{@code ...}
{@code 
...}
...
{@code ...}
foo
{@code 
> ...}
...
{@code ...}
foo
{@code
>> ...}
...
{@code ...}
foo
{@code
>>> ...}
...
...
{@code ...}
foo
{@code
>>>> ...}
...
...
{@code ...}
foo
{@code
>>>>> ...}
...
...
 tags to {@code ...}
Reviewed-by: darcy

! src/share/classes/java/security/spec/DSAGenParameterSpec.java
! src/share/classes/java/security/spec/DSAParameterSpec.java
! src/share/classes/java/security/spec/DSAPrivateKeySpec.java
! src/share/classes/java/security/spec/DSAPublicKeySpec.java
! src/share/classes/java/security/spec/ECFieldF2m.java
! src/share/classes/java/security/spec/ECFieldFp.java
! src/share/classes/java/security/spec/ECGenParameterSpec.java
! src/share/classes/java/security/spec/ECParameterSpec.java
! src/share/classes/java/security/spec/ECPoint.java
! src/share/classes/java/security/spec/ECPrivateKeySpec.java
! src/share/classes/java/security/spec/ECPublicKeySpec.java
! src/share/classes/java/security/spec/EllipticCurve.java
! src/share/classes/java/security/spec/EncodedKeySpec.java
! src/share/classes/java/security/spec/InvalidKeySpecException.java
! src/share/classes/java/security/spec/KeySpec.java
! src/share/classes/java/security/spec/MGF1ParameterSpec.java
! src/share/classes/java/security/spec/PKCS8EncodedKeySpec.java
! src/share/classes/java/security/spec/PSSParameterSpec.java
! src/share/classes/java/security/spec/RSAKeyGenParameterSpec.java
! src/share/classes/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java
! src/share/classes/java/security/spec/RSAOtherPrimeInfo.java
! src/share/classes/java/security/spec/RSAPrivateCrtKeySpec.java
! src/share/classes/java/security/spec/X509EncodedKeySpec.java

From eric.mccorkle at oracle.com  Mon Jun 24 19:05:16 2013
From: eric.mccorkle at oracle.com (eric.mccorkle at oracle.com)
Date: Tue, 25 Jun 2013 02:05:16 +0000
Subject: hg: jdk8/tl/langtools: 8012722: Single comma in array initializer
	should parse
Message-ID: <20130625020522.E3E9E484C2@hg.openjdk.java.net>

Changeset: bf020de5a6db
Author:    emc
Date:      2013-06-24 22:03 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/bf020de5a6db

8012722: Single comma in array initializer should parse
Summary: Annotations of the form @Foo({,}) should parse
Reviewed-by: jjg

! src/share/classes/com/sun/tools/javac/parser/JavacParser.java
+ test/tools/javac/parser/SingleCommaAnnotationValue.java
+ test/tools/javac/parser/SingleCommaAnnotationValueFail.java
+ test/tools/javac/parser/SingleCommaAnnotationValueFail.out

From pifostap at gmail.com  Tue Jun 25 05:52:18 2013
From: pifostap at gmail.com (Ostap Andrusiv)
Date: Tue, 25 Jun 2013 15:52:18 +0300
Subject: Smart Cards in Java Kerberos
Message-ID: 

Hi everyone,

I've been playing with smart cards and faced some issues.
Long story short:

*Prerequisites*:

   - I set up a basic Kerberos realm via Windows Active Directory.
   - I managed to successfully login into service via *login/password* pair
   using Java Kerberos(Krb5LoginModule), which is provided via JAAS.

Now I try to implement Kerberos login via smart card. Smart card
preauthentication in Kerberos is done via AS-REQ/AS-REP messages (
PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the
smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions
in openjdk sources. Maybe, I missed something.

*Question*:

1. Does Java Kerberos support smart card preauthentication out of the box?

2. If it doesn't, can I somehow extends existing Kerberos module or should
I implement whole Kerberos from the ground up?

Thanks in advance,
Ostap Andrusiv

web: http://andrusiv.com
skype: ostap.andrusiv
::p!F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20130625/2f541524/attachment.html 

From valerie.peng at oracle.com  Tue Jun 25 15:51:24 2013
From: valerie.peng at oracle.com (Valerie (Yu-Ching) Peng)
Date: Tue, 25 Jun 2013 15:51:24 -0700
Subject: Code Review Request for 7196805: DH Key interoperability testing
	between SunJCE and JsafeJCE not successful
In-Reply-To: <51C91A9D.7020601@oracle.com>
References: <51A5591C.6080006@oracle.com> <51B91FE5.9050808@oracle.com>
	<51BF8016.80505@oracle.com>

	<51C21883.4010200@oracle.com> <51C91A9D.7020601@oracle.com>
Message-ID: <51CA1EEC.6030605@oracle.com>

It's covered by SQE interoperability tests.
In terms of regression tests, I think we should not put any 3rd party 
provider-related stuff.
I can add a regression test to make sure that optional component doesn't 
affect the equals check if you see value in doing this kind of test.
Thanks,
Valerie

On 06/24/13 21:20, Weijun Wang wrote:
> Code change looks fine. No regression test?
>
> --Max
>
> On 6/20/13 4:45 AM, Valerie (Yu-Ching) Peng wrote:
>> I have updated the webrev to address your comments:
>> http://cr.openjdk.java.net/~valeriep/7196805/webrev.01/
>>
>> As for using JDK 8 default method feature, I think maybe it's better to
>> delay the adoption to a later release since it's easier for sustaining
>> to just grab current changes and apply to earlier releases.
>> Thanks for the review & please let me know if you have additional 
>> comments,
>> Valerie
>>
>> On 06/17/13 22:41, Wang Weijun wrote:
>>>> I will also apply the same change to P11DHPrivateKey/P11DHPublicKey
>>>> then. Equality check using ASN.1 encoding is fine for non-DH
>>>> algorithms but not for DH.
>>> I cannot read the source codes now, but is it possible to implement
>>> the equals method right in the base interface using the JDK 8 default
>>> method feature?
>>>
>>>>> For DHKeyPairGenerator.java, it looks like you don't want the first
>>>>> octet being zero. Is this related to this bug? Is that required in
>>>>> the "Handbook of Applied Cryptography" book? I understand it could
>>>>> be necessary for interop.
>>>> The change is for conforming to the description under section 7.1
>>>> "Private-value generation" of PKCS#3 DH Key Agreement Standard
>>>> ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc , i.e.
>>>>
>>>> An integer x, the private value, shall be generated
>>>> privately and randomly. This integer shall satisfy 0<   x<
>>>> p-1, unless the central authority specifies a private-value
>>>> length l, in which case the integer shall satisfy 2^(l-1)<=
>>>> x<   2^l.
>>> Great. I think you can add a reference to pkcs3. The current wording
>>> seems to say it's suggested by the Handbook.
>>>
>>> Thanks
>>> Max
>>

From valerie.peng at oracle.com  Tue Jun 25 16:23:33 2013
From: valerie.peng at oracle.com (Valerie (Yu-Ching) Peng)
Date: Tue, 25 Jun 2013 16:23:33 -0700
Subject: [8] code review request for 7165807: Non optimized initialization
	of NSS crypto library leads to scalability issues
In-Reply-To: 
References: <74C0696A-EA88-4A09-B26A-C4506C374FCA@oracle.com>

	<51C1E897.30302@oracle.com>

Message-ID: <51CA2675.8000202@oracle.com>

- The private static native boolean nssInit(...) method should be 
removed? It seems obsolete by nssInitWithOptions(...) and I didn't see 
it being used anywhere. Same goes for the corresponding JNI method impl, 
i.e. Java_sun_security_pkcs11_Secmod_nssInit, in the j2secmod.c file.

- Particular reason to use different variable name, i.e. 
"nssUseOptimizeSpace" and property/option name "nssOptimizeSpace"? It 
seems inconsistent as most config variable name matches the 
property/option name. Can't we just use "nssOptimizeSpace"across board?

- line 127, empty string is used instead of the passed configDir. I am 
not sure if this correct. Why not just pass the configDir to this call?

Lastly, is the "NSS_Initialize(...)" method always available for the 
supported NSS library versions, i.e. 3.7+? Is this a newer method meant 
to replace "NSS_Init(...)"?
Thanks,
Valerie

On 06/19/13 10:38, Vincent Ryan wrote:
> Thanks for the review. I've simplified the name of the NSS flag, updated the bug report and filed a doc bug,
> as you suggest.
>
>
>
> On 19 Jun 2013, at 18:21, Sean Mullan wrote:
>
>> Looks good, just a couple of comments:
>>
>> 1. I think the name "nssOptimizeSpace" is clearer. The "Use" part seems a bit odd in the property name.
>>
>> 2. Add the appropriate noreg label to the bug.
>>
>> 3. File a followup doc bug to document the attribute in the PKCS11 guide.
>>
>> --Sean
>>
>> On 06/19/2013 08:49 AM, Vincent Ryan wrote:
>>> I've made some corrections to the native method that initializes NSS.
>>> The new webrev is at:
>>>
>>>    http://cr.openjdk.java.net/~vinnie/7165807/webrev.01
>>>
>>>
>>>
>>> On 14 Jun 2013, at 18:38, Vincent Ryan wrote:
>>>
>>>> Please review the following fix:
>>>>
>>>> http://cr.openjdk.java.net/~vinnie/7165807/webrev.00/
>>>> http://bugs.sun.com/view_bug.do?bug_id=7165807
>>>>
>>>> NSS may be initialized to favour performance or to favour memory footprint.
>>>> This fix introduces a new configuration flag to allow Java applications to choose.
>>>> By default, NSS will be initialized for performance.
>>>>
>>>> Thanks.
>>>>

From hbhotz at lavenderwine.com  Tue Jun 25 16:29:34 2013
From: hbhotz at lavenderwine.com (Henry B. Hotz)
Date: Tue, 25 Jun 2013 16:29:34 -0700
Subject: Smart Cards in Java Kerberos
In-Reply-To: 
References: 
Message-ID: <242A9B19-F133-4D77-8AE3-E47D46392046@lavenderwine.com>

I'm not authoritative, but AFAIK there is no smart card support in Java, though there is pkcs11 support.

If I had to do it, I would do the smart card/PKINIT stuff outside Java, and then let Java use the acquired tgt.

On Jun 25, 2013, at 5:52 AM, Ostap Andrusiv  wrote:

> Hi everyone, 
> 
> I've been playing with smart cards and faced some issues. 
> Long story short:
> 
> Prerequisites:
> 
> 	? I set up a basic Kerberos realm via Windows Active Directory.
> 	? I managed to successfully login into service via login/password pair using Java Kerberos(Krb5LoginModule), which is provided via JAAS.
> Now I try to implement Kerberos login via smart card. Smart card preauthentication in Kerberos is done via AS-REQ/AS-REP messages (PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions in openjdk sources. Maybe, I missed something.
> 
> Question: 
> 
> 1. Does Java Kerberos support smart card preauthentication out of the box?
> 
> 2. If it doesn't, can I somehow extends existing Kerberos module or should I implement whole Kerberos from the ground up?
> 
> 
> 
> Thanks in advance,
> Ostap Andrusiv
> 
> 
> web: http://andrusiv.com
> skype: ostap.andrusiv
> ::p!F

From weijun.wang at oracle.com  Tue Jun 25 16:34:21 2013
From: weijun.wang at oracle.com (Wang Weijun)
Date: Wed, 26 Jun 2013 07:34:21 +0800
Subject: Code Review Request for 7196805: DH Key interoperability testing
	between SunJCE and JsafeJCE not successful
In-Reply-To: <51CA1EEC.6030605@oracle.com>
References: <51A5591C.6080006@oracle.com> <51B91FE5.9050808@oracle.com>
	<51BF8016.80505@oracle.com>

	<51C21883.4010200@oracle.com> <51C91A9D.7020601@oracle.com>
	<51CA1EEC.6030605@oracle.com>
Message-ID: <4C1CFDDD-7B00-42CB-8346-66E8E1E80A7D@oracle.com>

?? Jun 26, 2013??6:51 AM??"Valerie (Yu-Ching) Peng"  ??????

> It's covered by SQE interoperability tests.

That's enough.

> In terms of regression tests, I think we should not put any 3rd party provider-related stuff.
> I can add a regression test to make sure that optional component doesn't affect the equals check if you see value in doing this kind of test.

That part looks trivial. Not necessary.

Thanks
Max

> Thanks,
> Valerie
> 
> On 06/24/13 21:20, Weijun Wang wrote:
>> Code change looks fine. No regression test?
>> 
>> --Max
>> 
>> On 6/20/13 4:45 AM, Valerie (Yu-Ching) Peng wrote:
>>> I have updated the webrev to address your comments:
>>> http://cr.openjdk.java.net/~valeriep/7196805/webrev.01/
>>> 
>>> As for using JDK 8 default method feature, I think maybe it's better to
>>> delay the adoption to a later release since it's easier for sustaining
>>> to just grab current changes and apply to earlier releases.
>>> Thanks for the review & please let me know if you have additional comments,
>>> Valerie
>>> 
>>> On 06/17/13 22:41, Wang Weijun wrote:
>>>>> I will also apply the same change to P11DHPrivateKey/P11DHPublicKey
>>>>> then. Equality check using ASN.1 encoding is fine for non-DH
>>>>> algorithms but not for DH.
>>>> I cannot read the source codes now, but is it possible to implement
>>>> the equals method right in the base interface using the JDK 8 default
>>>> method feature?
>>>> 
>>>>>> For DHKeyPairGenerator.java, it looks like you don't want the first
>>>>>> octet being zero. Is this related to this bug? Is that required in
>>>>>> the "Handbook of Applied Cryptography" book? I understand it could
>>>>>> be necessary for interop.
>>>>> The change is for conforming to the description under section 7.1
>>>>> "Private-value generation" of PKCS#3 DH Key Agreement Standard
>>>>> ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc , i.e.
>>>>> 
>>>>> An integer x, the private value, shall be generated
>>>>> privately and randomly. This integer shall satisfy 0<   x<
>>>>> p-1, unless the central authority specifies a private-value
>>>>> length l, in which case the integer shall satisfy 2^(l-1)<=
>>>>> x<   2^l.
>>>> Great. I think you can add a reference to pkcs3. The current wording
>>>> seems to say it's suggested by the Handbook.
>>>> 
>>>> Thanks
>>>> Max
> 

From valerie.peng at oracle.com  Tue Jun 25 16:46:36 2013
From: valerie.peng at oracle.com (Valerie (Yu-Ching) Peng)
Date: Tue, 25 Jun 2013 16:46:36 -0700
Subject: Code Review Request for 7196805: DH Key interoperability testing
	between SunJCE and JsafeJCE not successful
In-Reply-To: <4C1CFDDD-7B00-42CB-8346-66E8E1E80A7D@oracle.com>
References: <51A5591C.6080006@oracle.com> <51B91FE5.9050808@oracle.com>
	<51BF8016.80505@oracle.com>

	<51C21883.4010200@oracle.com> <51C91A9D.7020601@oracle.com>
	<51CA1EEC.6030605@oracle.com>
	<4C1CFDDD-7B00-42CB-8346-66E8E1E80A7D@oracle.com>
Message-ID: <51CA2BDC.2040701@oracle.com>

Great, thanks for the review!
Valerie

On 06/25/13 16:34, Wang Weijun wrote:
>
> ?? Jun 26, 2013??6:51 AM??"Valerie (Yu-Ching) Peng"  ??????
>
>> It's covered by SQE interoperability tests.
> That's enough.
>
>> In terms of regression tests, I think we should not put any 3rd party provider-related stuff.
>> I can add a regression test to make sure that optional component doesn't affect the equals check if you see value in doing this kind of test.
> That part looks trivial. Not necessary.
>
> Thanks
> Max
>
>> Thanks,
>> Valerie
>>
>> On 06/24/13 21:20, Weijun Wang wrote:
>>> Code change looks fine. No regression test?
>>>
>>> --Max
>>>
>>> On 6/20/13 4:45 AM, Valerie (Yu-Ching) Peng wrote:
>>>> I have updated the webrev to address your comments:
>>>> http://cr.openjdk.java.net/~valeriep/7196805/webrev.01/
>>>>
>>>> As for using JDK 8 default method feature, I think maybe it's better to
>>>> delay the adoption to a later release since it's easier for sustaining
>>>> to just grab current changes and apply to earlier releases.
>>>> Thanks for the review & please let me know if you have additional comments,
>>>> Valerie
>>>>
>>>> On 06/17/13 22:41, Wang Weijun wrote:
>>>>>> I will also apply the same change to P11DHPrivateKey/P11DHPublicKey
>>>>>> then. Equality check using ASN.1 encoding is fine for non-DH
>>>>>> algorithms but not for DH.
>>>>> I cannot read the source codes now, but is it possible to implement
>>>>> the equals method right in the base interface using the JDK 8 default
>>>>> method feature?
>>>>>
>>>>>>> For DHKeyPairGenerator.java, it looks like you don't want the first
>>>>>>> octet being zero. Is this related to this bug? Is that required in
>>>>>>> the "Handbook of Applied Cryptography" book? I understand it could
>>>>>>> be necessary for interop.
>>>>>> The change is for conforming to the description under section 7.1
>>>>>> "Private-value generation" of PKCS#3 DH Key Agreement Standard
>>>>>> ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc , i.e.
>>>>>>
>>>>>> An integer x, the private value, shall be generated
>>>>>> privately and randomly. This integer shall satisfy 0<   x<
>>>>>> p-1, unless the central authority specifies a private-value
>>>>>> length l, in which case the integer shall satisfy 2^(l-1)<=
>>>>>> x<   2^l.
>>>>> Great. I think you can add a reference to pkcs3. The current wording
>>>>> seems to say it's suggested by the Handbook.
>>>>>
>>>>> Thanks
>>>>> Max

From weijun.wang at oracle.com  Tue Jun 25 17:37:37 2013
From: weijun.wang at oracle.com (Weijun Wang)
Date: Wed, 26 Jun 2013 08:37:37 +0800
Subject: Smart Cards in Java Kerberos
In-Reply-To: <242A9B19-F133-4D77-8AE3-E47D46392046@lavenderwine.com>
References: 
	<242A9B19-F133-4D77-8AE3-E47D46392046@lavenderwine.com>
Message-ID: <51CA37D1.1030802@oracle.com>

Java (at least Oracle JDK) does not support PKINIT.

Yes, you can do it outside, create a KerberosTicket and a 
KerberosPrincipal, create a JAAS Subject containing them, and call 
Subject.doAs() later. It should work.

On Windows, if you manage to use Windows' own login and have the ticket 
stored inside LSA, Java should be able to read it. There is a registry 
key allowtgtsessionkey you need to take care of. Or maybe you can use 
any third party kinit to save a ccache file which can also be picked up 
by Java.

--Max

On 6/26/13 7:29 AM, Henry B. Hotz wrote:
> I'm not authoritative, but AFAIK there is no smart card support in Java, though there is pkcs11 support.
>
> If I had to do it, I would do the smart card/PKINIT stuff outside Java, and then let Java use the acquired tgt.
>
> On Jun 25, 2013, at 5:52 AM, Ostap Andrusiv  wrote:
>
>> Hi everyone,
>>
>> I've been playing with smart cards and faced some issues.
>> Long story short:
>>
>> Prerequisites:
>>
>> 	? I set up a basic Kerberos realm via Windows Active Directory.
>> 	? I managed to successfully login into service via login/password pair using Java Kerberos(Krb5LoginModule), which is provided via JAAS.
>> Now I try to implement Kerberos login via smart card. Smart card preauthentication in Kerberos is done via AS-REQ/AS-REP messages (PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions in openjdk sources. Maybe, I missed something.
>>
>> Question:
>>
>> 1. Does Java Kerberos support smart card preauthentication out of the box?
>>
>> 2. If it doesn't, can I somehow extends existing Kerberos module or should I implement whole Kerberos from the ground up?
>>
>>
>>
>> Thanks in advance,
>> Ostap Andrusiv
>>
>>
>> web: http://andrusiv.com
>> skype: ostap.andrusiv
>> ::p!F
>

From weijun.wang at oracle.com  Tue Jun 25 18:23:55 2013
From: weijun.wang at oracle.com (Weijun Wang)
Date: Wed, 26 Jun 2013 09:23:55 +0800
Subject: On 8017264: Java app crash on it's startup after Java updated to
	7u25 from 7u21
Message-ID: <51CA42AB.5080706@oracle.com>

Hi, Hotspot guys

We (SE security) received a bug report on a new crash for 7u25 and need 
some help from you:

    http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8017264

Here the top frames look like:

C  [msvcr100.dll+0x10b3b]  wcspbrk+0x12d
V  [jvm.dll+0xa9b63]
C  [w2k_lsa_auth.dll+0x167c]  JNI_OnUnload+0x1c1
j 
sun.security.krb5.Credentials.acquireDefaultNativeCreds()Lsun/security/krb5/Credentials;+0

acquireDefaultNativeCreds() is a native method and it's defined at

http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/3c08c9ebd1fb/src/windows/native/sun/security/krb5/NativeCreds.c

I'm not sure why JNI_OnUnload is called so immediately, and as you can 
see it's simply

       338     if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
       339         return; /* Nothing else we can do */
       340     }
       341
       342     if (ticketClass != NULL) {
       343         (*env)->DeleteWeakGlobalRef(env,ticketClass);
       344     }
       ... More DeleteWeakGlobalRefs

How is it able to call wcspbrk and get crashed?

BTW, the .c file has not been changed for 2 years.

Also, according to the report, the customer (whose automatic reply has 
"out of office with no internet access till 15 July") runs 7u25 b16 but 
the public release on java.com is b17. Does it matter?

Thanks
Max

From xuelei.fan at oracle.com  Tue Jun 25 20:45:45 2013
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Wed, 26 Jun 2013 11:45:45 +0800
Subject: Code review request,
	8017049: 	rename property jdk.tls.rejectClientInitializedRenego
Message-ID: <51CA63E9.5040102@oracle.com>

Hi,

webrev: http://cr.openjdk.java.net/~xuelei/8017049/webrev.00/

In update of 7188658
(http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a76858faad59), we defines a
new system property, "jdk.tls.rejectClientInitializedRenego", in order
to disable client initiated renegotiation.  However, the name is not
instinctive enough according to feedback. We want a name which can more
succinctly captures the intent of this property.

In this update, the property name is renamed to
"jdk.tls.rejectClientInitiatedRenegotiation".

Thanks,
Xuelei

From mstjohns at comcast.net  Tue Jun 25 21:09:34 2013
From: mstjohns at comcast.net (Michael StJohns)
Date: Wed, 26 Jun 2013 00:09:34 -0400
Subject: Smart Cards in Java Kerberos
In-Reply-To: <242A9B19-F133-4D77-8AE3-E47D46392046@lavenderwine.com>
References: 
	<242A9B19-F133-4D77-8AE3-E47D46392046@lavenderwine.com>
Message-ID: 

Java provides the javax.smartcardio package for direct access to the smart card.  But that's probably not what he's looking for.  Mike

Sent from my iPad

On Jun 25, 2013, at 19:29, "Henry B. Hotz"  wrote:

> I'm not authoritative, but AFAIK there is no smart card support in Java, though there is pkcs11 support.
> 
> If I had to do it, I would do the smart card/PKINIT stuff outside Java, and then let Java use the acquired tgt.
> 
> On Jun 25, 2013, at 5:52 AM, Ostap Andrusiv  wrote:
> 
>> Hi everyone, 
>> 
>> I've been playing with smart cards and faced some issues. 
>> Long story short:
>> 
>> Prerequisites:
>> 
>>    ? I set up a basic Kerberos realm via Windows Active Directory.
>>    ? I managed to successfully login into service via login/password pair using Java Kerberos(Krb5LoginModule), which is provided via JAAS.
>> Now I try to implement Kerberos login via smart card. Smart card preauthentication in Kerberos is done via AS-REQ/AS-REP messages (PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions in openjdk sources. Maybe, I missed something.
>> 
>> Question: 
>> 
>> 1. Does Java Kerberos support smart card preauthentication out of the box?
>> 
>> 2. If it doesn't, can I somehow extends existing Kerberos module or should I implement whole Kerberos from the ground up?
>> 
>> 
>> 
>> Thanks in advance,
>> Ostap Andrusiv
>> 
>> 
>> web: http://andrusiv.com
>> skype: ostap.andrusiv
>> ::p!F
> 

From nithya.srinivasan at oracle.com  Tue Jun 25 21:25:13 2013
From: nithya.srinivasan at oracle.com (Nithya Srinivasan)
Date: Tue, 25 Jun 2013 21:25:13 -0700
Subject: 8017325, 8017326: Cleanup of javadoc  tag
In-Reply-To: <51C9FE58.4050602@oracle.com>
References: <51C4F415.1000406@oracle.com> <51C504B2.2020500@oracle.com>
	<51C8870A.4010701@oracle.com> <51C8C199.1090906@oracle.com>
	<51C8EE4F.2060403@oracle.com> <51C9FC2C.9000301@oracle.com>
	<51C9FE58.4050602@oracle.com>
Message-ID: <51CA6D29.8060706@oracle.com>

Jason

Can you please add the appropriate noreg- label for the 2 bugs - 
JDK-8017325 & JDK-8017326

Thanks
Nithya

On 6/25/2013 1:32 PM, Joe Darcy wrote:
> Hi Jason,
>
> The javadoc changes look good to go back.
>
> Thanks,
>
> -Joe
>
> On 6/25/2013 1:23 PM, Jason Uh wrote:
>> Joe,
>>
>> Here are the updated webrevs:
>>
>> - java.security.cert:
>>      http://cr.openjdk.java.net/~juh/8017325/webrev.02/
>> - java.security.spec:
>>      http://cr.openjdk.java.net/~juh/8017326/webrev.01/
>>
>> I have converted "..." to "{@code ...}" and have updated the 
>> copyright dates.
>>
>> I've attached diffs of the patches to show what has been updated in 
>> these new webrevs. There is a little extra noise in them due to the 
>> change in the timestamps.
>>
>> Thanks,
>> Jason
>>
>>
>> On 06/24/2013 06:11 PM, Joseph Darcy wrote:
>>> On 6/24/2013 3:00 PM, Jason Uh wrote:
>>>>
>>>>
>>>> On 6/24/13 10:51 AM, Joe Darcy wrote:
>>>>> Hi Jason,
>>>>>
>>>>> On 6/21/2013 6:58 PM, Jason Uh wrote:
>>>>>> After learning that javadoc is now capable of properly formatting 
>>>>>> the
>>>>>> "{@code ...}" construct, I have updated the changeset for
>>>>>> java.security.cert. Please review instead:
>>>>>>
>>>>>> Webrevs --
>>>>>> - java.security.cert (updated):
>>>>>>     http://cr.openjdk.java.net/~juh/8017325/webrev.01/
>>>>>> - java.security.spec (no change):
>>>>>>     http://cr.openjdk.java.net/~juh/8017326/webrev.00/
>>>>>
>>>>> I've looked over both patches and they look fine.
>>>>>
>>>>> However, as a follow-up, please also expand the conversion to include
>>>>> mapping "foo" => "{@code foo}".
>>>>
>>>> Thanks. I can make those changes, but are you suggesting that I add
>>>> them to this changeset or that I do that separately?
>>>
>>> For review purposes, I'd like to see them separately in some fashion,
>>> even if it was produced by diffing the patch files.
>>>
>>>>
>>>>>>
>>>>>> Note that this change does visibly change the generated javadoc, as
>>>>>> reported by specdiff. In particular, the change to {@code
>>>>>> ...} in the javadoc for the
>>>>>> X509Extension.getNonCriticalExtensionOIDs() method now allows the
>>>>>> generated HTML to correctly display the line:
>>>>>>
>>>>>>    Set nonCritSet = badCert.getNonCriticalExtensionOIDs();
>>>>>>
>>>>>> which was previously (incorrectly) displayed as
>>>>>>
>>>>>>    Set nonCritSet = badCert.getNonCriticalExtensionOIDs();
>>>>>>
>>>>>> when the text "" was still enclosed within
>>>>>> "...".
>>>>>
>>>>> Running specdiff is a good double-check in this situation.
>>>>>
>>>>> Should the scripts you are using here to placed somewhere in the JDK
>>>>> repo or in the code tools project?
>>>>
>>>> I'm not sure that I follow. Are you requesting that I include
>>>> somewhere in the repo the line of Perl that I ran? (It was used to
>>>> make most, but not all of these changes.) If so, where would be the
>>>> most appropriate place to add that?
>>>
>>> If it is a one-liner, it could be included in the summary line of the
>>> commit message or as a comment in the bug. If it is more substantive
>>> (since we will be rolling out this change across the JDK libraries),
>>> having the command in a known-location would be helpful. Especially, if
>>> a check for this pattern is built into future code-quality checks.
>>>
>>> -Joe
>>>
>>>>
>>>> Thanks,
>>>> Jason
>>>>
>>>>> Thanks,
>>>>>
>>>>> -Joe
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Jason
>>>>>>
>>>>>>
>>>>>> The files that have been updated
>>>>>>
>>>>>> On 6/21/13 5:47 PM, Jason Uh wrote:
>>>>>>> Joe, all,
>>>>>>>
>>>>>>> Could I please get a review of the following changes?
>>>>>>>
>>>>>>> These changesets convert the ... javadoc tags to 
>>>>>>> {@code
>>>>>>> ...} as part of an overall effort to clean up doclint warnings.
>>>>>>>
>>>>>>> Webrevs --
>>>>>>> - java.security.cert:
>>>>>>>      http://cr.openjdk.java.net/~juh/8017325/webrev.00/
>>>>>>> - java.security.spec:
>>>>>>>      http://cr.openjdk.java.net/~juh/8017326/webrev.00/
>>>>>>>
>>>>>>> specdiff reported no changes in the generated docs.
>>>>>>>
>>>>>>> More of these to come.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Jason
>>>>>>
>>>>>
>>>>
>>>
>

From vincent.x.ryan at oracle.com  Wed Jun 26 03:01:30 2013
From: vincent.x.ryan at oracle.com (Vincent Ryan)
Date: Wed, 26 Jun 2013 11:01:30 +0100
Subject: Code review request,
	8017049: 	rename property jdk.tls.rejectClientInitializedRenego
In-Reply-To: <51CA63E9.5040102@oracle.com>
References: <51CA63E9.5040102@oracle.com>
Message-ID: 

Your fix looks good.

