> ---
> old/src/share/classes/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.java
> 2013-12-30 10:22:55.000000000 -
> 0800
> +++
> new/src/share/classes/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.java
> 2013-12-30 10:22:55.000000000 -
> 0800
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights
> reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> @@ -62,9 +62,9 @@
> *
> * The objects that this factory produces will be based
> * on DOM and abide by the DOM interoperability requirements as
> defined in the
> - * href="../../../../../../technotes/guides/security/xmldsig/overview.html#DOM
> Mechanism Requirements">
> + * href="../../../../../../technotes/guides/security/xmldsig/overview.html#DOM%20Mechanism%20Requirements">
>
> * DOM Mechanism Requirements section of the API overview. See the
> - * href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service
> Provider">
> + * href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
>
> * Service Providers section of the API overview for a list of
> standard
> * mechanism types.
> *
> @@ -131,7 +131,7 @@
> *
> * @param mechanismType the type of the XML processing mechanism and
> * representation. See the - *
> href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service
> Provider">
> + *
> href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
>
> * Service Providers section of the API overview for a list of
> * standard mechanism types.
> * @return a new KeyInfoFactory
> @@ -167,7 +167,7 @@
> *
> * @param mechanismType the type of the XML processing mechanism and
> * representation. See the - *
> href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service
> Provider">
> + *
> href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
>
> * Service Providers section of the API overview for a list of
> * standard mechanism types.
> * @param provider the Provider object
> @@ -211,7 +211,7 @@
> *
> * @param mechanismType the type of the XML processing mechanism and
> * representation. See the - *
> href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service
> Provider">
> + *
> href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
>
> * Service Providers section of the API overview for a list of
> * standard mechanism types.
> * @param provider the string name of the provider
>
From chris.hegarty at oracle.com Fri Jan 3 06:58:37 2014
From: chris.hegarty at oracle.com (chris.hegarty at oracle.com)
Date: Fri, 03 Jan 2014 06:58:37 +0000
Subject: hg: jdk8/tl/jdk: 2 new changesets
Message-ID: <20140103065950.CE6EF62FEB@hg.openjdk.java.net>
Changeset: 18080cca998a
Author: dl
Date: 2014-01-03 06:22 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/18080cca998a
8031133: AbstractMap should specify its default implementation using @implSpec
Reviewed-by: chegar, alanb
! src/share/classes/java/util/AbstractMap.java
Changeset: 33a60ce1e35d
Author: chegar
Date: 2014-01-03 06:23 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/33a60ce1e35d
Merge
! src/share/classes/java/util/AbstractMap.java
From sean.mullan at oracle.com Fri Jan 3 14:04:48 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Fri, 03 Jan 2014 09:04:48 -0500
Subject: Code Review request: 8028431: NullPointerException in
DerValue.equals(DerValue)
In-Reply-To: <52B997F4.7090603@oracle.com>
References: <52B43D53.3070108@oracle.com> <52B443D2.9080901@oracle.com>
<52B45586.5030505@oracle.com> <52B997F4.7090603@oracle.com>
Message-ID: <52C6C380.5030708@oracle.com>
Hi Artem,
The updated fix looks good.
--Sean
On 12/24/2013 09:19 AM, Artem Smotrakov wrote:
> Hi Sean,
>
> Thanks for your feedback.
>
> I have updated the webrev with your suggestions.
>
> The test used a real certificate issued by a CA. I created bad
> self-signed certificate.
>
> Please take a look:
> http://cr.openjdk.java.net/~asmotrak/8028431/webrev.02/
>
>
> Artem
>
> On 12/20/2013 06:34 PM, Sean Mullan wrote:
>> A couple of other comments:
>>
>> 1. Add an @Override annotation to the equals method. While you are in
>> there, could you also add @Override to the toString and hashCode methods.
>>
>> 2. Move the "==" check and make it the first thing you check
>>
>> 3. Nit: don't include space between "!" and "("
>>
>> @Override
>> public boolean equals(Object o) {
>> if (this == o) {
>> return true;
>> }
>> if (!(o instanceof DerValue)) {
>> return false;
>> }
>> DerValue other = (DerValue) o;
>>
>> 4. In the test, close the FileInputStream after you are done with it
>> (use try-with-resources)
>>
>> 5. Is the certificate used in the test a real certificate issued by a
>> CA or one that you created yourself? If it is a real certificate, we
>> should not include it in openJDK. You will need to move the test to
>> the closed repo, or create your own bad certificate with the symptoms.
>>
>> Thanks,
>> Sean
>>
>>
>> On 12/20/2013 08:19 AM, Vincent Ryan wrote:
>>> Hello Artem,
>>>
>>> You fix looks good. You just need to fill in the missing portion
>>> of the copyright in the test. You could also adjust the copyright
>>> year range at the start of DerValue.java.
>>>
>>> Also I would add the test to the existing
>>> test/java/security/cert/X509Certificate/ directory rather than create a
>>> new one.
>>>
>>> Finally, I think the test should run fine without the jtreg
>>> tag for 'othervm'.
>>>
>>> Thanks.
>>>
>>>
>>> On 20/12/2013 12:51, Artem Smotrakov wrote:
>>>> Hi,
>>>>
>>>> please review this fix for 9:
>>>>
>>>> https://bugs.openjdk.java.net/browse/JDK-8028431
>>>> http://cr.openjdk.java.net/~asmotrak/8028431/webrev.00/
>>>>
>>>>
>>>> sun.security.util.DerValue.equals(DerValue) method does not check that
>>>> null is passed. As a result, NullPointerException can occur.
>>>>
>>>> Artem
>>
>
From sean.coffey at oracle.com Fri Jan 3 16:47:54 2014
From: sean.coffey at oracle.com (sean.coffey at oracle.com)
Date: Fri, 03 Jan 2014 16:47:54 +0000
Subject: hg: jdk8/tl/jdk: 2 new changesets
Message-ID: <20140103164849.42D2E62FFC@hg.openjdk.java.net>
Changeset: 46c727d6ecc2
Author: aefimov
Date: 2013-12-30 16:46 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46c727d6ecc2
8025051: Update resource files for TimeZone display names
Reviewed-by: okutsu, mfang
! src/share/classes/sun/util/resources/de/TimeZoneNames_de.java
! src/share/classes/sun/util/resources/es/TimeZoneNames_es.java
! src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java
! src/share/classes/sun/util/resources/it/TimeZoneNames_it.java
! src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java
! src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java
! src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java
! src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java
! src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java
! src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java
! test/java/util/Calendar/GenericTimeZoneNamesTest.sh
! test/sun/util/resources/TimeZone/Bug6317929.java
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNamesTest.java
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_de.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_de_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_es.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_es_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_fr.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_fr_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_it.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_it_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_ja.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_ja_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_ko.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_ko_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_pt_BR.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_pt_BR_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_sv.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_sv_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_zh_CN.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_zh_CN_short.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_zh_TW.properties
+ test/sun/util/resources/TimeZone/TimeZoneNames/TimeZoneNames_zh_TW_short.properties
Changeset: c0970860803e
Author: coffeys
Date: 2014-01-03 16:45 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c0970860803e
Merge
From joe.darcy at oracle.com Fri Jan 3 19:39:28 2014
From: joe.darcy at oracle.com (joe.darcy at oracle.com)
Date: Fri, 03 Jan 2014 19:39:28 +0000
Subject: hg: jdk8/tl/jdk: 8030212: Several api.java.util.stream tests got
"NaN" value instead of "Infinity" or "-Infinity"
Message-ID: <20140103193957.9AB6C6235D@hg.openjdk.java.net>
Changeset: 68de5492a06d
Author: darcy
Date: 2014-01-03 11:38 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/68de5492a06d
8030212: Several api.java.util.stream tests got "NaN" value instead of "Infinity" or "-Infinity"
Reviewed-by: mduigou, psandoz
! src/share/classes/java/util/DoubleSummaryStatistics.java
! src/share/classes/java/util/stream/Collectors.java
! src/share/classes/java/util/stream/DoublePipeline.java
! test/java/util/stream/TestDoubleSumAverage.java
From bradford.wetmore at oracle.com Fri Jan 3 22:41:50 2014
From: bradford.wetmore at oracle.com (Bradford Wetmore)
Date: Fri, 03 Jan 2014 14:41:50 -0800
Subject: Code review request, 8028518, Increase the priorities of GCM
cipher suites
In-Reply-To: <52C0EED4.2020501@Oracle.COM>
References: <52C0EED4.2020501@Oracle.COM>
Message-ID: <52C73CAE.6080606@oracle.com>
Looks ok to me, with the exception as you pointed out that this doesn't
follow section 4 of RFC 6460. Why was this done, and how did you
originally determine the original ciphersuite ordering for GCMs?
Brad
On 12/29/2013 7:56 PM, Xuelei Fan wrote:
> Hi,
>
> Please review this small update.
>
> webrev: http://cr.openjdk.java.net/~xuelei/8028518/webrev.00/
>
> In TLS protocols, cipher suite specifies the crypto algorithms used in
> TLS connections. The priorities of cipher suites define the preference
> order that a cipher suite may be used in a TLS connection.
>
> When introducing the AEAD/GCM cipher suites in SunJSSE provider (JEP
> 115)[1], for better compatibility and interoperability, we decided to
> decrease the priority of cipher suites in GCM mode for a while before
> GCM technologies mature in the industry.
>
> It's time to consider to increase the priorities of GCM mode cipher
> suite in early stage of JDK 9.
>
> Thanks,
> Xuelei
>
> [1] http://openjdk.java.net/jeps/115
From Xuelei.Fan at Oracle.COM Sat Jan 4 02:19:19 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Sat, 04 Jan 2014 10:19:19 +0800
Subject: Code review request, 8028518, Increase the priorities of GCM
cipher suites
In-Reply-To: <52C73CAE.6080606@oracle.com>
References: <52C0EED4.2020501@Oracle.COM> <52C73CAE.6080606@oracle.com>
Message-ID: <52C76FA7.7030504@Oracle.COM>
On 1/4/2014 6:41 AM, Bradford Wetmore wrote:
> Looks ok to me, with the exception as you pointed out that this doesn't
> follow section 4 of RFC 6460.
Sorry, I did not get it. Would you mind point out the line number of
the concern?
> Why was this done, and how did you
> originally determine the original ciphersuite ordering for GCMs?
>
Per RFC 6460, there are two profiles, "Suite B Combination 1" and "Suite
B Combination 2". SunJSSE default cipher suite preference does not
compliant to the profiles at present. That's why it is said,
"The preference order of the GCM cipher suites does not follow the spec
of RFC 6460."
About the ordering, please refer to line 964-977 of CipherSuite.java
Thanks,
Xuelei
> Brad
>
>
> On 12/29/2013 7:56 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review this small update.
>>
>> webrev: http://cr.openjdk.java.net/~xuelei/8028518/webrev.00/
>>
>> In TLS protocols, cipher suite specifies the crypto algorithms used in
>> TLS connections. The priorities of cipher suites define the preference
>> order that a cipher suite may be used in a TLS connection.
>>
>> When introducing the AEAD/GCM cipher suites in SunJSSE provider (JEP
>> 115)[1], for better compatibility and interoperability, we decided to
>> decrease the priority of cipher suites in GCM mode for a while before
>> GCM technologies mature in the industry.
>>
>> It's time to consider to increase the priorities of GCM mode cipher
>> suite in early stage of JDK 9.
>>
>> Thanks,
>> Xuelei
>>
>> [1] http://openjdk.java.net/jeps/115
From bradford.wetmore at oracle.com Sat Jan 4 02:47:29 2014
From: bradford.wetmore at oracle.com (Bradford Wetmore)
Date: Fri, 03 Jan 2014 18:47:29 -0800
Subject: Code review request, 8028518, Increase the priorities of GCM
cipher suites
In-Reply-To: <52C76FA7.7030504@Oracle.COM>
References: <52C0EED4.2020501@Oracle.COM> <52C73CAE.6080606@oracle.com>
<52C76FA7.7030504@Oracle.COM>
Message-ID: <52C77641.70105@oracle.com>
On 1/3/2014 6:19 PM, Xuelei Fan wrote:
> On 1/4/2014 6:41 AM, Bradford Wetmore wrote:
>> Looks ok to me, with the exception as you pointed out that this doesn't
>> follow section 4 of RFC 6460.
> Sorry, I did not get it. Would you mind point out the line number of
> the concern?
This section in RFC 6460:
A Suite B TLS client configured at a minimum level of security of 128
bits MUST offer the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 or the
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite in the
ClientHello message. The TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
cipher suite is preferred; if offered, it MUST appear before the
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite.
You have:
993 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
...
995 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
>> Why was this done, and how did you
>> originally determine the original ciphersuite ordering for GCMs?
>>
> Per RFC 6460, there are two profiles, "Suite B Combination 1" and "Suite
> B Combination 2". SunJSSE default cipher suite preference does not
> compliant to the profiles at present. That's why it is said,
> "The preference order of the GCM cipher suites does not follow the spec
> of RFC 6460."
>
> About the ordering, please refer to line 964-977 of CipherSuite.java
My question was, how did you choose the current order (currently lines
1080-1110:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Brad
> Thanks,
> Xuelei
>
>> Brad
>>
>>
>> On 12/29/2013 7:56 PM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> Please review this small update.
>>>
>>> webrev: http://cr.openjdk.java.net/~xuelei/8028518/webrev.00/
>>>
>>> In TLS protocols, cipher suite specifies the crypto algorithms used in
>>> TLS connections. The priorities of cipher suites define the preference
>>> order that a cipher suite may be used in a TLS connection.
>>>
>>> When introducing the AEAD/GCM cipher suites in SunJSSE provider (JEP
>>> 115)[1], for better compatibility and interoperability, we decided to
>>> decrease the priority of cipher suites in GCM mode for a while before
>>> GCM technologies mature in the industry.
>>>
>>> It's time to consider to increase the priorities of GCM mode cipher
>>> suite in early stage of JDK 9.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>> [1] http://openjdk.java.net/jeps/115
>
From Xuelei.Fan at Oracle.COM Sat Jan 4 02:58:43 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Sat, 04 Jan 2014 10:58:43 +0800
Subject: Code review request, 8028518, Increase the priorities of GCM
cipher suites
In-Reply-To: <52C77641.70105@oracle.com>
References: <52C0EED4.2020501@Oracle.COM> <52C73CAE.6080606@oracle.com>
<52C76FA7.7030504@Oracle.COM> <52C77641.70105@oracle.com>
Message-ID: <52C778E3.8000307@Oracle.COM>
On 1/4/2014 10:47 AM, Bradford Wetmore wrote:
>
>
> On 1/3/2014 6:19 PM, Xuelei Fan wrote:
>> On 1/4/2014 6:41 AM, Bradford Wetmore wrote:
>>> Looks ok to me, with the exception as you pointed out that this doesn't
>>> follow section 4 of RFC 6460.
>> Sorry, I did not get it. Would you mind point out the line number of
>> the concern?
>
> This section in RFC 6460:
>
> A Suite B TLS client configured at a minimum level of security of 128
> bits MUST offer the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 or the
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite in the
> ClientHello message. The TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> cipher suite is preferred; if offered, it MUST appear before the
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite.
>
Understand. Do you note the circumstance of this spec, at the "level of
security of 128 bits"? In the next paragraph, it also talks about "
level of security of 192 bits".
If configured at a minimum level of security of 192 bits, the client
MUST offer the TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite
and MUST NOT offer the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher
suite.
That's also one point I said that the preference are not RFC 6460
compliant at present. We may make improvement in the future.
> You have:
>
> 993 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
> ...
> 995 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
>
>>> Why was this done, and how did you
>>> originally determine the original ciphersuite ordering for GCMs?
>>>
>> Per RFC 6460, there are two profiles, "Suite B Combination 1" and "Suite
>> B Combination 2". SunJSSE default cipher suite preference does not
>> compliant to the profiles at present. That's why it is said,
>> "The preference order of the GCM cipher suites does not follow the spec
>> of RFC 6460."
>>
>> About the ordering, please refer to line 964-977 of CipherSuite.java
>
> My question was, how did you choose the current order (currently lines
> 1080-1110:
>
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
I think except the above two cipher suites, the order of the following
cipher suites still adhere to the rules described in line 964-977. Right?
Thanks,
Xuelei
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_RSA_WITH_AES_128_GCM_SHA256
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
>
> Brad
>
>
>> Thanks,
>> Xuelei
>>
>>> Brad
>>>
>>>
>>> On 12/29/2013 7:56 PM, Xuelei Fan wrote:
>>>> Hi,
>>>>
>>>> Please review this small update.
>>>>
>>>> webrev: http://cr.openjdk.java.net/~xuelei/8028518/webrev.00/
>>>>
>>>> In TLS protocols, cipher suite specifies the crypto algorithms used in
>>>> TLS connections. The priorities of cipher suites define the preference
>>>> order that a cipher suite may be used in a TLS connection.
>>>>
>>>> When introducing the AEAD/GCM cipher suites in SunJSSE provider (JEP
>>>> 115)[1], for better compatibility and interoperability, we decided to
>>>> decrease the priority of cipher suites in GCM mode for a while before
>>>> GCM technologies mature in the industry.
>>>>
>>>> It's time to consider to increase the priorities of GCM mode cipher
>>>> suite in early stage of JDK 9.
>>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>>>> [1] http://openjdk.java.net/jeps/115
>>
From bernd-2014 at eckenfels.net Sat Jan 4 03:01:45 2014
From: bernd-2014 at eckenfels.net (Bernd Eckenfels)
Date: Sat, 04 Jan 2014 04:01:45 +0100
Subject: Code review request, 8028518, Increase the priorities of GCM
cipher suites
In-Reply-To: <52C76FA7.7030504@Oracle.COM>
References: <52C0EED4.2020501@Oracle.COM> <52C73CAE.6080606@oracle.com>
<52C76FA7.7030504@Oracle.COM>
Message-ID:
Hello,
Am 04.01.2014, 03:19 Uhr, schrieb Xuelei Fan :
> Per RFC 6460, there are two profiles, "Suite B Combination 1" and "Suite
> B Combination 2". SunJSSE default cipher suite preference does not
> compliant to the profiles at present. That's why it is said,
> "The preference order of the GCM cipher suites does not follow the spec
> of RFC 6460."
Maybe it is best to change the comment, this wording suggest the
_ordering_ is the main difference, if I understood you correctly it is
mostly missing supported ciphersuits? (BTW: how to specify the curve to
use?)
If I see it right you prefer TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as
the only AES128 because it uses the Suit B compliant ECDHE. Maybe a
comment similiar to the existing groupings should make that clear
("//ECDHE AES_xxx(GCM) Suite B")? And in that case (as Bradford pointed
out as well) I think the order is wrong (it is a bit strange that there is
no "high as possible" security level specified as compliant :-/)
Maybe the non-suite-b ciphers should also be ordered in groups which
prefer ephermal exchanges (and not by symmetric bit length)
More generally asked: is there a analysis done to follow Suit B
recommendation in this specific way? It seems to me the optimisting
relying on ECDSA might need to be at least reconsidered (especially with
standard curces and the need for good random source)
(I guess my comment is geared more towards the order within those cypers
not the moving of the GCM block in general.)
And all those questions combined makes me wonder if it would actually be a
good idea to have a global "compliance" switch, which can take a few
common scenarios (PCI, Suite B LOW, Suite B HI, ...) and configure the
list accordingly. The default can then be more practially oriented.
