Merge
diff --git a/.hgtags-top-repo b/.hgtags-top-repo
index 0d11953..b42d6ae 100644
--- a/.hgtags-top-repo
+++ b/.hgtags-top-repo
@@ -879,6 +879,7 @@
760af13b89232fe5387667f3848be95cfead953e jdk8u181-b12
ead7f893fb2c4a919820497f39a51fa640f4753e jdk8u181-b13
c87c3a9a789e8bad94fb39bc3c2c7c4a532f7330 jdk8u191-b01
+d6007fa4ffae140f4c4ad551a1ee290a0704a094 jdk8u201-b00
d6007fa4ffae140f4c4ad551a1ee290a0704a094 jdk8u191-b02
99395ddbb670d9621c9755afa330c579a57dfd9b jdk8u191-b03
25e7fdd40996864b76cce08ba688f6e8281097a6 jdk8u191-b04
@@ -887,6 +888,11 @@
2b457fbca0fc5bdf8e19cc0435fb989edcc15b36 jdk8u191-b07
e5404b63db4a10aae7fa4a5639af5e08518c31e7 jdk8u191-b08
4c2d3b4689ab5d92c42a4d1e1fa79db16de7bf06 jdk8u191-b09
+7d04f40e401d762c5a35e932fd9bc22c8448ab96 jdk8u191-b10
+58ce5d3a1323f868c1a7fa007bd89fc69871c99f jdk8u191-b25
+2199d624d9e577744d843aa0f25f9b7ebb09d566 jdk8u191-b11
+6432b2dd408c2e31cbf02acd41e87e4c63f4c69a jdk8u191-b12
+3322b7fdc03fcbef2ee5328ef75f613a1f71e340 jdk8u191-b26
3b5b53db61f2aaa5a94fd9ca51162d83565faabe jdk8u182-b00
dcfe85bcd9017741198b4e4a2045fdaaab212c74 jdk8u192-b00
7abd14dd301d8a927450a7623c2e5913a5bfa891 jdk8u192-b01
@@ -901,3 +907,28 @@
34976d70945ff79ce4ea734fdebae826c141256a jdk8u192-b10
34976d70945ff79ce4ea734fdebae826c141256a jdk8u192-b10
0000000000000000000000000000000000000000 jdk8u192-b10
+0000000000000000000000000000000000000000 jdk8u192-b10
+15cc8dfafe99078995d306cbafdbce8c218d4d8c jdk8u192-b10
+940952a0d50ffb71692f6a4bc03987296e89706e jdk8u192-b25
+5d4431231254f3ee61ae17c22fcb2b6ca2a09aa3 jdk8u192-b11
+4d3fefdd2f98b55eaad22525ccf10b9d437b6cdb jdk8u192-b12
+e131417abf593b920e685f83a744029b340a637e jdk8u192-b26
+fbe47c49e7ee48e42b3a08a877983dd4e1a7b672 jdk8u181-b31
+0296aef8d561d049ba4a18496e8f0d6c1da9b0bc jdk8u181-b32
+f15cbd32f132b25f16ecaf9c203612a1107a0042 jdk8u181-b33
+2d56732bb1b83e698fd082f09d091df0f29ddd38 jdk8u181-b34
+56562c6fe999746dc706e2e79f2315c88899ff4b jdk8u181-b35
+f5e8607118bad66d200f7d440e4c83fe6f7c0396 jdk8u181-b36
+6be7467c0f3b0921eb85eaf7384cc918215d694b jdk8u181-b37
+6b45574a5596e814463844e2175b7cb4730206ae jdk8u201-b01
+df6617cb20387a493cf8202ec3fdbee909bb36fa jdk8u201-b02
+09dcb0ab23d07492437faad66fcafd6b6cc91250 jdk8u201-b03
+0506fb60784e2ca0dc60561cd84f2a99a092a497 jdk8u201-b04
+93019419c535620bd8be589079bfa1bcb5b56ac0 jdk8u201-b74
+d5f2a8d71e5096ab2c1abe24712b31843d2cd8d7 jdk8u201-b05
+3ce64f831a362e1fd41513882d859fd826fd2065 jdk8u201-b75
+6815d9894b3070506afa32b86a9239975ccf8044 jdk8u201-b06
+065b4b9247bd820061f750e49ea4369418a94ea2 jdk8u201-b76
+fb2d87afd9f84753f1b4c052737823e1003a82bc jdk8u201-b07
+97ecc454983b0f4bcde98ade9b1b6c2afe4f1dd6 jdk8u201-b77
+4b734c44eee9ca06bf1b0078aab8e0d248b10ad4 jdk8u201-b08
diff --git a/THIRD_PARTY_README b/THIRD_PARTY_README
index 0614dc2..680599d 100644
--- a/THIRD_PARTY_README
+++ b/THIRD_PARTY_README
@@ -1668,13 +1668,13 @@
-------------------------------------------------------------------------------
-%% This notice is provided with respect to Little CMS 2.7, which may be
+%% This notice is provided with respect to Little CMS 2.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Little CMS
-Copyright (c) 1998-2015 Marti Maria Saguer
+Copyright (c) 1998-2011 Marti Maria Saguer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4
index c586b7f..eae2707 100644
--- a/common/autoconf/flags.m4
+++ b/common/autoconf/flags.m4
@@ -381,6 +381,20 @@
CFLAGS_JDK="${CFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt"
CXXFLAGS_JDK="${CXXFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt"
elif test "x$TOOLCHAIN_TYPE" = xgcc; then
+ case $OPENJDK_TARGET_CPU_ARCH in
+ x86 )
+ LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector"
+ LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector"
+ ;;
+ x86_64 )
+ LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector"
+ LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector"
+ ;;
+ esac
+ if test "x$OPENJDK_TARGET_OS" != xmacosx; then
+ LDFLAGS_JDK="$LDFLAGS_JDK -Wl,-z,relro"
+ LEGACY_EXTRA_LDFLAGS="$LEGACY_EXTRA_LDFLAGS -Wl,-z,relro"
+ fi
$2CXXSTD_CXXFLAG="-std=gnu++98"
FLAGS_CXX_COMPILER_CHECK_ARGUMENTS([[$]$2CXXSTD_CXXFLAG -Werror],
[], [$2CXXSTD_CXXFLAG=""])
@@ -443,6 +457,10 @@
ppc )
# on ppc we don't prevent gcc to omit frame pointer nor strict-aliasing
;;
+ x86 )
+ CCXXFLAGS_JDK="$CCXXFLAGS_JDK -fno-omit-frame-pointer -fstack-protector"
+ CFLAGS_JDK="${CFLAGS_JDK} -fno-strict-aliasing -fstack-protector"
+ ;;
* )
CCXXFLAGS_JDK="$CCXXFLAGS_JDK -fno-omit-frame-pointer"
CFLAGS_JDK="${CFLAGS_JDK} -fno-strict-aliasing"
diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh
index 81ab6c3..4e94001 100644
--- a/common/autoconf/generated-configure.sh
+++ b/common/autoconf/generated-configure.sh
@@ -4336,7 +4336,7 @@
#CUSTOM_AUTOCONF_INCLUDE
# Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1536764960
+DATE_WHEN_GENERATED=1542667963
###############################################################################
#
@@ -41309,6 +41309,20 @@
CFLAGS_JDK="${CFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt"
CXXFLAGS_JDK="${CXXFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt"
elif test "x$TOOLCHAIN_TYPE" = xgcc; then
+ case $OPENJDK_TARGET_CPU_ARCH in
+ x86 )
+ LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector"
+ LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector"
+ ;;
+ x86_64 )
+ LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector"
+ LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector"
+ ;;
+ esac
+ if test "x$OPENJDK_TARGET_OS" != xmacosx; then
+ LDFLAGS_JDK="$LDFLAGS_JDK -Wl,-z,relro"
+ LEGACY_EXTRA_LDFLAGS="$LEGACY_EXTRA_LDFLAGS -Wl,-z,relro"
+ fi
CXXSTD_CXXFLAG="-std=gnu++98"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the C++ compiler supports \"$CXXSTD_CXXFLAG -Werror\"" >&5
@@ -41423,6 +41437,10 @@
ppc )
# on ppc we don't prevent gcc to omit frame pointer nor strict-aliasing
;;
+ x86 )
+ CCXXFLAGS_JDK="$CCXXFLAGS_JDK -fno-omit-frame-pointer -fstack-protector"
+ CFLAGS_JDK="${CFLAGS_JDK} -fno-strict-aliasing -fstack-protector"
+ ;;
* )
CCXXFLAGS_JDK="$CCXXFLAGS_JDK -fno-omit-frame-pointer"
CFLAGS_JDK="${CFLAGS_JDK} -fno-strict-aliasing"
diff --git a/corba/.hgtags b/corba/.hgtags
index 3a0f81c..af6d780 100644
--- a/corba/.hgtags
+++ b/corba/.hgtags
@@ -956,6 +956,7 @@
1fac8d007debb6d610ad70930a6b1b5a2a116957 jdk8u181-b12
a4d1d2b0da63d6d17579fa4cd9ef45850345d59c jdk8u181-b13
513805c9270bd834cfe659ae2b9b737579779578 jdk8u191-b01
+ce3b35fca864a0249a5a85a25c331d1230253f3b jdk8u201-b00
ce3b35fca864a0249a5a85a25c331d1230253f3b jdk8u191-b02
b51969df1b6fabae859bb18555e750d8afb96246 jdk8u191-b03
7506d3bab4c4256127e965f6412d86f1b010b35a jdk8u191-b04
@@ -964,6 +965,11 @@
76c097c27422be5473606da19a0586aefb4b1426 jdk8u191-b07
9c9ac98b01115a6cf0eda2da0178dbb464bc07d9 jdk8u191-b08
c83fd870e7c0643926a744ad4402b9fcb9d02ca2 jdk8u191-b09
+e2d809469547b966baf281536fec470c3e8bec0d jdk8u191-b10
+eb6c977b6e6c07093fc950c8028cf97257610793 jdk8u191-b25
+328c9a87dce0b28b85433fc040f9beeedb4bfb10 jdk8u191-b11
+298df76047a57fa8940c71f17bc641e43ee224aa jdk8u191-b12
+314a4e05e420b7d7c4f37bd80213d7117a9d4ee0 jdk8u191-b26
a5563d019ac440b19e791afcd298f3322b311291 jdk8u182-b00
f845f4e7ef69e4a6848ac332b888cd586a3d03bc jdk8u192-b00
73c9956642a295a92ba317d6b6bc858fc30004ee jdk8u192-b01
@@ -975,3 +981,27 @@
3f4ad5eb68ceaa8249df4480a21dde9784cafaf9 jdk8u192-b07
c69978472754cde9f6d8bf48b90569913fbde85d jdk8u192-b08
2400f742e326788f5382ebb7d423d615bd4c27d8 jdk8u192-b09
+e8ed32b4b216820e107b08a2e6d1b7d6a798ead2 jdk8u192-b10
+4587159810c53b8a3b0323775016bc22f81ecb72 jdk8u192-b25
+c26ddd2bd7c0a5ff8c7d358194a760b66c05392e jdk8u192-b11
+d70620db70e3ecf0adc76a4721b201d3eb757c59 jdk8u192-b12
+a86c7b3fc44025839a24b1ca0f2461ca2e46aee1 jdk8u192-b26
+d6e70a820e6b3fe1e832261980df4815bf8227e3 jdk8u181-b31
+0fba5f3cce1f8b94deb6eb30d07f31cbcfce95bb jdk8u181-b32
+99f73e3d73f12c3a9ac73cc1dee7711abe9134b5 jdk8u181-b33
+5b648b564d190e1b0516d2207acfc818ef3678d0 jdk8u181-b34
+9e341ecdf74109b0d74408c00d3bf8d4eb640ff3 jdk8u181-b35
+fdb4bff557900148a88fe31219c118f094899493 jdk8u181-b36
+4a42d89f7ba23707e531881c940f7fa857652244 jdk8u181-b37
+291e5023b0c57ac7b33a287800a7d9a483195615 jdk8u201-b01
+8dc9ee9494c9a29bcb4d20acf7381ed6c292daaa jdk8u201-b02
+637785bfd83280d2bc339f84840c3434f878f24d jdk8u201-b03
+efa05252e6d440ad3fb40260b35addf356c4baf0 jdk8u201-b04
+0b1ad394520ca953c22f31ebe93a6c3b7f0c87e6 jdk8u201-b74
+face39da0a93f96388869584bf1609ce9b488fe5 jdk8u201-b05
+34fa3c008e22657000e3f7038d2d5232f316197c jdk8u201-b75
+7ed32e9e05961cc193f4e282767194c8d7ea4f87 jdk8u201-b06
+0303a8dc582409a1c7f29df60c1d0e8c3ee3762e jdk8u201-b76
+52738cffda5b435fd1e4b89afaacfcbde32aff01 jdk8u201-b07
+c4dc8ca88a3f27a1e2bbe251b8f63957a98ea16f jdk8u201-b77
+a775a126005d8eef56d48a9686e1a1122e5e5dfb jdk8u201-b08
diff --git a/corba/THIRD_PARTY_README b/corba/THIRD_PARTY_README
index 0614dc2..680599d 100644
--- a/corba/THIRD_PARTY_README
+++ b/corba/THIRD_PARTY_README
@@ -1668,13 +1668,13 @@
-------------------------------------------------------------------------------
-%% This notice is provided with respect to Little CMS 2.7, which may be
+%% This notice is provided with respect to Little CMS 2.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Little CMS
-Copyright (c) 1998-2015 Marti Maria Saguer
+Copyright (c) 1998-2011 Marti Maria Saguer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/hotspot/.hgtags b/hotspot/.hgtags
index 4b985a2..4ef3747 100644
--- a/hotspot/.hgtags
+++ b/hotspot/.hgtags
@@ -1189,6 +1189,7 @@
464ed8cea5d6cdbfacc9be7035297af88f57f708 jdk8u181-b12
eed8e846c982d7474dd07fc873ba02f83ad1f847 jdk8u181-b13
21a3fffc43418f4d75c2091bf03478330b8a9a98 jdk8u191-b01
+2bf8498a25ec87c92584a6542f8724644c8c5706 jdk8u201-b00
5aa3d728164a674d08ad847811be6bdd853e9bf8 jdk8u191-b02
dd79b482625361458b2b34e7d669ee982eee06a4 jdk8u191-b03
541c205d7fd15ab840f48aaeeaea3f63209d1687 jdk8u191-b04
@@ -1197,6 +1198,11 @@
96be5f6ab83349c971edd9aeb35cafce267d3bf8 jdk8u191-b07
113b4a1676db205922668f5b9c69b3dce22a095e jdk8u191-b08
a339c1437badce44c7137da58d817159c9c80e4f jdk8u191-b09
+c0bd247ecd1cd09a129040e3fa1745c64db43b35 jdk8u191-b10
+055e1c867479452dd5d8c08905f7475aab25fcc1 jdk8u191-b25
+12e4de4b2499e9d9a1ae4fb0b63ca277cca150f4 jdk8u191-b11
+4fc288749a236f6dd235336a46855a3133f83bde jdk8u191-b12
+ab9258f7206ea8745908e19de159888067939945 jdk8u191-b26
c19c5b73704e3d188bedfe52a473b408ca39009f jdk8u182-b00
0341fa6dbb363ee4dc5dbf5bfc4f820523400a72 jdk8u192-b00
5792d995ed26eec0417d96a2423446bbcd6951a9 jdk8u192-b01
@@ -1208,3 +1214,27 @@
cd19ee45aa6b6c81dbf981fd71abed7b7888d499 jdk8u192-b07
c8010d92392ff0081edd6bfd1882ec1f3397a6db jdk8u192-b08
79ba5ca0aabb29480dd94c6d32d22dceac019700 jdk8u192-b09
+b675533489ae1dc55469885471c9a29eca584d38 jdk8u192-b10
+338c85978b2283a975b762eead2fccc6d25a2bc2 jdk8u192-b25
+8df818c645d6081a387cf4fe9b9c14c0b5b639b1 jdk8u192-b11
+1f822ff877d1a250165d5d2d52faf6957f8fcd00 jdk8u192-b12
+e0e4c3a86ef0e4daf4fe96bd058045a2b13ebf84 jdk8u192-b26
+f7bd3ef62b03503c2abd2c877103fce4c41752ec jdk8u181-b31
+a2be8e761961b9aea1641593f2638406c8052bff jdk8u181-b32
+9d9f4c81eb3df5991f4409429a8eed5da385e138 jdk8u181-b33
+2ac6a4ff7b3c9c45bda2a449523f7f1babffd857 jdk8u181-b34
+f3eb9719e6961890add8af56c43a3273bedd3510 jdk8u181-b35
+5418d85b93ea93af1b75a700501cab9e53e282c5 jdk8u181-b36
+310a8a03be9363e47cc0856e43661cf71b516101 jdk8u181-b37
+cec91c1510a4f6b54f454f8a18c2ce19e1ef4002 jdk8u201-b01
+242132d678006ccd4139c33c1a188f09a09683c6 jdk8u201-b02
+68ee3b18354df0572de37bc04c3a7a8046d5a654 jdk8u201-b03
+f85cae50e04085dd498cc573cea5f829a6ab8d95 jdk8u201-b04
+2b490d8df3575cc40caf7f9ab54df2ff82ca1d6f jdk8u201-b74
+4b17023e0a3a168bd527b3a4cf2ca58fb77c691a jdk8u201-b05
+3f6c3bf8f0b17113a8b7d39962fc04db9cef360e jdk8u201-b75
+6ee55134973590878c9c922bdf76be9f1ac76940 jdk8u201-b06
+f53cabbd1a91af46b61230315e54df42c353b181 jdk8u201-b76
+dee6a1ce4a0c526c47d71ef402d10e4b8915c5cb jdk8u201-b07
+e4daab85ac15ae3c51f14ed8fba888e54e4c6830 jdk8u201-b77
+e2c2448a1ca75333879e055655f11525decc2c39 jdk8u201-b08
diff --git a/hotspot/THIRD_PARTY_README b/hotspot/THIRD_PARTY_README
index 0614dc2..680599d 100644
--- a/hotspot/THIRD_PARTY_README
+++ b/hotspot/THIRD_PARTY_README
@@ -1668,13 +1668,13 @@
-------------------------------------------------------------------------------
-%% This notice is provided with respect to Little CMS 2.7, which may be
+%% This notice is provided with respect to Little CMS 2.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Little CMS
-Copyright (c) 1998-2015 Marti Maria Saguer
+Copyright (c) 1998-2011 Marti Maria Saguer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/hotspot/make/aix/makefiles/mapfile-vers-debug b/hotspot/make/aix/makefiles/mapfile-vers-debug
index 0a9d3e9..8f28690 100644
--- a/hotspot/make/aix/makefiles/mapfile-vers-debug
+++ b/hotspot/make/aix/makefiles/mapfile-vers-debug
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -63,6 +63,7 @@
JVM_ConstantPoolGetSize;
JVM_ConstantPoolGetStringAt;
JVM_ConstantPoolGetUTF8At;
+ JVM_CopySwapMemory;
JVM_CountStackFrames;
JVM_CurrentClassLoader;
JVM_CurrentLoadedClass;
diff --git a/hotspot/make/aix/makefiles/mapfile-vers-product b/hotspot/make/aix/makefiles/mapfile-vers-product
index f748a10..adcb3fc 100644
--- a/hotspot/make/aix/makefiles/mapfile-vers-product
+++ b/hotspot/make/aix/makefiles/mapfile-vers-product
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -63,6 +63,7 @@
JVM_ConstantPoolGetSize;
JVM_ConstantPoolGetStringAt;
JVM_ConstantPoolGetUTF8At;
+ JVM_CopySwapMemory;
JVM_CountStackFrames;
JVM_CurrentClassLoader;
JVM_CurrentLoadedClass;
diff --git a/hotspot/make/bsd/makefiles/mapfile-vers-debug b/hotspot/make/bsd/makefiles/mapfile-vers-debug
index a94bf88d..5e4a6a5 100644
--- a/hotspot/make/bsd/makefiles/mapfile-vers-debug
+++ b/hotspot/make/bsd/makefiles/mapfile-vers-debug
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
_JVM_ConstantPoolGetSize
_JVM_ConstantPoolGetStringAt
_JVM_ConstantPoolGetUTF8At
+ _JVM_CopySwapMemory
_JVM_CountStackFrames
_JVM_CurrentClassLoader
_JVM_CurrentLoadedClass
diff --git a/hotspot/make/bsd/makefiles/mapfile-vers-product b/hotspot/make/bsd/makefiles/mapfile-vers-product
index 6be8042..b8a83d6 100644
--- a/hotspot/make/bsd/makefiles/mapfile-vers-product
+++ b/hotspot/make/bsd/makefiles/mapfile-vers-product
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
_JVM_ConstantPoolGetSize
_JVM_ConstantPoolGetStringAt
_JVM_ConstantPoolGetUTF8At
+ _JVM_CopySwapMemory
_JVM_CountStackFrames
_JVM_CurrentClassLoader
_JVM_CurrentLoadedClass
diff --git a/hotspot/make/linux/makefiles/mapfile-vers-debug b/hotspot/make/linux/makefiles/mapfile-vers-debug
index 2da4b7d..f16822b 100644
--- a/hotspot/make/linux/makefiles/mapfile-vers-debug
+++ b/hotspot/make/linux/makefiles/mapfile-vers-debug
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -63,6 +63,7 @@
JVM_ConstantPoolGetSize;
JVM_ConstantPoolGetStringAt;
JVM_ConstantPoolGetUTF8At;
+ JVM_CopySwapMemory;
JVM_CountStackFrames;
JVM_CurrentClassLoader;
JVM_CurrentLoadedClass;
diff --git a/hotspot/make/linux/makefiles/mapfile-vers-product b/hotspot/make/linux/makefiles/mapfile-vers-product
index 4ec3d5b..f96c86b 100644
--- a/hotspot/make/linux/makefiles/mapfile-vers-product
+++ b/hotspot/make/linux/makefiles/mapfile-vers-product
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -63,6 +63,7 @@
JVM_ConstantPoolGetSize;
JVM_ConstantPoolGetStringAt;
JVM_ConstantPoolGetUTF8At;
+ JVM_CopySwapMemory;
JVM_CountStackFrames;
JVM_CurrentClassLoader;
JVM_CurrentLoadedClass;
diff --git a/hotspot/make/solaris/makefiles/mapfile-vers b/hotspot/make/solaris/makefiles/mapfile-vers
index 7ebaaaa..d76be6c 100644
--- a/hotspot/make/solaris/makefiles/mapfile-vers
+++ b/hotspot/make/solaris/makefiles/mapfile-vers
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -64,6 +64,7 @@
JVM_ConstantPoolGetStringAt;
JVM_ConstantPoolGetUTF8At;
JVM_CountStackFrames;
+ JVM_CopySwapMemory;
JVM_CurrentClassLoader;
JVM_CurrentLoadedClass;
JVM_CurrentThread;
diff --git a/hotspot/src/share/vm/classfile/classFileParser.cpp b/hotspot/src/share/vm/classfile/classFileParser.cpp
index a5bfb9d..07d07e4 100644
--- a/hotspot/src/share/vm/classfile/classFileParser.cpp
+++ b/hotspot/src/share/vm/classfile/classFileParser.cpp
@@ -4210,9 +4210,6 @@
this_klass(), &all_mirandas, CHECK_(nullHandle));
}
- // Update the loader_data graph.
- record_defined_class_dependencies(this_klass, CHECK_NULL);
-
ClassLoadingService::notify_class_loaded(InstanceKlass::cast(this_klass()),
false /* not shared class */);
@@ -4498,30 +4495,6 @@
}
}
-// Attach super classes and interface classes to class loader data
-void ClassFileParser::record_defined_class_dependencies(instanceKlassHandle defined_klass, TRAPS) {
- ClassLoaderData * defining_loader_data = defined_klass->class_loader_data();
- if (defining_loader_data->is_the_null_class_loader_data()) {
- // Dependencies to null class loader data are implicit.
- return;
- } else {
- // add super class dependency
- Klass* super = defined_klass->super();
- if (super != NULL) {
- defining_loader_data->record_dependency(super, CHECK);
- }
-
- // add super interface dependencies
- Array<Klass*>* local_interfaces = defined_klass->local_interfaces();
- if (local_interfaces != NULL) {
- int length = local_interfaces->length();
- for (int i = 0; i < length; i++) {
- defining_loader_data->record_dependency(local_interfaces->at(i), CHECK);
- }
- }
- }
-}
-
// utility methods for appending an array with check for duplicates
void append_interfaces(GrowableArray<Klass*>* result, Array<Klass*>* ifs) {
diff --git a/hotspot/src/share/vm/classfile/dictionary.cpp b/hotspot/src/share/vm/classfile/dictionary.cpp
index f4e3501..b9d473b 100644
--- a/hotspot/src/share/vm/classfile/dictionary.cpp
+++ b/hotspot/src/share/vm/classfile/dictionary.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -159,33 +159,9 @@
if (!is_strongly_reachable(loader_data, e)) {
// Entry was not visited in phase1 (negated test from phase1)
assert(!loader_data->is_the_null_class_loader_data(), "unloading entry with null class loader");
- ClassLoaderData* k_def_class_loader_data = ik->class_loader_data();
-
- // Do we need to delete this system dictionary entry?
- bool purge_entry = false;
// Do we need to delete this system dictionary entry?
if (loader_data->is_unloading()) {
- // If the loader is not live this entry should always be
- // removed (will never be looked up again).
- purge_entry = true;
- } else {
- // The loader in this entry is alive. If the klass is dead,
- // (determined by checking the defining class loader)
- // the loader must be an initiating loader (rather than the
- // defining loader). Remove this entry.
- if (k_def_class_loader_data->is_unloading()) {
- // If we get here, the class_loader_data must not be the defining
- // loader, it must be an initiating one.
- assert(k_def_class_loader_data != loader_data,
- "cannot have live defining loader and unreachable klass");
- // Loader is live, but class and its defining loader are dead.
- // Remove the entry. The class is going away.
- purge_entry = true;
- }
- }
-
- if (purge_entry) {
*p = probe->next();
if (probe == _current_class_entry) {
_current_class_entry = NULL;
diff --git a/hotspot/src/share/vm/classfile/systemDictionary.cpp b/hotspot/src/share/vm/classfile/systemDictionary.cpp
index 7933034..e39c4aa 100644
--- a/hotspot/src/share/vm/classfile/systemDictionary.cpp
+++ b/hotspot/src/share/vm/classfile/systemDictionary.cpp
@@ -816,7 +816,16 @@
check_constraints(d_index, d_hash, k, class_loader, false, THREAD);
// Need to check for a PENDING_EXCEPTION again; check_constraints
- // can throw and doesn't use the CHECK macro.
+ // can throw but we may have to remove entry from the placeholder table below.
+ if (!HAS_PENDING_EXCEPTION) {
+ // Record dependency for non-parent delegation.
+ // This recording keeps the defining class loader of the klass (k) found
+ // from being unloaded while the initiating class loader is loaded
+ // even if the reference to the defining class loader is dropped
+ // before references to the initiating class loader.
+ loader_data->record_dependency(k(), THREAD);
+ }
+
if (!HAS_PENDING_EXCEPTION) {
{ // Grabbing the Compile_lock prevents systemDictionary updates
// during compilations.
diff --git a/hotspot/src/share/vm/classfile/verificationType.cpp b/hotspot/src/share/vm/classfile/verificationType.cpp
index 61715d9..46526f6 100644
--- a/hotspot/src/share/vm/classfile/verificationType.cpp
+++ b/hotspot/src/share/vm/classfile/verificationType.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,6 @@
name(), Handle(THREAD, klass->class_loader()),
Handle(THREAD, klass->protection_domain()), true, CHECK_false);
KlassHandle this_class(THREAD, obj);
- klass->class_loader_data()->record_dependency(obj, CHECK_false);
if (this_class->is_interface() && (!from_field_is_protected ||
from.name() != vmSymbols::java_lang_Object())) {
@@ -75,7 +74,6 @@
Klass* from_class = SystemDictionary::resolve_or_fail(
from.name(), Handle(THREAD, klass->class_loader()),
Handle(THREAD, klass->protection_domain()), true, CHECK_false);
- klass->class_loader_data()->record_dependency(from_class, CHECK_false);
bool result = InstanceKlass::cast(from_class)->is_subclass_of(this_class());
if (result && DumpSharedSpaces) {
if (klass()->is_subclass_of(from_class) && klass()->is_subclass_of(this_class())) {
diff --git a/hotspot/src/share/vm/classfile/verifier.cpp b/hotspot/src/share/vm/classfile/verifier.cpp
index 82509ff..2a57205 100644
--- a/hotspot/src/share/vm/classfile/verifier.cpp
+++ b/hotspot/src/share/vm/classfile/verifier.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1949,11 +1949,9 @@
oop loader = current_class()->class_loader();
oop protection_domain = current_class()->protection_domain();
- Klass* kls = SystemDictionary::resolve_or_fail(
+ return SystemDictionary::resolve_or_fail(
name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
true, CHECK_NULL);
- current_class()->class_loader_data()->record_dependency(kls, CHECK_NULL);
- return kls;
}
bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
diff --git a/hotspot/src/share/vm/oops/constantPool.cpp b/hotspot/src/share/vm/oops/constantPool.cpp
index 7a4d500..a495528 100644
--- a/hotspot/src/share/vm/oops/constantPool.cpp
+++ b/hotspot/src/share/vm/oops/constantPool.cpp
@@ -339,8 +339,6 @@
// Only updated constant pool - if it is resolved.
do_resolve = this_oop->tag_at(which).is_unresolved_klass();
if (do_resolve) {
- ClassLoaderData* this_key = this_oop->pool_holder()->class_loader_data();
- this_key->record_dependency(k(), CHECK_NULL); // Can throw OOM
this_oop->klass_at_put(which, k());
}
}
diff --git a/hotspot/src/share/vm/oops/cpCache.cpp b/hotspot/src/share/vm/oops/cpCache.cpp
index cea52ef..cda9a4e 100644
--- a/hotspot/src/share/vm/oops/cpCache.cpp
+++ b/hotspot/src/share/vm/oops/cpCache.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -209,12 +209,22 @@
if (byte_no == 1) {
assert(invoke_code != Bytecodes::_invokevirtual &&
invoke_code != Bytecodes::_invokeinterface, "");
+ bool do_resolve = true;
// Don't mark invokespecial to method as resolved if sender is an interface. The receiver
// has to be checked that it is a subclass of the current class every time this bytecode
// is executed.
- if (invoke_code != Bytecodes::_invokespecial || !sender_is_interface ||
- method->name() == vmSymbols::object_initializer_name()) {
- set_bytecode_1(invoke_code);
+ if (invoke_code == Bytecodes::_invokespecial && sender_is_interface &&
+ method->name() != vmSymbols::object_initializer_name()) {
+ do_resolve = false;
+ }
+ // Don't mark invokestatic to method as resolved if the holder class has not yet completed
+ // initialization. An invokestatic must only proceed if the class is initialized, but if
+ // we resolve it before then that class initialization check is skipped.
+ if (invoke_code == Bytecodes::_invokestatic && !method->method_holder()->is_initialized()) {
+ do_resolve = false;
+ }
+ if (do_resolve) {
+ set_bytecode_1(invoke_code);
}
} else if (byte_no == 2) {
if (change_to_virtual) {
diff --git a/hotspot/src/share/vm/prims/jvm.cpp b/hotspot/src/share/vm/prims/jvm.cpp
index 07c36de..ea4cfb4 100644
--- a/hotspot/src/share/vm/prims/jvm.cpp
+++ b/hotspot/src/share/vm/prims/jvm.cpp
@@ -759,6 +759,79 @@
JVM_END
+// java.nio.Bits ///////////////////////////////////////////////////////////////
+
+#define MAX_OBJECT_SIZE \
+ ( arrayOopDesc::header_size(T_DOUBLE) * HeapWordSize \
+ + ((julong)max_jint * sizeof(double)) )
+
+static inline jlong field_offset_to_byte_offset(jlong field_offset) {
+ return field_offset;
+}
+
+static inline void assert_field_offset_sane(oop p, jlong field_offset) {
+#ifdef ASSERT
+ jlong byte_offset = field_offset_to_byte_offset(field_offset);
+
+ if (p != NULL) {
+ assert(byte_offset >= 0 && byte_offset <= (jlong)MAX_OBJECT_SIZE, "sane offset");
+ if (byte_offset == (jint)byte_offset) {
+ void* ptr_plus_disp = (address)p + byte_offset;
+ assert((void*)p->obj_field_addr<oop>((jint)byte_offset) == ptr_plus_disp,
+ "raw [ptr+disp] must be consistent with oop::field_base");
+ }
+ jlong p_size = HeapWordSize * (jlong)(p->size());
+ assert(byte_offset < p_size, err_msg("Unsafe access: offset " INT64_FORMAT
+ " > object's size " INT64_FORMAT,
+ (int64_t)byte_offset, (int64_t)p_size));
+ }
+#endif
+}
+
+static inline void* index_oop_from_field_offset_long(oop p, jlong field_offset) {
+ assert_field_offset_sane(p, field_offset);
+ jlong byte_offset = field_offset_to_byte_offset(field_offset);
+
+ if (sizeof(char*) == sizeof(jint)) { // (this constant folds!)
+ return (address)p + (jint) byte_offset;
+ } else {
+ return (address)p + byte_offset;
+ }
+}
+
+// This function is a leaf since if the source and destination are both in native memory
+// the copy may potentially be very large, and we don't want to disable GC if we can avoid it.
+// If either source or destination (or both) are on the heap, the function will enter VM using
+// JVM_ENTRY_FROM_LEAF
+JVM_LEAF(void, JVM_CopySwapMemory(JNIEnv *env, jobject srcObj, jlong srcOffset,
+ jobject dstObj, jlong dstOffset, jlong size,
+ jlong elemSize)) {
+
+ size_t sz = (size_t)size;
+ size_t esz = (size_t)elemSize;
+
+ if (srcObj == NULL && dstObj == NULL) {
+ // Both src & dst are in native memory
+ address src = (address)srcOffset;
+ address dst = (address)dstOffset;
+
+ Copy::conjoint_swap(src, dst, sz, esz);
+ } else {
+ // At least one of src/dst are on heap, transition to VM to access raw pointers
+
+ JVM_ENTRY_FROM_LEAF(env, void, JVM_CopySwapMemory) {
+ oop srcp = JNIHandles::resolve(srcObj);
+ oop dstp = JNIHandles::resolve(dstObj);
+
+ address src = (address)index_oop_from_field_offset_long(srcp, srcOffset);
+ address dst = (address)index_oop_from_field_offset_long(dstp, dstOffset);
+
+ Copy::conjoint_swap(src, dst, sz, esz);
+ } JVM_END
+ }
+} JVM_END
+
+
// Misc. class handling ///////////////////////////////////////////////////////////
@@ -991,12 +1064,6 @@
Handle h_prot (THREAD, protection_domain);
jclass result = find_class_from_class_loader(env, h_name, init, h_loader,
h_prot, true, thread);
- if (result != NULL) {
- oop mirror = JNIHandles::resolve_non_null(result);
- Klass* to_class = java_lang_Class::as_Klass(mirror);
- ClassLoaderData* cld = ClassLoaderData::class_loader_data(h_loader());
- cld->record_dependency(to_class, CHECK_NULL);
- }
if (TraceClassResolution && result != NULL) {
// this function is generally only used for class loading during verification.
diff --git a/hotspot/src/share/vm/prims/jvm.h b/hotspot/src/share/vm/prims/jvm.h
index 3b36b73..2c64341 100644
--- a/hotspot/src/share/vm/prims/jvm.h
+++ b/hotspot/src/share/vm/prims/jvm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -145,6 +145,14 @@
JVM_OnExit(void (*func)(void));
/*
+ * java.nio.Bits
+ */
+JNIEXPORT void JNICALL
+JVM_CopySwapMemory(JNIEnv *env, jobject srcObj, jlong srcOffset,
+ jobject dstObj, jlong dstOffset, jlong size,
+ jlong elemSize);
+
+/*
* java.lang.Runtime
*/
JNIEXPORT void JNICALL
diff --git a/hotspot/src/share/vm/runtime/interfaceSupport.hpp b/hotspot/src/share/vm/runtime/interfaceSupport.hpp
index fa9ad5e..7a20fba 100644
--- a/hotspot/src/share/vm/runtime/interfaceSupport.hpp
+++ b/hotspot/src/share/vm/runtime/interfaceSupport.hpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -431,6 +431,14 @@
os::verify_stack_alignment(); \
/* begin of body */
+#define VM_ENTRY_BASE_FROM_LEAF(result_type, header, thread) \
+ TRACE_CALL(result_type, header) \
+ debug_only(ResetNoHandleMark __rnhm;) \
+ HandleMarkCleaner __hm(thread); \
+ Thread* THREAD = thread; \
+ os::verify_stack_alignment(); \
+ /* begin of body */
+
// ENTRY routines may lock, GC and throw exceptions
@@ -592,6 +600,14 @@
VM_LEAF_BASE(result_type, header)
+#define JVM_ENTRY_FROM_LEAF(env, result_type, header) \
+ { { \
+ JavaThread* thread=JavaThread::thread_from_jni_environment(env); \
+ ThreadInVMfromNative __tiv(thread); \
+ debug_only(VMNativeEntryWrapper __vew;) \
+ VM_ENTRY_BASE_FROM_LEAF(result_type, header, thread)
+
+
#define JVM_END } }
#endif // SHARE_VM_RUNTIME_INTERFACESUPPORT_HPP
diff --git a/hotspot/src/share/vm/runtime/sharedRuntime.cpp b/hotspot/src/share/vm/runtime/sharedRuntime.cpp
index d14f173..d5bea29 100644
--- a/hotspot/src/share/vm/runtime/sharedRuntime.cpp
+++ b/hotspot/src/share/vm/runtime/sharedRuntime.cpp
@@ -1232,6 +1232,14 @@
}
#endif
+ // Do not patch call site for static call when the class is not
+ // fully initialized.
+ if (invoke_code == Bytecodes::_invokestatic &&
+ !callee_method->method_holder()->is_initialized()) {
+ assert(callee_method->method_holder()->is_linked(), "must be");
+ return callee_method;
+ }
+
// JSR 292 key invariant:
// If the resolved method is a MethodHandle invoke target, the call
// site must be a MethodHandle call site, because the lambda form might tail-call
diff --git a/hotspot/src/share/vm/utilities/copy.cpp b/hotspot/src/share/vm/utilities/copy.cpp
index 56e1cfc..0d64178 100644
--- a/hotspot/src/share/vm/utilities/copy.cpp
+++ b/hotspot/src/share/vm/utilities/copy.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -53,6 +53,175 @@
}
}
+class CopySwap : AllStatic {
+public:
+ /**
+ * Copy and byte swap elements
+ *
+ * @param src address of source
+ * @param dst address of destination
+ * @param byte_count number of bytes to copy
+ * @param elem_size size of the elements to copy-swap
+ */
+ static void conjoint_swap(address src, address dst, size_t byte_count, size_t elem_size) {
+ assert(src != NULL, "address must not be NULL");
+ assert(dst != NULL, "address must not be NULL");
+ assert(elem_size == 2 || elem_size == 4 || elem_size == 8,
+ err_msg("incorrect element size: " SIZE_FORMAT, elem_size));
+ assert(is_size_aligned(byte_count, elem_size),
+ err_msg("byte_count " SIZE_FORMAT " must be multiple of element size " SIZE_FORMAT, byte_count, elem_size));
+
+ address src_end = src + byte_count;
+
+ if (dst <= src || dst >= src_end) {
+ do_conjoint_swap<RIGHT>(src, dst, byte_count, elem_size);
+ } else {
+ do_conjoint_swap<LEFT>(src, dst, byte_count, elem_size);
+ }
+ }
+
+private:
+ /**
+ * Byte swap a 16-bit value
+ */
+ static uint16_t byte_swap(uint16_t x) {
+ return (x << 8) | (x >> 8);
+ }
+
+ /**
+ * Byte swap a 32-bit value
+ */
+ static uint32_t byte_swap(uint32_t x) {
+ uint16_t lo = (uint16_t)x;
+ uint16_t hi = (uint16_t)(x >> 16);
+
+ return ((uint32_t)byte_swap(lo) << 16) | (uint32_t)byte_swap(hi);
+ }
+
+ /**
+ * Byte swap a 64-bit value
+ */
+ static uint64_t byte_swap(uint64_t x) {
+ uint32_t lo = (uint32_t)x;
+ uint32_t hi = (uint32_t)(x >> 32);
+
+ return ((uint64_t)byte_swap(lo) << 32) | (uint64_t)byte_swap(hi);
+ }
+
+ enum CopyDirection {
+ RIGHT, // lower -> higher address
+ LEFT // higher -> lower address
+ };
+
+ /**
+ * Copy and byte swap elements
+ *
+ * <T> - type of element to copy
+ * <D> - copy direction
+ * <is_src_aligned> - true if src argument is aligned to element size
+ * <is_dst_aligned> - true if dst argument is aligned to element size
+ *
+ * @param src address of source
+ * @param dst address of destination
+ * @param byte_count number of bytes to copy
+ */
+ template <typename T, CopyDirection D, bool is_src_aligned, bool is_dst_aligned>
+ static void do_conjoint_swap(address src, address dst, size_t byte_count) {
+ address cur_src, cur_dst;
+
+ switch (D) {
+ case RIGHT:
+ cur_src = src;
+ cur_dst = dst;
+ break;
+ case LEFT:
+ cur_src = src + byte_count - sizeof(T);
+ cur_dst = dst + byte_count - sizeof(T);
+ break;
+ }
+
+ for (size_t i = 0; i < byte_count / sizeof(T); i++) {
+ T tmp;
+
+ if (is_src_aligned) {
+ tmp = *(T*)cur_src;
+ } else {
+ memcpy(&tmp, cur_src, sizeof(T));
+ }
+
+ tmp = byte_swap(tmp);
+
+ if (is_dst_aligned) {
+ *(T*)cur_dst = tmp;
+ } else {
+ memcpy(cur_dst, &tmp, sizeof(T));
+ }
+
+ switch (D) {
+ case RIGHT:
+ cur_src += sizeof(T);
+ cur_dst += sizeof(T);
+ break;
+ case LEFT:
+ cur_src -= sizeof(T);
+ cur_dst -= sizeof(T);
+ break;
+ }
+ }
+ }
+
+ /**
+ * Copy and byte swap elements
+ *
+ * <T> - type of element to copy
+ * <D> - copy direction
+ *
+ * @param src address of source
+ * @param dst address of destination
+ * @param byte_count number of bytes to copy
+ */
+ template <typename T, CopyDirection direction>
+ static void do_conjoint_swap(address src, address dst, size_t byte_count) {
+ if (is_ptr_aligned(src, sizeof(T))) {
+ if (is_ptr_aligned(dst, sizeof(T))) {
+ do_conjoint_swap<T,direction,true,true>(src, dst, byte_count);
+ } else {
+ do_conjoint_swap<T,direction,true,false>(src, dst, byte_count);
+ }
+ } else {
+ if (is_ptr_aligned(dst, sizeof(T))) {
+ do_conjoint_swap<T,direction,false,true>(src, dst, byte_count);
+ } else {
+ do_conjoint_swap<T,direction,false,false>(src, dst, byte_count);
+ }
+ }
+ }
+
+
+ /**
+ * Copy and byte swap elements
+ *
+ * <D> - copy direction
+ *
+ * @param src address of source
+ * @param dst address of destination
+ * @param byte_count number of bytes to copy
+ * @param elem_size size of the elements to copy-swap
+ */
+ template <CopyDirection D>
+ static void do_conjoint_swap(address src, address dst, size_t byte_count, size_t elem_size) {
+ switch (elem_size) {
+ case 2: do_conjoint_swap<uint16_t,D>(src, dst, byte_count); break;
+ case 4: do_conjoint_swap<uint32_t,D>(src, dst, byte_count); break;
+ case 8: do_conjoint_swap<uint64_t,D>(src, dst, byte_count); break;
+ default: guarantee(false, err_msg("do_conjoint_swap: Invalid elem_size %zd\n", elem_size));
+ }
+ }
+};
+
+void Copy::conjoint_swap(address src, address dst, size_t byte_count, size_t elem_size) {
+ CopySwap::conjoint_swap(src, dst, byte_count, elem_size);
+}
// Fill bytes; larger units are filled atomically if everything is aligned.
void Copy::fill_to_memory_atomic(void* to, size_t size, jubyte value) {
diff --git a/hotspot/src/share/vm/utilities/copy.hpp b/hotspot/src/share/vm/utilities/copy.hpp
index 3dcbfee..66f9887 100644
--- a/hotspot/src/share/vm/utilities/copy.hpp
+++ b/hotspot/src/share/vm/utilities/copy.hpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -227,6 +227,16 @@
}
}
+ /**
+ * Copy and *unconditionally* byte swap elements
+ *
+ * @param src address of source
+ * @param dst address of destination
+ * @param byte_count number of bytes to copy
+ * @param elem_size size of the elements to copy-swap
+ */
+ static void conjoint_swap(address src, address dst, size_t byte_count, size_t elem_size);
+
// Fill methods
// Fill word-aligned words, not atomic on each word
diff --git a/hotspot/test/runtime/ClassUnload/ConstantPoolDependsTest.java b/hotspot/test/runtime/ClassUnload/ConstantPoolDependsTest.java
new file mode 100644
index 0000000..425d02b
--- /dev/null
+++ b/hotspot/test/runtime/ClassUnload/ConstantPoolDependsTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test ConstantPoolDependsTest
+ * @bug 8210094
+ * @summary Create ClassLoader dependency from initiating loader to class loader through constant pool reference
+ * @modules java.base/jdk.internal.misc
+ * java.compiler
+ * @library /testlibrary /testlibrary/whitebox /runtime/testlibrary
+ * @build sun.hotspot.WhiteBox
+ * @compile p2/c2.java MyDiffClassLoader.java
+ * @run main ClassFileInstaller sun.hotspot.WhiteBox
+ * sun.hotspot.WhiteBox$WhiteBoxPermission
+ * @run main/othervm -Xbootclasspath/a:. -Xmn8m -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI ConstantPoolDependsTest
+ */
+
+import sun.hotspot.WhiteBox;
+
+
+public class ConstantPoolDependsTest {
+ public static WhiteBox wb = WhiteBox.getWhiteBox();
+ public static final String MY_TEST = "ConstantPoolDependsTest$c1c";
+
+ public static class c1c {
+ private void test() throws Exception {
+ // ConstantPool.klass_at_impl loads through constant pool and creates dependency
+ p2.c2 c2_obj = new p2.c2();
+ c2_obj.method2();
+ }
+
+ public c1c () throws Exception {
+ test();
+ ClassUnloadCommon.triggerUnloading(); // should not unload anything
+ test();
+ ClassUnloadCommon.triggerUnloading(); // should not unload anything
+ }
+ }
+
+ static void test() throws Throwable {
+
+ // now use the same loader to load class MyTest
+ Class MyTest_class = new MyDiffClassLoader(MY_TEST).loadClass(MY_TEST);
+
+ try {
+ // Call MyTest to load p2.c2 twice and call p2.c2.method2
+ MyTest_class.newInstance();
+ } catch (Exception e) {
+ throw new RuntimeException("Test FAILED if NoSuchMethodException is thrown");
+ }
+ ClassUnloadCommon.triggerUnloading(); // should not unload anything
+ ClassUnloadCommon.failIf(!wb.isClassAlive(MY_TEST), "should not be unloaded");
+ ClassUnloadCommon.failIf(!wb.isClassAlive("p2.c2"), "should not be unloaded");
+ // Unless MyTest_class is referenced here, the compiler can unload it.
+ System.out.println("Should not unload anything before here because " + MyTest_class + " is still alive.");
+ }
+
+ public static void main(String args[]) throws Throwable {
+ test();
+ ClassUnloadCommon.triggerUnloading(); // should unload
+ System.gc();
+ System.out.println("Should unload p2.c2 just now");
+ ClassUnloadCommon.failIf(wb.isClassAlive(MY_TEST), "should be unloaded");
+ ClassUnloadCommon.failIf(wb.isClassAlive("p2.c2"), "should be unloaded");
+ }
+}
diff --git a/hotspot/test/runtime/ClassUnload/DictionaryDependsTest.java b/hotspot/test/runtime/ClassUnload/DictionaryDependsTest.java
new file mode 100644
index 0000000..1a3c172
--- /dev/null
+++ b/hotspot/test/runtime/ClassUnload/DictionaryDependsTest.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test DictionaryDependsTest
+ * @bug 8210094
+ * @summary Create ClassLoader dependency from initiating loader to class loader through reflection
+ * @modules java.base/jdk.internal.misc
+ * java.compiler
+ * @library /testlibrary /testlibrary/whitebox /runtime/testlibrary
+ * @build sun.hotspot.WhiteBox
+ * @compile p2/c2.java MyDiffClassLoader.java
+ * @run main ClassFileInstaller sun.hotspot.WhiteBox
+ * sun.hotspot.WhiteBox$WhiteBoxPermission
+ * @run main/othervm -Xbootclasspath/a:. -Xmn8m -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI DictionaryDependsTest
+ */
+import sun.hotspot.WhiteBox;
+import java.lang.reflect.Method;
+
+public class DictionaryDependsTest {
+ public static WhiteBox wb = WhiteBox.getWhiteBox();
+ public static final String MY_TEST = "DictionaryDependsTest$c1r";
+
+ static public class c1r {
+
+ private void test() throws Exception {
+ // forName loads through reflection and doesn't create dependency
+ Class<?> x = Class.forName("p2.c2", true, c1r.class.getClassLoader());
+ Method m = x.getMethod("method2");
+ java.lang.Object t = x.newInstance();
+ m.invoke(t);
+ }
+
+ public c1r () throws Exception {
+ test();
+ ClassUnloadCommon.triggerUnloading(); // should unload p2.c2
+ test();
+ ClassUnloadCommon.triggerUnloading(); // should unload p2.c2
+ }
+ }
+
+ public void test() throws Throwable {
+
+ // now use the same loader to load class MyTest
+ Class MyTest_class = new MyDiffClassLoader(MY_TEST).loadClass(MY_TEST);
+
+ try {
+ // Call MyTest to load p2.c2 twice and call p2.c2.method2
+ MyTest_class.newInstance();
+ } catch (Exception e) {
+ System.out.println("Not expected NSME");
+ throw new RuntimeException("Not expecting NSME");
+ }
+ ClassUnloadCommon.triggerUnloading(); // should not unload anything
+ ClassUnloadCommon.failIf(!wb.isClassAlive(MY_TEST), "should not be unloaded");
+ ClassUnloadCommon.failIf(!wb.isClassAlive("p2.c2"), "should not be unloaded");
+ // Unless MyTest_class is referenced here, the compiler can unload it.
+ System.out.println("Should not unload anything before here because " + MyTest_class + " is still alive.");
+ }
+
+ public static void main(String args[]) throws Throwable {
+ DictionaryDependsTest d = new DictionaryDependsTest();
+ d.test();
+ ClassUnloadCommon.triggerUnloading(); // should not unload anything
+ System.out.println("Should unload MyTest and p2.c2 just now");
+ ClassUnloadCommon.failIf(wb.isClassAlive(MY_TEST), "should be unloaded");
+ ClassUnloadCommon.failIf(wb.isClassAlive("p2.c2"), "should be unloaded");
+ }
+}
diff --git a/hotspot/test/runtime/ClassUnload/MyDiffClassLoader.java b/hotspot/test/runtime/ClassUnload/MyDiffClassLoader.java
new file mode 100644
index 0000000..84afd06
--- /dev/null
+++ b/hotspot/test/runtime/ClassUnload/MyDiffClassLoader.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.*;
+import com.oracle.java.testlibrary.InMemoryJavaCompiler;
+
+public class MyDiffClassLoader extends ClassLoader {
+
+ public String loaderName;
+ public static boolean switchClassData = false;
+
+ MyDiffClassLoader(String name) {
+ this.loaderName = name;
+ }
+
+ public Class loadClass(String name) throws ClassNotFoundException {
+ if (!name.contains("c1r") &&
+ !name.contains("c1c") &&
+ !name.contains("c1s") &&
+ !name.equals("p2.c2")) {
+ return super.loadClass(name);
+ }
+
+ // new loader loads p2.c2
+ if (name.equals("p2.c2") && !loaderName.equals("C2Loader")) {
+ Class<?> c = new MyDiffClassLoader("C2Loader").loadClass(name);
+ switchClassData = true;
+ return c;
+ }
+
+ byte[] data = switchClassData ? getNewClassData(name) : getClassData(name);
+ System.out.println("name is " + name);
+ return defineClass(name, data, 0, data.length);
+ }
+ byte[] getClassData(String name) {
+ try {
+ String TempName = name.replaceAll("\\.", "/");
+ String currentDir = System.getProperty("test.classes");
+ String filename = currentDir + File.separator + TempName + ".class";
+ FileInputStream fis = new FileInputStream(filename);
+ byte[] b = new byte[5000];
+ int cnt = fis.read(b, 0, 5000);
+ byte[] c = new byte[cnt];
+ for (int i=0; i<cnt; i++) c[i] = b[i];
+ return c;
+ } catch (IOException e) {
+ return null;
+ }
+ }
+
+ // Return p2.c2 with everything removed
+ byte[] getNewClassData(String name) {
+ return InMemoryJavaCompiler.compile("p2.c2", "package p2; public class c2 { }");
+ }
+}
diff --git a/hotspot/test/runtime/ClassUnload/SuperDependsTest.java b/hotspot/test/runtime/ClassUnload/SuperDependsTest.java
new file mode 100644
index 0000000..215b479
--- /dev/null
+++ b/hotspot/test/runtime/ClassUnload/SuperDependsTest.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test SuperDependsTest
+ * @bug 8210094
+ * @summary Create ClassLoader dependency from initiating loader to class loader through subclassing
+ * @modules java.base/jdk.internal.misc
+ * java.compiler
+ * @library /testlibrary /testlibrary/whitebox /runtime/testlibrary
+ * @build sun.hotspot.WhiteBox
+ * @compile p2/c2.java MyDiffClassLoader.java
+ * @run main ClassFileInstaller sun.hotspot.WhiteBox
+ * sun.hotspot.WhiteBox$WhiteBoxPermission
+ * @run main/othervm -Xbootclasspath/a:. -Xmn8m -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI SuperDependsTest
+ */
+import sun.hotspot.WhiteBox;
+import p2.*;
+
+public class SuperDependsTest {
+ public static WhiteBox wb = WhiteBox.getWhiteBox();
+ public static final String MY_TEST = "SuperDependsTest$c1s";
+
+
+ // p2.c2 loads through super class and creates dependency
+ public static class c1s extends p2.c2 {
+
+ private void test() throws Exception {
+ method2();
+ }
+
+ public c1s () throws Exception {
+ test();
+ ClassUnloadCommon.triggerUnloading(); // should not unload anything
+ test();
+ }
+ }
+
+ public void test() throws Throwable {
+
+ // now use the same loader to load class MyTest
+ Class MyTest_class = new MyDiffClassLoader(MY_TEST).loadClass(MY_TEST);
+
+ // Call MyTest to load p2.c2 twice and call p2.c2.method2
+ MyTest_class.newInstance();
+ ClassUnloadCommon.triggerUnloading(); // should not unload anything
+ ClassUnloadCommon.failIf(!wb.isClassAlive(MY_TEST), "should not be unloaded");
+ ClassUnloadCommon.failIf(!wb.isClassAlive("p2.c2"), "should not be unloaded");
+ // Unless MyTest_class is referenced here, the compiler can unload it.
