Merge pull request #21 from bell-sw/b202
jdk8u202-ga update
diff --git a/.hgtags b/.hgtags
index 4b67e78..a0d3cb7 100644
--- a/.hgtags
+++ b/.hgtags
@@ -946,3 +946,37 @@
f877dad22786f92aa495a595a1a4a16f0163c573 jdk8u192-b12
996dd3ce1ec5437da8b5a742c60a5ff7b6028122 jdk8u192-b26
9da3ff5cd435240bc4941bc1c2ca170c567e012f jdk8u202-b01
+478a4add975beb90696a4ead5f8fcd9c17fc1a83 jdk8u202-b02
+03719dd7706173821b51f42b20ac3cb040696a56 jdk8u202-b03
+d1d759924a534328146368d9be0e49168ace93eb jdk8u202-b04
+620927565284a2cc75bbc3a9bf583997ffb4ea63 jdk8u202-b05
+a7d761df5f2b2a3506516c876381cfb1cdee9387 jdk8u202-b06
+eab55c31ad236f6c601deb5620dc029e9f1b9a72 jdk8u202-b07
+d10b8de706c1ea867abc5518dbb1cf92f6965f6a jdk8u202-b08
+96f7a4d6224a4cbf14c7ac54e39b7e35fee00c0c jdk8u202-b25
+4d01af1665277b6f5f5a6c9107f01bb6c1e0942d jdk8u202-b26
+d10b8de706c1ea867abc5518dbb1cf92f6965f6a jdk8u202-ga
+38b4a5b97f38c467446f1767d148075ac98397d1 jdk8u181-b31
+d679861a9a1efc80e0671b1c6b870fcffbfb9d9c jdk8u181-b32
+078a06936ffe2db2a00e928f88c6e345a126985a jdk8u181-b33
+ecfdede1e6ddf37dcca415861ab031c18ec4b349 jdk8u181-b34
+ac943243eaf1cb3971b953d56527287ae3f8d223 jdk8u181-b35
+674963395b9f747e746af782f2f3ea7995385420 jdk8u181-b36
+92587df933606ff8f03c6073be6c4089211de2b3 jdk8u181-b37
+fbc886dd68cc0e2d877406f73a24bd332bf78244 jdk8u201-b01
+fbeb9b9cc0106ef9bd6b03a441c9a2e06db07bd9 jdk8u201-b02
+274162fd9a2334ac99157a87ff3caff9069e4a66 jdk8u201-b03
+c0b2b82d2478bd641adf21f807809979756485c2 jdk8u201-b04
+3d28c8134ca184ed00271cbec9862f688d04bd4f jdk8u201-b74
+df3e701ab0766c48fe9c72e259aa5ecc278e9fcf jdk8u201-b05
+9fe667a8402b606db5b0c4aa2fb2d65dec2fcddc jdk8u201-b75
+dc2aeed27f71f87d52a81520773e64a06f8c8978 jdk8u201-b06
+a1845b252425953875de75560822576eddc185a8 jdk8u201-b76
+0a19f694c42c6d8e545743e3df938e80d3d56b87 jdk8u201-b07
+f0611120a4b7deae2219f72c5919712f1662ad9b jdk8u201-b77
+21ffcdd4d850dd240338c211bbeecb79c38e5403 jdk8u201-b08
+72a1a252527bb1ef9a67b7318411e117e7814e3e jdk8u201-b09
+c44a78b5e3c5c8f49901a251c0626f0134833ea4 jdk8u201-b79
+91c1f8b2df32a70763018d69b745639b6b94b393 jdk8u201-b25
+7ce5e345e1d26b459c54ede2aedc99e5afe45a5d jdk8u201-b26
+72a1a252527bb1ef9a67b7318411e117e7814e3e jdk8u201-ga
diff --git a/THIRD_PARTY_README b/THIRD_PARTY_README
index a1662fe..f9268ad 100644
--- a/THIRD_PARTY_README
+++ b/THIRD_PARTY_README
@@ -1668,13 +1668,13 @@
-------------------------------------------------------------------------------
-%% This notice is provided with respect to Little CMS 2.7, which may be
+%% This notice is provided with respect to Little CMS 2.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Little CMS
-Copyright (c) 1998-2015 Marti Maria Saguer
+Copyright (c) 1998-2011 Marti Maria Saguer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/make/data/tzdata/VERSION b/make/data/tzdata/VERSION
index 22002be..e3fa922 100644
--- a/make/data/tzdata/VERSION
+++ b/make/data/tzdata/VERSION
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2018e
+tzdata2018g
diff --git a/make/data/tzdata/africa b/make/data/tzdata/africa
index 1c305f8..e2ffac2 100644
--- a/make/data/tzdata/africa
+++ b/make/data/tzdata/africa
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Africa and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -29,7 +31,7 @@
# tz@iana.org for general use in the future). For more, please see
# the file CONTRIBUTING in the tz distribution.
-# From Paul Eggert (2017-04-09):
+# From Paul Eggert (2018-05-27):
#
# Unless otherwise specified, the source for data through 1990 is:
# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -74,13 +76,15 @@
# I vaguely recall 'WAT' also being used for -01 in the past but
# cannot now come up with solid citations.
#
-# I invented the following abbreviations; corrections are welcome!
-# +02 WAST West Africa Summer Time (no longer used)
-# +03 CAST Central Africa Summer Time (no longer used)
-# +03 SAST South Africa Summer Time (no longer used)
+# I invented the following abbreviations in the 1990s:
+# +02 WAST West Africa Summer Time
+# +03 CAST Central Africa Summer Time
+# +03 SAST South Africa Summer Time
# +03 EAT East Africa Time
-# 'EAT' also seems to have caught on; the others are rare but are paired
-# with better-attested non-DST abbreviations.
+# 'EAT' seems to have caught on and is in current timestamps, and though
+# the other abbreviations are rarer and are only in past timestamps,
+# they are paired with better-attested non-DST abbreviations.
+# Corrections are welcome.
# Algeria
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@@ -385,6 +389,13 @@
# Eritrea
# Ethiopia
# See Africa/Nairobi.
+#
+# Unfortunately tzdb records only Western clock time in use in Ethiopia,
+# as the tzdb format is not up to properly recording a common Ethiopian
+# timekeeping practice that is based on solar time. See:
+# Mortada D. If you have a meeting in Ethiopia, you'd better double
+# check the time. PRI's The World. 2015-01-30 15:15 -05.
+# https://www.pri.org/stories/2015-01-30/if-you-have-meeting-ethiopia-you-better-double-check-time
# Gabon
# See Africa/Lagos.
@@ -856,94 +867,61 @@
# <https://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/> agrees
# with the patch.
-# From Paul Eggert (2015-06-08):
-# For now, guess that later spring and fall transitions will use 2015's rules,
-# and guess that Morocco will switch to standard time at 03:00 the last
-# Sunday before Ramadan, and back to DST at 02:00 the first Sunday after
-# Ramadan. To implement this, transition dates for 2016 through 2037 were
-# determined by running the following program under GNU Emacs 24.3, with the
-# results integrated by hand into the table below.
-# (let ((islamic-year 1437))
-# (require 'cal-islam)
-# (while (< islamic-year 1460)
-# (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year)))
-# (b (calendar-islamic-to-absolute (list 10 1 islamic-year)))
-# (sunday 0))
-# (while (/= sunday (mod (setq a (1- a)) 7)))
-# (while (/= sunday (mod b 7))
-# (setq b (1+ b)))
-# (setq a (calendar-gregorian-from-absolute a))
-# (setq b (calendar-gregorian-from-absolute b))
-# (insert
-# (format
-# (concat "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 3:00\t0\t-\n"
-# "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 2:00\t1:00\tS\n")
-# (car (cdr (cdr a))) (calendar-month-name (car a) t) (car (cdr a))
-# (car (cdr (cdr b))) (calendar-month-name (car b) t) (car (cdr b)))))
-# (setq islamic-year (+ 1 islamic-year))))
+# From Mohamed Essedik Najd (2018-10-26):
+# Today, a Moroccan government council approved the perpetual addition
+# of 60 minutes to the regular Moroccan timezone.
+# From Brian Inglis (2018-10-26):
+# http://www.maroc.ma/fr/actualites/le-conseil-de-gouvernement-adopte-un-projet-de-decret-relatif-lheure-legale-stipulant-le
# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-
-Rule Morocco 1939 only - Sep 12 0:00 1:00 S
+Rule Morocco 1939 only - Sep 12 0:00 1:00 -
Rule Morocco 1939 only - Nov 19 0:00 0 -
-Rule Morocco 1940 only - Feb 25 0:00 1:00 S
+Rule Morocco 1940 only - Feb 25 0:00 1:00 -
Rule Morocco 1945 only - Nov 18 0:00 0 -
-Rule Morocco 1950 only - Jun 11 0:00 1:00 S
+Rule Morocco 1950 only - Jun 11 0:00 1:00 -
Rule Morocco 1950 only - Oct 29 0:00 0 -
-Rule Morocco 1967 only - Jun 3 12:00 1:00 S
+Rule Morocco 1967 only - Jun 3 12:00 1:00 -
Rule Morocco 1967 only - Oct 1 0:00 0 -
-Rule Morocco 1974 only - Jun 24 0:00 1:00 S
+Rule Morocco 1974 only - Jun 24 0:00 1:00 -
Rule Morocco 1974 only - Sep 1 0:00 0 -
-Rule Morocco 1976 1977 - May 1 0:00 1:00 S
+Rule Morocco 1976 1977 - May 1 0:00 1:00 -
Rule Morocco 1976 only - Aug 1 0:00 0 -
Rule Morocco 1977 only - Sep 28 0:00 0 -
-Rule Morocco 1978 only - Jun 1 0:00 1:00 S
+Rule Morocco 1978 only - Jun 1 0:00 1:00 -
Rule Morocco 1978 only - Aug 4 0:00 0 -
-Rule Morocco 2008 only - Jun 1 0:00 1:00 S
+Rule Morocco 2008 only - Jun 1 0:00 1:00 -
Rule Morocco 2008 only - Sep 1 0:00 0 -
-Rule Morocco 2009 only - Jun 1 0:00 1:00 S
+Rule Morocco 2009 only - Jun 1 0:00 1:00 -
Rule Morocco 2009 only - Aug 21 0:00 0 -
-Rule Morocco 2010 only - May 2 0:00 1:00 S
+Rule Morocco 2010 only - May 2 0:00 1:00 -
Rule Morocco 2010 only - Aug 8 0:00 0 -
-Rule Morocco 2011 only - Apr 3 0:00 1:00 S
+Rule Morocco 2011 only - Apr 3 0:00 1:00 -
Rule Morocco 2011 only - Jul 31 0:00 0 -
-Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S
+Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 -
Rule Morocco 2012 only - Jul 20 3:00 0 -
-Rule Morocco 2012 only - Aug 20 2:00 1:00 S
+Rule Morocco 2012 only - Aug 20 2:00 1:00 -
Rule Morocco 2012 only - Sep 30 3:00 0 -
Rule Morocco 2013 only - Jul 7 3:00 0 -
-Rule Morocco 2013 only - Aug 10 2:00 1:00 S
-Rule Morocco 2013 max - Oct lastSun 3:00 0 -
-Rule Morocco 2014 2021 - Mar lastSun 2:00 1:00 S
+Rule Morocco 2013 only - Aug 10 2:00 1:00 -
+Rule Morocco 2013 2018 - Oct lastSun 3:00 0 -
+Rule Morocco 2014 2018 - Mar lastSun 2:00 1:00 -
Rule Morocco 2014 only - Jun 28 3:00 0 -
-Rule Morocco 2014 only - Aug 2 2:00 1:00 S
+Rule Morocco 2014 only - Aug 2 2:00 1:00 -
Rule Morocco 2015 only - Jun 14 3:00 0 -
-Rule Morocco 2015 only - Jul 19 2:00 1:00 S
+Rule Morocco 2015 only - Jul 19 2:00 1:00 -
Rule Morocco 2016 only - Jun 5 3:00 0 -
-Rule Morocco 2016 only - Jul 10 2:00 1:00 S
+Rule Morocco 2016 only - Jul 10 2:00 1:00 -
Rule Morocco 2017 only - May 21 3:00 0 -
-Rule Morocco 2017 only - Jul 2 2:00 1:00 S
+Rule Morocco 2017 only - Jul 2 2:00 1:00 -
Rule Morocco 2018 only - May 13 3:00 0 -
-Rule Morocco 2018 only - Jun 17 2:00 1:00 S
-Rule Morocco 2019 only - May 5 3:00 0 -
-Rule Morocco 2019 only - Jun 9 2:00 1:00 S
-Rule Morocco 2020 only - Apr 19 3:00 0 -
-Rule Morocco 2020 only - May 24 2:00 1:00 S
-Rule Morocco 2021 only - Apr 11 3:00 0 -
-Rule Morocco 2021 only - May 16 2:00 1:00 S
-Rule Morocco 2022 only - May 8 2:00 1:00 S
-Rule Morocco 2023 only - Apr 23 2:00 1:00 S
-Rule Morocco 2024 only - Apr 14 2:00 1:00 S
-Rule Morocco 2025 only - Apr 6 2:00 1:00 S
-Rule Morocco 2026 max - Mar lastSun 2:00 1:00 S
-Rule Morocco 2036 only - Oct 19 3:00 0 -
-Rule Morocco 2037 only - Oct 4 3:00 0 -
+Rule Morocco 2018 only - Jun 17 2:00 1:00 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26
- 0:00 Morocco WE%sT 1984 Mar 16
- 1:00 - CET 1986
- 0:00 Morocco WE%sT
+ 0:00 Morocco +00/+01 1984 Mar 16
+ 1:00 - +01 1986
+ 0:00 Morocco +00/+01 2018 Oct 27
+ 1:00 - +01
# Western Sahara
#
@@ -958,7 +936,8 @@
Zone Africa/El_Aaiun -0:52:48 - LMT 1934 Jan # El Aaiún
-1:00 - -01 1976 Apr 14
- 0:00 Morocco WE%sT
+ 0:00 Morocco +00/+01 2018 Oct 27
+ 1:00 - +01
# Mozambique
#
diff --git a/make/data/tzdata/antarctica b/make/data/tzdata/antarctica
index 74ce2dc..d98afed 100644
--- a/make/data/tzdata/antarctica
+++ b/make/data/tzdata/antarctica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Antarctica and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/make/data/tzdata/asia b/make/data/tzdata/asia
index 271760c..9847e91 100644
--- a/make/data/tzdata/asia
+++ b/make/data/tzdata/asia
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Asia and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -29,7 +31,7 @@
# tz@iana.org for general use in the future). For more, please see
# the file CONTRIBUTING in the tz distribution.
-# From Paul Eggert (2017-01-13):
+# From Paul Eggert (2018-06-19):
#
# Unless otherwise specified, the source for data through 1990 is:
# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -58,7 +60,8 @@
# A reliable and entertaining source about time zones is
# Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997).
#
-# The following alphabetic abbreviations appear in these tables:
+# The following alphabetic abbreviations appear in these tables
+# (corrections are welcome):
# std dst
# LMT Local Mean Time
# 2:00 EET EEST Eastern European Time
@@ -67,11 +70,13 @@
# 7:00 WIB west Indonesia (Waktu Indonesia Barat)
# 8:00 WITA central Indonesia (Waktu Indonesia Tengah)
# 8:00 CST China
+# 8:00 PST PDT* Philippine Standard Time
# 8:30 KST KDT Korea when at +0830
# 9:00 WIT east Indonesia (Waktu Indonesia Timur)
# 9:00 JST JDT Japan
# 9:00 KST KDT Korea when at +09
# 9:30 ACST Australian Central Standard Time
+# *I invented the abbreviation PDT; see "Philippines" below.
# Otherwise, these tables typically use numeric abbreviations like +03
# and +0330 for integer hour and minute UT offsets. Although earlier
# editions invented alphabetic time zone abbreviations for every
@@ -304,6 +309,29 @@
# China
+# From Paul Eggert (2018-10-02):
+# The following comes from Table 1 of:
+# Li Yu. Research on the daylight saving movement in 1940s Shanghai.
+# Nanjing Journal of Social Sciences. 2014;(2):144-50.
+# http://oversea.cnki.net/kns55/detail.aspx?dbname=CJFD2014&filename=NJSH201402020
+# The table lists dates only; I am guessing 00:00 and 24:00 transition times.
+# Also, the table lists the planned end of DST in 1949, but the corresponding
+# zone line cuts this off on May 28, when the Communists took power.
+#
+# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+Rule Shang 1940 only - Jun 1 0:00 1:00 D
+Rule Shang 1940 only - Oct 12 24:00 0 S
+Rule Shang 1941 only - Mar 15 0:00 1:00 D
+Rule Shang 1941 only - Nov 1 24:00 0 S
+Rule Shang 1942 only - Jan 31 0:00 1:00 D
+Rule Shang 1945 only - Sep 1 24:00 0 S
+Rule Shang 1946 only - May 15 0:00 1:00 D
+Rule Shang 1946 only - Sep 30 24:00 0 S
+Rule Shang 1947 only - Apr 15 0:00 1:00 D
+Rule Shang 1947 only - Oct 31 24:00 0 S
+Rule Shang 1948 1949 - May 1 0:00 1:00 D
+Rule Shang 1948 1949 - Sep 30 24:00 0 S #plan
+
# From Guy Harris:
# People's Republic of China. Yes, they really have only one time zone.
@@ -330,18 +358,33 @@
# time - sort of", Los Angeles Times, 1986-05-05 ... [says] that China began
# observing daylight saving time in 1986.
-# From Paul Eggert (2014-06-30):
-# Shanks & Pottenger have China switching to a single time zone in 1980, but
-# this doesn't seem to be correct. They also write that China observed summer
-# DST from 1986 through 1991, which seems to match the above commentary, so
-# go with them for DST rules as follows:
+# From P Chan (2018-05-07):
+# The start and end time of DST in China [from 1986 on] should be 2:00
+# (i.e. 2:00 to 3:00 at the start and 2:00 to 1:00 at the end)....
+# Government notices about summer time:
+#
+# 1986-04-12 http://www.zj.gov.cn/attach/zfgb/198608.pdf p.21-22
+# (To establish summer time from 1986. On 4 May, set the clocks ahead one hour
+# at 2 am. On 14 September, set the clocks backward one hour at 2 am.)
+#
+# 1987-02-15 http://www.gov.cn/gongbao/shuju/1987/gwyb198703.pdf p.114
+# (Summer time in 1987 to start from 12 April until 13 September)
+#
+# 1987-09-09 http://www.gov.cn/gongbao/shuju/1987/gwyb198721.pdf p.709
+# (From 1988, summer time to start from 2 am of the first Sunday of mid-April
+# until 2 am of the first Sunday of mid-September)
+#
+# 1992-03-03 http://www.gov.cn/gongbao/shuju/1992/gwyb199205.pdf p.152
+# (To suspend summer time from 1992)
+#
+# The first page of People's Daily on 12 April 1988 stating that summer time
+# to begin on 17 April.
+# http://data.people.com.cn/pic/101p/1988/04/1988041201.jpg
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Shang 1940 only - Jun 3 0:00 1:00 D
-Rule Shang 1940 1941 - Oct 1 0:00 0 S
-Rule Shang 1941 only - Mar 16 0:00 1:00 D
-Rule PRC 1986 only - May 4 0:00 1:00 D
-Rule PRC 1986 1991 - Sep Sun>=11 0:00 0 S
-Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
+Rule PRC 1986 only - May 4 2:00 1:00 D
+Rule PRC 1986 1991 - Sep Sun>=11 2:00 0 S
+Rule PRC 1987 1991 - Apr Sun>=11 2:00 1:00 D
# From Anthony Fok (2001-12-20):
# BTW, I did some research on-line and found some info regarding these five
@@ -363,10 +406,11 @@
# Alois Treindl kindly sent me translations of the following two sources:
#
# (1)
-# Guo Qingsheng (National Time-Service Center, CAS, Xi'an 710600, China)
+# Guo Qing-sheng (National Time-Service Center, CAS, Xi'an 710600, China)
# Beijing Time at the Beginning of the PRC
# China Historical Materials of Science and Technology
-# (Zhongguo ke ji shi liao, 中国科技史料), Vol. 24, No. 1 (2003)
+# (Zhongguo ke ji shi liao, 中国科技史料). 2003;24(1):5-9.
+# http://oversea.cnki.net/kcms/detail/detail.aspx?filename=ZGKS200301000&dbname=CJFD2003
# It gives evidence that at the beginning of the PRC, Beijing time was
# officially apparent solar time! However, Guo also says that the
# evidence is dubious, as the relevant institute of astronomy had not
@@ -543,7 +587,7 @@
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Beijing time, used throughout China; represented by Shanghai.
Zone Asia/Shanghai 8:05:43 - LMT 1901
- 8:00 Shang C%sT 1949
+ 8:00 Shang C%sT 1949 May 28
8:00 PRC C%sT
# Xinjiang time, used by many in western China; represented by Ürümqi / Ürümchi
# / Wulumuqi. (Please use Asia/Shanghai if you prefer Beijing time.)
@@ -772,24 +816,140 @@
8:00 Taiwan C%sT
# Macau (Macao, Aomen)
+#
+# From P Chan (2018-05-10):
+# * LegisMac
+# http://legismac.safp.gov.mo/legismac/descqry/Descqry.jsf?lang=pt
+# A database for searching titles of legal documents of Macau in
+# Chinese and Portuguese. The term "HORÁRIO DE VERÃO" can be used for
+# searching decrees about summer time.
+# * Archives of Macao
+# http://www.archives.gov.mo/en/bo/
+# It contains images of old official gazettes.
+# * The Macao Meteorological and Geophysical Bureau have a page listing the
+# summer time history. But it is not complete and has some mistakes.
+# http://www.smg.gov.mo/smg/geophysics/e_t_Summer%20Time.htm
+# Macau adopted GMT+8 on 30 Oct 1904 to follow Hong Kong. Clocks were
+# advanced by 25 minutes and 50 seconds. Which means the LMT used was
+# +7:34:10. As stated in the "Portaria No. 204" dated 21 October 1904
+# and published in the Official Gazette on 29 October 1904.
+# http://igallery.icm.gov.mo/Images/Archives/BO/MO_AH_PUB_BO_1904_10/MO_AH_PUB_BO_1904_10_00025_Grey.JPG
+#
+# Therefore the 1911 decree of Portugal did not change time in Macau.
+#
+# From LegisMac, here is a list of decrees that changed the time ...
+# [Decree Gazette-no. date; titles omitted in this quotation]
+# DIL 732 BOCM 51 1941.12.20
+# DIL 764 BOCM 9S 1942.04.30
+# DIL 781 BOCM 21 1942.10.10
+# PT 3434 BOCM 8S 1943.04.17
+# PT 3504 BOCM 20 1943.09.25
+# PT 3843 BOCM 39 1945.09.29
+# PT 3961 BOCM 17 1946.04.27
+# PT 4026 BOCM 39 1946.09.28
+# PT 4153 BOCM 16 1947.04.10
+# PT 4271 BOCM 48 1947.11.29
+# PT 4374 BOCM 18 1948.05.01
+# PT 4465 BOCM 44 1948.10.30
+# PT 4590 BOCM 14 1949.04.02
+# PT 4666 BOCM 44 1949.10.29
+# PT 4771 BOCM 12 1950.03.25
+# PT 4838 BOCM 43 1950.10.28
+# PT 4946 BOCM 12 1951.03.24
+# PT 5025 BO 43 1951.10.27
+# PT 5149 BO 14 1952.04.05
+# PT 5251 BO 43 1952.10.25
+# PT 5366 BO 13 1953.03.28
+# PT 5444 BO 44 1953.10.31
+# PT 5540 BO 12 1954.03.20
+# PT 5589 BO 44 1954.10.30
+# PT 5676 BO 12 1955.03.19
+# PT 5739 BO 45 1955.11.05
+# PT 5823 BO 11 1956.03.17
+# PT 5891 BO 44 1956.11.03
+# PT 5981 BO 12 1957.03.23
+# PT 6064 BO 43 1957.10.26
+# PT 6172 BO 12 1958.03.22
+# PT 6243 BO 43 1958.10.25
+# PT 6341 BO 12 1959.03.21
+# PT 6411 BO 43 1959.10.24
+# PT 6514 BO 11 1960.03.12
+# PT 6584 BO 44 1960.10.29
+# PT 6721 BO 10 1961.03.11
+# PT 6815 BO 43 1961.10.28
+# PT 6947 BO 10 1962.03.10
+# PT 7080 BO 43 1962.10.27
+# PT 7218 BO 12 1963.03.23
+# PT 7340 BO 43 1963.10.26
+# PT 7491 BO 11 1964.03.14
+# PT 7664 BO 43 1964.10.24
+# PT 7846 BO 15 1965.04.10
+# PT 7979 BO 42 1965.10.16
+# PT 8146 BO 15 1966.04.09
+# PT 8252 BO 41 1966.10.08
+# PT 8429 BO 15 1967.04.15
+# PT 8540 BO 41 1967.10.14
+# PT 8735 BO 15 1968.04.13
+# PT 8860 BO 41 1968.10.12
+# PT 9035 BO 16 1969.04.19
+# PT 9156 BO 42 1969.10.18
+# PT 9328 BO 15 1970.04.11
+# PT 9418 BO 41 1970.10.10
+# PT 9587 BO 14 1971.04.03
+# PT 9702 BO 41 1971.10.09
+# PT 38-A/72 BO 14 1972.04.01
+# PT 126-A/72 BO 41 1972.10.07
+# PT 61/73 BO 14 1973.04.07
+# PT 182/73 BO 40 1973.10.06
+# PT 282/73 BO 51 1973.12.22
+# PT 177/74 BO 41 1974.10.12
+# PT 51/75 BO 15 1975.04.12
+# PT 173/75 BO 41 1975.10.11
+# PT 67/76/M BO 14 1976.04.03
+# PT 169/76/M BO 41 1976.10.09
+# PT 78/79/M BO 19 1979.05.12
+# PT 166/79/M BO 42 1979.10.20
+# Note that DIL 732 does not belong to "HORÁRIO DE VERÃO" according to
+# LegisMac.... Note that between 1942 and 1945, the time switched
+# between GMT+9 and GMT+10. Also in 1965 and 1965 the DST ended at 2:30am.
+
+# From Paul Eggert (2018-05-10):
+# The 1904 decree says that Macau changed from the meridian of
+# Fortaleza do Monte, presumably the basis for the 7:34:10 for LMT.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Macau 1961 1962 - Mar Sun>=16 3:30 1:00 D
-Rule Macau 1961 1964 - Nov Sun>=1 3:30 0 S
-Rule Macau 1963 only - Mar Sun>=16 0:00 1:00 D
-Rule Macau 1964 only - Mar Sun>=16 3:30 1:00 D
-Rule Macau 1965 only - Mar Sun>=16 0:00 1:00 D
-Rule Macau 1965 only - Oct 31 0:00 0 S
-Rule Macau 1966 1971 - Apr Sun>=16 3:30 1:00 D
-Rule Macau 1966 1971 - Oct Sun>=16 3:30 0 S
-Rule Macau 1972 1974 - Apr Sun>=15 0:00 1:00 D
-Rule Macau 1972 1973 - Oct Sun>=15 0:00 0 S
-Rule Macau 1974 1977 - Oct Sun>=15 3:30 0 S
-Rule Macau 1975 1977 - Apr Sun>=15 3:30 1:00 D
-Rule Macau 1978 1980 - Apr Sun>=15 0:00 1:00 D
-Rule Macau 1978 1980 - Oct Sun>=15 0:00 0 S
-# See Europe/Lisbon for info about the 1912 transition.
+Rule Macau 1942 1943 - Apr 30 23:00 1:00 -
+Rule Macau 1942 only - Nov 17 23:00 0 -
+Rule Macau 1943 only - Sep 30 23:00 0 S
+Rule Macau 1946 only - Apr 30 23:00s 1:00 D
+Rule Macau 1946 only - Sep 30 23:00s 0 S
+Rule Macau 1947 only - Apr 19 23:00s 1:00 D
+Rule Macau 1947 only - Nov 30 23:00s 0 S
+Rule Macau 1948 only - May 2 23:00s 1:00 D
+Rule Macau 1948 only - Oct 31 23:00s 0 S
+Rule Macau 1949 1950 - Apr Sat>=1 23:00s 1:00 D
+Rule Macau 1949 1950 - Oct lastSat 23:00s 0 S
+Rule Macau 1951 only - Mar 31 23:00s 1:00 D
+Rule Macau 1951 only - Oct 28 23:00s 0 S
+Rule Macau 1952 1953 - Apr Sat>=1 23:00s 1:00 D
+Rule Macau 1952 only - Nov 1 23:00s 0 S
+Rule Macau 1953 1954 - Oct lastSat 23:00s 0 S
+Rule Macau 1954 1956 - Mar Sat>=17 23:00s 1:00 D
+Rule Macau 1955 only - Nov 5 23:00s 0 S
+Rule Macau 1956 1964 - Nov Sun>=1 03:30 0 S
+Rule Macau 1957 1964 - Mar Sun>=18 03:30 1:00 D
+Rule Macau 1965 1973 - Apr Sun>=16 03:30 1:00 D
+Rule Macau 1965 1966 - Oct Sun>=16 02:30 0 S
+Rule Macau 1967 1976 - Oct Sun>=16 03:30 0 S
+Rule Macau 1973 only - Dec 30 03:30 1:00 D
+Rule Macau 1975 1976 - Apr Sun>=16 03:30 1:00 D
+Rule Macau 1979 only - May 13 03:30 1:00 D
+Rule Macau 1979 only - Oct Sun>=16 03:30 0 S
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-Zone Asia/Macau 7:34:20 - LMT 1911 Dec 31 16:00u
+Zone Asia/Macau 7:34:10 - LMT 1904 Oct 30
+ 8:00 - CST 1941 Dec 21 23:00
+ 9:00 Macau +09/+10 1945 Sep 30 24:00
8:00 Macau C%sT
@@ -1494,9 +1654,29 @@
# http://www.shugiin.go.jp/internet/itdb_housei.nsf/html/houritsu/00719500331039.htm
# ... In summary, it is written as follows. From 24:00 on the first Saturday
# in May, until 0:00 on the day after the second Saturday in September.
+
+# From Phake Nick (2018-09-27):
+# [T]he webpage authored by National Astronomical Observatory of Japan
+# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EF.html
+# ... mentioned that using Showa 23 (year 1948) as example, 13pm of September
+# 11 in summer time will equal to 0am of September 12 in standard time.
+# It cited a document issued by the Liaison Office which briefly existed
+# during the postwar period of Japan, where the detail on implementation
+# of the summer time is described in the document.
+# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EFB2C6BBFEB9EFA4CEBCC2BBDCA4CBA4C4A4A4A4C6.pdf
+# The text in the document do instruct a fall back to occur at
+# September 11, 13pm in summer time, while ordinary citizens can
+# change the clock before they sleep.
+#
+# From Paul Eggert (2018-09-27):
+# This instruction is equivalent to "Sat>=8 25:00", so use that. zic treats
+# it like "Sun>=9 01:00", which is not quite the same but is the best we can
+# do in any POSIX or C platform. The "25:00" assumes zic from 2007 or later,
+# which should be safe now.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Japan 1948 only - May Sat>=1 24:00 1:00 D
-Rule Japan 1948 1951 - Sep Sun>=9 0:00 0 S
+Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S
Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D
Rule Japan 1950 1951 - May Sat>=1 24:00 1:00 D
@@ -1878,7 +2058,7 @@
5:00 - +05
# Mangghystaū (KZ-MAN)
# Aqtau was not founded until 1963, but it represents an inhabited region,
-# so include time stamps before 1963.
+# so include timestamps before 1963.
Zone Asia/Aqtau 3:21:04 - LMT 1924 May 2
4:00 - +04 1930 Jun 21
5:00 - +05 1981 Oct 1
@@ -2018,6 +2198,10 @@
# Assembly, as published in Rodong Sinmun.
# From Tim Parenti (2018-04-29):
# It appears to be the front page story at the top in the right-most column.
+#
+# From Paul Eggert (2018-05-04):
+# The BBC reported that the transition was from 23:30 to 24:00 today.
+# https://www.bbc.com/news/world-asia-44010705
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Seoul 8:27:52 - LMT 1908 Apr 1
@@ -2030,7 +2214,7 @@
8:30 - KST 1912 Jan 1
9:00 - JST 1945 Aug 24
9:00 - KST 2015 Aug 15 00:00
- 8:30 - KST 2018 May 5
+ 8:30 - KST 2018 May 4 23:30
9:00 - KST
###############################################################################
@@ -2790,19 +2974,35 @@
# Philippine Star 2014-08-05
# http://www.philstar.com/headlines/2014/08/05/1354152/pnoy-urged-declare-use-daylight-saving-time
+# From Paul Goyette (2018-06-15):
+# In the Philippines, there is a national law, Republic Act No. 10535
+# which declares the official time here as "Philippine Standard Time".
+# The act [1] even specifies use of PST as the abbreviation, although
+# the FAQ provided by PAGASA [2] uses the "acronym PhST to distinguish
+# it from the Pacific Standard Time (PST)."