Greetings
Bernd
--
http://bernd.eckenfels.net
From Xuelei.Fan at Oracle.COM Sat Jan 4 03:49:49 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Sat, 04 Jan 2014 11:49:49 +0800
Subject: Code review request, 8028518, Increase the priorities of GCM
cipher suites
In-Reply-To:
References: <52C0EED4.2020501@Oracle.COM> <52C73CAE.6080606@oracle.com>
<52C76FA7.7030504@Oracle.COM>
Message-ID: <52C784DD.9020800@Oracle.COM>
On 1/4/2014 11:01 AM, Bernd Eckenfels wrote:
> Hello,
>
> Am 04.01.2014, 03:19 Uhr, schrieb Xuelei Fan :
>> Per RFC 6460, there are two profiles, "Suite B Combination 1" and
>> "Suite B Combination 2". SunJSSE default cipher suite preference does
>> not compliant to the profiles at present. That's why it is said,
>> "The preference order of the GCM cipher suites does not follow the
>> spec of RFC 6460."
>
> Maybe it is best to change the comment, this wording suggest the
> _ordering_ is the main difference, if I understood you correctly it is
> mostly missing supported ciphersuits? (BTW: how to specify the curve to
> use?)
>
Thanks for the suggestion. Looks like it is really confusing. Let's
parse it from the beginning.
line 964-977 comments:
1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
changed later, see below).
2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
AES_128(GCM), AES_256, AES_128, RC-4, 3DES-EDE.
Then the cipher suites preference should be ordered as
1. Suite B compliant (Need to change in the future)
2. AES_256(GCM)
3. AES_128(GCM)
4. AES_256
5. AES_128
6. RC-4
7. 3DES-EDE
The actual order is performed as above.
I think the confusing may come from the some AES_256/128(GCM) may be of
Suite B cipher suites. I may change the comment as:
// Suite B compliant cipher suites, see RFC 6460.
//
// Note that, at present this provider is not Suite B compliant. The
// preference order of the GCM cipher suites does not follow the spec
- // of RFC 6460.
+ // of RFC 6460. In this section, only two cipher suites are listed
+ // so that applications can make use of Suite-B compliant cipher
+ // suite firstly.
add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
0xc02c, --p, K_ECDHE_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384);
add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
0xc02b, --p, K_ECDHE_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256);
> If I see it right you prefer TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as
> the only AES128 because it uses the Suit B compliant ECDHE. Maybe a
> comment similiar to the existing groupings should make that clear
> ("//ECDHE AES_xxx(GCM) Suite B")? And in that case (as Bradford pointed
> out as well) I think the order is wrong (it is a bit strange that there
> is no "high as possible" security level specified as compliant :-/)
>
See above.
> Maybe the non-suite-b ciphers should also be ordered in groups which
> prefer ephermal exchanges (and not by symmetric bit length)
>
I think it's really hard to determine which is more important between
ephermal exchanges and symmetric algorithm. I'm open to discuss more
about a better ordering rule. There are four factors of a cipher
suites, key exchange algorithm, symmetric crypto algorithm and key size,
hash algorithm. What's your preference order if they can be grouped?
> More generally asked: is there a analysis done to follow Suit B
> recommendation in this specific way? It seems to me the optimisting
> relying on ECDSA might need to be at least reconsidered (especially with
> standard curces and the need for good random source)
>
> (I guess my comment is geared more towards the order within those cypers
> not the moving of the GCM block in general.)
>
> And all those questions combined makes me wonder if it would actually be
> a good idea to have a global "compliance" switch, which can take a few
> common scenarios (PCI, Suite B LOW, Suite B HI, ...) and configure the
> list accordingly. The default can then be more practially oriented.
>
We might consider it in the future. See also the related session [1] in
JavaOne shanghai, 2013.
Thanks for the comment, Bernd.
Xuelei
[1]:
https://oraclecn.activeevents.com/connect/sessionDetail.ww?SESSION_ID=1389
From Xuelei.Fan at Oracle.COM Mon Jan 6 03:08:15 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Mon, 06 Jan 2014 11:08:15 +0800
Subject: Code review request,
8030829 Add MD5 to jdk.certpath.disabledAlgorithms security property
Message-ID: <52CA1E1F.9050000@Oracle.COM>
Hi,
Please review this update for JDK 9.
webrev: http://cr.openjdk.java.net/~xuelei/8030829/webrev.00/
Per the spec of RFC 6151, MD5 must not be used for digital signatures
where collision resistance is required. Adding MD5 to
jdk.certpath.disabledAlgorithms security property can prevent the usage
of MD5 as digital signature algorithm during X.509 certificate operations.
It is not necessary to stop using HMAC-MD5 per RFC 6151. TLS is making
use of HMAC-MD5. It is not necessary to stop HMAC-MD5 in JSSE at present.
With this update, there are compatibility issues with those applications
still using MD5 signed certificate. Please upgrade the weak certificate
ASAP.
Thanks,
Xuelei
From daniel.fuchs at oracle.com Mon Jan 6 18:40:18 2014
From: daniel.fuchs at oracle.com (daniel.fuchs at oracle.com)
Date: Mon, 06 Jan 2014 18:40:18 +0000
Subject: hg: jdk8/tl/jdk: 8030850: Setting .level=FINEST in logging
configuration file doesn't work
Message-ID: <20140106184132.99103623E5@hg.openjdk.java.net>
Changeset: d77a1c9fd5b8
Author: dfuchs
Date: 2013-12-22 11:20 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d77a1c9fd5b8
8030850: Setting .level=FINEST in logging configuration file doesn't work
Summary: setLevel(INFO) was called too early on root logger, causing the value found in configuration file to be later ignored.
Reviewed-by: mchung
! src/share/classes/java/util/logging/LogManager.java
+ test/java/util/logging/RootLogger/RootLevelInConfigFile.java
+ test/java/util/logging/RootLogger/rootlogger.properties
From joe.darcy at oracle.com Mon Jan 6 20:53:56 2014
From: joe.darcy at oracle.com (Joe Darcy)
Date: Mon, 06 Jan 2014 12:53:56 -0800
Subject: JDK 9 RFR of JDK-8027063 SecurityManger.getClassContext returns a
raw type
Message-ID: <52CB17E4.5020900@oracle.com>
Hello,
Please review the simple change to fix JDK-8027063
SecurityManger.getClassContext returns a raw type, which changes a
signature of a protected method in SecurityManger to remove a use of raw
types in the core libraries:
--- a/src/share/classes/java/lang/SecurityManager.java Mon Jan 06
11:48:32 2014 -0800
+++ b/src/share/classes/java/lang/SecurityManager.java Mon Jan 06
12:51:52 2014 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -307,7 +307,7 @@
*
* @return the execution stack.
*/
- protected native Class[] getClassContext();
+ protected native Class[] getClassContext();
/**
* Returns the class loader of the most recently executing method from
A clean build succeeds and the SecurityManager tests pass after this change.
Thanks,
-Joe
From Lance.Andersen at oracle.com Mon Jan 6 20:56:49 2014
From: Lance.Andersen at oracle.com (Lance Andersen - Oracle)
Date: Mon, 6 Jan 2014 15:56:49 -0500
Subject: JDK 9 RFR of JDK-8027063 SecurityManger.getClassContext returns a
raw type
In-Reply-To: <52CB17E4.5020900@oracle.com>
References: <52CB17E4.5020900@oracle.com>
Message-ID: <4B42B914-2BE0-452A-B1BF-1BE6C1A523A4@oracle.com>
+1
On Jan 6, 2014, at 3:53 PM, Joe Darcy wrote:
> Hello,
>
> Please review the simple change to fix JDK-8027063 SecurityManger.getClassContext returns a raw type, which changes a signature of a protected method in SecurityManger to remove a use of raw types in the core libraries:
>
> --- a/src/share/classes/java/lang/SecurityManager.java Mon Jan 06 11:48:32 2014 -0800
> +++ b/src/share/classes/java/lang/SecurityManager.java Mon Jan 06 12:51:52 2014 -0800
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
> + * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> @@ -307,7 +307,7 @@
> *
> * @return the execution stack.
> */
> - protected native Class[] getClassContext();
> + protected native Class[] getClassContext();
>
> /**
> * Returns the class loader of the most recently executing method from
>
> A clean build succeeds and the SecurityManager tests pass after this change.
>
> Thanks,
>
> -Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oracle_sig_logo.gif
Type: image/gif
Size: 658 bytes
Desc: not available
URL:
-------------- next part --------------
Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037
Oracle Java Engineering
1 Network Drive
Burlington, MA 01803
Lance.Andersen at oracle.com
From joe.darcy at oracle.com Tue Jan 7 06:17:19 2014
From: joe.darcy at oracle.com (Joe Darcy)
Date: Mon, 06 Jan 2014 22:17:19 -0800
Subject: JDK 9 RFR of JDK-8031302 Fix raw types lint warnings in java.security
Message-ID: <52CB9BEF.5090700@oracle.com>
Hello,
Please review the straightforward patch below to fix a handful of
rawtypes lint warnings in java.security.
Thanks,
-Joe
diff -r 8aba209fcc73 src/share/classes/java/security/Provider.java
--- a/src/share/classes/java/security/Provider.java Mon Jan 06
13:54:54 2014 -0800
+++ b/src/share/classes/java/security/Provider.java Mon Jan 06
22:12:47 2014 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1405,7 +1405,7 @@
private String[] supportedFormats;
// names of the supported key (super) classes
- private Class[] supportedClasses;
+ private Class[] supportedClasses;
// whether this service has been registered with the Provider
private boolean registered;
@@ -1656,7 +1656,7 @@
return o;
}
Class argClass = constructorParameter.getClass();
- Constructor[] cons = clazz.getConstructors();
+ Constructor[] cons = clazz.getConstructors();
// find first public constructor that can take the
// argument as parameter
for (int i = 0; i < cons.length; i++) {
diff -r 8aba209fcc73
src/share/classes/java/security/UnresolvedPermission.java
--- a/src/share/classes/java/security/UnresolvedPermission.java Mon Jan
06 13:54:54 2014 -0800
+++ b/src/share/classes/java/security/UnresolvedPermission.java Mon Jan
06 22:12:47 2014 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -216,9 +216,9 @@
}
- private static final Class[] PARAMS0 = { };
- private static final Class[] PARAMS1 = { String.class };
- private static final Class[] PARAMS2 = { String.class, String.class };
+ private static final Class[] PARAMS0 = { };
+ private static final Class[] PARAMS1 = { String.class };
+ private static final Class[] PARAMS2 = { String.class,
String.class };
/**
* try and resolve this permission using the class loader of the
permission
From Xuelei.Fan at Oracle.COM Tue Jan 7 06:28:42 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Tue, 07 Jan 2014 14:28:42 +0800
Subject: JDK 9 RFR of JDK-8027063 SecurityManger.getClassContext returns
a raw type
In-Reply-To: <52CB17E4.5020900@oracle.com>
References: <52CB17E4.5020900@oracle.com>
Message-ID: <52CB9E9A.8090007@Oracle.COM>
Looks fine to me.
Thanks,
Xuelei
On 1/7/2014 4:53 AM, Joe Darcy wrote:
> Hello,
>
> Please review the simple change to fix JDK-8027063
> SecurityManger.getClassContext returns a raw type, which changes a
> signature of a protected method in SecurityManger to remove a use of raw
> types in the core libraries:
>
> --- a/src/share/classes/java/lang/SecurityManager.java Mon Jan 06
> 11:48:32 2014 -0800
> +++ b/src/share/classes/java/lang/SecurityManager.java Mon Jan 06
> 12:51:52 2014 -0800
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights
> reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> @@ -307,7 +307,7 @@
> *
> * @return the execution stack.
> */
> - protected native Class[] getClassContext();
> + protected native Class[] getClassContext();
>
> /**
> * Returns the class loader of the most recently executing method
> from
>
> A clean build succeeds and the SecurityManager tests pass after this
> change.
>
> Thanks,
>
> -Joe
From Xuelei.Fan at Oracle.COM Tue Jan 7 06:31:01 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Tue, 07 Jan 2014 14:31:01 +0800
Subject: JDK 9 RFR of JDK-8031302 Fix raw types lint warnings in
java.security
In-Reply-To: <52CB9BEF.5090700@oracle.com>
References: <52CB9BEF.5090700@oracle.com>
Message-ID: <52CB9F25.1050506@Oracle.COM>
Looks fine to me. Thanks for take care of the fixes.
Xuelei
On 1/7/2014 2:17 PM, Joe Darcy wrote:
> Hello,
>
> Please review the straightforward patch below to fix a handful of
> rawtypes lint warnings in java.security.
>
> Thanks,
>
> -Joe
>
> diff -r 8aba209fcc73 src/share/classes/java/security/Provider.java
> --- a/src/share/classes/java/security/Provider.java Mon Jan 06
> 13:54:54 2014 -0800
> +++ b/src/share/classes/java/security/Provider.java Mon Jan 06
> 22:12:47 2014 -0800
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights
> reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> @@ -1405,7 +1405,7 @@
> private String[] supportedFormats;
>
> // names of the supported key (super) classes
> - private Class[] supportedClasses;
> + private Class[] supportedClasses;
>
> // whether this service has been registered with the Provider
> private boolean registered;
> @@ -1656,7 +1656,7 @@
> return o;
> }
> Class argClass = constructorParameter.getClass();
> - Constructor[] cons = clazz.getConstructors();
> + Constructor[] cons = clazz.getConstructors();
> // find first public constructor that can take the
> // argument as parameter
> for (int i = 0; i < cons.length; i++) {
> diff -r 8aba209fcc73
> src/share/classes/java/security/UnresolvedPermission.java
> --- a/src/share/classes/java/security/UnresolvedPermission.java Mon Jan
> 06 13:54:54 2014 -0800
> +++ b/src/share/classes/java/security/UnresolvedPermission.java Mon Jan
> 06 22:12:47 2014 -0800
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights
> reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> @@ -216,9 +216,9 @@
> }
>
>
> - private static final Class[] PARAMS0 = { };
> - private static final Class[] PARAMS1 = { String.class };
> - private static final Class[] PARAMS2 = { String.class, String.class };
> + private static final Class[] PARAMS0 = { };
> + private static final Class[] PARAMS1 = { String.class };
> + private static final Class[] PARAMS2 = { String.class,
> String.class };
>
> /**
> * try and resolve this permission using the class loader of the
> permission
>
From roger.riggs at oracle.com Tue Jan 7 17:29:07 2014
From: roger.riggs at oracle.com (roger.riggs at oracle.com)
Date: Tue, 07 Jan 2014 17:29:07 +0000
Subject: hg: jdk8/tl/jdk: 8031103: java.time.Duration has wrong Javadoc
Comments in toDays() and toHours()
Message-ID: <20140107172936.C23DA6242B@hg.openjdk.java.net>
Changeset: 1b503dd54b95
Author: rriggs
Date: 2014-01-07 11:50 -0500
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1b503dd54b95
8031103: java.time.Duration has wrong Javadoc Comments in toDays() and toHours()
Summary: Correct specification for Duration.toDays, toHours
Reviewed-by: lancea, alanb
! src/share/classes/java/time/Duration.java
From weijun.wang at oracle.com Wed Jan 8 03:00:01 2014
From: weijun.wang at oracle.com (Weijun Wang)
Date: Wed, 08 Jan 2014 11:00:01 +0800
Subject: RFR: 8031046: Native Windows ccache might still get unsupported
ticket
In-Reply-To: <52BD4F8C.90402@oracle.com>
References: <52BD4F8C.90402@oracle.com>
Message-ID: <52CCBF31.8090405@oracle.com>
ping again.
On 12/27/13, 17:59, Weijun Wang wrote:
> Hi All
>
> Please review the code changes at
>
> http://cr.openjdk.java.net/~weijun/8031046/webrev.00/
>
> In 8016594, we updated Windows LSA retrieval so that when the existing
> TGT has a session key whose etype is not supported by Java (say,
> aes-256), we re-acquire one using the default_tkt_enctypes list and
> return it. Unfortunately, if the first item in that list is not
> supported by Windows (say, des3-cbc-sha1), Windows will still issue an
> aes-256 ticket. We should check again and possibly try other items until
> we get a ticket with the requested etype.
