From michaeltandy at googlemail.com Mon Mar 2 03:38:42 2009 From: michaeltandy at googlemail.com (Michael Tandy) Date: Mon, 2 Mar 2009 11:38:42 +0000 Subject: [security-dev 00637]: Re: SNI support in JSSE In-Reply-To: <49A8ABC3.3010800@Sun.COM> References: <302aa0340902251149k2c373787h95cae3026e5c4a1d@mail.gmail.com> <49A7407F.4010702@Sun.COM> <302aa0340902270221ndf999ccv1be4e977669337af@mail.gmail.com> <49A808ED.6020407@Sun.COM> <302aa0340902271019p3c7a751ayf1ffb88535562fa1@mail.gmail.com> <49A8ABC3.3010800@Sun.COM> Message-ID: <302aa0340903020338ne175083pe38e4451f62168ee@mail.gmail.com> > Good point. But for FIPS-140 compliant. TLS1.0 should be used, SSL v2 Hello > will not be used in a FIPS validated environment. On the subject of FIPS, perhaps you can answer a question: I gather we have FIPS support [3], but from the documentation [4] I've got no idea of how to enable it. >> Do you think it's likely a server would require SSL3 or TLS, but >> wouldn't support hello extensions? > > Yes, I do remember that some of the current ssl/tls servers may refuse to > accept connections from a client that used TLS extensions. Please refer to > [1] and [2]. OK, so as I see it our options are: (a) don't include client SNI support in OpenJDK 7 (b) include SNI support with no API to turn it off, which will break some servers (c) use a system property to work around the API freeze, add a proper API to the next version, and maintain support for the workaround forever (d) use a system property to work around the API freeze, add a proper API to the next version, and break the workaround in the next version None of those options sound very good to me. What do you think we should do? Michael [3] http://java.sun.com/javase/6/docs/technotes/guides/security/enhancements.html [4] http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html From Xuelei.Fan at Sun.COM Mon Mar 2 05:35:08 2009 From: Xuelei.Fan at Sun.COM (Xuelei Fan) Date: Mon, 02 Mar 2009 21:35:08 +0800 Subject: [security-dev 00638]: Re: SNI support in JSSE In-Reply-To: <302aa0340903020338ne175083pe38e4451f62168ee@mail.gmail.com> References: <302aa0340902251149k2c373787h95cae3026e5c4a1d@mail.gmail.com> <49A7407F.4010702@Sun.COM> <302aa0340902270221ndf999ccv1be4e977669337af@mail.gmail.com> <49A808ED.6020407@Sun.COM> <302aa0340902271019p3c7a751ayf1ffb88535562fa1@mail.gmail.com> <49A8ABC3.3010800@Sun.COM> <302aa0340903020338ne175083pe38e4451f62168ee@mail.gmail.com> Message-ID: <49ABE08C.2070005@Sun.COM> Michael Tandy wrote: >> Good point. But for FIPS-140 compliant. TLS1.0 should be used, SSL v2 Hello >> will not be used in a FIPS validated environment. >> > > On the subject of FIPS, perhaps you can answer a question: I gather we > have FIPS support [3], but from the documentation [4] I've got no idea > of how to enable it. > > FIPS compliant mode is experimental in SunJSSE. I don't think, or I don't know there is a public approach to enable it. However, we have test case on PKCS11 crypro provider with internal APIs, which looks like: Provider p = a pkcs11 provider; Security.removeProvier("SunJSSE"); Provider fipsjsse = new com.sun.net.ssl.internal.ssl Provider(p); Security.addProvider(fipsjsse); //FIPS enabled here. Note, this just a show case, please do not use Sun internal APIs directly, which may be deleted or changed at any time. >>> Do you think it's likely a server would require SSL3 or TLS, but >>> wouldn't support hello extensions? >>> >> Yes, I do remember that some of the current ssl/tls servers may refuse to >> accept connections from a client that used TLS extensions. Please refer to >> [1] and [2]. >> > > OK, so as I see it our options are: > (a) don't include client SNI support in OpenJDK 7 > (b) include SNI support with no API to turn it off, which will break > some servers > (c) use a system property to work around the API freeze, add a proper > API to the next version, and maintain support for the workaround > forever > (d) use a system property to work around the API freeze, add a proper > API to the next version, and break the workaround in the next version > > None of those options sound very good to me. What do you think we should do? > > I have no choice but (c). Personally, I really think SNI is becoming a have-to-have feature with the grow of virtualization computing. Xuelei > Michael > > [3] http://java.sun.com/javase/6/docs/technotes/guides/security/enhancements.html > [4] http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html > From xuelei.fan at sun.com Mon Mar 2 07:25:53 2009 From: xuelei.fan at sun.com (xuelei.fan at sun.com) Date: Mon, 02 Mar 2009 15:25:53 +0000 Subject: [security-dev 00639]: hg: jdk7/tl/jdk: 6549506: Specification of Permission.toString() method contradicts with JDK implementation Message-ID: <20090302152619.ADBAEE597@hg.openjdk.java.net> Changeset: b656e842e1be Author: xuelei Date: 2009-03-02 23:17 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b656e842e1be 6549506: Specification of Permission.toString() method contradicts with JDK implementation Summary: update the spec, and add double quotes around component. Reviewed-by: weijun ! src/share/classes/java/security/Permission.java + test/java/security/Permission/ToString.java From Xuelei.Fan at Sun.COM Mon Mar 2 17:42:22 2009 From: Xuelei.Fan at Sun.COM (Xuelei Fan) Date: Tue, 03 Mar 2009 09:42:22 +0800 Subject: [security-dev 00640]: code review request: Message-ID: <49AC8AFE.8000901@Sun.COM> An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20090303/0ad17833/attachment.html From Weijun.Wang at Sun.COM Mon Mar 2 20:04:49 2009 From: Weijun.Wang at Sun.COM (Weijun Wang) Date: Tue, 03 Mar 2009 12:04:49 +0800 Subject: [security-dev 00641]: Please review: Message-ID: <49ACAC61.3050006@sun.com> Hi All A code review request for 6705872 SecureRandom number init is taking too long on a java.io.tmpdir with a large number of files. http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6705872 Webrev is at: http://cr.openjdk.java.net/~weijun/6705872/webrev.00/ The threshold 1024 is a randomly chosen big enough number. Thanks Max From Weijun.Wang at Sun.COM Mon Mar 2 20:49:28 2009 From: Weijun.Wang at Sun.COM (Weijun Wang) Date: Tue, 03 Mar 2009 12:49:28 +0800 Subject: [security-dev 00642]: Review request: Infinite loop if SPNEGO specified as sun.security.jgss.mechanism Message-ID: <49ACB6D8.2030601@sun.com> Hi Andrew or Valerie Please take a review at this bug fix: http://cr.openjdk.java.net/~weijun/6770883/webrev.01/ http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6770883 Basically. Since SPNEGO is a pseudo-mech that's meant to negotiate a real concrete mech, SPNEGO itself cannot be used as the underlying default mech under. Thanks Max From Xuelei.Fan at Sun.COM Mon Mar 2 22:26:54 2009 From: Xuelei.Fan at Sun.COM (Xuelei Fan) Date: Tue, 03 Mar 2009 14:26:54 +0800 Subject: [security-dev 00643]: Re: Please review: In-Reply-To: <49ACAC61.3050006@sun.com> References: <49ACAC61.3050006@sun.com> Message-ID: <49ACCDAE.5000702@Sun.COM> Max, I'm not satisfied with the fix, it try to read the *first* 1024 files in the "java.io.tmpdir", I don't know the order of the iterator of java.nio.file.Path.newDirectoryStream(), but if the order sounds like by name, by creation time, etc. I don't think the randomness is strong enough. We talked about the bug around July, 2008 (Subject: SHA1PRNG SecureRandom architecture). Brad suggested remove the java.io.tmpdir stuff completely, while I think maybe we need the randomness of them. We got no conclusion on the discuss. I would prefer remove the stuff now. Thanks, Andrew Weijun Wang wrote: > Hi All > > A code review request for > > 6705872 SecureRandom number init is taking too long > on a java.io.tmpdir with a large number of files. > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6705872 > > Webrev is at: > > http://cr.openjdk.java.net/~weijun/6705872/webrev.00/ > > The threshold 1024 is a randomly chosen big enough number. > > Thanks > Max > From Xuelei.Fan at Sun.COM Mon Mar 2 23:26:11 2009 From: Xuelei.Fan at Sun.COM (Xuelei Fan) Date: Tue, 03 Mar 2009 15:26:11 +0800 Subject: [security-dev 00644]: Re: RFC for jarsigner: more warning, more concise output In-Reply-To: <06B1B2C9-B9D5-4076-995E-18645D991D5C@sun.com> References: <06B1B2C9-B9D5-4076-995E-18645D991D5C@sun.com> Message-ID: <49ACDB93.7020208@Sun.COM> Max (Weijun) Wang wrote: > Hi All > > Looking at this bug now: > jarsigner needs enhanced cert validation(options) > http://bugs.sun.com/view_bug.do?bug_id=6802846 > > I've exchanged some emails with the bug reporter (BCC'ed :) ). > Basically we found these problems with the current jarsigner: > > 1. Does not care much about warnings. The exit code is almost always 0 > 2. Too verbose output, esp when there're many entries in the jar > > Therefore, I'm suggesting these enhancements: > > 1. Add -check option, which means "treat warning as error". The exit > code will be 0:OK, -1:verify error, or, OR-value of various 2^n > (n=0,1,..) which maps to predefined warnings. More warnings will be > added for the criteria proposed by the bug reporter. > Sounds good to me. I like the name "-strict" against "-check", and prefer the OR-value for error. > 2. Refine output. Group entries with the same signer info, and, in the > simplest mode, only output a summary. > Sounds fine. Andrew > Precisely, before the fix, the output for -verify is -- > > 1) When there's no more option: > > Jar verified > > 2) When there's -verbose -certs > > smk A.class > > Certificate A (CN=A, OU=B) > Fingerprint 90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90 > > smk B.class > > Certificate A (CN=A, OU=B) > Fingerprint 90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90 > ... > > After the fix -- > > 1) When there's no more option, we add a summary: > > smk A.class (and 1 more) > > Jar verified > > 2) When there's -verbose -certs, we groups entries: > > smk A.class > smk B.class > ... > > Certificate A (CN=A, OU=B) > Fingerprint 90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90 > > 3) When there's -certs (not available in the old version), we have > > smk A.class (and 1 more) > > Certificate A (CN=A, OU=B) > Fingerprint 90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90 > > Here, I guess the 3)rd option would be the more useful one. > > Any suggestions? > > Thanks > Max > From Weijun.Wang at Sun.COM Mon Mar 2 23:36:47 2009 From: Weijun.Wang at Sun.COM (Weijun Wang) Date: Tue, 03 Mar 2009 15:36:47 +0800 Subject: [security-dev 00645]: Re: Please review: In-Reply-To: <49ACCDAE.5000702@Sun.COM> References: <49ACAC61.3050006@sun.com> <49ACCDAE.5000702@Sun.COM> Message-ID: <49ACDE0F.8060700@sun.com> Xuelei Fan wrote: > Max, > > I'm not satisfied with the fix, it try to read the *first* 1024 files in > the "java.io.tmpdir", I don't know the order of the iterator of > java.nio.file.Path.newDirectoryStream(), but if the order sounds like by > name, by creation time, etc. I don't think the randomness is strong enough. Correct. On a server with too many tmp files not get deleted, the first 1024 will always be the same. New webrev: http://cr.openjdk.java.net/~weijun/6705872/webrev.01/ Now I choose the file for random. To be 100% identical to the old codes when there are not many files, I always choose the first 512 files. > > We talked about the bug around July, 2008 (Subject: SHA1PRNG > SecureRandom architecture). Brad suggested remove the java.io.tmpdir > stuff completely, while I think maybe we need the randomness of them. We > got no conclusion on the discuss. > > I would prefer remove the stuff now. Well, I don't know. More random facts bring more randomness, and I dare out remove any of them without a theoretical computation. Thanks Max > > Thanks, > Andrew > > Weijun Wang wrote: >> Hi All >> >> A code review request for >> >> 6705872 SecureRandom number init is taking too long >> on a java.io.tmpdir with a large number of files. >> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6705872 >> >> Webrev is at: >> >> http://cr.openjdk.java.net/~weijun/6705872/webrev.00/ >> >> The threshold 1024 is a randomly chosen big enough number. >> >> Thanks >> Max >> > From Xuelei.Fan at Sun.COM Mon Mar 2 23:54:58 2009 From: Xuelei.Fan at Sun.COM (Xuelei Fan) Date: Tue, 03 Mar 2009 15:54:58 +0800 Subject: [security-dev 00646]: Re: Please review: In-Reply-To: <49ACDE0F.8060700@sun.com> References: <49ACAC61.3050006@sun.com> <49ACCDAE.5000702@Sun.COM> <49ACDE0F.8060700@sun.com> Message-ID: <49ACE252.7080902@Sun.COM> Sounds fine to me. Xuelei Weijun Wang wrote: > Xuelei Fan wrote: > >> Max, >> >> I'm not satisfied with the fix, it try to read the *first* 1024 files in >> the "java.io.tmpdir", I don't know the order of the iterator of >> java.nio.file.Path.newDirectoryStream(), but if the order sounds like by >> name, by creation time, etc. I don't think the randomness is strong enough. >> > > Correct. On a server with too many tmp files not get deleted, the first > 1024 will always be the same. > > New webrev: > http://cr.openjdk.java.net/~weijun/6705872/webrev.01/ > > Now I choose the file for random. To be 100% identical to the old codes > when there are not many files, I always choose the first 512 files. > > >> We talked about the bug around July, 2008 (Subject: SHA1PRNG >> SecureRandom architecture). Brad suggested remove the java.io.tmpdir >> stuff completely, while I think maybe we need the randomness of them. We >> got no conclusion on the discuss. >> >> I would prefer remove the stuff now. >> > > Well, I don't know. More random facts bring more randomness, and I dare > out remove any of them without a theoretical computation. > > Thanks > Max > > >> Thanks, >> Andrew >> >> Weijun Wang wrote: >> >>> Hi All >>> >>> A code review request for >>> >>> 6705872 SecureRandom number init is taking too long >>> on a java.io.tmpdir with a large number of files. >>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6705872 >>> >>> Webrev is at: >>> >>> http://cr.openjdk.java.net/~weijun/6705872/webrev.00/ >>> >>> The threshold 1024 is a randomly chosen big enough number. >>> >>> Thanks >>> Max >>> >>> From Alan.Bateman at Sun.COM Tue Mar 3 01:18:25 2009 From: Alan.Bateman at Sun.COM (Alan Bateman) Date: Tue, 03 Mar 2009 09:18:25 +0000 Subject: [security-dev 00647]: Re: Please review: In-Reply-To: <49ACDE0F.8060700@sun.com> References: <49ACAC61.3050006@sun.com> <49ACCDAE.5000702@Sun.COM> <49ACDE0F.8060700@sun.com> Message-ID: <49ACF5E1.7050900@sun.com> Weijun Wang wrote: > Xuelei Fan wrote: > >> Max, >> >> I'm not satisfied with the fix, it try to read the *first* 1024 files in >> the "java.io.tmpdir", I don't know the order of the iterator of >> java.nio.file.Path.newDirectoryStream(), but if the order sounds like by >> name, by creation time, etc. I don't think the randomness is strong enough. >> > > Correct. On a server with too many tmp files not get deleted, the first > 1024 will always be the same. > > New webrev: > http://cr.openjdk.java.net/~weijun/6705872/webrev.01/ > > Now I choose the file for random. To be 100% identical to the old codes > when there are not many files, I always choose the first 512 files. > It's an awkward issue. Your proposed changes does reduce the randomness for directories with > 1024 entries but that probably isn't worth worrying about. Two comments on the code: 1. The elements returned by the directory stream's iterator are Path objects that that the entry resolved against the directory. So if you are enumerating the entries in /var/tmp then the elements will represent /var/tmp/a, /var/tmp/b, etc. I assume you actually want path.getName().toString().getBytes(). 2. The directory stream should be closed in a finally block (it's possible that the next/hasNext methods used by the iterator can throw an exception, in which case you would leave the directory stream open). -Alan. From Weijun.Wang at Sun.COM Tue Mar 3 01:22:46 2009 From: Weijun.Wang at Sun.COM (Weijun Wang) Date: Tue, 03 Mar 2009 17:22:46 +0800 Subject: [security-dev 00648]: Re: Please review: In-Reply-To: <49ACF5E1.7050900@sun.com> References: <49ACAC61.3050006@sun.com> <49ACCDAE.5000702@Sun.COM> <49ACDE0F.8060700@sun.com> <49ACF5E1.7050900@sun.com> Message-ID: <49ACF6E6.9010707@sun.com> Thanks, both suggestions accepted. Max Alan Bateman wrote: > Weijun Wang wrote: >> Xuelei Fan wrote: >> >>> Max, >>> >>> I'm not satisfied with the fix, it try to read the *first* 1024 files in >>> the "java.io.tmpdir", I don't know the order of the iterator of >>> java.nio.file.Path.newDirectoryStream(), but if the order sounds like by >>> name, by creation time, etc. I don't think the randomness is strong >>> enough. >>> >> >> Correct. On a server with too many tmp files not get deleted, the first >> 1024 will always be the same. >> >> New webrev: >> http://cr.openjdk.java.net/~weijun/6705872/webrev.01/ >> >> Now I choose the file for random. To be 100% identical to the old codes >> when there are not many files, I always choose the first 512 files. >> > It's an awkward issue. Your proposed changes does reduce the randomness > for directories with > 1024 entries but that probably isn't worth > worrying about. > > Two comments on the code: > > 1. The elements returned by the directory stream's iterator are Path > objects that that the entry resolved against the directory. So if you > are enumerating the entries in /var/tmp then the elements will represent > /var/tmp/a, /var/tmp/b, etc. I assume you actually want > path.getName().toString().getBytes(). > > 2. The directory stream should be closed in a finally block (it's > possible that the next/hasNext methods used by the iterator can throw an > exception, in which case you would leave the directory stream open). > > -Alan. > > > From m.j.tandy at warwick.ac.uk Tue Mar 3 06:55:04 2009 From: m.j.tandy at warwick.ac.uk (Michael Tandy) Date: Tue, 3 Mar 2009 14:55:04 +0000 Subject: [security-dev 00649]: Re: code review request: 4773451 Support IP address based virtual hosting in default KeyManager implementation In-Reply-To: <49AD225D.7070408@Sun.COM> References: <49A75577.2070709@Sun.COM> <302aa0340903030202m5d96c8e5s9fbb4b2e4c268d7a@mail.gmail.com> <49AD225D.7070408@Sun.COM> Message-ID: <302aa0340903030655j5a333315xb62320c267bf29e3@mail.gmail.com> > While in a public DNS server, 172.127.192.1 is assigned to "dummy.sun.com". > It is possible that the getLocalHostname() would return > "the_actual_name_is_dummy_sun_com", which getCanonicalHostName() would > return "dummy.sun.com". > > Because the certificate matching the hostname will be used used by remote > peer, instead of the local host. So "the_actual_name_is_dummy_sun_com" means > trouble to the remote side, which has no way to identify it, it is a local > setting of remote side. So we have to use getCanonicalHostName() here. So the secure server's host name has to be the canonical host name? e.g. if one IP address hosted both http://www.example.com and https://secure.example.com the canonical host name for the IP address would have to be secure.example.com for the right certificate to be identified, or the SSL server would have to have only one certificate? > 2. If a client application run on a box with multiple physical network > adapters and share a key store, it is also required to figure out the right > certificate from multiple for a certain connection. > The fix can do that. But SNI cannot. SNI is a ClientHello extension, send > by client side. The server side CertificateRequest message has no such > mechanism. > > So I think we need the enhancement, because SNI cannot meet all of the > requirement above. I see what you mean! I was just thinking of using your fix for this bug as an example of how we might implement SNI in the future. > BTW, could I cc to security-dev at openjdk.java.net? Done. Michael 2009/3/3 Xuelei Fan : > Michael Tandy wrote: >> >> I was wondering - I see you get the host name using: >> >> InetAddress localAddress = socket.getLocalAddress(); >> hostname = localAddress.getCanonicalHostName(); >> >> then you send a certificate matching hostname. >> >> What would be the implications of using getHostName instead of >> getCanonicalHostName? > > For example, in my working spac box, I would config my /etc/hosts similar > to: > 172.127.192.1 the_actual_name_is_dummy_sun_com > > While in a public DNS server, 172.127.192.1 is assigned to "dummy.sun.com". > It is possible that the getLocalHostname() would return > "the_actual_name_is_dummy_sun_com", which getCanonicalHostName() would > return "dummy.sun.com". > > Because the certificate matching the hostname will be used used by remote > peer, instead of the local host. So "the_actual_name_is_dummy_sun_com" means > trouble to the remote side, which has no way to identify it, it is a local > setting of remote side. So we have to use