On 26 Jun 2013, at 04:45, Xuelei Fan wrote:

> Hi,
> 
> webrev: http://cr.openjdk.java.net/~xuelei/8017049/webrev.00/
> 
> In update of 7188658
> (http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a76858faad59), we defines a
> new system property, "jdk.tls.rejectClientInitializedRenego", in order
> to disable client initiated renegotiation.  However, the name is not
> instinctive enough according to feedback. We want a name which can more
> succinctly captures the intent of this property.
> 
> In this update, the property name is renamed to
> "jdk.tls.rejectClientInitiatedRenegotiation".
> 
> Thanks,
> Xuelei

From david.holmes at oracle.com  Wed Jun 26 05:38:07 2013
From: david.holmes at oracle.com (David Holmes)
Date: Wed, 26 Jun 2013 22:38:07 +1000
Subject: On 8017264: Java app crash on it's startup after Java updated
	to 7u25 from 7u21
In-Reply-To: <51CA42AB.5080706@oracle.com>
References: <51CA42AB.5080706@oracle.com>
Message-ID: <51CAE0AF.7060402@oracle.com>

Max,

Is a minidump available (not that I know how to work with them but they 
are more reliable than stack traces) ?

I suspect the symbolic information in the stacktrace is reflecting 
closest available symbol rather than actual symbol. As you say the 
sequence of calls don't really make sense.

David

On 26/06/2013 11:23 AM, Weijun Wang wrote:
> Hi, Hotspot guys
>
> We (SE security) received a bug report on a new crash for 7u25 and need
> some help from you:
>
>     http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8017264
>
> Here the top frames look like:
>
> C  [msvcr100.dll+0x10b3b]  wcspbrk+0x12d
> V  [jvm.dll+0xa9b63]
> C  [w2k_lsa_auth.dll+0x167c]  JNI_OnUnload+0x1c1
> j
> sun.security.krb5.Credentials.acquireDefaultNativeCreds()Lsun/security/krb5/Credentials;+0
>
>
> acquireDefaultNativeCreds() is a native method and it's defined at
>
>
> http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/3c08c9ebd1fb/src/windows/native/sun/security/krb5/NativeCreds.c
>
>
> I'm not sure why JNI_OnUnload is called so immediately, and as you can
> see it's simply
>
>        338     if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
>        339         return; /* Nothing else we can do */
>        340     }
>        341
>        342     if (ticketClass != NULL) {
>        343         (*env)->DeleteWeakGlobalRef(env,ticketClass);
>        344     }
>        ... More DeleteWeakGlobalRefs
>
> How is it able to call wcspbrk and get crashed?
>
> BTW, the .c file has not been changed for 2 years.
>
> Also, according to the report, the customer (whose automatic reply has
> "out of office with no internet access till 15 July") runs 7u25 b16 but
> the public release on java.com is b17. Does it matter?
>
> Thanks
> Max

From weijun.wang at oracle.com  Wed Jun 26 05:44:29 2013
From: weijun.wang at oracle.com (Weijun Wang)
Date: Wed, 26 Jun 2013 20:44:29 +0800
Subject: On 8017264: Java app crash on it's startup after Java updated
	to 7u25 from 7u21
In-Reply-To: <51CAE0AF.7060402@oracle.com>
References: <51CA42AB.5080706@oracle.com> <51CAE0AF.7060402@oracle.com>
Message-ID: <51CAE22D.5050306@oracle.com>

Hi David

I'm able to reproduce the problem on my computer and has pinpointed the 
exact Win32 API failing: The LSA login function returns a ticket with 
size 131074 bytes. Normally a ticket is smaller than several KB. There 
must be something wrong.

It's a windows-i586 JRE running on a windows-x64 machine. I tried 7u21 
and 8b94 and they all fails. So at least not a regression.

Thanks
Max

On 6/26/13 8:38 PM, David Holmes wrote:
> Max,
>
> Is a minidump available (not that I know how to work with them but they
> are more reliable than stack traces) ?
>
> I suspect the symbolic information in the stacktrace is reflecting
> closest available symbol rather than actual symbol. As you say the
> sequence of calls don't really make sense.
>
> David
>
> On 26/06/2013 11:23 AM, Weijun Wang wrote:
>> Hi, Hotspot guys
>>
>> We (SE security) received a bug report on a new crash for 7u25 and need
>> some help from you:
>>
>>     http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8017264
>>
>> Here the top frames look like:
>>
>> C  [msvcr100.dll+0x10b3b]  wcspbrk+0x12d
>> V  [jvm.dll+0xa9b63]
>> C  [w2k_lsa_auth.dll+0x167c]  JNI_OnUnload+0x1c1
>> j
>> sun.security.krb5.Credentials.acquireDefaultNativeCreds()Lsun/security/krb5/Credentials;+0
>>
>>
>>
>> acquireDefaultNativeCreds() is a native method and it's defined at
>>
>>
>> http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/3c08c9ebd1fb/src/windows/native/sun/security/krb5/NativeCreds.c
>>
>>
>>
>> I'm not sure why JNI_OnUnload is called so immediately, and as you can
>> see it's simply
>>
>>        338     if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
>>        339         return; /* Nothing else we can do */
>>        340     }
>>        341
>>        342     if (ticketClass != NULL) {
>>        343         (*env)->DeleteWeakGlobalRef(env,ticketClass);
>>        344     }
>>        ... More DeleteWeakGlobalRefs
>>
>> How is it able to call wcspbrk and get crashed?
>>
>> BTW, the .c file has not been changed for 2 years.
>>
>> Also, according to the report, the customer (whose automatic reply has
>> "out of office with no internet access till 15 July") runs 7u25 b16 but
>> the public release on java.com is b17. Does it matter?
>>
>> Thanks
>> Max

From david.holmes at oracle.com  Wed Jun 26 05:51:21 2013
From: david.holmes at oracle.com (David Holmes)
Date: Wed, 26 Jun 2013 22:51:21 +1000
Subject: On 8017264: Java app crash on it's startup after Java updated
	to 7u25 from 7u21
In-Reply-To: <51CAE22D.5050306@oracle.com>
References: <51CA42AB.5080706@oracle.com> <51CAE0AF.7060402@oracle.com>
	<51CAE22D.5050306@oracle.com>
Message-ID: <51CAE3C9.50508@oracle.com>

On 26/06/2013 10:44 PM, Weijun Wang wrote:
> Hi David
>
> I'm able to reproduce the problem on my computer and has pinpointed the
> exact Win32 API failing: The LSA login function returns a ticket with
> size 131074 bytes. Normally a ticket is smaller than several KB. There
> must be something wrong.

Doesn't seem like a hotspot issue then.

> It's a windows-i586 JRE running on a windows-x64 machine. I tried 7u21
> and 8b94 and they all fails. So at least not a regression.

That's good to know.

David

> Thanks
> Max
>
> On 6/26/13 8:38 PM, David Holmes wrote:
>> Max,
>>
>> Is a minidump available (not that I know how to work with them but they
>> are more reliable than stack traces) ?
>>
>> I suspect the symbolic information in the stacktrace is reflecting
>> closest available symbol rather than actual symbol. As you say the
>> sequence of calls don't really make sense.
>>
>> David
>>
>> On 26/06/2013 11:23 AM, Weijun Wang wrote:
>>> Hi, Hotspot guys
>>>
>>> We (SE security) received a bug report on a new crash for 7u25 and need
>>> some help from you:
>>>
>>>     http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8017264
>>>
>>> Here the top frames look like:
>>>
>>> C  [msvcr100.dll+0x10b3b]  wcspbrk+0x12d
>>> V  [jvm.dll+0xa9b63]
>>> C  [w2k_lsa_auth.dll+0x167c]  JNI_OnUnload+0x1c1
>>> j
>>> sun.security.krb5.Credentials.acquireDefaultNativeCreds()Lsun/security/krb5/Credentials;+0
>>>
>>>
>>>
>>>
>>> acquireDefaultNativeCreds() is a native method and it's defined at
>>>
>>>
>>> http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/3c08c9ebd1fb/src/windows/native/sun/security/krb5/NativeCreds.c
>>>
>>>
>>>
>>>
>>> I'm not sure why JNI_OnUnload is called so immediately, and as you can
>>> see it's simply
>>>
>>>        338     if ((*jvm)->GetEnv(jvm, (void **)&env,
>>> JNI_VERSION_1_2)) {
>>>        339         return; /* Nothing else we can do */
>>>        340     }
>>>        341
>>>        342     if (ticketClass != NULL) {
>>>        343         (*env)->DeleteWeakGlobalRef(env,ticketClass);
>>>        344     }
>>>        ... More DeleteWeakGlobalRefs
>>>
>>> How is it able to call wcspbrk and get crashed?
>>>
>>> BTW, the .c file has not been changed for 2 years.
>>>
>>> Also, according to the report, the customer (whose automatic reply has
>>> "out of office with no internet access till 15 July") runs 7u25 b16 but
>>> the public release on java.com is b17. Does it matter?
>>>
>>> Thanks
>>> Max

From xuelei.fan at oracle.com  Wed Jun 26 06:35:18 2013
From: xuelei.fan at oracle.com (xuelei.fan at oracle.com)
Date: Wed, 26 Jun 2013 13:35:18 +0000
Subject: hg: jdk8/tl/jdk: 8017049: rename property
	jdk.tls.rejectClientInitializedRenego
Message-ID: <20130626133543.3573C4854C@hg.openjdk.java.net>

Changeset: 0822bcddbd4f
Author:    xuelei
Date:      2013-06-26 06:32 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0822bcddbd4f

8017049: rename property jdk.tls.rejectClientInitializedRenego
Reviewed-by: vinnie, wetmore, mullan

! src/share/classes/sun/security/ssl/Handshaker.java
! test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NoImpactServerRenego.java
! test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/RejectClientRenego.java

From jason.uh at oracle.com  Wed Jun 26 07:19:12 2013
From: jason.uh at oracle.com (Jason Uh)
Date: Wed, 26 Jun 2013 07:19:12 -0700
Subject: 8017325, 8017326: Cleanup of javadoc  tag
In-Reply-To: <51CA6D29.8060706@oracle.com>
References: <51C4F415.1000406@oracle.com> <51C504B2.2020500@oracle.com>
	<51C8870A.4010701@oracle.com> <51C8C199.1090906@oracle.com>
	<51C8EE4F.2060403@oracle.com> <51C9FC2C.9000301@oracle.com>
	<51C9FE58.4050602@oracle.com> <51CA6D29.8060706@oracle.com>
Message-ID: <51CAF860.8040301@oracle.com>

Nithya,

Thanks for catching that. I've labeled the bugs with noreg-doc.

Jason

On 6/25/13 9:25 PM, Nithya Srinivasan wrote:
> Jason
>
> Can you please add the appropriate noreg- label for the 2 bugs -
> JDK-8017325 & JDK-8017326
>
> Thanks
> Nithya
>
> On 6/25/2013 1:32 PM, Joe Darcy wrote:
>> Hi Jason,
>>
>> The javadoc changes look good to go back.
>>
>> Thanks,
>>
>> -Joe
>>
>> On 6/25/2013 1:23 PM, Jason Uh wrote:
>>> Joe,
>>>
>>> Here are the updated webrevs:
>>>
>>> - java.security.cert:
>>>      http://cr.openjdk.java.net/~juh/8017325/webrev.02/
>>> - java.security.spec:
>>>      http://cr.openjdk.java.net/~juh/8017326/webrev.01/
>>>
>>> I have converted "..." to "{@code ...}" and have updated the
>>> copyright dates.
>>>
>>> I've attached diffs of the patches to show what has been updated in
>>> these new webrevs. There is a little extra noise in them due to the
>>> change in the timestamps.
>>>
>>> Thanks,
>>> Jason
>>>
>>>
>>> On 06/24/2013 06:11 PM, Joseph Darcy wrote:
>>>> On 6/24/2013 3:00 PM, Jason Uh wrote:
>>>>>
>>>>>
>>>>> On 6/24/13 10:51 AM, Joe Darcy wrote:
>>>>>> Hi Jason,
>>>>>>
>>>>>> On 6/21/2013 6:58 PM, Jason Uh wrote:
>>>>>>> After learning that javadoc is now capable of properly formatting
>>>>>>> the
>>>>>>> "{@code ...}" construct, I have updated the changeset for
>>>>>>> java.security.cert. Please review instead:
>>>>>>>
>>>>>>> Webrevs --
>>>>>>> - java.security.cert (updated):
>>>>>>>     http://cr.openjdk.java.net/~juh/8017325/webrev.01/
>>>>>>> - java.security.spec (no change):
>>>>>>>     http://cr.openjdk.java.net/~juh/8017326/webrev.00/
>>>>>>
>>>>>> I've looked over both patches and they look fine.
>>>>>>
>>>>>> However, as a follow-up, please also expand the conversion to include
>>>>>> mapping "foo" => "{@code foo}".
>>>>>
>>>>> Thanks. I can make those changes, but are you suggesting that I add
>>>>> them to this changeset or that I do that separately?
>>>>
>>>> For review purposes, I'd like to see them separately in some fashion,
>>>> even if it was produced by diffing the patch files.
>>>>
>>>>>
>>>>>>>
>>>>>>> Note that this change does visibly change the generated javadoc, as
>>>>>>> reported by specdiff. In particular, the change to {@code
>>>>>>> ...} in the javadoc for the
>>>>>>> X509Extension.getNonCriticalExtensionOIDs() method now allows the
>>>>>>> generated HTML to correctly display the line:
>>>>>>>
>>>>>>>    Set nonCritSet = badCert.getNonCriticalExtensionOIDs();
>>>>>>>
>>>>>>> which was previously (incorrectly) displayed as
>>>>>>>
>>>>>>>    Set nonCritSet = badCert.getNonCriticalExtensionOIDs();
>>>>>>>
>>>>>>> when the text "" was still enclosed within
>>>>>>> "...".
>>>>>>
>>>>>> Running specdiff is a good double-check in this situation.
>>>>>>
>>>>>> Should the scripts you are using here to placed somewhere in the JDK
>>>>>> repo or in the code tools project?
>>>>>
>>>>> I'm not sure that I follow. Are you requesting that I include
>>>>> somewhere in the repo the line of Perl that I ran? (It was used to
>>>>> make most, but not all of these changes.) If so, where would be the
>>>>> most appropriate place to add that?
>>>>
>>>> If it is a one-liner, it could be included in the summary line of the
>>>> commit message or as a comment in the bug. If it is more substantive
>>>> (since we will be rolling out this change across the JDK libraries),
>>>> having the command in a known-location would be helpful. Especially, if
>>>> a check for this pattern is built into future code-quality checks.
>>>>
>>>> -Joe
>>>>
>>>>>
>>>>> Thanks,
>>>>> Jason
>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> -Joe
>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Jason
>>>>>>>
>>>>>>>
>>>>>>> The files that have been updated
>>>>>>>
>>>>>>> On 6/21/13 5:47 PM, Jason Uh wrote:
>>>>>>>> Joe, all,
>>>>>>>>
>>>>>>>> Could I please get a review of the following changes?
>>>>>>>>
>>>>>>>> These changesets convert the ... javadoc tags to
>>>>>>>> {@code
>>>>>>>> ...} as part of an overall effort to clean up doclint warnings.
>>>>>>>>
>>>>>>>> Webrevs --
>>>>>>>> - java.security.cert:
>>>>>>>>      http://cr.openjdk.java.net/~juh/8017325/webrev.00/
>>>>>>>> - java.security.spec:
>>>>>>>>      http://cr.openjdk.java.net/~juh/8017326/webrev.00/
>>>>>>>>
>>>>>>>> specdiff reported no changes in the generated docs.
>>>>>>>>
>>>>>>>> More of these to come.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Jason
>>>>>>>
>>>>>>
>>>>>
>>>>
>>

From yong.huang at oracle.com  Tue Jun 25 21:06:06 2013
From: yong.huang at oracle.com (yong.huang at oracle.com)
Date: Wed, 26 Jun 2013 04:06:06 +0000
Subject: hg: jdk8/tl/jdk: 8013836: getFirstDayOfWeek reports wrong day for
	pt-BR locale
Message-ID: <20130626040648.845E048532@hg.openjdk.java.net>

Changeset: 510035b7bbbb
Author:    yhuang
Date:      2013-06-25 21:03 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/510035b7bbbb

8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
Reviewed-by: naoto

+ src/share/classes/sun/util/resources/pt/CalendarData_pt_BR.properties
! test/sun/text/resources/LocaleData
! test/sun/text/resources/LocaleDataTest.java

From hbhotz at lavenderwine.com  Tue Jun 25 22:43:22 2013
From: hbhotz at lavenderwine.com (Henry B. Hotz)
Date: Tue, 25 Jun 2013 22:43:22 -0700
Subject: Smart Cards in Java Kerberos
In-Reply-To: <51CA37D1.1030802@oracle.com>
References: 
	<242A9B19-F133-4D77-8AE3-E47D46392046@lavenderwine.com>
	<51CA37D1.1030802@oracle.com>
Message-ID: 

Even easier.  Just set useTicketCache=true in the JAAS config.

On Jun 25, 2013, at 5:37 PM, Weijun Wang  wrote:

> Java (at least Oracle JDK) does not support PKINIT.
> 
> Yes, you can do it outside, create a KerberosTicket and a KerberosPrincipal, create a JAAS Subject containing them, and call Subject.doAs() later. It should work.
> 
> On Windows, if you manage to use Windows' own login and have the ticket stored inside LSA, Java should be able to read it. There is a registry key allowtgtsessionkey you need to take care of. Or maybe you can use any third party kinit to save a ccache file which can also be picked up by Java.
> 
> --Max
> 
> On 6/26/13 7:29 AM, Henry B. Hotz wrote:
>> I'm not authoritative, but AFAIK there is no smart card support in Java, though there is pkcs11 support.
>> 
>> If I had to do it, I would do the smart card/PKINIT stuff outside Java, and then let Java use the acquired tgt.
>> 
>> On Jun 25, 2013, at 5:52 AM, Ostap Andrusiv  wrote:
>> 
>>> Hi everyone,
>>> 
>>> I've been playing with smart cards and faced some issues.
>>> Long story short:
>>> 
>>> Prerequisites:
>>> 
>>> 	? I set up a basic Kerberos realm via Windows Active Directory.
>>> 	? I managed to successfully login into service via login/password pair using Java Kerberos(Krb5LoginModule), which is provided via JAAS.
>>> Now I try to implement Kerberos login via smart card. Smart card preauthentication in Kerberos is done via AS-REQ/AS-REP messages (PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions in openjdk sources. Maybe, I missed something.
>>> 
>>> Question:
>>> 
>>> 1. Does Java Kerberos support smart card preauthentication out of the box?
>>> 
>>> 2. If it doesn't, can I somehow extends existing Kerberos module or should I implement whole Kerberos from the ground up?
>>> 
>>> 
>>> 
>>> Thanks in advance,
>>> Ostap Andrusiv
>>> 
>>> 
>>> web: http://andrusiv.com
>>> skype: ostap.andrusiv
>>> ::p!F
>> 

From chris.hegarty at oracle.com  Wed Jun 26 07:33:28 2013
From: chris.hegarty at oracle.com (chris.hegarty at oracle.com)
Date: Wed, 26 Jun 2013 14:33:28 +0000
Subject: hg: jdk8/tl/jdk: 8012647: Add Arrays.parallelPrefix (prefix sum, scan,
	cumulative sum)
Message-ID: <20130626143351.0DFAD4854F@hg.openjdk.java.net>

Changeset: e83cdd58f1cf
Author:    chegar
Date:      2013-06-26 15:30 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e83cdd58f1cf

8012647: Add Arrays.parallelPrefix (prefix sum, scan, cumulative sum)
Reviewed-by: chegar, alanb, psandoz
Contributed-by: Doug Lea , Tristan Yan , Chris Hegarty 

+ src/share/classes/java/util/ArrayPrefixHelpers.java
! src/share/classes/java/util/Arrays.java
+ test/java/util/Arrays/ParallelPrefix.java

From robert.field at oracle.com  Wed Jun 26 08:05:31 2013
From: robert.field at oracle.com (robert.field at oracle.com)
Date: Wed, 26 Jun 2013 15:05:31 +0000
Subject: hg: jdk8/tl/jdk: 8016761: Lambda metafactory - incorrect type
	conversion of constructor method handle
Message-ID: <20130626150554.74E1148551@hg.openjdk.java.net>

Changeset: 71059bca036a
Author:    rfield
Date:      2013-06-26 07:50 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/71059bca036a

8016761: Lambda metafactory - incorrect type conversion of constructor method handle
Reviewed-by: jrose

! src/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java
+ test/java/lang/invoke/lambda/LambdaConstructorMethodHandleUnbox.java

From Phillip.G.Thomas at Census.GOV  Wed Jun 26 09:40:28 2013
From: Phillip.G.Thomas at Census.GOV (Phillip Thomas)
Date: Wed, 26 Jun 2013 16:40:28 +0000 (UTC)
Subject: getCodeBase broken locally in 7 update 25
References: <000601ce6d3a$e3822110$aa866330$@segal.org>
	<0DB9525D-F31B-46AF-9303-116E8088CB51@oracle.com>
Message-ID: 

Sandeep Konchady  writes:

> 
> Hi Mickey,
> The issue you are seeing is intended behavior. This was caused because of
a vulnerability that was fixed in 7u25 in which which a ?getCodeBase call
against all local?applet/jnlp apps will return null.
> 
> 
> Thanks,
> Sandeep
> 
> 
> On Jun 19, 2013, at 3:18 PM, "Mickey Segal"
 wrote:
> 
> The local getCodeBase problem is not present in Java 8 build 94, the most
recent version.?
> ?
> 
> From:?Mickey Segal [mailto:java3  segal.org]?Sent:?Wednesday, June 19,
2013 3:56 PMTo:?Java Security
(security-dev at openjdk.java.net)Subject:?RE:
getCodeBase broken locally in 7 update 25
> 
> ?
> The same getCodeBase problem seems to be occurring on the MacOS version too.
> ?
> From:?Mickey Segal [mailto:java3 at segal.org]
> I upgraded a Windows 7 computer to Java version 1.7.0_25 from 1.7.0_21.? A
getCodeBase call in a signed applet now returns null.? In previous versions
of Java, getCodeBase returned a URL that referred to the current directory
(tested from Java 1.1 to 1.7.0_21 over the years).
> ?
> Was this done purposely for security reasons, or is it just a bug??
> ?
> I will also test on Macintosh and report back on macosx-port-dev if it is
a problem there too.
> 
> 
> 
> 
> 

Howdy,

Is there any more information on this change, such as what security this
actually provides?

Thanks In Advance,
Phillip Thomas

From naoto.sato at oracle.com  Wed Jun 26 11:21:50 2013
From: naoto.sato at oracle.com (naoto.sato at oracle.com)
Date: Wed, 26 Jun 2013 18:21:50 +0000
Subject: hg: jdk8/tl/jdk: 8017322: java/util/Currency/PropertiesTest.sh should
	run exclusively
Message-ID: <20130626182204.15CB648562@hg.openjdk.java.net>

Changeset: 336e5a862013
Author:    naoto
Date:      2013-06-26 11:21 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/336e5a862013

8017322: java/util/Currency/PropertiesTest.sh should run exclusively
Reviewed-by: alanb

! test/TEST.ROOT

From vincent.x.ryan at oracle.com  Wed Jun 26 11:38:56 2013
From: vincent.x.ryan at oracle.com (Vincent Ryan)
Date: Wed, 26 Jun 2013 19:38:56 +0100
Subject: [8] code review request for 7165807: Non optimized initialization
	of NSS crypto library leads to scalability issues
In-Reply-To: <51CA2675.8000202@oracle.com>
References: <74C0696A-EA88-4A09-B26A-C4506C374FCA@oracle.com>

	<51C1E897.30302@oracle.com>

	<51CA2675.8000202@oracle.com>
Message-ID: 

Thanks for the review Valerie. Comments below.