+ System.out.println("Should not unload anything before here because " + MyTest_class + " is still alive.");
+ }
+
+ public static void main(String args[]) throws Throwable {
+ SuperDependsTest d = new SuperDependsTest();
+ d.test();
+ ClassUnloadCommon.triggerUnloading(); // should not unload anything
+ System.out.println("Should unload MyTest and p2.c2 just now");
+ ClassUnloadCommon.failIf(wb.isClassAlive(MY_TEST), "should be unloaded");
+ ClassUnloadCommon.failIf(wb.isClassAlive("p2.c2"), "should be unloaded");
+ }
+}
diff --git a/hotspot/test/runtime/ClassUnload/p2/c2.java b/hotspot/test/runtime/ClassUnload/p2/c2.java
new file mode 100644
index 0000000..2892539
--- /dev/null
+++ b/hotspot/test/runtime/ClassUnload/p2/c2.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package p2;
+
+public class c2 {
+ int i;
+ public void method2() { i = 5; System.out.println("c2 method2 called"); }
+}
diff --git a/jaxp/.hgtags b/jaxp/.hgtags
index c4ad8b7..61db62d 100644
--- a/jaxp/.hgtags
+++ b/jaxp/.hgtags
@@ -920,6 +920,7 @@
d347fe847fc2a5d59b753631404839f8b6fb2f29 jdk8u181-b12
79cd9a0e041e64443d9d0bf29baf46c7459b3e91 jdk8u181-b13
102e8b07bdda4263087593b0a52a90a7a64b4956 jdk8u191-b01
+ecdbe3bf911c3f1f4eceb895f0f7513a8d3964e0 jdk8u201-b00
ecdbe3bf911c3f1f4eceb895f0f7513a8d3964e0 jdk8u191-b02
a7ad7ceac906d5f609ddcecbd20fe82b6edf9491 jdk8u191-b03
12a53eff34938f836f2c09b1c288da6ce783f795 jdk8u191-b04
@@ -928,6 +929,11 @@
66f5468a9c1316df2b097c2ff103c6e869f70fe1 jdk8u191-b07
556336c606f5c658d5ec1251783a31de62c83e4b jdk8u191-b08
92543f5f314603d6b0d8f751a8b06c1035466aeb jdk8u191-b09
+a41e15076d5f67d99aaa37991decb9b38e658c89 jdk8u191-b10
+798d69bfddf8e5608697d45aa114a4ab54efe8ad jdk8u191-b25
+fd65844e4d543242337923f528fe9f7f52171f74 jdk8u191-b11
+6da26fc7da9a1e687eb0fcc5f4b223fffc1b352b jdk8u191-b12
+a873d847260cd1859d8c66ddb73ed45eb9581ae1 jdk8u191-b26
5d207173975cd987c4ae4095b32d2634ed6bc885 jdk8u182-b00
647b038457fedd3585a57b834f28a3cf8594991d jdk8u192-b00
36c7f3e58a3e86b190bf2496680d8d6f02210b52 jdk8u192-b01
@@ -939,3 +945,27 @@
caaaa4cd887e6309787f58dec132dfda48f6ff9d jdk8u192-b07
43a0b8cdaad50270174ecdee108302b587ddbc94 jdk8u192-b08
f65aaf9bd53f10402d445cb63b20846c0768ae2a jdk8u192-b09
+fef9633ef67ec6b39ea4f749182dfe7eb6daf455 jdk8u192-b10
+c3b62807c5a1bfa28dcdc2c60242cb29bb2f0ffb jdk8u192-b25
+9d7a44710de5d6b42773b956407e4549a381d907 jdk8u192-b11
+6465f54b4b63be0234480d2f9aad1dca893d2f9e jdk8u192-b12
+fce0c0377cbd8471283bb6ba5900120f1505c7cc jdk8u192-b26
+382c9313d23fe2c7455adf105858d61f04e1c9cc jdk8u181-b31
+019bb0c95d8eff74f479cf43e472742f346979f0 jdk8u181-b32
+84e3a5220fdca5227307a59cd4f52ae13d10ba6b jdk8u181-b33
+dd700ba0a891f5fe79502f5a9530317e90032e68 jdk8u181-b34
+ed73be44ba93a599f517c044b0972a9df4ba4d36 jdk8u181-b35
+f6e56479aedce0cb4a66c1c0ff8b88eed8f88621 jdk8u181-b36
+0179f90264fafd8e678c59ee49767827f29c5c09 jdk8u181-b37
+fc3557ce51e4438d5f2b856fa68204a7a3d66233 jdk8u201-b01
+477375759c3876b35dc92158c58f70ec4999355d jdk8u201-b02
+bd61e1494e368120975a4ce7fc4b4ce8603fb52c jdk8u201-b03
+f00858e3cb6653a6ba81040100541c337f545667 jdk8u201-b04
+9c371081f0179530abbcacf5863515ed138d0659 jdk8u201-b74
+fadb12a859bcba9075a5536bedb5594f2c4442bd jdk8u201-b05
+8b544083d84187ad1c5569baa70bf0e1ffae8858 jdk8u201-b75
+0efa6d7335788fa6f7c7b088a020ace48c4f7d14 jdk8u201-b06
+f728390b15a5c81e5eb3194999d490f63965c829 jdk8u201-b76
+16c76ce6176a6042af69da226d95795976d7dbcd jdk8u201-b07
+ace766139b0a8b3df9ba5997410b6757e9e966ce jdk8u201-b77
+4d0534929ed33904995cab64d870f71f34df3820 jdk8u201-b08
diff --git a/jaxp/THIRD_PARTY_README b/jaxp/THIRD_PARTY_README
index 0614dc2..680599d 100644
--- a/jaxp/THIRD_PARTY_README
+++ b/jaxp/THIRD_PARTY_README
@@ -1668,13 +1668,13 @@
-------------------------------------------------------------------------------
-%% This notice is provided with respect to Little CMS 2.7, which may be
+%% This notice is provided with respect to Little CMS 2.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Little CMS
-Copyright (c) 1998-2015 Marti Maria Saguer
+Copyright (c) 1998-2011 Marti Maria Saguer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/runtime/ErrorMessages_it.java b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/runtime/ErrorMessages_it.java
index e4a7b2d..79c17a9 100644
--- a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/runtime/ErrorMessages_it.java
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/runtime/ErrorMessages_it.java
@@ -91,14 +91,14 @@
* is a class name. Used for internal errors in the processor.
*/
{BasisLibrary.RUN_TIME_INTERNAL_ERR,
- "Errore interno in fase di esecuzione in ''{0}''"},
+ "Errore interno in runtime in ''{0}''"},
/*
* Note to translators: <xsl:copy> is a keyword that should not be
* translated.
*/
{BasisLibrary.RUN_TIME_COPY_ERR,
- "Errore in fase di esecuzione durante l'esecuzione di <xsl:copy>."},
+ "Errore in runtime durante l'esecuzione di <xsl:copy>."},
/*
* Note to translators: The substitution text refers to data types.
@@ -252,7 +252,7 @@
* the name of the translet class.
*/
{BasisLibrary.UNKNOWN_TRANSLET_VERSION_ERR,
- "Il translet specificato ''{0}'' \u00E8 stato creato utilizzando una versione di XSLTC pi\u00F9 recente di quella della fase di esecuzione XSLTC in uso. Ricompilare il foglio di stile o utilizzare una versione pi\u00F9 recente di XSLTC per eseguire questo translet."},
+ "Il translet specificato ''{0}'' \u00E8 stato creato utilizzando una versione di XSLTC pi\u00F9 recente di quella della fase di runtime XSLTC in uso. Ricompilare il foglio di stile o utilizzare una versione pi\u00F9 recente di XSLTC per eseguire questo translet."},
/*
* Note to translators: An attribute whose effective value is required
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties
index eadf57a..fe82b5d 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties
@@ -29,9 +29,9 @@
QuoteRequiredInXMLDecl = V\u00E4rdet som f\u00F6ljer "{0}" i XML-deklarationen m\u00E5ste omges av citattecken.
XMLDeclUnterminated = XML-deklarationen m\u00E5ste avslutas med "?>".
VersionInfoRequired = Versionen kr\u00E4vs i XML-deklarationen.
- SpaceRequiredBeforeVersionInXMLDecl = Tomt utrymme kr\u00E4vs f\u00F6re versionens pseudoattribut i XML-deklarationen.
- SpaceRequiredBeforeEncodingInXMLDecl = Tomt utrymme kr\u00E4vs f\u00F6re kodningens pseudoattribut i XML-deklarationen.
- SpaceRequiredBeforeStandalone = Tomt utrymme kr\u00E4vs f\u00F6re kodningens pseudoattribut i XML-deklarationen.
+ SpaceRequiredBeforeVersionInXMLDecl = Blanktecken kr\u00E4vs f\u00F6re versionens pseudoattribut i XML-deklarationen.
+ SpaceRequiredBeforeEncodingInXMLDecl = Blanktecken kr\u00E4vs f\u00F6re kodningens pseudoattribut i XML-deklarationen.
+ SpaceRequiredBeforeStandalone = Blanktecken kr\u00E4vs f\u00F6re kodningens pseudoattribut i XML-deklarationen.
MarkupNotRecognizedInProlog = Dokumentets kodtext f\u00F6re rotelementet m\u00E5ste vara v\u00E4lformulerad.
MarkupNotRecognizedInMisc = Dokumentets kodtext efter rotelementet m\u00E5ste vara v\u00E4lformulerad.
AlreadySeenDoctype = DOCTYPE har redan tagits emot.
@@ -84,7 +84,7 @@
COMMENT_NOT_IN_ONE_ENTITY = Kommentaren innesluts inte i samma enhet.
# 2.6 Processing Instructions
PITargetRequired = Bearbetningsinstruktionen m\u00E5ste b\u00F6rja med m\u00E5lnamnet.
- SpaceRequiredInPI = Tomt utrymme kr\u00E4vs mellan bearbetningsinstruktionens m\u00E5l och data.
+ SpaceRequiredInPI = Blanktecken kr\u00E4vs mellan bearbetningsinstruktionens m\u00E5l och data.
PIUnterminated = Bearbetningsinstruktionen m\u00E5ste avslutas med "?>".
ReservedPITarget = Bearbetningsinstruktionens m\u00E5lmatchning "[xX][mM][lL]" \u00E4r inte till\u00E5ten.
PI_NOT_IN_ONE_ENTITY = Bearbetningsinstruktionen innesluts inte i samma enhet.
@@ -105,8 +105,8 @@
EqRequiredInTextDecl = Ett likhetstecken ('' = '') m\u00E5ste anges efter "{0}" i textdeklarationen.
QuoteRequiredInTextDecl = V\u00E4rdet som f\u00F6ljer "{0}" i textdeklarationen m\u00E5ste omges av citattecken.
CloseQuoteMissingInTextDecl = avslutande citattecken saknas f\u00F6r v\u00E4rdet efter "{0}" i textdeklarationen.
- SpaceRequiredBeforeVersionInTextDecl = Tomt utrymme kr\u00E4vs f\u00F6re versionens pseudoattribut i textdeklarationen.
- SpaceRequiredBeforeEncodingInTextDecl = Tomt utrymme kr\u00E4vs f\u00F6re kodningens pseudoattribut i textdeklarationen.
+ SpaceRequiredBeforeVersionInTextDecl = Blanktecken kr\u00E4vs f\u00F6re versionens pseudoattribut i textdeklarationen.
+ SpaceRequiredBeforeEncodingInTextDecl = Blanktecken kr\u00E4vs f\u00F6re kodningens pseudoattribut i textdeklarationen.
TextDeclUnterminated = Textdeklarationen m\u00E5ste avslutas med "?>".
EncodingDeclRequired = Koddeklaration kr\u00E4vs i textdeklarationen.
NoMorePseudoAttributes = Inga fler pseudoattribut \u00E4r till\u00E5tna.
@@ -133,16 +133,16 @@
InvalidCharInPublicID = Ett ogiltigt XML-tecken (Unicode: 0x{0}) hittades i allm\u00E4n identifierare.
InvalidCharInSystemID = Ett ogiltigt XML-tecken (Unicode: 0x{0}) hittades i systemidentifierare.
# 2.3 Common Syntactic Constructs
- SpaceRequiredAfterSYSTEM = Tomt utrymme kr\u00E4vs efter nyckelordet SYSTEM i DOCTYPE-deklarationen.
+ SpaceRequiredAfterSYSTEM = Blanktecken kr\u00E4vs efter nyckelordet SYSTEM i DOCTYPE-deklarationen.
QuoteRequiredInSystemID = Systemidentifieraren m\u00E5ste inledas med antingen enkelt eller dubbelt citattecken.
SystemIDUnterminated = Systemidentifieraren m\u00E5ste avslutas med matchande citattecken.
- SpaceRequiredAfterPUBLIC = Tomma utrymmen kr\u00E4vs efter nyckelordet PUBLIC i DOCTYPE-deklarationen.
+ SpaceRequiredAfterPUBLIC = Blanktecken kr\u00E4vs efter nyckelordet PUBLIC i DOCTYPE-deklarationen.
QuoteRequiredInPublicID = Den allm\u00E4nna identifieraren m\u00E5ste inledas med antingen enkelt eller dubbelt citattecken.
PublicIDUnterminated = Den allm\u00E4nna identifieraren m\u00E5ste avslutas med matchande citattecken.
PubidCharIllegal = Tecknet (Unicode: 0x{0}) \u00E4r inte till\u00E5tet i den allm\u00E4nna identifieraren.
- SpaceRequiredBetweenPublicAndSystem = Tomma utrymmen kr\u00E4vs mellan publicId och systemId.
+ SpaceRequiredBetweenPublicAndSystem = Blanktecken kr\u00E4vs mellan publicId och systemId.
# 2.8 Prolog and Document Type Declaration
- MSG_SPACE_REQUIRED_BEFORE_ROOT_ELEMENT_TYPE_IN_DOCTYPEDECL = Tomt utrymme kr\u00E4vs efter "<!DOCTYPE" i dokumenttypdeklarationen.
+ MSG_SPACE_REQUIRED_BEFORE_ROOT_ELEMENT_TYPE_IN_DOCTYPEDECL = Blanktecken kr\u00E4vs efter "<!DOCTYPE" i dokumenttypdeklarationen.
MSG_ROOT_ELEMENT_TYPE_REQUIRED = Rotelementtyp m\u00E5ste anges efter "<!DOCTYPE" i dokumenttypdeklarationen.
DoctypedeclUnterminated = Dokumenttypdeklarationen f\u00F6r rotelementtyp "{0}" m\u00E5ste avslutas med ''>''.
DoctypedeclNotClosed = Dokumenttypsdeklarationen f\u00F6r rotelementtypen "{0}" m\u00E5ste st\u00E4ngas med '']''.
@@ -151,9 +151,9 @@
# 2.10 White Space Handling
MSG_XML_SPACE_DECLARATION_ILLEGAL = Attributdeklarationen f\u00F6r "xml:space" m\u00E5ste anges som uppr\u00E4kningstyp vars enda m\u00F6jliga v\u00E4rden \u00E4r "default" och "preserve".
# 3.2 Element Type Declarations
- MSG_SPACE_REQUIRED_BEFORE_ELEMENT_TYPE_IN_ELEMENTDECL = Tomt utrymme kr\u00E4vs efter "<!ELEMENT" i elementtypdeklarationen.
+ MSG_SPACE_REQUIRED_BEFORE_ELEMENT_TYPE_IN_ELEMENTDECL = Blanktecken kr\u00E4vs efter "<!ELEMENT" i elementtypdeklarationen.
MSG_ELEMENT_TYPE_REQUIRED_IN_ELEMENTDECL = Elementtyp m\u00E5ste anges i elementtypdeklarationen.
- MSG_SPACE_REQUIRED_BEFORE_CONTENTSPEC_IN_ELEMENTDECL = Tomt utrymme kr\u00E4vs efter elementtyp "{0}" i elementtypdeklarationen.
+ MSG_SPACE_REQUIRED_BEFORE_CONTENTSPEC_IN_ELEMENTDECL = Blanktecken kr\u00E4vs efter elementtyp "{0}" i elementtypdeklarationen.
MSG_CONTENTSPEC_REQUIRED_IN_ELEMENTDECL = Begr\u00E4nsningen kr\u00E4vs efter elementtyp "{0}" i elementtypdeklarationen.
ElementDeclUnterminated = Deklarationen f\u00F6r elementtyp "{0}" m\u00E5ste avslutas med ''>''.
# 3.2.1 Element Content
@@ -164,16 +164,16 @@
MSG_CLOSE_PAREN_REQUIRED_IN_MIXED = Tecknet '')'' m\u00E5ste anges i deklarationen av elementtyp "{0}".
MixedContentUnterminated = Modellen med blandat inneh\u00E5ll "{0}" m\u00E5ste avslutas med ")*" om typer av underordnade element \u00E4r begr\u00E4nsade.
# 3.3 Attribute-List Declarations
- MSG_SPACE_REQUIRED_BEFORE_ELEMENT_TYPE_IN_ATTLISTDECL = Tomt utrymme kr\u00E4vs efter "<!ATTLIST" i deklarationen f\u00F6r attributlista.
+ MSG_SPACE_REQUIRED_BEFORE_ELEMENT_TYPE_IN_ATTLISTDECL = Blanktecken kr\u00E4vs efter "<!ATTLIST" i deklarationen f\u00F6r attributlista.
MSG_ELEMENT_TYPE_REQUIRED_IN_ATTLISTDECL = Elementtyp m\u00E5ste anges i deklarationen f\u00F6r attributlista.
- MSG_SPACE_REQUIRED_BEFORE_ATTRIBUTE_NAME_IN_ATTDEF = Tomt utrymme kr\u00E4vs f\u00F6re attributnamnet i deklarationen f\u00F6r attributlista f\u00F6r elementet "{0}".
+ MSG_SPACE_REQUIRED_BEFORE_ATTRIBUTE_NAME_IN_ATTDEF = Blanktecken kr\u00E4vs f\u00F6re attributnamnet i deklarationen f\u00F6r attributlista f\u00F6r elementet "{0}".
AttNameRequiredInAttDef = Attributnamnet m\u00E5ste anges i deklarationen f\u00F6r attributlista f\u00F6r elementet "{0}".
- MSG_SPACE_REQUIRED_BEFORE_ATTTYPE_IN_ATTDEF = Tomt utrymme kr\u00E4vs f\u00F6re attributtyp i deklarationen f\u00F6r attributet "{1}" f\u00F6r elementet "{0}".
+ MSG_SPACE_REQUIRED_BEFORE_ATTTYPE_IN_ATTDEF = Blanktecken kr\u00E4vs f\u00F6re attributtyp i deklarationen f\u00F6r attributet "{1}" f\u00F6r elementet "{0}".
AttTypeRequiredInAttDef = Attributtyp m\u00E5ste anges i deklarationen f\u00F6r attributet "{1}" f\u00F6r elementet "{0}".
- MSG_SPACE_REQUIRED_BEFORE_DEFAULTDECL_IN_ATTDEF = Tomt utrymme kr\u00E4vs f\u00F6re attributstandardv\u00E4rde i deklarationen f\u00F6r attributet "{1}" f\u00F6r elementet "{0}".
+ MSG_SPACE_REQUIRED_BEFORE_DEFAULTDECL_IN_ATTDEF = Blanktecken kr\u00E4vs f\u00F6re attributstandardv\u00E4rde i deklarationen f\u00F6r attributet "{1}" f\u00F6r elementet "{0}".
MSG_DUPLICATE_ATTRIBUTE_DEFINITION = Det finns fler \u00E4n en attributdefinition f\u00F6r samma attribut "{1}" f\u00F6r angivet element "{0}".
# 3.3.1 Attribute Types
- MSG_SPACE_REQUIRED_AFTER_NOTATION_IN_NOTATIONTYPE = Tomt utrymme m\u00E5ste anges efter "NOTATION" i attributdeklarationen "{1}".
+ MSG_SPACE_REQUIRED_AFTER_NOTATION_IN_NOTATIONTYPE = Blanktecken m\u00E5ste anges efter "NOTATION" i attributdeklarationen "{1}".
MSG_OPEN_PAREN_REQUIRED_IN_NOTATIONTYPE = Tecknet ''('' m\u00E5ste anges efter "NOTATION" i attributdeklarationen "{1}".
MSG_NAME_REQUIRED_IN_NOTATIONTYPE = Notationsnamn m\u00E5ste anges i notationstyplistan f\u00F6r attributdeklarationen "{1}".
NotationTypeUnterminated = Notationstyplistan m\u00E5ste avslutas med '')'' i attributdeklarationen "{1}".
@@ -182,7 +182,7 @@
MSG_DISTINCT_TOKENS_IN_ENUMERATION = Uppr\u00E4kningsv\u00E4rdet "{1}" har angetts fler \u00E4n en g\u00E5ng i attributdeklarationen "{2}" f\u00F6r elementet "{0}". Alla NMTOKENS i en och samma attributdeklaration f\u00F6r Enumeration m\u00E5ste vara unika.
MSG_DISTINCT_NOTATION_IN_ENUMERATION = Uppr\u00E4kningsv\u00E4rdet "{1}" har angetts fler \u00E4n en g\u00E5ng i attributdeklarationen "{2}" f\u00F6r elementet "{0}". Alla NOTATION-namn i en och samma attributdeklaration f\u00F6r NotationType m\u00E5ste vara unika.
# 3.3.2 Attribute Defaults
- MSG_SPACE_REQUIRED_AFTER_FIXED_IN_DEFAULTDECL = Tomt utrymme m\u00E5ste anges efter "FIXED" i attributdeklarationen "{1}".
+ MSG_SPACE_REQUIRED_AFTER_FIXED_IN_DEFAULTDECL = Blanktecken m\u00E5ste anges efter "FIXED" i attributdeklarationen "{1}".
# 3.4 Conditional Sections
IncludeSectUnterminated = Sektionen f\u00F6r inkluderade villkor m\u00E5ste avslutas med "]]>".
IgnoreSectUnterminated = Sektionen f\u00F6r exkluderade villkor m\u00E5ste avslutas med "]]>".
@@ -190,26 +190,26 @@
NameRequiredInPEReference = Enhetsnamnet m\u00E5ste omedelbart f\u00F6ljas av '%' i parameterreferensen.
SemicolonRequiredInPEReference = Parameterreferensen "%{0};" m\u00E5ste avslutas med '';''-avgr\u00E4nsare.
# 4.2 Entity Declarations
- MSG_SPACE_REQUIRED_BEFORE_ENTITY_NAME_IN_ENTITYDECL = Tomt utrymme kr\u00E4vs efter "<!ENTITY" i enhetsdeklarationen.
- MSG_SPACE_REQUIRED_BEFORE_PERCENT_IN_PEDECL = Tomt utrymme kr\u00E4vs mellan "<!ENTITY" och '%'-tecknet i parameterdeklarationen.
- MSG_SPACE_REQUIRED_BEFORE_ENTITY_NAME_IN_PEDECL = Tomt utrymme kr\u00E4vs mellan '%' och enhetsnamnet i parameterdeklarationen.
+ MSG_SPACE_REQUIRED_BEFORE_ENTITY_NAME_IN_ENTITYDECL = Blanktecken kr\u00E4vs efter "<!ENTITY" i enhetsdeklarationen.
+ MSG_SPACE_REQUIRED_BEFORE_PERCENT_IN_PEDECL = Blanktecken kr\u00E4vs mellan "<!ENTITY" och '%'-tecknet i parameterdeklarationen.
+ MSG_SPACE_REQUIRED_BEFORE_ENTITY_NAME_IN_PEDECL = Blanktecken kr\u00E4vs mellan '%' och enhetsnamnet i parameterdeklarationen.
MSG_ENTITY_NAME_REQUIRED_IN_ENTITYDECL = Namnet p\u00E5 enheten m\u00E5ste anges i enhetsdeklarationen.
- MSG_SPACE_REQUIRED_AFTER_ENTITY_NAME_IN_ENTITYDECL = Tomt utrymme kr\u00E4vs mellan enhetsnamnet "{0}" och definitionen i enhetsdeklarationen.
- MSG_SPACE_REQUIRED_BEFORE_NOTATION_NAME_IN_UNPARSED_ENTITYDECL = Tomt utrymme kr\u00E4vs mellan "NDATA" och notationsnamnet i deklarationen f\u00F6r enheten "{0}".
- MSG_SPACE_REQUIRED_BEFORE_NDATA_IN_UNPARSED_ENTITYDECL = Tomt utrymme kr\u00E4vs f\u00F6re "NDATA" i deklarationen f\u00F6r enheten "{0}".
+ MSG_SPACE_REQUIRED_AFTER_ENTITY_NAME_IN_ENTITYDECL = Blanktecken kr\u00E4vs mellan enhetsnamnet "{0}" och definitionen i enhetsdeklarationen.
+ MSG_SPACE_REQUIRED_BEFORE_NOTATION_NAME_IN_UNPARSED_ENTITYDECL = Blanktecken kr\u00E4vs mellan "NDATA" och notationsnamnet i deklarationen f\u00F6r enheten "{0}".
+ MSG_SPACE_REQUIRED_BEFORE_NDATA_IN_UNPARSED_ENTITYDECL = Blanktecken kr\u00E4vs f\u00F6re "NDATA" i deklarationen f\u00F6r enheten "{0}".
MSG_NOTATION_NAME_REQUIRED_FOR_UNPARSED_ENTITYDECL = Notationsnamnet m\u00E5ste anges efter "NDATA" i deklarationen f\u00F6r enheten "{0}".
EntityDeclUnterminated = Deklarationen f\u00F6r enheten "{0}" m\u00E5ste avslutas med ''>''.
MSG_DUPLICATE_ENTITY_DEFINITION = Enheten "{0}" har deklarerats mer \u00E4n en g\u00E5ng.
# 4.2.2 External Entities
ExternalIDRequired = Den externa enhetsdeklarationen m\u00E5ste inledas med antingen "SYSTEM" eller "PUBLIC".
- MSG_SPACE_REQUIRED_BEFORE_PUBIDLITERAL_IN_EXTERNALID = Tomt utrymme kr\u00E4vs mellan "PUBLIC" och den allm\u00E4nna identifieraren.
- MSG_SPACE_REQUIRED_AFTER_PUBIDLITERAL_IN_EXTERNALID = Tomt utrymme kr\u00E4vs mellan den allm\u00E4nna identifieraren och systemidentifieraren.
- MSG_SPACE_REQUIRED_BEFORE_SYSTEMLITERAL_IN_EXTERNALID = Tomt utrymme kr\u00E4vs mellan "SYSTEM" och systemidentifieraren.
+ MSG_SPACE_REQUIRED_BEFORE_PUBIDLITERAL_IN_EXTERNALID = Blanktecken kr\u00E4vs mellan "PUBLIC" och den allm\u00E4nna identifieraren.
+ MSG_SPACE_REQUIRED_AFTER_PUBIDLITERAL_IN_EXTERNALID = Blanktecken kr\u00E4vs mellan den allm\u00E4nna identifieraren och systemidentifieraren.
+ MSG_SPACE_REQUIRED_BEFORE_SYSTEMLITERAL_IN_EXTERNALID = Blanktecken kr\u00E4vs mellan "SYSTEM" och systemidentifieraren.
MSG_URI_FRAGMENT_IN_SYSTEMID = Fragmentidentifieraren f\u00E5r inte anges som del av systemidentifieraren "{0}".
# 4.7 Notation Declarations
- MSG_SPACE_REQUIRED_BEFORE_NOTATION_NAME_IN_NOTATIONDECL = Tomt utrymme kr\u00E4vs efter "<!NOTATION" i notationsdeklarationen.
+ MSG_SPACE_REQUIRED_BEFORE_NOTATION_NAME_IN_NOTATIONDECL = Blanktecken kr\u00E4vs efter "<!NOTATION" i notationsdeklarationen.
MSG_NOTATION_NAME_REQUIRED_IN_NOTATIONDECL = Namnet p\u00E5 notationen m\u00E5ste anges i notationsdeklarationen.
- MSG_SPACE_REQUIRED_AFTER_NOTATION_NAME_IN_NOTATIONDECL = Tomt utrymme kr\u00E4vs efter notationsnamnet "{0}" i notationsdeklarationen.
+ MSG_SPACE_REQUIRED_AFTER_NOTATION_NAME_IN_NOTATIONDECL = Blanktecken kr\u00E4vs efter notationsnamnet "{0}" i notationsdeklarationen.
ExternalIDorPublicIDRequired = Deklarationen f\u00F6r notationen "{0}" m\u00E5ste inkludera systemidentifierare eller allm\u00E4n identifierare.
NotationDeclUnterminated = Deklarationen f\u00F6r notationen "{0}" m\u00E5ste avslutas med ''>''.
@@ -248,7 +248,7 @@
MSG_NOTATION_NOT_DECLARED_FOR_UNPARSED_ENTITYDECL = Notationen "{1}" m\u00E5ste deklareras vid referens i otolkad enhetsdeklaration f\u00F6r "{0}".
MSG_REFERENCE_TO_EXTERNALLY_DECLARED_ENTITY_WHEN_STANDALONE = Referensen till enheten "{0}" som har deklarerats i en externt tolkad enhet \u00E4r inte till\u00E5tet i frist\u00E5ende dokument.
MSG_REQUIRED_ATTRIBUTE_NOT_SPECIFIED = Attributet "{1}" m\u00E5ste anges f\u00F6r elementtyp "{0}".
- MSG_WHITE_SPACE_IN_ELEMENT_CONTENT_WHEN_STANDALONE = Tomt utrymme f\u00E5r inte f\u00F6rekomma mellan element som har deklarerats i en externt tolkad enhet med elementinneh\u00E5ll i frist\u00E5ende dokument.
+ MSG_WHITE_SPACE_IN_ELEMENT_CONTENT_WHEN_STANDALONE = Blanktecken f\u00E5r inte f\u00F6rekomma mellan element som har deklarerats i en externt tolkad enhet med elementinneh\u00E5ll i frist\u00E5ende dokument.
NMTOKENInvalid = Attributv\u00E4rdet "{0}" av typen NMTOKEN m\u00E5ste vara ett namntoken.
NMTOKENSInvalid = Attributv\u00E4rdet "{0}" av typen NMTOKENS m\u00E5ste vara ett eller flera namntoken.
NoNotationOnEmptyElement = Elementtyp "{0}" med deklarationen EMPTY kan inte deklareras med attributet "{1}" av typen NOTATION.
diff --git a/jaxws/.hgtags b/jaxws/.hgtags
index 91de4a0..b7136c4 100644
--- a/jaxws/.hgtags
+++ b/jaxws/.hgtags
@@ -914,6 +914,7 @@
0e8e98ee9f488e885295d4a4fa2f38ab2e123c77 jdk8u181-b12
2a12eb329cb9457033a16fe8ebc14a9c5b16e83d jdk8u181-b13
bc04ed57bd9748b241599af98c7b9fb878cbcaf9 jdk8u191-b01
+d25514e95cfb9ad9d2afbc17c2eb6f5a4b162cd4 jdk8u201-b00
d25514e95cfb9ad9d2afbc17c2eb6f5a4b162cd4 jdk8u191-b02
09ee8f82ecab760192aa7689ceb2cbce881dbf42 jdk8u191-b03
e545fe27629455481aa1cfc96694747c18d51f44 jdk8u191-b04
@@ -922,6 +923,11 @@
0fdc1c2cdad0cdd44427a647b7c4c630107db7ca jdk8u191-b07
a45582ee03c59bda9b305b24d104052e1ca9f5a9 jdk8u191-b08
2fbd39f7ce39fe7001474fda85edf490e09a66ec jdk8u191-b09
+9f2a9efa1739dca8e522ba03ad309318b2d66daf jdk8u191-b10
+f1c4301a31a34fbed4c9ce115313340dfdd921be jdk8u191-b25
+0299e5e837b8aa7b5a65b306eaadc7095df38211 jdk8u191-b11
+b32d941559901f8f7e24701fd86885dad09b8492 jdk8u191-b12
+b0d7d6afebacc6ab0a5aa2e5079be6e749c09153 jdk8u191-b26
8ff1173372e327cc0e82091052d048260f021515 jdk8u182-b00
4cf1454fc10c841f6e4b4d3b5fa8cd6f6b9510cc jdk8u192-b00
6ac8c8bf6b7860ec93ccc3080fdd6b80d2f6cccb jdk8u192-b01
@@ -933,3 +939,27 @@
c735d9e2d6046786f58d7ac3db5766865c1fe6c8 jdk8u192-b07
2d48e86e236a9ac01906c4790c155de38a24a673 jdk8u192-b08
b54d13ae94929dbd512063270f9f32c0dc8abebb jdk8u192-b09
+c1d86695c8dcf790eb4bcb8cdb1990203eba725c jdk8u192-b10
+fc43bdbb9cae112367b564042bc1927763f6d45d jdk8u192-b25
+4134dd880b2d2975e42b5491a59c70e92e30d739 jdk8u192-b11
+4b335cfde8d80a6b6d855cb34b88bd1951528d54 jdk8u192-b12
+b08cb2197601730fd15145f8a15949239d5113e6 jdk8u192-b26
+5e461ff70eb58fad69ba1b8e8679844ea73e75de jdk8u181-b31
+0863510c03b3cb58e828cfb65440c5abb1977135 jdk8u181-b32
+334e595ce7f864e74ee64e45fb691e49307c5e9a jdk8u181-b33
+fae6db55e87d68f9bd8a032a264790e0346a731a jdk8u181-b34
+b902d38c0248dc41d36d9ab3aca7c8467d7be1f1 jdk8u181-b35
+cca9c1360a2b21d5bfef529b8a3ee39ed28f385a jdk8u181-b36
+33917cdb4dda8981c82963dbffe0544ae8ad488f jdk8u181-b37
+1ec054bb0782f7ca23830e32c9ed1a7d3ebec018 jdk8u201-b01
+aef7385318ae1a1f4c57b017e2aa1a676543a1b5 jdk8u201-b02
+db3500b8fe16bdfd13f5dd0ced863fb93bede820 jdk8u201-b03
+830a687a30bf89259113c00ae8e4d8233e71fba4 jdk8u201-b04
+a65d21aa3c55a805e99bbbc783d7e94bf5893c1b jdk8u201-b74
+d1b19f1d67134ec1aa84b8960808069cfbb70cd1 jdk8u201-b05
+c8f4a6774b2b13061ece887281940b3da4ee3272 jdk8u201-b75
+bf2d0accffad4a9cbdad680fdee9d4f363772ddb jdk8u201-b06
+bb7ce3a38afba40711f4adaf11227f2ea0fcd223 jdk8u201-b76
+50f48f1d242d36f9f0bf2da0a075037467488207 jdk8u201-b07
+8396aa331353d281ebd65054159268456a482718 jdk8u201-b77
+8485292c47007c567bdc055d66b8b22486c7014f jdk8u201-b08
diff --git a/jaxws/THIRD_PARTY_README b/jaxws/THIRD_PARTY_README
index 0614dc2..680599d 100644
--- a/jaxws/THIRD_PARTY_README
+++ b/jaxws/THIRD_PARTY_README
@@ -1668,13 +1668,13 @@
-------------------------------------------------------------------------------
-%% This notice is provided with respect to Little CMS 2.7, which may be
+%% This notice is provided with respect to Little CMS 2.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Little CMS
-Copyright (c) 1998-2015 Marti Maria Saguer
+Copyright (c) 1998-2011 Marti Maria Saguer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/jdk/.hgtags b/jdk/.hgtags
index 5b9b49b..53b1675 100644
--- a/jdk/.hgtags
+++ b/jdk/.hgtags
@@ -915,6 +915,7 @@
22e01e7c5c39bfa3f5e2d18be76c7bf0dc71033a jdk8u181-b12
0cb452d66676bc1b3824bea4a0c16ac76e58b070 jdk8u181-b13
b01c6e5aa43c784fc66465b56227ddd9aa29eee6 jdk8u191-b01
+2db6890a956723ac347b573217d91bbbedbb0528 jdk8u201-b00
2db6890a956723ac347b573217d91bbbedbb0528 jdk8u191-b02
89e2889d02d2f5dabdeda7f60cf80a8df3100eb4 jdk8u191-b03
94e4769c6d69241f9eb7164a85fc91fc83faab5c jdk8u191-b04
@@ -923,6 +924,11 @@
8d7260f7df9e122a74ab7fe6a91e07ab103d1c54 jdk8u191-b07
f1e4b0f8695fed5ae0f506e27cbf247e7c8ef5aa jdk8u191-b08
dca9c1978ed662fae851a38ad260a2811c80da21 jdk8u191-b09
+0f52237f12920603bba74cbfb337e4657a4f8217 jdk8u191-b10
+af544b6bf744cddf59121f40dbf4e0ec0a2533b2 jdk8u191-b25
+5eaf8c860c22512b8b5c82cdcdca8ddd4a99e754 jdk8u191-b11
+5ca18caa6a571dc12d3f920d7714481a67a990bc jdk8u191-b12
+574e92cf225bf1967b6c6f08224d4df469809a13 jdk8u191-b26
51b6cc7fbd98a87c6cdb5c70b7dbe25bb10e0dd7 jdk8u182-b00
bead1ed7344f2911f5bed83639cf5160596561ef jdk8u192-b00
444b4528c8ecdd39b5923820fa2ed6d583808b5e jdk8u192-b01
@@ -934,3 +940,27 @@
6b29c26e864aca83a6b7e481003d95d3704e928a jdk8u192-b07
7556b6a2aa3266fb4a213c4fbbca2a403d4df306 jdk8u192-b08
f47b81dbed2dd730d34a8dc3e3d14e2aa9f9c493 jdk8u192-b09
+621105274477152934059d58a116222f09d966a2 jdk8u192-b10
+89f64de4cebd640247fc17448f19c24fce2cc6fd jdk8u192-b25
+2cd82eb879dd0f853dbfb7ffa2441e81e2413447 jdk8u192-b11
+f877dad22786f92aa495a595a1a4a16f0163c573 jdk8u192-b12
+996dd3ce1ec5437da8b5a742c60a5ff7b6028122 jdk8u192-b26
+38b4a5b97f38c467446f1767d148075ac98397d1 jdk8u181-b31
+d679861a9a1efc80e0671b1c6b870fcffbfb9d9c jdk8u181-b32
+078a06936ffe2db2a00e928f88c6e345a126985a jdk8u181-b33
+ecfdede1e6ddf37dcca415861ab031c18ec4b349 jdk8u181-b34
+ac943243eaf1cb3971b953d56527287ae3f8d223 jdk8u181-b35
+674963395b9f747e746af782f2f3ea7995385420 jdk8u181-b36
+92587df933606ff8f03c6073be6c4089211de2b3 jdk8u181-b37
+fbc886dd68cc0e2d877406f73a24bd332bf78244 jdk8u201-b01
+fbeb9b9cc0106ef9bd6b03a441c9a2e06db07bd9 jdk8u201-b02
+274162fd9a2334ac99157a87ff3caff9069e4a66 jdk8u201-b03
+c0b2b82d2478bd641adf21f807809979756485c2 jdk8u201-b04
+3d28c8134ca184ed00271cbec9862f688d04bd4f jdk8u201-b74
+df3e701ab0766c48fe9c72e259aa5ecc278e9fcf jdk8u201-b05
+9fe667a8402b606db5b0c4aa2fb2d65dec2fcddc jdk8u201-b75
+dc2aeed27f71f87d52a81520773e64a06f8c8978 jdk8u201-b06
+a1845b252425953875de75560822576eddc185a8 jdk8u201-b76
+0a19f694c42c6d8e545743e3df938e80d3d56b87 jdk8u201-b07
+f0611120a4b7deae2219f72c5919712f1662ad9b jdk8u201-b77
+21ffcdd4d850dd240338c211bbeecb79c38e5403 jdk8u201-b08
diff --git a/jdk/THIRD_PARTY_README b/jdk/THIRD_PARTY_README
index 0614dc2..680599d 100644
--- a/jdk/THIRD_PARTY_README
+++ b/jdk/THIRD_PARTY_README
@@ -1668,13 +1668,13 @@
-------------------------------------------------------------------------------
-%% This notice is provided with respect to Little CMS 2.7, which may be
+%% This notice is provided with respect to Little CMS 2.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Little CMS
-Copyright (c) 1998-2015 Marti Maria Saguer
+Copyright (c) 1998-2011 Marti Maria Saguer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/jdk/make/data/tzdata/VERSION b/jdk/make/data/tzdata/VERSION
index 22002be..e3fa922 100644
--- a/jdk/make/data/tzdata/VERSION
+++ b/jdk/make/data/tzdata/VERSION
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2018e
+tzdata2018g
diff --git a/jdk/make/data/tzdata/africa b/jdk/make/data/tzdata/africa
index 1c305f8..e2ffac2 100644
--- a/jdk/make/data/tzdata/africa
+++ b/jdk/make/data/tzdata/africa
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Africa and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -29,7 +31,7 @@
# tz@iana.org for general use in the future). For more, please see
# the file CONTRIBUTING in the tz distribution.
-# From Paul Eggert (2017-04-09):
+# From Paul Eggert (2018-05-27):
#
# Unless otherwise specified, the source for data through 1990 is:
# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -74,13 +76,15 @@
# I vaguely recall 'WAT' also being used for -01 in the past but
# cannot now come up with solid citations.
#
-# I invented the following abbreviations; corrections are welcome!
-# +02 WAST West Africa Summer Time (no longer used)
-# +03 CAST Central Africa Summer Time (no longer used)
-# +03 SAST South Africa Summer Time (no longer used)
+# I invented the following abbreviations in the 1990s:
+# +02 WAST West Africa Summer Time
+# +03 CAST Central Africa Summer Time
+# +03 SAST South Africa Summer Time
# +03 EAT East Africa Time
-# 'EAT' also seems to have caught on; the others are rare but are paired
-# with better-attested non-DST abbreviations.
+# 'EAT' seems to have caught on and is in current timestamps, and though
+# the other abbreviations are rarer and are only in past timestamps,
+# they are paired with better-attested non-DST abbreviations.
+# Corrections are welcome.
# Algeria
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@@ -385,6 +389,13 @@
# Eritrea
# Ethiopia
# See Africa/Nairobi.
+#
+# Unfortunately tzdb records only Western clock time in use in Ethiopia,
+# as the tzdb format is not up to properly recording a common Ethiopian
+# timekeeping practice that is based on solar time. See:
+# Mortada D. If you have a meeting in Ethiopia, you'd better double
+# check the time. PRI's The World. 2015-01-30 15:15 -05.
+# https://www.pri.org/stories/2015-01-30/if-you-have-meeting-ethiopia-you-better-double-check-time
# Gabon
# See Africa/Lagos.
@@ -856,94 +867,61 @@
# <https://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/> agrees
# with the patch.
-# From Paul Eggert (2015-06-08):
-# For now, guess that later spring and fall transitions will use 2015's rules,
-# and guess that Morocco will switch to standard time at 03:00 the last
-# Sunday before Ramadan, and back to DST at 02:00 the first Sunday after
-# Ramadan. To implement this, transition dates for 2016 through 2037 were
-# determined by running the following program under GNU Emacs 24.3, with the
-# results integrated by hand into the table below.
-# (let ((islamic-year 1437))
-# (require 'cal-islam)
-# (while (< islamic-year 1460)
-# (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year)))
-# (b (calendar-islamic-to-absolute (list 10 1 islamic-year)))
-# (sunday 0))
-# (while (/= sunday (mod (setq a (1- a)) 7)))
-# (while (/= sunday (mod b 7))
-# (setq b (1+ b)))
-# (setq a (calendar-gregorian-from-absolute a))
-# (setq b (calendar-gregorian-from-absolute b))
-# (insert
-# (format
-# (concat "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 3:00\t0\t-\n"
-# "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 2:00\t1:00\tS\n")
-# (car (cdr (cdr a))) (calendar-month-name (car a) t) (car (cdr a))
-# (car (cdr (cdr b))) (calendar-month-name (car b) t) (car (cdr b)))))
-# (setq islamic-year (+ 1 islamic-year))))
+# From Mohamed Essedik Najd (2018-10-26):
+# Today, a Moroccan government council approved the perpetual addition
+# of 60 minutes to the regular Moroccan timezone.
+# From Brian Inglis (2018-10-26):
+# http://www.maroc.ma/fr/actualites/le-conseil-de-gouvernement-adopte-un-projet-de-decret-relatif-lheure-legale-stipulant-le
# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-
-Rule Morocco 1939 only - Sep 12 0:00 1:00 S
+Rule Morocco 1939 only - Sep 12 0:00 1:00 -
Rule Morocco 1939 only - Nov 19 0:00 0 -
-Rule Morocco 1940 only - Feb 25 0:00 1:00 S
+Rule Morocco 1940 only - Feb 25 0:00 1:00 -
Rule Morocco 1945 only - Nov 18 0:00 0 -
-Rule Morocco 1950 only - Jun 11 0:00 1:00 S
+Rule Morocco 1950 only - Jun 11 0:00 1:00 -
Rule Morocco 1950 only - Oct 29 0:00 0 -
-Rule Morocco 1967 only - Jun 3 12:00 1:00 S
+Rule Morocco 1967 only - Jun 3 12:00 1:00 -
Rule Morocco 1967 only - Oct 1 0:00 0 -
-Rule Morocco 1974 only - Jun 24 0:00 1:00 S
+Rule Morocco 1974 only - Jun 24 0:00 1:00 -
Rule Morocco 1974 only - Sep 1 0:00 0 -
-Rule Morocco 1976 1977 - May 1 0:00 1:00 S
+Rule Morocco 1976 1977 - May 1 0:00 1:00 -
Rule Morocco 1976 only - Aug 1 0:00 0 -
Rule Morocco 1977 only - Sep 28 0:00 0 -
-Rule Morocco 1978 only - Jun 1 0:00 1:00 S
+Rule Morocco 1978 only - Jun 1 0:00 1:00 -
Rule Morocco 1978 only - Aug 4 0:00 0 -
-Rule Morocco 2008 only - Jun 1 0:00 1:00 S
+Rule Morocco 2008 only - Jun 1 0:00 1:00 -
Rule Morocco 2008 only - Sep 1 0:00 0 -
-Rule Morocco 2009 only - Jun 1 0:00 1:00 S
+Rule Morocco 2009 only - Jun 1 0:00 1:00 -
Rule Morocco 2009 only - Aug 21 0:00 0 -
-Rule Morocco 2010 only - May 2 0:00 1:00 S
+Rule Morocco 2010 only - May 2 0:00 1:00 -
Rule Morocco 2010 only - Aug 8 0:00 0 -
-Rule Morocco 2011 only - Apr 3 0:00 1:00 S
+Rule Morocco 2011 only - Apr 3 0:00 1:00 -
Rule Morocco 2011 only - Jul 31 0:00 0 -
-Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S
+Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 -
Rule Morocco 2012 only - Jul 20 3:00 0 -
-Rule Morocco 2012 only - Aug 20 2:00 1:00 S
+Rule Morocco 2012 only - Aug 20 2:00 1:00 -
Rule Morocco 2012 only - Sep 30 3:00 0 -
Rule Morocco 2013 only - Jul 7 3:00 0 -
-Rule Morocco 2013 only - Aug 10 2:00 1:00 S
-Rule Morocco 2013 max - Oct lastSun 3:00 0 -
-Rule Morocco 2014 2021 - Mar lastSun 2:00 1:00 S
+Rule Morocco 2013 only - Aug 10 2:00 1:00 -
+Rule Morocco 2013 2018 - Oct lastSun 3:00 0 -
+Rule Morocco 2014 2018 - Mar lastSun 2:00 1:00 -
Rule Morocco 2014 only - Jun 28 3:00 0 -
-Rule Morocco 2014 only - Aug 2 2:00 1:00 S
+Rule Morocco 2014 only - Aug 2 2:00 1:00 -
Rule Morocco 2015 only - Jun 14 3:00 0 -
-Rule Morocco 2015 only - Jul 19 2:00 1:00 S
+Rule Morocco 2015 only - Jul 19 2:00 1:00 -
Rule Morocco 2016 only - Jun 5 3:00 0 -
-Rule Morocco 2016 only - Jul 10 2:00 1:00 S
+Rule Morocco 2016 only - Jul 10 2:00 1:00 -
Rule Morocco 2017 only - May 21 3:00 0 -
-Rule Morocco 2017 only - Jul 2 2:00 1:00 S
+Rule Morocco 2017 only - Jul 2 2:00 1:00 -
Rule Morocco 2018 only - May 13 3:00 0 -
-Rule Morocco 2018 only - Jun 17 2:00 1:00 S
-Rule Morocco 2019 only - May 5 3:00 0 -
-Rule Morocco 2019 only - Jun 9 2:00 1:00 S
-Rule Morocco 2020 only - Apr 19 3:00 0 -
-Rule Morocco 2020 only - May 24 2:00 1:00 S
-Rule Morocco 2021 only - Apr 11 3:00 0 -
-Rule Morocco 2021 only - May 16 2:00 1:00 S
-Rule Morocco 2022 only - May 8 2:00 1:00 S
-Rule Morocco 2023 only - Apr 23 2:00 1:00 S
-Rule Morocco 2024 only - Apr 14 2:00 1:00 S
-Rule Morocco 2025 only - Apr 6 2:00 1:00 S
-Rule Morocco 2026 max - Mar lastSun 2:00 1:00 S
-Rule Morocco 2036 only - Oct 19 3:00 0 -
-Rule Morocco 2037 only - Oct 4 3:00 0 -
+Rule Morocco 2018 only - Jun 17 2:00 1:00 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26
- 0:00 Morocco WE%sT 1984 Mar 16
- 1:00 - CET 1986
- 0:00 Morocco WE%sT
+ 0:00 Morocco +00/+01 1984 Mar 16
+ 1:00 - +01 1986
+ 0:00 Morocco +00/+01 2018 Oct 27
+ 1:00 - +01
# Western Sahara
#
@@ -958,7 +936,8 @@
Zone Africa/El_Aaiun -0:52:48 - LMT 1934 Jan # El Aaiún
-1:00 - -01 1976 Apr 14
- 0:00 Morocco WE%sT
+ 0:00 Morocco +00/+01 2018 Oct 27
+ 1:00 - +01
# Mozambique
#
diff --git a/jdk/make/data/tzdata/antarctica b/jdk/make/data/tzdata/antarctica
index 74ce2dc..d98afed 100644
--- a/jdk/make/data/tzdata/antarctica
+++ b/jdk/make/data/tzdata/antarctica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Antarctica and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/jdk/make/data/tzdata/asia b/jdk/make/data/tzdata/asia
index 877f53d..57255f2 100644
--- a/jdk/make/data/tzdata/asia
+++ b/jdk/make/data/tzdata/asia
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Asia and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -29,7 +31,7 @@
# tz@iana.org for general use in the future). For more, please see
# the file CONTRIBUTING in the tz distribution.
-# From Paul Eggert (2017-01-13):
+# From Paul Eggert (2018-06-19):
#
# Unless otherwise specified, the source for data through 1990 is:
# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -58,7 +60,8 @@
# A reliable and entertaining source about time zones is
# Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997).
#
-# The following alphabetic abbreviations appear in these tables:
+# The following alphabetic abbreviations appear in these tables
+# (corrections are welcome):
# std dst
# LMT Local Mean Time
# 2:00 EET EEST Eastern European Time
@@ -67,11 +70,13 @@
# 7:00 WIB west Indonesia (Waktu Indonesia Barat)
# 8:00 WITA central Indonesia (Waktu Indonesia Tengah)
# 8:00 CST China
+# 8:00 PST PDT* Philippine Standard Time
# 8:30 KST KDT Korea when at +0830
# 9:00 WIT east Indonesia (Waktu Indonesia Timur)
# 9:00 JST JDT Japan
# 9:00 KST KDT Korea when at +09
# 9:30 ACST Australian Central Standard Time
+# *I invented the abbreviation PDT; see "Philippines" below.
# Otherwise, these tables typically use numeric abbreviations like +03
# and +0330 for integer hour and minute UT offsets. Although earlier
# editions invented alphabetic time zone abbreviations for every
@@ -304,6 +309,29 @@
# China
+# From Paul Eggert (2018-10-02):
+# The following comes from Table 1 of:
+# Li Yu. Research on the daylight saving movement in 1940s Shanghai.
+# Nanjing Journal of Social Sciences. 2014;(2):144-50.
+# http://oversea.cnki.net/kns55/detail.aspx?dbname=CJFD2014&filename=NJSH201402020
+# The table lists dates only; I am guessing 00:00 and 24:00 transition times.
+# Also, the table lists the planned end of DST in 1949, but the corresponding
+# zone line cuts this off on May 28, when the Communists took power.
+#
+# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+Rule Shang 1940 only - Jun 1 0:00 1:00 D
+Rule Shang 1940 only - Oct 12 24:00 0 S
+Rule Shang 1941 only - Mar 15 0:00 1:00 D
+Rule Shang 1941 only - Nov 1 24:00 0 S
+Rule Shang 1942 only - Jan 31 0:00 1:00 D
+Rule Shang 1945 only - Sep 1 24:00 0 S
+Rule Shang 1946 only - May 15 0:00 1:00 D
+Rule Shang 1946 only - Sep 30 24:00 0 S
+Rule Shang 1947 only - Apr 15 0:00 1:00 D
+Rule Shang 1947 only - Oct 31 24:00 0 S
+Rule Shang 1948 1949 - May 1 0:00 1:00 D
+Rule Shang 1948 1949 - Sep 30 24:00 0 S #plan
+
# From Guy Harris:
# People's Republic of China. Yes, they really have only one time zone.
@@ -330,18 +358,33 @@
# time - sort of", Los Angeles Times, 1986-05-05 ... [says] that China began
# observing daylight saving time in 1986.
-# From Paul Eggert (2014-06-30):
-# Shanks & Pottenger have China switching to a single time zone in 1980, but
-# this doesn't seem to be correct. They also write that China observed summer
-# DST from 1986 through 1991, which seems to match the above commentary, so
-# go with them for DST rules as follows:
+# From P Chan (2018-05-07):
+# The start and end time of DST in China [from 1986 on] should be 2:00
+# (i.e. 2:00 to 3:00 at the start and 2:00 to 1:00 at the end)....
+# Government notices about summer time:
+#
+# 1986-04-12 http://www.zj.gov.cn/attach/zfgb/198608.pdf p.21-22
+# (To establish summer time from 1986. On 4 May, set the clocks ahead one hour
+# at 2 am. On 14 September, set the clocks backward one hour at 2 am.)
+#
+# 1987-02-15 http://www.gov.cn/gongbao/shuju/1987/gwyb198703.pdf p.114
+# (Summer time in 1987 to start from 12 April until 13 September)
+#
+# 1987-09-09 http://www.gov.cn/gongbao/shuju/1987/gwyb198721.pdf p.709
+# (From 1988, summer time to start from 2 am of the first Sunday of mid-April
+# until 2 am of the first Sunday of mid-September)
+#
+# 1992-03-03 http://www.gov.cn/gongbao/shuju/1992/gwyb199205.pdf p.152
+# (To suspend summer time from 1992)
+#
+# The first page of People's Daily on 12 April 1988 stating that summer time
+# to begin on 17 April.
+# http://data.people.com.cn/pic/101p/1988/04/1988041201.jpg
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Shang 1940 only - Jun 3 0:00 1:00 D
-Rule Shang 1940 1941 - Oct 1 0:00 0 S
-Rule Shang 1941 only - Mar 16 0:00 1:00 D
-Rule PRC 1986 only - May 4 0:00 1:00 D
-Rule PRC 1986 1991 - Sep Sun>=11 0:00 0 S
-Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
+Rule PRC 1986 only - May 4 2:00 1:00 D
+Rule PRC 1986 1991 - Sep Sun>=11 2:00 0 S
+Rule PRC 1987 1991 - Apr Sun>=11 2:00 1:00 D
# From Anthony Fok (2001-12-20):
# BTW, I did some research on-line and found some info regarding these five
@@ -363,10 +406,11 @@
# Alois Treindl kindly sent me translations of the following two sources:
#
# (1)
-# Guo Qingsheng (National Time-Service Center, CAS, Xi'an 710600, China)
+# Guo Qing-sheng (National Time-Service Center, CAS, Xi'an 710600, China)
# Beijing Time at the Beginning of the PRC
# China Historical Materials of Science and Technology
-# (Zhongguo ke ji shi liao, 中国科技史料), Vol. 24, No. 1 (2003)
+# (Zhongguo ke ji shi liao, 中国科技史料). 2003;24(1):5-9.
+# http://oversea.cnki.net/kcms/detail/detail.aspx?filename=ZGKS200301000&dbname=CJFD2003
# It gives evidence that at the beginning of the PRC, Beijing time was
# officially apparent solar time! However, Guo also says that the
# evidence is dubious, as the relevant institute of astronomy had not
@@ -543,7 +587,7 @@
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Beijing time, used throughout China; represented by Shanghai.
Zone Asia/Shanghai 8:05:43 - LMT 1901
- 8:00 Shang C%sT 1949
+ 8:00 Shang C%sT 1949 May 28
8:00 PRC C%sT
# Xinjiang time, used by many in western China; represented by Ürümqi / Ürümchi
# / Wulumuqi. (Please use Asia/Shanghai if you prefer Beijing time.)
@@ -772,24 +816,140 @@
8:00 Taiwan C%sT
# Macau (Macao, Aomen)
+#
+# From P Chan (2018-05-10):
+# * LegisMac
+# http://legismac.safp.gov.mo/legismac/descqry/Descqry.jsf?lang=pt
+# A database for searching titles of legal documents of Macau in
+# Chinese and Portuguese. The term "HORÁRIO DE VERÃO" can be used for
+# searching decrees about summer time.
+# * Archives of Macao
+# http://www.archives.gov.mo/en/bo/
+# It contains images of old official gazettes.
+# * The Macao Meteorological and Geophysical Bureau have a page listing the
+# summer time history. But it is not complete and has some mistakes.
+# http://www.smg.gov.mo/smg/geophysics/e_t_Summer%20Time.htm
+# Macau adopted GMT+8 on 30 Oct 1904 to follow Hong Kong. Clocks were
+# advanced by 25 minutes and 50 seconds. Which means the LMT used was
+# +7:34:10. As stated in the "Portaria No. 204" dated 21 October 1904
+# and published in the Official Gazette on 29 October 1904.
+# http://igallery.icm.gov.mo/Images/Archives/BO/MO_AH_PUB_BO_1904_10/MO_AH_PUB_BO_1904_10_00025_Grey.JPG
+#
+# Therefore the 1911 decree of Portugal did not change time in Macau.
+#
+# From LegisMac, here is a list of decrees that changed the time ...
+# [Decree Gazette-no. date; titles omitted in this quotation]
+# DIL 732 BOCM 51 1941.12.20
+# DIL 764 BOCM 9S 1942.04.30
+# DIL 781 BOCM 21 1942.10.10
+# PT 3434 BOCM 8S 1943.04.17
+# PT 3504 BOCM 20 1943.09.25
+# PT 3843 BOCM 39 1945.09.29
+# PT 3961 BOCM 17 1946.04.27
+# PT 4026 BOCM 39 1946.09.28
+# PT 4153 BOCM 16 1947.04.10
+# PT 4271 BOCM 48 1947.11.29
+# PT 4374 BOCM 18 1948.05.01
+# PT 4465 BOCM 44 1948.10.30
+# PT 4590 BOCM 14 1949.04.02
+# PT 4666 BOCM 44 1949.10.29
+# PT 4771 BOCM 12 1950.03.25
+# PT 4838 BOCM 43 1950.10.28
+# PT 4946 BOCM 12 1951.03.24
+# PT 5025 BO 43 1951.10.27
+# PT 5149 BO 14 1952.04.05
+# PT 5251 BO 43 1952.10.25
+# PT 5366 BO 13 1953.03.28
+# PT 5444 BO 44 1953.10.31
+# PT 5540 BO 12 1954.03.20
+# PT 5589 BO 44 1954.10.30
+# PT 5676 BO 12 1955.03.19
+# PT 5739 BO 45 1955.11.05
+# PT 5823 BO 11 1956.03.17
+# PT 5891 BO 44 1956.11.03
+# PT 5981 BO 12 1957.03.23
+# PT 6064 BO 43 1957.10.26
+# PT 6172 BO 12 1958.03.22
+# PT 6243 BO 43 1958.10.25
+# PT 6341 BO 12 1959.03.21
+# PT 6411 BO 43 1959.10.24
+# PT 6514 BO 11 1960.03.12
+# PT 6584 BO 44 1960.10.29
+# PT 6721 BO 10 1961.03.11
+# PT 6815 BO 43 1961.10.28
+# PT 6947 BO 10 1962.03.10
+# PT 7080 BO 43 1962.10.27
+# PT 7218 BO 12 1963.03.23
+# PT 7340 BO 43 1963.10.26
+# PT 7491 BO 11 1964.03.14
+# PT 7664 BO 43 1964.10.24
+# PT 7846 BO 15 1965.04.10
+# PT 7979 BO 42 1965.10.16
+# PT 8146 BO 15 1966.04.09
+# PT 8252 BO 41 1966.10.08
+# PT 8429 BO 15 1967.04.15
+# PT 8540 BO 41 1967.10.14
+# PT 8735 BO 15 1968.04.13
+# PT 8860 BO 41 1968.10.12
+# PT 9035 BO 16 1969.04.19
+# PT 9156 BO 42 1969.10.18
+# PT 9328 BO 15 1970.04.11
+# PT 9418 BO 41 1970.10.10
+# PT 9587 BO 14 1971.04.03
+# PT 9702 BO 41 1971.10.09
+# PT 38-A/72 BO 14 1972.04.01
+# PT 126-A/72 BO 41 1972.10.07
+# PT 61/73 BO 14 1973.04.07
+# PT 182/73 BO 40 1973.10.06
+# PT 282/73 BO 51 1973.12.22
+# PT 177/74 BO 41 1974.10.12
+# PT 51/75 BO 15 1975.04.12
+# PT 173/75 BO 41 1975.10.11
+# PT 67/76/M BO 14 1976.04.03
+# PT 169/76/M BO 41 1976.10.09
+# PT 78/79/M BO 19 1979.05.12
+# PT 166/79/M BO 42 1979.10.20
+# Note that DIL 732 does not belong to "HORÁRIO DE VERÃO" according to
+# LegisMac.... Note that between 1942 and 1945, the time switched
+# between GMT+9 and GMT+10. Also in 1965 and 1965 the DST ended at 2:30am.