getCanonicalHostName() here. >> >> ?I'm thinking we could implement SNI by >> overriding the socket's getLocalAddress to send an InetAddress with >> the hostname set to the SNI-requested server name, then your code >> would select the best key automatically. >> >> > > Yes, that's the benefits of SNI extension. To make myself understood, let's > look at the requirements of the enhancement , which is different from SNI. > 1. the environment of the bug reported against is: several servers run on a > single physical box, which has more than one physical network adapters, and > configured each with different IP address and different certificate. However > the servers want to share a keystore, all certificates are stored into the > same keystore. That means in the keystore, there are multiple key entries > could be used, it is required to select the right one for a certain > connection. > ? If the client hello message include a SNI extension, it is the primary > function to select one certificate from multiple.for a SNI support server. > You're right here. > ? ?However if the client hello message does not include the SNI, we should > also be able find the right certificate out. That's the benefit of the fix. > > 2. If a client application run on a box with multiple physical network > adapters and share a key store, it is also required to figure out the right > certificate from multiple for a certain connection. > ? The fix can do that. But SNI cannot. SNI is a ClientHello extension, send > by client side. The server side CertificateRequest message has no such > mechanism. > > So I think we need the enhancement, because SNI cannot meet all of the > requirement above. > > Thanks very much for looking into this. > > BTW, could I cc to security-dev at openjdk.java.net? > > Thanks, > Xuelei >> >> Or would we be better waiting until the next JDK version and defining >> a clearer way of passing the host name? >> >> Michael >> >> >> 2009/2/27 Xuelei Fan : >> >>> >>> I need to get a code review for: >>> ? ?4773451 Support IP address based virtual hosting in default KeyManager >>> implementation >>> >>> http://cr.openjdk.java.net/~xuelei/4773451/webrev.00/ >>> >>> >>> Thanks, >>> Xuelei >>> >>> The ?bug description: >>> ------------------------------------------------- >>> When using multiple SSLServerSockets with each listening on >>> it's own IP address, the JVM is not correctly sending the >>> correct certificate to the connecting client's web browser. >>> Regardless of which domain/IP the browser attempts to >>> connect to, the JVM always maps the domain/IP for the first >>> listed certificate in the keystore. >>> >>> Example: ?domains abc.com, def.com, ghi.com each have their >>> own self-signed certificate in keystore , each created using >>> 'keytool -genkey' and created in same order. ?Each also >>> being domain mapped to their own IP address and served >>> through their own SSLServerSocket. >>> >>> When a client attempts to connect to abc.com, all is well. >>> The correct certificate is presented to the client and >>> connection succeeds. ?However, when the client attempt to >>> connect to either def.com or ghi.com, they are presented >>> with the certificate for abc.com. >>> >>> If client connecting to def.com or ghi.com elects to accept >>> that incorrect certificate, connection succeeds to proper >>> site, despite use of incorrect certificate. ?So correct >>> domain/IP mapping is not the issue. >>> >>> >>> > > From Xuelei.Fan at Sun.COM Tue Mar 3 07:13:41 2009 From: Xuelei.Fan at Sun.COM (Xuelei Fan) Date: Tue, 03 Mar 2009 23:13:41 +0800 Subject: [security-dev 00650]: Re: code review request: 4773451 Support IP address based virtual hosting in default KeyManager implementation In-Reply-To: <302aa0340903030655j5a333315xb62320c267bf29e3@mail.gmail.com> References: <49A75577.2070709@Sun.COM> <302aa0340903030202m5d96c8e5s9fbb4b2e4c268d7a@mail.gmail.com> <49AD225D.7070408@Sun.COM> <302aa0340903030655j5a333315xb62320c267bf29e3@mail.gmail.com> Message-ID: <49AD4925.9010002@Sun.COM> An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20090303/b1ea2d8c/attachment.html From tim.bell at sun.com Tue Mar 3 07:52:17 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 03 Mar 2009 15:52:17 +0000 Subject: [security-dev 00651]: hg: jdk7/tl: Added tag jdk7-b49 for changeset aee93a8992d2 Message-ID: <20090303155218.13049E65B@hg.openjdk.java.net> Changeset: 5111e13e44e5 Author: xdono Date: 2009-02-26 10:57 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/rev/5111e13e44e5 Added tag jdk7-b49 for changeset aee93a8992d2 ! .hgtags From tim.bell at sun.com Tue Mar 3 07:55:04 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 03 Mar 2009 15:55:04 +0000 Subject: [security-dev 00652]: hg: jdk7/tl/corba: 2 new changesets Message-ID: <20090303155506.71C80E660@hg.openjdk.java.net> Changeset: 0edbd0074b02 Author: xdono Date: 2009-02-26 10:57 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/0edbd0074b02 Added tag jdk7-b49 for changeset d70978bc64bc ! .hgtags Changeset: 082f59f5ac64 Author: tbell Date: 2009-03-02 15:10 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/082f59f5ac64 Merge From tim.bell at sun.com Tue Mar 3 08:00:08 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 03 Mar 2009 16:00:08 +0000 Subject: [security-dev 00653]: hg: jdk7/tl/hotspot: 34 new changesets Message-ID: <20090303160114.CFFBDE665@hg.openjdk.java.net> Changeset: 23673011938d Author: ysr Date: 2009-01-30 14:17 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/23673011938d 6787254: Work queue capacity can be increased substantially on some platforms Summary: Increased the default and maximum size of the CMS marking stack and the size of the parallel workers' work queues in 64-bit mode. The latter was accomplished by an increase in the width of the Taskqueue's Age struct and its Tag field in 64-bit mode. Reviewed-by: jmasa, tonyp ! src/share/vm/runtime/globals.hpp ! src/share/vm/utilities/taskqueue.cpp ! src/share/vm/utilities/taskqueue.hpp Changeset: 9a25e0c45327 Author: jmasa Date: 2009-01-31 00:15 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/9a25e0c45327 6792421: assert(_bitMap->isMarked(addr+size-1),inconsistent Printezis mark) Summary: The CMS concurrent precleaning and concurrent marking phases should work around classes that are undergoing redefinition. Reviewed-by: ysr, tonyp ! src/share/vm/gc_interface/collectedHeap.hpp ! src/share/vm/interpreter/rewriter.cpp ! src/share/vm/memory/oopFactory.cpp ! src/share/vm/memory/oopFactory.hpp ! src/share/vm/oops/cpCacheKlass.cpp ! src/share/vm/oops/cpCacheKlass.hpp ! src/share/vm/oops/cpCacheOop.hpp Changeset: a268411445d9 Author: ysr Date: 2009-02-04 15:42 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/a268411445d9 Merge Changeset: 82a980778b92 Author: never Date: 2009-02-05 11:42 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/82a980778b92 6793828: G1: invariant: queues are empty when activated Reviewed-by: jrose, kvn ! src/share/vm/opto/graphKit.cpp ! src/share/vm/opto/memnode.cpp Changeset: 58054a18d735 Author: apetrusenko Date: 2009-02-06 01:38 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/58054a18d735 6484959: G1: introduce survivor spaces 6797754: G1: combined bugfix Summary: Implemented a policy to control G1 survivor space parameters. Reviewed-by: tonyp, iveresov ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.hpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.hpp ! src/share/vm/gc_implementation/g1/g1RemSet.cpp ! src/share/vm/gc_implementation/g1/g1_globals.hpp ! src/share/vm/gc_implementation/g1/heapRegion.hpp ! src/share/vm/gc_implementation/g1/heapRegionRemSet.cpp ! src/share/vm/gc_implementation/g1/survRateGroup.cpp ! src/share/vm/gc_implementation/g1/survRateGroup.hpp ! src/share/vm/gc_implementation/includeDB_gc_g1 ! src/share/vm/gc_implementation/shared/ageTable.cpp ! src/share/vm/gc_implementation/shared/ageTable.hpp Changeset: 05c6d52fa7a9 Author: jmasa Date: 2009-02-08 13:18 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/05c6d52fa7a9 6690928: Use spinning in combination with yields for workstealing termination. Summary: Substitute a spin loop for most calls to yield() to reduce the stress on the system. Reviewed-by: tonyp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.cpp ! src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp ! src/share/vm/gc_implementation/parallelScavenge/psScavenge.cpp ! src/share/vm/memory/genCollectedHeap.cpp ! src/share/vm/oops/cpCacheKlass.cpp ! src/share/vm/runtime/globals.hpp ! src/share/vm/utilities/taskqueue.cpp ! src/share/vm/utilities/taskqueue.hpp Changeset: 1e458753107d Author: apetrusenko Date: 2009-02-09 17:33 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/1e458753107d 6802413: G1: G1FixedSurvivorSpaceSize should be converted into regions in calculate_survivors_policy() Reviewed-by: tonyp, jmasa ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp Changeset: 773234c55e8c Author: ysr Date: 2009-02-09 12:26 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/773234c55e8c 6800586: -XX:+PrintGCDateStamps is using mt-unsafe localtime function Summary: replaced localtime() with localtime_r() on Solaris and Linux. Reviewed-by: apetrusenko, dholmes, jmasa ! src/os/linux/vm/os_linux.cpp ! src/os/solaris/vm/os_solaris.cpp ! src/os/windows/vm/os_windows.cpp ! src/share/vm/runtime/os.cpp ! src/share/vm/runtime/os.hpp Changeset: fe3d7c11b4b7 Author: apetrusenko Date: 2009-02-10 18:39 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/fe3d7c11b4b7 6700941: G1: allocation spec missing for some G1 classes Reviewed-by: tonyp ! src/share/vm/gc_implementation/g1/collectionSetChooser.hpp ! src/share/vm/gc_implementation/g1/concurrentG1Refine.hpp ! src/share/vm/gc_implementation/g1/concurrentMark.hpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.hpp ! src/share/vm/gc_implementation/g1/g1MMUTracker.hpp ! src/share/vm/gc_implementation/g1/g1RemSet.hpp ! src/share/vm/gc_implementation/g1/heapRegion.hpp ! src/share/vm/gc_implementation/g1/heapRegionRemSet.hpp ! src/share/vm/gc_implementation/g1/ptrQueue.hpp ! src/share/vm/gc_implementation/g1/sparsePRT.hpp ! src/share/vm/gc_implementation/includeDB_gc_g1 ! src/share/vm/utilities/workgroup.hpp Changeset: 96964ebdb154 Author: kvn Date: 2009-01-07 11:04 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/96964ebdb154 6782232: assert("CreateEx must be first instruction in block" ) Summary: Add the missing check for CreateEx. Add new notproduct flag VerifyRegisterAllocator. Reviewed-by: never ! src/share/vm/opto/c2_globals.hpp ! src/share/vm/opto/chaitin.cpp ! src/share/vm/opto/live.cpp ! src/share/vm/opto/reg_split.cpp Changeset: 6c4cda924d2e Author: kvn Date: 2009-01-07 11:23 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/6c4cda924d2e 6790182: matcher.cpp:1375: assert(false,"bad AD file") Summary: Add a match rule for regD_low in regD definition. Reviewed-by: never ! src/cpu/sparc/vm/sparc.ad Changeset: 011517bbcd7b Author: kvn Date: 2009-01-13 11:10 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/011517bbcd7b 6784930: server jvm fails with assert(!n->is_SpillCopy(),"") Summary: Set minimum block frequency MIN_BLOCK_FREQUENCY 1.e-35f. Reviewed-by: never, rasbold ! src/share/vm/opto/gcm.cpp Changeset: 041fe019d769 Author: never Date: 2009-01-13 11:43 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/041fe019d769 6791132: bad control in autobox split code Reviewed-by: kvn ! src/share/vm/opto/memnode.cpp Changeset: 78144dc3db03 Author: never Date: 2009-01-13 14:02 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/78144dc3db03 Merge Changeset: 35ae4dd6c27c Author: never Date: 2009-01-14 14:12 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/35ae4dd6c27c 6788347: C2Compiler crash 6u7 Reviewed-by: kvn ! src/share/vm/opto/cfgnode.cpp ! src/share/vm/opto/type.cpp ! src/share/vm/opto/type.hpp Changeset: 48bb4a49b7ac Author: kvn Date: 2009-01-16 11:23 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/48bb4a49b7ac 6790209: server VM fails with assert(will_link,"_new: typeflow responsibility") Summary: Add missing code for reflection class loader in SystemDictionary::find(). Reviewed-by: never, jrose ! src/share/vm/classfile/systemDictionary.cpp Changeset: 465813e0303a Author: kvn Date: 2009-01-21 11:18 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/465813e0303a 6794939: assert(_base == OopPtr,"subclass must override cast_to_ptr_type") Summary: Fix the assert in TypeKlassPtr::cast_to_ptr_type(). Reviewed-by: never ! src/share/vm/opto/type.cpp Changeset: 3b5ac9e7e6ea Author: twisti Date: 2009-01-26 16:22 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/3b5ac9e7e6ea 6796746: rename LoadC (char) opcode class to LoadUS (unsigned short) Summary: Renaming LoadC to LoadUS would round up the planned introduction of LoadUB and LoadUI. Reviewed-by: phh, kvn ! src/cpu/sparc/vm/sparc.ad ! src/cpu/x86/vm/x86_32.ad ! src/cpu/x86/vm/x86_64.ad ! src/share/vm/adlc/forms.cpp ! src/share/vm/adlc/formssel.cpp ! src/share/vm/opto/classes.hpp ! src/share/vm/opto/compile.cpp ! src/share/vm/opto/lcm.cpp ! src/share/vm/opto/loopnode.cpp ! src/share/vm/opto/matcher.cpp ! src/share/vm/opto/memnode.cpp ! src/share/vm/opto/memnode.hpp ! src/share/vm/opto/mulnode.cpp ! src/share/vm/opto/superword.cpp ! src/share/vm/opto/vectornode.cpp Changeset: 7628781568e1 Author: twisti Date: 2009-02-03 01:39 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/7628781568e1 6795362: 32bit server compiler leads to wrong results on solaris-x86 Summary: The C2 compiler leads to wrong results on solaris-i486 (32-bit) for a testcase given in the CR. Reviewed-by: never, rasbold ! src/share/vm/opto/mulnode.cpp ! src/share/vm/utilities/globalDefinitions.hpp + test/compiler/6795362/Test6795362.java Changeset: b79faa366fbd Author: twisti Date: 2009-02-03 08:10 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/b79faa366fbd 6799452: HotSpot tests Makefile should take care of ALT_SLASH_JAVA Summary: The HotSpot tests Makefile has a hardcoded SLASH_JAVA which makes it difficult to run the tests on non-Sun build machines which do not have a /java infrastructure. Reviewed-by: kamg ! test/Makefile Changeset: 5bfdb08ea692 Author: never Date: 2009-02-03 18:05 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/5bfdb08ea692 6782260: Memory leak in CodeBuffer::create_patch_overflow Reviewed-by: phh, kvn ! src/share/vm/asm/codeBuffer.cpp Changeset: 1580954e694c Author: never Date: 2009-02-04 11:44 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/1580954e694c 6798785: Crash in OopFlow::build_oop_map: incorrect comparison of 64bit pointers Reviewed-by: phh, kvn ! src/share/vm/adlc/dict2.cpp ! src/share/vm/libadt/dict.cpp Changeset: 1b9fc6e3171b Author: never Date: 2009-02-04 23:17 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/1b9fc6e3171b 6442502: assert(bits,"Use TypePtr for NULL") on linux-x86 Reviewed-by: kvn ! src/share/vm/opto/graphKit.cpp ! src/share/vm/opto/graphKit.hpp Changeset: 323728917cf4 Author: kvn Date: 2009-02-05 13:38 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/323728917cf4 6788376: allow to ignore unrecognized VM options Summary: Add new product flag -XX:+IgnoreUnrecognizedVMOptions Reviewed-by: ysr, xlu ! src/share/vm/runtime/arguments.cpp ! src/share/vm/runtime/globals.hpp ! test/compiler/6775880/Test.java Changeset: 7fe62bb75bf4 Author: kvn Date: 2009-02-05 14:43 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/7fe62bb75bf4 6799693: Server compiler leads to data corruption when expression throws an Exception Summary: Use merged memory state for an allocation's slow path. Reviewed-by: never ! src/share/vm/opto/graphKit.cpp ! src/share/vm/opto/macro.cpp + test/compiler/6795161/Test.java + test/compiler/6799693/Test.java Changeset: 91263420e1c6 Author: kvn Date: 2009-02-06 13:31 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/91263420e1c6 6791852: assert(b->_nodes[insidx] == n,"got insidx set incorrectly") Summary: Move the CreateEx up before each round of IFG construction Reviewed-by: never, phh ! src/share/vm/opto/block.cpp ! src/share/vm/opto/chaitin.cpp ! src/share/vm/opto/chaitin.hpp ! src/share/vm/opto/ifg.cpp ! src/share/vm/opto/live.cpp ! src/share/vm/opto/reg_split.cpp Changeset: bbef4344adb2 Author: twisti Date: 2009-02-13 09:09 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/bbef4344adb2 6800154: Add comments to long_by_long_mulhi() for better understandability Summary: This patch adds a comment pointing to the Hacker's Delight version of the algorithm plus a verbatim copy of it. Furthermore it adds inline comments. Reviewed-by: kvn, jrose ! src/share/vm/opto/divnode.cpp + test/compiler/6603011/Test.java + test/compiler/6800154/Test6800154.java Changeset: 30663ca5e8f4 Author: twisti Date: 2009-02-16 07:19 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/30663ca5e8f4 6805724: ModLNode::Ideal() generates functionally incorrect graph when divisor is any (2^k-1) constant. Summary: C2, ModLNode::Ideal() generates functionally incorrect graph when divisor is any (2^k-1) constant. Reviewed-by: rasbold ! src/share/vm/opto/divnode.cpp ! src/share/vm/utilities/globalDefinitions.hpp + test/compiler/6805724/Test6805724.java Changeset: 2cacccded90f Author: twisti Date: 2009-02-17 11:19 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/2cacccded90f 6805950: Typos in andL_rReg_imm instructions in x86_64.ad Summary: There are two typos in andL_rReg_imm instructions in x86_64.ad. Reviewed-by: kvn ! src/cpu/x86/vm/x86_64.ad Changeset: dca06e7f503d Author: kvn Date: 2009-02-17 14:30 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/dca06e7f503d Merge ! src/cpu/x86/vm/x86_32.ad ! src/share/vm/classfile/systemDictionary.cpp ! src/share/vm/opto/graphKit.cpp ! src/share/vm/opto/memnode.cpp ! src/share/vm/runtime/arguments.cpp ! src/share/vm/runtime/globals.hpp ! src/share/vm/utilities/globalDefinitions.hpp Changeset: 6b7f6a17455e Author: trims Date: 2009-02-18 18:14 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/6b7f6a17455e Merge Changeset: 1605bb4eb5a7 Author: trims Date: 2009-02-18 18:20 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/1605bb4eb5a7 6807345: Bump HS15 build number to 02 Summary: Update the HS15 Build number to 02 Reviewed-by: jcoomes ! make/hotspot_version Changeset: 8b22ccb5aba2 Author: trims Date: 2009-02-25 23:16 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/8b22ccb5aba2 Merge Changeset: dae503d9f04c Author: xdono Date: 2009-02-26 10:57 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/dae503d9f04c Added tag jdk7-b49 for changeset 8b22ccb5aba2 ! .hgtags From tim.bell at sun.com Tue Mar 3 08:07:34 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 03 Mar 2009 16:07:34 +0000 Subject: [security-dev 00654]: hg: jdk7/tl/jaxp: Added tag jdk7-b49 for changeset 5c1f24531903 Message-ID: <20090303160736.6DBECE66A@hg.openjdk.java.net> Changeset: e8514e2be76d Author: xdono Date: 2009-02-26 10:57 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jaxp/rev/e8514e2be76d Added tag jdk7-b49 for changeset 5c1f24531903 ! .hgtags From tim.bell at sun.com Tue Mar 3 08:10:20 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 03 Mar 2009 16:10:20 +0000 Subject: [security-dev 00655]: hg: jdk7/tl/jaxws: Added tag jdk7-b49 for changeset 18ca864890f3 Message-ID: <20090303161023.0C2D1E66F@hg.openjdk.java.net> Changeset: 5be52db581f1 Author: xdono Date: 2009-02-26 10:57 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jaxws/rev/5be52db581f1 Added tag jdk7-b49 for changeset 18ca864890f3 ! .hgtags From tim.bell at sun.com Tue Mar 3 08:13:12 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 03 Mar 2009 16:13:12 +0000 Subject: [security-dev 00656]: hg: jdk7/tl/jdk: 4 new changesets Message-ID: <20090303161412.35627E674@hg.openjdk.java.net> Changeset: 383d6bebfba6 Author: xdono Date: 2009-02-26 10:57 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/383d6bebfba6 Added tag jdk7-b49 for changeset 8311105ea7a3 ! .hgtags Changeset: 59e76cdc647a Author: tbell Date: 2009-02-27 10:53 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/59e76cdc647a Merge Changeset: 58ba2cd5a250 Author: alanb Date: 2009-03-01 14:44 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/58ba2cd5a250 6811578: genSolarisConstants.c should not require kernel patch to compile on Solaris 10 Reviewed-by: tbell ! src/solaris/native/sun/nio/fs/genSolarisConstants.c Changeset: 7546743f4cc0 Author: tbell Date: 2009-03-02 15:10 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7546743f4cc0 Merge From tim.bell at sun.com Tue Mar 3 08:22:18 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 03 Mar 2009 16:22:18 +0000 Subject: [security-dev 00657]: hg: jdk7/tl/langtools: 5 new changesets Message-ID: <20090303162226.46444E679@hg.openjdk.java.net> Changeset: d17d927ad9bd