file" is the only currently supported protocol type. +# +# The entropy gathering device can also be specified with the System +# property "java.security.egd". For example: +# +# % java -Djava.security.egd=file:/dev/random MainClass +# +# Specifying this System property will override the +# "securerandom.source" Security property. +# +# In addition, if "file:/dev/random" or "file:/dev/urandom" is +# specified, the "NativePRNG" implementation will be more preferred than +# SHA1PRNG in the Sun provider. +# +securerandom.source=file:/dev/random + +# +# A list of known strong SecureRandom implementations. +# +# To help guide applications in selecting a suitable strong +# java.security.SecureRandom implementation, Java distributions should +# indicate a list of known strong implementations using the property. +# +# This is a comma-separated list of algorithm and/or algorithm:provider +# entries. +# +#ifdef windows +securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN +#endif +#ifndef windows +securerandom.strongAlgorithms=NativePRNGBlocking:SUN +#endif + +# +# Class to instantiate as the javax.security.auth.login.Configuration +# provider. +# +login.configuration.provider=sun.security.provider.ConfigFile + +# +# Default login configuration file +# +#login.config.url.1=file:${user.home}/.java.login.config + +# +# Class to instantiate as the system Policy. This is the name of the class +# that will be used as the Policy object. +# +policy.provider=sun.security.provider.PolicyFile + +# The default is to have a single system-wide policy file, +# and a policy file in the user's home directory. +policy.url.1=file:${java.home}/lib/security/java.policy +policy.url.2=file:${user.home}/.java.policy + +# whether or not we expand properties in the policy file +# if this is set to false, properties (${...}) will not be expanded in policy +# files. +policy.expandProperties=true + +# whether or not we allow an extra policy to be passed on the command line +# with -Djava.security.policy=somefile. Comment out this line to disable +# this feature. +policy.allowSystemProperty=true + +# whether or not we look into the IdentityScope for trusted Identities +# when encountering a 1.1 signed JAR file. If the identity is found +# and is trusted, we grant it AllPermission. +policy.ignoreIdentityScope=false + +# +# Default keystore type. +# +keystore.type=jks + +# +# List of comma-separated packages that start with or equal this string +# will cause a security exception to be thrown when +# passed to checkPackageAccess unless the +# corresponding RuntimePermission ("accessClassInPackage."+package) has +# been granted. +package.access=sun.,\ + com.sun.xml.internal.,\ + com.sun.imageio.,\ + com.sun.istack.internal.,\ + com.sun.jmx.,\ + com.sun.media.sound.,\ + com.sun.naming.internal.,\ + com.sun.proxy.,\ + com.sun.corba.se.,\ + com.sun.org.apache.bcel.internal.,\ + com.sun.org.apache.regexp.internal.,\ + com.sun.org.apache.xerces.internal.,\ + com.sun.org.apache.xpath.internal.,\ + com.sun.org.apache.xalan.internal.extensions.,\ + com.sun.org.apache.xalan.internal.lib.,\ + com.sun.org.apache.xalan.internal.res.,\ + com.sun.org.apache.xalan.internal.templates.,\ + com.sun.org.apache.xalan.internal.utils.,\ + com.sun.org.apache.xalan.internal.xslt.,\ + com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ + com.sun.org.apache.xalan.internal.xsltc.compiler.,\ + com.sun.org.apache.xalan.internal.xsltc.trax.,\ + com.sun.org.apache.xalan.internal.xsltc.util.,\ + com.sun.org.apache.xml.internal.res.,\ + com.sun.org.apache.xml.internal.security.,\ + com.sun.org.apache.xml.internal.serializer.utils.,\ + com.sun.org.apache.xml.internal.utils.,\ + com.sun.org.glassfish.,\ + com.oracle.xmlns.internal.,\ + com.oracle.webservices.internal.,\ + org.jcp.xml.dsig.internal.,\ + jdk.internal.,\ + jdk.nashorn.internal.,\ + jdk.nashorn.tools.,\ + com.sun.activation.registries.,\ +#ifdef macosx + apple.,\ +#endif + +# +# List of comma-separated packages that start with or equal this string +# will cause a security exception to be thrown when +# passed to checkPackageDefinition unless the +# corresponding RuntimePermission ("defineClassInPackage."+package) has +# been granted. +# +# by default, none of the class loaders supplied with the JDK call +# checkPackageDefinition. +# +package.definition=sun.,\ + com.sun.xml.internal.,\ + com.sun.imageio.,\ + com.sun.istack.internal.,\ + com.sun.jmx.,\ + com.sun.media.sound.,\ + com.sun.naming.internal.,\ + com.sun.proxy.,\ + com.sun.corba.se.,\ + com.sun.org.apache.bcel.internal.,\ + com.sun.org.apache.regexp.internal.,\ + com.sun.org.apache.xerces.internal.,\ + com.sun.org.apache.xpath.internal.,\ + com.sun.org.apache.xalan.internal.extensions.,\ + com.sun.org.apache.xalan.internal.lib.,\ + com.sun.org.apache.xalan.internal.res.,\ + com.sun.org.apache.xalan.internal.templates.,\ + com.sun.org.apache.xalan.internal.utils.,\ + com.sun.org.apache.xalan.internal.xslt.,\ + com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ + com.sun.org.apache.xalan.internal.xsltc.compiler.,\ + com.sun.org.apache.xalan.internal.xsltc.trax.,\ + com.sun.org.apache.xalan.internal.xsltc.util.,\ + com.sun.org.apache.xml.internal.res.,\ + com.sun.org.apache.xml.internal.security.,\ + com.sun.org.apache.xml.internal.serializer.utils.,\ + com.sun.org.apache.xml.internal.utils.,\ + com.sun.org.glassfish.,\ + com.oracle.xmlns.internal.,\ + com.oracle.webservices.internal.,\ + org.jcp.xml.dsig.internal.,\ + jdk.internal.,\ + jdk.nashorn.internal.,\ + jdk.nashorn.tools.,\ + com.sun.activation.registries.,\ +#ifdef macosx + apple.,\ +#endif + +# +# Determines whether this properties file can be appended to +# or overridden on the command line via -Djava.security.properties +# +security.overridePropertiesFile=true + +# +# Determines the default key and trust manager factory algorithms for +# the javax.net.ssl package. +# +ssl.KeyManagerFactory.algorithm=SunX509 +ssl.TrustManagerFactory.algorithm=PKIX + +# +# The Java-level namelookup cache policy for successful lookups: +# +# any negative value: caching forever +# any positive value: the number of seconds to cache an address for +# zero: do not cache +# +# default value is forever (FOREVER). For security reasons, this +# caching is made forever when a security manager is set. When a security +# manager is not set, the default behavior in this implementation +# is to cache for 30 seconds. +# +# NOTE: setting this to anything other than the default value can have +# serious security implications. Do not set it unless +# you are sure you are not exposed to DNS spoofing attack. +# +#networkaddress.cache.ttl=-1 + +# The Java-level namelookup cache policy for failed lookups: +# +# any negative value: cache forever +# any positive value: the number of seconds to cache negative lookup results +# zero: do not cache +# +# In some Microsoft Windows networking environments that employ +# the WINS name service in addition to DNS, name service lookups +# that fail may take a noticeably long time to return (approx. 5 seconds). +# For this reason the default caching policy is to maintain these +# results for 10 seconds. +# +# +networkaddress.cache.negative.ttl=10 + +# +# Properties to configure OCSP for certificate revocation checking +# + +# Enable OCSP +# +# By default, OCSP is not used for certificate revocation checking. +# This property enables the use of OCSP when set to the value "true". +# +# NOTE: SocketPermission is required to connect to an OCSP responder. +# +# Example, +# ocsp.enable=true + +# +# Location of the OCSP responder +# +# By default, the location of the OCSP responder is determined implicitly +# from the certificate being validated. This property explicitly specifies +# the location of the OCSP responder. The property is used when the +# Authority Information Access extension (defined in RFC 3280) is absent +# from the certificate or when it requires overriding. +# +# Example, +# ocsp.responderURL=http://ocsp.example.net:80 + +# +# Subject name of the OCSP responder's certificate +# +# By default, the certificate of the OCSP responder is that of the issuer +# of the certificate being validated. This property identifies the certificate +# of the OCSP responder when the default does not apply. Its value is a string +# distinguished name (defined in RFC 2253) which identifies a certificate in +# the set of certificates supplied during cert path validation. In cases where +# the subject name alone is not sufficient to uniquely identify the certificate +# then both the "ocsp.responderCertIssuerName" and +# "ocsp.responderCertSerialNumber" properties must be used instead. When this +# property is set then those two properties are ignored. +# +# Example, +# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp" + +# +# Issuer name of the OCSP responder's certificate +# +# By default, the certificate of the OCSP responder is that of the issuer +# of the certificate being validated. This property identifies the certificate +# of the OCSP responder when the default does not apply. Its value is a string +# distinguished name (defined in RFC 2253) which identifies a certificate in +# the set of certificates supplied during cert path validation. When this +# property is set then the "ocsp.responderCertSerialNumber" property must also +# be set. When the "ocsp.responderCertSubjectName" property is set then this +# property is ignored. +# +# Example, +# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp" + +# +# Serial number of the OCSP responder's certificate +# +# By default, the certificate of the OCSP responder is that of the issuer +# of the certificate being validated. This property identifies the certificate +# of the OCSP responder when the default does not apply. Its value is a string +# of hexadecimal digits (colon or space separators may be present) which +# identifies a certificate in the set of certificates supplied during cert path +# validation. When this property is set then the "ocsp.responderCertIssuerName" +# property must also be set. When the "ocsp.responderCertSubjectName" property +# is set then this property is ignored. +# +# Example, +# ocsp.responderCertSerialNumber=2A:FF:00 + +# +# Policy for failed Kerberos KDC lookups: +# +# When a KDC is unavailable (network error, service failure, etc), it is +# put inside a blacklist and accessed less often for future requests. The +# value (case-insensitive) for this policy can be: +# +# tryLast +# KDCs in the blacklist are always tried after those not on the list. +# +# tryLess[:max_retries,timeout] +# KDCs in the blacklist are still tried by their order in the configuration, +# but with smaller max_retries and timeout values. max_retries and timeout +# are optional numerical parameters (default 1 and 5000, which means once +# and 5 seconds). Please notes that if any of the values defined here is +# more than what is defined in krb5.conf, it will be ignored. +# +# Whenever a KDC is detected as available, it is removed from the blacklist. +# The blacklist is reset when krb5.conf is reloaded. You can add +# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is +# reloaded whenever a JAAS authentication is attempted. +# +# Example, +# krb5.kdc.bad.policy = tryLast +# krb5.kdc.bad.policy = tryLess:2,2000 +krb5.kdc.bad.policy = tryLast + +# Algorithm restrictions for certification path (CertPath) processing +# +# In some environments, certain algorithms or key lengths may be undesirable +# for certification path building and validation. For example, "MD2" is +# generally no longer considered to be a secure hash algorithm. This section +# describes the mechanism for disabling algorithms based on algorithm name +# and/or key length. This includes algorithms used in certificates, as well +# as revocation information such as CRLs and signed OCSP Responses. +# +# The syntax of the disabled algorithm string is described as this Java +# BNF-style: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator DecimalInteger +# +# Operator: +# <= | < | == | != | >= | > +# +# DecimalInteger: +# DecimalDigits +# +# DecimalDigits: +# DecimalDigit {DecimalDigit} +# +# DecimalDigit: one of +# 1 2 3 4 5 6 7 8 9 0 +# +# The "AlgorithmName" is the standard algorithm name of the disabled +# algorithm. See "Java Cryptography Architecture Standard Algorithm Name +# Documentation" for information about Standard Algorithm Names. Matching +# is performed using a case-insensitive sub-element matching