On 26 Jun 2013, at 00:23, Valerie (Yu-Ching) Peng wrote:

> 
> 
> - The private static native boolean nssInit(...) method should be removed? It seems obsolete by nssInitWithOptions(...) and I didn't see it being used anywhere. Same goes for the corresponding JNI method impl, i.e. Java_sun_security_pkcs11_Secmod_nssInit, in the j2secmod.c file.

I considered zapping nssInit() but I wanted to ensure I didn't break anything in the JDK 7 Update release.
I can remove it from the JDK 8 version.

> 
> 
> - Particular reason to use different variable name, i.e. "nssUseOptimizeSpace" and property/option name "nssOptimizeSpace"? It seems inconsistent as most config variable name matches the property/option name. Can't we just use "nssOptimizeSpace"across board?

The previous name of the SunPKCS11 configuration flag was 'nssUseOptimizeSpace'.
I'll update all the internal references.

> 
> 
> - line 127, empty string is used instead of the passed configDir. I am not sure if this correct. Why not just pass the configDir to this call?

To be consistent with the NSS native code: it passes an empty string.

> 
> Lastly, is the "NSS_Initialize(...)" method always available for the supported NSS library versions, i.e. 3.7+? Is this a newer method meant to replace "NSS_Init(...)"?

It's available in addition to the NSS_Init* functions (not a replacement).

> Thanks,
> Valerie
> 
> On 06/19/13 10:38, Vincent Ryan wrote:
>> Thanks for the review. I've simplified the name of the NSS flag, updated the bug report and filed a doc bug,
>> as you suggest.
>> 
>> 
>> 
>> On 19 Jun 2013, at 18:21, Sean Mullan wrote:
>> 
>>> Looks good, just a couple of comments:
>>> 
>>> 1. I think the name "nssOptimizeSpace" is clearer. The "Use" part seems a bit odd in the property name.
>>> 
>>> 2. Add the appropriate noreg label to the bug.
>>> 
>>> 3. File a followup doc bug to document the attribute in the PKCS11 guide.
>>> 
>>> --Sean
>>> 
>>> On 06/19/2013 08:49 AM, Vincent Ryan wrote:
>>>> I've made some corrections to the native method that initializes NSS.
>>>> The new webrev is at:
>>>> 
>>>>   http://cr.openjdk.java.net/~vinnie/7165807/webrev.01
>>>> 
>>>> 
>>>> 
>>>> On 14 Jun 2013, at 18:38, Vincent Ryan wrote:
>>>> 
>>>>> Please review the following fix:
>>>>> 
>>>>> http://cr.openjdk.java.net/~vinnie/7165807/webrev.00/
>>>>> http://bugs.sun.com/view_bug.do?bug_id=7165807
>>>>> 
>>>>> NSS may be initialized to favour performance or to favour memory footprint.
>>>>> This fix introduces a new configuration flag to allow Java applications to choose.
>>>>> By default, NSS will be initialized for performance.
>>>>> 
>>>>> Thanks.
>>>>> 
> 

From kumar.x.srinivasan at oracle.com  Wed Jun 26 09:58:04 2013
From: kumar.x.srinivasan at oracle.com (kumar.x.srinivasan at oracle.com)
Date: Wed, 26 Jun 2013 16:58:04 +0000
Subject: hg: jdk8/tl/langtools: 8016908: TEST_BUG: removing non-ascii
	characters causes tests to fail
Message-ID: <20130626165811.1043E4855B@hg.openjdk.java.net>

Changeset: c2d9303c3477
Author:    ksrini
Date:      2013-06-26 09:54 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/c2d9303c3477

8016908: TEST_BUG: removing non-ascii characters causes tests to fail
Reviewed-by: jjg, vromero

! test/tools/javac/api/6437999/T6437999.java
- test/tools/javac/api/6437999/Utf8.java
! test/tools/javac/api/T6306137.java

From joe.darcy at oracle.com  Wed Jun 26 13:24:31 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Wed, 26 Jun 2013 20:24:31 +0000
Subject: hg: jdk8/tl/jdk: 7018139: Fix HTML accessibility and doclint issues
	in java.math
Message-ID: <20130626202504.36FF848576@hg.openjdk.java.net>

Changeset: 1fda8fa7ae97
Author:    darcy
Date:      2013-06-26 13:24 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1fda8fa7ae97

7018139: Fix HTML accessibility and doclint issues in java.math
Reviewed-by: lancea, bpb

! src/share/classes/java/math/BigDecimal.java
! src/share/classes/java/math/RoundingMode.java

From valerie.peng at oracle.com  Wed Jun 26 14:24:52 2013
From: valerie.peng at oracle.com (Valerie (Yu-Ching) Peng)
Date: Wed, 26 Jun 2013 14:24:52 -0700
Subject: [8] code review request for 7165807: Non optimized initialization
	of NSS crypto library leads to scalability issues
In-Reply-To: 
References: <74C0696A-EA88-4A09-B26A-C4506C374FCA@oracle.com>

	<51C1E897.30302@oracle.com>

	<51CA2675.8000202@oracle.com>

Message-ID: <51CB5C24.3040704@oracle.com>

Sure, zapping the nssInit() for only JDK 8 is fine. Being a private 
static method, I doubt that its removal will break anything though.
Thanks,
Valerie

On 06/26/13 11:38, Vincent Ryan wrote:
> Thanks for the review Valerie. Comments below.
>
>
> On 26 Jun 2013, at 00:23, Valerie (Yu-Ching) Peng wrote:
>
>> 
>> - The private static native boolean nssInit(...) method should be removed? It seems obsolete by nssInitWithOptions(...) and I didn't see it being used anywhere. Same goes for the corresponding JNI method impl, i.e. Java_sun_security_pkcs11_Secmod_nssInit, in the j2secmod.c file.
> I considered zapping nssInit() but I wanted to ensure I didn't break anything in the JDK 7 Update release.
> I can remove it from the JDK 8 version.
>
>
>> 
>> - Particular reason to use different variable name, i.e. "nssUseOptimizeSpace" and property/option name "nssOptimizeSpace"? It seems inconsistent as most config variable name matches the property/option name. Can't we just use "nssOptimizeSpace"across board?
> The previous name of the SunPKCS11 configuration flag was 'nssUseOptimizeSpace'.
> I'll update all the internal references.
>
>
>> 
>> - line 127, empty string is used instead of the passed configDir. I am not sure if this correct. Why not just pass the configDir to this call?
> To be consistent with the NSS native code: it passes an empty string.
>
>
>> Lastly, is the "NSS_Initialize(...)" method always available for the supported NSS library versions, i.e. 3.7+? Is this a newer method meant to replace "NSS_Init(...)"?
> It's available in addition to the NSS_Init* functions (not a replacement).
>
>
>
>> Thanks,
>> Valerie
>>
>> On 06/19/13 10:38, Vincent Ryan wrote:
>>> Thanks for the review. I've simplified the name of the NSS flag, updated the bug report and filed a doc bug,
>>> as you suggest.
>>>
>>>
>>>
>>> On 19 Jun 2013, at 18:21, Sean Mullan wrote:
>>>
>>>> Looks good, just a couple of comments:
>>>>
>>>> 1. I think the name "nssOptimizeSpace" is clearer. The "Use" part seems a bit odd in the property name.
>>>>
>>>> 2. Add the appropriate noreg label to the bug.
>>>>
>>>> 3. File a followup doc bug to document the attribute in the PKCS11 guide.
>>>>
>>>> --Sean
>>>>
>>>> On 06/19/2013 08:49 AM, Vincent Ryan wrote:
>>>>> I've made some corrections to the native method that initializes NSS.
>>>>> The new webrev is at:
>>>>>
>>>>>    http://cr.openjdk.java.net/~vinnie/7165807/webrev.01
>>>>>
>>>>>
>>>>>
>>>>> On 14 Jun 2013, at 18:38, Vincent Ryan wrote:
>>>>>
>>>>>> Please review the following fix:
>>>>>>
>>>>>> http://cr.openjdk.java.net/~vinnie/7165807/webrev.00/
>>>>>> http://bugs.sun.com/view_bug.do?bug_id=7165807
>>>>>>
>>>>>> NSS may be initialized to favour performance or to favour memory footprint.
>>>>>> This fix introduces a new configuration flag to allow Java applications to choose.
>>>>>> By default, NSS will be initialized for performance.
>>>>>>
>>>>>> Thanks.
>>>>>>

From jonathan.gibbons at oracle.com  Wed Jun 26 18:04:31 2013
From: jonathan.gibbons at oracle.com (jonathan.gibbons at oracle.com)
Date: Thu, 27 Jun 2013 01:04:31 +0000
Subject: hg: jdk8/tl/langtools: 8014137: Update
	test/tools/javac/literals/UnderscoreLiterals to add testcases
	with min/max values
Message-ID: <20130627010436.E3A7F48583@hg.openjdk.java.net>

Changeset: 3b2e10524627
Author:    jjg
Date:      2013-06-26 18:03 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/3b2e10524627

8014137: Update test/tools/javac/literals/UnderscoreLiterals to add testcases with min/max values
Reviewed-by: jjg, darcy
Contributed-by: matherey.nunez at oracle.com

! test/tools/javac/literals/UnderscoreLiterals.java

From joe.darcy at oracle.com  Wed Jun 26 19:11:29 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Thu, 27 Jun 2013 02:11:29 +0000
Subject: hg: jdk8/tl/jdk: 8019223: Fix doclint warnings in java.rmi.server
Message-ID: <20130627021154.13AE048591@hg.openjdk.java.net>

Changeset: a5aa57eb85b6
Author:    darcy
Date:      2013-06-26 19:09 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a5aa57eb85b6

8019223: Fix doclint warnings in java.rmi.server
Reviewed-by: smarks

! src/share/classes/java/rmi/server/RMIClassLoader.java

From bradford.wetmore at oracle.com  Wed Jun 26 21:37:59 2013
From: bradford.wetmore at oracle.com (Brad Wetmore)
Date: Wed, 26 Jun 2013 21:37:59 -0700
Subject: Review Request: JDK-8019227: JDK-8010325 broke the old build
Message-ID: <51CBC1A7.5020206@oracle.com>

Brent/Alan/Mike,

Hashing.java was removed from the JDK workspace, but was not removed 
from the old java/java/FILES_java.gmk.  Things that still depend on the 
old build (JCE/deploy) are currently broken.

http://cr.openjdk.java.net/~wetmore/8019227/webrev.00/

Brad

P.S. I'm very aware that we need to move off the old build soon and am 
getting closer to finally working on it with Erik, and that the old 
build isn't complete.  But it's complete enough for the JCE 
dependencies.  Unfortunately, this isn't a simple transition 
(JDK-8006350), and this is a quick fix to get the JCE bits built.

From eric.mccorkle at oracle.com  Wed Jun 26 21:39:54 2013
From: eric.mccorkle at oracle.com (eric.mccorkle at oracle.com)
Date: Thu, 27 Jun 2013 04:39:54 +0000
Subject: hg: jdk8/tl/langtools: 8014230: Compilation incorrectly succeeds with
	inner class constructor with 254 parameters
Message-ID: <20130627043957.C59134859B@hg.openjdk.java.net>

Changeset: c674b396827c
Author:    emc
Date:      2013-06-27 00:37 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/c674b396827c

8014230: Compilation incorrectly succeeds with inner class constructor with 254 parameters
Summary: The compiler does not account fr extra parameters due to inner this parameters
Reviewed-by: jjg

! src/share/classes/com/sun/tools/javac/jvm/Gen.java
! src/share/classes/com/sun/tools/javac/main/Main.java
+ test/tools/javac/limits/NestedClassConstructorArgs.java
+ test/tools/javac/limits/NestedClassMethodArgs.java
- test/tools/javac/limits/NumArgs1.java
- test/tools/javac/limits/NumArgs2.java
- test/tools/javac/limits/NumArgs3.java
- test/tools/javac/limits/NumArgs4.java
+ test/tools/javac/limits/NumArgsTest.java
+ test/tools/javac/limits/StaticNestedClassConstructorArgs.java
+ test/tools/javac/limits/TopLevelClassConstructorArgs.java
+ test/tools/javac/limits/TopLevelClassMethodArgs.java
+ test/tools/javac/limits/TopLevelClassStaticMethodArgs.java

From joe.darcy at oracle.com  Wed Jun 26 22:12:20 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Thu, 27 Jun 2013 05:12:20 +0000
Subject: hg: jdk8/tl/jdk: 8019228: Fix doclint issues in java.util.zip
Message-ID: <20130627051241.8973A4859D@hg.openjdk.java.net>

Changeset: ac65905883a7
Author:    darcy
Date:      2013-06-26 22:12 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ac65905883a7

8019228: Fix doclint issues in java.util.zip
Reviewed-by: sherman, mchung

! src/share/classes/java/util/zip/Deflater.java
! src/share/classes/java/util/zip/Inflater.java

From Alan.Bateman at oracle.com  Wed Jun 26 23:13:39 2013
From: Alan.Bateman at oracle.com (Alan Bateman)
Date: Thu, 27 Jun 2013 07:13:39 +0100
Subject: Review Request: JDK-8019227: JDK-8010325 broke the old build
In-Reply-To: <51CBC1A7.5020206@oracle.com>
References: <51CBC1A7.5020206@oracle.com>
Message-ID: <51CBD813.6080807@oracle.com>

On 27/06/2013 05:37, Brad Wetmore wrote:
> Brent/Alan/Mike,
>
> Hashing.java was removed from the JDK workspace, but was not removed 
> from the old java/java/FILES_java.gmk.  Things that still depend on 
> the old build (JCE/deploy) are currently broken.
>
> http://cr.openjdk.java.net/~wetmore/8019227/webrev.00/
>
> Brad
>
> P.S. I'm very aware that we need to move off the old build soon and am 
> getting closer to finally working on it with Erik, and that the old 
> build isn't complete.  But it's complete enough for the JCE 
> dependencies.  Unfortunately, this isn't a simple transition 
> (JDK-8006350), and this is a quick fix to get the JCE bits built.

The old build has not produced usable bits for several months, it may 
not have been failing but if you look closely (or run the tests) then 
you'll see that there are several things missing. On build-dev then 
you'll probably have seen a mail or two from me where I was trying to 
encourage the build group to set a date to finally retire and remove the 
old build - this is because the old build is just a tax on every change 
that needs to touch the build.

Anyway, the change looks okay but I strongly encourage you to put in the 
time to resolve the usability or others ssues that arise when working on 
JCE.

-Alan

From vicente.romero at oracle.com  Thu Jun 27 01:52:38 2013
From: vicente.romero at oracle.com (vicente.romero at oracle.com)
Date: Thu, 27 Jun 2013 08:52:38 +0000
Subject: hg: jdk8/tl/langtools: 7066788: javah again accepts -old option
	(ineffectively) which was removed in 1.5.
Message-ID: <20130627085241.37F5A485AC@hg.openjdk.java.net>

Changeset: a47e28759666
Author:    vromero
Date:      2013-06-27 09:51 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/a47e28759666

7066788: javah again accepts -old option (ineffectively) which was removed in 1.5.
Reviewed-by: jjg

! src/share/classes/com/sun/tools/javah/JavahTask.java

From sundararajan.athijegannathan at oracle.com  Thu Jun 27 01:55:19 2013
From: sundararajan.athijegannathan at oracle.com (sundararajan.athijegannathan at oracle.com)
Date: Thu, 27 Jun 2013 08:55:19 +0000
Subject: hg: jdk8/tl/nashorn: 11 new changesets
Message-ID: <20130627085528.33365485AD@hg.openjdk.java.net>

Changeset: c30beaf3c42a
Author:    jlaskey
Date:      2013-06-21 14:34 -0300
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/c30beaf3c42a

8010732: BigDecimal, BigInteger and Long handling in nashorn
Reviewed-by: sundar
Contributed-by: james.laskey at oracle.com

+ test/script/basic/JDK-8010732.js
+ test/script/basic/JDK-8010732.js.EXPECTED

Changeset: 2ded2fc08c94
Author:    jlaskey
Date:      2013-06-22 10:12 -0300
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/2ded2fc08c94

8017448: JDK-8010732.js.EXPECTED truncated
Reviewed-by: sundar
Contributed-by: james.laskey at oracle.com

! test/script/basic/JDK-8010732.js.EXPECTED

Changeset: 51a5ee93d6bc
Author:    sundar
Date:      2013-06-24 19:06 +0530
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/51a5ee93d6bc

8015959: Can't call foreign constructor
Reviewed-by: jlaskey, hannesw

! src/jdk/nashorn/api/scripting/JSObject.java
! src/jdk/nashorn/api/scripting/ScriptObjectMirror.java
! src/jdk/nashorn/internal/runtime/ScriptFunction.java
! src/jdk/nashorn/internal/runtime/ScriptFunctionData.java
! src/jdk/nashorn/internal/runtime/ScriptRuntime.java
! src/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java
+ test/script/basic/JDK-8015959.js
+ test/script/basic/JDK-8015959.js.EXPECTED

Changeset: 26a345c26e62
Author:    sundar
Date:      2013-06-25 17:31 +0530
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/26a345c26e62

8015969: Needs to enforce and document that global "context" and "engine" can't be modified when running via jsr223
Reviewed-by: hannesw, jlaskey

! docs/JavaScriptingProgrammersGuide.html
! src/jdk/nashorn/api/scripting/NashornScriptEngine.java
! src/jdk/nashorn/internal/runtime/AccessorProperty.java
! src/jdk/nashorn/internal/runtime/Property.java
! src/jdk/nashorn/internal/runtime/UserAccessorProperty.java
+ test/script/basic/JDK-8015969.js

Changeset: 39e17373d8df
Author:    sundar
Date:      2013-06-26 16:36 +0530
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/39e17373d8df

8017950: error.stack should be a string rather than an array
Reviewed-by: hannesw, jlaskey

! src/jdk/nashorn/internal/objects/NativeError.java
! src/jdk/nashorn/internal/runtime/ECMAException.java
! test/script/basic/JDK-8012164.js
! test/script/basic/JDK-8012164.js.EXPECTED
+ test/script/basic/JDK-8017950.js
+ test/script/basic/JDK-8017950.js.EXPECTED
! test/script/basic/NASHORN-109.js
! test/script/basic/NASHORN-296.js
! test/script/basic/errorstack.js

Changeset: 682889823712
Author:    jlaskey
Date:      2013-06-26 08:36 -0300
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/682889823712

8008458: Strict functions dont share property map
Reviewed-by: sundar, hannesw
Contributed-by: james.laskey at oracle.com

! src/jdk/nashorn/internal/objects/NativeStrictArguments.java
! src/jdk/nashorn/internal/objects/ScriptFunctionImpl.java
! src/jdk/nashorn/internal/runtime/FindProperty.java
! src/jdk/nashorn/internal/runtime/Property.java
! src/jdk/nashorn/internal/runtime/PropertyMap.java
! src/jdk/nashorn/internal/runtime/ScriptObject.java
! src/jdk/nashorn/internal/runtime/SetMethodCreator.java
! src/jdk/nashorn/internal/runtime/UserAccessorProperty.java

Changeset: 80c66d3fd872
Author:    hannesw
Date:      2013-06-26 15:40 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/80c66d3fd872

8019157: Avoid calling ScriptObject.setProto() if possible
Reviewed-by: jlaskey, sundar

! buildtools/nasgen/src/jdk/nashorn/internal/tools/nasgen/ClassGenerator.java
! buildtools/nasgen/src/jdk/nashorn/internal/tools/nasgen/ScriptClassInstrumentor.java
! src/jdk/nashorn/internal/codegen/ClassEmitter.java
! src/jdk/nashorn/internal/codegen/CodeGenerator.java
! src/jdk/nashorn/internal/codegen/Compiler.java
! src/jdk/nashorn/internal/codegen/ObjectClassGenerator.java
! src/jdk/nashorn/internal/objects/AccessorPropertyDescriptor.java
! src/jdk/nashorn/internal/objects/ArrayBufferView.java
! src/jdk/nashorn/internal/objects/DataPropertyDescriptor.java
! src/jdk/nashorn/internal/objects/GenericPropertyDescriptor.java
! src/jdk/nashorn/internal/objects/Global.java
! src/jdk/nashorn/internal/objects/NativeArguments.java
! src/jdk/nashorn/internal/objects/NativeArray.java
! src/jdk/nashorn/internal/objects/NativeArrayBuffer.java
! src/jdk/nashorn/internal/objects/NativeBoolean.java
! src/jdk/nashorn/internal/objects/NativeDate.java
! src/jdk/nashorn/internal/objects/NativeDebug.java
! src/jdk/nashorn/internal/objects/NativeError.java
! src/jdk/nashorn/internal/objects/NativeEvalError.java
! src/jdk/nashorn/internal/objects/NativeFloat32Array.java
! src/jdk/nashorn/internal/objects/NativeFloat64Array.java
! src/jdk/nashorn/internal/objects/NativeFunction.java
! src/jdk/nashorn/internal/objects/NativeInt16Array.java
! src/jdk/nashorn/internal/objects/NativeInt32Array.java
! src/jdk/nashorn/internal/objects/NativeInt8Array.java
! src/jdk/nashorn/internal/objects/NativeJSAdapter.java
! src/jdk/nashorn/internal/objects/NativeJSON.java
! src/jdk/nashorn/internal/objects/NativeJava.java
! src/jdk/nashorn/internal/objects/NativeJavaImporter.java
! src/jdk/nashorn/internal/objects/NativeMath.java
! src/jdk/nashorn/internal/objects/NativeNumber.java
! src/jdk/nashorn/internal/objects/NativeObject.java
! src/jdk/nashorn/internal/objects/NativeRangeError.java
! src/jdk/nashorn/internal/objects/NativeReferenceError.java
! src/jdk/nashorn/internal/objects/NativeRegExp.java
! src/jdk/nashorn/internal/objects/NativeRegExpExecResult.java
! src/jdk/nashorn/internal/objects/NativeStrictArguments.java
! src/jdk/nashorn/internal/objects/NativeString.java
! src/jdk/nashorn/internal/objects/NativeSyntaxError.java
! src/jdk/nashorn/internal/objects/NativeTypeError.java
! src/jdk/nashorn/internal/objects/NativeURIError.java
! src/jdk/nashorn/internal/objects/NativeUint16Array.java
! src/jdk/nashorn/internal/objects/NativeUint32Array.java
! src/jdk/nashorn/internal/objects/NativeUint8Array.java
! src/jdk/nashorn/internal/objects/NativeUint8ClampedArray.java
! src/jdk/nashorn/internal/objects/PrototypeObject.java
! src/jdk/nashorn/internal/objects/ScriptFunctionImpl.java
! src/jdk/nashorn/internal/runtime/Context.java
! src/jdk/nashorn/internal/runtime/FunctionScope.java
! src/jdk/nashorn/internal/runtime/PropertyMap.java
! src/jdk/nashorn/internal/runtime/ScriptObject.java
! src/jdk/nashorn/internal/scripts/JO.java

Changeset: 635098f9f45e
Author:    sundar
Date:      2013-06-26 19:42 +0530
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/635098f9f45e

8014781: support Error.captureStackTrace
Reviewed-by: jlaskey, hannesw

! src/jdk/nashorn/api/scripting/NashornException.java
! src/jdk/nashorn/internal/objects/NativeError.java
+ test/script/basic/JDK-8014781.js
+ test/script/basic/JDK-8014781.js.EXPECTED

Changeset: d1886ad46f0c
Author:    jlaskey
Date:      2013-06-26 12:38 -0300
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/d1886ad46f0c

8019175: Simplify ScriptObject.modifyOwnProperty
Reviewed-by: hannesw
Contributed-by: james.laskey at oracle.com

! src/jdk/nashorn/internal/objects/ScriptFunctionImpl.java
! src/jdk/nashorn/internal/runtime/ScriptObject.java

Changeset: f9c855b828fe
Author:    sundar
Date:      2013-06-27 13:24 +0530
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/f9c855b828fe

8019226: line number not generated for first statement if it is on the same function declaration line
Reviewed-by: jlaskey, hannesw

! src/jdk/nashorn/internal/codegen/CodeGenerator.java
+ test/script/basic/JDK-8019226.js
+ test/script/basic/JDK-8019226.js.EXPECTED

Changeset: 5ec4762d9df0
Author:    sundar
Date:      2013-06-27 13:47 +0530
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/5ec4762d9df0

Merge

From vicente.romero at oracle.com  Thu Jun 27 01:57:12 2013
From: vicente.romero at oracle.com (vicente.romero at oracle.com)
Date: Thu, 27 Jun 2013 08:57:12 +0000
Subject: hg: jdk8/tl/langtools: 8017609: javac,
	ClassFile.read(Path) should be ClassFile.read(Path, Attribute.Factory)
Message-ID: <20130627085715.15B83485AF@hg.openjdk.java.net>

Changeset: 8e3d391c88c6
Author:    vromero
Date:      2013-06-27 09:54 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/8e3d391c88c6

8017609: javac, ClassFile.read(Path) should be ClassFile.read(Path, Attribute.Factory)
Reviewed-by: jjg

! src/share/classes/com/sun/tools/classfile/ClassFile.java

From chris.hegarty at oracle.com  Thu Jun 27 02:03:06 2013
From: chris.hegarty at oracle.com (Chris Hegarty)
Date: Thu, 27 Jun 2013 10:03:06 +0100
Subject: Review Request: JDK-8019227: JDK-8010325 broke the old build
In-Reply-To: <51CBD813.6080807@oracle.com>
References: <51CBC1A7.5020206@oracle.com> <51CBD813.6080807@oracle.com>
Message-ID: <51CBFFCA.2030904@oracle.com>

On 27/06/2013 07:13, Alan Bateman wrote:
> On 27/06/2013 05:37, Brad Wetmore wrote:
>> Brent/Alan/Mike,
>>
>> Hashing.java was removed from the JDK workspace, but was not removed
>> from the old java/java/FILES_java.gmk. Things that still depend on the
>> old build (JCE/deploy) are currently broken.
>>
>> http://cr.openjdk.java.net/~wetmore/8019227/webrev.00/
>>
>> Brad
>>
>> P.S. I'm very aware that we need to move off the old build soon and am
>> getting closer to finally working on it with Erik, and that the old
>> build isn't complete. But it's complete enough for the JCE
>> dependencies. Unfortunately, this isn't a simple transition
>> (JDK-8006350), and this is a quick fix to get the JCE bits built.
>
> The old build has not produced usable bits for several months, it may
> not have been failing but if you look closely (or run the tests) then
> you'll see that there are several things missing. On build-dev then
> you'll probably have seen a mail or two from me where I was trying to
> encourage the build group to set a date to finally retire and remove the
> old build - this is because the old build is just a tax on every change
> that needs to touch the build.
>
> Anyway, the change looks okay but I strongly encourage you to put in the
> time to resolve the usability or others ssues that arise when working on
> JCE.

+1 ( on the actual changes, and moving off the old build )

-Chris.