+
+# From Paul Eggert (2018-05-10):
+# The 1904 decree says that Macau changed from the meridian of
+# Fortaleza do Monte, presumably the basis for the 7:34:10 for LMT.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Macau 1961 1962 - Mar Sun>=16 3:30 1:00 D
-Rule Macau 1961 1964 - Nov Sun>=1 3:30 0 S
-Rule Macau 1963 only - Mar Sun>=16 0:00 1:00 D
-Rule Macau 1964 only - Mar Sun>=16 3:30 1:00 D
-Rule Macau 1965 only - Mar Sun>=16 0:00 1:00 D
-Rule Macau 1965 only - Oct 31 0:00 0 S
-Rule Macau 1966 1971 - Apr Sun>=16 3:30 1:00 D
-Rule Macau 1966 1971 - Oct Sun>=16 3:30 0 S
-Rule Macau 1972 1974 - Apr Sun>=15 0:00 1:00 D
-Rule Macau 1972 1973 - Oct Sun>=15 0:00 0 S
-Rule Macau 1974 1977 - Oct Sun>=15 3:30 0 S
-Rule Macau 1975 1977 - Apr Sun>=15 3:30 1:00 D
-Rule Macau 1978 1980 - Apr Sun>=15 0:00 1:00 D
-Rule Macau 1978 1980 - Oct Sun>=15 0:00 0 S
-# See Europe/Lisbon for info about the 1912 transition.
+Rule Macau 1942 1943 - Apr 30 23:00 1:00 -
+Rule Macau 1942 only - Nov 17 23:00 0 -
+Rule Macau 1943 only - Sep 30 23:00 0 S
+Rule Macau 1946 only - Apr 30 23:00s 1:00 D
+Rule Macau 1946 only - Sep 30 23:00s 0 S
+Rule Macau 1947 only - Apr 19 23:00s 1:00 D
+Rule Macau 1947 only - Nov 30 23:00s 0 S
+Rule Macau 1948 only - May 2 23:00s 1:00 D
+Rule Macau 1948 only - Oct 31 23:00s 0 S
+Rule Macau 1949 1950 - Apr Sat>=1 23:00s 1:00 D
+Rule Macau 1949 1950 - Oct lastSat 23:00s 0 S
+Rule Macau 1951 only - Mar 31 23:00s 1:00 D
+Rule Macau 1951 only - Oct 28 23:00s 0 S
+Rule Macau 1952 1953 - Apr Sat>=1 23:00s 1:00 D
+Rule Macau 1952 only - Nov 1 23:00s 0 S
+Rule Macau 1953 1954 - Oct lastSat 23:00s 0 S
+Rule Macau 1954 1956 - Mar Sat>=17 23:00s 1:00 D
+Rule Macau 1955 only - Nov 5 23:00s 0 S
+Rule Macau 1956 1964 - Nov Sun>=1 03:30 0 S
+Rule Macau 1957 1964 - Mar Sun>=18 03:30 1:00 D
+Rule Macau 1965 1973 - Apr Sun>=16 03:30 1:00 D
+Rule Macau 1965 1966 - Oct Sun>=16 02:30 0 S
+Rule Macau 1967 1976 - Oct Sun>=16 03:30 0 S
+Rule Macau 1973 only - Dec 30 03:30 1:00 D
+Rule Macau 1975 1976 - Apr Sun>=16 03:30 1:00 D
+Rule Macau 1979 only - May 13 03:30 1:00 D
+Rule Macau 1979 only - Oct Sun>=16 03:30 0 S
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-Zone Asia/Macau 7:34:20 - LMT 1911 Dec 31 16:00u
+Zone Asia/Macau 7:34:10 - LMT 1904 Oct 30
+ 8:00 - CST 1941 Dec 21 23:00
+ 9:00 Macau +09/+10 1945 Sep 30 24:00
8:00 Macau C%sT
@@ -1494,9 +1654,29 @@
# http://www.shugiin.go.jp/internet/itdb_housei.nsf/html/houritsu/00719500331039.htm
# ... In summary, it is written as follows. From 24:00 on the first Saturday
# in May, until 0:00 on the day after the second Saturday in September.
+
+# From Phake Nick (2018-09-27):
+# [T]he webpage authored by National Astronomical Observatory of Japan
+# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EF.html
+# ... mentioned that using Showa 23 (year 1948) as example, 13pm of September
+# 11 in summer time will equal to 0am of September 12 in standard time.
+# It cited a document issued by the Liaison Office which briefly existed
+# during the postwar period of Japan, where the detail on implementation
+# of the summer time is described in the document.
+# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EFB2C6BBFEB9EFA4CEBCC2BBDCA4CBA4C4A4A4A4C6.pdf
+# The text in the document do instruct a fall back to occur at
+# September 11, 13pm in summer time, while ordinary citizens can
+# change the clock before they sleep.
+#
+# From Paul Eggert (2018-09-27):
+# This instruction is equivalent to "Sat>=8 25:00", so use that. zic treats
+# it like "Sun>=9 01:00", which is not quite the same but is the best we can
+# do in any POSIX or C platform. The "25:00" assumes zic from 2007 or later,
+# which should be safe now.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Japan 1948 only - May Sat>=1 24:00 1:00 D
-Rule Japan 1948 1951 - Sep Sun>=9 0:00 0 S
+Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S
Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D
Rule Japan 1950 1951 - May Sat>=1 24:00 1:00 D
@@ -1878,7 +2058,7 @@
5:00 - +05
# Mangghystaū (KZ-MAN)
# Aqtau was not founded until 1963, but it represents an inhabited region,
-# so include time stamps before 1963.
+# so include timestamps before 1963.
Zone Asia/Aqtau 3:21:04 - LMT 1924 May 2
4:00 - +04 1930 Jun 21
5:00 - +05 1981 Oct 1
@@ -2018,6 +2198,10 @@
# Assembly, as published in Rodong Sinmun.
# From Tim Parenti (2018-04-29):
# It appears to be the front page story at the top in the right-most column.
+#
+# From Paul Eggert (2018-05-04):
+# The BBC reported that the transition was from 23:30 to 24:00 today.
+# https://www.bbc.com/news/world-asia-44010705
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Seoul 8:27:52 - LMT 1908 Apr 1
@@ -2030,7 +2214,7 @@
8:30 - KST 1912 Jan 1
9:00 - JST 1945 Aug 24
9:00 - KST 2015 Aug 15 00:00
- 8:30 - KST 2018 May 5
+ 8:30 - KST 2018 May 4 23:30
9:00 - KST
###############################################################################
@@ -2780,19 +2964,35 @@
# Philippine Star 2014-08-05
# http://www.philstar.com/headlines/2014/08/05/1354152/pnoy-urged-declare-use-daylight-saving-time
+# From Paul Goyette (2018-06-15):
+# In the Philippines, there is a national law, Republic Act No. 10535
+# which declares the official time here as "Philippine Standard Time".
+# The act [1] even specifies use of PST as the abbreviation, although
+# the FAQ provided by PAGASA [2] uses the "acronym PhST to distinguish
+# it from the Pacific Standard Time (PST)."
+# [1] http://www.officialgazette.gov.ph/2013/05/15/republic-act-no-10535/
+# [2] https://www1.pagasa.dost.gov.ph/index.php/astronomy/philippine-standard-time#republic-act-10535
+#
+# From Paul Eggert (2018-06-19):
+# I surveyed recent news reports, and my impression is that "PST" is
+# more popular among reliable English-language news sources. This is
+# not just a measure of Google hit counts: it's also the sizes and
+# influence of the sources. There is no current abbreviation for DST,
+# so use "PDT", the usual American style.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Phil 1936 only - Nov 1 0:00 1:00 -
-Rule Phil 1937 only - Feb 1 0:00 0 -
-Rule Phil 1954 only - Apr 12 0:00 1:00 -
-Rule Phil 1954 only - Jul 1 0:00 0 -
-Rule Phil 1978 only - Mar 22 0:00 1:00 -
-Rule Phil 1978 only - Sep 21 0:00 0 -
+Rule Phil 1936 only - Nov 1 0:00 1:00 D
+Rule Phil 1937 only - Feb 1 0:00 0 S
+Rule Phil 1954 only - Apr 12 0:00 1:00 D
+Rule Phil 1954 only - Jul 1 0:00 0 S
+Rule Phil 1978 only - Mar 22 0:00 1:00 D
+Rule Phil 1978 only - Sep 21 0:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Manila -15:56:00 - LMT 1844 Dec 31
8:04:00 - LMT 1899 May 11
- 8:00 Phil +08/+09 1942 May
- 9:00 - +09 1944 Nov
- 8:00 Phil +08/+09
+ 8:00 Phil P%sT 1942 May
+ 9:00 - JST 1944 Nov
+ 8:00 Phil P%sT
# Qatar
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
@@ -2803,15 +3003,34 @@
# Saudi Arabia
#
-# From Paul Eggert (2014-07-15):
+# From Paul Eggert (2018-08-29):
# Time in Saudi Arabia and other countries in the Arabian peninsula was not
-# standardized until relatively recently; we don't know when, and possibly it
+# standardized until 1968 or so; we don't know exactly when, and possibly it
# has never been made official. Richard P Hunt, in "Islam city yielding to
# modern times", New York Times (1961-04-09), p 20, wrote that only airlines
# observed standard time, and that people in Jeddah mostly observed quasi-solar
# time, doing so by setting their watches at sunrise to 6 o'clock (or to 12
# o'clock for "Arab" time).
#
+# Timekeeping differed depending on who you were and which part of Saudi
+# Arabia you were in. In 1969, Elias Antar wrote that although a common
+# practice had been to set one's watch to 12:00 (i.e., midnight) at sunset -
+# which meant that the time on one side of a mountain could differ greatly from
+# the time on the other side - many foreigners set their watches to 6pm
+# instead, while airlines instead used UTC +03 (except in Dhahran, where they
+# used UTC +04), Aramco used UTC +03 with DST, and the Trans-Arabian Pipe Line
+# Company used Aramco time in eastern Saudi Arabia and airline time in western.
+# (The American Military Aid Advisory Group used plain UTC.) Antar writes,
+# "A man named Higgins, so the story goes, used to run a local power
+# station. One day, the whole thing became too much for Higgins and he
+# assembled his staff and laid down the law. 'I've had enough of this,' he
+# shrieked. 'It is now 12 o'clock Higgins Time, and from now on this station is
+# going to run on Higgins Time.' And so, until last year, it did." See:
+# Antar E. Dinner at When? Saudi Aramco World, 1969 March/April. 2-3.
+# http://archive.aramcoworld.com/issue/196902/dinner.at.when.htm
+# newspapers.com says a similar story about Higgins was published in the Port
+# Angeles (WA) Evening News, 1965-03-10, page 5, but I lack access to the text.
+#
# The TZ database cannot represent quasi-solar time; airline time is the best
# we can do. The 1946 foreign air news digest of the U.S. Civil Aeronautics
# Board (OCLC 42299995) reported that the "... Arabian Government, inaugurated
@@ -2821,7 +3040,8 @@
#
# Shanks & Pottenger also state that until 1968-05-01 Saudi Arabia had two
# time zones; the other zone, at UT +04, was in the far eastern part of
-# the country. Ignore this, as it's before our 1970 cutoff.
+# the country. Presumably this is documenting airline time. Ignore this,
+# as it's before our 1970 cutoff.
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Riyadh 3:06:52 - LMT 1947 Mar 14
diff --git a/jdk/make/data/tzdata/australasia b/jdk/make/data/tzdata/australasia
index 2c60fd3..82e88c5 100644
--- a/jdk/make/data/tzdata/australasia
+++ b/jdk/make/data/tzdata/australasia
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Australasia and environs, and for much of the Pacific
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -384,8 +386,15 @@
# Dominic Fok writes (2017-08-20) that DST ends 2018-01-14, citing
# Extraordinary Government of Fiji Gazette Supplement No. 21 (2017-08-27),
# [Legal Notice No. 41] of an order of the previous day by J Usamate.
+
+# From Raymond Kumar (2018-07-13):
+# http://www.fijitimes.com/government-approves-2018-daylight-saving/
+# ... The daylight saving period will end at 3am on Sunday January 13, 2019.
+#
+# From Paul Eggert (2018-07-15):
# For now, guess DST from 02:00 the first Sunday in November to 03:00
-# the first Sunday on or after January 14. Although ad hoc, it matches
+# the first Sunday on or after January 13. January transitions reportedly
+# depend on when school terms start. Although the guess is ad hoc, it matches
# transitions since late 2014 and seems more likely to match future
# practice than guessing no DST.
@@ -399,7 +408,7 @@
Rule Fiji 2012 2013 - Jan Sun>=18 3:00 0 -
Rule Fiji 2014 only - Jan Sun>=18 2:00 0 -
Rule Fiji 2014 max - Nov Sun>=1 2:00 1:00 -
-Rule Fiji 2015 max - Jan Sun>=14 3:00 0 -
+Rule Fiji 2015 max - Jan Sun>=13 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:55:44 - LMT 1915 Oct 26 # Suva
12:00 Fiji +12/+13
diff --git a/jdk/make/data/tzdata/backward b/jdk/make/data/tzdata/backward
index fca4ed1..f30f30e 100644
--- a/jdk/make/data/tzdata/backward
+++ b/jdk/make/data/tzdata/backward
@@ -21,10 +21,12 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb links for backward compatibility
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
-# This file provides links between current names for time zones
+# This file provides links between current names for timezones
# and their old names. Many names changed in late 1993.
# Link TARGET LINK-NAME
diff --git a/jdk/make/data/tzdata/etcetera b/jdk/make/data/tzdata/etcetera
index ec31f1b..db59378 100644
--- a/jdk/make/data/tzdata/etcetera
+++ b/jdk/make/data/tzdata/etcetera
@@ -21,12 +21,14 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for ships at sea and other miscellany
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
# These entries are mostly present for historical reasons, so that
# people in areas not otherwise covered by the tz files could "zic -l"
-# to a time zone that was right for their area. These days, the
+# to a timezone that was right for their area. These days, the
# tz files cover almost all the inhabited world, and the only practical
# need now for the entries that are not on UTC are for ships at sea
# that cannot use POSIX TZ settings.
diff --git a/jdk/make/data/tzdata/europe b/jdk/make/data/tzdata/europe
index 99109ec..e434b7e 100644
--- a/jdk/make/data/tzdata/europe
+++ b/jdk/make/data/tzdata/europe
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Europe and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -540,7 +542,7 @@
#
# To work around this problem, the build procedure can translate the
# following data into two forms, one with negative SAVE values and the
-# other form with a traditional approximation for Irish time stamps
+# other form with a traditional approximation for Irish timestamps
# after 1971-10-31 02:00 UTC; although this approximation has tm_isdst
# flags that are reversed, its UTC offsets are correct and this often
# suffices. This source file currently uses only nonnegative SAVE
@@ -2450,6 +2452,33 @@
# administratively part of Sakhalin oblast', they appear to have
# remained on UTC+11 along with Magadan.
+# From Marat Nigametzianov (2018-07-16):
+# this is link to order from 1956 about timezone in USSR
+# http://astro.uni-altai.ru/~orion/blog/2011/11/novyie-granitsyi-chasovyih-poyasov-v-sssr/
+#
+# From Paul Eggert (2018-07-16):
+# Perhaps someone could translate the above-mentioned link and use it
+# to correct our data for the ex-Soviet Union. It cites the following:
+# «Поясное время и новые границы часовых поясов» / сост. П.Н. Долгов,
+# отв. ред. Г.Д. Бурдун - М: Комитет стандартов, мер и измерительных
+# приборов при Совете Министров СССР, Междуведомственная комиссия
+# единой службы времени, 1956 г.
+# This book looks like it would be a helpful resource for the Soviet
+# Union through 1956. Although a copy was in the Scientific Library
+# of Tomsk State University, I have not been able to track down a copy nearby.
+#
+# From Stepan Golosunov (2018-07-21):
+# http://astro.uni-altai.ru/~orion/blog/2015/05/center-reforma-ischisleniya-vremeni-br-na-territorii-sssr-v-1957-godu-center/
+# says that the 1956 decision to change time belts' borders was not
+# implemented as planned in 1956 and the change happened in 1957.
+# There is also the problem that actual time zones were different from
+# the official time belts (and from many time belts' maps) as there were
+# numerous exceptions to application of time belt rules. For example,
+# https://ru.wikipedia.org/wiki/Московское_время#Перемещение_границы_применения_московского_времени_на_восток
+# says that by 1962 there were many regions in the 3rd time belt that
+# were on Moscow time, referring to a 1962 map. By 1989 number of such
+# exceptions grew considerably.
+
# From Tim Parenti (2014-07-06):
# The comments detailing the coverage of each Russian zone are meant to assist
# with maintenance only and represent our best guesses as to which regions
@@ -2460,9 +2489,6 @@
# future stability. ISO 3166-2:RU codes are also listed for first-level
# divisions where available.
-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-
-
# From Tim Parenti (2014-07-03):
# Europe/Kaliningrad covers...
# 39 RU-KGD Kaliningrad Oblast
@@ -2730,6 +2756,15 @@
# 34 RU-VGG Volgograd Oblast
# The 1988 transition is from USSR act No. 5 (1988-01-04).
+# From Alexander Fetisov (2018-09-20):
+# Volgograd region in southern Russia (Europe/Volgograd) change
+# timezone from UTC+3 to UTC+4 from 28oct2018.
+# http://sozd.parliament.gov.ru/bill/452878-7
+#
+# From Stepan Golosunov (2018-10-11):
+# The law has been published today on
+# http://publication.pravo.gov.ru/Document/View/0001201810110037
+
Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3
3:00 - +03 1930 Jun 21
4:00 - +04 1961 Nov 11
@@ -2738,7 +2773,8 @@
4:00 - +04 1992 Mar 29 2:00s
3:00 Russia +03/+04 2011 Mar 27 2:00s
4:00 - +04 2014 Oct 26 2:00s
- 3:00 - +03
+ 3:00 - +03 2018 Oct 28 2:00s
+ 4:00 - +04
# From Paul Eggert (2016-11-11):
# Europe/Saratov covers:
@@ -3427,7 +3463,8 @@
#Rule NatSpain 1937 only - May 22 23:00 1:00 S
#Rule NatSpain 1937 1938 - Oct Sat>=1 24:00s 0 -
#Rule NatSpain 1938 only - Mar 26 23:00 1:00 S
-# The following rules are copied from Morocco from 1967 through 1978.
+# The following rules are copied from Morocco from 1967 through 1978,
+# except with "S" letters.
Rule SpainAfrica 1967 only - Jun 3 12:00 1:00 S
Rule SpainAfrica 1967 only - Oct 1 0:00 0 -
Rule SpainAfrica 1974 only - Jun 24 0:00 1:00 S
@@ -3447,6 +3484,7 @@
0:00 1:00 WEST 1918 Oct 7 23:00
0:00 - WET 1924
0:00 Spain WE%sT 1929
+ 0:00 - WET 1967 # Help zishrink.awk.
0:00 SpainAfrica WE%sT 1984 Mar 16
1:00 - CET 1986
1:00 EU CE%sT
@@ -3632,7 +3670,7 @@
# http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2 - for 2001
# http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2 - for 2002-2006
# From Paul Eggert (2016-09-25):
-# Prefer the above sources to Shanks & Pottenger for time stamps after 1985.
+# Prefer the above sources to Shanks & Pottenger for timestamps after 1985.
# From Steffen Thorsen (2007-03-09):
# Starting 2007 though, it seems that they are adopting EU's 1:00 UTC
@@ -3842,10 +3880,29 @@
# * Ukrainian Government's Resolution of 20.03.1992, No. 139.
# http://www.uazakon.com/documents/date_8u/pg_grcasa.htm
+# From Paul Eggert (2018-10-03):
+# As is usual in tzdb, Ukrainian zones use the most common English spellings.
+# For example, tzdb uses Europe/Kiev, as "Kiev" is the most common spelling in
+# English for Ukraine's capital, even though it is certainly wrong as a
+# transliteration of the Ukrainian "Київ". This is similar to tzdb's use of
+# Europe/Prague, which is certainly wrong as a transliteration of the Czech
+# "Praha". ("Kiev" came from old Slavic via Russian to English, and "Prague"
+# came from old Slavic via French to English, so the two cases have something
+# in common.) Admittedly English-language spelling of Ukrainian names is
+# controversial, and some day "Kyiv" may become substantially more popular in
+# English; in the meantime, stick with the traditional English "Kiev" as that
+# means less disruption for our users.
+#
+# Anyway, none of the common English-language spellings (Kiev, Kyiv, Kieff,
+# Kijeff, Kijev, Kiyef, Kiyeff) do justice to the common pronunciation in
+# Ukrainian, namely [ˈkɪjiu̯] (IPA). This pronunciation has nothing like an
+# English "v" or "f", and instead trails off with what an English-speaker
+# would call a demure "oo" sound, and it would would be better anglicized as
+# "Kuiyu". Here's a sound file, if you would like to do as the Kuiyuvians do:
+# https://commons.wikimedia.org/wiki/File:Uk-Київ.ogg
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-# Most of Ukraine since 1970 has been like Kiev.
-# "Kyiv" is the transliteration of the Ukrainian name, but
-# "Kiev" is more common in English.
+# This represents most of Ukraine. See above for the spelling of "Kiev".
Zone Europe/Kiev 2:02:04 - LMT 1880
2:02:04 - KMT 1924 May 2 # Kiev Mean Time
2:00 - EET 1930 Jun 21
diff --git a/jdk/make/data/tzdata/factory b/jdk/make/data/tzdata/factory
index 7d79693..6ef6bca 100644
--- a/jdk/make/data/tzdata/factory
+++ b/jdk/make/data/tzdata/factory
@@ -21,11 +21,13 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for noncommittal factory settings
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
-# For distributors who don't want to put time zone specification in
-# their installation procedures. Users that run 'date' will get the
+# For distributors who don't want to specify a timezone in their
+# installation procedures. Users who run 'date' will get the
# time zone abbreviation "-00", indicating that the actual time zone
# is unknown.
diff --git a/jdk/make/data/tzdata/leapseconds b/jdk/make/data/tzdata/leapseconds
index cc5d928..8b539e6 100644
--- a/jdk/make/data/tzdata/leapseconds
+++ b/jdk/make/data/tzdata/leapseconds
@@ -26,21 +26,25 @@
# This file is in the public domain.
# This file is generated automatically from the data in the public-domain
-# leap-seconds.list file, which is copied from:
-# ftp://ftp.nist.gov/pub/time/leap-seconds.list
+# leap-seconds.list file, which can be copied from
+# <ftp://ftp.nist.gov/pub/time/leap-seconds.list>
+# or <ftp://ftp.boulder.nist.gov/pub/time/leap-seconds.list>
+# or <ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.list>.
# For more about leap-seconds.list, please see
# The NTP Timescale and Leap Seconds
-# https://www.eecis.udel.edu/~mills/leap.html
+# <https://www.eecis.udel.edu/~mills/leap.html>.
# The International Earth Rotation and Reference Systems Service
# periodically uses leap seconds to keep UTC to within 0.9 s of UT1
-# (which measures the true angular orientation of the earth in space); see
-# Levine J. Coordinated Universal Time and the leap second.
+# (which measures the true angular orientation of the earth in space)
+# and publishes leap second data in a copyrighted file
+# <https://hpiers.obspm.fr/iers/bul/bulc/Leap_Second.dat>.
+# See: Levine J. Coordinated Universal Time and the leap second.
# URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995
-# http://ieeexplore.ieee.org/document/7909995/
+# <https://ieeexplore.ieee.org/document/7909995>.
# There were no leap seconds before 1972, because the official mechanism
# accounting for the discrepancy between atomic time and the earth's rotation
-# did not exist until the early 1970s.
+# did not exist.
# The correction (+ or -) is made at the given time, so lines
# will typically look like:
@@ -48,10 +52,7 @@
# or
# Leap YEAR MON DAY 23:59:59 - R/S
-# If the leapsecond is Rolling (R) the given time is local time.
-# If the leapsecond is Stationary (S) the given time is UTC.
-
-# Leap YEAR MONTH DAY HH:MM:SS CORR R/S
+# If the leap second is Rolling (R) the given time is local time (unused here).
Leap 1972 Jun 30 23:59:60 + S
Leap 1972 Dec 31 23:59:60 + S
Leap 1973 Dec 31 23:59:60 + S
@@ -80,5 +81,9 @@
Leap 2015 Jun 30 23:59:60 + S
Leap 2016 Dec 31 23:59:60 + S
-# Updated through IERS Bulletin C55
-# File expires on: 28 December 2018
+# POSIX timestamps for the data in this file:
+#updated 1467936000
+#expires 1561680000
+
+# Updated through IERS Bulletin C56
+# File expires on: 28 June 2019
diff --git a/jdk/make/data/tzdata/northamerica b/jdk/make/data/tzdata/northamerica
index bcfb662..297a10a 100644
--- a/jdk/make/data/tzdata/northamerica
+++ b/jdk/make/data/tzdata/northamerica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for North and Central America and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -71,7 +73,7 @@
#
# Most of the US soon followed suit. See:
# Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56.
-# http://dx.doi.org/10.2307/3105430
+# https://dx.doi.org/10.2307/3105430
# From Paul Eggert (2005-04-16):
# That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
@@ -460,6 +462,19 @@
# western South Dakota, far western Texas (El Paso County, Hudspeth County,
# and Pine Springs and Nickel Creek in Culberson County), Utah, Wyoming
#
+# From Paul Eggert (2018-10-25):
+# On 1921-03-04 federal law placed all of Texas into the central time zone.
+# However, El Paso ignored the law for decades and continued to observe
+# mountain time, on the grounds that that's what they had always done
+# and they weren't about to let the federal government tell them what to do.
+# Eventually the federal government gave in and changed the law on
+# 1970-04-10 to match what El Paso was actually doing. Although
+# that's slightly after our 1970 cutoff, there is no need to create a
+# separate zone for El Paso since they were ignoring the law anyway. See:
+# Long T. El Pasoans were time rebels, fought to stay in Mountain zone.
+# El Paso Times. 2018-10-24 06:40 -06.
+# https://www.elpasotimes.com/story/news/local/el-paso/2018/10/24/el-pasoans-were-time-rebels-fought-stay-mountain-zone/1744509002/
+#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER
Rule Denver 1920 1921 - Mar lastSun 2:00 1:00 D
Rule Denver 1920 only - Oct lastSun 2:00 0 S
@@ -729,9 +744,7 @@
Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00
-10:30 - HST 1933 Apr 30 2:00
-10:30 1:00 HDT 1933 May 21 12:00
- -10:30 - HST 1942 Feb 9 2:00
- -10:30 1:00 HDT 1945 Sep 30 2:00
- -10:30 - HST 1947 Jun 8 2:00
+ -10:30 US H%sT 1947 Jun 8 2:00
-10:00 - HST
# Now we turn to US areas that have diverged from the consensus since 1970.
diff --git a/jdk/make/data/tzdata/pacificnew b/jdk/make/data/tzdata/pacificnew
index 9b9257a..020b599 100644
--- a/jdk/make/data/tzdata/pacificnew
+++ b/jdk/make/data/tzdata/pacificnew
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for proposed US election time (this file is obsolete)
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/jdk/make/data/tzdata/southamerica b/jdk/make/data/tzdata/southamerica
index 65d3c9f..3f01647 100644
--- a/jdk/make/data/tzdata/southamerica
+++ b/jdk/make/data/tzdata/southamerica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for South America and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -415,7 +417,7 @@
# standard time, so let's do that here too. This does not change UTC
# offsets, only tm_isdst and the time zone abbreviations. One minor
# plus is that this silences a zic complaint that there's no POSIX TZ
-# setting for time stamps past 2038.
+# setting for timestamps past 2038.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
#
@@ -948,6 +950,14 @@
# ... https://www.timeanddate.com/news/time/brazil-delays-dst-2018.html
# From Steffen Thorsen (2017-12-20):
# http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2017/decreto/D9242.htm
+#
+# From Fábio Gomes (2018-10-04):
+# The Brazilian president just announced a new change on this year DST.
+# It was scheduled to start on November 4th and it was changed to November 18th.
+# From Rodrigo Brüning Wessler (2018-10-15):
+# The Brazilian government just announced that the change in DST was
+# canceled.... Maybe the president Michel Temer also woke up one hour
+# earlier today. :)
Rule Brazil 2018 max - Nov Sun>=1 0:00 1:00 -
Rule Brazil 2023 only - Feb Sun>=22 0:00 0 -
Rule Brazil 2024 2025 - Feb Sun>=15 0:00 0 -
@@ -1254,6 +1264,24 @@
# they will switch from -03 to -04 one hour after Santiago does that day.
# For now, assume that they will not revert.
+# From Juan Correa (2018-08-13):
+# As of moments ago, the Ministry of Energy in Chile has announced the new
+# schema for DST. ... Announcement in video (in Spanish):
+# https://twitter.com/MinEnergia/status/1029000399129374720
+# From Yonathan Dossow (2018-08-13):
+# The video says "first Saturday of September", we all know it means Sunday at
+# midnight.
+# From Tim Parenti (2018-08-13):
+# Translating the captions on the video at 0:44-0:55, "We want to announce as
+# Government that from 2019, Winter Time will be increased to 5 months, between
+# the first Saturday of April and the first Saturday of September."
+# At 2:08-2:20, "The Magallanes region will maintain its current time, as
+# decided by the citizens during 2017, but our Government will promote a
+# regional dialogue table to gather their opinion on this matter."
+# https://twitter.com/MinEnergia/status/1029009354001973248
+# "We will keep the new time policy unchanged for at least the next 4 years."
+# So we extend the new rules on Saturdays at 24:00 mainland time indefinitely.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Chile 1927 1931 - Sep 1 0:00 1:00 -
Rule Chile 1928 1932 - Apr 1 0:00 0 -
@@ -1287,8 +1315,10 @@
Rule Chile 2011 only - Aug Sun>=16 4:00u 1:00 -
Rule Chile 2012 2014 - Apr Sun>=23 3:00u 0 -
Rule Chile 2012 2014 - Sep Sun>=2 4:00u 1:00 -
-Rule Chile 2016 max - May Sun>=9 3:00u 0 -
-Rule Chile 2016 max - Aug Sun>=9 4:00u 1:00 -
+Rule Chile 2016 2018 - May Sun>=9 3:00u 0 -
+Rule Chile 2016 2018 - Aug Sun>=9 4:00u 1:00 -
+Rule Chile 2019 max - Apr Sun>=2 3:00u 0 -
+Rule Chile 2019 max - Sep Sun>=2 4:00u 1:00 -
# IATA SSIM anomalies: (1992-02) says 1992-03-14;
# (1996-09) says 1998-03-08. Ignore these.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
diff --git a/jdk/make/data/tzdata/systemv b/jdk/make/data/tzdata/systemv
index c7b9a88..63a48e8 100644
--- a/jdk/make/data/tzdata/systemv
+++ b/jdk/make/data/tzdata/systemv
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for System V rules (this file is obsolete)
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/jdk/make/data/tzdata/zone.tab b/jdk/make/data/tzdata/zone.tab
index 873737e..2a98586 100644
--- a/jdk/make/data/tzdata/zone.tab
+++ b/jdk/make/data/tzdata/zone.tab
@@ -21,12 +21,12 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-# tz zone descriptions (deprecated version)
+# tzdb timezone descriptions (deprecated version)
#
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
#
-# From Paul Eggert (2014-07-31):
+# From Paul Eggert (2018-06-27):
# This file is intended as a backward-compatibility aid for older programs.
# New programs should use zone1970.tab. This file is like zone1970.tab (see
# zone1970.tab's comments), but with the following additional restrictions:
@@ -35,13 +35,13 @@
# 2. The first data column contains exactly one country code.
#
# Because of (2), each row stands for an area that is the intersection
-# of a region identified by a country code and of a zone where civil
+# of a region identified by a country code and of a timezone where civil
# clocks have agreed since 1970; this is a narrower definition than
# that of zone1970.tab.
#
-# This table is intended as an aid for users, to help them select time
-# zone data entries appropriate for their practical needs. It is not
-# intended to take or endorse any position on legal or territorial claims.
+# This table is intended as an aid for users, to help them select timezones
+# appropriate for their practical needs. It is not intended to take or
+# endorse any position on legal or territorial claims.
#
#country-
#code coordinates TZ comments
@@ -291,7 +291,7 @@
MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas)
MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan
MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar
-MO +2214+11335 Asia/Macau
+MO +221150+1133230 Asia/Macau
MP +1512+14545 Pacific/Saipan
MQ +1436-06105 America/Martinique
MR +1806-01557 Africa/Nouakchott
diff --git a/jdk/make/lib/NetworkingLibraries.gmk b/jdk/make/lib/NetworkingLibraries.gmk
index 347c323..47006d0 100644
--- a/jdk/make/lib/NetworkingLibraries.gmk
+++ b/jdk/make/lib/NetworkingLibraries.gmk
@@ -75,7 +75,7 @@
LDFLAGS_SUFFIX_linux := $(LIBDL) -ljvm -lpthread -ljava, \
LDFLAGS_SUFFIX_aix := $(LIBDL) -ljvm -ljava,\
LDFLAGS_SUFFIX_windows := ws2_32.lib jvm.lib secur32.lib iphlpapi.lib \
- delayimp.lib $(WIN_JAVA_LIB) advapi32.lib \
+ delayimp.lib urlmon.lib $(WIN_JAVA_LIB) advapi32.lib \
-DELAYLOAD:secur32.dll -DELAYLOAD:iphlpapi.dll, \
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
RC_FLAGS := $(RC_FLAGS) \
diff --git a/jdk/make/mapfiles/libjava/mapfile-vers b/jdk/make/mapfiles/libjava/mapfile-vers
index 09b25bf..1168c79 100644
--- a/jdk/make/mapfiles/libjava/mapfile-vers
+++ b/jdk/make/mapfiles/libjava/mapfile-vers
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -222,12 +222,7 @@
Java_java_lang_UNIXProcess_waitForProcessExit;
Java_java_lang_UNIXProcess_forkAndExec;
Java_java_lang_UNIXProcess_destroyProcess;
- Java_java_nio_Bits_copyFromShortArray;
- Java_java_nio_Bits_copyToShortArray;
- Java_java_nio_Bits_copyFromIntArray;
- Java_java_nio_Bits_copyToIntArray;
- Java_java_nio_Bits_copyFromLongArray;
- Java_java_nio_Bits_copyToLongArray;
+ Java_java_nio_Bits_copySwapMemory0;
Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2;
Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2Ljava_security_AccessControlContext_2;
Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2;
diff --git a/jdk/src/macosx/native/sun/font/CCharToGlyphMapper.m b/jdk/src/macosx/native/sun/font/CCharToGlyphMapper.m
index 81fb69d..b68ad1e 100644
--- a/jdk/src/macosx/native/sun/font/CCharToGlyphMapper.m
+++ b/jdk/src/macosx/native/sun/font/CCharToGlyphMapper.m
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java b/jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java
index 87f4772..f641eaa 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -253,11 +253,10 @@
return result;
}
-
/**
* Sets the padding mechanism of this cipher.
*
- * @param padding the padding mechanism
+ * @param paddingScheme the padding mechanism
*
* @exception NoSuchPaddingException if the requested padding mechanism
* does not exist
@@ -660,10 +659,7 @@
* (e.g., has not been initialized)
*/
byte[] update(byte[] input, int inputOffset, int inputLen) {
- if (requireReinit) {
- throw new IllegalStateException
- ("Must use either different key or iv for GCM encryption");
- }
+ checkReinit();
byte[] output = null;
try {
@@ -673,7 +669,12 @@
if (len == output.length) {
return output;
} else {
- return Arrays.copyOf(output, len);
+ byte[] copy = Arrays.copyOf(output, len);
+ if (decrypting) {
+ // Zero out internal buffer which is no longer required
+ Arrays.fill(output, (byte) 0x00);
+ }
+ return copy;
}
} catch (ShortBufferException e) {
// should never happen
@@ -706,10 +707,7 @@
*/
int update(byte[] input, int inputOffset, int inputLen, byte[] output,
int outputOffset) throws ShortBufferException {
- if (requireReinit) {
- throw new IllegalStateException
- ("Must use either different key or iv for GCM encryption");
- }
+ checkReinit();
// figure out how much can be sent to crypto function
int len = Math.addExact(buffered, inputLen);
@@ -767,11 +765,14 @@
inputLen -= temp;
buffered = Math.addExact(buffered, temp);
}
- // process 'buffer'
+ // process 'buffer'. When finished we can null out 'buffer'
+ // Only necessary to null out if buffer holds data for encryption
if (decrypting) {
outLen = cipher.decrypt(buffer, 0, buffered, output, outputOffset);
} else {
outLen = cipher.encrypt(buffer, 0, buffered, output, outputOffset);
+ //encrypt mode. Zero out internal (input) buffer
+ Arrays.fill(buffer, (byte) 0x00);
}
outputOffset = Math.addExact(outputOffset, outLen);
buffered = 0;
@@ -841,12 +842,25 @@
*/
byte[] doFinal(byte[] input, int inputOffset, int inputLen)
throws IllegalBlockSizeException, BadPaddingException {
- byte[] output = null;
try {
- output = new byte[getOutputSizeByOperation(inputLen, true)];
- int len = doFinal(input, inputOffset, inputLen, output, 0);
- if (len < output.length) {
- return Arrays.copyOf(output, len);
+ checkReinit();
+ byte[] output = new byte[getOutputSizeByOperation(inputLen, true)];
+ byte[] finalBuf = prepareInputBuffer(input, inputOffset,
+ inputLen, output, 0);
+ int finalOffset = (finalBuf == input) ? inputOffset : 0;
+ int finalBufLen = (finalBuf == input) ? inputLen : finalBuf.length;
+
+ int outLen = fillOutputBuffer(finalBuf, finalOffset, output, 0,
+ finalBufLen, input);
+
+ endDoFinal();
+ if (outLen < output.length) {
+ byte[] copy = Arrays.copyOf(output, outLen);
+ if (decrypting) {
+ // Zero out internal (ouput) array
+ Arrays.fill(output, (byte) 0x00);
+ }
+ return copy;
} else {
return output;
}
@@ -896,26 +910,81 @@
int outputOffset)
throws IllegalBlockSizeException, ShortBufferException,
BadPaddingException {
- if (requireReinit) {
- throw new IllegalStateException
- ("Must use either different key or iv for GCM encryption");
- }
+ checkReinit();
int estOutSize = getOutputSizeByOperation(inputLen, true);
- // check output buffer capacity.
- // if we are decrypting with padding applied, we can perform this
- // check only after we have determined how many padding bytes there
- // are.
- int outputCapacity = output.length - outputOffset;
- int minOutSize = (decrypting? (estOutSize - blockSize):estOutSize);
- if ((output == null) || (outputCapacity < minOutSize)) {
- throw new ShortBufferException("Output buffer must be "
- + "(at least) " + minOutSize + " bytes long");
- }
+ int outputCapacity = checkOutputCapacity(output, outputOffset,
+ estOutSize);
+ int offset = decrypting ? 0 : outputOffset; // 0 for decrypting
+ byte[] finalBuf = prepareInputBuffer(input, inputOffset,
+ inputLen, output, outputOffset);
+ byte[] outWithPadding = null; // for decrypting only
+ int finalOffset = (finalBuf == input) ? inputOffset : 0;
+ int finalBufLen = (finalBuf == input) ? inputLen : finalBuf.length;
+
+ if (decrypting) {
+ // if the size of specified output buffer is less than
+ // the length of the cipher text, then the current
+ // content of cipher has to be preserved in order for
+ // users to retry the call with a larger buffer in the
+ // case of ShortBufferException.
+ if (outputCapacity < estOutSize) {
+ cipher.save();
+ }
+ // create temporary output buffer so that only "real"
+ // data bytes are passed to user's output buffer.
+ outWithPadding = new byte[estOutSize];
+ }
+ byte[] outBuffer = decrypting ? outWithPadding : output;
+
+ int outLen = fillOutputBuffer(finalBuf, finalOffset, outBuffer,
+ offset, finalBufLen, input);
+
+ if (decrypting) {
+
+ if (outputCapacity < outLen) {
+ // restore so users can retry with a larger buffer
+ cipher.restore();
+ throw new ShortBufferException("Output buffer too short: "
+ + (outputCapacity)
+ + " bytes given, " + outLen
+ + " bytes needed");
+ }
+ // copy the result into user-supplied output buffer
+ System.arraycopy(outWithPadding, 0, output, outputOffset, outLen);
+ // decrypt mode. Zero out output data that's not required
+ Arrays.fill(outWithPadding, (byte) 0x00);
+ }
+ endDoFinal();
+ return outLen;
+ }
+
+ private void endDoFinal() {
+ buffered = 0;
+ diffBlocksize = blockSize;
+ if (cipherMode != ECB_MODE) {
+ cipher.reset();
+ }
+ }
+
+ private int unpad(int outLen, byte[] outWithPadding)
+ throws BadPaddingException {
+ int padStart = padding.unpad(outWithPadding, 0, outLen);
+ if (padStart < 0) {
+ throw new BadPaddingException("Given final block not " +
+ "properly padded. Such issues can arise if a bad key " +
+ "is used during decryption.");
+ }
+ outLen = padStart;
+ return outLen;
+ }
+
+ private byte[] prepareInputBuffer(byte[] input, int inputOffset,
+ int inputLen, byte[] output, int outputOffset)
+ throws IllegalBlockSizeException, ShortBufferException {
// calculate total input length
int len = Math.addExact(buffered, inputLen);
-
// calculate padding length
int totalLen = Math.addExact(len, cipher.getBufferedLength());
int paddingLen = 0;
@@ -945,82 +1014,80 @@
* - there are internally buffered bytes
* - doing encryption and padding is needed
*/
- byte[] finalBuf = input;
- int finalOffset = inputOffset;
- int finalBufLen = inputLen;
if ((buffered != 0) || (!decrypting && padding != null) ||
((input == output)
&& (outputOffset - inputOffset < inputLen)
&& (inputOffset - outputOffset < buffer.length))) {
+ byte[] finalBuf;
if (decrypting || padding == null) {
paddingLen = 0;
}
finalBuf = new byte[Math.addExact(len, paddingLen)];
- finalOffset = 0;
if (buffered != 0) {
System.arraycopy(buffer, 0, finalBuf, 0, buffered);
+ if (!decrypting) {
+ // done with input buffer. We should zero out the
+ // data if we're in encrypt mode.
+ Arrays.fill(buffer, (byte) 0x00);
+ }
}
if (inputLen != 0) {
System.arraycopy(input, inputOffset, finalBuf,
- buffered, inputLen);
+ buffered, inputLen);
}
if (paddingLen != 0) {
padding.padWithLen(finalBuf, Math.addExact(buffered, inputLen), paddingLen);
}
- finalBufLen = finalBuf.length;
+ return finalBuf;
}
- int outLen = 0;
- if (decrypting) {
- // if the size of specified output buffer is less than
- // the length of the cipher text, then the current
- // content of cipher has to be preserved in order for
- // users to retry the call with a larger buffer in the
- // case of ShortBufferException.
- if (outputCapacity < estOutSize) {
- cipher.save();
- }
- // create temporary output buffer so that only "real"
- // data bytes are passed to user's output buffer.
- byte[] outWithPadding = new byte[estOutSize];
- outLen = finalNoPadding(finalBuf, finalOffset, outWithPadding,
- 0, finalBufLen);
+ return input;
+ }
- if (padding != null) {
- int padStart = padding.unpad(outWithPadding, 0, outLen);
- if (padStart < 0) {
- throw new BadPaddingException("Given final block not " +
- "properly padded. Such issues can arise if a bad key " +
- "is used during decryption.");
- }
- outLen = padStart;
+ private int fillOutputBuffer(byte[] finalBuf, int finalOffset,
+ byte[] output, int outOfs, int finalBufLen,
+ byte[] input)
+ throws ShortBufferException, BadPaddingException,
+ IllegalBlockSizeException {
+ int len;
+ try {
+ len = finalNoPadding(finalBuf, finalOffset, output,
+ outOfs, finalBufLen);
+ if (decrypting && padding != null) {
+ len = unpad(len, output);
}
-
- if (outputCapacity < outLen) {
- // restore so users can retry with a larger buffer
- cipher.restore();
- throw new ShortBufferException("Output buffer too short: "
- + (outputCapacity)
- + " bytes given, " + outLen
- + " bytes needed");
- }
- // copy the result into user-supplied output buffer
- System.arraycopy(outWithPadding, 0, output, outputOffset, outLen);
- } else { // encrypting
- try {
- outLen = finalNoPadding(finalBuf, finalOffset, output,
- outputOffset, finalBufLen);
- } finally {
+ return len;
+ } finally {
+ if (!decrypting) {
// reset after doFinal() for GCM encryption
requireReinit = (cipherMode == GCM_MODE);
+ if (finalBuf != input) {
+ // done with internal finalBuf array. Copied to output
+ Arrays.fill(finalBuf, (byte) 0x00);
+ }
}
}
+ }
- buffered = 0;
- diffBlocksize = blockSize;
- if (cipherMode != ECB_MODE) {
- cipher.reset();
+ private int checkOutputCapacity(byte[] output, int outputOffset,
+ int estOutSize) throws ShortBufferException {
+ // check output buffer capacity.
+ // if we are decrypting with padding applied, we can perform this
+ // check only after we have determined how many padding bytes there
+ // are.
+ int outputCapacity = output.length - outputOffset;
+ int minOutSize = decrypting ? (estOutSize - blockSize) : estOutSize;
+ if ((output == null) || (outputCapacity < minOutSize)) {
+ throw new ShortBufferException("Output buffer must be "
+ + "(at least) " + minOutSize + " bytes long");
}
- return outLen;
+ return outputCapacity;
+ }
+
+ private void checkReinit() {
+ if (requireReinit) {
+ throw new IllegalStateException
+ ("Must use either different key or iv for GCM encryption");
+ }
}
private int finalNoPadding(byte[] in, int inOfs, byte[] out, int outOfs,
@@ -1153,10 +1220,7 @@
* @since 1.8
*/
void updateAAD(byte[] src, int offset, int len) {
- if (requireReinit) {
- throw new IllegalStateException
- ("Must use either different key or iv for GCM encryption");
- }
+ checkReinit();
cipher.updateAAD(src, offset, len);
}
}
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java b/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java
index e85b881..9c76839 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java
@@ -73,62 +73,69 @@
salt = pbeKey.getSalt(); // maybe null if unspecified
iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
} else if (key instanceof SecretKey) {
- byte[] passwdBytes = key.getEncoded();
- if ((passwdBytes == null) ||
- !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ byte[] passwdBytes;
+ if (!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3)) ||
+ (passwdBytes = key.getEncoded()) == null) {
throw new InvalidKeyException("Missing password");
}
passwdChars = new char[passwdBytes.length];
for (int i=0; i<passwdChars.length; i++) {
passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
}
+ Arrays.fill(passwdBytes, (byte)0x00);
} else {
throw new InvalidKeyException("SecretKey of PBE type required");
}
- if (params == null) {
- // should not auto-generate default values since current
- // javax.crypto.Mac api does not have any method for caller to
- // retrieve the generated defaults.
- if ((salt == null) || (iCount == 0)) {
+
+ byte[] derivedKey;
+ try {
+ if (params == null) {
+ // should not auto-generate default values since current
+ // javax.crypto.Mac api does not have any method for caller to
+ // retrieve the generated defaults.
+ if ((salt == null) || (iCount == 0)) {
+ throw new InvalidAlgorithmParameterException
+ ("PBEParameterSpec required for salt and iteration count");
+ }
+ } else if (!(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException
- ("PBEParameterSpec required for salt and iteration count");
- }
- } else if (!(params instanceof PBEParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("PBEParameterSpec type required");
- } else {
- PBEParameterSpec pbeParams = (PBEParameterSpec) params;
- // make sure the parameter values are consistent
- if (salt != null) {
- if (!Arrays.equals(salt, pbeParams.getSalt())) {
- throw new InvalidAlgorithmParameterException
- ("Inconsistent value of salt between key and params");
- }
+ ("PBEParameterSpec type required");
} else {
- salt = pbeParams.getSalt();
- }
- if (iCount != 0) {
- if (iCount != pbeParams.getIterationCount()) {
- throw new InvalidAlgorithmParameterException
- ("Different iteration count between key and params");
+ PBEParameterSpec pbeParams = (PBEParameterSpec) params;
+ // make sure the parameter values are consistent
+ if (salt != null) {
+ if (!Arrays.equals(salt, pbeParams.getSalt())) {
+ throw new InvalidAlgorithmParameterException
+ ("Inconsistent value of salt between key and params");
+ }
+ } else {
+ salt = pbeParams.getSalt();
}
- } else {
- iCount = pbeParams.getIterationCount();
+ if (iCount != 0) {
+ if (iCount != pbeParams.getIterationCount()) {
+ throw new InvalidAlgorithmParameterException
+ ("Different iteration count between key and params");
+ }
+ } else {
+ iCount = pbeParams.getIterationCount();
+ }
}
+ // For security purpose, we need to enforce a minimum length
+ // for salt; just require the minimum salt length to be 8-byte
+ // which is what PKCS#5 recommends and openssl does.
+ if (salt.length < 8) {
+ throw new InvalidAlgorithmParameterException
+ ("Salt must be at least 8 bytes long");
+ }
+ if (iCount <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("IterationCount must be a positive number");
+ }
+ derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
+ iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
+ } finally {
+ Arrays.fill(passwdChars, '\0');
}
- // For security purpose, we need to enforce a minimum length
- // for salt; just require the minimum salt length to be 8-byte
- // which is what PKCS#5 recommends and openssl does.
- if (salt.length < 8) {
- throw new InvalidAlgorithmParameterException
- ("Salt must be at least 8 bytes long");
- }
- if (iCount <= 0) {
- throw new InvalidAlgorithmParameterException
- ("IterationCount must be a positive number");
- }
- byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
- iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
super.engineInit(cipherKey, null);
}
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/KeyProtector.java b/jdk/src/share/classes/com/sun/crypto/provider/KeyProtector.java
index 7f9d0b2..c1f96ef 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/KeyProtector.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/KeyProtector.java
@@ -37,12 +37,15 @@
import java.security.AlgorithmParameters;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.CipherSpi;
import javax.crypto.SecretKey;
import javax.crypto.SealedObject;
import javax.crypto.spec.*;
+import javax.security.auth.DestroyFailedException;
+
import sun.security.x509.AlgorithmId;
import sun.security.util.ObjectIdentifier;
@@ -103,15 +106,20 @@
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
- SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
- pbeKeySpec.clearPassword();
-
- // encrypt private key
+ SecretKey sKey = null;
PBEWithMD5AndTripleDESCipher cipher;
- cipher = new PBEWithMD5AndTripleDESCipher();
- cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
+ try {
+ sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
+ // encrypt private key
+ cipher = new PBEWithMD5AndTripleDESCipher();
+ cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
+ } finally {
+ pbeKeySpec.clearPassword();
+ if (sKey != null) sKey.destroy();
+ }
byte[] plain = key.getEncoded();
byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
+ Arrays.fill(plain, (byte)0x00);
// wrap encrypted private key in EncryptedPrivateKeyInfo
// (as defined in PKCS#8)
@@ -131,8 +139,8 @@
Key recover(EncryptedPrivateKeyInfo encrInfo)
throws UnrecoverableKeyException, NoSuchAlgorithmException
{
- byte[] plain;
-
+ byte[] plain = null;
+ SecretKey sKey = null;
try {
String encrAlg = encrInfo.getAlgorithm().getOID().toString();
if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
@@ -160,8 +168,7 @@
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
- SecretKey sKey =
- new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
+ sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
// decrypt private key
@@ -178,7 +185,6 @@
(new PrivateKeyInfo(plain).getAlgorithm().getOID()).getName();
KeyFactory kFac = KeyFactory.getInstance(oidName);
return kFac.generatePrivate(new PKCS8EncodedKeySpec(plain));
-
} catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the
// later catch of GeneralSecurityException
@@ -187,6 +193,15 @@
throw new UnrecoverableKeyException(ioe.getMessage());
} catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage());
+ } finally {
+ if (plain != null) Arrays.fill(plain, (byte)0x00);
+ if (sKey != null) {
+ try {
+ sKey.destroy();
+ } catch (DestroyFailedException e) {
+ //shouldn't happen
+ }
+ }
}
}
@@ -262,7 +277,7 @@
// of <code>protectedKey</code>. If the two digest values are
// different, throw an exception.
md.update(passwdBytes);
- java.util.Arrays.fill(passwdBytes, (byte)0x00);
+ Arrays.fill(passwdBytes, (byte)0x00);
passwdBytes = null;
md.update(plainKey);
digest = md.digest();
@@ -291,17 +306,21 @@
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
- SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
- pbeKeySpec.clearPassword();
-
- // seal key
+ SecretKey sKey = null;
Cipher cipher;
+ try {
+ sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
+ pbeKeySpec.clearPassword();
- PBEWithMD5AndTripleDESCipher cipherSpi;
- cipherSpi = new PBEWithMD5AndTripleDESCipher();
- cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
+ // seal key
+ PBEWithMD5AndTripleDESCipher cipherSpi;
+ cipherSpi = new PBEWithMD5AndTripleDESCipher();
+ cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
- cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
+ cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
+ } finally {
+ if (sKey != null) sKey.destroy();
+ }
return new SealedObjectForKeyProtector(key, cipher);
}
@@ -309,12 +328,12 @@
* Unseals the sealed key.
*/
Key unseal(SealedObject so)
- throws NoSuchAlgorithmException, UnrecoverableKeyException
- {
+ throws NoSuchAlgorithmException, UnrecoverableKeyException {
+ SecretKey sKey = null;
try {
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
- SecretKey skey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
+ sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
SealedObjectForKeyProtector soForKeyProtector = null;
@@ -342,7 +361,7 @@
Cipher cipher = new CipherForKeyProtector(cipherSpi,
SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
- cipher.init(Cipher.DECRYPT_MODE, skey, params);
+ cipher.init(Cipher.DECRYPT_MODE, sKey, params);
return soForKeyProtector.getKey(cipher);
} catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the
@@ -354,6 +373,14 @@
throw new UnrecoverableKeyException(cnfe.getMessage());
} catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage());
+ } finally {
+ if (sKey != null) {
+ try {
+ sKey.destroy();
+ } catch (DestroyFailedException e) {
+ //shouldn't happen
+ }
+ }
}
}
}
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java b/jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java
index b063eec..7fb66e5 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.spec.InvalidKeySpecException;
+import java.util.Arrays;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
@@ -68,7 +69,7 @@
this.key = new byte[passwd.length];
for (int i=0; i<passwd.length; i++)
this.key[i] = (byte) (passwd[i] & 0x7f);
- java.util.Arrays.fill(passwd, ' ');
+ Arrays.fill(passwd, '\0');
type = keytype;
}
@@ -110,11 +111,23 @@
byte[] thatEncoded = that.getEncoded();
boolean ret = MessageDigest.isEqual(this.key, thatEncoded);
- java.util.Arrays.fill(thatEncoded, (byte)0x00);
+ Arrays.fill(thatEncoded, (byte)0x00);
return ret;
}
/**
+ * Clears the internal copy of the key.
+ *
+ */
+ @Override
+ public void destroy() {
+ if (key != null) {
+ Arrays.fill(key, (byte)0x00);
+ key = null;
+ }
+ }
+
+ /**
* readObject is called to restore the state of this key from
* a stream.