>
> Thanks
> Max
From erik.joelsson at oracle.com Wed Jan 8 14:24:24 2014
From: erik.joelsson at oracle.com (erik.joelsson at oracle.com)
Date: Wed, 08 Jan 2014 14:24:24 +0000
Subject: hg: jdk8/tl: 8030781: System.setProperties(null) drops all system
properties (RELEASE not set)
Message-ID: <20140108142425.364A862461@hg.openjdk.java.net>
Changeset: 53d74b77ee53
Author: erikj
Date: 2014-01-08 14:02 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/rev/53d74b77ee53
8030781: System.setProperties(null) drops all system properties (RELEASE not set)
Reviewed-by: alanb, ihse, tbell
! common/autoconf/generated-configure.sh
! common/autoconf/toolchain.m4
From erik.joelsson at oracle.com Wed Jan 8 14:24:48 2014
From: erik.joelsson at oracle.com (erik.joelsson at oracle.com)
Date: Wed, 08 Jan 2014 14:24:48 +0000
Subject: hg: jdk8/tl/jdk: 8030781: System.setProperties(null) drops all system
properties (RELEASE not set)
Message-ID: <20140108142555.A4F0B62462@hg.openjdk.java.net>
Changeset: 2437ccbf3504
Author: erikj
Date: 2014-01-08 14:04 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2437ccbf3504
8030781: System.setProperties(null) drops all system properties (RELEASE not set)
Reviewed-by: alanb
+ test/java/lang/System/SetPropertiesNull.java
From michael.fang at oracle.com Wed Jan 8 14:58:52 2014
From: michael.fang at oracle.com (michael.fang at oracle.com)
Date: Wed, 08 Jan 2014 14:58:52 +0000
Subject: hg: jdk8/tl/jdk: 3 new changesets
Message-ID: <20140108145930.428F162463@hg.openjdk.java.net>
Changeset: 5d05be02629c
Author: mfang
Date: 2014-01-07 21:44 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5d05be02629c
8029239: jdk8 l10n resource file translation update - localenames
Reviewed-by: okutsu
! src/share/classes/sun/util/resources/de/LocaleNames_de.properties
! src/share/classes/sun/util/resources/es/LocaleNames_es.properties
! src/share/classes/sun/util/resources/fr/LocaleNames_fr.properties
! src/share/classes/sun/util/resources/it/LocaleNames_it.properties
! src/share/classes/sun/util/resources/ja/LocaleNames_ja.properties
! src/share/classes/sun/util/resources/ko/LocaleNames_ko.properties
! src/share/classes/sun/util/resources/sv/LocaleNames_sv.properties
! src/share/classes/sun/util/resources/zh/LocaleNames_zh.properties
! src/share/classes/sun/util/resources/zh/LocaleNames_zh_TW.properties
Changeset: b7e7d7ad6f68
Author: mfang
Date: 2014-01-07 22:04 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b7e7d7ad6f68
8026570: NLS: jdk8 man page update
Reviewed-by: naoto, okutsu
! make/Images.gmk
! src/linux/doc/man/ja/appletviewer.1
! src/linux/doc/man/ja/extcheck.1
! src/linux/doc/man/ja/idlj.1
! src/linux/doc/man/ja/jar.1
! src/linux/doc/man/ja/jarsigner.1
! src/linux/doc/man/ja/java.1
! src/linux/doc/man/ja/javac.1
! src/linux/doc/man/ja/javadoc.1
! src/linux/doc/man/ja/javah.1
! src/linux/doc/man/ja/javap.1
! src/linux/doc/man/ja/javaws.1
+ src/linux/doc/man/ja/jcmd.1
! src/linux/doc/man/ja/jconsole.1
! src/linux/doc/man/ja/jdb.1
+ src/linux/doc/man/ja/jdeps.1
! src/linux/doc/man/ja/jhat.1
! src/linux/doc/man/ja/jinfo.1
+ src/linux/doc/man/ja/jjs.1
! src/linux/doc/man/ja/jmap.1
! src/linux/doc/man/ja/jps.1
! src/linux/doc/man/ja/jrunscript.1
! src/linux/doc/man/ja/jsadebugd.1
! src/linux/doc/man/ja/jstack.1
! src/linux/doc/man/ja/jstat.1
! src/linux/doc/man/ja/jstatd.1
! src/linux/doc/man/ja/jvisualvm.1
! src/linux/doc/man/ja/keytool.1
! src/linux/doc/man/ja/native2ascii.1
! src/linux/doc/man/ja/orbd.1
! src/linux/doc/man/ja/pack200.1
! src/linux/doc/man/ja/policytool.1
! src/linux/doc/man/ja/rmic.1
! src/linux/doc/man/ja/rmid.1
! src/linux/doc/man/ja/rmiregistry.1
! src/linux/doc/man/ja/schemagen.1
! src/linux/doc/man/ja/serialver.1
! src/linux/doc/man/ja/servertool.1
! src/linux/doc/man/ja/tnameserv.1
! src/linux/doc/man/ja/unpack200.1
! src/linux/doc/man/ja/wsgen.1
! src/linux/doc/man/ja/wsimport.1
! src/linux/doc/man/ja/xjc.1
! src/solaris/doc/sun/man/man1/ja/appletviewer.1
! src/solaris/doc/sun/man/man1/ja/extcheck.1
! src/solaris/doc/sun/man/man1/ja/idlj.1
! src/solaris/doc/sun/man/man1/ja/jar.1
! src/solaris/doc/sun/man/man1/ja/jarsigner.1
! src/solaris/doc/sun/man/man1/ja/java.1
! src/solaris/doc/sun/man/man1/ja/javac.1
! src/solaris/doc/sun/man/man1/ja/javadoc.1
! src/solaris/doc/sun/man/man1/ja/javah.1
! src/solaris/doc/sun/man/man1/ja/javap.1
+ src/solaris/doc/sun/man/man1/ja/jcmd.1
! src/solaris/doc/sun/man/man1/ja/jconsole.1
! src/solaris/doc/sun/man/man1/ja/jdb.1
+ src/solaris/doc/sun/man/man1/ja/jdeps.1
! src/solaris/doc/sun/man/man1/ja/jhat.1
! src/solaris/doc/sun/man/man1/ja/jinfo.1
+ src/solaris/doc/sun/man/man1/ja/jjs.1
! src/solaris/doc/sun/man/man1/ja/jmap.1
! src/solaris/doc/sun/man/man1/ja/jps.1
! src/solaris/doc/sun/man/man1/ja/jrunscript.1
! src/solaris/doc/sun/man/man1/ja/jsadebugd.1
! src/solaris/doc/sun/man/man1/ja/jstack.1
! src/solaris/doc/sun/man/man1/ja/jstat.1
! src/solaris/doc/sun/man/man1/ja/jstatd.1
! src/solaris/doc/sun/man/man1/ja/jvisualvm.1
! src/solaris/doc/sun/man/man1/ja/keytool.1
! src/solaris/doc/sun/man/man1/ja/native2ascii.1
! src/solaris/doc/sun/man/man1/ja/orbd.1
! src/solaris/doc/sun/man/man1/ja/pack200.1
! src/solaris/doc/sun/man/man1/ja/policytool.1
! src/solaris/doc/sun/man/man1/ja/rmic.1
! src/solaris/doc/sun/man/man1/ja/rmid.1
! src/solaris/doc/sun/man/man1/ja/rmiregistry.1
! src/solaris/doc/sun/man/man1/ja/schemagen.1
! src/solaris/doc/sun/man/man1/ja/serialver.1
! src/solaris/doc/sun/man/man1/ja/servertool.1
! src/solaris/doc/sun/man/man1/ja/tnameserv.1
! src/solaris/doc/sun/man/man1/ja/unpack200.1
! src/solaris/doc/sun/man/man1/ja/wsgen.1
! src/solaris/doc/sun/man/man1/ja/wsimport.1
! src/solaris/doc/sun/man/man1/ja/xjc.1
Changeset: 7c8f4610a23d
Author: mfang
Date: 2014-01-08 06:50 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7c8f4610a23d
Merge
From paul.sandoz at oracle.com Thu Jan 9 10:50:48 2014
From: paul.sandoz at oracle.com (paul.sandoz at oracle.com)
Date: Thu, 09 Jan 2014 10:50:48 +0000
Subject: hg: jdk8/tl/jdk: 8031187: DoubleStream.count is incorrect for a
stream containing > Integer.MAX_VALUE elements
Message-ID: <20140109105107.5E7D86248A@hg.openjdk.java.net>
Changeset: 630a92015993
Author: psandoz
Date: 2014-01-09 10:52 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/630a92015993
8031187: DoubleStream.count is incorrect for a stream containing > Integer.MAX_VALUE elements
Reviewed-by: darcy
! src/share/classes/java/util/stream/DoublePipeline.java
! src/share/classes/java/util/stream/IntPipeline.java
+ test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountLargeTest.java
+ test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountTest.java
From sean.mullan at oracle.com Thu Jan 9 22:34:27 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Thu, 09 Jan 2014 17:34:27 -0500
Subject: Code review request,
8030829 Add MD5 to jdk.certpath.disabledAlgorithms security property
In-Reply-To: <52CA1E1F.9050000@Oracle.COM>
References: <52CA1E1F.9050000@Oracle.COM>
Message-ID: <52CF23F3.1010309@oracle.com>
The code change looks fine. My main concern is the number of tests that
have been converted to run in othervm which will make the tests run
slower. Did you explore how much effort it would be to convert some of
the test certificates to use stronger algorithms?
Also, I noticed many of the tests are using ocsp security properties.
These tests can now use the PKIXRevocationChecker API added in JDK 8
which won't put a dependency on security properties which require them
to be run with othervm.
--Sean
On 01/05/2014 10:08 PM, Xuelei Fan wrote:
> Hi,
>
> Please review this update for JDK 9.
>
> webrev: http://cr.openjdk.java.net/~xuelei/8030829/webrev.00/
>
> Per the spec of RFC 6151, MD5 must not be used for digital signatures
> where collision resistance is required. Adding MD5 to
> jdk.certpath.disabledAlgorithms security property can prevent the usage
> of MD5 as digital signature algorithm during X.509 certificate operations.
>
> It is not necessary to stop using HMAC-MD5 per RFC 6151. TLS is making
> use of HMAC-MD5. It is not necessary to stop HMAC-MD5 in JSSE at present.
>
> With this update, there are compatibility issues with those applications
> still using MD5 signed certificate. Please upgrade the weak certificate
> ASAP.
>
> Thanks,
> Xuelei
>
From Xuelei.Fan at Oracle.COM Fri Jan 10 02:28:24 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Fri, 10 Jan 2014 10:28:24 +0800
Subject: Code review request,
8030829 Add MD5 to jdk.certpath.disabledAlgorithms security property
In-Reply-To: <52CF23F3.1010309@oracle.com>
References: <52CA1E1F.9050000@Oracle.COM> <52CF23F3.1010309@oracle.com>
Message-ID: <52CF5AC8.90709@Oracle.COM>
On 1/10/2014 6:34 AM, Sean Mullan wrote:
> The code change looks fine. My main concern is the number of tests that
> have been converted to run in othervm which will make the tests run
> slower. Did you explore how much effort it would be to convert some of
> the test certificates to use stronger algorithms?
>
I did think about to change the certificates from MD5 to SHA-1 or SHA-2.
But it is not a small effort, for some cases it is not doable. I would
rather open a new bug to remove the test dependency on MD5 signature if
possible. What do you think?
> Also, I noticed many of the tests are using ocsp security properties.
> These tests can now use the PKIXRevocationChecker API added in JDK 8
> which won't put a dependency on security properties which require them
> to be run with othervm.
>
We may backport this fix. Nice to address it in another new bug for JDK
8/9.
Thanks,
Xuelei
> --Sean
>
> On 01/05/2014 10:08 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review this update for JDK 9.
>>
>> webrev: http://cr.openjdk.java.net/~xuelei/8030829/webrev.00/
>>
>> Per the spec of RFC 6151, MD5 must not be used for digital signatures
>> where collision resistance is required. Adding MD5 to
>> jdk.certpath.disabledAlgorithms security property can prevent the usage
>> of MD5 as digital signature algorithm during X.509 certificate
>> operations.
>>
>> It is not necessary to stop using HMAC-MD5 per RFC 6151. TLS is making
>> use of HMAC-MD5. It is not necessary to stop HMAC-MD5 in JSSE at
>> present.
>>
>> With this update, there are compatibility issues with those applications
>> still using MD5 signed certificate. Please upgrade the weak certificate
>> ASAP.
>>
>> Thanks,
>> Xuelei
>>
>
From erik.joelsson at oracle.com Fri Jan 10 12:29:57 2014
From: erik.joelsson at oracle.com (erik.joelsson at oracle.com)
Date: Fri, 10 Jan 2014 12:29:57 +0000
Subject: hg: jdk8/tl/jdk: 8031300: No jdeps.1 and jjs.1 man pages in jdk8 b122
build and jvisualvm.1 and jcmd.1 missing on macosx; ...
Message-ID: <20140110123036.99DB6624BC@hg.openjdk.java.net>
Changeset: 6f3a3bd78c57
Author: erikj
Date: 2014-01-10 10:25 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6f3a3bd78c57
8031300: No jdeps.1 and jjs.1 man pages in jdk8 b122 build and jvisualvm.1 and jcmd.1 missing on macosx
8030946: No jmc.1 for man page of JMC
Reviewed-by: ihse, tbell
! make/Images.gmk
+ src/bsd/doc/man/ja/jcmd.1
+ src/bsd/doc/man/ja/jdeps.1
+ src/bsd/doc/man/ja/jjs.1
- src/bsd/doc/man/ja/kinit.1
- src/bsd/doc/man/ja/klist.1
- src/bsd/doc/man/ja/ktab.1
From sean.mullan at oracle.com Fri Jan 10 16:31:09 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Fri, 10 Jan 2014 11:31:09 -0500
Subject: Code review request,
8030829 Add MD5 to jdk.certpath.disabledAlgorithms security property
In-Reply-To: <52CF5AC8.90709@Oracle.COM>
References: <52CA1E1F.9050000@Oracle.COM> <52CF23F3.1010309@oracle.com>
<52CF5AC8.90709@Oracle.COM>
Message-ID: <52D0204D.9000707@oracle.com>
On 01/09/2014 09:28 PM, Xuelei Fan wrote:
> On 1/10/2014 6:34 AM, Sean Mullan wrote:
>> The code change looks fine. My main concern is the number of tests that
>> have been converted to run in othervm which will make the tests run
>> slower. Did you explore how much effort it would be to convert some of
>> the test certificates to use stronger algorithms?
>>
> I did think about to change the certificates from MD5 to SHA-1 or SHA-2.
> But it is not a small effort, for some cases it is not doable. I would
> rather open a new bug to remove the test dependency on MD5 signature if
> possible. What do you think?
That sounds good.
>> Also, I noticed many of the tests are using ocsp security properties.
>> These tests can now use the PKIXRevocationChecker API added in JDK 8
>> which won't put a dependency on security properties which require them
>> to be run with othervm.
>>
> We may backport this fix. Nice to address it in another new bug for JDK
> 8/9.
Ok, can you also file one for that?
Thanks,
Sean
>
> Thanks,
> Xuelei
>
>> --Sean
>>
>> On 01/05/2014 10:08 PM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> Please review this update for JDK 9.
>>>
>>> webrev: http://cr.openjdk.java.net/~xuelei/8030829/webrev.00/
>>>
>>> Per the spec of RFC 6151, MD5 must not be used for digital signatures
>>> where collision resistance is required. Adding MD5 to
>>> jdk.certpath.disabledAlgorithms security property can prevent the usage
>>> of MD5 as digital signature algorithm during X.509 certificate
>>> operations.
>>>
>>> It is not necessary to stop using HMAC-MD5 per RFC 6151. TLS is making
>>> use of HMAC-MD5. It is not necessary to stop HMAC-MD5 in JSSE at
>>> present.
>>>
>>> With this update, there are compatibility issues with those applications
>>> still using MD5 signed certificate. Please upgrade the weak certificate
>>> ASAP.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>
>
From valerie.peng at oracle.com Fri Jan 10 19:05:45 2014
From: valerie.peng at oracle.com (Valerie (Yu-Ching) Peng)
Date: Fri, 10 Jan 2014 11:05:45 -0800
Subject: RFR: 8031046: Native Windows ccache might still get unsupported
ticket
In-Reply-To: <52BD4F8C.90402@oracle.com>
References: <52BD4F8C.90402@oracle.com>
Message-ID: <52D04489.5040505@oracle.com>
Changes look fine.
Thanks,
Valerie
On 12/27/13 01:59, Weijun Wang wrote:
> Hi All
>
> Please review the code changes at
>
> http://cr.openjdk.java.net/~weijun/8031046/webrev.00/
>
> In 8016594, we updated Windows LSA retrieval so that when the existing
> TGT has a session key whose etype is not supported by Java (say,
> aes-256), we re-acquire one using the default_tkt_enctypes list and
> return it. Unfortunately, if the first item in that list is not
> supported by Windows (say, des3-cbc-sha1), Windows will still issue an
> aes-256 ticket. We should check again and possibly try other items
> until we get a ticket with the requested etype.
>
> Thanks
> Max
From alan.bateman at oracle.com Mon Jan 13 16:21:07 2014
From: alan.bateman at oracle.com (alan.bateman at oracle.com)
Date: Mon, 13 Jan 2014 16:21:07 +0000
Subject: hg: jdk8/tl/jaxws: 8027908: serialVersionUID of
javax.xml.bind.TypeConstraintException accidently changed
Message-ID: <20140113162119.3F8986240B@hg.openjdk.java.net>
Changeset: bd943bdbce05
Author: alanb
Date: 2014-01-13 16:17 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/bd943bdbce05
8027908: serialVersionUID of javax.xml.bind.TypeConstraintException accidently changed
Reviewed-by: alanb
Contributed-by: iaroslav.savytskyi at oracle.com
! src/share/jaxws_classes/javax/xml/bind/TypeConstraintException.java
From Xuelei.Fan at Oracle.COM Tue Jan 14 09:37:44 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Tue, 14 Jan 2014 17:37:44 +0800
Subject: Code review request, 8031566, regression test failure,
SSLEngineBadBufferArrayAccess.java
Message-ID: <52D50568.8040601@Oracle.COM>
Hi,
Please review this simple regression test fix.
webrev: http://cr.openjdk.java.net/~xuelei/8031566/webrev.00/
I missed something in the fix of JDK-7180038 for the same test. This
update makes the test more reliable so that the two test cases in the
same test are not dependent any more. Please see Brad's post,
http://mail.openjdk.java.net/pipermail/security-dev/2012-July/005129.html
Thanks,
Xuelei
From Alan.Bateman at oracle.com Tue Jan 14 09:40:05 2014
From: Alan.Bateman at oracle.com (Alan Bateman)
Date: Tue, 14 Jan 2014 09:40:05 +0000
Subject: JDK 9 RFR of JDK-8031651: Remove unneeded -source and -target
flags in jdk repo regression tests
In-Reply-To: <52D48EB8.70009@oracle.com>
References: <52D48EB8.70009@oracle.com>
Message-ID: <52D505F5.3000504@oracle.com>
On 14/01/2014 01:11, Joe Darcy wrote:
> :
>
> A few comments on the changes. In java/security/cert/* the tests were
> intentionally creating a corrupted set to make sure it was rejected
> properly.
>
See JDK-8005937 [1] for a previous attempt to remove the the -source 1.4
from these tests.
-Alan
[1] https://bugs.openjdk.java.net/browse/JDK-8005937
From sean.mullan at oracle.com Tue Jan 14 14:08:15 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Tue, 14 Jan 2014 09:08:15 -0500
Subject: Code review request, 8031566, regression test failure,
SSLEngineBadBufferArrayAccess.java
In-Reply-To: <52D50568.8040601@Oracle.COM>
References: <52D50568.8040601@Oracle.COM>
Message-ID: <52D544CF.1000502@oracle.com>
Looks fine to me.
--Sean
On 01/14/2014 04:37 AM, Xuelei Fan wrote:
> Hi,
>
> Please review this simple regression test fix.
>
> webrev: http://cr.openjdk.java.net/~xuelei/8031566/webrev.00/
>
> I missed something in the fix of JDK-7180038 for the same test. This
> update makes the test more reliable so that the two test cases in the
> same test are not dependent any more. Please see Brad's post,
> http://mail.openjdk.java.net/pipermail/security-dev/2012-July/005129.html
>
> Thanks,
> Xuelei
From joe.darcy at oracle.com Tue Jan 14 16:59:14 2014
From: joe.darcy at oracle.com (Joe Darcy)
Date: Tue, 14 Jan 2014 08:59:14 -0800
Subject: FYI, JDK 9 RFR of JDK-8031651: Remove unneeded -source and -target
flags in jdk repo regression tests
Message-ID: <52D56CE2.2050200@oracle.com>
Hello,
FYI, over on core-libs
http://mail.openjdk.java.net/pipermail/core-libs-dev/2014-January/024375.html
there is a review discussion of removing old -source and -target
settings from regression tests ahead of dropping javac support for
source/target 1.5 and earlier later in JDK 9. The changes include the
following modifications to two cert tests:
---
old/test/java/security/cert/PKIXBuilderParameters/InvalidParameters.java
2014-01-13 16:54:10.000000000 -0800
+++
new/test/java/security/cert/PKIXBuilderParameters/InvalidParameters.java
2014-01-13 16:54:10.000000000 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2004, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,16 +21,17 @@
* questions.
*/
-/**
+/*
* @test
* @test 4422738
- * @compile -source 1.4 InvalidParameters.java
+ * @compile InvalidParameters.java
* @run main InvalidParameters
* @summary Make sure PKIXBuilderParameters(Set) detects invalid
* parameters and throws correct exceptions
*/
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.TrustAnchor;
import java.util.Collections;
import java.util.Set;
@@ -53,8 +54,10 @@
// make sure Set of invalid objects throws ClassCastException
try {
+ @SuppressWarnings("unchecked") // Knowingly do something bad
+ Set badSet = (Set) (Set)
Collections.singleton(new String());
PKIXBuilderParameters p =
- new PKIXBuilderParameters(Collections.singleton(new
String()), null);
+ new PKIXBuilderParameters(badSet, null);
throw new Exception("should have thrown ClassCastException");
} catch (ClassCastException cce) { }
}
--- old/test/java/security/cert/PKIXParameters/InvalidParameters.java
2014-01-13 16:54:11.000000000 -0800
+++ new/test/java/security/cert/PKIXParameters/InvalidParameters.java
2014-01-13 16:54:10.000000000 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2004, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,7 @@
/**
* @test
* @test 4422738
- * @compile -source 1.4 InvalidParameters.java
+ * @compile InvalidParameters.java
* @run main InvalidParameters
* @summary Make sure PKIXParameters(Set) and setTrustAnchors()
detects invalid
* parameters and throws correct exceptions
@@ -64,12 +64,14 @@
} catch (NullPointerException npe) { }
// make sure Set of invalid objects throws ClassCastException
+ @SuppressWarnings("unchecked") // Knowingly do something bad
+ Set badSet = (Set) (Set)
Collections.singleton(new String());
try {
- PKIXParameters p = new
PKIXParameters(Collections.singleton(new String()));
+ PKIXParameters p = new PKIXParameters(badSet);
throw new Exception("should have thrown ClassCastException");
} catch (ClassCastException cce) { }
try {
- params.setTrustAnchors(Collections.singleton(new String()));
+ params.setTrustAnchors(badSet);
throw new Exception("should have thrown ClassCastException");
} catch (ClassCastException cce) { }
}
In brief, raw types and unsafe casts are used to construct the corrupted
sets without needing source 1.4.