Author: xdono Date: 2009-02-19 14:08 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/d17d927ad9bd Added tag jdk7-b48 for changeset c53007f34195 ! .hgtags Changeset: 1a902c0eb3f9 Author: tbell Date: 2009-02-24 07:55 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/1a902c0eb3f9 Merge Changeset: cc69a0495ac5 Author: xdono Date: 2009-02-26 10:57 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/cc69a0495ac5 Added tag jdk7-b49 for changeset d17d927ad9bd ! .hgtags Changeset: 46f2f6ed96f1 Author: tbell Date: 2009-02-27 10:54 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/46f2f6ed96f1 Merge Changeset: 2f4c4900ca2b Author: tbell Date: 2009-03-02 15:11 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/2f4c4900ca2b Merge From mandy.chung at sun.com Tue Mar 3 19:30:13 2009 From: mandy.chung at sun.com (mandy.chung at sun.com) Date: Wed, 04 Mar 2009 03:30:13 +0000 Subject: [security-dev 00658]: hg: jdk7/tl/jdk: 6799230: Lazily load java.lang.annotation.Annotation class Message-ID: <20090304033038.8DF0FE72A@hg.openjdk.java.net> Changeset: 07d2550f5c84 Author: mchung Date: 2009-03-03 19:26 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/07d2550f5c84 6799230: Lazily load java.lang.annotation.Annotation class Summary: Remove the static EMPTY_ANNOTATION_ARRAY field; add AnnotationParser.toArray method Reviewed-by: darcy ! src/share/classes/java/lang/Class.java ! src/share/classes/java/lang/reflect/Constructor.java ! src/share/classes/java/lang/reflect/Field.java ! src/share/classes/java/lang/reflect/Method.java ! src/share/classes/sun/reflect/annotation/AnnotationParser.java From weijun.wang at sun.com Tue Mar 3 23:13:40 2009 From: weijun.wang at sun.com (weijun.wang at sun.com) Date: Wed, 04 Mar 2009 07:13:40 +0000 Subject: [security-dev 00659]: hg: jdk7/tl/jdk: 6705872: SecureRandom number init is taking too long on a java.io.tmpdir with a large number of files. Message-ID: <20090304071409.50CCBE738@hg.openjdk.java.net> Changeset: a8d9e8cb38bb Author: weijun Date: 2009-03-04 15:09 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a8d9e8cb38bb 6705872: SecureRandom number init is taking too long on a java.io.tmpdir with a large number of files. Reviewed-by: xuelei, alanb ! src/share/classes/sun/security/provider/SeedGenerator.java From openjdk at philippe.prados.name Wed Mar 4 00:14:14 2009 From: openjdk at philippe.prados.name (Philippe Prados) Date: Wed, 4 Mar 2009 09:14:14 +0100 Subject: [security-dev 00660]: Where declare a security alert ? Message-ID: <5267ad110903040014r3e724c53obc10f1a002998c6c@mail.gmail.com> I found two security alert in OpenJDK6. Where I can expose this before it's may be public ? Regards sop??d ?dd?l??d -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20090304/ef44fc83/attachment.html From christopher.hegarty at sun.com Wed Mar 4 05:31:51 2009 From: christopher.hegarty at sun.com (christopher.hegarty at sun.com) Date: Wed, 04 Mar 2009 13:31:51 +0000 Subject: [security-dev 00661]: hg: jdk7/tl/jdk: 6775145: ClassLoaderUtil.releaseLoader calls System.out.println ("classLoader = " + classLoader) Message-ID: <20090304133203.CB064E762@hg.openjdk.java.net> Changeset: 94d02968a504 Author: chegar Date: 2009-03-04 13:28 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/94d02968a504 6775145: ClassLoaderUtil.releaseLoader calls System.out.println ("classLoader = " + classLoader) Summary: Remove System.out debugging statements Reviewed-by: michaelm ! src/share/classes/sun/misc/ClassLoaderUtil.java From christopher.hegarty at sun.com Wed Mar 4 05:39:47 2009 From: christopher.hegarty at sun.com (christopher.hegarty at sun.com) Date: Wed, 04 Mar 2009 13:39:47 +0000 Subject: [security-dev 00662]: hg: jdk7/tl/jdk: 6737323: Typo in javadoc for SocketPermission Message-ID: <20090304133959.2A056E767@hg.openjdk.java.net> Changeset: 03001e92d155 Author: chegar Date: 2009-03-04 13:36 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/03001e92d155 6737323: Typo in javadoc for SocketPermission Summary: Remove redundant line form class description Reviewed-by: jccollet ! src/share/classes/java/net/SocketPermission.java From xueming.shen at sun.com Wed Mar 4 09:40:37 2009 From: xueming.shen at sun.com (xueming.shen at sun.com) Date: Wed, 04 Mar 2009 17:40:37 +0000 Subject: [security-dev 00663]: hg: jdk7/tl/jdk: 6812879: Excess code line in ArrayList method Message-ID: <20090304174102.B4629E786@hg.openjdk.java.net> Changeset: 6568cd51ae12 Author: sherman Date: 2009-03-04 09:26 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6568cd51ae12 6812879: Excess code line in ArrayList method Summary: Removed the line of "oldData" which is no longer used. Reviewed-by: martin ! src/share/classes/java/util/ArrayList.java From weijun.wang at sun.com Wed Mar 4 22:54:09 2009 From: weijun.wang at sun.com (weijun.wang at sun.com) Date: Thu, 05 Mar 2009 06:54:09 +0000 Subject: [security-dev 00664]: hg: jdk7/tl/jdk: 6813402: keytool cannot -printcert entries without extensions Message-ID: <20090305065425.514D0E7DE@hg.openjdk.java.net> Changeset: 97da21737d9e Author: weijun Date: 2009-03-05 14:49 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/97da21737d9e 6813402: keytool cannot -printcert entries without extensions Reviewed-by: xuelei ! src/share/classes/sun/security/tools/KeyTool.java + test/sun/security/tools/keytool/NoExtNPE.sh From Xuelei.Fan at Sun.COM Thu Mar 5 00:41:34 2009 From: Xuelei.Fan at Sun.COM (Xuelei Fan) Date: Thu, 05 Mar 2009 16:41:34 +0800 Subject: [security-dev 00665]: Re: Review request: Infinite loop if SPNEGO specified as sun.security.jgss.mechanism In-Reply-To: <49ACB6D8.2030601@sun.com> References: <49ACB6D8.2030601@sun.com> Message-ID: <49AF903E.7040704@Sun.COM> "sun.security.jgss.mechanism", it is a undocumented property, right? I think it is hard to explain why SPNEGO is request, but KRB5 given, it is not the expected behavior. Why not thrown a GSSException? Andrew Weijun Wang wrote: > Hi Andrew or Valerie > > Please take a review at this bug fix: > > http://cr.openjdk.java.net/~weijun/6770883/webrev.01/ > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6770883 > > Basically. Since SPNEGO is a pseudo-mech that's meant to negotiate a > real concrete mech, SPNEGO itself cannot be used as the underlying > default mech under. > > Thanks > Max > From michaeltandy at googlemail.com Thu Mar 5 03:00:24 2009 From: michaeltandy at googlemail.com (Michael Tandy) Date: Thu, 5 Mar 2009 11:00:24 +0000 Subject: [security-dev 00666]: Re: SNI support in JSSE In-Reply-To: <49ABE08C.2070005@Sun.COM> References: <302aa0340902251149k2c373787h95cae3026e5c4a1d@mail.gmail.com> <49A7407F.4010702@Sun.COM> <302aa0340902270221ndf999ccv1be4e977669337af@mail.gmail.com> <49A808ED.6020407@Sun.COM> <302aa0340902271019p3c7a751ayf1ffb88535562fa1@mail.gmail.com> <49A8ABC3.3010800@Sun.COM> <302aa0340903020338ne175083pe38e4451f62168ee@mail.gmail.com> <49ABE08C.2070005@Sun.COM> Message-ID: <302aa0340903050300l45b1de50x1354edc409214ee4@mail.gmail.com> > I have no choice but (c). Personally, I really think SNI is becoming a > have-to-have feature with the grow of virtualization computing. Here's a webrev which enables SNI on the client end, whenever not using SSL 2 Hello, and when system property "sun.security.ssl.disableHelloExtensions" is unset, or set to "no" http://michaelt.uwcs.co.uk/openjdk_sni_webrev/ 2009/3/2 Xuelei Fan : > Michael Tandy wrote: >>> >>> Good point. But for FIPS-140 compliant. TLS1.0 should be used, SSL v2 >>> Hello >>> will not be used in a FIPS validated environment. >>> >> >> On the subject of FIPS, perhaps you can answer a question: I gather we >> have FIPS support [3], but from the documentation [4] I've got no idea >> of how to enable it. >> >> > > FIPS compliant mode is experimental in SunJSSE. I don't think, or I don't > know there is a public approach to enable it. However, we have test case on > PKCS11 crypro provider with internal APIs, which looks like: > ? ?Provider p = a pkcs11 provider; > ? ?Security.removeProvier("SunJSSE"); > ? ?Provider fipsjsse = new com.sun.net.ssl.internal.ssl Provider(p); > ? ?Security.addProvider(fipsjsse); ? //FIPS enabled here. > > Note, this just a show case, please do not use Sun internal APIs directly, > which may be deleted or changed at any time. >>>> >>>> Do you think it's likely a server would require SSL3 or TLS, but >>>> wouldn't support hello extensions? >>>> >>> >>> Yes, I do remember that some of the current ssl/tls servers may refuse to >>> accept connections from a client that used TLS extensions. Please refer >>> to >>> [1] and [2]. >>> >> >> OK, so as I see it our options are: >> (a) don't include client SNI support in OpenJDK 7 >> (b) include SNI support with no API to turn it off, which will break >> some servers >> (c) use a system property to work around the API freeze, add a proper >> API to the next version, and maintain support for the workaround >> forever >> (d) use a system property to work around the API freeze, add a proper >> API to the next version, and break the workaround in the next version >> >> None of those options sound very good to me. What do you think we should >> do? >> >> > > I have no choice but (c). Personally, I really think SNI is becoming a > have-to-have feature with the grow of virtualization computing. > > Xuelei >> >> Michael >> >> [3] >> http://java.sun.com/javase/6/docs/technotes/guides/security/enhancements.html >> [4] >> http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html >> > > From maurizio.cimadamore at sun.com Thu Mar 5 09:50:50 2009 From: maurizio.cimadamore at sun.com (maurizio.cimadamore at sun.com) Date: Thu, 05 Mar 2009 17:50:50 +0000 Subject: [security-dev 00667]: hg: jdk7/tl/langtools: 4 new changesets Message-ID: <20090305175057.15409E7FD@hg.openjdk.java.net> Changeset: 850869f70213 Author: mcimadamore Date: 2009-03-05 17:24 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/850869f70213 6467183: javac fails to raise unchecked warning on cast of parameterized generic subclass Summary: cleanup code for generating unchecked cast warnings Reviewed-by: jjg ! src/share/classes/com/sun/tools/javac/code/Types.java + test/tools/javac/cast/6467183/T6467183a.java + test/tools/javac/cast/6467183/T6467183a.out + test/tools/javac/cast/6467183/T6467183b.java Changeset: 84a18d7da478 Author: mcimadamore Date: 2009-03-05 17:24 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/84a18d7da478 6804733: javac generates spourious diagnostics for ill-formed type-variable bounds Summary: fixed algorithm for checking cycles in typevar declarations Reviewed-by: jjg ! src/share/classes/com/sun/tools/javac/comp/Check.java + test/tools/javac/generics/typevars/6804733/T6804733.java + test/tools/javac/generics/typevars/6804733/T6804733.out Changeset: 9711a6c2db7e Author: mcimadamore Date: 2009-03-05 17:25 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/9711a6c2db7e 6807255: LineNumberTable wrong if enhanced-for-loops are used Summary: end position of iterable for-each loop was not set properly Reviewed-by: jjg ! src/share/classes/com/sun/tools/javac/comp/Lower.java Changeset: 86b60aa941c6 Author: mcimadamore Date: 2009-03-05 17:25 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/86b60aa941c6 6799605: Basic/Raw formatters should use type/symbol printer instead of toString() Summary: create new combo type/symbol visitor printer used by all diagnostic formatters Reviewed-by: jjg + src/share/classes/com/sun/tools/javac/code/Printer.java ! src/share/classes/com/sun/tools/javac/code/Types.java ! src/share/classes/com/sun/tools/javac/resources/compiler.properties ! src/share/classes/com/sun/tools/javac/util/AbstractDiagnosticFormatter.java ! src/share/classes/com/sun/tools/javac/util/BasicDiagnosticFormatter.java ! src/share/classes/com/sun/tools/javac/util/RawDiagnosticFormatter.java + test/tools/javac/Diagnostics/6799605/T6799605.java + test/tools/javac/Diagnostics/6799605/T6799605.out ! test/tools/javac/NestedInnerClassNames.out ! test/tools/javac/T6241723.out ! test/tools/javac/depDocComment/SuppressDeprecation.out ! test/tools/javac/mandatoryWarnings/deprecated/Test3.out ! test/tools/javac/mandatoryWarnings/deprecated/Test3b.out ! test/tools/javac/mandatoryWarnings/deprecated/Test4.out ! test/tools/javac/mandatoryWarnings/deprecated/Test4b.out ! test/tools/javac/mandatoryWarnings/deprecated/Test4c.out ! test/tools/javac/mandatoryWarnings/deprecated/Test4d.out ! test/tools/javac/positions/T6253161.out ! test/tools/javac/positions/T6253161a.out ! test/tools/javac/warnings/Deprecation.lintAll.out ! test/tools/javac/warnings/Deprecation.lintDeprecation.out From yu-ching.peng at sun.com Thu Mar 5 11:51:03 2009 From: yu-ching.peng at sun.com (yu-ching.peng at sun.com) Date: Thu, 05 Mar 2009 19:51:03 +0000 Subject: [security-dev 00668]: hg: jdk7/tl/jdk: 2 new changesets Message-ID: <20090305195128.766CAE81A@hg.openjdk.java.net> Changeset: da9d0283a496 Author: valeriep Date: 2009-03-03 19:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/da9d0283a496 6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider Summary: Removed finalize() and add more error handling to native code Reviewed-by: vinnie ! src/share/classes/sun/security/pkcs11/P11Key.java ! src/share/classes/sun/security/pkcs11/P11RSACipher.java ! src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java ! src/share/native/sun/security/pkcs11/wrapper/p11_convert.c ! src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c ! src/share/native/sun/security/pkcs11/wrapper/p11_digest.c ! src/share/native/sun/security/pkcs11/wrapper/p11_dual.c ! src/share/native/sun/security/pkcs11/wrapper/p11_general.c ! src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c ! src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c ! src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c ! src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c ! src/share/native/sun/security/pkcs11/wrapper/p11_sign.c ! src/share/native/sun/security/pkcs11/wrapper/p11_util.c ! src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h Changeset: 7b3cfde54812 Author: valeriep Date: 2009-03-05 11:44 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7b3cfde54812 Merge From Yu-Ching.Peng at Sun.COM Thu Mar 5 14:10:32 2009 From: Yu-Ching.Peng at Sun.COM (Valerie Peng) Date: Thu, 05 Mar 2009 14:10:32 -0800 Subject: [security-dev 00669]: Re: Review request: Infinite loop if SPNEGO specified as sun.security.jgss.mechanism In-Reply-To: <49AF903E.7040704@Sun.COM> References: <49ACB6D8.2030601@sun.com> <49AF903E.7040704@Sun.COM> Message-ID: <49B04DD8.7030100@Sun.COM> I think when SPNEGO is specified to be the default mechanism for JGSS (as the property name implies), it should be up to the SPNEGO implementation to specify what its default concrete mechanism should be. I think your new constant DEFAULT_MECH_OID2 should conceptually at the SPNEGO mech provider level instead of at the GSS level, i.e. inside class sun.security.jgss.ProviderList. Thus, it's better to move this constant to the SPNEGO mech provider level since it's only used by SpNego. In addition, since the default mech for JGSS does not change at runtime, you should initialize this default mech for SPNEGO accordingly, so that you don't have to do the if-default-JGSS-Mech-is-SPNEGO check for every invocation of SpNegoMechFactory.getNameElement(...). Valerie On 03/05/09 00:41, Xuelei Fan wrote: > "sun.security.jgss.mechanism", it is a undocumented property, right? I > think it is hard to explain why SPNEGO is request, but KRB5 given, it > is not the expected behavior. Why not thrown a GSSException? > Andrew > > Weijun Wang wrote: >> Hi Andrew or Valerie >> >> Please take a review at this bug fix: >> >> http://cr.openjdk.java.net/~weijun/6770883/webrev.01/ >> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6770883 >> >> Basically. Since SPNEGO is a pseudo-mech that's meant to negotiate a >> real concrete mech, SPNEGO itself cannot be used as the underlying >> default mech under. >> >> Thanks >> Max >> > From Sean.Mullan at Sun.COM Fri Mar 6 08:50:13 2009 From: Sean.Mullan at Sun.COM (Sean Mullan) Date: Fri, 06 Mar 2009 11:50:13 -0500 Subject: [security-dev 00670]: 6787130 Code Review Request Message-ID: <49B15445.7060601@sun.com> Hi Max, Can you review: http://cr.openjdk.java.net/~mullan/6787130/webrev/ Thanks, Sean From Weijun.Wang at Sun.COM Fri Mar 6 15:56:04 2009 From: Weijun.Wang at Sun.COM (Max (Weijun) Wang) Date: Sat, 07 Mar 2009 07:56:04 +0800 Subject: [security-dev 00671]: Re: 6787130 Code Review Request In-Reply-To: <49B15445.7060601@sun.com> References: <49B15445.7060601@sun.com> Message-ID: <42127F4B-676C-4E63-9B24-13C4E4E3F4DD@Sun.COM> It looks fine. On Mar 7, 2009, at 12:50 AM, Sean Mullan wrote: > Hi Max, > > Can you review: http://cr.openjdk.java.net/~mullan/6787130/webrev/ > > Thanks, > Sean From tim.bell at sun.com Sat Mar 7 11:35:19 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sat, 07 Mar 2009 19:35:19 +0000 Subject: [security-dev 00672]: hg: jdk7/tl: Added tag jdk7-b50 for changeset 5111e13e44e5 Message-ID: <20090307193520.23FD8E9D5@hg.openjdk.java.net> Changeset: 28ba432554f4 Author: xdono Date: 2009-03-05 09:48 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/rev/28ba432554f4 Added tag jdk7-b50 for changeset 5111e13e44e5 ! .hgtags From tim.bell at sun.com Sat Mar 7 11:40:20 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sat, 07 Mar 2009 19:40:20 +0000 Subject: [security-dev 00673]: hg: jdk7/tl/corba: 2 new changesets Message-ID: <20090307194022.4CCF0E9DA@hg.openjdk.java.net> Changeset: 12f178e7737f Author: xdono Date: 2009-03-05 09:49 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/12f178e7737f Added tag jdk7-b50 for changeset 0edbd0074b02 ! .hgtags Changeset: ec634b3aa302 Author: tbell Date: 2009-03-06 10:52 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/ec634b3aa302 Merge From tim.bell at sun.com Sat Mar 7 11:47:27 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sat, 07 Mar 2009 19:47:27 +0000 Subject: [security-dev 00674]: hg: jdk7/tl/hotspot: Added tag jdk7-b50 for changeset dae503d9f04c Message-ID: <20090307194730.14369E9DF@hg.openjdk.java.net> Changeset: 67f831f73d34 Author: xdono Date: 2009-03-05 09:49 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/67f831f73d34 Added tag jdk7-b50 for changeset dae503d9f04c ! .hgtags From tim.bell at sun.com Sat Mar 7 11:54:11 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sat, 07 Mar 2009 19:54:11 +0000 Subject: [security-dev 00675]: hg: jdk7/tl/jaxp: Added tag jdk7-b50 for changeset e8514e2be76d Message-ID: <20090307195413.74EA4E9E4@hg.openjdk.java.net> Changeset: e2da22440463 Author: xdono Date: 2009-03-05 09:49 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jaxp/rev/e2da22440463 Added tag jdk7-b50 for changeset e8514e2be76d ! .hgtags From tim.bell at sun.com Sat Mar 7 11:59:11 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sat, 07 Mar 2009 19:59:11 +0000 Subject: [security-dev 00676]: hg: jdk7/tl/jaxws: Added tag jdk7-b50 for changeset 5be52db581f1 Message-ID: <20090307195913.40595E9E9@hg.openjdk.java.net> Changeset: 3f309316d6bf Author: xdono Date: 2009-03-05 09:49 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jaxws/rev/3f309316d6bf Added tag jdk7-b50 for changeset 5be52db581f1 ! .hgtags From tim.bell at sun.com Sat Mar 7 12:04:13 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sat, 07 Mar 2009 20:04:13 +0000 Subject: [security-dev 00677]: hg: jdk7/tl/jdk: 2 new changesets Message-ID: <20090307200442.0CD7BE9EE@hg.openjdk.java.net> Changeset: e0a8a9ccc4a4 Author: xdono Date: 2009-03-05 09:49 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e0a8a9ccc4a4 Added tag jdk7-b50 for changeset 58ba2cd5a250 ! .hgtags Changeset: 2b6cf18aeb6f Author: tbell Date: 2009-03-06 10:52 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2b6cf18aeb6f Merge From tim.bell at sun.com Sat Mar 7 12:15:07 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sat, 07 Mar 2009 20:15:07 +0000 Subject: [security-dev 00678]: hg: jdk7/tl/langtools: 2 new changesets Message-ID: <20090307201511.AC9BEE9F3@hg.openjdk.java.net> Changeset: 4b72dc8fc51e Author: xdono Date: 2009-03-05 09:49 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/4b72dc8fc51e Added tag jdk7-b50 for changeset 46f2f6ed96f1 ! .hgtags Changeset: 6d00caa683b3 Author: tbell Date: 2009-03-06 10:53 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/6d00caa683b3 Merge From Weijun.Wang at Sun.COM Sun Mar 8 18:44:21 2009 From: Weijun.Wang at Sun.COM (Max (Weijun) Wang) Date: Mon, 09 Mar 2009 09:44:21 +0800 Subject: [security-dev 00679]: Re: Review request: Infinite loop if SPNEGO specified as sun.security.jgss.mechanism In-Reply-To: <49AF903E.7040704@Sun.COM> References: <49ACB6D8.2030601@sun.com> <49AF903E.7040704@Sun.COM> Message-ID: <0AF6E285-9D9A-4325-86ED-552D4AB07B3F@Sun.COM> On Mar 5, 2009, at 4:41 PM, Xuelei Fan wrote: > "sun.security.jgss.mechanism", it is a undocumented property, right? > I think it is hard to explain why SPNEGO is request, but KRB5 > given, it is not the expected behavior. Why not thrown a GSSException? No, user sets this property so that SPNEGO is her default JGSS mech, that does not mean she wants SPNEGO to use SPNEGO as the underlying mech. As Valerie replied in the other mail, I should put the fix all inside SpNegoMechFactory. Working on it now. Thanks Max > Andrew > > Weijun Wang wrote: >> Hi Andrew or Valerie >> >> Please take a review at this bug fix: >> >> http://cr.openjdk.java.net/~weijun/6770883/webrev.01/ >> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6770883 >> >> Basically. Since SPNEGO is a pseudo-mech that's meant to negotiate a >> real concrete mech, SPNEGO itself cannot be used as the underlying >> default mech under. >> >> Thanks >> Max >> > From sean.mullan at sun.com Mon Mar 9 07:02:32 2009 From: sean.mullan at sun.com (sean.mullan at sun.com) Date: Mon, 09 Mar 2009 14:02:32 +0000 Subject: [security-dev 00680]: hg: jdk7/tl/jdk: 2 new changesets Message-ID: <20090309140257.5B3CAEA4B@hg.openjdk.java.net> Changeset: c769c46c27ce Author: mullan Date: 2009-03-09 09:46 -0400 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c769c46c27ce 6787130: java.policy file contains stale link to http://java.sun.com/notes Reviewed-by: weijun ! src/share/lib/security/java.policy Changeset: aa48deaf9af4 Author: mullan Date: 2009-03-09 09:56 -0400 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/aa48deaf9af4 Merge From Weijun.Wang at Sun.COM Tue Mar 10 00:25:25 2009 From: Weijun.Wang at Sun.COM (Weijun Wang) Date: Tue, 10 Mar 2009 15:25:25 +0800 Subject: [security-dev 00681]: keytool: -import reply different when length is different Message-ID: <49B615E5.5050007@sun.com> Hi In keytool's installReply(), there is: if (replyCerts.length == 1) { // single-cert reply newChain = establishCertChain(userCert, replyCerts[0]); } else { // cert-chain reply (e.g., PKCS#7) newChain = validateReply(alias, userCert, replyCerts); } If the trust cannot be setup with a known trust anchor, in establishCertChain(), the import simply fails; in validateReply(), a prompt is displayed, and if you type yes, it's imported. This means the user experience is different between directly applying for a cert from a root CA (in which the reply is a single cert) and from an intermediate CA (in which the reply includes the user's cert and the CA's cert), when the root CA is not in user's cacerts. Is this rational? Why isn't validateReply() always be called? Thanks Max From Sean.Mullan at Sun.COM Tue Mar 10 08:46:01 2009 From: Sean.Mullan at Sun.COM (Sean Mullan) Date: Tue, 10 Mar 2009 11:46:01 -0400 Subject: [security-dev 00682]: Re: keytool: -import reply different when length is different In-Reply-To: <49B615E5.5050007@sun.com> References: <49B615E5.5050007@sun.com> Message-ID: <49B68B39.4010402@sun.com> Weijun Wang wrote: > Hi > > In keytool's installReply(), there is: > > if (replyCerts.length == 1) { > // single-cert reply > newChain = establishCertChain(userCert, replyCerts[0]); > } else { > // cert-chain reply (e.g., PKCS#7) > newChain = validateReply(alias, userCert, replyCerts); > } > > If the trust cannot be setup with a known trust anchor, in > establishCertChain(), the import simply fails; in validateReply(), a > prompt is displayed, and if you type yes, it's imported. > > This means the user experience is different between directly applying > for a cert from a root CA (in which the reply is a single cert) and from > an intermediate CA (in which the reply includes the user's cert and the > CA's cert), when the root CA is not in user's cacerts. > > Is this rational? Why isn't validateReply() always be called? The problem is that you don't know if the single cert is directly issued by a root CA or is missing some number of intermediate CA certs. I agree though the behavior is strange. I think the user should be allowed to override and manually trust the chain, whether it is 1 cert or n certs. The keytool man page says this about the single cert reply: "In this case, keytool does not print out the certificate and prompt the user to verify it, because it is very hard (if not impossible) for a user to determine the authenticity of the certificate reply." I'm not sure why that trust decision is any more difficult whether the reply contains 1 cert or n certs. Maybe you can look at the source code and the history behind that? Thanks, Sean From Xuelei.Fan at Sun.COM Tue Mar 10 10:16:24 2009 From: Xuelei.Fan at Sun.COM (Xuelei Fan) Date: Wed, 11 Mar 2009 01:16:24 +0800 Subject: [security-dev 00683]: Re: keytool: -import reply different when length is different In-Reply-To: <49B615E5.5050007@sun.com> References: <49B615E5.5050007@sun.com> Message-ID: <49B6A068.9030108@Sun.COM> Weijun Wang wrote: > Hi > > In keytool's installReply(), there is: > > if (replyCerts.length == 1) { > // single-cert reply > newChain = establishCertChain(userCert, replyCerts[0]); > } else { > // cert-chain reply (e.g., PKCS#7) > newChain = validateReply(alias, userCert, replyCerts); > } > > If the trust cannot be setup with a known trust anchor, in > establishCertChain(), the import simply fails; in validateReply(), a > prompt is displayed, and if you type yes, it's imported. > > This means the user experience is different between directly applying > for a cert from a root CA (in which the reply is a single cert) and from > an intermediate CA (in which the reply includes the user's cert and the > CA's cert), when the root CA is not in user's cacerts. > > Is this rational? Why isn't validateReply() always be called? > > I don't know why, but the behaviors of establishCertChain() and validateReply() for trust is differ. establishCertChain() will try to build a *full* cert chain from key store or trust ca cert store; validateReply() would only try to find "ONE" cert that could verify the last cert in chain. I don't know the underlying stories. Andrew > Thanks > Max > From mandy.chung at sun.com Thu Mar 12 10:39:55 2009 From: mandy.chung at sun.com (mandy.chung at sun.com) Date: Thu, 12 Mar 2009 17:39:55 +0000 Subject: [security-dev 00684]: hg: jdk7/tl/jdk: 2 new changesets Message-ID: <20090312174115.DEABFED8E@hg.openjdk.java.net> Changeset: e1064300e0f6 Author: mchung Date: 2009-03-12 10:27 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e1064300e0f6 6810254: Lazily instantiate the shared secret access objects Summary: Register the shutdown hooks only when needed and remove JavaIODeleteOnExitAccess Reviewed-by: alanb ! make/java/java/FILES_java.gmk ! src/share/classes/java/io/Console.java ! src/share/classes/java/io/DeleteOnExitHook.java ! src/share/classes/java/io/File.java ! src/share/classes/java/lang/ApplicationShutdownHooks.java ! src/share/classes/java/lang/Shutdown.java ! src/share/classes/java/lang/System.java ! src/share/classes/sun/misc/JavaIOAccess.java - src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java ! src/share/classes/sun/misc/JavaLangAccess.java ! src/share/classes/sun/misc/SharedSecrets.java Changeset: fdb1567ea28c Author: mchung Date: 2009-03-12 10:32 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/fdb1567ea28c 6813240: Remove dead code in sun.misc.FormattedFloatingDecimal class Summary: Remove unused methods from FormattedFloatingDecimal that were originally copied from FloatingDecimal Reviewed-by: darcy ! src/share/classes/sun/misc/FormattedFloatingDecimal.java From weijun.wang at sun.com Thu Mar 12 18:28:14 2009 From: weijun.wang at sun.com (weijun.wang at sun.com) Date: Fri, 13 Mar 2009 01:28:14 +0000 Subject: [security-dev 00685]: hg: jdk7/tl/jdk: 2 new changesets Message-ID: <20090313012920.A3A5DEDD3@hg.openjdk.java.net> Changeset: 9d5cce463fa0 Author: weijun Date: 2009-03-13 09:20 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9d5cce463fa0 6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library Reviewed-by: valeriep ! src/share/classes/sun/security/jgss/spnego/NegTokenInit.java ! src/share/classes/sun/security/jgss/spnego/SpNegoContext.java + test/sun/security/krb5/auto/SpnegoReqFlags.java Changeset: ef3eba839fb7 Author: weijun Date: 2009-03-13 09:21 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ef3eba839fb7 6550221: jaas, jgss and smartcardio javadoc files do not contain Copyrights Reviewed-by: ohair ! make/docs/Makefile From xuelei.fan at sun.com Thu Mar 12 22:20:06 2009 From: xuelei.fan at sun.com (xuelei.fan at sun.com) Date: Fri, 13 Mar 2009 05:20:06 +0000 Subject: [security-dev 00686]: hg: jdk7/tl/jdk: 6798714: OCSPResponse class has to check the validity of signing certificate for OCSP response Message-ID: <20090313052041.01D64EE0A@hg.openjdk.java.net> Changeset: f381e737916d Author: xuelei Date: 2009-03-13 12:59 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f381e737916d 6798714: OCSPResponse class has to check the validity of signing certificate for OCSP response Summary: checking validity and ocsp-nocheck extension. Reviewed-by: mullan, vinnie ! src/share/classes/sun/security/provider/certpath/OCSPResponse.java + src/share/classes/sun/security/x509/OCSPNoCheckExtension.java ! src/share/classes/sun/security/x509/OIDMap.java ! src/share/classes/sun/security/x509/PKIXExtensions.java From tim.bell at sun.com Sun Mar 15 10:14:58 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 15 Mar 2009 17:14:58 +0000 Subject: [security-dev 00687]: hg: jdk7/tl: 5 new changesets Message-ID: <20090315171458.B2A8CEF7E@hg.openjdk.java.net> Changeset: 3398ae556a2a Author: ohair Date: 2009-01-31 15:26 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/rev/3398ae556a2a 6791649: add "SKIP_MSIVAL2=true" to the Windows section of make/jprt.config Reviewed-by: tbell ! make/jdk-rules.gmk ! make/jprt.config ! make/jprt.gmk Changeset: a4fd1a33eb93 Author: xdono Date: 2009-02-27 15:12 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/rev/a4fd1a33eb93 Merge Changeset: c2a7f3471532 Author: xdono Date: 2009-03-09 11:43 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/rev/c2a7f3471532 Merge Changeset: 93c2600a45a4 Author: xdono Date: 2009-03-09 13:28 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/rev/93c2600a45a4 6814575: Update copyright year Summary: Update copyright for files that have been modified in 2009, up to 03/09 Reviewed-by: katleman, tbell, ohair ! Makefile ! make/Defs-internal.gmk ! make/jdk-rules.gmk ! make/jprt.config ! make/jprt.gmk Changeset: 0f0189d55ce4 Author: xdono Date: 2009-03-09 13:33 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/rev/0f0189d55ce4 Merge From tim.bell at sun.com Sun Mar 15 10:18:02 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 15 Mar 2009 17:18:02 +0000 Subject: [security-dev 00688]: hg: jdk7/tl/corba: 3 new changesets Message-ID: <20090315171806.2548CEF83@hg.openjdk.java.net> Changeset: e2f388853a9d Author: xdono Date: 2009-03-09 13:28 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/e2f388853a9d 6814575: Update copyright year Summary: Update copyright for files that have been modified in 2009, up to 03/09 Reviewed-by: katleman, tbell, ohair ! make/com/sun/corba/minclude/com_sun_corba_se_impl_dynamicany.jmk ! make/com/sun/corba/minclude/com_sun_corba_se_impl_encoding.jmk ! make/com/sun/corba/minclude/com_sun_corba_se_impl_ior.jmk ! make/com/sun/corba/minclude/com_sun_corba_se_impl_orbutil.jmk ! make/com/sun/corba/minclude/com_sun_corba_se_impl_protocol.jmk ! make/com/sun/corba/minclude/com_sun_corba_se_spi_legacy_interceptor.jmk ! make/com/sun/corba/minclude/com_sun_corba_se_spi_monitoring.jmk ! make/com/sun/corba/minclude/com_sun_corba_se_spi_presentation_rmi.jmk ! make/com/sun/corba/minclude/com_sun_corba_se_spi_transport.jmk ! make/com/sun/corba/minclude/org_omg_CosNaming.jmk ! make/com/sun/corba/minclude/org_omg_DynamicAny.jmk ! make/com/sun/corba/minclude/org_omg_PortableInterceptor.jmk ! make/com/sun/corba/se/sources/Makefile ! make/common/Defs-windows.gmk ! make/common/shared/Compiler-msvc.gmk ! make/common/shared/Compiler-sun.gmk ! make/common/shared/Defs-utils.gmk ! make/common/shared/Defs.gmk ! make/javax/xa/Makefile ! make/jprt.config ! make/org/omg/CORBA/Makefile ! src/share/classes/org/omg/CORBA/ir.idl ! src/share/classes/org/omg/DynamicAny/DynamicAny.idl Changeset: 3174f87bcd7c Author: xdono Date: 2009-03-09 13:33 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/3174f87bcd7c Merge Changeset: c471ac1a1770 Author: tbell Date: 2009-03-09 23:36 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/c471ac1a1770 Merge From tim.bell at sun.com Sun Mar 15 10:23:51 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 15 Mar 2009 17:23:51 +0000 Subject: [security-dev 00689]: hg: jdk7/tl/hotspot: 5 new changesets Message-ID: <20090315172403.936C8EF88@hg.openjdk.java.net> Changeset: 69c752d99841 Author: ohair Date: 2009-01-31 17:19 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/69c752d99841 6799141: Build with --hash-style=both so that binaries can work on SuSE 10 Reviewed-by: tbell ! make/linux/makefiles/gcc.make Changeset: f9d5cfc2afa2 Author: xdono Date: 2009-02-27 15:13 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/f9d5cfc2afa2 Merge Changeset: f5eac45b1641 Author: xdono Date: 2009-03-09 11:43 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/f5eac45b1641 Merge Changeset: 0fbdb4381b99 Author: xdono Date: 2009-03-09 13:28 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/0fbdb4381b99 6814575: Update copyright year Summary: Update copyright for files that have been modified in 2009, up to 03/09 Reviewed-by: katleman, tbell, ohair ! agent/src/os/linux/ps_core.c ! agent/src/os/solaris/proc/saproc.cpp ! make/hotspot_version ! make/linux/makefiles/adlc.make ! make/linux/makefiles/gcc.make ! make/solaris/makefiles/adlc.make ! src/cpu/sparc/vm/jni_sparc.h ! src/cpu/sparc/vm/sparc.ad ! src/cpu/x86/vm/assembler_x86.cpp ! src/cpu/x86/vm/bytecodeInterpreter_x86.inline.hpp ! src/cpu/x86/vm/c1_LIRAssembler_x86.cpp ! src/cpu/x86/vm/c1_Runtime1_x86.cpp ! src/cpu/x86/vm/cppInterpreter_x86.cpp ! src/cpu/x86/vm/frame_x86.inline.hpp ! src/cpu/x86/vm/interp_masm_x86_32.cpp ! src/cpu/x86/vm/interp_masm_x86_32.hpp ! src/cpu/x86/vm/interp_masm_x86_64.cpp ! src/cpu/x86/vm/interpreterRT_x86_32.cpp ! src/cpu/x86/vm/jni_x86.h ! src/cpu/x86/vm/runtime_x86_32.cpp ! src/cpu/x86/vm/sharedRuntime_x86_32.cpp ! src/cpu/x86/vm/sharedRuntime_x86_64.cpp ! src/cpu/x86/vm/stubGenerator_x86_32.cpp ! src/cpu/x86/vm/stubGenerator_x86_64.cpp ! src/cpu/x86/vm/templateInterpreter_x86_32.cpp ! src/cpu/x86/vm/templateTable_x86_32.cpp ! src/cpu/x86/vm/x86_32.ad ! src/cpu/x86/vm/x86_64.ad ! src/os/linux/vm/os_linux.cpp ! src/os/solaris/vm/os_solaris.cpp ! src/os/windows/vm/os_windows.cpp ! src/os_cpu/linux_x86/vm/os_linux_x86.cpp ! src/os_cpu/solaris_x86/vm/os_solaris_x86.cpp ! src/os_cpu/solaris_x86/vm/solaris_x86_32.il ! src/os_cpu/solaris_x86/vm/solaris_x86_64.il ! src/share/vm/adlc/adlparse.cpp ! src/share/vm/adlc/adlparse.hpp ! src/share/vm/adlc/archDesc.cpp ! src/share/vm/adlc/dfa.cpp ! src/share/vm/adlc/dict2.cpp ! src/share/vm/adlc/filebuff.hpp ! src/share/vm/adlc/forms.cpp ! src/share/vm/adlc/formssel.cpp ! src/share/vm/asm/codeBuffer.cpp ! src/share/vm/c1/c1_LIRGenerator.cpp ! src/share/vm/c1/c1_Optimizer.cpp ! src/share/vm/c1/c1_Runtime1.cpp ! src/share/vm/classfile/classFileParser.cpp ! src/share/vm/classfile/javaClasses.cpp ! src/share/vm/classfile/javaClasses.hpp ! src/share/vm/classfile/systemDictionary.cpp ! src/share/vm/classfile/systemDictionary.hpp ! src/share/vm/classfile/vmSymbols.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp ! src/share/vm/gc_implementation/g1/collectionSetChooser.hpp ! src/share/vm/gc_implementation/g1/concurrentG1Refine.hpp ! src/share/vm/gc_implementation/g1/concurrentMark.hpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.hpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.inline.hpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.hpp ! src/share/vm/gc_implementation/g1/g1MMUTracker.hpp ! src/share/vm/gc_implementation/g1/g1OopClosures.hpp ! src/share/vm/gc_implementation/g1/g1RemSet.cpp ! src/share/vm/gc_implementation/g1/g1RemSet.hpp ! src/share/vm/gc_implementation/g1/g1_globals.hpp ! src/share/vm/gc_implementation/g1/g1_specialized_oop_closures.hpp ! src/share/vm/gc_implementation/g1/heapRegion.hpp ! src/share/vm/gc_implementation/g1/heapRegionRemSet.cpp ! src/share/vm/gc_implementation/g1/heapRegionRemSet.hpp ! src/share/vm/gc_implementation/g1/heapRegionSeq.cpp ! src/share/vm/gc_implementation/g1/ptrQueue.hpp ! src/share/vm/gc_implementation/g1/sparsePRT.hpp ! src/share/vm/gc_implementation/g1/survRateGroup.cpp ! src/share/vm/gc_implementation/g1/survRateGroup.hpp ! src/share/vm/gc_implementation/includeDB_gc_concurrentMarkSweep ! src/share/vm/gc_implementation/includeDB_gc_g1 ! src/share/vm/gc_implementation/includeDB_gc_parallelScavenge ! src/share/vm/gc_implementation/includeDB_gc_shared ! src/share/vm/gc_implementation/parNew/parGCAllocBuffer.cpp ! src/share/vm/gc_implementation/parNew/parNewGeneration.cpp ! src/share/vm/gc_implementation/parNew/parNewGeneration.hpp ! src/share/vm/gc_implementation/parallelScavenge/parallelScavengeHeap.hpp ! src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.cpp ! src/share/vm/gc_implementation/parallelScavenge/psMarkSweepDecorator.cpp ! src/share/vm/gc_implementation/parallelScavenge/psOldGen.cpp ! src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp ! src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.hpp ! src/share/vm/gc_implementation/parallelScavenge/psPromotionManager.cpp ! src/share/vm/gc_implementation/parallelScavenge/psScavenge.cpp ! src/share/vm/gc_implementation/parallelScavenge/psVirtualspace.cpp ! src/share/vm/gc_implementation/parallelScavenge/psVirtualspace.hpp ! src/share/vm/gc_implementation/parallelScavenge/psYoungGen.cpp ! src/share/vm/gc_implementation/shared/ageTable.cpp ! src/share/vm/gc_implementation/shared/ageTable.hpp ! src/share/vm/gc_implementation/shared/mutableNUMASpace.cpp ! src/share/vm/gc_implementation/shared/mutableNUMASpace.hpp ! src/share/vm/gc_implementation/shared/mutableSpace.cpp ! src/share/vm/gc_implementation/shared/mutableSpace.hpp ! src/share/vm/gc_interface/collectedHeap.cpp ! src/share/vm/gc_interface/collectedHeap.hpp ! src/share/vm/gc_interface/collectedHeap.inline.hpp ! src/share/vm/includeDB_compiler2 ! src/share/vm/includeDB_core ! src/share/vm/includeDB_features ! src/share/vm/includeDB_gc ! src/share/vm/interpreter/bytecodeInterpreter.cpp ! src/share/vm/interpreter/bytecodeInterpreter.hpp ! src/share/vm/interpreter/rewriter.cpp ! src/share/vm/libadt/dict.cpp ! src/share/vm/libadt/port.hpp ! src/share/vm/memory/cardTableModRefBS.cpp ! src/share/vm/memory/cardTableModRefBS.hpp ! src/share/vm/memory/genCollectedHeap.cpp ! src/share/vm/memory/genCollectedHeap.hpp ! src/share/vm/memory/generation.cpp ! src/share/vm/memory/generation.hpp ! src/share/vm/memory/heapInspection.cpp ! src/share/vm/memory/oopFactory.cpp ! src/share/vm/memory/oopFactory.hpp ! src/share/vm/memory/permGen.cpp ! src/share/vm/memory/referenceProcessor.cpp ! src/share/vm/memory/sharedHeap.cpp ! src/share/vm/memory/sharedHeap.hpp ! src/share/vm/memory/space.cpp ! src/share/vm/memory/space.hpp ! src/share/vm/memory/tenuredGeneration.cpp ! src/share/vm/memory/threadLocalAllocBuffer.cpp ! src/share/vm/memory/universe.cpp ! src/share/vm/memory/universe.hpp ! src/share/vm/oops/arrayOop.hpp ! src/share/vm/oops/constMethodKlass.cpp ! src/share/vm/oops/constMethodKlass.hpp ! src/share/vm/oops/constMethodOop.hpp ! src/share/vm/oops/constantPoolKlass.cpp ! src/share/vm/oops/constantPoolKlass.hpp ! src/share/vm/oops/constantPoolOop.cpp ! src/share/vm/oops/constantPoolOop.hpp ! src/share/vm/oops/cpCacheKlass.cpp ! src/share/vm/oops/cpCacheKlass.hpp ! src/share/vm/oops/cpCacheOop.hpp ! src/share/vm/oops/klass.hpp ! src/share/vm/oops/methodOop.cpp ! src/share/vm/oops/methodOop.hpp ! src/share/vm/oops/oop.hpp ! src/share/vm/oops/oop.inline.hpp ! src/share/vm/oops/oopsHierarchy.hpp ! src/share/vm/oops/typeArrayKlass.cpp ! src/share/vm/oops/typeArrayKlass.hpp ! src/share/vm/opto/block.cpp ! src/share/vm/opto/c2_globals.hpp ! src/share/vm/opto/cfgnode.cpp ! src/share/vm/opto/chaitin.cpp ! src/share/vm/opto/chaitin.hpp ! src/share/vm/opto/classes.hpp ! src/share/vm/opto/compile.cpp ! src/share/vm/opto/gcm.cpp ! src/share/vm/opto/graphKit.cpp ! src/share/vm/opto/graphKit.hpp ! src/share/vm/opto/idealGraphPrinter.cpp ! src/share/vm/opto/ifg.cpp ! src/share/vm/opto/lcm.cpp ! src/share/vm/opto/live.cpp ! src/share/vm/opto/loopnode.cpp ! src/share/vm/opto/macro.cpp ! src/share/vm/opto/matcher.cpp ! src/share/vm/opto/memnode.cpp ! src/share/vm/opto/memnode.hpp ! src/share/vm/opto/reg_split.cpp ! src/share/vm/opto/superword.cpp ! src/share/vm/opto/type.cpp ! src/share/vm/opto/type.hpp ! src/share/vm/opto/vectornode.cpp ! src/share/vm/prims/jni.cpp ! src/share/vm/prims/jvm.cpp ! src/share/vm/prims/jvmtiRedefineClasses.cpp ! src/share/vm/prims/jvmtiTagMap.cpp ! src/share/vm/runtime/arguments.cpp ! src/share/vm/runtime/arguments.hpp ! src/share/vm/runtime/globals.hpp ! src/share/vm/runtime/javaCalls.cpp ! src/share/vm/runtime/memprofiler.cpp ! src/share/vm/runtime/os.cpp ! src/share/vm/runtime/os.hpp ! src/share/vm/runtime/safepoint.cpp ! src/share/vm/runtime/sharedRuntime.cpp ! src/share/vm/runtime/synchronizer.cpp ! src/share/vm/services/heapDumper.cpp ! src/share/vm/services/management.cpp ! src/share/vm/utilities/globalDefinitions_gcc.hpp ! src/share/vm/utilities/globalDefinitions_sparcWorks.hpp ! src/share/vm/utilities/ostream.cpp ! src/share/vm/utilities/taskqueue.cpp ! src/share/vm/utilities/taskqueue.hpp ! src/share/vm/utilities/vmError.cpp ! src/share/vm/utilities/vmError.hpp ! src/share/vm/utilities/workgroup.hpp ! test/Makefile ! test/compiler/6757316/Test6757316.java ! test/compiler/6758234/Test6758234.java ! test/compiler/6775880/Test.java ! test/compiler/6778657/Test.java Changeset: ce2272390558 Author: xdono Date: 2009-03-09 13:34 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/ce2272390558 Merge From tim.bell at sun.com Sun Mar 15 10:27:11 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 15 Mar 2009 17:27:11 +0000 Subject: [security-dev 00690]: hg: jdk7/tl/jaxp: 2 new changesets Message-ID: <20090315172715.64A38EF8D@hg.openjdk.java.net> Changeset: 6698e1f801df Author: xdono Date: 2009-03-09 13:28 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jaxp/rev/6698e1f801df 6814575: Update copyright year Summary: Update copyright for files that have been modified in 2009, up to 03/09 Reviewed-by: katleman, tbell, ohair ! make/Makefile Changeset: ae890d80d5df Author: xdono Date: 2009-03-09 13:34 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jaxp/rev/ae890d80d5df Merge From tim.bell at sun.com Sun Mar 15 10:30:19 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 15 Mar 2009 17:30:19 +0000 Subject: [security-dev 00691]: hg: jdk7/tl/jaxws: 2 new changesets Message-ID: <20090315173022.8B7DAEF92@hg.openjdk.java.net> Changeset: d1525894c1a8 Author: xdono Date: 2009-03-09 13:28 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jaxws/rev/d1525894c1a8 6814575: Update copyright year Summary: Update copyright for files that have been modified in 2009, up to 03/09 Reviewed-by: katleman, tbell, ohair ! make/Makefile Changeset: 41a66a42791b Author: xdono Date: 2009-03-09 13:34 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jaxws/rev/41a66a42791b Merge From tim.bell at sun.com Sun Mar 15 10:34:18 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 15 Mar 2009 17:34:18 +0000 Subject: [security-dev 00692]: hg: jdk7/tl/jdk: 9 new changesets Message-ID: <20090315173626.2195CEF97@hg.openjdk.java.net> Changeset: 30bf00392b6d Author: ohair Date: 2009-01-31 17:31 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/30bf00392b6d 6799141: Build with --hash-style=both so that binaries can work on SuSE 10 Reviewed-by: tbell ! make/common/Defs-linux.gmk ! make/common/shared/Compiler-gcc.gmk ! make/common/shared/Compiler-msvc.gmk ! make/common/shared/Compiler-sun.gmk + make/common/shared/Defs-versions.gmk ! make/common/shared/Defs-windows.gmk ! make/common/shared/Defs.gmk ! make/common/shared/Platform.gmk ! make/common/shared/Sanity-Settings.gmk ! make/common/shared/Sanity.gmk Changeset: dfb5a9a71c1c Author: xdono Date: 2009-02-27 15:13 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dfb5a9a71c1c Merge - make/javax/sound/jsoundhs/FILES.gmk - make/javax/sound/jsoundhs/Makefile - make/javax/sound/jsoundhs/mapfile-vers - src/share/classes/com/sun/beans/ObjectHandler.java - src/share/lib/audio/soundbank.gm - src/windows/native/sun/windows/UnicowsLoader.cpp - src/windows/native/sun/windows/UnicowsLoader.h - src/windows/native/sun/windows/awt_MMStub.cpp - src/windows/native/sun/windows/awt_MMStub.h - src/windows/native/sun/windows/awt_Multimon.h - src/windows/native/sun/windows/awt_Unicode.cpp - src/windows/native/sun/windows/awt_Unicode.h - src/windows/native/sun/windows/awt_dlls.cpp - src/windows/native/sun/windows/awt_dlls.h Changeset: d71e3cc6c4e7 Author: xdono Date: 2009-02-27 15:55 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d71e3cc6c4e7 Merge - src/solaris/classes/sun/nio/ch/FileDispatcher.java - src/solaris/native/sun/nio/ch/FileDispatcher.c - src/windows/classes/sun/nio/ch/FileDispatcher.java - src/windows/native/sun/nio/ch/FileDispatcher.c Changeset: abfccc052872 Author: xdono Date: 2009-03-03 15:21 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/abfccc052872 Merge Changeset: 83c0526fb9c9 Author: xdono Date: 2009-03-09 11:43 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/83c0526fb9c9 Merge Changeset: ca0976a15868 Author: xdono Date: 2009-03-09 13:29 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ca0976a15868 6814575: Update copyright year Summary: Update copyright for files that have been modified in 2009, up to 03/09 Reviewed-by: katleman, tbell, ohair ! src/share/classes/java/lang/Thread.java ! src/share/classes/java/util/regex/Matcher.java ! src/share/classes/java/util/regex/Pattern.java ! src/share/classes/sun/security/krb5/Realm.java ! src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java ! src/share/native/java/util/zip/zip_util.c ! src/share/native/java/util/zip/zip_util.h ! src/solaris/native/java/net/NetworkInterface.c Changeset: b1e3e3b8e6b2 Author: xdono Date: 2009-03-09 13:34 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b1e3e3b8e6b2 Merge Changeset: 175504cc095d Author: tbell Date: 2009-03-09 23:37 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/175504cc095d Merge Changeset: c2ca4a97ba86 Author: tbell Date: 2009-03-13 15:26 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c2ca4a97ba86 Merge - src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java From tim.bell at sun.com Sun Mar 15 10:39:46 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 15 Mar 2009 17:39:46 +0000 Subject: [security-dev 00693]: hg: jdk7/tl/langtools: 3 new changesets Message-ID: <20090315173953.29109EF9C@hg.openjdk.java.net> Changeset: 03bcd66bd8e7 Author: xdono Date: 2009-03-09 13:29 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/03bcd66bd8e7 6814575: Update copyright year Summary: Update copyright for files that have been modified in 2009, up to 03/09 Reviewed-by: katleman, tbell, ohair ! make/build.properties ! make/build.xml ! make/netbeans/langtools/build.xml ! make/netbeans/langtools/nbproject/project.xml ! make/netbeans/langtools/nbproject/standard-context-menu-items.ent ! make/netbeans/langtools/nbproject/standard-ide-actions.ent ! make/tools/SelectTool/SelectToolTask.java ! src/share/classes/com/sun/tools/apt/comp/AnnotationProcessingError.java ! src/share/classes/com/sun/tools/apt/comp/Apt.java ! src/share/classes/com/sun/tools/apt/comp/UsageMessageNeededException.java ! src/share/classes/com/sun/tools/apt/main/JavaCompiler.java ! src/share/classes/com/sun/tools/apt/mirror/apt/RoundCompleteEventImpl.java ! src/share/classes/com/sun/tools/apt/mirror/declaration/AnnotationProxyMaker.java ! src/share/classes/com/sun/tools/apt/mirror/type/TypeVariableImpl.java ! src/share/classes/com/sun/tools/classfile/Annotation.java ! src/share/classes/com/sun/tools/classfile/AttributeException.java ! src/share/classes/com/sun/tools/classfile/Code_attribute.java ! src/share/classes/com/sun/tools/classfile/ConstantPool.java ! src/share/classes/com/sun/tools/classfile/ConstantPoolException.java ! src/share/classes/com/sun/tools/classfile/Descriptor.java ! src/share/classes/com/sun/tools/classfile/DescriptorException.java ! src/share/classes/com/sun/tools/classfile/StackMapTable_attribute.java ! src/share/classes/com/sun/tools/doclets/formats/html/ConfigurationImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/HtmlDocletWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/HtmlSerialFieldWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/PackageIndexWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/TagletOutputImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlDocWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlWriter.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/Configuration.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/SerializedFormWriter.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/builders/SerializedFormBuilder.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/doclet.xml ! src/share/classes/com/sun/tools/doclets/internal/toolkit/util/DocletAbortException.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/util/MessageRetriever.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/util/SourceToHTMLConverter.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/util/Util.java ! src/share/classes/com/sun/tools/javac/api/DiagnosticFormatter.java ! src/share/classes/com/sun/tools/javac/api/Messages.java ! src/share/classes/com/sun/tools/javac/code/Types.java ! src/share/classes/com/sun/tools/javac/comp/Attr.java ! src/share/classes/com/sun/tools/javac/comp/Check.java ! src/share/classes/com/sun/tools/javac/comp/Flow.java ! src/share/classes/com/sun/tools/javac/comp/Infer.java ! src/share/classes/com/sun/tools/javac/main/JavaCompiler.java ! src/share/classes/com/sun/tools/javac/main/Main.java ! src/share/classes/com/sun/tools/javac/main/OptionName.java ! src/share/classes/com/sun/tools/javac/main/RecognizedOptions.java ! src/share/classes/com/sun/tools/javac/parser/JavacParser.java ! src/share/classes/com/sun/tools/javac/processing/PrintingProcessor.java ! src/share/classes/com/sun/tools/javac/resources/compiler.properties ! src/share/classes/com/sun/tools/javac/resources/javac.properties ! src/share/classes/com/sun/tools/javac/tree/JCTree.java ! src/share/classes/com/sun/tools/javac/util/AbstractDiagnosticFormatter.java ! src/share/classes/com/sun/tools/javac/util/BasicDiagnosticFormatter.java ! src/share/classes/com/sun/tools/javac/util/LayoutCharacters.java ! src/share/classes/com/sun/tools/javac/util/Log.java ! src/share/classes/com/sun/tools/javac/util/RawDiagnosticFormatter.java ! src/share/classes/com/sun/tools/javadoc/ClassDocImpl.java ! src/share/classes/com/sun/tools/javadoc/Comment.java ! src/share/classes/com/sun/tools/javadoc/DocEnv.java ! src/share/classes/com/sun/tools/javadoc/DocImpl.java ! src/share/classes/com/sun/tools/javadoc/DocletInvoker.java ! src/share/classes/com/sun/tools/javadoc/ExecutableMemberDocImpl.java ! src/share/classes/com/sun/tools/javadoc/FieldDocImpl.java ! src/share/classes/com/sun/tools/javadoc/JavadocClassReader.java ! src/share/classes/com/sun/tools/javadoc/JavadocTool.java ! src/share/classes/com/sun/tools/javadoc/Messager.java ! src/share/classes/com/sun/tools/javadoc/PackageDocImpl.java ! src/share/classes/com/sun/tools/javadoc/RootDocImpl.java ! src/share/classes/com/sun/tools/javadoc/SourcePositionImpl.java ! src/share/classes/com/sun/tools/javadoc/TypeMaker.java ! src/share/classes/com/sun/tools/javah/Gen.java ! src/share/classes/com/sun/tools/javap/InternalError.java ! src/share/classes/sun/tools/javap/JavapPrinter.java ! test/tools/javac/6668794/badClass/Test.java ! test/tools/javac/cast/6558559/T6558559a.java ! test/tools/javac/cast/6558559/T6558559b.java ! test/tools/javac/cast/6665356/T6665356.java ! test/tools/javac/generics/6723444/T6723444.java ! test/tools/javac/generics/6729401/T6729401.java ! test/tools/javac/generics/rare/6665356/T6665356.java ! test/tools/javac/processing/model/testgetallmembers/Main.java ! test/tools/javadoc/6176978/T6176978.java ! test/tools/javadoc/6176978/X.java Changeset: 2c0076945b1a Author: xdono Date: 2009-03-09 13:34 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/2c0076945b1a Merge Changeset: 8c55d5b0ed71 Author: tbell Date: 2009-03-09 23:53 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/8c55d5b0ed71 Merge ! src/share/classes/com/sun/tools/doclets/formats/html/HtmlDocletWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/HtmlSerialFieldWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlDocWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlWriter.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/SerializedFormWriter.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/builders/SerializedFormBuilder.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/doclet.xml ! src/share/classes/com/sun/tools/javac/code/Types.java ! src/share/classes/com/sun/tools/javac/comp/Check.java ! src/share/classes/com/sun/tools/javac/resources/compiler.properties ! src/share/classes/com/sun/tools/javac/util/AbstractDiagnosticFormatter.java ! src/share/classes/com/sun/tools/javac/util/BasicDiagnosticFormatter.java ! src/share/classes/com/sun/tools/javac/util/RawDiagnosticFormatter.java From xuelei.fan at sun.com Mon Mar 16 21:02:13 2009 From: xuelei.fan at sun.com (xuelei.fan at sun.com) Date: Tue, 17 Mar 2009 04:02:13 +0000 Subject: [security-dev 00694]: hg: jdk7/tl/jdk: 6383095: CRL revoked certificate failures masked by OCSP failures Message-ID: <20090317040259.32AF1E0F3@hg.openjdk.java.net> Changeset: 181472dbbebb Author: xuelei Date: 2009-03-17 11:54 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/181472dbbebb 6383095: CRL revoked certificate failures masked by OCSP failures Summary: remove the mask if certificate revoked Reviewed-by: mullan ! src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java + test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java From tim.bell at sun.com Tue Mar 17 11:39:04 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 17 Mar 2009 18:39:04 +0000 Subject: [security-dev 00695]: hg: jdk7/tl/langtools: 6814592: Legal notice repair needed in langtools/test/tools/javap/T4884240.java Message-ID: <20090317183908.77818E11F@hg.openjdk.java.net> Changeset: 889ec3ddc91b Author: tbell Date: 2009-03-17 11:28 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/889ec3ddc91b 6814592: Legal notice repair needed in langtools/test/tools/javap/T4884240.java Reviewed-by: jjg ! test/tools/javap/T4884240.java From tim.bell at sun.com Tue Mar 17 13:28:37 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 17 Mar 2009 20:28:37 +0000 Subject: [security-dev 00696]: hg: jdk7/tl/jdk: 6814587: Legal notice repair needed in jdk/src/share/classes/java/nio; ... Message-ID: <20090317202907.7B549E126@hg.openjdk.java.net> Changeset: 171dc1779708 Author: tbell Date: 2009-03-17 13:20 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/171dc1779708 6814587: Legal notice repair needed in jdk/src/share/classes/java/nio 6814590: Legal notice repair needed in jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java 6814591: Legal notice repair needed in jdk/test/javax/script/Test3.java Reviewed-by: alanb, xdono ! src/share/classes/java/nio/file/SecureDirectoryStream.java ! src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java ! src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java ! test/java/awt/Frame/FrameSize/TestFrameSize.java ! test/javax/script/Test3.java From daniel.fuchs at sun.com Wed Mar 18 13:58:11 2009 From: daniel.fuchs at sun.com (daniel.fuchs at sun.com) Date: Wed, 18 Mar 2009 20:58:11 +0000 Subject: [security-dev 00697]: hg: jdk7/tl/jdk: 3 new changesets Message-ID: <20090318205909.A2694E1FF@hg.openjdk.java.net> Changeset: fa87de6b1ac3 Author: dfuchs Date: 2009-03-12 15:36 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/fa87de6b1ac3 6661448: Make the SNMP agent optional when OPENJDK=true and IMPORT_BINARY_PLUGS=false Reviewed-by: mchung, ohair ! make/com/sun/jmx/Makefile ! make/java/management/Makefile ! make/javax/management/Makefile ! make/sun/management/Makefile ! src/share/classes/sun/management/Agent.java ! test/com/sun/jmx/snmp/SnmpOidHashCode.java ! test/com/sun/jmx/snmp/TimeTicksWrapping.java Changeset: e90ce2ac06a8 Author: dfuchs Date: 2009-03-13 14:25 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e90ce2ac06a8 Merge - src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java Changeset: ef27484bbd7f Author: dfuchs Date: 2009-03-18 18:55 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ef27484bbd7f Merge From mandy.chung at sun.com Wed Mar 18 17:46:20 2009 From: mandy.chung at sun.com (mandy.chung at sun.com) Date: Thu, 19 Mar 2009 00:46:20 +0000 Subject: [security-dev 00698]: hg: jdk7/tl/jdk: 6817246: Redundant call to set InetAddressCachePolicy to FOREVER if not set during initialization Message-ID: <20090319004701.0C5DFE2E6@hg.openjdk.java.net> Changeset: 392cd358db5d Author: mchung Date: 2009-03-18 17:37 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/392cd358db5d 6817246: Redundant call to set InetAddressCachePolicy to FOREVER if not set during initialization Summary: Remove InetAddressCachePolicy.setIfNotSet call from System.setSecurityManager0 Reviewed-by: alanb, jccollet ! src/share/classes/java/lang/System.java From weijun.wang at sun.com Wed Mar 18 20:23:32 2009 From: weijun.wang at sun.com (weijun.wang at sun.com) Date: Thu, 19 Mar 2009 03:23:32 +0000 Subject: [security-dev 00699]: hg: jdk7/tl/jdk: 6819272: keytool -importcert should read the whole input Message-ID: <20090319032415.12C97E2EB@hg.openjdk.java.net> Changeset: 87acd36bd847 Author: weijun Date: 2009-03-19 11:17 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/87acd36bd847 6819272: keytool -importcert should read the whole input Reviewed-by: xuelei ! src/share/classes/sun/security/tools/KeyTool.java + test/sun/security/tools/keytool/importreadall.sh From bhavesh.patel at sun.com Thu Mar 19 19:06:58 2009 From: bhavesh.patel at sun.com (bhavesh.patel at sun.com) Date: Fri, 20 Mar 2009 02:06:58 +0000 Subject: [security-dev 00700]: hg: jdk7/tl/langtools: 6786688: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - Table must have captions and headers Message-ID: <20090320020659.A22F1E3B7@hg.openjdk.java.net> Changeset: edd944553131 Author: bpatel Date: 2009-03-19 19:00 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/edd944553131 6786688: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - Table must have captions and headers Reviewed-by: jjg ! src/share/classes/com/sun/tools/doclets/formats/html/AbstractMemberWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/AbstractPackageIndexWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/AnnotationTypeOptionalMemberWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/AnnotationTypeRequiredMemberWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/ClassUseWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/ConstantsSummaryWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/ConstructorWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/DeprecatedListWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/EnumConstantWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/FieldWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/HtmlDocletWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/MethodWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/NestedClassWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/PackageIndexFrameWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/PackageIndexWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/PackageUseWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/PackageWriterImpl.java ! src/share/classes/com/sun/tools/doclets/formats/html/StylesheetWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/SubWriterHolderWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlWriter.java ! src/share/classes/com/sun/tools/doclets/formats/html/resources/standard.properties ! src/share/classes/com/sun/tools/doclets/internal/toolkit/PackageSummaryWriter.