>
> -Alan

From erik.joelsson at oracle.com  Thu Jun 27 01:36:04 2013
From: erik.joelsson at oracle.com (erik.joelsson at oracle.com)
Date: Thu, 27 Jun 2013 08:36:04 +0000
Subject: hg: jdk8/tl/langtools: 8014513: Sjavac doesn't detect 32-bit jvm
	properly
Message-ID: <20130627083609.C2E77485AA@hg.openjdk.java.net>

Changeset: dcc6a52bf363
Author:    erikj
Date:      2013-06-27 10:35 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/dcc6a52bf363

8014513: Sjavac doesn't detect 32-bit jvm properly
Reviewed-by: jjg

! src/share/classes/com/sun/tools/sjavac/CompileJavaPackages.java

From chris.hegarty at oracle.com  Thu Jun 27 02:26:09 2013
From: chris.hegarty at oracle.com (chris.hegarty at oracle.com)
Date: Thu, 27 Jun 2013 09:26:09 +0000
Subject: hg: jdk8/tl/jdk: 2 new changesets
Message-ID: <20130627092645.22335485B2@hg.openjdk.java.net>

Changeset: 370e7beff8a0
Author:    wetmore
Date:      2013-06-27 10:19 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/370e7beff8a0

8019227: JDK-8010325 broke the old build
Reviewed-by: alanb, chegar

! make/java/java/FILES_java.gmk

Changeset: 4e69a7dfbeac
Author:    chegar
Date:      2013-06-27 10:21 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4e69a7dfbeac

Merge

From vicente.romero at oracle.com  Thu Jun 27 08:04:46 2013
From: vicente.romero at oracle.com (vicente.romero at oracle.com)
Date: Thu, 27 Jun 2013 15:04:46 +0000
Subject: hg: jdk8/tl/langtools: 8016099: Some @SuppressWarnings annotations
	ignored ( unchecked, rawtypes )
Message-ID: <20130627150449.A6E2D485C1@hg.openjdk.java.net>

Changeset: e42c27026290
Author:    vromero
Date:      2013-06-27 16:04 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/e42c27026290

8016099: Some @SuppressWarnings annotations ignored ( unchecked, rawtypes )
Reviewed-by: jjg

! src/share/classes/com/sun/tools/javac/comp/Attr.java
! src/share/classes/com/sun/tools/javac/comp/Check.java
+ test/tools/javac/T8016099/UncheckedWarningRegressionTest.java
+ test/tools/javac/T8016099/UncheckedWarningRegressionTest.out

From vicente.romero at oracle.com  Thu Jun 27 08:07:31 2013
From: vicente.romero at oracle.com (vicente.romero at oracle.com)
Date: Thu, 27 Jun 2013 15:07:31 +0000
Subject: hg: jdk8/tl/langtools: 7008643: inlined finally clauses confuse
	debuggers
Message-ID: <20130627150734.B03D6485C2@hg.openjdk.java.net>

Changeset: d137ce373c4c
Author:    vromero
Date:      2013-06-27 16:06 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/d137ce373c4c

7008643: inlined finally clauses confuse debuggers
Reviewed-by: jjg

! src/share/classes/com/sun/tools/javac/jvm/Gen.java
+ test/tools/javac/T7008643/InlinedFinallyConfuseDebuggersTest.java

From jonathan.gibbons at oracle.com  Thu Jun 27 09:07:16 2013
From: jonathan.gibbons at oracle.com (jonathan.gibbons at oracle.com)
Date: Thu, 27 Jun 2013 16:07:16 +0000
Subject: hg: jdk8/tl/langtools: 8015720: since tag isn't copied while
	generating JavaFX documentation
Message-ID: <20130627160719.CBD6E485C4@hg.openjdk.java.net>

Changeset: 26437287529d
Author:    janvalenta
Date:      2013-06-27 17:47 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/26437287529d

8015720: since tag isn't copied while generating JavaFX documentation
Reviewed-by: jjg

! src/share/classes/com/sun/tools/doclets/internal/toolkit/builders/MemberSummaryBuilder.java
! src/share/classes/com/sun/tools/doclets/internal/toolkit/taglets/TagletManager.java
! test/com/sun/javadoc/testJavaFX/C.java
! test/com/sun/javadoc/testJavaFX/TestJavaFX.java

From joe.darcy at oracle.com  Thu Jun 27 11:07:04 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Thu, 27 Jun 2013 18:07:04 +0000
Subject: hg: jdk8/tl/jdk: 8019304: Fix doclint issues in java.util.prefs
Message-ID: <20130627180740.9284B485CF@hg.openjdk.java.net>

Changeset: 1c31082f0a51
Author:    darcy
Date:      2013-06-27 11:06 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1c31082f0a51

8019304: Fix doclint issues in java.util.prefs
Reviewed-by: lancea

! src/share/classes/java/util/prefs/AbstractPreferences.java
! src/share/classes/java/util/prefs/PreferencesFactory.java

From bhavesh.x.patel at oracle.com  Wed Jun 26 20:43:35 2013
From: bhavesh.x.patel at oracle.com (bhavesh.x.patel at oracle.com)
Date: Thu, 27 Jun 2013 03:43:35 +0000
Subject: hg: jdk8/tl/langtools: 8014017: extra space in javadoc class heading
Message-ID: <20130627034337.CA2DE48596@hg.openjdk.java.net>

Changeset: 27bd6a2302f6
Author:    bpatel
Date:      2013-06-26 20:42 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/27bd6a2302f6

8014017: extra space in javadoc class heading
Reviewed-by: jjg

! src/share/classes/com/sun/tools/doclets/internal/toolkit/builders/ClassBuilder.java
! test/com/sun/javadoc/testPrivateClasses/TestPrivateClasses.java
! test/com/sun/javadoc/testTypeAnnotations/TestTypeAnnotations.java

From bhavesh.x.patel at oracle.com  Wed Jun 26 20:46:23 2013
From: bhavesh.x.patel at oracle.com (bhavesh.x.patel at oracle.com)
Date: Thu, 27 Jun 2013 03:46:23 +0000
Subject: hg: jdk8/tl/langtools: 8013738: Two javadoc tests have bug 0000000
Message-ID: <20130627034626.B473648597@hg.openjdk.java.net>

Changeset: 36e8bc1907a2
Author:    bpatel
Date:      2013-06-26 20:45 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/36e8bc1907a2

8013738: Two javadoc tests have bug 0000000
Reviewed-by: jjg

! test/com/sun/javadoc/testNestedInlineTag/TestNestedInlineTag.java
! test/com/sun/javadoc/testTagMisuse/TestTagMisuse.java

From bhavesh.x.patel at oracle.com  Wed Jun 26 20:39:41 2013
From: bhavesh.x.patel at oracle.com (bhavesh.x.patel at oracle.com)
Date: Thu, 27 Jun 2013 03:39:41 +0000
Subject: hg: jdk8/tl/langtools: 8007338: Method grouping tab line-folding
Message-ID: <20130627033947.CCC5A48594@hg.openjdk.java.net>

Changeset: 4fe5aab73bb2
Author:    bpatel
Date:      2013-06-26 20:38 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/4fe5aab73bb2

8007338: Method grouping tab line-folding
Reviewed-by: jjg

! src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/stylesheet.css
! test/com/sun/javadoc/testStylesheet/TestStylesheet.java

From joe.darcy at oracle.com  Thu Jun 27 11:49:08 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Thu, 27 Jun 2013 18:49:08 +0000
Subject: hg: jdk8/tl/langtools: 8019308: Add descriptions of Java SE 7 and 8
	language changes to SourceVersion
Message-ID: <20130627184914.3D2B9485D0@hg.openjdk.java.net>

Changeset: 065f8cb7bd89
Author:    darcy
Date:      2013-06-27 11:46 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/065f8cb7bd89

8019308: Add descriptions of Java SE 7 and 8 language changes to SourceVersion
Reviewed-by: jjg

! src/share/classes/javax/lang/model/SourceVersion.java

From bradford.wetmore at oracle.com  Thu Jun 27 12:08:41 2013
From: bradford.wetmore at oracle.com (Brad Wetmore)
Date: Thu, 27 Jun 2013 12:08:41 -0700
Subject: Review Request: JDK-8019227: JDK-8010325 broke the old build
In-Reply-To: <51CBD813.6080807@oracle.com>
References: <51CBC1A7.5020206@oracle.com> <51CBD813.6080807@oracle.com>
Message-ID: <51CC8DB9.8050406@oracle.com>

> The old build has not produced usable bits for several months, it may
> not have been failing but if you look closely (or run the tests) then
> you'll see that there are several things missing. On build-dev then
> you'll probably have seen a mail or two from me where I was trying to
> encourage the build group to set a date to finally retire and remove the
> old build - this is because the old build is just a tax on every change
> that needs to touch the build.
>
> Anyway, the change looks okay but I strongly encourage you to put in the
> time to resolve the usability or others ssues that arise when working on
> JCE.

Alan, I tried to save you the effort of composing just such a reply. 
I've seen your mails and agree with your sentiment.  You are preaching 
to the choir [1].  ;)

Thank you Chris, for doing the operation!

Brad

[1] http://idioms.thefreedictionary.com/preach+to+the+choir

From lance.andersen at oracle.com  Thu Jun 27 12:08:28 2013
From: lance.andersen at oracle.com (lance.andersen at oracle.com)
Date: Thu, 27 Jun 2013 19:08:28 +0000
Subject: hg: jdk8/tl/jdk: 8017471: Fix JDBC -Xdoclint public errors
Message-ID: <20130627190852.57175485D2@hg.openjdk.java.net>

Changeset: b9ba04dc210f
Author:    lancea
Date:      2013-06-27 15:07 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b9ba04dc210f

8017471: Fix JDBC -Xdoclint public errors
Reviewed-by: darcy

! src/share/classes/java/sql/Blob.java
! src/share/classes/java/sql/CallableStatement.java
! src/share/classes/java/sql/Clob.java
! src/share/classes/java/sql/DatabaseMetaData.java
! src/share/classes/java/sql/Driver.java
! src/share/classes/java/sql/DriverAction.java
! src/share/classes/java/sql/NClob.java
! src/share/classes/java/sql/ResultSet.java
! src/share/classes/java/sql/SQLInput.java
! src/share/classes/java/sql/SQLPermission.java
! src/share/classes/java/sql/SQLXML.java
! src/share/classes/java/sql/Wrapper.java
! src/share/classes/javax/sql/CommonDataSource.java
! src/share/classes/javax/sql/ConnectionPoolDataSource.java
! src/share/classes/javax/sql/DataSource.java
! src/share/classes/javax/sql/RowSet.java
! src/share/classes/javax/sql/XADataSource.java
! src/share/classes/javax/sql/rowset/BaseRowSet.java
! src/share/classes/javax/sql/rowset/CachedRowSet.java
! src/share/classes/javax/sql/rowset/FilteredRowSet.java
! src/share/classes/javax/sql/rowset/JdbcRowSet.java
! src/share/classes/javax/sql/rowset/Joinable.java
! src/share/classes/javax/sql/rowset/Predicate.java
! src/share/classes/javax/sql/rowset/RowSetProvider.java
! src/share/classes/javax/sql/rowset/RowSetWarning.java
! src/share/classes/javax/sql/rowset/WebRowSet.java
! src/share/classes/javax/sql/rowset/package.html
! src/share/classes/javax/sql/rowset/serial/SerialArray.java
! src/share/classes/javax/sql/rowset/serial/SerialBlob.java
! src/share/classes/javax/sql/rowset/serial/SerialClob.java
! src/share/classes/javax/sql/rowset/serial/SerialDatalink.java
! src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
! src/share/classes/javax/sql/rowset/serial/SerialRef.java
! src/share/classes/javax/sql/rowset/serial/SerialStruct.java
! src/share/classes/javax/sql/rowset/spi/SyncFactory.java
! src/share/classes/javax/sql/rowset/spi/SyncResolver.java

From joe.darcy at oracle.com  Thu Jun 27 12:24:39 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Thu, 27 Jun 2013 19:24:39 +0000
Subject: hg: jdk8/tl/jdk: 8019315: Fix doclint issues in java.util.logging
Message-ID: <20130627192500.9C6BA485D3@hg.openjdk.java.net>

Changeset: b8f16cb2d95b
Author:    darcy
Date:      2013-06-27 12:24 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b8f16cb2d95b

8019315: Fix doclint issues in java.util.logging
Reviewed-by: lancea

! src/share/classes/java/util/logging/Handler.java
! src/share/classes/java/util/logging/LogManager.java
! src/share/classes/java/util/logging/LogRecord.java

From kumar.x.srinivasan at oracle.com  Thu Jun 27 12:43:51 2013
From: kumar.x.srinivasan at oracle.com (kumar.x.srinivasan at oracle.com)
Date: Thu, 27 Jun 2013 19:43:51 +0000
Subject: hg: jdk8/tl/langtools: 7080001: Need to bump version numbers in
	build.properties for 8
Message-ID: <20130627194356.CCBFF485D6@hg.openjdk.java.net>

Changeset: 97e798c06804
Author:    ksrini
Date:      2013-06-27 12:42 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/97e798c06804

7080001: Need to bump version numbers in build.properties for 8
Reviewed-by: jjg

! make/build.properties

From stuart.marks at oracle.com  Thu Jun 27 13:33:43 2013
From: stuart.marks at oracle.com (stuart.marks at oracle.com)
Date: Thu, 27 Jun 2013 20:33:43 +0000
Subject: hg: jdk8/tl/jdk: 8019224: add exception chaining to RMI CGIHandler
Message-ID: <20130627203423.81A92485D7@hg.openjdk.java.net>

Changeset: 6729f7ef94cd
Author:    smarks
Date:      2013-06-27 13:35 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6729f7ef94cd

8019224: add exception chaining to RMI CGIHandler
Reviewed-by: darcy

! src/share/classes/sun/rmi/transport/proxy/CGIHandler.java

From bernd-2013 at eckenfels.net  Thu Jun 27 14:11:22 2013
From: bernd-2013 at eckenfels.net (Bernd Eckenfels)
Date: Thu, 27 Jun 2013 23:11:22 +0200
Subject: hg: jdk8/tl/jdk: 8019224: add exception chaining to RMI CGIHandler
In-Reply-To: <20130627203423.81A92485D7@hg.openjdk.java.net>
References: <20130627203423.81A92485D7@hg.openjdk.java.net>
Message-ID: 

Hello,
(sorry for answering to security-dev, I am not subscribed to the others)

the printStackTrace() seems wrong. This will ruin the HTTP Headers  
produced by returnXXXError() (if it is not too late at that point anyway  
as the execute() might also write data before).

I also think that if you want to output the stack trace, it should be done  
inside those two handlers.

BTW: Is somebody really using this?

Greetings
Bernd

Am 27.06.2013, 22:33 Uhr, schrieb :

> Changeset: 6729f7ef94cd
> Author:    smarks
> Date:      2013-06-27 13:35 -0700
> URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6729f7ef94cd
>
> 8019224: add exception chaining to RMI CGIHandler
> Reviewed-by: darcy
>
> ! src/share/classes/sun/rmi/transport/proxy/CGIHandler.java

From joe.darcy at oracle.com  Thu Jun 27 14:11:36 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Thu, 27 Jun 2013 21:11:36 +0000
Subject: hg: jdk8/tl/jdk: 8019320: Fix doclint issues in javax.script
Message-ID: <20130627211158.5E362485E4@hg.openjdk.java.net>

Changeset: 1099fe14fb65
Author:    darcy
Date:      2013-06-27 14:11 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1099fe14fb65

8019320: Fix doclint issues in javax.script
Reviewed-by: lancea

! src/share/classes/javax/script/Invocable.java
! src/share/classes/javax/script/ScriptContext.java
! src/share/classes/javax/script/ScriptEngineFactory.java
! src/share/classes/javax/script/SimpleScriptContext.java

From naoto.sato at oracle.com  Thu Jun 27 14:41:04 2013
From: naoto.sato at oracle.com (naoto.sato at oracle.com)
Date: Thu, 27 Jun 2013 21:41:04 +0000
Subject: hg: jdk8/tl/jdk: 6609431: (rb) ResourceBundle.getString() returns
	incorrect value
Message-ID: <20130627214128.48EDD485E7@hg.openjdk.java.net>

Changeset: e34e3ddb3cd8
Author:    naoto
Date:      2013-06-27 14:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e34e3ddb3cd8

6609431: (rb) ResourceBundle.getString() returns incorrect value
Reviewed-by: okutsu, sherman

! src/share/classes/java/util/Properties.java
+ test/java/util/Properties/Bug6609431.java
+ test/java/util/Properties/Bug6609431.properties

From eric.mccorkle at oracle.com  Thu Jun 27 14:46:51 2013
From: eric.mccorkle at oracle.com (eric.mccorkle at oracle.com)
Date: Thu, 27 Jun 2013 21:46:51 +0000
Subject: hg: jdk8/tl/langtools: 8013357: javac accepts erroneous binary
	comparison operations
Message-ID: <20130627214656.3A210485E8@hg.openjdk.java.net>

Changeset: 5c548a8542b8
Author:    emc
Date:      2013-06-27 17:45 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/5c548a8542b8

8013357: javac accepts erroneous binary comparison operations
Summary: javac does not report type errors on illegal Object == primitive comparisons
Reviewed-by: abuckley, mcimadamore

! src/share/classes/com/sun/tools/javac/code/Types.java
! src/share/classes/com/sun/tools/javac/comp/Attr.java
! test/tools/javac/lambda/LambdaConv01.java
! test/tools/javac/lambda/LambdaExpr15.java
! test/tools/javac/lambda/typeInference/InferenceTest2b.java
+ test/tools/javac/types/TestComparisons.java

From bradford.wetmore at oracle.com  Thu Jun 27 15:36:03 2013
From: bradford.wetmore at oracle.com (Brad Wetmore)
Date: Thu, 27 Jun 2013 15:36:03 -0700
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51C12DB5.6060107@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com>
Message-ID: <51CCBE53.6060800@oracle.com>

Going back to this...

On 6/18/2013 9:04 PM, Xuelei Fan wrote:
> On 6/19/2013 10:50 AM, Brad Wetmore wrote:
>> Sorry for the delay.
>>
>> Two comments about the property name.
>>
>> I don't see the jdk.tls *System* Property prefix used anywhere else,
>> except as a *Security* properties:
>>
>>      jdk.tls.rejectClientInitializedRenego
>>
>> Otherwise, I think we should stick to one of the current namespace.
>>
>>      jsse.               (my preference since this is expected across
>>                           other JDKs)
>>      sun.security.ssl.
>>
> At the beginning, I use the prefix "jsse.*". But it is rejected (CCC)
> because the system property has no effect on other providers.

...and...

 > "jsse" prefix
 > should not be used in provider level libraries (for example, Oracle
 > JSSE provider).

I'm not following the logic at all here.  I think I'm hearing that:

     jsse.*:    used by the javax.net.ssl.* code
     jdk.tls.*: used by the sun.security.ssl.* code

But that doesn't quite make sense since we already have the following 
SunJSSE-specific properties:  jsse.enableSNIExtension, 
jsse.SSLEngine.acceptLargeFragments, jsse.enableCBCProtection.

For the javax.net.ssl.* code, we already have been using since very 
early on:

     ssl.*:  used by the javax.net.ssl.* code.  e.g.
             KeyManagerFactory, TrustManagerFactory,
             ServerSocketFactory.provider, SocketFactory.provider

And then there are the other sun.security.ssl.* and javax.net.ssl.* for 
SunJSSE providers that we expect other providers will use:

     sun.security.ssl.*
             allowUnsafeRenegotiation, allowLegacyHelloMessages

     javax.net.ssl.*
             keyStore, keyStorePassword, etc.
             trustStore, trustStorePassword, etc.

And now we're adding yet another naming scheme?  If it weren't for:

http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization

I'd be completely lost.

Brad

> Now, two
> styles are acceptable. "jdk.*" is for JDK properties, and "jsse.*" is
> used when other parties also should follow it. "sun.security.ssl" is
> deprecated, I think.
>
>> Regarding rejectClientInitializedRenego, I think the word "Initiated"
>> more succinctly captures the intent of this property, rather than
>> "Initalized."  And as long as the word "Renegotiation" is, it should
>> probably be spelled out completely.  AFAIK, we rarely abbreviate
>> external names like this.
>>
>> Same "initiated" comment about the variable name in your codereview, but
>> I don't care much about Renogo.
>>
> I prefer "Initiated" to "Initalized".  Let's make the update in another
> update.

Thanks for considering.

>> ServerHandshaker.java
>> =====================
>> 283:  My initial thought was a no_renegotiation(100) warning, but that
>> allows the client to decide what to do, rather than the server terminating.
>>
> No, we cannot.  First of all, warning message is not very useful because
> in general the sending party cannot know how the receiving party behave.
>   Secondly, it is the expected behavior to *reject" client initiated
> renegotiation. It is the server who should make the decision, but not
> the client.
>
>> This TLS logic decision is not straightforward, so this needs commenting.
>>
> I think "reject client initialized renegotiation" has say all. ;-) I
> will add words about "state != HandshakeMessage.ht_hello_request".
>
>
>> 379:  since you're making changes here.
>>
>>    response->respond
>>
> OK.
>
>> Since you already have CCC approval and are ready to putback, I would
>> suggest putting back now, and let's file another CCC to change the name.
>>   That should be a no-brainer.
>>
> OK.
>
> Thanks,
> Xuelei
>
>> Thanks!
>>
>> Brad
>>
>>
>>
>>
>>
>> On 5/29/2013 7:05 PM, Xuelei Fan wrote:
>>> Got it. Yes, this fix is addressing a different issue from you mentioned
>>> below.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>> On 5/30/2013 9:53 AM, Bernd Eckenfels wrote:
>>>> Am 30.05.2013, 02:18 Uhr, schrieb Xuelei Fan :
>>>>>> 2381456
>>>>> Would you mind send me the link of the bug, or the code review request
>>>>> mail?  I may miss some mails about this direction.
>>>>
>>>> I am afraid I cant sent the link, the Bug is in review state and
>>>> therefore not visible for me. It was acknowledged 2012-11-12, see
>>>> attached. I guess the link would be
>>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2381456 (not sure if
>>>> the numbers are the same in the new bug tool).
>>>>
>>>>> Good suggestion.  Oracle provider of JSSE had addressed the TLS
>>>>> renegotiation issue in JDK 1.4.2 update 26, JDK 1.5.0 update 24 and JDK
>>>>> 6u 19 around the end of 2009 and the beginning of 2010.  Here is the
>>>>> readme of the fix:
>>>>> http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html.
>>>>>
>>>>>
>>>>
>>>> Thats a different problem, I was thinking about preventing execessive
>>>> client initiated renegotiations. This is for example CVE-2011-1473 from
>>>> THC.
>>>>
>>>>>> You mentioned industry will move to a secure handshake - are you
>>>>>> aware of any initiative in that direction?
>>>>>>
>>>>> See http://www.rfc.org/rfc/rfc5746.txt.  As far as I know, nearly all
>>>>> major vendors of SSL protocols has support RFC5746.
>>>>
>>>> Ok, but thats a different issue. I was expecting 7188658 to address
>>>> another point, but I might be wrong.
>>>>
>>>> I understand that as of Oracle policy we cannot discuss it. Even if this
>>>> is a very well known issue. :-/
>>>>
>>>> Greetings
>>>> Bernd
>>>
>

From bradford.wetmore at oracle.com  Thu Jun 27 15:44:11 2013
From: bradford.wetmore at oracle.com (Brad Wetmore)
Date: Thu, 27 Jun 2013 15:44:11 -0700
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51C12DB5.6060107@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com>
Message-ID: <51CCC03B.5090900@oracle.com>

continued, I forgot this next part.

>> ServerHandshaker.java
>> =====================
>> 283:  My initial thought was a no_renegotiation(100) warning, but that
>> allows the client to decide what to do, rather than the server terminating.
>>
> No, we cannot.  First of all, warning message is not very useful because
> in general the sending party cannot know how the receiving party behave.
>   Secondly, it is the expected behavior to *reject" client initiated
> renegotiation. It is the server who should make the decision, but not
> the client.

Exactly.

>> This TLS logic decision is not straightforward, so this needs commenting.

And the above is what I wanted to see in the comments.  That is, why we 
don't send a no_renegotiation warning alert.  It's a subtle but 
important enough point that should be documented.  I think we should 
open a separate bug to handle this.  Just a couple of lines are needed.

> I think "reject client initialized renegotiation" has say all. ;-) I
> will add words about "state != HandshakeMessage.ht_hello_request".

Different comment.

Brad

From xuelei.fan at oracle.com  Thu Jun 27 16:51:15 2013
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Fri, 28 Jun 2013 07:51:15 +0800
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51CCC03B.5090900@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCC03B.5090900@oracle.com>
Message-ID: <51CCCFF3.8070908@oracle.com>

On 6/28/2013 6:44 AM, Brad Wetmore wrote:
> continued, I forgot this next part.
> 
>>> ServerHandshaker.java
>>> =====================
>>> 283:  My initial thought was a no_renegotiation(100) warning, but that
>>> allows the client to decide what to do, rather than the server
>>> terminating.
>>>
>> No, we cannot.  First of all, warning message is not very useful because
>> in general the sending party cannot know how the receiving party behave.
>>   Secondly, it is the expected behavior to *reject" client initiated
>> renegotiation. It is the server who should make the decision, but not
>> the client.
> 
> Exactly.
> 
>>> This TLS logic decision is not straightforward, so this needs
>>> commenting.
> 
> And the above is what I wanted to see in the comments.  That is, why we
> don't send a no_renegotiation warning alert.  It's a subtle but
> important enough point that should be documented.  I think we should
> open a separate bug to handle this.  Just a couple of lines are needed.
> 
What do you think these words:

"Please don't send a no_renegotiation warning alert. Warning message is
not very useful because in general the sending party cannot know how the
receiving party behave.  The server side need to reject client initiated
renegotiation proactively."

Thanks,
Xuelei

From xuelei.fan at oracle.com  Thu Jun 27 16:59:00 2013
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Fri, 28 Jun 2013 07:59:00 +0800
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51CCBE53.6060800@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCBE53.6060800@oracle.com>
Message-ID: <51CCD1C4.70503@oracle.com>

I agree that the property name is pretty confusing now.  We need to
consolidate the property naming styles, at least in JSSE component. I
will go back to this topic later.