+# [1] http://www.officialgazette.gov.ph/2013/05/15/republic-act-no-10535/
+# [2] https://www1.pagasa.dost.gov.ph/index.php/astronomy/philippine-standard-time#republic-act-10535
+#
+# From Paul Eggert (2018-06-19):
+# I surveyed recent news reports, and my impression is that "PST" is
+# more popular among reliable English-language news sources. This is
+# not just a measure of Google hit counts: it's also the sizes and
+# influence of the sources. There is no current abbreviation for DST,
+# so use "PDT", the usual American style.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Phil 1936 only - Nov 1 0:00 1:00 -
-Rule Phil 1937 only - Feb 1 0:00 0 -
-Rule Phil 1954 only - Apr 12 0:00 1:00 -
-Rule Phil 1954 only - Jul 1 0:00 0 -
-Rule Phil 1978 only - Mar 22 0:00 1:00 -
-Rule Phil 1978 only - Sep 21 0:00 0 -
+Rule Phil 1936 only - Nov 1 0:00 1:00 D
+Rule Phil 1937 only - Feb 1 0:00 0 S
+Rule Phil 1954 only - Apr 12 0:00 1:00 D
+Rule Phil 1954 only - Jul 1 0:00 0 S
+Rule Phil 1978 only - Mar 22 0:00 1:00 D
+Rule Phil 1978 only - Sep 21 0:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Manila -15:56:00 - LMT 1844 Dec 31
8:04:00 - LMT 1899 May 11
- 8:00 Phil +08/+09 1942 May
- 9:00 - +09 1944 Nov
- 8:00 Phil +08/+09
+ 8:00 Phil P%sT 1942 May
+ 9:00 - JST 1944 Nov
+ 8:00 Phil P%sT
# Qatar
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
@@ -2813,15 +3013,34 @@
# Saudi Arabia
#
-# From Paul Eggert (2014-07-15):
+# From Paul Eggert (2018-08-29):
# Time in Saudi Arabia and other countries in the Arabian peninsula was not
-# standardized until relatively recently; we don't know when, and possibly it
+# standardized until 1968 or so; we don't know exactly when, and possibly it
# has never been made official. Richard P Hunt, in "Islam city yielding to
# modern times", New York Times (1961-04-09), p 20, wrote that only airlines
# observed standard time, and that people in Jeddah mostly observed quasi-solar
# time, doing so by setting their watches at sunrise to 6 o'clock (or to 12
# o'clock for "Arab" time).
#
+# Timekeeping differed depending on who you were and which part of Saudi
+# Arabia you were in. In 1969, Elias Antar wrote that although a common
+# practice had been to set one's watch to 12:00 (i.e., midnight) at sunset -
+# which meant that the time on one side of a mountain could differ greatly from
+# the time on the other side - many foreigners set their watches to 6pm
+# instead, while airlines instead used UTC +03 (except in Dhahran, where they
+# used UTC +04), Aramco used UTC +03 with DST, and the Trans-Arabian Pipe Line
+# Company used Aramco time in eastern Saudi Arabia and airline time in western.
+# (The American Military Aid Advisory Group used plain UTC.) Antar writes,
+# "A man named Higgins, so the story goes, used to run a local power
+# station. One day, the whole thing became too much for Higgins and he
+# assembled his staff and laid down the law. 'I've had enough of this,' he
+# shrieked. 'It is now 12 o'clock Higgins Time, and from now on this station is
+# going to run on Higgins Time.' And so, until last year, it did." See:
+# Antar E. Dinner at When? Saudi Aramco World, 1969 March/April. 2-3.
+# http://archive.aramcoworld.com/issue/196902/dinner.at.when.htm
+# newspapers.com says a similar story about Higgins was published in the Port
+# Angeles (WA) Evening News, 1965-03-10, page 5, but I lack access to the text.
+#
# The TZ database cannot represent quasi-solar time; airline time is the best
# we can do. The 1946 foreign air news digest of the U.S. Civil Aeronautics
# Board (OCLC 42299995) reported that the "... Arabian Government, inaugurated
@@ -2831,7 +3050,8 @@
#
# Shanks & Pottenger also state that until 1968-05-01 Saudi Arabia had two
# time zones; the other zone, at UT +04, was in the far eastern part of
-# the country. Ignore this, as it's before our 1970 cutoff.
+# the country. Presumably this is documenting airline time. Ignore this,
+# as it's before our 1970 cutoff.
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Riyadh 3:06:52 - LMT 1947 Mar 14
diff --git a/make/data/tzdata/australasia b/make/data/tzdata/australasia
index 2c60fd3..82e88c5 100644
--- a/make/data/tzdata/australasia
+++ b/make/data/tzdata/australasia
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Australasia and environs, and for much of the Pacific
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -384,8 +386,15 @@
# Dominic Fok writes (2017-08-20) that DST ends 2018-01-14, citing
# Extraordinary Government of Fiji Gazette Supplement No. 21 (2017-08-27),
# [Legal Notice No. 41] of an order of the previous day by J Usamate.
+
+# From Raymond Kumar (2018-07-13):
+# http://www.fijitimes.com/government-approves-2018-daylight-saving/
+# ... The daylight saving period will end at 3am on Sunday January 13, 2019.
+#
+# From Paul Eggert (2018-07-15):
# For now, guess DST from 02:00 the first Sunday in November to 03:00
-# the first Sunday on or after January 14. Although ad hoc, it matches
+# the first Sunday on or after January 13. January transitions reportedly
+# depend on when school terms start. Although the guess is ad hoc, it matches
# transitions since late 2014 and seems more likely to match future
# practice than guessing no DST.
@@ -399,7 +408,7 @@
Rule Fiji 2012 2013 - Jan Sun>=18 3:00 0 -
Rule Fiji 2014 only - Jan Sun>=18 2:00 0 -
Rule Fiji 2014 max - Nov Sun>=1 2:00 1:00 -
-Rule Fiji 2015 max - Jan Sun>=14 3:00 0 -
+Rule Fiji 2015 max - Jan Sun>=13 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:55:44 - LMT 1915 Oct 26 # Suva
12:00 Fiji +12/+13
diff --git a/make/data/tzdata/backward b/make/data/tzdata/backward
index fca4ed1..f30f30e 100644
--- a/make/data/tzdata/backward
+++ b/make/data/tzdata/backward
@@ -21,10 +21,12 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb links for backward compatibility
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
-# This file provides links between current names for time zones
+# This file provides links between current names for timezones
# and their old names. Many names changed in late 1993.
# Link TARGET LINK-NAME
diff --git a/make/data/tzdata/etcetera b/make/data/tzdata/etcetera
index ec31f1b..db59378 100644
--- a/make/data/tzdata/etcetera
+++ b/make/data/tzdata/etcetera
@@ -21,12 +21,14 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for ships at sea and other miscellany
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
# These entries are mostly present for historical reasons, so that
# people in areas not otherwise covered by the tz files could "zic -l"
-# to a time zone that was right for their area. These days, the
+# to a timezone that was right for their area. These days, the
# tz files cover almost all the inhabited world, and the only practical
# need now for the entries that are not on UTC are for ships at sea
# that cannot use POSIX TZ settings.
diff --git a/make/data/tzdata/europe b/make/data/tzdata/europe
index 99109ec..e434b7e 100644
--- a/make/data/tzdata/europe
+++ b/make/data/tzdata/europe
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Europe and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -540,7 +542,7 @@
#
# To work around this problem, the build procedure can translate the
# following data into two forms, one with negative SAVE values and the
-# other form with a traditional approximation for Irish time stamps
+# other form with a traditional approximation for Irish timestamps
# after 1971-10-31 02:00 UTC; although this approximation has tm_isdst
# flags that are reversed, its UTC offsets are correct and this often
# suffices. This source file currently uses only nonnegative SAVE
@@ -2450,6 +2452,33 @@
# administratively part of Sakhalin oblast', they appear to have
# remained on UTC+11 along with Magadan.
+# From Marat Nigametzianov (2018-07-16):
+# this is link to order from 1956 about timezone in USSR
+# http://astro.uni-altai.ru/~orion/blog/2011/11/novyie-granitsyi-chasovyih-poyasov-v-sssr/
+#
+# From Paul Eggert (2018-07-16):
+# Perhaps someone could translate the above-mentioned link and use it
+# to correct our data for the ex-Soviet Union. It cites the following:
+# «Поясное время и новые границы часовых поясов» / сост. П.Н. Долгов,
+# отв. ред. Г.Д. Бурдун - М: Комитет стандартов, мер и измерительных
+# приборов при Совете Министров СССР, Междуведомственная комиссия
+# единой службы времени, 1956 г.
+# This book looks like it would be a helpful resource for the Soviet
+# Union through 1956. Although a copy was in the Scientific Library
+# of Tomsk State University, I have not been able to track down a copy nearby.
+#
+# From Stepan Golosunov (2018-07-21):
+# http://astro.uni-altai.ru/~orion/blog/2015/05/center-reforma-ischisleniya-vremeni-br-na-territorii-sssr-v-1957-godu-center/
+# says that the 1956 decision to change time belts' borders was not
+# implemented as planned in 1956 and the change happened in 1957.
+# There is also the problem that actual time zones were different from
+# the official time belts (and from many time belts' maps) as there were
+# numerous exceptions to application of time belt rules. For example,
+# https://ru.wikipedia.org/wiki/Московское_время#Перемещение_границы_применения_московского_времени_на_восток
+# says that by 1962 there were many regions in the 3rd time belt that
+# were on Moscow time, referring to a 1962 map. By 1989 number of such
+# exceptions grew considerably.
+
# From Tim Parenti (2014-07-06):
# The comments detailing the coverage of each Russian zone are meant to assist
# with maintenance only and represent our best guesses as to which regions
@@ -2460,9 +2489,6 @@
# future stability. ISO 3166-2:RU codes are also listed for first-level
# divisions where available.
-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-
-
# From Tim Parenti (2014-07-03):
# Europe/Kaliningrad covers...
# 39 RU-KGD Kaliningrad Oblast
@@ -2730,6 +2756,15 @@
# 34 RU-VGG Volgograd Oblast
# The 1988 transition is from USSR act No. 5 (1988-01-04).
+# From Alexander Fetisov (2018-09-20):
+# Volgograd region in southern Russia (Europe/Volgograd) change
+# timezone from UTC+3 to UTC+4 from 28oct2018.
+# http://sozd.parliament.gov.ru/bill/452878-7
+#
+# From Stepan Golosunov (2018-10-11):
+# The law has been published today on
+# http://publication.pravo.gov.ru/Document/View/0001201810110037
+
Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3
3:00 - +03 1930 Jun 21
4:00 - +04 1961 Nov 11
@@ -2738,7 +2773,8 @@
4:00 - +04 1992 Mar 29 2:00s
3:00 Russia +03/+04 2011 Mar 27 2:00s
4:00 - +04 2014 Oct 26 2:00s
- 3:00 - +03
+ 3:00 - +03 2018 Oct 28 2:00s
+ 4:00 - +04
# From Paul Eggert (2016-11-11):
# Europe/Saratov covers:
@@ -3427,7 +3463,8 @@
#Rule NatSpain 1937 only - May 22 23:00 1:00 S
#Rule NatSpain 1937 1938 - Oct Sat>=1 24:00s 0 -
#Rule NatSpain 1938 only - Mar 26 23:00 1:00 S
-# The following rules are copied from Morocco from 1967 through 1978.
+# The following rules are copied from Morocco from 1967 through 1978,
+# except with "S" letters.
Rule SpainAfrica 1967 only - Jun 3 12:00 1:00 S
Rule SpainAfrica 1967 only - Oct 1 0:00 0 -
Rule SpainAfrica 1974 only - Jun 24 0:00 1:00 S
@@ -3447,6 +3484,7 @@
0:00 1:00 WEST 1918 Oct 7 23:00
0:00 - WET 1924
0:00 Spain WE%sT 1929
+ 0:00 - WET 1967 # Help zishrink.awk.
0:00 SpainAfrica WE%sT 1984 Mar 16
1:00 - CET 1986
1:00 EU CE%sT
@@ -3632,7 +3670,7 @@
# http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2 - for 2001
# http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2 - for 2002-2006
# From Paul Eggert (2016-09-25):
-# Prefer the above sources to Shanks & Pottenger for time stamps after 1985.
+# Prefer the above sources to Shanks & Pottenger for timestamps after 1985.
# From Steffen Thorsen (2007-03-09):
# Starting 2007 though, it seems that they are adopting EU's 1:00 UTC
@@ -3842,10 +3880,29 @@
# * Ukrainian Government's Resolution of 20.03.1992, No. 139.
# http://www.uazakon.com/documents/date_8u/pg_grcasa.htm
+# From Paul Eggert (2018-10-03):
+# As is usual in tzdb, Ukrainian zones use the most common English spellings.
+# For example, tzdb uses Europe/Kiev, as "Kiev" is the most common spelling in
+# English for Ukraine's capital, even though it is certainly wrong as a
+# transliteration of the Ukrainian "Київ". This is similar to tzdb's use of
+# Europe/Prague, which is certainly wrong as a transliteration of the Czech
+# "Praha". ("Kiev" came from old Slavic via Russian to English, and "Prague"
+# came from old Slavic via French to English, so the two cases have something
+# in common.) Admittedly English-language spelling of Ukrainian names is
+# controversial, and some day "Kyiv" may become substantially more popular in
+# English; in the meantime, stick with the traditional English "Kiev" as that
+# means less disruption for our users.
+#
+# Anyway, none of the common English-language spellings (Kiev, Kyiv, Kieff,
+# Kijeff, Kijev, Kiyef, Kiyeff) do justice to the common pronunciation in
+# Ukrainian, namely [ˈkɪjiu̯] (IPA). This pronunciation has nothing like an
+# English "v" or "f", and instead trails off with what an English-speaker
+# would call a demure "oo" sound, and it would would be better anglicized as
+# "Kuiyu". Here's a sound file, if you would like to do as the Kuiyuvians do:
+# https://commons.wikimedia.org/wiki/File:Uk-Київ.ogg
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-# Most of Ukraine since 1970 has been like Kiev.
-# "Kyiv" is the transliteration of the Ukrainian name, but
-# "Kiev" is more common in English.
+# This represents most of Ukraine. See above for the spelling of "Kiev".
Zone Europe/Kiev 2:02:04 - LMT 1880
2:02:04 - KMT 1924 May 2 # Kiev Mean Time
2:00 - EET 1930 Jun 21
diff --git a/make/data/tzdata/factory b/make/data/tzdata/factory
index 7d79693..6ef6bca 100644
--- a/make/data/tzdata/factory
+++ b/make/data/tzdata/factory
@@ -21,11 +21,13 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for noncommittal factory settings
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
-# For distributors who don't want to put time zone specification in
-# their installation procedures. Users that run 'date' will get the
+# For distributors who don't want to specify a timezone in their
+# installation procedures. Users who run 'date' will get the
# time zone abbreviation "-00", indicating that the actual time zone
# is unknown.
diff --git a/make/data/tzdata/leapseconds b/make/data/tzdata/leapseconds
index cc5d928..8b539e6 100644
--- a/make/data/tzdata/leapseconds
+++ b/make/data/tzdata/leapseconds
@@ -26,21 +26,25 @@
# This file is in the public domain.
# This file is generated automatically from the data in the public-domain
-# leap-seconds.list file, which is copied from:
-# ftp://ftp.nist.gov/pub/time/leap-seconds.list
+# leap-seconds.list file, which can be copied from
+# <ftp://ftp.nist.gov/pub/time/leap-seconds.list>
+# or <ftp://ftp.boulder.nist.gov/pub/time/leap-seconds.list>
+# or <ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.list>.
# For more about leap-seconds.list, please see
# The NTP Timescale and Leap Seconds
-# https://www.eecis.udel.edu/~mills/leap.html
+# <https://www.eecis.udel.edu/~mills/leap.html>.
# The International Earth Rotation and Reference Systems Service
# periodically uses leap seconds to keep UTC to within 0.9 s of UT1
-# (which measures the true angular orientation of the earth in space); see
-# Levine J. Coordinated Universal Time and the leap second.
+# (which measures the true angular orientation of the earth in space)
+# and publishes leap second data in a copyrighted file
+# <https://hpiers.obspm.fr/iers/bul/bulc/Leap_Second.dat>.
+# See: Levine J. Coordinated Universal Time and the leap second.
# URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995
-# http://ieeexplore.ieee.org/document/7909995/
+# <https://ieeexplore.ieee.org/document/7909995>.
# There were no leap seconds before 1972, because the official mechanism
# accounting for the discrepancy between atomic time and the earth's rotation
-# did not exist until the early 1970s.
+# did not exist.
# The correction (+ or -) is made at the given time, so lines
# will typically look like:
@@ -48,10 +52,7 @@
# or
# Leap YEAR MON DAY 23:59:59 - R/S
-# If the leapsecond is Rolling (R) the given time is local time.
-# If the leapsecond is Stationary (S) the given time is UTC.
-
-# Leap YEAR MONTH DAY HH:MM:SS CORR R/S
+# If the leap second is Rolling (R) the given time is local time (unused here).
Leap 1972 Jun 30 23:59:60 + S
Leap 1972 Dec 31 23:59:60 + S
Leap 1973 Dec 31 23:59:60 + S
@@ -80,5 +81,9 @@
Leap 2015 Jun 30 23:59:60 + S
Leap 2016 Dec 31 23:59:60 + S
-# Updated through IERS Bulletin C55
-# File expires on: 28 December 2018
+# POSIX timestamps for the data in this file:
+#updated 1467936000
+#expires 1561680000
+
+# Updated through IERS Bulletin C56
+# File expires on: 28 June 2019
diff --git a/make/data/tzdata/northamerica b/make/data/tzdata/northamerica
index bcfb662..297a10a 100644
--- a/make/data/tzdata/northamerica
+++ b/make/data/tzdata/northamerica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for North and Central America and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -71,7 +73,7 @@
#
# Most of the US soon followed suit. See:
# Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56.
-# http://dx.doi.org/10.2307/3105430
+# https://dx.doi.org/10.2307/3105430
# From Paul Eggert (2005-04-16):
# That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
@@ -460,6 +462,19 @@
# western South Dakota, far western Texas (El Paso County, Hudspeth County,
# and Pine Springs and Nickel Creek in Culberson County), Utah, Wyoming
#
+# From Paul Eggert (2018-10-25):
+# On 1921-03-04 federal law placed all of Texas into the central time zone.
+# However, El Paso ignored the law for decades and continued to observe
+# mountain time, on the grounds that that's what they had always done
+# and they weren't about to let the federal government tell them what to do.
+# Eventually the federal government gave in and changed the law on
+# 1970-04-10 to match what El Paso was actually doing. Although
+# that's slightly after our 1970 cutoff, there is no need to create a
+# separate zone for El Paso since they were ignoring the law anyway. See:
+# Long T. El Pasoans were time rebels, fought to stay in Mountain zone.
+# El Paso Times. 2018-10-24 06:40 -06.
+# https://www.elpasotimes.com/story/news/local/el-paso/2018/10/24/el-pasoans-were-time-rebels-fought-stay-mountain-zone/1744509002/
+#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER
Rule Denver 1920 1921 - Mar lastSun 2:00 1:00 D
Rule Denver 1920 only - Oct lastSun 2:00 0 S
@@ -729,9 +744,7 @@
Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00
-10:30 - HST 1933 Apr 30 2:00
-10:30 1:00 HDT 1933 May 21 12:00
- -10:30 - HST 1942 Feb 9 2:00
- -10:30 1:00 HDT 1945 Sep 30 2:00
- -10:30 - HST 1947 Jun 8 2:00
+ -10:30 US H%sT 1947 Jun 8 2:00
-10:00 - HST
# Now we turn to US areas that have diverged from the consensus since 1970.
diff --git a/make/data/tzdata/pacificnew b/make/data/tzdata/pacificnew
index 9b9257a..020b599 100644
--- a/make/data/tzdata/pacificnew
+++ b/make/data/tzdata/pacificnew
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for proposed US election time (this file is obsolete)
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/make/data/tzdata/southamerica b/make/data/tzdata/southamerica
index 65d3c9f..3f01647 100644
--- a/make/data/tzdata/southamerica
+++ b/make/data/tzdata/southamerica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for South America and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -415,7 +417,7 @@
# standard time, so let's do that here too. This does not change UTC
# offsets, only tm_isdst and the time zone abbreviations. One minor
# plus is that this silences a zic complaint that there's no POSIX TZ
-# setting for time stamps past 2038.
+# setting for timestamps past 2038.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
#
@@ -948,6 +950,14 @@
# ... https://www.timeanddate.com/news/time/brazil-delays-dst-2018.html
# From Steffen Thorsen (2017-12-20):
# http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2017/decreto/D9242.htm
+#
+# From Fábio Gomes (2018-10-04):
+# The Brazilian president just announced a new change on this year DST.
+# It was scheduled to start on November 4th and it was changed to November 18th.
+# From Rodrigo Brüning Wessler (2018-10-15):
+# The Brazilian government just announced that the change in DST was
+# canceled.... Maybe the president Michel Temer also woke up one hour
+# earlier today. :)
Rule Brazil 2018 max - Nov Sun>=1 0:00 1:00 -
Rule Brazil 2023 only - Feb Sun>=22 0:00 0 -
Rule Brazil 2024 2025 - Feb Sun>=15 0:00 0 -
@@ -1254,6 +1264,24 @@
# they will switch from -03 to -04 one hour after Santiago does that day.
# For now, assume that they will not revert.
+# From Juan Correa (2018-08-13):
+# As of moments ago, the Ministry of Energy in Chile has announced the new
+# schema for DST. ... Announcement in video (in Spanish):
+# https://twitter.com/MinEnergia/status/1029000399129374720
+# From Yonathan Dossow (2018-08-13):
+# The video says "first Saturday of September", we all know it means Sunday at
+# midnight.
+# From Tim Parenti (2018-08-13):
+# Translating the captions on the video at 0:44-0:55, "We want to announce as
+# Government that from 2019, Winter Time will be increased to 5 months, between
+# the first Saturday of April and the first Saturday of September."
+# At 2:08-2:20, "The Magallanes region will maintain its current time, as
+# decided by the citizens during 2017, but our Government will promote a
+# regional dialogue table to gather their opinion on this matter."
+# https://twitter.com/MinEnergia/status/1029009354001973248
+# "We will keep the new time policy unchanged for at least the next 4 years."
+# So we extend the new rules on Saturdays at 24:00 mainland time indefinitely.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Chile 1927 1931 - Sep 1 0:00 1:00 -
Rule Chile 1928 1932 - Apr 1 0:00 0 -
@@ -1287,8 +1315,10 @@
Rule Chile 2011 only - Aug Sun>=16 4:00u 1:00 -
Rule Chile 2012 2014 - Apr Sun>=23 3:00u 0 -
Rule Chile 2012 2014 - Sep Sun>=2 4:00u 1:00 -
-Rule Chile 2016 max - May Sun>=9 3:00u 0 -
-Rule Chile 2016 max - Aug Sun>=9 4:00u 1:00 -
+Rule Chile 2016 2018 - May Sun>=9 3:00u 0 -
+Rule Chile 2016 2018 - Aug Sun>=9 4:00u 1:00 -
+Rule Chile 2019 max - Apr Sun>=2 3:00u 0 -
+Rule Chile 2019 max - Sep Sun>=2 4:00u 1:00 -
# IATA SSIM anomalies: (1992-02) says 1992-03-14;
# (1996-09) says 1998-03-08. Ignore these.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
diff --git a/make/data/tzdata/systemv b/make/data/tzdata/systemv
index c7b9a88..63a48e8 100644
--- a/make/data/tzdata/systemv
+++ b/make/data/tzdata/systemv
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for System V rules (this file is obsolete)
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/make/data/tzdata/zone.tab b/make/data/tzdata/zone.tab
index 873737e..2a98586 100644
--- a/make/data/tzdata/zone.tab
+++ b/make/data/tzdata/zone.tab
@@ -21,12 +21,12 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-# tz zone descriptions (deprecated version)
+# tzdb timezone descriptions (deprecated version)
#
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
#
-# From Paul Eggert (2014-07-31):
+# From Paul Eggert (2018-06-27):
# This file is intended as a backward-compatibility aid for older programs.
# New programs should use zone1970.tab. This file is like zone1970.tab (see
# zone1970.tab's comments), but with the following additional restrictions:
@@ -35,13 +35,13 @@
# 2. The first data column contains exactly one country code.
#
# Because of (2), each row stands for an area that is the intersection
-# of a region identified by a country code and of a zone where civil
+# of a region identified by a country code and of a timezone where civil
# clocks have agreed since 1970; this is a narrower definition than
# that of zone1970.tab.
#
-# This table is intended as an aid for users, to help them select time
-# zone data entries appropriate for their practical needs. It is not
-# intended to take or endorse any position on legal or territorial claims.
+# This table is intended as an aid for users, to help them select timezones
+# appropriate for their practical needs. It is not intended to take or
+# endorse any position on legal or territorial claims.
#
#country-
#code coordinates TZ comments
@@ -291,7 +291,7 @@
MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas)
MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan
MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar
-MO +2214+11335 Asia/Macau
+MO +221150+1133230 Asia/Macau
MP +1512+14545 Pacific/Saipan
MQ +1436-06105 America/Martinique
MR +1806-01557 Africa/Nouakchott
diff --git a/make/lib/NetworkingLibraries.gmk b/make/lib/NetworkingLibraries.gmk
index 347c323..47006d0 100644
--- a/make/lib/NetworkingLibraries.gmk
+++ b/make/lib/NetworkingLibraries.gmk
@@ -75,7 +75,7 @@
LDFLAGS_SUFFIX_linux := $(LIBDL) -ljvm -lpthread -ljava, \
LDFLAGS_SUFFIX_aix := $(LIBDL) -ljvm -ljava,\
LDFLAGS_SUFFIX_windows := ws2_32.lib jvm.lib secur32.lib iphlpapi.lib \
- delayimp.lib $(WIN_JAVA_LIB) advapi32.lib \
+ delayimp.lib urlmon.lib $(WIN_JAVA_LIB) advapi32.lib \
-DELAYLOAD:secur32.dll -DELAYLOAD:iphlpapi.dll, \
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
RC_FLAGS := $(RC_FLAGS) \
diff --git a/src/macosx/native/sun/font/CCharToGlyphMapper.m b/src/macosx/native/sun/font/CCharToGlyphMapper.m
index da73588..378117c 100644
--- a/src/macosx/native/sun/font/CCharToGlyphMapper.m
+++ b/src/macosx/native/sun/font/CCharToGlyphMapper.m
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
diff --git a/src/share/classes/com/sun/crypto/provider/RSACipher.java b/src/share/classes/com/sun/crypto/provider/RSACipher.java
index 5a83d8b..5faefb6 100644
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java
+++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -329,7 +329,7 @@
if ((inLen == 0) || (in == null)) {
return;
}
- if (bufOfs + inLen > buffer.length) {
+ if (inLen > (buffer.length - bufOfs)) {
bufOfs = buffer.length + 1;
return;
}
diff --git a/src/share/classes/java/awt/Robot.java b/src/share/classes/java/awt/Robot.java
index b346341..758837d 100644
--- a/src/share/classes/java/awt/Robot.java
+++ b/src/share/classes/java/awt/Robot.java
@@ -391,6 +391,7 @@
* @return Color of the pixel
*/
public synchronized Color getPixelColor(int x, int y) {
+ checkScreenCaptureAllowed();
Color color = new Color(peer.getRGBPixel(x, y));
return color;
}
diff --git a/src/share/classes/java/math/BigDecimal.java b/src/share/classes/java/math/BigDecimal.java
index cab8480..3bb81a6 100644
--- a/src/share/classes/java/math/BigDecimal.java
+++ b/src/share/classes/java/math/BigDecimal.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,8 +29,8 @@
package java.math;
-import java.util.Arrays;
import static java.math.BigInteger.LONG_MASK;
+import java.util.Arrays;
/**
* Immutable, arbitrary-precision signed decimal numbers. A
@@ -407,9 +407,12 @@
* @since 1.5
*/
public BigDecimal(char[] in, int offset, int len, MathContext mc) {
- // protect against huge length.
- if (offset + len > in.length || offset < 0)
- throw new NumberFormatException("Bad offset or len arguments for char[] input.");
+ // protect against huge length, negative values, and integer overflow
+ if ((in.length | len | offset) < 0 || len > in.length - offset) {
+ throw new NumberFormatException
+ ("Bad offset or len arguments for char[] input.");
+ }
+
// This is the primary string to BigDecimal constructor; all
// incoming strings end up here; it uses explicit (inline)
// parsing for speed and generates at most one intermediate
diff --git a/src/share/classes/java/math/BigInteger.java b/src/share/classes/java/math/BigInteger.java
index e35c723..43052c1 100644
--- a/src/share/classes/java/math/BigInteger.java
+++ b/src/share/classes/java/math/BigInteger.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1161,6 +1161,14 @@
private static final double LOG_TWO = Math.log(2.0);
static {
+ assert 0 < KARATSUBA_THRESHOLD
+ && KARATSUBA_THRESHOLD < TOOM_COOK_THRESHOLD
+ && TOOM_COOK_THRESHOLD < Integer.MAX_VALUE
+ && 0 < KARATSUBA_SQUARE_THRESHOLD
+ && KARATSUBA_SQUARE_THRESHOLD < TOOM_COOK_SQUARE_THRESHOLD
+ && TOOM_COOK_SQUARE_THRESHOLD < Integer.MAX_VALUE :
+ "Algorithm thresholds are inconsistent";
+
for (int i = 1; i <= MAX_CONSTANT; i++) {
int[] magnitude = new int[1];
magnitude[0] = i;
@@ -1482,6 +1490,18 @@
* @return {@code this * val}
*/
public BigInteger multiply(BigInteger val) {
+ return multiply(val, false);
+ }
+
+ /**
+ * Returns a BigInteger whose value is {@code (this * val)}. If
+ * the invocation is recursive certain overflow checks are skipped.
+ *
+ * @param val value to be multiplied by this BigInteger.
+ * @param isRecursion whether this is a recursive invocation
+ * @return {@code this * val}
+ */
+ private BigInteger multiply(BigInteger val, boolean isRecursion) {
if (val.signum == 0 || signum == 0)
return ZERO;
@@ -1509,6 +1529,63 @@
if ((xlen < TOOM_COOK_THRESHOLD) && (ylen < TOOM_COOK_THRESHOLD)) {
return multiplyKaratsuba(this, val);
} else {
+ //
+ // In "Hacker's Delight" section 2-13, p.33, it is explained
+ // that if x and y are unsigned 32-bit quantities and m and n
+ // are their respective numbers of leading zeros within 32 bits,
+ // then the number of leading zeros within their product as a
+ // 64-bit unsigned quantity is either m + n or m + n + 1. If
+ // their product is not to overflow, it cannot exceed 32 bits,
+ // and so the number of leading zeros of the product within 64
+ // bits must be at least 32, i.e., the leftmost set bit is at
+ // zero-relative position 31 or less.
+ //
+ // From the above there are three cases:
+ //
+ // m + n leftmost set bit condition
+ // ----- ---------------- ---------
+ // >= 32 x <= 64 - 32 = 32 no overflow
+ // == 31 x >= 64 - 32 = 32 possible overflow
+ // <= 30 x >= 64 - 31 = 33 definite overflow
+ //
+ // The "possible overflow" condition cannot be detected by
+ // examning data lengths alone and requires further calculation.
+ //
+ // By analogy, if 'this' and 'val' have m and n as their
+ // respective numbers of leading zeros within 32*MAX_MAG_LENGTH
+ // bits, then:
+ //
+ // m + n >= 32*MAX_MAG_LENGTH no overflow
+ // m + n == 32*MAX_MAG_LENGTH - 1 possible overflow
+ // m + n <= 32*MAX_MAG_LENGTH - 2 definite overflow
+ //
+ // Note however that if the number of ints in the result
+ // were to be MAX_MAG_LENGTH and mag[0] < 0, then there would
+ // be overflow. As a result the leftmost bit (of mag[0]) cannot
+ // be used and the constraints must be adjusted by one bit to:
+ //
+ // m + n > 32*MAX_MAG_LENGTH no overflow
+ // m + n == 32*MAX_MAG_LENGTH possible overflow
+ // m + n < 32*MAX_MAG_LENGTH definite overflow
+ //
+ // The foregoing leading zero-based discussion is for clarity
+ // only. The actual calculations use the estimated bit length
+ // of the product as this is more natural to the internal
+ // array representation of the magnitude which has no leading
+ // zero elements.
+ //
+ if (!isRecursion) {
+ // The bitLength() instance method is not used here as we
+ // are only considering the magnitudes as non-negative. The
+ // Toom-Cook multiplication algorithm determines the sign
+ // at its end from the two signum values.
+ if (bitLength(mag, mag.length) +
+ bitLength(val.mag, val.mag.length) >
+ 32L*MAX_MAG_LENGTH) {
+ reportOverflow();
+ }
+ }
+
return multiplyToomCook3(this, val);
}
}
@@ -1587,7 +1664,7 @@
int ystart = ylen - 1;
if (z == null || z.length < (xlen+ ylen))
- z = new int[xlen+ylen];
+ z = new int[xlen+ylen];
long carry = 0;
for (int j=ystart, k=ystart+1+xstart; j >= 0; j--, k--) {
@@ -1709,16 +1786,16 @@
BigInteger v0, v1, v2, vm1, vinf, t1, t2, tm1, da1, db1;
- v0 = a0.multiply(b0);
+ v0 = a0.multiply(b0, true);
da1 = a2.add(a0);
db1 = b2.add(b0);
- vm1 = da1.subtract(a1).multiply(db1.subtract(b1));
+ vm1 = da1.subtract(a1).multiply(db1.subtract(b1), true);
da1 = da1.add(a1);
db1 = db1.add(b1);
- v1 = da1.multiply(db1);
+ v1 = da1.multiply(db1, true);
v2 = da1.add(a2).shiftLeft(1).subtract(a0).multiply(
- db1.add(b2).shiftLeft(1).subtract(b0));
- vinf = a2.multiply(b2);
+ db1.add(b2).shiftLeft(1).subtract(b0), true);
+ vinf = a2.multiply(b2, true);
// The algorithm requires two divisions by 2 and one by 3.
// All divisions are known to be exact, that is, they do not produce
@@ -1884,6 +1961,17 @@
* @return {@code this<sup>2</sup>}
*/
private BigInteger square() {
+ return square(false);
+ }
+
+ /**
+ * Returns a BigInteger whose value is {@code (this<sup>2</sup>)}. If
+ * the invocation is recursive certain overflow checks are skipped.
+ *
+ * @param isRecursion whether this is a recursive invocation
+ * @return {@code this<sup>2</sup>}
+ */
+ private BigInteger square(boolean isRecursion) {
if (signum == 0) {
return ZERO;
}
@@ -1896,6 +1984,15 @@
if (len < TOOM_COOK_SQUARE_THRESHOLD) {
return squareKaratsuba();
} else {
+ //
+ // For a discussion of overflow detection see multiply()
+ //
+ if (!isRecursion) {
+ if (bitLength(mag, mag.length) > 16L*MAX_MAG_LENGTH) {
+ reportOverflow();
+ }
+ }
+
return squareToomCook3();
}
}
@@ -2046,13 +2143,13 @@
a0 = getToomSlice(k, r, 2, len);
BigInteger v0, v1, v2, vm1, vinf, t1, t2, tm1, da1;
- v0 = a0.square();
+ v0 = a0.square(true);
da1 = a2.add(a0);
- vm1 = da1.subtract(a1).square();
+ vm1 = da1.subtract(a1).square(true);
da1 = da1.add(a1);
- v1 = da1.square();
- vinf = a2.square();
- v2 = da1.add(a2).shiftLeft(1).subtract(a0).square();
+ v1 = da1.square(true);
+ vinf = a2.square(true);
+ v2 = da1.add(a2).shiftLeft(1).subtract(a0).square(true);
// The algorithm requires two divisions by 2 and one by 3.