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/builders/PackageSummaryBuilder.java ! src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/doclets.properties ! test/com/sun/javadoc/testHeadings/TestHeadings.java ! test/com/sun/javadoc/testHtmlStrongTag/TestHtmlStrongTag.java + test/com/sun/javadoc/testHtmlTableTags/TestHtmlTableTags.java + test/com/sun/javadoc/testHtmlTableTags/pkg1/C1.java + test/com/sun/javadoc/testHtmlTableTags/pkg1/I1.java + test/com/sun/javadoc/testHtmlTableTags/pkg1/package-info.java + test/com/sun/javadoc/testHtmlTableTags/pkg2/C2.java + test/com/sun/javadoc/testHtmlTableTags/pkg2/C3.java + test/com/sun/javadoc/testHtmlTableTags/pkg2/C4.java + test/com/sun/javadoc/testHtmlTableTags/pkg2/package-info.java ! test/com/sun/javadoc/testNewLanguageFeatures/TestNewLanguageFeatures.java ! test/com/sun/javadoc/testSummaryHeading/TestSummaryHeading.java From bhavesh.patel at sun.com Fri Mar 20 15:56:02 2009 From: bhavesh.patel at sun.com (bhavesh.patel at sun.com) Date: Fri, 20 Mar 2009 22:56:02 +0000 Subject: [security-dev 00701]: hg: jdk7/tl/langtools: 6820360: Fix for definition list tags nesting adds an extra list tag for package summary page. Message-ID: <20090320225604.44F93E62E@hg.openjdk.java.net> Changeset: b000f7c728ae Author: bpatel Date: 2009-03-20 15:50 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/b000f7c728ae 6820360: Fix for definition list tags nesting adds an extra list tag for package summary page. Reviewed-by: jjg ! src/share/classes/com/sun/tools/doclets/formats/html/HtmlDocletWriter.java ! test/com/sun/javadoc/testHtmlDefinitionListTag/TestHtmlDefinitionListTag.java + test/com/sun/javadoc/testHtmlDefinitionListTag/pkg1/package-info.java From xueming.shen at sun.com Fri Mar 20 17:47:54 2009 From: xueming.shen at sun.com (xueming.shen at sun.com) Date: Sat, 21 Mar 2009 00:47:54 +0000 Subject: [security-dev 00702]: hg: jdk7/tl/jdk: 2 new changesets Message-ID: <20090321004818.06899E639@hg.openjdk.java.net> Changeset: 3b6d7e15ccd9 Author: sherman Date: 2009-03-20 16:22 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3b6d7e15ccd9 6817475: named-capturing group name started with digit causes PSE exception Summary: Need accept the digit as the first char of the group name Reviewed-by: alanb ! src/share/classes/java/util/regex/Pattern.java ! test/java/util/regex/RegExTest.java Changeset: c6b37e92e387 Author: sherman Date: 2009-03-20 17:40 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c6b37e92e387 Merge ! src/share/classes/java/util/regex/Pattern.java - src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java From tim.bell at sun.com Sat Mar 21 17:22:09 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 22 Mar 2009 00:22:09 +0000 Subject: [security-dev 00703]: hg: jdk7/tl: Added tag jdk7-b51 for changeset 0f0189d55ce4 Message-ID: <20090322002209.AF9BAE679@hg.openjdk.java.net> Changeset: 4264c2fe6649 Author: xdono Date: 2009-03-19 13:25 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/rev/4264c2fe6649 Added tag jdk7-b51 for changeset 0f0189d55ce4 ! .hgtags From tim.bell at sun.com Sat Mar 21 17:25:12 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 22 Mar 2009 00:25:12 +0000 Subject: [security-dev 00704]: hg: jdk7/tl/corba: 4 new changesets Message-ID: <20090322002516.495DEE67E@hg.openjdk.java.net> Changeset: 53d5b45f73ab Author: ohair Date: 2009-03-11 14:38 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/53d5b45f73ab 6790292: BOOTDIR of jdk6 u12 will not work with jdk7 builds Reviewed-by: tbell ! make/common/Rules.gmk Changeset: 9c0cc0d0eca2 Author: ohair Date: 2009-03-11 17:31 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/9c0cc0d0eca2 6816311: Changes to allow builds with latest Windows SDK 6.1 on 64bit Windows 2003 Reviewed-by: tbell ! make/common/shared/Compiler-msvc.gmk ! make/common/shared/Defs-windows.gmk ! src/windows/resource/version.rc Changeset: 3eb8f1047a74 Author: xdono Date: 2009-03-16 16:18 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/3eb8f1047a74 Merge Changeset: bec82237d694 Author: xdono Date: 2009-03-19 13:25 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/bec82237d694 Added tag jdk7-b51 for changeset 3eb8f1047a74 ! .hgtags From tim.bell at sun.com Sat Mar 21 17:30:50 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 22 Mar 2009 00:30:50 +0000 Subject: [security-dev 00705]: hg: jdk7/tl/hotspot: 50 new changesets Message-ID: <20090322003226.303D1E683@hg.openjdk.java.net> Changeset: 9e5a6ed08fc9 Author: jmasa Date: 2009-02-17 15:35 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/9e5a6ed08fc9 6786346: intermittent Internal Error (src/share/vm/memory/cardTableModRefBS.cpp:226) Summary: Two assertions were incorrectly composed. Reviewed-by: tonyp ! src/share/vm/memory/cardTableModRefBS.cpp Changeset: a0576ae7045f Author: ysr Date: 2009-02-20 11:12 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/a0576ae7045f Merge Changeset: 5d75ab5f6698 Author: kvn Date: 2009-02-18 13:53 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/5d75ab5f6698 6807084: AutoBox elimination is broken with compressed oops Summary: Add checks for DecodeN nodes into AutoBox elimination code. Reviewed-by: never ! src/share/vm/opto/memnode.cpp Changeset: 49a36a80b0c7 Author: kvn Date: 2009-02-19 17:38 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/49a36a80b0c7 6802499: EA: assert(false,"unknown node on this path") Summary: Add missing checks for SCMemProj node in Escape analysis code. Reviewed-by: never ! src/share/vm/opto/escape.cpp ! src/share/vm/opto/macro.cpp Changeset: 22e09c0f4b47 Author: twisti Date: 2009-02-23 12:02 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/22e09c0f4b47 6808589: Merge vm_version_x86_{32,64}.{cpp,hpp} Summary: There is very much duplicated code in vm_version_x86_{32,64}.{cpp,hpp}. Refactoring these would help maintainability. Reviewed-by: kvn, never + src/cpu/x86/vm/vm_version_x86.cpp + src/cpu/x86/vm/vm_version_x86.hpp - src/cpu/x86/vm/vm_version_x86_32.cpp - src/cpu/x86/vm/vm_version_x86_32.hpp - src/cpu/x86/vm/vm_version_x86_64.cpp - src/cpu/x86/vm/vm_version_x86_64.hpp ! src/os_cpu/solaris_x86/vm/os_solaris_x86.cpp ! src/os_cpu/solaris_x86/vm/os_solaris_x86.hpp ! src/share/vm/includeDB_core Changeset: 6bea93606c11 Author: kvn Date: 2009-02-23 16:03 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/6bea93606c11 6791572: assert("duplicating node that's already been matched") Summary: Mark inputs for an address expression as shared if there are other uses besides address expressions. Reviewed-by: never ! src/share/vm/opto/matcher.cpp Changeset: e57b6f22d1f3 Author: kvn Date: 2009-02-24 09:53 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/e57b6f22d1f3 Merge - src/cpu/x86/vm/vm_version_x86_32.cpp - src/cpu/x86/vm/vm_version_x86_32.hpp - src/cpu/x86/vm/vm_version_x86_64.cpp - src/cpu/x86/vm/vm_version_x86_64.hpp Changeset: ef3b3df478b9 Author: trims Date: 2009-02-25 22:55 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/ef3b3df478b9 Merge - src/cpu/x86/vm/vm_version_x86_32.cpp - src/cpu/x86/vm/vm_version_x86_32.hpp - src/cpu/x86/vm/vm_version_x86_64.cpp - src/cpu/x86/vm/vm_version_x86_64.hpp Changeset: 01ddca3f0730 Author: jcoomes Date: 2009-02-09 13:47 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/01ddca3f0730 Merge Changeset: 3264b1424f72 Author: apangin Date: 2009-02-15 20:09 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/3264b1424f72 Merge Changeset: a53107650e8b Author: apangin Date: 2009-02-22 17:11 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/a53107650e8b Merge Changeset: 82e4d969e7cb Author: ikrylov Date: 2009-02-19 04:54 -0500 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/82e4d969e7cb 6806046: Hotspot build error when compiled from Visual Studio Summary: Define HOTSPOT_LIB_ARCH in the preprocessor flags of the generated projects Reviewed-by: kamg, xlu ! src/share/tools/MakeDeps/BuildConfig.java Changeset: 1b68c738c0d9 Author: apangin Date: 2009-02-22 17:21 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/1b68c738c0d9 Merge Changeset: 7898caac2071 Author: apangin Date: 2009-02-26 14:25 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/7898caac2071 Merge - src/cpu/x86/vm/vm_version_x86_32.cpp - src/cpu/x86/vm/vm_version_x86_32.hpp - src/cpu/x86/vm/vm_version_x86_64.cpp - src/cpu/x86/vm/vm_version_x86_64.hpp Changeset: 3698e8f47799 Author: tonyp Date: 2009-02-24 15:50 -0500 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/3698e8f47799 6804746: G1: guarantee(variance() > -1.0,"variance should be >= 0") (due to evacuation failure) Summary: Under certain circumstances (evacuation failure) the pause time is not communicated to the policy and, as a result, the pause time field is not initialized properly. Reviewed-by: jmasa ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.hpp Changeset: 83ef1482304c Author: jmasa Date: 2009-02-24 22:12 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/83ef1482304c 6806226: Signed integer overflow in growable array code causes JVM crash Summary: Workaround the overflow by doing the intermediate calculations in an unsigned variable. Reviewed-by: ysr, jcoomes ! src/share/vm/utilities/growableArray.cpp Changeset: 59150d6667e1 Author: jmasa Date: 2009-02-24 22:51 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/59150d6667e1 Merge Changeset: 1fa16c3565be Author: ysr Date: 2009-02-27 15:30 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/1fa16c3565be Merge Changeset: 0ad1cb407fa1 Author: never Date: 2009-02-25 10:53 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/0ad1cb407fa1 6805427: adlc compiler may generate incorrect machnode emission code Reviewed-by: kvn, twisti ! src/share/vm/adlc/formssel.cpp ! src/share/vm/adlc/formssel.hpp Changeset: 07d449658fc7 Author: never Date: 2009-02-25 14:36 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/07d449658fc7 6807963: need tool to make sense of LogCompilaton output Reviewed-by: kvn + src/share/tools/LogCompilation/Makefile + src/share/tools/LogCompilation/README + src/share/tools/LogCompilation/manifest.mf + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/BasicLogEvent.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/CallSite.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/Compilation.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/Constants.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/LogCleanupReader.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/LogCompilation.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/LogEvent.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/LogParser.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/MakeNotEntrantEvent.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/Method.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/NMethod.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/Phase.java + src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/UncommonTrapEvent.java Changeset: 523ded093c31 Author: kvn Date: 2009-02-26 14:26 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/523ded093c31 6809798: SafePointScalarObject node placed into incorrect block during GCM Summary: Replace the control edge of a pinned node before scheduling. Reviewed-by: never ! src/share/vm/opto/block.cpp ! src/share/vm/opto/block.hpp ! src/share/vm/opto/callnode.cpp ! src/share/vm/opto/callnode.hpp ! src/share/vm/opto/gcm.cpp ! src/share/vm/opto/macro.cpp Changeset: ed6404fac86b Author: never Date: 2009-02-26 16:57 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/ed6404fac86b 6810855: KILL vs. TEMP ordering restrictions are too strong Reviewed-by: kvn ! src/share/vm/adlc/formssel.cpp Changeset: dbbe28fc66b5 Author: twisti Date: 2009-02-27 03:35 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/dbbe28fc66b5 6778669: Patch from Red Hat -- fixes compilation errors Summary: Some fixes which are required to build on recent GCCs. Reviewed-by: never, kvn Contributed-by: langel at redhat.com ! make/linux/makefiles/adlc.make ! make/solaris/makefiles/adlc.make ! src/share/vm/adlc/adlc.hpp ! src/share/vm/adlc/adlparse.cpp ! src/share/vm/adlc/archDesc.cpp ! src/share/vm/adlc/dfa.cpp ! src/share/vm/adlc/filebuff.cpp ! src/share/vm/adlc/filebuff.hpp ! src/share/vm/adlc/forms.cpp ! src/share/vm/adlc/forms.hpp ! src/share/vm/adlc/formsopt.cpp ! src/share/vm/adlc/formsopt.hpp ! src/share/vm/adlc/formssel.cpp ! src/share/vm/adlc/formssel.hpp ! src/share/vm/adlc/main.cpp ! src/share/vm/adlc/output_c.cpp ! src/share/vm/adlc/output_h.cpp ! src/share/vm/includeDB_core ! src/share/vm/utilities/vmError.cpp ! src/share/vm/utilities/vmError.hpp Changeset: ec59443af135 Author: kvn Date: 2009-02-27 08:34 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/ec59443af135 6811267: Fix for 6809798 broke linux build Summary: Fix method's declaration. Reviewed-by: phh, twisti ! src/share/vm/opto/block.hpp Changeset: 98cb887364d3 Author: twisti Date: 2009-02-27 13:27 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/98cb887364d3 6810672: Comment typos Summary: I have collected some typos I have found while looking at the code. Reviewed-by: kvn, never ! src/cpu/sparc/vm/interp_masm_sparc.cpp ! src/cpu/sparc/vm/nativeInst_sparc.hpp ! src/cpu/sparc/vm/sparc.ad ! src/cpu/sparc/vm/templateTable_sparc.cpp ! src/cpu/x86/vm/c1_LIRGenerator_x86.cpp ! src/cpu/x86/vm/cppInterpreter_x86.cpp ! src/cpu/x86/vm/sharedRuntime_x86_64.cpp ! src/cpu/x86/vm/templateInterpreter_x86_64.cpp ! src/cpu/x86/vm/templateTable_x86_32.cpp ! src/cpu/x86/vm/templateTable_x86_64.cpp ! src/cpu/x86/vm/x86_32.ad ! src/cpu/x86/vm/x86_64.ad ! src/os/linux/launcher/java.c ! src/os/linux/launcher/java_md.h ! src/os/linux/vm/perfMemory_linux.cpp ! src/os/solaris/launcher/java.c ! src/os/solaris/launcher/java_md.h ! src/os/solaris/vm/perfMemory_solaris.cpp ! src/os/windows/vm/perfMemory_windows.cpp ! src/os_cpu/solaris_sparc/vm/os_solaris_sparc.cpp ! src/os_cpu/solaris_x86/vm/os_solaris_x86.cpp ! src/share/tools/MakeDeps/Database.java ! src/share/vm/adlc/Doc/Syntax.doc ! src/share/vm/adlc/adlparse.cpp ! src/share/vm/adlc/dict2.cpp ! src/share/vm/adlc/dict2.hpp ! src/share/vm/adlc/filebuff.cpp ! src/share/vm/adlc/filebuff.hpp ! src/share/vm/adlc/formssel.cpp ! src/share/vm/adlc/formssel.hpp ! src/share/vm/adlc/output_h.cpp ! src/share/vm/asm/assembler.cpp ! src/share/vm/asm/assembler.hpp ! src/share/vm/ci/ciTypeFlow.cpp ! src/share/vm/classfile/symbolTable.cpp ! src/share/vm/code/nmethod.cpp ! src/share/vm/code/nmethod.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/cmsAdaptiveSizePolicy.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/cmsGCAdaptivePolicyCounters.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/parallelScavenge/cardTableExtension.cpp ! src/share/vm/gc_implementation/parallelScavenge/objectStartArray.hpp ! src/share/vm/gc_implementation/parallelScavenge/prefetchQueue.hpp ! src/share/vm/gc_implementation/shared/mutableNUMASpace.cpp ! src/share/vm/interpreter/abstractInterpreter.hpp ! src/share/vm/interpreter/bytecodeInterpreter.cpp ! src/share/vm/interpreter/bytecodeInterpreter.inline.hpp ! src/share/vm/interpreter/cppInterpreter.hpp ! src/share/vm/interpreter/cppInterpreterGenerator.hpp ! src/share/vm/interpreter/interpreter.hpp ! src/share/vm/interpreter/interpreterGenerator.hpp ! src/share/vm/interpreter/templateInterpreter.hpp ! src/share/vm/interpreter/templateInterpreterGenerator.hpp ! src/share/vm/libadt/dict.cpp ! src/share/vm/libadt/dict.hpp ! src/share/vm/memory/filemap.cpp ! src/share/vm/memory/permGen.hpp ! src/share/vm/oops/generateOopMap.cpp ! src/share/vm/oops/generateOopMap.hpp ! src/share/vm/oops/instanceKlass.cpp ! src/share/vm/oops/klass.cpp ! src/share/vm/oops/klass.hpp ! src/share/vm/oops/methodOop.hpp ! src/share/vm/opto/block.cpp ! src/share/vm/opto/block.hpp ! src/share/vm/opto/buildOopMap.cpp ! src/share/vm/opto/cfgnode.cpp ! src/share/vm/opto/chaitin.cpp ! src/share/vm/opto/chaitin.hpp ! src/share/vm/opto/coalesce.cpp ! src/share/vm/opto/compile.cpp ! src/share/vm/opto/connode.cpp ! src/share/vm/opto/divnode.cpp ! src/share/vm/opto/domgraph.cpp ! src/share/vm/opto/escape.cpp ! src/share/vm/opto/gcm.cpp ! src/share/vm/opto/graphKit.cpp ! src/share/vm/opto/ifg.cpp ! src/share/vm/opto/ifnode.cpp ! src/share/vm/opto/library_call.cpp ! src/share/vm/opto/live.cpp ! src/share/vm/opto/locknode.cpp ! src/share/vm/opto/loopTransform.cpp ! src/share/vm/opto/loopUnswitch.cpp ! src/share/vm/opto/loopnode.cpp ! src/share/vm/opto/loopnode.hpp ! src/share/vm/opto/loopopts.cpp ! src/share/vm/opto/machnode.cpp ! src/share/vm/opto/macro.cpp ! src/share/vm/opto/matcher.cpp ! src/share/vm/opto/memnode.cpp ! src/share/vm/opto/memnode.hpp ! src/share/vm/opto/node.cpp ! src/share/vm/opto/node.hpp ! src/share/vm/opto/output.cpp ! src/share/vm/opto/parse.hpp ! src/share/vm/opto/parse1.cpp ! src/share/vm/opto/parse2.cpp ! src/share/vm/opto/phase.cpp ! src/share/vm/opto/phaseX.cpp ! src/share/vm/opto/postaloc.cpp ! src/share/vm/opto/reg_split.cpp ! src/share/vm/opto/runtime.cpp ! src/share/vm/opto/split_if.cpp ! src/share/vm/opto/superword.cpp ! src/share/vm/opto/superword.hpp ! src/share/vm/opto/type.cpp ! src/share/vm/prims/jvmtiRedefineClasses.cpp ! src/share/vm/runtime/extendedPC.hpp ! src/share/vm/runtime/fprofiler.cpp ! src/share/vm/runtime/frame.cpp ! src/share/vm/runtime/frame.inline.hpp ! src/share/vm/runtime/mutex.hpp ! src/share/vm/runtime/orderAccess.hpp ! src/share/vm/runtime/os.cpp ! src/share/vm/runtime/safepoint.cpp ! src/share/vm/runtime/signature.hpp ! src/share/vm/runtime/threadCritical.hpp ! src/share/vm/utilities/globalDefinitions.hpp Changeset: 19962e74284f Author: never Date: 2009-03-01 20:49 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/19962e74284f 6811384: MacroAssembler::serialize_memory may touch next page on amd64 Reviewed-by: kvn, phh, twisti ! src/cpu/x86/vm/assembler_x86.cpp Changeset: d8c7fa77a6dc Author: kvn Date: 2009-03-03 10:34 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/d8c7fa77a6dc Merge ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Changeset: 0386097d43d8 Author: dcubed Date: 2009-03-02 13:57 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/0386097d43d8 6700114: 3/4 Assertion (_thread->get_interp_only_mode() == 1,"leaving interp only when mode not one") Summary: Don't create JvmtiThreadState for an exiting JavaThread. Reviewed-by: coleenp, swamyv ! src/share/vm/prims/jvmtiThreadState.hpp Changeset: ea20d7ce26b0 Author: dcubed Date: 2009-03-02 14:00 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/ea20d7ce26b0 6800721: 3/4 JavaThread::jvmti_thread_state() and JvmtiThreadState::state_for() robustness Summary: Check for NULL return values from jvmti_thread_state() and state_for() and return a JVM TI error code as appropriate. Reviewed-by: coleenp, swamyv ! src/share/vm/prims/jvmtiEnv.cpp ! src/share/vm/prims/jvmtiEnvBase.cpp ! src/share/vm/prims/jvmtiEventController.cpp ! src/share/vm/prims/jvmtiExport.cpp ! src/share/vm/prims/jvmtiRedefineClasses.cpp ! src/share/vm/prims/jvmtiThreadState.hpp ! src/share/vm/runtime/thread.hpp Changeset: 70998f2e05ef Author: dcubed Date: 2009-03-02 14:03 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/70998f2e05ef 6805864: 4/3 Problem with jvmti->redefineClasses: some methods don't get redefined Summary: Remove incorrect optimization in klassItable::adjust_method_entries(). Add RedefineClasses() tracing support for obsolete method entry. Reviewed-by: acorn, swamyv ! src/cpu/sparc/vm/interp_masm_sparc.cpp ! src/cpu/sparc/vm/sharedRuntime_sparc.cpp ! src/cpu/x86/vm/interp_masm_x86_32.cpp ! src/cpu/x86/vm/interp_masm_x86_64.cpp ! src/cpu/x86/vm/sharedRuntime_x86_32.cpp ! src/cpu/x86/vm/sharedRuntime_x86_64.cpp ! src/share/vm/includeDB_core ! src/share/vm/oops/klassVtable.cpp ! src/share/vm/prims/jvmtiRedefineClassesTrace.hpp ! src/share/vm/runtime/sharedRuntime.cpp ! src/share/vm/runtime/sharedRuntime.hpp Changeset: 2f716c0acb64 Author: dcubed Date: 2009-03-02 14:05 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/2f716c0acb64 6567360: 3/4 SIGBUS in jvmti RawMonitor magic check for unaligned bad monitor pointer Summary: Change JvmtiEnvBase::is_valid() and JvmtiRawMonitor::is_valid() to fetch the _magic fields via Bytes::get_native_u[248](). Reviewed-by: coleenp, swamyv ! src/share/vm/prims/jvmtiEnvBase.cpp ! src/share/vm/prims/jvmtiEnvBase.hpp ! src/share/vm/prims/jvmtiImpl.cpp ! src/share/vm/prims/jvmtiImpl.hpp Changeset: afa80fa86d22 Author: dcubed Date: 2009-03-02 14:43 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/afa80fa86d22 Merge ! src/cpu/x86/vm/interp_masm_x86_32.cpp ! src/cpu/x86/vm/interp_masm_x86_64.cpp ! src/cpu/x86/vm/sharedRuntime_x86_32.cpp ! src/cpu/x86/vm/sharedRuntime_x86_64.cpp ! src/share/vm/includeDB_core ! src/share/vm/prims/jvmtiRedefineClasses.cpp ! src/share/vm/runtime/sharedRuntime.cpp Changeset: 5caef2219893 Author: dcubed Date: 2009-03-02 16:56 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/5caef2219893 Merge ! src/share/vm/includeDB_core Changeset: 3db67f76d308 Author: acorn Date: 2009-03-05 22:07 -0500 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/3db67f76d308 Merge ! src/cpu/sparc/vm/interp_masm_sparc.cpp ! src/cpu/x86/vm/sharedRuntime_x86_64.cpp ! src/share/vm/includeDB_core ! src/share/vm/prims/jvmtiRedefineClasses.cpp Changeset: c6c601a0f2d6 Author: ysr Date: 2009-03-02 16:37 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/c6c601a0f2d6 6797870: Add -XX:+{HeapDump,PrintClassHistogram}{Before,After}FullGC Summary: Call newly created CollectedHeap::dump_{pre,post}_full_gc before and after every stop-world full collection cycle on GenCollectedHeap and ParallelScavengeHeap. (Support for G1CollectedHeap forthcoming under CR 6810861.) Small modifications to existing heap dumping and class histogram implementation, especially to allow multiple on-the-fly histos/dumps