Xuelei

On 6/28/2013 6:36 AM, Brad Wetmore wrote:
> Going back to this...
> 
> On 6/18/2013 9:04 PM, Xuelei Fan wrote:
>> On 6/19/2013 10:50 AM, Brad Wetmore wrote:
>>> Sorry for the delay.
>>>
>>> Two comments about the property name.
>>>
>>> I don't see the jdk.tls *System* Property prefix used anywhere else,
>>> except as a *Security* properties:
>>>
>>>      jdk.tls.rejectClientInitializedRenego
>>>
>>> Otherwise, I think we should stick to one of the current namespace.
>>>
>>>      jsse.               (my preference since this is expected across
>>>                           other JDKs)
>>>      sun.security.ssl.
>>>
>> At the beginning, I use the prefix "jsse.*". But it is rejected (CCC)
>> because the system property has no effect on other providers.
> 
> ...and...
> 
>> "jsse" prefix
>> should not be used in provider level libraries (for example, Oracle
>> JSSE provider).
> 
> I'm not following the logic at all here.  I think I'm hearing that:
> 
>     jsse.*:    used by the javax.net.ssl.* code
>     jdk.tls.*: used by the sun.security.ssl.* code
> 
> But that doesn't quite make sense since we already have the following
> SunJSSE-specific properties:  jsse.enableSNIExtension,
> jsse.SSLEngine.acceptLargeFragments, jsse.enableCBCProtection.
> 
> For the javax.net.ssl.* code, we already have been using since very
> early on:
> 
>     ssl.*:  used by the javax.net.ssl.* code.  e.g.
>             KeyManagerFactory, TrustManagerFactory,
>             ServerSocketFactory.provider, SocketFactory.provider
> 
> And then there are the other sun.security.ssl.* and javax.net.ssl.* for
> SunJSSE providers that we expect other providers will use:
> 
>     sun.security.ssl.*
>             allowUnsafeRenegotiation, allowLegacyHelloMessages
> 
>     javax.net.ssl.*
>             keyStore, keyStorePassword, etc.
>             trustStore, trustStorePassword, etc.
> 
> And now we're adding yet another naming scheme?  If it weren't for:
> 
> 
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization
> 
> 
> I'd be completely lost.
> 
> Brad
> 
> 
>> Now, two
>> styles are acceptable. "jdk.*" is for JDK properties, and "jsse.*" is
>> used when other parties also should follow it. "sun.security.ssl" is
>> deprecated, I think.
>>
>>> Regarding rejectClientInitializedRenego, I think the word "Initiated"
>>> more succinctly captures the intent of this property, rather than
>>> "Initalized."  And as long as the word "Renegotiation" is, it should
>>> probably be spelled out completely.  AFAIK, we rarely abbreviate
>>> external names like this.
>>>
>>> Same "initiated" comment about the variable name in your codereview, but
>>> I don't care much about Renogo.
>>>
>> I prefer "Initiated" to "Initalized".  Let's make the update in another
>> update.
> 
> Thanks for considering.
> 
>>> ServerHandshaker.java
>>> =====================
>>> 283:  My initial thought was a no_renegotiation(100) warning, but that
>>> allows the client to decide what to do, rather than the server
>>> terminating.
>>>
>> No, we cannot.  First of all, warning message is not very useful because
>> in general the sending party cannot know how the receiving party behave.
>>   Secondly, it is the expected behavior to *reject" client initiated
>> renegotiation. It is the server who should make the decision, but not
>> the client.
>>
>>> This TLS logic decision is not straightforward, so this needs
>>> commenting.
>>>
>> I think "reject client initialized renegotiation" has say all. ;-) I
>> will add words about "state != HandshakeMessage.ht_hello_request".
>>
>>
>>> 379:  since you're making changes here.
>>>
>>>    response->respond
>>>
>> OK.
>>
>>> Since you already have CCC approval and are ready to putback, I would
>>> suggest putting back now, and let's file another CCC to change the name.
>>>   That should be a no-brainer.
>>>
>> OK.
>>
>> Thanks,
>> Xuelei
>>
>>> Thanks!
>>>
>>> Brad
>>>
>>>
>>>
>>>
>>>
>>> On 5/29/2013 7:05 PM, Xuelei Fan wrote:
>>>> Got it. Yes, this fix is addressing a different issue from you
>>>> mentioned
>>>> below.
>>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>>>> On 5/30/2013 9:53 AM, Bernd Eckenfels wrote:
>>>>> Am 30.05.2013, 02:18 Uhr, schrieb Xuelei Fan :
>>>>>>> 2381456
>>>>>> Would you mind send me the link of the bug, or the code review
>>>>>> request
>>>>>> mail?  I may miss some mails about this direction.
>>>>>
>>>>> I am afraid I cant sent the link, the Bug is in review state and
>>>>> therefore not visible for me. It was acknowledged 2012-11-12, see
>>>>> attached. I guess the link would be
>>>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2381456 (not
>>>>> sure if
>>>>> the numbers are the same in the new bug tool).
>>>>>
>>>>>> Good suggestion.  Oracle provider of JSSE had addressed the TLS
>>>>>> renegotiation issue in JDK 1.4.2 update 26, JDK 1.5.0 update 24
>>>>>> and JDK
>>>>>> 6u 19 around the end of 2009 and the beginning of 2010.  Here is the
>>>>>> readme of the fix:
>>>>>> http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> Thats a different problem, I was thinking about preventing execessive
>>>>> client initiated renegotiations. This is for example CVE-2011-1473
>>>>> from
>>>>> THC.
>>>>>
>>>>>>> You mentioned industry will move to a secure handshake - are you
>>>>>>> aware of any initiative in that direction?
>>>>>>>
>>>>>> See http://www.rfc.org/rfc/rfc5746.txt.  As far as I know, nearly all
>>>>>> major vendors of SSL protocols has support RFC5746.
>>>>>
>>>>> Ok, but thats a different issue. I was expecting 7188658 to address
>>>>> another point, but I might be wrong.
>>>>>
>>>>> I understand that as of Oracle policy we cannot discuss it. Even if
>>>>> this
>>>>> is a very well known issue. :-/
>>>>>
>>>>> Greetings
>>>>> Bernd
>>>>
>>

From bernd-2013 at eckenfels.net  Thu Jun 27 17:05:06 2013
From: bernd-2013 at eckenfels.net (Bernd Eckenfels)
Date: Fri, 28 Jun 2013 02:05:06 +0200
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51CCCFF3.8070908@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCC03B.5090900@oracle.com>
	<51CCCFF3.8070908@oracle.com>
Message-ID: 

Am 28.06.2013, 01:51 Uhr, schrieb Xuelei Fan :
> "Please don't send a no_renegotiation warning alert. Warning message is
> not very useful because in general the sending party cannot know how the
> receiving party behave.  The server side need to reject client initiated
> renegotiation proactively."

Just for the record, I totally disagree. I would make the option a multi  
value like "accept(default)|ignore|reject". Because you never can know how  
the other side reacts. Ignoring renego requests is totally safe in the  
spec and in a situation where you chose to turn off renogotiation by  
clients you can have only two things:

a) clients continue to work when you ignore them
b) clients break

If you always terminate the connection there is no chance for some clients  
to keep working.

Today you can already achieve the termination of connection (by disabling  
all ciphersuites after initial handshake). You dont need to add code if  
you dont offer more (i.e. ignore) options.

Greetings
Bernd

PS: and regarding the naming a question, is "JSSE" the name of the Sun  
implementaion or of the Specification?
-- 
http://bernd.eckenfels.net

From bradford.wetmore at oracle.com  Thu Jun 27 17:16:57 2013
From: bradford.wetmore at oracle.com (Brad Wetmore)
Date: Thu, 27 Jun 2013 17:16:57 -0700
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51CCCFF3.8070908@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCC03B.5090900@oracle.com>
	<51CCCFF3.8070908@oracle.com>
Message-ID: <51CCD5F9.2060801@oracle.com>

Rearranging and tweaking a bit. What do you think of:

---
Reject client initiated renegotiation?

If server side should reject client-initiated renegotiation, send an 
alert_handshake_failure fatal alert, not a no_renegotiation warning 
alert (no_renegotiation must be a warning: RFC 2246).  no_renegotiation 
might seem more natural at first, but warnings are not appropriate 
because the sending party does not know how the receiving party will 
behave.  This state must be treated as a fatal server condition.

This will not have any impact on server initiated renegotiation.
---

Brad

On 6/27/2013 4:51 PM, Xuelei Fan wrote:
> On 6/28/2013 6:44 AM, Brad Wetmore wrote:
>> continued, I forgot this next part.
>>
>>>> ServerHandshaker.java
>>>> =====================
>>>> 283:  My initial thought was a no_renegotiation(100) warning, but that
>>>> allows the client to decide what to do, rather than the server
>>>> terminating.
>>>>
>>> No, we cannot.  First of all, warning message is not very useful because
>>> in general the sending party cannot know how the receiving party behave.
>>>    Secondly, it is the expected behavior to *reject" client initiated
>>> renegotiation. It is the server who should make the decision, but not
>>> the client.
>>
>> Exactly.
>>
>>>> This TLS logic decision is not straightforward, so this needs
>>>> commenting.
>>
>> And the above is what I wanted to see in the comments.  That is, why we
>> don't send a no_renegotiation warning alert.  It's a subtle but
>> important enough point that should be documented.  I think we should
>> open a separate bug to handle this.  Just a couple of lines are needed.
>>
> What do you think these words:
>
> "Please don't send a no_renegotiation warning alert. Warning message is
> not very useful because in general the sending party cannot know how the
> receiving party behave.  The server side need to reject client initiated
> renegotiation proactively."
>
> Thanks,
> Xuelei
>
>
>
>

From bradford.wetmore at oracle.com  Thu Jun 27 17:23:09 2013
From: bradford.wetmore at oracle.com (Brad Wetmore)
Date: Thu, 27 Jun 2013 17:23:09 -0700
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51CCD1C4.70503@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCBE53.6060800@oracle.com>
	<51CCD1C4.70503@oracle.com>
Message-ID: <51CCD76D.4070700@oracle.com>

On 6/27/2013 4:59 PM, Xuelei Fan wrote:
> I agree that the property name is pretty confusing now.  We need to
> consolidate the property naming styles, at least in JSSE component. I
> will go back to this topic later.

I've filed:

     JDK-8019346 Reconsider the namespace for JDK-7188658

to track for 8.

Brad

> Xuelei
>
> On 6/28/2013 6:36 AM, Brad Wetmore wrote:
>> Going back to this...
>>
>> On 6/18/2013 9:04 PM, Xuelei Fan wrote:
>>> On 6/19/2013 10:50 AM, Brad Wetmore wrote:
>>>> Sorry for the delay.
>>>>
>>>> Two comments about the property name.
>>>>
>>>> I don't see the jdk.tls *System* Property prefix used anywhere else,
>>>> except as a *Security* properties:
>>>>
>>>>       jdk.tls.rejectClientInitializedRenego
>>>>
>>>> Otherwise, I think we should stick to one of the current namespace.
>>>>
>>>>       jsse.               (my preference since this is expected across
>>>>                            other JDKs)
>>>>       sun.security.ssl.
>>>>
>>> At the beginning, I use the prefix "jsse.*". But it is rejected (CCC)
>>> because the system property has no effect on other providers.
>>
>> ...and...
>>
>>> "jsse" prefix
>>> should not be used in provider level libraries (for example, Oracle
>>> JSSE provider).
>>
>> I'm not following the logic at all here.  I think I'm hearing that:
>>
>>      jsse.*:    used by the javax.net.ssl.* code
>>      jdk.tls.*: used by the sun.security.ssl.* code
>>
>> But that doesn't quite make sense since we already have the following
>> SunJSSE-specific properties:  jsse.enableSNIExtension,
>> jsse.SSLEngine.acceptLargeFragments, jsse.enableCBCProtection.
>>
>> For the javax.net.ssl.* code, we already have been using since very
>> early on:
>>
>>      ssl.*:  used by the javax.net.ssl.* code.  e.g.
>>              KeyManagerFactory, TrustManagerFactory,
>>              ServerSocketFactory.provider, SocketFactory.provider
>>
>> And then there are the other sun.security.ssl.* and javax.net.ssl.* for
>> SunJSSE providers that we expect other providers will use:
>>
>>      sun.security.ssl.*
>>              allowUnsafeRenegotiation, allowLegacyHelloMessages
>>
>>      javax.net.ssl.*
>>              keyStore, keyStorePassword, etc.
>>              trustStore, trustStorePassword, etc.
>>
>> And now we're adding yet another naming scheme?  If it weren't for:
>>
>>
>> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization
>>
>>
>> I'd be completely lost.
>>
>> Brad
>>
>>
>>> Now, two
>>> styles are acceptable. "jdk.*" is for JDK properties, and "jsse.*" is
>>> used when other parties also should follow it. "sun.security.ssl" is
>>> deprecated, I think.
>>>
>>>> Regarding rejectClientInitializedRenego, I think the word "Initiated"
>>>> more succinctly captures the intent of this property, rather than
>>>> "Initalized."  And as long as the word "Renegotiation" is, it should
>>>> probably be spelled out completely.  AFAIK, we rarely abbreviate
>>>> external names like this.
>>>>
>>>> Same "initiated" comment about the variable name in your codereview, but
>>>> I don't care much about Renogo.
>>>>
>>> I prefer "Initiated" to "Initalized".  Let's make the update in another
>>> update.
>>
>> Thanks for considering.
>>
>>>> ServerHandshaker.java
>>>> =====================
>>>> 283:  My initial thought was a no_renegotiation(100) warning, but that
>>>> allows the client to decide what to do, rather than the server
>>>> terminating.
>>>>
>>> No, we cannot.  First of all, warning message is not very useful because
>>> in general the sending party cannot know how the receiving party behave.
>>>    Secondly, it is the expected behavior to *reject" client initiated
>>> renegotiation. It is the server who should make the decision, but not
>>> the client.
>>>
>>>> This TLS logic decision is not straightforward, so this needs
>>>> commenting.
>>>>
>>> I think "reject client initialized renegotiation" has say all. ;-) I
>>> will add words about "state != HandshakeMessage.ht_hello_request".
>>>
>>>
>>>> 379:  since you're making changes here.
>>>>
>>>>     response->respond
>>>>
>>> OK.
>>>
>>>> Since you already have CCC approval and are ready to putback, I would
>>>> suggest putting back now, and let's file another CCC to change the name.
>>>>    That should be a no-brainer.
>>>>
>>> OK.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>>> Thanks!
>>>>
>>>> Brad
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 5/29/2013 7:05 PM, Xuelei Fan wrote:
>>>>> Got it. Yes, this fix is addressing a different issue from you
>>>>> mentioned
>>>>> below.
>>>>>
>>>>> Thanks,
>>>>> Xuelei
>>>>>
>>>>> On 5/30/2013 9:53 AM, Bernd Eckenfels wrote:
>>>>>> Am 30.05.2013, 02:18 Uhr, schrieb Xuelei Fan :
>>>>>>>> 2381456
>>>>>>> Would you mind send me the link of the bug, or the code review
>>>>>>> request
>>>>>>> mail?  I may miss some mails about this direction.
>>>>>>
>>>>>> I am afraid I cant sent the link, the Bug is in review state and
>>>>>> therefore not visible for me. It was acknowledged 2012-11-12, see
>>>>>> attached. I guess the link would be
>>>>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2381456 (not
>>>>>> sure if
>>>>>> the numbers are the same in the new bug tool).
>>>>>>
>>>>>>> Good suggestion.  Oracle provider of JSSE had addressed the TLS
>>>>>>> renegotiation issue in JDK 1.4.2 update 26, JDK 1.5.0 update 24
>>>>>>> and JDK
>>>>>>> 6u 19 around the end of 2009 and the beginning of 2010.  Here is the
>>>>>>> readme of the fix:
>>>>>>> http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Thats a different problem, I was thinking about preventing execessive
>>>>>> client initiated renegotiations. This is for example CVE-2011-1473
>>>>>> from
>>>>>> THC.
>>>>>>
>>>>>>>> You mentioned industry will move to a secure handshake - are you
>>>>>>>> aware of any initiative in that direction?
>>>>>>>>
>>>>>>> See http://www.rfc.org/rfc/rfc5746.txt.  As far as I know, nearly all
>>>>>>> major vendors of SSL protocols has support RFC5746.
>>>>>>
>>>>>> Ok, but thats a different issue. I was expecting 7188658 to address
>>>>>> another point, but I might be wrong.
>>>>>>
>>>>>> I understand that as of Oracle policy we cannot discuss it. Even if
>>>>>> this
>>>>>> is a very well known issue. :-/
>>>>>>
>>>>>> Greetings
>>>>>> Bernd
>>>>>
>>>
>

From xuelei.fan at oracle.com  Thu Jun 27 17:39:28 2013
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Fri, 28 Jun 2013 08:39:28 +0800
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51CCD5F9.2060801@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCC03B.5090900@oracle.com>
	<51CCCFF3.8070908@oracle.com> <51CCD5F9.2060801@oracle.com>
Message-ID: <51CCDB40.1090803@oracle.com>

On 6/28/2013 8:16 AM, Brad Wetmore wrote:
> Rearranging and tweaking a bit. What do you think of:
> 
> ---
> Reject client initiated renegotiation?
> 
> If server side should reject client-initiated renegotiation, send an
> alert_handshake_failure fatal alert, not a no_renegotiation warning
> alert (no_renegotiation must be a warning: RFC 2246).  no_renegotiation
> might seem more natural at first, but warnings are not appropriate
> because the sending party does not know how the receiving party will
> behave.  This state must be treated as a fatal server condition.
> 
> This will not have any impact on server initiated renegotiation.
> ---
> 
Looks nice to me.

Xuelei

> Brad
> 
> 
> 
> 
> On 6/27/2013 4:51 PM, Xuelei Fan wrote:
>> On 6/28/2013 6:44 AM, Brad Wetmore wrote:
>>> continued, I forgot this next part.
>>>
>>>>> ServerHandshaker.java
>>>>> =====================
>>>>> 283:  My initial thought was a no_renegotiation(100) warning, but that
>>>>> allows the client to decide what to do, rather than the server
>>>>> terminating.
>>>>>
>>>> No, we cannot.  First of all, warning message is not very useful
>>>> because
>>>> in general the sending party cannot know how the receiving party
>>>> behave.
>>>>    Secondly, it is the expected behavior to *reject" client initiated
>>>> renegotiation. It is the server who should make the decision, but not
>>>> the client.
>>>
>>> Exactly.
>>>
>>>>> This TLS logic decision is not straightforward, so this needs
>>>>> commenting.
>>>
>>> And the above is what I wanted to see in the comments.  That is, why we
>>> don't send a no_renegotiation warning alert.  It's a subtle but
>>> important enough point that should be documented.  I think we should
>>> open a separate bug to handle this.  Just a couple of lines are needed.
>>>
>> What do you think these words:
>>
>> "Please don't send a no_renegotiation warning alert. Warning message is
>> not very useful because in general the sending party cannot know how the
>> receiving party behave.  The server side need to reject client initiated
>> renegotiation proactively."
>>
>> Thanks,
>> Xuelei
>>
>>
>>
>>

From xuelei.fan at oracle.com  Thu Jun 27 17:43:14 2013
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Fri, 28 Jun 2013 08:43:14 +0800
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51CCD76D.4070700@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCBE53.6060800@oracle.com>
	<51CCD1C4.70503@oracle.com> <51CCD76D.4070700@oracle.com>
Message-ID: <51CCDC22.8050600@oracle.com>

Thanks!  But it may not apply to JDK-7188658.  It is a naming style
applies to new names in the future.

Xuelei

On 6/28/2013 8:23 AM, Brad Wetmore wrote:
> 
> On 6/27/2013 4:59 PM, Xuelei Fan wrote:
>> I agree that the property name is pretty confusing now.  We need to
>> consolidate the property naming styles, at least in JSSE component. I
>> will go back to this topic later.
> 
> I've filed:
> 
>     JDK-8019346 Reconsider the namespace for JDK-7188658
> 
> to track for 8.
> 
> Brad
> 
> 
> 
> 
>> Xuelei
>>
>> On 6/28/2013 6:36 AM, Brad Wetmore wrote:
>>> Going back to this...
>>>
>>> On 6/18/2013 9:04 PM, Xuelei Fan wrote:
>>>> On 6/19/2013 10:50 AM, Brad Wetmore wrote:
>>>>> Sorry for the delay.
>>>>>
>>>>> Two comments about the property name.
>>>>>
>>>>> I don't see the jdk.tls *System* Property prefix used anywhere else,
>>>>> except as a *Security* properties:
>>>>>
>>>>>       jdk.tls.rejectClientInitializedRenego
>>>>>
>>>>> Otherwise, I think we should stick to one of the current namespace.
>>>>>
>>>>>       jsse.               (my preference since this is expected across
>>>>>                            other JDKs)
>>>>>       sun.security.ssl.
>>>>>
>>>> At the beginning, I use the prefix "jsse.*". But it is rejected (CCC)
>>>> because the system property has no effect on other providers.
>>>
>>> ...and...
>>>
>>>> "jsse" prefix
>>>> should not be used in provider level libraries (for example, Oracle
>>>> JSSE provider).
>>>
>>> I'm not following the logic at all here.  I think I'm hearing that:
>>>
>>>      jsse.*:    used by the javax.net.ssl.* code
>>>      jdk.tls.*: used by the sun.security.ssl.* code
>>>
>>> But that doesn't quite make sense since we already have the following
>>> SunJSSE-specific properties:  jsse.enableSNIExtension,
>>> jsse.SSLEngine.acceptLargeFragments, jsse.enableCBCProtection.
>>>
>>> For the javax.net.ssl.* code, we already have been using since very
>>> early on:
>>>
>>>      ssl.*:  used by the javax.net.ssl.* code.  e.g.
>>>              KeyManagerFactory, TrustManagerFactory,
>>>              ServerSocketFactory.provider, SocketFactory.provider
>>>
>>> And then there are the other sun.security.ssl.* and javax.net.ssl.* for
>>> SunJSSE providers that we expect other providers will use:
>>>
>>>      sun.security.ssl.*
>>>              allowUnsafeRenegotiation, allowLegacyHelloMessages
>>>
>>>      javax.net.ssl.*
>>>              keyStore, keyStorePassword, etc.
>>>              trustStore, trustStorePassword, etc.
>>>
>>> And now we're adding yet another naming scheme?  If it weren't for:
>>>
>>>
>>> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization
>>>
>>>
>>>
>>> I'd be completely lost.
>>>
>>> Brad
>>>
>>>
>>>> Now, two
>>>> styles are acceptable. "jdk.*" is for JDK properties, and "jsse.*" is
>>>> used when other parties also should follow it. "sun.security.ssl" is
>>>> deprecated, I think.
>>>>
>>>>> Regarding rejectClientInitializedRenego, I think the word "Initiated"
>>>>> more succinctly captures the intent of this property, rather than
>>>>> "Initalized."  And as long as the word "Renegotiation" is, it should
>>>>> probably be spelled out completely.  AFAIK, we rarely abbreviate
>>>>> external names like this.
>>>>>
>>>>> Same "initiated" comment about the variable name in your
>>>>> codereview, but
>>>>> I don't care much about Renogo.
>>>>>
>>>> I prefer "Initiated" to "Initalized".  Let's make the update in another
>>>> update.
>>>
>>> Thanks for considering.
>>>
>>>>> ServerHandshaker.java
>>>>> =====================
>>>>> 283:  My initial thought was a no_renegotiation(100) warning, but that
>>>>> allows the client to decide what to do, rather than the server
>>>>> terminating.
>>>>>
>>>> No, we cannot.  First of all, warning message is not very useful
>>>> because
>>>> in general the sending party cannot know how the receiving party
>>>> behave.
>>>>    Secondly, it is the expected behavior to *reject" client initiated
>>>> renegotiation. It is the server who should make the decision, but not
>>>> the client.
>>>>
>>>>> This TLS logic decision is not straightforward, so this needs
>>>>> commenting.
>>>>>
>>>> I think "reject client initialized renegotiation" has say all. ;-) I
>>>> will add words about "state != HandshakeMessage.ht_hello_request".
>>>>
>>>>
>>>>> 379:  since you're making changes here.
>>>>>
>>>>>     response->respond
>>>>>
>>>> OK.
>>>>
>>>>> Since you already have CCC approval and are ready to putback, I would
>>>>> suggest putting back now, and let's file another CCC to change the
>>>>> name.
>>>>>    That should be a no-brainer.
>>>>>
>>>> OK.
>>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>>>>> Thanks!
>>>>>
>>>>> Brad
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 5/29/2013 7:05 PM, Xuelei Fan wrote:
>>>>>> Got it. Yes, this fix is addressing a different issue from you
>>>>>> mentioned
>>>>>> below.
>>>>>>
>>>>>> Thanks,
>>>>>> Xuelei
>>>>>>
>>>>>> On 5/30/2013 9:53 AM, Bernd Eckenfels wrote:
>>>>>>> Am 30.05.2013, 02:18 Uhr, schrieb Xuelei Fan
>>>>>>> :
>>>>>>>>> 2381456
>>>>>>>> Would you mind send me the link of the bug, or the code review
>>>>>>>> request
>>>>>>>> mail?  I may miss some mails about this direction.
>>>>>>>
>>>>>>> I am afraid I cant sent the link, the Bug is in review state and
>>>>>>> therefore not visible for me. It was acknowledged 2012-11-12, see
>>>>>>> attached. I guess the link would be
>>>>>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2381456 (not
>>>>>>> sure if
>>>>>>> the numbers are the same in the new bug tool).
>>>>>>>
>>>>>>>> Good suggestion.  Oracle provider of JSSE had addressed the TLS
>>>>>>>> renegotiation issue in JDK 1.4.2 update 26, JDK 1.5.0 update 24
>>>>>>>> and JDK
>>>>>>>> 6u 19 around the end of 2009 and the beginning of 2010.  Here is
>>>>>>>> the
>>>>>>>> readme of the fix:
>>>>>>>> http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> Thats a different problem, I was thinking about preventing
>>>>>>> execessive
>>>>>>> client initiated renegotiations. This is for example CVE-2011-1473
>>>>>>> from
>>>>>>> THC.
>>>>>>>
>>>>>>>>> You mentioned industry will move to a secure handshake - are you
>>>>>>>>> aware of any initiative in that direction?
>>>>>>>>>
>>>>>>>> See http://www.rfc.org/rfc/rfc5746.txt.  As far as I know,
>>>>>>>> nearly all
>>>>>>>> major vendors of SSL protocols has support RFC5746.
>>>>>>>
>>>>>>> Ok, but thats a different issue. I was expecting 7188658 to address
>>>>>>> another point, but I might be wrong.
>>>>>>>
>>>>>>> I understand that as of Oracle policy we cannot discuss it. Even if
>>>>>>> this
>>>>>>> is a very well known issue. :-/
>>>>>>>
>>>>>>> Greetings
>>>>>>> Bernd
>>>>>>
>>>>
>>

From xuelei.fan at oracle.com  Thu Jun 27 17:51:09 2013
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Fri, 28 Jun 2013 08:51:09 +0800
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: 
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCC03B.5090900@oracle.com>
	<51CCCFF3.8070908@oracle.com>

Message-ID: <51CCDDFD.9050704@oracle.com>

On 6/28/2013 8:05 AM, Bernd Eckenfels wrote:
> Am 28.06.2013, 01:51 Uhr, schrieb Xuelei Fan :
>> "Please don't send a no_renegotiation warning alert. Warning message is
>> not very useful because in general the sending party cannot know how the
>> receiving party behave.  The server side need to reject client initiated
>> renegotiation proactively."
> 
> Just for the record, I totally disagree. I would make the option a multi
> value like "accept(default)|ignore|reject". Because you never can know
> how the other side reacts. Ignoring renego requests is totally safe in
> the spec and in a situation where you chose to turn off renogotiation by
> clients you can have only two things:
> 
> a) clients continue to work when you ignore them
> b) clients break
> 
> If you always terminate the connection there is no chance for some
> clients to keep working.
> 
Great suggestion.  I will consider to add the new "ignore" option.

> Today you can already achieve the termination of connection (by
> disabling all ciphersuites after initial handshake). You dont need to
> add code if you dont offer more (i.e. ignore) options.
> 
You're right here.  This new system property is just to make the work a
little easier that developers won't need to touch the source code in
applications.