rule. (For +# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and +# "ECDSA" for signatures.) If the assertion "AlgorithmName" is a +# sub-element of the certificate algorithm name, the algorithm will be +# rejected during certification path building and validation. For example, +# the assertion algorithm name "DSA" will disable all certificate algorithms +# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion +# will not disable algorithms related to "ECDSA". +# +# A "Constraint" provides further guidance for the algorithm being specified. +# The "KeySizeConstraint" requires a key of a valid size range if the +# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the +# key size specified in number of bits. For example, "RSA keySize <= 1024" +# indicates that any RSA key with key size less than or equal to 1024 bits +# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates +# that any RSA key with key size less than 1024 or greater than 2048 should +# be disabled. Note that the "KeySizeConstraint" only makes sense to key +# algorithms. +# +# Note: This property is currently used by Oracle's PKIX implementation. It +# is not guaranteed to be examined and used by other implementations. +# +# Example: +# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 +# +# +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 + +# Algorithm restrictions for Secure Socket Layer/Transport Layer Security +# (SSL/TLS) processing +# +# In some environments, certain algorithms or key lengths may be undesirable +# when using SSL/TLS. This section describes the mechanism for disabling +# algorithms during SSL/TLS security parameters negotiation, including cipher +# suites selection, peer authentication and key exchange mechanisms. +# +# For PKI-based peer authentication and key exchange mechanisms, this list +# of disabled algorithms will also be checked during certification path +# building and validation, including algorithms used in certificates, as +# well as revocation information such as CRLs and signed OCSP Responses. +# This is in addition to the jdk.certpath.disabledAlgorithms property above. +# +# See the specification of "jdk.certpath.disabledAlgorithms" for the +# syntax of the disabled algorithm string. +# +# Note: This property is currently used by Oracle's JSSE implementation. +# It is not guaranteed to be examined and used by other implementations. +# +# Example: +# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-aix Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,496 +0,0 @@ -# -# This is the "master security properties file". -# -# An alternate java.security properties file may be specified -# from the command line via the system property -# -# -Djava.security.properties=<URL> -# -# This properties file appends to the master security properties file. -# If both properties files specify values for the same key, the value -# from the command-line properties file is selected, as it is the last -# one loaded. -# -# Also, if you specify -# -# -Djava.security.properties==<URL> (2 equals), -# -# then that properties file completely overrides the master security -# properties file. -# -# To disable the ability to specify an additional properties file from -# the command line, set the key security.overridePropertiesFile -# to false in the master security properties file. It is set to true -# by default. - -# In this file, various security properties are set for use by -# java.security classes. This is where users can statically register -# Cryptography Package Providers ("providers" for short). The term -# "provider" refers to a package or set of packages that supply a -# concrete implementation of a subset of the cryptography aspects of -# the Java Security API. A provider may, for example, implement one or -# more digital signature algorithms or message digest algorithms. -# -# Each provider must implement a subclass of the Provider class. -# To register a provider in this master security properties file, -# specify the Provider subclass name and priority in the format -# -# security.provider.<n>=<className> -# -# This declares a provider, and specifies its preference -# order n. The preference order is the order in which providers are -# searched for requested algorithms (when no specific provider is -# requested). The order is 1-based; 1 is the most preferred, followed -# by 2, and so on. -# -# <className> must specify the subclass of the Provider class whose -# constructor sets the values of various properties that are required -# for the Java Security API to look up the algorithms or other -# facilities implemented by the provider. -# -# There must be at least one provider specification in java.security. -# There is a default provider that comes standard with the JDK. It -# is called the "SUN" provider, and its Provider subclass -# named Sun appears in the sun.security.provider package. Thus, the -# "SUN" provider is registered via the following: -# -# security.provider.1=sun.security.provider.Sun -# -# (The number 1 is used for the default provider.) -# -# Note: Providers can be dynamically registered instead by calls to -# either the addProvider or insertProviderAt method in the Security -# class. - -# -# List of providers and their preference orders (see above): -# -security.provider.1=sun.security.provider.Sun -security.provider.2=sun.security.rsa.SunRsaSign -security.provider.3=sun.security.ec.SunEC -security.provider.4=com.sun.net.ssl.internal.ssl.Provider -security.provider.5=com.sun.crypto.provider.SunJCE -security.provider.6=sun.security.jgss.SunProvider -security.provider.7=com.sun.security.sasl.Provider -security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI -security.provider.9=sun.security.smartcardio.SunPCSC - -# -# Sun Provider SecureRandom seed source. -# -# Select the primary source of seed data for the "SHA1PRNG" and -# "NativePRNG" SecureRandom implementations in the "Sun" provider. -# (Other SecureRandom implementations might also use this property.) -# -# On Unix-like systems (for example, Solaris/Linux/MacOS), the -# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from -# special device files such as file:/dev/random. -# -# On Windows systems, specifying the URLs "file:/dev/random" or -# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding -# mechanism for SHA1PRNG. -# -# By default, an attempt is made to use the entropy gathering device -# specified by the "securerandom.source" Security property. If an -# exception occurs while accessing the specified URL: -# -# SHA1PRNG: -# the traditional system/thread activity algorithm will be used. -# -# NativePRNG: -# a default value of /dev/random will be used. If neither -# are available, the implementation will be disabled. -# "file" is the only currently supported protocol type. -# -# The entropy gathering device can also be specified with the System -# property "java.security.egd". For example: -# -# % java -Djava.security.egd=file:/dev/random MainClass -# -# Specifying this System property will override the -# "securerandom.source" Security property. -# -# In addition, if "file:/dev/random" or "file:/dev/urandom" is -# specified, the "NativePRNG" implementation will be more preferred than -# SHA1PRNG in the Sun provider. -# -securerandom.source=file:/dev/random - -# -# A list of known strong SecureRandom implementations. -# -# To help guide applications in selecting a suitable strong -# java.security.SecureRandom implementation, Java distributions should -# indicate a list of known strong implementations using the property. -# -# This is a comma-separated list of algorithm and/or algorithm:provider -# entries. -# -securerandom.strongAlgorithms=NativePRNGBlocking:SUN - -# -# Class to instantiate as the javax.security.auth.login.Configuration -# provider. -# -login.configuration.provider=sun.security.provider.ConfigFile - -# -# Default login configuration file -# -#login.config.url.1=file:${user.home}/.java.login.config - -# -# Class to instantiate as the system Policy. This is the name of the class -# that will be used as the Policy object. -# -policy.provider=sun.security.provider.PolicyFile - -# The default is to have a single system-wide policy file, -# and a policy file in the user's home directory. -policy.url.1=file:${java.home}/lib/security/java.policy -policy.url.2=file:${user.home}/.java.policy - -# whether or not we expand properties in the policy file -# if this is set to false, properties (${...}) will not be expanded in policy -# files. -policy.expandProperties=true - -# whether or not we allow an extra policy to be passed on the command line -# with -Djava.security.policy=somefile. Comment out this line to disable -# this feature. -policy.allowSystemProperty=true - -# whether or not we look into the IdentityScope for trusted Identities -# when encountering a 1.1 signed JAR file. If the identity is found -# and is trusted, we grant it AllPermission. -policy.ignoreIdentityScope=false - -# -# Default keystore type. -# -keystore.type=jks - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools. - - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, none of the class loaders supplied with the JDK call -# checkPackageDefinition. -# -package.definition=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools. - - -# -# Determines whether this properties file can be appended to -# or overridden on the command line via -Djava.security.properties -# -security.overridePropertiesFile=true - -# -# Determines the default key and trust manager factory algorithms for -# the javax.net.ssl package. -# -ssl.KeyManagerFactory.algorithm=SunX509 -ssl.TrustManagerFactory.algorithm=PKIX - -# -# The Java-level namelookup cache policy for successful lookups: -# -# any negative value: caching forever -# any positive value: the number of seconds to cache an address for -# zero: do not cache -# -# default value is forever (FOREVER). For security reasons, this -# caching is made forever when a security manager is set. When a security -# manager is not set, the default behavior in this implementation -# is to cache for 30 seconds. -# -# NOTE: setting this to anything other than the default value can have -# serious security implications. Do not set it unless -# you are sure you are not exposed to DNS spoofing attack. -# -#networkaddress.cache.ttl=-1 - -# The Java-level namelookup cache policy for failed lookups: -# -# any negative value: cache forever -# any positive value: the number of seconds to cache negative lookup results -# zero: do not cache -# -# In some Microsoft Windows networking environments that employ -# the WINS name service in addition to DNS, name service lookups -# that fail may take a noticeably long time to return (approx. 