// All divisions are known to be exact, that is, they do not produce
@@ -2223,10 +2320,11 @@
// The remaining part can then be exponentiated faster. The
// powers of two will be multiplied back at the end.
int powersOfTwo = partToSquare.getLowestSetBit();
- long bitsToShift = (long)powersOfTwo * exponent;
- if (bitsToShift > Integer.MAX_VALUE) {
+ long bitsToShiftLong = (long)powersOfTwo * exponent;
+ if (bitsToShiftLong > Integer.MAX_VALUE) {
reportOverflow();
}
+ int bitsToShift = (int)bitsToShiftLong;
int remainingBits;
@@ -2236,9 +2334,9 @@
remainingBits = partToSquare.bitLength();
if (remainingBits == 1) { // Nothing left but +/- 1?
if (signum < 0 && (exponent&1) == 1) {
- return NEGATIVE_ONE.shiftLeft(powersOfTwo*exponent);
+ return NEGATIVE_ONE.shiftLeft(bitsToShift);
} else {
- return ONE.shiftLeft(powersOfTwo*exponent);
+ return ONE.shiftLeft(bitsToShift);
}
}
} else {
@@ -2283,13 +2381,16 @@
if (bitsToShift + scaleFactor <= 62) { // Fits in long?
return valueOf((result << bitsToShift) * newSign);
} else {
- return valueOf(result*newSign).shiftLeft((int) bitsToShift);
+ return valueOf(result*newSign).shiftLeft(bitsToShift);
}
- }
- else {
+ } else {
return valueOf(result*newSign);
}
} else {
+ if ((long)bitLength() * exponent / Integer.SIZE > MAX_MAG_LENGTH) {
+ reportOverflow();
+ }
+
// Large number algorithm. This is basically identical to
// the algorithm above, but calls multiply() and square()
// which may use more efficient algorithms for large numbers.
@@ -2309,7 +2410,7 @@
// Multiply back the (exponentiated) powers of two (quickly,
// by shifting left)
if (powersOfTwo > 0) {
- answer = answer.shiftLeft(powersOfTwo*exponent);
+ answer = answer.shiftLeft(bitsToShift);
}
if (signum < 0 && (exponent&1) == 1) {
@@ -3434,7 +3535,7 @@
for (int i=1; i< len && pow2; i++)
pow2 = (mag[i] == 0);
- n = (pow2 ? magBitLength -1 : magBitLength);
+ n = (pow2 ? magBitLength - 1 : magBitLength);
} else {
n = magBitLength;
}
diff --git a/src/share/classes/java/time/chrono/JapaneseEra.java b/src/share/classes/java/time/chrono/JapaneseEra.java
index a33efcd..5d5f7eb 100644
--- a/src/share/classes/java/time/chrono/JapaneseEra.java
+++ b/src/share/classes/java/time/chrono/JapaneseEra.java
@@ -73,6 +73,7 @@
import java.io.Serializable;
import java.time.DateTimeException;
import java.time.LocalDate;
+import java.time.format.DateTimeFormatterBuilder;
import java.time.format.TextStyle;
import java.time.temporal.ChronoField;
import java.time.temporal.TemporalField;
@@ -252,7 +253,12 @@
Objects.requireNonNull(locale, "locale");
return style.asNormal() == TextStyle.NARROW ? getAbbreviation() : getName();
}
- return Era.super.getDisplayName(style, locale);
+
+ return new DateTimeFormatterBuilder()
+ .appendText(ERA, style)
+ .toFormatter(locale)
+ .withChronology(JapaneseChronology.INSTANCE)
+ .format(this == MEIJI ? MEIJI_6_ISODATE : since);
}
//-----------------------------------------------------------------------
diff --git a/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java b/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java
index 9288631..f227d4d 100644
--- a/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java
+++ b/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java
@@ -33,8 +33,7 @@
* credentials without prompting) should only be tried with trusted sites.
*/
public abstract class NTLMAuthenticationCallback {
- private static volatile NTLMAuthenticationCallback callback =
- new DefaultNTLMAuthenticationCallback();
+ private static volatile NTLMAuthenticationCallback callback;
public static void setNTLMAuthenticationCallback(
NTLMAuthenticationCallback callback) {
@@ -50,10 +49,5 @@
* transparent Authentication.
*/
public abstract boolean isTrustedSite(URL url);
-
- static class DefaultNTLMAuthenticationCallback extends NTLMAuthenticationCallback {
- @Override
- public boolean isTrustedSite(URL url) { return true; }
- }
}
diff --git a/src/share/classes/sun/nio/ch/FileChannelImpl.java b/src/share/classes/sun/nio/ch/FileChannelImpl.java
index f786f69..b6895f9 100644
--- a/src/share/classes/sun/nio/ch/FileChannelImpl.java
+++ b/src/share/classes/sun/nio/ch/FileChannelImpl.java
@@ -551,11 +551,10 @@
{
// Untrusted target: Use a newly-erased buffer
int c = Math.min(icount, TRANSFER_SIZE);
- ByteBuffer bb = Util.getTemporaryDirectBuffer(c);
+ ByteBuffer bb = ByteBuffer.allocate(c);
long tw = 0; // Total bytes written
long pos = position;
try {
- Util.erase(bb);
while (tw < icount) {
bb.limit(Math.min((int)(icount - tw), TRANSFER_SIZE));
int nr = read(bb, pos);
@@ -576,8 +575,6 @@
if (tw > 0)
return tw;
throw x;
- } finally {
- Util.releaseTemporaryDirectBuffer(bb);
}
}
@@ -661,11 +658,10 @@
{
// Untrusted target: Use a newly-erased buffer
int c = (int)Math.min(count, TRANSFER_SIZE);
- ByteBuffer bb = Util.getTemporaryDirectBuffer(c);
+ ByteBuffer bb = ByteBuffer.allocate(c);
long tw = 0; // Total bytes written
long pos = position;
try {
- Util.erase(bb);
while (tw < count) {
bb.limit((int)Math.min((count - tw), (long)TRANSFER_SIZE));
// ## Bug: Will block reading src if this channel
@@ -686,8 +682,6 @@
if (tw > 0)
return tw;
throw x;
- } finally {
- Util.releaseTemporaryDirectBuffer(bb);
}
}
diff --git a/src/share/classes/sun/security/pkcs11/P11Signature.java b/src/share/classes/sun/security/pkcs11/P11Signature.java
index b969258..adfc633 100644
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java
+++ b/src/share/classes/sun/security/pkcs11/P11Signature.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -472,6 +472,10 @@
if (len == 0) {
return;
}
+ // check for overflow
+ if (len + bytesProcessed < 0) {
+ throw new ProviderException("Processed bytes limits exceeded.");
+ }
switch (type) {
case T_UPDATE:
try {
diff --git a/src/share/classes/sun/security/provider/DSA.java b/src/share/classes/sun/security/provider/DSA.java
index 98e2de9..6f08f90 100644
--- a/src/share/classes/sun/security/provider/DSA.java
+++ b/src/share/classes/sun/security/provider/DSA.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -491,7 +491,7 @@
}
}
protected void engineUpdate(byte[] input, int offset, int len) {
- if (ofs + len > digestBuffer.length) {
+ if (len > (digestBuffer.length - ofs)) {
ofs = Integer.MAX_VALUE;
} else {
System.arraycopy(input, offset, digestBuffer, ofs, len);
@@ -500,7 +500,7 @@
}
protected final void engineUpdate(ByteBuffer input) {
int inputLen = input.remaining();
- if (ofs + inputLen > digestBuffer.length) {
+ if (inputLen > (digestBuffer.length - ofs)) {
ofs = Integer.MAX_VALUE;
} else {
input.get(digestBuffer, ofs, inputLen);
diff --git a/src/share/classes/sun/security/tools/jarsigner/Main.java b/src/share/classes/sun/security/tools/jarsigner/Main.java
index 57dc512..205f72e 100644
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java
+++ b/src/share/classes/sun/security/tools/jarsigner/Main.java
@@ -29,6 +29,7 @@
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXBuilderParameters;
import java.util.*;
+import java.util.stream.Collectors;
import java.util.zip.*;
import java.util.jar.*;
import java.math.BigInteger;
@@ -101,6 +102,7 @@
private static final String P11KEYSTORE = "PKCS11";
private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds
+ private static final long ONE_YEAR = 366*24*60*60*1000L;
private static final DisabledAlgorithmConstraints DISABLED_CHECK =
new DisabledAlgorithmConstraints(
@@ -111,6 +113,14 @@
private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections
.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
+ static final String VERSION = "1.0";
+
+ static final int IN_KEYSTORE = 0x01; // signer is in keystore
+ static final int IN_SCOPE = 0x02;
+ static final int NOT_ALIAS = 0x04; // alias list is NOT empty and
+ // signer is not in alias list
+ static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list
+
// Attention:
// This is the entry that get launched by the security tool jarsigner.
public static void main(String args[]) throws Exception {
@@ -118,14 +128,6 @@
js.run(args);
}
- static final String VERSION = "1.0";
-
- static final int IN_KEYSTORE = 0x01; // signer is in keystore
- static final int IN_SCOPE = 0x02;
- static final int NOT_ALIAS = 0x04; // alias list is NOT empty and
- // signer is not in alias list
- static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list
-
X509Certificate[] certChain; // signer's cert chain (when composing)
PrivateKey privateKey; // private key
KeyStore store; // the keystore specified by -keystore
@@ -172,8 +174,16 @@
// Informational warnings
private boolean hasExpiringCert = false;
- private boolean noTimestamp = false;
- private Date expireDate = new Date(0L); // used in noTimestamp warning
+ private boolean hasExpiringTsaCert = false;
+ private boolean noTimestamp = true;
+
+ // Expiration date. The value could be null if signed by a trusted cert.
+ private Date expireDate = null;
+ private Date tsaExpireDate = null;
+
+ // If there is a time stamp block inside the PKCS7 block file
+ boolean hasTimestampBlock = false;
+
// Severe warnings.
@@ -186,6 +196,7 @@
private int weakAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg
private boolean hasExpiredCert = false;
+ private boolean hasExpiredTsaCert = false;
private boolean notYetValidCert = false;
private boolean chainNotValidated = false;
private boolean tsaChainNotValidated = false;
@@ -203,6 +214,7 @@
private boolean seeWeak = false;
PKIXBuilderParameters pkixParameters;
+ Set<X509Certificate> trustedCerts = new HashSet<>();
public void run(String args[]) {
try {
@@ -289,8 +301,8 @@
if (strict) {
int exitCode = 0;
- if (weakAlg != 0 || chainNotValidated
- || hasExpiredCert || notYetValidCert || signerSelfSigned) {
+ if (weakAlg != 0 || chainNotValidated || hasExpiredCert
+ || hasExpiredTsaCert || notYetValidCert || signerSelfSigned) {
exitCode |= 4;
}
if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) {
@@ -825,9 +837,6 @@
System.out.println(rb.getString("no.manifest."));
}
- // If there is a time stamp block inside the PKCS7 block file
- boolean hasTimestampBlock = false;
-
// Even if the verbose option is not specified, all out strings
// must be generated so seeWeak can be updated.
if (!digestMap.isEmpty()
@@ -913,8 +922,9 @@
System.out.println();
// If signer is a trusted cert or private entry in user's own
- // keystore, it can be self-signed.
- if (!aliasNotInStore) {
+ // keystore, it can be self-signed. Please note aliasNotInStore
+ // is always false when ~/.keystore is used.
+ if (!aliasNotInStore && keystore != null) {
signerSelfSigned = false;
}
@@ -934,116 +944,7 @@
System.out.println(rb.getString("jar.is.unsigned"));
}
} else {
- boolean warningAppeared = false;
- boolean errorAppeared = false;
- if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
- notYetValidCert || chainNotValidated || hasExpiredCert ||
- hasUnsignedEntry || signerSelfSigned || (weakAlg != 0) ||
- aliasNotInStore || notSignedByAlias || tsaChainNotValidated) {
-
- if (strict) {
- System.out.println(rb.getString("jar.verified.with.signer.errors."));
- System.out.println();
- System.out.println(rb.getString("Error."));
- errorAppeared = true;
- } else {
- System.out.println(rb.getString("jar.verified."));
- System.out.println();
- System.out.println(rb.getString("Warning."));
- warningAppeared = true;
- }
-
- if (weakAlg != 0) {
- // In fact, jarsigner verification did not catch this
- // since it has not read the JarFile content itself.
- // Everything is done with JarFile API.
- }
-
- if (badKeyUsage) {
- System.out.println(
- rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
- }
-
- if (badExtendedKeyUsage) {
- System.out.println(
- rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
- }
-
- if (badNetscapeCertType) {
- System.out.println(
- rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
- }
-
- if (hasUnsignedEntry) {
- System.out.println(rb.getString(
- "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked."));
- }
- if (hasExpiredCert) {
- System.out.println(rb.getString(
- "This.jar.contains.entries.whose.signer.certificate.has.expired."));
- }
- if (notYetValidCert) {
- System.out.println(rb.getString(
- "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
- }
-
- if (chainNotValidated) {
- System.out.println(String.format(
- rb.getString("This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1"),
- chainNotValidatedReason.getLocalizedMessage()));
- }
-
- if (tsaChainNotValidated) {
- System.out.println(String.format(
- rb.getString("This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1"),
- tsaChainNotValidatedReason.getLocalizedMessage()));
- }
-
- if (notSignedByAlias) {
- System.out.println(
- rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es."));
- }
-
- if (aliasNotInStore) {
- System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
- }
-
- if (signerSelfSigned) {
- System.out.println(rb.getString(
- "This.jar.contains.entries.whose.signer.certificate.is.self.signed."));
- }
- } else {
- System.out.println(rb.getString("jar.verified."));
- }
- if (hasExpiringCert || noTimestamp) {
- if (!warningAppeared) {
- System.out.println();
- System.out.println(rb.getString("Warning."));
- warningAppeared = true;
- }
- if (hasExpiringCert) {
- System.out.println(rb.getString(
- "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
- }
- if (noTimestamp) {
- if (hasTimestampBlock) {
- // JarSigner API has not seen the timestamp,
- // might have ignored it due to weak alg, etc.
- System.out.println(
- String.format(rb.getString("bad.timestamp.verifying"), expireDate));
- } else {
- System.out.println(
- String.format(rb.getString("no.timestamp.verifying"), expireDate));
- }
- }
- }
- if (warningAppeared || errorAppeared) {
- if (! (verbose != null && showcerts)) {
- System.out.println();
- System.out.println(rb.getString(
- "Re.run.with.the.verbose.and.certs.options.for.more.details."));
- }
- }
+ displayMessagesAndResult(false);
}
return;
} catch (Exception e) {
@@ -1060,6 +961,230 @@
System.exit(1);
}
+ private void displayMessagesAndResult(boolean isSigning) {
+ String result;
+ List<String> errors = new ArrayList<>();
+ List<String> warnings = new ArrayList<>();
+ List<String> info = new ArrayList<>();
+
+ boolean signerNotExpired = expireDate == null
+ || expireDate.after(new Date());
+
+ if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
+ notYetValidCert || chainNotValidated || hasExpiredCert ||
+ hasUnsignedEntry || signerSelfSigned || (weakAlg != 0) ||
+ aliasNotInStore || notSignedByAlias ||
+ tsaChainNotValidated ||
+ (hasExpiredTsaCert && !signerNotExpired)) {
+
+ if (strict) {
+ result = rb.getString(isSigning
+ ? "jar.signed.with.signer.errors."
+ : "jar.verified.with.signer.errors.");
+ } else {
+ result = rb.getString(isSigning
+ ? "jar.signed."
+ : "jar.verified.");
+ }
+
+ if (badKeyUsage) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."
+ : "This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
+ }
+
+ if (badExtendedKeyUsage) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."
+ : "This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
+ }
+
+ if (badNetscapeCertType) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."
+ : "This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
+ }
+
+ // only in verifying
+ if (hasUnsignedEntry) {
+ errors.add(rb.getString(
+ "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked."));
+ }
+ if (hasExpiredCert) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.has.expired."
+ : "This.jar.contains.entries.whose.signer.certificate.has.expired."));
+ }
+ if (notYetValidCert) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.is.not.yet.valid."
+ : "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
+ }
+
+ if (chainNotValidated) {
+ errors.add(String.format(rb.getString(isSigning
+ ? "The.signer.s.certificate.chain.is.invalid.reason.1"
+ : "This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1"),
+ chainNotValidatedReason.getLocalizedMessage()));
+ }
+
+ if (hasExpiredTsaCert) {
+ errors.add(rb.getString("The.timestamp.has.expired."));
+ }
+ if (tsaChainNotValidated) {
+ errors.add(String.format(rb.getString(isSigning
+ ? "The.tsa.certificate.chain.is.invalid.reason.1"
+ : "This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1"),
+ tsaChainNotValidatedReason.getLocalizedMessage()));
+ }
+
+ // only in verifying
+ if (notSignedByAlias) {
+ errors.add(
+ rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es."));
+ }
+
+ // only in verifying
+ if (aliasNotInStore) {
+ errors.add(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
+ }
+
+ if (signerSelfSigned) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.s.certificate.is.self.signed."
+ : "This.jar.contains.entries.whose.signer.certificate.is.self.signed."));
+ }
+
+ // weakAlg only detected in signing. The jar file is
+ // now simply treated unsigned in verifying.
+ if ((weakAlg & 1) == 1) {
+ errors.add(String.format(
+ rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
+ digestalg, "-digestalg"));
+ }
+
+ if ((weakAlg & 2) == 2) {
+ errors.add(String.format(
+ rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
+ sigalg, "-sigalg"));
+ }
+ if ((weakAlg & 4) == 4) {
+ errors.add(String.format(
+ rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
+ tSADigestAlg, "-tsadigestalg"));
+ }
+ if ((weakAlg & 8) == 8) {
+ errors.add(String.format(
+ rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk."),
+ privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
+ }
+ } else {
+ result = rb.getString(isSigning ? "jar.signed." : "jar.verified.");
+ }
+
+ if (hasExpiredTsaCert) {
+ // No need to warn about expiring if already expired
+ hasExpiringTsaCert = false;
+ }
+
+ if (hasExpiringCert ||
+ (hasExpiringTsaCert && expireDate != null) ||
+ (noTimestamp && expireDate != null) ||
+ (hasExpiredTsaCert && signerNotExpired)) {
+
+ if (hasExpiredTsaCert && signerNotExpired) {
+ if (expireDate != null) {
+ warnings.add(String.format(
+ rb.getString("The.timestamp.expired.1.but.usable.2"),
+ tsaExpireDate,
+ expireDate));
+ }
+ // Reset the flag so exit code is 0
+ hasExpiredTsaCert = false;
+ }
+ if (hasExpiringCert) {
+ warnings.add(rb.getString(isSigning
+ ? "The.signer.certificate.will.expire.within.six.months."
+ : "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
+ }
+ if (hasExpiringTsaCert && expireDate != null) {
+ if (expireDate.after(tsaExpireDate)) {
+ warnings.add(String.format(rb.getString(
+ "The.timestamp.will.expire.within.one.year.on.1.but.2"), tsaExpireDate, expireDate));
+ } else {
+ warnings.add(String.format(rb.getString(
+ "The.timestamp.will.expire.within.one.year.on.1"), tsaExpireDate));
+ }
+ }
+ if (noTimestamp && expireDate != null) {
+ if (hasTimestampBlock) {
+ warnings.add(String.format(rb.getString(isSigning
+ ? "invalid.timestamp.signing"
+ : "bad.timestamp.verifying"), expireDate));
+ } else {
+ warnings.add(String.format(rb.getString(isSigning
+ ? "no.timestamp.signing"
+ : "no.timestamp.verifying"), expireDate));
+ }
+ }
+ }
+
+ System.out.println(result);
+ if (strict) {
+ if (!errors.isEmpty()) {
+ System.out.println();
+ System.out.println(rb.getString("Error."));
+ errors.forEach(System.out::println);
+ }
+ if (!warnings.isEmpty()) {
+ System.out.println();
+ System.out.println(rb.getString("Warning."));
+ warnings.forEach(System.out::println);
+ }
+ } else {
+ if (!errors.isEmpty() || !warnings.isEmpty()) {
+ System.out.println();
+ System.out.println(rb.getString("Warning."));
+ errors.forEach(System.out::println);
+ warnings.forEach(System.out::println);
+ }
+ }
+ if (!isSigning && (!errors.isEmpty() || !warnings.isEmpty())) {
+ if (! (verbose != null && showcerts)) {
+ System.out.println();
+ System.out.println(rb.getString(
+ "Re.run.with.the.verbose.and.certs.options.for.more.details."));
+ }
+ }
+
+ if (isSigning || verbose != null) {
+ // Always print out expireDate, unless expired or expiring.
+ if (!hasExpiringCert && !hasExpiredCert
+ && expireDate != null && signerNotExpired) {
+ info.add(String.format(rb.getString(
+ "The.signer.certificate.will.expire.on.1."), expireDate));
+ }
+ if (!noTimestamp) {
+ if (!hasExpiringTsaCert && !hasExpiredTsaCert && tsaExpireDate != null) {
+ if (signerNotExpired) {
+ info.add(String.format(rb.getString(
+ "The.timestamp.will.expire.on.1."), tsaExpireDate));
+ } else {
+ info.add(String.format(rb.getString(
+ "signer.cert.expired.1.but.timestamp.good.2."),
+ expireDate,
+ tsaExpireDate));
+ }
+ }
+ }
+ }
+
+ if (!info.isEmpty()) {
+ System.out.println();
+ info.forEach(System.out::println);
+ }
+ }
+
private String withWeak(String alg, Set<CryptoPrimitive> primitiveSet) {
if (DISABLED_CHECK.permits(primitiveSet, alg, null)) {
return alg;
@@ -1094,8 +1219,9 @@
*
* Note: no newline character at the end.
*
- * When isTsCert is true, this method sets global flags like hasExpiredCert,
- * notYetValidCert, badKeyUsage, badExtendedKeyUsage, badNetscapeCertType.
+ * This method sets global flags like hasExpiringCert, hasExpiredCert,
+ * notYetValidCert, badKeyUsage, badExtendedKeyUsage, badNetscapeCertType,
+ * hasExpiringTsaCert, hasExpiredTsaCert.
*
* @param isTsCert true if c is in the TSA cert chain, false otherwise.
* @param checkUsage true to check code signer keyUsage
@@ -1124,55 +1250,75 @@
if (x509Cert != null) {
certStr.append("\n").append(tab).append("[");
- Date notAfter = x509Cert.getNotAfter();
- try {
- boolean printValidity = true;
- if (timestamp == null) {
- if (expireDate.getTime() == 0 || expireDate.after(notAfter)) {
- expireDate = notAfter;
- }
- x509Cert.checkValidity();
- // test if cert will expire within six months
- if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) {
- if (!isTsCert) hasExpiringCert = true;
- if (expiringTimeForm == null) {
- expiringTimeForm = new MessageFormat(
- rb.getString("certificate.will.expire.on"));
+
+ if (trustedCerts.contains(x509Cert)) {
+ certStr.append(rb.getString("trusted.certificate"));
+ } else {
+ Date notAfter = x509Cert.getNotAfter();
+ try {
+ boolean printValidity = true;
+ if (isTsCert) {
+ if (tsaExpireDate == null || tsaExpireDate.after(notAfter)) {
+ tsaExpireDate = notAfter;
}
- Object[] source = { notAfter };
- certStr.append(expiringTimeForm.format(source));
- printValidity = false;
+ } else {
+ if (expireDate == null || expireDate.after(notAfter)) {
+ expireDate = notAfter;
+ }
}
- } else {
- x509Cert.checkValidity(timestamp);
- }
- if (printValidity) {
- if (validityTimeForm == null) {
- validityTimeForm = new MessageFormat(
- rb.getString("certificate.is.valid.from"));
+ if (timestamp == null) {
+ x509Cert.checkValidity();
+ // test if cert will expire within six months (or one year for tsa)
+ long age = isTsCert ? ONE_YEAR : SIX_MONTHS;
+ if (notAfter.getTime() < System.currentTimeMillis() + age) {
+ if (isTsCert) {
+ hasExpiringTsaCert = true;
+ } else {
+ hasExpiringCert = true;
+ }
+ if (expiringTimeForm == null) {
+ expiringTimeForm = new MessageFormat(
+ rb.getString("certificate.will.expire.on"));
+ }
+ Object[] source = {notAfter};
+ certStr.append(expiringTimeForm.format(source));
+ printValidity = false;
+ }
+ } else {
+ x509Cert.checkValidity(timestamp);
}
- Object[] source = { x509Cert.getNotBefore(), notAfter };
- certStr.append(validityTimeForm.format(source));
- }
- } catch (CertificateExpiredException cee) {
- if (!isTsCert) hasExpiredCert = true;
+ if (printValidity) {
+ if (validityTimeForm == null) {
+ validityTimeForm = new MessageFormat(
+ rb.getString("certificate.is.valid.from"));
+ }
+ Object[] source = {x509Cert.getNotBefore(), notAfter};
+ certStr.append(validityTimeForm.format(source));
+ }
+ } catch (CertificateExpiredException cee) {
+ if (isTsCert) {
+ hasExpiredTsaCert = true;
+ } else {
+ hasExpiredCert = true;
+ }
- if (expiredTimeForm == null) {
- expiredTimeForm = new MessageFormat(
- rb.getString("certificate.expired.on"));
- }
- Object[] source = { notAfter };
- certStr.append(expiredTimeForm.format(source));
+ if (expiredTimeForm == null) {
+ expiredTimeForm = new MessageFormat(
+ rb.getString("certificate.expired.on"));
+ }
+ Object[] source = {notAfter};
+ certStr.append(expiredTimeForm.format(source));
- } catch (CertificateNotYetValidException cnyve) {
- if (!isTsCert) notYetValidCert = true;
+ } catch (CertificateNotYetValidException cnyve) {
+ if (!isTsCert) notYetValidCert = true;
- if (notYetTimeForm == null) {
- notYetTimeForm = new MessageFormat(
- rb.getString("certificate.is.not.valid.until"));
+ if (notYetTimeForm == null) {
+ notYetTimeForm = new MessageFormat(
+ rb.getString("certificate.is.not.valid.until"));
+ }
+ Object[] source = {x509Cert.getNotBefore()};
+ certStr.append(notYetTimeForm.format(source));
}
- Object[] source = { x509Cert.getNotBefore() };
- certStr.append(notYetTimeForm.format(source));
}
certStr.append("]");
@@ -1638,152 +1784,57 @@
// The JarSigner API always accepts the timestamp received.
// We need to extract the certs from the signed jar to
// validate it.
- if (!noTimestamp) {
- try (JarFile check = new JarFile(signedJarFile)) {
- PKCS7 p7 = new PKCS7(check.getInputStream(check.getEntry(
- "META-INF/" + sigfile + "." + privateKey.getAlgorithm())));
+ try (JarFile check = new JarFile(signedJarFile)) {
+ PKCS7 p7 = new PKCS7(check.getInputStream(check.getEntry(
+ "META-INF/" + sigfile + "." + privateKey.getAlgorithm())));
+ Timestamp ts = null;
+ try {
SignerInfo si = p7.getSignerInfos()[0];
- PKCS7 tsToken = si.getTsToken();
- SignerInfo tsSi = tsToken.getSignerInfos()[0];
- try {
- validateCertChain(Validator.VAR_TSA_SERVER,
- tsSi.getCertificateChain(tsToken), null);
- } catch (Exception e) {
- tsaChainNotValidated = true;
- tsaChainNotValidatedReason = e;
+ if (si.getTsToken() != null) {
+ hasTimestampBlock = true;
}
+ ts = si.getTimestamp();
} catch (Exception e) {
- if (debug) {
- e.printStackTrace();
+ tsaChainNotValidated = true;
+ tsaChainNotValidatedReason = e;
+ }
+ // Spaces before the ">>> Signer" and other lines are different
+ String result = certsAndTSInfo("", " ", Arrays.asList(certChain), ts);
+ if (verbose != null) {
+ System.out.println(result);
+ }
+ } catch (Exception e) {
+ if (debug) {
+ e.printStackTrace();
+ }
+ }
+
+ if (signedjar == null) {
+ // attempt an atomic rename. If that fails,
+ // rename the original jar file, then the signed
+ // one, then delete the original.
+ if (!signedJarFile.renameTo(jarFile)) {
+ File origJar = new File(jarName+".orig");
+
+ if (jarFile.renameTo(origJar)) {
+ if (signedJarFile.renameTo(jarFile)) {
+ origJar.delete();
+ } else {
+ MessageFormat form = new MessageFormat(rb.getString
+ ("attempt.to.rename.signedJarFile.to.jarFile.failed"));
+ Object[] source = {signedJarFile, jarFile};
+ error(form.format(source));
+ }
+ } else {
+ MessageFormat form = new MessageFormat(rb.getString
+ ("attempt.to.rename.jarFile.to.origJar.failed"));
+ Object[] source = {jarFile, origJar};
+ error(form.format(source));
}
}
}
- // no IOException thrown in the follow try clause, so disable
- // the try clause.
- // try {
- if (signedjar == null) {
- // attempt an atomic rename. If that fails,
- // rename the original jar file, then the signed
- // one, then delete the original.
- if (!signedJarFile.renameTo(jarFile)) {
- File origJar = new File(jarName+".orig");
-
- if (jarFile.renameTo(origJar)) {
- if (signedJarFile.renameTo(jarFile)) {
- origJar.delete();
- } else {
- MessageFormat form = new MessageFormat(rb.getString
- ("attempt.to.rename.signedJarFile.to.jarFile.failed"));
- Object[] source = {signedJarFile, jarFile};
- error(form.format(source));
- }
- } else {
- MessageFormat form = new MessageFormat(rb.getString
- ("attempt.to.rename.jarFile.to.origJar.failed"));
- Object[] source = {jarFile, origJar};
- error(form.format(source));
- }
- }
- }
-
- boolean warningAppeared = false;
- if (weakAlg != 0 || badKeyUsage || badExtendedKeyUsage
- || badNetscapeCertType || notYetValidCert
- || chainNotValidated || tsaChainNotValidated
- || hasExpiredCert || signerSelfSigned) {
- if (strict) {
- System.out.println(rb.getString("jar.signed.with.signer.errors."));
- System.out.println();
- System.out.println(rb.getString("Error."));
- } else {
- System.out.println(rb.getString("jar.signed."));
- System.out.println();
- System.out.println(rb.getString("Warning."));
- warningAppeared = true;
- }
-
- if (badKeyUsage) {
- System.out.println(
- rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
- }
-
- if (badExtendedKeyUsage) {
- System.out.println(
- rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
- }
-
- if (badNetscapeCertType) {
- System.out.println(
- rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
- }
-
- if (hasExpiredCert) {
- System.out.println(
- rb.getString("The.signer.certificate.has.expired."));
- } else if (notYetValidCert) {
- System.out.println(
- rb.getString("The.signer.certificate.is.not.yet.valid."));
- }
-
- if (chainNotValidated) {
- System.out.println(String.format(
- rb.getString("The.signer.s.certificate.chain.is.invalid.reason.1"),
- chainNotValidatedReason.getLocalizedMessage()));
- }
-
- if (tsaChainNotValidated) {
- System.out.println(String.format(
- rb.getString("The.tsa.certificate.chain.is.invalid.reason.1"),
- tsaChainNotValidatedReason.getLocalizedMessage()));
- }
-
- if (signerSelfSigned) {
- System.out.println(
- rb.getString("The.signer.s.certificate.is.self.signed."));
- }
-
- if ((weakAlg & 1) == 1) {
- System.out.println(String.format(
- rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
- digestalg, "-digestalg"));
- }
-
- if ((weakAlg & 2) == 2) {
- System.out.println(String.format(
- rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
- sigalg, "-sigalg"));
- }
- if ((weakAlg & 4) == 4) {
- System.out.println(String.format(
- rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
- tSADigestAlg, "-tsadigestalg"));
- }
- } else {
- System.out.println(rb.getString("jar.signed."));
- }
- if (hasExpiringCert || noTimestamp) {
- if (!warningAppeared) {
- System.out.println();
- System.out.println(rb.getString("Warning."));
- }
-
- if (hasExpiringCert) {
- System.out.println(
- rb.getString("The.signer.certificate.will.expire.within.six.months."));
- }
-
- if (noTimestamp) {
- System.out.println(
- String.format(rb.getString("no.timestamp.signing"), expireDate));
- }
- }
-
- // no IOException thrown in the above try clause, so disable
- // the catch clause.
- // } catch(IOException ioe) {
- // error(rb.getString("unable.to.sign.jar.")+ioe, ioe);
- // }
+ displayMessagesAndResult(true);
}
/**
@@ -1831,31 +1882,57 @@
Map<CodeSigner,String> cacheForSignerInfo = new IdentityHashMap<>();
/**
- * Returns a string of singer info, with a newline at the end
+ * Returns a string of signer info, with a newline at the end.
+ * Called by verifyJar().
*/
private String signerInfo(CodeSigner signer, String tab) throws Exception {
if (cacheForSignerInfo.containsKey(signer)) {
return cacheForSignerInfo.get(signer);
}
- StringBuilder sb = new StringBuilder();
List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
- // display the signature timestamp, if present
- Date timestamp;
+ // signing time is only displayed on verification
Timestamp ts = signer.getTimestamp();
+ String tsLine = "";
if (ts != null) {
- sb.append(printTimestamp(tab, ts));
- sb.append('\n');
+ tsLine = printTimestamp(tab, ts) + "\n";
+ }
+ // Spaces before the ">>> Signer" and other lines are the same.