> Greetings
> Bernd
> 
> PS: and regarding the naming a question, is "JSSE" the name of the Sun
> implementaion or of the Specification?
I intend to use it for specification. But the names in JSSE is a little
confusing now (See Brad's response). We need to consolidate the naming
style.

Xuelei

From stuart.marks at oracle.com  Thu Jun 27 18:16:33 2013
From: stuart.marks at oracle.com (Stuart Marks)
Date: Thu, 27 Jun 2013 18:16:33 -0700
Subject: hg: jdk8/tl/jdk: 8019224: add exception chaining to RMI CGIHandler
In-Reply-To: 
References: <20130627203423.81A92485D7@hg.openjdk.java.net>

Message-ID: <51CCE3F1.20106@oracle.com>

Hi Bernd,

A fair question. The Throwable.printStackTrace() call goes to the standard 
error stream, which is *usually* not mixed with the HTTP response collected 
from stdout and thus shouldn't spoil the protocol. But this really depends on 
how it's invoked. My assumption is that stderr is usually connected to 
somewhere suitable like an error log file, but this isn't always the case.

Unfortunately the handler methods don't have any better place to send error 
output. Reformatting it into a valid HTTP error response and sending it back to 
the client is bad form. One could open a log file and send it there, I suppose, 
but this seems worse than just relying on the calling web server to have 
redirected stderr somewhere reasonable.

The CGI wrappers for this class (src/windows/bin/java-rmi.c and 
src/solaris/bin/java-rmi.cgi.sh) inherit stderr from their invoker.

As for whether anybody uses this ... well, if you hear of anybody, please let 
me know. We do have a test for it -- closed source, unfortunately -- which has 
started failing, which is the main impetus for this change. (We suspect a 
configuration issue in our test environment.)

Thanks for looking.

s'marks

On 6/27/13 2:11 PM, Bernd Eckenfels wrote:
> Hello,
> (sorry for answering to security-dev, I am not subscribed to the others)
>
> the printStackTrace() seems wrong. This will ruin the HTTP Headers produced by
> returnXXXError() (if it is not too late at that point anyway as the execute()
> might also write data before).
>
> I also think that if you want to output the stack trace, it should be done
> inside those two handlers.
>
> BTW: Is somebody really using this?
>
> Greetings
> Bernd
>
>
> Am 27.06.2013, 22:33 Uhr, schrieb :
>
>> Changeset: 6729f7ef94cd
>> Author:    smarks
>> Date:      2013-06-27 13:35 -0700
>> URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6729f7ef94cd
>>
>> 8019224: add exception chaining to RMI CGIHandler
>> Reviewed-by: darcy
>>
>> ! src/share/classes/sun/rmi/transport/proxy/CGIHandler.java

From joe.darcy at oracle.com  Thu Jun 27 19:02:19 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Fri, 28 Jun 2013 02:02:19 +0000
Subject: hg: jdk8/tl/jdk: 8019357: Fix doclint warnings in java.lang.invoke
Message-ID: <20130628020243.A703448604@hg.openjdk.java.net>

Changeset: 29bbbb136bc5
Author:    darcy
Date:      2013-06-27 19:02 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/29bbbb136bc5

8019357: Fix doclint warnings in java.lang.invoke
Reviewed-by: jrose

! src/share/classes/java/lang/invoke/LambdaConversionException.java
! src/share/classes/java/lang/invoke/LambdaMetafactory.java
! src/share/classes/java/lang/invoke/MethodHandle.java
! src/share/classes/java/lang/invoke/MethodHandleProxies.java
! src/share/classes/java/lang/invoke/MethodHandles.java
! src/share/classes/java/lang/invoke/MethodType.java
! src/share/classes/java/lang/invoke/MutableCallSite.java
! src/share/classes/java/lang/invoke/SerializedLambda.java
! src/share/classes/java/lang/invoke/package-info.java

From xuelei.fan at oracle.com  Thu Jun 27 19:26:43 2013
From: xuelei.fan at oracle.com (xuelei.fan at oracle.com)
Date: Fri, 28 Jun 2013 02:26:43 +0000
Subject: hg: jdk8/tl/jdk: 8019359: To comment why not use no_renegotiation to
	reject client initiated renegotiation
Message-ID: <20130628022718.2C53648605@hg.openjdk.java.net>

Changeset: 60d1994f63f7
Author:    xuelei
Date:      2013-06-27 19:22 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/60d1994f63f7

8019359: To comment why not use no_renegotiation to reject client initiated renegotiation
Reviewed-by: wetmore

! src/share/classes/sun/security/ssl/ServerHandshaker.java

From jason.uh at oracle.com  Thu Jun 27 23:11:53 2013
From: jason.uh at oracle.com (Jason Uh)
Date: Thu, 27 Jun 2013 23:11:53 -0700
Subject: [8] Review Request: 8019360: Cleanup of the javadoc  tag in
	java.security.*
Message-ID: <51CD2929.6040602@oracle.com>

Joe,

Could I please get a review of this changeset?

These changes convert the remaining ... and ... 
tags to {@code ...} in java.security and its subpackages.

Webrev:
http://cr.openjdk.java.net/~juh/8019360/webrev.00/

I've also changed each package's package.html file to package-info.java. 
If you object to the inclusion of those changes in this changeset, I 
could do that under a separate bug.

No undesirable changes were detected by specdiff.

Thanks,
Jason

From joe.darcy at oracle.com  Thu Jun 27 23:36:03 2013
From: joe.darcy at oracle.com (Joe Darcy)
Date: Thu, 27 Jun 2013 23:36:03 -0700
Subject: [8] Review Request: 8019360: Cleanup of the javadoc  tag
	in java.security.*
In-Reply-To: <51CD2929.6040602@oracle.com>
References: <51CD2929.6040602@oracle.com>
Message-ID: <51CD2ED3.6090806@oracle.com>

Hi Jason,

On 06/27/2013 11:11 PM, Jason Uh wrote:
> Joe,
>
> Could I please get a review of this changeset?
>
> These changes convert the remaining ... and ... 
> tags to {@code ...} in java.security and its subpackages.
>
> Webrev:
> http://cr.openjdk.java.net/~juh/8019360/webrev.00/

The {@code} related changes look fine to go back as-as.

>
> I've also changed each package's package.html file to 
> package-info.java. If you object to the inclusion of those changes in 
> this changeset, I could do that under a separate bug.

The package-related changes need a few small edits. In

     src/share/classes/java/security/acl/package-info.java

These lines should be deleted:

   31  * 

Also in the package files, please replace

     ^TM

with

     ™

With those changes, I approve the package changes going back,

>
> No undesirable changes were detected by specdiff.
>
>

Good to know :-)

Thanks,

-Joe

From paul.sandoz at oracle.com  Fri Jun 28 01:21:38 2013
From: paul.sandoz at oracle.com (paul.sandoz at oracle.com)
Date: Fri, 28 Jun 2013 08:21:38 +0000
Subject: hg: jdk8/tl/jdk: 8009736: Comparator API cleanup
Message-ID: <20130628082202.5780D48629@hg.openjdk.java.net>

Changeset: c1df54fd19b2
Author:    henryjen
Date:      2013-06-11 13:41 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c1df54fd19b2

8009736: Comparator API cleanup
Reviewed-by: psandoz, briangoetz, mduigou, plevart

! src/share/classes/java/util/Collections.java
! src/share/classes/java/util/Comparator.java
! src/share/classes/java/util/Comparators.java
! src/share/classes/java/util/Map.java
! src/share/classes/java/util/TreeMap.java
! src/share/classes/java/util/function/BinaryOperator.java
! src/share/classes/java/util/stream/Collectors.java
! src/share/classes/java/util/stream/ReferencePipeline.java
! src/share/classes/java/util/stream/SortedOps.java
! test/java/nio/file/Files/StreamTest.java
! test/java/util/Collection/ListDefaults.java
+ test/java/util/Comparator/BasicTest.java
+ test/java/util/Comparator/TypeTest.java
- test/java/util/Comparators/BasicTest.java
+ test/java/util/Map/EntryComparators.java
+ test/java/util/function/BinaryOperator/BasicTest.java
! test/java/util/stream/test/org/openjdk/tests/java/util/stream/SequentialOpTest.java
! test/java/util/stream/test/org/openjdk/tests/java/util/stream/SliceOpTest.java
! test/java/util/stream/test/org/openjdk/tests/java/util/stream/SortedOpTest.java
! test/sun/misc/JavaLangAccess/NewUnsafeString.java

From paul.sandoz at oracle.com  Fri Jun 28 01:30:55 2013
From: paul.sandoz at oracle.com (paul.sandoz at oracle.com)
Date: Fri, 28 Jun 2013 08:30:55 +0000
Subject: hg: jdk8/tl/jdk: 8012987: Optimizations for Stream.limit/substream
Message-ID: <20130628083121.C815E4862C@hg.openjdk.java.net>

Changeset: 28b71c97a72d
Author:    psandoz
Date:      2013-06-28 10:29 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/28b71c97a72d

8012987: Optimizations for Stream.limit/substream
Reviewed-by: mduigou
Contributed-by: Brian Goetz , Paul Sandoz 

! src/share/classes/java/util/stream/AbstractPipeline.java
! src/share/classes/java/util/stream/AbstractTask.java
! src/share/classes/java/util/stream/DoubleStream.java
! src/share/classes/java/util/stream/ForEachOps.java
! src/share/classes/java/util/stream/IntStream.java
! src/share/classes/java/util/stream/LongStream.java
! src/share/classes/java/util/stream/PipelineHelper.java
! src/share/classes/java/util/stream/SliceOps.java
! src/share/classes/java/util/stream/Stream.java
! src/share/classes/java/util/stream/StreamSpliterators.java
! test/java/util/stream/bootlib/java/util/stream/OpTestCase.java
! test/java/util/stream/bootlib/java/util/stream/SpliteratorTestHelper.java
+ test/java/util/stream/boottest/java/util/stream/SliceSpliteratorTest.java
! test/java/util/stream/boottest/java/util/stream/StreamFlagsTest.java
! test/java/util/stream/test/org/openjdk/tests/java/util/stream/InfiniteStreamWithLimitOpTest.java

From eric.mccorkle at oracle.com  Fri Jun 28 03:55:31 2013
From: eric.mccorkle at oracle.com (eric.mccorkle at oracle.com)
Date: Fri, 28 Jun 2013 10:55:31 +0000
Subject: hg: jdk8/tl/langtools: 8016760: Failure of regression test
	langtools/tools/javac/T6725036.java
Message-ID: <20130628105536.1F92148636@hg.openjdk.java.net>

Changeset: 6101e52ce9e3
Author:    emc
Date:      2013-06-28 06:54 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/6101e52ce9e3

8016760: Failure of regression test langtools/tools/javac/T6725036.java
Summary: Marking the failing test @ignore; the proposed change for 8015666 addresses the underlying issue
Reviewed-by: jjg

! test/tools/javac/T6725036.java

From vicente.romero at oracle.com  Fri Jun 28 05:21:49 2013
From: vicente.romero at oracle.com (vicente.romero at oracle.com)
Date: Fri, 28 Jun 2013 12:21:49 +0000
Subject: hg: jdk8/tl/langtools: 6473148: TreePath.iterator() should document
	the iteration order
Message-ID: <20130628122157.9B4084863A@hg.openjdk.java.net>

Changeset: bb06c412d079
Author:    vromero
Date:      2013-06-28 13:20 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/bb06c412d079

6473148: TreePath.iterator() should document the iteration order
Reviewed-by: mcimadamore

! src/share/classes/com/sun/source/util/TreePath.java

From youdwei at linux.vnet.ibm.com  Fri Jun 28 06:34:26 2013
From: youdwei at linux.vnet.ibm.com (Deven You)
Date: Fri, 28 Jun 2013 21:34:26 +0800
Subject: Signature.getAlogrithm return null in special case
In-Reply-To: <51BFAD7B.2020704@oracle.com>
References: <5191C1B2.4030900@linux.vnet.ibm.com> <5192D6C7.6050900@oracle.com>
	<519B3969.3020807@linux.vnet.ibm.com>
	<51A3AFEA.3090406@oracle.com> <51BFAC08.3070504@oracle.com>
	<51BFAD7B.2020704@oracle.com>
Message-ID: <51CD90E2.1060205@linux.vnet.ibm.com>

Hi Brad,

Thanks a lot for your review and test!

On 06/18/2013 08:44 AM, Brad Wetmore wrote:
>
>
> On 6/17/2013 5:38 PM, Brad Wetmore wrote:
>> Pushed.  Thanks for the contribution.
>
> P.S.  http://hg.openjdk.java.net/jdk8/tl/jdk/rev/116050227ee9
>
> Brad
>
>
>
>> Brad
>>
>>
>> On 5/27/2013 12:11 PM, Brad Wetmore wrote:
>>> Hi Deven,
>>>
>>> I just got back from a short break, hope to return back to this 
>>> shortly.
>>>
>>> I tweaked your test a bit before I left, but the builds were failing
>>> (unrelated issue) so I couldn't check in.  Still need to check the
>>> actual Signature code for a couple things, but I think it's ok.
>>>
>>> Brad
>>>
>>>
>>> On 5/21/2013 2:07 AM, Deven You wrote:
>>>> Hi Brad,
>>>>
>>>> Thanks for your reply, is there any progress on this problem?
>>>>
>>>> I see the last comments on JDK-8014620 is six days before.
>>>>
>>>> Thanks a lot!
>>>>
>>>> On 05/15/2013 08:28 AM, Brad Wetmore wrote:
>>>>> Offhand, this seems reasonable.
>>>>>
>>>>> Since you are an OpenJDK author, I've filed:
>>>>>
>>>>>     JDK-8014620: Signature.getAlogrithm return null in special case
>>>>>
>>>>> and stocked it with your patch.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Brad
>>>>>
>>>>>
>>>>> On 5/13/2013 9:46 PM, Deven You wrote:
>>>>>> Hi All,
>>>>>>
>>>>>> I find in a special case: If you create a SignatureSpi service 
>>>>>> through
>>>>>> extending Signature rather than SignatureSpi, the returned signature
>>>>>> instance will lose its algortithm name.
>>>>>>
>>>>>> Though the fix[1] is simple I think it's valuable. Could anyone take
>>>>>> a look?
>>>>>>
>>>>>> [1] http://cr.openjdk.java.net/~youdwei/ojdk-809/webrev/
>>>>>> 
>>>>>>
>>>>>> Thanks a lot
>>>>>
>>>>
>

From vicente.romero at oracle.com  Fri Jun 28 06:36:39 2013
From: vicente.romero at oracle.com (vicente.romero at oracle.com)
Date: Fri, 28 Jun 2013 13:36:39 +0000
Subject: hg: jdk8/tl/langtools: 8005552:
	c.s.t.javap.AttributeWriter.visitLocalVariableTable() uses
	incorrect format string
Message-ID: <20130628133644.D79784863B@hg.openjdk.java.net>

Changeset: bdd699d7378d
Author:    vromero
Date:      2013-06-28 14:36 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/bdd699d7378d

8005552: c.s.t.javap.AttributeWriter.visitLocalVariableTable() uses incorrect format string
Reviewed-by: mcimadamore

! src/share/classes/com/sun/tools/javap/AttributeWriter.java

From alan.bateman at oracle.com  Fri Jun 28 08:20:18 2013
From: alan.bateman at oracle.com (alan.bateman at oracle.com)
Date: Fri, 28 Jun 2013 15:20:18 +0000
Subject: hg: jdk8/tl/jdk: 8019380: doclint warnings in java.nio,
	java.nio.file.**, java.nio.channels.**
Message-ID: <20130628152041.C935D48647@hg.openjdk.java.net>

Changeset: 04378a645944
Author:    alanb
Date:      2013-06-28 16:10 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/04378a645944

8019380: doclint warnings in java.nio, java.nio.file.**, java.nio.channels.**
Reviewed-by: chegar

! src/share/classes/java/nio/Buffer.java
! src/share/classes/java/nio/MappedByteBuffer.java
! src/share/classes/java/nio/X-Buffer.java.template
! src/share/classes/java/nio/channels/AsynchronousByteChannel.java
! src/share/classes/java/nio/channels/AsynchronousChannel.java
! src/share/classes/java/nio/channels/AsynchronousChannelGroup.java
! src/share/classes/java/nio/channels/AsynchronousFileChannel.java
! src/share/classes/java/nio/channels/AsynchronousServerSocketChannel.java
! src/share/classes/java/nio/channels/AsynchronousSocketChannel.java
! src/share/classes/java/nio/channels/DatagramChannel.java
! src/share/classes/java/nio/channels/FileChannel.java
! src/share/classes/java/nio/channels/FileLock.java
! src/share/classes/java/nio/channels/MulticastChannel.java
! src/share/classes/java/nio/channels/NetworkChannel.java
! src/share/classes/java/nio/channels/Pipe.java
! src/share/classes/java/nio/channels/SelectableChannel.java
! src/share/classes/java/nio/channels/SelectionKey.java
! src/share/classes/java/nio/channels/Selector.java
! src/share/classes/java/nio/channels/ServerSocketChannel.java
! src/share/classes/java/nio/channels/SocketChannel.java
! src/share/classes/java/nio/channels/spi/AbstractInterruptibleChannel.java
! src/share/classes/java/nio/channels/spi/AbstractSelectableChannel.java
! src/share/classes/java/nio/channels/spi/AbstractSelector.java
! src/share/classes/java/nio/channels/spi/AsynchronousChannelProvider.java
! src/share/classes/java/nio/channels/spi/SelectorProvider.java
! src/share/classes/java/nio/charset/Charset-X-Coder.java.template
! src/share/classes/java/nio/charset/Charset.java
! src/share/classes/java/nio/charset/CoderResult.java
! src/share/classes/java/nio/charset/spi/CharsetProvider.java
! src/share/classes/java/nio/file/FileStore.java
! src/share/classes/java/nio/file/FileSystem.java
! src/share/classes/java/nio/file/FileSystems.java
! src/share/classes/java/nio/file/Files.java
! src/share/classes/java/nio/file/Path.java
! src/share/classes/java/nio/file/SecureDirectoryStream.java
! src/share/classes/java/nio/file/WatchEvent.java
! src/share/classes/java/nio/file/WatchService.java
! src/share/classes/java/nio/file/attribute/AclEntry.java
! src/share/classes/java/nio/file/attribute/AclFileAttributeView.java
! src/share/classes/java/nio/file/attribute/AttributeView.java
! src/share/classes/java/nio/file/attribute/BasicFileAttributeView.java
! src/share/classes/java/nio/file/attribute/BasicFileAttributes.java
! src/share/classes/java/nio/file/attribute/DosFileAttributeView.java
! src/share/classes/java/nio/file/attribute/FileAttribute.java
! src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java
! src/share/classes/java/nio/file/spi/FileSystemProvider.java
! src/share/classes/java/sql/SQLInput.java

From sean.mullan at oracle.com  Fri Jun 28 09:00:38 2013
From: sean.mullan at oracle.com (Sean Mullan)
Date: Fri, 28 Jun 2013 12:00:38 -0400
Subject: Code Review Request: 8011547 : Update XML Signature implementation
	to Apache Santuario 1.5.4
Message-ID: <51CDB326.7000400@oracle.com>

Hi Xuelei,

Please review my JDK 8 code changes to bring our XML Signature 
implementation up-to-date with Apache Santuario version 1.5.4.

The changes are extensive, but many of them are simple formatting or 
refactoring changes. Any questions, let me know.

http://cr.openjdk.java.net/~mullan/webrevs/8011547/webrev.00/

Thanks,
Sean

From chris.hegarty at oracle.com  Fri Jun 28 08:45:56 2013
From: chris.hegarty at oracle.com (chris.hegarty at oracle.com)
Date: Fri, 28 Jun 2013 15:45:56 +0000
Subject: hg: jdk8/tl/jdk: 4 new changesets
Message-ID: <20130628154655.7175A48648@hg.openjdk.java.net>

Changeset: 1919c226b427
Author:    dl
Date:      2013-06-28 12:10 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1919c226b427

8017739: ReentrantReadWriteLock is confused by the Threads with reused IDs
Reviewed-by: chegar

! src/share/classes/java/util/concurrent/locks/ReentrantReadWriteLock.java

Changeset: 0e24065a75db
Author:    dl
Date:      2013-06-28 12:12 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0e24065a75db

8019377: Sync j.u.c locks and atomic from 166 to tl
Reviewed-by: chegar

! src/share/classes/java/util/concurrent/atomic/AtomicBoolean.java
! src/share/classes/java/util/concurrent/atomic/AtomicInteger.java
! src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicIntegerFieldUpdater.java
! src/share/classes/java/util/concurrent/atomic/AtomicLong.java
! src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicLongFieldUpdater.java
! src/share/classes/java/util/concurrent/atomic/AtomicMarkableReference.java
! src/share/classes/java/util/concurrent/atomic/AtomicReference.java
! src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java
! src/share/classes/java/util/concurrent/atomic/AtomicStampedReference.java
! src/share/classes/java/util/concurrent/atomic/DoubleAccumulator.java
! src/share/classes/java/util/concurrent/atomic/DoubleAdder.java
! src/share/classes/java/util/concurrent/atomic/LongAccumulator.java
! src/share/classes/java/util/concurrent/atomic/Striped64.java
! src/share/classes/java/util/concurrent/atomic/package-info.java
! src/share/classes/java/util/concurrent/locks/AbstractOwnableSynchronizer.java
! src/share/classes/java/util/concurrent/locks/AbstractQueuedLongSynchronizer.java
! src/share/classes/java/util/concurrent/locks/AbstractQueuedSynchronizer.java
! src/share/classes/java/util/concurrent/locks/Condition.java
! src/share/classes/java/util/concurrent/locks/Lock.java
! src/share/classes/java/util/concurrent/locks/LockSupport.java
! src/share/classes/java/util/concurrent/locks/ReadWriteLock.java
! src/share/classes/java/util/concurrent/locks/ReentrantLock.java
! src/share/classes/java/util/concurrent/locks/StampedLock.java

Changeset: ff0242ed08db
Author:    jzavgren
Date:      2013-06-28 16:38 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ff0242ed08db

8015799: HttpURLConnection.getHeaderFields() throws IllegalArgumentException
Reviewed-by: chegar, dsamersoff, khazra

! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
+ test/java/net/CookieHandler/EmptyCookieHeader.java

Changeset: 52b4527d3fc7
Author:    chegar
Date:      2013-06-28 16:39 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/52b4527d3fc7

Merge

From jason.uh at oracle.com  Fri Jun 28 10:46:31 2013
From: jason.uh at oracle.com (Jason Uh)
Date: Fri, 28 Jun 2013 10:46:31 -0700
Subject: [8] Review Request: 8019360: Cleanup of the javadoc  tag
	in java.security.*
In-Reply-To: <51CD2ED3.6090806@oracle.com>
References: <51CD2929.6040602@oracle.com> <51CD2ED3.6090806@oracle.com>
Message-ID: <51CDCBF7.2020409@oracle.com>

Thanks, Joe. I've updated my changes with all the things you pointed 
out. The new webrev:
http://cr.openjdk.java.net/~juh/8019360/webrev.01/

I'll push this now.

Thanks,
Jason

On 6/27/13 11:36 PM, Joe Darcy wrote:
> Hi Jason,
>
> On 06/27/2013 11:11 PM, Jason Uh wrote:
>> Joe,
>>
>> Could I please get a review of this changeset?
>>
>> These changes convert the remaining ... and ...
>> tags to {@code ...} in java.security and its subpackages.
>>
>> Webrev:
>> http://cr.openjdk.java.net/~juh/8019360/webrev.00/
>
> The {@code} related changes look fine to go back as-as.
>
>>
>> I've also changed each package's package.html file to
>> package-info.java. If you object to the inclusion of those changes in
>> this changeset, I could do that under a separate bug.
>
> The package-related changes need a few small edits. In
>
>      src/share/classes/java/security/acl/package-info.java
>
> These lines should be deleted:
>
>    31  * 
>
> Also in the package files, please replace
>
>      ^TM
>
> with
>
>      ™
>
>
> With those changes, I approve the package changes going back,
>
>>
>> No undesirable changes were detected by specdiff.
>>
>>
>
> Good to know :-)
>
> Thanks,
>
> -Joe
>

From anthony.scarpino at oracle.com  Fri Jun 28 10:40:25 2013
From: anthony.scarpino at oracle.com (Anthony Scarpino)
Date: Fri, 28 Jun 2013 10:40:25 -0700
Subject: Code review request:  6755701 SecretKeySpec & DES
In-Reply-To: <51BA5F09.4040405@oracle.com>
References: <51BA5F09.4040405@oracle.com>
Message-ID: <51CDCA89.6040409@oracle.com>

ping...