*/
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/PBES1Core.java b/jdk/src/share/classes/com/sun/crypto/provider/PBES1Core.java
index 86ea35c..54bd4eb 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBES1Core.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBES1Core.java
@@ -27,6 +27,7 @@
import java.security.*;
import java.security.spec.*;
+import java.util.Arrays;
import javax.crypto.*;
import javax.crypto.spec.*;
@@ -213,35 +214,43 @@
throw new InvalidAlgorithmParameterException("Parameters "
+ "missing");
}
- if ((key == null) ||
- (key.getEncoded() == null) ||
- !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
- throw new InvalidKeyException("Missing password");
+ if (key == null) {
+ throw new InvalidKeyException("Null key");
}
- if (params == null) {
- // create random salt and use default iteration count
- salt = new byte[8];
- random.nextBytes(salt);
- } else {
- if (!(params instanceof PBEParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("Wrong parameter type: PBE expected");
+ byte[] derivedKey;
+ byte[] passwdBytes = key.getEncoded();
+ try {
+ if ((passwdBytes == null) ||
+ !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ throw new InvalidKeyException("Missing password");
}
- salt = ((PBEParameterSpec) params).getSalt();
- // salt must be 8 bytes long (by definition)
- if (salt.length != 8) {
- throw new InvalidAlgorithmParameterException
- ("Salt must be 8 bytes long");
- }
- iCount = ((PBEParameterSpec) params).getIterationCount();
- if (iCount <= 0) {
- throw new InvalidAlgorithmParameterException
- ("IterationCount must be a positive number");
- }
- }
- byte[] derivedKey = deriveCipherKey(key);
+ if (params == null) {
+ // create random salt and use default iteration count
+ salt = new byte[8];
+ random.nextBytes(salt);
+ } else {
+ if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("Wrong parameter type: PBE expected");
+ }
+ salt = ((PBEParameterSpec) params).getSalt();
+ // salt must be 8 bytes long (by definition)
+ if (salt.length != 8) {
+ throw new InvalidAlgorithmParameterException
+ ("Salt must be 8 bytes long");
+ }
+ iCount = ((PBEParameterSpec) params).getIterationCount();
+ if (iCount <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("IterationCount must be a positive number");
+ }
+ }
+ derivedKey = deriveCipherKey(passwdBytes);
+ } finally {
+ if (passwdBytes != null) Arrays.fill(passwdBytes, (byte) 0x00);
+ }
// use all but the last 8 bytes as the key value
SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0,
derivedKey.length-8, algo);
@@ -253,16 +262,14 @@
cipher.init(opmode, cipherKey, ivSpec, random);
}
- private byte[] deriveCipherKey(Key key) {
+ private byte[] deriveCipherKey(byte[] passwdBytes) {
byte[] result = null;
- byte[] passwdBytes = key.getEncoded();
if (algo.equals("DES")) {
// P || S (password concatenated with salt)
byte[] concat = new byte[Math.addExact(passwdBytes.length, salt.length)];
System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length);
- java.util.Arrays.fill(passwdBytes, (byte)0x00);
System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length);
// digest P || S with c iterations
@@ -271,7 +278,7 @@
md.update(toBeHashed);
toBeHashed = md.digest(); // this resets the digest
}
- java.util.Arrays.fill(concat, (byte)0x00);
+ Arrays.fill(concat, (byte)0x00);
result = toBeHashed;
} else if (algo.equals("DESede")) {
// if the 2 salt halves are the same, invert one of them
@@ -294,8 +301,6 @@
// Concatenate the output from each digest round with the
// password, and use the result as the input to the next digest
// operation.
- byte[] kBytes = null;
- IvParameterSpec iv = null;
byte[] toBeHashed = null;
result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN +
DESConstants.DES_BLOCK_SIZE];
@@ -306,12 +311,14 @@
for (int j=0; j < iCount; j++) {
md.update(toBeHashed);
md.update(passwdBytes);
- toBeHashed = md.digest(); // this resets the digest
+ toBeHashed = md.digest();
}
System.arraycopy(toBeHashed, 0, result, i*16,
toBeHashed.length);
}
}
+ // clear data used in message
+ md.reset();
return result;
}
@@ -478,9 +485,9 @@
byte[] wrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
byte[] result = null;
-
+ byte[] encodedKey = null;
try {
- byte[] encodedKey = key.getEncoded();
+ encodedKey = key.getEncoded();
if ((encodedKey == null) || (encodedKey.length == 0)) {
throw new InvalidKeyException("Cannot get an encoding of " +
"the key to be wrapped");
@@ -489,6 +496,8 @@
result = doFinal(encodedKey, 0, encodedKey.length);
} catch (BadPaddingException e) {
// Should never happen
+ } finally {
+ if (encodedKey != null) Arrays.fill(encodedKey, (byte)0x00);
}
return result;
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/PBES2Core.java b/jdk/src/share/classes/com/sun/crypto/provider/PBES2Core.java
index 3787366..9a59abf 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBES2Core.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBES2Core.java
@@ -27,6 +27,7 @@
import java.security.*;
import java.security.spec.*;
+import java.util.Arrays;
import javax.crypto.*;
import javax.crypto.spec.*;
@@ -173,101 +174,105 @@
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
- if ((key == null) ||
- (key.getEncoded() == null) ||
- !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
- throw new InvalidKeyException("Missing password");
+ if (key == null) {
+ throw new InvalidKeyException("Null key");
}
- // TBD: consolidate the salt, ic and IV parameter checks below
+ byte[] passwdBytes = key.getEncoded();
+ char[] passwdChars = null;
+ PBEKeySpec pbeSpec;
+ try {
+ if ((passwdBytes == null) ||
+ !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ throw new InvalidKeyException("Missing password");
+ }
- // Extract salt and iteration count from the key, if present
- if (key instanceof javax.crypto.interfaces.PBEKey) {
- salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
- if (salt != null && salt.length < 8) {
- throw new InvalidAlgorithmParameterException(
- "Salt must be at least 8 bytes long");
- }
- iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
- if (iCount == 0) {
- iCount = DEFAULT_COUNT;
- } else if (iCount < 0) {
- throw new InvalidAlgorithmParameterException(
- "Iteration count must be a positive number");
- }
- }
+ // TBD: consolidate the salt, ic and IV parameter checks below
- // Extract salt, iteration count and IV from the params, if present
- if (params == null) {
- if (salt == null) {
- // generate random salt and use default iteration count
- salt = new byte[DEFAULT_SALT_LENGTH];
- random.nextBytes(salt);
- iCount = DEFAULT_COUNT;
+ // Extract salt and iteration count from the key, if present
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
+ if (salt != null && salt.length < 8) {
+ throw new InvalidAlgorithmParameterException(
+ "Salt must be at least 8 bytes long");
+ }
+ iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
+ if (iCount == 0) {
+ iCount = DEFAULT_COUNT;
+ } else if (iCount < 0) {
+ throw new InvalidAlgorithmParameterException(
+ "Iteration count must be a positive number");
+ }
}
- if ((opmode == Cipher.ENCRYPT_MODE) ||
+
+ // Extract salt, iteration count and IV from the params, if present
+ if (params == null) {
+ if (salt == null) {
+ // generate random salt and use default iteration count
+ salt = new byte[DEFAULT_SALT_LENGTH];
+ random.nextBytes(salt);
+ iCount = DEFAULT_COUNT;
+ }
+ if ((opmode == Cipher.ENCRYPT_MODE) ||
(opmode == Cipher.WRAP_MODE)) {
- // generate random IV
- byte[] ivBytes = new byte[blkSize];
- random.nextBytes(ivBytes);
- ivSpec = new IvParameterSpec(ivBytes);
- }
- } else {
- if (!(params instanceof PBEParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("Wrong parameter type: PBE expected");
- }
- // salt and iteration count from the params take precedence
- byte[] specSalt = ((PBEParameterSpec) params).getSalt();
- if (specSalt != null && specSalt.length < 8) {
- throw new InvalidAlgorithmParameterException(
- "Salt must be at least 8 bytes long");
- }
- salt = specSalt;
- int specICount = ((PBEParameterSpec) params).getIterationCount();
- if (specICount == 0) {
- specICount = DEFAULT_COUNT;
- } else if (specICount < 0) {
- throw new InvalidAlgorithmParameterException(
- "Iteration count must be a positive number");
- }
- iCount = specICount;
+ // generate random IV
+ byte[] ivBytes = new byte[blkSize];
+ random.nextBytes(ivBytes);
+ ivSpec = new IvParameterSpec(ivBytes);
+ }
+ } else {
+ if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("Wrong parameter type: PBE expected");
+ }
+ // salt and iteration count from the params take precedence
+ byte[] specSalt = ((PBEParameterSpec) params).getSalt();
+ if (specSalt != null && specSalt.length < 8) {
+ throw new InvalidAlgorithmParameterException(
+ "Salt must be at least 8 bytes long");
+ }
+ salt = specSalt;
+ int specICount = ((PBEParameterSpec) params).getIterationCount();
+ if (specICount == 0) {
+ specICount = DEFAULT_COUNT;
+ } else if (specICount < 0) {
+ throw new InvalidAlgorithmParameterException(
+ "Iteration count must be a positive number");
+ }
+ iCount = specICount;
- AlgorithmParameterSpec specParams =
- ((PBEParameterSpec) params).getParameterSpec();
- if (specParams != null) {
- if (specParams instanceof IvParameterSpec) {
- ivSpec = (IvParameterSpec)specParams;
+ AlgorithmParameterSpec specParams =
+ ((PBEParameterSpec) params).getParameterSpec();
+ if (specParams != null) {
+ if (specParams instanceof IvParameterSpec) {
+ ivSpec = (IvParameterSpec)specParams;
+ } else {
+ throw new InvalidAlgorithmParameterException(
+ "Wrong parameter type: IV expected");
+ }
+ } else if ((opmode == Cipher.ENCRYPT_MODE) ||
+ (opmode == Cipher.WRAP_MODE)) {
+ // generate random IV
+ byte[] ivBytes = new byte[blkSize];
+ random.nextBytes(ivBytes);
+ ivSpec = new IvParameterSpec(ivBytes);
} else {
throw new InvalidAlgorithmParameterException(
- "Wrong parameter type: IV expected");
+ "Missing parameter type: IV expected");
}
- } else if ((opmode == Cipher.ENCRYPT_MODE) ||
- (opmode == Cipher.WRAP_MODE)) {
- // generate random IV
- byte[] ivBytes = new byte[blkSize];
- random.nextBytes(ivBytes);
- ivSpec = new IvParameterSpec(ivBytes);
- } else {
- throw new InvalidAlgorithmParameterException(
- "Missing parameter type: IV expected");
}
- }
- SecretKeySpec cipherKey = null;
- byte[] derivedKey = null;
- byte[] passwdBytes = key.getEncoded();
- char[] passwdChars = new char[passwdBytes.length];
+ passwdChars = new char[passwdBytes.length];
+ for (int i = 0; i < passwdChars.length; i++)
+ passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
- for (int i=0; i<passwdChars.length; i++)
- passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
-
- PBEKeySpec pbeSpec =
- new PBEKeySpec(passwdChars, salt, iCount, keyLength);
+ pbeSpec = new PBEKeySpec(passwdChars, salt, iCount, keyLength);
// password char[] was cloned in PBEKeySpec constructor,
// so we can zero it out here
- java.util.Arrays.fill(passwdChars, ' ');
- java.util.Arrays.fill(passwdBytes, (byte)0x00);
+ } finally {
+ if (passwdChars != null) Arrays.fill(passwdChars, '\0');
+ if (passwdBytes != null) Arrays.fill(passwdBytes, (byte)0x00);
+ }
SecretKey s = null;
@@ -280,8 +285,8 @@
ike.initCause(ikse);
throw ike;
}
- derivedKey = s.getEncoded();
- cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);
+ byte[] derivedKey = s.getEncoded();
+ SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);
// initialize the underlying cipher
cipher.init(opmode, cipherKey, ivSpec, random);
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
index 5dddd14..506cc73 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
@@ -89,6 +89,8 @@
}
// Convert the password from char[] to byte[]
byte[] passwdBytes = getPasswordBytes(this.passwd);
+ // remove local copy
+ if (passwd != null) Arrays.fill(passwd, '\0');
this.salt = keySpec.getSalt();
if (salt == null) {
@@ -108,13 +110,15 @@
}
try {
this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
+ this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
} catch (NoSuchAlgorithmException nsae) {
// not gonna happen; re-throw just in case
InvalidKeySpecException ike = new InvalidKeySpecException();
ike.initCause(nsae);
throw ike;
+ } finally {
+ Arrays.fill(passwdBytes, (byte)0x00);
}
- this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
private static byte[] deriveKey(final Mac prf, final byte[] password,
@@ -240,8 +244,8 @@
if (!(that.getFormat().equalsIgnoreCase("RAW")))
return false;
byte[] thatEncoded = that.getEncoded();
- boolean ret = MessageDigest.isEqual(key, that.getEncoded());
- java.util.Arrays.fill(thatEncoded, (byte)0x00);
+ boolean ret = MessageDigest.isEqual(key, thatEncoded);
+ Arrays.fill(thatEncoded, (byte)0x00);
return ret;
}
@@ -266,7 +270,7 @@
try {
synchronized (this) {
if (this.passwd != null) {
- java.util.Arrays.fill(this.passwd, '0');
+ java.util.Arrays.fill(this.passwd, '\0');
this.passwd = null;
}
if (this.key != null) {
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java b/jdk/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java
index 2f0ba13..2ff0290 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java
@@ -108,72 +108,76 @@
salt = pbeKey.getSalt(); // maybe null if unspecified
iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
} else if (key instanceof SecretKey) {
- byte[] passwdBytes = key.getEncoded();
- if ((passwdBytes == null) ||
- !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ byte[] passwdBytes;
+ if (!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3)) ||
+ (passwdBytes = key.getEncoded()) == null) {
throw new InvalidKeyException("Missing password");
}
passwdChars = new char[passwdBytes.length];
for (int i=0; i<passwdChars.length; i++) {
passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
}
+ Arrays.fill(passwdBytes, (byte)0x00);
} else {
throw new InvalidKeyException("SecretKey of PBE type required");
}
- if (params == null) {
- // should not auto-generate default values since current
- // javax.crypto.Mac api does not have any method for caller to
- // retrieve the generated defaults.
- if ((salt == null) || (iCount == 0)) {
- throw new InvalidAlgorithmParameterException
- ("PBEParameterSpec required for salt and iteration count");
- }
- } else if (!(params instanceof PBEParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("PBEParameterSpec type required");
- } else {
- PBEParameterSpec pbeParams = (PBEParameterSpec) params;
- // make sure the parameter values are consistent
- if (salt != null) {
- if (!Arrays.equals(salt, pbeParams.getSalt())) {
- throw new InvalidAlgorithmParameterException
- ("Inconsistent value of salt between key and params");
- }
- } else {
- salt = pbeParams.getSalt();
- }
- if (iCount != 0) {
- if (iCount != pbeParams.getIterationCount()) {
- throw new InvalidAlgorithmParameterException
- ("Different iteration count between key and params");
- }
- } else {
- iCount = pbeParams.getIterationCount();
- }
- }
- // For security purpose, we need to enforce a minimum length
- // for salt; just require the minimum salt length to be 8-byte
- // which is what PKCS#5 recommends and openssl does.
- if (salt.length < 8) {
- throw new InvalidAlgorithmParameterException
- ("Salt must be at least 8 bytes long");
- }
- if (iCount <= 0) {
- throw new InvalidAlgorithmParameterException
- ("IterationCount must be a positive number");
- }
- PBEKeySpec pbeSpec =
- new PBEKeySpec(passwdChars, salt, iCount, blockLength);
+ PBEKeySpec pbeSpec;
+ try {
+ if (params == null) {
+ // should not auto-generate default values since current
+ // javax.crypto.Mac api does not have any method for caller to
+ // retrieve the generated defaults.
+ if ((salt == null) || (iCount == 0)) {
+ throw new InvalidAlgorithmParameterException
+ ("PBEParameterSpec required for salt and iteration count");
+ }
+ } else if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("PBEParameterSpec type required");
+ } else {
+ PBEParameterSpec pbeParams = (PBEParameterSpec) params;
+ // make sure the parameter values are consistent
+ if (salt != null) {
+ if (!Arrays.equals(salt, pbeParams.getSalt())) {
+ throw new InvalidAlgorithmParameterException
+ ("Inconsistent value of salt between key and params");
+ }
+ } else {
+ salt = pbeParams.getSalt();
+ }
+ if (iCount != 0) {
+ if (iCount != pbeParams.getIterationCount()) {
+ throw new InvalidAlgorithmParameterException
+ ("Different iteration count between key and params");
+ }
+ } else {
+ iCount = pbeParams.getIterationCount();
+ }
+ }
+ // For security purpose, we need to enforce a minimum length
+ // for salt; just require the minimum salt length to be 8-byte
+ // which is what PKCS#5 recommends and openssl does.
+ if (salt.length < 8) {
+ throw new InvalidAlgorithmParameterException
+ ("Salt must be at least 8 bytes long");
+ }
+ if (iCount <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("IterationCount must be a positive number");
+ }
+
+ pbeSpec = new PBEKeySpec(passwdChars, salt, iCount, blockLength);
// password char[] was cloned in PBEKeySpec constructor,
// so we can zero it out here
- java.util.Arrays.fill(passwdChars, ' ');
+ } finally {
+ Arrays.fill(passwdChars, '\0');
+ }
- SecretKey s = null;
+ SecretKey s;
PBKDF2Core kdf = getKDFImpl(kdfAlgo);
try {
s = kdf.engineGenerateSecret(pbeSpec);
-
} catch (InvalidKeySpecException ikse) {
InvalidKeyException ike =
new InvalidKeyException("Cannot construct PBE key");
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java b/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
index a02aa4b..bb0a607 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
@@ -103,6 +103,7 @@
Arrays.fill(D, (byte)type);
concat(salt, I, 0, s);
concat(passwd, I, s, p);
+ Arrays.fill(passwd, (byte)0x00);
byte[] Ai;
byte[] B = new byte[v];
@@ -265,87 +266,92 @@
salt = pbeKey.getSalt(); // maybe null if unspecified
iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
} else if (key instanceof SecretKey) {
- byte[] passwdBytes = key.getEncoded();
- if ((passwdBytes == null) ||
- !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ byte[] passwdBytes;
+ if (!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3)) ||
+ (passwdBytes = key.getEncoded()) == null) {
throw new InvalidKeyException("Missing password");
}
passwdChars = new char[passwdBytes.length];
for (int i=0; i<passwdChars.length; i++) {
passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
}
+ Arrays.fill(passwdBytes, (byte)0x00);
} else {
throw new InvalidKeyException("SecretKey of PBE type required");
}
- if (((opmode == Cipher.DECRYPT_MODE) ||
- (opmode == Cipher.UNWRAP_MODE)) &&
- ((params == null) && ((salt == null) || (iCount == 0)))) {
- throw new InvalidAlgorithmParameterException
- ("Parameters missing");
- }
+ try {
+ if (((opmode == Cipher.DECRYPT_MODE) ||
+ (opmode == Cipher.UNWRAP_MODE)) &&
+ ((params == null) && ((salt == null) || (iCount == 0)))) {
+ throw new InvalidAlgorithmParameterException
+ ("Parameters missing");
+ }
- if (params == null) {
- // generate default for salt and iteration count if necessary
- if (salt == null) {
- salt = new byte[DEFAULT_SALT_LENGTH];
- if (random != null) {
- random.nextBytes(salt);
+ if (params == null) {
+ // generate default for salt and iteration count if necessary
+ if (salt == null) {
+ salt = new byte[DEFAULT_SALT_LENGTH];
+ if (random != null) {
+ random.nextBytes(salt);
+ } else {
+ SunJCE.getRandom().nextBytes(salt);
+ }
+ }
+ if (iCount == 0) iCount = DEFAULT_COUNT;
+ } else if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("PBEParameterSpec type required");
+ } else {
+ PBEParameterSpec pbeParams = (PBEParameterSpec) params;
+ // make sure the parameter values are consistent
+ if (salt != null) {
+ if (!Arrays.equals(salt, pbeParams.getSalt())) {
+ throw new InvalidAlgorithmParameterException
+ ("Inconsistent value of salt between key and params");
+ }
} else {
- SunJCE.getRandom().nextBytes(salt);
+ salt = pbeParams.getSalt();
+ }
+ if (iCount != 0) {
+ if (iCount != pbeParams.getIterationCount()) {
+ throw new InvalidAlgorithmParameterException
+ ("Different iteration count between key and params");
+ }
+ } else {
+ iCount = pbeParams.getIterationCount();
}
}
- if (iCount == 0) iCount = DEFAULT_COUNT;
- } else if (!(params instanceof PBEParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("PBEParameterSpec type required");
- } else {
- PBEParameterSpec pbeParams = (PBEParameterSpec) params;
- // make sure the parameter values are consistent
- if (salt != null) {
- if (!Arrays.equals(salt, pbeParams.getSalt())) {
- throw new InvalidAlgorithmParameterException
- ("Inconsistent value of salt between key and params");
- }
+ // salt is recommended to be ideally as long as the output
+ // of the hash function. However, it may be too strict to
+ // force this; so instead, we'll just require the minimum
+ // salt length to be 8-byte which is what PKCS#5 recommends
+ // and openssl does.
+ if (salt.length < 8) {
+ throw new InvalidAlgorithmParameterException
+ ("Salt must be at least 8 bytes long");
+ }
+ if (iCount <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("IterationCount must be a positive number");
+ }
+ byte[] derivedKey = derive(passwdChars, salt, iCount,
+ keySize, CIPHER_KEY);
+ SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
+
+ if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
+ ((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
+
} else {
- salt = pbeParams.getSalt();
+ byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
+ CIPHER_IV);
+ IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
+
+ // initialize the underlying cipher
+ cipher.init(opmode, cipherKey, ivSpec, random);
}
- if (iCount != 0) {
- if (iCount != pbeParams.getIterationCount()) {
- throw new InvalidAlgorithmParameterException
- ("Different iteration count between key and params");
- }
- } else {
- iCount = pbeParams.getIterationCount();
- }
- }
- // salt is recommended to be ideally as long as the output
- // of the hash function. However, it may be too strict to
- // force this; so instead, we'll just require the minimum
- // salt length to be 8-byte which is what PKCS#5 recommends
- // and openssl does.
- if (salt.length < 8) {
- throw new InvalidAlgorithmParameterException
- ("Salt must be at least 8 bytes long");
- }
- if (iCount <= 0) {
- throw new InvalidAlgorithmParameterException
- ("IterationCount must be a positive number");
- }
- byte[] derivedKey = derive(passwdChars, salt, iCount,
- keySize, CIPHER_KEY);
- SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
-
- if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
- ((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
-
- } else {
- byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
- CIPHER_IV);
- IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
-
- // initialize the underlying cipher
- cipher.init(opmode, cipherKey, ivSpec, random);
+ } finally {
+ Arrays.fill(passwdChars, '\0');
}
}
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java b/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java
index 5a83d8b..5faefb6 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -329,7 +329,7 @@
if ((inLen == 0) || (in == null)) {
return;
}
- if (bufOfs + inLen > buffer.length) {
+ if (inLen > (buffer.length - bufOfs)) {
bufOfs = buffer.length + 1;
return;
}
diff --git a/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java b/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java
index d9a3188..0c059f5 100644
--- a/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java
+++ b/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java
@@ -382,17 +382,17 @@
// then reset the timeout.
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
- int socketTimeout = sslSocket.getSoTimeout();
if (!IS_HOSTNAME_VERIFICATION_DISABLED) {
SSLParameters param = sslSocket.getSSLParameters();
param.setEndpointIdentificationAlgorithm("LDAPS");
sslSocket.setSSLParameters(param);
}
if (connectTimeout > 0) {
+ int socketTimeout = sslSocket.getSoTimeout();
sslSocket.setSoTimeout(connectTimeout); // reuse full timeout value
+ sslSocket.startHandshake();
+ sslSocket.setSoTimeout(socketTimeout);
}
- sslSocket.startHandshake();
- sslSocket.setSoTimeout(socketTimeout);
}
return socket;
}
diff --git a/jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java b/jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java
index d3cdbc2..7806e86 100644
--- a/jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java
+++ b/jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -115,8 +115,8 @@
boolean isLdapv3; // Used by LdapCtx
int referenceCount = 1; // Used by LdapCtx for check for sharing
- Connection conn; // Connection to server; has reader thread
- // used by LdapCtx for StartTLS
+ final Connection conn; // Connection to server; has reader thread
+ // used by LdapCtx for StartTLS
final private PoolCallback pcb;
final private boolean pooled;
@@ -433,19 +433,17 @@
(new Throwable()).printStackTrace();
}
- if (referenceCount <= 0 && conn != null) {
+ if (referenceCount <= 0) {
if (debug > 0) System.err.println("LdapClient: closed connection " + this);
if (!pooled) {
// Not being pooled; continue with closing
conn.cleanup(reqCtls, false);
- conn = null;
} else {
// Pooled
// Is this a real close or a request to return conn to pool
if (hardClose) {
conn.cleanup(reqCtls, false);
- conn = null;
pcb.removePooledConnection(this);
} else {
pcb.releasePooledConnection(this);
@@ -462,15 +460,11 @@
System.err.println("LdapClient: forceClose() of " + this);
}
- if (conn != null) {
- if (debug > 0) System.err.println(
- "LdapClient: forced close of connection " + this);
- conn.cleanup(null, false);
- conn = null;
-
- if (cleanPool) {
- pcb.removePooledConnection(this);
- }
+ if (debug > 0) System.err.println(
+ "LdapClient: forced close of connection " + this);
+ conn.cleanup(null, false);
+ if (cleanPool) {
+ pcb.removePooledConnection(this);
}
}
@@ -567,7 +561,7 @@
* Abandon the search operation and remove it from the message queue.
*/
void clearSearchReply(LdapResult res, Control[] ctls) {
- if (res != null && conn != null) {
+ if (res != null) {
// Only send an LDAP abandon operation when clearing the search
// reply from a one-level or subtree search.
diff --git a/jdk/src/share/classes/java/awt/Robot.java b/jdk/src/share/classes/java/awt/Robot.java
index b431e45..0047819 100644
--- a/jdk/src/share/classes/java/awt/Robot.java
+++ b/jdk/src/share/classes/java/awt/Robot.java
@@ -391,6 +391,7 @@
* @return Color of the pixel
*/
public synchronized Color getPixelColor(int x, int y) {
+ checkScreenCaptureAllowed();
Color color = new Color(peer.getRGBPixel(x, y));
return color;
}
diff --git a/jdk/src/share/classes/java/math/BigDecimal.java b/jdk/src/share/classes/java/math/BigDecimal.java
index cab8480..3bb81a6 100644
--- a/jdk/src/share/classes/java/math/BigDecimal.java
+++ b/jdk/src/share/classes/java/math/BigDecimal.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,8 +29,8 @@
package java.math;
-import java.util.Arrays;
import static java.math.BigInteger.LONG_MASK;
+import java.util.Arrays;
/**
* Immutable, arbitrary-precision signed decimal numbers. A
@@ -407,9 +407,12 @@
* @since 1.5
*/
public BigDecimal(char[] in, int offset, int len, MathContext mc) {
- // protect against huge length.
- if (offset + len > in.length || offset < 0)
- throw new NumberFormatException("Bad offset or len arguments for char[] input.");
+ // protect against huge length, negative values, and integer overflow
+ if ((in.length | len | offset) < 0 || len > in.length - offset) {
+ throw new NumberFormatException
+ ("Bad offset or len arguments for char[] input.");
+ }
+
// This is the primary string to BigDecimal constructor; all
// incoming strings end up here; it uses explicit (inline)
// parsing for speed and generates at most one intermediate
diff --git a/jdk/src/share/classes/java/math/BigInteger.java b/jdk/src/share/classes/java/math/BigInteger.java
index e35c723..43052c1 100644
--- a/jdk/src/share/classes/java/math/BigInteger.java
+++ b/jdk/src/share/classes/java/math/BigInteger.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1161,6 +1161,14 @@
private static final double LOG_TWO = Math.log(2.0);
static {
+ assert 0 < KARATSUBA_THRESHOLD
+ && KARATSUBA_THRESHOLD < TOOM_COOK_THRESHOLD
+ && TOOM_COOK_THRESHOLD < Integer.MAX_VALUE
+ && 0 < KARATSUBA_SQUARE_THRESHOLD
+ && KARATSUBA_SQUARE_THRESHOLD < TOOM_COOK_SQUARE_THRESHOLD
+ && TOOM_COOK_SQUARE_THRESHOLD < Integer.MAX_VALUE :
+ "Algorithm thresholds are inconsistent";
+
for (int i = 1; i <= MAX_CONSTANT; i++) {
int[] magnitude = new int[1];
magnitude[0] = i;
@@ -1482,6 +1490,18 @@
* @return {@code this * val}
*/
public BigInteger multiply(BigInteger val) {
+ return multiply(val, false);
+ }
+
+ /**
+ * Returns a BigInteger whose value is {@code (this * val)}. If
+ * the invocation is recursive certain overflow checks are skipped.
+ *
+ * @param val value to be multiplied by this BigInteger.
+ * @param isRecursion whether this is a recursive invocation
+ * @return {@code this * val}
+ */
+ private BigInteger multiply(BigInteger val, boolean isRecursion) {
if (val.signum == 0 || signum == 0)
return ZERO;
@@ -1509,6 +1529,63 @@
if ((xlen < TOOM_COOK_THRESHOLD) && (ylen < TOOM_COOK_THRESHOLD)) {
return multiplyKaratsuba(this, val);
} else {
+ //
+ // In "Hacker's Delight" section 2-13, p.33, it is explained
+ // that if x and y are unsigned 32-bit quantities and m and n
+ // are their respective numbers of leading zeros within 32 bits,
+ // then the number of leading zeros within their product as a
+ // 64-bit unsigned quantity is either m + n or m + n + 1. If
+ // their product is not to overflow, it cannot exceed 32 bits,
+ // and so the number of leading zeros of the product within 64
+ // bits must be at least 32, i.e., the leftmost set bit is at
+ // zero-relative position 31 or less.
+ //
+ // From the above there are three cases:
+ //
+ // m + n leftmost set bit condition
+ // ----- ---------------- ---------
+ // >= 32 x <= 64 - 32 = 32 no overflow
+ // == 31 x >= 64 - 32 = 32 possible overflow
+ // <= 30 x >= 64 - 31 = 33 definite overflow
+ //
+ // The "possible overflow" condition cannot be detected by
+ // examning data lengths alone and requires further calculation.
+ //
+ // By analogy, if 'this' and 'val' have m and n as their
+ // respective numbers of leading zeros within 32*MAX_MAG_LENGTH
+ // bits, then:
+ //
+ // m + n >= 32*MAX_MAG_LENGTH no overflow
+ // m + n == 32*MAX_MAG_LENGTH - 1 possible overflow
+ // m + n <= 32*MAX_MAG_LENGTH - 2 definite overflow
+ //
+ // Note however that if the number of ints in the result
+ // were to be MAX_MAG_LENGTH and mag[0] < 0, then there would
+ // be overflow. As a result the leftmost bit (of mag[0]) cannot
+ // be used and the constraints must be adjusted by one bit to:
+ //
+ // m + n > 32*MAX_MAG_LENGTH no overflow
+ // m + n == 32*MAX_MAG_LENGTH possible overflow
+ // m + n < 32*MAX_MAG_LENGTH definite overflow
+ //
+ // The foregoing leading zero-based discussion is for clarity
+ // only. The actual calculations use the estimated bit length
+ // of the product as this is more natural to the internal
+ // array representation of the magnitude which has no leading
+ // zero elements.
+ //
+ if (!isRecursion) {
+ // The bitLength() instance method is not used here as we
+ // are only considering the magnitudes as non-negative. The
+ // Toom-Cook multiplication algorithm determines the sign
+ // at its end from the two signum values.
+ if (bitLength(mag, mag.length) +
+ bitLength(val.mag, val.mag.length) >
+ 32L*MAX_MAG_LENGTH) {
+ reportOverflow();
+ }
+ }
+
return multiplyToomCook3(this, val);
}
}
@@ -1587,7 +1664,7 @@
int ystart = ylen - 1;
if (z == null || z.length < (xlen+ ylen))
- z = new int[xlen+ylen];
+ z = new int[xlen+ylen];
long carry = 0;
for (int j=ystart, k=ystart+1+xstart; j >= 0; j--, k--) {
@@ -1709,16 +1786,16 @@
BigInteger v0, v1, v2, vm1, vinf, t1, t2, tm1, da1, db1;
- v0 = a0.multiply(b0);
+ v0 = a0.multiply(b0, true);
da1 = a2.add(a0);
db1 = b2.add(b0);
- vm1 = da1.subtract(a1).multiply(db1.subtract(b1));
+ vm1 = da1.subtract(a1).multiply(db1.subtract(b1), true);
da1 = da1.add(a1);
db1 = db1.add(b1);
- v1 = da1.multiply(db1);
+ v1 = da1.multiply(db1, true);
v2 = da1.add(a2).shiftLeft(1).subtract(a0).multiply(
- db1.add(b2).shiftLeft(1).subtract(b0));
- vinf = a2.multiply(b2);
+ db1.add(b2).shiftLeft(1).subtract(b0), true);
+ vinf = a2.multiply(b2, true);
// The algorithm requires two divisions by 2 and one by 3.
// All divisions are known to be exact, that is, they do not produce
@@ -1884,6 +1961,17 @@
* @return {@code this<sup>2</sup>}
*/
private BigInteger square() {
+ return square(false);
+ }
+
+ /**
+ * Returns a BigInteger whose value is {@code (this<sup>2</sup>)}. If
+ * the invocation is recursive certain overflow checks are skipped.
+ *
+ * @param isRecursion whether this is a recursive invocation
+ * @return {@code this<sup>2</sup>}
+ */
+ private BigInteger square(boolean isRecursion) {
if (signum == 0) {
return ZERO;
}
@@ -1896,6 +1984,15 @@
if (len < TOOM_COOK_SQUARE_THRESHOLD) {
return squareKaratsuba();
} else {
+ //
+ // For a discussion of overflow detection see multiply()
+ //
+ if (!isRecursion) {
+ if (bitLength(mag, mag.length) > 16L*MAX_MAG_LENGTH) {
+ reportOverflow();
+ }
+ }
+
return squareToomCook3();
}
}
@@ -2046,13 +2143,13 @@
a0 = getToomSlice(k, r, 2, len);
BigInteger v0, v1, v2, vm1, vinf, t1, t2, tm1, da1;
- v0 = a0.square();
+ v0 = a0.square(true);
da1 = a2.add(a0);
- vm1 = da1.subtract(a1).square();
+ vm1 = da1.subtract(a1).square(true);
da1 = da1.add(a1);
- v1 = da1.square();
- vinf = a2.square();
- v2 = da1.add(a2).shiftLeft(1).subtract(a0).square();
+ v1 = da1.square(true);
+ vinf = a2.square(true);
+ v2 = da1.add(a2).shiftLeft(1).subtract(a0).square(true);
// The algorithm requires two divisions by 2 and one by 3.
// All divisions are known to be exact, that is, they do not produce
@@ -2223,10 +2320,11 @@
// The remaining part can then be exponentiated faster. The
// powers of two will be multiplied back at the end.
int powersOfTwo = partToSquare.getLowestSetBit();
- long bitsToShift = (long)powersOfTwo * exponent;
- if (bitsToShift > Integer.MAX_VALUE) {
+ long bitsToShiftLong = (long)powersOfTwo * exponent;
+ if (bitsToShiftLong > Integer.MAX_VALUE) {
reportOverflow();
}
+ int bitsToShift = (int)bitsToShiftLong;
int remainingBits;
@@ -2236,9 +2334,9 @@
remainingBits = partToSquare.bitLength();
if (remainingBits == 1) { // Nothing left but +/- 1?
if (signum < 0 && (exponent&1) == 1) {
- return NEGATIVE_ONE.shiftLeft(powersOfTwo*exponent);
+ return NEGATIVE_ONE.shiftLeft(bitsToShift);
} else {
- return ONE.shiftLeft(powersOfTwo*exponent);
+ return ONE.shiftLeft(bitsToShift);
}
}
} else {
@@ -2283,13 +2381,16 @@
if (bitsToShift + scaleFactor <= 62) { // Fits in long?
return valueOf((result << bitsToShift) * newSign);
} else {
- return valueOf(result*newSign).shiftLeft((int) bitsToShift);
+ return valueOf(result*newSign).shiftLeft(bitsToShift);
}
- }
- else {
+ } else {
return valueOf(result*newSign);
}
} else {
+ if ((long)bitLength() * exponent / Integer.SIZE > MAX_MAG_LENGTH) {
+ reportOverflow();
+ }
+
// Large number algorithm. This is basically identical to
// the algorithm above, but calls multiply() and square()
// which may use more efficient algorithms for large numbers.
@@ -2309,7 +2410,7 @@
// Multiply back the (exponentiated) powers of two (quickly,
// by shifting left)
if (powersOfTwo > 0) {
- answer = answer.shiftLeft(powersOfTwo*exponent);
+ answer = answer.shiftLeft(bitsToShift);
}
if (signum < 0 && (exponent&1) == 1) {
@@ -3434,7 +3535,7 @@
for (int i=1; i< len && pow2; i++)
pow2 = (mag[i] == 0);
- n = (pow2 ? magBitLength -1 : magBitLength);
+ n = (pow2 ? magBitLength - 1 : magBitLength);
} else {
n = magBitLength;
}
diff --git a/jdk/src/share/classes/java/nio/Bits.java b/jdk/src/share/classes/java/nio/Bits.java
index 7711b5a5..53ba46c 100644
--- a/jdk/src/share/classes/java/nio/Bits.java
+++ b/jdk/src/share/classes/java/nio/Bits.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -835,31 +835,191 @@
}
}
- static void copyFromCharArray(Object src, long srcPos, long dstAddr,
- long length)
- {
- copyFromShortArray(src, srcPos, dstAddr, length);
+ /**
+ * Copy and unconditionally byte swap 16 bit elements from a heap array to off-heap memory
+ *
+ * @param src
+ * the source array, must be a 16-bit primitive array type
+ * @param srcPos
+ * byte offset within source array of the first element to read
+ * @param dstAddr
+ * destination address
+ * @param length
+ * number of bytes to copy
+ */
+ static void copyFromCharArray(Object src, long srcPos, long dstAddr, long length) {
+ copySwapMemory(src, unsafe.arrayBaseOffset(src.getClass()) + srcPos, null, dstAddr, length, 2);
}
- static void copyToCharArray(long srcAddr, Object dst, long dstPos,
- long length)
- {
- copyToShortArray(srcAddr, dst, dstPos, length);
+ /**
+ * Copy and unconditionally byte swap 16 bit elements from off-heap memory to a heap array
+ *
+ * @param srcAddr
+ * source address
+ * @param dst
+ * destination array, must be a 16-bit primitive array type
+ * @param dstPos
+ * byte offset within the destination array of the first element to write
+ * @param length
+ * number of bytes to copy
+ */
+ static void copyToCharArray(long srcAddr, Object dst, long dstPos, long length) {
+ copySwapMemory(null, srcAddr, dst, unsafe.arrayBaseOffset(dst.getClass()) + dstPos, length, 2);
}
- static native void copyFromShortArray(Object src, long srcPos, long dstAddr,
- long length);
- static native void copyToShortArray(long srcAddr, Object dst, long dstPos,
- long length);
+ /**
+ * Copy and unconditionally byte swap 16 bit elements from a heap array to off-heap memory
+ *
+ * @param src
+ * the source array, must be a 16-bit primitive array type
+ * @param srcPos
+ * byte offset within source array of the first element to read
+ * @param dstAddr
+ * destination address
+ * @param length
+ * number of bytes to copy
+ */
+ static void copyFromShortArray(Object src, long srcPos, long dstAddr, long length) {
+ copySwapMemory(src, unsafe.arrayBaseOffset(src.getClass()) + srcPos, null, dstAddr, length, 2);
+ }
- static native void copyFromIntArray(Object src, long srcPos, long dstAddr,
- long length);
- static native void copyToIntArray(long srcAddr, Object dst, long dstPos,
- long length);
+ /**
+ * Copy and unconditionally byte swap 16 bit elements from off-heap memory to a heap array
+ *
+ * @param srcAddr
+ * source address
+ * @param dst
+ * destination array, must be a 16-bit primitive array type
+ * @param dstPos
+ * byte offset within the destination array of the first element to write
+ * @param length
+ * number of bytes to copy
+ */
+ static void copyToShortArray(long srcAddr, Object dst, long dstPos, long length) {
+ copySwapMemory(null, srcAddr, dst, unsafe.arrayBaseOffset(dst.getClass()) + dstPos, length, 2);
+ }
- static native void copyFromLongArray(Object src, long srcPos, long dstAddr,
- long length);
- static native void copyToLongArray(long srcAddr, Object dst, long dstPos,
- long length);
+ /**
+ * Copy and unconditionally byte swap 32 bit elements from a heap array to off-heap memory
+ *
+ * @param src
+ * the source array, must be a 32-bit primitive array type
+ * @param srcPos
+ * byte offset within source array of the first element to read
+ * @param dstAddr
+ * destination address
+ * @param length
+ * number of bytes to copy
+ */
+ static void copyFromIntArray(Object src, long srcPos, long dstAddr, long length) {
+ copySwapMemory(src, unsafe.arrayBaseOffset(src.getClass()) + srcPos, null, dstAddr, length, 4);
+ }
+
+ /**
+ * Copy and unconditionally byte swap 32 bit elements from off-heap memory to a heap array
+ *
+ * @param srcAddr
+ * source address
+ * @param dst
+ * destination array, must be a 32-bit primitive array type
+ * @param dstPos
+ * byte offset within the destination array of the first element to write
+ * @param length
+ * number of bytes to copy
+ */
+ static void copyToIntArray(long srcAddr, Object dst, long dstPos, long length) {
+ copySwapMemory(null, srcAddr, dst, unsafe.arrayBaseOffset(dst.getClass()) + dstPos, length, 4);
+ }
+
+ /**
+ * Copy and unconditionally byte swap 64 bit elements from a heap array to off-heap memory
+ *
+ * @param src
+ * the source array, must be a 64-bit primitive array type
+ * @param srcPos
+ * byte offset within source array of the first element to read
+ * @param dstAddr
+ * destination address
+ * @param length
+ * number of bytes to copy
+ */
+ static void copyFromLongArray(Object src, long srcPos, long dstAddr, long length) {
+ copySwapMemory(src, unsafe.arrayBaseOffset(src.getClass()) + srcPos, null, dstAddr, length, 8);
+ }
+
+ /**
+ * Copy and unconditionally byte swap 64 bit elements from off-heap memory to a heap array
+ *
+ * @param srcAddr
+ * source address
+ * @param dst
+ * destination array, must be a 64-bit primitive array type
+ * @param dstPos
+ * byte offset within the destination array of the first element to write
+ * @param length
+ * number of bytes to copy
+ */
+ static void copyToLongArray(long srcAddr, Object dst, long dstPos, long length) {
+ copySwapMemory(null, srcAddr, dst, unsafe.arrayBaseOffset(dst.getClass()) + dstPos, length, 8);
+ }
+
+ private static boolean isPrimitiveArray(Class<?> c) {
+ Class<?> componentType = c.getComponentType();
+ return componentType != null && componentType.isPrimitive();
+ }
+
+ private native static void copySwapMemory0(Object srcBase, long srcOffset,
+ Object destBase, long destOffset,
+ long bytes, long elemSize);
+
+ /**
+ * Copies all elements from one block of memory to another block,
+ * *unconditionally* byte swapping the elements on the fly.
+ *
+ * <p>This method determines each block's base address by means of two parameters,
+ * and so it provides (in effect) a <em>double-register</em> addressing mode,
+ * as discussed in {@link sun.misc.Unsafe#getInt(Object,long)}. When the
+ * object reference is null, the offset supplies an absolute base address.
+ *
+ * @since 8u201
+ */
+ private static void copySwapMemory(Object srcBase, long srcOffset,
+ Object destBase, long destOffset,
+ long bytes, long elemSize) {
+ if (bytes < 0) {
+ throw new IllegalArgumentException();
+ }
+ if (elemSize != 2 && elemSize != 4 && elemSize != 8) {
+ throw new IllegalArgumentException();
+ }
+ if (bytes % elemSize != 0) {
+ throw new IllegalArgumentException();
+ }
+ if ((srcBase == null && srcOffset == 0) ||
+ (destBase == null && destOffset == 0)) {
+ throw new NullPointerException();
+ }
+
+ // Must be off-heap, or primitive heap arrays
+ if (srcBase != null && (srcOffset < 0 || !isPrimitiveArray(srcBase.getClass()))) {
+ throw new IllegalArgumentException();
+ }
+ if (destBase != null && (destOffset < 0 || !isPrimitiveArray(destBase.getClass()))) {
+ throw new IllegalArgumentException();
+ }
+
+ // Sanity check size and offsets on 32-bit platforms. Most
+ // significant 32 bits must be zero.
+ if (unsafe.addressSize() == 4 &&
+ (bytes >>> 32 != 0 || srcOffset >>> 32 != 0 || destOffset >>> 32 != 0)) {
+ throw new IllegalArgumentException();
+ }
+
+ if (bytes == 0) {
+ return;
+ }
+
+ copySwapMemory0(srcBase, srcOffset, destBase, destOffset, bytes, elemSize);
+ }
}
diff --git a/jdk/src/share/classes/java/time/chrono/JapaneseEra.java b/jdk/src/share/classes/java/time/chrono/JapaneseEra.java
index a33efcd..5d5f7eb 100644
--- a/jdk/src/share/classes/java/time/chrono/JapaneseEra.java
+++ b/jdk/src/share/classes/java/time/chrono/JapaneseEra.java
@@ -73,6 +73,7 @@
import java.io.Serializable;
import java.time.DateTimeException;
import java.time.LocalDate;
+import java.time.format.DateTimeFormatterBuilder;
import java.time.format.TextStyle;
import java.time.temporal.ChronoField;
import java.time.temporal.TemporalField;
@@ -252,7 +253,12 @@
Objects.requireNonNull(locale, "locale");
return style.asNormal() == TextStyle.NARROW ? getAbbreviation() : getName();
}
- return Era.super.getDisplayName(style, locale);
+
+ return new DateTimeFormatterBuilder()
+ .appendText(ERA, style)
+ .toFormatter(locale)
+ .withChronology(JapaneseChronology.INSTANCE)
+ .format(this == MEIJI ? MEIJI_6_ISODATE : since);
}
//-----------------------------------------------------------------------
diff --git a/jdk/src/share/classes/javax/crypto/spec/PBEKeySpec.java b/jdk/src/share/classes/javax/crypto/spec/PBEKeySpec.java
index 239231d..8f8d141 100644
--- a/jdk/src/share/classes/javax/crypto/spec/PBEKeySpec.java
+++ b/jdk/src/share/classes/javax/crypto/spec/PBEKeySpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
package javax.crypto.spec;
import java.security.spec.KeySpec;
+import java.util.Arrays;
/**
* A user-chosen password that can be used with password-based encryption
@@ -174,9 +175,7 @@
*/
public final void clearPassword() {
if (password != null) {
- for (int i = 0; i < password.length; i++) {
- password[i] = ' ';
- }
+ Arrays.fill(password, ' ');
password = null;
}
}
diff --git a/jdk/src/share/classes/sun/misc/URLClassPath.java b/jdk/src/share/classes/sun/misc/URLClassPath.java
index b7d8594..6e03510 100644
--- a/jdk/src/share/classes/sun/misc/URLClassPath.java
+++ b/jdk/src/share/classes/sun/misc/URLClassPath.java
@@ -90,7 +90,7 @@
// This property will be removed in a later release
p = AccessController.doPrivileged(
- new GetPropertyAction("jdk.net.URLClassPath.disableClassPathURLCheck"));
+ new GetPropertyAction("jdk.net.URLClassPath.disableClassPathURLCheck", "true"));
DISABLE_CP_URL_CHECK = p != null ? p.equals("true") || p.isEmpty() : false;
DEBUG_CP_URL_CHECK = "debug".equals(p);
diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java b/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java
index 9288631..f227d4d 100644
--- a/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java
@@ -33,8 +33,7 @@
* credentials without prompting) should only be tried with trusted sites.
*/
public abstract class NTLMAuthenticationCallback {
- private static volatile NTLMAuthenticationCallback callback =
- new DefaultNTLMAuthenticationCallback();
+ private static volatile NTLMAuthenticationCallback callback;
public static void setNTLMAuthenticationCallback(
NTLMAuthenticationCallback callback) {
@@ -50,10 +49,5 @@
* transparent Authentication.
*/
public abstract boolean isTrustedSite(URL url);
-
- static class DefaultNTLMAuthenticationCallback extends NTLMAuthenticationCallback {
- @Override
- public boolean isTrustedSite(URL url) { return true; }
- }
}
diff --git a/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java b/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java
index d1a0f3d..16dca49 100644
--- a/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java
+++ b/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java
@@ -551,11 +551,10 @@
{
// Untrusted target: Use a newly-erased buffer
int c = Math.min(icount, TRANSFER_SIZE);
- ByteBuffer bb = Util.getTemporaryDirectBuffer(c);
+ ByteBuffer bb = ByteBuffer.allocate(c);
long tw = 0; // Total bytes written
long pos = position;
try {
- Util.erase(bb);
while (tw < icount) {
bb.limit(Math.min((int)(icount - tw), TRANSFER_SIZE));
int nr = read(bb, pos);
@@ -576,8 +575,6 @@
if (tw > 0)
return tw;
throw x;
- } finally {
- Util.releaseTemporaryDirectBuffer(bb);
}
}
@@ -661,11 +658,10 @@
{
// Untrusted target: Use a newly-erased buffer
int c = (int)Math.min(count, TRANSFER_SIZE);
- ByteBuffer bb = Util.getTemporaryDirectBuffer(c);
+ ByteBuffer bb = ByteBuffer.allocate(c);
long tw = 0; // Total bytes written
long pos = position;
try {
- Util.erase(bb);
while (tw < count) {
bb.limit((int)Math.min((count - tw), (long)TRANSFER_SIZE));
// ## Bug: Will block reading src if this channel
@@ -686,8 +682,6 @@
if (tw > 0)
return tw;
throw x;
- } finally {
- Util.releaseTemporaryDirectBuffer(bb);
}
}
diff --git a/jdk/src/share/classes/sun/print/RasterPrinterJob.java b/jdk/src/share/classes/sun/print/RasterPrinterJob.java
index 394a56c..6c1be64 100644
--- a/jdk/src/share/classes/sun/print/RasterPrinterJob.java
+++ b/jdk/src/share/classes/sun/print/RasterPrinterJob.java
@@ -844,17 +844,16 @@
}
protected PageFormat getPageFormatFromAttributes() {
- if (attributes == null || attributes.isEmpty()) {
+ Pageable pageable = null;
+ if (attributes == null || attributes.isEmpty() ||
+ !((pageable = getPageable()) instanceof OpenBook)) {
return null;
}
PageFormat newPf = attributeToPageFormat(
getPrintService(), attributes);
PageFormat oldPf = null;
- Pageable pageable = getPageable();
- if ((pageable != null) &&
- (pageable instanceof OpenBook) &&
- ((oldPf = pageable.getPageFormat(0)) != null)) {
+ if ((oldPf = pageable.getPageFormat(0)) != null) {
// If orientation, media, imageable area attributes are not in
// "attributes" set, then use respective values of the existing
// page format "oldPf".
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java b/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
index b969258..adfc633 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -472,6 +472,10 @@
if (len == 0) {
return;
}
+ // check for overflow
+ if (len + bytesProcessed < 0) {
+ throw new ProviderException("Processed bytes limits exceeded.");
+ }
switch (type) {
case T_UPDATE:
try {
diff --git a/jdk/src/share/classes/sun/security/provider/DSA.java b/jdk/src/share/classes/sun/security/provider/DSA.java
index 98e2de9..6f08f90 100644
--- a/jdk/src/share/classes/sun/security/provider/DSA.java
+++ b/jdk/src/share/classes/sun/security/provider/DSA.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -491,7 +491,7 @@
}
}
protected void engineUpdate(byte[] input, int offset, int len) {
- if (ofs + len > digestBuffer.length) {
+ if (len > (digestBuffer.length - ofs)) {
ofs = Integer.MAX_VALUE;
} else {
System.arraycopy(input, offset, digestBuffer, ofs, len);
@@ -500,7 +500,7 @@
}
protected final void engineUpdate(ByteBuffer input) {
int inputLen = input.remaining();
- if (ofs + inputLen > digestBuffer.length) {
+ if (inputLen > (digestBuffer.length - ofs)) {
ofs = Integer.MAX_VALUE;
} else {
input.get(digestBuffer, ofs, inputLen);
diff --git a/jdk/src/share/classes/sun/security/provider/DigestBase.java b/jdk/src/share/classes/sun/security/provider/DigestBase.java
index 98af71a..c3ac4ac 100644
--- a/jdk/src/share/classes/sun/security/provider/DigestBase.java
+++ b/jdk/src/share/classes/sun/security/provider/DigestBase.java
@@ -28,6 +28,7 @@
import java.security.MessageDigestSpi;
import java.security.DigestException;
import java.security.ProviderException;
+import java.util.Arrays;
/**
* Common base message digest implementation for the Sun provider.
@@ -151,6 +152,7 @@
implReset();
bufOfs = 0;
bytesProcessed = 0;
+ Arrays.fill(buffer, (byte) 0x00);
}
// return the digest. See JCA doc.
diff --git a/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java b/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java
index 6145666..409af47 100644
--- a/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java
+++ b/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -132,18 +132,20 @@
throw new UnrecoverableKeyException("Password must not be null");
}
- KeyProtector keyProtector = new KeyProtector(password);
+ byte[] passwordBytes = convertToBytes(password);
+ KeyProtector keyProtector = new KeyProtector(passwordBytes);
byte[] encrBytes = ((KeyEntry)entry).protectedPrivKey;
EncryptedPrivateKeyInfo encrInfo;
- byte[] plain;
try {
encrInfo = new EncryptedPrivateKeyInfo(encrBytes);
+ return keyProtector.recover(encrInfo);
} catch (IOException ioe) {
throw new UnrecoverableKeyException("Private key not stored as "
+ "PKCS #8 "
+ "EncryptedPrivateKeyInfo");
+ } finally {
+ Arrays.fill(passwordBytes, (byte) 0x00);
}
- return keyProtector.recover(encrInfo);
}
/**
@@ -252,7 +254,8 @@
Certificate[] chain)
throws KeyStoreException
{
- KeyProtector keyProtector = null;
+ KeyProtector keyProtector;
+ byte[] passwordBytes = null;
if (!(key instanceof java.security.PrivateKey)) {
throw new KeyStoreException("Cannot store non-PrivateKeys");
@@ -263,7 +266,8 @@
entry.date = new Date();
// Protect the encoding of the key
- keyProtector = new KeyProtector(password);
+ passwordBytes = convertToBytes(password);
+ keyProtector = new KeyProtector(passwordBytes);
entry.protectedPrivKey = keyProtector.protect(key);
// clone the chain
@@ -279,7 +283,8 @@
} catch (NoSuchAlgorithmException nsae) {
throw new KeyStoreException("Key protection algorithm not found");
} finally {
- keyProtector = null;
+ if (passwordBytes != null)
+ Arrays.fill(passwordBytes, (byte) 0x00);
}
}
@@ -793,18 +798,26 @@
private MessageDigest getPreKeyedHash(char[] password)
throws NoSuchAlgorithmException, UnsupportedEncodingException
{
- int i, j;
MessageDigest md = MessageDigest.getInstance("SHA");
+ byte[] passwdBytes = convertToBytes(password);
+ md.update(passwdBytes);
+ Arrays.fill(passwdBytes, (byte) 0x00);
+ md.update("Mighty Aphrodite".getBytes("UTF8"));
+ return md;
+ }
+
+ /**
+ * Helper method to convert char[] to byte[]
+ */
+
+ private byte[] convertToBytes(char[] password) {
+ int i, j;
byte[] passwdBytes = new byte[password.length * 2];
for (i=0, j=0; i<password.length; i++) {
passwdBytes[j++] = (byte)(password[i] >> 8);
passwdBytes[j++] = (byte)password[i];
}
- md.update(passwdBytes);
- for (i=0; i<passwdBytes.length; i++)
- passwdBytes[i] = 0;
- md.update("Mighty Aphrodite".getBytes("UTF8"));
- return md;
+ return passwdBytes;
}
}
diff --git a/jdk/src/share/classes/sun/security/provider/KeyProtector.java b/jdk/src/share/classes/sun/security/provider/KeyProtector.java
index ef7a1f4..b0d798a 100644
--- a/jdk/src/share/classes/sun/security/provider/KeyProtector.java
+++ b/jdk/src/share/classes/sun/security/provider/KeyProtector.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -119,28 +119,15 @@
/**
* Creates an instance of this class, and initializes it with the given
* password.
- *
- * <p>The password is expected to be in printable ASCII.
- * Normal rules for good password selection apply: at least
- * seven characters, mixed case, with punctuation encouraged.
- * Phrases or words which are easily guessed, for example by
- * being found in dictionaries, are bad.
*/
- public KeyProtector(char[] password)
+ public KeyProtector(byte[] passwordBytes)
throws NoSuchAlgorithmException
{
- int i, j;
-
- if (password == null) {
+ if (passwordBytes == null) {
throw new IllegalArgumentException("password can't be null");
}
md = MessageDigest.getInstance(DIGEST_ALG);
- // Convert password to byte array, so that it can be digested
- passwdBytes = new byte[password.length * 2];
- for (i=0, j=0; i<password.length; i++) {
- passwdBytes[j++] = (byte)(password[i] >> 8);
- passwdBytes[j++] = (byte)password[i];
- }
+ this.passwdBytes = passwordBytes;
}
/**
diff --git a/jdk/src/share/classes/sun/security/provider/MD4.java b/jdk/src/share/classes/sun/security/provider/MD4.java
index 346bc9d..454c441 100644
--- a/jdk/src/share/classes/sun/security/provider/MD4.java
+++ b/jdk/src/share/classes/sun/security/provider/MD4.java
@@ -26,6 +26,7 @@
package sun.security.provider;
import java.security.*;
+import java.util.Arrays;
import static sun.security.provider.ByteArrayAccess.*;
@@ -90,7 +91,7 @@
super("MD4", 16, 64);
state = new int[4];
x = new int[16];
- implReset();
+ resetHashes();
}
// clone this object
@@ -106,6 +107,12 @@
*/
void implReset() {
// Load magic initialization constants.
+ resetHashes();
+ // clear out old data
+ Arrays.fill(x, 0);
+ }
+
+ private void resetHashes() {
state[0] = 0x67452301;
state[1] = 0xefcdab89;
state[2] = 0x98badcfe;
diff --git a/jdk/src/share/classes/sun/security/provider/MD5.java b/jdk/src/share/classes/sun/security/provider/MD5.java
index c9747de..c168ace 100644
--- a/jdk/src/share/classes/sun/security/provider/MD5.java
+++ b/jdk/src/share/classes/sun/security/provider/MD5.java
@@ -25,6 +25,8 @@
package sun.security.provider;
+import java.util.Arrays;
+
import static sun.security.provider.ByteArrayAccess.*;
/**
@@ -66,7 +68,7 @@
super("MD5", 16, 64);
state = new int[4];
x = new int[16];
- implReset();
+ resetHashes();
}
// clone this object
@@ -82,6 +84,12 @@
*/
void implReset() {
// Load magic initialization constants.