+
+ String result = certsAndTSInfo(tab, tab, certs, ts);
+ cacheForSignerInfo.put(signer, tsLine + result);
+ return result;
+ }
+
+ /**
+ * Fills info on certs and timestamp into a StringBuilder, sets
+ * warning flags (through printCert) and validates cert chains.
+ *
+ * @param tab1 spaces before the ">>> Signer" line
+ * @param tab2 spaces before the other lines
+ * @param certs the signer cert
+ * @param ts the timestamp, can be null
+ * @return the info as a string
+ */
+ private String certsAndTSInfo(
+ String tab1,
+ String tab2,
+ List<? extends Certificate> certs, Timestamp ts)
+ throws Exception {
+
+ Date timestamp;
+ if (ts != null) {
timestamp = ts.getTimestamp();
+ noTimestamp = false;
} else {
timestamp = null;
- noTimestamp = true;
}
// display the certificate(s). The first one is end-entity cert and
// its KeyUsage should be checked.
boolean first = true;
- sb.append(tab).append(rb.getString("...Signer")).append('\n');
+ StringBuilder sb = new StringBuilder();
+ sb.append(tab1).append(rb.getString("...Signer")).append('\n');
for (Certificate c : certs) {
- sb.append(printCert(false, tab, c, timestamp, first));
+ sb.append(printCert(false, tab2, c, timestamp, first));
sb.append('\n');
first = false;
}
@@ -1864,13 +1941,13 @@
} catch (Exception e) {
chainNotValidated = true;
chainNotValidatedReason = e;
- sb.append(tab).append(rb.getString(".Invalid.certificate.chain."))
+ sb.append(tab2).append(rb.getString(".Invalid.certificate.chain."))
.append(e.getLocalizedMessage()).append("]\n");
}
if (ts != null) {
- sb.append(tab).append(rb.getString("...TSA")).append('\n');
+ sb.append(tab1).append(rb.getString("...TSA")).append('\n');
for (Certificate c : ts.getSignerCertPath().getCertificates()) {
- sb.append(printCert(true, tab, c, timestamp, false));
+ sb.append(printCert(true, tab2, c, null, false));
sb.append('\n');
}
try {
@@ -1879,7 +1956,7 @@
} catch (Exception e) {
tsaChainNotValidated = true;
tsaChainNotValidatedReason = e;
- sb.append(tab).append(rb.getString(".Invalid.TSA.certificate.chain."))
+ sb.append(tab2).append(rb.getString(".Invalid.TSA.certificate.chain."))
.append(e.getLocalizedMessage()).append("]\n");
}
}
@@ -1887,9 +1964,8 @@
&& KeyStoreUtil.isSelfSigned((X509Certificate)certs.get(0))) {
signerSelfSigned = true;
}
- String result = sb.toString();
- cacheForSignerInfo.put(signer, result);
- return result;
+
+ return sb.toString();
}
private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze)
@@ -1939,7 +2015,6 @@
}
try {
- Set<TrustAnchor> tas = new HashSet<>();
try {
KeyStore caks = KeyStoreUtil.getCacertsKeyStore();
if (caks != null) {
@@ -1947,7 +2022,7 @@
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
try {
- tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
+ trustedCerts.add((X509Certificate)caks.getCertificate(a));
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
}
@@ -2006,7 +2081,7 @@
// PrivateKeyEntry
if (store.isCertificateEntry(a) ||
c.getSubjectDN().equals(c.getIssuerDN())) {
- tas.add(new TrustAnchor(c, null));
+ trustedCerts.add(c);
}
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
@@ -2014,7 +2089,11 @@
}
} finally {
try {
- pkixParameters = new PKIXBuilderParameters(tas, null);
+ pkixParameters = new PKIXBuilderParameters(
+ trustedCerts.stream()
+ .map(c -> new TrustAnchor(c, null))
+ .collect(Collectors.toSet()),
+ null);
pkixParameters.setRevocationEnabled(false);
} catch (InvalidAlgorithmParameterException ex) {
// Only if tas is empty
@@ -2130,6 +2209,7 @@
}
}
+ // Called by signJar().
void getAliasInfo(String alias) throws Exception {
Key key = null;
@@ -2174,22 +2254,6 @@
certChain[i] = (X509Certificate)cs[i];
}
- // We don't meant to print anything, the next call
- // checks validity and keyUsage etc
- printCert(false, "", certChain[0], null, true);
-
- try {
- validateCertChain(Validator.VAR_CODE_SIGNING,
- Arrays.asList(certChain), null);
- } catch (Exception e) {
- chainNotValidated = true;
- chainNotValidatedReason = e;
- }
-
- if (KeyStoreUtil.isSelfSigned(certChain[0])) {
- signerSelfSigned = true;
- }
-
try {
if (!token && keypass == null)
key = store.getKey(alias, storepass);
@@ -2247,7 +2311,7 @@
* @param parameter this might be a timestamp
*/
void validateCertChain(String variant, List<? extends Certificate> certs,
- Object parameter)
+ Timestamp parameter)
throws Exception {
try {
Validator.getInstance(Validator.TYPE_PKIX,
@@ -2261,8 +2325,22 @@
}
// Exception might be dismissed if another warning flag
- // is already set by printCert. This is only done for
- // code signing certs.
+ // is already set by printCert.
+
+ if (variant.equals(Validator.VAR_TSA_SERVER) &&
+ e instanceof ValidatorException) {
+ // Throw cause if it's CertPathValidatorException,
+ if (e.getCause() != null &&
+ e.getCause() instanceof CertPathValidatorException) {
+ e = (Exception) e.getCause();
+ Throwable t = e.getCause();
+ if ((t instanceof CertificateExpiredException &&
+ hasExpiredTsaCert)) {
+ // we already have hasExpiredTsaCert
+ return;
+ }
+ }
+ }
if (variant.equals(Validator.VAR_CODE_SIGNING) &&
e instanceof ValidatorException) {
diff --git a/src/share/classes/sun/security/tools/jarsigner/Resources.java b/src/share/classes/sun/security/tools/jarsigner/Resources.java
index 7a6ea5c..da460ca 100644
--- a/src/share/classes/sun/security/tools/jarsigner/Resources.java
+++ b/src/share/classes/sun/security/tools/jarsigner/Resources.java
@@ -219,6 +219,7 @@
{"Error.", "Error: "},
{"...Signer", ">>> Signer"},
{"...TSA", ">>> TSA"},
+ {"trusted.certificate", "trusted certificate"},
{"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
"This jar contains unsigned entries which have not been integrity-checked. "},
{"This.jar.contains.entries.whose.signer.certificate.has.expired.",
@@ -235,8 +236,16 @@
"Re-run with the -verbose and -certs options for more details."},
{"The.signer.certificate.has.expired.",
"The signer certificate has expired."},
+ {"The.timestamp.expired.1.but.usable.2",
+ "The timestamp expired on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the signer certificate expires on %2$tY-%2$tm-%2$td."},
+ {"The.timestamp.has.expired.",
+ "The timestamp has expired."},
{"The.signer.certificate.will.expire.within.six.months.",
"The signer certificate will expire within six months."},
+ {"The.timestamp.will.expire.within.one.year.on.1",
+ "The timestamp will expire within one year on %1$tY-%1$tm-%1$td."},
+ {"The.timestamp.will.expire.within.one.year.on.1.but.2",
+ "The timestamp will expire within one year on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the signer certificate expires on %2$tY-%2$tm-%2$td."},
{"The.signer.certificate.is.not.yet.valid.",
"The signer certificate is not yet valid."},
{"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
@@ -267,10 +276,18 @@
"This jar contains entries whose TSA certificate chain is invalid. Reason: %s"},
{"no.timestamp.signing",
"No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
+ {"invalid.timestamp.signing",
+ "The timestamp is invalid. Without a valid timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td)."},
{"no.timestamp.verifying",
- "This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
+ "This jar contains signatures that do not include a timestamp. Without a timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as %1$tY-%1$tm-%1$td)."},
{"bad.timestamp.verifying",
"This jar contains signatures that include an invalid timestamp. Without a valid timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as %1$tY-%1$tm-%1$td).\nRerun jarsigner with -J-Djava.security.debug=jar for more information."},
+ {"The.signer.certificate.will.expire.on.1.",
+ "The signer certificate will expire on %1$tY-%1$tm-%1$td."},
+ {"The.timestamp.will.expire.on.1.",
+ "The timestamp will expire on %1$tY-%1$tm-%1$td."},
+ {"signer.cert.expired.1.but.timestamp.good.2.",
+ "The signer certificate expired on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the timestamp expires on %2$tY-%2$tm-%2$td."},
{"Unknown.password.type.", "Unknown password type: "},
{"Cannot.find.environment.variable.",
"Cannot find environment variable: "},
diff --git a/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java b/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java
index 26c6140..2ff41ed 100644
--- a/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java
+++ b/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java
@@ -217,6 +217,7 @@
{"Error.", "\u30A8\u30E9\u30FC: "},
{"...Signer", ">>> \u7F72\u540D\u8005"},
{"...TSA", ">>> TSA"},
+ {"trusted.certificate", "\u4FE1\u983C\u3067\u304D\u308B\u8A3C\u660E\u66F8"},
{"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
"\u3053\u306Ejar\u306B\u306F\u3001\u6574\u5408\u6027\u30C1\u30A7\u30C3\u30AF\u3092\u3057\u3066\u3044\u306A\u3044\u7F72\u540D\u306A\u3057\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
{"This.jar.contains.entries.whose.signer.certificate.has.expired.",
@@ -233,8 +234,16 @@
"\u8A73\u7D30\u306F\u3001-verbose\u304A\u3088\u3073-certs\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
{"The.signer.certificate.has.expired.",
"\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u671F\u9650\u5207\u308C\u3067\u3059\u3002"},
+ {"The.timestamp.expired.1.but.usable.2",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"},
+ {"The.timestamp.has.expired.",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3057\u305F\u3002"},
{"The.signer.certificate.will.expire.within.six.months.",
"\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
+ {"The.timestamp.will.expire.within.one.year.on.1",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F1\u5E74\u4EE5\u5185\u306E%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
+ {"The.timestamp.will.expire.within.one.year.on.1.but.2",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F1\u5E74\u4EE5\u5185\u306E%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"},
{"The.signer.certificate.is.not.yet.valid.",
"\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u307E\u305B\u3093\u3002"},
{"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
@@ -265,10 +274,18 @@
"\u3053\u306Ejar\u306B\u306F\u3001TSA\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u7121\u52B9\u306A\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u7406\u7531: %s"},
{"no.timestamp.signing",
"-tsa\u307E\u305F\u306F-tsacert\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u306A\u3044\u305F\u3081\u3001\u3053\u306Ejar\u306B\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u4ED8\u52A0\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"},
+ {"invalid.timestamp.signing",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u7121\u52B9\u3067\u3059\u3002\u6709\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"},
{"no.timestamp.verifying",
- "\u3053\u306Ejar\u306B\u306F\u3001\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"},
+ "\u3053\u306Ejar\u306B\u306F\u3001\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u3044\u305A\u308C\u304B\u306E\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650\u5F8C\u306B(\u65E9\u3051\u308C\u3070%1$tY-%1$tm-%1$td)\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"},
{"bad.timestamp.verifying",
"\u3053\u306Ejar\u306B\u306F\u3001\u7121\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u3042\u308B\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u6709\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u3044\u305A\u308C\u304B\u306E\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650\u5F8C\u306B(\u65E9\u3051\u308C\u3070%1$tY-%1$tm-%1$td)\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002\n\u8A73\u7D30\u306F\u3001-J-Djava.security.debug=jar\u3092\u6307\u5B9A\u3057\u3066jarsigner\u3092\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
+ {"The.signer.certificate.will.expire.on.1.",
+ "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
+ {"The.timestamp.will.expire.on.1.",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
+ {"signer.cert.expired.1.but.timestamp.good.2.",
+ "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"},
{"Unknown.password.type.", "\u4E0D\u660E\u306A\u30D1\u30B9\u30EF\u30FC\u30C9\u30FB\u30BF\u30A4\u30D7: "},
{"Cannot.find.environment.variable.",
"\u74B0\u5883\u5909\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "},
diff --git a/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java b/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
index 22df992..4476023 100644
--- a/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
+++ b/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
@@ -217,6 +217,7 @@
{"Error.", "\u9519\u8BEF: "},
{"...Signer", ">>> \u7B7E\u540D\u8005"},
{"...TSA", ">>> TSA"},
+ {"trusted.certificate", "\u53EF\u4FE1\u8BC1\u4E66"},
{"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
"\u6B64 jar \u5305\u542B\u5C1A\u672A\u8FDB\u884C\u5B8C\u6574\u6027\u68C0\u67E5\u7684\u672A\u7B7E\u540D\u6761\u76EE\u3002 "},
{"This.jar.contains.entries.whose.signer.certificate.has.expired.",
@@ -233,8 +234,16 @@
"\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u548C -certs \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"},
{"The.signer.certificate.has.expired.",
"\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u3002"},
+ {"The.timestamp.expired.1.but.usable.2",
+ "\u65F6\u95F4\u6233\u5230\u671F\u65E5\u671F\u4E3A %1$tY-%1$tm-%1$td\u3002\u4E0D\u8FC7\uFF0C\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"},
+ {"The.timestamp.has.expired.",
+ "\u65F6\u95F4\u6233\u5DF2\u5230\u671F\u3002"},
{"The.signer.certificate.will.expire.within.six.months.",
"\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u3002"},
+ {"The.timestamp.will.expire.within.one.year.on.1",
+ "\u65F6\u95F4\u6233\u5C06\u5728\u4E00\u5E74\u5185\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"},
+ {"The.timestamp.will.expire.within.one.year.on.1.but.2",
+ "\u65F6\u95F4\u6233\u5C06\u5728\u4E00\u5E74\u5185\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002\u4E0D\u8FC7\uFF0C\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"},
{"The.signer.certificate.is.not.yet.valid.",
"\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u3002"},
{"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
@@ -265,10 +274,18 @@
"\u6B64 jar \u5305\u542B\u5176 TSA \u8BC1\u4E66\u94FE\u65E0\u6548\u7684\u6761\u76EE\u3002\u539F\u56E0: %s"},
{"no.timestamp.signing",
"\u672A\u63D0\u4F9B -tsa \u6216 -tsacert, \u6B64 jar \u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"},
+ {"invalid.timestamp.signing",
+ "\u65F6\u95F4\u6233\u65E0\u6548\u3002\u5982\u679C\u6CA1\u6709\u6709\u6548\u7684\u65F6\u95F4\u6233\uFF0C\u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u4E4B\u540E\uFF0C\u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"},
{"no.timestamp.verifying",
- "\u6B64 jar \u5305\u542B\u7684\u7B7E\u540D\u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"},
+ "\u6B64 jar \u5305\u542B\u7684\u7B7E\u540D\u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u5176\u4E2D\u4EFB\u4E00\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F (\u6700\u65E9\u4E3A %1$tY-%1$tm-%1$td) \u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"},
{"bad.timestamp.verifying",
"\u6B64 jar \u5305\u542B\u5E26\u6709\u65E0\u6548\u65F6\u95F4\u6233\u7684\u7B7E\u540D\u3002\u5982\u679C\u6CA1\u6709\u6709\u6548\u65F6\u95F4\u6233, \u5219\u5728\u5176\u4E2D\u4EFB\u4E00\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F (\u6700\u65E9\u4E3A %1$tY-%1$tm-%1$td) \u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002\n\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -J-Djava.security.debug=jar \u91CD\u65B0\u8FD0\u884C jarsigner\u3002"},
+ {"The.signer.certificate.will.expire.on.1.",
+ "\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"},
+ {"The.timestamp.will.expire.on.1.",
+ "\u65F6\u95F4\u6233\u5C06\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"},
+ {"signer.cert.expired.1.but.timestamp.good.2.",
+ "\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F\u65E5\u671F\u4E3A %1$tY-%1$tm-%1$td\u3002\u4E0D\u8FC7\uFF0C\u5728\u65F6\u95F4\u6233\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"},
{"Unknown.password.type.", "\u672A\u77E5\u53E3\u4EE4\u7C7B\u578B: "},
{"Cannot.find.environment.variable.",
"\u627E\u4E0D\u5230\u73AF\u5883\u53D8\u91CF: "},
diff --git a/src/share/classes/sun/security/util/Resources_sv.java b/src/share/classes/sun/security/util/Resources_sv.java
index 79f08fa..3493a0a 100644
--- a/src/share/classes/sun/security/util/Resources_sv.java
+++ b/src/share/classes/sun/security/util/Resources_sv.java
@@ -67,10 +67,10 @@
{".Principal.", "\tIdentitetshavare: "},
{".Public.Credential.", "\tOffentlig inloggning: "},
{".Private.Credentials.inaccessible.",
- "\tPrivat inloggning \u00E4r inte tillg\u00E4nglig\n"},
+ "\tPrivat inloggning \u00E4r inte m\u00F6jlig\n"},
{".Private.Credential.", "\tPrivat inloggning: "},
{".Private.Credential.inaccessible.",
- "\tPrivat inloggning \u00E4r inte tillg\u00E4nglig\n"},
+ "\tPrivat inloggning \u00E4r inte m\u00F6jlig\n"},
{"Subject.is.read.only", "Innehavare \u00E4r skrivskyddad"},
{"attempting.to.add.an.object.which.is.not.an.instance.of.java.security.Principal.to.a.Subject.s.Principal.Set",
"f\u00F6rs\u00F6k att l\u00E4gga till ett objekt som inte \u00E4r en instans av java.security.Principal till ett subjekts upps\u00E4ttning av identitetshavare"},
diff --git a/src/share/classes/sun/util/resources/TimeZoneNames.java b/src/share/classes/sun/util/resources/TimeZoneNames.java
index 3e4a0da..261d43a 100644
--- a/src/share/classes/sun/util/resources/TimeZoneNames.java
+++ b/src/share/classes/sun/util/resources/TimeZoneNames.java
@@ -666,9 +666,9 @@
"Magadan Summer Time", "MAGST",
"Magadan Time", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Philippines Time", "PHT",
- "Philippines Summer Time", "PHST",
- "Philippines Time", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java b/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java
index cb0b627..67cc5b0 100644
--- a/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java
+++ b/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java
@@ -667,9 +667,9 @@
"Magadanische Sommerzeit", "MAGST",
"Magadanische Zeit", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Philippinische Zeit", "PHT",
- "Philippinische Sommerzeit", "PHST",
- "Philippinische Zeit", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java b/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java
index 10a85b6..4d564b0 100644
--- a/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java
+++ b/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java
@@ -667,9 +667,9 @@
"Hora de verano de Magad\u00e1n", "MAGST",
"Hora de Magad\u00E1n", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Hora de Filipinas", "PHT",
- "Hora de verano de Filipinas", "PHST",
- "Hora de Filipinas", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java b/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java
index faf5795..c649f9a 100644
--- a/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java
+++ b/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java
@@ -667,9 +667,9 @@
"Heure d'\u00e9t\u00e9 de Magadan", "MAGST",
"Heure de Magadan", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Heure des Philippines", "PHT",
- "Heure d'\u00e9t\u00e9 des Philippines", "PHST",
- "Heure des Philippines", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java b/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java
index 9325485..b9724ee 100644
--- a/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java
+++ b/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java
@@ -667,9 +667,9 @@
"Ora estiva di Magadan", "MAGST",
"Ora di Magadan", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Ora delle Filippine", "PHT",
- "Ora estiva delle Filippine", "PHST",
- "Ora delle Filippine", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java b/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java
index 1fb35f0..6fe96fa 100644
--- a/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java
+++ b/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java
@@ -667,9 +667,9 @@
"\u30de\u30ac\u30c0\u30f3\u590f\u6642\u9593", "MAGST",
"\u30DE\u30AC\u30C0\u30F3\u6642\u9593", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"\u30d5\u30a3\u30ea\u30d4\u30f3\u6642\u9593", "PHT",
- "\u30d5\u30a3\u30ea\u30d4\u30f3\u590f\u6642\u9593", "PHST",
- "\u30D5\u30A3\u30EA\u30D4\u30F3\u6642\u9593", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java b/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java
index a6970e0..4621b47 100644
--- a/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java
+++ b/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java
@@ -667,9 +667,9 @@
"\ub9c8\uac00\ub2e8 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "MAGST",
"\uB9C8\uAC00\uB2E8 \uD45C\uC900\uC2DC", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"\ud544\ub9ac\ud540 \uc2dc\uac04", "PHT",
- "\ud544\ub9ac\ud540 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "PHST",
- "\uD544\uB9AC\uD540 \uD45C\uC900\uC2DC", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java b/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java
index bcc610d..6baac2d 100644
--- a/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java
+++ b/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java
@@ -667,9 +667,9 @@
"Fuso hor\u00e1rio de ver\u00e3o de Magadan", "MAGST",
"Hor\u00E1rio de Magadan", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Fuso hor\u00e1rio das Filipinas", "PHT",
- "Fuso hor\u00e1rio de ver\u00e3o das Filipinas", "PHST",
- "Hor\u00E1rio das Filipinas", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java b/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java
index a4e8b7d..0a07192 100644
--- a/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java
+++ b/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java
@@ -667,9 +667,9 @@
"Magadan, sommartid", "MAGST",
"Magadan-tid", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Filippinerna, normaltid", "PHT",
- "Filippinerna, sommartid", "PHST",
- "Filippinsk tid", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java b/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java
index 4f6eebe..1d1b2dc 100644
--- a/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java
+++ b/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java
@@ -667,9 +667,9 @@
"Magadan \u590f\u4ee4\u65f6", "MAGST",
"Magadan \u65F6\u95F4", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"\u83f2\u5f8b\u5bbe\u65f6\u95f4", "PHT",
- "\u83f2\u5f8b\u5bbe\u590f\u4ee4\u65f6", "PHST",
- "\u83F2\u5F8B\u5BBE\u65F6\u95F4", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java b/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java
index 372bc9e..280c186 100644
--- a/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java
+++ b/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java
@@ -667,9 +667,9 @@
"Magadan \u590f\u4ee4\u6642\u9593", "MAGST",
"\u99AC\u52A0\u4E39\u6642\u9593", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"\u83f2\u5f8b\u8cd3\u6642\u9593", "PHT",
- "\u83f2\u5f8b\u8cd3\u590f\u4ee4\u6642\u9593", "PHST",
- "\u83F2\u5F8B\u8CD3\u6642\u9593", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/src/share/lib/net.properties b/src/share/lib/net.properties
index b490e17..a541eef 100644
--- a/src/share/lib/net.properties
+++ b/src/share/lib/net.properties
@@ -1,5 +1,5 @@
############################################################
-# Default Networking Configuration File
+# Default Networking Configuration File
#
# This file may contain default values for the networking system properties.
# These values are only used when the system properties are not specified
@@ -14,7 +14,7 @@
# Note that the system properties that do explicitely set proxies
# (like http.proxyHost) do take precedence over the system settings
# even if java.net.useSystemProxies is set to true.
-
+
java.net.useSystemProxies=false
#------------------------------------------------------------------------
@@ -66,8 +66,8 @@
# socksProxyPort=1080
#
# HTTP Keep Alive settings. remainingData is the maximum amount of data
-# in kilobytes that will be cleaned off the underlying socket so that it
-# can be reused (default value is 512K), queuedConnections is the maximum
+# in kilobytes that will be cleaned off the underlying socket so that it
+# can be reused (default value is 512K), queuedConnections is the maximum
# number of Keep Alive connections to be on the queue for clean up (default
# value is 10).
# http.KeepAlive.remainingData=512
@@ -99,3 +99,23 @@
#jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=Basic
+#
+# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
+# can be used for the NTLM scheme, where the security credentials based on the
+# currently logged in user's name and password can be obtained directly from the
+# operating system, without prompting the user. This property has three possible
+# values which regulate the behavior as shown below. Other unrecognized values
+# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
+# strongly secure authentication scheme and care should be taken before enabling
+# this mechanism.
+#
+# Transparent authentication never used.
+#jdk.http.ntlm.transparentAuth=disabled
+#
+# Enabled for all hosts.
+#jdk.http.ntlm.transparentAuth=allHosts
+#
+# Enabled for hosts that are trusted in Windows Internet settings
+#jdk.http.ntlm.transparentAuth=trustedHosts
+#
+jdk.http.ntlm.transparentAuth=disabled
diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix
index ac6b586..13abdd6 100644
--- a/src/share/lib/security/java.security-aix
+++ b/src/share/lib/security/java.security-aix
@@ -620,7 +620,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux
index 9b26919..c730d50 100644
--- a/src/share/lib/security/java.security-linux
+++ b/src/share/lib/security/java.security-linux
@@ -620,7 +620,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx
index 205b13a..2ac4637 100644
--- a/src/share/lib/security/java.security-macosx
+++ b/src/share/lib/security/java.security-macosx
@@ -623,7 +623,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris
index 1fb4c0e..a5c4d86 100644
--- a/src/share/lib/security/java.security-solaris
+++ b/src/share/lib/security/java.security-solaris
@@ -622,7 +622,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows
index 3d80302..a0ce655 100644
--- a/src/share/lib/security/java.security-windows
+++ b/src/share/lib/security/java.security-windows
@@ -623,7 +623,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/src/share/native/sun/awt/image/jpeg/jmemmgr.c b/src/share/native/sun/awt/image/jpeg/jmemmgr.c
index 5ee6813..a34a1ca 100644
--- a/src/share/native/sun/awt/image/jpeg/jmemmgr.c
+++ b/src/share/native/sun/awt/image/jpeg/jmemmgr.c
@@ -406,6 +406,9 @@
JDIMENSION rowsperchunk, currow, i;
long ltemp;
+ if (samplesperrow == 0) {
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+ }
/* Calculate max # of rows allowed in one allocation chunk */
ltemp = (MAX_ALLOC_CHUNK-SIZEOF(large_pool_hdr)) /
((long) samplesperrow * SIZEOF(JSAMPLE));
@@ -454,6 +457,10 @@
JDIMENSION rowsperchunk, currow, i;
long ltemp;
+ if (blocksperrow == 0) {
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+ }
+
/* Calculate max # of rows allowed in one allocation chunk */
ltemp = (MAX_ALLOC_CHUNK-SIZEOF(large_pool_hdr)) /
((long) blocksperrow * SIZEOF(JBLOCK));
diff --git a/src/share/native/sun/java2d/cmm/lcms/cmscgats.c b/src/share/native/sun/java2d/cmm/lcms/cmscgats.c
index ff88ffb..981736a 100644
--- a/src/share/native/sun/java2d/cmm/lcms/cmscgats.c
+++ b/src/share/native/sun/java2d/cmm/lcms/cmscgats.c
@@ -1535,10 +1535,16 @@
t-> nSamples = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS"));
t-> nPatches = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS"));
- t-> Data = (char**)AllocChunk (it8, ((cmsUInt32Number) t->nSamples + 1) * ((cmsUInt32Number) t->nPatches + 1) *sizeof (char*));
- if (t->Data == NULL) {
+ if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe)
+ {
+ SynError(it8, "AllocateDataSet: too much data");
+ }
+ else {
+ t->Data = (char**)AllocChunk(it8, ((cmsUInt32Number)t->nSamples + 1) * ((cmsUInt32Number)t->nPatches + 1) * sizeof(char*));
+ if (t->Data == NULL) {
- SynError(it8, "AllocateDataSet: Unable to allocate data array");
+ SynError(it8, "AllocateDataSet: Unable to allocate data array");
+ }
}
}
diff --git a/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java b/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
index 9bf60a8..fdb7eed 100644
--- a/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
+++ b/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
@@ -90,10 +90,13 @@
/**
* Returns true if the given site is trusted, i.e. we can try
- * transparent Authentication.
+ * transparent Authentication. Shouldn't be called since
+ * capability not supported on Unix
*/
public static boolean isTrustedSite(URL url) {
- return NTLMAuthCallback.isTrustedSite(url);
+ if (NTLMAuthCallback != null)
+ return NTLMAuthCallback.isTrustedSite(url);
+ return false;
}
private void init0() {
diff --git a/src/solaris/instrument/FileSystemSupport_md.c b/src/solaris/instrument/FileSystemSupport_md.c
index c527836..4740a7f 100644
--- a/src/solaris/instrument/FileSystemSupport_md.c
+++ b/src/solaris/instrument/FileSystemSupport_md.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,6 +23,7 @@
* questions.
*/
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -50,6 +51,10 @@
} else {
int len = last - path;
char* str = (char*)malloc(len+1);
+ if (str == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
if (len > 0) {
memcpy(str, path, len);
}
@@ -80,6 +85,10 @@
if (n == 0) return strdup("/");
sb = (char*)malloc(strlen(pathname)+1);
+ if (sb == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
sbLen = 0;
if (off > 0) {
@@ -128,6 +137,10 @@
len = parentEnd + cn - childStart;
if (child[0] == slash) {
theChars = (char*)malloc(len+1);
+ if (theChars == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
if (parentEnd > 0)
memcpy(theChars, parent, parentEnd);
if (cn > 0)
@@ -135,6 +148,10 @@
theChars[len] = '\0';
} else {
theChars = (char*)malloc(len+2);
+ if (theChars == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
if (parentEnd > 0)
memcpy(theChars, parent, parentEnd);
theChars[parentEnd] = slash;
@@ -150,10 +167,13 @@
if (len > 1 && path[len-1] == slash) {
// "/foo/" --> "/foo", but "/" --> "/"
char* str = (char*)malloc(len);
- if (str != NULL) {
- memcpy(str, path, len-1);
- str[len-1] = '\0';
+ if (str == NULL)
+ {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
}
+ memcpy(str, path, len-1);
+ str[len-1] = '\0';
return str;
} else {
return (char*)path;
diff --git a/src/solaris/native/java/net/net_util_md.c b/src/solaris/native/java/net/net_util_md.c
index b840584..bd0bd8c 100644
--- a/src/solaris/native/java/net/net_util_md.c
+++ b/src/solaris/native/java/net/net_util_md.c
@@ -608,6 +608,8 @@
if (loRoutesTemp == 0) {
free(loRoutes);
+ loRoutes = NULL;
+ nRoutes = 0;
fclose (f);
return;
}
diff --git a/src/solaris/native/sun/awt/awt_UNIXToolkit.c b/src/solaris/native/sun/awt/awt_UNIXToolkit.c
index af560a4..8c93219 100644
--- a/src/solaris/native/sun/awt/awt_UNIXToolkit.c
+++ b/src/solaris/native/sun/awt/awt_UNIXToolkit.c
@@ -184,6 +184,7 @@
detail_str = (char *)SAFE_SIZE_ARRAY_ALLOC(malloc,
sizeof(char), len + 1);
if (detail_str == NULL) {
+ free(stock_id_str);
JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError");
return JNI_FALSE;
}
diff --git a/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java b/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
index eb9b18d..1b2c874 100644
--- a/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
+++ b/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
@@ -30,6 +30,7 @@
import java.net.PasswordAuthentication;
import java.net.UnknownHostException;
import java.net.URL;
+import sun.net.NetProperties;
import sun.net.www.HeaderParser;
import sun.net.www.protocol.http.AuthenticationInfo;
import sun.net.www.protocol.http.AuthScheme;
@@ -52,6 +53,14 @@
private static String defaultDomain; /* Domain to use if not specified by user */
private static final boolean ntlmCache; /* Whether cache is enabled for NTLM */
+ enum TransparentAuth {
+ DISABLED, // disable for all hosts (default)
+ TRUSTED_HOSTS, // use Windows trusted hosts settings
+ ALL_HOSTS // attempt for all hosts
+ }
+
+ private static final TransparentAuth authMode;
+
static {
defaultDomain = java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("http.auth.ntlm.domain",
@@ -59,6 +68,19 @@
String ntlmCacheProp = java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("jdk.ntlm.cache", "true"));
ntlmCache = Boolean.parseBoolean(ntlmCacheProp);
+ String modeProp = java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction<String>() {
+ public String run() {
+ return NetProperties.get("jdk.http.ntlm.transparentAuth");
+ }
+ });
+
+ if ("trustedHosts".equalsIgnoreCase(modeProp))
+ authMode = TransparentAuth.TRUSTED_HOSTS;
+ else if ("allHosts".equalsIgnoreCase(modeProp))
+ authMode = TransparentAuth.ALL_HOSTS;
+ else
+ authMode = TransparentAuth.DISABLED;
};
private void init0() {
@@ -159,9 +181,21 @@
* transparent Authentication.
*/
public static boolean isTrustedSite(URL url) {
- return NTLMAuthCallback.isTrustedSite(url);
+ if (NTLMAuthCallback != null)
+ return NTLMAuthCallback.isTrustedSite(url);
+
+ switch (authMode) {
+ case TRUSTED_HOSTS:
+ return isTrustedSite(url.toString());
+ case ALL_HOSTS:
+ return true;
+ default:
+ return false;
+ }
}
+ static native boolean isTrustedSite(String url);
+
/**
* Not supported. Must use the setHeaders() method
*/
@@ -211,5 +245,4 @@
return false;
}
}
-
}
diff --git a/src/windows/classes/sun/security/mscapi/KeyStore.java b/src/windows/classes/sun/security/mscapi/KeyStore.java
index 075ac78..599b0db 100644
--- a/src/windows/classes/sun/security/mscapi/KeyStore.java
+++ b/src/windows/classes/sun/security/mscapi/KeyStore.java
@@ -753,6 +753,7 @@
/**
* Generates a certificate chain from the collection of
* certificates and stores the result into a key entry.
+ * This method is called by native code in libsunmscapi.
*/
private void generateCertificateChain(String alias,
Collection<? extends Certificate> certCollection)
@@ -775,13 +776,15 @@
catch (Throwable e)
{
// Ignore the exception and skip this entry
- // TODO - throw CertificateException?
+ // If e is thrown, remember to deal with it in
+ // native code.
}
}
/**
* Generates RSA key and certificate chain from the private key handle,
* collection of certificates and stores the result into key entries.
+ * This method is called by native code in libsunmscapi.
*/
private void generateRSAKeyAndCertificateChain(String alias,
long hCryptProv, long hCryptKey, int keyLength,
@@ -807,12 +810,14 @@
catch (Throwable e)
{
// Ignore the exception and skip this entry
- // TODO - throw CertificateException?
+ // If e is thrown, remember to deal with it in
+ // native code.
}
}
/**
* Generates certificates from byte data and stores into cert collection.
+ * This method is called by native code in libsunmscapi.