5 seconds). -# For this reason the default caching policy is to maintain these -# results for 10 seconds. -# -# -networkaddress.cache.negative.ttl=10 - -# -# Properties to configure OCSP for certificate revocation checking -# - -# Enable OCSP -# -# By default, OCSP is not used for certificate revocation checking. -# This property enables the use of OCSP when set to the value "true". -# -# NOTE: SocketPermission is required to connect to an OCSP responder. -# -# Example, -# ocsp.enable=true - -# -# Location of the OCSP responder -# -# By default, the location of the OCSP responder is determined implicitly -# from the certificate being validated. This property explicitly specifies -# the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent -# from the certificate or when it requires overriding. -# -# Example, -# ocsp.responderURL=http://ocsp.example.net:80 - -# -# Subject name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. In cases where -# the subject name alone is not sufficient to uniquely identify the certificate -# then both the "ocsp.responderCertIssuerName" and -# "ocsp.responderCertSerialNumber" properties must be used instead. When this -# property is set then those two properties are ignored. -# -# Example, -# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp" - -# -# Issuer name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. When this -# property is set then the "ocsp.responderCertSerialNumber" property must also -# be set. When the "ocsp.responderCertSubjectName" property is set then this -# property is ignored. -# -# Example, -# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp" - -# -# Serial number of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# of hexadecimal digits (colon or space separators may be present) which -# identifies a certificate in the set of certificates supplied during cert path -# validation. When this property is set then the "ocsp.responderCertIssuerName" -# property must also be set. When the "ocsp.responderCertSubjectName" property -# is set then this property is ignored. -# -# Example, -# ocsp.responderCertSerialNumber=2A:FF:00 - -# -# Policy for failed Kerberos KDC lookups: -# -# When a KDC is unavailable (network error, service failure, etc), it is -# put inside a blacklist and accessed less often for future requests. The -# value (case-insensitive) for this policy can be: -# -# tryLast -# KDCs in the blacklist are always tried after those not on the list. -# -# tryLess[:max_retries,timeout] -# KDCs in the blacklist are still tried by their order in the configuration, -# but with smaller max_retries and timeout values. max_retries and timeout -# are optional numerical parameters (default 1 and 5000, which means once -# and 5 seconds). Please notes that if any of the values defined here is -# more than what is defined in krb5.conf, it will be ignored. -# -# Whenever a KDC is detected as available, it is removed from the blacklist. -# The blacklist is reset when krb5.conf is reloaded. You can add -# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is -# reloaded whenever a JAAS authentication is attempted. -# -# Example, -# krb5.kdc.bad.policy = tryLast -# krb5.kdc.bad.policy = tryLess:2,2000 -krb5.kdc.bad.policy = tryLast - -# Algorithm restrictions for certification path (CertPath) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# for certification path building and validation. For example, "MD2" is -# generally no longer considered to be a secure hash algorithm. This section -# describes the mechanism for disabling algorithms based on algorithm name -# and/or key length. This includes algorithms used in certificates, as well -# as revocation information such as CRLs and signed OCSP Responses. -# -# The syntax of the disabled algorithm string is described as this Java -# BNF-style: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator DecimalInteger -# -# Operator: -# <= | < | == | != | >= | > -# -# DecimalInteger: -# DecimalDigits -# -# DecimalDigits: -# DecimalDigit {DecimalDigit} -# -# DecimalDigit: one of -# 1 2 3 4 5 6 7 8 9 0 -# -# The "AlgorithmName" is the standard algorithm name of the disabled -# algorithm. See "Java Cryptography Architecture Standard Algorithm Name -# Documentation" for information about Standard Algorithm Names. Matching -# is performed using a case-insensitive sub-element matching rule. (For -# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and -# "ECDSA" for signatures.) If the assertion "AlgorithmName" is a -# sub-element of the certificate algorithm name, the algorithm will be -# rejected during certification path building and validation. For example, -# the assertion algorithm name "DSA" will disable all certificate algorithms -# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion -# will not disable algorithms related to "ECDSA". -# -# A "Constraint" provides further guidance for the algorithm being specified. -# The "KeySizeConstraint" requires a key of a valid size range if the -# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the -# key size specified in number of bits. For example, "RSA keySize <= 1024" -# indicates that any RSA key with key size less than or equal to 1024 bits -# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates -# that any RSA key with key size less than 1024 or greater than 2048 should -# be disabled. Note that the "KeySizeConstraint" only makes sense to key -# algorithms. -# -# Note: This property is currently used by Oracle's PKIX implementation. It -# is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 -# -# -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 - -# Algorithm restrictions for Secure Socket Layer/Transport Layer Security -# (SSL/TLS) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. -# -# For PKI-based peer authentication and key exchange mechanisms, this list -# of disabled algorithms will also be checked during certification path -# building and validation, including algorithms used in certificates, as -# well as revocation information such as CRLs and signed OCSP Responses. -# This is in addition to the jdk.certpath.disabledAlgorithms property above. -# -# See the specification of "jdk.certpath.disabledAlgorithms" for the -# syntax of the disabled algorithm string. -# -# Note: This property is currently used by Oracle's JSSE implementation. -# It is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-linux Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,496 +0,0 @@ -# -# This is the "master security properties file". -# -# An alternate java.security properties file may be specified -# from the command line via the system property -# -# -Djava.security.properties=<URL> -# -# This properties file appends to the master security properties file. -# If both properties files specify values for the same key, the value -# from the command-line properties file is selected, as it is the last -# one loaded. -# -# Also, if you specify -# -# -Djava.security.properties==<URL> (2 equals), -# -# then that properties file completely overrides the master security -# properties file. -# -# To disable the ability to specify an additional properties file from -# the command line, set the key security.overridePropertiesFile -# to false in the master security properties file. It is set to true -# by default. - -# In this file, various security properties are set for use by -# java.security classes. This is where users can statically register -# Cryptography Package Providers ("providers" for short). The term -# "provider" refers to a package or set of packages that supply a -# concrete implementation of a subset of the cryptography aspects of -# the Java Security API. A provider may, for example, implement one or -# more digital signature algorithms or message digest algorithms. -# -# Each provider must implement a subclass of the Provider class. -# To register a provider in this master security properties file, -# specify the Provider subclass name and priority in the format -# -# security.provider.<n>=<className> -# -# This declares a provider, and specifies its preference -# order n. The preference order is the order in which providers are -# searched for requested algorithms (when no specific provider is -# requested). The order is 1-based; 1 is the most preferred, followed -# by 2, and so on. -# -# <className> must specify the subclass of the Provider class whose -# constructor sets the values of various properties that are required -# for the Java Security API to look up the algorithms or other -# facilities implemented by the provider. -# -# There must be at least one provider specification in java.security. -# There is a default provider that comes standard with the JDK. It -# is called the "SUN" provider, and its Provider subclass -# named Sun appears in the sun.security.provider package. Thus, the -# "SUN" provider is registered via the following: -# -# security.provider.1=sun.security.provider.Sun -# -# (The number 1 is used for the default provider.) -# -# Note: Providers can be dynamically registered instead by calls to -# either the addProvider or insertProviderAt method in the Security -# class. - -# -# List of providers and their preference orders (see above): -# -security.provider.1=sun.security.provider.Sun -security.provider.2=sun.security.rsa.SunRsaSign -security.provider.3=sun.security.ec.SunEC -security.provider.4=com.sun.net.ssl.internal.ssl.Provider -security.provider.5=com.sun.crypto.provider.SunJCE -security.provider.6=sun.security.jgss.SunProvider -security.provider.7=com.sun.security.sasl.Provider -security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI -security.provider.9=sun.security.smartcardio.SunPCSC - -# -# Sun Provider SecureRandom seed source. -# -# Select the primary source of seed data for the "SHA1PRNG" and -# "NativePRNG" SecureRandom implementations in the "Sun" provider. -# (Other SecureRandom implementations might also use this property.) -# -# On Unix-like systems (for example, Solaris/Linux/MacOS), the -# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from -# special device files such as file:/dev/random. -# -# On Windows systems, specifying the URLs "file:/dev/random" or -# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding -# mechanism for SHA1PRNG. -# -# By default, an attempt is made to use the entropy gathering device -# specified by the "securerandom.source" Security property. If an -# exception occurs while accessing the specified URL: -# -# SHA1PRNG: -# the traditional system/thread activity algorithm will be used. -# -# NativePRNG: -# a default value of /dev/random will be used. If neither -# are available, the implementation will be disabled. -# "file" is the only currently supported protocol type. -# -# The entropy gathering device can also be specified with the System -# property "java.security.egd". For example: -# -# % java -Djava.security.egd=file:/dev/random MainClass -# -# Specifying this System property will override the -# "securerandom.source" Security property. -# -# In addition, if "file:/dev/random" or "file:/dev/urandom" is -# specified, the "NativePRNG" implementation will be more preferred than -# SHA1PRNG in the Sun provider. -# -securerandom.source=file:/dev/random - -# -# A list of known strong SecureRandom implementations. -# -# To help guide applications in selecting a suitable strong -# java.security.SecureRandom implementation, Java distributions should -# indicate a list of known strong implementations using the property. -# -# This is a comma-separated list of algorithm and/or algorithm:provider -# entries. -# -securerandom.strongAlgorithms=NativePRNGBlocking:SUN - -# -# Class to instantiate as the javax.security.auth.login.Configuration -# provider. -# -login.configuration.provider=sun.security.provider.ConfigFile - -# -# Default login configuration file -# -#login.config.url.1=file:${user.home}/.java.login.config - -# -# Class to instantiate as the system Policy. This is the name of the class -# that will be used as the Policy object. -# -policy.provider=sun.security.provider.PolicyFile - -# The default is to have a single system-wide policy file, -# and a policy file in the user's home directory. -policy.url.1=file:${java.home}/lib/security/java.policy -policy.url.2=file:${user.home}/.java.policy - -# whether or not we expand properties in the policy file -# if this is set to false, properties (${...}) will not be expanded in policy -# files. -policy.expandProperties=true - -# whether or not we allow an extra policy to be passed on the command line -# with -Djava.security.policy=somefile. Comment out this line to disable -# this feature. -policy.allowSystemProperty=true - -# whether or not we look into the IdentityScope for trusted Identities -# when encountering a 1.1 signed JAR file. If the identity is found -# and is trusted, we grant it AllPermission. -policy.ignoreIdentityScope=false - -# -# Default keystore type. -# -keystore.type=jks - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools.,\ - com.sun.activation.registries. - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, none of the class loaders supplied with the JDK call -# checkPackageDefinition. -# -package.definition=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools.,\ - com.sun.activation.registries. - -# -# Determines whether this properties file can be appended to -# or overridden on the command line via -Djava.security.properties -# -security.overridePropertiesFile=true - -# -# Determines the default key and trust manager factory algorithms for -# the javax.net.ssl package. -# -ssl.KeyManagerFactory.algorithm=SunX509 -ssl.TrustManagerFactory.algorithm=PKIX - -# -# The Java-level namelookup cache policy for successful lookups: -# -# any negative value: caching forever -# any positive value: the number of seconds to cache an address for -# zero: do not cache -# -# default value is forever (FOREVER). For security reasons, this -# caching is made forever when a security manager is set. When a security -# manager is not set, the default behavior in this implementation -# is to cache for 30 seconds. -# -# NOTE: setting this to anything other than the default value can have -# serious security implications. Do not set it unless -# you are sure you are not exposed to DNS spoofing attack. -# -#networkaddress.cache.ttl=-1 - -# The Java-level namelookup cache policy for failed lookups: -# -# any negative value: cache forever -# any positive value: the number of seconds to cache negative lookup results -# zero: do not cache -# -# In some Microsoft Windows networking environments that employ -# the WINS name service in addition to DNS, name service lookups -# that fail may take a noticeably long time to return (approx. 