by the VM thread during a single safepoint. Reviewed-by: jmasa, alanb, mchung ! src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.cpp ! src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp ! src/share/vm/gc_implementation/shared/vmGCOperations.cpp ! src/share/vm/gc_implementation/shared/vmGCOperations.hpp ! src/share/vm/gc_interface/collectedHeap.cpp ! src/share/vm/gc_interface/collectedHeap.hpp ! src/share/vm/includeDB_gc ! src/share/vm/memory/genCollectedHeap.cpp ! src/share/vm/memory/heapInspection.cpp ! src/share/vm/memory/heapInspection.hpp ! src/share/vm/runtime/globals.hpp ! src/share/vm/runtime/os.cpp ! src/share/vm/services/attachListener.cpp ! src/share/vm/services/heapDumper.cpp ! src/share/vm/services/heapDumper.hpp Changeset: 4f360ec815ba Author: iveresov Date: 2009-03-06 13:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/4f360ec815ba 6720309: G1: don't synchronously update RSet during evacuation pauses 6720334: G1: don't update RSets of collection set regions during an evacuation pause Summary: Introduced a deferred update mechanism for delaying the rset updates during the collection pause Reviewed-by: apetrusenko, tonyp ! src/share/vm/gc_implementation/g1/concurrentG1RefineThread.cpp ! src/share/vm/gc_implementation/g1/dirtyCardQueue.cpp ! src/share/vm/gc_implementation/g1/dirtyCardQueue.hpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.hpp ! src/share/vm/gc_implementation/g1/g1RemSet.cpp ! src/share/vm/gc_implementation/g1/g1RemSet.hpp ! src/share/vm/gc_implementation/g1/g1RemSet.inline.hpp ! src/share/vm/gc_implementation/g1/g1_globals.hpp ! src/share/vm/gc_implementation/g1/ptrQueue.cpp ! src/share/vm/gc_implementation/g1/ptrQueue.hpp ! src/share/vm/memory/cardTableModRefBS.cpp ! src/share/vm/memory/cardTableModRefBS.hpp Changeset: 0db4adb6e914 Author: tonyp Date: 2009-03-07 11:07 -0500 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/0db4adb6e914 6810698: G1: two small bugs in the sparse remembered sets Summary: The _expanded flag of the sparse RSets is not reset and this can leave a RSet in an inconsistent state if it is expanded more than once. Also, we should be iterating over the _cur, instead of the _next, sparse table Reviewed-by: apetrusenko, iveresov ! src/share/vm/gc_implementation/g1/sparsePRT.cpp ! src/share/vm/gc_implementation/g1/sparsePRT.hpp Changeset: ae1579717a57 Author: tonyp Date: 2009-03-07 11:07 -0500 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/ae1579717a57 6812428: G1: Error: assert(ret || obj_in_cs(obj),"sanity") Summary: The length of the fast cset test vector is decided at the beginning of a GC, but more regions can be added during the GC. The simple fix is to set the length of the fast cset test vector to the max. Reviewed-by: iveresov ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Changeset: 7ea5ca260b28 Author: tonyp Date: 2009-03-07 11:07 -0500 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/7ea5ca260b28 6814467: G1: small fixes related to concurrent marking verboseness Summary: A few small fixes to remove some inconsistencies in the concurrent mark-related verbose GC output. Reviewed-by: jmasa ! src/share/vm/gc_implementation/g1/concurrentMark.cpp ! src/share/vm/gc_implementation/g1/concurrentMarkThread.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Changeset: bcedf688d882 Author: tonyp Date: 2009-03-09 11:32 -0400 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/bcedf688d882 Merge ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/runtime/os.cpp Changeset: 19f25e603e7b Author: kvn Date: 2009-03-03 18:25 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/19f25e603e7b 6812721: Block's frequency should not be NaN Summary: Set MIN_BLOCK_FREQUENCY block's frequency when calculated block's frequency is NaN Reviewed-by: never ! src/share/vm/opto/gcm.cpp Changeset: 56aae7be60d4 Author: jrose Date: 2009-03-04 09:58 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/56aae7be60d4 6812678: macro assembler needs delayed binding of a few constants (for 6655638) Summary: minor assembler enhancements preparing for method handles Reviewed-by: kvn ! src/cpu/sparc/vm/assembler_sparc.cpp ! src/cpu/sparc/vm/assembler_sparc.hpp ! src/cpu/sparc/vm/assembler_sparc.inline.hpp ! src/cpu/x86/vm/assembler_x86.cpp ! src/cpu/x86/vm/assembler_x86.hpp ! src/cpu/x86/vm/c1_LIRAssembler_x86.cpp ! src/cpu/x86/vm/cppInterpreter_x86.cpp ! src/cpu/x86/vm/interp_masm_x86_32.cpp ! src/cpu/x86/vm/interp_masm_x86_64.cpp ! src/cpu/x86/vm/templateInterpreter_x86_32.cpp ! src/cpu/x86/vm/templateInterpreter_x86_64.cpp ! src/cpu/x86/vm/templateTable_x86_32.cpp ! src/cpu/x86/vm/templateTable_x86_64.cpp ! src/cpu/x86/vm/x86_32.ad ! src/cpu/x86/vm/x86_64.ad ! src/share/vm/asm/assembler.cpp ! src/share/vm/asm/assembler.hpp Changeset: 9adddb8c0fc8 Author: jrose Date: 2009-03-06 21:36 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/9adddb8c0fc8 6812831: factor duplicated assembly code for megamorphic invokeinterface (for 6655638) Summary: Code in vtableStubs and templateTable moved into MacroAssembler. Reviewed-by: kvn ! src/cpu/sparc/vm/assembler_sparc.cpp ! src/cpu/sparc/vm/assembler_sparc.hpp ! src/cpu/sparc/vm/assembler_sparc.inline.hpp ! src/cpu/sparc/vm/vtableStubs_sparc.cpp ! src/cpu/x86/vm/assembler_x86.cpp ! src/cpu/x86/vm/assembler_x86.hpp ! src/cpu/x86/vm/templateTable_x86_32.cpp ! src/cpu/x86/vm/templateTable_x86_64.cpp ! src/cpu/x86/vm/vtableStubs_x86_32.cpp ! src/cpu/x86/vm/vtableStubs_x86_64.cpp Changeset: 337400e7a5dd Author: twisti Date: 2009-03-09 03:17 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/337400e7a5dd 6797305: Add LoadUB and LoadUI opcode class Summary: Add a LoadUB (unsigned byte) and LoadUI (unsigned int) opcode class so we have these load optimizations in the first place and do not need to handle them in the matcher. Reviewed-by: never, kvn ! src/cpu/sparc/vm/sparc.ad ! src/cpu/x86/vm/assembler_x86.cpp ! src/cpu/x86/vm/assembler_x86.hpp ! src/cpu/x86/vm/x86_32.ad ! src/cpu/x86/vm/x86_64.ad ! src/share/vm/adlc/forms.cpp ! src/share/vm/adlc/forms.hpp ! src/share/vm/adlc/formssel.cpp ! src/share/vm/adlc/output_c.cpp ! src/share/vm/opto/classes.hpp ! src/share/vm/opto/compile.cpp ! src/share/vm/opto/memnode.cpp ! src/share/vm/opto/memnode.hpp ! src/share/vm/opto/mulnode.cpp ! src/share/vm/opto/type.cpp ! src/share/vm/opto/type.hpp + test/compiler/6797305/Test6797305.java Changeset: 2f2f54ed12ce Author: kvn Date: 2009-03-10 08:52 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/2f2f54ed12ce Merge ! src/cpu/x86/vm/interp_masm_x86_32.cpp ! src/cpu/x86/vm/interp_masm_x86_64.cpp Changeset: 87fa6e083d82 Author: apetrusenko Date: 2009-03-10 00:47 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/87fa6e083d82 6760309: G1: update remembered sets during Full GCs Reviewed-by: iveresov, tonyp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1RemSet.cpp ! src/share/vm/gc_implementation/g1/g1RemSet.hpp ! src/share/vm/gc_implementation/g1/g1RemSet.inline.hpp ! src/share/vm/gc_implementation/g1/heapRegion.hpp Changeset: fcf566137dbf Author: tonyp Date: 2009-03-12 11:34 -0400 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/fcf566137dbf Merge Changeset: 7bb995fbd3c0 Author: trims Date: 2009-03-12 18:16 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/7bb995fbd3c0 Merge ! make/linux/makefiles/adlc.make ! make/solaris/makefiles/adlc.make ! src/cpu/sparc/vm/sparc.ad ! src/cpu/x86/vm/assembler_x86.cpp ! src/cpu/x86/vm/c1_LIRAssembler_x86.cpp ! src/cpu/x86/vm/cppInterpreter_x86.cpp ! src/cpu/x86/vm/interp_masm_x86_32.cpp ! src/cpu/x86/vm/interp_masm_x86_64.cpp ! src/cpu/x86/vm/sharedRuntime_x86_32.cpp ! src/cpu/x86/vm/sharedRuntime_x86_64.cpp ! src/cpu/x86/vm/templateInterpreter_x86_32.cpp ! src/cpu/x86/vm/templateTable_x86_32.cpp - src/cpu/x86/vm/vm_version_x86_32.cpp - src/cpu/x86/vm/vm_version_x86_32.hpp - src/cpu/x86/vm/vm_version_x86_64.cpp - src/cpu/x86/vm/vm_version_x86_64.hpp ! src/cpu/x86/vm/x86_32.ad ! src/cpu/x86/vm/x86_64.ad ! src/os_cpu/solaris_x86/vm/os_solaris_x86.cpp ! src/share/vm/adlc/adlparse.cpp ! src/share/vm/adlc/archDesc.cpp ! src/share/vm/adlc/dfa.cpp ! src/share/vm/adlc/dict2.cpp ! src/share/vm/adlc/filebuff.hpp ! src/share/vm/adlc/forms.cpp ! src/share/vm/adlc/formssel.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.hpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.hpp ! src/share/vm/gc_implementation/g1/g1RemSet.cpp ! src/share/vm/gc_implementation/g1/g1RemSet.hpp ! src/share/vm/gc_implementation/g1/g1_globals.hpp ! src/share/vm/gc_implementation/g1/heapRegion.hpp ! src/share/vm/gc_implementation/g1/ptrQueue.hpp ! src/share/vm/gc_implementation/g1/sparsePRT.hpp ! src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.cpp ! src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp ! src/share/vm/gc_implementation/shared/mutableNUMASpace.cpp ! src/share/vm/gc_interface/collectedHeap.cpp ! src/share/vm/gc_interface/collectedHeap.hpp ! src/share/vm/includeDB_core ! src/share/vm/includeDB_gc ! src/share/vm/interpreter/bytecodeInterpreter.cpp ! src/share/vm/libadt/dict.cpp ! src/share/vm/memory/cardTableModRefBS.cpp ! src/share/vm/memory/cardTableModRefBS.hpp ! src/share/vm/memory/genCollectedHeap.cpp ! src/share/vm/memory/heapInspection.cpp ! src/share/vm/oops/klass.hpp ! src/share/vm/oops/methodOop.hpp ! src/share/vm/opto/block.cpp ! src/share/vm/opto/cfgnode.cpp ! src/share/vm/opto/chaitin.cpp ! src/share/vm/opto/chaitin.hpp ! src/share/vm/opto/classes.hpp ! src/share/vm/opto/compile.cpp ! src/share/vm/opto/gcm.cpp ! src/share/vm/opto/graphKit.cpp ! src/share/vm/opto/ifg.cpp ! src/share/vm/opto/live.cpp ! src/share/vm/opto/loopnode.cpp ! src/share/vm/opto/macro.cpp ! src/share/vm/opto/matcher.cpp ! src/share/vm/opto/memnode.cpp ! src/share/vm/opto/memnode.hpp ! src/share/vm/opto/reg_split.cpp ! src/share/vm/opto/superword.cpp ! src/share/vm/opto/type.cpp ! src/share/vm/opto/type.hpp ! src/share/vm/prims/jvmtiRedefineClasses.cpp ! src/share/vm/runtime/globals.hpp ! src/share/vm/runtime/os.cpp ! src/share/vm/runtime/safepoint.cpp ! src/share/vm/runtime/sharedRuntime.cpp ! src/share/vm/services/heapDumper.cpp ! src/share/vm/utilities/vmError.cpp ! src/share/vm/utilities/vmError.hpp Changeset: 2581d90c6c9b Author: trims Date: 2009-03-12 18:17 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/2581d90c6c9b 6816970: Bump HS15 build number to 03 Summary: Update the HS15 Build number to 03 Reviewed-by: jcoomes ! make/hotspot_version Changeset: 1b1e8f1a4fe8 Author: xdono Date: 2009-03-19 13:25 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/1b1e8f1a4fe8 Added tag jdk7-b51 for changeset 2581d90c6c9b ! .hgtags From tim.bell at sun.com Sat Mar 21 17:38:19 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 22 Mar 2009 00:38:19 +0000 Subject: [security-dev 00706]: hg: jdk7/tl/jaxp: Added tag jdk7-b51 for changeset ae890d80d5df Message-ID: <20090322003821.8348CE688@hg.openjdk.java.net> Changeset: 69ad87dc25cb Author: xdono Date: 2009-03-19 13:25 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jaxp/rev/69ad87dc25cb Added tag jdk7-b51 for changeset ae890d80d5df ! .hgtags From tim.bell at sun.com Sat Mar 21 17:41:24 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 22 Mar 2009 00:41:24 +0000 Subject: [security-dev 00707]: hg: jdk7/tl/jaxws: Added tag jdk7-b51 for changeset 41a66a42791b Message-ID: <20090322004126.5BEA4E68D@hg.openjdk.java.net> Changeset: e646890d18b7 Author: xdono Date: 2009-03-19 13:25 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jaxws/rev/e646890d18b7 Added tag jdk7-b51 for changeset 41a66a42791b ! .hgtags From tim.bell at sun.com Sat Mar 21 17:44:43 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 22 Mar 2009 00:44:43 +0000 Subject: [security-dev 00708]: hg: jdk7/tl/jdk: 6 new changesets Message-ID: <20090322004554.E1213E692@hg.openjdk.java.net> Changeset: 711a9fb838d1 Author: ohair Date: 2009-03-16 11:24 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/711a9fb838d1 6816311: Changes to allow builds with latest Windows SDK 6.1 on 64bit Windows 2003 Summary: These changes create a preference for the newer 6.1 SDK on Windows. Reviewed-by: tbell ! make/common/Defs-windows.gmk ! make/common/shared/Compiler-gcc.gmk ! make/common/shared/Compiler-msvc.gmk ! make/common/shared/Compiler-sun.gmk ! make/common/shared/Defs-versions.gmk ! make/common/shared/Defs-windows.gmk ! make/common/shared/Sanity-Settings.gmk ! make/common/shared/Sanity.gmk ! src/windows/native/sun/windows/awt.rc ! src/windows/resource/version.rc Changeset: ece878b04159 Author: xdono Date: 2009-03-16 16:18 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ece878b04159 Merge Changeset: bdb4b0b28407 Author: ohair Date: 2009-03-17 13:44 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bdb4b0b28407 6818565: Regression with fix 6816311: COMPILER_VERSION -> REQUIRED_COMPILER_VERSION Reviewed-by: tbell - make/common/shared/Compiler.gmk ! make/common/shared/Defs-solaris.gmk ! make/common/shared/Defs.gmk Changeset: fea0898259ae Author: ohair Date: 2009-03-17 13:45 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/fea0898259ae Merge Changeset: bcbeadb4a5d7 Author: xdono Date: 2009-03-19 13:25 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bcbeadb4a5d7 Added tag jdk7-b51 for changeset fea0898259ae ! .hgtags Changeset: cc8ffb0fc1a4 Author: tbell Date: 2009-03-21 13:52 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/cc8ffb0fc1a4 Merge - src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java From tim.bell at sun.com Sat Mar 21 17:55:11 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Sun, 22 Mar 2009 00:55:11 +0000 Subject: [security-dev 00709]: hg: jdk7/tl/langtools: 2 new changesets Message-ID: <20090322005514.D174CE697@hg.openjdk.java.net> Changeset: 29329051d483 Author: xdono Date: 2009-03-19 13:25 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/29329051d483 Added tag jdk7-b51 for changeset 8c55d5b0ed71 ! .hgtags Changeset: 3bf905cb80e7 Author: tbell Date: 2009-03-21 13:53 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/3bf905cb80e7 Merge From weijun.wang at sun.com Mon Mar 23 02:12:40 2009 From: weijun.wang at sun.com (weijun.wang at sun.com) Date: Mon, 23 Mar 2009 09:12:40 +0000 Subject: [security-dev 00710]: hg: jdk7/tl/jdk: 6820606: keytool can generate serialno more randomly Message-ID: <20090323091259.B7ECAE6D6@hg.openjdk.java.net> Changeset: 74fe20f0e49b Author: weijun Date: 2009-03-23 17:05 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/74fe20f0e49b 6820606: keytool can generate serialno more randomly Reviewed-by: xuelei ! src/share/classes/sun/security/tools/KeyTool.java ! src/share/classes/sun/security/x509/CertAndKeyGen.java From xueming.shen at sun.com Mon Mar 23 09:39:58 2009 From: xueming.shen at sun.com (xueming.shen at sun.com) Date: Mon, 23 Mar 2009 16:39:58 +0000 Subject: [security-dev 00711]: hg: jdk7/tl/jdk: 2 new changesets Message-ID: <20090323164022.577B0E703@hg.openjdk.java.net> Changeset: 4faf788c4949 Author: sherman Date: 2009-03-23 09:19 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/4faf788c4949 6636323: Optimize handling of builtin charsets 6636319: Encoders should implement isLegalReplacement(byte[] repl) Summary: optimized new String(byte[], cs/csn) and String.getBytes(cs/csn) for speed and memory consumption in singlebyte case. Reviewed-by: alanb ! make/java/nio/FILES_java.gmk ! src/share/classes/java/lang/StringCoding.java + src/share/classes/sun/nio/cs/ArrayDecoder.java + src/share/classes/sun/nio/cs/ArrayEncoder.java ! src/share/classes/sun/nio/cs/ISO_8859_1.java ! src/share/classes/sun/nio/cs/SingleByte.java ! src/share/classes/sun/nio/cs/US_ASCII.java ! test/sun/nio/cs/FindEncoderBugs.java + test/sun/nio/cs/StrCodingBenchmark.java + test/sun/nio/cs/TestStringCoding.java Changeset: b9cc5da6c516 Author: sherman Date: 2009-03-23 09:34 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b9cc5da6c516 Merge From tim.bell at sun.com Mon Mar 23 20:41:43 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 24 Mar 2009 03:41:43 +0000 Subject: [security-dev 00712]: hg: jdk7/tl/corba: 2 new changesets Message-ID: <20090324034145.E0A24E7C5@hg.openjdk.java.net> Changeset: 126389a38e7d Author: tbell Date: 2009-03-23 17:43 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/126389a38e7d 6695776: corba jscheme jar files in repository could be built from source Summary: Forward port of changes from the 6-open train. Reviewed-by: darcy, ohair, tbell Contributed-by: Andrew John Hughes ! make/com/sun/corba/se/sources/Makefile ! make/sun/rmi/corbalogsources/Makefile ! make/tools/Makefile + make/tools/logutil/Makefile ! src/share/classes/com/sun/tools/corba/se/logutil/IndentingPrintWriter.java + src/share/classes/com/sun/tools/corba/se/logutil/Input.java + src/share/classes/com/sun/tools/corba/se/logutil/InputCode.java + src/share/classes/com/sun/tools/corba/se/logutil/InputException.java + src/share/classes/com/sun/tools/corba/se/logutil/MC.java - src/share/classes/com/sun/tools/corba/se/logutil/lib/jscheme.jar - src/share/classes/com/sun/tools/corba/se/logutil/lib/jschemelogutil.jar - src/share/classes/com/sun/tools/corba/se/logutil/scripts/mc - src/share/classes/com/sun/tools/corba/se/logutil/scripts/mc.scm - src/share/classes/com/sun/tools/corba/se/logutil/scripts/run Changeset: 61116c9789b9 Author: tbell Date: 2009-03-23 17:58 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/61116c9789b9 Merge From tim.bell at sun.com Mon Mar 23 20:45:12 2009 From: tim.bell at sun.com (tim.bell at sun.com) Date: Tue, 24 Mar 2009 03:45:12 +0000 Subject: [security-dev 00713]: hg: jdk7/tl/jdk: 2 new changesets Message-ID: <20090324034556.DDC3EE7D1@hg.openjdk.java.net> Changeset: 13cd6eb34cfa Author: tbell Date: 2009-03-23 17:43 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/13cd6eb34cfa 6695776: corba jscheme jar files in repository could be built from source Summary: Forward port of changes from the 6-open train. Reviewed-by: darcy, ohair, tbell Contributed-by: Andrew John Hughes ! THIRD_PARTY_README Changeset: 8306f3df15ff Author: tbell Date: 2009-03-23 17:57 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8306f3df15ff Merge - make/common/shared/Compiler.gmk From alan.bateman at sun.com Tue Mar 24 08:42:08 2009 From: alan.bateman at sun.com (alan.bateman at sun.com) Date: Tue, 24 Mar 2009 15:42:08 +0000 Subject: [security-dev 00714]: hg: jdk7/tl/jdk: 4 new changesets Message-ID: <20090324154328.5EC71E82A@hg.openjdk.java.net> Changeset: bccdcd761796 Author: alanb Date: 2009-03-24 14:03 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bccdcd761796 6819886: System.getProperty("os.name") reports Vista on Windows 7 Reviewed-by: sherman ! src/windows/native/java/lang/java_props_md.c Changeset: 4c3f752993a5 Author: alanb Date: 2009-03-24 14:05 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/4c3f752993a5 6807702: Integer.valueOf cache should be configurable Reviewed-by: darcy ! src/share/classes/java/lang/Integer.java ! src/share/classes/java/lang/Long.java ! src/share/classes/java/lang/System.java + test/java/lang/Integer/ValueOf.java Changeset: 78063cf930e5 Author: alanb Date: 2009-03-24 14:08 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/78063cf930e5 6819689: File.lastModified can return bogus value for remote file accessed as it is being deleted [win] Reviewed-by: sherman Contributed-by: andreas.frischknecht at softwired-inc.com ! src/windows/native/java/io/WinNTFileSystem_md.c Changeset: 52bdf8cec41d Author: alanb Date: 2009-03-24 14:10 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/52bdf8cec41d 6621689: (dc spec) DatagramChannel.receive when channel is not bound is not specified Reviewed-by: sherman ! src/share/classes/java/nio/channels/DatagramChannel.java ! src/share/classes/sun/nio/ch/DatagramChannelImpl.java ! test/java/nio/channels/DatagramChannel/NotBound.java From martinrb at google.com Wed Mar 25 01:15:34 2009 From: martinrb at google.com (martinrb at google.com) Date: Wed, 25 Mar 2009 08:15:34 +0000 Subject: [security-dev 00715]: hg: jdk7/tl/jdk: 6800572: Removing elements from views of NavigableMap implementations does not always work correctly. Message-ID: <20090325081613.D61D4E9B3@hg.openjdk.java.net> Changeset: 644849201ca6 Author: dl Date: 2009-03-24 19:42 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/644849201ca6 6800572: Removing elements from views of NavigableMap implementations does not always work correctly. Summary: Replace use of new TreeSet with new KeySet Reviewed-by: martin ! src/share/classes/java/util/TreeMap.java ! src/share/classes/java/util/concurrent/ConcurrentSkipListMap.java ! test/java/util/Collection/MOAT.java From maurizio.cimadamore at sun.com Wed Mar 25 03:41:29 2009 From: maurizio.cimadamore at sun.com (maurizio.cimadamore at sun.com) Date: Wed, 25 Mar 2009 10:41:29 +0000 