*
* @param data Byte data.
* @param certCollection Collection of certificates.
@@ -836,12 +841,14 @@
catch (CertificateException e)
{
// Ignore the exception and skip this certificate
- // TODO - throw CertificateException?
+ // If e is thrown, remember to deal with it in
+ // native code.
}
catch (Throwable te)
{
// Ignore the exception and skip this certificate
- // TODO - throw CertificateException?
+ // If e is thrown, remember to deal with it in
+ // native code.
}
}
diff --git a/src/windows/classes/sun/security/mscapi/RSASignature.java b/src/windows/classes/sun/security/mscapi/RSASignature.java
index d8d8849..24f8190 100644
--- a/src/windows/classes/sun/security/mscapi/RSASignature.java
+++ b/src/windows/classes/sun/security/mscapi/RSASignature.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -132,7 +132,7 @@
@Override
protected void engineUpdate(byte[] b, int off, int len)
throws SignatureException {
- if (offset + len > precomputedDigest.length) {
+ if (len > (precomputedDigest.length - offset)) {
offset = RAW_RSA_MAX + 1;
return;
}
@@ -147,7 +147,7 @@
if (len <= 0) {
return;
}
- if (offset + len > precomputedDigest.length) {
+ if (len > (precomputedDigest.length - offset)) {
offset = RAW_RSA_MAX + 1;
return;
}
diff --git a/src/windows/instrument/FileSystemSupport_md.c b/src/windows/instrument/FileSystemSupport_md.c
index f99a8a9..f190067 100644
--- a/src/windows/instrument/FileSystemSupport_md.c
+++ b/src/windows/instrument/FileSystemSupport_md.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,6 +23,7 @@
* questions.
*/
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <malloc.h>
@@ -66,6 +67,10 @@
} else {
int len = (int)(last - path);
char* str = (char*)malloc(len+1);
+ if (str == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
if (len > 0) {
memcpy(str, path, len);
}
@@ -135,6 +140,10 @@
if (off < 3) off = 0; /* Avoid fencepost cases with UNC pathnames */
sb = (char*)malloc(len+1);
+ if (sb == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
sbLen = 0;
if (off == 0) {
@@ -261,11 +270,19 @@
if (child[childStart] == slash) {
theChars = (char*)malloc(len+1);
+ if (theChars == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
memcpy(theChars, parent, parentEnd);
memcpy(theChars+parentEnd, child+childStart, (cn-childStart));
theChars[len] = '\0';
} else {
theChars = (char*)malloc(len+2);
+ if (theChars == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
memcpy(theChars, parent, parentEnd);
theChars[parentEnd] = slash;
memcpy(theChars+parentEnd+1, child+childStart, (cn-childStart));
@@ -320,10 +337,12 @@
return (char*)path;
} else {
char* p = (char*)malloc(len+1);
- if (p != NULL) {
- memcpy(p, path+start, len);
- p[len] = '\0';
+ if (p == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
}
+ memcpy(p, path+start, len);
+ p[len] = '\0';
return p;
}
}
diff --git a/src/windows/native/java/net/NetworkInterface.c b/src/windows/native/java/net/NetworkInterface.c
index 4c6561e..5a89cf4 100644
--- a/src/windows/native/java/net/NetworkInterface.c
+++ b/src/windows/native/java/net/NetworkInterface.c
@@ -279,7 +279,7 @@
// But in rare case it fails, we allow 'char' to be displayed
curr->displayName = (char *)malloc(ifrowP->dwDescrLen + 1);
} else {
- curr->displayName = (wchar_t *)malloc(wlen*(sizeof(wchar_t))+1);
+ curr->displayName = (wchar_t *)malloc((wlen+1)*sizeof(wchar_t));
}
curr->name = (char *)malloc(strlen(dev_name) + 1);
@@ -322,7 +322,7 @@
free(curr);
return -1;
} else {
- curr->displayName[wlen*(sizeof(wchar_t))] = '\0';
+ ((wchar_t *)curr->displayName)[wlen] = L'\0';
curr->dNameIsUnicode = TRUE;
}
}
@@ -861,6 +861,7 @@
/* allocate a NetworkInterface array */
netIFArr = (*env)->NewObjectArray(env, count, cls, NULL);
if (netIFArr == NULL) {
+ free_netif(ifList);
return NULL;
}
@@ -875,6 +876,7 @@
netifObj = createNetworkInterface(env, curr, -1, NULL);
if (netifObj == NULL) {
+ free_netif(ifList);
return NULL;
}
diff --git a/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp b/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp
index 6dca15b..562fdce 100644
--- a/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp
+++ b/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp
@@ -32,6 +32,7 @@
#include "AccessBridgePackages.h" // for debugging only
#include <windows.h>
#include <malloc.h>
+#include <new>
DEBUG_CODE(extern HWND theDialogWindow);
extern "C" {
@@ -46,6 +47,9 @@
next = (AccessBridgeQueueElement *) 0;
previous = (AccessBridgeQueueElement *) 0;
buffer = (char *) malloc(bufsize);
+ if (buffer == NULL) {
+ throw std::bad_alloc();
+ }
memcpy(buffer, buf, bufsize);
}
diff --git a/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c b/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c
new file mode 100644
index 0000000..db771d8
--- /dev/null
+++ b/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <jni.h>
+#include <windows.h>
+#include "jni_util.h"
+#include <urlmon.h>
+
+JNIEXPORT jboolean JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthentication_isTrustedSite(JNIEnv *env, jclass clazz, jstring url )
+{
+
+ HRESULT hr;
+ DWORD dwZone;
+ DWORD pPolicy = 0;
+ IInternetSecurityManager *spSecurityManager;
+ jboolean ret;
+ LPCWSTR bstrURL;
+
+ // Create IInternetSecurityManager
+ hr = CoInternetCreateSecurityManager(NULL, &spSecurityManager, (DWORD)0);
+ if (FAILED(hr)) {
+ return JNI_FALSE;
+ }
+
+ bstrURL = (LPCWSTR)((*env)->GetStringChars(env, url, NULL));
+ if (bstrURL == NULL) {
+ if (!(*env)->ExceptionCheck(env))
+ JNU_ThrowOutOfMemoryError(env, NULL);
+ spSecurityManager->lpVtbl->Release(spSecurityManager);
+ return JNI_FALSE;
+ }
+
+ // Determines the policy for the URLACTION_CREDENTIALS_USE action and display
+ // a user interface, if the policy indicates that the user should be queried
+ hr = spSecurityManager->lpVtbl->ProcessUrlAction(
+ spSecurityManager,
+ bstrURL,
+ URLACTION_CREDENTIALS_USE,
+ (LPBYTE)&pPolicy,
+ sizeof(DWORD), 0, 0, 0, 0);
+
+ if (FAILED(hr)) {
+ ret = JNI_FALSE;
+ goto cleanupAndReturn;
+ }
+
+ // If these two User Authentication Logon options is selected
+ // Anonymous logon
+ // Prompt for user name and password
+ if (pPolicy == URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY ||
+ pPolicy == URLPOLICY_CREDENTIALS_MUST_PROMPT_USER) {
+ ret = JNI_FALSE;
+ goto cleanupAndReturn;
+ }
+
+ // Option "Automatic logon with current user name and password" is selected
+ if (pPolicy == URLPOLICY_CREDENTIALS_SILENT_LOGON_OK) {
+ ret = JNI_TRUE;
+ goto cleanupAndReturn;
+ }
+
+ // Option "Automatic logon only in intranet zone" is selected
+ if (pPolicy == URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT) {
+
+ // Gets the zone index from the specified URL
+ hr = spSecurityManager->lpVtbl->MapUrlToZone(
+ spSecurityManager, bstrURL, &dwZone, 0);
+ if (FAILED(hr)) {
+ ret = JNI_FALSE;
+ goto cleanupAndReturn;
+ }
+
+ // Check if the URL is in Local or Intranet zone
+ if (dwZone == URLZONE_INTRANET || dwZone == URLZONE_LOCAL_MACHINE) {
+ ret = JNI_TRUE;
+ goto cleanupAndReturn;
+ }
+ }
+ ret = JNI_FALSE;
+
+cleanupAndReturn:
+ (*env)->ReleaseStringChars(env, url, bstrURL);
+ spSecurityManager->lpVtbl->Release(spSecurityManager);
+ return ret;
+}
diff --git a/src/windows/native/sun/nio/ch/DatagramDispatcher.c b/src/windows/native/sun/nio/ch/DatagramDispatcher.c
index a5f5e45..e111b89 100644
--- a/src/windows/native/sun/nio/ch/DatagramDispatcher.c
+++ b/src/windows/native/sun/nio/ch/DatagramDispatcher.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -95,6 +95,10 @@
jint fd = fdval(env, fdo);
struct iovec *iovp = (struct iovec *)address;
WSABUF *bufs = malloc(len * sizeof(WSABUF));
+ if (bufs == NULL) {
+ JNU_ThrowOutOfMemoryError(env, NULL);
+ return IOS_THROWN;
+ }
/* copy iovec into WSABUF */
for(i=0; i<len; i++) {
@@ -182,6 +186,10 @@
jint fd = fdval(env, fdo);
struct iovec *iovp = (struct iovec *)address;
WSABUF *bufs = malloc(len * sizeof(WSABUF));
+ if (bufs == NULL) {
+ JNU_ThrowOutOfMemoryError(env, NULL);
+ return IOS_THROWN;
+ }
/* copy iovec into WSABUF */
for(i=0; i<len; i++) {
diff --git a/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c b/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c
index 7d5e1e7..c43496a 100644
--- a/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c
+++ b/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -208,6 +208,10 @@
/* Prepare corresponding buffer if needed, and then read */
if (bytesToRead > WAKEUP_SOCKET_BUF_SIZE) {
char* buf = (char*)malloc(bytesToRead);
+ if (buf == NULL) {
+ JNU_ThrowOutOfMemoryError(env, NULL);
+ return;
+ }
recv(scinFd, buf, bytesToRead, 0);
free(buf);
} else {
diff --git a/src/windows/native/sun/security/krb5/NativeCreds.c b/src/windows/native/sun/security/krb5/NativeCreds.c
index 554eb63..b7f81d2 100644
--- a/src/windows/native/sun/security/krb5/NativeCreds.c
+++ b/src/windows/native/sun/security/krb5/NativeCreds.c
@@ -76,7 +76,8 @@
BOOL PackageConnectLookup(PHANDLE,PULONG);
-NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName,
+NTSTATUS ConstructTicketRequest(JNIEnv *env,
+ UNICODE_STRING DomainName,
PKERB_RETRIEVE_TKT_REQUEST *outRequest,
ULONG *outSize);
@@ -102,6 +103,8 @@
jobject BuildTicketFlags(JNIEnv *env, PULONG flags);
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime);
+void ThrowOOME(JNIEnv *env, const char *szMessage);
+
/*
* Class: sun_security_krb5_KrbCreds
* Method: JNI_OnLoad
@@ -495,7 +498,7 @@
}
// use domain to request Ticket
- Status = ConstructTicketRequest(msticket->TargetDomainName,
+ Status = ConstructTicketRequest(env, msticket->TargetDomainName,
&pTicketRequest, &requestSize);
if (!LSA_SUCCESS(Status)) {
ShowNTError("ConstructTicketRequest status", Status);
@@ -689,7 +692,7 @@
}
static NTSTATUS
-ConstructTicketRequest(UNICODE_STRING DomainName,
+ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName,
PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize)
{
NTSTATUS Status;
@@ -736,8 +739,10 @@
pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
LocalAlloc(LMEM_ZEROINIT, RequestSize);
- if (!pTicketRequest)
+ if (!pTicketRequest) {
+ ThrowOOME(env, "Can't allocate memory for ticket");
return GetLastError();
+ }
//
// Concatenate the target prefix with the previous response's
@@ -894,7 +899,7 @@
jbyteArray ary;
ary = (*env)->NewByteArray(env,encodedTicketSize);
- if ((*env)->ExceptionOccurred(env)) {
+ if (ary == NULL) {
return (jobject) NULL;
}
@@ -940,6 +945,10 @@
realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
+ if (realm == NULL) {
+ ThrowOOME(env, "Can't allocate memory for realm");
+ return NULL;
+ }
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
if (native_debug) {
@@ -1014,6 +1023,9 @@
}
ary = (*env)->NewByteArray(env,cryptoKey->Length);
+ if (ary == NULL) {
+ return (jobject) NULL;
+ }
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
(jbyte *)cryptoKey->Value);
if ((*env)->ExceptionOccurred(env)) {
@@ -1036,6 +1048,9 @@
ULONG nlflags = htonl(*flags);
ary = (*env)->NewByteArray(env, sizeof(*flags));
+ if (ary == NULL) {
+ return (jobject) NULL;
+ }
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
(jbyte *)&nlflags);
if ((*env)->ExceptionOccurred(env)) {
@@ -1088,3 +1103,10 @@
}
return kerberosTime;
}
+
+void ThrowOOME(JNIEnv *env, const char *szMessage) {
+ jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
+ if (exceptionClazz != NULL) {
+ (*env)->ThrowNew(env, exceptionClazz, szMessage);
+ }
+}
diff --git a/src/windows/native/sun/security/mscapi/security.cpp b/src/windows/native/sun/security/mscapi/security.cpp
index d327302..7012a35 100644
--- a/src/windows/native/sun/security/mscapi/security.cpp
+++ b/src/windows/native/sun/security/mscapi/security.cpp
@@ -425,6 +425,15 @@
// Create ArrayList to store certs in each chain
jobject jArrayList =
env->NewObject(clazzArrayList, mNewArrayList);
+ if (jArrayList == NULL) {
+ __leave;
+ }
+
+ // Cleanup the previous allocated name
+ if (pszNameString) {
+ delete [] pszNameString;
+ pszNameString = NULL;
+ }
for (unsigned int j=0; j < rgpChain->cElement; j++)
{
@@ -463,6 +472,9 @@
// Allocate and populate byte array
jbyteArray byteArray = env->NewByteArray(cbCertEncoded);
+ if (byteArray == NULL) {
+ __leave;
+ }
env->SetByteArrayRegion(byteArray, 0, cbCertEncoded,
(jbyte*) pbCertEncoded);
@@ -471,30 +483,44 @@
env->CallVoidMethod(obj, mGenCert, byteArray, jArrayList);
}
- if (bHasNoPrivateKey)
+ // Usually pszNameString should be non-NULL. It's either
+ // the friendly name or an element from the subject name
+ // or SAN.
+ if (pszNameString)
{
- // Generate certificate chain and store into cert chain
- // collection
- env->CallVoidMethod(obj, mGenCertChain,
- env->NewStringUTF(pszNameString),
- jArrayList);
- }
- else
- {
- // Determine key type: RSA or DSA
- DWORD dwData = CALG_RSA_KEYX;
- DWORD dwSize = sizeof(DWORD);
- ::CryptGetKeyParam(hUserKey, KP_ALGID, (BYTE*)&dwData,
- &dwSize, NULL);
-
- if ((dwData & ALG_TYPE_RSA) == ALG_TYPE_RSA)
+ if (bHasNoPrivateKey)
{
- // Generate RSA certificate chain and store into cert
- // chain collection
- env->CallVoidMethod(obj, mGenRSAKeyAndCertChain,
- env->NewStringUTF(pszNameString),
- (jlong) hCryptProv, (jlong) hUserKey,
- dwPublicKeyLength, jArrayList);
+ // Generate certificate chain and store into cert chain
+ // collection
+ jstring name = env->NewStringUTF(pszNameString);
+ if (name == NULL) {
+ __leave;
+ }
+ env->CallVoidMethod(obj, mGenCertChain,
+ name,
+ jArrayList);
+ }
+ else
+ {
+ // Determine key type: RSA or DSA
+ DWORD dwData = CALG_RSA_KEYX;
+ DWORD dwSize = sizeof(DWORD);
+ ::CryptGetKeyParam(hUserKey, KP_ALGID, (BYTE*)&dwData,
+ &dwSize, NULL);
+
+ if ((dwData & ALG_TYPE_RSA) == ALG_TYPE_RSA)
+ {
+ // Generate RSA certificate chain and store into cert
+ // chain collection
+ jstring name = env->NewStringUTF(pszNameString);
+ if (name == NULL) {
+ __leave;
+ }
+ env->CallVoidMethod(obj, mGenRSAKeyAndCertChain,
+ name,
+ (jlong) hCryptProv, (jlong) hUserKey,
+ dwPublicKeyLength, jArrayList);
+ }
}
}
}
@@ -641,6 +667,9 @@
// Create new byte array
jbyteArray temp = env->NewByteArray(dwBufLen);
+ if (temp == NULL) {
+ __leave;
+ }
// Copy data from native buffer
env->SetByteArrayRegion(temp, 0, dwBufLen, pSignedHashBuffer);
@@ -964,6 +993,9 @@
}
jCertAliasChars = env->GetStringChars(jCertAliasName, NULL);
+ if (jCertAliasChars == NULL) {
+ __leave;
+ }
memcpy(pszCertAliasName, jCertAliasChars, size * sizeof(WCHAR));
pszCertAliasName[size] = 0; // append the string terminator
@@ -1600,7 +1632,9 @@
}
// Create new byte array
- result = env->NewByteArray(dwBufLen);
+ if ((result = env->NewByteArray(dwBufLen)) == NULL) {
+ __leave;
+ }
// Copy data from native buffer to Java buffer
env->SetByteArrayRegion(result, 0, dwBufLen, (jbyte*) pData);
@@ -1651,7 +1685,9 @@
}
// Create new byte array
- blob = env->NewByteArray(dwBlobLen);
+ if ((blob = env->NewByteArray(dwBlobLen)) == NULL) {
+ __leave;
+ }
// Copy data from native buffer to Java buffer
env->SetByteArrayRegion(blob, 0, dwBlobLen, (jbyte*) pbKeyBlob);
@@ -1680,6 +1716,13 @@
__try {
jsize length = env->GetArrayLength(jKeyBlob);
+ jsize headerLength = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY);
+
+ if (length < headerLength) {
+ ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid BLOB");
+ __leave;
+ }
+
if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) {
__leave;
}
@@ -1706,7 +1749,9 @@
exponentBytes[i] = ((BYTE*) &pRsaPubKey->pubexp)[j];
}
- exponent = env->NewByteArray(len);
+ if ((exponent = env->NewByteArray(len)) == NULL) {
+ __leave;
+ }
env->SetByteArrayRegion(exponent, 0, len, exponentBytes);
}
__finally
@@ -1736,6 +1781,13 @@
__try {
jsize length = env->GetArrayLength(jKeyBlob);
+ jsize headerLength = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY);
+
+ if (length < headerLength) {
+ ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid BLOB");
+ __leave;
+ }
+
if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) {
__leave;
}
@@ -1752,19 +1804,25 @@
(RSAPUBKEY *) (keyBlob + sizeof(PUBLICKEYSTRUC));
int len = pRsaPubKey->bitlen / 8;
+ if (len < 0 || len > length - headerLength) {
+ ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid key length");
+ __leave;
+ }
+
modulusBytes = new (env) jbyte[len];
if (modulusBytes == NULL) {
__leave;
}
- BYTE * pbModulus =
- (BYTE *) (keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY));
+ BYTE * pbModulus = (BYTE *) (keyBlob + headerLength);
// convert from little-endian while copying from blob
for (int i = 0, j = len - 1; i < len; i++, j--) {
modulusBytes[i] = pbModulus[j];
}
- modulus = env->NewByteArray(len);
+ if ((modulus = env->NewByteArray(len)) == NULL) {
+ __leave;
+ }
env->SetByteArrayRegion(modulus, 0, len, modulusBytes);
}
__finally
@@ -1972,7 +2030,9 @@
}
}
- jBlob = env->NewByteArray(jBlobLength);
+ if ((jBlob = env->NewByteArray(jBlobLength)) == NULL) {
+ __leave;
+ }
env->SetByteArrayRegion(jBlob, 0, jBlobLength, jBlobBytes);
}
diff --git a/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c b/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c
index 29505a4..145ad7f 100644
--- a/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c
+++ b/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
*/
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
@@ -75,18 +75,20 @@
* Signature: (Ljava/lang/String;)V
*/
JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_connect
- (JNIEnv *env, jobject obj, jstring jPkcs11ModulePath, jstring jGetFunctionList)
+ (JNIEnv *env, jobject obj, jstring jPkcs11ModulePath,
+ jstring jGetFunctionList)
{
HINSTANCE hModule;
CK_C_GetFunctionList C_GetFunctionList;
- CK_RV rv;
+ CK_RV rv = CK_ASSERT_OK;
ModuleData *moduleData;
jobject globalPKCS11ImplementationReference;
- LPVOID lpMsgBuf;
- char *exceptionMessage;
+ LPVOID lpMsgBuf = NULL;
+ char *exceptionMessage = NULL;
const char *getFunctionListStr;
- const char *libraryNameStr = (*env)->GetStringUTFChars(env, jPkcs11ModulePath, 0);
+ const char *libraryNameStr = (*env)->GetStringUTFChars(env,
+ jPkcs11ModulePath, 0);
TRACE1("DEBUG: connect to PKCS#11 module: %s ... ", libraryNameStr);
@@ -106,21 +108,24 @@
0,
NULL
);
- exceptionMessage = (char *) malloc(sizeof(char) * (strlen((LPTSTR) lpMsgBuf) + strlen(libraryNameStr) + 1));
+ exceptionMessage = (char *) malloc(sizeof(char) *
+ (strlen((LPTSTR) lpMsgBuf) + strlen(libraryNameStr) + 1));
+ if (exceptionMessage == NULL) {
+ throwOutOfMemoryError(env, 0);
+ goto cleanup;
+ }
strcpy(exceptionMessage, (LPTSTR) lpMsgBuf);
strcat(exceptionMessage, libraryNameStr);
throwIOException(env, (LPTSTR) exceptionMessage);
- /* Free the buffer. */
- free(exceptionMessage);
- LocalFree(lpMsgBuf);
- return;
+ goto cleanup;
}
/*
* Get function pointer to C_GetFunctionList
*/
getFunctionListStr = (*env)->GetStringUTFChars(env, jGetFunctionList, 0);
- C_GetFunctionList = (CK_C_GetFunctionList) GetProcAddress(hModule, getFunctionListStr);
+ C_GetFunctionList = (CK_C_GetFunctionList) GetProcAddress(hModule,
+ getFunctionListStr);
(*env)->ReleaseStringUTFChars(env, jGetFunctionList, getFunctionListStr);
if (C_GetFunctionList == NULL) {
FormatMessage(
@@ -135,24 +140,37 @@
NULL
);
throwIOException(env, (LPTSTR) lpMsgBuf);
- /* Free the buffer. */
- LocalFree( lpMsgBuf );
- return;
+ goto cleanup;
}
/*
* Get function pointers to all PKCS #11 functions
*/
moduleData = (ModuleData *) malloc(sizeof(ModuleData));
+ if (moduleData == NULL) {
+ throwOutOfMemoryError(env, 0);
+ goto cleanup;
+ }
moduleData->hModule = hModule;
moduleData->applicationMutexHandler = NULL;
rv = (C_GetFunctionList)(&(moduleData->ckFunctionListPtr));
globalPKCS11ImplementationReference = (*env)->NewGlobalRef(env, obj);
putModuleEntry(env, globalPKCS11ImplementationReference, moduleData);
- (*env)->ReleaseStringUTFChars(env, jPkcs11ModulePath, libraryNameStr);
TRACE0("FINISHED\n");
+cleanup:
+ /* Free up allocated buffers we no longer need */
+ if (lpMsgBuf != NULL) {
+ LocalFree( lpMsgBuf );
+ }
+ if (libraryNameStr != NULL) {
+ (*env)->ReleaseStringUTFChars(env, jPkcs11ModulePath, libraryNameStr);
+ }
+ if (exceptionMessage != NULL) {
+ free(exceptionMessage);
+ }
+
if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; }
}
diff --git a/src/windows/native/sun/windows/WPrinterJob.cpp b/src/windows/native/sun/windows/WPrinterJob.cpp
index 3761c60..70aaa74 100644
--- a/src/windows/native/sun/windows/WPrinterJob.cpp
+++ b/src/windows/native/sun/windows/WPrinterJob.cpp
@@ -886,10 +886,12 @@
if (!present) {
defIndices[0] = papers[0];
}
- if (papers != NULL) {
- free((char*)papers);
- }
}
+ // If DeviceCapabilities fails, then also free paper allocation
+ if (papers != NULL) {
+ free((char*)papers);
+ }
+
}
RESTORE_CONTROLWORD
}
diff --git a/test/java/math/BigDecimal/AddTests.java b/test/java/math/BigDecimal/AddTests.java
index b91b127..8045e28 100644
--- a/test/java/math/BigDecimal/AddTests.java
+++ b/test/java/math/BigDecimal/AddTests.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 6362557
+ * @bug 6362557 8200698
* @summary Some tests of add(BigDecimal, mc)
* @author Joseph D. Darcy
*/
@@ -290,12 +290,35 @@
return failures;
}
+ private static int arithmeticExceptionTest() {
+ int failures = 0;
+ BigDecimal x;
+ try {
+ //
+ // The string representation "1e2147483647", which is equivalent
+ // to 10^Integer.MAX_VALUE, is used to create an augend with an
+ // unscaled value of 1 and a scale of -Integer.MAX_VALUE. The
+ // addend "1" has an unscaled value of 1 with a scale of 0. The
+ // addition is performed exactly and is specified to have a
+ // preferred scale of max(-Integer.MAX_VALUE, 0). As the scale
+ // of the result is 0, a value with Integer.MAX_VALUE + 1 digits
+ // would need to be created. Therefore the next statement is
+ // expected to overflow with an ArithmeticException.
+ //
+ x = new BigDecimal("1e2147483647").add(new BigDecimal(1));
+ failures++;
+ } catch (ArithmeticException ae) {
+ }
+ return failures;
+ }
+
public static void main(String argv[]) {
int failures = 0;
failures += extremaTests();
failures += roundingGradationTests();
failures += precisionConsistencyTest();
+ failures += arithmeticExceptionTest();
if (failures > 0) {
throw new RuntimeException("Incurred " + failures +
diff --git a/test/java/math/BigDecimal/Constructor.java b/test/java/math/BigDecimal/Constructor.java
index 3c4742f..b737107 100644
--- a/test/java/math/BigDecimal/Constructor.java
+++ b/test/java/math/BigDecimal/Constructor.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,20 +23,48 @@
/*
* @test
- * @bug 4259453
- * @summary Test string constructor of BigDecimal
+ * @bug 4259453 8200698
+ * @summary Test constructors of BigDecimal
+ * @library ..
+ * @run testng Constructor
*/
+
import java.math.BigDecimal;
+import org.testng.annotations.Test;
public class Constructor {
- public static void main(String[] args) throws Exception {
- boolean nfe = false;
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void stringConstructor() {
+ BigDecimal bd = new BigDecimal("1.2e");
+ }
+
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void charArrayConstructorNegativeOffset() {
+ BigDecimal bd = new BigDecimal(new char[5], -1, 4, null);
+ }
+
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void charArrayConstructorNegativeLength() {
+ BigDecimal bd = new BigDecimal(new char[5], 0, -1, null);
+ }
+
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void charArrayConstructorIntegerOverflow() {
try {
- BigDecimal bd = new BigDecimal("1.2e");
- } catch (NumberFormatException e) {
- nfe = true;
+ BigDecimal bd = new BigDecimal(new char[5], Integer.MAX_VALUE - 5,
+ 6, null);
+ } catch (NumberFormatException nfe) {
+ if (nfe.getCause() instanceof IndexOutOfBoundsException) {
+ throw new RuntimeException
+ ("NumberFormatException should not have a cause");
+ } else {
+ throw nfe;
+ }
}
- if (!nfe)
- throw new Exception("Didn't throw NumberFormatException");
+ }
+
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void charArrayConstructorIndexOutOfBounds() {
+ BigDecimal bd = new BigDecimal(new char[5], 1, 5, null);
}
}
diff --git a/test/java/math/BigInteger/LargeValueExceptions.java b/test/java/math/BigInteger/LargeValueExceptions.java
new file mode 100644
index 0000000..69d0d4f
--- /dev/null
+++ b/test/java/math/BigInteger/LargeValueExceptions.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8200698
+ * @summary Tests that exceptions are thrown for ops which would overflow
+ * @requires (sun.arch.data.model == "64" & os.maxMemory > 4g)
+ * @run testng/othervm -Xmx4g LargeValueExceptions
+ */
+import java.math.BigInteger;
+import static java.math.BigInteger.ONE;
+import org.testng.annotations.Test;
+
+//
+// The intent of this test is to probe the boundaries between overflow and
+// non-overflow, principally for multiplication and squaring, specifically
+// the largest values which should not overflow and the smallest values which
+// should. The transition values used are not necessarily at the exact
+// boundaries but should be "close." Quite a few different values were used
+// experimentally before settling on the ones in this test. For multiplication
+// and squaring all cases are exercised: definite overflow and non-overflow
+// which can be detected "up front," and "indefinite" overflow, i.e., overflow
+// which cannot be detected up front so further calculations are required.
+//
+// Testing negative values is unnecessary. For both multiplication and squaring
+// the paths lead to the Toom-Cook algorithm where the signum is used only to
+// determine the sign of the result and not in the intermediate calculations.
+// This is also true for exponentiation.
+//
+// @Test annotations with optional element "enabled" set to "false" should
+// succeed when "enabled" is set to "true" but they take too to run in the
+// course of the typical regression test execution scenario.
+//
+public class LargeValueExceptions {
+ // BigInteger.MAX_MAG_LENGTH
+ private static final int MAX_INTS = 1 << 26;
+
+ // Number of bits corresponding to MAX_INTS
+ private static final long MAX_BITS = (0xffffffffL & MAX_INTS) << 5L;
+
+ // Half BigInteger.MAX_MAG_LENGTH
+ private static final int MAX_INTS_HALF = MAX_INTS / 2;
+
+ // --- squaring ---
+
+ // Largest no overflow determined by examining data lengths alone.
+ @Test(enabled=false)
+ public void squareNoOverflow() {
+ BigInteger x = ONE.shiftLeft(16*MAX_INTS - 1).subtract(ONE);
+ BigInteger y = x.multiply(x);
+ }
+
+ // Smallest no overflow determined by extra calculations.
+ @Test(enabled=false)
+ public void squareIndefiniteOverflowSuccess() {
+ BigInteger x = ONE.shiftLeft(16*MAX_INTS - 1);
+ BigInteger y = x.multiply(x);
+ }
+
+ // Largest overflow detected by extra calculations.
+ @Test(expectedExceptions=ArithmeticException.class,enabled=false)
+ public void squareIndefiniteOverflowFailure() {
+ BigInteger x = ONE.shiftLeft(16*MAX_INTS).subtract(ONE);
+ BigInteger y = x.multiply(x);
+ }
+
+ // Smallest overflow detected by examining data lengths alone.
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void squareDefiniteOverflow() {
+ BigInteger x = ONE.shiftLeft(16*MAX_INTS);
+ BigInteger y = x.multiply(x);
+ }
+
+ // --- multiplication ---
+
+ // Largest no overflow determined by examining data lengths alone.
+ @Test(enabled=false)
+ public void multiplyNoOverflow() {
+ final int halfMaxBits = MAX_INTS_HALF << 5;
+
+ BigInteger x = ONE.shiftLeft(halfMaxBits).subtract(ONE);
+ BigInteger y = ONE.shiftLeft(halfMaxBits - 1).subtract(ONE);
+ BigInteger z = x.multiply(y);
+ }
+
+ // Smallest no overflow determined by extra calculations.
+ @Test(enabled=false)
+ public void multiplyIndefiniteOverflowSuccess() {
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS/2) - 1);
+ long m = MAX_BITS - x.bitLength();
+
+ BigInteger y = ONE.shiftLeft((int)(MAX_BITS/2) - 1);
+ long n = MAX_BITS - y.bitLength();
+
+ if (m + n != MAX_BITS) {
+ throw new RuntimeException("Unexpected leading zero sum");
+ }
+
+ BigInteger z = x.multiply(y);
+ }
+
+ // Largest overflow detected by extra calculations.
+ @Test(expectedExceptions=ArithmeticException.class,enabled=false)
+ public void multiplyIndefiniteOverflowFailure() {
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS/2)).subtract(ONE);
+ long m = MAX_BITS - x.bitLength();
+
+ BigInteger y = ONE.shiftLeft((int)(MAX_BITS/2)).subtract(ONE);
+ long n = MAX_BITS - y.bitLength();
+
+ if (m + n != MAX_BITS) {
+ throw new RuntimeException("Unexpected leading zero sum");
+ }
+
+ BigInteger z = x.multiply(y);
+ }
+
+ // Smallest overflow detected by examining data lengths alone.
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void multiplyDefiniteOverflow() {
+ // multiply by 4 as MAX_INTS_HALF refers to ints
+ byte[] xmag = new byte[4*MAX_INTS_HALF];
+ xmag[0] = (byte)0xff;
+ BigInteger x = new BigInteger(1, xmag);
+
+ byte[] ymag = new byte[4*MAX_INTS_HALF + 1];
+ ymag[0] = (byte)0xff;
+ BigInteger y = new BigInteger(1, ymag);
+
+ BigInteger z = x.multiply(y);
+ }
+
+ // --- exponentiation ---
+
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void powOverflow() {
+ BigInteger.TEN.pow(Integer.MAX_VALUE);
+ }
+
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void powOverflow1() {
+ int shift = 20;
+ int exponent = 1 << shift;
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent));
+ BigInteger y = x.pow(exponent);
+ }
+
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void powOverflow2() {
+ int shift = 20;
+ int exponent = 1 << shift;
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)).add(ONE);
+ BigInteger y = x.pow(exponent);
+ }
+
+ @Test(expectedExceptions=ArithmeticException.class,enabled=false)
+ public void powOverflow3() {
+ int shift = 20;
+ int exponent = 1 << shift;
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)).subtract(ONE);
+ BigInteger y = x.pow(exponent);
+ }
+
+ @Test(enabled=false)
+ public void powOverflow4() {
+ int shift = 20;
+ int exponent = 1 << shift;
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent - 1)).add(ONE);
+ BigInteger y = x.pow(exponent);
+ }
+}
diff --git a/test/java/time/test/java/time/chrono/TestEraDisplayName.java b/test/java/time/test/java/time/chrono/TestEraDisplayName.java
new file mode 100644
index 0000000..1ff5f2a
--- /dev/null
+++ b/test/java/time/test/java/time/chrono/TestEraDisplayName.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package test.java.time.chrono;
+
+import java.time.*;
+import java.time.chrono.*;
+import java.time.format.*;
+import java.util.Locale;
+
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+import static org.testng.Assert.assertEquals;
+
+/**
+ * Tests Era.getDisplayName() correctly returns the name based on each
+ * chrono implementation.