On 06/13/2013 05:08 PM, Anthony Scarpino wrote:
> Hi all,
>
> I'm requesting a code review for the below bug
>
> 6755701 SunJCE DES/DESede SecretKeyFactory.generateSecret throws
> InvalidKeySpecExc if passed SecretKeySpec
>
> http://cr.openjdk.java.net/~ascarpino/6755701/webrev.00/
>
> Thanks
>
> Tony

From jason.uh at oracle.com  Fri Jun 28 10:48:34 2013
From: jason.uh at oracle.com (jason.uh at oracle.com)
Date: Fri, 28 Jun 2013 17:48:34 +0000
Subject: hg: jdk8/tl/jdk: 8019360: Cleanup of the javadoc  tag in
	java.security.*
Message-ID: <20130628174901.2BD4348651@hg.openjdk.java.net>

Changeset: 389f59e6288f
Author:    juh
Date:      2013-06-28 10:48 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/389f59e6288f

8019360: Cleanup of the javadoc  tag in java.security.*
Summary: Convert to {@code ...} tags. convert package.html to package-info.java.
Reviewed-by: darcy

! src/share/classes/java/security/AccessControlContext.java
! src/share/classes/java/security/AccessControlException.java
! src/share/classes/java/security/AccessController.java
! src/share/classes/java/security/AlgorithmParameterGenerator.java
! src/share/classes/java/security/AlgorithmParameterGeneratorSpi.java
! src/share/classes/java/security/AlgorithmParameters.java
! src/share/classes/java/security/AlgorithmParametersSpi.java
! src/share/classes/java/security/AllPermission.java
! src/share/classes/java/security/AuthProvider.java
! src/share/classes/java/security/BasicPermission.java
! src/share/classes/java/security/Certificate.java
! src/share/classes/java/security/CodeSigner.java
! src/share/classes/java/security/CodeSource.java
! src/share/classes/java/security/DigestException.java
! src/share/classes/java/security/DigestInputStream.java
! src/share/classes/java/security/DigestOutputStream.java
! src/share/classes/java/security/DomainCombiner.java
! src/share/classes/java/security/GeneralSecurityException.java
! src/share/classes/java/security/Guard.java
! src/share/classes/java/security/GuardedObject.java
! src/share/classes/java/security/Identity.java
! src/share/classes/java/security/IdentityScope.java
! src/share/classes/java/security/InvalidAlgorithmParameterException.java
! src/share/classes/java/security/InvalidKeyException.java
! src/share/classes/java/security/Key.java
! src/share/classes/java/security/KeyException.java
! src/share/classes/java/security/KeyFactory.java
! src/share/classes/java/security/KeyFactorySpi.java
! src/share/classes/java/security/KeyManagementException.java
! src/share/classes/java/security/KeyPair.java
! src/share/classes/java/security/KeyPairGenerator.java
! src/share/classes/java/security/KeyPairGeneratorSpi.java
! src/share/classes/java/security/KeyRep.java
! src/share/classes/java/security/KeyStore.java
! src/share/classes/java/security/KeyStoreException.java
! src/share/classes/java/security/KeyStoreSpi.java
! src/share/classes/java/security/MessageDigest.java
! src/share/classes/java/security/MessageDigestSpi.java
! src/share/classes/java/security/NoSuchAlgorithmException.java
! src/share/classes/java/security/Permission.java
! src/share/classes/java/security/PermissionCollection.java
! src/share/classes/java/security/Permissions.java
! src/share/classes/java/security/Policy.java
! src/share/classes/java/security/PolicySpi.java
! src/share/classes/java/security/PrivilegedAction.java
! src/share/classes/java/security/PrivilegedActionException.java
! src/share/classes/java/security/PrivilegedExceptionAction.java
! src/share/classes/java/security/ProtectionDomain.java
! src/share/classes/java/security/Provider.java
! src/share/classes/java/security/ProviderException.java
! src/share/classes/java/security/PublicKey.java
! src/share/classes/java/security/SecureClassLoader.java
! src/share/classes/java/security/SecureRandom.java
! src/share/classes/java/security/SecureRandomSpi.java
! src/share/classes/java/security/Security.java
! src/share/classes/java/security/SecurityPermission.java
! src/share/classes/java/security/Signature.java
! src/share/classes/java/security/SignatureException.java
! src/share/classes/java/security/SignatureSpi.java
! src/share/classes/java/security/SignedObject.java
! src/share/classes/java/security/Signer.java
! src/share/classes/java/security/UnresolvedPermission.java
! src/share/classes/java/security/acl/Acl.java
! src/share/classes/java/security/acl/AclEntry.java
! src/share/classes/java/security/acl/Group.java
! src/share/classes/java/security/acl/Owner.java
+ src/share/classes/java/security/acl/package-info.java
- src/share/classes/java/security/acl/package.html
+ src/share/classes/java/security/cert/package-info.java
- src/share/classes/java/security/cert/package.html
! src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java
! src/share/classes/java/security/interfaces/DSAParams.java
! src/share/classes/java/security/interfaces/DSAPrivateKey.java
! src/share/classes/java/security/interfaces/DSAPublicKey.java
+ src/share/classes/java/security/interfaces/package-info.java
- src/share/classes/java/security/interfaces/package.html
+ src/share/classes/java/security/package-info.java
- src/share/classes/java/security/package.html
+ src/share/classes/java/security/spec/package-info.java
- src/share/classes/java/security/spec/package.html

From vincent.x.ryan at oracle.com  Fri Jun 28 11:41:15 2013
From: vincent.x.ryan at oracle.com (Vincent Ryan)
Date: Fri, 28 Jun 2013 19:41:15 +0100
Subject: [8] code review request: 8019259: Failover to CRL checking does not
	happen if wrong OCSP responder URL is set
Message-ID: <13934190-3690-485E-998C-20CE6D8B53BA@oracle.com>

Hello,

Please review the following JDK 8 fix:

Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259
Webrev:  http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/

It corrects a problem during X.509 certificate revocation checking where failover to using CRLs is not
performed in the case when a malformed URL has been supplied as the URL of the OCSP responder.
The fix ensures all exceptions during OCSP are caught and wrapped so that the failover mechanism
does not get skipped.

Thanks.

From alan.bateman at oracle.com  Fri Jun 28 11:47:24 2013
From: alan.bateman at oracle.com (alan.bateman at oracle.com)
Date: Fri, 28 Jun 2013 18:47:24 +0000
Subject: hg: jdk8/tl/jdk: 8019384: jps and jcmd tests fail when there is a
	process started with a .war file
Message-ID: <20130628184751.D4B3748659@hg.openjdk.java.net>

Changeset: 389b8739a74e
Author:    alanb
Date:      2013-06-28 19:45 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/389b8739a74e

8019384: jps and jcmd tests fail when there is a process started with a .war file
Reviewed-by: dcubed, sla, mchung

! test/sun/tools/jcmd/jcmd_Output1.awk
! test/sun/tools/jps/jps-l_Output1.awk
! test/sun/tools/jps/jps_Output1.awk

From staffan.larsen at oracle.com  Fri Jun 28 07:34:38 2013
From: staffan.larsen at oracle.com (staffan.larsen at oracle.com)
Date: Fri, 28 Jun 2013 14:34:38 +0000
Subject: hg: jdk8/tl/jdk: 8019155: Update makefiles with correct jfr packages
Message-ID: <20130628143503.2043048641@hg.openjdk.java.net>

Changeset: 19a6d2d701d9
Author:    sla
Date:      2013-06-26 19:15 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/19a6d2d701d9

8019155: Update makefiles with correct jfr packages
Reviewed-by: mgronlun, erikj

! make/common/Release.gmk
! makefiles/CreateJars.gmk

From joe.darcy at oracle.com  Fri Jun 28 11:35:49 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Fri, 28 Jun 2013 18:35:49 +0000
Subject: hg: jdk8/tl/jdk: 8019407: Fix doclint issues in javax.naming.*
Message-ID: <20130628183613.EF80348657@hg.openjdk.java.net>

Changeset: 9d175c6cb527
Author:    darcy
Date:      2013-06-28 11:35 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9d175c6cb527

8019407: Fix doclint issues in javax.naming.*
Reviewed-by: lancea

! src/share/classes/javax/naming/CompositeName.java
! src/share/classes/javax/naming/CompoundName.java
! src/share/classes/javax/naming/Context.java
! src/share/classes/javax/naming/InitialContext.java
! src/share/classes/javax/naming/RefAddr.java
! src/share/classes/javax/naming/ReferralException.java
! src/share/classes/javax/naming/directory/DirContext.java
! src/share/classes/javax/naming/event/EventContext.java
! src/share/classes/javax/naming/ldap/ControlFactory.java
! src/share/classes/javax/naming/ldap/InitialLdapContext.java
! src/share/classes/javax/naming/ldap/LdapContext.java

From xuelei.fan at oracle.com  Fri Jun 28 17:33:15 2013
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Sat, 29 Jun 2013 08:33:15 +0800
Subject: Code review request:  6755701 SecretKeySpec & DES
In-Reply-To: <51CDCA89.6040409@oracle.com>
References: <51BA5F09.4040405@oracle.com> <51CDCA89.6040409@oracle.com>
Message-ID: <51CE2B4B.4060306@oracle.com>

Looks fine to me.

Xuelei

On 6/29/2013 1:40 AM, Anthony Scarpino wrote:
> ping...
> 
> On 06/13/2013 05:08 PM, Anthony Scarpino wrote:
>> Hi all,
>>
>> I'm requesting a code review for the below bug
>>
>> 6755701 SunJCE DES/DESede SecretKeyFactory.generateSecret throws
>> InvalidKeySpecExc if passed SecretKeySpec
>>
>> http://cr.openjdk.java.net/~ascarpino/6755701/webrev.00/
>>
>> Thanks
>>
>> Tony
> 

From xuelei.fan at oracle.com  Fri Jun 28 17:53:35 2013
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Sat, 29 Jun 2013 08:53:35 +0800
Subject: [8] code review request: 8019259: Failover to CRL checking does
	not happen if wrong OCSP responder URL is set
In-Reply-To: <13934190-3690-485E-998C-20CE6D8B53BA@oracle.com>
References: <13934190-3690-485E-998C-20CE6D8B53BA@oracle.com>
Message-ID: <51CE300F.2000004@oracle.com>

Looks fine to me.

Hmm, it is a case to learn that RuntimeException should be token care of
sometimes.

Thanks,
Xuelei

On 6/29/2013 2:41 AM, Vincent Ryan wrote:
> Hello,
> 
> Please review the following JDK 8 fix:
> 
> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259
> Webrev:  http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/
> 
> It corrects a problem during X.509 certificate revocation checking where failover to using CRLs is not
> performed in the case when a malformed URL has been supplied as the URL of the OCSP responder.
> The fix ensures all exceptions during OCSP are caught and wrapped so that the failover mechanism
> does not get skipped.
> 
> Thanks.
> 

From lana.steuck at oracle.com  Fri Jun 28 23:11:14 2013
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Sat, 29 Jun 2013 06:11:14 +0000
Subject: hg: jdk8/tl/corba: 3 new changesets
Message-ID: <20130629061120.9D40F48683@hg.openjdk.java.net>

Changeset: c68c35f50413
Author:    katleman
Date:      2013-06-20 10:16 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/corba/rev/c68c35f50413

Added tag jdk8-b95 for changeset 2cf36f43df36

! .hgtags

Changeset: 3357c2776431
Author:    lana
Date:      2013-06-24 14:26 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/corba/rev/3357c2776431

Merge

Changeset: 469995a8e974
Author:    katleman
Date:      2013-06-27 13:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/corba/rev/469995a8e974

Added tag jdk8-b96 for changeset 3357c2776431

! .hgtags

From lana.steuck at oracle.com  Fri Jun 28 23:11:14 2013
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Sat, 29 Jun 2013 06:11:14 +0000
Subject: hg: jdk8/tl/nashorn: 4 new changesets
Message-ID: <20130629061122.88B1748684@hg.openjdk.java.net>

Changeset: b031efa535ad
Author:    katleman
Date:      2013-06-20 10:18 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/b031efa535ad

Added tag jdk8-b95 for changeset cbc9926f5b40

! .hgtags

Changeset: d6bd440ac5b9
Author:    lana
Date:      2013-06-24 14:26 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/d6bd440ac5b9

Merge

Changeset: 1bf1d6ce3042
Author:    katleman
Date:      2013-06-27 13:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/1bf1d6ce3042

Added tag jdk8-b96 for changeset d6bd440ac5b9

! .hgtags

Changeset: 90864d892593
Author:    lana
Date:      2013-06-28 19:48 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/90864d892593

Merge

From lana.steuck at oracle.com  Fri Jun 28 23:11:14 2013
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Sat, 29 Jun 2013 06:11:14 +0000
Subject: hg: jdk8/tl: 11 new changesets
Message-ID: <20130629061116.8105548682@hg.openjdk.java.net>

Changeset: c961c8972485
Author:    erikj
Date:      2013-06-13 14:04 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/c961c8972485

8014231: --with-alsa configuration options don't add include or lib directories to proper flags
Reviewed-by: tbell

! common/autoconf/spec.gmk.in

Changeset: 0c540b1505e3
Author:    erikj
Date:      2013-06-14 13:30 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/0c540b1505e3

8016520: jdk native build does not fail on compilation error on windows
Reviewed-by: tbell

! common/makefiles/NativeCompilation.gmk

Changeset: 0d1e8518c722
Author:    erikj
Date:      2013-06-18 11:29 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/0d1e8518c722

8014404: Debug flag not added to jdk native compile when --enable-debug is set
Reviewed-by: tbell

! common/autoconf/generated-configure.sh
! common/autoconf/toolchain.m4

Changeset: c0fa87863427
Author:    erikj
Date:      2013-06-18 11:30 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/c0fa87863427

8015377: Support using compiler devkits on Linux
Reviewed-by: tbell, dholmes

! common/autoconf/basics.m4
! common/autoconf/build-performance.m4
! common/autoconf/generated-configure.sh
! common/autoconf/libraries.m4
+ common/makefiles/devkit/Makefile
+ common/makefiles/devkit/Tools.gmk

Changeset: 785d07fe3890
Author:    katleman
Date:      2013-06-18 15:32 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/785d07fe3890

Merge

Changeset: 794cceb5dc82
Author:    katleman
Date:      2013-06-20 10:16 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/794cceb5dc82

Added tag jdk8-b95 for changeset 785d07fe3890

! .hgtags

Changeset: d72e765a9fbe
Author:    lana
Date:      2013-06-19 17:59 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/d72e765a9fbe

Merge

Changeset: f1010ef2f451
Author:    lana
Date:      2013-06-24 14:26 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/f1010ef2f451

Merge

Changeset: ebcd79fc658d
Author:    erikj
Date:      2013-06-25 09:37 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/ebcd79fc658d

8012564: The SOURCE value in release file of JDK 8 doesn't contain valid changesets for some OS since b74
Reviewed-by: alanb, tbell

! common/makefiles/Main.gmk

Changeset: c156084add48
Author:    katleman
Date:      2013-06-25 13:47 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/c156084add48

Merge

! common/makefiles/Main.gmk

Changeset: 4c363b94ea2a
Author:    katleman
Date:      2013-06-27 13:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/rev/4c363b94ea2a

Added tag jdk8-b96 for changeset c156084add48

! .hgtags

From lana.steuck at oracle.com  Fri Jun 28 23:11:18 2013
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Sat, 29 Jun 2013 06:11:18 +0000
Subject: hg: jdk8/tl/jaxp: 3 new changesets
Message-ID: <20130629061148.0653648686@hg.openjdk.java.net>

Changeset: e68a5d2efcae
Author:    katleman
Date:      2013-06-20 10:17 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/e68a5d2efcae

Added tag jdk8-b95 for changeset b8c5f4b6f0ff

! .hgtags

Changeset: 6121efd29923
Author:    lana
Date:      2013-06-24 14:27 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/6121efd29923

Merge

Changeset: 403f882ecc94
Author:    katleman
Date:      2013-06-27 13:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/403f882ecc94

Added tag jdk8-b96 for changeset 6121efd29923

! .hgtags

From lana.steuck at oracle.com  Fri Jun 28 23:11:17 2013
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Sat, 29 Jun 2013 06:11:17 +0000
Subject: hg: jdk8/tl/jaxws: 3 new changesets
Message-ID: <20130629061146.C867F48685@hg.openjdk.java.net>

Changeset: 7de08fa7cb34
Author:    katleman
Date:      2013-06-20 10:17 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/7de08fa7cb34

Added tag jdk8-b95 for changeset 1468c94135f9

! .hgtags

Changeset: 690d34b326bc
Author:    lana
Date:      2013-06-24 14:27 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/690d34b326bc

Merge

Changeset: dcde7f049111
Author:    katleman
Date:      2013-06-27 13:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/dcde7f049111

Added tag jdk8-b96 for changeset 690d34b326bc

! .hgtags

From lana.steuck at oracle.com  Fri Jun 28 23:11:45 2013
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Sat, 29 Jun 2013 06:11:45 +0000
Subject: hg: jdk8/tl/hotspot: 46 new changesets
Message-ID: <20130629061349.94F3048688@hg.openjdk.java.net>

Changeset: aaa45012be98
Author:    katleman
Date:      2013-06-20 10:16 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/aaa45012be98

Added tag jdk8-b95 for changeset 5d65c078cd0a

! .hgtags

Changeset: 38e483cb1bcd
Author:    lana
Date:      2013-06-24 14:27 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/38e483cb1bcd

Merge

Changeset: f9709e27a876
Author:    amurillo
Date:      2013-06-14 07:27 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/f9709e27a876

8016567: new hotspot build - hs25-b38
Reviewed-by: jcoomes

! make/hotspot_version

Changeset: a837fa3d3f86
Author:    dcubed
Date:      2013-06-13 11:16 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/a837fa3d3f86

8013057: assert(_needs_gc || SafepointSynchronize::is_at_safepoint()) failed: only read at safepoint
Summary: Detect mmap() commit failures in Linux and Solaris os::commit_memory() impls and call vm_exit_out_of_memory(). Add os::commit_memory_or_exit(). Also tidy up some NMT accounting and some mmap() return value checking.
Reviewed-by: zgu, stefank, dholmes, dsamersoff

! src/os/bsd/vm/os_bsd.cpp
! src/os/bsd/vm/perfMemory_bsd.cpp
! src/os/linux/vm/os_linux.cpp
! src/os/linux/vm/os_linux.hpp
! src/os/linux/vm/perfMemory_linux.cpp
! src/os/solaris/vm/os_solaris.cpp
! src/os/solaris/vm/os_solaris.hpp
! src/os/solaris/vm/perfMemory_solaris.cpp
! src/os/windows/vm/os_windows.cpp
! src/os/windows/vm/perfMemory_windows.cpp
! src/share/vm/gc_implementation/parallelScavenge/cardTableExtension.cpp
! src/share/vm/gc_implementation/parallelScavenge/psVirtualspace.cpp
! src/share/vm/memory/allocation.inline.hpp
! src/share/vm/memory/cardTableModRefBS.cpp
! src/share/vm/prims/whitebox.cpp
! src/share/vm/runtime/os.cpp
! src/share/vm/runtime/os.hpp
! src/share/vm/runtime/virtualspace.cpp

Changeset: 2bffd20a0fcc
Author:    ctornqvi
Date:      2013-06-13 21:57 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/2bffd20a0fcc

8016065: Write regression test for 7167142
Summary: Regression tests written for both test cases (.hotspotrc and .hotspot_compiler). Also reviewed by mikhailo.seledtsov at oracle.com
Reviewed-by: zgu, coleenp

+ test/runtime/CommandLine/CompilerConfigFileWarning.java
+ test/runtime/CommandLine/ConfigFileWarning.java

Changeset: 1e9094165098
Author:    ctornqvi
Date:      2013-06-13 22:00 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/1e9094165098

8015324: Create tests for CDS feature
Summary: Wrote tests for use of CDS with ObjectAlignmentInBytes CL option
Reviewed-by: coleenp, ctornqvi, hseigel
Contributed-by: Mikhailo Seledtsov 

+ test/runtime/SharedArchiveFile/CdsDifferentObjectAlignment.java
+ test/runtime/SharedArchiveFile/CdsSameObjectAlignment.java
+ test/testlibrary/com/oracle/java/testlibrary/Platform.java
! test/testlibrary/com/oracle/java/testlibrary/ProcessTools.java

Changeset: a0a47b2649a2
Author:    ctornqvi
Date:      2013-06-14 13:11 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/a0a47b2649a2

Merge

Changeset: ef57c43512d6
Author:    ccheung
Date:      2013-06-13 22:02 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ef57c43512d6

8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux
Reviewed-by: dholmes, coleenp
Contributed-by: jeremymanson at google.com, calvin.cheung at oracle.com

! make/linux/makefiles/gcc.make
! src/cpu/x86/vm/stubGenerator_x86_32.cpp
! src/cpu/x86/vm/stubGenerator_x86_64.cpp
! src/share/vm/c1/c1_IR.cpp
! src/share/vm/ci/ciUtilities.hpp
! src/share/vm/classfile/genericSignatures.cpp
! src/share/vm/classfile/verifier.hpp
! src/share/vm/code/dependencies.cpp
! src/share/vm/code/nmethod.cpp
! src/share/vm/memory/cardTableModRefBS.cpp
! src/share/vm/memory/universe.cpp
! src/share/vm/opto/memnode.cpp
! src/share/vm/prims/forte.cpp
! src/share/vm/runtime/sharedRuntime.cpp
! src/share/vm/services/diagnosticArgument.cpp
! src/share/vm/utilities/exceptions.hpp
! src/share/vm/utilities/taskqueue.hpp

Changeset: bcb96b2922f2
Author:    zgu
Date:      2013-06-14 07:30 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/bcb96b2922f2

Merge

Changeset: ab313d4e9a8b
Author:    zgu
Date:      2013-06-14 09:18 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ab313d4e9a8b

8011968: Kitchensink crashed with SIGSEGV in MemBaseline::baseline
Summary: Simple fix to add NULL pointer check that can cause segv
Reviewed-by: coleenp, ctornqvi

! src/share/vm/services/memBaseline.cpp

Changeset: dba2306ee2e3
Author:    zgu
Date:      2013-06-14 07:39 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/dba2306ee2e3

Merge

Changeset: 3aaa16611c30
Author:    zgu
Date:      2013-06-14 15:20 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/3aaa16611c30

Merge

Changeset: e95fc50106cf
Author:    rdurbin
Date:      2013-06-14 07:46 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/e95fc50106cf

7178026: os::close can restart ::close but that is not a restartable syscall
Summary: Removed restart macros from all os:close calls on Solaris, Linux, MacOS X platforms.
Reviewed-by: dcubed, dholmes

! src/os/bsd/dtrace/jvm_dtrace.c
! src/os/bsd/vm/attachListener_bsd.cpp
! src/os/bsd/vm/os_bsd.inline.hpp
! src/os/bsd/vm/perfMemory_bsd.cpp
! src/os/linux/vm/attachListener_linux.cpp
! src/os/linux/vm/perfMemory_linux.cpp
! src/os/solaris/dtrace/jvm_dtrace.c
! src/os/solaris/vm/attachListener_solaris.cpp
! src/os/solaris/vm/os_solaris.cpp
! src/os/solaris/vm/perfMemory_solaris.cpp

Changeset: f2d56a269345
Author:    dcubed
Date:      2013-06-14 08:00 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/f2d56a269345

Merge

Changeset: c7242a797916
Author:    dcubed
Date:      2013-06-14 19:49 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/c7242a797916

Merge

Changeset: 5c89346f2bdd
Author:    sspitsyn
Date:      2013-06-14 15:17 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/5c89346f2bdd

6493116: JVMTI Doc: GetOwnedMonitorStackDepthInfo has a typo in monitor_info_ptr parameter description
Summary: A typo in the parameter spelling, a bound update missed when the parameter was renamed
Reviewed-by: sla, minqi
Contributed-by: serguei.spitsyn at oracle.com

! src/share/vm/prims/jvmti.xml

Changeset: 7fa28f3d3f62
Author:    sspitsyn
Date:      2013-06-14 22:34 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/7fa28f3d3f62

Merge

Changeset: abbd5c660b48
Author:    mgronlun
Date:      2013-06-15 13:17 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/abbd5c660b48

8016105: Add complementary RETURN_NULL allocation macros in allocation.hpp
Reviewed-by: sla, rbackman

! src/share/vm/memory/allocation.hpp

Changeset: cd2118b62475
Author:    zgu
Date:      2013-06-10 10:45 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/cd2118b62475

8013917: Kitchensink crashed with SIGSEGV in BaselineReporter::diff_callsites
Summary: Simple fix when memory allocation site is gone, NMT should report 0 memory size, instead old memory size.
Reviewed-by: dcubed, ctornqvi

! src/share/vm/services/memReporter.cpp

Changeset: ef748153ee8f
Author:    sla
Date:      2013-06-17 18:35 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ef748153ee8f

8016304: ThreadMXBean.getDeadlockedThreads reports bogus deadlocks on JDK 8
Reviewed-by: dcubed, mgronlun

! src/share/vm/services/threadService.cpp
+ test/serviceability/threads/TestFalseDeadLock.java

Changeset: 1f4355cee9a2
Author:    zgu
Date:      2013-06-18 08:44 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/1f4355cee9a2

8013651: NMT: reserve/release sequence id's in incorrect order due to race
Summary: Fixed NMT race condition for realloc, uncommit and release
Reviewed-by: coleenp, ccheung

! src/os/bsd/vm/os_bsd.cpp
! src/os/bsd/vm/perfMemory_bsd.cpp
! src/os/linux/vm/os_linux.cpp
! src/os/linux/vm/perfMemory_linux.cpp
! src/os/solaris/vm/os_solaris.cpp
! src/os/solaris/vm/perfMemory_solaris.cpp
! src/os/windows/vm/os_windows.cpp
! src/os/windows/vm/perfMemory_windows.cpp
! src/share/vm/runtime/os.cpp
! src/share/vm/services/memPtr.hpp
! src/share/vm/services/memRecorder.cpp
! src/share/vm/services/memRecorder.hpp
! src/share/vm/services/memTracker.cpp
! src/share/vm/services/memTracker.hpp

Changeset: a5904a086d9f
Author:    zgu
Date:      2013-06-18 09:34 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/a5904a086d9f

Merge

Changeset: cd54c7e92908
Author:    minqi
Date:      2013-06-18 09:08 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/cd54c7e92908

8015660: Test8009761.java "Failed: init recursive calls: 24. After deopt 25"
Summary: Windows reserves and only partially commits thread stack. For detecting more thread stack space for execution,  Windows installs one-shot page as guard page just before the current commited edge. It will trigger STACK_OVERFLOW_EXCEPTION when lands on last 4 pages of thread stack space. StackYellowPages default value is 2 on Windows (plus 1 page of StackRedPages, 3 pages guarded by hotspot) so the exception happens one page before Yellow pages. Same route executed second time will have one more page brought in, this leads same execution with different stack depth(interpreter mode). We need match Windows settings so the stack overflow exception will not happen before Yellow pages.
Reviewed-by: dholmes
Contributed-by: andreas.schoesser at sap.com

! src/cpu/x86/vm/globals_x86.hpp

Changeset: 726d2d4913fc
Author:    nloodin
Date:      2013-06-19 18:13 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/726d2d4913fc

Merge

Changeset: 0abfeed51c9e
Author:    brutisso
Date:      2013-06-14 08:02 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/0abfeed51c9e

8012265: VM often crashes on solaris with a lot of memory
Summary: Increase HeapBaseMinAddress for G1 from 256m to 1g on Solaris x86
Reviewed-by: mgerdin, coleenp, kvn

! src/share/vm/runtime/arguments.cpp
! src/share/vm/runtime/arguments.hpp

Changeset: 01522ca68fc7
Author:    johnc
Date:      2013-06-18 12:31 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/01522ca68fc7

8015237: Parallelize string table scanning during strong root processing
Summary: Parallelize the scanning of the intern string table by having each GC worker claim a given number of buckets. Changes were also reviewed by Per Liden .
Reviewed-by: tschatzl, stefank, twisti

! src/share/vm/classfile/symbolTable.cpp
! src/share/vm/classfile/symbolTable.hpp
! src/share/vm/memory/sharedHeap.cpp

Changeset: b9d151496930
Author:    brutisso
Date:      2013-06-18 22:45 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/b9d151496930

8016556: G1: Use ArrayAllocator for BitMaps
Reviewed-by: tschatzl, dholmes, coleenp, johnc

! src/share/vm/memory/allocation.hpp
! src/share/vm/utilities/bitMap.cpp
! src/share/vm/utilities/bitMap.hpp

Changeset: 493089fd29df
Author:    poonam
Date:      2013-06-19 06:09 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/493089fd29df

8015903: Format issue with -XX:+PrintAdaptiveSizePolicy on JDK8
Summary: Missing linebreak in hotspot log.
Reviewed-by: brutisso, tschatzl
Contributed-by: vladimir.kempik at oracle.com

! src/share/vm/gc_implementation/parallelScavenge/psAdaptiveSizePolicy.cpp

Changeset: 9f9c0a163cc5
Author:    ehelin
Date:      2013-06-20 10:03 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/9f9c0a163cc5

Merge

! src/share/vm/memory/allocation.hpp

Changeset: 8d52e305a777
Author:    morris
Date:      2013-06-07 07:33 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/8d52e305a777

8015437: SPARC cbcond branch offset out of 10-bit range
Summary: Forced SPARC MacroAssembler eden_alloate to use long branch to slow case
Reviewed-by: kvn, twisti

! src/cpu/sparc/vm/macroAssembler_sparc.cpp

Changeset: ea60d1de6735
Author:    kvn
Date:      2013-06-07 11:43 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ea60d1de6735