Subject: [security-dev 00716]: hg: jdk7/tl/langtools: 3 new changesets Message-ID: <20090325104138.72FDEE9C9@hg.openjdk.java.net> Changeset: 5caa6c45936a Author: mcimadamore Date: 2009-03-25 10:28 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/5caa6c45936a 6182950: methods clash algorithm should not depend on return type Summary: fixed code that checks for duplicate method declarations Reviewed-by: jjg ! src/share/classes/com/sun/tools/javac/comp/Check.java + test/tools/javac/generics/6182950/T6182950a.java + test/tools/javac/generics/6182950/T6182950a.out + test/tools/javac/generics/6182950/T6182950b.java + test/tools/javac/generics/6182950/T6182950b.out + test/tools/javac/generics/6182950/T6182950c.java Changeset: 6ce39250fa88 Author: mcimadamore Date: 2009-03-25 10:28 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/6ce39250fa88 6816548: Uninitialized register when performing casting + auto(un)boxing Summary: Constant value of final variable is lost during lowering Reviewed-by: jjg ! src/share/classes/com/sun/tools/javac/comp/Lower.java + test/tools/javac/boxing/T6816548.java Changeset: 1ee128971f5d Author: mcimadamore Date: 2009-03-25 10:29 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/1ee128971f5d 6400189: raw types and inference Summary: Fixed resolution problem with raw overriding (CCC) Reviewed-by: jjg ! src/share/classes/com/sun/tools/javac/comp/Resolve.java + test/tools/javac/OverrideChecks/6400189/T6400189a.java + test/tools/javac/OverrideChecks/6400189/T6400189a.out + test/tools/javac/OverrideChecks/6400189/T6400189b.java + test/tools/javac/OverrideChecks/6400189/T6400189b.out + test/tools/javac/OverrideChecks/6400189/T6400189c.java + test/tools/javac/OverrideChecks/6400189/T6400189d.java From mandy.chung at sun.com Wed Mar 25 12:39:12 2009 From: mandy.chung at sun.com (mandy.chung at sun.com) Date: Wed, 25 Mar 2009 19:39:12 +0000 Subject: [security-dev 00717]: hg: jdk7/tl/jdk: 6819122: DefaultProxySelector should lazily initialize the Pattern object and the NonProxyInfo objects Message-ID: <20090325193940.AC6DEEA08@hg.openjdk.java.net> Changeset: 2dae30c4d687 Author: mchung Date: 2009-03-25 12:24 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2dae30c4d687 6819122: DefaultProxySelector should lazily initialize the Pattern object and the NonProxyInfo objects Summary: Move two static NonProxyInfo fields into NonProxyInfo class and instantiate Pattern object when needed Reviewed-by: jccollet ! src/share/classes/sun/net/spi/DefaultProxySelector.java From Mandy.Chung at Sun.COM Wed Mar 25 13:33:48 2009 From: Mandy.Chung at Sun.COM (Mandy Chung) Date: Wed, 25 Mar 2009 13:33:48 -0700 Subject: [security-dev 00718]: Review request for 6819110 Message-ID: <49CA952C.3000202@sun.com> 6819110: Lazily load Sun digest provider for jar verification Webrev at: http://cr.openjdk.java.net/~mchung/6819110/webrev.00/ Details: ManifestEntryVerifier's static initializer calls sun.security.jce.Providers.getSunProvider() that loads and initializes several security classes which are not nnecessarily needed when security manager is not enabled. The fix is to call Providers.getSunProvider() when instantiating the MessageDigest object. One question: Providers.getSunProvider() method is called by sun.security.util.ManifestEntryVerifier and java.security.SecureRandom. Two different Provider instances will be created if the SecureRandom is used by the application. Is there performance gain (CPU time and memory) that worths caching the provider object for both callers? Thanks Mandy From martinrb at google.com Thu Mar 26 15:09:22 2009 From: martinrb at google.com (martinrb at google.com) Date: Thu, 26 Mar 2009 22:09:22 +0000 Subject: [security-dev 00719]: hg: jdk7/tl/jdk: 6801020: Concurrent Semaphore release may cause some require thread not signaled Message-ID: <20090326220934.CF62DEABA@hg.openjdk.java.net> Changeset: 5303aece2068 Author: dl Date: 2009-03-26 11:59 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/5303aece2068 6801020: Concurrent Semaphore release may cause some require thread not signaled Summary: Introduce PROPAGATE waitStatus Reviewed-by: martin ! src/share/classes/java/util/concurrent/locks/AbstractQueuedLongSynchronizer.java ! src/share/classes/java/util/concurrent/locks/AbstractQueuedSynchronizer.java + test/java/util/concurrent/Semaphore/RacingReleases.java From Yu-Ching.Peng at Sun.COM Thu Mar 26 16:26:05 2009 From: Yu-Ching.Peng at Sun.COM (Valerie Peng) Date: Thu, 26 Mar 2009 16:26:05 -0700 Subject: [security-dev 00720]: Review 6604496: Support for CKM_AES_CTR (counter mode) Message-ID: <49CC0F0D.5020200@Sun.COM> Hi, Brad or Vinnie, Would either of you be able to review the changes for adding AES CTR mode support to SunPKCS11 provider? Webrev: http://cr.openjdk.java.net/~valeriep/6604496/webrev.00/ Thanks, Valerie From martinrb at google.com Thu Mar 26 17:43:42 2009 From: martinrb at google.com (martinrb at google.com) Date: Fri, 27 Mar 2009 00:43:42 +0000 Subject: [security-dev 00721]: hg: jdk7/tl/jdk: 6822903: Reliability and documentation improvements for ReentrantReadWriteLock Message-ID: <20090327004354.BD2EBEB1D@hg.openjdk.java.net> Changeset: 4a685f3f3ba8 Author: dl Date: 2009-03-26 17:39 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/4a685f3f3ba8 6822903: Reliability and documentation improvements for ReentrantReadWriteLock Summary: Make firstReader a Thread, not a long Reviewed-by: martin ! src/share/classes/java/util/concurrent/locks/ReentrantReadWriteLock.java From weijun.wang at sun.com Thu Mar 26 20:19:06 2009 From: weijun.wang at sun.com (weijun.wang at sun.com) Date: Fri, 27 Mar 2009 03:19:06 +0000 Subject: [security-dev 00722]: hg: jdk7/tl/jdk: 6802846: jarsigner needs enhanced cert validation(options) Message-ID: <20090327031937.B2D13EB5A@hg.openjdk.java.net> Changeset: b752110df530 Author: weijun Date: 2009-03-27 11:05 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b752110df530 6802846: jarsigner needs enhanced cert validation(options) Reviewed-by: xuelei ! src/share/classes/sun/security/tools/JarSigner.java ! src/share/classes/sun/security/tools/JarSignerResources.java ! src/share/classes/sun/security/tools/KeyTool.java + test/sun/security/tools/jarsigner/concise_jarsigner.sh From Weijun.Wang at Sun.COM Sun Mar 29 19:48:42 2009 From: Weijun.Wang at Sun.COM (Max (Weijun) Wang) Date: Mon, 30 Mar 2009 10:48:42 +0800 Subject: [security-dev 00723]: Re: Request for comment: How to enable credentials delegation in HTTP Negotiate? In-Reply-To: <492BA2BD.1070901@sun.com> References: <492BA2BD.1070901@sun.com> Message-ID: <9EA57781-0431-4F13-829D-0C36965588EE@sun.com> Ping again, any suggestions? Thanks Max On Nov 25, 2008, at 3:01 PM, Weijun Wang wrote: > Hi All > > The current implementation of HTTP Negotiate authentication has not > enabled credential delegation (it simply acquires a new one using > either > a cached TGT or username/password from Authenticator). This means that > in a multi-tier application, a middle tier cannot start an HTTP > request > (to the backend server) on behalf of the client. Currently, java.net.Authenticator can only authenticate using a username/password pair, but cannot use an established credential. > > I'm suggesting the following updates: > > 1. In java.net.Authenticator, add 2 methods > > protected GSSCredential getGSSCredential() { // To be overrided > return null; > } > public static GSSCredential requestGSSCredential() { > Authenticator a = theAuthenticator; > if (a == null) { > return null; > } else { > return a.getGSSCredential(); > } > } > > 2. In the implementation of the HTTP Negotiate auth scheme > (sun.net.www.protocol.http.NegotiatorImpl), > > GSSCredential deleg = Authenticator.requestGSSCredential(); > context = manager.createContext(serverName, > oid, > deleg, // this used to be null > GSSContext.DEFAULT_LIFETIME); > > Then, when an application developer is creating a GSS server that > wants > to start an HTTP request using a delegated credential, she can write: > > // establish the GSSContext > final GSSCredential deleg = context.getDelegCred(); > Authenticator.setDefault(new Authenticator() { > @Override > protected GSSCredential getGSSCredential() { > return deleg; > } > }); > new URL("http://somewhere").openConnection().getInputStream(); > > What's your comment? > > Thanks > Max > From Michael.McMahon at Sun.COM Mon Mar 30 09:47:36 2009 From: Michael.McMahon at Sun.COM (Michael McMahon) Date: Mon, 30 Mar 2009 17:47:36 +0100 Subject: [security-dev 00724]: Re: Request for comment: How to enable credentials delegation in HTTP Negotiate? In-Reply-To: <9EA57781-0431-4F13-829D-0C36965588EE@sun.com> References: <492BA2BD.1070901@sun.com> <9EA57781-0431-4F13-829D-0C36965588EE@sun.com> Message-ID: <49D0F7A8.9030104@sun.com> Max, One question. Would this mechanism work for any possible GSS security mechanism? In other words, is all the information you need encapsulated inside a single GSSCredential object? Also, java.net.Authenticator was designed very much for the original HTTP authentication schemes (Basic and Digest) which is why it has all these methods for getting the hostname, port, domain "prompt" string etc and NTLM more or less fits in with this API as well. So, this is a different way of doing it, where a pre-established credential is used instead of a user being prompted to provide a username and password based on the parameters supplied by the protocol. At the very least, there would have to be a way to distinguish between these two modes of operation. But I am wondering if a separate class might be more appropriate (GSSAuthenticator). So, HttpURLConnection could check if a GSSAuthenticator exists then it would probe that object for the credential. otherwise it would fall back to the existing approach One problem with extending Authenticator is that the plugin has a fixed Authenticator implementation, that only handles usernames and passwords, and it might not want to use this new mechanism. - Michael Max (Weijun) Wang wrote: > Ping again, any suggestions? > > Thanks > Max > > On Nov 25, 2008, at 3:01 PM, Weijun Wang wrote: > >> Hi All >> >> The current implementation of HTTP Negotiate authentication has not >> enabled credential delegation (it simply acquires a new one using either >> a cached TGT or username/password from Authenticator). This means that >> in a multi-tier application, a middle tier cannot start an HTTP request >> (to the backend server) on behalf of the client. > > Currently, java.net.Authenticator can only authenticate using a > username/password pair, but cannot use an established credential. > >> >> I'm suggesting the following updates: >> >> 1. In java.net.Authenticator, add 2 methods >> >> protected GSSCredential getGSSCredential() { // To be overrided >> return null; >> } >> public static GSSCredential requestGSSCredential() { >> Authenticator a = theAuthenticator; >> if (a == null) { >> return null; >> } else { >> return a.getGSSCredential(); >> } >> } >> >> 2. In the implementation of the HTTP Negotiate auth scheme >> (sun.net.www.protocol.http.NegotiatorImpl), >> >> GSSCredential deleg = Authenticator.requestGSSCredential(); >> context = manager.createContext(serverName, >> oid, >> deleg, // this used to be null >> GSSContext.DEFAULT_LIFETIME); >> >> Then, when an application developer is creating a GSS server that wants >> to start an HTTP request using a delegated credential, she can write: >> >> // establish the GSSContext >> final GSSCredential deleg = context.getDelegCred(); >> Authenticator.setDefault(new Authenticator() { >> @Override >> protected GSSCredential getGSSCredential() { >> return deleg; >> } >> }); >> new URL("http://somewhere").openConnection().getInputStream(); >> >> What's your comment? >> >> Thanks >> Max >> > From alan.bateman at sun.com Mon Mar 30 11:39:55 2009 From: alan.bateman at sun.com (alan.bateman at sun.com) Date: Mon, 30 Mar 2009 18:39:55 +0000 Subject: [security-dev 00725]: hg: jdk7/tl/jdk: 3 new changesets Message-ID: <20090330184131.24CBCECBC@hg.openjdk.java.net> Changeset: 7264cacbddaa Author: alanb Date: 2009-03-27 15:24 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7264cacbddaa 6693490: (se) select throws "File exists" IOException under load (lnx) Reviewed-by: sherman ! src/share/classes/sun/nio/ch/SelChImpl.java ! src/solaris/classes/sun/nio/ch/EPollArrayWrapper.java ! src/solaris/classes/sun/nio/ch/EPollSelectorImpl.java + test/java/nio/channels/Selector/RegAfterPreClose.java Changeset: 9fa8b6276b31 Author: alanb Date: 2009-03-27 16:04 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9fa8b6276b31 6772303: (se) IOException: Invalid argument" thrown on a call to Selector.select(value) with -d64 Reviewed-by: sherman ! src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c Changeset: ff0a9e50f033 Author: alanb Date: 2009-03-30 19:22 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ff0a9e50f033 Merge From jonathan.gibbons at sun.com Mon Mar 30 15:12:46 2009 From: jonathan.gibbons at sun.com (jonathan.gibbons at sun.com) Date: Mon, 30 Mar 2009 22:12:46 +0000 Subject: [security-dev 00726]: hg: jdk7/tl/langtools: 6819246: improve support for decoding instructions in classfile library Message-ID: <20090330221250.A7E48ECD0@hg.openjdk.java.net> Changeset: 07da2ffbb76b Author: jjg Date: 2009-03-30 15:08 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/07da2ffbb76b 6819246: improve support for decoding instructions in classfile library Reviewed-by: ksrini ! src/share/classes/com/sun/tools/classfile/Code_attribute.java + src/share/classes/com/sun/tools/classfile/Instruction.java - src/share/classes/com/sun/tools/classfile/OpCodes.java + src/share/classes/com/sun/tools/classfile/Opcode.java ! src/share/classes/com/sun/tools/javap/CodeWriter.java From Weijun.Wang at Sun.COM Mon Mar 30 21:32:42 2009 From: Weijun.Wang at Sun.COM (Max (Weijun) Wang) Date: Tue, 31 Mar 2009 12:32:42 +0800 Subject: [security-dev 00727]: Re: Request for comment: How to enable credentials delegation in HTTP Negotiate? In-Reply-To: <49D0F7A8.9030104@sun.com> References: <492BA2BD.1070901@sun.com> <9EA57781-0431-4F13-829D-0C36965588EE@sun.com> <49D0F7A8.9030104@sun.com> Message-ID: <5A54AB9B-A550-4C20-BD25-A914E4DFB46F@Sun.COM> On Mar 31, 2009, at 12:47 AM, Michael McMahon wrote: > Max, > > One question. Would this mechanism work for any possible GSS > security mechanism? > In other words, is all the information you need encapsulated inside > a single > GSSCredential object? Yes, this object is enough to perform a delegated GSSContext establishment. Of course, the requestGSSCredential() can also have the same arguments as in requestPasswordAuthentication() so that the user- provided method can take actions based on hostname etc. > > Also, java.net.Authenticator was designed very much for the original > HTTP authentication > schemes (Basic and Digest) which is why it has all these methods for > getting > the hostname, port, domain "prompt" string etc and NTLM more or less > fits in with > this API as well. Authenticator is also suitable for a normal Negotiate-scheme authentication, which asks for username and password and then uses JGSS-API to acquire a credential from the KDC server. > > So, this is a different way of doing it, where a pre-established > credential is used > instead of a user being prompted to provide a username and password > based > on the parameters supplied by the protocol. Correct, in this case, this credential is received from another party (also thru JGSS-API) as a token, so there needs a new way to feed it into the HTTP client. > > At the very least, there would have to be a way to distinguish > between these two > modes of operation. But I am wondering if a separate class might be > more appropriate > (GSSAuthenticator). So, HttpURLConnection could check if a > GSSAuthenticator exists > then it would probe that object for the credential. otherwise it > would fall back to > the existing approach Well, I think a username/password pair is also a kind of credential, so it's quite natural to use a single class to provide all of them. The fallback mechanism can be implemented in the class, if username/ password is needed, the requestPasswordAuthentication() method can be called. An alternative design: How about not intrude the setDefault() method but make the GSSCredential itself a static field? class Authenticator { private GSSCredential cred; public synchronized static GSSCredential setGSSCredential(GSSCredential c) { GSSCredential old = cred; cred = c; return old; } public static GSSCredential requestGSSCredential() { return cred; } } > > One problem with extending Authenticator is that the plugin has a > fixed Authenticator > implementation, that only handles usernames and passwords, and it > might not > want to use this new mechanism. I see. I wish the Authenticator was designed as cascade-able. Thanks Max > > - Michael > > > Max (Weijun) Wang wrote: >> Ping again, any suggestions? >> >> Thanks >> Max >> >> On Nov 25, 2008, at 3:01 PM, Weijun Wang wrote: >> >>> Hi All >>> >>> The current implementation of HTTP Negotiate authentication has not >>> enabled credential delegation (it simply acquires a new one using >>> either >>> a cached TGT or username/password from Authenticator). This means >>> that >>> in a multi-tier application, a middle tier cannot start an HTTP >>> request >>> (to the backend server) on behalf of the client. >> >> Currently, java.net.Authenticator can only authenticate using a >> username/password pair, but cannot use an established credential. >> >>> >>> I'm suggesting the following updates: >>> >>> 1. In java.net.Authenticator, add 2 methods >>> >>> protected GSSCredential getGSSCredential() { // To be overrided >>> return null; >>> } >>> public static GSSCredential requestGSSCredential() { >>> Authenticator a = theAuthenticator; >>> if (a == null) { >>> return null; >>> } else { >>> return a.getGSSCredential(); >>> } >>> } >>> >>> 2. In the implementation of the HTTP Negotiate auth scheme >>> (sun.net.www.protocol.http.NegotiatorImpl), >>> >>> GSSCredential deleg = Authenticator.requestGSSCredential(); >>> context = manager.createContext(serverName, >>> oid, >>> deleg, // this used to be null >>> GSSContext.DEFAULT_LIFETIME); >>> >>> Then, when an application developer is creating a GSS server that >>> wants >>> to start an HTTP request using a delegated credential, she can >>> write: >>> >>> // establish the GSSContext >>> final GSSCredential deleg = context.getDelegCred(); >>> Authenticator.setDefault(new Authenticator() { >>> @Override >>> protected GSSCredential getGSSCredential() { >>> return deleg; >>> } >>> }); >>> new URL("http://somewhere").openConnection().getInputStream(); >>> >>> What's your comment? >>> >>> Thanks >>> Max >>> >> > From jonathan.gibbons at sun.com Tue Mar 31 11:12:29 2009 From: jonathan.gibbons at sun.com (jonathan.gibbons at sun.com) Date: Tue, 31 Mar 2009 18:12:29 +0000 Subject: [security-dev 00728]: hg: jdk7/tl/langtools: 6817950: refactor ClassReader to improve attribute handling Message-ID: <20090331181233.9958FED5C@hg.openjdk.java.net> Changeset: 89f67512b635 Author: jjg Date: 2009-03-31 11:07 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/89f67512b635 6817950: refactor ClassReader to improve attribute handling Reviewed-by: mcimadamore ! src/share/classes/com/sun/tools/javac/jvm/ClassFile.java ! src/share/classes/com/sun/tools/javac/jvm/ClassReader.java From jonathan.gibbons at sun.com Tue Mar 31 11:19:59 2009 From: jonathan.gibbons at sun.com (jonathan.gibbons at sun.com) Date: Tue, 31 Mar 2009 18:19:59 +0000 Subject: [security-dev 00729]: hg: jdk7/tl/langtools: 6813059: replace use of JavaCompiler.errorCount with shouldContinue Message-ID: <20090331182003.7B912ED61@hg.openjdk.java.net> Changeset: af10262bd031 Author: jjg Date: 2009-03-31 11:16 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/af10262bd031 6813059: replace use of JavaCompiler.errorCount with shouldContinue Reviewed-by: mcimadamore ! src/share/classes/com/sun/tools/javac/main/JavaCompiler.java + test/tools/javac/policy/test3/A.java + test/tools/javac/policy/test3/Test.java From mandy.chung at sun.com Tue Mar 31 23:56:48 2009 From: mandy.chung at sun.com (mandy.chung at sun.com) Date: Wed, 01 Apr 2009 06:56:48 +0000 Subject: [security-dev 00730]: hg: jdk7/tl/jdk: 6819110: Lazily load Sun digest provider for jar verification Message-ID: <20090401065711.67E34EE21@hg.openjdk.java.net> Changeset: 85a91be56593 Author: mchung Date: 2009-03-31 23:52 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/85a91be56593 6819110: Lazily load Sun digest provider for jar verification Summary: Lazily call Providers.getSunProvider() instead of at static initializer Reviewed-by: mullan ! src/share/classes/sun/security/util/ManifestEntryVerifier.java