+ * Note: The exact result may depend on locale data provider's implementation.
+ *
+ * @bug 8171049 8215377
+ * @run testng/othervm -Djava.locale.providers=CLDR TestEraDisplayName
+ */
+@Test
+public class TestEraDisplayName {
+ private static final Locale THAI = Locale.forLanguageTag("th-TH");
+ private static final Locale EGYPT = Locale.forLanguageTag("ar-EG");
+
+ @DataProvider(name="eraDisplayName")
+ Object[][] eraDisplayName() {
+ return new Object[][] {
+ // Era, text style, displyay locale, expected name
+ // IsoEra
+ { IsoEra.BCE, TextStyle.FULL, Locale.US, "Before Christ" },
+ { IsoEra.CE, TextStyle.FULL, Locale.US, "Anno Domini" },
+ { IsoEra.BCE, TextStyle.FULL, Locale.JAPAN, "\u7d00\u5143\u524d" },
+ { IsoEra.CE, TextStyle.FULL, Locale.JAPAN, "\u897f\u66a6" },
+ { IsoEra.BCE, TextStyle.SHORT, Locale.US, "BC" },
+ { IsoEra.CE, TextStyle.SHORT, Locale.US, "AD" },
+ { IsoEra.BCE, TextStyle.SHORT, Locale.JAPAN, "\u7d00\u5143\u524d" },
+ { IsoEra.CE, TextStyle.SHORT, Locale.JAPAN, "\u897f\u66a6" },
+ { IsoEra.BCE, TextStyle.NARROW, Locale.US, "B" },
+ { IsoEra.CE, TextStyle.NARROW, Locale.US, "A" },
+ { IsoEra.BCE, TextStyle.NARROW, Locale.JAPAN, "B" },
+ { IsoEra.CE, TextStyle.NARROW, Locale.JAPAN, "A" },
+
+ // JapaneseEra
+ { JapaneseEra.MEIJI, TextStyle.FULL, Locale.US, "Meiji" },
+ { JapaneseEra.TAISHO, TextStyle.FULL, Locale.US, "Taisho" },
+ { JapaneseEra.SHOWA, TextStyle.FULL, Locale.US, "Showa" },
+ { JapaneseEra.HEISEI, TextStyle.FULL, Locale.US, "Heisei" },
+ { JapaneseEra.MEIJI, TextStyle.FULL, Locale.JAPAN, "\u660e\u6cbb" },
+ { JapaneseEra.TAISHO, TextStyle.FULL, Locale.JAPAN, "\u5927\u6b63" },
+ { JapaneseEra.SHOWA, TextStyle.FULL, Locale.JAPAN, "\u662d\u548c" },
+ { JapaneseEra.HEISEI, TextStyle.FULL, Locale.JAPAN, "\u5e73\u6210" },
+ { JapaneseEra.MEIJI, TextStyle.SHORT, Locale.US, "Meiji" },
+ { JapaneseEra.TAISHO, TextStyle.SHORT, Locale.US, "Taisho" },
+ { JapaneseEra.SHOWA, TextStyle.SHORT, Locale.US, "Showa" },
+ { JapaneseEra.HEISEI, TextStyle.SHORT, Locale.US, "Heisei" },
+ { JapaneseEra.MEIJI, TextStyle.SHORT, Locale.JAPAN, "\u660e\u6cbb" },
+ { JapaneseEra.TAISHO, TextStyle.SHORT, Locale.JAPAN, "\u5927\u6b63" },
+ { JapaneseEra.SHOWA, TextStyle.SHORT, Locale.JAPAN, "\u662d\u548c" },
+ { JapaneseEra.HEISEI, TextStyle.SHORT, Locale.JAPAN, "\u5e73\u6210" },
+ { JapaneseEra.MEIJI, TextStyle.NARROW, Locale.US, "M" },
+ { JapaneseEra.TAISHO, TextStyle.NARROW, Locale.US, "T" },
+ { JapaneseEra.SHOWA, TextStyle.NARROW, Locale.US, "S" },
+ { JapaneseEra.HEISEI, TextStyle.NARROW, Locale.US, "H" },
+ { JapaneseEra.MEIJI, TextStyle.NARROW, Locale.JAPAN, "M" },
+ { JapaneseEra.TAISHO, TextStyle.NARROW, Locale.JAPAN, "T" },
+ { JapaneseEra.SHOWA, TextStyle.NARROW, Locale.JAPAN, "S" },
+ { JapaneseEra.HEISEI, TextStyle.NARROW, Locale.JAPAN, "H" },
+ };
+ }
+
+ @Test(dataProvider="eraDisplayName")
+ public void test_eraDisplayName(Era era, TextStyle style, Locale locale, String expected) {
+ assertEquals(era.getDisplayName(style, locale), expected);
+ }
+}
diff --git a/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
index faada15..b2c6268 100644
--- a/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
+++ b/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@
/**
* @test
- * @bug 8076221 8157035
+ * @bug 8076221 8157035 8211883
* @summary Check if weak cipher suites are disabled
* @run main/othervm DisabledAlgorithms default
* @run main/othervm DisabledAlgorithms empty
@@ -59,9 +59,9 @@
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
- // supported RC4 cipher suites
+ // supported RC4, NULL, and anon cipher suites
// it does not contain KRB5 cipher suites because they need a KDC
- private static final String[] rc4_ciphersuites = new String[] {
+ private static final String[] rc4_null_anon_ciphersuites = new String[] {
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_SHA",
@@ -69,7 +69,31 @@
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
"TLS_ECDH_anon_WITH_RC4_128_SHA",
- "SSL_DH_anon_WITH_RC4_128_MD5"
+ "SSL_DH_anon_WITH_RC4_128_MD5",
+ "SSL_RSA_WITH_NULL_MD5",
+ "SSL_RSA_WITH_NULL_SHA",
+ "TLS_RSA_WITH_NULL_SHA256",
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDH_RSA_WITH_NULL_SHA",
+ "TLS_ECDHE_RSA_WITH_NULL_SHA",
+ "TLS_ECDH_anon_WITH_NULL_SHA",
+ "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+ "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ "SSL_DH_anon_WITH_DES_CBC_SHA",
+ "SSL_DH_anon_WITH_RC4_128_MD5",
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+ "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+ "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+ "TLS_ECDH_anon_WITH_NULL_SHA",
+ "TLS_ECDH_anon_WITH_RC4_128_SHA"
};
public static void main(String[] args) throws Exception {
@@ -88,8 +112,9 @@
System.out.println("jdk.tls.disabledAlgorithms = "
+ Security.getProperty("jdk.tls.disabledAlgorithms"));
- // check if RC4 cipher suites can't be used by default
- checkFailure(rc4_ciphersuites);
+ // check if RC4, NULL, and anon cipher suites
+ // can't be used by default
+ checkFailure(rc4_null_anon_ciphersuites);
break;
case "empty":
// reset jdk.tls.disabledAlgorithms
@@ -97,9 +122,9 @@
System.out.println("jdk.tls.disabledAlgorithms = "
+ Security.getProperty("jdk.tls.disabledAlgorithms"));
- // check if RC4 cipher suites can be used
+ // check if RC4, NULL, and anon cipher suites can be used
// if jdk.tls.disabledAlgorithms is empty
- checkSuccess(rc4_ciphersuites);
+ checkSuccess(rc4_null_anon_ciphersuites);
break;
default:
throw new RuntimeException("Wrong parameter: " + args[0]);
diff --git a/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java b/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java
index 0086005..7178502 100644
--- a/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java
+++ b/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java
@@ -74,6 +74,7 @@
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
*/
+import java.security.Security;
import javax.net.ssl.*;
/**
@@ -90,14 +91,18 @@
private static boolean isClientMode;
private static String enabledCipherSuite;
- private static String disabledCipherSuite;
+ private static String notEnabledCipherSuite;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure the cipher suites
+ // used in this test are not disabled
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
contextProtocol = trimQuotes(args[0]);
isClientMode = Boolean.parseBoolean(args[1]);
enabledCipherSuite = trimQuotes(args[2]);
- disabledCipherSuite = trimQuotes(args[3]);
+ notEnabledCipherSuite = trimQuotes(args[3]);
//
// Create instance of SSLContext with the specified protocol.
@@ -206,8 +211,8 @@
isMatch = true;
}
- if (!disabledCipherSuite.isEmpty() &&
- cipher.equals(disabledCipherSuite)) {
+ if (!notEnabledCipherSuite.isEmpty() &&
+ cipher.equals(notEnabledCipherSuite)) {
isBroken = true;
}
}
@@ -219,7 +224,7 @@
if (isBroken) {
throw new Exception(
- "Cipher suite " + disabledCipherSuite + " should be disabled");
+ "Cipher suite " + notEnabledCipherSuite + " should not be enabled");
}
}
@@ -231,7 +236,7 @@
}
boolean hasEnabledCipherSuite = enabledCipherSuite.isEmpty();
- boolean hasDisabledCipherSuite = disabledCipherSuite.isEmpty();
+ boolean hasNotEnabledCipherSuite = notEnabledCipherSuite.isEmpty();
for (String cipher : ciphers) {
System.out.println("\tsupported cipher suite " + cipher);
if (!enabledCipherSuite.isEmpty() &&
@@ -239,9 +244,9 @@
hasEnabledCipherSuite = true;
}
- if (!disabledCipherSuite.isEmpty() &&
- cipher.equals(disabledCipherSuite)) {
- hasDisabledCipherSuite = true;
+ if (!notEnabledCipherSuite.isEmpty() &&
+ cipher.equals(notEnabledCipherSuite)) {
+ hasNotEnabledCipherSuite = true;
}
}
@@ -250,9 +255,9 @@
"Cipher suite " + enabledCipherSuite + " should be supported");
}
- if (!hasDisabledCipherSuite) {
+ if (!hasNotEnabledCipherSuite) {
throw new Exception(
- "Cipher suite " + disabledCipherSuite + " should be supported");
+ "Cipher suite " + notEnabledCipherSuite + " should not be enabled");
}
}
diff --git a/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java b/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
index 748b5fe..2d8ca9a 100644
--- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
+++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,7 @@
import java.io.*;
import java.net.*;
+import java.security.Security;
import javax.net.ssl.*;
public class JSSERenegotiate {
@@ -190,6 +191,10 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the cipher suites
+ // used in this test are not disabled
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
diff --git a/test/sun/security/tools/jarsigner/TimestampCheck.java b/test/sun/security/tools/jarsigner/TimestampCheck.java
index ab11a8d..b5070ce 100644
--- a/test/sun/security/tools/jarsigner/TimestampCheck.java
+++ b/test/sun/security/tools/jarsigner/TimestampCheck.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -75,6 +75,7 @@
* java.base/sun.security.util
* java.base/sun.security.tools.keytool
* @library /lib/testlibrary
+ * @compile -XDignore.symbol.file TimestampCheck.java
* @run main/othervm/timeout=600 TimestampCheck
*/
public class TimestampCheck {
@@ -121,12 +122,12 @@
*/
byte[] sign(byte[] input, String path) throws Exception {
DerValue value = new DerValue(input);
- System.out.println("\nIncoming Request\n===================");
- System.out.println("Version: " + value.data.getInteger());
+ System.out.println("#\n# Incoming Request\n===================");
+ System.out.println("# Version: " + value.data.getInteger());
DerValue messageImprint = value.data.getDerValue();
AlgorithmId aid = AlgorithmId.parse(
messageImprint.data.getDerValue());
- System.out.println("AlgorithmId: " + aid);
+ System.out.println("# AlgorithmId: " + aid);
ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId);
BigInteger nonce = null;
@@ -134,16 +135,16 @@
DerValue v = value.data.getDerValue();
if (v.tag == DerValue.tag_Integer) {
nonce = v.getBigInteger();
- System.out.println("nonce: " + nonce);
+ System.out.println("# nonce: " + nonce);
} else if (v.tag == DerValue.tag_Boolean) {
- System.out.println("certReq: " + v.getBoolean());
+ System.out.println("# certReq: " + v.getBoolean());
} else if (v.tag == DerValue.tag_ObjectId) {
policyId = v.getOID();
- System.out.println("PolicyID: " + policyId);
+ System.out.println("# PolicyID: " + policyId);
}
}
- System.out.println("\nResponse\n===================");
+ System.out.println("#\n# Response\n===================");
FileInputStream is = new FileInputStream(keystore);
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(is, "changeit".toCharArray());
@@ -229,10 +230,10 @@
"1.2.840.113549.1.9.16.1.4"),
new DerValue(tstInfo2.toByteArray()));
- System.out.println("Signing...");
- System.out.println(new X500Name(signer
+ System.out.println("# Signing...");
+ System.out.println("# " + new X500Name(signer
.getIssuerX500Principal().getName()));
- System.out.println(signer.getSerialNumber());
+ System.out.println("# " + signer.getSerialNumber());
SignerInfo signerInfo = new SignerInfo(
new X500Name(signer.getIssuerX500Principal().getName()),
@@ -303,8 +304,6 @@
public static void main(String[] args) throws Throwable {
- prepare();
-
try (Handler tsa = Handler.init(0, "ks");) {
tsa.start();
int port = tsa.getPort();
@@ -313,62 +312,99 @@
if (args.length == 0) { // Run this test
+ prepare();
+
sign("normal")
.shouldNotContain("Warning")
+ .shouldContain("The signer certificate will expire on")
+ .shouldContain("The timestamp will expire on")
.shouldHaveExitValue(0);
verify("normal.jar")
.shouldNotContain("Warning")
.shouldHaveExitValue(0);
+ verify("normal.jar", "-verbose")
+ .shouldNotContain("Warning")
+ .shouldContain("The signer certificate will expire on")
+ .shouldContain("The timestamp will expire on")
+ .shouldHaveExitValue(0);
+
// Simulate signing at a previous date:
// 1. tsold will create a timestamp of 20 days ago.
// 2. oldsigner expired 10 days ago.
- // jarsigner will show a warning at signing.
signVerbose("tsold", "unsigned.jar", "tsold.jar", "oldsigner")
- .shouldHaveExitValue(4);
+ .shouldNotContain("Warning")
+ .shouldMatch("signer certificate expired on .*. "
+ + "However, the JAR will be valid")
+ .shouldHaveExitValue(0);
// It verifies perfectly.
verify("tsold.jar", "-verbose", "-certs")
.shouldNotContain("Warning")
+ .shouldMatch("signer certificate expired on .*. "
+ + "However, the JAR will be valid")
.shouldHaveExitValue(0);
+ // No timestamp
signVerbose(null, "unsigned.jar", "none.jar", "signer")
.shouldContain("is not timestamped")
+ .shouldContain("The signer certificate will expire on")
.shouldHaveExitValue(0);
+ verify("none.jar", "-verbose")
+ .shouldContain("do not include a timestamp")
+ .shouldContain("The signer certificate will expire on")
+ .shouldHaveExitValue(0);
+
+ // Error cases
+
signVerbose(null, "unsigned.jar", "badku.jar", "badku")
+ .shouldContain("KeyUsage extension doesn't allow code signing")
.shouldHaveExitValue(8);
checkBadKU("badku.jar");
// 8180289: unvalidated TSA cert chain
sign("tsnoca")
- .shouldContain("TSA certificate chain is invalid")
+ .shouldContain("The TSA certificate chain is invalid. "
+ + "Reason: Path does not chain with any of the trust anchors")
.shouldHaveExitValue(64);
verify("tsnoca.jar", "-verbose", "-certs")
.shouldHaveExitValue(64)
.shouldContain("jar verified")
- .shouldContain("Invalid TSA certificate chain")
- .shouldContain("TSA certificate chain is invalid");
+ .shouldContain("Invalid TSA certificate chain: "
+ + "Path does not chain with any of the trust anchors")
+ .shouldContain("TSA certificate chain is invalid."
+ + " Reason: Path does not chain with any of the trust anchors");
sign("nononce")
+ .shouldContain("Nonce missing in timestamp token")
.shouldHaveExitValue(1);
sign("diffnonce")
+ .shouldContain("Nonce changed in timestamp token")
.shouldHaveExitValue(1);
sign("baddigest")
+ .shouldContain("Digest octets changed in timestamp token")
.shouldHaveExitValue(1);
sign("diffalg")
+ .shouldContain("Digest algorithm not")
.shouldHaveExitValue(1);
+
sign("fullchain")
.shouldHaveExitValue(0); // Success, 6543440 solved.
+
sign("tsbad1")
+ .shouldContain("Certificate is not valid for timestamping")
.shouldHaveExitValue(1);
sign("tsbad2")
+ .shouldContain("Certificate is not valid for timestamping")
.shouldHaveExitValue(1);
sign("tsbad3")
+ .shouldContain("Certificate is not valid for timestamping")
.shouldHaveExitValue(1);
sign("nocert")
+ .shouldContain("Certificate not included in timestamp token")
.shouldHaveExitValue(1);
sign("policy", "-tsapolicyid", "1.2.3")
@@ -376,6 +412,7 @@
checkTimestamp("policy.jar", "1.2.3", "SHA-256");
sign("diffpolicy", "-tsapolicyid", "1.2.3")
+ .shouldContain("TSAPolicyID changed in timestamp token")
.shouldHaveExitValue(1);
sign("sha1alg", "-tsadigestalg", "SHA")
@@ -384,11 +421,13 @@
sign("tsweak", "-digestalg", "MD5",
"-sigalg", "MD5withRSA", "-tsadigestalg", "MD5")
- .shouldHaveExitValue(68);
+ .shouldHaveExitValue(68)
+ .shouldContain("The timestamp is invalid. Without a valid timestamp");
checkWeak("tsweak.jar");
signVerbose("tsweak", "unsigned.jar", "tsweak2.jar", "signer")
.shouldHaveExitValue(64)
+ .shouldContain("The timestamp is invalid. Without a valid timestamp")
.shouldContain("TSA certificate chain is invalid");
// Weak timestamp is an error and jar treated unsigned
@@ -397,19 +436,26 @@
.shouldContain("treated as unsigned")
.shouldMatch("Timestamp.*512.*weak");
+ // Algorithm used in signing is weak
signVerbose("normal", "unsigned.jar", "halfWeak.jar", "signer",
"-digestalg", "MD5")
+ .shouldContain("-digestalg option is considered a security risk")
.shouldHaveExitValue(4);
checkHalfWeak("halfWeak.jar");
// sign with DSA key
signVerbose("normal", "unsigned.jar", "sign1.jar", "dsakey")
.shouldHaveExitValue(0);
+
// sign with RSAkeysize < 1024
signVerbose("normal", "sign1.jar", "sign2.jar", "weakkeysize")
+ .shouldContain("Algorithm constraints check failed on keysize")
.shouldHaveExitValue(4);
checkMultiple("sign2.jar");
+ // 8191438: jarsigner should print when a timestamp will expire
+ checkExpiration();
+
// When .SF or .RSA is missing or invalid
checkMissingOrInvalidFiles("normal.jar");
@@ -417,12 +463,118 @@
checkInvalidTsaCertKeyUsage();
}
} else { // Run as a standalone server
- System.out.println("Press Enter to quit server");
+ System.out.println("TSA started at " + host
+ + ". Press Enter to quit server");
System.in.read();
}
}
}
+ private static void checkExpiration() throws Exception {
+
+ // Warning when expired or expiring
+ signVerbose(null, "unsigned.jar", "expired.jar", "expired")
+ .shouldContain("signer certificate has expired")
+ .shouldHaveExitValue(4);
+ verify("expired.jar")
+ .shouldContain("signer certificate has expired")
+ .shouldHaveExitValue(4);
+ signVerbose(null, "unsigned.jar", "expiring.jar", "expiring")
+ .shouldContain("signer certificate will expire within")
+ .shouldHaveExitValue(0);
+ verify("expiring.jar")
+ .shouldContain("signer certificate will expire within")
+ .shouldHaveExitValue(0);
+ // Info for long
+ signVerbose(null, "unsigned.jar", "long.jar", "long")
+ .shouldNotContain("signer certificate has expired")
+ .shouldNotContain("signer certificate will expire within")
+ .shouldContain("signer certificate will expire on")
+ .shouldHaveExitValue(0);
+ verify("long.jar")
+ .shouldNotContain("signer certificate has expired")
+ .shouldNotContain("signer certificate will expire within")
+ .shouldNotContain("The signer certificate will expire")
+ .shouldHaveExitValue(0);
+ verify("long.jar", "-verbose")
+ .shouldContain("The signer certificate will expire")
+ .shouldHaveExitValue(0);
+
+ // Both expired
+ signVerbose("tsexpired", "unsigned.jar",
+ "tsexpired-expired.jar", "expired")
+ .shouldContain("The signer certificate has expired.")
+ .shouldContain("The timestamp has expired.")
+ .shouldHaveExitValue(4);
+ verify("tsexpired-expired.jar")
+ .shouldContain("signer certificate has expired")
+ .shouldContain("timestamp has expired.")
+ .shouldHaveExitValue(4);
+
+ // TS expired but signer still good
+ signVerbose("tsexpired", "unsigned.jar",
+ "tsexpired-long.jar", "long")
+ .shouldContain("The timestamp expired on")
+ .shouldHaveExitValue(0);
+ verify("tsexpired-long.jar")
+ .shouldMatch("timestamp expired on.*However, the JAR will be valid")
+ .shouldNotContain("Error")
+ .shouldHaveExitValue(0);
+
+ signVerbose("tsexpired", "unsigned.jar",
+ "tsexpired-ca.jar", "ca")
+ .shouldContain("The timestamp has expired.")
+ .shouldHaveExitValue(4);
+ verify("tsexpired-ca.jar")
+ .shouldNotContain("timestamp has expired")
+ .shouldNotContain("Error")
+ .shouldHaveExitValue(0);
+
+ // Warning when expiring
+ sign("tsexpiring")
+ .shouldContain("timestamp will expire within")
+ .shouldHaveExitValue(0);
+ verify("tsexpiring.jar")
+ .shouldContain("timestamp will expire within")
+ .shouldNotContain("still valid")
+ .shouldHaveExitValue(0);
+
+ signVerbose("tsexpiring", "unsigned.jar",
+ "tsexpiring-ca.jar", "ca")
+ .shouldContain("self-signed")
+ .stderrShouldNotMatch("The.*expir")
+ .shouldHaveExitValue(4); // self-signed
+ verify("tsexpiring-ca.jar")
+ .stderrShouldNotMatch("The.*expir")
+ .shouldHaveExitValue(0);
+
+ signVerbose("tsexpiringsoon", "unsigned.jar",
+ "tsexpiringsoon-long.jar", "long")
+ .shouldContain("The timestamp will expire")
+ .shouldHaveExitValue(0);
+ verify("tsexpiringsoon-long.jar")
+ .shouldMatch("timestamp will expire.*However, the JAR will be valid until")
+ .shouldHaveExitValue(0);
+
+ // Info for long
+ sign("tslong")
+ .shouldNotContain("timestamp has expired")
+ .shouldNotContain("timestamp will expire within")
+ .shouldContain("timestamp will expire on")
+ .shouldContain("signer certificate will expire on")
+ .shouldHaveExitValue(0);
+ verify("tslong.jar")
+ .shouldNotContain("timestamp has expired")
+ .shouldNotContain("timestamp will expire within")
+ .shouldNotContain("timestamp will expire on")
+ .shouldNotContain("signer certificate will expire on")
+ .shouldHaveExitValue(0);
+ verify("tslong.jar", "-verbose")
+ .shouldContain("timestamp will expire on")
+ .shouldContain("signer certificate will expire on")
+ .shouldHaveExitValue(0);
+ }
+
private static void checkInvalidTsaCertKeyUsage() throws Exception {
// Hack: Rewrite the TSA cert inside normal.jar into ts2.jar.
@@ -670,6 +822,14 @@
keytool("-alias tsbad3 -genkeypair -dname CN=tsbad3");
keytool("-alias tsnoca -genkeypair -dname CN=tsnoca");
+ keytool("-alias expired -genkeypair -dname CN=expired");
+ keytool("-alias expiring -genkeypair -dname CN=expiring");
+ keytool("-alias long -genkeypair -dname CN=long");
+ keytool("-alias tsexpired -genkeypair -dname CN=tsexpired");
+ keytool("-alias tsexpiring -genkeypair -dname CN=tsexpiring");
+ keytool("-alias tsexpiringsoon -genkeypair -dname CN=tsexpiringsoon");
+ keytool("-alias tslong -genkeypair -dname CN=tslong");
+
// tsnoca's issuer will be removed from keystore later
keytool("-alias ca -genkeypair -ext bc -dname CN=CA");
gencert("tsnoca", "-ext eku:critical=ts");
@@ -681,7 +841,15 @@
gencert("dsakey");
gencert("weakkeysize");
gencert("badku", "-ext ku:critical=keyAgreement");
- gencert("ts", "-ext eku:critical=ts");
+ gencert("ts", "-ext eku:critical=ts -validity 500");
+
+ gencert("expired", "-validity 10 -startdate -12d");
+ gencert("expiring", "-validity 178");
+ gencert("long", "-validity 182");
+ gencert("tsexpired", "-ext eku:critical=ts -validity 10 -startdate -12d");
+ gencert("tsexpiring", "-ext eku:critical=ts -validity 364");
+ gencert("tsexpiringsoon", "-ext eku:critical=ts -validity 170"); // earlier than expiring
+ gencert("tslong", "-ext eku:critical=ts -validity 367");
for (int i = 0; i < 5; i++) {
@@ -701,7 +869,7 @@
}
}
- gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 45");
+ gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 500");
gencert("tsweak", "-ext eku:critical=ts");
gencert("tsbad1");
diff --git a/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java b/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java
index 81475fb..8619ee1 100644
--- a/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java
@@ -51,32 +51,12 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create first key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", FIRST_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", BOTH_KEYS_KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=First",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
-
- // create second key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", SECOND_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", BOTH_KEYS_KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Second",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ createAlias(FIRST_KEY_ALIAS);
+ createAlias(SECOND_KEY_ALIAS);
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
- "-keystore", BOTH_KEYS_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
@@ -93,7 +73,7 @@
// sign jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER,
- "-keystore", BOTH_KEYS_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE,
@@ -104,7 +84,7 @@
// create keystore that contains only first key
ProcessTools.executeCommand(KEYTOOL,
"-importkeystore",
- "-srckeystore", BOTH_KEYS_KEYSTORE,
+ "-srckeystore", KEYSTORE,
"-srcalias", FIRST_KEY_ALIAS,
"-srcstorepass", PASSWORD,
"-srckeypass", PASSWORD,
@@ -113,7 +93,7 @@
"-deststorepass", PASSWORD,
"-destkeypass", PASSWORD).shouldHaveExitValue(0);
- // verify jar with keystore that contains only first key in strict mode,
+ // verify jar with keystore that contains only first key,
// so there is signed entry (FirstClass.class) that is not signed
// by any alias in the keystore
analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java b/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java
index a8c3c8a..1a49c15 100644
--- a/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,17 +52,14 @@
// create a certificate whose signer certificate's
// ExtendedKeyUsage extension doesn't allow code signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ // create key pair for jar signing
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
"-ext", "ExtendedkeyUsage=serverAuth",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ "-validity", Integer.toString(VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java b/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java
index fd37eb9..fb0fac9 100644
--- a/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -53,17 +53,13 @@
// create a certificate whose signer certificate's KeyUsage extension
// doesn't allow code signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
"-ext", "KeyUsage=keyAgreement",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ "-validity", Integer.toString(VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java b/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java
index e2e8086..443331d 100644
--- a/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,10 +25,6 @@
import jdk.testlibrary.ProcessTools;
import jdk.testlibrary.JarUtils;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.util.Base64;
-
/**
* @test
* @bug 8024302 8026037
@@ -38,25 +34,14 @@
*/
public class BadNetscapeCertTypeTest extends Test {
- private static final String NETSCAPE_KEYSTORE_BASE64 = TEST_SOURCES + FS
- + "bad_netscape_cert_type.jks.base64";
-
- private static final String NETSCAPE_KEYSTORE
- = "bad_netscape_cert_type.jks";
-
/**
* The test signs and verifies a jar that contains entries
* whose signer certificate's NetscapeCertType extension
* doesn't allow code signing (badNetscapeCertType).
* Warning message is expected.
- * Run bad_netscape_cert_type.sh script to create bad_netscape_cert_type.jks
*/
public static void main(String[] args) throws Throwable {
- Files.write(Paths.get(NETSCAPE_KEYSTORE),
- Base64.getMimeDecoder().decode(
- Files.readAllBytes(Paths.get(NETSCAPE_KEYSTORE_BASE64))));
-
BadNetscapeCertTypeTest test = new BadNetscapeCertTypeTest();
test.start();
}
@@ -66,10 +51,22 @@
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
+ // create a certificate whose signer certificate's
+ // NetscapeCertType extension doesn't allow code signing
+ // create key pair for jar signing
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
+ // NetscapeCertType [ SSL client ]
+ "-ext", "2.16.840.1.113730.1.1=03020780",
+ "-validity", Integer.toString(VALIDITY));
+
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verbose",
- "-keystore", NETSCAPE_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
@@ -82,7 +79,7 @@
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
- "-keystore", NETSCAPE_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
@@ -94,7 +91,7 @@
"-verify",
"-verbose",
"-strict",
- "-keystore", NETSCAPE_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
diff --git a/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java b/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java
index 21f0979..b9d0ae5 100644
--- a/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,117 +21,52 @@
* questions.
*/
-import java.io.File;
import jdk.testlibrary.OutputAnalyzer;
import jdk.testlibrary.ProcessTools;
import jdk.testlibrary.JarUtils;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
/**
* @test
* @bug 8024302 8026037
* @summary Test for chainNotValidated warning
* @library /lib/testlibrary ../
- * @run main ChainNotValidatedTest
+ * @run main ChainNotValidatedTest ca2yes
+ * @run main ChainNotValidatedTest ca2no
*/
public class ChainNotValidatedTest extends Test {
- private static final String CHAIN = "chain";
-
- /**
- * The test signs and verifies a jar that contains entries
- * whose cert chain can't be correctly validated (chainNotValidated).
- * Warning message is expected.
- */
public static void main(String[] args) throws Throwable {
ChainNotValidatedTest test = new ChainNotValidatedTest();
- test.start();
+ test.start(args[0].equals("ca2yes"));
}
- private void start() throws Throwable {
+ private void start(boolean ca2yes) throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
- // create self-signed certificate whose BasicConstraints extension
- // is set to false, so the certificate may not be used
- // as a parent certificate (certpath validation should fail)
- ProcessTools.executeCommand(KEYTOOL,
- "-genkeypair",
- "-alias", CA_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=CA",
- "-ext", "BasicConstraints:critical=ca:false",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ // We have 2 @run. Need cleanup.
+ Files.deleteIfExists(Paths.get(KEYSTORE));
- // create a certificate that is signed by self-signed certificate
- // despite of it may not be used as a parent certificate
- // (certpath validation should fail)
- ProcessTools.executeCommand(KEYTOOL,
- "-genkeypair",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
- "-ext", "BasicConstraints:critical=ca:false",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ // Root CA is not checked at all. If the intermediate CA has
+ // BasicConstraints extension set to true, it will be valid.
+ // Otherwise, chain validation will fail.