5 seconds). -# For this reason the default caching policy is to maintain these -# results for 10 seconds. -# -# -networkaddress.cache.negative.ttl=10 - -# -# Properties to configure OCSP for certificate revocation checking -# - -# Enable OCSP -# -# By default, OCSP is not used for certificate revocation checking. -# This property enables the use of OCSP when set to the value "true". -# -# NOTE: SocketPermission is required to connect to an OCSP responder. -# -# Example, -# ocsp.enable=true - -# -# Location of the OCSP responder -# -# By default, the location of the OCSP responder is determined implicitly -# from the certificate being validated. This property explicitly specifies -# the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent -# from the certificate or when it requires overriding. -# -# Example, -# ocsp.responderURL=http://ocsp.example.net:80 - -# -# Subject name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. In cases where -# the subject name alone is not sufficient to uniquely identify the certificate -# then both the "ocsp.responderCertIssuerName" and -# "ocsp.responderCertSerialNumber" properties must be used instead. When this -# property is set then those two properties are ignored. -# -# Example, -# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp" - -# -# Issuer name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. When this -# property is set then the "ocsp.responderCertSerialNumber" property must also -# be set. When the "ocsp.responderCertSubjectName" property is set then this -# property is ignored. -# -# Example, -# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp" - -# -# Serial number of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# of hexadecimal digits (colon or space separators may be present) which -# identifies a certificate in the set of certificates supplied during cert path -# validation. When this property is set then the "ocsp.responderCertIssuerName" -# property must also be set. When the "ocsp.responderCertSubjectName" property -# is set then this property is ignored. -# -# Example, -# ocsp.responderCertSerialNumber=2A:FF:00 - -# -# Policy for failed Kerberos KDC lookups: -# -# When a KDC is unavailable (network error, service failure, etc), it is -# put inside a blacklist and accessed less often for future requests. The -# value (case-insensitive) for this policy can be: -# -# tryLast -# KDCs in the blacklist are always tried after those not on the list. -# -# tryLess[:max_retries,timeout] -# KDCs in the blacklist are still tried by their order in the configuration, -# but with smaller max_retries and timeout values. max_retries and timeout -# are optional numerical parameters (default 1 and 5000, which means once -# and 5 seconds). Please notes that if any of the values defined here is -# more than what is defined in krb5.conf, it will be ignored. -# -# Whenever a KDC is detected as available, it is removed from the blacklist. -# The blacklist is reset when krb5.conf is reloaded. You can add -# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is -# reloaded whenever a JAAS authentication is attempted. -# -# Example, -# krb5.kdc.bad.policy = tryLast -# krb5.kdc.bad.policy = tryLess:2,2000 -krb5.kdc.bad.policy = tryLast - -# Algorithm restrictions for certification path (CertPath) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# for certification path building and validation. For example, "MD2" is -# generally no longer considered to be a secure hash algorithm. This section -# describes the mechanism for disabling algorithms based on algorithm name -# and/or key length. This includes algorithms used in certificates, as well -# as revocation information such as CRLs and signed OCSP Responses. -# -# The syntax of the disabled algorithm string is described as this Java -# BNF-style: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator DecimalInteger -# -# Operator: -# <= | < | == | != | >= | > -# -# DecimalInteger: -# DecimalDigits -# -# DecimalDigits: -# DecimalDigit {DecimalDigit} -# -# DecimalDigit: one of -# 1 2 3 4 5 6 7 8 9 0 -# -# The "AlgorithmName" is the standard algorithm name of the disabled -# algorithm. See "Java Cryptography Architecture Standard Algorithm Name -# Documentation" for information about Standard Algorithm Names. Matching -# is performed using a case-insensitive sub-element matching rule. (For -# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and -# "ECDSA" for signatures.) If the assertion "AlgorithmName" is a -# sub-element of the certificate algorithm name, the algorithm will be -# rejected during certification path building and validation. For example, -# the assertion algorithm name "DSA" will disable all certificate algorithms -# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion -# will not disable algorithms related to "ECDSA". -# -# A "Constraint" provides further guidance for the algorithm being specified. -# The "KeySizeConstraint" requires a key of a valid size range if the -# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the -# key size specified in number of bits. For example, "RSA keySize <= 1024" -# indicates that any RSA key with key size less than or equal to 1024 bits -# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates -# that any RSA key with key size less than 1024 or greater than 2048 should -# be disabled. Note that the "KeySizeConstraint" only makes sense to key -# algorithms. -# -# Note: This property is currently used by Oracle's PKIX implementation. It -# is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 -# -# -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 - -# Algorithm restrictions for Secure Socket Layer/Transport Layer Security -# (SSL/TLS) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. -# -# For PKI-based peer authentication and key exchange mechanisms, this list -# of disabled algorithms will also be checked during certification path -# building and validation, including algorithms used in certificates, as -# well as revocation information such as CRLs and signed OCSP Responses. -# This is in addition to the jdk.certpath.disabledAlgorithms property above. -# -# See the specification of "jdk.certpath.disabledAlgorithms" for the -# syntax of the disabled algorithm string. -# -# Note: This property is currently used by Oracle's JSSE implementation. -# It is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-macosx Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,499 +0,0 @@ -# -# This is the "master security properties file". -# -# An alternate java.security properties file may be specified -# from the command line via the system property -# -# -Djava.security.properties=<URL> -# -# This properties file appends to the master security properties file. -# If both properties files specify values for the same key, the value -# from the command-line properties file is selected, as it is the last -# one loaded. -# -# Also, if you specify -# -# -Djava.security.properties==<URL> (2 equals), -# -# then that properties file completely overrides the master security -# properties file. -# -# To disable the ability to specify an additional properties file from -# the command line, set the key security.overridePropertiesFile -# to false in the master security properties file. It is set to true -# by default. - -# In this file, various security properties are set for use by -# java.security classes. This is where users can statically register -# Cryptography Package Providers ("providers" for short). The term -# "provider" refers to a package or set of packages that supply a -# concrete implementation of a subset of the cryptography aspects of -# the Java Security API. A provider may, for example, implement one or -# more digital signature algorithms or message digest algorithms. -# -# Each provider must implement a subclass of the Provider class. -# To register a provider in this master security properties file, -# specify the Provider subclass name and priority in the format -# -# security.provider.<n>=<className> -# -# This declares a provider, and specifies its preference -# order n. The preference order is the order in which providers are -# searched for requested algorithms (when no specific provider is -# requested). The order is 1-based; 1 is the most preferred, followed -# by 2, and so on. -# -# <className> must specify the subclass of the Provider class whose -# constructor sets the values of various properties that are required -# for the Java Security API to look up the algorithms or other -# facilities implemented by the provider. -# -# There must be at least one provider specification in java.security. -# There is a default provider that comes standard with the JDK. It -# is called the "SUN" provider, and its Provider subclass -# named Sun appears in the sun.security.provider package. Thus, the -# "SUN" provider is registered via the following: -# -# security.provider.1=sun.security.provider.Sun -# -# (The number 1 is used for the default provider.) -# -# Note: Providers can be dynamically registered instead by calls to -# either the addProvider or insertProviderAt method in the Security -# class. - -# -# List of providers and their preference orders (see above): -# -security.provider.1=sun.security.provider.Sun -security.provider.2=sun.security.rsa.SunRsaSign -security.provider.3=sun.security.ec.SunEC -security.provider.4=com.sun.net.ssl.internal.ssl.Provider -security.provider.5=com.sun.crypto.provider.SunJCE -security.provider.6=sun.security.jgss.SunProvider -security.provider.7=com.sun.security.sasl.Provider -security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI -security.provider.9=sun.security.smartcardio.SunPCSC -security.provider.10=apple.security.AppleProvider - -# -# Sun Provider SecureRandom seed source. -# -# Select the primary source of seed data for the "SHA1PRNG" and -# "NativePRNG" SecureRandom implementations in the "Sun" provider. -# (Other SecureRandom implementations might also use this property.) -# -# On Unix-like systems (for example, Solaris/Linux/MacOS), the -# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from -# special device files such as file:/dev/random. -# -# On Windows systems, specifying the URLs "file:/dev/random" or -# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding -# mechanism for SHA1PRNG. -# -# By default, an attempt is made to use the entropy gathering device -# specified by the "securerandom.source" Security property. If an -# exception occurs while accessing the specified URL: -# -# SHA1PRNG: -# the traditional system/thread activity algorithm will be used. -# -# NativePRNG: -# a default value of /dev/random will be used. If neither -# are available, the implementation will be disabled. -# "file" is the only currently supported protocol type. -# -# The entropy gathering device can also be specified with the System -# property "java.security.egd". For example: -# -# % java -Djava.security.egd=file:/dev/random MainClass -# -# Specifying this System property will override the -# "securerandom.source" Security property. -# -# In addition, if "file:/dev/random" or "file:/dev/urandom" is -# specified, the "NativePRNG" implementation will be more preferred than -# SHA1PRNG in the Sun provider. -# -securerandom.source=file:/dev/random - -# -# A list of known strong SecureRandom implementations. -# -# To help guide applications in selecting a suitable strong -# java.security.SecureRandom implementation, Java distributions should -# indicate a list of known strong implementations using the property. -# -# This is a comma-separated list of algorithm and/or algorithm:provider -# entries. -# -securerandom.strongAlgorithms=NativePRNGBlocking:SUN - -# -# Class to instantiate as the javax.security.auth.login.Configuration -# provider. -# -login.configuration.provider=sun.security.provider.ConfigFile - -# -# Default login configuration file -# -#login.config.url.1=file:${user.home}/.java.login.config - -# -# Class to instantiate as the system Policy. This is the name of the class -# that will be used as the Policy object. -# -policy.provider=sun.security.provider.PolicyFile - -# The default is to have a single system-wide policy file, -# and a policy file in the user's home directory. -policy.url.1=file:${java.home}/lib/security/java.policy -policy.url.2=file:${user.home}/.java.policy - -# whether or not we expand properties in the policy file -# if this is set to false, properties (${...