Thanks,
-Joe
From sean.mullan at oracle.com Tue Jan 14 17:20:07 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Tue, 14 Jan 2014 12:20:07 -0500
Subject: FYI, JDK 9 RFR of JDK-8031651: Remove unneeded -source and -target
flags in jdk repo regression tests
In-Reply-To: <52D56CE2.2050200@oracle.com>
References: <52D56CE2.2050200@oracle.com>
Message-ID: <52D571C7.7080002@oracle.com>
The change looks good, thanks for the FYI.
--Sean
On 01/14/2014 11:59 AM, Joe Darcy wrote:
> Hello,
>
> FYI, over on core-libs
>
> http://mail.openjdk.java.net/pipermail/core-libs-dev/2014-January/024375.html
>
>
> there is a review discussion of removing old -source and -target
> settings from regression tests ahead of dropping javac support for
> source/target 1.5 and earlier later in JDK 9. The changes include the
> following modifications to two cert tests:
>
> ---
> old/test/java/security/cert/PKIXBuilderParameters/InvalidParameters.java
> 2014-01-13 16:54:10.000000000 -0800
> +++
> new/test/java/security/cert/PKIXBuilderParameters/InvalidParameters.java
> 2014-01-13 16:54:10.000000000 -0800
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 2001, 2004, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights
> reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> @@ -21,16 +21,17 @@
> * questions.
> */
>
> -/**
> +/*
> * @test
> * @test 4422738
> - * @compile -source 1.4 InvalidParameters.java
> + * @compile InvalidParameters.java
> * @run main InvalidParameters
> * @summary Make sure PKIXBuilderParameters(Set) detects invalid
> * parameters and throws correct exceptions
> */
> import java.security.InvalidAlgorithmParameterException;
> import java.security.cert.PKIXBuilderParameters;
> +import java.security.cert.TrustAnchor;
> import java.util.Collections;
> import java.util.Set;
>
> @@ -53,8 +54,10 @@
>
> // make sure Set of invalid objects throws ClassCastException
> try {
> + @SuppressWarnings("unchecked") // Knowingly do something bad
> + Set badSet = (Set) (Set)
> Collections.singleton(new String());
> PKIXBuilderParameters p =
> - new PKIXBuilderParameters(Collections.singleton(new
> String()), null);
> + new PKIXBuilderParameters(badSet, null);
> throw new Exception("should have thrown ClassCastException");
> } catch (ClassCastException cce) { }
> }
> --- old/test/java/security/cert/PKIXParameters/InvalidParameters.java
> 2014-01-13 16:54:11.000000000 -0800
> +++ new/test/java/security/cert/PKIXParameters/InvalidParameters.java
> 2014-01-13 16:54:10.000000000 -0800
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 2001, 2004, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights
> reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> @@ -24,7 +24,7 @@
> /**
> * @test
> * @test 4422738
> - * @compile -source 1.4 InvalidParameters.java
> + * @compile InvalidParameters.java
> * @run main InvalidParameters
> * @summary Make sure PKIXParameters(Set) and setTrustAnchors()
> detects invalid
> * parameters and throws correct exceptions
> @@ -64,12 +64,14 @@
> } catch (NullPointerException npe) { }
>
> // make sure Set of invalid objects throws ClassCastException
> + @SuppressWarnings("unchecked") // Knowingly do something bad
> + Set badSet = (Set) (Set)
> Collections.singleton(new String());
> try {
> - PKIXParameters p = new
> PKIXParameters(Collections.singleton(new String()));
> + PKIXParameters p = new PKIXParameters(badSet);
> throw new Exception("should have thrown ClassCastException");
> } catch (ClassCastException cce) { }
> try {
> - params.setTrustAnchors(Collections.singleton(new String()));
> + params.setTrustAnchors(badSet);
> throw new Exception("should have thrown ClassCastException");
> } catch (ClassCastException cce) { }
> }
>
> In brief, raw types and unsafe casts are used to construct the corrupted
> sets without needing source 1.4.
>
> Thanks,
>
> -Joe
From alexander.zuev at oracle.com Tue Jan 14 19:17:52 2014
From: alexander.zuev at oracle.com (alexander.zuev at oracle.com)
Date: Tue, 14 Jan 2014 19:17:52 +0000
Subject: hg: jdk8/tl: 3 new changesets
Message-ID: <20140114191752.B1DC66242B@hg.openjdk.java.net>
Changeset: ff1478785e43
Author: katleman
Date: 2014-01-03 11:54 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/rev/ff1478785e43
Added tag jdk8-b122 for changeset 347009c58816
! .hgtags
Changeset: c330fa67c4da
Author: katleman
Date: 2014-01-10 08:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/rev/c330fa67c4da
Added tag jdk8-b123 for changeset ff1478785e43
! .hgtags
Changeset: fd869d9f3ca7
Author: kizune
Date: 2014-01-14 23:10 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/rev/fd869d9f3ca7
Merge
From alexander.zuev at oracle.com Tue Jan 14 19:18:03 2014
From: alexander.zuev at oracle.com (alexander.zuev at oracle.com)
Date: Tue, 14 Jan 2014 19:18:03 +0000
Subject: hg: jdk8/tl/corba: 10 new changesets
Message-ID: <20140114191809.3B0F76242C@hg.openjdk.java.net>
Changeset: 98a5caae1990
Author: chegar
Date: 2013-11-03 07:32 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/98a5caae1990
Merge
Changeset: 880514b576d5
Author: msheppar
Date: 2013-11-12 17:56 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/880514b576d5
8026193: Enhance CORBA stub factories
Summary: modify com.sun.corba.se.impl.presenetation.rmi.StubFactoryDynamicBase inheritance structure.
Reviewed-by: alanb, coffeys, ahgross
! src/share/classes/com/sun/corba/se/impl/presentation/rmi/StubFactoryDynamicBase.java
! src/share/classes/com/sun/corba/se/impl/presentation/rmi/StubFactoryFactoryProxyImpl.java
Changeset: b083590cb088
Author: msheppar
Date: 2013-11-12 18:04 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/b083590cb088
8025767: Enhance IIOP Streams
Summary: modify org.omg.CORBA_2_3.portable.InputStream inheritance structure.
Reviewed-by: alanb, coffeys, skoivu
! src/share/classes/com/sun/corba/se/impl/corba/AnyImpl.java
! src/share/classes/com/sun/corba/se/impl/encoding/EncapsInputStream.java
! src/share/classes/com/sun/corba/se/impl/encoding/EncapsOutputStream.java
! src/share/classes/com/sun/corba/se/impl/encoding/TypeCodeInputStream.java
! src/share/classes/com/sun/corba/se/impl/encoding/TypeCodeOutputStream.java
! src/share/classes/com/sun/corba/se/impl/interceptors/CDREncapsCodec.java
! src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java
! src/share/classes/com/sun/corba/se/impl/io/InputStreamHook.java
! src/share/classes/com/sun/corba/se/impl/ior/EncapsulationUtility.java
! src/share/classes/com/sun/corba/se/impl/ior/ObjectKeyFactoryImpl.java
! src/share/classes/com/sun/corba/se/impl/ior/iiop/IIOPProfileImpl.java
! src/share/classes/com/sun/corba/se/impl/protocol/CorbaClientRequestDispatcherImpl.java
! src/share/classes/com/sun/corba/se/impl/protocol/SharedCDRClientRequestDispatcherImpl.java
! src/share/classes/com/sun/corba/se/impl/resolver/INSURLOperationImpl.java
! src/share/classes/com/sun/corba/se/spi/servicecontext/ServiceContexts.java
! src/share/classes/org/omg/CORBA_2_3/portable/InputStream.java
+ src/share/classes/sun/corba/EncapsInputStreamFactory.java
Changeset: 6b9b31f2298b
Author: kizune
Date: 2013-12-03 14:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/6b9b31f2298b
Merge
Changeset: d05c64360b6c
Author: kizune
Date: 2013-12-05 16:37 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/d05c64360b6c
Merge
- make/com/Makefile
- make/com/sun/Makefile
- make/com/sun/corba/Makefile
- make/com/sun/corba/minclude/com_sun_corba_se_PortableActivationIDL.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_activation.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_corba.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_core.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_dynamicany.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_encoding.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_interceptors.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_io.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_ior.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_legacy.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_logging.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_monitoring.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_naming_cosnaming.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_naming_namingutil.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_naming_pcosnaming.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_oa_poa.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_oa_toa.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_orb.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_orbutil.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_presentation_rmi.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_protocol.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_resolver.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_transport.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_impl_util.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_internal_LegacyFiles.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_pept.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_activation.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_copyobject.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_encoding.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_extension.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_ior.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_legacy_connection.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_legacy_interceptor.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_logging.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_monitoring.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_oa.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_orb.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_orbutil.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_presentation_rmi.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_protocol.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_resolver.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_servicecontext.jmk
- make/com/sun/corba/minclude/com_sun_corba_se_spi_transport.jmk
- make/com/sun/corba/minclude/com_sun_tools_corba_se_idl_toJavaPortable.jmk
- make/com/sun/corba/minclude/javax_activity.jmk
- make/com/sun/corba/minclude/javax_rmi.jmk
- make/com/sun/corba/minclude/javax_rmi_CORBA.jmk
- make/com/sun/corba/minclude/javax_transaction.jmk
- make/com/sun/corba/minclude/org_omg_CORBA.jmk
- make/com/sun/corba/minclude/org_omg_CORBAX.jmk
- make/com/sun/corba/minclude/org_omg_CORBA_2_3.jmk
- make/com/sun/corba/minclude/org_omg_CosNaming.jmk
- make/com/sun/corba/minclude/org_omg_DynamicAny.jmk
- make/com/sun/corba/minclude/org_omg_IOP.jmk
- make/com/sun/corba/minclude/org_omg_Messaging.jmk
- make/com/sun/corba/minclude/org_omg_PortableInterceptor.jmk
- make/com/sun/corba/minclude/org_omg_PortableServer.jmk
- make/com/sun/corba/minclude/org_omg_SendingContext.jmk
- make/com/sun/corba/minclude/sun_corba.jmk
- make/com/sun/corba/se/Makefile
- make/com/sun/corba/se/PortableActivationIDL/Makefile
- make/com/sun/corba/se/connection/FILES_java.gmk
- make/com/sun/corba/se/connection/Makefile
- make/com/sun/corba/se/core/Makefile
- make/com/sun/corba/se/corespi/Makefile
- make/com/sun/corba/se/impl/Makefile
- make/com/sun/corba/se/impl/activation/Makefile
- make/com/sun/corba/se/impl/activation/orbd/Makefile
- make/com/sun/corba/se/impl/activation/servertool/Makefile
- make/com/sun/corba/se/impl/interceptors/Makefile
- make/com/sun/corba/se/impl/logging/Makefile
- make/com/sun/corba/se/impl/monitoring/Makefile
- make/com/sun/corba/se/impl/naming/Makefile
- make/com/sun/corba/se/impl/naming/cosnaming/Makefile
- make/com/sun/corba/se/impl/naming/namingutil/Makefile
- make/com/sun/corba/se/impl/naming/pcosnaming/Makefile
- make/com/sun/corba/se/impl/oa/Makefile
- make/com/sun/corba/se/impl/oa/poa/Makefile
- make/com/sun/corba/se/impl/oa/toa/Makefile
- make/com/sun/corba/se/interceptor/FILES_java.gmk
- make/com/sun/corba/se/interceptor/Makefile
- make/com/sun/corba/se/pept/Makefile
- make/com/sun/corba/se/rmi/Makefile
- make/com/sun/corba/se/rmi/rmic/Makefile
- make/com/sun/corba/se/rmi/rmic/SUN_RMI_RMIC_IIOP_java.gmk
- make/com/sun/corba/se/sources/Makefile
- make/com/sun/corba/se/spi/Makefile
- make/com/sun/corba/se/spi/activation/Makefile
- make/com/sun/corba/se/spi/copyobject/Makefile
- make/com/sun/corba/se/spi/encoding/Makefile
- make/com/sun/corba/se/spi/extension/Makefile
- make/com/sun/corba/se/spi/legacy/Makefile
- make/com/sun/corba/se/spi/legacy/connection/Makefile
- make/com/sun/corba/se/spi/legacy/interceptor/Makefile
- make/com/sun/corba/se/spi/logging/Makefile
- make/com/sun/corba/se/spi/monitoring/Makefile
- make/common/BuildToolJar.gmk
- make/common/CancelImplicits.gmk
- make/common/Classes.gmk
- make/common/Defs-bsd.gmk
- make/common/Defs-linux.gmk
- make/common/Defs-solaris.gmk
- make/common/Defs-windows.gmk
- make/common/Defs.gmk
- make/common/Rules.gmk
- make/common/internal/Resources.gmk
- make/common/shared/Defs-bsd.gmk
- make/common/shared/Defs-java.gmk
- make/common/shared/Defs-linux.gmk
- make/common/shared/Defs-solaris.gmk
- make/common/shared/Defs-utils.gmk
- make/common/shared/Defs-windows.gmk
- make/common/shared/Defs.gmk
- make/common/shared/Platform.gmk
- make/javax/Makefile
- make/javax/xa/Makefile
- make/jprt.properties
- make/org/Makefile
- make/org/omg/CORBA/Makefile
- make/org/omg/CORBAX_java.gmk
- make/org/omg/CosNaming/Makefile
- make/org/omg/DynamicAny/Makefile
- make/org/omg/Makefile
- make/org/omg/PortableInterceptor/Makefile
- make/org/omg/PortableServer/Makefile
- make/org/omg/idl/FILES_java.gmk
- make/org/omg/idl/Makefile
- make/org/omg/sources/Makefile
- make/sun/Makefile
- make/sun/corba/Makefile
- make/sun/corba/core/Makefile
- make/sun/corba/org/Makefile
- make/sun/corba/org/omg/FILES_java.gmk
- make/sun/corba/org/omg/Makefile
- make/sun/rmi/Makefile
- make/sun/rmi/corbalogcompile/Makefile
- make/sun/rmi/corbalogsources/Makefile
- make/sun/rmi/rmic/FILES.gmk
- make/sun/rmi/rmic/Makefile
- make/tools/Makefile
- make/tools/idlj/Makefile
- make/tools/logutil/Makefile
- make/tools/strip_properties/Makefile
- makefiles/BuildCorba.gmk
- makefiles/Makefile
Changeset: dae8ee5b71d9
Author: kizune
Date: 2013-12-13 22:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/dae8ee5b71d9
Merge
Changeset: 0354055127f5
Author: asaha
Date: 2013-12-20 07:40 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/0354055127f5
Merge
Changeset: 7ec1c16f6fb8
Author: asaha
Date: 2014-01-02 15:18 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/7ec1c16f6fb8
Merge
! src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java
! src/share/classes/com/sun/corba/se/impl/io/InputStreamHook.java
! src/share/classes/com/sun/corba/se/impl/ior/EncapsulationUtility.java
Changeset: 1ecd4619f60c
Author: katleman
Date: 2014-01-03 11:54 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/1ecd4619f60c
Added tag jdk8-b122 for changeset 0cd687347540
! .hgtags
Changeset: 9240e4c6b107
Author: asaha
Date: 2014-01-03 15:57 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/9240e4c6b107
Merge
From alexander.zuev at oracle.com Tue Jan 14 19:25:32 2014
From: alexander.zuev at oracle.com (alexander.zuev at oracle.com)
Date: Tue, 14 Jan 2014 19:25:32 +0000
Subject: hg: jdk8/tl/hotspot: 21 new changesets
Message-ID: <20140114192621.73DC36242F@hg.openjdk.java.net>
Changeset: 7ccce1a6fa4d
Author: coleenp
Date: 2013-09-05 10:29 -0400
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/7ccce1a6fa4d
8021266: Better life cycle for objects
Summary: Improve life cycle for objects
Reviewed-by: art, hseigel
Contributed-by: gerard.ziemski at oracle.com
! src/share/vm/runtime/os.cpp
Changeset: 2a907fd129cb
Author: chegar
Date: 2013-09-06 09:55 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/2a907fd129cb
Merge
! src/share/vm/runtime/os.cpp
- test/runtime/7051189/Xchecksig.sh
Changeset: 9b4ce069642e
Author: chegar
Date: 2013-09-14 20:40 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/9b4ce069642e
Merge
! src/share/vm/classfile/classFileParser.cpp
- src/share/vm/classfile/genericSignatures.cpp
- src/share/vm/classfile/genericSignatures.hpp
! src/share/vm/runtime/os.cpp
Changeset: 6fa574bfd32a
Author: chegar
Date: 2013-10-03 19:13 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/6fa574bfd32a
Merge
! src/share/vm/classfile/classFileParser.cpp
! src/share/vm/runtime/os.cpp
- test/gc/metaspace/ClassMetaspaceSizeInJmapHeap.java
- test/runtime/6878713/Test6878713.sh
- test/runtime/6878713/testcase.jar
- test/runtime/7020373/Test7020373.sh
- test/runtime/7020373/testcase.jar
Changeset: 6795fcebbf42
Author: chegar
Date: 2013-10-21 14:08 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/6795fcebbf42
Merge
! src/share/vm/classfile/classFileParser.cpp
- test/testlibrary/AssertsTest.java
- test/testlibrary/OutputAnalyzerReportingTest.java
- test/testlibrary/OutputAnalyzerTest.java
Changeset: c31f0cbe6d9e
Author: chegar
Date: 2013-11-03 07:50 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/c31f0cbe6d9e
Merge
- src/share/vm/memory/metablock.cpp
- src/share/vm/memory/metablock.hpp
- test/compiler/8013496/Test8013496.sh
- test/compiler/intrinsics/mathexact/CondTest.java
- test/compiler/intrinsics/mathexact/ConstantTest.java
- test/compiler/intrinsics/mathexact/LoadTest.java
- test/compiler/intrinsics/mathexact/LoopDependentTest.java
- test/compiler/intrinsics/mathexact/NonConstantTest.java
- test/gc/7168848/HumongousAlloc.java
Changeset: 0611ce949aaa
Author: kizune
Date: 2013-12-03 14:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/0611ce949aaa
Merge
! src/share/vm/classfile/classFileParser.cpp
Changeset: e254e5940c19
Author: kizune
Date: 2013-12-05 16:37 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/e254e5940c19
Merge
! src/share/vm/classfile/classFileParser.cpp
- test/compiler/jsr292/methodHandleExceptions/C.java
- test/compiler/jsr292/methodHandleExceptions/I.java
Changeset: 9063bd8808a7
Author: jrose
Date: 2013-12-05 00:36 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/9063bd8808a7
8029507: Enhance JVM method processing
Summary: update MemberName.clazz correctly in MemberName.resolve; also pass lookupClass to MethodHandles::resolve_MemberName
Reviewed-by: acorn, vlivanov
! src/share/vm/prims/methodHandles.cpp
! src/share/vm/prims/methodHandles.hpp
Changeset: 1b46c3672650
Author: kizune
Date: 2013-12-13 22:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/1b46c3672650
Merge
Changeset: 8dbd61445631
Author: asaha
Date: 2013-12-17 15:46 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/8dbd61445631
Merge
Changeset: ddff10b13587
Author: asaha
Date: 2013-12-20 07:41 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ddff10b13587
Merge
Changeset: 0b9c7eb6658b
Author: amurillo
Date: 2013-12-20 08:48 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/0b9c7eb6658b
8030752: new hotspot build - hs25-b65
Reviewed-by: jcoomes
! make/hotspot_version
Changeset: 5832cdaf89c6
Author: hseigel
Date: 2013-12-16 08:24 -0500
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/5832cdaf89c6
8027804: JCK resolveMethod test fails expecting AbstractMethodError
Summary: Create AME overpass methods and fix method search logic
Reviewed-by: kamg, acorn, lfoltan, coleenp
! src/share/vm/classfile/defaultMethods.cpp
! src/share/vm/interpreter/linkResolver.cpp
! src/share/vm/oops/instanceKlass.cpp
! src/share/vm/oops/instanceKlass.hpp
! src/share/vm/oops/klassVtable.cpp
Changeset: 62e87648a4be
Author: coleenp
Date: 2013-12-19 20:28 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/62e87648a4be
8030633: nsk/jvmti/RedefineClasses/StressRedefine failed invalid method ordering length on Solaris
Summary: A method with no declared methods was getting an AME overpass method with the latest change. The method_ordering array was not updated for the new methods.