Merge

Changeset: 46c544b8fbfc
Author:    morris
Date:      2013-06-07 16:46 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/46c544b8fbfc

8008407: remove SPARC V8 support
Summary: Removed most of the SPARC V8 instructions
Reviewed-by: kvn, twisti

! src/cpu/sparc/vm/assembler_sparc.hpp
! src/cpu/sparc/vm/assembler_sparc.inline.hpp
! src/cpu/sparc/vm/c1_LIRAssembler_sparc.cpp
! src/cpu/sparc/vm/c1_MacroAssembler_sparc.cpp
! src/cpu/sparc/vm/c2_init_sparc.cpp
! src/cpu/sparc/vm/disassembler_sparc.hpp
! src/cpu/sparc/vm/globals_sparc.hpp
! src/cpu/sparc/vm/interp_masm_sparc.cpp
! src/cpu/sparc/vm/macroAssembler_sparc.cpp
! src/cpu/sparc/vm/macroAssembler_sparc.hpp
! src/cpu/sparc/vm/macroAssembler_sparc.inline.hpp
! src/cpu/sparc/vm/nativeInst_sparc.cpp
! src/cpu/sparc/vm/nativeInst_sparc.hpp
! src/cpu/sparc/vm/register_sparc.hpp
! src/cpu/sparc/vm/sharedRuntime_sparc.cpp
! src/cpu/sparc/vm/sparc.ad
! src/cpu/sparc/vm/stubGenerator_sparc.cpp
! src/cpu/sparc/vm/stubRoutines_sparc.cpp
! src/cpu/sparc/vm/stubRoutines_sparc.hpp
! src/cpu/sparc/vm/templateInterpreter_sparc.cpp
! src/cpu/sparc/vm/templateTable_sparc.cpp
! src/cpu/sparc/vm/vm_version_sparc.cpp
! src/cpu/sparc/vm/vm_version_sparc.hpp
- src/os_cpu/linux_sparc/vm/assembler_linux_sparc.cpp
! src/os_cpu/linux_sparc/vm/atomic_linux_sparc.inline.hpp
- src/os_cpu/solaris_sparc/vm/assembler_solaris_sparc.cpp
! src/os_cpu/solaris_sparc/vm/atomic_solaris_sparc.inline.hpp
! src/os_cpu/solaris_sparc/vm/solaris_sparc.il
! src/share/vm/runtime/arguments.cpp

Changeset: e7f5651d459c
Author:    twisti
Date:      2013-06-11 11:13 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/e7f5651d459c

8003268: SharedRuntime::generate_native_wrapper doesn't save all registers across runtime tracing calls for JNI critical native methods
Reviewed-by: kvn

! src/cpu/x86/vm/sharedRuntime_x86_64.cpp

Changeset: 693e4d04fd09
Author:    drchase
Date:      2013-06-11 16:34 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/693e4d04fd09

8014959: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit
Summary: Insert extra checks and bailouts for too many nodes
Reviewed-by: kvn

! src/share/vm/opto/c2_globals.hpp
! src/share/vm/opto/chaitin.cpp
! src/share/vm/opto/coalesce.cpp
! src/share/vm/opto/matcher.cpp

Changeset: bc8956037049
Author:    kvn
Date:      2013-06-11 16:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/bc8956037049

Merge

Changeset: c52abc8a0b08
Author:    drchase
Date:      2013-06-13 15:39 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/c52abc8a0b08

8010124: JVM_GetClassContext: use GrowableArray instead of KlassLink
Summary: replace linked data structure with array (performance)
Reviewed-by: kvn
Contributed-by: christian.thalinger at oracle.com, david.r.chase at oracle.com

! src/share/vm/prims/jvm.cpp

Changeset: 7fa25f5575c9
Author:    adlertz
Date:      2013-06-14 01:19 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/7fa25f5575c9

8016157: During CTW: C2: assert(!def_outside->member(r)) failed: Use of external LRG overlaps the same LRG defined in this block
Summary: Disable rematerialization for negD node
Reviewed-by: kvn, roland

! src/share/vm/adlc/formssel.cpp
! src/share/vm/adlc/formssel.hpp

Changeset: ac91879aa56f
Author:    kvn
Date:      2013-06-14 16:33 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ac91879aa56f

Merge

- src/os_cpu/linux_sparc/vm/assembler_linux_sparc.cpp
- src/os_cpu/solaris_sparc/vm/assembler_solaris_sparc.cpp
! src/share/vm/opto/matcher.cpp
! src/share/vm/prims/jvm.cpp

Changeset: 87a6f2df28e2
Author:    drchase
Date:      2013-06-17 12:35 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/87a6f2df28e2

8002160: Compilation issue with adlc using latest SunStudio compilers
Summary: modify declaration of 'swap' overloading; dodge optimizer bug in c1_LIR.cpp
Reviewed-by: kvn, jrose

! src/cpu/sparc/vm/macroAssembler_sparc.hpp
! src/cpu/sparc/vm/macroAssembler_sparc.inline.hpp
! src/share/vm/c1/c1_LIR.cpp

Changeset: 08d35fd1b599
Author:    adlertz
Date:      2013-06-19 00:41 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/08d35fd1b599

8001345: VM crashes with assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc
Summary: Remove unnecessary LoadN / DecodeN nodes at MemBarAcquire nodes.
Reviewed-by: kvn, roland

! src/share/vm/opto/memnode.cpp

Changeset: b88209cf98c0
Author:    kvn
Date:      2013-06-20 16:08 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/b88209cf98c0

Merge

- src/os_cpu/linux_sparc/vm/assembler_linux_sparc.cpp
- src/os_cpu/solaris_sparc/vm/assembler_solaris_sparc.cpp
! src/share/vm/opto/memnode.cpp
! src/share/vm/runtime/arguments.cpp

Changeset: 2cc5a9d1ba66
Author:    amurillo
Date:      2013-06-21 00:51 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/2cc5a9d1ba66

Merge

- src/os_cpu/linux_sparc/vm/assembler_linux_sparc.cpp
- src/os_cpu/solaris_sparc/vm/assembler_solaris_sparc.cpp

Changeset: 3bdeff4a6ca7
Author:    amurillo
Date:      2013-06-21 00:51 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/3bdeff4a6ca7

Added tag hs25-b38 for changeset 2cc5a9d1ba66

! .hgtags

Changeset: 9f3e3245b50f
Author:    amurillo
Date:      2013-06-25 12:46 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/9f3e3245b50f

Merge

- src/os_cpu/linux_sparc/vm/assembler_linux_sparc.cpp
- src/os_cpu/solaris_sparc/vm/assembler_solaris_sparc.cpp
! src/share/vm/memory/allocation.hpp
! src/share/vm/memory/universe.cpp
! src/share/vm/prims/jvm.cpp

Changeset: e6a4b8c71fa6
Author:    katleman
Date:      2013-06-26 11:25 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/e6a4b8c71fa6

8017323: JDK8 b95 source with GPL header errors
Reviewed-by: tbell, darcy

! src/share/vm/memory/referenceProcessorStats.hpp

Changeset: b6d1e42655cd
Author:    katleman
Date:      2013-06-27 13:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/b6d1e42655cd

Added tag jdk8-b96 for changeset e6a4b8c71fa6

! .hgtags

From lana.steuck at oracle.com  Fri Jun 28 23:11:21 2013
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Sat, 29 Jun 2013 06:11:21 +0000
Subject: hg: jdk8/tl/langtools: 5 new changesets
Message-ID: <20130629061220.24BBC48687@hg.openjdk.java.net>

Changeset: 3478b1e81baf
Author:    katleman
Date:      2013-06-20 10:17 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/3478b1e81baf

Added tag jdk8-b95 for changeset 4cb113623127

! .hgtags

Changeset: b3458329d060
Author:    lana
Date:      2013-06-24 14:27 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/b3458329d060

Merge

Changeset: 988aef3a8c3a
Author:    katleman
Date:      2013-06-26 11:26 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/988aef3a8c3a

8016684: JDK8 b94 source with GPL header errors
Reviewed-by: tbell, darcy

! test/tools/javac/6567415/T6567415.java

Changeset: 6a11a81a8824
Author:    katleman
Date:      2013-06-27 13:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/6a11a81a8824

Added tag jdk8-b96 for changeset 988aef3a8c3a

! .hgtags

Changeset: 66147d50d8d6
Author:    lana
Date:      2013-06-28 19:47 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/66147d50d8d6

Merge

From lana.steuck at oracle.com  Fri Jun 28 23:13:55 2013
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Sat, 29 Jun 2013 06:13:55 +0000
Subject: hg: jdk8/tl/jdk: 34 new changesets
Message-ID: <20130629062118.6CC2F48689@hg.openjdk.java.net>

Changeset: 3531945431aa
Author:    erikj
Date:      2013-06-13 14:04 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3531945431aa

8014231: --with-alsa configuration options don't add include or lib directories to proper flags
Reviewed-by: tbell

! makefiles/CompileNativeLibraries.gmk

Changeset: 42aa9f182885
Author:    katleman
Date:      2013-06-18 15:32 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/42aa9f182885

Merge

! makefiles/CompileNativeLibraries.gmk

Changeset: 0c4db4782114
Author:    katleman
Date:      2013-06-20 10:17 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0c4db4782114

Added tag jdk8-b95 for changeset 42aa9f182885

! .hgtags

Changeset: 616a73e97b38
Author:    bae
Date:      2013-06-06 13:57 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/616a73e97b38

8013430: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fails with java.io.StreamCorruptedException: invalid type code: EE since 8b87
Reviewed-by: prr, vadim

! src/share/classes/java/awt/color/ICC_Profile.java
+ src/share/classes/sun/java2d/cmm/ProfileDataVerifier.java

Changeset: 917dd642f934
Author:    bae
Date:      2013-06-07 14:45 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/917dd642f934

6830714: cmm test failures with OpenJDK
Reviewed-by: prr

! test/sun/java2d/cmm/ColorConvertOp/ColConvCCMTest.java
! test/sun/java2d/cmm/ColorConvertOp/ColConvDCMTest.java
! test/sun/java2d/cmm/ColorConvertOp/ColConvTest.java

Changeset: 1431488fb0f9
Author:    jgodinez
Date:      2013-06-07 10:26 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1431488fb0f9

8013810: PrintServiceLookup.lookupPrintServices() does not return consistent result
Reviewed-by: prr, jgodinez
Contributed-by: patrick at reini.net

! src/solaris/classes/sun/print/UnixPrintServiceLookup.java
+ test/javax/print/PrintServiceLookup/GetPrintServices.java

Changeset: f67db3d2f406
Author:    prr
Date:      2013-06-13 13:02 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f67db3d2f406

8016485: Windows native print dialog does not reflect default printer settings
Reviewed-by: jgodinez, jchen

! src/windows/classes/sun/awt/windows/WPrinterJob.java
! src/windows/classes/sun/print/Win32PrintService.java
! src/windows/native/sun/windows/WPrinterJob.cpp
! src/windows/native/sun/windows/awt_PrintControl.cpp

Changeset: 82927bc76ea5
Author:    lana
Date:      2013-06-14 11:10 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/82927bc76ea5

Merge

- test/java/util/stream/test/org/openjdk/tests/java/util/stream/SpliteratorLateBindingFailFastTest.java
- test/java/util/stream/test/org/openjdk/tests/java/util/stream/SpliteratorTraversingAndSplittingTest.java

Changeset: c636942a28ef
Author:    prr
Date:      2013-06-17 10:34 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c636942a28ef

8015334: Memory leak when kerning is used on Windows.
Reviewed-by: srl, bae

! src/share/native/sun/font/layout/KernTable.cpp
! src/share/native/sun/font/layout/KernTable.h
! src/share/native/sun/font/layout/LayoutEngine.cpp
+ test/java/awt/font/TextLayout/KerningLeak.java

Changeset: e3d5df92f4ff
Author:    lana
Date:      2013-06-19 17:57 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e3d5df92f4ff

Merge

Changeset: deb8752684e3
Author:    kshefov
Date:      2013-06-06 17:02 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/deb8752684e3

8015976: OpenJDK part of bug JDK-8015812 [TEST_BUG] Tests have conflicting test descriptions
Reviewed-by: serb, anthony

! test/java/awt/DataFlavor/MissedHtmlAndRtfBug/MissedHtmlAndRtfBug.html
! test/java/awt/DataFlavor/MissedHtmlAndRtfBug/MissedHtmlAndRtfBug.java
! test/java/awt/event/KeyEvent/KeyReleasedInAppletTest/KeyReleasedInAppletTest.java

Changeset: cfd3f8bfb96c
Author:    kshefov
Date:      2013-06-06 17:06 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cfd3f8bfb96c

7109977: [macosx] MixingInHwPanel.java test fails on Mac trying to click in the reserved corner
Reviewed-by: serb, anthony

! test/java/awt/Mixing/MixingInHwPanel.java

Changeset: cb7f711e1752
Author:    dmarkov
Date:      2013-06-06 17:59 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cb7f711e1752

8015853: java.lang.ArrayIndexOutOfBoundsException when running SwingSet2 demo
Reviewed-by: alexp, serb

! src/share/classes/javax/swing/text/View.java
+ test/javax/swing/text/View/8015853/bug8015853.java
+ test/javax/swing/text/View/8015853/bug8015853.txt

Changeset: 2d5bb70458b6
Author:    kshefov
Date:      2013-06-10 16:44 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2d5bb70458b6

7105030: [TEST_BUG] [macosx] The tests never finishes
Reviewed-by: alexsch, serb

+ test/javax/swing/JMenu/4692443/bug4692443.java

Changeset: d14523c12f20
Author:    kshefov
Date:      2013-06-11 14:14 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d14523c12f20

8012569: TEST_BUG: java/awt/GraphicsDevice/CheckDisplayModes.java fails
Reviewed-by: anthony, serb

! test/java/awt/GraphicsDevice/CheckDisplayModes.java

Changeset: 9ab7973d5907
Author:    kshefov
Date:      2013-06-11 14:20 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9ab7973d5907

7184908: TEST_BUG: [macosx] closed/com/sun/java/swing/plaf/gtk/4928019/bug4928019.java fails
Reviewed-by: alexsch, serb

+ test/com/sun/java/swing/plaf/gtk/4928019/bug4928019.java

Changeset: 59dc1385127f
Author:    malenkov
Date:      2013-06-11 16:02 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/59dc1385127f

8015336: BasicComboBoxEditor throws NullPointerException
Reviewed-by: alexsch

! src/share/classes/javax/swing/plaf/basic/BasicComboBoxEditor.java
+ test/javax/swing/plaf/basic/BasicComboBoxEditor/Test8015336.java

Changeset: 7bba0147ab3d
Author:    alexsch
Date:      2013-06-11 16:30 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7bba0147ab3d

8009984: [parfait] Buffer overrun at jdk/src/macosx/native/com/apple/laf/AquaFileView.m
Reviewed-by: serb, art

! src/macosx/native/com/apple/laf/AquaFileView.m

Changeset: 33fc8a062f90
Author:    ant
Date:      2013-06-12 16:18 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/33fc8a062f90

8015454: java/awt/Focus/TypeAhead/TestFocusFreeze.java hangs with jdk8 since b56
Reviewed-by: anthony

! src/share/classes/java/awt/DefaultKeyboardFocusManager.java
! test/java/awt/Focus/TypeAhead/TestFocusFreeze.java

Changeset: a7d943998bd3
Author:    pchelko
Date:      2013-06-13 11:10 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a7d943998bd3

8013468: [macosx] Cursor does not update properly when in fullscreen mode on Mac
Reviewed-by: anthony, serb

! src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java
! src/macosx/native/sun/awt/AWTWindow.m
+ test/java/awt/Mouse/EnterExitEvents/FullscreenEnterEventTest.java

Changeset: 6e5824a42c49
Author:    alitvinov
Date:      2013-06-13 18:46 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6e5824a42c49

6847588: AWT test fails
Reviewed-by: anthony, serb

! src/solaris/classes/sun/awt/X11/XKeyboardFocusManagerPeer.java

Changeset: d57fa4e45100
Author:    ant
Date:      2013-06-14 16:38 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d57fa4e45100

8014821: Regression: Focus issues with Oracle WebCenter Capture applet
Reviewed-by: leonidr

! src/windows/native/sun/windows/awt_Frame.cpp

Changeset: 3a157a38f9b3
Author:    lana
Date:      2013-06-14 10:41 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3a157a38f9b3

Merge

- src/solaris/classes/sun/awt/fontconfigs/linux.fontconfig.Fedora.properties
- src/solaris/classes/sun/awt/fontconfigs/linux.fontconfig.SuSE.properties
- src/solaris/classes/sun/awt/fontconfigs/linux.fontconfig.Ubuntu.properties
- src/solaris/classes/sun/awt/fontconfigs/linux.fontconfig.properties
- test/java/util/stream/test/org/openjdk/tests/java/util/stream/SpliteratorLateBindingFailFastTest.java
- test/java/util/stream/test/org/openjdk/tests/java/util/stream/SpliteratorTraversingAndSplittingTest.java

Changeset: a0202d94844a
Author:    malenkov
Date:      2013-06-17 18:30 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a0202d94844a

8013571: TreeModelEvent doesn't accept "null" for root as Javadoc specifies.
Reviewed-by: alexsch

! src/share/classes/javax/swing/JTree.java
! src/share/classes/javax/swing/event/TreeModelEvent.java
! src/share/classes/javax/swing/plaf/basic/BasicTreeUI.java
! src/share/classes/javax/swing/tree/FixedHeightLayoutCache.java
! src/share/classes/javax/swing/tree/VariableHeightLayoutCache.java
! src/share/classes/sun/swing/SwingUtilities2.java
+ test/javax/swing/JTree/8013571/Test8013571.java

Changeset: 6a3a2cb3ca6a
Author:    malenkov
Date:      2013-06-19 14:28 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6a3a2cb3ca6a

8013442: No file filter selected in file type combo box when using JFileChooser
Reviewed-by: alexsch

! src/share/classes/javax/swing/JFileChooser.java
+ test/javax/swing/JFileChooser/8013442/Test8013442.java

Changeset: e8000751a585
Author:    pchelko
Date:      2013-06-19 17:12 +0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e8000751a585

8005661: [parfait] Possible buffer overrun in jdk/src/solaris/native/sun/awt/awt_GraphicsEnv.c
8005695: [parfait] Format string argument mismatch in jdk/src/solaris/native/sun/xawt/XToolkit.c
8005752: [parfait] False positive function call mismatch at jdk/src/solaris/native/sun/xawt/XWindow.c
Reviewed-by: art, serb

! src/solaris/native/sun/awt/awt_GraphicsEnv.c
! src/solaris/native/sun/awt/awt_InputMethod.c
! src/solaris/native/sun/xawt/XToolkit.c

Changeset: a117785457f6
Author:    lana
Date:      2013-06-19 17:59 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a117785457f6

Merge

Changeset: aa4610fe8a73
Author:    lana
Date:      2013-06-19 18:30 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/aa4610fe8a73

Merge

- make/sun/xawt/ToBin.java
- makefiles/sun/awt/X11/ToBin.java
! src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java
! src/share/classes/java/awt/DefaultKeyboardFocusManager.java
- src/share/classes/sun/misc/FDBigInt.java
- src/share/classes/sun/misc/Hashing.java
- src/solaris/classes/sun/awt/X11/XIconInfo.java
! src/solaris/classes/sun/awt/X11/XKeyboardFocusManagerPeer.java
- src/solaris/classes/sun/awt/X11/security-icon-bw16.png
- src/solaris/classes/sun/awt/X11/security-icon-bw24.png
- src/solaris/classes/sun/awt/X11/security-icon-bw32.png
- src/solaris/classes/sun/awt/X11/security-icon-bw48.png
- src/solaris/classes/sun/awt/X11/security-icon-interim16.png
- src/solaris/classes/sun/awt/X11/security-icon-interim24.png
- src/solaris/classes/sun/awt/X11/security-icon-interim32.png
- src/solaris/classes/sun/awt/X11/security-icon-interim48.png
- src/solaris/classes/sun/awt/X11/security-icon-yellow16.png
- src/solaris/classes/sun/awt/X11/security-icon-yellow24.png
- src/solaris/classes/sun/awt/X11/security-icon-yellow32.png
- src/solaris/classes/sun/awt/X11/security-icon-yellow48.png
! src/solaris/native/sun/awt/awt_GraphicsEnv.c
! src/windows/native/sun/windows/WPrinterJob.cpp
! src/windows/native/sun/windows/awt_PrintControl.cpp
- test/java/lang/invoke/7196190/MHProxyTest.java
- test/sun/misc/Hashing.java

Changeset: fce2eaa84b21
Author:    lana
Date:      2013-06-24 14:28 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fce2eaa84b21

Merge

Changeset: 58e5d1149f97
Author:    erikj
Date:      2013-06-25 09:25 +0200
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/58e5d1149f97

8017480: Move copying of jfr files to closed makefile
Reviewed-by: sla, tbell

! makefiles/CopyFiles.gmk

Changeset: fd41ca58229c
Author:    katleman
Date:      2013-06-25 13:49 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fd41ca58229c

Merge

Changeset: 4a5d3cf2b3af
Author:    katleman
Date:      2013-06-26 11:26 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4a5d3cf2b3af

8016684: JDK8 b94 source with GPL header errors
Reviewed-by: tbell, darcy

! src/share/classes/java/nio/CharBufferSpliterator.java
! src/share/native/sun/management/DiagnosticCommandImpl.c
! test/java/lang/management/MXBean/MXBeanBehavior.java
! test/java/lang/management/ManagementFactory/MBeanServerMXBeanUnsupportedTest.java

Changeset: 2f1386fc2079
Author:    katleman
Date:      2013-06-27 13:40 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2f1386fc2079

Added tag jdk8-b96 for changeset 4a5d3cf2b3af

! .hgtags

Changeset: b4d36f3717b8
Author:    lana
Date:      2013-06-28 19:46 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b4d36f3717b8

Merge

From lance.andersen at oracle.com  Sat Jun 29 03:13:43 2013
From: lance.andersen at oracle.com (lance.andersen at oracle.com)
Date: Sat, 29 Jun 2013 10:13:43 +0000
Subject: hg: jdk8/tl/jdk: 8019286: Fix javadoc typo in ResultSet.next
Message-ID: <20130629101441.607234868D@hg.openjdk.java.net>

Changeset: a4eb59bffb60
Author:    lancea
Date:      2013-06-29 06:12 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a4eb59bffb60

8019286: Fix javadoc typo in ResultSet.next
Reviewed-by: darcy, mchung

! src/share/classes/java/sql/ResultSet.java

From vicente.romero at oracle.com  Sat Jun 29 12:14:01 2013
From: vicente.romero at oracle.com (vicente.romero at oracle.com)
Date: Sat, 29 Jun 2013 19:14:01 +0000
Subject: hg: jdk8/tl/langtools: 6983646: javap should identify why a
	DefaultAttribute is being used
Message-ID: <20130629191408.BDE8D48692@hg.openjdk.java.net>

Changeset: 891c5ecb8306
Author:    vromero
Date:      2013-06-29 20:12 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/langtools/rev/891c5ecb8306

6983646: javap should identify why a DefaultAttribute is being used
Reviewed-by: jjg

! src/share/classes/com/sun/tools/classfile/Attribute.java
! src/share/classes/com/sun/tools/classfile/DefaultAttribute.java
! src/share/classes/com/sun/tools/javap/AttributeWriter.java

From joe.darcy at oracle.com  Sun Jun 30 16:02:26 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Sun, 30 Jun 2013 23:02:26 +0000
Subject: hg: jdk8/tl/jdk: 8019466: Fix doclint issues in java.util.function
Message-ID: <20130630230251.28759486AD@hg.openjdk.java.net>

Changeset: bf650fee4983
Author:    darcy
Date:      2013-06-30 16:02 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/bf650fee4983

8019466: Fix doclint issues in java.util.function
Reviewed-by: briangoetz

! src/share/classes/java/util/function/BinaryOperator.java
! src/share/classes/java/util/function/Function.java
! src/share/classes/java/util/function/UnaryOperator.java

From joe.darcy at oracle.com  Sun Jun 30 17:16:04 2013
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Mon, 01 Jul 2013 00:16:04 +0000
Subject: hg: jdk8/tl/jdk: 8019467: Fix doclint issues in java.util.jar.Pack200
Message-ID: <20130701001616.1999A486AE@hg.openjdk.java.net>

Changeset: 9eaeb1a0aa46
Author:    darcy
Date:      2013-06-30 17:15 -0700
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9eaeb1a0aa46

8019467: Fix doclint issues in java.util.jar.Pack200
Reviewed-by: lancea, ksrini

! src/share/classes/java/util/jar/Pack200.java

From bradford.wetmore at oracle.com  Sun Jun 30 18:00:54 2013
From: bradford.wetmore at oracle.com (Brad Wetmore)
Date: Sun, 30 Jun 2013 18:00:54 -0700
Subject: Code review request, 7188658 Add possibility to disable client
	initiated renegotiation
In-Reply-To: <51CCDDFD.9050704@oracle.com>
References: <51A62127.2000406@oracle.com>

	<51A69AD3.9010001@oracle.com>

	<51A6B403.4060907@oracle.com> <51C11C71.4090403@oracle.com>
	<51C12DB5.6060107@oracle.com> <51CCC03B.5090900@oracle.com>
	<51CCCFF3.8070908@oracle.com>

	<51CCDDFD.9050704@oracle.com>
Message-ID: <51D0D4C6.4070401@oracle.com>

Bernd,

I also think this is an excellent suggestion.  Glad that you made it and 
Xuelei is considering it.  Sorry I didn't get a chance to respond before 
I left for the weekend.  There will be a bit of work to do in the 
current code to support abandoning a handshake, but shouldn't be too bad.

Brad

On 6/27/2013 5:51 PM, Xuelei Fan wrote:
> On 6/28/2013 8:05 AM, Bernd Eckenfels wrote:
>> Am 28.06.2013, 01:51 Uhr, schrieb Xuelei Fan :
>>> "Please don't send a no_renegotiation warning alert. Warning message is
>>> not very useful because in general the sending party cannot know how the
>>> receiving party behave.  The server side need to reject client initiated
>>> renegotiation proactively."
>>
>> Just for the record, I totally disagree. I would make the option a multi
>> value like "accept(default)|ignore|reject". Because you never can know
>> how the other side reacts. Ignoring renego requests is totally safe in
>> the spec and in a situation where you chose to turn off renogotiation by
>> clients you can have only two things:
>>
>> a) clients continue to work when you ignore them
>> b) clients break
>>
>> If you always terminate the connection there is no chance for some
>> clients to keep working.
>>
> Great suggestion.  I will consider to add the new "ignore" option.
>
>> Today you can already achieve the termination of connection (by
>> disabling all ciphersuites after initial handshake). You dont need to
>> add code if you dont offer more (i.e. ignore) options.
>>
> You're right here.  This new system property is just to make the work a
> little easier that developers won't need to touch the source code in
> applications.
>
>> Greetings
>> Bernd
>>
>> PS: and regarding the naming a question, is "JSSE" the name of the Sun
>> implementaion or of the Specification?
> I intend to use it for specification. But the names in JSSE is a little
> confusing now (See Brad's response). We need to consolidate the naming
> style.
>
> Xuelei
>