}) will not be expanded in policy -# files. -policy.expandProperties=true - -# whether or not we allow an extra policy to be passed on the command line -# with -Djava.security.policy=somefile. Comment out this line to disable -# this feature. -policy.allowSystemProperty=true - -# whether or not we look into the IdentityScope for trusted Identities -# when encountering a 1.1 signed JAR file. If the identity is found -# and is trusted, we grant it AllPermission. -policy.ignoreIdentityScope=false - -# -# Default keystore type. -# -keystore.type=jks - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools.,\ - com.sun.activation.registries.,\ - apple. - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, none of the class loaders supplied with the JDK call -# checkPackageDefinition. -# -package.definition=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools.,\ - com.sun.activation.registries.,\ - apple. - -# -# Determines whether this properties file can be appended to -# or overridden on the command line via -Djava.security.properties -# -security.overridePropertiesFile=true - -# -# Determines the default key and trust manager factory algorithms for -# the javax.net.ssl package. -# -ssl.KeyManagerFactory.algorithm=SunX509 -ssl.TrustManagerFactory.algorithm=PKIX - -# -# The Java-level namelookup cache policy for successful lookups: -# -# any negative value: caching forever -# any positive value: the number of seconds to cache an address for -# zero: do not cache -# -# default value is forever (FOREVER). For security reasons, this -# caching is made forever when a security manager is set. When a security -# manager is not set, the default behavior in this implementation -# is to cache for 30 seconds. -# -# NOTE: setting this to anything other than the default value can have -# serious security implications. Do not set it unless -# you are sure you are not exposed to DNS spoofing attack. -# -#networkaddress.cache.ttl=-1 - -# The Java-level namelookup cache policy for failed lookups: -# -# any negative value: cache forever -# any positive value: the number of seconds to cache negative lookup results -# zero: do not cache -# -# In some Microsoft Windows networking environments that employ -# the WINS name service in addition to DNS, name service lookups -# that fail may take a noticeably long time to return (approx. 5 seconds). -# For this reason the default caching policy is to maintain these -# results for 10 seconds. -# -# -networkaddress.cache.negative.ttl=10 - -# -# Properties to configure OCSP for certificate revocation checking -# - -# Enable OCSP -# -# By default, OCSP is not used for certificate revocation checking. -# This property enables the use of OCSP when set to the value "true". -# -# NOTE: SocketPermission is required to connect to an OCSP responder. -# -# Example, -# ocsp.enable=true - -# -# Location of the OCSP responder -# -# By default, the location of the OCSP responder is determined implicitly -# from the certificate being validated. This property explicitly specifies -# the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent -# from the certificate or when it requires overriding. -# -# Example, -# ocsp.responderURL=http://ocsp.example.net:80 - -# -# Subject name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. In cases where -# the subject name alone is not sufficient to uniquely identify the certificate -# then both the "ocsp.responderCertIssuerName" and -# "ocsp.responderCertSerialNumber" properties must be used instead. When this -# property is set then those two properties are ignored. -# -# Example, -# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp" - -# -# Issuer name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. When this -# property is set then the "ocsp.responderCertSerialNumber" property must also -# be set. When the "ocsp.responderCertSubjectName" property is set then this -# property is ignored. -# -# Example, -# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp" - -# -# Serial number of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# of hexadecimal digits (colon or space separators may be present) which -# identifies a certificate in the set of certificates supplied during cert path -# validation. When this property is set then the "ocsp.responderCertIssuerName" -# property must also be set. When the "ocsp.responderCertSubjectName" property -# is set then this property is ignored. -# -# Example, -# ocsp.responderCertSerialNumber=2A:FF:00 - -# -# Policy for failed Kerberos KDC lookups: -# -# When a KDC is unavailable (network error, service failure, etc), it is -# put inside a blacklist and accessed less often for future requests. The -# value (case-insensitive) for this policy can be: -# -# tryLast -# KDCs in the blacklist are always tried after those not on the list. -# -# tryLess[:max_retries,timeout] -# KDCs in the blacklist are still tried by their order in the configuration, -# but with smaller max_retries and timeout values. max_retries and timeout -# are optional numerical parameters (default 1 and 5000, which means once -# and 5 seconds). Please notes that if any of the values defined here is -# more than what is defined in krb5.conf, it will be ignored. -# -# Whenever a KDC is detected as available, it is removed from the blacklist. -# The blacklist is reset when krb5.conf is reloaded. You can add -# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is -# reloaded whenever a JAAS authentication is attempted. -# -# Example, -# krb5.kdc.bad.policy = tryLast -# krb5.kdc.bad.policy = tryLess:2,2000 -krb5.kdc.bad.policy = tryLast - -# Algorithm restrictions for certification path (CertPath) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# for certification path building and validation. For example, "MD2" is -# generally no longer considered to be a secure hash algorithm. This section -# describes the mechanism for disabling algorithms based on algorithm name -# and/or key length. This includes algorithms used in certificates, as well -# as revocation information such as CRLs and signed OCSP Responses. -# -# The syntax of the disabled algorithm string is described as this Java -# BNF-style: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator DecimalInteger -# -# Operator: -# <= | < | == | != | >= | > -# -# DecimalInteger: -# DecimalDigits -# -# DecimalDigits: -# DecimalDigit {DecimalDigit} -# -# DecimalDigit: one of -# 1 2 3 4 5 6 7 8 9 0 -# -# The "AlgorithmName" is the standard algorithm name of the disabled -# algorithm. See "Java Cryptography Architecture Standard Algorithm Name -# Documentation" for information about Standard Algorithm Names. Matching -# is performed using a case-insensitive sub-element matching rule. (For -# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and -# "ECDSA" for signatures.) If the assertion "AlgorithmName" is a -# sub-element of the certificate algorithm name, the algorithm will be -# rejected during certification path building and validation. For example, -# the assertion algorithm name "DSA" will disable all certificate algorithms -# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion -# will not disable algorithms related to "ECDSA". -# -# A "Constraint" provides further guidance for the algorithm being specified. -# The "KeySizeConstraint" requires a key of a valid size range if the -# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the -# key size specified in number of bits. For example, "RSA keySize <= 1024" -# indicates that any RSA key with key size less than or equal to 1024 bits -# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates -# that any RSA key with key size less than 1024 or greater than 2048 should -# be disabled. Note that the "KeySizeConstraint" only makes sense to key -# algorithms. -# -# Note: This property is currently used by Oracle's PKIX implementation. It -# is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 -# -# -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 - -# Algorithm restrictions for Secure Socket Layer/Transport Layer Security -# (SSL/TLS) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. -# -# For PKI-based peer authentication and key exchange mechanisms, this list -# of disabled algorithms will also be checked during certification path -# building and validation, including algorithms used in certificates, as -# well as revocation information such as CRLs and signed OCSP Responses. -# This is in addition to the jdk.certpath.disabledAlgorithms property above. -# -# See the specification of "jdk.certpath.disabledAlgorithms" for the -# syntax of the disabled algorithm string. -# -# Note: This property is currently used by Oracle's JSSE implementation. -# It is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-solaris Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,498 +0,0 @@ -# -# This is the "master security properties file". -# -# An alternate java.security properties file may be specified -# from the command line via the system property -# -# -Djava.security.properties=<URL> -# -# This properties file appends to the master security properties file. -# If both properties files specify values for the same key, the value -# from the command-line properties file is selected, as it is the last -# one loaded. -# -# Also, if you specify -# -# -Djava.security.properties==<URL> (2 equals), -# -# then that properties file completely overrides the master security -# properties file. -# -# To disable the ability to specify an additional properties file from -# the command line, set the key security.overridePropertiesFile -# to false in the master security properties file. It is set to true -# by default. - -# In this file, various security properties are set for use by -# java.security classes. This is where users can statically register -# Cryptography Package Providers ("providers" for short). The term -# "provider" refers to a package or set of packages that supply a -# concrete implementation of a subset of the cryptography aspects of -# the Java Security API. A provider may, for example, implement one or -# more digital signature algorithms or message digest algorithms. -# -# Each provider must implement a subclass of the Provider class. -# To register a provider in this master security properties file, -# specify the Provider subclass name and priority in the format -# -# security.provider.