Reviewed-by: dcubed, acorn, dsamersoff, lfoltan, hseigel
! src/share/vm/classfile/defaultMethods.cpp
Changeset: be840d0078bc
Author: coleenp
Date: 2013-12-20 14:03 -0500
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/be840d0078bc
Merge
Changeset: 55fb97c4c58d
Author: mikael
Date: 2013-12-24 11:48 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/55fb97c4c58d
8029233: Update copyright year to match last edit in jdk8 hotspot repository for 2013
Summary: Copyright year updated for files modified during 2013
Reviewed-by: twisti, iveresov
! agent/make/Makefile
! agent/src/os/linux/libproc.h
! agent/src/os/linux/salibelf.c
! agent/src/os/linux/symtab.c
! agent/src/os/solaris/proc/saproc.cpp
! agent/src/os/win32/windbg/sawindbg.cpp
! agent/src/share/classes/sun/jvm/hotspot/CLHSDB.java
! agent/src/share/classes/sun/jvm/hotspot/CommandProcessor.java
! agent/src/share/classes/sun/jvm/hotspot/HSDB.java
! agent/src/share/classes/sun/jvm/hotspot/LinuxVtblAccess.java
! agent/src/share/classes/sun/jvm/hotspot/asm/Disassembler.java
! agent/src/share/classes/sun/jvm/hotspot/ci/ciEnv.java
! agent/src/share/classes/sun/jvm/hotspot/ci/ciMethod.java
! agent/src/share/classes/sun/jvm/hotspot/code/NMethod.java
! agent/src/share/classes/sun/jvm/hotspot/compiler/CompileTask.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/bsd/BsdAddress.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/bsd/BsdDebugger.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/linux/LinuxAddress.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/linux/LinuxDebuggerLocal.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/linux/LinuxOopHandle.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/linux/amd64/LinuxAMD64CFrame.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/linux/x86/LinuxX86CFrame.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/windbg/WindbgCDebugger.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/windbg/WindbgDebuggerLocal.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/windows/amd64/WindowsAMD64CFrame.java
! agent/src/share/classes/sun/jvm/hotspot/debugger/windows/x86/WindowsX86CFrame.java
! agent/src/share/classes/sun/jvm/hotspot/jdi/JVMTIThreadState.java
! agent/src/share/classes/sun/jvm/hotspot/memory/CMSCollector.java
! agent/src/share/classes/sun/jvm/hotspot/memory/DictionaryEntry.java
! agent/src/share/classes/sun/jvm/hotspot/memory/SymbolTable.java
! agent/src/share/classes/sun/jvm/hotspot/oops/ArrayKlass.java
! agent/src/share/classes/sun/jvm/hotspot/oops/InstanceKlass.java
! agent/src/share/classes/sun/jvm/hotspot/oops/Klass.java
! agent/src/share/classes/sun/jvm/hotspot/oops/MethodCounters.java
! agent/src/share/classes/sun/jvm/hotspot/oops/MethodData.java
! agent/src/share/classes/sun/jvm/hotspot/oops/ObjectHeap.java
! agent/src/share/classes/sun/jvm/hotspot/opto/PhaseCFG.java
! agent/src/share/classes/sun/jvm/hotspot/runtime/ThreadLocalAllocBuffer.java
! agent/src/share/classes/sun/jvm/hotspot/runtime/VM.java
! agent/src/share/classes/sun/jvm/hotspot/runtime/bsd_amd64/BsdAMD64JavaThreadPDAccess.java
! agent/src/share/classes/sun/jvm/hotspot/tools/FinalizerInfo.java
! agent/src/share/classes/sun/jvm/hotspot/tools/FlagDumper.java
! agent/src/share/classes/sun/jvm/hotspot/tools/HeapDumper.java
! agent/src/share/classes/sun/jvm/hotspot/tools/HeapSummary.java
! agent/src/share/classes/sun/jvm/hotspot/tools/JInfo.java
! agent/src/share/classes/sun/jvm/hotspot/tools/JSnap.java
! agent/src/share/classes/sun/jvm/hotspot/tools/JStack.java
! agent/src/share/classes/sun/jvm/hotspot/tools/ObjectHistogram.java
! agent/src/share/classes/sun/jvm/hotspot/tools/PMap.java
! agent/src/share/classes/sun/jvm/hotspot/tools/StackTrace.java
! agent/src/share/classes/sun/jvm/hotspot/tools/SysPropsDumper.java
! agent/src/share/classes/sun/jvm/hotspot/tools/Tool.java
! agent/src/share/classes/sun/jvm/hotspot/tools/soql/JSDB.java
! agent/src/share/classes/sun/jvm/hotspot/tools/soql/SOQL.java
! agent/src/share/classes/sun/jvm/hotspot/types/basic/BasicTypeDataBase.java
! agent/src/share/classes/sun/jvm/hotspot/ui/SAPanel.java
! agent/src/share/classes/sun/jvm/hotspot/utilities/AbstractHeapGraphWriter.java
! agent/src/share/classes/sun/jvm/hotspot/utilities/HeapGXLWriter.java
! agent/src/share/classes/sun/jvm/hotspot/utilities/HeapHprofBinWriter.java
! agent/src/share/classes/sun/jvm/hotspot/utilities/soql/JSJavaInstanceKlass.java
! agent/src/share/classes/sun/jvm/hotspot/utilities/soql/sa.js
! make/bsd/makefiles/adlc.make
! make/bsd/makefiles/minimal1.make
! make/hotspot.script
! make/linux/makefiles/adlc.make
! make/linux/makefiles/jsig.make
! make/linux/makefiles/minimal1.make
! make/linux/makefiles/saproc.make
! make/sa.files
! make/solaris/makefiles/adlc.make
! make/solaris/makefiles/gcc.make
! make/windows/build_vm_def.sh
! make/windows/makefiles/adlc.make
! make/windows/makefiles/debug.make
! make/windows/makefiles/product.make
! make/windows/makefiles/rules.make
! make/windows/makefiles/sa.make
! src/cpu/sparc/vm/assembler_sparc.hpp
! src/cpu/sparc/vm/assembler_sparc.inline.hpp
! src/cpu/sparc/vm/c1_CodeStubs_sparc.cpp
! src/cpu/sparc/vm/c1_FrameMap_sparc.cpp
! src/cpu/sparc/vm/c1_MacroAssembler_sparc.cpp
! src/cpu/sparc/vm/c1_Runtime1_sparc.cpp
! src/cpu/sparc/vm/c1_globals_sparc.hpp
! src/cpu/sparc/vm/c2_globals_sparc.hpp
! src/cpu/sparc/vm/c2_init_sparc.cpp
! src/cpu/sparc/vm/disassembler_sparc.hpp
! src/cpu/sparc/vm/frame_sparc.inline.hpp
! src/cpu/sparc/vm/globalDefinitions_sparc.hpp
! src/cpu/sparc/vm/globals_sparc.hpp
! src/cpu/sparc/vm/jni_sparc.h
! src/cpu/sparc/vm/nativeInst_sparc.hpp
! src/cpu/sparc/vm/register_sparc.hpp
! src/cpu/sparc/vm/sharedRuntime_sparc.cpp
! src/cpu/sparc/vm/stubGenerator_sparc.cpp
! src/cpu/sparc/vm/stubRoutines_sparc.cpp
! src/cpu/sparc/vm/stubRoutines_sparc.hpp
! src/cpu/sparc/vm/vmStructs_sparc.hpp
! src/cpu/sparc/vm/vm_version_sparc.cpp
! src/cpu/sparc/vm/vm_version_sparc.hpp
! src/cpu/x86/vm/bytecodeInterpreter_x86.cpp
! src/cpu/x86/vm/c1_CodeStubs_x86.cpp
! src/cpu/x86/vm/c1_FrameMap_x86.cpp
! src/cpu/x86/vm/c1_FrameMap_x86.hpp
! src/cpu/x86/vm/c1_LinearScan_x86.cpp
! src/cpu/x86/vm/c1_MacroAssembler_x86.cpp
! src/cpu/x86/vm/c1_Runtime1_x86.cpp
! src/cpu/x86/vm/c1_globals_x86.hpp
! src/cpu/x86/vm/c2_globals_x86.hpp
! src/cpu/x86/vm/frame_x86.hpp
! src/cpu/x86/vm/frame_x86.inline.hpp
! src/cpu/x86/vm/globalDefinitions_x86.hpp
! src/cpu/x86/vm/register_definitions_x86.cpp
! src/cpu/x86/vm/sharedRuntime_x86_32.cpp
! src/cpu/x86/vm/sharedRuntime_x86_64.cpp
! src/cpu/x86/vm/templateInterpreter_x86.hpp
! src/cpu/x86/vm/vmStructs_x86.hpp
! src/cpu/x86/vm/vtableStubs_x86_32.cpp
! src/cpu/x86/vm/vtableStubs_x86_64.cpp
! src/cpu/zero/vm/assembler_zero.cpp
! src/cpu/zero/vm/cppInterpreter_zero.cpp
! src/cpu/zero/vm/entryFrame_zero.hpp
! src/cpu/zero/vm/frame_zero.cpp
! src/cpu/zero/vm/frame_zero.inline.hpp
! src/cpu/zero/vm/globals_zero.hpp
! src/cpu/zero/vm/icBuffer_zero.cpp
! src/cpu/zero/vm/interp_masm_zero.hpp
! src/cpu/zero/vm/interpreter_zero.cpp
! src/cpu/zero/vm/jni_zero.h
! src/cpu/zero/vm/nativeInst_zero.hpp
! src/cpu/zero/vm/register_zero.cpp
! src/cpu/zero/vm/relocInfo_zero.cpp
! src/cpu/zero/vm/sharedRuntime_zero.cpp
! src/cpu/zero/vm/sharkFrame_zero.hpp
! src/cpu/zero/vm/stubGenerator_zero.cpp
! src/cpu/zero/vm/vmStructs_zero.hpp
! src/cpu/zero/vm/vtableStubs_zero.cpp
! src/os/bsd/dtrace/jvm_dtrace.c
! src/os/posix/vm/os_posix.hpp
! src/os/solaris/dtrace/jvm_dtrace.c
! src/os/solaris/vm/globals_solaris.hpp
! src/os/windows/vm/decoder_windows.hpp
! src/os_cpu/bsd_x86/vm/bsd_x86_32.s
! src/os_cpu/bsd_x86/vm/bsd_x86_64.s
! src/os_cpu/bsd_x86/vm/os_bsd_x86.cpp
! src/os_cpu/bsd_x86/vm/vmStructs_bsd_x86.hpp
! src/os_cpu/bsd_zero/vm/globals_bsd_zero.hpp
! src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp
! src/os_cpu/bsd_zero/vm/thread_bsd_zero.hpp
! src/os_cpu/bsd_zero/vm/vmStructs_bsd_zero.hpp
! src/os_cpu/linux_sparc/vm/globals_linux_sparc.hpp
! src/os_cpu/linux_sparc/vm/linux_sparc.s
! src/os_cpu/linux_sparc/vm/os_linux_sparc.cpp
! src/os_cpu/linux_sparc/vm/vmStructs_linux_sparc.hpp
! src/os_cpu/linux_x86/vm/globals_linux_x86.hpp
! src/os_cpu/linux_x86/vm/linux_x86_32.s
! src/os_cpu/linux_x86/vm/linux_x86_64.s
! src/os_cpu/linux_x86/vm/os_linux_x86.cpp
! src/os_cpu/linux_x86/vm/os_linux_x86.hpp
! src/os_cpu/linux_x86/vm/vmStructs_linux_x86.hpp
! src/os_cpu/linux_zero/vm/globals_linux_zero.hpp
! src/os_cpu/linux_zero/vm/os_linux_zero.cpp
! src/os_cpu/linux_zero/vm/vmStructs_linux_zero.hpp
! src/os_cpu/solaris_sparc/vm/globals_solaris_sparc.hpp
! src/os_cpu/solaris_sparc/vm/solaris_sparc.il
! src/os_cpu/solaris_sparc/vm/solaris_sparc.s
! src/os_cpu/solaris_sparc/vm/vmStructs_solaris_sparc.hpp
! src/os_cpu/solaris_x86/vm/globals_solaris_x86.hpp
! src/os_cpu/solaris_x86/vm/solaris_x86_32.s
! src/os_cpu/solaris_x86/vm/solaris_x86_64.s
! src/os_cpu/solaris_x86/vm/vmStructs_solaris_x86.hpp
! src/os_cpu/windows_x86/vm/globals_windows_x86.hpp
! src/os_cpu/windows_x86/vm/os_windows_x86.cpp
! src/os_cpu/windows_x86/vm/os_windows_x86.hpp
! src/os_cpu/windows_x86/vm/vmStructs_windows_x86.hpp
! src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/CallSite.java
! src/share/tools/LogCompilation/src/com/sun/hotspot/tools/compiler/LogParser.java
! src/share/tools/ProjectCreator/WinGammaPlatformVC7.java
! src/share/tools/hsdis/hsdis.c
! src/share/vm/adlc/adlparse.cpp
! src/share/vm/adlc/archDesc.cpp
! src/share/vm/adlc/dfa.cpp
! src/share/vm/adlc/dict2.cpp
! src/share/vm/adlc/formssel.cpp
! src/share/vm/adlc/formssel.hpp
! src/share/vm/adlc/output_c.cpp
! src/share/vm/adlc/output_h.cpp
! src/share/vm/asm/assembler.cpp
! src/share/vm/asm/assembler.hpp
! src/share/vm/asm/codeBuffer.cpp
! src/share/vm/asm/macroAssembler.hpp
! src/share/vm/asm/macroAssembler.inline.hpp
! src/share/vm/c1/c1_Canonicalizer.cpp
! src/share/vm/c1/c1_Canonicalizer.hpp
! src/share/vm/c1/c1_CodeStubs.hpp
! src/share/vm/c1/c1_Compilation.cpp
! src/share/vm/c1/c1_Compiler.cpp
! src/share/vm/c1/c1_Compiler.hpp
! src/share/vm/c1/c1_FrameMap.cpp
! src/share/vm/c1/c1_FrameMap.hpp
! src/share/vm/c1/c1_GraphBuilder.hpp
! src/share/vm/c1/c1_IR.cpp
! src/share/vm/c1/c1_IR.hpp
! src/share/vm/c1/c1_Instruction.cpp
! src/share/vm/c1/c1_InstructionPrinter.hpp
! src/share/vm/c1/c1_LIRAssembler.cpp
! src/share/vm/c1/c1_LinearScan.cpp
! src/share/vm/c1/c1_Optimizer.cpp
! src/share/vm/c1/c1_RangeCheckElimination.cpp
! src/share/vm/c1/c1_RangeCheckElimination.hpp
! src/share/vm/c1/c1_Runtime1.hpp
! src/share/vm/c1/c1_ValueMap.cpp
! src/share/vm/c1/c1_ValueMap.hpp
! src/share/vm/c1/c1_globals.cpp
! src/share/vm/c1/c1_globals.hpp
! src/share/vm/ci/bcEscapeAnalyzer.cpp
! src/share/vm/ci/bcEscapeAnalyzer.hpp
! src/share/vm/ci/ciArray.cpp
! src/share/vm/ci/ciArray.hpp
! src/share/vm/ci/ciClassList.hpp
! src/share/vm/ci/ciConstant.hpp
! src/share/vm/ci/ciEnv.hpp
! src/share/vm/ci/ciFlags.hpp
! src/share/vm/ci/ciInstance.cpp
! src/share/vm/ci/ciInstanceKlass.hpp
! src/share/vm/ci/ciKlass.cpp
! src/share/vm/ci/ciKlass.hpp
! src/share/vm/ci/ciMethodData.cpp
! src/share/vm/ci/ciMethodData.hpp
! src/share/vm/ci/ciObjArrayKlass.cpp
! src/share/vm/ci/ciObjArrayKlass.hpp
! src/share/vm/ci/ciObjectFactory.cpp
! src/share/vm/ci/ciObjectFactory.hpp
! src/share/vm/ci/ciStreams.hpp
! src/share/vm/ci/ciType.cpp
! src/share/vm/ci/ciType.hpp
! src/share/vm/ci/ciTypeArray.cpp
! src/share/vm/ci/ciTypeArrayKlass.hpp
! src/share/vm/ci/ciTypeFlow.cpp
! src/share/vm/ci/ciUtilities.hpp
! src/share/vm/classfile/bytecodeAssembler.cpp
! src/share/vm/classfile/classFileStream.cpp
! src/share/vm/classfile/classFileStream.hpp
! src/share/vm/classfile/classLoaderData.inline.hpp
! src/share/vm/classfile/vmSymbols.cpp
! src/share/vm/code/compiledIC.hpp
! src/share/vm/code/compressedStream.cpp
! src/share/vm/code/debugInfo.hpp
! src/share/vm/code/icBuffer.hpp
! src/share/vm/code/relocInfo.cpp
! src/share/vm/code/stubs.cpp
! src/share/vm/code/stubs.hpp
! src/share/vm/compiler/abstractCompiler.cpp
! src/share/vm/compiler/abstractCompiler.hpp
! src/share/vm/compiler/compileLog.cpp
! src/share/vm/compiler/compileLog.hpp
! src/share/vm/compiler/compilerOracle.cpp
! src/share/vm/compiler/disassembler.cpp
! src/share/vm/compiler/disassembler.hpp
! src/share/vm/gc_implementation/concurrentMarkSweep/adaptiveFreeList.cpp
! src/share/vm/gc_implementation/concurrentMarkSweep/adaptiveFreeList.hpp
! src/share/vm/gc_implementation/concurrentMarkSweep/cmsCollectorPolicy.hpp
! src/share/vm/gc_implementation/concurrentMarkSweep/cmsOopClosures.hpp
! src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.hpp
! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepThread.cpp
! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepThread.hpp
! src/share/vm/gc_implementation/g1/collectionSetChooser.cpp
! src/share/vm/gc_implementation/g1/collectionSetChooser.hpp
! src/share/vm/gc_implementation/g1/g1AllocRegion.hpp
! src/share/vm/gc_implementation/g1/g1BlockOffsetTable.cpp
! src/share/vm/gc_implementation/g1/g1CollectedHeap.inline.hpp
! src/share/vm/gc_implementation/g1/g1EvacFailure.hpp
! src/share/vm/gc_implementation/g1/g1MonitoringSupport.cpp
! src/share/vm/gc_implementation/g1/g1SATBCardTableModRefBS.hpp
! src/share/vm/gc_implementation/g1/heapRegionRemSet.hpp
! src/share/vm/gc_implementation/g1/heapRegionSeq.cpp
! src/share/vm/gc_implementation/g1/heapRegionSeq.hpp
! src/share/vm/gc_implementation/g1/heapRegionSeq.inline.hpp
! src/share/vm/gc_implementation/g1/ptrQueue.cpp
! src/share/vm/gc_implementation/g1/ptrQueue.hpp
! src/share/vm/gc_implementation/g1/sparsePRT.cpp
! src/share/vm/gc_implementation/g1/sparsePRT.hpp
! src/share/vm/gc_implementation/g1/vmStructs_g1.hpp
! src/share/vm/gc_implementation/parNew/parCardTableModRefBS.cpp
! src/share/vm/gc_implementation/parallelScavenge/adjoiningGenerations.cpp
! src/share/vm/gc_implementation/parallelScavenge/adjoiningGenerations.hpp
! src/share/vm/gc_implementation/parallelScavenge/asPSOldGen.cpp
! src/share/vm/gc_implementation/parallelScavenge/asPSOldGen.hpp
! src/share/vm/gc_implementation/parallelScavenge/asPSYoungGen.cpp
! src/share/vm/gc_implementation/parallelScavenge/gcTaskThread.cpp
! src/share/vm/gc_implementation/parallelScavenge/objectStartArray.cpp
! src/share/vm/gc_implementation/parallelScavenge/pcTasks.hpp
! src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.hpp
! src/share/vm/gc_implementation/parallelScavenge/psMarkSweepDecorator.cpp
! src/share/vm/gc_implementation/parallelScavenge/psOldGen.cpp
! src/share/vm/gc_implementation/parallelScavenge/psOldGen.hpp
! src/share/vm/gc_implementation/parallelScavenge/psTasks.cpp
! src/share/vm/gc_implementation/parallelScavenge/psTasks.hpp
! src/share/vm/gc_implementation/parallelScavenge/psYoungGen.cpp
! src/share/vm/gc_implementation/shared/allocationStats.cpp
! src/share/vm/gc_implementation/shared/concurrentGCThread.hpp
! src/share/vm/gc_implementation/shared/gSpaceCounters.cpp
! src/share/vm/gc_implementation/shared/gSpaceCounters.hpp
! src/share/vm/gc_implementation/shared/gcAdaptivePolicyCounters.hpp
! src/share/vm/gc_implementation/shared/immutableSpace.cpp
! src/share/vm/gc_implementation/shared/isGCActiveMark.hpp
! src/share/vm/gc_implementation/shared/markSweep.inline.hpp
! src/share/vm/gc_implementation/shared/mutableNUMASpace.cpp
! src/share/vm/gc_implementation/shared/mutableNUMASpace.hpp
! src/share/vm/gc_implementation/shared/mutableSpace.cpp
! src/share/vm/gc_implementation/shared/parGCAllocBuffer.hpp
! src/share/vm/gc_implementation/shared/spaceCounters.cpp
! src/share/vm/gc_implementation/shared/spaceCounters.hpp
! src/share/vm/gc_interface/collectedHeap.inline.hpp
! src/share/vm/gc_interface/gcCause.cpp
! src/share/vm/gc_interface/gcCause.hpp
! src/share/vm/interpreter/bytecodeInterpreter.cpp
! src/share/vm/interpreter/cppInterpreter.hpp
! src/share/vm/interpreter/interpreter.hpp
! src/share/vm/interpreter/templateInterpreter.hpp
! src/share/vm/interpreter/templateInterpreterGenerator.hpp
! src/share/vm/interpreter/templateTable.hpp
! src/share/vm/memory/binaryTreeDictionary.hpp
! src/share/vm/memory/blockOffsetTable.cpp
! src/share/vm/memory/freeBlockDictionary.cpp
! src/share/vm/memory/freeList.cpp
! src/share/vm/memory/freeList.hpp
! src/share/vm/memory/gcLocker.cpp
! src/share/vm/memory/gcLocker.hpp
! src/share/vm/memory/genRemSet.cpp
! src/share/vm/memory/genRemSet.hpp
! src/share/vm/memory/generation.hpp
! src/share/vm/memory/generationSpec.cpp
! src/share/vm/memory/heap.hpp
! src/share/vm/memory/iterator.cpp
! src/share/vm/memory/iterator.hpp
! src/share/vm/memory/metaspaceCounters.cpp
! src/share/vm/memory/metaspaceCounters.hpp
! src/share/vm/memory/sharedHeap.hpp
! src/share/vm/memory/space.cpp
! src/share/vm/memory/space.hpp
! src/share/vm/memory/specialized_oop_closures.hpp
! src/share/vm/memory/tenuredGeneration.cpp
! src/share/vm/memory/tenuredGeneration.hpp
! src/share/vm/oops/arrayKlass.cpp
! src/share/vm/oops/arrayOop.hpp
! src/share/vm/oops/compiledICHolder.cpp
! src/share/vm/oops/fieldInfo.hpp
! src/share/vm/oops/instanceClassLoaderKlass.cpp
! src/share/vm/oops/instanceClassLoaderKlass.hpp