+ resetHashes();
+ // clear out old data
+ Arrays.fill(x, 0);
+ }
+
+ private void resetHashes() {
state[0] = 0x67452301;
state[1] = 0xefcdab89;
state[2] = 0x98badcfe;
diff --git a/jdk/src/share/classes/sun/security/provider/SHA.java b/jdk/src/share/classes/sun/security/provider/SHA.java
index 05a936b..24dc0b2 100644
--- a/jdk/src/share/classes/sun/security/provider/SHA.java
+++ b/jdk/src/share/classes/sun/security/provider/SHA.java
@@ -25,6 +25,8 @@
package sun.security.provider;
+import java.util.Arrays;
+
import static sun.security.provider.ByteArrayAccess.*;
/**
@@ -59,7 +61,7 @@
super("SHA-1", 20, 64);
state = new int[5];
W = new int[80];
- implReset();
+ resetHashes();
}
/*
@@ -76,6 +78,13 @@
* Resets the buffers and hash value to start a new hash.
*/
void implReset() {
+ // Load magic initialization constants.
+ resetHashes();
+ // clear out old data
+ Arrays.fill(W, 0);
+ }
+
+ private void resetHashes() {
state[0] = 0x67452301;
state[1] = 0xefcdab89;
state[2] = 0x98badcfe;
diff --git a/jdk/src/share/classes/sun/security/provider/SHA2.java b/jdk/src/share/classes/sun/security/provider/SHA2.java
index 23007c9..6f34c8d 100644
--- a/jdk/src/share/classes/sun/security/provider/SHA2.java
+++ b/jdk/src/share/classes/sun/security/provider/SHA2.java
@@ -25,6 +25,8 @@
package sun.security.provider;
+import java.util.Arrays;
+
import static sun.security.provider.ByteArrayAccess.*;
/**
@@ -80,13 +82,18 @@
this.initialHashes = initialHashes;
state = new int[8];
W = new int[64];
- implReset();
+ resetHashes();
}
/**
* Resets the buffers and hash value to start a new hash.
*/
void implReset() {
+ resetHashes();
+ Arrays.fill(W, 0);
+ }
+
+ private void resetHashes() {
System.arraycopy(initialHashes, 0, state, 0, state.length);
}
diff --git a/jdk/src/share/classes/sun/security/provider/SHA5.java b/jdk/src/share/classes/sun/security/provider/SHA5.java
index 4ba3037..90c1252 100644
--- a/jdk/src/share/classes/sun/security/provider/SHA5.java
+++ b/jdk/src/share/classes/sun/security/provider/SHA5.java
@@ -25,8 +25,7 @@
package sun.security.provider;
-import java.security.*;
-import java.math.BigInteger;
+import java.util.Arrays;
import static sun.security.provider.ByteArrayAccess.*;
@@ -98,10 +97,15 @@
this.initialHashes = initialHashes;
state = new long[8];
W = new long[80];
- implReset();
+ resetHashes();
}
final void implReset() {
+ resetHashes();
+ Arrays.fill(W, 0L);
+ }
+
+ private void resetHashes() {
System.arraycopy(initialHashes, 0, state, 0, state.length);
}
diff --git a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java
index 57dc512..205f72e 100644
--- a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java
+++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java
@@ -29,6 +29,7 @@
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXBuilderParameters;
import java.util.*;
+import java.util.stream.Collectors;
import java.util.zip.*;
import java.util.jar.*;
import java.math.BigInteger;
@@ -101,6 +102,7 @@
private static final String P11KEYSTORE = "PKCS11";
private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds
+ private static final long ONE_YEAR = 366*24*60*60*1000L;
private static final DisabledAlgorithmConstraints DISABLED_CHECK =
new DisabledAlgorithmConstraints(
@@ -111,6 +113,14 @@
private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections
.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
+ static final String VERSION = "1.0";
+
+ static final int IN_KEYSTORE = 0x01; // signer is in keystore
+ static final int IN_SCOPE = 0x02;
+ static final int NOT_ALIAS = 0x04; // alias list is NOT empty and
+ // signer is not in alias list
+ static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list
+
// Attention:
// This is the entry that get launched by the security tool jarsigner.
public static void main(String args[]) throws Exception {
@@ -118,14 +128,6 @@
js.run(args);
}
- static final String VERSION = "1.0";
-
- static final int IN_KEYSTORE = 0x01; // signer is in keystore
- static final int IN_SCOPE = 0x02;
- static final int NOT_ALIAS = 0x04; // alias list is NOT empty and
- // signer is not in alias list
- static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list
-
X509Certificate[] certChain; // signer's cert chain (when composing)
PrivateKey privateKey; // private key
KeyStore store; // the keystore specified by -keystore
@@ -172,8 +174,16 @@
// Informational warnings
private boolean hasExpiringCert = false;
- private boolean noTimestamp = false;
- private Date expireDate = new Date(0L); // used in noTimestamp warning
+ private boolean hasExpiringTsaCert = false;
+ private boolean noTimestamp = true;
+
+ // Expiration date. The value could be null if signed by a trusted cert.
+ private Date expireDate = null;
+ private Date tsaExpireDate = null;
+
+ // If there is a time stamp block inside the PKCS7 block file
+ boolean hasTimestampBlock = false;
+
// Severe warnings.
@@ -186,6 +196,7 @@
private int weakAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg
private boolean hasExpiredCert = false;
+ private boolean hasExpiredTsaCert = false;
private boolean notYetValidCert = false;
private boolean chainNotValidated = false;
private boolean tsaChainNotValidated = false;
@@ -203,6 +214,7 @@
private boolean seeWeak = false;
PKIXBuilderParameters pkixParameters;
+ Set<X509Certificate> trustedCerts = new HashSet<>();
public void run(String args[]) {
try {
@@ -289,8 +301,8 @@
if (strict) {
int exitCode = 0;
- if (weakAlg != 0 || chainNotValidated
- || hasExpiredCert || notYetValidCert || signerSelfSigned) {
+ if (weakAlg != 0 || chainNotValidated || hasExpiredCert
+ || hasExpiredTsaCert || notYetValidCert || signerSelfSigned) {
exitCode |= 4;
}
if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) {
@@ -825,9 +837,6 @@
System.out.println(rb.getString("no.manifest."));
}
- // If there is a time stamp block inside the PKCS7 block file
- boolean hasTimestampBlock = false;
-
// Even if the verbose option is not specified, all out strings
// must be generated so seeWeak can be updated.
if (!digestMap.isEmpty()
@@ -913,8 +922,9 @@
System.out.println();
// If signer is a trusted cert or private entry in user's own
- // keystore, it can be self-signed.
- if (!aliasNotInStore) {
+ // keystore, it can be self-signed. Please note aliasNotInStore
+ // is always false when ~/.keystore is used.
+ if (!aliasNotInStore && keystore != null) {
signerSelfSigned = false;
}
@@ -934,116 +944,7 @@
System.out.println(rb.getString("jar.is.unsigned"));
}
} else {
- boolean warningAppeared = false;
- boolean errorAppeared = false;
- if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
- notYetValidCert || chainNotValidated || hasExpiredCert ||
- hasUnsignedEntry || signerSelfSigned || (weakAlg != 0) ||
- aliasNotInStore || notSignedByAlias || tsaChainNotValidated) {
-
- if (strict) {
- System.out.println(rb.getString("jar.verified.with.signer.errors."));
- System.out.println();
- System.out.println(rb.getString("Error."));
- errorAppeared = true;
- } else {
- System.out.println(rb.getString("jar.verified."));
- System.out.println();
- System.out.println(rb.getString("Warning."));
- warningAppeared = true;
- }
-
- if (weakAlg != 0) {
- // In fact, jarsigner verification did not catch this
- // since it has not read the JarFile content itself.
- // Everything is done with JarFile API.
- }
-
- if (badKeyUsage) {
- System.out.println(
- rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
- }
-
- if (badExtendedKeyUsage) {
- System.out.println(
- rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
- }
-
- if (badNetscapeCertType) {
- System.out.println(
- rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
- }
-
- if (hasUnsignedEntry) {
- System.out.println(rb.getString(
- "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked."));
- }
- if (hasExpiredCert) {
- System.out.println(rb.getString(
- "This.jar.contains.entries.whose.signer.certificate.has.expired."));
- }
- if (notYetValidCert) {
- System.out.println(rb.getString(
- "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
- }
-
- if (chainNotValidated) {
- System.out.println(String.format(
- rb.getString("This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1"),
- chainNotValidatedReason.getLocalizedMessage()));
- }
-
- if (tsaChainNotValidated) {
- System.out.println(String.format(
- rb.getString("This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1"),
- tsaChainNotValidatedReason.getLocalizedMessage()));
- }
-
- if (notSignedByAlias) {
- System.out.println(
- rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es."));
- }
-
- if (aliasNotInStore) {
- System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
- }
-
- if (signerSelfSigned) {
- System.out.println(rb.getString(
- "This.jar.contains.entries.whose.signer.certificate.is.self.signed."));
- }
- } else {
- System.out.println(rb.getString("jar.verified."));
- }
- if (hasExpiringCert || noTimestamp) {
- if (!warningAppeared) {
- System.out.println();
- System.out.println(rb.getString("Warning."));
- warningAppeared = true;
- }
- if (hasExpiringCert) {
- System.out.println(rb.getString(
- "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
- }
- if (noTimestamp) {
- if (hasTimestampBlock) {
- // JarSigner API has not seen the timestamp,
- // might have ignored it due to weak alg, etc.
- System.out.println(
- String.format(rb.getString("bad.timestamp.verifying"), expireDate));
- } else {
- System.out.println(
- String.format(rb.getString("no.timestamp.verifying"), expireDate));
- }
- }
- }
- if (warningAppeared || errorAppeared) {
- if (! (verbose != null && showcerts)) {
- System.out.println();
- System.out.println(rb.getString(
- "Re.run.with.the.verbose.and.certs.options.for.more.details."));
- }
- }
+ displayMessagesAndResult(false);
}
return;
} catch (Exception e) {
@@ -1060,6 +961,230 @@
System.exit(1);
}
+ private void displayMessagesAndResult(boolean isSigning) {
+ String result;
+ List<String> errors = new ArrayList<>();
+ List<String> warnings = new ArrayList<>();
+ List<String> info = new ArrayList<>();
+
+ boolean signerNotExpired = expireDate == null
+ || expireDate.after(new Date());
+
+ if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
+ notYetValidCert || chainNotValidated || hasExpiredCert ||
+ hasUnsignedEntry || signerSelfSigned || (weakAlg != 0) ||
+ aliasNotInStore || notSignedByAlias ||
+ tsaChainNotValidated ||
+ (hasExpiredTsaCert && !signerNotExpired)) {
+
+ if (strict) {
+ result = rb.getString(isSigning
+ ? "jar.signed.with.signer.errors."
+ : "jar.verified.with.signer.errors.");
+ } else {
+ result = rb.getString(isSigning
+ ? "jar.signed."
+ : "jar.verified.");
+ }
+
+ if (badKeyUsage) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."
+ : "This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
+ }
+
+ if (badExtendedKeyUsage) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."
+ : "This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
+ }
+
+ if (badNetscapeCertType) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."
+ : "This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
+ }
+
+ // only in verifying
+ if (hasUnsignedEntry) {
+ errors.add(rb.getString(
+ "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked."));
+ }
+ if (hasExpiredCert) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.has.expired."
+ : "This.jar.contains.entries.whose.signer.certificate.has.expired."));
+ }
+ if (notYetValidCert) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.certificate.is.not.yet.valid."
+ : "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
+ }
+
+ if (chainNotValidated) {
+ errors.add(String.format(rb.getString(isSigning
+ ? "The.signer.s.certificate.chain.is.invalid.reason.1"
+ : "This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1"),
+ chainNotValidatedReason.getLocalizedMessage()));
+ }
+
+ if (hasExpiredTsaCert) {
+ errors.add(rb.getString("The.timestamp.has.expired."));
+ }
+ if (tsaChainNotValidated) {
+ errors.add(String.format(rb.getString(isSigning
+ ? "The.tsa.certificate.chain.is.invalid.reason.1"
+ : "This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1"),
+ tsaChainNotValidatedReason.getLocalizedMessage()));
+ }
+
+ // only in verifying
+ if (notSignedByAlias) {
+ errors.add(
+ rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es."));
+ }
+
+ // only in verifying
+ if (aliasNotInStore) {
+ errors.add(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
+ }
+
+ if (signerSelfSigned) {
+ errors.add(rb.getString(isSigning
+ ? "The.signer.s.certificate.is.self.signed."
+ : "This.jar.contains.entries.whose.signer.certificate.is.self.signed."));
+ }
+
+ // weakAlg only detected in signing. The jar file is
+ // now simply treated unsigned in verifying.
+ if ((weakAlg & 1) == 1) {
+ errors.add(String.format(
+ rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
+ digestalg, "-digestalg"));
+ }
+
+ if ((weakAlg & 2) == 2) {
+ errors.add(String.format(
+ rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
+ sigalg, "-sigalg"));
+ }
+ if ((weakAlg & 4) == 4) {
+ errors.add(String.format(
+ rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
+ tSADigestAlg, "-tsadigestalg"));
+ }
+ if ((weakAlg & 8) == 8) {
+ errors.add(String.format(
+ rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk."),
+ privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
+ }
+ } else {
+ result = rb.getString(isSigning ? "jar.signed." : "jar.verified.");
+ }
+
+ if (hasExpiredTsaCert) {
+ // No need to warn about expiring if already expired
+ hasExpiringTsaCert = false;
+ }
+
+ if (hasExpiringCert ||
+ (hasExpiringTsaCert && expireDate != null) ||
+ (noTimestamp && expireDate != null) ||
+ (hasExpiredTsaCert && signerNotExpired)) {
+
+ if (hasExpiredTsaCert && signerNotExpired) {
+ if (expireDate != null) {
+ warnings.add(String.format(
+ rb.getString("The.timestamp.expired.1.but.usable.2"),
+ tsaExpireDate,
+ expireDate));
+ }
+ // Reset the flag so exit code is 0
+ hasExpiredTsaCert = false;
+ }
+ if (hasExpiringCert) {
+ warnings.add(rb.getString(isSigning
+ ? "The.signer.certificate.will.expire.within.six.months."
+ : "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
+ }
+ if (hasExpiringTsaCert && expireDate != null) {
+ if (expireDate.after(tsaExpireDate)) {
+ warnings.add(String.format(rb.getString(
+ "The.timestamp.will.expire.within.one.year.on.1.but.2"), tsaExpireDate, expireDate));
+ } else {
+ warnings.add(String.format(rb.getString(
+ "The.timestamp.will.expire.within.one.year.on.1"), tsaExpireDate));
+ }
+ }
+ if (noTimestamp && expireDate != null) {
+ if (hasTimestampBlock) {
+ warnings.add(String.format(rb.getString(isSigning
+ ? "invalid.timestamp.signing"
+ : "bad.timestamp.verifying"), expireDate));
+ } else {
+ warnings.add(String.format(rb.getString(isSigning
+ ? "no.timestamp.signing"
+ : "no.timestamp.verifying"), expireDate));
+ }
+ }
+ }
+
+ System.out.println(result);
+ if (strict) {
+ if (!errors.isEmpty()) {
+ System.out.println();
+ System.out.println(rb.getString("Error."));
+ errors.forEach(System.out::println);
+ }
+ if (!warnings.isEmpty()) {
+ System.out.println();
+ System.out.println(rb.getString("Warning."));
+ warnings.forEach(System.out::println);
+ }
+ } else {
+ if (!errors.isEmpty() || !warnings.isEmpty()) {
+ System.out.println();
+ System.out.println(rb.getString("Warning."));
+ errors.forEach(System.out::println);
+ warnings.forEach(System.out::println);
+ }
+ }
+ if (!isSigning && (!errors.isEmpty() || !warnings.isEmpty())) {
+ if (! (verbose != null && showcerts)) {
+ System.out.println();
+ System.out.println(rb.getString(
+ "Re.run.with.the.verbose.and.certs.options.for.more.details."));
+ }
+ }
+
+ if (isSigning || verbose != null) {
+ // Always print out expireDate, unless expired or expiring.
+ if (!hasExpiringCert && !hasExpiredCert
+ && expireDate != null && signerNotExpired) {
+ info.add(String.format(rb.getString(
+ "The.signer.certificate.will.expire.on.1."), expireDate));
+ }
+ if (!noTimestamp) {
+ if (!hasExpiringTsaCert && !hasExpiredTsaCert && tsaExpireDate != null) {
+ if (signerNotExpired) {
+ info.add(String.format(rb.getString(
+ "The.timestamp.will.expire.on.1."), tsaExpireDate));
+ } else {
+ info.add(String.format(rb.getString(
+ "signer.cert.expired.1.but.timestamp.good.2."),
+ expireDate,
+ tsaExpireDate));
+ }
+ }
+ }
+ }
+
+ if (!info.isEmpty()) {
+ System.out.println();
+ info.forEach(System.out::println);
+ }
+ }
+
private String withWeak(String alg, Set<CryptoPrimitive> primitiveSet) {
if (DISABLED_CHECK.permits(primitiveSet, alg, null)) {
return alg;
@@ -1094,8 +1219,9 @@
*
* Note: no newline character at the end.
*
- * When isTsCert is true, this method sets global flags like hasExpiredCert,
- * notYetValidCert, badKeyUsage, badExtendedKeyUsage, badNetscapeCertType.
+ * This method sets global flags like hasExpiringCert, hasExpiredCert,
+ * notYetValidCert, badKeyUsage, badExtendedKeyUsage, badNetscapeCertType,
+ * hasExpiringTsaCert, hasExpiredTsaCert.
*
* @param isTsCert true if c is in the TSA cert chain, false otherwise.
* @param checkUsage true to check code signer keyUsage
@@ -1124,55 +1250,75 @@
if (x509Cert != null) {
certStr.append("\n").append(tab).append("[");
- Date notAfter = x509Cert.getNotAfter();
- try {
- boolean printValidity = true;
- if (timestamp == null) {
- if (expireDate.getTime() == 0 || expireDate.after(notAfter)) {
- expireDate = notAfter;
- }
- x509Cert.checkValidity();
- // test if cert will expire within six months
- if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) {
- if (!isTsCert) hasExpiringCert = true;
- if (expiringTimeForm == null) {
- expiringTimeForm = new MessageFormat(
- rb.getString("certificate.will.expire.on"));
+
+ if (trustedCerts.contains(x509Cert)) {
+ certStr.append(rb.getString("trusted.certificate"));
+ } else {
+ Date notAfter = x509Cert.getNotAfter();
+ try {
+ boolean printValidity = true;
+ if (isTsCert) {
+ if (tsaExpireDate == null || tsaExpireDate.after(notAfter)) {
+ tsaExpireDate = notAfter;
}
- Object[] source = { notAfter };
- certStr.append(expiringTimeForm.format(source));
- printValidity = false;
+ } else {
+ if (expireDate == null || expireDate.after(notAfter)) {
+ expireDate = notAfter;
+ }
}
- } else {
- x509Cert.checkValidity(timestamp);
- }
- if (printValidity) {
- if (validityTimeForm == null) {
- validityTimeForm = new MessageFormat(
- rb.getString("certificate.is.valid.from"));
+ if (timestamp == null) {
+ x509Cert.checkValidity();
+ // test if cert will expire within six months (or one year for tsa)
+ long age = isTsCert ? ONE_YEAR : SIX_MONTHS;
+ if (notAfter.getTime() < System.currentTimeMillis() + age) {
+ if (isTsCert) {
+ hasExpiringTsaCert = true;
+ } else {
+ hasExpiringCert = true;
+ }
+ if (expiringTimeForm == null) {
+ expiringTimeForm = new MessageFormat(
+ rb.getString("certificate.will.expire.on"));
+ }
+ Object[] source = {notAfter};
+ certStr.append(expiringTimeForm.format(source));
+ printValidity = false;
+ }
+ } else {
+ x509Cert.checkValidity(timestamp);
}
- Object[] source = { x509Cert.getNotBefore(), notAfter };
- certStr.append(validityTimeForm.format(source));
- }
- } catch (CertificateExpiredException cee) {
- if (!isTsCert) hasExpiredCert = true;
+ if (printValidity) {
+ if (validityTimeForm == null) {
+ validityTimeForm = new MessageFormat(
+ rb.getString("certificate.is.valid.from"));
+ }
+ Object[] source = {x509Cert.getNotBefore(), notAfter};
+ certStr.append(validityTimeForm.format(source));
+ }
+ } catch (CertificateExpiredException cee) {
+ if (isTsCert) {
+ hasExpiredTsaCert = true;
+ } else {
+ hasExpiredCert = true;
+ }
- if (expiredTimeForm == null) {
- expiredTimeForm = new MessageFormat(
- rb.getString("certificate.expired.on"));
- }
- Object[] source = { notAfter };
- certStr.append(expiredTimeForm.format(source));
+ if (expiredTimeForm == null) {
+ expiredTimeForm = new MessageFormat(
+ rb.getString("certificate.expired.on"));
+ }
+ Object[] source = {notAfter};
+ certStr.append(expiredTimeForm.format(source));
- } catch (CertificateNotYetValidException cnyve) {
- if (!isTsCert) notYetValidCert = true;
+ } catch (CertificateNotYetValidException cnyve) {
+ if (!isTsCert) notYetValidCert = true;
- if (notYetTimeForm == null) {
- notYetTimeForm = new MessageFormat(
- rb.getString("certificate.is.not.valid.until"));
+ if (notYetTimeForm == null) {
+ notYetTimeForm = new MessageFormat(
+ rb.getString("certificate.is.not.valid.until"));
+ }
+ Object[] source = {x509Cert.getNotBefore()};
+ certStr.append(notYetTimeForm.format(source));
}
- Object[] source = { x509Cert.getNotBefore() };
- certStr.append(notYetTimeForm.format(source));
}
certStr.append("]");
@@ -1638,152 +1784,57 @@
// The JarSigner API always accepts the timestamp received.
// We need to extract the certs from the signed jar to
// validate it.
- if (!noTimestamp) {
- try (JarFile check = new JarFile(signedJarFile)) {
- PKCS7 p7 = new PKCS7(check.getInputStream(check.getEntry(
- "META-INF/" + sigfile + "." + privateKey.getAlgorithm())));
+ try (JarFile check = new JarFile(signedJarFile)) {
+ PKCS7 p7 = new PKCS7(check.getInputStream(check.getEntry(
+ "META-INF/" + sigfile + "." + privateKey.getAlgorithm())));
+ Timestamp ts = null;
+ try {
SignerInfo si = p7.getSignerInfos()[0];
- PKCS7 tsToken = si.getTsToken();
- SignerInfo tsSi = tsToken.getSignerInfos()[0];
- try {
- validateCertChain(Validator.VAR_TSA_SERVER,
- tsSi.getCertificateChain(tsToken), null);
- } catch (Exception e) {
- tsaChainNotValidated = true;
- tsaChainNotValidatedReason = e;
+ if (si.getTsToken() != null) {
+ hasTimestampBlock = true;
}
+ ts = si.getTimestamp();
} catch (Exception e) {
- if (debug) {
- e.printStackTrace();
+ tsaChainNotValidated = true;
+ tsaChainNotValidatedReason = e;
+ }
+ // Spaces before the ">>> Signer" and other lines are different
+ String result = certsAndTSInfo("", " ", Arrays.asList(certChain), ts);
+ if (verbose != null) {
+ System.out.println(result);
+ }
+ } catch (Exception e) {
+ if (debug) {
+ e.printStackTrace();
+ }
+ }
+
+ if (signedjar == null) {
+ // attempt an atomic rename. If that fails,
+ // rename the original jar file, then the signed
+ // one, then delete the original.
+ if (!signedJarFile.renameTo(jarFile)) {
+ File origJar = new File(jarName+".orig");
+
+ if (jarFile.renameTo(origJar)) {
+ if (signedJarFile.renameTo(jarFile)) {
+ origJar.delete();
+ } else {
+ MessageFormat form = new MessageFormat(rb.getString
+ ("attempt.to.rename.signedJarFile.to.jarFile.failed"));
+ Object[] source = {signedJarFile, jarFile};
+ error(form.format(source));
+ }
+ } else {
+ MessageFormat form = new MessageFormat(rb.getString
+ ("attempt.to.rename.jarFile.to.origJar.failed"));
+ Object[] source = {jarFile, origJar};
+ error(form.format(source));
}
}
}
- // no IOException thrown in the follow try clause, so disable
- // the try clause.
- // try {
- if (signedjar == null) {
- // attempt an atomic rename. If that fails,
- // rename the original jar file, then the signed
- // one, then delete the original.
- if (!signedJarFile.renameTo(jarFile)) {
- File origJar = new File(jarName+".orig");
-
- if (jarFile.renameTo(origJar)) {
- if (signedJarFile.renameTo(jarFile)) {
- origJar.delete();
- } else {
- MessageFormat form = new MessageFormat(rb.getString
- ("attempt.to.rename.signedJarFile.to.jarFile.failed"));
- Object[] source = {signedJarFile, jarFile};
- error(form.format(source));
- }
- } else {
- MessageFormat form = new MessageFormat(rb.getString
- ("attempt.to.rename.jarFile.to.origJar.failed"));
- Object[] source = {jarFile, origJar};
- error(form.format(source));
- }
- }
- }
-
- boolean warningAppeared = false;
- if (weakAlg != 0 || badKeyUsage || badExtendedKeyUsage
- || badNetscapeCertType || notYetValidCert
- || chainNotValidated || tsaChainNotValidated
- || hasExpiredCert || signerSelfSigned) {
- if (strict) {
- System.out.println(rb.getString("jar.signed.with.signer.errors."));
- System.out.println();
- System.out.println(rb.getString("Error."));
- } else {
- System.out.println(rb.getString("jar.signed."));
- System.out.println();
- System.out.println(rb.getString("Warning."));
- warningAppeared = true;
- }
-
- if (badKeyUsage) {
- System.out.println(
- rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
- }
-
- if (badExtendedKeyUsage) {
- System.out.println(
- rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
- }
-
- if (badNetscapeCertType) {
- System.out.println(
- rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
- }
-
- if (hasExpiredCert) {
- System.out.println(
- rb.getString("The.signer.certificate.has.expired."));
- } else if (notYetValidCert) {
- System.out.println(
- rb.getString("The.signer.certificate.is.not.yet.valid."));
- }
-
- if (chainNotValidated) {
- System.out.println(String.format(
- rb.getString("The.signer.s.certificate.chain.is.invalid.reason.1"),
- chainNotValidatedReason.getLocalizedMessage()));
- }
-
- if (tsaChainNotValidated) {
- System.out.println(String.format(
- rb.getString("The.tsa.certificate.chain.is.invalid.reason.1"),
- tsaChainNotValidatedReason.getLocalizedMessage()));
- }
-
- if (signerSelfSigned) {
- System.out.println(
- rb.getString("The.signer.s.certificate.is.self.signed."));
- }
-
- if ((weakAlg & 1) == 1) {
- System.out.println(String.format(
- rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
- digestalg, "-digestalg"));
- }
-
- if ((weakAlg & 2) == 2) {
- System.out.println(String.format(
- rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
- sigalg, "-sigalg"));
- }
- if ((weakAlg & 4) == 4) {
- System.out.println(String.format(
- rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
- tSADigestAlg, "-tsadigestalg"));
- }
- } else {
- System.out.println(rb.getString("jar.signed."));
- }
- if (hasExpiringCert || noTimestamp) {
- if (!warningAppeared) {
- System.out.println();
- System.out.println(rb.getString("Warning."));
- }
-
- if (hasExpiringCert) {
- System.out.println(
- rb.getString("The.signer.certificate.will.expire.within.six.months."));
- }
-
- if (noTimestamp) {
- System.out.println(
- String.format(rb.getString("no.timestamp.signing"), expireDate));
- }
- }
-
- // no IOException thrown in the above try clause, so disable
- // the catch clause.
- // } catch(IOException ioe) {
- // error(rb.getString("unable.to.sign.jar.")+ioe, ioe);
- // }
+ displayMessagesAndResult(true);
}
/**
@@ -1831,31 +1882,57 @@
Map<CodeSigner,String> cacheForSignerInfo = new IdentityHashMap<>();
/**
- * Returns a string of singer info, with a newline at the end
+ * Returns a string of signer info, with a newline at the end.
+ * Called by verifyJar().
*/
private String signerInfo(CodeSigner signer, String tab) throws Exception {
if (cacheForSignerInfo.containsKey(signer)) {
return cacheForSignerInfo.get(signer);
}
- StringBuilder sb = new StringBuilder();
List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
- // display the signature timestamp, if present
- Date timestamp;
+ // signing time is only displayed on verification
Timestamp ts = signer.getTimestamp();
+ String tsLine = "";
if (ts != null) {
- sb.append(printTimestamp(tab, ts));
- sb.append('\n');
+ tsLine = printTimestamp(tab, ts) + "\n";
+ }
+ // Spaces before the ">>> Signer" and other lines are the same.
+
+ String result = certsAndTSInfo(tab, tab, certs, ts);
+ cacheForSignerInfo.put(signer, tsLine + result);
+ return result;
+ }
+
+ /**
+ * Fills info on certs and timestamp into a StringBuilder, sets
+ * warning flags (through printCert) and validates cert chains.
+ *
+ * @param tab1 spaces before the ">>> Signer" line
+ * @param tab2 spaces before the other lines
+ * @param certs the signer cert
+ * @param ts the timestamp, can be null
+ * @return the info as a string
+ */
+ private String certsAndTSInfo(
+ String tab1,
+ String tab2,
+ List<? extends Certificate> certs, Timestamp ts)
+ throws Exception {
+
+ Date timestamp;
+ if (ts != null) {
timestamp = ts.getTimestamp();
+ noTimestamp = false;
} else {
timestamp = null;
- noTimestamp = true;
}
// display the certificate(s). The first one is end-entity cert and
// its KeyUsage should be checked.
boolean first = true;
- sb.append(tab).append(rb.getString("...Signer")).append('\n');
+ StringBuilder sb = new StringBuilder();
+ sb.append(tab1).append(rb.getString("...Signer")).append('\n');
for (Certificate c : certs) {
- sb.append(printCert(false, tab, c, timestamp, first));
+ sb.append(printCert(false, tab2, c, timestamp, first));
sb.append('\n');
first = false;
}
@@ -1864,13 +1941,13 @@
} catch (Exception e) {
chainNotValidated = true;
chainNotValidatedReason = e;
- sb.append(tab).append(rb.getString(".Invalid.certificate.chain."))
+ sb.append(tab2).append(rb.getString(".Invalid.certificate.chain."))
.append(e.getLocalizedMessage()).append("]\n");
}
if (ts != null) {
- sb.append(tab).append(rb.getString("...TSA")).append('\n');
+ sb.append(tab1).append(rb.getString("...TSA")).append('\n');
for (Certificate c : ts.getSignerCertPath().getCertificates()) {
- sb.append(printCert(true, tab, c, timestamp, false));
+ sb.append(printCert(true, tab2, c, null, false));
sb.append('\n');
}
try {
@@ -1879,7 +1956,7 @@
} catch (Exception e) {
tsaChainNotValidated = true;
tsaChainNotValidatedReason = e;
- sb.append(tab).append(rb.getString(".Invalid.TSA.certificate.chain."))
+ sb.append(tab2).append(rb.getString(".Invalid.TSA.certificate.chain."))
.append(e.getLocalizedMessage()).append("]\n");
}
}
@@ -1887,9 +1964,8 @@
&& KeyStoreUtil.isSelfSigned((X509Certificate)certs.get(0))) {
signerSelfSigned = true;
}
- String result = sb.toString();
- cacheForSignerInfo.put(signer, result);
- return result;
+
+ return sb.toString();
}
private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze)
@@ -1939,7 +2015,6 @@
}
try {
- Set<TrustAnchor> tas = new HashSet<>();
try {
KeyStore caks = KeyStoreUtil.getCacertsKeyStore();
if (caks != null) {
@@ -1947,7 +2022,7 @@
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
try {
- tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
+ trustedCerts.add((X509Certificate)caks.getCertificate(a));
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
}
@@ -2006,7 +2081,7 @@
// PrivateKeyEntry
if (store.isCertificateEntry(a) ||
c.getSubjectDN().equals(c.getIssuerDN())) {
- tas.add(new TrustAnchor(c, null));
+ trustedCerts.add(c);
}
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
@@ -2014,7 +2089,11 @@
}
} finally {
try {
- pkixParameters = new PKIXBuilderParameters(tas, null);
+ pkixParameters = new PKIXBuilderParameters(
+ trustedCerts.stream()
+ .map(c -> new TrustAnchor(c, null))
+ .collect(Collectors.toSet()),
+ null);
pkixParameters.setRevocationEnabled(false);
} catch (InvalidAlgorithmParameterException ex) {
// Only if tas is empty
@@ -2130,6 +2209,7 @@
}
}
+ // Called by signJar().
void getAliasInfo(String alias) throws Exception {
Key key = null;
@@ -2174,22 +2254,6 @@
certChain[i] = (X509Certificate)cs[i];
}
- // We don't meant to print anything, the next call
- // checks validity and keyUsage etc
- printCert(false, "", certChain[0], null, true);
-
- try {
- validateCertChain(Validator.VAR_CODE_SIGNING,
- Arrays.asList(certChain), null);
- } catch (Exception e) {
- chainNotValidated = true;
- chainNotValidatedReason = e;
- }
-
- if (KeyStoreUtil.isSelfSigned(certChain[0])) {
- signerSelfSigned = true;
- }
-
try {
if (!token && keypass == null)
key = store.getKey(alias, storepass);
@@ -2247,7 +2311,7 @@
* @param parameter this might be a timestamp
*/
void validateCertChain(String variant, List<? extends Certificate> certs,
- Object parameter)
+ Timestamp parameter)
throws Exception {
try {
Validator.getInstance(Validator.TYPE_PKIX,
@@ -2261,8 +2325,22 @@
}
// Exception might be dismissed if another warning flag
- // is already set by printCert. This is only done for
- // code signing certs.
+ // is already set by printCert.
+
+ if (variant.equals(Validator.VAR_TSA_SERVER) &&
+ e instanceof ValidatorException) {
+ // Throw cause if it's CertPathValidatorException,
+ if (e.getCause() != null &&
+ e.getCause() instanceof CertPathValidatorException) {
+ e = (Exception) e.getCause();
+ Throwable t = e.getCause();
+ if ((t instanceof CertificateExpiredException &&
+ hasExpiredTsaCert)) {
+ // we already have hasExpiredTsaCert
+ return;
+ }
+ }
+ }
if (variant.equals(Validator.VAR_CODE_SIGNING) &&
e instanceof ValidatorException) {
diff --git a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java
index 7a6ea5c..da460ca 100644
--- a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java
+++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java
@@ -219,6 +219,7 @@
{"Error.", "Error: "},
{"...Signer", ">>> Signer"},
{"...TSA", ">>> TSA"},
+ {"trusted.certificate", "trusted certificate"},
{"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
"This jar contains unsigned entries which have not been integrity-checked. "},
{"This.jar.contains.entries.whose.signer.certificate.has.expired.",
@@ -235,8 +236,16 @@
"Re-run with the -verbose and -certs options for more details."},
{"The.signer.certificate.has.expired.",
"The signer certificate has expired."},
+ {"The.timestamp.expired.1.but.usable.2",
+ "The timestamp expired on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the signer certificate expires on %2$tY-%2$tm-%2$td."},
+ {"The.timestamp.has.expired.",
+ "The timestamp has expired."},
{"The.signer.certificate.will.expire.within.six.months.",
"The signer certificate will expire within six months."},
+ {"The.timestamp.will.expire.within.one.year.on.1",
+ "The timestamp will expire within one year on %1$tY-%1$tm-%1$td."},
+ {"The.timestamp.will.expire.within.one.year.on.1.but.2",
+ "The timestamp will expire within one year on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the signer certificate expires on %2$tY-%2$tm-%2$td."},
{"The.signer.certificate.is.not.yet.valid.",
"The signer certificate is not yet valid."},
{"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
@@ -267,10 +276,18 @@
"This jar contains entries whose TSA certificate chain is invalid. Reason: %s"},
{"no.timestamp.signing",
"No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
+ {"invalid.timestamp.signing",
+ "The timestamp is invalid. Without a valid timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td)."},
{"no.timestamp.verifying",
- "This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
+ "This jar contains signatures that do not include a timestamp. Without a timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as %1$tY-%1$tm-%1$td)."},
{"bad.timestamp.verifying",
"This jar contains signatures that include an invalid timestamp. Without a valid timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as %1$tY-%1$tm-%1$td).\nRerun jarsigner with -J-Djava.security.debug=jar for more information."},
+ {"The.signer.certificate.will.expire.on.1.",
+ "The signer certificate will expire on %1$tY-%1$tm-%1$td."},
+ {"The.timestamp.will.expire.on.1.",
+ "The timestamp will expire on %1$tY-%1$tm-%1$td."},
+ {"signer.cert.expired.1.but.timestamp.good.2.",
+ "The signer certificate expired on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the timestamp expires on %2$tY-%2$tm-%2$td."},
{"Unknown.password.type.", "Unknown password type: "},
{"Cannot.find.environment.variable.",
"Cannot find environment variable: "},
diff --git a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java
index 26c6140..2ff41ed 100644
--- a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java
+++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java
@@ -217,6 +217,7 @@
{"Error.", "\u30A8\u30E9\u30FC: "},
{"...Signer", ">>> \u7F72\u540D\u8005"},
{"...TSA", ">>> TSA"},
+ {"trusted.certificate", "\u4FE1\u983C\u3067\u304D\u308B\u8A3C\u660E\u66F8"},
{"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
"\u3053\u306Ejar\u306B\u306F\u3001\u6574\u5408\u6027\u30C1\u30A7\u30C3\u30AF\u3092\u3057\u3066\u3044\u306A\u3044\u7F72\u540D\u306A\u3057\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
{"This.jar.contains.entries.whose.signer.certificate.has.expired.",
@@ -233,8 +234,16 @@
"\u8A73\u7D30\u306F\u3001-verbose\u304A\u3088\u3073-certs\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
{"The.signer.certificate.has.expired.",
"\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u671F\u9650\u5207\u308C\u3067\u3059\u3002"},
+ {"The.timestamp.expired.1.but.usable.2",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"},
+ {"The.timestamp.has.expired.",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3057\u305F\u3002"},
{"The.signer.certificate.will.expire.within.six.months.",
"\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
+ {"The.timestamp.will.expire.within.one.year.on.1",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F1\u5E74\u4EE5\u5185\u306E%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
+ {"The.timestamp.will.expire.within.one.year.on.1.but.2",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F1\u5E74\u4EE5\u5185\u306E%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"},
{"The.signer.certificate.is.not.yet.valid.",
"\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u307E\u305B\u3093\u3002"},
{"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
@@ -265,10 +274,18 @@
"\u3053\u306Ejar\u306B\u306F\u3001TSA\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u7121\u52B9\u306A\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u7406\u7531: %s"},
{"no.timestamp.signing",
"-tsa\u307E\u305F\u306F-tsacert\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u306A\u3044\u305F\u3081\u3001\u3053\u306Ejar\u306B\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u4ED8\u52A0\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"},
+ {"invalid.timestamp.signing",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u7121\u52B9\u3067\u3059\u3002\u6709\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"},
{"no.timestamp.verifying",
- "\u3053\u306Ejar\u306B\u306F\u3001\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"},
+ "\u3053\u306Ejar\u306B\u306F\u3001\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u3044\u305A\u308C\u304B\u306E\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650\u5F8C\u306B(\u65E9\u3051\u308C\u3070%1$tY-%1$tm-%1$td)\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"},
{"bad.timestamp.verifying",
"\u3053\u306Ejar\u306B\u306F\u3001\u7121\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u3042\u308B\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u6709\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u3044\u305A\u308C\u304B\u306E\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650\u5F8C\u306B(\u65E9\u3051\u308C\u3070%1$tY-%1$tm-%1$td)\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002\n\u8A73\u7D30\u306F\u3001-J-Djava.security.debug=jar\u3092\u6307\u5B9A\u3057\u3066jarsigner\u3092\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
+ {"The.signer.certificate.will.expire.on.1.",
+ "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
+ {"The.timestamp.will.expire.on.1.",
+ "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
+ {"signer.cert.expired.1.but.timestamp.good.2.",
+ "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"},
{"Unknown.password.type.", "\u4E0D\u660E\u306A\u30D1\u30B9\u30EF\u30FC\u30C9\u30FB\u30BF\u30A4\u30D7: "},
{"Cannot.find.environment.variable.",
"\u74B0\u5883\u5909\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "},
diff --git a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
index 22df992..4476023 100644
--- a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
+++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
@@ -217,6 +217,7 @@
{"Error.", "\u9519\u8BEF: "},
{"...Signer", ">>> \u7B7E\u540D\u8005"},
{"...TSA", ">>> TSA"},
+ {"trusted.certificate", "\u53EF\u4FE1\u8BC1\u4E66"},
{"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
"\u6B64 jar \u5305\u542B\u5C1A\u672A\u8FDB\u884C\u5B8C\u6574\u6027\u68C0\u67E5\u7684\u672A\u7B7E\u540D\u6761\u76EE\u3002 "},
{"This.jar.contains.entries.whose.signer.certificate.has.expired.",
@@ -233,8 +234,16 @@
"\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u548C -certs \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"},
{"The.signer.certificate.has.expired.",
"\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u3002"},
+ {"The.timestamp.expired.1.but.usable.2",
+ "\u65F6\u95F4\u6233\u5230\u671F\u65E5\u671F\u4E3A %1$tY-%1$tm-%1$td\u3002\u4E0D\u8FC7\uFF0C\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"},
+ {"The.timestamp.has.expired.",
+ "\u65F6\u95F4\u6233\u5DF2\u5230\u671F\u3002"},
{"The.signer.certificate.will.expire.within.six.months.",
"\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u3002"},
+ {"The.timestamp.will.expire.within.one.year.on.1",
+ "\u65F6\u95F4\u6233\u5C06\u5728\u4E00\u5E74\u5185\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"},
+ {"The.timestamp.will.expire.within.one.year.on.1.but.2",
+ "\u65F6\u95F4\u6233\u5C06\u5728\u4E00\u5E74\u5185\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002\u4E0D\u8FC7\uFF0C\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"},
{"The.signer.certificate.is.not.yet.valid.",
"\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u3002"},
{"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
@@ -265,10 +274,18 @@
"\u6B64 jar \u5305\u542B\u5176 TSA \u8BC1\u4E66\u94FE\u65E0\u6548\u7684\u6761\u76EE\u3002\u539F\u56E0: %s"},
{"no.timestamp.signing",
"\u672A\u63D0\u4F9B -tsa \u6216 -tsacert, \u6B64 jar \u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"},
+ {"invalid.timestamp.signing",
+ "\u65F6\u95F4\u6233\u65E0\u6548\u3002\u5982\u679C\u6CA1\u6709\u6709\u6548\u7684\u65F6\u95F4\u6233\uFF0C\u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u4E4B\u540E\uFF0C\u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"},
{"no.timestamp.verifying",
- "\u6B64 jar \u5305\u542B\u7684\u7B7E\u540D\u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"},
+ "\u6B64 jar \u5305\u542B\u7684\u7B7E\u540D\u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u5176\u4E2D\u4EFB\u4E00\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F (\u6700\u65E9\u4E3A %1$tY-%1$tm-%1$td) \u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"},
{"bad.timestamp.verifying",
"\u6B64 jar \u5305\u542B\u5E26\u6709\u65E0\u6548\u65F6\u95F4\u6233\u7684\u7B7E\u540D\u3002\u5982\u679C\u6CA1\u6709\u6709\u6548\u65F6\u95F4\u6233, \u5219\u5728\u5176\u4E2D\u4EFB\u4E00\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F (\u6700\u65E9\u4E3A %1$tY-%1$tm-%1$td) \u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002\n\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -J-Djava.security.debug=jar \u91CD\u65B0\u8FD0\u884C jarsigner\u3002"},
+ {"The.signer.certificate.will.expire.on.1.",
+ "\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"},
+ {"The.timestamp.will.expire.on.1.",
+ "\u65F6\u95F4\u6233\u5C06\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"},
+ {"signer.cert.expired.1.but.timestamp.good.2.",
+ "\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F\u65E5\u671F\u4E3A %1$tY-%1$tm-%1$td\u3002\u4E0D\u8FC7\uFF0C\u5728\u65F6\u95F4\u6233\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"},
{"Unknown.password.type.", "\u672A\u77E5\u53E3\u4EE4\u7C7B\u578B: "},
{"Cannot.find.environment.variable.",
"\u627E\u4E0D\u5230\u73AF\u5883\u53D8\u91CF: "},
diff --git a/jdk/src/share/classes/sun/security/util/Resources_sv.java b/jdk/src/share/classes/sun/security/util/Resources_sv.java
index 79f08fa..3493a0a 100644
--- a/jdk/src/share/classes/sun/security/util/Resources_sv.java
+++ b/jdk/src/share/classes/sun/security/util/Resources_sv.java
@@ -67,10 +67,10 @@
{".Principal.", "\tIdentitetshavare: "},
{".Public.Credential.", "\tOffentlig inloggning: "},
{".Private.Credentials.inaccessible.",
- "\tPrivat inloggning \u00E4r inte tillg\u00E4nglig\n"},
+ "\tPrivat inloggning \u00E4r inte m\u00F6jlig\n"},
{".Private.Credential.", "\tPrivat inloggning: "},
{".Private.Credential.inaccessible.",
- "\tPrivat inloggning \u00E4r inte tillg\u00E4nglig\n"},
+ "\tPrivat inloggning \u00E4r inte m\u00F6jlig\n"},
{"Subject.is.read.only", "Innehavare \u00E4r skrivskyddad"},
{"attempting.to.add.an.object.which.is.not.an.instance.of.java.security.Principal.to.a.Subject.s.Principal.Set",
"f\u00F6rs\u00F6k att l\u00E4gga till ett objekt som inte \u00E4r en instans av java.security.Principal till ett subjekts upps\u00E4ttning av identitetshavare"},
diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java
index 3e4a0da..261d43a 100644
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java
@@ -666,9 +666,9 @@
"Magadan Summer Time", "MAGST",
"Magadan Time", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Philippines Time", "PHT",
- "Philippines Summer Time", "PHST",
- "Philippines Time", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java b/jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java
index cb0b627..67cc5b0 100644
--- a/jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java
+++ b/jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java
@@ -667,9 +667,9 @@
"Magadanische Sommerzeit", "MAGST",
"Magadanische Zeit", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Philippinische Zeit", "PHT",
- "Philippinische Sommerzeit", "PHST",
- "Philippinische Zeit", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java b/jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java
index 10a85b6..4d564b0 100644
--- a/jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java
+++ b/jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java
@@ -667,9 +667,9 @@
"Hora de verano de Magad\u00e1n", "MAGST",
"Hora de Magad\u00E1n", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Hora de Filipinas", "PHT",
- "Hora de verano de Filipinas", "PHST",
- "Hora de Filipinas", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java b/jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java
index faf5795..c649f9a 100644
--- a/jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java
+++ b/jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java
@@ -667,9 +667,9 @@
"Heure d'\u00e9t\u00e9 de Magadan", "MAGST",
"Heure de Magadan", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Heure des Philippines", "PHT",
- "Heure d'\u00e9t\u00e9 des Philippines", "PHST",
- "Heure des Philippines", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java b/jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java
index 9325485..b9724ee 100644
--- a/jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java
+++ b/jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java
@@ -667,9 +667,9 @@
"Ora estiva di Magadan", "MAGST",
"Ora di Magadan", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Ora delle Filippine", "PHT",
- "Ora estiva delle Filippine", "PHST",
- "Ora delle Filippine", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java b/jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java
index 1fb35f0..6fe96fa 100644
--- a/jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java
+++ b/jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java
@@ -667,9 +667,9 @@
"\u30de\u30ac\u30c0\u30f3\u590f\u6642\u9593", "MAGST",
"\u30DE\u30AC\u30C0\u30F3\u6642\u9593", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"\u30d5\u30a3\u30ea\u30d4\u30f3\u6642\u9593", "PHT",
- "\u30d5\u30a3\u30ea\u30d4\u30f3\u590f\u6642\u9593", "PHST",
- "\u30D5\u30A3\u30EA\u30D4\u30F3\u6642\u9593", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java b/jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java
index a6970e0..4621b47 100644
--- a/jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java
+++ b/jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java
@@ -667,9 +667,9 @@
"\ub9c8\uac00\ub2e8 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "MAGST",
"\uB9C8\uAC00\uB2E8 \uD45C\uC900\uC2DC", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"\ud544\ub9ac\ud540 \uc2dc\uac04", "PHT",
- "\ud544\ub9ac\ud540 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "PHST",
- "\uD544\uB9AC\uD540 \uD45C\uC900\uC2DC", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java b/jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java
index bcc610d..6baac2d 100644
--- a/jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java
+++ b/jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java
@@ -667,9 +667,9 @@
"Fuso hor\u00e1rio de ver\u00e3o de Magadan", "MAGST",
"Hor\u00E1rio de Magadan", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Fuso hor\u00e1rio das Filipinas", "PHT",
- "Fuso hor\u00e1rio de ver\u00e3o das Filipinas", "PHST",
- "Hor\u00E1rio das Filipinas", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java b/jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java
index a4e8b7d..0a07192 100644
--- a/jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java
+++ b/jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java
@@ -667,9 +667,9 @@
"Magadan, sommartid", "MAGST",
"Magadan-tid", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"Filippinerna, normaltid", "PHT",
- "Filippinerna, sommartid", "PHST",
- "Filippinsk tid", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java b/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java
index 4f6eebe..1d1b2dc 100644
--- a/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java
+++ b/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java
@@ -667,9 +667,9 @@
"Magadan \u590f\u4ee4\u65f6", "MAGST",
"Magadan \u65F6\u95F4", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"\u83f2\u5f8b\u5bbe\u65f6\u95f4", "PHT",
- "\u83f2\u5f8b\u5bbe\u590f\u4ee4\u65f6", "PHST",
- "\u83F2\u5F8B\u5BBE\u65F6\u95F4", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java b/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java
index 372bc9e..280c186 100644
--- a/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java
+++ b/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java
@@ -667,9 +667,9 @@
"Magadan \u590f\u4ee4\u6642\u9593", "MAGST",
"\u99AC\u52A0\u4E39\u6642\u9593", "MAGT"}},
{"Asia/Makassar", CIT},
- {"Asia/Manila", new String[] {"\u83f2\u5f8b\u8cd3\u6642\u9593", "PHT",
- "\u83f2\u5f8b\u8cd3\u590f\u4ee4\u6642\u9593", "PHST",
- "\u83F2\u5F8B\u8CD3\u6642\u9593", "PHT"}},
+ {"Asia/Manila", new String[] {"Philippines Standard Time", "PST",
+ "Philippines Daylight Time", "PDT",
+ "Philippines Time", "PT"}},
{"Asia/Muscat", GST},
{"Asia/Nicosia", EET},
{"Asia/Novokuznetsk", KRAT},
diff --git a/jdk/src/share/javavm/export/jvm.h b/jdk/src/share/javavm/export/jvm.h
index 611120f..2dc2e20 100644
--- a/jdk/src/share/javavm/export/jvm.h
+++ b/jdk/src/share/javavm/export/jvm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -118,6 +118,14 @@
JVM_OnExit(void (*func)(void));
/*
+ * java.nio.Bits
+ */
+JNIEXPORT void JNICALL
+JVM_CopySwapMemory(JNIEnv *env, jobject srcObj, jlong srcOffset,
+ jobject dstObj, jlong dstOffset, jlong size,
+ jlong elemSize);
+
+/*
* java.lang.Runtime
*/
JNIEXPORT void JNICALL
diff --git a/jdk/src/share/lib/net.properties b/jdk/src/share/lib/net.properties
index b490e17..a541eef 100644
--- a/jdk/src/share/lib/net.properties
+++ b/jdk/src/share/lib/net.properties
@@ -1,5 +1,5 @@
############################################################
-# Default Networking Configuration File
+# Default Networking Configuration File
#
# This file may contain default values for the networking system properties.
# These values are only used when the system properties are not specified
@@ -14,7 +14,7 @@
# Note that the system properties that do explicitely set proxies
# (like http.proxyHost) do take precedence over the system settings
# even if java.net.useSystemProxies is set to true.
-
+
java.net.useSystemProxies=false
#------------------------------------------------------------------------
@@ -66,8 +66,8 @@
# socksProxyPort=1080
#
# HTTP Keep Alive settings. remainingData is the maximum amount of data
-# in kilobytes that will be cleaned off the underlying socket so that it
-# can be reused (default value is 512K), queuedConnections is the maximum
+# in kilobytes that will be cleaned off the underlying socket so that it
+# can be reused (default value is 512K), queuedConnections is the maximum
# number of Keep Alive connections to be on the queue for clean up (default
# value is 10).
# http.KeepAlive.remainingData=512
@@ -99,3 +99,23 @@
#jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=Basic
+#
+# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
+# can be used for the NTLM scheme, where the security credentials based on the
+# currently logged in user's name and password can be obtained directly from the
+# operating system, without prompting the user. This property has three possible
+# values which regulate the behavior as shown below. Other unrecognized values
+# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
+# strongly secure authentication scheme and care should be taken before enabling
+# this mechanism.
+#
+# Transparent authentication never used.
+#jdk.http.ntlm.transparentAuth=disabled
+#
+# Enabled for all hosts.
+#jdk.http.ntlm.transparentAuth=allHosts
+#
+# Enabled for hosts that are trusted in Windows Internet settings
+#jdk.http.ntlm.transparentAuth=trustedHosts
+#
+jdk.http.ntlm.transparentAuth=disabled
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
index ac6b586..13abdd6 100644
--- a/jdk/src/share/lib/security/java.security-aix
+++ b/jdk/src/share/lib/security/java.security-aix
@@ -620,7 +620,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
index 9b26919..c730d50 100644
--- a/jdk/src/share/lib/security/java.security-linux
+++ b/jdk/src/share/lib/security/java.security-linux
@@ -620,7 +620,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
index 205b13a..2ac4637 100644
--- a/jdk/src/share/lib/security/java.security-macosx
+++ b/jdk/src/share/lib/security/java.security-macosx
@@ -623,7 +623,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
index 1fb4c0e..a5c4d86 100644
--- a/jdk/src/share/lib/security/java.security-solaris
+++ b/jdk/src/share/lib/security/java.security-solaris
@@ -622,7 +622,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
index 3d80302..a0ce655 100644
--- a/jdk/src/share/lib/security/java.security-windows
+++ b/jdk/src/share/lib/security/java.security-windows
@@ -623,7 +623,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, 3DES_EDE_CBC
+ EC keySize < 224, 3DES_EDE_CBC, anon, NULL
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
diff --git a/jdk/src/share/native/java/nio/Bits.c b/jdk/src/share/native/java/nio/Bits.c
index 8bc3ff7..c509bb6 100644
--- a/jdk/src/share/native/java/nio/Bits.c
+++ b/jdk/src/share/native/java/nio/Bits.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,259 +23,13 @@
* questions.
*/
-/*
- */
-
-#include "jni.h"
-#include "jni_util.h"
-#include "jlong.h"
-#include <string.h>
-
-/*
- * WARNING:
- *
- * Do not replace instances of:
- *
- * if (length > MBYTE)
- * size = MBYTE;
- * else
- * size = length;
- *
- * with
- *
- * size = (length > MBYTE ? MBYTE : length);
- *
- * This expression causes a c compiler assertion failure when compiling on
- * 32-bit sparc.