<n>=<className> -# -# This declares a provider, and specifies its preference -# order n. The preference order is the order in which providers are -# searched for requested algorithms (when no specific provider is -# requested). The order is 1-based; 1 is the most preferred, followed -# by 2, and so on. -# -# <className> must specify the subclass of the Provider class whose -# constructor sets the values of various properties that are required -# for the Java Security API to look up the algorithms or other -# facilities implemented by the provider. -# -# There must be at least one provider specification in java.security. -# There is a default provider that comes standard with the JDK. It -# is called the "SUN" provider, and its Provider subclass -# named Sun appears in the sun.security.provider package. Thus, the -# "SUN" provider is registered via the following: -# -# security.provider.1=sun.security.provider.Sun -# -# (The number 1 is used for the default provider.) -# -# Note: Providers can be dynamically registered instead by calls to -# either the addProvider or insertProviderAt method in the Security -# class. - -# -# List of providers and their preference orders (see above): -# -security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg -security.provider.2=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg -security.provider.3=sun.security.provider.Sun -security.provider.4=sun.security.rsa.SunRsaSign -security.provider.5=sun.security.ec.SunEC -security.provider.6=com.sun.net.ssl.internal.ssl.Provider -security.provider.7=com.sun.crypto.provider.SunJCE -security.provider.8=sun.security.jgss.SunProvider -security.provider.9=com.sun.security.sasl.Provider -security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI -security.provider.11=sun.security.smartcardio.SunPCSC - -# -# Sun Provider SecureRandom seed source. -# -# Select the primary source of seed data for the "SHA1PRNG" and -# "NativePRNG" SecureRandom implementations in the "Sun" provider. -# (Other SecureRandom implementations might also use this property.) -# -# On Unix-like systems (for example, Solaris/Linux/MacOS), the -# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from -# special device files such as file:/dev/random. -# -# On Windows systems, specifying the URLs "file:/dev/random" or -# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding -# mechanism for SHA1PRNG. -# -# By default, an attempt is made to use the entropy gathering device -# specified by the "securerandom.source" Security property. If an -# exception occurs while accessing the specified URL: -# -# SHA1PRNG: -# the traditional system/thread activity algorithm will be used. -# -# NativePRNG: -# a default value of /dev/random will be used. If neither -# are available, the implementation will be disabled. -# "file" is the only currently supported protocol type. -# -# The entropy gathering device can also be specified with the System -# property "java.security.egd". For example: -# -# % java -Djava.security.egd=file:/dev/random MainClass -# -# Specifying this System property will override the -# "securerandom.source" Security property. -# -# In addition, if "file:/dev/random" or "file:/dev/urandom" is -# specified, the "NativePRNG" implementation will be more preferred than -# SHA1PRNG in the Sun provider. -# -securerandom.source=file:/dev/random - -# -# A list of known strong SecureRandom implementations. -# -# To help guide applications in selecting a suitable strong -# java.security.SecureRandom implementation, Java distributions should -# indicate a list of known strong implementations using the property. -# -# This is a comma-separated list of algorithm and/or algorithm:provider -# entries. -# -securerandom.strongAlgorithms=NativePRNGBlocking:SUN - -# -# Class to instantiate as the javax.security.auth.login.Configuration -# provider. -# -login.configuration.provider=sun.security.provider.ConfigFile - -# -# Default login configuration file -# -#login.config.url.1=file:${user.home}/.java.login.config - -# -# Class to instantiate as the system Policy. This is the name of the class -# that will be used as the Policy object. -# -policy.provider=sun.security.provider.PolicyFile - -# The default is to have a single system-wide policy file, -# and a policy file in the user's home directory. -policy.url.1=file:${java.home}/lib/security/java.policy -policy.url.2=file:${user.home}/.java.policy - -# whether or not we expand properties in the policy file -# if this is set to false, properties (${...}) will not be expanded in policy -# files. -policy.expandProperties=true - -# whether or not we allow an extra policy to be passed on the command line -# with -Djava.security.policy=somefile. Comment out this line to disable -# this feature. -policy.allowSystemProperty=true - -# whether or not we look into the IdentityScope for trusted Identities -# when encountering a 1.1 signed JAR file. If the identity is found -# and is trusted, we grant it AllPermission. -policy.ignoreIdentityScope=false - -# -# Default keystore type. -# -keystore.type=jks - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools.,\ - com.sun.activation.registries. - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, none of the class loaders supplied with the JDK call -# checkPackageDefinition. -# -package.definition=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools.,\ - com.sun.activation.registries. - -# -# Determines whether this properties file can be appended to -# or overridden on the command line via -Djava.security.properties -# -security.overridePropertiesFile=true - -# -# Determines the default key and trust manager factory algorithms for -# the javax.net.ssl package. -# -ssl.KeyManagerFactory.algorithm=SunX509 -ssl.TrustManagerFactory.algorithm=PKIX - -# -# The Java-level namelookup cache policy for successful lookups: -# -# any negative value: caching forever -# any positive value: the number of seconds to cache an address for -# zero: do not cache -# -# default value is forever (FOREVER). For security reasons, this -# caching is made forever when a security manager is set. When a security -# manager is not set, the default behavior in this implementation -# is to cache for 30 seconds. -# -# NOTE: setting this to anything other than the default value can have -# serious security implications. Do not set it unless -# you are sure you are not exposed to DNS spoofing attack. -# -#networkaddress.cache.ttl=-1 - -# The Java-level namelookup cache policy for failed lookups: -# -# any negative value: cache forever -# any positive value: the number of seconds to cache negative lookup results -# zero: do not cache -# -# In some Microsoft Windows networking environments that employ -# the WINS name service in addition to DNS, name service lookups -# that fail may take a noticeably long time to return (approx. 5 seconds). -# For this reason the default caching policy is to maintain these -# results for 10 seconds. -# -# -networkaddress.cache.negative.ttl=10 - -# -# Properties to configure OCSP for certificate revocation checking -# - -# Enable OCSP -# -# By default, OCSP is not used for certificate revocation checking. -# This property enables the use of OCSP when set to the value "true". -# -# NOTE: SocketPermission is required to connect to an OCSP responder. -# -# Example, -# ocsp.enable=true - -# -# Location of the OCSP responder -# -# By default, the location of the OCSP responder is determined implicitly -# from the certificate being validated. This property explicitly specifies -# the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent -# from the certificate or when it requires overriding. -# -# Example, -# ocsp.responderURL=http://ocsp.example.net:80 - -# -# Subject name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. In cases where -# the subject name alone is not sufficient to uniquely identify the certificate -# then both the "ocsp.responderCertIssuerName" and -# "ocsp.responderCertSerialNumber" properties must be used instead. When this -# property is set then those two properties are ignored. -# -# Example, -# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp" - -# -# Issuer name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. When this -# property is set then the "ocsp.responderCertSerialNumber" property must also -# be set. When the "ocsp.responderCertSubjectName" property is set then this -# property is ignored. -# -# Example, -# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp" - -# -# Serial number of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# of hexadecimal digits (colon or space separators may be present) which -# identifies a certificate in the set of certificates supplied during cert path -# validation. When this property is set then the "ocsp.responderCertIssuerName" -# property must also be set. When the "ocsp.responderCertSubjectName" property -# is set then this property is ignored. -# -# Example, -# ocsp.responderCertSerialNumber=2A:FF:00 - -# -# Policy for failed Kerberos KDC lookups: -# -# When a KDC is unavailable (network error, service failure, etc), it is -# put inside a blacklist and accessed less often for future requests. The -# value (case-insensitive) for this policy can be: -# -# tryLast -# KDCs in the blacklist are always tried after those not on the list. -# -# tryLess[:max_retries,timeout] -# KDCs in the blacklist are still tried by their order in the configuration, -# but with smaller max_retries and timeout values. max_retries and timeout -# are optional numerical parameters (default 1 and 5000, which means once -# and 5 seconds). Please notes that if any of the values defined here is -# more than what is defined in krb5.conf, it will be ignored. -# -# Whenever a KDC is detected as available, it is removed from the blacklist. -# The blacklist is reset when krb5.conf is reloaded. You can add -# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is -# reloaded whenever a JAAS authentication is attempted. -# -# Example, -# krb5.kdc.bad.policy = tryLast -# krb5.kdc.bad.policy = tryLess:2,2000 -krb5.kdc.bad.policy = tryLast - -# Algorithm restrictions for certification path (CertPath) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# for certification path building and validation. For example, "MD2" is -# generally no longer considered to be a secure hash algorithm. This section -# describes the mechanism for disabling algorithms based on algorithm name -# and/or key length. This includes algorithms used in certificates, as well -# as revocation information such as CRLs and signed OCSP Responses. -# -# The syntax of the disabled algorithm string is described as this Java -# BNF-style: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator DecimalInteger -# -# Operator: -# <= | < | == | != | >= | > -# -# DecimalInteger: -# DecimalDigits -# -# DecimalDigits: -# DecimalDigit {DecimalDigit} -# -# DecimalDigit: one of -# 1 2 3 4 5 6 7 8 9 0 -# -# The "AlgorithmName" is the standard algorithm name of the disabled -# algorithm. See "Java Cryptography Architecture Standard Algorithm Name -# Documentation" for information about Standard Algorithm Names. Matching -# is performed using a case-insensitive sub-element matching rule. (For -# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and -# "ECDSA" for signatures.) If the assertion "AlgorithmName" is a -# sub-element of the certificate algorithm name, the algorithm will be -# rejected during certification path building and validation. For example, -# the assertion algorithm name "DSA" will disable all certificate algorithms -# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion -# will not disable algorithms related to "ECDSA". -# -# A "Constraint" provides further guidance for the algorithm being specified. -# The "KeySizeConstraint" requires a key of a valid size range if the -# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the -# key size specified in number of bits. For example, "RSA keySize <= 1024" -# indicates that any RSA key with key size less than or equal to 1024 bits -# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates -# that any RSA key with key size less than 1024 or greater than 2048 should -# be disabled. Note that the "KeySizeConstraint" only makes sense to key -# algorithms. -# -# Note: This property is currently used by Oracle's PKIX implementation. It -# is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 -# -# -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 - -# Algorithm restrictions for Secure Socket Layer/Transport Layer Security -# (SSL/TLS) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. -# -# For PKI-based peer authentication and key exchange mechanisms, this list -# of disabled algorithms will also be checked during certification path -# building and validation, including algorithms used in certificates, as -# well as revocation information such as CRLs and signed OCSP Responses. -# This is in addition to the jdk.certpath.disabledAlgorithms property above. -# -# See the specification of "jdk.certpath.disabledAlgorithms" for the -# syntax of the disabled algorithm string. -# -# Note: This property is currently used by Oracle's JSSE implementation. -# It is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-windows Fri Aug 22 09:55:49 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,499 +0,0 @@ -# -# This is the "master security properties file". -# -# An alternate java.security properties file may be specified -# from the command line via the system property -# -# -Djava.security.properties=<URL> -# -# This properties file appends to the master security properties file. -# If both properties files specify values for the same key, the value -# from the command-line properties file is selected, as it is the last -# one loaded. -# -# Also, if you specify -# -# -Djava.security.properties==<URL> (2 equals), -# -# then that properties file completely overrides the master security -# properties file. -# -# To disable the ability to specify an additional properties file from -# the command line, set the key security.overridePropertiesFile -# to false in the master security properties file. It is set to true -# by default. - -# In this file, various security properties are set for use by -# java.security classes. This is where users can statically register -# Cryptography Package Providers ("providers" for short). The term -# "provider" refers to a package or set of packages that supply a -# concrete implementation of a subset of the cryptography aspects of -# the Java Security API. A provider may, for example, implement one or -# more digital signature algorithms or message digest algorithms. -# -# Each provider must implement a subclass of the Provider class. -# To register a provider in this master security properties file, -# specify the Provider subclass name and priority in the format -# -# security.provider.