! src/share/vm/oops/instanceMirrorKlass.cpp
! src/share/vm/oops/instanceOop.hpp
! src/share/vm/oops/instanceRefKlass.hpp
! src/share/vm/oops/klassPS.hpp
! src/share/vm/oops/objArrayKlass.cpp
! src/share/vm/oops/objArrayKlass.hpp
! src/share/vm/oops/objArrayKlass.inline.hpp
! src/share/vm/oops/oop.pcgc.inline.hpp
! src/share/vm/oops/oop.psgc.inline.hpp
! src/share/vm/oops/typeArrayKlass.cpp
! src/share/vm/oops/typeArrayKlass.hpp
! src/share/vm/opto/block.cpp
! src/share/vm/opto/block.hpp
! src/share/vm/opto/buildOopMap.cpp
! src/share/vm/opto/bytecodeInfo.cpp
! src/share/vm/opto/c2compiler.cpp
! src/share/vm/opto/c2compiler.hpp
! src/share/vm/opto/callGenerator.cpp
! src/share/vm/opto/callnode.cpp
! src/share/vm/opto/chaitin.hpp
! src/share/vm/opto/classes.cpp
! src/share/vm/opto/classes.hpp
! src/share/vm/opto/coalesce.hpp
! src/share/vm/opto/connode.cpp
! src/share/vm/opto/doCall.cpp
! src/share/vm/opto/domgraph.cpp
! src/share/vm/opto/gcm.cpp
! src/share/vm/opto/generateOptoStub.cpp
! src/share/vm/opto/graphKit.cpp
! src/share/vm/opto/graphKit.hpp
! src/share/vm/opto/idealKit.cpp
! src/share/vm/opto/idealKit.hpp
! src/share/vm/opto/ifg.cpp
! src/share/vm/opto/ifnode.cpp
! src/share/vm/opto/lcm.cpp
! src/share/vm/opto/live.cpp
! src/share/vm/opto/live.hpp
! src/share/vm/opto/loopPredicate.cpp
! src/share/vm/opto/loopTransform.cpp
! src/share/vm/opto/loopnode.hpp
! src/share/vm/opto/loopopts.cpp
! src/share/vm/opto/macro.cpp
! src/share/vm/opto/macro.hpp
! src/share/vm/opto/matcher.hpp
! src/share/vm/opto/memnode.cpp
! src/share/vm/opto/memnode.hpp
! src/share/vm/opto/multnode.cpp
! src/share/vm/opto/multnode.hpp
! src/share/vm/opto/node.cpp
! src/share/vm/opto/optoreg.hpp
! src/share/vm/opto/output.cpp
! src/share/vm/opto/output.hpp
! src/share/vm/opto/parse.hpp
! src/share/vm/opto/parse1.cpp
! src/share/vm/opto/parse2.cpp
! src/share/vm/opto/phase.cpp
! src/share/vm/opto/phase.hpp
! src/share/vm/opto/phaseX.cpp
! src/share/vm/opto/phaseX.hpp
! src/share/vm/opto/postaloc.cpp
! src/share/vm/opto/reg_split.cpp
! src/share/vm/opto/regalloc.cpp
! src/share/vm/opto/regalloc.hpp
! src/share/vm/opto/subnode.cpp
! src/share/vm/opto/subnode.hpp
! src/share/vm/opto/superword.cpp
! src/share/vm/opto/superword.hpp
! src/share/vm/precompiled/precompiled.hpp
! src/share/vm/prims/forte.cpp
! src/share/vm/prims/jniCheck.cpp
! src/share/vm/prims/jvm_misc.hpp
! src/share/vm/prims/jvmtiClassFileReconstituter.cpp
! src/share/vm/prims/jvmtiClassFileReconstituter.hpp
! src/share/vm/prims/jvmtiEnter.xsl
! src/share/vm/prims/jvmtiEnvBase.hpp
! src/share/vm/prims/jvmtiEnvThreadState.cpp
! src/share/vm/prims/jvmtiEventController.cpp
! src/share/vm/prims/jvmtiExport.hpp
! src/share/vm/prims/jvmtiGetLoadedClasses.cpp
! src/share/vm/prims/jvmtiTrace.hpp
! src/share/vm/prims/nativeLookup.cpp
! src/share/vm/prims/perf.cpp
! src/share/vm/prims/wbtestmethods/parserTests.hpp
! src/share/vm/prims/whitebox.hpp
! src/share/vm/runtime/advancedThresholdPolicy.hpp
! src/share/vm/runtime/atomic.cpp
! src/share/vm/runtime/atomic.hpp
! src/share/vm/runtime/compilationPolicy.hpp
! src/share/vm/runtime/fprofiler.hpp
! src/share/vm/runtime/globals_extension.hpp
! src/share/vm/runtime/handles.inline.hpp
! src/share/vm/runtime/javaCalls.hpp
! src/share/vm/runtime/jniHandles.cpp
! src/share/vm/runtime/mutex.cpp
! src/share/vm/runtime/perfData.hpp
! src/share/vm/runtime/reflection.hpp
! src/share/vm/runtime/sharedRuntime.hpp
! src/share/vm/runtime/signature.cpp
! src/share/vm/runtime/signature.hpp
! src/share/vm/runtime/stubCodeGenerator.cpp
! src/share/vm/runtime/synchronizer.hpp
! src/share/vm/runtime/unhandledOops.hpp
! src/share/vm/runtime/vframe.cpp
! src/share/vm/runtime/vframe.hpp
! src/share/vm/runtime/vframeArray.hpp
! src/share/vm/runtime/virtualspace.hpp
! src/share/vm/runtime/vm_version.hpp
! src/share/vm/services/classLoadingService.hpp
! src/share/vm/services/dtraceAttacher.cpp
! src/share/vm/services/g1MemoryPool.hpp
! src/share/vm/services/memReporter.cpp
! src/share/vm/services/memReporter.hpp
! src/share/vm/services/memSnapshot.hpp
! src/share/vm/services/memoryManager.hpp
! src/share/vm/services/memoryPool.hpp
! src/share/vm/services/memoryService.cpp
! src/share/vm/services/memoryService.hpp
! src/share/vm/services/memoryUsage.hpp
! src/share/vm/services/psMemoryPool.hpp
! src/share/vm/services/threadService.hpp
! src/share/vm/shark/sharkBlock.cpp
! src/share/vm/shark/sharkBuilder.cpp
! src/share/vm/shark/sharkCompiler.cpp
! src/share/vm/shark/sharkCompiler.hpp
! src/share/vm/shark/sharkConstant.cpp
! src/share/vm/shark/sharkFunction.cpp
! src/share/vm/shark/sharkInliner.cpp
! src/share/vm/shark/sharkInvariants.hpp
! src/share/vm/shark/sharkTopLevelBlock.cpp
! src/share/vm/utilities/bitMap.cpp
! src/share/vm/utilities/bitMap.hpp
! src/share/vm/utilities/bitMap.inline.hpp
! src/share/vm/utilities/decoder.cpp
! src/share/vm/utilities/decoder.hpp
! src/share/vm/utilities/elfFile.cpp
! src/share/vm/utilities/elfFile.hpp
! src/share/vm/utilities/exceptions.cpp
! src/share/vm/utilities/globalDefinitions.cpp
! src/share/vm/utilities/globalDefinitions_visCPP.hpp
! src/share/vm/utilities/growableArray.hpp
! src/share/vm/utilities/hashtable.hpp
! src/share/vm/utilities/macros.hpp
! src/share/vm/utilities/numberSeq.cpp
! src/share/vm/utilities/ostream.hpp
! src/share/vm/utilities/top.hpp
! src/share/vm/utilities/yieldingWorkgroup.cpp
! test/Makefile
! test/TEST.ROOT
! test/compiler/5091921/Test7005594.sh
! test/compiler/6431242/Test.java
! test/compiler/6589834/Test_ia32.java
! test/compiler/6636138/Test1.java
! test/compiler/6636138/Test2.java
! test/compiler/6795161/Test.java
! test/compiler/6857159/Test6857159.sh
! test/compiler/7068051/Test7068051.sh
! test/compiler/7070134/Test7070134.sh
! test/compiler/7200264/Test7200264.sh
! test/compiler/8000805/Test8000805.java
! test/compiler/8005419/Test8005419.java
! test/gc/6941923/Test6941923.java
! test/gc/g1/TestHumongousAllocInitialMark.java
! test/runtime/6626217/Test6626217.sh
! test/runtime/7110720/Test7110720.sh
! test/runtime/7162488/Test7162488.sh
! test/runtime/RedefineObject/Agent.java
! test/runtime/RedefineObject/TestRedefineObject.java
Changeset: d3521d8e562a
Author: amurillo
Date: 2013-12-27 07:32 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/d3521d8e562a
Added tag hs25-b65 for changeset 55fb97c4c58d
! .hgtags
Changeset: a902f789ea1f
Author: asaha
Date: 2014-01-02 15:19 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/a902f789ea1f
Merge
Changeset: 591135a7d6f9
Author: katleman
Date: 2014-01-03 11:54 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/591135a7d6f9
Added tag jdk8-b122 for changeset d3521d8e562a
! .hgtags
Changeset: 3b69a859e3f9
Author: asaha
Date: 2014-01-03 15:58 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/3b69a859e3f9
Merge
From alexander.zuev at oracle.com Tue Jan 14 19:30:13 2014
From: alexander.zuev at oracle.com (alexander.zuev at oracle.com)
Date: Tue, 14 Jan 2014 19:30:13 +0000
Subject: hg: jdk8/tl/jaxp: 18 new changesets
Message-ID: <20140114193052.B889062431@hg.openjdk.java.net>
Changeset: 51bbdd517b93
Author: joehw
Date: 2013-08-26 21:08 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/51bbdd517b93
8022935: Enhance Apache resolver classes
Reviewed-by: alanb, mchung, skoivu
! src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java
! src/com/sun/org/apache/xml/internal/resolver/readers/DOMCatalogReader.java
! src/com/sun/org/apache/xml/internal/resolver/readers/SAXCatalogReader.java
Changeset: d6d8302ecf8f
Author: chegar
Date: 2013-08-30 10:15 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/d6d8302ecf8f
Merge
! src/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java
! src/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java
! src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java
Changeset: aef8ae2fcec4
Author: chegar
Date: 2013-09-06 09:55 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/aef8ae2fcec4
Merge
Changeset: 0ce80229af71
Author: chegar
Date: 2013-09-14 20:43 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/0ce80229af71
Merge
Changeset: 5e6bf44f3b7d
Author: chegar
Date: 2013-10-03 19:18 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/5e6bf44f3b7d
Merge
Changeset: 54a0dd196acd
Author: chegar
Date: 2013-10-21 14:27 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/54a0dd196acd
Merge
Changeset: 10b3a127b1fc
Author: joehw
Date: 2013-10-22 13:15 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/10b3a127b1fc
8025018: Enhance JAX-P set up
Reviewed-by: alanb, dfuchs, lancea, ahgross
! src/com/sun/org/apache/xalan/internal/lib/ExsltStrings.java
! src/com/sun/org/apache/xalan/internal/lib/Extensions.java
Changeset: ef71f2353352
Author: chegar
Date: 2013-10-25 09:32 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/ef71f2353352
Merge
Changeset: e68f3e585d7d
Author: chegar
Date: 2013-11-03 07:32 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/e68f3e585d7d
Merge
Changeset: fb51ed270f53
Author: joehw
Date: 2013-11-14 10:18 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/fb51ed270f53
8027201: Enhance JAX-P set up
Reviewed-by: alanb, dfuchs, lancea, hawtin
! src/com/sun/org/apache/xalan/internal/lib/ExsltStrings.java
! src/com/sun/org/apache/xalan/internal/lib/Extensions.java
Changeset: 932684ede1c6
Author: joehw
Date: 2013-11-27 14:28 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/932684ede1c6
8028111: XML readers share the same entity expansion counter
Reviewed-by: alanb, lancea, dfuchs, ahgross
! src/com/sun/org/apache/xalan/internal/XalanConstants.java
! src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java
! src/com/sun/org/apache/xerces/internal/impl/Constants.java
! src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java
! src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
! src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java
! src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
! src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java
! src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java
! src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java
! src/com/sun/org/apache/xerces/internal/xni/parser/XMLDTDScanner.java
Changeset: 2a8fce63503a
Author: kizune
Date: 2013-12-03 14:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/2a8fce63503a
Merge
! src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
Changeset: 5be9182ceb48
Author: kizune
Date: 2013-12-05 16:37 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/5be9182ceb48
Merge
- make/jprt.properties
- make/scripts/update_src.sh
- makefiles/BuildJaxp.gmk
- makefiles/Makefile
Changeset: 41068d69fe3e
Author: kizune
Date: 2013-12-13 22:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/41068d69fe3e
Merge
Changeset: f2c9c0f64280
Author: asaha
Date: 2013-12-20 07:42 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/f2c9c0f64280
Merge
Changeset: 01b611e0c341
Author: asaha
Date: 2014-01-02 15:20 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/01b611e0c341
Merge
! src/com/sun/org/apache/xalan/internal/XalanConstants.java
! src/com/sun/org/apache/xerces/internal/impl/Constants.java
! src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java
! src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
! src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java
Changeset: 4e35b5b6d2e5
Author: katleman
Date: 2014-01-03 11:54 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/4e35b5b6d2e5
Added tag jdk8-b122 for changeset 93bf25903af0
! .hgtags
Changeset: 985376a77c4c
Author: asaha
Date: 2014-01-03 15:58 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/985376a77c4c
Merge
From alexander.zuev at oracle.com Tue Jan 14 19:31:06 2014
From: alexander.zuev at oracle.com (alexander.zuev at oracle.com)
Date: Tue, 14 Jan 2014 19:31:06 +0000
Subject: hg: jdk8/tl/jaxws: 8 new changesets
Message-ID: <20140114193123.8797F62432@hg.openjdk.java.net>
Changeset: b0c2840e2513
Author: mkos
Date: 2013-11-22 21:11 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/b0c2840e2513
8010935: Better XML handling
8027378: Two closed/javax/xml/8005432 fails with jdk7u51b04
8028382: Two javax/xml/8005433 tests still fail after the fix JDK-8028147
Summary: base fix + fixes for test regressions; fix also reviewed by Maxim Soloviev, Alexander Fomin
Reviewed-by: mchung, mgrebac, mullan
! src/share/jaxws_classes/com/sun/tools/internal/jxc/model/nav/ApNavigator.java
! src/share/jaxws_classes/com/sun/tools/internal/xjc/model/nav/EagerNType.java
! src/share/jaxws_classes/com/sun/tools/internal/xjc/model/nav/NavigatorImpl.java
+ src/share/jaxws_classes/com/sun/tools/internal/xjc/model/nav/Utils.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/api/JAXBRIContext.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/api/TypeReference.java
+ src/share/jaxws_classes/com/sun/xml/internal/bind/api/Utils.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/ModelBuilder.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/RuntimeAnyTypeImpl.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/RuntimeElementInfoImpl.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/RuntimeModelBuilder.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/RuntimeTypeInfoSetImpl.java
+ src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/Utils.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/nav/Navigator.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/nav/ReflectionNavigator.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/runtime/RuntimeTypeInfoSet.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/ClassBeanInfoImpl.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/ElementBeanInfoImpl.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/JAXBContextImpl.java
+ src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/Utils.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/property/ArrayProperty.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/property/SingleMapNodeProperty.java
+ src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/property/Utils.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/Accessor.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/Lister.java
! src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/TransducedAccessor.java
+ src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/Utils.java
! src/share/jaxws_classes/com/sun/xml/internal/ws/fault/SOAPFaultBuilder.java
! src/share/jaxws_classes/com/sun/xml/internal/ws/model/RuntimeModeler.java
+ src/share/jaxws_classes/com/sun/xml/internal/ws/model/Utils.java
! src/share/jaxws_classes/com/sun/xml/internal/ws/model/WrapperBeanGenerator.java
! src/share/jaxws_classes/com/sun/xml/internal/ws/spi/db/BindingHelper.java
! src/share/jaxws_classes/com/sun/xml/internal/ws/spi/db/TypeInfo.java
+ src/share/jaxws_classes/com/sun/xml/internal/ws/spi/db/Utils.java
Changeset: f80c37c168f7
Author: kizune
Date: 2013-12-03 14:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/f80c37c168f7
Merge
Changeset: c99140027351
Author: kizune
Date: 2013-12-05 16:37 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/c99140027351
Merge
- make/jprt.properties
- make/scripts/update_src.sh
- makefiles/BuildJaxws.gmk
- makefiles/Makefile
Changeset: ca6bb6b558a6
Author: kizune
Date: 2013-12-13 22:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/ca6bb6b558a6
Merge
Changeset: d4b785ac4079
Author: asaha
Date: 2013-12-20 07:42 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/d4b785ac4079
Merge
Changeset: 91f5c542ccad
Author: katleman
Date: 2014-01-03 11:54 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/91f5c542ccad
Added tag jdk8-b122 for changeset bc622ba563f9
! .hgtags
Changeset: c07fc967624b
Author: asaha
Date: 2014-01-03 15:59 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/c07fc967624b
Merge
Changeset: 6547da5c3277
Author: kizune
Date: 2014-01-14 23:10 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/6547da5c3277
Merge
From alexander.zuev at oracle.com Tue Jan 14 19:35:25 2014
From: alexander.zuev at oracle.com (alexander.zuev at oracle.com)
Date: Tue, 14 Jan 2014 19:35:25 +0000
Subject: hg: jdk8/tl/jdk: 53 new changesets
Message-ID: <20140114194639.1F1C362434@hg.openjdk.java.net>
Changeset: 75142ce752da
Author: malenkov
Date: 2013-12-23 16:24 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/75142ce752da
8030118: Document listeners fired outside document lock
Reviewed-by: art, serb
! src/share/classes/javax/swing/text/AbstractDocument.java
- test/javax/swing/text/AbstractDocument/7146146/bug7146146.java
+ test/javax/swing/text/AbstractDocument/8030118/Test8030118.java
Changeset: 8b5985f1a0b5
Author: lana
Date: 2013-12-25 11:14 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8b5985f1a0b5
Merge
- src/share/classes/sun/util/resources/pt/LocaleNames_pt_BR.properties
- test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java
Changeset: e1499442453b
Author: lana
Date: 2013-12-26 22:39 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e1499442453b
Merge
! src/share/classes/javax/swing/text/AbstractDocument.java
Changeset: 7e10ee00fe41
Author: katleman