- */
-
-#define MBYTE 1048576
-
-#define GETCRITICAL_OR_RETURN(bytes, env, obj) { \
- bytes = (*env)->GetPrimitiveArrayCritical(env, obj, NULL); \
- if (bytes == NULL) { \
- if ((*env)->ExceptionOccurred(env) == NULL) \
- JNU_ThrowInternalError(env, "Unable to get array"); \
- return; \
- } \
-}
-
-#define RELEASECRITICAL(bytes, env, obj, mode) { \
- (*env)->ReleasePrimitiveArrayCritical(env, obj, bytes, mode); \
-}
-
-#define SWAPSHORT(x) ((jshort)(((x) << 8) | (((x) >> 8) & 0xff)))
-#define SWAPINT(x) ((jint)((SWAPSHORT((jshort)(x)) << 16) | \
- (SWAPSHORT((jshort)((x) >> 16)) & 0xffff)))
-#define SWAPLONG(x) ((jlong)(((jlong)SWAPINT((jint)(x)) << 32) | \
- ((jlong)SWAPINT((jint)((x) >> 32)) & 0xffffffff)))
+#include "jvm.h"
JNIEXPORT void JNICALL
-Java_java_nio_Bits_copyFromShortArray(JNIEnv *env, jobject this, jobject src,
- jlong srcPos, jlong dstAddr, jlong length)
-{
- jbyte *bytes;
- size_t size;
- jshort *srcShort, *dstShort, *endShort;
- jshort tmpShort;
-
- dstShort = (jshort *)jlong_to_ptr(dstAddr);
-
- while (length > 0) {
- /* do not change this if-else statement, see WARNING above */
- if (length > MBYTE)
- size = MBYTE;
- else
- size = (size_t)length;
-
- GETCRITICAL_OR_RETURN(bytes, env, src);
-
- srcShort = (jshort *)(bytes + srcPos);
- endShort = srcShort + (size / sizeof(jshort));
- while (srcShort < endShort) {
- tmpShort = *srcShort++;
- *dstShort++ = SWAPSHORT(tmpShort);
- }
-
- RELEASECRITICAL(bytes, env, src, JNI_ABORT);
-
- length -= size;
- dstAddr += size;
- srcPos += size;
- }
-}
-
-JNIEXPORT void JNICALL
-Java_java_nio_Bits_copyToShortArray(JNIEnv *env, jobject this, jlong srcAddr,
- jobject dst, jlong dstPos, jlong length)
-{
- jbyte *bytes;
- size_t size;
- jshort *srcShort, *dstShort, *endShort;
- jshort tmpShort;
-
- srcShort = (jshort *)jlong_to_ptr(srcAddr);
-
- while (length > 0) {
- /* do not change this if-else statement, see WARNING above */
- if (length > MBYTE)
- size = MBYTE;
- else
- size = (size_t)length;
-
- GETCRITICAL_OR_RETURN(bytes, env, dst);
-
- dstShort = (jshort *)(bytes + dstPos);
- endShort = srcShort + (size / sizeof(jshort));
- while (srcShort < endShort) {
- tmpShort = *srcShort++;
- *dstShort++ = SWAPSHORT(tmpShort);
- }
-
- RELEASECRITICAL(bytes, env, dst, 0);
-
- length -= size;
- srcAddr += size;
- dstPos += size;
- }
-}
-
-JNIEXPORT void JNICALL
-Java_java_nio_Bits_copyFromIntArray(JNIEnv *env, jobject this, jobject src,
- jlong srcPos, jlong dstAddr, jlong length)
-{
- jbyte *bytes;
- size_t size;
- jint *srcInt, *dstInt, *endInt;
- jint tmpInt;
-
- dstInt = (jint *)jlong_to_ptr(dstAddr);
-
- while (length > 0) {
- /* do not change this code, see WARNING above */
- if (length > MBYTE)
- size = MBYTE;
- else
- size = (size_t)length;
-
- GETCRITICAL_OR_RETURN(bytes, env, src);
-
- srcInt = (jint *)(bytes + srcPos);
- endInt = srcInt + (size / sizeof(jint));
- while (srcInt < endInt) {
- tmpInt = *srcInt++;
- *dstInt++ = SWAPINT(tmpInt);
- }
-
- RELEASECRITICAL(bytes, env, src, JNI_ABORT);
-
- length -= size;
- dstAddr += size;
- srcPos += size;
- }
-}
-
-JNIEXPORT void JNICALL
-Java_java_nio_Bits_copyToIntArray(JNIEnv *env, jobject this, jlong srcAddr,
- jobject dst, jlong dstPos, jlong length)
-{
- jbyte *bytes;
- size_t size;
- jint *srcInt, *dstInt, *endInt;
- jint tmpInt;
-
- srcInt = (jint *)jlong_to_ptr(srcAddr);
-
- while (length > 0) {
- /* do not change this code, see WARNING above */
- if (length > MBYTE)
- size = MBYTE;
- else
- size = (size_t)length;
-
- GETCRITICAL_OR_RETURN(bytes, env, dst);
-
- dstInt = (jint *)(bytes + dstPos);
- endInt = srcInt + (size / sizeof(jint));
- while (srcInt < endInt) {
- tmpInt = *srcInt++;
- *dstInt++ = SWAPINT(tmpInt);
- }
-
- RELEASECRITICAL(bytes, env, dst, 0);
-
- length -= size;
- srcAddr += size;
- dstPos += size;
- }
-}
-
-JNIEXPORT void JNICALL
-Java_java_nio_Bits_copyFromLongArray(JNIEnv *env, jobject this, jobject src,
- jlong srcPos, jlong dstAddr, jlong length)
-{
- jbyte *bytes;
- size_t size;
- jlong *srcLong, *dstLong, *endLong;
- jlong tmpLong;
-
- dstLong = (jlong *)jlong_to_ptr(dstAddr);
-
- while (length > 0) {
- /* do not change this code, see WARNING above */
- if (length > MBYTE)
- size = MBYTE;
- else
- size = (size_t)length;
-
- GETCRITICAL_OR_RETURN(bytes, env, src);
-
- srcLong = (jlong *)(bytes + srcPos);
- endLong = srcLong + (size / sizeof(jlong));
- while (srcLong < endLong) {
- tmpLong = *srcLong++;
- *dstLong++ = SWAPLONG(tmpLong);
- }
-
- RELEASECRITICAL(bytes, env, src, JNI_ABORT);
-
- length -= size;
- dstAddr += size;
- srcPos += size;
- }
-}
-
-JNIEXPORT void JNICALL
-Java_java_nio_Bits_copyToLongArray(JNIEnv *env, jobject this, jlong srcAddr,
- jobject dst, jlong dstPos, jlong length)
-{
- jbyte *bytes;
- size_t size;
- jlong *srcLong, *dstLong, *endLong;
- jlong tmpLong;
-
- srcLong = (jlong *)jlong_to_ptr(srcAddr);
-
- while (length > 0) {
- /* do not change this code, see WARNING above */
- if (length > MBYTE)
- size = MBYTE;
- else
- size = (size_t)length;
-
- GETCRITICAL_OR_RETURN(bytes, env, dst);
-
- dstLong = (jlong *)(bytes + dstPos);
- endLong = srcLong + (size / sizeof(jlong));
- while (srcLong < endLong) {
- tmpLong = *srcLong++;
- *dstLong++ = SWAPLONG(tmpLong);
- }
-
- RELEASECRITICAL(bytes, env, dst, 0);
-
- length -= size;
- srcAddr += size;
- dstPos += size;
- }
+Java_java_nio_Bits_copySwapMemory0(JNIEnv *env, jclass cls, jobject srcObj,
+ jlong srcOffset, jobject dstObj,
+ jlong dstOffset, jlong size,
+ jlong elemSize) {
+ JVM_CopySwapMemory(env, srcObj, srcOffset, dstObj, dstOffset,
+ size, elemSize);
}
diff --git a/jdk/src/share/native/sun/awt/image/jpeg/jmemmgr.c b/jdk/src/share/native/sun/awt/image/jpeg/jmemmgr.c
index 5ee6813..a34a1ca 100644
--- a/jdk/src/share/native/sun/awt/image/jpeg/jmemmgr.c
+++ b/jdk/src/share/native/sun/awt/image/jpeg/jmemmgr.c
@@ -406,6 +406,9 @@
JDIMENSION rowsperchunk, currow, i;
long ltemp;
+ if (samplesperrow == 0) {
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+ }
/* Calculate max # of rows allowed in one allocation chunk */
ltemp = (MAX_ALLOC_CHUNK-SIZEOF(large_pool_hdr)) /
((long) samplesperrow * SIZEOF(JSAMPLE));
@@ -454,6 +457,10 @@
JDIMENSION rowsperchunk, currow, i;
long ltemp;
+ if (blocksperrow == 0) {
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+ }
+
/* Calculate max # of rows allowed in one allocation chunk */
ltemp = (MAX_ALLOC_CHUNK-SIZEOF(large_pool_hdr)) /
((long) blocksperrow * SIZEOF(JBLOCK));
diff --git a/jdk/src/share/native/sun/java2d/cmm/lcms/cmscgats.c b/jdk/src/share/native/sun/java2d/cmm/lcms/cmscgats.c
index ff88ffb..981736a 100644
--- a/jdk/src/share/native/sun/java2d/cmm/lcms/cmscgats.c
+++ b/jdk/src/share/native/sun/java2d/cmm/lcms/cmscgats.c
@@ -1535,10 +1535,16 @@
t-> nSamples = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS"));
t-> nPatches = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS"));
- t-> Data = (char**)AllocChunk (it8, ((cmsUInt32Number) t->nSamples + 1) * ((cmsUInt32Number) t->nPatches + 1) *sizeof (char*));
- if (t->Data == NULL) {
+ if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe)
+ {
+ SynError(it8, "AllocateDataSet: too much data");
+ }
+ else {
+ t->Data = (char**)AllocChunk(it8, ((cmsUInt32Number)t->nSamples + 1) * ((cmsUInt32Number)t->nPatches + 1) * sizeof(char*));
+ if (t->Data == NULL) {
- SynError(it8, "AllocateDataSet: Unable to allocate data array");
+ SynError(it8, "AllocateDataSet: Unable to allocate data array");
+ }
}
}
diff --git a/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java b/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
index 9bf60a8..fdb7eed 100644
--- a/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
+++ b/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
@@ -90,10 +90,13 @@
/**
* Returns true if the given site is trusted, i.e. we can try
- * transparent Authentication.
+ * transparent Authentication. Shouldn't be called since
+ * capability not supported on Unix
*/
public static boolean isTrustedSite(URL url) {
- return NTLMAuthCallback.isTrustedSite(url);
+ if (NTLMAuthCallback != null)
+ return NTLMAuthCallback.isTrustedSite(url);
+ return false;
}
private void init0() {
diff --git a/jdk/src/solaris/instrument/FileSystemSupport_md.c b/jdk/src/solaris/instrument/FileSystemSupport_md.c
index c527836..4740a7f 100644
--- a/jdk/src/solaris/instrument/FileSystemSupport_md.c
+++ b/jdk/src/solaris/instrument/FileSystemSupport_md.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,6 +23,7 @@
* questions.
*/
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -50,6 +51,10 @@
} else {
int len = last - path;
char* str = (char*)malloc(len+1);
+ if (str == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
if (len > 0) {
memcpy(str, path, len);
}
@@ -80,6 +85,10 @@
if (n == 0) return strdup("/");
sb = (char*)malloc(strlen(pathname)+1);
+ if (sb == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
sbLen = 0;
if (off > 0) {
@@ -128,6 +137,10 @@
len = parentEnd + cn - childStart;
if (child[0] == slash) {
theChars = (char*)malloc(len+1);
+ if (theChars == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
if (parentEnd > 0)
memcpy(theChars, parent, parentEnd);
if (cn > 0)
@@ -135,6 +148,10 @@
theChars[len] = '\0';
} else {
theChars = (char*)malloc(len+2);
+ if (theChars == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
if (parentEnd > 0)
memcpy(theChars, parent, parentEnd);
theChars[parentEnd] = slash;
@@ -150,10 +167,13 @@
if (len > 1 && path[len-1] == slash) {
// "/foo/" --> "/foo", but "/" --> "/"
char* str = (char*)malloc(len);
- if (str != NULL) {
- memcpy(str, path, len-1);
- str[len-1] = '\0';
+ if (str == NULL)
+ {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
}
+ memcpy(str, path, len-1);
+ str[len-1] = '\0';
return str;
} else {
return (char*)path;
diff --git a/jdk/src/solaris/native/java/net/net_util_md.c b/jdk/src/solaris/native/java/net/net_util_md.c
index 7436d52..4d05c49 100644
--- a/jdk/src/solaris/native/java/net/net_util_md.c
+++ b/jdk/src/solaris/native/java/net/net_util_md.c
@@ -606,6 +606,8 @@
if (loRoutesTemp == 0) {
free(loRoutes);
+ loRoutes = NULL;
+ nRoutes = 0;
fclose (f);
return;
}
diff --git a/jdk/src/solaris/native/sun/awt/awt_UNIXToolkit.c b/jdk/src/solaris/native/sun/awt/awt_UNIXToolkit.c
index c8b29f3..4879f74 100644
--- a/jdk/src/solaris/native/sun/awt/awt_UNIXToolkit.c
+++ b/jdk/src/solaris/native/sun/awt/awt_UNIXToolkit.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -209,6 +209,7 @@
detail_str = (char *)SAFE_SIZE_ARRAY_ALLOC(malloc,
sizeof(char), len + 1);
if (detail_str == NULL) {
+ free(stock_id_str);
JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError");
return JNI_FALSE;
}
diff --git a/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java b/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
index eb9b18d..1b2c874 100644
--- a/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
+++ b/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
@@ -30,6 +30,7 @@
import java.net.PasswordAuthentication;
import java.net.UnknownHostException;
import java.net.URL;
+import sun.net.NetProperties;
import sun.net.www.HeaderParser;
import sun.net.www.protocol.http.AuthenticationInfo;
import sun.net.www.protocol.http.AuthScheme;
@@ -52,6 +53,14 @@
private static String defaultDomain; /* Domain to use if not specified by user */
private static final boolean ntlmCache; /* Whether cache is enabled for NTLM */
+ enum TransparentAuth {
+ DISABLED, // disable for all hosts (default)
+ TRUSTED_HOSTS, // use Windows trusted hosts settings
+ ALL_HOSTS // attempt for all hosts
+ }
+
+ private static final TransparentAuth authMode;
+
static {
defaultDomain = java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("http.auth.ntlm.domain",
@@ -59,6 +68,19 @@
String ntlmCacheProp = java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("jdk.ntlm.cache", "true"));
ntlmCache = Boolean.parseBoolean(ntlmCacheProp);
+ String modeProp = java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction<String>() {
+ public String run() {
+ return NetProperties.get("jdk.http.ntlm.transparentAuth");
+ }
+ });
+
+ if ("trustedHosts".equalsIgnoreCase(modeProp))
+ authMode = TransparentAuth.TRUSTED_HOSTS;
+ else if ("allHosts".equalsIgnoreCase(modeProp))
+ authMode = TransparentAuth.ALL_HOSTS;
+ else
+ authMode = TransparentAuth.DISABLED;
};
private void init0() {
@@ -159,9 +181,21 @@
* transparent Authentication.
*/
public static boolean isTrustedSite(URL url) {
- return NTLMAuthCallback.isTrustedSite(url);
+ if (NTLMAuthCallback != null)
+ return NTLMAuthCallback.isTrustedSite(url);
+
+ switch (authMode) {
+ case TRUSTED_HOSTS:
+ return isTrustedSite(url.toString());
+ case ALL_HOSTS:
+ return true;
+ default:
+ return false;
+ }
}
+ static native boolean isTrustedSite(String url);
+
/**
* Not supported. Must use the setHeaders() method
*/
@@ -211,5 +245,4 @@
return false;
}
}
-
}
diff --git a/jdk/src/windows/classes/sun/security/mscapi/KeyStore.java b/jdk/src/windows/classes/sun/security/mscapi/KeyStore.java
index 075ac78..599b0db 100644
--- a/jdk/src/windows/classes/sun/security/mscapi/KeyStore.java
+++ b/jdk/src/windows/classes/sun/security/mscapi/KeyStore.java
@@ -753,6 +753,7 @@
/**
* Generates a certificate chain from the collection of
* certificates and stores the result into a key entry.
+ * This method is called by native code in libsunmscapi.
*/
private void generateCertificateChain(String alias,
Collection<? extends Certificate> certCollection)
@@ -775,13 +776,15 @@
catch (Throwable e)
{
// Ignore the exception and skip this entry
- // TODO - throw CertificateException?
+ // If e is thrown, remember to deal with it in
+ // native code.
}
}
/**
* Generates RSA key and certificate chain from the private key handle,
* collection of certificates and stores the result into key entries.
+ * This method is called by native code in libsunmscapi.
*/
private void generateRSAKeyAndCertificateChain(String alias,
long hCryptProv, long hCryptKey, int keyLength,
@@ -807,12 +810,14 @@
catch (Throwable e)
{
// Ignore the exception and skip this entry
- // TODO - throw CertificateException?
+ // If e is thrown, remember to deal with it in
+ // native code.
}
}
/**
* Generates certificates from byte data and stores into cert collection.
+ * This method is called by native code in libsunmscapi.
*
* @param data Byte data.
* @param certCollection Collection of certificates.
@@ -836,12 +841,14 @@
catch (CertificateException e)
{
// Ignore the exception and skip this certificate
- // TODO - throw CertificateException?
+ // If e is thrown, remember to deal with it in
+ // native code.
}
catch (Throwable te)
{
// Ignore the exception and skip this certificate
- // TODO - throw CertificateException?
+ // If e is thrown, remember to deal with it in
+ // native code.
}
}
diff --git a/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java b/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java
index d8d8849..24f8190 100644
--- a/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java
+++ b/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -132,7 +132,7 @@
@Override
protected void engineUpdate(byte[] b, int off, int len)
throws SignatureException {
- if (offset + len > precomputedDigest.length) {
+ if (len > (precomputedDigest.length - offset)) {
offset = RAW_RSA_MAX + 1;
return;
}
@@ -147,7 +147,7 @@
if (len <= 0) {
return;
}
- if (offset + len > precomputedDigest.length) {
+ if (len > (precomputedDigest.length - offset)) {
offset = RAW_RSA_MAX + 1;
return;
}
diff --git a/jdk/src/windows/instrument/FileSystemSupport_md.c b/jdk/src/windows/instrument/FileSystemSupport_md.c
index f99a8a9..f190067 100644
--- a/jdk/src/windows/instrument/FileSystemSupport_md.c
+++ b/jdk/src/windows/instrument/FileSystemSupport_md.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,6 +23,7 @@
* questions.
*/
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <malloc.h>
@@ -66,6 +67,10 @@
} else {
int len = (int)(last - path);
char* str = (char*)malloc(len+1);
+ if (str == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
if (len > 0) {
memcpy(str, path, len);
}
@@ -135,6 +140,10 @@
if (off < 3) off = 0; /* Avoid fencepost cases with UNC pathnames */
sb = (char*)malloc(len+1);
+ if (sb == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
sbLen = 0;
if (off == 0) {
@@ -261,11 +270,19 @@
if (child[childStart] == slash) {
theChars = (char*)malloc(len+1);
+ if (theChars == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
memcpy(theChars, parent, parentEnd);
memcpy(theChars+parentEnd, child+childStart, (cn-childStart));
theChars[len] = '\0';
} else {
theChars = (char*)malloc(len+2);
+ if (theChars == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
+ }
memcpy(theChars, parent, parentEnd);
theChars[parentEnd] = slash;
memcpy(theChars+parentEnd+1, child+childStart, (cn-childStart));
@@ -320,10 +337,12 @@
return (char*)path;
} else {
char* p = (char*)malloc(len+1);
- if (p != NULL) {
- memcpy(p, path+start, len);
- p[len] = '\0';
+ if (p == NULL) {
+ fprintf(stderr, "OOM error in native tmp buffer allocation");
+ return NULL;
}
+ memcpy(p, path+start, len);
+ p[len] = '\0';
return p;
}
}
diff --git a/jdk/src/windows/native/java/net/NetworkInterface.c b/jdk/src/windows/native/java/net/NetworkInterface.c
index 4c6561e..5a89cf4 100644
--- a/jdk/src/windows/native/java/net/NetworkInterface.c
+++ b/jdk/src/windows/native/java/net/NetworkInterface.c
@@ -279,7 +279,7 @@
// But in rare case it fails, we allow 'char' to be displayed
curr->displayName = (char *)malloc(ifrowP->dwDescrLen + 1);
} else {
- curr->displayName = (wchar_t *)malloc(wlen*(sizeof(wchar_t))+1);
+ curr->displayName = (wchar_t *)malloc((wlen+1)*sizeof(wchar_t));
}
curr->name = (char *)malloc(strlen(dev_name) + 1);
@@ -322,7 +322,7 @@
free(curr);
return -1;
} else {
- curr->displayName[wlen*(sizeof(wchar_t))] = '\0';
+ ((wchar_t *)curr->displayName)[wlen] = L'\0';
curr->dNameIsUnicode = TRUE;
}
}
@@ -861,6 +861,7 @@
/* allocate a NetworkInterface array */
netIFArr = (*env)->NewObjectArray(env, count, cls, NULL);
if (netIFArr == NULL) {
+ free_netif(ifList);
return NULL;
}
@@ -875,6 +876,7 @@
netifObj = createNetworkInterface(env, curr, -1, NULL);
if (netifObj == NULL) {
+ free_netif(ifList);
return NULL;
}
diff --git a/jdk/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp b/jdk/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp
index 6dca15b..562fdce 100644
--- a/jdk/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp
+++ b/jdk/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp
@@ -32,6 +32,7 @@
#include "AccessBridgePackages.h" // for debugging only
#include <windows.h>
#include <malloc.h>
+#include <new>
DEBUG_CODE(extern HWND theDialogWindow);
extern "C" {
@@ -46,6 +47,9 @@
next = (AccessBridgeQueueElement *) 0;
previous = (AccessBridgeQueueElement *) 0;
buffer = (char *) malloc(bufsize);
+ if (buffer == NULL) {
+ throw std::bad_alloc();
+ }
memcpy(buffer, buf, bufsize);
}
diff --git a/jdk/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c b/jdk/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c
new file mode 100644
index 0000000..db771d8
--- /dev/null
+++ b/jdk/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <jni.h>
+#include <windows.h>
+#include "jni_util.h"
+#include <urlmon.h>
+
+JNIEXPORT jboolean JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthentication_isTrustedSite(JNIEnv *env, jclass clazz, jstring url )
+{
+
+ HRESULT hr;
+ DWORD dwZone;
+ DWORD pPolicy = 0;
+ IInternetSecurityManager *spSecurityManager;
+ jboolean ret;
+ LPCWSTR bstrURL;
+
+ // Create IInternetSecurityManager
+ hr = CoInternetCreateSecurityManager(NULL, &spSecurityManager, (DWORD)0);
+ if (FAILED(hr)) {
+ return JNI_FALSE;
+ }
+
+ bstrURL = (LPCWSTR)((*env)->GetStringChars(env, url, NULL));
+ if (bstrURL == NULL) {
+ if (!(*env)->ExceptionCheck(env))
+ JNU_ThrowOutOfMemoryError(env, NULL);
+ spSecurityManager->lpVtbl->Release(spSecurityManager);
+ return JNI_FALSE;
+ }
+
+ // Determines the policy for the URLACTION_CREDENTIALS_USE action and display
+ // a user interface, if the policy indicates that the user should be queried
+ hr = spSecurityManager->lpVtbl->ProcessUrlAction(
+ spSecurityManager,
+ bstrURL,
+ URLACTION_CREDENTIALS_USE,
+ (LPBYTE)&pPolicy,
+ sizeof(DWORD), 0, 0, 0, 0);
+
+ if (FAILED(hr)) {
+ ret = JNI_FALSE;
+ goto cleanupAndReturn;
+ }
+
+ // If these two User Authentication Logon options is selected
+ // Anonymous logon
+ // Prompt for user name and password
+ if (pPolicy == URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY ||
+ pPolicy == URLPOLICY_CREDENTIALS_MUST_PROMPT_USER) {
+ ret = JNI_FALSE;
+ goto cleanupAndReturn;
+ }
+
+ // Option "Automatic logon with current user name and password" is selected
+ if (pPolicy == URLPOLICY_CREDENTIALS_SILENT_LOGON_OK) {
+ ret = JNI_TRUE;
+ goto cleanupAndReturn;
+ }
+
+ // Option "Automatic logon only in intranet zone" is selected
+ if (pPolicy == URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT) {
+
+ // Gets the zone index from the specified URL
+ hr = spSecurityManager->lpVtbl->MapUrlToZone(
+ spSecurityManager, bstrURL, &dwZone, 0);
+ if (FAILED(hr)) {
+ ret = JNI_FALSE;
+ goto cleanupAndReturn;
+ }
+
+ // Check if the URL is in Local or Intranet zone
+ if (dwZone == URLZONE_INTRANET || dwZone == URLZONE_LOCAL_MACHINE) {
+ ret = JNI_TRUE;
+ goto cleanupAndReturn;
+ }
+ }
+ ret = JNI_FALSE;
+
+cleanupAndReturn:
+ (*env)->ReleaseStringChars(env, url, bstrURL);
+ spSecurityManager->lpVtbl->Release(spSecurityManager);
+ return ret;
+}
diff --git a/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c b/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c
index a5f5e45..e111b89 100644
--- a/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c
+++ b/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -95,6 +95,10 @@
jint fd = fdval(env, fdo);
struct iovec *iovp = (struct iovec *)address;
WSABUF *bufs = malloc(len * sizeof(WSABUF));
+ if (bufs == NULL) {
+ JNU_ThrowOutOfMemoryError(env, NULL);
+ return IOS_THROWN;
+ }
/* copy iovec into WSABUF */
for(i=0; i<len; i++) {
@@ -182,6 +186,10 @@
jint fd = fdval(env, fdo);
struct iovec *iovp = (struct iovec *)address;
WSABUF *bufs = malloc(len * sizeof(WSABUF));
+ if (bufs == NULL) {
+ JNU_ThrowOutOfMemoryError(env, NULL);
+ return IOS_THROWN;
+ }
/* copy iovec into WSABUF */
for(i=0; i<len; i++) {
diff --git a/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c b/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c
index 7d5e1e7..c43496a 100644
--- a/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c
+++ b/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -208,6 +208,10 @@
/* Prepare corresponding buffer if needed, and then read */
if (bytesToRead > WAKEUP_SOCKET_BUF_SIZE) {
char* buf = (char*)malloc(bytesToRead);
+ if (buf == NULL) {
+ JNU_ThrowOutOfMemoryError(env, NULL);
+ return;
+ }
recv(scinFd, buf, bytesToRead, 0);
free(buf);
} else {
diff --git a/jdk/src/windows/native/sun/security/krb5/NativeCreds.c b/jdk/src/windows/native/sun/security/krb5/NativeCreds.c
index 554eb63..b7f81d2 100644
--- a/jdk/src/windows/native/sun/security/krb5/NativeCreds.c
+++ b/jdk/src/windows/native/sun/security/krb5/NativeCreds.c
@@ -76,7 +76,8 @@
BOOL PackageConnectLookup(PHANDLE,PULONG);
-NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName,
+NTSTATUS ConstructTicketRequest(JNIEnv *env,
+ UNICODE_STRING DomainName,
PKERB_RETRIEVE_TKT_REQUEST *outRequest,
ULONG *outSize);
@@ -102,6 +103,8 @@
jobject BuildTicketFlags(JNIEnv *env, PULONG flags);
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime);
+void ThrowOOME(JNIEnv *env, const char *szMessage);
+
/*
* Class: sun_security_krb5_KrbCreds
* Method: JNI_OnLoad
@@ -495,7 +498,7 @@
}
// use domain to request Ticket
- Status = ConstructTicketRequest(msticket->TargetDomainName,
+ Status = ConstructTicketRequest(env, msticket->TargetDomainName,
&pTicketRequest, &requestSize);
if (!LSA_SUCCESS(Status)) {
ShowNTError("ConstructTicketRequest status", Status);
@@ -689,7 +692,7 @@
}
static NTSTATUS
-ConstructTicketRequest(UNICODE_STRING DomainName,
+ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName,
PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize)
{
NTSTATUS Status;
@@ -736,8 +739,10 @@
pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
LocalAlloc(LMEM_ZEROINIT, RequestSize);
- if (!pTicketRequest)
+ if (!pTicketRequest) {
+ ThrowOOME(env, "Can't allocate memory for ticket");
return GetLastError();
+ }
//
// Concatenate the target prefix with the previous response's
@@ -894,7 +899,7 @@
jbyteArray ary;
ary = (*env)->NewByteArray(env,encodedTicketSize);
- if ((*env)->ExceptionOccurred(env)) {
+ if (ary == NULL) {
return (jobject) NULL;
}
@@ -940,6 +945,10 @@
realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
+ if (realm == NULL) {
+ ThrowOOME(env, "Can't allocate memory for realm");
+ return NULL;
+ }
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
if (native_debug) {
@@ -1014,6 +1023,9 @@
}
ary = (*env)->NewByteArray(env,cryptoKey->Length);
+ if (ary == NULL) {
+ return (jobject) NULL;
+ }
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
(jbyte *)cryptoKey->Value);
if ((*env)->ExceptionOccurred(env)) {
@@ -1036,6 +1048,9 @@
ULONG nlflags = htonl(*flags);
ary = (*env)->NewByteArray(env, sizeof(*flags));
+ if (ary == NULL) {
+ return (jobject) NULL;
+ }
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
(jbyte *)&nlflags);
if ((*env)->ExceptionOccurred(env)) {
@@ -1088,3 +1103,10 @@
}
return kerberosTime;
}
+
+void ThrowOOME(JNIEnv *env, const char *szMessage) {
+ jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
+ if (exceptionClazz != NULL) {
+ (*env)->ThrowNew(env, exceptionClazz, szMessage);
+ }
+}
diff --git a/jdk/src/windows/native/sun/security/mscapi/security.cpp b/jdk/src/windows/native/sun/security/mscapi/security.cpp
index d327302..7012a35 100644
--- a/jdk/src/windows/native/sun/security/mscapi/security.cpp
+++ b/jdk/src/windows/native/sun/security/mscapi/security.cpp
@@ -425,6 +425,15 @@
// Create ArrayList to store certs in each chain
jobject jArrayList =
env->NewObject(clazzArrayList, mNewArrayList);
+ if (jArrayList == NULL) {
+ __leave;
+ }
+
+ // Cleanup the previous allocated name
+ if (pszNameString) {
+ delete [] pszNameString;
+ pszNameString = NULL;
+ }
for (unsigned int j=0; j < rgpChain->cElement; j++)
{
@@ -463,6 +472,9 @@
// Allocate and populate byte array
jbyteArray byteArray = env->NewByteArray(cbCertEncoded);
+ if (byteArray == NULL) {
+ __leave;
+ }
env->SetByteArrayRegion(byteArray, 0, cbCertEncoded,
(jbyte*) pbCertEncoded);
@@ -471,30 +483,44 @@
env->CallVoidMethod(obj, mGenCert, byteArray, jArrayList);
}
- if (bHasNoPrivateKey)
+ // Usually pszNameString should be non-NULL. It's either
+ // the friendly name or an element from the subject name
+ // or SAN.
+ if (pszNameString)
{
- // Generate certificate chain and store into cert chain
- // collection
- env->CallVoidMethod(obj, mGenCertChain,
- env->NewStringUTF(pszNameString),
- jArrayList);
- }
- else
- {
- // Determine key type: RSA or DSA
- DWORD dwData = CALG_RSA_KEYX;
- DWORD dwSize = sizeof(DWORD);
- ::CryptGetKeyParam(hUserKey, KP_ALGID, (BYTE*)&dwData,
- &dwSize, NULL);
-
- if ((dwData & ALG_TYPE_RSA) == ALG_TYPE_RSA)
+ if (bHasNoPrivateKey)
{
- // Generate RSA certificate chain and store into cert
- // chain collection
- env->CallVoidMethod(obj, mGenRSAKeyAndCertChain,
- env->NewStringUTF(pszNameString),
- (jlong) hCryptProv, (jlong) hUserKey,
- dwPublicKeyLength, jArrayList);
+ // Generate certificate chain and store into cert chain
+ // collection
+ jstring name = env->NewStringUTF(pszNameString);
+ if (name == NULL) {
+ __leave;
+ }
+ env->CallVoidMethod(obj, mGenCertChain,
+ name,
+ jArrayList);
+ }
+ else
+ {
+ // Determine key type: RSA or DSA
+ DWORD dwData = CALG_RSA_KEYX;
+ DWORD dwSize = sizeof(DWORD);
+ ::CryptGetKeyParam(hUserKey, KP_ALGID, (BYTE*)&dwData,
+ &dwSize, NULL);
+
+ if ((dwData & ALG_TYPE_RSA) == ALG_TYPE_RSA)
+ {
+ // Generate RSA certificate chain and store into cert
+ // chain collection
+ jstring name = env->NewStringUTF(pszNameString);
+ if (name == NULL) {
+ __leave;
+ }
+ env->CallVoidMethod(obj, mGenRSAKeyAndCertChain,
+ name,
+ (jlong) hCryptProv, (jlong) hUserKey,
+ dwPublicKeyLength, jArrayList);
+ }
}
}
}
@@ -641,6 +667,9 @@
// Create new byte array
jbyteArray temp = env->NewByteArray(dwBufLen);
+ if (temp == NULL) {
+ __leave;
+ }
// Copy data from native buffer
env->SetByteArrayRegion(temp, 0, dwBufLen, pSignedHashBuffer);
@@ -964,6 +993,9 @@
}
jCertAliasChars = env->GetStringChars(jCertAliasName, NULL);
+ if (jCertAliasChars == NULL) {
+ __leave;
+ }
memcpy(pszCertAliasName, jCertAliasChars, size * sizeof(WCHAR));
pszCertAliasName[size] = 0; // append the string terminator
@@ -1600,7 +1632,9 @@
}
// Create new byte array
- result = env->NewByteArray(dwBufLen);
+ if ((result = env->NewByteArray(dwBufLen)) == NULL) {
+ __leave;
+ }
// Copy data from native buffer to Java buffer
env->SetByteArrayRegion(result, 0, dwBufLen, (jbyte*) pData);
@@ -1651,7 +1685,9 @@
}
// Create new byte array
- blob = env->NewByteArray(dwBlobLen);
+ if ((blob = env->NewByteArray(dwBlobLen)) == NULL) {
+ __leave;
+ }
// Copy data from native buffer to Java buffer
env->SetByteArrayRegion(blob, 0, dwBlobLen, (jbyte*) pbKeyBlob);
@@ -1680,6 +1716,13 @@
__try {
jsize length = env->GetArrayLength(jKeyBlob);
+ jsize headerLength = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY);
+
+ if (length < headerLength) {
+ ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid BLOB");
+ __leave;
+ }
+
if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) {
__leave;
}
@@ -1706,7 +1749,9 @@
exponentBytes[i] = ((BYTE*) &pRsaPubKey->pubexp)[j];
}
- exponent = env->NewByteArray(len);
+ if ((exponent = env->NewByteArray(len)) == NULL) {
+ __leave;
+ }
env->SetByteArrayRegion(exponent, 0, len, exponentBytes);
}
__finally
@@ -1736,6 +1781,13 @@
__try {
jsize length = env->GetArrayLength(jKeyBlob);
+ jsize headerLength = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY);
+
+ if (length < headerLength) {
+ ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid BLOB");
+ __leave;
+ }
+
if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) {
__leave;
}
@@ -1752,19 +1804,25 @@
(RSAPUBKEY *) (keyBlob + sizeof(PUBLICKEYSTRUC));
int len = pRsaPubKey->bitlen / 8;
+ if (len < 0 || len > length - headerLength) {
+ ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid key length");
+ __leave;
+ }
+
modulusBytes = new (env) jbyte[len];
if (modulusBytes == NULL) {
__leave;
}
- BYTE * pbModulus =
- (BYTE *) (keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY));
+ BYTE * pbModulus = (BYTE *) (keyBlob + headerLength);
// convert from little-endian while copying from blob
for (int i = 0, j = len - 1; i < len; i++, j--) {
modulusBytes[i] = pbModulus[j];
}
- modulus = env->NewByteArray(len);
+ if ((modulus = env->NewByteArray(len)) == NULL) {
+ __leave;
+ }
env->SetByteArrayRegion(modulus, 0, len, modulusBytes);
}
__finally
@@ -1972,7 +2030,9 @@
}
}
- jBlob = env->NewByteArray(jBlobLength);
+ if ((jBlob = env->NewByteArray(jBlobLength)) == NULL) {
+ __leave;
+ }
env->SetByteArrayRegion(jBlob, 0, jBlobLength, jBlobBytes);
}
diff --git a/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c b/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c
index 29505a4..145ad7f 100644
--- a/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c
+++ b/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
*/
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
@@ -75,18 +75,20 @@
* Signature: (Ljava/lang/String;)V
*/
JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_connect
- (JNIEnv *env, jobject obj, jstring jPkcs11ModulePath, jstring jGetFunctionList)
+ (JNIEnv *env, jobject obj, jstring jPkcs11ModulePath,
+ jstring jGetFunctionList)
{
HINSTANCE hModule;
CK_C_GetFunctionList C_GetFunctionList;
- CK_RV rv;
+ CK_RV rv = CK_ASSERT_OK;
ModuleData *moduleData;
jobject globalPKCS11ImplementationReference;
- LPVOID lpMsgBuf;
- char *exceptionMessage;
+ LPVOID lpMsgBuf = NULL;
+ char *exceptionMessage = NULL;
const char *getFunctionListStr;
- const char *libraryNameStr = (*env)->GetStringUTFChars(env, jPkcs11ModulePath, 0);
+ const char *libraryNameStr = (*env)->GetStringUTFChars(env,
+ jPkcs11ModulePath, 0);
TRACE1("DEBUG: connect to PKCS#11 module: %s ... ", libraryNameStr);
@@ -106,21 +108,24 @@
0,
NULL
);
- exceptionMessage = (char *) malloc(sizeof(char) * (strlen((LPTSTR) lpMsgBuf) + strlen(libraryNameStr) + 1));
+ exceptionMessage = (char *) malloc(sizeof(char) *
+ (strlen((LPTSTR) lpMsgBuf) + strlen(libraryNameStr) + 1));
+ if (exceptionMessage == NULL) {
+ throwOutOfMemoryError(env, 0);
+ goto cleanup;
+ }
strcpy(exceptionMessage, (LPTSTR) lpMsgBuf);
strcat(exceptionMessage, libraryNameStr);
throwIOException(env, (LPTSTR) exceptionMessage);
- /* Free the buffer. */
- free(exceptionMessage);
- LocalFree(lpMsgBuf);
- return;
+ goto cleanup;
}
/*
* Get function pointer to C_GetFunctionList
*/
getFunctionListStr = (*env)->GetStringUTFChars(env, jGetFunctionList, 0);
- C_GetFunctionList = (CK_C_GetFunctionList) GetProcAddress(hModule, getFunctionListStr);
+ C_GetFunctionList = (CK_C_GetFunctionList) GetProcAddress(hModule,
+ getFunctionListStr);
(*env)->ReleaseStringUTFChars(env, jGetFunctionList, getFunctionListStr);
if (C_GetFunctionList == NULL) {
FormatMessage(
@@ -135,24 +140,37 @@
NULL
);
throwIOException(env, (LPTSTR) lpMsgBuf);
- /* Free the buffer. */
- LocalFree( lpMsgBuf );
- return;
+ goto cleanup;
}
/*
* Get function pointers to all PKCS #11 functions
*/
moduleData = (ModuleData *) malloc(sizeof(ModuleData));
+ if (moduleData == NULL) {
+ throwOutOfMemoryError(env, 0);
+ goto cleanup;
+ }
moduleData->hModule = hModule;
moduleData->applicationMutexHandler = NULL;
rv = (C_GetFunctionList)(&(moduleData->ckFunctionListPtr));
globalPKCS11ImplementationReference = (*env)->NewGlobalRef(env, obj);
putModuleEntry(env, globalPKCS11ImplementationReference, moduleData);
- (*env)->ReleaseStringUTFChars(env, jPkcs11ModulePath, libraryNameStr);
TRACE0("FINISHED\n");
+cleanup:
+ /* Free up allocated buffers we no longer need */
+ if (lpMsgBuf != NULL) {
+ LocalFree( lpMsgBuf );
+ }
+ if (libraryNameStr != NULL) {
+ (*env)->ReleaseStringUTFChars(env, jPkcs11ModulePath, libraryNameStr);
+ }
+ if (exceptionMessage != NULL) {
+ free(exceptionMessage);
+ }
+
if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; }
}
diff --git a/jdk/src/windows/native/sun/windows/WPrinterJob.cpp b/jdk/src/windows/native/sun/windows/WPrinterJob.cpp
index 3761c60..70aaa74 100644
--- a/jdk/src/windows/native/sun/windows/WPrinterJob.cpp
+++ b/jdk/src/windows/native/sun/windows/WPrinterJob.cpp
@@ -886,10 +886,12 @@
if (!present) {
defIndices[0] = papers[0];
}
- if (papers != NULL) {
- free((char*)papers);
- }
}
+ // If DeviceCapabilities fails, then also free paper allocation
+ if (papers != NULL) {
+ free((char*)papers);
+ }
+
}
RESTORE_CONTROLWORD
}
diff --git a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java
index 4995a9a..8db77d4 100644
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java
@@ -105,7 +105,7 @@
this.salt = salt;
this.iCount = iCount;
}
- public char[] getPassword() { return passwd; }
+ public char[] getPassword() { return passwd.clone(); }
public byte[] getSalt() { return salt; }
public int getIterationCount() { return iCount; }
public String getAlgorithm() { return "PBE"; }
diff --git a/jdk/test/com/sun/jndi/ldap/DisconnectNPETest.java b/jdk/test/com/sun/jndi/ldap/DisconnectNPETest.java
new file mode 100644
index 0000000..d8cb67d
--- /dev/null
+++ b/jdk/test/com/sun/jndi/ldap/DisconnectNPETest.java
@@ -0,0 +1,198 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import java.io.Closeable;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.util.Hashtable;
+
+/*
+ * @test
+ * @bug 8205330
+ * @summary Test that If a connection has already been established and then
+ * the LDAP directory server sends an (unsolicited)
+ * "Notice of Disconnection", make sure client handle it correctly,
+ * no NPE been thrown.
+ * @run main/othervm DisconnectNPETest
+ */
+
+public class DisconnectNPETest {
+ // Normally the NPE bug should be hit less than 100 times run, but just in
+ // case, we set repeat count to 1000 here.
+ private static final int REPEAT_COUNT = 1000;
+
+ public static void main(String[] args) throws IOException {
+ new DisconnectNPETest().run();
+ }
+
+ private ServerSocket serverSocket;
+ private Hashtable<Object, Object> env;
+ private TestLDAPServer server;
+
+ private void initRes() throws IOException {
+ serverSocket = new ServerSocket(0, 0, InetAddress.getLoopbackAddress());
+ server = new TestLDAPServer();
+ server.start();
+ }
+
+ private void initTest() {
+ env = new Hashtable<>();
+ env.put(Context.INITIAL_CONTEXT_FACTORY,
+ "com.sun.jndi.ldap.LdapCtxFactory");
+ env.put(Context.PROVIDER_URL, String.format("ldap://%s:%d/",
+ InetAddress.getLoopbackAddress().getHostName(),
+ serverSocket.getLocalPort()));
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL,
+ "cn=8205330,ou=Client6,ou=Vendor1,o=IMC,c=US");
+ env.put(Context.SECURITY_CREDENTIALS, "secret123");
+ }
+
+ private void run() throws IOException {
+ initRes();
+ initTest();
+ int count = 0;
+ try {
+ while (count < REPEAT_COUNT) {
+ count++;
+ InitialDirContext context = null;
+ try {
+ context = new InitialDirContext(env);
+ } catch (NamingException ne) {
+ System.out.println("(" + count + "/" + REPEAT_COUNT
+ + ") It's ok to get NamingException: " + ne);
+ // for debug
+ ne.printStackTrace(System.out);
+ } finally {
+ cleanupContext(context);
+ }
+ }
+ } finally {
+ System.out.println("Test count: " + count + "/" + REPEAT_COUNT);
+ cleanupTest();
+ }
+ }
+
+ private void cleanupTest() {
+ if (server != null) {
+ server.stopServer();
+ }
+ cleanupClosableRes(serverSocket);
+ }
+
+ private void cleanupContext(DirContext context) {
+ if (context != null) {
+ try {
+ context.close();
+ } catch (NamingException e) {
+ // ignore
+ }
+ }
+ }
+
+ private static void cleanupClosableRes(Closeable res) {
+ if (res != null) {
+ try {
+ res.close();
+ } catch (Exception e) {
+ // ignore
+ }
+ }
+ }
+
+ class TestLDAPServer extends Thread {
+ private volatile boolean isRunning;
+
+ TestLDAPServer() {
+ isRunning = true;
+ }
+
+ private void stopServer() {
+ isRunning = false;
+ }
+
+ @Override
+ public void run() {
+ try {
+ while (isRunning) {
+ Socket clientSocket = serverSocket.accept();
+ Thread handler = new Thread(
+ new LDAPServerHandler(clientSocket));
+ handler.start();
+ }
+ } catch (IOException e) {
+ if (isRunning) {
+ throw new RuntimeException(e);
+ }
+ }
+ }
+ }
+
+ static class LDAPServerHandler implements Runnable {
+ // "Notice of Disconnection" message
+ private static final byte[] DISCONNECT_MSG = { 0x30, 0x4C, 0x02, 0x01,
+ 0x00, 0x78, 0x47, 0x0A, 0x01, 0x34, 0x04, 0x00, 0x04, 0x28,
+ 0x55, 0x4E, 0x41, 0x56, 0x41, 0x49, 0x4C, 0x41, 0x42, 0x4C,
+ 0x45, 0x3A, 0x20, 0x54, 0x68, 0x65, 0x20, 0x73, 0x65, 0x72,
+ 0x76, 0x65, 0x72, 0x20, 0x77, 0x69, 0x6C, 0x6C, 0x20, 0x64,
+ 0x69, 0x73, 0x63, 0x6F, 0x6E, 0x6E, 0x65, 0x63, 0x74, 0x21,
+ (byte) 0x8A, 0x16, 0x31, 0x2E, 0x33, 0x2E, 0x36, 0x2E, 0x31,
+ 0x2E, 0x34, 0x2E, 0x31, 0x2E, 0x31, 0x34, 0x36, 0x36, 0x2E,
+ 0x32, 0x30, 0x30, 0x33, 0x36 };
+ private static final byte[] BIND_RESPONSE = { 0x30, 0x0C, 0x02, 0x01,
+ 0x01, 0x61, 0x07, 0x0A, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00 };
+ private final Socket clientSocket;
+
+ private LDAPServerHandler(final Socket clientSocket) {
+ this.clientSocket = clientSocket;
+ }
+
+ @Override
+ public void run() {
+ try (OutputStream out = clientSocket.getOutputStream();
+ InputStream in = clientSocket.getInputStream()) {
+ if (in.read() > 0) {
+ in.skip(in.available());
+ out.write(BIND_RESPONSE);
+ out.write(DISCONNECT_MSG);
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ } finally {
+ try {
+ clientSocket.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+}
diff --git a/jdk/test/java/awt/print/PageFormat/WrongPaperForBookPrintingTest.java b/jdk/test/java/awt/print/PageFormat/WrongPaperForBookPrintingTest.java
new file mode 100644
index 0000000..ca96f99
--- /dev/null
+++ b/jdk/test/java/awt/print/PageFormat/WrongPaperForBookPrintingTest.java
@@ -0,0 +1,243 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ @bug 8201818
+ @summary Printing attributes break page size set via "java.awt.print.Book"
+ object
+ @run main/manual WrongPaperForBookPrintingTest
+ */
+
+import java.awt.BorderLayout;
+import java.awt.Color;
+import java.awt.FlowLayout;
+import java.awt.Graphics;
+import java.awt.event.WindowAdapter;
+import java.awt.event.WindowEvent;
+import java.awt.print.Book;
+import java.awt.print.PageFormat;
+import java.awt.print.Paper;
+import java.awt.print.Printable;
+import java.awt.print.PrinterException;
+import java.awt.print.PrinterJob;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import javax.print.attribute.HashPrintRequestAttributeSet;
+import javax.print.attribute.PrintRequestAttributeSet;
+import javax.print.attribute.Size2DSyntax;
+import javax.print.attribute.standard.Chromaticity;
+import javax.print.attribute.standard.MediaSize;
+import javax.print.attribute.standard.MediaSizeName;
+import javax.swing.JButton;
+import javax.swing.JDialog;
+import javax.swing.JLabel;
+import javax.swing.JPanel;
+import javax.swing.JTextArea;
+import javax.swing.SwingUtilities;
+import javax.swing.Timer;
+import javax.swing.WindowConstants;
+
+public class WrongPaperForBookPrintingTest implements Printable {
+ private static final CountDownLatch testEndedSignal = new CountDownLatch(1);
+ private static final int testTimeout = 300000;
+ private static volatile String testFailureMsg;
+ private static volatile boolean testPassed;
+ private static volatile boolean testFinished;
+
+ public static void main(String[] args) {
+ SwingUtilities.invokeLater(() -> createAndShowTestDialog());
+
+ try {
+ if (!testEndedSignal.await(testTimeout, TimeUnit.MILLISECONDS)) {
+ throw new RuntimeException(String.format(
+ "Test timeout '%d ms' elapsed.", testTimeout));
+ }
+ if (!testPassed) {
+ String failureMsg = testFailureMsg;
+ if ((failureMsg != null) && (!failureMsg.trim().isEmpty())) {
+ throw new RuntimeException(failureMsg);
+ } else {
+ throw new RuntimeException("Test failed.");
+ }
+ }
+ } catch (InterruptedException ie) {
+ throw new RuntimeException(ie);
+ } finally {
+ testFinished = true;
+ }
+ }
+
+ private static void doTest() {
+ PrintRequestAttributeSet aset = new HashPrintRequestAttributeSet();
+ aset.add(Chromaticity.MONOCHROME);
+
+ MediaSize isoA5Size = MediaSize.getMediaSizeForName(MediaSizeName.ISO_A5);
+ float[] size = isoA5Size.getSize(Size2DSyntax.INCH);
+ Paper paper = new Paper();
+ paper.setSize(size[0] * 72.0, size[1] * 72.0);
+ paper.setImageableArea(0.0, 0.0, size[0] * 72.0, size[1] * 72.0);
+ PageFormat pf = new PageFormat();
+ pf.setPaper(paper);
+
+ Book pageable = new Book();
+ pageable.append(new WrongPaperForBookPrintingTest(), pf);
+
+ PrinterJob job = PrinterJob.getPrinterJob();
+ job.setPageable(pageable);
+ if (job.printDialog()) {
+ try {
+ job.print(aset);
+ } catch (PrinterException pe) {
+ throw new RuntimeException(pe);
+ }
+ }
+ }
+
+ private static void pass() {
+ testPassed = true;
+ testEndedSignal.countDown();
+ }
+
+ private static void fail(String failureMsg) {
+ testFailureMsg = failureMsg;
+ testPassed = false;
+ testEndedSignal.countDown();
+ }
+
+ private static String convertMillisToTimeStr(int millis) {
+ if (millis < 0) {
+ return "00:00:00";
+ }
+ int hours = millis / 3600000;
+ int minutes = (millis - hours * 3600000) / 60000;
+ int seconds = (millis - hours * 3600000 - minutes * 60000) / 1000;
+ return String.format("%02d:%02d:%02d", hours, minutes, seconds);
+ }
+
+ private static void createAndShowTestDialog() {
+ String description =
+ " To run this test it is required to have a virtual PDF\r\n" +
+ " printer or any other printer supporting A5 paper size.\r\n" +
+ "\r\n" +
+ " 1. Verify that NOT A5 paper size is set as default for the\r\n" +
+ " printer to be used.\r\n" +
+ " 2. Click on \"Start Test\" button.\r\n" +
+ " 3. In the shown print dialog select the printer and click\r\n" +
+ " on \"Print\" button.\r\n" +
+ " 4. Verify that a page with a drawn rectangle is printed on\r\n" +
+ " a paper of A5 size which is (5.8 x 8.3 in) or\r\n" +
+ " (148 x 210 mm).\r\n" +
+ "\r\n" +
+ " If the printed page size is correct, click on \"PASS\"\r\n" +
+ " button, otherwise click on \"FAIL\" button.";
+
+ final JDialog dialog = new JDialog();
+ dialog.setTitle("WrongPaperForBookPrintingTest");
+ dialog.setDefaultCloseOperation(WindowConstants.DISPOSE_ON_CLOSE);
+ dialog.addWindowListener(new WindowAdapter() {
+ @Override
+ public void windowClosing(WindowEvent e) {
+ dialog.dispose();
+ fail("Main dialog was closed.");
+ }
+ });
+
+ final JLabel testTimeoutLabel = new JLabel(String.format(
+ "Test timeout: %s", convertMillisToTimeStr(testTimeout)));
+ final long startTime = System.currentTimeMillis();
+ final Timer timer = new Timer(0, null);
+ timer.setDelay(1000);
+ timer.addActionListener((e) -> {
+ int leftTime = testTimeout - (int) (System.currentTimeMillis() - startTime);
+ if ((leftTime < 0) || testFinished) {
+ timer.stop();
+ dialog.dispose();
+ }
+ testTimeoutLabel.setText(String.format(
+ "Test timeout: %s", convertMillisToTimeStr(leftTime)));
+ });
+ timer.start();
+
+ JTextArea textArea = new JTextArea(description);
+ textArea.setEditable(false);
+
+ final JButton testButton = new JButton("Start Test");
+ final JButton passButton = new JButton("PASS");
+ final JButton failButton = new JButton("FAIL");
+ testButton.addActionListener((e) -> {
+ testButton.setEnabled(false);
+ new Thread(() -> {
+ try {
+ doTest();
+
+ SwingUtilities.invokeLater(() -> {
+ passButton.setEnabled(true);
+ failButton.setEnabled(true);
+ });
+ } catch (Throwable t) {
+ t.printStackTrace();
+ dialog.dispose();
+ fail("Exception occurred in a thread executing the test.");
+ }
+ }).start();
+ });
+ passButton.setEnabled(false);
+ passButton.addActionListener((e) -> {
+ dialog.dispose();
+ pass();
+ });
+ failButton.setEnabled(false);
+ failButton.addActionListener((e) -> {
+ dialog.dispose();
+ fail("Size of a printed page is wrong.");
+ });
+
+ JPanel mainPanel = new JPanel(new BorderLayout());
+ JPanel labelPanel = new JPanel(new FlowLayout());
+ labelPanel.add(testTimeoutLabel);
+ mainPanel.add(labelPanel, BorderLayout.NORTH);
+ mainPanel.add(textArea, BorderLayout.CENTER);
+ JPanel buttonPanel = new JPanel(new FlowLayout());
+ buttonPanel.add(testButton);
+ buttonPanel.add(passButton);
+ buttonPanel.add(failButton);
+ mainPanel.add(buttonPanel, BorderLayout.SOUTH);
+ dialog.add(mainPanel);
+
+ dialog.pack();
+ dialog.setVisible(true);
+ }
+
+ @Override
+ public int print(Graphics g, PageFormat pf, int pageIndex)
+ throws PrinterException {
+ if (pageIndex == 0) {
+ g.setColor(Color.RED);
+ g.drawRect((int) pf.getImageableX(), (int) pf.getImageableY(),
+ (int) pf.getImageableWidth() - 1, (int) pf.getImageableHeight() - 1);
+ return Printable.PAGE_EXISTS;
+ } else {
+ return Printable.NO_SUCH_PAGE;
+ }
+ }
+}
diff --git a/jdk/test/java/math/BigDecimal/AddTests.java b/jdk/test/java/math/BigDecimal/AddTests.java
index b91b127..8045e28 100644
--- a/jdk/test/java/math/BigDecimal/AddTests.java
+++ b/jdk/test/java/math/BigDecimal/AddTests.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 6362557
+ * @bug 6362557 8200698
* @summary Some tests of add(BigDecimal, mc)
* @author Joseph D. Darcy
*/
@@ -290,12 +290,35 @@
return failures;
}
+ private static int arithmeticExceptionTest() {
+ int failures = 0;
+ BigDecimal x;
+ try {
+ //
+ // The string representation "1e2147483647", which is equivalent
+ // to 10^Integer.MAX_VALUE, is used to create an augend with an
+ // unscaled value of 1 and a scale of -Integer.MAX_VALUE. The
+ // addend "1" has an unscaled value of 1 with a scale of 0. The
+ // addition is performed exactly and is specified to have a
+ // preferred scale of max(-Integer.MAX_VALUE, 0). As the scale
+ // of the result is 0, a value with Integer.MAX_VALUE + 1 digits
+ // would need to be created. Therefore the next statement is
+ // expected to overflow with an ArithmeticException.
+ //
+ x = new BigDecimal("1e2147483647").add(new BigDecimal(1));
+ failures++;
+ } catch (ArithmeticException ae) {
+ }
+ return failures;
+ }
+
public static void main(String argv[]) {
int failures = 0;
failures += extremaTests();
failures += roundingGradationTests();
failures += precisionConsistencyTest();
+ failures += arithmeticExceptionTest();
if (failures > 0) {
throw new RuntimeException("Incurred " + failures +
diff --git a/jdk/test/java/math/BigDecimal/Constructor.java b/jdk/test/java/math/BigDecimal/Constructor.java
index 3c4742f..b7371074 100644
--- a/jdk/test/java/math/BigDecimal/Constructor.java
+++ b/jdk/test/java/math/BigDecimal/Constructor.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,20 +23,48 @@
/*
* @test
- * @bug 4259453
- * @summary Test string constructor of BigDecimal
+ * @bug 4259453 8200698
+ * @summary Test constructors of BigDecimal
+ * @library ..
+ * @run testng Constructor
*/
+
import java.math.BigDecimal;
+import org.testng.annotations.Test;
public class Constructor {
- public static void main(String[] args) throws Exception {
- boolean nfe = false;
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void stringConstructor() {
+ BigDecimal bd = new BigDecimal("1.2e");
+ }
+
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void charArrayConstructorNegativeOffset() {
+ BigDecimal bd = new BigDecimal(new char[5], -1, 4, null);
+ }
+
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void charArrayConstructorNegativeLength() {
+ BigDecimal bd = new BigDecimal(new char[5], 0, -1, null);
+ }
+
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void charArrayConstructorIntegerOverflow() {
try {
- BigDecimal bd = new BigDecimal("1.2e");
- } catch (NumberFormatException e) {
- nfe = true;
+ BigDecimal bd = new BigDecimal(new char[5], Integer.MAX_VALUE - 5,
+ 6, null);
+ } catch (NumberFormatException nfe) {
+ if (nfe.getCause() instanceof IndexOutOfBoundsException) {
+ throw new RuntimeException
+ ("NumberFormatException should not have a cause");
+ } else {
+ throw nfe;
+ }
}
- if (!nfe)
- throw new Exception("Didn't throw NumberFormatException");
+ }
+
+ @Test(expectedExceptions=NumberFormatException.class)
+ public void charArrayConstructorIndexOutOfBounds() {
+ BigDecimal bd = new BigDecimal(new char[5], 1, 5, null);
}
}
diff --git a/jdk/test/java/math/BigInteger/LargeValueExceptions.java b/jdk/test/java/math/BigInteger/LargeValueExceptions.java
new file mode 100644
index 0000000..69d0d4f
--- /dev/null
+++ b/jdk/test/java/math/BigInteger/LargeValueExceptions.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8200698
+ * @summary Tests that exceptions are thrown for ops which would overflow
+ * @requires (sun.arch.data.model == "64" & os.maxMemory > 4g)
+ * @run testng/othervm -Xmx4g LargeValueExceptions
+ */
+import java.math.BigInteger;
+import static java.math.BigInteger.ONE;
+import org.testng.annotations.Test;
+
+//
+// The intent of this test is to probe the boundaries between overflow and
+// non-overflow, principally for multiplication and squaring, specifically
+// the largest values which should not overflow and the smallest values which
+// should. The transition values used are not necessarily at the exact
+// boundaries but should be "close." Quite a few different values were used
+// experimentally before settling on the ones in this test. For multiplication
+// and squaring all cases are exercised: definite overflow and non-overflow
+// which can be detected "up front," and "indefinite" overflow, i.e., overflow
+// which cannot be detected up front so further calculations are required.
+//
+// Testing negative values is unnecessary. For both multiplication and squaring
+// the paths lead to the Toom-Cook algorithm where the signum is used only to
+// determine the sign of the result and not in the intermediate calculations.
+// This is also true for exponentiation.