<n>=<className> -# -# This declares a provider, and specifies its preference -# order n. The preference order is the order in which providers are -# searched for requested algorithms (when no specific provider is -# requested). The order is 1-based; 1 is the most preferred, followed -# by 2, and so on. -# -# <className> must specify the subclass of the Provider class whose -# constructor sets the values of various properties that are required -# for the Java Security API to look up the algorithms or other -# facilities implemented by the provider. -# -# There must be at least one provider specification in java.security. -# There is a default provider that comes standard with the JDK. It -# is called the "SUN" provider, and its Provider subclass -# named Sun appears in the sun.security.provider package. Thus, the -# "SUN" provider is registered via the following: -# -# security.provider.1=sun.security.provider.Sun -# -# (The number 1 is used for the default provider.) -# -# Note: Providers can be dynamically registered instead by calls to -# either the addProvider or insertProviderAt method in the Security -# class. - -# -# List of providers and their preference orders (see above): -# -security.provider.1=sun.security.provider.Sun -security.provider.2=sun.security.rsa.SunRsaSign -security.provider.3=sun.security.ec.SunEC -security.provider.4=com.sun.net.ssl.internal.ssl.Provider -security.provider.5=com.sun.crypto.provider.SunJCE -security.provider.6=sun.security.jgss.SunProvider -security.provider.7=com.sun.security.sasl.Provider -security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI -security.provider.9=sun.security.smartcardio.SunPCSC -security.provider.10=sun.security.mscapi.SunMSCAPI - -# -# Sun Provider SecureRandom seed source. -# -# Select the primary source of seed data for the "SHA1PRNG" and -# "NativePRNG" SecureRandom implementations in the "Sun" provider. -# (Other SecureRandom implementations might also use this property.) -# -# On Unix-like systems (for example, Solaris/Linux/MacOS), the -# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from -# special device files such as file:/dev/random. -# -# On Windows systems, specifying the URLs "file:/dev/random" or -# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding -# mechanism for SHA1PRNG. -# -# By default, an attempt is made to use the entropy gathering device -# specified by the "securerandom.source" Security property. If an -# exception occurs while accessing the specified URL: -# -# SHA1PRNG: -# the traditional system/thread activity algorithm will be used. -# -# NativePRNG: -# a default value of /dev/random will be used. If neither -# are available, the implementation will be disabled. -# "file" is the only currently supported protocol type. -# -# The entropy gathering device can also be specified with the System -# property "java.security.egd". For example: -# -# % java -Djava.security.egd=file:/dev/random MainClass -# -# Specifying this System property will override the -# "securerandom.source" Security property. -# -# In addition, if "file:/dev/random" or "file:/dev/urandom" is -# specified, the "NativePRNG" implementation will be more preferred than -# SHA1PRNG in the Sun provider. -# -securerandom.source=file:/dev/random - -# -# A list of known strong SecureRandom implementations. -# -# To help guide applications in selecting a suitable strong -# java.security.SecureRandom implementation, Java distributions should -# indicate a list of known strong implementations using the property. -# -# This is a comma-separated list of algorithm and/or algorithm:provider -# entries. -# -securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN - -# -# Class to instantiate as the javax.security.auth.login.Configuration -# provider. -# -login.configuration.provider=sun.security.provider.ConfigFile - -# -# Default login configuration file -# -#login.config.url.1=file:${user.home}/.java.login.config - -# -# Class to instantiate as the system Policy. This is the name of the class -# that will be used as the Policy object. -# -policy.provider=sun.security.provider.PolicyFile - -# The default is to have a single system-wide policy file, -# and a policy file in the user's home directory. -policy.url.1=file:${java.home}/lib/security/java.policy -policy.url.2=file:${user.home}/.java.policy - -# whether or not we expand properties in the policy file -# if this is set to false, properties (${...}) will not be expanded in policy -# files. -policy.expandProperties=true - -# whether or not we allow an extra policy to be passed on the command line -# with -Djava.security.policy=somefile. Comment out this line to disable -# this feature. -policy.allowSystemProperty=true - -# whether or not we look into the IdentityScope for trusted Identities -# when encountering a 1.1 signed JAR file. If the identity is found -# and is trusted, we grant it AllPermission. -policy.ignoreIdentityScope=false - -# -# Default keystore type. -# -keystore.type=jks - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools.,\ - com.sun.activation.registries.,\ - com.sun.java.accessibility. - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, none of the class loaders supplied with the JDK call -# checkPackageDefinition. -# -package.definition=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ - com.sun.jmx.,\ - com.sun.media.sound.,\ - com.sun.naming.internal.,\ - com.sun.proxy.,\ - com.sun.corba.se.,\ - com.sun.org.apache.bcel.internal.,\ - com.sun.org.apache.regexp.internal.,\ - com.sun.org.apache.xerces.internal.,\ - com.sun.org.apache.xpath.internal.,\ - com.sun.org.apache.xalan.internal.extensions.,\ - com.sun.org.apache.xalan.internal.lib.,\ - com.sun.org.apache.xalan.internal.res.,\ - com.sun.org.apache.xalan.internal.templates.,\ - com.sun.org.apache.xalan.internal.utils.,\ - com.sun.org.apache.xalan.internal.xslt.,\ - com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ - com.sun.org.apache.xalan.internal.xsltc.compiler.,\ - com.sun.org.apache.xalan.internal.xsltc.trax.,\ - com.sun.org.apache.xalan.internal.xsltc.util.,\ - com.sun.org.apache.xml.internal.res.,\ - com.sun.org.apache.xml.internal.security.,\ - com.sun.org.apache.xml.internal.serializer.utils.,\ - com.sun.org.apache.xml.internal.utils.,\ - com.sun.org.glassfish.,\ - com.oracle.xmlns.internal.,\ - com.oracle.webservices.internal.,\ - org.jcp.xml.dsig.internal.,\ - jdk.internal.,\ - jdk.nashorn.internal.,\ - jdk.nashorn.tools.,\ - com.sun.activation.registries.,\ - com.sun.java.accessibility. - -# -# Determines whether this properties file can be appended to -# or overridden on the command line via -Djava.security.properties -# -security.overridePropertiesFile=true - -# -# Determines the default key and trust manager factory algorithms for -# the javax.net.ssl package. -# -ssl.KeyManagerFactory.algorithm=SunX509 -ssl.TrustManagerFactory.algorithm=PKIX - -# -# The Java-level namelookup cache policy for successful lookups: -# -# any negative value: caching forever -# any positive value: the number of seconds to cache an address for -# zero: do not cache -# -# default value is forever (FOREVER). For security reasons, this -# caching is made forever when a security manager is set. When a security -# manager is not set, the default behavior in this implementation -# is to cache for 30 seconds. -# -# NOTE: setting this to anything other than the default value can have -# serious security implications. Do not set it unless -# you are sure you are not exposed to DNS spoofing attack. -# -#networkaddress.cache.ttl=-1 - -# The Java-level namelookup cache policy for failed lookups: -# -# any negative value: cache forever -# any positive value: the number of seconds to cache negative lookup results -# zero: do not cache -# -# In some Microsoft Windows networking environments that employ -# the WINS name service in addition to DNS, name service lookups -# that fail may take a noticeably long time to return (approx. 5 seconds). -# For this reason the default caching policy is to maintain these -# results for 10 seconds. -# -# -networkaddress.cache.negative.ttl=10 - -# -# Properties to configure OCSP for certificate revocation checking -# - -# Enable OCSP -# -# By default, OCSP is not used for certificate revocation checking. -# This property enables the use of OCSP when set to the value "true". -# -# NOTE: SocketPermission is required to connect to an OCSP responder. -# -# Example, -# ocsp.enable=true - -# -# Location of the OCSP responder -# -# By default, the location of the OCSP responder is determined implicitly -# from the certificate being validated. This property explicitly specifies -# the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent -# from the certificate or when it requires overriding. -# -# Example, -# ocsp.responderURL=http://ocsp.example.net:80 - -# -# Subject name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. In cases where -# the subject name alone is not sufficient to uniquely identify the certificate -# then both the "ocsp.responderCertIssuerName" and -# "ocsp.responderCertSerialNumber" properties must be used instead. When this -# property is set then those two properties are ignored. -# -# Example, -# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp" - -# -# Issuer name of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# distinguished name (defined in RFC 2253) which identifies a certificate in -# the set of certificates supplied during cert path validation. When this -# property is set then the "ocsp.responderCertSerialNumber" property must also -# be set. When the "ocsp.responderCertSubjectName" property is set then this -# property is ignored. -# -# Example, -# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp" - -# -# Serial number of the OCSP responder's certificate -# -# By default, the certificate of the OCSP responder is that of the issuer -# of the certificate being validated. This property identifies the certificate -# of the OCSP responder when the default does not apply. Its value is a string -# of hexadecimal digits (colon or space separators may be present) which -# identifies a certificate in the set of certificates supplied during cert path -# validation. When this property is set then the "ocsp.responderCertIssuerName" -# property must also be set. When the "ocsp.responderCertSubjectName" property -# is set then this property is ignored. -# -# Example, -# ocsp.responderCertSerialNumber=2A:FF:00 - -# -# Policy for failed Kerberos KDC lookups: -# -# When a KDC is unavailable (network error, service failure, etc), it is -# put inside a blacklist and accessed less often for future requests. The -# value (case-insensitive) for this policy can be: -# -# tryLast -# KDCs in the blacklist are always tried after those not on the list. -# -# tryLess[:max_retries,timeout] -# KDCs in the blacklist are still tried by their order in the configuration, -# but with smaller max_retries and timeout values. max_retries and timeout -# are optional numerical parameters (default 1 and 5000, which means once -# and 5 seconds). Please notes that if any of the values defined here is -# more than what is defined in krb5.conf, it will be ignored. -# -# Whenever a KDC is detected as available, it is removed from the blacklist. -# The blacklist is reset when krb5.conf is reloaded. You can add -# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is -# reloaded whenever a JAAS authentication is attempted. -# -# Example, -# krb5.kdc.bad.policy = tryLast -# krb5.kdc.bad.policy = tryLess:2,2000 -krb5.kdc.bad.policy = tryLast - -# Algorithm restrictions for certification path (CertPath) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# for