+ createAlias(CA_KEY_ALIAS);
+ createAlias(CA2_KEY_ALIAS);
+ issueCert(CA2_KEY_ALIAS,
+ "-ext",
+ "bc=ca:" + ca2yes);
- ProcessTools.executeCommand(KEYTOOL,
- "-certreq",
- "-alias", KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-file", CERT_REQUEST_FILENAME).shouldHaveExitValue(0);
+ createAlias(KEY_ALIAS);
+ issueCert(KEY_ALIAS, "-alias", CA2_KEY_ALIAS);
- ProcessTools.executeCommand(KEYTOOL,
- "-gencert",
- "-alias", CA_KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-infile", CERT_REQUEST_FILENAME,
- "-validity", Integer.toString(VALIDITY),
- "-outfile", CERT_FILENAME).shouldHaveExitValue(0);
-
- ProcessTools.executeCommand(KEYTOOL,
- "-importcert",
- "-alias", KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-file", CERT_FILENAME).shouldHaveExitValue(0);
-
- ProcessBuilder pb = new ProcessBuilder(KEYTOOL,
- "-export",
- "-rfc",
- "-alias", KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD);
- pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN)));
- ProcessTools.executeCommand(pb).shouldHaveExitValue(0);
-
- pb = new ProcessBuilder(KEYTOOL,
- "-export",
- "-rfc",
- "-alias", CA_KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD);
- pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN)));
- ProcessTools.executeCommand(pb).shouldHaveExitValue(0);
-
- // remove CA certificate
+ // remove CA2 certificate so it's not trusted
ProcessTools.executeCommand(KEYTOOL,
"-delete",
- "-alias", CA_KEY_ALIAS,
+ "-alias", CA2_KEY_ALIAS,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD).shouldHaveExitValue(0);
@@ -141,12 +76,15 @@
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
- "-certchain", CHAIN,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
- checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING);
+ if (ca2yes) {
+ checkSigning(analyzer, "!" + CHAIN_NOT_VALIDATED_SIGNING_WARNING);
+ } else {
+ checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING);
+ }
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
@@ -155,10 +93,13 @@
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
- "-certchain", CHAIN,
SIGNED_JARFILE);
- checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ if (ca2yes) {
+ checkVerifying(analyzer, 0, "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ } else {
+ checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ }
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
@@ -168,11 +109,15 @@
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
- "-certchain", CHAIN,
SIGNED_JARFILE);
- checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE,
- CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ if (ca2yes) {
+ checkVerifying(analyzer, 0,
+ "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ } else {
+ checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE,
+ CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ }
System.out.println("Test passed");
}
diff --git a/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java b/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java
index ccb8e91..f457776 100644
--- a/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,18 +52,13 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
"-startdate", "-" + SHORT_VALIDITY * 2 + "d",
- "-validity", Integer.toString(SHORT_VALIDITY))
- .shouldHaveExitValue(0);
+ "-validity", Integer.toString(SHORT_VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java b/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java
index f34148e..8a71c66 100644
--- a/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,17 +52,12 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
- "-validity", Integer.toString(SHORT_VALIDITY))
- .shouldHaveExitValue(0);
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
+ "-validity", Integer.toString(SHORT_VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java b/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java
index e71feb3..078ff89 100644
--- a/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -51,16 +51,11 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+ issueCert(
+ KEY_ALIAS,
+ "-validity", Integer.toString(VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java b/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java
index 677914c..862e8ca 100644
--- a/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,35 +54,25 @@
// create a jar file that contains one class file
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
+ createAlias(CA_KEY_ALIAS);
+
// create first expired certificate
// whose ExtendedKeyUsage extension does not allow code signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", FIRST_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=First",
+ createAlias(FIRST_KEY_ALIAS);
+ issueCert(
+ FIRST_KEY_ALIAS,
"-ext", "ExtendedkeyUsage=serverAuth",
"-startdate", "-" + VALIDITY * 2 + "d",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ "-validity", Integer.toString(VALIDITY));
// create second expired certificate
// whose KeyUsage extension does not allow code signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", SECOND_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Second",
+ createAlias(SECOND_KEY_ALIAS);
+ issueCert(
+ SECOND_KEY_ALIAS,
"-ext", "ExtendedkeyUsage=serverAuth",
"-startdate", "-" + VALIDITY * 2 + "d",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ "-validity", Integer.toString(VALIDITY));
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java b/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java
index 10b142a..8429fe2 100644
--- a/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -57,15 +57,9 @@
* 24 * 60 * 60 * 1000L);
// create key pair
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+ issueCert(KEY_ALIAS,
"-validity", Integer.toString(VALIDITY));
// sign jar file
diff --git a/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java b/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java
index 40ef68e..9fb9262 100644
--- a/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,29 +49,19 @@
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
- // create first key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", FIRST_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=First",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ createAlias(CA_KEY_ALIAS);
// create first key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", SECOND_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Second",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ createAlias(FIRST_KEY_ALIAS);
+ issueCert(
+ FIRST_KEY_ALIAS,
+ "-validity", Integer.toString(VALIDITY));
+
+ // create first key pair for signing
+ createAlias(SECOND_KEY_ALIAS);
+ issueCert(
+ SECOND_KEY_ALIAS,
+ "-validity", Integer.toString(VALIDITY));
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java b/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java
index a75c278..4d19c9a 100644
--- a/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java
+++ b/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -50,15 +50,11 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create certificate that will be valid only tomorrow
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
"-startdate", "+1d",
"-validity", Integer.toString(VALIDITY));
diff --git a/test/sun/security/tools/jarsigner/warnings/Test.java b/test/sun/security/tools/jarsigner/warnings/Test.java
index 5688d61..939b904 100644
--- a/test/sun/security/tools/jarsigner/warnings/Test.java
+++ b/test/sun/security/tools/jarsigner/warnings/Test.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,6 @@
static final String FIRST_FILE = "first.txt";
static final String SECOND_FILE = "second.txt";
static final String PASSWORD = "password";
- static final String BOTH_KEYS_KEYSTORE = "both_keys.jks";
static final String FIRST_KEY_KEYSTORE = "first_key.jks";
static final String KEYSTORE = "keystore.jks";
static final String FIRST_KEY_ALIAS = "first";
@@ -55,11 +54,13 @@
static final String CERT_REQUEST_FILENAME = "test.req";
static final String CERT_FILENAME = "test.crt";
static final String CA_KEY_ALIAS = "ca";
+ static final String CA2_KEY_ALIAS = "ca2";
static final int KEY_SIZE = 2048;
static final int TIMEOUT = 6 * 60 * 1000; // in millis
static final int VALIDITY = 365;
static final String WARNING = "Warning:";
+ static final String WARNING_OR_ERROR = "(Warning|Error):";
static final String CHAIN_NOT_VALIDATED_VERIFYING_WARNING
= "This jar contains entries "
@@ -126,10 +127,10 @@
+ "(%1$tY-%1$tm-%1$td) or after any future revocation date.";
static final String NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE
- = "This jar contains signatures that does not include a timestamp. "
+ = "This jar contains signatures that do not include a timestamp. "
+ "Without a timestamp, users may not be able to validate this jar "
- + "after the signer certificate's expiration date "
- + "(%1$tY-%1$tm-%1$td) or after any future revocation date.";
+ + "after any of the signer certificates expire "
+ + "(as early as %1$tY-%1$tm-%1$td).";
static final String NOT_YET_VALID_CERT_SIGNING_WARNING
= "The signer certificate is not yet valid.";
@@ -154,14 +155,72 @@
static final int ALIAS_NOT_IN_STORE_EXIT_CODE = 32;
static final int NOT_SIGNED_BY_ALIAS_EXIT_CODE = 32;
+ protected void createAlias(String alias, String ... options)
+ throws Throwable {
+ List<String> cmd = new ArrayList<>();
+ cmd.addAll(Arrays.asList(
+ "-genkeypair",
+ "-alias", alias,
+ "-keyalg", KEY_ALG,
+ "-keysize", Integer.toString(KEY_SIZE),
+ "-keystore", KEYSTORE,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-dname", "CN=" + alias));
+ cmd.addAll(Arrays.asList(options));
+
+ keytool(cmd.toArray(new String[cmd.size()]))
+ .shouldHaveExitValue(0);
+ }
+
+ protected void issueCert(String alias, String ... options)
+ throws Throwable {
+ keytool("-certreq",
+ "-alias", alias,
+ "-keystore", KEYSTORE,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-file", alias + ".req")
+ .shouldHaveExitValue(0);
+
+ List<String> cmd = new ArrayList<>();
+ cmd.addAll(Arrays.asList(
+ "-gencert",
+ "-alias", CA_KEY_ALIAS,
+ "-infile", alias + ".req",
+ "-outfile", alias + ".cert",
+ "-keystore", KEYSTORE,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-file", alias + ".req"));
+ cmd.addAll(Arrays.asList(options));
+
+ keytool(cmd.toArray(new String[cmd.size()]))
+ .shouldHaveExitValue(0);
+
+ keytool("-importcert",
+ "-alias", alias,
+ "-keystore", KEYSTORE,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-file", alias + ".cert")
+ .shouldHaveExitValue(0);
+ }
+
protected void checkVerifying(OutputAnalyzer analyzer, int expectedExitCode,
String... warnings) {
analyzer.shouldHaveExitValue(expectedExitCode);
+ int count = 0;
for (String warning : warnings) {
- analyzer.shouldContain(warning);
+ if (warning.startsWith("!")) {
+ analyzer.shouldNotContain(warning.substring(1));
+ } else {
+ count++;
+ analyzer.shouldContain(warning);
+ }
}
- if (warnings.length > 0) {
- analyzer.shouldContain(WARNING);
+ if (count > 0) {
+ analyzer.shouldMatch(WARNING_OR_ERROR);
}
if (expectedExitCode == 0) {
analyzer.shouldContain(JAR_VERIFIED);
@@ -172,11 +231,17 @@
protected void checkSigning(OutputAnalyzer analyzer, String... warnings) {
analyzer.shouldHaveExitValue(0);
+ int count = 0;
for (String warning : warnings) {
- analyzer.shouldContain(warning);
+ if (warning.startsWith("!")) {
+ analyzer.shouldNotContain(warning.substring(1));
+ } else {
+ count++;
+ analyzer.shouldContain(warning);
+ }
}
- if (warnings.length > 0) {
- analyzer.shouldContain(WARNING);
+ if (count > 0) {
+ analyzer.shouldMatch(WARNING_OR_ERROR);
}
analyzer.shouldContain(JAR_SIGNED);
}
diff --git a/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64 b/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64
deleted file mode 100644
index 756d5ff..0000000
--- a/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64
+++ /dev/null
@@ -1,26 +0,0 @@
-/u3+7QAAAAIAAAABAAAAAQAFYWxpYXMAAAFBpkwW0gAAAr0wggK5MA4GCisGAQQB
-KgIRAQEFAASCAqWkGJ3PPjYmWNKrV23Y1u413RMAkrRZ+1OLWYRcQt4jtxtIyEH5
-Ho5b9dy9XN9FBKlTOD4c2Pc1T43BLKXeuLu3uLLeIxgXFt0z9CLyGwdYZZ751kXr
-DQ99qY6aNQUO6SeE4Wdty0KPAqid6ZJ8bF7T6wsTZSvNhaBRzyFydEfG7bbUYjOl
-mWC44nlsu6VEU3o9RQpcm1gIMwradOaIVT/HoB2bKmAv8gHqI6kreiEZwTdZkSAI
-IRi2vt1RPllXt5hgjDxUfZe8XOYYweR4Vt2/jVuKLJ80DNTu/9SeUD88zQAz53k4
-r3nRhv6TRcPm6tV/Fh92XLHiskL+TAzTfm+bUAudPCCVxN+yRtxvAgA+UhdV/SuM
-Zn5F6nrmP+YJG1hmprgCJIJJaCEXa9RXYC+vIVpO0WVNRuGlGm+/1afnOuQC8Wss
-ShXwjkaqTwAhqBFq7eYmmP8BK3gflYrt2zDLXvhl4ndVvMhMthFJ3ZvLh2LWpqLI
-/n8EMCf8US3lIEFk9DTHBZjffiHkqK2e7+FXEpG3xrgE6ZYLMdbd5Pb3YjZfhQx+
-ZTtiEFzYSaEGhacek/m7dRq1qmwgFsytng2OdWZe2ln8LJY0odr1dGUfJHfgafvi
-tlfbkg/rgjONtwliChDggbkUwnerrj/D/zrdEufUvfyltSshhHXRNDD3fH6spmEk
-hHKgxEc4yvxqJxzdMGtuib355aSfNegyl+GsnsKzXQCVEK2h3BLTQObzaD+8NZ12
-LQHvbrCiaS34vxJ3rEC+a+SW7itZp0aCdXMWdMJNkRKqyLBD3vG3zN05sN3XrhEM
-8BRT020TWY00tbVFbbBFheYLQRgTjrQtr0Yt6UHWBZc4N20crDLcSH5gqcCOVpla
-1Y2uqFEn8yqrGRwn/kgfNgAAAAEABVguNTA5AAABtTCCAbEwggEaoAMCAQICCQDH
-cEuVvzCuqzANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDDARUZXN0MB4XDTEzMTAx
-MTA2NTUwNloXDTIzMTAwOTA2NTUwNlowDzENMAsGA1UEAwwEVGVzdDCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA8hOfp2Dcnvt//ZZQAja9TRiwKqXVS+TiYE3S
-gngCBjIi+YYdo0DsUeO5MBfE6uvCWOr5lwAR/u1iaJOhIoGJDiGoPasZlt+yIgtR
-LzA7j2q+1q6kcwiVxfikI3aUgHV/QsybTriT4Bf7TQNKtJG23MQa4sD7+PjtCWD7
-p3cHTfkCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBBQUA
-A4GBAKoDlTJ8wLRA7G8XdGm4gv733n1cSQzlkcsjfOO6/mA5Jvu8tyFNq9HTf9AT
-VXbrbGcUYJjhzSSY3w5apXK1kXyqTB1LUNEJ45WnmciqSSecVTpJz9TuegyoX0Zf
-HScSgqfDmjqoiiFiNCgn3ZEJ85ykGvoFYGH+php+BVi3S0bj5E/jRpyV3vNnii/S
-wJDSAXF6bYU=
diff --git a/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh b/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh
deleted file mode 100644
index 49fe91e..0000000
--- a/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-#!/bin/sh
-
-# This script creates JKS keystore with a certificate
-# that contains Netscape Certificate Type extension
-# that does not allow code signing
-# The keystore is used by BadNetscapeCertTypeTest.java test
-
-rm -rf keystore.jks
-echo "nsCertType = client" > ext.cfg
-
-openssl req -new -out cert.req -keyout key.pem -days 3650 \
- -passin pass:password -passout pass:password -subj "/CN=Test"
-openssl x509 -in cert.req -out cert.pem -req -signkey key.pem -days 3650 \
- -passin pass:password -extfile ext.cfg
-openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 \
- -passin pass:password -passout pass:password -name alias
-
-${JAVA_HOME}/bin/keytool -importkeystore \
- -srckeystore keystore.p12 -srcstoretype pkcs12 \
- -srcstorepass password -alias alias \
- -destkeystore bad_netscape_cert_type.jks -deststoretype jks \
- -deststorepass password -destalias alias \
-
-openssl base64 < bad_netscape_cert_type.jks > bad_netscape_cert_type.jks.base64
-rm -rf cert.req key.pem cert.pem keystore.p12 ext.cfg bad_netscape_cert_type.jks
diff --git a/test/sun/util/calendar/zi/tzdata/VERSION b/test/sun/util/calendar/zi/tzdata/VERSION
index 22002be..e3fa922 100644
--- a/test/sun/util/calendar/zi/tzdata/VERSION
+++ b/test/sun/util/calendar/zi/tzdata/VERSION
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2018e
+tzdata2018g
diff --git a/test/sun/util/calendar/zi/tzdata/africa b/test/sun/util/calendar/zi/tzdata/africa
index 1c305f8..e2ffac2 100644
--- a/test/sun/util/calendar/zi/tzdata/africa
+++ b/test/sun/util/calendar/zi/tzdata/africa
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Africa and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -29,7 +31,7 @@
# tz@iana.org for general use in the future). For more, please see
# the file CONTRIBUTING in the tz distribution.
-# From Paul Eggert (2017-04-09):
+# From Paul Eggert (2018-05-27):
#
# Unless otherwise specified, the source for data through 1990 is:
# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -74,13 +76,15 @@
# I vaguely recall 'WAT' also being used for -01 in the past but
# cannot now come up with solid citations.
#
-# I invented the following abbreviations; corrections are welcome!
-# +02 WAST West Africa Summer Time (no longer used)
-# +03 CAST Central Africa Summer Time (no longer used)
-# +03 SAST South Africa Summer Time (no longer used)
+# I invented the following abbreviations in the 1990s:
+# +02 WAST West Africa Summer Time
+# +03 CAST Central Africa Summer Time
+# +03 SAST South Africa Summer Time
# +03 EAT East Africa Time
-# 'EAT' also seems to have caught on; the others are rare but are paired
-# with better-attested non-DST abbreviations.
+# 'EAT' seems to have caught on and is in current timestamps, and though
+# the other abbreviations are rarer and are only in past timestamps,
+# they are paired with better-attested non-DST abbreviations.
+# Corrections are welcome.
# Algeria
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@@ -385,6 +389,13 @@
# Eritrea
# Ethiopia
# See Africa/Nairobi.
+#
+# Unfortunately tzdb records only Western clock time in use in Ethiopia,
+# as the tzdb format is not up to properly recording a common Ethiopian
+# timekeeping practice that is based on solar time. See:
+# Mortada D. If you have a meeting in Ethiopia, you'd better double
+# check the time. PRI's The World. 2015-01-30 15:15 -05.
+# https://www.pri.org/stories/2015-01-30/if-you-have-meeting-ethiopia-you-better-double-check-time
# Gabon
# See Africa/Lagos.
@@ -856,94 +867,61 @@
# <https://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/> agrees
# with the patch.
-# From Paul Eggert (2015-06-08):
-# For now, guess that later spring and fall transitions will use 2015's rules,
-# and guess that Morocco will switch to standard time at 03:00 the last
-# Sunday before Ramadan, and back to DST at 02:00 the first Sunday after
-# Ramadan. To implement this, transition dates for 2016 through 2037 were
-# determined by running the following program under GNU Emacs 24.3, with the
-# results integrated by hand into the table below.
-# (let ((islamic-year 1437))
-# (require 'cal-islam)
-# (while (< islamic-year 1460)
-# (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year)))
-# (b (calendar-islamic-to-absolute (list 10 1 islamic-year)))
-# (sunday 0))
-# (while (/= sunday (mod (setq a (1- a)) 7)))
-# (while (/= sunday (mod b 7))
-# (setq b (1+ b)))
-# (setq a (calendar-gregorian-from-absolute a))
-# (setq b (calendar-gregorian-from-absolute b))
-# (insert
-# (format
-# (concat "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 3:00\t0\t-\n"
-# "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 2:00\t1:00\tS\n")
-# (car (cdr (cdr a))) (calendar-month-name (car a) t) (car (cdr a))
-# (car (cdr (cdr b))) (calendar-month-name (car b) t) (car (cdr b)))))
-# (setq islamic-year (+ 1 islamic-year))))
+# From Mohamed Essedik Najd (2018-10-26):
+# Today, a Moroccan government council approved the perpetual addition
+# of 60 minutes to the regular Moroccan timezone.
+# From Brian Inglis (2018-10-26):
+# http://www.maroc.ma/fr/actualites/le-conseil-de-gouvernement-adopte-un-projet-de-decret-relatif-lheure-legale-stipulant-le
# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-
-Rule Morocco 1939 only - Sep 12 0:00 1:00 S
+Rule Morocco 1939 only - Sep 12 0:00 1:00 -
Rule Morocco 1939 only - Nov 19 0:00 0 -
-Rule Morocco 1940 only - Feb 25 0:00 1:00 S
+Rule Morocco 1940 only - Feb 25 0:00 1:00 -
Rule Morocco 1945 only - Nov 18 0:00 0 -
-Rule Morocco 1950 only - Jun 11 0:00 1:00 S
+Rule Morocco 1950 only - Jun 11 0:00 1:00 -
Rule Morocco 1950 only - Oct 29 0:00 0 -
-Rule Morocco 1967 only - Jun 3 12:00 1:00 S
+Rule Morocco 1967 only - Jun 3 12:00 1:00 -
Rule Morocco 1967 only - Oct 1 0:00 0 -
-Rule Morocco 1974 only - Jun 24 0:00 1:00 S
+Rule Morocco 1974 only - Jun 24 0:00 1:00 -
Rule Morocco 1974 only - Sep 1 0:00 0 -
-Rule Morocco 1976 1977 - May 1 0:00 1:00 S
+Rule Morocco 1976 1977 - May 1 0:00 1:00 -
Rule Morocco 1976 only - Aug 1 0:00 0 -
Rule Morocco 1977 only - Sep 28 0:00 0 -
-Rule Morocco 1978 only - Jun 1 0:00 1:00 S
+Rule Morocco 1978 only - Jun 1 0:00 1:00 -
Rule Morocco 1978 only - Aug 4 0:00 0 -
-Rule Morocco 2008 only - Jun 1 0:00 1:00 S
+Rule Morocco 2008 only - Jun 1 0:00 1:00 -
Rule Morocco 2008 only - Sep 1 0:00 0 -
-Rule Morocco 2009 only - Jun 1 0:00 1:00 S
+Rule Morocco 2009 only - Jun 1 0:00 1:00 -
Rule Morocco 2009 only - Aug 21 0:00 0 -
-Rule Morocco 2010 only - May 2 0:00 1:00 S
+Rule Morocco 2010 only - May 2 0:00 1:00 -
Rule Morocco 2010 only - Aug 8 0:00 0 -
-Rule Morocco 2011 only - Apr 3 0:00 1:00 S
+Rule Morocco 2011 only - Apr 3 0:00 1:00 -
Rule Morocco 2011 only - Jul 31 0:00 0 -
-Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S
+Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 -
Rule Morocco 2012 only - Jul 20 3:00 0 -
-Rule Morocco 2012 only - Aug 20 2:00 1:00 S
+Rule Morocco 2012 only - Aug 20 2:00 1:00 -
Rule Morocco 2012 only - Sep 30 3:00 0 -
Rule Morocco 2013 only - Jul 7 3:00 0 -
-Rule Morocco 2013 only - Aug 10 2:00 1:00 S
-Rule Morocco 2013 max - Oct lastSun 3:00 0 -
-Rule Morocco 2014 2021 - Mar lastSun 2:00 1:00 S
+Rule Morocco 2013 only - Aug 10 2:00 1:00 -
+Rule Morocco 2013 2018 - Oct lastSun 3:00 0 -
+Rule Morocco 2014 2018 - Mar lastSun 2:00 1:00 -
Rule Morocco 2014 only - Jun 28 3:00 0 -
-Rule Morocco 2014 only - Aug 2 2:00 1:00 S
+Rule Morocco 2014 only - Aug 2 2:00 1:00 -
Rule Morocco 2015 only - Jun 14 3:00 0 -
-Rule Morocco 2015 only - Jul 19 2:00 1:00 S
+Rule Morocco 2015 only - Jul 19 2:00 1:00 -
Rule Morocco 2016 only - Jun 5 3:00 0 -
-Rule Morocco 2016 only - Jul 10 2:00 1:00 S
+Rule Morocco 2016 only - Jul 10 2:00 1:00 -
Rule Morocco 2017 only - May 21 3:00 0 -
-Rule Morocco 2017 only - Jul 2 2:00 1:00 S
+Rule Morocco 2017 only - Jul 2 2:00 1:00 -
Rule Morocco 2018 only - May 13 3:00 0 -
-Rule Morocco 2018 only - Jun 17 2:00 1:00 S
-Rule Morocco 2019 only - May 5 3:00 0 -
-Rule Morocco 2019 only - Jun 9 2:00 1:00 S
-Rule Morocco 2020 only - Apr 19 3:00 0 -
-Rule Morocco 2020 only - May 24 2:00 1:00 S
-Rule Morocco 2021 only - Apr 11 3:00 0 -
-Rule Morocco 2021 only - May 16 2:00 1:00 S
-Rule Morocco 2022 only - May 8 2:00 1:00 S
-Rule Morocco 2023 only - Apr 23 2:00 1:00 S
-Rule Morocco 2024 only - Apr 14 2:00 1:00 S
-Rule Morocco 2025 only - Apr 6 2:00 1:00 S
-Rule Morocco 2026 max - Mar lastSun 2:00 1:00 S
-Rule Morocco 2036 only - Oct 19 3:00 0 -
-Rule Morocco 2037 only - Oct 4 3:00 0 -
+Rule Morocco 2018 only - Jun 17 2:00 1:00 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26
- 0:00 Morocco WE%sT 1984 Mar 16
- 1:00 - CET 1986
- 0:00 Morocco WE%sT
+ 0:00 Morocco +00/+01 1984 Mar 16
+ 1:00 - +01 1986
+ 0:00 Morocco +00/+01 2018 Oct 27
+ 1:00 - +01
# Western Sahara
#
@@ -958,7 +936,8 @@
Zone Africa/El_Aaiun -0:52:48 - LMT 1934 Jan # El Aaiún
-1:00 - -01 1976 Apr 14
- 0:00 Morocco WE%sT
+ 0:00 Morocco +00/+01 2018 Oct 27
+ 1:00 - +01
# Mozambique
#
diff --git a/test/sun/util/calendar/zi/tzdata/antarctica b/test/sun/util/calendar/zi/tzdata/antarctica
index 74ce2dc..d98afed 100644
--- a/test/sun/util/calendar/zi/tzdata/antarctica
+++ b/test/sun/util/calendar/zi/tzdata/antarctica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Antarctica and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/test/sun/util/calendar/zi/tzdata/asia b/test/sun/util/calendar/zi/tzdata/asia
index 271760c..9847e91 100644
--- a/test/sun/util/calendar/zi/tzdata/asia
+++ b/test/sun/util/calendar/zi/tzdata/asia
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Asia and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -29,7 +31,7 @@
# tz@iana.org for general use in the future). For more, please see
# the file CONTRIBUTING in the tz distribution.
-# From Paul Eggert (2017-01-13):
+# From Paul Eggert (2018-06-19):
#
# Unless otherwise specified, the source for data through 1990 is:
# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -58,7 +60,8 @@
# A reliable and entertaining source about time zones is
# Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997).
#
-# The following alphabetic abbreviations appear in these tables:
+# The following alphabetic abbreviations appear in these tables
+# (corrections are welcome):
# std dst
# LMT Local Mean Time
# 2:00 EET EEST Eastern European Time
@@ -67,11 +70,13 @@
# 7:00 WIB west Indonesia (Waktu Indonesia Barat)
# 8:00 WITA central Indonesia (Waktu Indonesia Tengah)
# 8:00 CST China
+# 8:00 PST PDT* Philippine Standard Time
# 8:30 KST KDT Korea when at +0830
# 9:00 WIT east Indonesia (Waktu Indonesia Timur)
# 9:00 JST JDT Japan
# 9:00 KST KDT Korea when at +09
# 9:30 ACST Australian Central Standard Time
+# *I invented the abbreviation PDT; see "Philippines" below.
# Otherwise, these tables typically use numeric abbreviations like +03
# and +0330 for integer hour and minute UT offsets. Although earlier
# editions invented alphabetic time zone abbreviations for every
@@ -304,6 +309,29 @@
# China
+# From Paul Eggert (2018-10-02):
+# The following comes from Table 1 of:
+# Li Yu. Research on the daylight saving movement in 1940s Shanghai.
+# Nanjing Journal of Social Sciences. 2014;(2):144-50.
+# http://oversea.cnki.net/kns55/detail.aspx?dbname=CJFD2014&filename=NJSH201402020
+# The table lists dates only; I am guessing 00:00 and 24:00 transition times.
+# Also, the table lists the planned end of DST in 1949, but the corresponding
+# zone line cuts this off on May 28, when the Communists took power.
+#
+# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+Rule Shang 1940 only - Jun 1 0:00 1:00 D
+Rule Shang 1940 only - Oct 12 24:00 0 S
+Rule Shang 1941 only - Mar 15 0:00 1:00 D
+Rule Shang 1941 only - Nov 1 24:00 0 S
+Rule Shang 1942 only - Jan 31 0:00 1:00 D
+Rule Shang 1945 only - Sep 1 24:00 0 S
+Rule Shang 1946 only - May 15 0:00 1:00 D
+Rule Shang 1946 only - Sep 30 24:00 0 S
+Rule Shang 1947 only - Apr 15 0:00 1:00 D
+Rule Shang 1947 only - Oct 31 24:00 0 S
+Rule Shang 1948 1949 - May 1 0:00 1:00 D
+Rule Shang 1948 1949 - Sep 30 24:00 0 S #plan
+
# From Guy Harris:
# People's Republic of China. Yes, they really have only one time zone.
@@ -330,18 +358,33 @@
# time - sort of", Los Angeles Times, 1986-05-05 ... [says] that China began
# observing daylight saving time in 1986.
-# From Paul Eggert (2014-06-30):
-# Shanks & Pottenger have China switching to a single time zone in 1980, but
-# this doesn't seem to be correct. They also write that China observed summer
-# DST from 1986 through 1991, which seems to match the above commentary, so
-# go with them for DST rules as follows:
+# From P Chan (2018-05-07):
+# The start and end time of DST in China [from 1986 on] should be 2:00
+# (i.e. 2:00 to 3:00 at the start and 2:00 to 1:00 at the end)....
+# Government notices about summer time:
+#
+# 1986-04-12 http://www.zj.gov.cn/attach/zfgb/198608.pdf p.21-22
+# (To establish summer time from 1986. On 4 May, set the clocks ahead one hour
+# at 2 am. On 14 September, set the clocks backward one hour at 2 am.)
+#
+# 1987-02-15 http://www.gov.cn/gongbao/shuju/1987/gwyb198703.pdf p.114
+# (Summer time in 1987 to start from 12 April until 13 September)
+#
+# 1987-09-09 http://www.gov.cn/gongbao/shuju/1987/gwyb198721.pdf p.709
+# (From 1988, summer time to start from 2 am of the first Sunday of mid-April
+# until 2 am of the first Sunday of mid-September)
+#
+# 1992-03-03 http://www.gov.cn/gongbao/shuju/1992/gwyb199205.pdf p.152
+# (To suspend summer time from 1992)
+#
+# The first page of People's Daily on 12 April 1988 stating that summer time
+# to begin on 17 April.
+# http://data.people.com.cn/pic/101p/1988/04/1988041201.jpg
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Shang 1940 only - Jun 3 0:00 1:00 D
-Rule Shang 1940 1941 - Oct 1 0:00 0 S
-Rule Shang 1941 only - Mar 16 0:00 1:00 D
-Rule PRC 1986 only - May 4 0:00 1:00 D
-Rule PRC 1986 1991 - Sep Sun>=11 0:00 0 S
-Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
+Rule PRC 1986 only - May 4 2:00 1:00 D
+Rule PRC 1986 1991 - Sep Sun>=11 2:00 0 S
+Rule PRC 1987 1991 - Apr Sun>=11 2:00 1:00 D
# From Anthony Fok (2001-12-20):
# BTW, I did some research on-line and found some info regarding these five
@@ -363,10 +406,11 @@
# Alois Treindl kindly sent me translations of the following two sources:
#
# (1)
-# Guo Qingsheng (National Time-Service Center, CAS, Xi'an 710600, China)
+# Guo Qing-sheng (National Time-Service Center, CAS, Xi'an 710600, China)
# Beijing Time at the Beginning of the PRC
# China Historical Materials of Science and Technology
-# (Zhongguo ke ji shi liao, 中国科技史料), Vol. 24, No. 1 (2003)
+# (Zhongguo ke ji shi liao, 中国科技史料). 2003;24(1):5-9.
+# http://oversea.cnki.net/kcms/detail/detail.aspx?filename=ZGKS200301000&dbname=CJFD2003
# It gives evidence that at the beginning of the PRC, Beijing time was
# officially apparent solar time! However, Guo also says that the
# evidence is dubious, as the relevant institute of astronomy had not
@@ -543,7 +587,7 @@
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Beijing time, used throughout China; represented by Shanghai.
Zone Asia/Shanghai 8:05:43 - LMT 1901
- 8:00 Shang C%sT 1949
+ 8:00 Shang C%sT 1949 May 28
8:00 PRC C%sT
# Xinjiang time, used by many in western China; represented by Ürümqi / Ürümchi
# / Wulumuqi. (Please use Asia/Shanghai if you prefer Beijing time.)
@@ -772,24 +816,140 @@
8:00 Taiwan C%sT
# Macau (Macao, Aomen)
+#
+# From P Chan (2018-05-10):
+# * LegisMac
+# http://legismac.safp.gov.mo/legismac/descqry/Descqry.jsf?lang=pt
+# A database for searching titles of legal documents of Macau in
+# Chinese and Portuguese. The term "HORÁRIO DE VERÃO" can be used for
+# searching decrees about summer time.
+# * Archives of Macao
+# http://www.archives.gov.mo/en/bo/
+# It contains images of old official gazettes.
+# * The Macao Meteorological and Geophysical Bureau have a page listing the
+# summer time history. But it is not complete and has some mistakes.
+# http://www.smg.gov.mo/smg/geophysics/e_t_Summer%20Time.htm
+# Macau adopted GMT+8 on 30 Oct 1904 to follow Hong Kong. Clocks were
+# advanced by 25 minutes and 50 seconds. Which means the LMT used was
+# +7:34:10. As stated in the "Portaria No. 204" dated 21 October 1904
+# and published in the Official Gazette on 29 October 1904.
+# http://igallery.icm.gov.mo/Images/Archives/BO/MO_AH_PUB_BO_1904_10/MO_AH_PUB_BO_1904_10_00025_Grey.JPG
+#
+# Therefore the 1911 decree of Portugal did not change time in Macau.
+#
+# From LegisMac, here is a list of decrees that changed the time ...
+# [Decree Gazette-no. date; titles omitted in this quotation]
+# DIL 732 BOCM 51 1941.12.20
+# DIL 764 BOCM 9S 1942.04.30
+# DIL 781 BOCM 21 1942.10.10
+# PT 3434 BOCM 8S 1943.04.17
+# PT 3504 BOCM 20 1943.09.25
+# PT 3843 BOCM 39 1945.09.29
+# PT 3961 BOCM 17 1946.04.27
+# PT 4026 BOCM 39 1946.09.28
+# PT 4153 BOCM 16 1947.04.10
+# PT 4271 BOCM 48 1947.11.29
+# PT 4374 BOCM 18 1948.05.01
+# PT 4465 BOCM 44 1948.10.30
+# PT 4590 BOCM 14 1949.04.02
+# PT 4666 BOCM 44 1949.10.29
+# PT 4771 BOCM 12 1950.03.25
+# PT 4838 BOCM 43 1950.10.28
+# PT 4946 BOCM 12 1951.03.24
+# PT 5025 BO 43 1951.10.27
+# PT 5149 BO 14 1952.04.05
+# PT 5251 BO 43 1952.10.25
+# PT 5366 BO 13 1953.03.28
+# PT 5444 BO 44 1953.10.31
+# PT 5540 BO 12 1954.03.20
+# PT 5589 BO 44 1954.10.30
+# PT 5676 BO 12 1955.03.19
+# PT 5739 BO 45 1955.11.05
+# PT 5823 BO 11 1956.03.17
+# PT 5891 BO 44 1956.11.03
+# PT 5981 BO 12 1957.03.23
+# PT 6064 BO 43 1957.10.26
+# PT 6172 BO 12 1958.03.22
+# PT 6243 BO 43 1958.10.25
+# PT 6341 BO 12 1959.03.21
+# PT 6411 BO 43 1959.10.24
+# PT 6514 BO 11 1960.03.12
+# PT 6584 BO 44 1960.10.29
+# PT 6721 BO 10 1961.03.11
+# PT 6815 BO 43 1961.10.28
+# PT 6947 BO 10 1962.03.10
+# PT 7080 BO 43 1962.10.27
+# PT 7218 BO 12 1963.03.23
+# PT 7340 BO 43 1963.10.26
+# PT 7491 BO 11 1964.03.14
+# PT 7664 BO 43 1964.10.24
+# PT 7846 BO 15 1965.04.10
+# PT 7979 BO 42 1965.10.16
+# PT 8146 BO 15 1966.04.09
+# PT 8252 BO 41 1966.10.08
+# PT 8429 BO 15 1967.04.15
+# PT 8540 BO 41 1967.10.14
+# PT 8735 BO 15 1968.04.13
+# PT 8860 BO 41 1968.10.12
+# PT 9035 BO 16 1969.04.19
+# PT 9156 BO 42 1969.10.18
+# PT 9328 BO 15 1970.04.11
+# PT 9418 BO 41 1970.10.10
+# PT 9587 BO 14 1971.04.03
+# PT 9702 BO 41 1971.10.09
+# PT 38-A/72 BO 14 1972.04.01
+# PT 126-A/72 BO 41 1972.10.07
+# PT 61/73 BO 14 1973.04.07
+# PT 182/73 BO 40 1973.10.06
+# PT 282/73 BO 51 1973.12.22
+# PT 177/74 BO 41 1974.10.12
+# PT 51/75 BO 15 1975.04.12
+# PT 173/75 BO 41 1975.10.11
+# PT 67/76/M BO 14 1976.04.03
+# PT 169/76/M BO 41 1976.10.09
+# PT 78/79/M BO 19 1979.05.12
+# PT 166/79/M BO 42 1979.10.20
+# Note that DIL 732 does not belong to "HORÁRIO DE VERÃO" according to
+# LegisMac.... Note that between 1942 and 1945, the time switched
+# between GMT+9 and GMT+10. Also in 1965 and 1965 the DST ended at 2:30am.