+//
+// @Test annotations with optional element "enabled" set to "false" should
+// succeed when "enabled" is set to "true" but they take too to run in the
+// course of the typical regression test execution scenario.
+//
+public class LargeValueExceptions {
+ // BigInteger.MAX_MAG_LENGTH
+ private static final int MAX_INTS = 1 << 26;
+
+ // Number of bits corresponding to MAX_INTS
+ private static final long MAX_BITS = (0xffffffffL & MAX_INTS) << 5L;
+
+ // Half BigInteger.MAX_MAG_LENGTH
+ private static final int MAX_INTS_HALF = MAX_INTS / 2;
+
+ // --- squaring ---
+
+ // Largest no overflow determined by examining data lengths alone.
+ @Test(enabled=false)
+ public void squareNoOverflow() {
+ BigInteger x = ONE.shiftLeft(16*MAX_INTS - 1).subtract(ONE);
+ BigInteger y = x.multiply(x);
+ }
+
+ // Smallest no overflow determined by extra calculations.
+ @Test(enabled=false)
+ public void squareIndefiniteOverflowSuccess() {
+ BigInteger x = ONE.shiftLeft(16*MAX_INTS - 1);
+ BigInteger y = x.multiply(x);
+ }
+
+ // Largest overflow detected by extra calculations.
+ @Test(expectedExceptions=ArithmeticException.class,enabled=false)
+ public void squareIndefiniteOverflowFailure() {
+ BigInteger x = ONE.shiftLeft(16*MAX_INTS).subtract(ONE);
+ BigInteger y = x.multiply(x);
+ }
+
+ // Smallest overflow detected by examining data lengths alone.
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void squareDefiniteOverflow() {
+ BigInteger x = ONE.shiftLeft(16*MAX_INTS);
+ BigInteger y = x.multiply(x);
+ }
+
+ // --- multiplication ---
+
+ // Largest no overflow determined by examining data lengths alone.
+ @Test(enabled=false)
+ public void multiplyNoOverflow() {
+ final int halfMaxBits = MAX_INTS_HALF << 5;
+
+ BigInteger x = ONE.shiftLeft(halfMaxBits).subtract(ONE);
+ BigInteger y = ONE.shiftLeft(halfMaxBits - 1).subtract(ONE);
+ BigInteger z = x.multiply(y);
+ }
+
+ // Smallest no overflow determined by extra calculations.
+ @Test(enabled=false)
+ public void multiplyIndefiniteOverflowSuccess() {
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS/2) - 1);
+ long m = MAX_BITS - x.bitLength();
+
+ BigInteger y = ONE.shiftLeft((int)(MAX_BITS/2) - 1);
+ long n = MAX_BITS - y.bitLength();
+
+ if (m + n != MAX_BITS) {
+ throw new RuntimeException("Unexpected leading zero sum");
+ }
+
+ BigInteger z = x.multiply(y);
+ }
+
+ // Largest overflow detected by extra calculations.
+ @Test(expectedExceptions=ArithmeticException.class,enabled=false)
+ public void multiplyIndefiniteOverflowFailure() {
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS/2)).subtract(ONE);
+ long m = MAX_BITS - x.bitLength();
+
+ BigInteger y = ONE.shiftLeft((int)(MAX_BITS/2)).subtract(ONE);
+ long n = MAX_BITS - y.bitLength();
+
+ if (m + n != MAX_BITS) {
+ throw new RuntimeException("Unexpected leading zero sum");
+ }
+
+ BigInteger z = x.multiply(y);
+ }
+
+ // Smallest overflow detected by examining data lengths alone.
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void multiplyDefiniteOverflow() {
+ // multiply by 4 as MAX_INTS_HALF refers to ints
+ byte[] xmag = new byte[4*MAX_INTS_HALF];
+ xmag[0] = (byte)0xff;
+ BigInteger x = new BigInteger(1, xmag);
+
+ byte[] ymag = new byte[4*MAX_INTS_HALF + 1];
+ ymag[0] = (byte)0xff;
+ BigInteger y = new BigInteger(1, ymag);
+
+ BigInteger z = x.multiply(y);
+ }
+
+ // --- exponentiation ---
+
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void powOverflow() {
+ BigInteger.TEN.pow(Integer.MAX_VALUE);
+ }
+
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void powOverflow1() {
+ int shift = 20;
+ int exponent = 1 << shift;
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent));
+ BigInteger y = x.pow(exponent);
+ }
+
+ @Test(expectedExceptions=ArithmeticException.class)
+ public void powOverflow2() {
+ int shift = 20;
+ int exponent = 1 << shift;
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)).add(ONE);
+ BigInteger y = x.pow(exponent);
+ }
+
+ @Test(expectedExceptions=ArithmeticException.class,enabled=false)
+ public void powOverflow3() {
+ int shift = 20;
+ int exponent = 1 << shift;
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)).subtract(ONE);
+ BigInteger y = x.pow(exponent);
+ }
+
+ @Test(enabled=false)
+ public void powOverflow4() {
+ int shift = 20;
+ int exponent = 1 << shift;
+ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent - 1)).add(ONE);
+ BigInteger y = x.pow(exponent);
+ }
+}
diff --git a/jdk/test/java/time/test/java/time/chrono/TestEraDisplayName.java b/jdk/test/java/time/test/java/time/chrono/TestEraDisplayName.java
new file mode 100644
index 0000000..1ff5f2a
--- /dev/null
+++ b/jdk/test/java/time/test/java/time/chrono/TestEraDisplayName.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package test.java.time.chrono;
+
+import java.time.*;
+import java.time.chrono.*;
+import java.time.format.*;
+import java.util.Locale;
+
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+import static org.testng.Assert.assertEquals;
+
+/**
+ * Tests Era.getDisplayName() correctly returns the name based on each
+ * chrono implementation.
+ * Note: The exact result may depend on locale data provider's implementation.
+ *
+ * @bug 8171049 8215377
+ * @run testng/othervm -Djava.locale.providers=CLDR TestEraDisplayName
+ */
+@Test
+public class TestEraDisplayName {
+ private static final Locale THAI = Locale.forLanguageTag("th-TH");
+ private static final Locale EGYPT = Locale.forLanguageTag("ar-EG");
+
+ @DataProvider(name="eraDisplayName")
+ Object[][] eraDisplayName() {
+ return new Object[][] {
+ // Era, text style, displyay locale, expected name
+ // IsoEra
+ { IsoEra.BCE, TextStyle.FULL, Locale.US, "Before Christ" },
+ { IsoEra.CE, TextStyle.FULL, Locale.US, "Anno Domini" },
+ { IsoEra.BCE, TextStyle.FULL, Locale.JAPAN, "\u7d00\u5143\u524d" },
+ { IsoEra.CE, TextStyle.FULL, Locale.JAPAN, "\u897f\u66a6" },
+ { IsoEra.BCE, TextStyle.SHORT, Locale.US, "BC" },
+ { IsoEra.CE, TextStyle.SHORT, Locale.US, "AD" },
+ { IsoEra.BCE, TextStyle.SHORT, Locale.JAPAN, "\u7d00\u5143\u524d" },
+ { IsoEra.CE, TextStyle.SHORT, Locale.JAPAN, "\u897f\u66a6" },
+ { IsoEra.BCE, TextStyle.NARROW, Locale.US, "B" },
+ { IsoEra.CE, TextStyle.NARROW, Locale.US, "A" },
+ { IsoEra.BCE, TextStyle.NARROW, Locale.JAPAN, "B" },
+ { IsoEra.CE, TextStyle.NARROW, Locale.JAPAN, "A" },
+
+ // JapaneseEra
+ { JapaneseEra.MEIJI, TextStyle.FULL, Locale.US, "Meiji" },
+ { JapaneseEra.TAISHO, TextStyle.FULL, Locale.US, "Taisho" },
+ { JapaneseEra.SHOWA, TextStyle.FULL, Locale.US, "Showa" },
+ { JapaneseEra.HEISEI, TextStyle.FULL, Locale.US, "Heisei" },
+ { JapaneseEra.MEIJI, TextStyle.FULL, Locale.JAPAN, "\u660e\u6cbb" },
+ { JapaneseEra.TAISHO, TextStyle.FULL, Locale.JAPAN, "\u5927\u6b63" },
+ { JapaneseEra.SHOWA, TextStyle.FULL, Locale.JAPAN, "\u662d\u548c" },
+ { JapaneseEra.HEISEI, TextStyle.FULL, Locale.JAPAN, "\u5e73\u6210" },
+ { JapaneseEra.MEIJI, TextStyle.SHORT, Locale.US, "Meiji" },
+ { JapaneseEra.TAISHO, TextStyle.SHORT, Locale.US, "Taisho" },
+ { JapaneseEra.SHOWA, TextStyle.SHORT, Locale.US, "Showa" },
+ { JapaneseEra.HEISEI, TextStyle.SHORT, Locale.US, "Heisei" },
+ { JapaneseEra.MEIJI, TextStyle.SHORT, Locale.JAPAN, "\u660e\u6cbb" },
+ { JapaneseEra.TAISHO, TextStyle.SHORT, Locale.JAPAN, "\u5927\u6b63" },
+ { JapaneseEra.SHOWA, TextStyle.SHORT, Locale.JAPAN, "\u662d\u548c" },
+ { JapaneseEra.HEISEI, TextStyle.SHORT, Locale.JAPAN, "\u5e73\u6210" },
+ { JapaneseEra.MEIJI, TextStyle.NARROW, Locale.US, "M" },
+ { JapaneseEra.TAISHO, TextStyle.NARROW, Locale.US, "T" },
+ { JapaneseEra.SHOWA, TextStyle.NARROW, Locale.US, "S" },
+ { JapaneseEra.HEISEI, TextStyle.NARROW, Locale.US, "H" },
+ { JapaneseEra.MEIJI, TextStyle.NARROW, Locale.JAPAN, "M" },
+ { JapaneseEra.TAISHO, TextStyle.NARROW, Locale.JAPAN, "T" },
+ { JapaneseEra.SHOWA, TextStyle.NARROW, Locale.JAPAN, "S" },
+ { JapaneseEra.HEISEI, TextStyle.NARROW, Locale.JAPAN, "H" },
+ };
+ }
+
+ @Test(dataProvider="eraDisplayName")
+ public void test_eraDisplayName(Era era, TextStyle style, Locale locale, String expected) {
+ assertEquals(era.getDisplayName(style, locale), expected);
+ }
+}
diff --git a/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
index faada15..b2c6268 100644
--- a/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
+++ b/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@
/**
* @test
- * @bug 8076221 8157035
+ * @bug 8076221 8157035 8211883
* @summary Check if weak cipher suites are disabled
* @run main/othervm DisabledAlgorithms default
* @run main/othervm DisabledAlgorithms empty
@@ -59,9 +59,9 @@
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
- // supported RC4 cipher suites
+ // supported RC4, NULL, and anon cipher suites
// it does not contain KRB5 cipher suites because they need a KDC
- private static final String[] rc4_ciphersuites = new String[] {
+ private static final String[] rc4_null_anon_ciphersuites = new String[] {
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_SHA",
@@ -69,7 +69,31 @@
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
"TLS_ECDH_anon_WITH_RC4_128_SHA",
- "SSL_DH_anon_WITH_RC4_128_MD5"
+ "SSL_DH_anon_WITH_RC4_128_MD5",
+ "SSL_RSA_WITH_NULL_MD5",
+ "SSL_RSA_WITH_NULL_SHA",
+ "TLS_RSA_WITH_NULL_SHA256",
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDH_RSA_WITH_NULL_SHA",
+ "TLS_ECDHE_RSA_WITH_NULL_SHA",
+ "TLS_ECDH_anon_WITH_NULL_SHA",
+ "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+ "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ "SSL_DH_anon_WITH_DES_CBC_SHA",
+ "SSL_DH_anon_WITH_RC4_128_MD5",
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+ "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+ "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+ "TLS_ECDH_anon_WITH_NULL_SHA",
+ "TLS_ECDH_anon_WITH_RC4_128_SHA"
};
public static void main(String[] args) throws Exception {
@@ -88,8 +112,9 @@
System.out.println("jdk.tls.disabledAlgorithms = "
+ Security.getProperty("jdk.tls.disabledAlgorithms"));
- // check if RC4 cipher suites can't be used by default
- checkFailure(rc4_ciphersuites);
+ // check if RC4, NULL, and anon cipher suites
+ // can't be used by default
+ checkFailure(rc4_null_anon_ciphersuites);
break;
case "empty":
// reset jdk.tls.disabledAlgorithms
@@ -97,9 +122,9 @@
System.out.println("jdk.tls.disabledAlgorithms = "
+ Security.getProperty("jdk.tls.disabledAlgorithms"));
- // check if RC4 cipher suites can be used
+ // check if RC4, NULL, and anon cipher suites can be used
// if jdk.tls.disabledAlgorithms is empty
- checkSuccess(rc4_ciphersuites);
+ checkSuccess(rc4_null_anon_ciphersuites);
break;
default:
throw new RuntimeException("Wrong parameter: " + args[0]);
diff --git a/jdk/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java b/jdk/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java
index e19b8f2..7178502 100644
--- a/jdk/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,60 +26,61 @@
/*
* @test
- * @bug 8162362
+ * @bug 8162362 8208350
* @summary Cannot enable previously default enabled cipher suites
* @run main/othervm
* CustomizedCipherSuites Default true
* TLS_RSA_WITH_AES_128_CBC_SHA
- * SSL_RSA_WITH_DES_CBC_SHA
+ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
* @run main/othervm
* -Djdk.tls.client.cipherSuites="unknown"
* CustomizedCipherSuites Default true
* TLS_RSA_WITH_AES_128_CBC_SHA
- * SSL_RSA_WITH_DES_CBC_SHA
+ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
* @run main/othervm
* -Djdk.tls.client.cipherSuites=""
* CustomizedCipherSuites Default true
* TLS_RSA_WITH_AES_128_CBC_SHA
- * SSL_RSA_WITH_DES_CBC_SHA
+ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
* @run main/othervm
- * -Djdk.tls.client.cipherSuites="SSL_RSA_WITH_DES_CBC_SHA"
+ * -Djdk.tls.client.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
* CustomizedCipherSuites Default true
- * SSL_RSA_WITH_DES_CBC_SHA
+ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* @run main/othervm
- * -Djdk.tls.server.cipherSuites="SSL_RSA_WITH_DES_CBC_SHA"
+ * -Djdk.tls.server.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
* CustomizedCipherSuites Default false
- * SSL_RSA_WITH_DES_CBC_SHA
+ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* @run main/othervm
- * -Djdk.tls.client.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,SSL_RSA_WITH_DES_CBC_SHA"
+ * -Djdk.tls.client.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
* CustomizedCipherSuites Default true
- * SSL_RSA_WITH_DES_CBC_SHA
+ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
* ""
* @run main/othervm
- * -Djdk.tls.server.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,SSL_RSA_WITH_DES_CBC_SHA"
+ * -Djdk.tls.server.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
* CustomizedCipherSuites Default false
* TLS_RSA_WITH_AES_128_CBC_SHA
* ""
* @run main/othervm
- * -Djdk.tls.server.cipherSuites="SSL_RSA_WITH_DES_CBC_SHA"
+ * -Djdk.tls.server.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
* CustomizedCipherSuites Default true
* TLS_RSA_WITH_AES_128_CBC_SHA
- * SSL_RSA_WITH_DES_CBC_SHA
+ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
* @run main/othervm
- * -Djdk.tls.client.cipherSuites="SSL_RSA_WITH_DES_CBC_SHA"
+ * -Djdk.tls.client.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
* CustomizedCipherSuites Default false
* TLS_RSA_WITH_AES_128_CBC_SHA
- * SSL_RSA_WITH_DES_CBC_SHA
+ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
*/
+import java.security.Security;
import javax.net.ssl.*;
/**
* Test the customized default cipher suites.
*
- * This test is based on the behavior that SSL_RSA_WITH_DES_CBC_SHA is
+ * This test is based on the behavior that TLS_ECDH_anon_WITH_AES_128_CBC_SHA is
* disabled by default, and TLS_RSA_WITH_AES_128_CBC_SHA is enabled by
* default in JDK. If the behavior is changed in the future, please
* update the test cases above accordingly.
@@ -90,14 +91,18 @@
private static boolean isClientMode;
private static String enabledCipherSuite;
- private static String disabledCipherSuite;
+ private static String notEnabledCipherSuite;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure the cipher suites
+ // used in this test are not disabled
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
contextProtocol = trimQuotes(args[0]);
isClientMode = Boolean.parseBoolean(args[1]);
enabledCipherSuite = trimQuotes(args[2]);
- disabledCipherSuite = trimQuotes(args[3]);
+ notEnabledCipherSuite = trimQuotes(args[3]);
//
// Create instance of SSLContext with the specified protocol.
@@ -206,8 +211,8 @@
isMatch = true;
}
- if (!disabledCipherSuite.isEmpty() &&
- cipher.equals(disabledCipherSuite)) {
+ if (!notEnabledCipherSuite.isEmpty() &&
+ cipher.equals(notEnabledCipherSuite)) {
isBroken = true;
}
}
@@ -219,7 +224,7 @@
if (isBroken) {
throw new Exception(
- "Cipher suite " + disabledCipherSuite + " should be disabled");
+ "Cipher suite " + notEnabledCipherSuite + " should not be enabled");
}
}
@@ -231,7 +236,7 @@
}
boolean hasEnabledCipherSuite = enabledCipherSuite.isEmpty();
- boolean hasDisabledCipherSuite = disabledCipherSuite.isEmpty();
+ boolean hasNotEnabledCipherSuite = notEnabledCipherSuite.isEmpty();
for (String cipher : ciphers) {
System.out.println("\tsupported cipher suite " + cipher);
if (!enabledCipherSuite.isEmpty() &&
@@ -239,9 +244,9 @@
hasEnabledCipherSuite = true;
}
- if (!disabledCipherSuite.isEmpty() &&
- cipher.equals(disabledCipherSuite)) {
- hasDisabledCipherSuite = true;
+ if (!notEnabledCipherSuite.isEmpty() &&
+ cipher.equals(notEnabledCipherSuite)) {
+ hasNotEnabledCipherSuite = true;
}
}
@@ -250,9 +255,9 @@
"Cipher suite " + enabledCipherSuite + " should be supported");
}
- if (!hasDisabledCipherSuite) {
+ if (!hasNotEnabledCipherSuite) {
throw new Exception(
- "Cipher suite " + disabledCipherSuite + " should be supported");
+ "Cipher suite " + notEnabledCipherSuite + " should not be enabled");
}
}
diff --git a/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java b/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
index 748b5fe..2d8ca9a 100644
--- a/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
+++ b/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,7 @@
import java.io.*;
import java.net.*;
+import java.security.Security;
import javax.net.ssl.*;
public class JSSERenegotiate {
@@ -190,6 +191,10 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the cipher suites
+ // used in this test are not disabled
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
diff --git a/jdk/test/sun/security/tools/jarsigner/TimestampCheck.java b/jdk/test/sun/security/tools/jarsigner/TimestampCheck.java
index ab11a8d..b5070ce 100644
--- a/jdk/test/sun/security/tools/jarsigner/TimestampCheck.java
+++ b/jdk/test/sun/security/tools/jarsigner/TimestampCheck.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -75,6 +75,7 @@
* java.base/sun.security.util
* java.base/sun.security.tools.keytool
* @library /lib/testlibrary
+ * @compile -XDignore.symbol.file TimestampCheck.java
* @run main/othervm/timeout=600 TimestampCheck
*/
public class TimestampCheck {
@@ -121,12 +122,12 @@
*/
byte[] sign(byte[] input, String path) throws Exception {
DerValue value = new DerValue(input);
- System.out.println("\nIncoming Request\n===================");
- System.out.println("Version: " + value.data.getInteger());
+ System.out.println("#\n# Incoming Request\n===================");
+ System.out.println("# Version: " + value.data.getInteger());
DerValue messageImprint = value.data.getDerValue();
AlgorithmId aid = AlgorithmId.parse(
messageImprint.data.getDerValue());
- System.out.println("AlgorithmId: " + aid);
+ System.out.println("# AlgorithmId: " + aid);
ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId);
BigInteger nonce = null;
@@ -134,16 +135,16 @@
DerValue v = value.data.getDerValue();
if (v.tag == DerValue.tag_Integer) {
nonce = v.getBigInteger();
- System.out.println("nonce: " + nonce);
+ System.out.println("# nonce: " + nonce);
} else if (v.tag == DerValue.tag_Boolean) {
- System.out.println("certReq: " + v.getBoolean());
+ System.out.println("# certReq: " + v.getBoolean());
} else if (v.tag == DerValue.tag_ObjectId) {
policyId = v.getOID();
- System.out.println("PolicyID: " + policyId);
+ System.out.println("# PolicyID: " + policyId);
}
}
- System.out.println("\nResponse\n===================");
+ System.out.println("#\n# Response\n===================");
FileInputStream is = new FileInputStream(keystore);
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(is, "changeit".toCharArray());
@@ -229,10 +230,10 @@
"1.2.840.113549.1.9.16.1.4"),
new DerValue(tstInfo2.toByteArray()));
- System.out.println("Signing...");
- System.out.println(new X500Name(signer
+ System.out.println("# Signing...");
+ System.out.println("# " + new X500Name(signer
.getIssuerX500Principal().getName()));
- System.out.println(signer.getSerialNumber());
+ System.out.println("# " + signer.getSerialNumber());
SignerInfo signerInfo = new SignerInfo(
new X500Name(signer.getIssuerX500Principal().getName()),
@@ -303,8 +304,6 @@
public static void main(String[] args) throws Throwable {
- prepare();
-
try (Handler tsa = Handler.init(0, "ks");) {
tsa.start();
int port = tsa.getPort();
@@ -313,62 +312,99 @@
if (args.length == 0) { // Run this test
+ prepare();
+
sign("normal")
.shouldNotContain("Warning")
+ .shouldContain("The signer certificate will expire on")
+ .shouldContain("The timestamp will expire on")
.shouldHaveExitValue(0);
verify("normal.jar")
.shouldNotContain("Warning")
.shouldHaveExitValue(0);
+ verify("normal.jar", "-verbose")
+ .shouldNotContain("Warning")
+ .shouldContain("The signer certificate will expire on")
+ .shouldContain("The timestamp will expire on")
+ .shouldHaveExitValue(0);
+
// Simulate signing at a previous date:
// 1. tsold will create a timestamp of 20 days ago.
// 2. oldsigner expired 10 days ago.
- // jarsigner will show a warning at signing.
signVerbose("tsold", "unsigned.jar", "tsold.jar", "oldsigner")
- .shouldHaveExitValue(4);
+ .shouldNotContain("Warning")
+ .shouldMatch("signer certificate expired on .*. "
+ + "However, the JAR will be valid")
+ .shouldHaveExitValue(0);
// It verifies perfectly.
verify("tsold.jar", "-verbose", "-certs")
.shouldNotContain("Warning")
+ .shouldMatch("signer certificate expired on .*. "
+ + "However, the JAR will be valid")
.shouldHaveExitValue(0);
+ // No timestamp
signVerbose(null, "unsigned.jar", "none.jar", "signer")
.shouldContain("is not timestamped")
+ .shouldContain("The signer certificate will expire on")
.shouldHaveExitValue(0);
+ verify("none.jar", "-verbose")
+ .shouldContain("do not include a timestamp")
+ .shouldContain("The signer certificate will expire on")
+ .shouldHaveExitValue(0);
+
+ // Error cases
+
signVerbose(null, "unsigned.jar", "badku.jar", "badku")
+ .shouldContain("KeyUsage extension doesn't allow code signing")
.shouldHaveExitValue(8);
checkBadKU("badku.jar");
// 8180289: unvalidated TSA cert chain
sign("tsnoca")
- .shouldContain("TSA certificate chain is invalid")
+ .shouldContain("The TSA certificate chain is invalid. "
+ + "Reason: Path does not chain with any of the trust anchors")
.shouldHaveExitValue(64);
verify("tsnoca.jar", "-verbose", "-certs")
.shouldHaveExitValue(64)
.shouldContain("jar verified")
- .shouldContain("Invalid TSA certificate chain")
- .shouldContain("TSA certificate chain is invalid");
+ .shouldContain("Invalid TSA certificate chain: "
+ + "Path does not chain with any of the trust anchors")
+ .shouldContain("TSA certificate chain is invalid."
+ + " Reason: Path does not chain with any of the trust anchors");
sign("nononce")
+ .shouldContain("Nonce missing in timestamp token")
.shouldHaveExitValue(1);
sign("diffnonce")
+ .shouldContain("Nonce changed in timestamp token")
.shouldHaveExitValue(1);
sign("baddigest")
+ .shouldContain("Digest octets changed in timestamp token")
.shouldHaveExitValue(1);
sign("diffalg")
+ .shouldContain("Digest algorithm not")
.shouldHaveExitValue(1);
+
sign("fullchain")
.shouldHaveExitValue(0); // Success, 6543440 solved.
+
sign("tsbad1")
+ .shouldContain("Certificate is not valid for timestamping")
.shouldHaveExitValue(1);
sign("tsbad2")
+ .shouldContain("Certificate is not valid for timestamping")
.shouldHaveExitValue(1);
sign("tsbad3")
+ .shouldContain("Certificate is not valid for timestamping")
.shouldHaveExitValue(1);
sign("nocert")
+ .shouldContain("Certificate not included in timestamp token")
.shouldHaveExitValue(1);
sign("policy", "-tsapolicyid", "1.2.3")
@@ -376,6 +412,7 @@
checkTimestamp("policy.jar", "1.2.3", "SHA-256");
sign("diffpolicy", "-tsapolicyid", "1.2.3")
+ .shouldContain("TSAPolicyID changed in timestamp token")
.shouldHaveExitValue(1);
sign("sha1alg", "-tsadigestalg", "SHA")
@@ -384,11 +421,13 @@
sign("tsweak", "-digestalg", "MD5",
"-sigalg", "MD5withRSA", "-tsadigestalg", "MD5")
- .shouldHaveExitValue(68);
+ .shouldHaveExitValue(68)
+ .shouldContain("The timestamp is invalid. Without a valid timestamp");
checkWeak("tsweak.jar");
signVerbose("tsweak", "unsigned.jar", "tsweak2.jar", "signer")
.shouldHaveExitValue(64)
+ .shouldContain("The timestamp is invalid. Without a valid timestamp")
.shouldContain("TSA certificate chain is invalid");
// Weak timestamp is an error and jar treated unsigned
@@ -397,19 +436,26 @@
.shouldContain("treated as unsigned")
.shouldMatch("Timestamp.*512.*weak");
+ // Algorithm used in signing is weak
signVerbose("normal", "unsigned.jar", "halfWeak.jar", "signer",
"-digestalg", "MD5")
+ .shouldContain("-digestalg option is considered a security risk")
.shouldHaveExitValue(4);
checkHalfWeak("halfWeak.jar");
// sign with DSA key
signVerbose("normal", "unsigned.jar", "sign1.jar", "dsakey")
.shouldHaveExitValue(0);
+
// sign with RSAkeysize < 1024
signVerbose("normal", "sign1.jar", "sign2.jar", "weakkeysize")
+ .shouldContain("Algorithm constraints check failed on keysize")
.shouldHaveExitValue(4);
checkMultiple("sign2.jar");
+ // 8191438: jarsigner should print when a timestamp will expire
+ checkExpiration();
+
// When .SF or .RSA is missing or invalid
checkMissingOrInvalidFiles("normal.jar");
@@ -417,12 +463,118 @@
checkInvalidTsaCertKeyUsage();
}
} else { // Run as a standalone server
- System.out.println("Press Enter to quit server");
+ System.out.println("TSA started at " + host
+ + ". Press Enter to quit server");
System.in.read();
}
}
}
+ private static void checkExpiration() throws Exception {
+
+ // Warning when expired or expiring
+ signVerbose(null, "unsigned.jar", "expired.jar", "expired")
+ .shouldContain("signer certificate has expired")
+ .shouldHaveExitValue(4);
+ verify("expired.jar")
+ .shouldContain("signer certificate has expired")
+ .shouldHaveExitValue(4);
+ signVerbose(null, "unsigned.jar", "expiring.jar", "expiring")
+ .shouldContain("signer certificate will expire within")
+ .shouldHaveExitValue(0);
+ verify("expiring.jar")
+ .shouldContain("signer certificate will expire within")
+ .shouldHaveExitValue(0);
+ // Info for long
+ signVerbose(null, "unsigned.jar", "long.jar", "long")
+ .shouldNotContain("signer certificate has expired")
+ .shouldNotContain("signer certificate will expire within")
+ .shouldContain("signer certificate will expire on")
+ .shouldHaveExitValue(0);
+ verify("long.jar")
+ .shouldNotContain("signer certificate has expired")
+ .shouldNotContain("signer certificate will expire within")
+ .shouldNotContain("The signer certificate will expire")
+ .shouldHaveExitValue(0);
+ verify("long.jar", "-verbose")
+ .shouldContain("The signer certificate will expire")
+ .shouldHaveExitValue(0);
+
+ // Both expired
+ signVerbose("tsexpired", "unsigned.jar",
+ "tsexpired-expired.jar", "expired")
+ .shouldContain("The signer certificate has expired.")
+ .shouldContain("The timestamp has expired.")
+ .shouldHaveExitValue(4);
+ verify("tsexpired-expired.jar")
+ .shouldContain("signer certificate has expired")
+ .shouldContain("timestamp has expired.")
+ .shouldHaveExitValue(4);
+
+ // TS expired but signer still good
+ signVerbose("tsexpired", "unsigned.jar",
+ "tsexpired-long.jar", "long")
+ .shouldContain("The timestamp expired on")
+ .shouldHaveExitValue(0);
+ verify("tsexpired-long.jar")
+ .shouldMatch("timestamp expired on.*However, the JAR will be valid")
+ .shouldNotContain("Error")
+ .shouldHaveExitValue(0);
+
+ signVerbose("tsexpired", "unsigned.jar",
+ "tsexpired-ca.jar", "ca")
+ .shouldContain("The timestamp has expired.")
+ .shouldHaveExitValue(4);
+ verify("tsexpired-ca.jar")
+ .shouldNotContain("timestamp has expired")
+ .shouldNotContain("Error")
+ .shouldHaveExitValue(0);
+
+ // Warning when expiring
+ sign("tsexpiring")
+ .shouldContain("timestamp will expire within")
+ .shouldHaveExitValue(0);
+ verify("tsexpiring.jar")
+ .shouldContain("timestamp will expire within")
+ .shouldNotContain("still valid")
+ .shouldHaveExitValue(0);
+
+ signVerbose("tsexpiring", "unsigned.jar",
+ "tsexpiring-ca.jar", "ca")
+ .shouldContain("self-signed")
+ .stderrShouldNotMatch("The.*expir")
+ .shouldHaveExitValue(4); // self-signed
+ verify("tsexpiring-ca.jar")
+ .stderrShouldNotMatch("The.*expir")
+ .shouldHaveExitValue(0);
+
+ signVerbose("tsexpiringsoon", "unsigned.jar",
+ "tsexpiringsoon-long.jar", "long")
+ .shouldContain("The timestamp will expire")
+ .shouldHaveExitValue(0);
+ verify("tsexpiringsoon-long.jar")
+ .shouldMatch("timestamp will expire.*However, the JAR will be valid until")
+ .shouldHaveExitValue(0);
+
+ // Info for long
+ sign("tslong")
+ .shouldNotContain("timestamp has expired")
+ .shouldNotContain("timestamp will expire within")
+ .shouldContain("timestamp will expire on")
+ .shouldContain("signer certificate will expire on")
+ .shouldHaveExitValue(0);
+ verify("tslong.jar")
+ .shouldNotContain("timestamp has expired")
+ .shouldNotContain("timestamp will expire within")
+ .shouldNotContain("timestamp will expire on")
+ .shouldNotContain("signer certificate will expire on")
+ .shouldHaveExitValue(0);
+ verify("tslong.jar", "-verbose")
+ .shouldContain("timestamp will expire on")
+ .shouldContain("signer certificate will expire on")
+ .shouldHaveExitValue(0);
+ }
+
private static void checkInvalidTsaCertKeyUsage() throws Exception {
// Hack: Rewrite the TSA cert inside normal.jar into ts2.jar.
@@ -670,6 +822,14 @@
keytool("-alias tsbad3 -genkeypair -dname CN=tsbad3");
keytool("-alias tsnoca -genkeypair -dname CN=tsnoca");
+ keytool("-alias expired -genkeypair -dname CN=expired");
+ keytool("-alias expiring -genkeypair -dname CN=expiring");
+ keytool("-alias long -genkeypair -dname CN=long");
+ keytool("-alias tsexpired -genkeypair -dname CN=tsexpired");
+ keytool("-alias tsexpiring -genkeypair -dname CN=tsexpiring");
+ keytool("-alias tsexpiringsoon -genkeypair -dname CN=tsexpiringsoon");
+ keytool("-alias tslong -genkeypair -dname CN=tslong");
+
// tsnoca's issuer will be removed from keystore later
keytool("-alias ca -genkeypair -ext bc -dname CN=CA");
gencert("tsnoca", "-ext eku:critical=ts");
@@ -681,7 +841,15 @@
gencert("dsakey");
gencert("weakkeysize");
gencert("badku", "-ext ku:critical=keyAgreement");
- gencert("ts", "-ext eku:critical=ts");
+ gencert("ts", "-ext eku:critical=ts -validity 500");
+
+ gencert("expired", "-validity 10 -startdate -12d");
+ gencert("expiring", "-validity 178");
+ gencert("long", "-validity 182");
+ gencert("tsexpired", "-ext eku:critical=ts -validity 10 -startdate -12d");
+ gencert("tsexpiring", "-ext eku:critical=ts -validity 364");
+ gencert("tsexpiringsoon", "-ext eku:critical=ts -validity 170"); // earlier than expiring
+ gencert("tslong", "-ext eku:critical=ts -validity 367");
for (int i = 0; i < 5; i++) {
@@ -701,7 +869,7 @@
}
}
- gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 45");
+ gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 500");
gencert("tsweak", "-ext eku:critical=ts");
gencert("tsbad1");
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java
index 81475fb..8619ee1 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java
@@ -51,32 +51,12 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create first key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", FIRST_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", BOTH_KEYS_KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=First",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
-
- // create second key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", SECOND_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", BOTH_KEYS_KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Second",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ createAlias(FIRST_KEY_ALIAS);
+ createAlias(SECOND_KEY_ALIAS);
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
- "-keystore", BOTH_KEYS_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
@@ -93,7 +73,7 @@
// sign jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER,
- "-keystore", BOTH_KEYS_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE,
@@ -104,7 +84,7 @@
// create keystore that contains only first key
ProcessTools.executeCommand(KEYTOOL,
"-importkeystore",
- "-srckeystore", BOTH_KEYS_KEYSTORE,
+ "-srckeystore", KEYSTORE,
"-srcalias", FIRST_KEY_ALIAS,
"-srcstorepass", PASSWORD,
"-srckeypass", PASSWORD,
@@ -113,7 +93,7 @@
"-deststorepass", PASSWORD,
"-destkeypass", PASSWORD).shouldHaveExitValue(0);
- // verify jar with keystore that contains only first key in strict mode,
+ // verify jar with keystore that contains only first key,
// so there is signed entry (FirstClass.class) that is not signed
// by any alias in the keystore
analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java
index a8c3c8a..1a49c15 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,17 +52,14 @@
// create a certificate whose signer certificate's
// ExtendedKeyUsage extension doesn't allow code signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ // create key pair for jar signing
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
"-ext", "ExtendedkeyUsage=serverAuth",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ "-validity", Integer.toString(VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java
index fd37eb9..fb0fac9 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -53,17 +53,13 @@
// create a certificate whose signer certificate's KeyUsage extension
// doesn't allow code signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
"-ext", "KeyUsage=keyAgreement",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ "-validity", Integer.toString(VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java
index e2e8086..443331d 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,10 +25,6 @@
import jdk.testlibrary.ProcessTools;
import jdk.testlibrary.JarUtils;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.util.Base64;
-
/**
* @test
* @bug 8024302 8026037
@@ -38,25 +34,14 @@
*/
public class BadNetscapeCertTypeTest extends Test {
- private static final String NETSCAPE_KEYSTORE_BASE64 = TEST_SOURCES + FS
- + "bad_netscape_cert_type.jks.base64";
-
- private static final String NETSCAPE_KEYSTORE
- = "bad_netscape_cert_type.jks";
-
/**
* The test signs and verifies a jar that contains entries
* whose signer certificate's NetscapeCertType extension
* doesn't allow code signing (badNetscapeCertType).
* Warning message is expected.
- * Run bad_netscape_cert_type.sh script to create bad_netscape_cert_type.jks
*/
public static void main(String[] args) throws Throwable {
- Files.write(Paths.get(NETSCAPE_KEYSTORE),
- Base64.getMimeDecoder().decode(
- Files.readAllBytes(Paths.get(NETSCAPE_KEYSTORE_BASE64))));
-
BadNetscapeCertTypeTest test = new BadNetscapeCertTypeTest();
test.start();
}
@@ -66,10 +51,22 @@
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
+ // create a certificate whose signer certificate's
+ // NetscapeCertType extension doesn't allow code signing
+ // create key pair for jar signing
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
+ // NetscapeCertType [ SSL client ]
+ "-ext", "2.16.840.1.113730.1.1=03020780",
+ "-validity", Integer.toString(VALIDITY));
+
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verbose",
- "-keystore", NETSCAPE_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
@@ -82,7 +79,7 @@
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
- "-keystore", NETSCAPE_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
@@ -94,7 +91,7 @@
"-verify",
"-verbose",
"-strict",
- "-keystore", NETSCAPE_KEYSTORE,
+ "-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java
index 21f0979..b9d0ae5 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,117 +21,52 @@
* questions.
*/
-import java.io.File;
import jdk.testlibrary.OutputAnalyzer;
import jdk.testlibrary.ProcessTools;
import jdk.testlibrary.JarUtils;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
/**
* @test
* @bug 8024302 8026037
* @summary Test for chainNotValidated warning
* @library /lib/testlibrary ../
- * @run main ChainNotValidatedTest
+ * @run main ChainNotValidatedTest ca2yes
+ * @run main ChainNotValidatedTest ca2no
*/
public class ChainNotValidatedTest extends Test {
- private static final String CHAIN = "chain";
-
- /**
- * The test signs and verifies a jar that contains entries
- * whose cert chain can't be correctly validated (chainNotValidated).
- * Warning message is expected.
- */
public static void main(String[] args) throws Throwable {
ChainNotValidatedTest test = new ChainNotValidatedTest();
- test.start();
+ test.start(args[0].equals("ca2yes"));
}
- private void start() throws Throwable {
+ private void start(boolean ca2yes) throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
- // create self-signed certificate whose BasicConstraints extension
- // is set to false, so the certificate may not be used
- // as a parent certificate (certpath validation should fail)
- ProcessTools.executeCommand(KEYTOOL,
- "-genkeypair",
- "-alias", CA_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=CA",
- "-ext", "BasicConstraints:critical=ca:false",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ // We have 2 @run. Need cleanup.
+ Files.deleteIfExists(Paths.get(KEYSTORE));
- // create a certificate that is signed by self-signed certificate
- // despite of it may not be used as a parent certificate
- // (certpath validation should fail)
- ProcessTools.executeCommand(KEYTOOL,
- "-genkeypair",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
- "-ext", "BasicConstraints:critical=ca:false",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ // Root CA is not checked at all. If the intermediate CA has
+ // BasicConstraints extension set to true, it will be valid.
+ // Otherwise, chain validation will fail.
+ createAlias(CA_KEY_ALIAS);
+ createAlias(CA2_KEY_ALIAS);
+ issueCert(CA2_KEY_ALIAS,
+ "-ext",
+ "bc=ca:" + ca2yes);
- ProcessTools.executeCommand(KEYTOOL,
- "-certreq",
- "-alias", KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-file", CERT_REQUEST_FILENAME).shouldHaveExitValue(0);
+ createAlias(KEY_ALIAS);
+ issueCert(KEY_ALIAS, "-alias", CA2_KEY_ALIAS);
- ProcessTools.executeCommand(KEYTOOL,
- "-gencert",
- "-alias", CA_KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-infile", CERT_REQUEST_FILENAME,
- "-validity", Integer.toString(VALIDITY),
- "-outfile", CERT_FILENAME).shouldHaveExitValue(0);
-
- ProcessTools.executeCommand(KEYTOOL,
- "-importcert",
- "-alias", KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-file", CERT_FILENAME).shouldHaveExitValue(0);
-
- ProcessBuilder pb = new ProcessBuilder(KEYTOOL,
- "-export",
- "-rfc",
- "-alias", KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD);
- pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN)));
- ProcessTools.executeCommand(pb).shouldHaveExitValue(0);
-
- pb = new ProcessBuilder(KEYTOOL,
- "-export",
- "-rfc",
- "-alias", CA_KEY_ALIAS,
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD);
- pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN)));
- ProcessTools.executeCommand(pb).shouldHaveExitValue(0);
-
- // remove CA certificate
+ // remove CA2 certificate so it's not trusted
ProcessTools.executeCommand(KEYTOOL,
"-delete",
- "-alias", CA_KEY_ALIAS,
+ "-alias", CA2_KEY_ALIAS,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD).shouldHaveExitValue(0);
@@ -141,12 +76,15 @@
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
- "-certchain", CHAIN,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
- checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING);
+ if (ca2yes) {
+ checkSigning(analyzer, "!" + CHAIN_NOT_VALIDATED_SIGNING_WARNING);
+ } else {
+ checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING);
+ }
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
@@ -155,10 +93,13 @@
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
- "-certchain", CHAIN,
SIGNED_JARFILE);
- checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ if (ca2yes) {
+ checkVerifying(analyzer, 0, "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ } else {
+ checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ }
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
@@ -168,11 +109,15 @@
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
- "-certchain", CHAIN,
SIGNED_JARFILE);
- checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE,
- CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ if (ca2yes) {
+ checkVerifying(analyzer, 0,
+ "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ } else {
+ checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE,
+ CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
+ }
System.out.println("Test passed");
}
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java
index ccb8e91..f457776 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,18 +52,13 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
"-startdate", "-" + SHORT_VALIDITY * 2 + "d",
- "-validity", Integer.toString(SHORT_VALIDITY))
- .shouldHaveExitValue(0);
+ "-validity", Integer.toString(SHORT_VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java
index f34148e..8a71c667 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,17 +52,12 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
- "-validity", Integer.toString(SHORT_VALIDITY))
- .shouldHaveExitValue(0);
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
+ "-validity", Integer.toString(SHORT_VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java
index e71feb3..078ff89 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -51,16 +51,11 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+ issueCert(
+ KEY_ALIAS,
+ "-validity", Integer.toString(VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java
index 677914c..862e8ca 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,35 +54,25 @@
// create a jar file that contains one class file
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
+ createAlias(CA_KEY_ALIAS);
+
// create first expired certificate
// whose ExtendedKeyUsage extension does not allow code signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", FIRST_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=First",
+ createAlias(FIRST_KEY_ALIAS);
+ issueCert(
+ FIRST_KEY_ALIAS,
"-ext", "ExtendedkeyUsage=serverAuth",
"-startdate", "-" + VALIDITY * 2 + "d",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ "-validity", Integer.toString(VALIDITY));
// create second expired certificate
// whose KeyUsage extension does not allow code signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", SECOND_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Second",
+ createAlias(SECOND_KEY_ALIAS);
+ issueCert(
+ SECOND_KEY_ALIAS,
"-ext", "ExtendedkeyUsage=serverAuth",
"-startdate", "-" + VALIDITY * 2 + "d",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ "-validity", Integer.toString(VALIDITY));
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java
index 10b142a..8429fe2 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -57,15 +57,9 @@
* 24 * 60 * 60 * 1000L);
// create key pair
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+ issueCert(KEY_ALIAS,
"-validity", Integer.toString(VALIDITY));
// sign jar file
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java
index 40ef68e..9fb9262 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,29 +49,19 @@
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
- // create first key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", FIRST_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=First",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ createAlias(CA_KEY_ALIAS);
// create first key pair for signing
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", SECOND_KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Second",
- "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
+ createAlias(FIRST_KEY_ALIAS);
+ issueCert(
+ FIRST_KEY_ALIAS,
+ "-validity", Integer.toString(VALIDITY));
+
+ // create first key pair for signing
+ createAlias(SECOND_KEY_ALIAS);
+ issueCert(
+ SECOND_KEY_ALIAS,
+ "-validity", Integer.toString(VALIDITY));
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java
index a75c278..4d19c9a 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -50,15 +50,11 @@
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create certificate that will be valid only tomorrow
- ProcessTools.executeCommand(KEYTOOL,
- "-genkey",
- "-alias", KEY_ALIAS,
- "-keyalg", KEY_ALG,
- "-keysize", Integer.toString(KEY_SIZE),
- "-keystore", KEYSTORE,
- "-storepass", PASSWORD,
- "-keypass", PASSWORD,
- "-dname", "CN=Test",
+ createAlias(CA_KEY_ALIAS);
+ createAlias(KEY_ALIAS);
+
+ issueCert(
+ KEY_ALIAS,
"-startdate", "+1d",
"-validity", Integer.toString(VALIDITY));
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/Test.java b/jdk/test/sun/security/tools/jarsigner/warnings/Test.java
index 5688d61..939b904 100644
--- a/jdk/test/sun/security/tools/jarsigner/warnings/Test.java
+++ b/jdk/test/sun/security/tools/jarsigner/warnings/Test.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,6 @@
static final String FIRST_FILE = "first.txt";
static final String SECOND_FILE = "second.txt";
static final String PASSWORD = "password";
- static final String BOTH_KEYS_KEYSTORE = "both_keys.jks";
static final String FIRST_KEY_KEYSTORE = "first_key.jks";
static final String KEYSTORE = "keystore.jks";
static final String FIRST_KEY_ALIAS = "first";
@@ -55,11 +54,13 @@
static final String CERT_REQUEST_FILENAME = "test.req";
static final String CERT_FILENAME = "test.crt";
static final String CA_KEY_ALIAS = "ca";
+ static final String CA2_KEY_ALIAS = "ca2";
static final int KEY_SIZE = 2048;
static final int TIMEOUT = 6 * 60 * 1000; // in millis
static final int VALIDITY = 365;
static final String WARNING = "Warning:";
+ static final String WARNING_OR_ERROR = "(Warning|Error):";
static final String CHAIN_NOT_VALIDATED_VERIFYING_WARNING
= "This jar contains entries "
@@ -126,10 +127,10 @@
+ "(%1$tY-%1$tm-%1$td) or after any future revocation date.";
static final String NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE
- = "This jar contains signatures that does not include a timestamp. "
+ = "This jar contains signatures that do not include a timestamp. "
+ "Without a timestamp, users may not be able to validate this jar "
- + "after the signer certificate's expiration date "
- + "(%1$tY-%1$tm-%1$td) or after any future revocation date.";
+ + "after any of the signer certificates expire "
+ + "(as early as %1$tY-%1$tm-%1$td).";
static final String NOT_YET_VALID_CERT_SIGNING_WARNING
= "The signer certificate is not yet valid.";
@@ -154,14 +155,72 @@
static final int ALIAS_NOT_IN_STORE_EXIT_CODE = 32;
static final int NOT_SIGNED_BY_ALIAS_EXIT_CODE = 32;
+ protected void createAlias(String alias, String ... options)
+ throws Throwable {
+ List<String> cmd = new ArrayList<>();
+ cmd.addAll(Arrays.asList(
+ "-genkeypair",
+ "-alias", alias,
+ "-keyalg", KEY_ALG,
+ "-keysize", Integer.toString(KEY_SIZE),
+ "-keystore", KEYSTORE,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-dname", "CN=" + alias));
+ cmd.addAll(Arrays.asList(options));
+
+ keytool(cmd.toArray(new String[cmd.size()]))
+ .shouldHaveExitValue(0);
+ }
+
+ protected void issueCert(String alias, String ... options)
+ throws Throwable {
+ keytool("-certreq",
+ "-alias", alias,
+ "-keystore", KEYSTORE,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-file", alias + ".req")
+ .shouldHaveExitValue(0);
+
+ List<String> cmd = new ArrayList<>();
+ cmd.addAll(Arrays.asList(
+ "-gencert",
+ "-alias", CA_KEY_ALIAS,
+ "-infile", alias + ".req",
+ "-outfile", alias + ".cert",
+ "-keystore", KEYSTORE,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-file", alias + ".req"));
+ cmd.addAll(Arrays.asList(options));
+
+ keytool(cmd.toArray(new String[cmd.size()]))
+ .shouldHaveExitValue(0);
+
+ keytool("-importcert",
+ "-alias", alias,
+ "-keystore", KEYSTORE,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-file", alias + ".cert")
+ .shouldHaveExitValue(0);
+ }
+
protected void checkVerifying(OutputAnalyzer analyzer, int expectedExitCode,
String... warnings) {
analyzer.shouldHaveExitValue(expectedExitCode);
+ int count = 0;
for (String warning : warnings) {
- analyzer.shouldContain(warning);
+ if (warning.startsWith("!")) {
+ analyzer.shouldNotContain(warning.substring(1));
+ } else {
+ count++;
+ analyzer.shouldContain(warning);
+ }
}
- if (warnings.length > 0) {
- analyzer.shouldContain(WARNING);
+ if (count > 0) {
+ analyzer.shouldMatch(WARNING_OR_ERROR);
}
if (expectedExitCode == 0) {
analyzer.shouldContain(JAR_VERIFIED);
@@ -172,11 +231,17 @@
protected void checkSigning(OutputAnalyzer analyzer, String... warnings) {
analyzer.shouldHaveExitValue(0);
+ int count = 0;
for (String warning : warnings) {
- analyzer.shouldContain(warning);
+ if (warning.startsWith("!")) {
+ analyzer.shouldNotContain(warning.substring(1));
+ } else {
+ count++;
+ analyzer.shouldContain(warning);
+ }
}
- if (warnings.length > 0) {
- analyzer.shouldContain(WARNING);
+ if (count > 0) {
+ analyzer.shouldMatch(WARNING_OR_ERROR);
}
analyzer.shouldContain(JAR_SIGNED);
}
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64 b/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64
deleted file mode 100644
index 756d5ff..0000000
--- a/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64
+++ /dev/null
@@ -1,26 +0,0 @@
-/u3+7QAAAAIAAAABAAAAAQAFYWxpYXMAAAFBpkwW0gAAAr0wggK5MA4GCisGAQQB
-KgIRAQEFAASCAqWkGJ3PPjYmWNKrV23Y1u413RMAkrRZ+1OLWYRcQt4jtxtIyEH5
-Ho5b9dy9XN9FBKlTOD4c2Pc1T43BLKXeuLu3uLLeIxgXFt0z9CLyGwdYZZ751kXr
-DQ99qY6aNQUO6SeE4Wdty0KPAqid6ZJ8bF7T6wsTZSvNhaBRzyFydEfG7bbUYjOl
-mWC44nlsu6VEU3o9RQpcm1gIMwradOaIVT/HoB2bKmAv8gHqI6kreiEZwTdZkSAI
-IRi2vt1RPllXt5hgjDxUfZe8XOYYweR4Vt2/jVuKLJ80DNTu/9SeUD88zQAz53k4
-r3nRhv6TRcPm6tV/Fh92XLHiskL+TAzTfm+bUAudPCCVxN+yRtxvAgA+UhdV/SuM
-Zn5F6nrmP+YJG1hmprgCJIJJaCEXa9RXYC+vIVpO0WVNRuGlGm+/1afnOuQC8Wss
-ShXwjkaqTwAhqBFq7eYmmP8BK3gflYrt2zDLXvhl4ndVvMhMthFJ3ZvLh2LWpqLI
-/n8EMCf8US3lIEFk9DTHBZjffiHkqK2e7+FXEpG3xrgE6ZYLMdbd5Pb3YjZfhQx+
-ZTtiEFzYSaEGhacek/m7dRq1qmwgFsytng2OdWZe2ln8LJY0odr1dGUfJHfgafvi
-tlfbkg/rgjONtwliChDggbkUwnerrj/D/zrdEufUvfyltSshhHXRNDD3fH6spmEk
-hHKgxEc4yvxqJxzdMGtuib355aSfNegyl+GsnsKzXQCVEK2h3BLTQObzaD+8NZ12
-LQHvbrCiaS34vxJ3rEC+a+SW7itZp0aCdXMWdMJNkRKqyLBD3vG3zN05sN3XrhEM
-8BRT020TWY00tbVFbbBFheYLQRgTjrQtr0Yt6UHWBZc4N20crDLcSH5gqcCOVpla
-1Y2uqFEn8yqrGRwn/kgfNgAAAAEABVguNTA5AAABtTCCAbEwggEaoAMCAQICCQDH
-cEuVvzCuqzANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDDARUZXN0MB4XDTEzMTAx
-MTA2NTUwNloXDTIzMTAwOTA2NTUwNlowDzENMAsGA1UEAwwEVGVzdDCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA8hOfp2Dcnvt//ZZQAja9TRiwKqXVS+TiYE3S
-gngCBjIi+YYdo0DsUeO5MBfE6uvCWOr5lwAR/u1iaJOhIoGJDiGoPasZlt+yIgtR
-LzA7j2q+1q6kcwiVxfikI3aUgHV/QsybTriT4Bf7TQNKtJG23MQa4sD7+PjtCWD7
-p3cHTfkCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBBQUA
-A4GBAKoDlTJ8wLRA7G8XdGm4gv733n1cSQzlkcsjfOO6/mA5Jvu8tyFNq9HTf9AT
-VXbrbGcUYJjhzSSY3w5apXK1kXyqTB1LUNEJ45WnmciqSSecVTpJz9TuegyoX0Zf
-HScSgqfDmjqoiiFiNCgn3ZEJ85ykGvoFYGH+php+BVi3S0bj5E/jRpyV3vNnii/S
-wJDSAXF6bYU=
diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh b/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh
deleted file mode 100644
index 49fe91e..0000000
--- a/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-#!/bin/sh
-
-# This script creates JKS keystore with a certificate
-# that contains Netscape Certificate Type extension
-# that does not allow code signing
-# The keystore is used by BadNetscapeCertTypeTest.java test
-
-rm -rf keystore.jks
-echo "nsCertType = client" > ext.cfg
-
-openssl req -new -out cert.req -keyout key.pem -days 3650 \
- -passin pass:password -passout pass:password -subj "/CN=Test"
-openssl x509 -in cert.req -out cert.pem -req -signkey key.pem -days 3650 \
- -passin pass:password -extfile ext.cfg
-openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 \
- -passin pass:password -passout pass:password -name alias
-
-${JAVA_HOME}/bin/keytool -importkeystore \
- -srckeystore keystore.p12 -srcstoretype pkcs12 \
- -srcstorepass password -alias alias \
- -destkeystore bad_netscape_cert_type.jks -deststoretype jks \
- -deststorepass password -destalias alias \
-
-openssl base64 < bad_netscape_cert_type.jks > bad_netscape_cert_type.jks.base64
-rm -rf cert.req key.pem cert.pem keystore.p12 ext.cfg bad_netscape_cert_type.jks
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/VERSION b/jdk/test/sun/util/calendar/zi/tzdata/VERSION
index 22002be..e3fa922 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/VERSION
+++ b/jdk/test/sun/util/calendar/zi/tzdata/VERSION
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2018e
+tzdata2018g
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/africa b/jdk/test/sun/util/calendar/zi/tzdata/africa
index 1c305f8..e2ffac2 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/africa
+++ b/jdk/test/sun/util/calendar/zi/tzdata/africa
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Africa and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -29,7 +31,7 @@
# tz@iana.org for general use in the future). For more, please see
# the file CONTRIBUTING in the tz distribution.
-# From Paul Eggert (2017-04-09):
+# From Paul Eggert (2018-05-27):
#
# Unless otherwise specified, the source for data through 1990 is:
# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -74,13 +76,15 @@
# I vaguely recall 'WAT' also being used for -01 in the past but
# cannot now come up with solid citations.
#
-# I invented the following abbreviations; corrections are welcome!
-# +02 WAST West Africa Summer Time (no longer used)
-# +03 CAST Central Africa Summer Time (no longer used)
-# +03 SAST South Africa Summer Time (no longer used)
+# I invented the following abbreviations in the 1990s:
+# +02 WAST West Africa Summer Time
+# +03 CAST Central Africa Summer Time
+# +03 SAST South Africa Summer Time
# +03 EAT East Africa Time
-# 'EAT' also seems to have caught on; the others are rare but are paired
-# with better-attested non-DST abbreviations.
+# 'EAT' seems to have caught on and is in current timestamps, and though
+# the other abbreviations are rarer and are only in past timestamps,
+# they are paired with better-attested non-DST abbreviations.
+# Corrections are welcome.
# Algeria
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@@ -385,6 +389,13 @@
# Eritrea
# Ethiopia
# See Africa/Nairobi.
+#
+# Unfortunately tzdb records only Western clock time in use in Ethiopia,
+# as the tzdb format is not up to properly recording a common Ethiopian
+# timekeeping practice that is based on solar time. See:
+# Mortada D. If you have a meeting in Ethiopia, you'd better double
+# check the time. PRI's The World. 2015-01-30 15:15 -05.
+# https://www.pri.org/stories/2015-01-30/if-you-have-meeting-ethiopia-you-better-double-check-time
# Gabon
# See Africa/Lagos.
@@ -856,94 +867,61 @@
# <https://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/> agrees
# with the patch.
-# From Paul Eggert (2015-06-08):
-# For now, guess that later spring and fall transitions will use 2015's rules,
-# and guess that Morocco will switch to standard time at 03:00 the last
-# Sunday before Ramadan, and back to DST at 02:00 the first Sunday after
-# Ramadan. To implement this, transition dates for 2016 through 2037 were
-# determined by running the following program under GNU Emacs 24.3, with the
-# results integrated by hand into the table below.