certification path building and validation. For example, "MD2" is -# generally no longer considered to be a secure hash algorithm. This section -# describes the mechanism for disabling algorithms based on algorithm name -# and/or key length. This includes algorithms used in certificates, as well -# as revocation information such as CRLs and signed OCSP Responses. -# -# The syntax of the disabled algorithm string is described as this Java -# BNF-style: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator DecimalInteger -# -# Operator: -# <= | < | == | != | >= | > -# -# DecimalInteger: -# DecimalDigits -# -# DecimalDigits: -# DecimalDigit {DecimalDigit} -# -# DecimalDigit: one of -# 1 2 3 4 5 6 7 8 9 0 -# -# The "AlgorithmName" is the standard algorithm name of the disabled -# algorithm. See "Java Cryptography Architecture Standard Algorithm Name -# Documentation" for information about Standard Algorithm Names. Matching -# is performed using a case-insensitive sub-element matching rule. (For -# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and -# "ECDSA" for signatures.) If the assertion "AlgorithmName" is a -# sub-element of the certificate algorithm name, the algorithm will be -# rejected during certification path building and validation. For example, -# the assertion algorithm name "DSA" will disable all certificate algorithms -# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion -# will not disable algorithms related to "ECDSA". -# -# A "Constraint" provides further guidance for the algorithm being specified. -# The "KeySizeConstraint" requires a key of a valid size range if the -# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the -# key size specified in number of bits. For example, "RSA keySize <= 1024" -# indicates that any RSA key with key size less than or equal to 1024 bits -# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates -# that any RSA key with key size less than 1024 or greater than 2048 should -# be disabled. Note that the "KeySizeConstraint" only makes sense to key -# algorithms. -# -# Note: This property is currently used by Oracle's PKIX implementation. It -# is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 -# -# -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 - -# Algorithm restrictions for Secure Socket Layer/Transport Layer Security -# (SSL/TLS) processing -# -# In some environments, certain algorithms or key lengths may be undesirable -# when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. -# -# For PKI-based peer authentication and key exchange mechanisms, this list -# of disabled algorithms will also be checked during certification path -# building and validation, including algorithms used in certificates, as -# well as revocation information such as CRLs and signed OCSP Responses. -# This is in addition to the jdk.certpath.disabledAlgorithms property above. -# -# See the specification of "jdk.certpath.disabledAlgorithms" for the -# syntax of the disabled algorithm string. -# -# Note: This property is currently used by Oracle's JSSE implementation. -# It is not guaranteed to be examined and used by other implementations. -# -# Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/unix/native/libjava/UNIXProcess_md.c Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.base/unix/native/libjava/UNIXProcess_md.c Fri Aug 29 11:57:22 2014 -0700 @@ -599,9 +599,9 @@ */ assert(prog != NULL && argBlock != NULL); if ((phelperpath = getBytes(env, helperpath)) == NULL) goto Catch; - if ((pprog = getBytes(env, prog)) == NULL) goto Catch; - if ((pargBlock = getBytes(env, argBlock)) == NULL) goto Catch; - if ((c->argv = NEW(const char *, argc + 3)) == NULL) goto Catch; + if ((pprog = getBytes(env, prog)) == NULL) goto Catch; + if ((pargBlock = getBytes(env, argBlock)) == NULL) goto Catch; + if ((c->argv = NEW(const char *, argc + 3)) == NULL) goto Catch; c->argv[0] = pprog; c->argc = argc + 2; initVectorFromBlock(c->argv+1, pargBlock, argc); @@ -690,10 +690,11 @@ closeSafely(childenv[0]); closeSafely(childenv[1]); - releaseBytes(env, prog, pprog); - releaseBytes(env, argBlock, pargBlock); - releaseBytes(env, envBlock, penvBlock); - releaseBytes(env, dir, c->pdir); + releaseBytes(env, helperpath, phelperpath); + releaseBytes(env, prog, pprog); + releaseBytes(env, argBlock, pargBlock); + releaseBytes(env, envBlock, penvBlock); + releaseBytes(env, dir, c->pdir); free(c->argv); free(c->envv);
--- a/jdk/src/java.desktop/macosx/classes/apple/laf/JRSUIControl.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.desktop/macosx/classes/apple/laf/JRSUIControl.java Fri Aug 29 11:57:22 2014 -0700 @@ -114,7 +114,7 @@ changes.putAll(other.changes); } - protected synchronized final void finalize() throws Throwable { + protected synchronized void finalize() throws Throwable { if (cfDictionaryPtr == 0) return; disposeCFDictionary(cfDictionaryPtr); cfDictionaryPtr = 0;
--- a/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaInternalFrameUI.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaInternalFrameUI.java Fri Aug 29 11:57:22 2014 -0700 @@ -938,7 +938,11 @@ final Point pt = new Point(); final Component c = getComponentToForwardTo(e, pt); if (c == null) return; - c.dispatchEvent(new MouseWheelEvent(c, e.getID(), e.getWhen(), e.getModifiers(), pt.x, pt.y, e.getClickCount(), e.isPopupTrigger(), e.getScrollType(), e.getScrollAmount(), e.getWheelRotation())); + c.dispatchEvent(new MouseWheelEvent(c, e.getID(), e.getWhen(), + e.getModifiers(), pt.x, pt.y, e.getXOnScreen(), e.getYOnScreen(), + e.getClickCount(), e.isPopupTrigger(), e.getScrollType(), + e.getScrollAmount(), e.getWheelRotation(), + e.getPreciseWheelRotation())); } public void componentResized(final ComponentEvent e) {
--- a/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java Fri Aug 29 11:57:22 2014 -0700 @@ -3307,7 +3307,7 @@ pane.repaint(); } else if (name == "indexForTitle") { calculatedBaseline = false; - updateHtmlViews((Integer) e.getNewValue()); + updateHtmlViews((Integer) e.getNewValue(), false); } else if (name == "tabLayoutPolicy") { AquaTabbedPaneCopyFromBasicUI.this.uninstallUI(pane); AquaTabbedPaneCopyFromBasicUI.this.installUI(pane); @@ -3345,7 +3345,7 @@ calculatedBaseline = false; } else if (name == "indexForNullComponent") { isRunsDirty = true; - updateHtmlViews((Integer) e.getNewValue()); + updateHtmlViews((Integer) e.getNewValue(), true); } else if (name == "font") { calculatedBaseline = false; } @@ -3464,10 +3464,10 @@ return; } isRunsDirty = true; - updateHtmlViews(tp.indexOfComponent(child)); + updateHtmlViews(tp.indexOfComponent(child), true); } - private void updateHtmlViews(int index) { + private void updateHtmlViews(int index, boolean inserted) { final String title = tabPane.getTitleAt(index); final boolean isHTML = BasicHTML.isHTMLString(title); if (isHTML) { @@ -3475,16 +3475,24 @@ htmlViews = createHTMLVector(); } else { // Vector already exists final View v = BasicHTML.createHTMLView(tabPane, title); - htmlViews.insertElementAt(v, index); + setHtmlView(v, inserted, index); } } else { // Not HTML if (htmlViews != null) { // Add placeholder - htmlViews.insertElementAt(null, index); + setHtmlView(null, inserted, index); } // else nada! } updateMnemonics(); } + private void setHtmlView(View v, boolean inserted, int index) { + if (inserted || index >= htmlViews.size()) { + htmlViews.insertElementAt(v, index); + } else { + htmlViews.setElementAt(v, index); + } + } + public void componentRemoved(final ContainerEvent e) { final JTabbedPane tp = (JTabbedPane)e.getContainer(); final Component child = e.getChild();
--- a/jdk/src/java.desktop/macosx/classes/sun/font/CFontManager.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.desktop/macosx/classes/sun/font/CFontManager.java Fri Aug 29 11:57:22 2014 -0700 @@ -43,7 +43,7 @@ import sun.awt.util.ThreadGroupUtils; import sun.lwawt.macosx.*; -public class CFontManager extends SunFontManager { +public final class CFontManager extends SunFontManager { private FontConfigManager fcManager = null; private static Hashtable<String, Font2D> genericFonts = new Hashtable<String, Font2D>(); @@ -61,20 +61,14 @@ return new CFontConfiguration(this, preferLocaleFonts, preferPropFonts); } - private static String[] defaultPlatformFont = null; - /* * Returns an array of two strings. The first element is the * name of the font. The second element is the file name. */ @Override - public synchronized String[] getDefaultPlatformFont() { - if (defaultPlatformFont == null) { - defaultPlatformFont = new String[2]; - defaultPlatformFont[0] = "Lucida Grande"; - defaultPlatformFont[1] = "/System/Library/Fonts/LucidaGrande.ttc"; - } - return defaultPlatformFont; + protected String[] getDefaultPlatformFont() { + return new String[]{"Lucida Grande", + "/System/Library/Fonts/LucidaGrande.ttc"}; } // This is a way to register any kind of Font2D, not just files and composites.
--- a/jdk/src/java.desktop/macosx/classes/sun/lwawt/LWComponentPeer.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.desktop/macosx/classes/sun/lwawt/LWComponentPeer.java Fri Aug 29 11:57:22 2014 -0700 @@ -1233,11 +1233,13 @@ delegate, me.getID(), me.getWhen(), me.getModifiers(), me.getX(), me.getY(), + me.getXOnScreen(), me.getYOnScreen(), me.getClickCount(), me.isPopupTrigger(), me.getScrollType(), me.getScrollAmount(), - me.getWheelRotation()); + me.getWheelRotation(), + me.getPreciseWheelRotation()); } else if (e instanceof MouseEvent) { MouseEvent me = (MouseEvent) e;
--- a/jdk/src/java.desktop/macosx/classes/sun/lwawt/LWWindowPeer.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.desktop/macosx/classes/sun/lwawt/LWWindowPeer.java Fri Aug 29 11:57:22 2014 -0700 @@ -105,6 +105,8 @@ private final SecurityWarningWindow warningWindow; + private volatile boolean targetFocusable; + /** * Current modal blocker or null. * @@ -240,13 +242,12 @@ if (!visible && warningWindow != null) { warningWindow.setVisible(false, false); } - + updateFocusableWindowState(); super.setVisibleImpl(visible); // TODO: update graphicsConfig, see 4868278 platformWindow.setVisible(visible); if (isSimpleWindow()) { KeyboardFocusManagerPeer kfmPeer = LWKeyboardFocusManagerPeer.getInstance(); - if (visible) { if (!getTarget().isAutoRequestFocus()) { return; @@ -397,6 +398,7 @@ @Override public void updateFocusableWindowState() { + targetFocusable = getTarget().isFocusableWindow(); platformWindow.updateFocusableWindowState(); } @@ -1220,13 +1222,13 @@ } private boolean isFocusableWindow() { - boolean focusable = getTarget().isFocusableWindow(); + boolean focusable = targetFocusable; if (isSimpleWindow()) { LWWindowPeer ownerPeer = getOwnerFrameDialog(this); if (ownerPeer == null) { return false; } - return focusable && ownerPeer.getTarget().isFocusableWindow(); + return focusable && ownerPeer.targetFocusable; } return focusable; }
--- a/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java Fri Aug 22 09:55:49 2014 -0700 +++ b/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java Fri Aug 29 11:57:22 2014 -0700 @@ -38,7 +38,8 @@ private CPlatformResponder responder; private static final Object classLock = new Object(); - private static volatile CEmbeddedFrame focusedWindow; + private static volatile CEmbeddedFrame globalFocusedWindow; + private CEmbeddedFrame browserWindowFocusedApplet; private boolean parentWindowActive = true; public CEmbeddedFrame() { @@ -111,10 +112,10 @@ synchronized (classLock) { // In some cases an applet may not receive the focus lost event // from the parent window (see 8012330) - focusedWindow = (focused) ? this - : ((focusedWindow == this) ? null : focusedWindow); + globalFocusedWindow = (focused) ? this + : ((globalFocusedWindow == this) ? null : globalFocusedWindow); } - if (focusedWindow == this) { + if (globalFocusedWindow == this) { // see bug 8010925 // we can't put this to handleWindowFocusEvent because // it won't be invoced if focuse is moved to a html element @@ -145,9 +146,23 @@ // non-focused applet. This method can be called from different threads. public void handleWindowFocusEvent(boolean parentWindowActive) { this.parentWindowActive = parentWindowActive; + // If several applets are running in different browser's windows, it is necessary to + // detect the switching between the parent windows and update globalFocusedWindow accordingly. + synchronized (classLock) { + if (!parentWindowActive) { + this.browserWindowFocusedApplet = globalFocusedWindow; + } + if (parentWindowActive && globa