Date: 2014-01-03 11:54 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7e10ee00fe41
Added tag jdk8-b122 for changeset e1499442453b
! .hgtags
Changeset: 484e16c0a040
Author: nikgor
Date: 2014-01-07 12:17 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/484e16c0a040
8004562: Better support for crossdomain.xml
Reviewed-by: herrick, ngthomas, chegar
! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
Changeset: 0dfcc99c6f5d
Author: weijun
Date: 2013-08-16 17:57 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0dfcc99c6f5d
8022945: Enhance JNDI implementation classes
Reviewed-by: xuelei, ahgross, skoivu
! src/share/lib/security/java.security-linux
! src/share/lib/security/java.security-macosx
! src/share/lib/security/java.security-solaris
! src/share/lib/security/java.security-windows
! test/java/lang/SecurityManager/CheckPackageAccess.java
Changeset: 46c8720ef36f
Author: lancea
Date: 2013-08-21 11:05 -0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46c8720ef36f
8022904: Enhance JDBC Parsers
Reviewed-by: alanb, skoivu
! src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java
! src/share/classes/javax/sql/rowset/spi/SyncFactory.java
Changeset: 428288ee9c99
Author: valeriep
Date: 2013-08-21 11:40 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/428288ee9c99
8022927: Input validation for byte/endian conversions
Summary: Add additional boundary checks
Reviewed-by: ascarpino
! src/share/classes/sun/security/provider/ByteArrayAccess.java
Changeset: 24a7024bd86b
Author: bae
Date: 2013-08-23 12:41 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/24a7024bd86b
8021394: Better color profiles
Reviewed-by: prr, vadim, mschoene
! src/share/native/sun/java2d/cmm/lcms/cmsintrp.c
Changeset: ff2792868d89
Author: chegar
Date: 2013-08-23 12:32 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ff2792868d89
Merge
Changeset: 036ad7864d35
Author: chegar
Date: 2013-08-30 09:38 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/036ad7864d35
Merge
! src/share/lib/security/java.security-linux
! src/share/lib/security/java.security-macosx
! src/share/lib/security/java.security-solaris
! src/share/lib/security/java.security-windows
Changeset: 2ae5cf0805de
Author: malenkov
Date: 2013-09-02 11:41 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2ae5cf0805de
8023245: Enhance Beans decoding
Reviewed-by: art, skoivu, alanb
! src/share/classes/com/sun/beans/decoder/DocumentHandler.java
Changeset: 9bc1411d0223
Author: coleenp
Date: 2013-09-05 10:29 -0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9bc1411d0223
8021266: Better life cycle for objects
Summary: Improve life cycle for objects
Reviewed-by: art, hseigel
Contributed-by: gerard.ziemski at oracle.com
! make/common/Release.gmk
! make/java/Makefile
! makefiles/CompileJavaClasses.gmk
! makefiles/CompileNativeLibraries.gmk
! makefiles/CreateJars.gmk
! makefiles/GenerateJavaSources.gmk
! makefiles/Images.gmk
! makefiles/Profiles.gmk
Changeset: 46e86a9402ab
Author: chegar
Date: 2013-09-06 13:36 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46e86a9402ab
Merge
! makefiles/Profiles.gmk
! src/share/lib/security/java.security-linux
! src/share/lib/security/java.security-macosx
! src/share/lib/security/java.security-solaris
! src/share/lib/security/java.security-windows
! test/java/lang/SecurityManager/CheckPackageAccess.java
Changeset: 4cab5eb93124
Author: xuelei
Date: 2013-09-07 20:27 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4cab5eb93124
8023069: Enhance TLS connections
Summary: Also reviewed by Alexander Fomin and Andrew Gross
Reviewed-by: wetmore
! src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java
! src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
! src/share/classes/sun/security/pkcs11/P11RSACipher.java
! src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java
! src/share/classes/sun/security/rsa/RSAPadding.java
! src/share/classes/sun/security/ssl/Handshaker.java
! src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
Changeset: ac3e7b3c1a00
Author: weijun
Date: 2013-09-13 15:37 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ac3e7b3c1a00
8024306: Enhance Subject consistency
Summary: Also reviewed by Alexander Fomin
Reviewed-by: mullan, ahgross
! src/share/classes/javax/security/auth/Subject.java
Changeset: 4b74f9ad3dd7
Author: weijun
Date: 2013-09-13 15:37 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4b74f9ad3dd7
8023672: Enhance jar file validation
Summary: Also reviewed by Chris Ries and Alexander Fomin
Reviewed-by: mullan, sherman
! src/share/classes/java/util/jar/JarVerifier.java
Changeset: 432c348e15bc
Author: vadim
Date: 2013-09-13 13:17 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/432c348e15bc
8023057: Enhance start up image display
Reviewed-by: anthony, serb, mschoene
! src/macosx/native/sun/awt/splashscreen/splashscreen_sys.m
! src/share/native/sun/awt/splashscreen/splashscreen_impl.c
! src/solaris/native/sun/awt/splashscreen/splashscreen_sys.c
Changeset: ca700a3c1708
Author: chegar
Date: 2013-09-14 19:23 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ca700a3c1708
Merge
Changeset: d931b672bfa9
Author: prr
Date: 2013-09-19 08:34 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d931b672bfa9
8025034: Improve layout lookups
Reviewed-by: mschoene, vadim, srl
! src/share/native/sun/font/layout/LookupProcessor.cpp
Changeset: a90e9b3c99b8
Author: weijun
Date: 2013-09-19 10:40 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a90e9b3c99b8
8024302: Clarify jar verifications
8023338: Update jarsigner to encourage timestamping
Reviewed-by: mullan, ahgross
! src/share/classes/sun/security/tools/jarsigner/Main.java
! src/share/classes/sun/security/tools/jarsigner/Resources.java
! test/sun/security/tools/jarsigner/TimestampCheck.java
! test/sun/security/tools/jarsigner/concise_jarsigner.sh
! test/sun/security/tools/jarsigner/ts.sh
+ test/sun/security/tools/jarsigner/warnings.sh
Changeset: f996a185e9a1
Author: weijun
Date: 2013-09-19 10:41 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f996a185e9a1
8024659: Clarify JarFile API
Reviewed-by: mullan, ahgross
! src/share/classes/java/util/jar/JarFile.java
Changeset: f8b097b01270
Author: chegar
Date: 2013-10-03 19:07 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f8b097b01270
Merge
! makefiles/CompileJavaClasses.gmk
! makefiles/CompileNativeLibraries.gmk
! makefiles/CreateJars.gmk
! makefiles/Images.gmk
! src/share/classes/javax/security/auth/Subject.java
! src/share/classes/sun/security/ssl/Handshaker.java
Changeset: 1e3216123667
Author: chegar
Date: 2013-10-04 14:51 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1e3216123667
Merge
Changeset: 282c5e92d9a0
Author: malenkov
Date: 2013-10-04 19:23 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/282c5e92d9a0
8025448: Enhance listening events
Reviewed-by: art, skoivu
! src/share/classes/javax/swing/event/EventListenerList.java
Changeset: 146dd44703f7
Author: chegar
Date: 2013-10-07 11:32 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/146dd44703f7
Merge
Changeset: 3cd01bc784b2
Author: dfuchs
Date: 2013-10-07 12:09 +0200
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3cd01bc784b2
8024867: Enhance logging start up
Reviewed-by: mchung, hawtin
! src/share/classes/java/util/logging/LogManager.java
Changeset: d0a5383a63ad
Author: weijun
Date: 2013-10-09 18:58 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d0a5383a63ad
8026037: [TESTBUG] sun/security/tools/jarsigner/warnings.sh test fails on Solaris
Reviewed-by: chegar
Contributed-by: Artem Smotrakov
! test/sun/security/tools/jarsigner/warnings.sh
Changeset: b90047350153
Author: jfranck
Date: 2013-10-11 13:14 +0200
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b90047350153
8023301: Enhance generic classes
Reviewed-by: mchung, hawtin
! src/share/classes/sun/reflect/generics/reflectiveObjects/TypeVariableImpl.java
! src/share/classes/sun/reflect/misc/ReflectUtil.java
Changeset: eafa41f4e9fd
Author: weijun
Date: 2013-10-12 10:22 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/eafa41f4e9fd
8026304: jarsigner output bad grammar
Reviewed-by: chegar, coffeys
Contributed-by: Artem Smotrakov
! src/share/classes/sun/security/tools/jarsigner/Resources.java
Changeset: 62a8a26dca09
Author: xuelei
Date: 2013-10-12 20:46 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/62a8a26dca09
8025026: Enhance canonicalization
Summary: Don't use cached null xmlns definition. Also reviewed by Alexander Fomin
Reviewed-by: mullan, hawtin
! src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java
! src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java
! src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java
! src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java
Changeset: c1f6ed408492
Author: prr
Date: 2013-10-14 16:13 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c1f6ed408492
8026176: Enhance document printing
Reviewed-by: bae, jgodinez
! src/share/classes/javax/print/SimpleDoc.java
Changeset: 5cb70d52ae61
Author: xuelei
Date: 2013-10-15 18:15 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5cb70d52ae61
8026204: Enhance auth login contexts
Summary: Enforce package access control with current context. Also reviewed by Alexander Fomin
Reviewed-by: weijun, ahgross
! src/share/classes/javax/security/auth/login/LoginContext.java
Changeset: 48dc2eacb0e5
Author: malenkov
Date: 2013-10-16 13:26 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/48dc2eacb0e5
8026172: Enhance UI Management
Reviewed-by: art, skoivu
! src/share/classes/javax/swing/SwingUtilities.java
Changeset: 76262685781c
Author: xuelei
Date: 2013-10-16 18:19 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/76262685781c
8025758: Enhance Naming management
Summary: Enforce package access control with current context. Also reviewed by Alexander Fomin
Reviewed-by: weijun, ahgross
! src/share/classes/com/sun/naming/internal/FactoryEnumeration.java
! src/share/classes/com/sun/naming/internal/VersionHelper12.java
Changeset: d4f4a9915357
Author: prr
Date: 2013-10-17 09:23 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d4f4a9915357
8024530: Enhance font process resilience
Reviewed-by: mschoene, bae, srl, prr
! src/share/native/sun/font/layout/AlternateSubstSubtables.cpp
! src/share/native/sun/font/layout/AnchorTables.cpp
! src/share/native/sun/font/layout/AnchorTables.h
! src/share/native/sun/font/layout/ArabicLayoutEngine.cpp
! src/share/native/sun/font/layout/ArabicShaping.cpp
! src/share/native/sun/font/layout/CanonShaping.cpp
! src/share/native/sun/font/layout/CharSubstitutionFilter.h
! src/share/native/sun/font/layout/ClassDefinitionTables.h
! src/share/native/sun/font/layout/ContextualSubstSubtables.cpp
! src/share/native/sun/font/layout/ContextualSubstSubtables.h
! src/share/native/sun/font/layout/CoverageTables.cpp
! src/share/native/sun/font/layout/CoverageTables.h
! src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp
! src/share/native/sun/font/layout/DeviceTables.cpp
! src/share/native/sun/font/layout/DeviceTables.h
! src/share/native/sun/font/layout/ExtensionSubtables.cpp
! src/share/native/sun/font/layout/ExtensionSubtables.h
! src/share/native/sun/font/layout/GDEFMarkFilter.cpp
! src/share/native/sun/font/layout/GDEFMarkFilter.h
! src/share/native/sun/font/layout/GlyphIterator.cpp
! src/share/native/sun/font/layout/GlyphIterator.h
! src/share/native/sun/font/layout/GlyphPosnLookupProc.cpp
! src/share/native/sun/font/layout/GlyphSubstLookupProc.cpp
! src/share/native/sun/font/layout/IndicLayoutEngine.cpp
! src/share/native/sun/font/layout/IndicReordering.cpp
! src/share/native/sun/font/layout/KernTable.cpp
! src/share/native/sun/font/layout/LEFontInstance.h
! src/share/native/sun/font/layout/LEGlyphFilter.h
! src/share/native/sun/font/layout/LEGlyphStorage.cpp
! src/share/native/sun/font/layout/LEGlyphStorage.h
! src/share/native/sun/font/layout/LEScripts.h
! src/share/native/sun/font/layout/LEStandalone.h
! src/share/native/sun/font/layout/LETableReference.h
! src/share/native/sun/font/layout/LETypes.h
! src/share/native/sun/font/layout/LayoutEngine.cpp
! src/share/native/sun/font/layout/LayoutEngine.h
! src/share/native/sun/font/layout/LigatureSubstProc2.cpp
! src/share/native/sun/font/layout/LigatureSubstSubtables.cpp
! src/share/native/sun/font/layout/LookupProcessor.cpp
! src/share/native/sun/font/layout/Lookups.cpp
! src/share/native/sun/font/layout/MarkArrays.cpp
! src/share/native/sun/font/layout/MarkArrays.h
! src/share/native/sun/font/layout/MarkToBasePosnSubtables.cpp
! src/share/native/sun/font/layout/MarkToLigaturePosnSubtables.cpp
! src/share/native/sun/font/layout/MarkToMarkPosnSubtables.cpp
! src/share/native/sun/font/layout/MultipleSubstSubtables.cpp
! src/share/native/sun/font/layout/OpenTypeLayoutEngine.cpp
! src/share/native/sun/font/layout/OpenTypeUtilities.h
! src/share/native/sun/font/layout/PairPositioningSubtables.cpp
! src/share/native/sun/font/layout/PairPositioningSubtables.h
! src/share/native/sun/font/layout/ScriptAndLanguage.cpp
! src/share/native/sun/font/layout/ScriptAndLanguageTags.cpp
! src/share/native/sun/font/layout/ScriptAndLanguageTags.h
! src/share/native/sun/font/layout/SegmentArrayProcessor2.cpp
! src/share/native/sun/font/layout/SinglePositioningSubtables.cpp
! src/share/native/sun/font/layout/SingleSubstitutionSubtables.cpp
! src/share/native/sun/font/layout/TibetanReordering.h
! src/share/native/sun/font/layout/ValueRecords.cpp
! src/share/native/sun/font/layout/ValueRecords.h
Changeset: b8008a2bf4fe
Author: sjiang
Date: 2013-10-21 09:56 +0200
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b8008a2bf4fe
7068126: Enhance SNMP statuses
Reviewed-by: dfuchs, hawtin
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibEntry.java
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibGroup.java
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibNode.java
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibOid.java
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibTable.java
! src/share/classes/com/sun/jmx/snmp/daemon/SnmpRequestHandler.java
Changeset: d7ef65d3ee57
Author: chegar
Date: 2013-10-21 15:00 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d7ef65d3ee57
Merge
! makefiles/CompileJavaClasses.gmk
! makefiles/CompileNativeLibraries.gmk
! makefiles/CreateJars.gmk
- makefiles/GendataBreakIterator.gmk
- makefiles/GendataFontConfig.gmk
- makefiles/GendataHtml32dtd.gmk
- makefiles/GendataTZDB.gmk
- makefiles/GendataTimeZone.gmk
- makefiles/GenerateJavaSources.gmk
+ makefiles/GenerateSources.gmk
- makefiles/GensrcBuffer.gmk
- makefiles/GensrcCLDR.gmk
- makefiles/GensrcCharacterData.gmk
- makefiles/GensrcCharsetCoder.gmk
- makefiles/GensrcCharsetMapping.gmk
- makefiles/GensrcExceptions.gmk
- makefiles/GensrcIcons.gmk
- makefiles/GensrcJDWP.gmk
- makefiles/GensrcJObjC.gmk
- makefiles/GensrcLocaleDataMetaInfo.gmk
- makefiles/GensrcMisc.gmk
- makefiles/GensrcProperties.gmk
- makefiles/GensrcSwing.gmk
- makefiles/GensrcX11Wrappers.gmk
! makefiles/Images.gmk
! makefiles/Profiles.gmk
- src/share/classes/com/sun/jdi/connect/package.html
- src/share/classes/com/sun/jdi/connect/spi/package.html
- src/share/classes/com/sun/jdi/event/package.html
- src/share/classes/com/sun/jdi/package.html
- src/share/classes/com/sun/jdi/request/package.html
- src/share/classes/com/sun/management/package.html
- src/share/classes/com/sun/tools/attach/package.html
- src/share/classes/com/sun/tools/attach/spi/package.html
- src/share/classes/com/sun/tools/jconsole/package.html
- src/share/classes/java/lang/invoke/InvokeGeneric.java
- src/share/classes/java/lang/invoke/MagicLambdaImpl.java
- src/share/classes/java/net/HttpURLPermission.java
- src/share/classes/java/time/chrono/ChronoDateImpl.java
! src/share/classes/java/util/logging/LogManager.java
! src/share/classes/javax/sql/rowset/spi/SyncFactory.java
! src/share/classes/javax/swing/SwingUtilities.java
! src/share/classes/javax/swing/event/EventListenerList.java
! src/share/classes/sun/security/ssl/Handshaker.java
! src/share/classes/sun/security/tools/jarsigner/Main.java
! src/share/lib/security/java.security-macosx
! src/share/lib/security/java.security-windows
- src/solaris/doc/sun/man/man1/ja/javaws.1
- src/solaris/doc/sun/man/man1/javaws.1
- test/com/oracle/security/ucrypto/TestAES.java
- test/com/oracle/security/ucrypto/TestDigest.java
- test/com/oracle/security/ucrypto/TestRSA.java
- test/com/oracle/security/ucrypto/UcryptoTest.java
! test/java/lang/SecurityManager/CheckPackageAccess.java
- test/java/net/HttpURLPermission/HttpURLPermissionTest.java
- test/java/net/HttpURLPermission/URLTest.java
- test/java/net/HttpURLPermission/policy.1
- test/java/net/HttpURLPermission/policy.2
- test/java/net/HttpURLPermission/policy.3
- test/java/time/tck/java/time/chrono/TCKChronologySerialization.java
Changeset: 1c85f50e2622
Author: chegar
Date: 2013-10-22 12:33 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1c85f50e2622
Merge
! src/share/classes/sun/reflect/generics/reflectiveObjects/TypeVariableImpl.java
! src/share/lib/security/java.security-linux
! src/share/lib/security/java.security-macosx