-# (let ((islamic-year 1437))
-# (require 'cal-islam)
-# (while (< islamic-year 1460)
-# (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year)))
-# (b (calendar-islamic-to-absolute (list 10 1 islamic-year)))
-# (sunday 0))
-# (while (/= sunday (mod (setq a (1- a)) 7)))
-# (while (/= sunday (mod b 7))
-# (setq b (1+ b)))
-# (setq a (calendar-gregorian-from-absolute a))
-# (setq b (calendar-gregorian-from-absolute b))
-# (insert
-# (format
-# (concat "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 3:00\t0\t-\n"
-# "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 2:00\t1:00\tS\n")
-# (car (cdr (cdr a))) (calendar-month-name (car a) t) (car (cdr a))
-# (car (cdr (cdr b))) (calendar-month-name (car b) t) (car (cdr b)))))
-# (setq islamic-year (+ 1 islamic-year))))
+# From Mohamed Essedik Najd (2018-10-26):
+# Today, a Moroccan government council approved the perpetual addition
+# of 60 minutes to the regular Moroccan timezone.
+# From Brian Inglis (2018-10-26):
+# http://www.maroc.ma/fr/actualites/le-conseil-de-gouvernement-adopte-un-projet-de-decret-relatif-lheure-legale-stipulant-le
# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-
-Rule Morocco 1939 only - Sep 12 0:00 1:00 S
+Rule Morocco 1939 only - Sep 12 0:00 1:00 -
Rule Morocco 1939 only - Nov 19 0:00 0 -
-Rule Morocco 1940 only - Feb 25 0:00 1:00 S
+Rule Morocco 1940 only - Feb 25 0:00 1:00 -
Rule Morocco 1945 only - Nov 18 0:00 0 -
-Rule Morocco 1950 only - Jun 11 0:00 1:00 S
+Rule Morocco 1950 only - Jun 11 0:00 1:00 -
Rule Morocco 1950 only - Oct 29 0:00 0 -
-Rule Morocco 1967 only - Jun 3 12:00 1:00 S
+Rule Morocco 1967 only - Jun 3 12:00 1:00 -
Rule Morocco 1967 only - Oct 1 0:00 0 -
-Rule Morocco 1974 only - Jun 24 0:00 1:00 S
+Rule Morocco 1974 only - Jun 24 0:00 1:00 -
Rule Morocco 1974 only - Sep 1 0:00 0 -
-Rule Morocco 1976 1977 - May 1 0:00 1:00 S
+Rule Morocco 1976 1977 - May 1 0:00 1:00 -
Rule Morocco 1976 only - Aug 1 0:00 0 -
Rule Morocco 1977 only - Sep 28 0:00 0 -
-Rule Morocco 1978 only - Jun 1 0:00 1:00 S
+Rule Morocco 1978 only - Jun 1 0:00 1:00 -
Rule Morocco 1978 only - Aug 4 0:00 0 -
-Rule Morocco 2008 only - Jun 1 0:00 1:00 S
+Rule Morocco 2008 only - Jun 1 0:00 1:00 -
Rule Morocco 2008 only - Sep 1 0:00 0 -
-Rule Morocco 2009 only - Jun 1 0:00 1:00 S
+Rule Morocco 2009 only - Jun 1 0:00 1:00 -
Rule Morocco 2009 only - Aug 21 0:00 0 -
-Rule Morocco 2010 only - May 2 0:00 1:00 S
+Rule Morocco 2010 only - May 2 0:00 1:00 -
Rule Morocco 2010 only - Aug 8 0:00 0 -
-Rule Morocco 2011 only - Apr 3 0:00 1:00 S
+Rule Morocco 2011 only - Apr 3 0:00 1:00 -
Rule Morocco 2011 only - Jul 31 0:00 0 -
-Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S
+Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 -
Rule Morocco 2012 only - Jul 20 3:00 0 -
-Rule Morocco 2012 only - Aug 20 2:00 1:00 S
+Rule Morocco 2012 only - Aug 20 2:00 1:00 -
Rule Morocco 2012 only - Sep 30 3:00 0 -
Rule Morocco 2013 only - Jul 7 3:00 0 -
-Rule Morocco 2013 only - Aug 10 2:00 1:00 S
-Rule Morocco 2013 max - Oct lastSun 3:00 0 -
-Rule Morocco 2014 2021 - Mar lastSun 2:00 1:00 S
+Rule Morocco 2013 only - Aug 10 2:00 1:00 -
+Rule Morocco 2013 2018 - Oct lastSun 3:00 0 -
+Rule Morocco 2014 2018 - Mar lastSun 2:00 1:00 -
Rule Morocco 2014 only - Jun 28 3:00 0 -
-Rule Morocco 2014 only - Aug 2 2:00 1:00 S
+Rule Morocco 2014 only - Aug 2 2:00 1:00 -
Rule Morocco 2015 only - Jun 14 3:00 0 -
-Rule Morocco 2015 only - Jul 19 2:00 1:00 S
+Rule Morocco 2015 only - Jul 19 2:00 1:00 -
Rule Morocco 2016 only - Jun 5 3:00 0 -
-Rule Morocco 2016 only - Jul 10 2:00 1:00 S
+Rule Morocco 2016 only - Jul 10 2:00 1:00 -
Rule Morocco 2017 only - May 21 3:00 0 -
-Rule Morocco 2017 only - Jul 2 2:00 1:00 S
+Rule Morocco 2017 only - Jul 2 2:00 1:00 -
Rule Morocco 2018 only - May 13 3:00 0 -
-Rule Morocco 2018 only - Jun 17 2:00 1:00 S
-Rule Morocco 2019 only - May 5 3:00 0 -
-Rule Morocco 2019 only - Jun 9 2:00 1:00 S
-Rule Morocco 2020 only - Apr 19 3:00 0 -
-Rule Morocco 2020 only - May 24 2:00 1:00 S
-Rule Morocco 2021 only - Apr 11 3:00 0 -
-Rule Morocco 2021 only - May 16 2:00 1:00 S
-Rule Morocco 2022 only - May 8 2:00 1:00 S
-Rule Morocco 2023 only - Apr 23 2:00 1:00 S
-Rule Morocco 2024 only - Apr 14 2:00 1:00 S
-Rule Morocco 2025 only - Apr 6 2:00 1:00 S
-Rule Morocco 2026 max - Mar lastSun 2:00 1:00 S
-Rule Morocco 2036 only - Oct 19 3:00 0 -
-Rule Morocco 2037 only - Oct 4 3:00 0 -
+Rule Morocco 2018 only - Jun 17 2:00 1:00 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26
- 0:00 Morocco WE%sT 1984 Mar 16
- 1:00 - CET 1986
- 0:00 Morocco WE%sT
+ 0:00 Morocco +00/+01 1984 Mar 16
+ 1:00 - +01 1986
+ 0:00 Morocco +00/+01 2018 Oct 27
+ 1:00 - +01
# Western Sahara
#
@@ -958,7 +936,8 @@
Zone Africa/El_Aaiun -0:52:48 - LMT 1934 Jan # El Aaiún
-1:00 - -01 1976 Apr 14
- 0:00 Morocco WE%sT
+ 0:00 Morocco +00/+01 2018 Oct 27
+ 1:00 - +01
# Mozambique
#
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/antarctica b/jdk/test/sun/util/calendar/zi/tzdata/antarctica
index 74ce2dc..d98afed 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/antarctica
+++ b/jdk/test/sun/util/calendar/zi/tzdata/antarctica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Antarctica and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/asia b/jdk/test/sun/util/calendar/zi/tzdata/asia
index 877f53d..57255f2 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/asia
+++ b/jdk/test/sun/util/calendar/zi/tzdata/asia
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Asia and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -29,7 +31,7 @@
# tz@iana.org for general use in the future). For more, please see
# the file CONTRIBUTING in the tz distribution.
-# From Paul Eggert (2017-01-13):
+# From Paul Eggert (2018-06-19):
#
# Unless otherwise specified, the source for data through 1990 is:
# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -58,7 +60,8 @@
# A reliable and entertaining source about time zones is
# Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997).
#
-# The following alphabetic abbreviations appear in these tables:
+# The following alphabetic abbreviations appear in these tables
+# (corrections are welcome):
# std dst
# LMT Local Mean Time
# 2:00 EET EEST Eastern European Time
@@ -67,11 +70,13 @@
# 7:00 WIB west Indonesia (Waktu Indonesia Barat)
# 8:00 WITA central Indonesia (Waktu Indonesia Tengah)
# 8:00 CST China
+# 8:00 PST PDT* Philippine Standard Time
# 8:30 KST KDT Korea when at +0830
# 9:00 WIT east Indonesia (Waktu Indonesia Timur)
# 9:00 JST JDT Japan
# 9:00 KST KDT Korea when at +09
# 9:30 ACST Australian Central Standard Time
+# *I invented the abbreviation PDT; see "Philippines" below.
# Otherwise, these tables typically use numeric abbreviations like +03
# and +0330 for integer hour and minute UT offsets. Although earlier
# editions invented alphabetic time zone abbreviations for every
@@ -304,6 +309,29 @@
# China
+# From Paul Eggert (2018-10-02):
+# The following comes from Table 1 of:
+# Li Yu. Research on the daylight saving movement in 1940s Shanghai.
+# Nanjing Journal of Social Sciences. 2014;(2):144-50.
+# http://oversea.cnki.net/kns55/detail.aspx?dbname=CJFD2014&filename=NJSH201402020
+# The table lists dates only; I am guessing 00:00 and 24:00 transition times.
+# Also, the table lists the planned end of DST in 1949, but the corresponding
+# zone line cuts this off on May 28, when the Communists took power.
+#
+# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+Rule Shang 1940 only - Jun 1 0:00 1:00 D
+Rule Shang 1940 only - Oct 12 24:00 0 S
+Rule Shang 1941 only - Mar 15 0:00 1:00 D
+Rule Shang 1941 only - Nov 1 24:00 0 S
+Rule Shang 1942 only - Jan 31 0:00 1:00 D
+Rule Shang 1945 only - Sep 1 24:00 0 S
+Rule Shang 1946 only - May 15 0:00 1:00 D
+Rule Shang 1946 only - Sep 30 24:00 0 S
+Rule Shang 1947 only - Apr 15 0:00 1:00 D
+Rule Shang 1947 only - Oct 31 24:00 0 S
+Rule Shang 1948 1949 - May 1 0:00 1:00 D
+Rule Shang 1948 1949 - Sep 30 24:00 0 S #plan
+
# From Guy Harris:
# People's Republic of China. Yes, they really have only one time zone.
@@ -330,18 +358,33 @@
# time - sort of", Los Angeles Times, 1986-05-05 ... [says] that China began
# observing daylight saving time in 1986.
-# From Paul Eggert (2014-06-30):
-# Shanks & Pottenger have China switching to a single time zone in 1980, but
-# this doesn't seem to be correct. They also write that China observed summer
-# DST from 1986 through 1991, which seems to match the above commentary, so
-# go with them for DST rules as follows:
+# From P Chan (2018-05-07):
+# The start and end time of DST in China [from 1986 on] should be 2:00
+# (i.e. 2:00 to 3:00 at the start and 2:00 to 1:00 at the end)....
+# Government notices about summer time:
+#
+# 1986-04-12 http://www.zj.gov.cn/attach/zfgb/198608.pdf p.21-22
+# (To establish summer time from 1986. On 4 May, set the clocks ahead one hour
+# at 2 am. On 14 September, set the clocks backward one hour at 2 am.)
+#
+# 1987-02-15 http://www.gov.cn/gongbao/shuju/1987/gwyb198703.pdf p.114
+# (Summer time in 1987 to start from 12 April until 13 September)
+#
+# 1987-09-09 http://www.gov.cn/gongbao/shuju/1987/gwyb198721.pdf p.709
+# (From 1988, summer time to start from 2 am of the first Sunday of mid-April
+# until 2 am of the first Sunday of mid-September)
+#
+# 1992-03-03 http://www.gov.cn/gongbao/shuju/1992/gwyb199205.pdf p.152
+# (To suspend summer time from 1992)
+#
+# The first page of People's Daily on 12 April 1988 stating that summer time
+# to begin on 17 April.
+# http://data.people.com.cn/pic/101p/1988/04/1988041201.jpg
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Shang 1940 only - Jun 3 0:00 1:00 D
-Rule Shang 1940 1941 - Oct 1 0:00 0 S
-Rule Shang 1941 only - Mar 16 0:00 1:00 D
-Rule PRC 1986 only - May 4 0:00 1:00 D
-Rule PRC 1986 1991 - Sep Sun>=11 0:00 0 S
-Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
+Rule PRC 1986 only - May 4 2:00 1:00 D
+Rule PRC 1986 1991 - Sep Sun>=11 2:00 0 S
+Rule PRC 1987 1991 - Apr Sun>=11 2:00 1:00 D
# From Anthony Fok (2001-12-20):
# BTW, I did some research on-line and found some info regarding these five
@@ -363,10 +406,11 @@
# Alois Treindl kindly sent me translations of the following two sources:
#
# (1)
-# Guo Qingsheng (National Time-Service Center, CAS, Xi'an 710600, China)
+# Guo Qing-sheng (National Time-Service Center, CAS, Xi'an 710600, China)
# Beijing Time at the Beginning of the PRC
# China Historical Materials of Science and Technology
-# (Zhongguo ke ji shi liao, 中国科技史料), Vol. 24, No. 1 (2003)
+# (Zhongguo ke ji shi liao, 中国科技史料). 2003;24(1):5-9.
+# http://oversea.cnki.net/kcms/detail/detail.aspx?filename=ZGKS200301000&dbname=CJFD2003
# It gives evidence that at the beginning of the PRC, Beijing time was
# officially apparent solar time! However, Guo also says that the
# evidence is dubious, as the relevant institute of astronomy had not
@@ -543,7 +587,7 @@
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Beijing time, used throughout China; represented by Shanghai.
Zone Asia/Shanghai 8:05:43 - LMT 1901
- 8:00 Shang C%sT 1949
+ 8:00 Shang C%sT 1949 May 28
8:00 PRC C%sT
# Xinjiang time, used by many in western China; represented by Ürümqi / Ürümchi
# / Wulumuqi. (Please use Asia/Shanghai if you prefer Beijing time.)
@@ -772,24 +816,140 @@
8:00 Taiwan C%sT
# Macau (Macao, Aomen)
+#
+# From P Chan (2018-05-10):
+# * LegisMac
+# http://legismac.safp.gov.mo/legismac/descqry/Descqry.jsf?lang=pt
+# A database for searching titles of legal documents of Macau in
+# Chinese and Portuguese. The term "HORÁRIO DE VERÃO" can be used for
+# searching decrees about summer time.
+# * Archives of Macao
+# http://www.archives.gov.mo/en/bo/
+# It contains images of old official gazettes.
+# * The Macao Meteorological and Geophysical Bureau have a page listing the
+# summer time history. But it is not complete and has some mistakes.
+# http://www.smg.gov.mo/smg/geophysics/e_t_Summer%20Time.htm
+# Macau adopted GMT+8 on 30 Oct 1904 to follow Hong Kong. Clocks were
+# advanced by 25 minutes and 50 seconds. Which means the LMT used was
+# +7:34:10. As stated in the "Portaria No. 204" dated 21 October 1904
+# and published in the Official Gazette on 29 October 1904.
+# http://igallery.icm.gov.mo/Images/Archives/BO/MO_AH_PUB_BO_1904_10/MO_AH_PUB_BO_1904_10_00025_Grey.JPG
+#
+# Therefore the 1911 decree of Portugal did not change time in Macau.
+#
+# From LegisMac, here is a list of decrees that changed the time ...
+# [Decree Gazette-no. date; titles omitted in this quotation]
+# DIL 732 BOCM 51 1941.12.20
+# DIL 764 BOCM 9S 1942.04.30
+# DIL 781 BOCM 21 1942.10.10
+# PT 3434 BOCM 8S 1943.04.17
+# PT 3504 BOCM 20 1943.09.25
+# PT 3843 BOCM 39 1945.09.29
+# PT 3961 BOCM 17 1946.04.27
+# PT 4026 BOCM 39 1946.09.28
+# PT 4153 BOCM 16 1947.04.10
+# PT 4271 BOCM 48 1947.11.29
+# PT 4374 BOCM 18 1948.05.01
+# PT 4465 BOCM 44 1948.10.30
+# PT 4590 BOCM 14 1949.04.02
+# PT 4666 BOCM 44 1949.10.29
+# PT 4771 BOCM 12 1950.03.25
+# PT 4838 BOCM 43 1950.10.28
+# PT 4946 BOCM 12 1951.03.24
+# PT 5025 BO 43 1951.10.27
+# PT 5149 BO 14 1952.04.05
+# PT 5251 BO 43 1952.10.25
+# PT 5366 BO 13 1953.03.28
+# PT 5444 BO 44 1953.10.31
+# PT 5540 BO 12 1954.03.20
+# PT 5589 BO 44 1954.10.30
+# PT 5676 BO 12 1955.03.19
+# PT 5739 BO 45 1955.11.05
+# PT 5823 BO 11 1956.03.17
+# PT 5891 BO 44 1956.11.03
+# PT 5981 BO 12 1957.03.23
+# PT 6064 BO 43 1957.10.26
+# PT 6172 BO 12 1958.03.22
+# PT 6243 BO 43 1958.10.25
+# PT 6341 BO 12 1959.03.21
+# PT 6411 BO 43 1959.10.24
+# PT 6514 BO 11 1960.03.12
+# PT 6584 BO 44 1960.10.29
+# PT 6721 BO 10 1961.03.11
+# PT 6815 BO 43 1961.10.28
+# PT 6947 BO 10 1962.03.10
+# PT 7080 BO 43 1962.10.27
+# PT 7218 BO 12 1963.03.23
+# PT 7340 BO 43 1963.10.26
+# PT 7491 BO 11 1964.03.14
+# PT 7664 BO 43 1964.10.24
+# PT 7846 BO 15 1965.04.10
+# PT 7979 BO 42 1965.10.16
+# PT 8146 BO 15 1966.04.09
+# PT 8252 BO 41 1966.10.08
+# PT 8429 BO 15 1967.04.15
+# PT 8540 BO 41 1967.10.14
+# PT 8735 BO 15 1968.04.13
+# PT 8860 BO 41 1968.10.12
+# PT 9035 BO 16 1969.04.19
+# PT 9156 BO 42 1969.10.18
+# PT 9328 BO 15 1970.04.11
+# PT 9418 BO 41 1970.10.10
+# PT 9587 BO 14 1971.04.03
+# PT 9702 BO 41 1971.10.09
+# PT 38-A/72 BO 14 1972.04.01
+# PT 126-A/72 BO 41 1972.10.07
+# PT 61/73 BO 14 1973.04.07
+# PT 182/73 BO 40 1973.10.06
+# PT 282/73 BO 51 1973.12.22
+# PT 177/74 BO 41 1974.10.12
+# PT 51/75 BO 15 1975.04.12
+# PT 173/75 BO 41 1975.10.11
+# PT 67/76/M BO 14 1976.04.03
+# PT 169/76/M BO 41 1976.10.09
+# PT 78/79/M BO 19 1979.05.12
+# PT 166/79/M BO 42 1979.10.20
+# Note that DIL 732 does not belong to "HORÁRIO DE VERÃO" according to
+# LegisMac.... Note that between 1942 and 1945, the time switched
+# between GMT+9 and GMT+10. Also in 1965 and 1965 the DST ended at 2:30am.
+
+# From Paul Eggert (2018-05-10):
+# The 1904 decree says that Macau changed from the meridian of
+# Fortaleza do Monte, presumably the basis for the 7:34:10 for LMT.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Macau 1961 1962 - Mar Sun>=16 3:30 1:00 D
-Rule Macau 1961 1964 - Nov Sun>=1 3:30 0 S
-Rule Macau 1963 only - Mar Sun>=16 0:00 1:00 D
-Rule Macau 1964 only - Mar Sun>=16 3:30 1:00 D
-Rule Macau 1965 only - Mar Sun>=16 0:00 1:00 D
-Rule Macau 1965 only - Oct 31 0:00 0 S
-Rule Macau 1966 1971 - Apr Sun>=16 3:30 1:00 D
-Rule Macau 1966 1971 - Oct Sun>=16 3:30 0 S
-Rule Macau 1972 1974 - Apr Sun>=15 0:00 1:00 D
-Rule Macau 1972 1973 - Oct Sun>=15 0:00 0 S
-Rule Macau 1974 1977 - Oct Sun>=15 3:30 0 S
-Rule Macau 1975 1977 - Apr Sun>=15 3:30 1:00 D
-Rule Macau 1978 1980 - Apr Sun>=15 0:00 1:00 D
-Rule Macau 1978 1980 - Oct Sun>=15 0:00 0 S
-# See Europe/Lisbon for info about the 1912 transition.
+Rule Macau 1942 1943 - Apr 30 23:00 1:00 -
+Rule Macau 1942 only - Nov 17 23:00 0 -
+Rule Macau 1943 only - Sep 30 23:00 0 S
+Rule Macau 1946 only - Apr 30 23:00s 1:00 D
+Rule Macau 1946 only - Sep 30 23:00s 0 S
+Rule Macau 1947 only - Apr 19 23:00s 1:00 D
+Rule Macau 1947 only - Nov 30 23:00s 0 S
+Rule Macau 1948 only - May 2 23:00s 1:00 D
+Rule Macau 1948 only - Oct 31 23:00s 0 S
+Rule Macau 1949 1950 - Apr Sat>=1 23:00s 1:00 D
+Rule Macau 1949 1950 - Oct lastSat 23:00s 0 S
+Rule Macau 1951 only - Mar 31 23:00s 1:00 D
+Rule Macau 1951 only - Oct 28 23:00s 0 S
+Rule Macau 1952 1953 - Apr Sat>=1 23:00s 1:00 D
+Rule Macau 1952 only - Nov 1 23:00s 0 S
+Rule Macau 1953 1954 - Oct lastSat 23:00s 0 S
+Rule Macau 1954 1956 - Mar Sat>=17 23:00s 1:00 D
+Rule Macau 1955 only - Nov 5 23:00s 0 S
+Rule Macau 1956 1964 - Nov Sun>=1 03:30 0 S
+Rule Macau 1957 1964 - Mar Sun>=18 03:30 1:00 D
+Rule Macau 1965 1973 - Apr Sun>=16 03:30 1:00 D
+Rule Macau 1965 1966 - Oct Sun>=16 02:30 0 S
+Rule Macau 1967 1976 - Oct Sun>=16 03:30 0 S
+Rule Macau 1973 only - Dec 30 03:30 1:00 D
+Rule Macau 1975 1976 - Apr Sun>=16 03:30 1:00 D
+Rule Macau 1979 only - May 13 03:30 1:00 D
+Rule Macau 1979 only - Oct Sun>=16 03:30 0 S
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-Zone Asia/Macau 7:34:20 - LMT 1911 Dec 31 16:00u
+Zone Asia/Macau 7:34:10 - LMT 1904 Oct 30
+ 8:00 - CST 1941 Dec 21 23:00
+ 9:00 Macau +09/+10 1945 Sep 30 24:00
8:00 Macau C%sT
@@ -1494,9 +1654,29 @@
# http://www.shugiin.go.jp/internet/itdb_housei.nsf/html/houritsu/00719500331039.htm
# ... In summary, it is written as follows. From 24:00 on the first Saturday
# in May, until 0:00 on the day after the second Saturday in September.
+
+# From Phake Nick (2018-09-27):
+# [T]he webpage authored by National Astronomical Observatory of Japan
+# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EF.html
+# ... mentioned that using Showa 23 (year 1948) as example, 13pm of September
+# 11 in summer time will equal to 0am of September 12 in standard time.
+# It cited a document issued by the Liaison Office which briefly existed
+# during the postwar period of Japan, where the detail on implementation
+# of the summer time is described in the document.
+# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EFB2C6BBFEB9EFA4CEBCC2BBDCA4CBA4C4A4A4A4C6.pdf
+# The text in the document do instruct a fall back to occur at
+# September 11, 13pm in summer time, while ordinary citizens can
+# change the clock before they sleep.
+#
+# From Paul Eggert (2018-09-27):
+# This instruction is equivalent to "Sat>=8 25:00", so use that. zic treats
+# it like "Sun>=9 01:00", which is not quite the same but is the best we can
+# do in any POSIX or C platform. The "25:00" assumes zic from 2007 or later,
+# which should be safe now.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Japan 1948 only - May Sat>=1 24:00 1:00 D
-Rule Japan 1948 1951 - Sep Sun>=9 0:00 0 S
+Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S
Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D
Rule Japan 1950 1951 - May Sat>=1 24:00 1:00 D
@@ -1878,7 +2058,7 @@
5:00 - +05
# Mangghystaū (KZ-MAN)
# Aqtau was not founded until 1963, but it represents an inhabited region,
-# so include time stamps before 1963.
+# so include timestamps before 1963.
Zone Asia/Aqtau 3:21:04 - LMT 1924 May 2
4:00 - +04 1930 Jun 21
5:00 - +05 1981 Oct 1
@@ -2018,6 +2198,10 @@
# Assembly, as published in Rodong Sinmun.
# From Tim Parenti (2018-04-29):
# It appears to be the front page story at the top in the right-most column.
+#
+# From Paul Eggert (2018-05-04):
+# The BBC reported that the transition was from 23:30 to 24:00 today.
+# https://www.bbc.com/news/world-asia-44010705
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Seoul 8:27:52 - LMT 1908 Apr 1
@@ -2030,7 +2214,7 @@
8:30 - KST 1912 Jan 1
9:00 - JST 1945 Aug 24
9:00 - KST 2015 Aug 15 00:00
- 8:30 - KST 2018 May 5
+ 8:30 - KST 2018 May 4 23:30
9:00 - KST
###############################################################################
@@ -2780,19 +2964,35 @@
# Philippine Star 2014-08-05
# http://www.philstar.com/headlines/2014/08/05/1354152/pnoy-urged-declare-use-daylight-saving-time
+# From Paul Goyette (2018-06-15):
+# In the Philippines, there is a national law, Republic Act No. 10535
+# which declares the official time here as "Philippine Standard Time".
+# The act [1] even specifies use of PST as the abbreviation, although
+# the FAQ provided by PAGASA [2] uses the "acronym PhST to distinguish
+# it from the Pacific Standard Time (PST)."
+# [1] http://www.officialgazette.gov.ph/2013/05/15/republic-act-no-10535/
+# [2] https://www1.pagasa.dost.gov.ph/index.php/astronomy/philippine-standard-time#republic-act-10535
+#
+# From Paul Eggert (2018-06-19):
+# I surveyed recent news reports, and my impression is that "PST" is
+# more popular among reliable English-language news sources. This is
+# not just a measure of Google hit counts: it's also the sizes and
+# influence of the sources. There is no current abbreviation for DST,
+# so use "PDT", the usual American style.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Phil 1936 only - Nov 1 0:00 1:00 -
-Rule Phil 1937 only - Feb 1 0:00 0 -
-Rule Phil 1954 only - Apr 12 0:00 1:00 -
-Rule Phil 1954 only - Jul 1 0:00 0 -
-Rule Phil 1978 only - Mar 22 0:00 1:00 -
-Rule Phil 1978 only - Sep 21 0:00 0 -
+Rule Phil 1936 only - Nov 1 0:00 1:00 D
+Rule Phil 1937 only - Feb 1 0:00 0 S
+Rule Phil 1954 only - Apr 12 0:00 1:00 D
+Rule Phil 1954 only - Jul 1 0:00 0 S
+Rule Phil 1978 only - Mar 22 0:00 1:00 D
+Rule Phil 1978 only - Sep 21 0:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Manila -15:56:00 - LMT 1844 Dec 31
8:04:00 - LMT 1899 May 11
- 8:00 Phil +08/+09 1942 May
- 9:00 - +09 1944 Nov
- 8:00 Phil +08/+09
+ 8:00 Phil P%sT 1942 May
+ 9:00 - JST 1944 Nov
+ 8:00 Phil P%sT
# Qatar
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
@@ -2803,15 +3003,34 @@
# Saudi Arabia
#
-# From Paul Eggert (2014-07-15):
+# From Paul Eggert (2018-08-29):
# Time in Saudi Arabia and other countries in the Arabian peninsula was not
-# standardized until relatively recently; we don't know when, and possibly it
+# standardized until 1968 or so; we don't know exactly when, and possibly it
# has never been made official. Richard P Hunt, in "Islam city yielding to
# modern times", New York Times (1961-04-09), p 20, wrote that only airlines
# observed standard time, and that people in Jeddah mostly observed quasi-solar
# time, doing so by setting their watches at sunrise to 6 o'clock (or to 12
# o'clock for "Arab" time).
#
+# Timekeeping differed depending on who you were and which part of Saudi
+# Arabia you were in. In 1969, Elias Antar wrote that although a common
+# practice had been to set one's watch to 12:00 (i.e., midnight) at sunset -
+# which meant that the time on one side of a mountain could differ greatly from
+# the time on the other side - many foreigners set their watches to 6pm
+# instead, while airlines instead used UTC +03 (except in Dhahran, where they
+# used UTC +04), Aramco used UTC +03 with DST, and the Trans-Arabian Pipe Line
+# Company used Aramco time in eastern Saudi Arabia and airline time in western.
+# (The American Military Aid Advisory Group used plain UTC.) Antar writes,
+# "A man named Higgins, so the story goes, used to run a local power
+# station. One day, the whole thing became too much for Higgins and he
+# assembled his staff and laid down the law. 'I've had enough of this,' he
+# shrieked. 'It is now 12 o'clock Higgins Time, and from now on this station is
+# going to run on Higgins Time.' And so, until last year, it did." See:
+# Antar E. Dinner at When? Saudi Aramco World, 1969 March/April. 2-3.
+# http://archive.aramcoworld.com/issue/196902/dinner.at.when.htm
+# newspapers.com says a similar story about Higgins was published in the Port
+# Angeles (WA) Evening News, 1965-03-10, page 5, but I lack access to the text.
+#
# The TZ database cannot represent quasi-solar time; airline time is the best
# we can do. The 1946 foreign air news digest of the U.S. Civil Aeronautics
# Board (OCLC 42299995) reported that the "... Arabian Government, inaugurated
@@ -2821,7 +3040,8 @@
#
# Shanks & Pottenger also state that until 1968-05-01 Saudi Arabia had two
# time zones; the other zone, at UT +04, was in the far eastern part of
-# the country. Ignore this, as it's before our 1970 cutoff.
+# the country. Presumably this is documenting airline time. Ignore this,
+# as it's before our 1970 cutoff.
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Riyadh 3:06:52 - LMT 1947 Mar 14
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/australasia b/jdk/test/sun/util/calendar/zi/tzdata/australasia
index 2c60fd3..82e88c5 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/australasia
+++ b/jdk/test/sun/util/calendar/zi/tzdata/australasia
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Australasia and environs, and for much of the Pacific
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -384,8 +386,15 @@
# Dominic Fok writes (2017-08-20) that DST ends 2018-01-14, citing
# Extraordinary Government of Fiji Gazette Supplement No. 21 (2017-08-27),
# [Legal Notice No. 41] of an order of the previous day by J Usamate.
+
+# From Raymond Kumar (2018-07-13):
+# http://www.fijitimes.com/government-approves-2018-daylight-saving/
+# ... The daylight saving period will end at 3am on Sunday January 13, 2019.
+#
+# From Paul Eggert (2018-07-15):
# For now, guess DST from 02:00 the first Sunday in November to 03:00
-# the first Sunday on or after January 14. Although ad hoc, it matches
+# the first Sunday on or after January 13. January transitions reportedly
+# depend on when school terms start. Although the guess is ad hoc, it matches
# transitions since late 2014 and seems more likely to match future
# practice than guessing no DST.
@@ -399,7 +408,7 @@
Rule Fiji 2012 2013 - Jan Sun>=18 3:00 0 -
Rule Fiji 2014 only - Jan Sun>=18 2:00 0 -
Rule Fiji 2014 max - Nov Sun>=1 2:00 1:00 -
-Rule Fiji 2015 max - Jan Sun>=14 3:00 0 -
+Rule Fiji 2015 max - Jan Sun>=13 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:55:44 - LMT 1915 Oct 26 # Suva
12:00 Fiji +12/+13
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/backward b/jdk/test/sun/util/calendar/zi/tzdata/backward
index fca4ed1..f30f30e 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/backward
+++ b/jdk/test/sun/util/calendar/zi/tzdata/backward
@@ -21,10 +21,12 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb links for backward compatibility
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
-# This file provides links between current names for time zones
+# This file provides links between current names for timezones
# and their old names. Many names changed in late 1993.
# Link TARGET LINK-NAME
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/etcetera b/jdk/test/sun/util/calendar/zi/tzdata/etcetera
index ec31f1b..db59378 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/etcetera
+++ b/jdk/test/sun/util/calendar/zi/tzdata/etcetera
@@ -21,12 +21,14 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for ships at sea and other miscellany
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
# These entries are mostly present for historical reasons, so that
# people in areas not otherwise covered by the tz files could "zic -l"
-# to a time zone that was right for their area. These days, the
+# to a timezone that was right for their area. These days, the
# tz files cover almost all the inhabited world, and the only practical
# need now for the entries that are not on UTC are for ships at sea
# that cannot use POSIX TZ settings.
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/europe b/jdk/test/sun/util/calendar/zi/tzdata/europe
index 99109ec..e434b7e 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/europe
+++ b/jdk/test/sun/util/calendar/zi/tzdata/europe
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for Europe and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -540,7 +542,7 @@
#
# To work around this problem, the build procedure can translate the
# following data into two forms, one with negative SAVE values and the
-# other form with a traditional approximation for Irish time stamps
+# other form with a traditional approximation for Irish timestamps
# after 1971-10-31 02:00 UTC; although this approximation has tm_isdst
# flags that are reversed, its UTC offsets are correct and this often
# suffices. This source file currently uses only nonnegative SAVE
@@ -2450,6 +2452,33 @@
# administratively part of Sakhalin oblast', they appear to have
# remained on UTC+11 along with Magadan.
+# From Marat Nigametzianov (2018-07-16):
+# this is link to order from 1956 about timezone in USSR
+# http://astro.uni-altai.ru/~orion/blog/2011/11/novyie-granitsyi-chasovyih-poyasov-v-sssr/
+#
+# From Paul Eggert (2018-07-16):
+# Perhaps someone could translate the above-mentioned link and use it
+# to correct our data for the ex-Soviet Union. It cites the following:
+# «Поясное время и новые границы часовых поясов» / сост. П.Н. Долгов,
+# отв. ред. Г.Д. Бурдун - М: Комитет стандартов, мер и измерительных
+# приборов при Совете Министров СССР, Междуведомственная комиссия
+# единой службы времени, 1956 г.
+# This book looks like it would be a helpful resource for the Soviet
+# Union through 1956. Although a copy was in the Scientific Library
+# of Tomsk State University, I have not been able to track down a copy nearby.
+#
+# From Stepan Golosunov (2018-07-21):
+# http://astro.uni-altai.ru/~orion/blog/2015/05/center-reforma-ischisleniya-vremeni-br-na-territorii-sssr-v-1957-godu-center/
+# says that the 1956 decision to change time belts' borders was not
+# implemented as planned in 1956 and the change happened in 1957.
+# There is also the problem that actual time zones were different from
+# the official time belts (and from many time belts' maps) as there were
+# numerous exceptions to application of time belt rules. For example,
+# https://ru.wikipedia.org/wiki/Московское_время#Перемещение_границы_применения_московского_времени_на_восток
+# says that by 1962 there were many regions in the 3rd time belt that
+# were on Moscow time, referring to a 1962 map. By 1989 number of such
+# exceptions grew considerably.
+
# From Tim Parenti (2014-07-06):
# The comments detailing the coverage of each Russian zone are meant to assist
# with maintenance only and represent our best guesses as to which regions
@@ -2460,9 +2489,6 @@
# future stability. ISO 3166-2:RU codes are also listed for first-level
# divisions where available.
-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-
-
# From Tim Parenti (2014-07-03):
# Europe/Kaliningrad covers...
# 39 RU-KGD Kaliningrad Oblast
@@ -2730,6 +2756,15 @@
# 34 RU-VGG Volgograd Oblast
# The 1988 transition is from USSR act No. 5 (1988-01-04).
+# From Alexander Fetisov (2018-09-20):
+# Volgograd region in southern Russia (Europe/Volgograd) change
+# timezone from UTC+3 to UTC+4 from 28oct2018.
+# http://sozd.parliament.gov.ru/bill/452878-7
+#
+# From Stepan Golosunov (2018-10-11):
+# The law has been published today on
+# http://publication.pravo.gov.ru/Document/View/0001201810110037
+
Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3
3:00 - +03 1930 Jun 21
4:00 - +04 1961 Nov 11
@@ -2738,7 +2773,8 @@
4:00 - +04 1992 Mar 29 2:00s
3:00 Russia +03/+04 2011 Mar 27 2:00s
4:00 - +04 2014 Oct 26 2:00s
- 3:00 - +03
+ 3:00 - +03 2018 Oct 28 2:00s
+ 4:00 - +04
# From Paul Eggert (2016-11-11):
# Europe/Saratov covers:
@@ -3427,7 +3463,8 @@
#Rule NatSpain 1937 only - May 22 23:00 1:00 S
#Rule NatSpain 1937 1938 - Oct Sat>=1 24:00s 0 -
#Rule NatSpain 1938 only - Mar 26 23:00 1:00 S
-# The following rules are copied from Morocco from 1967 through 1978.
+# The following rules are copied from Morocco from 1967 through 1978,
+# except with "S" letters.
Rule SpainAfrica 1967 only - Jun 3 12:00 1:00 S
Rule SpainAfrica 1967 only - Oct 1 0:00 0 -
Rule SpainAfrica 1974 only - Jun 24 0:00 1:00 S
@@ -3447,6 +3484,7 @@
0:00 1:00 WEST 1918 Oct 7 23:00
0:00 - WET 1924
0:00 Spain WE%sT 1929
+ 0:00 - WET 1967 # Help zishrink.awk.
0:00 SpainAfrica WE%sT 1984 Mar 16
1:00 - CET 1986
1:00 EU CE%sT
@@ -3632,7 +3670,7 @@
# http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2 - for 2001
# http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2 - for 2002-2006
# From Paul Eggert (2016-09-25):
-# Prefer the above sources to Shanks & Pottenger for time stamps after 1985.
+# Prefer the above sources to Shanks & Pottenger for timestamps after 1985.
# From Steffen Thorsen (2007-03-09):
# Starting 2007 though, it seems that they are adopting EU's 1:00 UTC
@@ -3842,10 +3880,29 @@
# * Ukrainian Government's Resolution of 20.03.1992, No. 139.
# http://www.uazakon.com/documents/date_8u/pg_grcasa.htm
+# From Paul Eggert (2018-10-03):
+# As is usual in tzdb, Ukrainian zones use the most common English spellings.
+# For example, tzdb uses Europe/Kiev, as "Kiev" is the most common spelling in
+# English for Ukraine's capital, even though it is certainly wrong as a
+# transliteration of the Ukrainian "Київ". This is similar to tzdb's use of
+# Europe/Prague, which is certainly wrong as a transliteration of the Czech
+# "Praha". ("Kiev" came from old Slavic via Russian to English, and "Prague"
+# came from old Slavic via French to English, so the two cases have something
+# in common.) Admittedly English-language spelling of Ukrainian names is
+# controversial, and some day "Kyiv" may become substantially more popular in
+# English; in the meantime, stick with the traditional English "Kiev" as that
+# means less disruption for our users.
+#
+# Anyway, none of the common English-language spellings (Kiev, Kyiv, Kieff,
+# Kijeff, Kijev, Kiyef, Kiyeff) do justice to the common pronunciation in
+# Ukrainian, namely [ˈkɪjiu̯] (IPA). This pronunciation has nothing like an
+# English "v" or "f", and instead trails off with what an English-speaker
+# would call a demure "oo" sound, and it would would be better anglicized as
+# "Kuiyu". Here's a sound file, if you would like to do as the Kuiyuvians do:
+# https://commons.wikimedia.org/wiki/File:Uk-Київ.ogg
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-# Most of Ukraine since 1970 has been like Kiev.
-# "Kyiv" is the transliteration of the Ukrainian name, but
-# "Kiev" is more common in English.
+# This represents most of Ukraine. See above for the spelling of "Kiev".
Zone Europe/Kiev 2:02:04 - LMT 1880
2:02:04 - KMT 1924 May 2 # Kiev Mean Time
2:00 - EET 1930 Jun 21
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/factory b/jdk/test/sun/util/calendar/zi/tzdata/factory
index 7d79693..6ef6bca 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/factory
+++ b/jdk/test/sun/util/calendar/zi/tzdata/factory
@@ -21,11 +21,13 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for noncommittal factory settings
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
-# For distributors who don't want to put time zone specification in
-# their installation procedures. Users that run 'date' will get the
+# For distributors who don't want to specify a timezone in their
+# installation procedures. Users who run 'date' will get the
# time zone abbreviation "-00", indicating that the actual time zone
# is unknown.
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/leapseconds b/jdk/test/sun/util/calendar/zi/tzdata/leapseconds
index cc5d928..8b539e6 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/leapseconds
+++ b/jdk/test/sun/util/calendar/zi/tzdata/leapseconds
@@ -26,21 +26,25 @@
# This file is in the public domain.
# This file is generated automatically from the data in the public-domain
-# leap-seconds.list file, which is copied from:
-# ftp://ftp.nist.gov/pub/time/leap-seconds.list
+# leap-seconds.list file, which can be copied from
+# <ftp://ftp.nist.gov/pub/time/leap-seconds.list>
+# or <ftp://ftp.boulder.nist.gov/pub/time/leap-seconds.list>
+# or <ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.list>.
# For more about leap-seconds.list, please see
# The NTP Timescale and Leap Seconds
-# https://www.eecis.udel.edu/~mills/leap.html
+# <https://www.eecis.udel.edu/~mills/leap.html>.
# The International Earth Rotation and Reference Systems Service
# periodically uses leap seconds to keep UTC to within 0.9 s of UT1
-# (which measures the true angular orientation of the earth in space); see
-# Levine J. Coordinated Universal Time and the leap second.
+# (which measures the true angular orientation of the earth in space)
+# and publishes leap second data in a copyrighted file
+# <https://hpiers.obspm.fr/iers/bul/bulc/Leap_Second.dat>.
+# See: Levine J. Coordinated Universal Time and the leap second.
# URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995
-# http://ieeexplore.ieee.org/document/7909995/
+# <https://ieeexplore.ieee.org/document/7909995>.
# There were no leap seconds before 1972, because the official mechanism
# accounting for the discrepancy between atomic time and the earth's rotation
-# did not exist until the early 1970s.
+# did not exist.
# The correction (+ or -) is made at the given time, so lines
# will typically look like:
@@ -48,10 +52,7 @@
# or
# Leap YEAR MON DAY 23:59:59 - R/S
-# If the leapsecond is Rolling (R) the given time is local time.
-# If the leapsecond is Stationary (S) the given time is UTC.
-
-# Leap YEAR MONTH DAY HH:MM:SS CORR R/S
+# If the leap second is Rolling (R) the given time is local time (unused here).
Leap 1972 Jun 30 23:59:60 + S
Leap 1972 Dec 31 23:59:60 + S
Leap 1973 Dec 31 23:59:60 + S
@@ -80,5 +81,9 @@
Leap 2015 Jun 30 23:59:60 + S
Leap 2016 Dec 31 23:59:60 + S
-# Updated through IERS Bulletin C55
-# File expires on: 28 December 2018
+# POSIX timestamps for the data in this file:
+#updated 1467936000
+#expires 1561680000
+
+# Updated through IERS Bulletin C56
+# File expires on: 28 June 2019
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/northamerica b/jdk/test/sun/util/calendar/zi/tzdata/northamerica
index bcfb662..297a10a 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/northamerica
+++ b/jdk/test/sun/util/calendar/zi/tzdata/northamerica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for North and Central America and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -71,7 +73,7 @@
#
# Most of the US soon followed suit. See:
# Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56.
-# http://dx.doi.org/10.2307/3105430
+# https://dx.doi.org/10.2307/3105430
# From Paul Eggert (2005-04-16):
# That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
@@ -460,6 +462,19 @@
# western South Dakota, far western Texas (El Paso County, Hudspeth County,
# and Pine Springs and Nickel Creek in Culberson County), Utah, Wyoming
#
+# From Paul Eggert (2018-10-25):
+# On 1921-03-04 federal law placed all of Texas into the central time zone.
+# However, El Paso ignored the law for decades and continued to observe
+# mountain time, on the grounds that that's what they had always done
+# and they weren't about to let the federal government tell them what to do.
+# Eventually the federal government gave in and changed the law on
+# 1970-04-10 to match what El Paso was actually doing. Although
+# that's slightly after our 1970 cutoff, there is no need to create a
+# separate zone for El Paso since they were ignoring the law anyway. See:
+# Long T. El Pasoans were time rebels, fought to stay in Mountain zone.
+# El Paso Times. 2018-10-24 06:40 -06.
+# https://www.elpasotimes.com/story/news/local/el-paso/2018/10/24/el-pasoans-were-time-rebels-fought-stay-mountain-zone/1744509002/
+#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER
Rule Denver 1920 1921 - Mar lastSun 2:00 1:00 D
Rule Denver 1920 only - Oct lastSun 2:00 0 S
@@ -729,9 +744,7 @@
Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00
-10:30 - HST 1933 Apr 30 2:00
-10:30 1:00 HDT 1933 May 21 12:00
- -10:30 - HST 1942 Feb 9 2:00
- -10:30 1:00 HDT 1945 Sep 30 2:00
- -10:30 - HST 1947 Jun 8 2:00
+ -10:30 US H%sT 1947 Jun 8 2:00
-10:00 - HST
# Now we turn to US areas that have diverged from the consensus since 1970.
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/pacificnew b/jdk/test/sun/util/calendar/zi/tzdata/pacificnew
index 9b9257a..020b599 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/pacificnew
+++ b/jdk/test/sun/util/calendar/zi/tzdata/pacificnew
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for proposed US election time (this file is obsolete)
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/southamerica b/jdk/test/sun/util/calendar/zi/tzdata/southamerica
index 65d3c9f..3f01647 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/southamerica
+++ b/jdk/test/sun/util/calendar/zi/tzdata/southamerica
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for South America and environs
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
@@ -415,7 +417,7 @@
# standard time, so let's do that here too. This does not change UTC
# offsets, only tm_isdst and the time zone abbreviations. One minor
# plus is that this silences a zic complaint that there's no POSIX TZ
-# setting for time stamps past 2038.
+# setting for timestamps past 2038.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
#
@@ -948,6 +950,14 @@
# ... https://www.timeanddate.com/news/time/brazil-delays-dst-2018.html
# From Steffen Thorsen (2017-12-20):
# http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2017/decreto/D9242.htm
+#
+# From Fábio Gomes (2018-10-04):
+# The Brazilian president just announced a new change on this year DST.
+# It was scheduled to start on November 4th and it was changed to November 18th.
+# From Rodrigo Brüning Wessler (2018-10-15):
+# The Brazilian government just announced that the change in DST was
+# canceled.... Maybe the president Michel Temer also woke up one hour
+# earlier today. :)
Rule Brazil 2018 max - Nov Sun>=1 0:00 1:00 -
Rule Brazil 2023 only - Feb Sun>=22 0:00 0 -
Rule Brazil 2024 2025 - Feb Sun>=15 0:00 0 -
@@ -1254,6 +1264,24 @@
# they will switch from -03 to -04 one hour after Santiago does that day.
# For now, assume that they will not revert.
+# From Juan Correa (2018-08-13):
+# As of moments ago, the Ministry of Energy in Chile has announced the new
+# schema for DST. ... Announcement in video (in Spanish):
+# https://twitter.com/MinEnergia/status/1029000399129374720
+# From Yonathan Dossow (2018-08-13):
+# The video says "first Saturday of September", we all know it means Sunday at
+# midnight.
+# From Tim Parenti (2018-08-13):
+# Translating the captions on the video at 0:44-0:55, "We want to announce as
+# Government that from 2019, Winter Time will be increased to 5 months, between
+# the first Saturday of April and the first Saturday of September."
+# At 2:08-2:20, "The Magallanes region will maintain its current time, as
+# decided by the citizens during 2017, but our Government will promote a
+# regional dialogue table to gather their opinion on this matter."
+# https://twitter.com/MinEnergia/status/1029009354001973248
+# "We will keep the new time policy unchanged for at least the next 4 years."
+# So we extend the new rules on Saturdays at 24:00 mainland time indefinitely.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Chile 1927 1931 - Sep 1 0:00 1:00 -
Rule Chile 1928 1932 - Apr 1 0:00 0 -
@@ -1287,8 +1315,10 @@
Rule Chile 2011 only - Aug Sun>=16 4:00u 1:00 -
Rule Chile 2012 2014 - Apr Sun>=23 3:00u 0 -
Rule Chile 2012 2014 - Sep Sun>=2 4:00u 1:00 -
-Rule Chile 2016 max - May Sun>=9 3:00u 0 -
-Rule Chile 2016 max - Aug Sun>=9 4:00u 1:00 -
+Rule Chile 2016 2018 - May Sun>=9 3:00u 0 -
+Rule Chile 2016 2018 - Aug Sun>=9 4:00u 1:00 -
+Rule Chile 2019 max - Apr Sun>=2 3:00u 0 -
+Rule Chile 2019 max - Sep Sun>=2 4:00u 1:00 -
# IATA SSIM anomalies: (1992-02) says 1992-03-14;
# (1996-09) says 1998-03-08. Ignore these.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/systemv b/jdk/test/sun/util/calendar/zi/tzdata/systemv
index c7b9a88..63a48e8 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/systemv
+++ b/jdk/test/sun/util/calendar/zi/tzdata/systemv
@@ -21,6 +21,8 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
+# tzdb data for System V rules (this file is obsolete)
+
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/zone.tab b/jdk/test/sun/util/calendar/zi/tzdata/zone.tab
index 873737e..2a98586 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/zone.tab
+++ b/jdk/test/sun/util/calendar/zi/tzdata/zone.tab
@@ -21,12 +21,12 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-# tz zone descriptions (deprecated version)
+# tzdb timezone descriptions (deprecated version)
#
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
#
-# From Paul Eggert (2014-07-31):
+# From Paul Eggert (2018-06-27):
# This file is intended as a backward-compatibility aid for older programs.
# New programs should use zone1970.tab. This file is like zone1970.tab (see
# zone1970.tab's comments), but with the following additional restrictions:
@@ -35,13 +35,13 @@
# 2. The first data column contains exactly one country code.
#
# Because of (2), each row stands for an area that is the intersection
-# of a region identified by a country code and of a zone where civil
+# of a region identified by a country code and of a timezone where civil
# clocks have agreed since 1970; this is a narrower definition than
# that of zone1970.tab.
#
-# This table is intended as an aid for users, to help them select time
-# zone data entries appropriate for their practical needs. It is not
-# intended to take or endorse any position on legal or territorial claims.
+# This table is intended as an aid for users, to help them select timezones
+# appropriate for their practical needs. It is not intended to take or
+# endorse any position on legal or territorial claims.
#
#country-
#code coordinates TZ comments
@@ -291,7 +291,7 @@
MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas)
MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan
MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar
-MO +2214+11335 Asia/Macau
+MO +221150+1133230 Asia/Macau
MP +1512+14545 Pacific/Saipan
MQ +1436-06105 America/Martinique
MR +1806-01557 Africa/Nouakchott
diff --git a/nashorn/.hgtags b/nashorn/.hgtags
index 61e3723..18045af 100644
--- a/nashorn/.hgtags
+++ b/nashorn/.hgtags
@@ -955,6 +955,7 @@
6372ac5af37ae40a4875c6cdf5c28aeb2a701899 jdk8u181-b12
3824009355133053ce6c714fff39d2e12dc67cde jdk8u181-b13
4706dc5f752c0e364413e62f19f905a543d602be jdk8u191-b01
+9bae2c31c00bb6081026f7cb61aa50c726239a7a jdk8u201-b00
9bae2c31c00bb6081026f7cb61aa50c726239a7a jdk8u191-b02
1d23567f6ea387f9e047dd0d81f303b6371a27fb jdk8u191-b03
c374c805e6fb531f05ffd5070a148633c6f0626a jdk8u191-b04
@@ -963,6 +964,11 @@
878e65541b35df77127fccaf31397b981c9fa15e jdk8u191-b07
c25dc7436704829b04a1d8803dfd4f3b88ec9f06 jdk8u191-b08
a449d7e3eb3432c6ae9edcb30380c8f2a9fae45e jdk8u191-b09
+0fcd632be9e7a67f17002adab0a9a03373f5c481 jdk8u191-b10
+3388cb0fad9c8654cd6499835cbc190c8dbf2441 jdk8u191-b25
+e6205ecef830a71d73a14d1f18765cf4c3ac7773 jdk8u191-b11
+5a2c3b3dd9199561a1d4ba4a4b3bdfd7c6f69736 jdk8u191-b12
+a53a027482b082dbecbdae9bb469fcd957d73900 jdk8u191-b26
5b549167a92971d6793079c702fa2fd79a987cbc jdk8u182-b00
a57083d7fe9ac674c0841db6849140424bb16eef jdk8u192-b00
bc4618963547efc17931174f57bea387f89cd5e9 jdk8u192-b01
@@ -974,3 +980,27 @@
d42d488fd8dcbe13c05958fd2b98696572157ee1 jdk8u192-b07
9d1371fc0987c02d1321d7263d88a782e5e5cdfa jdk8u192-b08
456c0d45c43bfbb5414b9ae0ca68227132b4af7b jdk8u192-b09
+e58a7b05e786554d3447c3b04b11873314b549cd jdk8u192-b10
+aa385e2ce23240f1466dbfcda5fd96ad325b109d jdk8u192-b25
+9d6b5362a75ddef6ed30fe9892e95d7cfdff0ed8 jdk8u192-b11
+854c8339d414bc20aa3c7603ad273aef5d668cde jdk8u192-b12
+6aeb5e07e2bb8f64ee1d8f0651a2723f3a49e834 jdk8u192-b26
+6c92477c026db1888e99c644e071d95609d9152d jdk8u181-b31
+81cd7926a046696e2e88e497d0299a97cffbcdf3 jdk8u181-b32
+bfdef7c905401b4f511ad087ba842853c00290a7 jdk8u181-b33
+7a321d516a54441bb94f1b1ab392e3902463aa72 jdk8u181-b34
+49f6984c82a5388cd83ed7f6d7f46c1cc77d763b jdk8u181-b35
+5d35a3a61a5b43429de380281e89cb7d9187497d jdk8u181-b36
+9a5ee25a4770c8990a5d2a194bf3f73726db978c jdk8u181-b37
+9be9b86d06c6934952df223903157a1269838c79 jdk8u201-b01
+43c64cf865d466241033959c5fbcc955cadc7766 jdk8u201-b02
+6bd999d631dd6057507362c44ce1b72f4581e5e4 jdk8u201-b03
+e81bdfaa81e08b542e3027e1fd5aa62ba029ed25 jdk8u201-b04
+95bf544c9cb654903f3c0ad00cf8dafab14a8091 jdk8u201-b74
+b27416532dba15d5e1968b73b0187a3599dd93a8 jdk8u201-b05
+112dfb97c1e4a0e7a35783dd446ace92af5e8c7f jdk8u201-b75
+9e720dd55a3aa57990fba8245b7e2a57aacc4aa9 jdk8u201-b06
+a430c68aabf0ede2fb9be32c710401523a6ddeac jdk8u201-b76
+8bf098c9d21b1b407a4655bdf683b83474a211b4 jdk8u201-b07
+38568172fbddb5177ff805ec1634da54c8ec2daa jdk8u201-b77
+03dc179691c8b481cf97869cdb65047515ec5b11 jdk8u201-b08
diff --git a/nashorn/THIRD_PARTY_README b/nashorn/THIRD_PARTY_README
index 0614dc2..680599d 100644
--- a/nashorn/THIRD_PARTY_README
+++ b/nashorn/THIRD_PARTY_README
@@ -1668,13 +1668,13 @@
-------------------------------------------------------------------------------
-%% This notice is provided with respect to Little CMS 2.7, which may be
+%% This notice is provided with respect to Little CMS 2.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Little CMS
-Copyright (c) 1998-2015 Marti Maria Saguer
+Copyright (c) 1998-2011 Marti Maria Saguer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/nashorn/src/jdk/nashorn/internal/runtime/resources/mozilla_compat.js b/nashorn/src/jdk/nashorn/internal/runtime/resources/mozilla_compat.js
index 6c27e2a..2acd1fe 100644
--- a/nashorn/src/jdk/nashorn/internal/runtime/resources/mozilla_compat.js
+++ b/nashorn/src/jdk/nashorn/internal/runtime/resources/mozilla_compat.js
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
diff --git a/nashorn/src/jdk/nashorn/internal/runtime/resources/parser.js b/nashorn/src/jdk/nashorn/internal/runtime/resources/parser.js
index 94d02ab..ac4d052 100644
--- a/nashorn/src/jdk/nashorn/internal/runtime/resources/parser.js
+++ b/nashorn/src/jdk/nashorn/internal/runtime/resources/parser.js
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
diff --git a/nashorn/test/script/trusted/classfilter_mozilla_compat.js.EXPECTED b/nashorn/test/script/trusted/classfilter_mozilla_compat.js.EXPECTED
index 9481e98..66a5ca7 100644
--- a/nashorn/test/script/trusted/classfilter_mozilla_compat.js.EXPECTED
+++ b/nashorn/test/script/trusted/classfilter_mozilla_compat.js.EXPECTED
@@ -1,12 +1,12 @@
class javax.script.ScriptContext$$NashornJavaAdapter
-TypeError: Java.extend needs at least one type argument. in nashorn:mozilla_compat.js at line number 39
+TypeError: Java.extend needs at least one type argument. in nashorn:mozilla_compat.js at line number 41
class jdk.nashorn.javaadapters.java.util.ArrayList
class jdk.nashorn.javaadapters.java.util.ArrayList
[JavaClass java.lang.Integer]
-TypeError: [object JavaPackage] is not a Java class in nashorn:mozilla_compat.js at line number 373 at column number 16
+TypeError: [object JavaPackage] is not a Java class in nashorn:mozilla_compat.js at line number 375 at column number 16
[JavaClass java.util.HashSet]
[JavaClass java.util.HashSet]
[JavaClass java.lang.Integer]
-ReferenceError: "Integer" is not defined in nashorn:mozilla_compat.js at line number 67
+ReferenceError: "Integer" is not defined in nashorn:mozilla_compat.js at line number 69
[JavaClass java.util.HashMap]
[JavaClass java.util.HashMap]