+
+# From Paul Eggert (2018-05-10):
+# The 1904 decree says that Macau changed from the meridian of
+# Fortaleza do Monte, presumably the basis for the 7:34:10 for LMT.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Macau 1961 1962 - Mar Sun>=16 3:30 1:00 D
-Rule Macau 1961 1964 - Nov Sun>=1 3:30 0 S
-Rule Macau 1963 only - Mar Sun>=16 0:00 1:00 D
-Rule Macau 1964 only - Mar Sun>=16 3:30 1:00 D
-Rule Macau 1965 only - Mar Sun>=16 0:00 1:00 D
-Rule Macau 1965 only - Oct 31 0:00 0 S
-Rule Macau 1966 1971 - Apr Sun>=16 3:30 1:00 D
-Rule Macau 1966 1971 - Oct Sun>=16 3:30 0 S
-Rule Macau 1972 1974 - Apr Sun>=15 0:00 1:00 D
-Rule Macau 1972 1973 - Oct Sun>=15 0:00 0 S
-Rule Macau 1974 1977 - Oct Sun>=15 3:30 0 S
-Rule Macau 1975 1977 - Apr Sun>=15 3:30 1:00 D
-Rule Macau 1978 1980 - Apr Sun>=15 0:00 1:00 D
-Rule Macau 1978 1980 - Oct Sun>=15 0:00 0 S
-# See Europe/Lisbon for info about the 1912 transition.
+Rule Macau 1942 1943 - Apr 30 23:00 1:00 -
+Rule Macau 1942 only - Nov 17 23:00 0 -
+Rule Macau 1943 only - Sep 30 23:00 0 S
+Rule Macau 1946 only - Apr 30 23:00s 1:00 D
+Rule Macau 1946 only - Sep 30 23:00s 0 S
+Rule Macau 1947 only - Apr 19 23:00s 1:00 D
+Rule Macau 1947 only - Nov 30 23:00s 0 S
+Rule Macau 1948 only - May 2 23:00s 1:00 D
+Rule Macau 1948 only - Oct 31 23:00s 0 S
+Rule Macau 1949 1950 - Apr Sat>=1 23:00s 1:00 D
+Rule Macau 1949 1950 - Oct lastSat 23:00s 0 S
+Rule Macau 1951 only - Mar 31 23:00s 1:00 D
+Rule Macau 1951 only - Oct 28 23:00s 0 S
+Rule Macau 1952 1953 - Apr Sat>=1 23:00s 1:00 D
+Rule Macau 1952 only - Nov 1 23:00s 0 S
+Rule Macau 1953 1954 - Oct lastSat 23:00s 0 S
+Rule Macau 1954 1956 - Mar Sat>=17 23:00s 1:00 D
+Rule Macau 1955 only - Nov 5 23:00s 0 S
+Rule Macau 1956 1964 - Nov Sun>=1 03:30 0 S
+Rule Macau 1957 1964 - Mar Sun>=18 03:30 1:00 D
+Rule Macau 1965 1973 - Apr Sun>=16 03:30 1:00 D
+Rule Macau 1965 1966 - Oct Sun>=16 02:30 0 S
+Rule Macau 1967 1976 - Oct Sun>=16 03:30 0 S
+Rule Macau 1973 only - Dec 30 03:30 1:00 D
+Rule Macau 1975 1976 - Apr Sun>=16 03:30 1:00 D
+Rule Macau 1979 only - May 13 03:30 1:00 D
+Rule Macau 1979 only - Oct Sun>=16 03:30 0 S
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-Zone Asia/Macau 7:34:20 - LMT 1911 Dec 31 16:00u
+Zone Asia/Macau 7:34:10 - LMT 1904 Oct 30
+ 8:00 - CST 1941 Dec 21 23:00
+ 9:00 Macau +09/+10 1945 Sep 30 24:00
8:00 Macau C%sT
@@ -1494,9 +1654,29 @@
# http://www.shugiin.go.jp/internet/itdb_housei.nsf/html/houritsu/00719500331039.htm
# ... In summary, it is written as follows. From 24:00 on the first Saturday
# in May, until 0:00 on the day after the second Saturday in September.
+
+# From Phake Nick (2018-09-27):
+# [T]he webpage authored by National Astronomical Observatory of Japan
+# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EF.html
+# ... mentioned that using Showa 23 (year 1948) as example, 13pm of September
+# 11 in summer time will equal to 0am of September 12 in standard time.
+# It cited a document issued by the Liaison Office which briefly existed
+# during the postwar period of Japan, where the detail on implementation
+# of the summer time is described in the document.
+# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EFB2C6BBFEB9EFA4CEBCC2BBDCA4CBA4C4A4A4A4C6.pdf
+# The text in the document do instruct a fall back to occur at
+# September 11, 13pm in summer time, while ordinary citizens can
+# change the clock before they sleep.
+#
+# From Paul Eggert (2018-09-27):
+# This instruction is equivalent to "Sat>=8 25:00", so use that. zic treats
+# it like "Sun>=9 01:00", which is not quite the same but is the best we can
+# do in any POSIX or C platform. The "25:00" assumes zic from 2007 or later,
+# which should be safe now.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Japan 1948 only - May Sat>=1 24:00 1:00 D
-Rule Japan 1948 1951 - Sep Sun>=9 0:00 0 S
+Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S
Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D
Rule Japan 1950 1951 - May Sat>=1 24:00 1:00 D
@@ -1878,7 +2058,7 @@
5:00 - +05
# Mangghystaū (KZ-MAN)
# Aqtau was not founded until 1963, but it represents an inhabited region,
-# so include time stamps before 1963.
+# so include timestamps before 1963.
Zone Asia/Aqtau 3:21:04 - LMT 1924 May 2
4:00 - +04 1930 Jun 21
5:00 - +05 1981 Oct 1
@@ -2018,6 +2198,10 @@
# Assembly, as published in Rodong Sinmun.
# From Tim Parenti (2018-04-29):
# It appears to be the front page story at the top in the right-most column.
+#
+# From Paul Eggert (2018-05-04):
+# The BBC reported that the transition was from 23:30 to 24:00 today.
+# https://www.bbc.com/news/world-asia-44010705
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Seoul 8:27:52 - LMT 1908 Apr 1
@@ -2030,7 +2214,7 @@
8:30 - KST 1912 Jan 1
9:00 - JST 1945 Aug 24
9:00 - KST 2015 Aug 15 00:00
- 8:30 - KST 2018 May 5
+ 8:30 - KST 2018 May 4 23:30
9:00 - KST
###############################################################################
@@ -2790,19 +2974,35 @@
# Philippine Star 2014-08-05
# http://www.philstar.com/headlines/2014/08/05/1354152/pnoy-urged-declare-use-daylight-saving-time
+# From Paul Goyette (2018-06-15):
+# In the Philippines, there is a national law, Republic Act No. 10535
+# which declares the official time here as "Philippine Standard Time".
+# The act [1] even specifies use of PST as the abbreviation, although
+# the FAQ provided by PAGASA [2] uses the "acronym PhST to distinguish
+# it from the Pacific Standard Time (PST)."
+# [1] http://www.officialgazette.gov.ph/2013/05/15/republic-act-no-10535/
+# [2] https://www1.pagasa.dost.gov.ph/index.php/astronomy/philippine-standard-time#republic-act-10535
+#
+# From Paul Eggert (2018-06-19):
+# I surveyed recent news reports, and my impression is that "PST" is
+# more popular among reliable English-language news sources. This is
+# not just a measure of Google hit counts: it's also the sizes and
+# influence of the sources. There is no current abbreviation for DST,
+# so use "PDT", the usual American style.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Phil 1936 only - Nov 1 0:00 1:00 -
-Rule Phil 1937 only - Feb 1 0:00 0 -
-Rule Phil 1954 only - Apr 12 0:00 1:00 -
-Rule Phil 1954 only - Jul 1 0:00 0 -
-Rule Phil 1978 only - Mar 22 0:00 1:00 -
-Rule Phil 1978 only - Sep 21 0:00 0 -
+Rule Phil 1936 only - Nov 1 0:00 1:00 D
+Rule Phil 1937 only - Feb 1 0:00 0 S
+Rule Phil 1954 only - Apr 12 0:00 1:00 D
+Rule Phil 1954 only - Jul 1 0:00 0 S
+Rule Phil 1978 only - Mar 22 0:00 1:00 D
+Rule Phil 1978 only - Sep 21 0:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Manila -15:56:00 - LMT 1844 Dec 31
8:04:00 - LMT 1899 May 11
- 8:00 Phil +08/+09 1942 May
- 9:00 - +09 1944 Nov
- 8:00 Phil +08/+09
+ 8:00 Phil P%sT 1942 May
+ 9:00 - JST 1944 Nov
+ 8:00 Phil P%sT
# Qatar
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
@@ -2813,15 +3013,34 @@
# Saudi Arabia
#
-# From Paul Eggert (2014-07-15):
+# From Paul Eggert (2018-08-29):
# Time in Saudi Arabia and other countries in the Arabian peninsula was not
-# standardized until relatively recently; we don't know when, and possibly it
+# standardized until 1968 or so; we don't know exactly when, and possibly it
# has never been made official. Richard P Hunt, in "Islam city yielding to
# modern times", New York Times (1961-04-09), p 20, wrote that only airlines
# observed standard time, and that people in Jeddah mostly observed quasi-solar
# time, doing so by setting their watches at sunrise to 6 o'clock (or to 12
# o'clock for "Arab" time).
#
+# Timekeeping differed depending on who you were and which part of Saudi
+# Arabia you were in. In 1969, Elias Antar wrote that although a common
+# practice had been to set one's watch to 12:00 (i.e., midnight) at sunset -
+# which meant that the time on one side of a mountain could differ greatly from
+# the time on the other side - many foreigners set their watches to 6pm
+# instead, while airlines instead used UTC +03 (except in Dhahran, where they
+# used UTC +04), Aramco used UTC +03 with DST, and the Trans-Arabian Pipe Line
+# Company used Aramco time in eastern Saudi Arabia and airline time in western.
+# (The American Military Aid Advisory Group used plain UTC.) Antar writes,
+# "A man named Higgins, so the story goes, used to run a local power
+# station. One day, the whole thing became too much for Higgins and he
+# assembled his staff and laid down the law. 'I've had enough of this,' he
+# shrieked. 'It is now 12 o'clock Higgins Time, and from now on this station is
+# going to run on Higgins Time.' And so, until last year, it did." See:
+# Antar E. Dinner at When? Saudi Aramco World, 1969 March/April. 2-3.
+# http://archive.aramcoworld.com/issue/196902/dinner.at.when.htm
+# newspapers.com says a similar story about Higgins was published in the Port
+# Angeles (WA) Evening News, 1965-03-10, page 5, but I lack access to the text.
+#
# The TZ database cannot represent quasi-solar time; airline time is the best
# we can do. The 1946 foreign air news digest of the U.S. Civil Aeronautics
# Board (OCLC 42299995) reported that the "... Arabian Government, inaugurated
@@ -2831,7 +3050,8 @@
#
# Shanks & Pottenger also state that until 1968-05-01 Saudi Arabia had two
# time zones; the other zone, at UT +04, was in the far eastern part of
-# the country. Ignore this, as it's before our 1970 cutoff.
+# the country. Presumably this is documenting airline time. Ignore this,
+# as it's before our 1970 cutoff.
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Riyadh 3:06:52 - LMT 1947 Mar 14
diff --git a/test/sun/util/calendar/zi/tzdata/australasia b/test/sun/util/calendar/zi/tzdata/australasia
index 2c60fd3..82e88c5 100644
--- a/test/sun/util/calendar/zi/tzdata/australasia
+++ b/test/sun/util/calendar/zi/tzdata/australasia
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Australasia and environs, and for much of the Pacific
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -384,8 +386,15 @@
# Dominic Fok writes (2017-08-20) that DST ends 2018-01-14, citing
# Extraordinary Government of Fiji Gazette Supplement No. 21 (2017-08-27),
# [Legal Notice No. 41] of an order of the previous day by J Usamate.
+
+# From Raymond Kumar (2018-07-13):
+# http://www.fijitimes.com/government-approves-2018-daylight-saving/
+# ... The daylight saving period will end at 3am on Sunday January 13, 2019.
+#
+# From Paul Eggert (2018-07-15):
# For now, guess DST from 02:00 the first Sunday in November to 03:00
-# the first Sunday on or after January 14. Although ad hoc, it matches
+# the first Sunday on or after January 13. January transitions reportedly
+# depend on when school terms start. Although the guess is ad hoc, it matches
# transitions since late 2014 and seems more likely to match future
# practice than guessing no DST.
@@ -399,7 +408,7 @@
Rule Fiji 2012 2013 - Jan Sun>=18 3:00 0 -
Rule Fiji 2014 only - Jan Sun>=18 2:00 0 -
Rule Fiji 2014 max - Nov Sun>=1 2:00 1:00 -
-Rule Fiji 2015 max - Jan Sun>=14 3:00 0 -
+Rule Fiji 2015 max - Jan Sun>=13 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:55:44 - LMT 1915 Oct 26 # Suva
12:00 Fiji +12/+13
diff --git a/test/sun/util/calendar/zi/tzdata/backward b/test/sun/util/calendar/zi/tzdata/backward
index fca4ed1..f30f30e 100644
--- a/test/sun/util/calendar/zi/tzdata/backward
+++ b/test/sun/util/calendar/zi/tzdata/backward
@@ -21,10 +21,12 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb links for backward compatibility
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
-# This file provides links between current names for time zones
+# This file provides links between current names for timezones
# and their old names. Many names changed in late 1993.
# Link TARGET LINK-NAME
diff --git a/test/sun/util/calendar/zi/tzdata/etcetera b/test/sun/util/calendar/zi/tzdata/etcetera
index ec31f1b..db59378 100644
--- a/test/sun/util/calendar/zi/tzdata/etcetera
+++ b/test/sun/util/calendar/zi/tzdata/etcetera
@@ -21,12 +21,14 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for ships at sea and other miscellany
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
# These entries are mostly present for historical reasons, so that
# people in areas not otherwise covered by the tz files could "zic -l"
-# to a time zone that was right for their area. These days, the
+# to a timezone that was right for their area. These days, the
# tz files cover almost all the inhabited world, and the only practical
# need now for the entries that are not on UTC are for ships at sea
# that cannot use POSIX TZ settings.
diff --git a/test/sun/util/calendar/zi/tzdata/europe b/test/sun/util/calendar/zi/tzdata/europe
index 99109ec..e434b7e 100644
--- a/test/sun/util/calendar/zi/tzdata/europe
+++ b/test/sun/util/calendar/zi/tzdata/europe
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Europe and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -540,7 +542,7 @@
#
# To work around this problem, the build procedure can translate the
# following data into two forms, one with negative SAVE values and the
-# other form with a traditional approximation for Irish time stamps
+# other form with a traditional approximation for Irish timestamps
# after 1971-10-31 02:00 UTC; although this approximation has tm_isdst
# flags that are reversed, its UTC offsets are correct and this often
# suffices. This source file currently uses only nonnegative SAVE
@@ -2450,6 +2452,33 @@
# administratively part of Sakhalin oblast', they appear to have
# remained on UTC+11 along with Magadan.
+# From Marat Nigametzianov (2018-07-16):
+# this is link to order from 1956 about timezone in USSR
+# http://astro.uni-altai.ru/~orion/blog/2011/11/novyie-granitsyi-chasovyih-poyasov-v-sssr/
+#
+# From Paul Eggert (2018-07-16):
+# Perhaps someone could translate the above-mentioned link and use it
+# to correct our data for the ex-Soviet Union. It cites the following:
+# «Поясное время и новые границы часовых поясов» / сост. П.Н. Долгов,
+# отв. ред. Г.Д. Бурдун - М: Комитет стандартов, мер и измерительных
+# приборов при Совете Министров СССР, Междуведомственная комиссия
+# единой службы времени, 1956 г.
+# This book looks like it would be a helpful resource for the Soviet
+# Union through 1956. Although a copy was in the Scientific Library
+# of Tomsk State University, I have not been able to track down a copy nearby.
+#
+# From Stepan Golosunov (2018-07-21):
+# http://astro.uni-altai.ru/~orion/blog/2015/05/center-reforma-ischisleniya-vremeni-br-na-territorii-sssr-v-1957-godu-center/
+# says that the 1956 decision to change time belts' borders was not
+# implemented as planned in 1956 and the change happened in 1957.
+# There is also the problem that actual time zones were different from
+# the official time belts (and from many time belts' maps) as there were
+# numerous exceptions to application of time belt rules. For example,
+# https://ru.wikipedia.org/wiki/Московское_время#Перемещение_границы_применения_московского_времени_на_восток
+# says that by 1962 there were many regions in the 3rd time belt that
+# were on Moscow time, referring to a 1962 map. By 1989 number of such
+# exceptions grew considerably.
+
# From Tim Parenti (2014-07-06):
# The comments detailing the coverage of each Russian zone are meant to assist
# with maintenance only and represent our best guesses as to which regions
@@ -2460,9 +2489,6 @@
# future stability. ISO 3166-2:RU codes are also listed for first-level
# divisions where available.
-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-
-
# From Tim Parenti (2014-07-03):
# Europe/Kaliningrad covers...
# 39 RU-KGD Kaliningrad Oblast
@@ -2730,6 +2756,15 @@
# 34 RU-VGG Volgograd Oblast
# The 1988 transition is from USSR act No. 5 (1988-01-04).
+# From Alexander Fetisov (2018-09-20):
+# Volgograd region in southern Russia (Europe/Volgograd) change
+# timezone from UTC+3 to UTC+4 from 28oct2018.
+# http://sozd.parliament.gov.ru/bill/452878-7
+#
+# From Stepan Golosunov (2018-10-11):
+# The law has been published today on
+# http://publication.pravo.gov.ru/Document/View/0001201810110037
+
Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3
3:00 - +03 1930 Jun 21
4:00 - +04 1961 Nov 11
@@ -2738,7 +2773,8 @@
4:00 - +04 1992 Mar 29 2:00s
3:00 Russia +03/+04 2011 Mar 27 2:00s
4:00 - +04 2014 Oct 26 2:00s
- 3:00 - +03
+ 3:00 - +03 2018 Oct 28 2:00s
+ 4:00 - +04
# From Paul Eggert (2016-11-11):
# Europe/Saratov covers:
@@ -3427,7 +3463,8 @@
#Rule NatSpain 1937 only - May 22 23:00 1:00 S
#Rule NatSpain 1937 1938 - Oct Sat>=1 24:00s 0 -
#Rule NatSpain 1938 only - Mar 26 23:00 1:00 S
-# The following rules are copied from Morocco from 1967 through 1978.
+# The following rules are copied from Morocco from 1967 through 1978,
+# except with "S" letters.
Rule SpainAfrica 1967 only - Jun 3 12:00 1:00 S
Rule SpainAfrica 1967 only - Oct 1 0:00 0 -
Rule SpainAfrica 1974 only - Jun 24 0:00 1:00 S
@@ -3447,6 +3484,7 @@
0:00 1:00 WEST 1918 Oct 7 23:00
0:00 - WET 1924
0:00 Spain WE%sT 1929
+ 0:00 - WET 1967 # Help zishrink.awk.
0:00 SpainAfrica WE%sT 1984 Mar 16
1:00 - CET 1986
1:00 EU CE%sT
@@ -3632,7 +3670,7 @@
# http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2 - for 2001
# http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2 - for 2002-2006
# From Paul Eggert (2016-09-25):
-# Prefer the above sources to Shanks & Pottenger for time stamps after 1985.
+# Prefer the above sources to Shanks & Pottenger for timestamps after 1985.
# From Steffen Thorsen (2007-03-09):
# Starting 2007 though, it seems that they are adopting EU's 1:00 UTC
@@ -3842,10 +3880,29 @@
# * Ukrainian Government's Resolution of 20.03.1992, No. 139.
# http://www.uazakon.com/documents/date_8u/pg_grcasa.htm
+# From Paul Eggert (2018-10-03):
+# As is usual in tzdb, Ukrainian zones use the most common English spellings.
+# For example, tzdb uses Europe/Kiev, as "Kiev" is the most common spelling in
+# English for Ukraine's capital, even though it is certainly wrong as a
+# transliteration of the Ukrainian "Київ". This is similar to tzdb's use of
+# Europe/Prague, which is certainly wrong as a transliteration of the Czech
+# "Praha". ("Kiev" came from old Slavic via Russian to English, and "Prague"
+# came from old Slavic via French to English, so the two cases have something
+# in common.) Admittedly English-language spelling of Ukrainian names is
+# controversial, and some day "Kyiv" may become substantially more popular in
+# English; in the meantime, stick with the traditional English "Kiev" as that
+# means less disruption for our users.
+#
+# Anyway, none of the common English-language spellings (Kiev, Kyiv, Kieff,
+# Kijeff, Kijev, Kiyef, Kiyeff) do justice to the common pronunciation in
+# Ukrainian, namely [ˈkɪjiu̯] (IPA). This pronunciation has nothing like an
+# English "v" or "f", and instead trails off with what an English-speaker
+# would call a demure "oo" sound, and it would would be better anglicized as
+# "Kuiyu". Here's a sound file, if you would like to do as the Kuiyuvians do:
+# https://commons.wikimedia.org/wiki/File:Uk-Київ.ogg
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-# Most of Ukraine since 1970 has been like Kiev.
-# "Kyiv" is the transliteration of the Ukrainian name, but
-# "Kiev" is more common in English.
+# This represents most of Ukraine. See above for the spelling of "Kiev".
Zone Europe/Kiev 2:02:04 - LMT 1880
2:02:04 - KMT 1924 May 2 # Kiev Mean Time
2:00 - EET 1930 Jun 21
diff --git a/test/sun/util/calendar/zi/tzdata/factory b/test/sun/util/calendar/zi/tzdata/factory
index 7d79693..6ef6bca 100644
--- a/test/sun/util/calendar/zi/tzdata/factory
+++ b/test/sun/util/calendar/zi/tzdata/factory
@@ -21,11 +21,13 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for noncommittal factory settings
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
-# For distributors who don't want to put time zone specification in
-# their installation procedures. Users that run 'date' will get the
+# For distributors who don't want to specify a timezone in their
+# installation procedures. Users who run 'date' will get the
# time zone abbreviation "-00", indicating that the actual time zone
# is unknown.
diff --git a/test/sun/util/calendar/zi/tzdata/leapseconds b/test/sun/util/calendar/zi/tzdata/leapseconds
index cc5d928..8b539e6 100644
--- a/test/sun/util/calendar/zi/tzdata/leapseconds
+++ b/test/sun/util/calendar/zi/tzdata/leapseconds
@@ -26,21 +26,25 @@
# This file is in the public domain.
# This file is generated automatically from the data in the public-domain
-# leap-seconds.list file, which is copied from:
-# ftp://ftp.nist.gov/pub/time/leap-seconds.list
+# leap-seconds.list file, which can be copied from
+# <ftp://ftp.nist.gov/pub/time/leap-seconds.list>
+# or <ftp://ftp.boulder.nist.gov/pub/time/leap-seconds.list>
+# or <ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.list>.
# For more about leap-seconds.list, please see
# The NTP Timescale and Leap Seconds
-# https://www.eecis.udel.edu/~mills/leap.html
+# <https://www.eecis.udel.edu/~mills/leap.html>.
# The International Earth Rotation and Reference Systems Service
# periodically uses leap seconds to keep UTC to within 0.9 s of UT1
-# (which measures the true angular orientation of the earth in space); see
-# Levine J. Coordinated Universal Time and the leap second.
+# (which measures the true angular orientation of the earth in space)
+# and publishes leap second data in a copyrighted file
+# <https://hpiers.obspm.fr/iers/bul/bulc/Leap_Second.dat>.
+# See: Levine J. Coordinated Universal Time and the leap second.
# URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995
-# http://ieeexplore.ieee.org/document/7909995/
+# <https://ieeexplore.ieee.org/document/7909995>.
# There were no leap seconds before 1972, because the official mechanism
# accounting for the discrepancy between atomic time and the earth's rotation
-# did not exist until the early 1970s.
+# did not exist.
# The correction (+ or -) is made at the given time, so lines
# will typically look like:
@@ -48,10 +52,7 @@
# or
# Leap YEAR MON DAY 23:59:59 - R/S
-# If the leapsecond is Rolling (R) the given time is local time.
-# If the leapsecond is Stationary (S) the given time is UTC.
-
-# Leap YEAR MONTH DAY HH:MM:SS CORR R/S
+# If the leap second is Rolling (R) the given time is local time (unused here).
Leap 1972 Jun 30 23:59:60 + S
Leap 1972 Dec 31 23:59:60 + S
Leap 1973 Dec 31 23:59:60 + S
@@ -80,5 +81,9 @@
Leap 2015 Jun 30 23:59:60 + S
Leap 2016 Dec 31 23:59:60 + S
-# Updated through IERS Bulletin C55
-# File expires on: 28 December 2018
+# POSIX timestamps for the data in this file:
+#updated 1467936000
+#expires 1561680000
+
+# Updated through IERS Bulletin C56
+# File expires on: 28 June 2019
diff --git a/test/sun/util/calendar/zi/tzdata/northamerica b/test/sun/util/calendar/zi/tzdata/northamerica
index bcfb662..297a10a 100644
--- a/test/sun/util/calendar/zi/tzdata/northamerica
+++ b/test/sun/util/calendar/zi/tzdata/northamerica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for North and Central America and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -71,7 +73,7 @@
#
# Most of the US soon followed suit. See:
# Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56.
-# http://dx.doi.org/10.2307/3105430
+# https://dx.doi.org/10.2307/3105430
# From Paul Eggert (2005-04-16):
# That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
@@ -460,6 +462,19 @@
# western South Dakota, far western Texas (El Paso County, Hudspeth County,
# and Pine Springs and Nickel Creek in Culberson County), Utah, Wyoming
#
+# From Paul Eggert (2018-10-25):
+# On 1921-03-04 federal law placed all of Texas into the central time zone.
+# However, El Paso ignored the law for decades and continued to observe
+# mountain time, on the grounds that that's what they had always done
+# and they weren't about to let the federal government tell them what to do.
+# Eventually the federal government gave in and changed the law on
+# 1970-04-10 to match what El Paso was actually doing. Although
+# that's slightly after our 1970 cutoff, there is no need to create a
+# separate zone for El Paso since they were ignoring the law anyway. See:
+# Long T. El Pasoans were time rebels, fought to stay in Mountain zone.
+# El Paso Times. 2018-10-24 06:40 -06.
+# https://www.elpasotimes.com/story/news/local/el-paso/2018/10/24/el-pasoans-were-time-rebels-fought-stay-mountain-zone/1744509002/
+#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER
Rule Denver 1920 1921 - Mar lastSun 2:00 1:00 D
Rule Denver 1920 only - Oct lastSun 2:00 0 S
@@ -729,9 +744,7 @@
Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00
-10:30 - HST 1933 Apr 30 2:00
-10:30 1:00 HDT 1933 May 21 12:00
- -10:30 - HST 1942 Feb 9 2:00
- -10:30 1:00 HDT 1945 Sep 30 2:00
- -10:30 - HST 1947 Jun 8 2:00
+ -10:30 US H%sT 1947 Jun 8 2:00
-10:00 - HST
# Now we turn to US areas that have diverged from the consensus since 1970.
diff --git a/test/sun/util/calendar/zi/tzdata/pacificnew b/test/sun/util/calendar/zi/tzdata/pacificnew
index 9b9257a..020b599 100644
--- a/test/sun/util/calendar/zi/tzdata/pacificnew
+++ b/test/sun/util/calendar/zi/tzdata/pacificnew
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for proposed US election time (this file is obsolete)
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/test/sun/util/calendar/zi/tzdata/southamerica b/test/sun/util/calendar/zi/tzdata/southamerica
index 65d3c9f..3f01647 100644
--- a/test/sun/util/calendar/zi/tzdata/southamerica
+++ b/test/sun/util/calendar/zi/tzdata/southamerica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for South America and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -415,7 +417,7 @@
# standard time, so let's do that here too. This does not change UTC
# offsets, only tm_isdst and the time zone abbreviations. One minor
# plus is that this silences a zic complaint that there's no POSIX TZ
-# setting for time stamps past 2038.
+# setting for timestamps past 2038.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
#
@@ -948,6 +950,14 @@
# ... https://www.timeanddate.com/news/time/brazil-delays-dst-2018.html
# From Steffen Thorsen (2017-12-20):
# http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2017/decreto/D9242.htm
+#
+# From Fábio Gomes (2018-10-04):
+# The Brazilian president just announced a new change on this year DST.
+# It was scheduled to start on November 4th and it was changed to November 18th.
+# From Rodrigo Brüning Wessler (2018-10-15):
+# The Brazilian government just announced that the change in DST was
+# canceled.... Maybe the president Michel Temer also woke up one hour
+# earlier today. :)
Rule Brazil 2018 max - Nov Sun>=1 0:00 1:00 -
Rule Brazil 2023 only - Feb Sun>=22 0:00 0 -
Rule Brazil 2024 2025 - Feb Sun>=15 0:00 0 -
@@ -1254,6 +1264,24 @@
# they will switch from -03 to -04 one hour after Santiago does that day.
# For now, assume that they will not revert.
+# From Juan Correa (2018-08-13):
+# As of moments ago, the Ministry of Energy in Chile has announced the new
+# schema for DST. ... Announcement in video (in Spanish):
+# https://twitter.com/MinEnergia/status/1029000399129374720
+# From Yonathan Dossow (2018-08-13):
+# The video says "first Saturday of September", we all know it means Sunday at
+# midnight.
+# From Tim Parenti (2018-08-13):
+# Translating the captions on the video at 0:44-0:55, "We want to announce as
+# Government that from 2019, Winter Time will be increased to 5 months, between
+# the first Saturday of April and the first Saturday of September."
+# At 2:08-2:20, "The Magallanes region will maintain its current time, as
+# decided by the citizens during 2017, but our Government will promote a
+# regional dialogue table to gather their opinion on this matter."
+# https://twitter.com/MinEnergia/status/1029009354001973248
+# "We will keep the new time policy unchanged for at least the next 4 years."
+# So we extend the new rules on Saturdays at 24:00 mainland time indefinitely.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Chile 1927 1931 - Sep 1 0:00 1:00 -
Rule Chile 1928 1932 - Apr 1 0:00 0 -
@@ -1287,8 +1315,10 @@
Rule Chile 2011 only - Aug Sun>=16 4:00u 1:00 -
Rule Chile 2012 2014 - Apr Sun>=23 3:00u 0 -
Rule Chile 2012 2014 - Sep Sun>=2 4:00u 1:00 -
-Rule Chile 2016 max - May Sun>=9 3:00u 0 -
-Rule Chile 2016 max - Aug Sun>=9 4:00u 1:00 -
+Rule Chile 2016 2018 - May Sun>=9 3:00u 0 -
+Rule Chile 2016 2018 - Aug Sun>=9 4:00u 1:00 -
+Rule Chile 2019 max - Apr Sun>=2 3:00u 0 -
+Rule Chile 2019 max - Sep Sun>=2 4:00u 1:00 -
# IATA SSIM anomalies: (1992-02) says 1992-03-14;
# (1996-09) says 1998-03-08. Ignore these.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
diff --git a/test/sun/util/calendar/zi/tzdata/systemv b/test/sun/util/calendar/zi/tzdata/systemv
index c7b9a88..63a48e8 100644
--- a/test/sun/util/calendar/zi/tzdata/systemv
+++ b/test/sun/util/calendar/zi/tzdata/systemv
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for System V rules (this file is obsolete)
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/test/sun/util/calendar/zi/tzdata/zone.tab b/test/sun/util/calendar/zi/tzdata/zone.tab
index 873737e..2a98586 100644
--- a/test/sun/util/calendar/zi/tzdata/zone.tab
+++ b/test/sun/util/calendar/zi/tzdata/zone.tab
@@ -21,12 +21,12 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-# tz zone descriptions (deprecated version)
+# tzdb timezone descriptions (deprecated version)
#
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
#
-# From Paul Eggert (2014-07-31):
+# From Paul Eggert (2018-06-27):
# This file is intended as a backward-compatibility aid for older programs.
# New programs should use zone1970.tab. This file is like zone1970.tab (see
# zone1970.tab's comments), but with the following additional restrictions:
@@ -35,13 +35,13 @@
# 2. The first data column contains exactly one country code.
#
# Because of (2), each row stands for an area that is the intersection
-# of a region identified by a country code and of a zone where civil
+# of a region identified by a country code and of a timezone where civil
# clocks have agreed since 1970; this is a narrower definition than
# that of zone1970.tab.
#
-# This table is intended as an aid for users, to help them select time
-# zone data entries appropriate for their practical needs. It is not
-# intended to take or endorse any position on legal or territorial claims.
+# This table is intended as an aid for users, to help them select timezones
+# appropriate for their practical needs. It is not intended to take or
+# endorse any position on legal or territorial claims.
#
#country-
#code coordinates TZ comments
@@ -291,7 +291,7 @@
MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas)
MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan
MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar
-MO +2214+11335 Asia/Macau
+MO +221150+1133230 Asia/Macau
MP +1512+14545 Pacific/Saipan
MQ +1436-06105 America/Martinique
MR +1806-01557 Africa/Nouakchott