! src/share/lib/security/java.security-solaris
! src/share/lib/security/java.security-windows
! test/java/lang/SecurityManager/CheckPackageAccess.java
Changeset: ad808fe39337
Author: weijun
Date: 2013-10-17 09:58 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ad808fe39337
8025014: Enhance Security Policy
6727821: Enhance JAAS Configuration
Reviewed-by: xuelei, hawtin
! src/share/classes/javax/security/auth/Policy.java
! src/share/classes/javax/security/auth/login/Configuration.java
Changeset: f87d59557049
Author: chegar
Date: 2013-10-22 14:55 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f87d59557049
Merge
Changeset: d92379723173
Author: asaha
Date: 2013-12-07 16:15 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d92379723173
Merge
! make/CompileJavaClasses.gmk
! make/CompileNativeLibraries.gmk
! make/CreateJars.gmk
! make/CreateSecurityJars.gmk
! make/GenerateSources.gmk
! make/Images.gmk
! make/Profiles.gmk
! make/lib/Awt2dLibraries.gmk
! make/lib/CoreLibraries.gmk
! make/lib/NetworkingLibraries.gmk
! make/lib/NioLibraries.gmk
! make/lib/PlatformLibraries.gmk
! make/lib/SecurityLibraries.gmk
! make/lib/ServiceabilityLibraries.gmk
! make/lib/SoundLibraries.gmk
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibGroup.java
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibTable.java
! src/share/classes/com/sun/jmx/snmp/daemon/SnmpRequestHandler.java
! src/share/classes/javax/sql/rowset/spi/SyncFactory.java
! src/share/classes/javax/swing/SwingUtilities.java
! src/share/classes/sun/reflect/misc/ReflectUtil.java
! src/share/classes/sun/security/ssl/Handshaker.java
! src/share/classes/sun/security/tools/jarsigner/Main.java
! test/sun/security/tools/jarsigner/TimestampCheck.java
! test/sun/security/tools/jarsigner/ts.sh
Changeset: ef2352bf3dfe
Author: xuelei
Date: 2013-10-23 21:24 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ef2352bf3dfe
8026417: Enhance XML canonicalization
Summary: Copy before use mutable byte arrays. Also reviewed by Alexander Fomin
Reviewed-by: mullan, hawtin, ahgross
! src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java
Changeset: fe1707a836b4
Author: xuelei
Date: 2013-10-24 10:02 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fe1707a836b4
8027204: Revise the update of 8026204 and 8025758
Summary: Rivise the update to use system class loader with null TCCL. Also reviewed by Alexander Fomin
Reviewed-by: mchung, ahgross
! src/share/classes/com/sun/naming/internal/FactoryEnumeration.java
! src/share/classes/com/sun/naming/internal/VersionHelper12.java
! src/share/classes/javax/security/auth/login/LoginContext.java
Changeset: a147b2084bc3
Author: michaelm
Date: 2013-10-24 20:39 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a147b2084bc3
8011786: Better applet networking
Reviewed-by: alanb, chegar
! src/share/classes/com/sun/nio/sctp/SctpChannel.java
! src/share/classes/java/lang/SecurityManager.java
! src/share/classes/java/net/Socket.java
! src/share/classes/java/net/SocketPermission.java
! src/share/classes/java/nio/channels/AsynchronousSocketChannel.java
! src/share/classes/java/nio/channels/SocketChannel.java
! src/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java
! src/share/classes/sun/nio/ch/SocketChannelImpl.java
! src/share/classes/sun/rmi/registry/RegistryImpl.java
! src/share/classes/sun/security/util/SecurityConstants.java
! src/share/lib/security/java.policy
! src/share/lib/security/java.security-linux
! src/share/lib/security/java.security-macosx
! src/share/lib/security/java.security-solaris
! src/share/lib/security/java.security-windows
! src/solaris/classes/sun/nio/ch/sctp/SctpChannelImpl.java
Changeset: a0b6e5895464
Author: michaelm
Date: 2013-11-20 23:33 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a0b6e5895464
8028453: AsynchronousSocketChannel.connect() requires SocketPermission due to bind to local address (win)
Reviewed-by: alanb, chegar
! src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java
Changeset: d5107c804de5
Author: michaelm
Date: 2013-11-26 10:06 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d5107c804de5
8028293: Check local configuration for actual ephemeral port range
Reviewed-by: alanb, chegar, smarks
! make/lib/NetworkingLibraries.gmk
! make/mapfiles/libnet/mapfile-vers
! src/share/classes/java/net/SocketPermission.java
! src/share/classes/sun/rmi/registry/RegistryImpl.java
! src/share/lib/security/java.security-linux
! src/share/lib/security/java.security-macosx
! src/share/lib/security/java.security-solaris
! src/share/lib/security/java.security-windows
+ src/solaris/classes/sun/net/PortConfig.java
! src/solaris/native/java/net/net_util_md.c
! src/solaris/native/java/net/net_util_md.h
+ src/solaris/native/sun/net/portconfig.c
+ src/windows/classes/sun/net/PortConfig.java
+ src/windows/native/sun/net/portconfig.c
! test/java/rmi/activation/rmidViaInheritedChannel/RmidViaInheritedChannel.java
! test/java/rmi/registry/readTest/readTest.sh
! test/java/rmi/testlibrary/TestLibrary.java
Changeset: ac1c8e892877
Author: kizune
Date: 2013-12-13 22:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ac1c8e892877
Merge
! make/CreateSecurityJars.gmk
- make/data/cryptopolicy/limited/LIMITED
- make/data/cryptopolicy/unlimited/UNLIMITED
! src/share/classes/java/util/logging/LogManager.java
! src/share/classes/javax/security/auth/login/LoginContext.java
- test/com/sun/jmx/snmp/NoInfoLeakTest.java
- test/com/sun/tools/attach/AgentSetup.sh
- test/com/sun/tools/attach/ApplicationSetup.sh
- test/com/sun/tools/attach/BasicTests.sh
- test/com/sun/tools/attach/CommonSetup.sh
- test/com/sun/tools/attach/PermissionTests.sh
- test/com/sun/tools/attach/ProviderTests.sh
- test/java/lang/management/MemoryMXBean/CollectionUsageThresholdConcMarkSweepGC.sh
- test/java/lang/management/MemoryMXBean/CollectionUsageThresholdParallelGC.sh
- test/java/lang/management/MemoryMXBean/CollectionUsageThresholdSerialGC.sh
- test/java/rmi/reliability/benchmark/runRmiBench.sh
- test/java/rmi/reliability/benchmark/runSerialBench.sh
Changeset: db6e25fee0f7
Author: asaha
Date: 2014-01-08 12:01 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/db6e25fee0f7
Merge
! make/CompileJavaClasses.gmk
! make/mapfiles/libnet/mapfile-vers
! src/macosx/native/sun/awt/splashscreen/splashscreen_sys.m
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibGroup.java
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibOid.java
! src/share/classes/com/sun/jmx/snmp/agent/SnmpMibTable.java
! src/share/classes/com/sun/jmx/snmp/daemon/SnmpRequestHandler.java
! src/share/classes/com/sun/nio/sctp/SctpChannel.java
! src/share/classes/java/lang/SecurityManager.java
! src/share/classes/java/nio/channels/AsynchronousSocketChannel.java
! src/share/classes/java/nio/channels/SocketChannel.java
! src/share/classes/java/util/jar/JarVerifier.java
! src/share/classes/javax/swing/SwingUtilities.java
! src/share/classes/javax/swing/event/EventListenerList.java
! src/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java
! src/share/classes/sun/nio/ch/SocketChannelImpl.java
! src/share/classes/sun/security/tools/jarsigner/Main.java
! src/share/classes/sun/security/tools/jarsigner/Resources.java
! src/share/classes/sun/security/util/SecurityConstants.java
- src/share/classes/sun/util/resources/pt/LocaleNames_pt_BR.properties
! src/solaris/classes/sun/nio/ch/sctp/SctpChannelImpl.java
! src/solaris/native/java/net/net_util_md.c
! src/solaris/native/sun/awt/splashscreen/splashscreen_sys.c
! src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java
! test/java/rmi/registry/readTest/readTest.sh
- test/javax/swing/text/AbstractDocument/7146146/bug7146146.java
- test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java
! test/sun/security/tools/jarsigner/TimestampCheck.java
! test/sun/security/tools/jarsigner/concise_jarsigner.sh
! test/sun/security/tools/jarsigner/ts.sh
Changeset: f251cb144366
Author: erikj
Date: 2014-01-08 13:25 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f251cb144366
8029254: Build error when javadoc generates beaninfo for javax.swing.beans
Reviewed-by: alanb, ihse, michaelm
! make/gensrc/GensrcSwing.gmk
Changeset: 13b28cffa140
Author: katleman
Date: 2014-01-10 08:32 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/13b28cffa140
Added tag jdk8-b123 for changeset 484e16c0a040
! .hgtags
Changeset: e4c9787cae89
Author: asaha
Date: 2014-01-10 09:11 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e4c9787cae89
Merge
Changeset: a110ff64efa0
Author: kizune
Date: 2014-01-14 23:10 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a110ff64efa0
Merge
! make/Images.gmk
- src/bsd/doc/man/ja/kinit.1
- src/bsd/doc/man/ja/klist.1
- src/bsd/doc/man/ja/ktab.1
! src/share/classes/java/util/logging/LogManager.java
From alexander.zuev at oracle.com Tue Jan 14 19:58:03 2014
From: alexander.zuev at oracle.com (alexander.zuev at oracle.com)
Date: Tue, 14 Jan 2014 19:58:03 +0000
Subject: hg: jdk8/tl/nashorn: 10 new changesets
Message-ID: <20140114195813.D4DC562437@hg.openjdk.java.net>
Changeset: b9fdc55a6e28
Author: chegar
Date: 2013-11-03 07:33 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/b9fdc55a6e28
Merge
Changeset: c1049f63d4f5
Author: kizune
Date: 2013-12-03 14:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/c1049f63d4f5
Merge
Changeset: 39a3e5a4d6d4
Author: kizune
Date: 2013-12-05 16:37 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/39a3e5a4d6d4
Merge
- makefiles/BuildNashorn.gmk
- makefiles/Makefile
Changeset: dd59e60accdd
Author: kizune
Date: 2013-12-13 22:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/dd59e60accdd
Merge
Changeset: 89f838ccd186
Author: asaha
Date: 2013-12-20 07:44 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/89f838ccd186
Merge
Changeset: a9d41a8055ca
Author: asaha
Date: 2014-01-02 15:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/a9d41a8055ca
Merge
Changeset: 688f4167f921
Author: katleman
Date: 2014-01-03 11:55 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/688f4167f921
Added tag jdk8-b122 for changeset 9d112a0e7df7
! .hgtags
Changeset: 98e7379a4345
Author: asaha
Date: 2014-01-03 16:01 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/98e7379a4345
Merge
Changeset: 0b4301c79225
Author: katleman
Date: 2014-01-10 08:32 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/0b4301c79225
Added tag jdk8-b123 for changeset 688f4167f921
! .hgtags
Changeset: 2334772d5292
Author: asaha
Date: 2014-01-10 17:06 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/2334772d5292
Merge
From alexander.zuev at oracle.com Tue Jan 14 19:57:23 2014
From: alexander.zuev at oracle.com (alexander.zuev at oracle.com)
Date: Tue, 14 Jan 2014 19:57:23 +0000
Subject: hg: jdk8/tl/langtools: 9 new changesets
Message-ID: <20140114195751.0CCF762435@hg.openjdk.java.net>
Changeset: 53dd31d3c5d7
Author: chegar
Date: 2013-11-03 07:33 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/53dd31d3c5d7
Merge
Changeset: aaea3a69fa6c
Author: kizune
Date: 2013-12-03 14:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/aaea3a69fa6c
Merge
- test/tools/javac/ArraysInIntersections.java
- test/tools/javac/ExtDirs/ext1/pkg1.jar
- test/tools/javac/ExtDirs/ext2/pkg2.jar
- test/tools/javac/ExtDirs/ext3/pkg1.jar
- test/tools/javac/ExtDirs/ext3/pkg2.jar
- test/tools/javac/InferArraysInIntersections.java
- test/tools/javac/diags/examples/InterfaceOrArrayExpected.java
Changeset: 48367e6de872
Author: kizune
Date: 2013-12-05 16:37 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/48367e6de872
Merge
- make/jprt.properties
- makefiles/BuildLangtools.gmk
- makefiles/Makefile
Changeset: f06c0dcf251f
Author: kizune
Date: 2013-12-13 22:13 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/f06c0dcf251f
Merge
Changeset: b07b8c077482
Author: asaha
Date: 2013-12-20 07:44 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/b07b8c077482
Merge
Changeset: efc18829e3a6
Author: asaha
Date: 2014-01-02 15:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/efc18829e3a6
Merge
- src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/activetitlebar.gif
- src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/activetitlebar_end.gif
- src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/background.gif
- src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/tab.gif
- src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/titlebar.gif
- src/share/classes/com/sun/tools/doclets/internal/toolkit/resources/titlebar_end.gif
Changeset: a345cf28faca
Author: katleman
Date: 2014-01-03 11:55 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/a345cf28faca
Added tag jdk8-b122 for changeset 232b9cf6303a
! .hgtags
Changeset: 8712cc6441db
Author: asaha
Date: 2014-01-03 16:01 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/8712cc6441db
Merge
Changeset: 1f135528db7c
Author: kizune
Date: 2014-01-14 23:10 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/1f135528db7c
Merge
From ebaron at redhat.com Tue Jan 14 23:01:47 2014
From: ebaron at redhat.com (Elliott Baron)
Date: Tue, 14 Jan 2014 18:01:47 -0500
Subject: [PATCH] Handle alternative Kerberos credential cache locations
In-Reply-To: <523B9B6A.8010705@oracle.com>
References: <523B9089.3040208@redhat.com> <523B9B6A.8010705@oracle.com>
Message-ID: <52D5C1DB.20901@redhat.com>
Hi Max,
I have finally been able to revisit this patch, sorry for the long
delay. I have posted webrevs at
http://icedtea.classpath.org/~ebaron/webrevs/krb5-default-ccache/00/.
These updated patches do not use error message routines in libkrb5,
since these are missing from the version on Solaris 10. Instead, the
native code in this patch retrieves error messages by invoking the
Krb5.getErrorMessage method that is part of the JDK.
Thanks,
Elliott
On 09/19/2013 08:48 PM, Weijun Wang wrote:
> Copying build-dev.
>
> --Max
>
> On 9/20/13 8:02 AM, Elliott Baron wrote:
>> Hi,
>>
>> Kerberos 1.11 introduced a new configuration variable to override the
>> default location of the credential cache at build time. Fedora 18 and up
>> have used this new configuration variable to define an alternate default
>> cache location (/run/user/$UID/krb5cc/tkt). This bug was initially
>> reported against Fedora [1].
>>
>> On Linux and Solaris systems, FileCredentialsCache.getDefaultCacheName()
>> defaults to the previously hard-coded location (/tmp/krb5cc_$UID). This
>> location will be incorrect if Kerberos was built with an alternative
>> credential cache location set. Since this credential cache location can
>> be arbitrary, we need to query the Kerberos API for the correct
>> location. This patch implements this query using a new JNI call, which
>> adds a dependency on libkrb5 for Linux and Solaris systems. I have also
>> included a test case which uses a stub library in place of the real JNI
>> libkrb5 wrapper.
>>
>> The patch krb5-default-ccache should be applied to jdk8. This includes
>> modifications to the build system in order to handle the dependency on
>> libkrb5. These changes include querying pkg-config for the location of
>> Kerberos includes and libraries, although there does not appear to be
>> support for a libkrb5 pkg-config file just yet. An alternative program,
>> krb5-config, operates similarly to pkg-config and prints the locations
>> of the required libraries and includes. This program is included as part
>> of Kerberos. This patch adds M4 macros to query krb5-config, and
>> integrates these macros into libraries.m4. I have omitted
>> generated-configure.sh for brevity.
>>
>> The second patch jdk-krb5-default-ccache-fix should be applied to
>> jdk8/jdk. This includes the changes to FileCredentialsCache and the new
>> native component, krb5ccache.c. The library generated from it is named
>> libj2krb5. This patch includes krb5-config support in
>> jdk_generic_profile.sh. This will allow users of the old build system
>> (and JDK7) to automatically find the necessary includes and libraries
>> for Kerberos. For the test component, the patch includes a Makefile to
>> build the stub library. The test should be run using the provided
>> run_tests.sh shell script.
>>
>> Thanks,
>> Elliott
>>
>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=991170
From weijun.wang at oracle.com Wed Jan 15 02:38:31 2014
From: weijun.wang at oracle.com (Wang Weijun)
Date: Wed, 15 Jan 2014 10:38:31 +0800
Subject: [PATCH] Handle alternative Kerberos credential cache locations
In-Reply-To: <52D5C1DB.20901@redhat.com>
References: <523B9089.3040208@redhat.com> <523B9B6A.8010705@oracle.com>
<52D5C1DB.20901@redhat.com>
Message-ID: <4EF99A01-884D-44CE-A258-94BA1D9B0F15@oracle.com>
Hi Elliott
Great to see this again. I?ll come back to this later. There are some urgent issues I have to deal with at this moment. I?ll also need to get those legal advices regarding pkg.m4 etc.
Thanks
Max
On Jan 15, 2014, at 7:01, Elliott Baron wrote:
> Hi Max,
>
> I have finally been able to revisit this patch, sorry for the long delay. I have posted webrevs at http://icedtea.classpath.org/~ebaron/webrevs/krb5-default-ccache/00/. These updated patches do not use error message routines in libkrb5, since these are missing from the version on Solaris 10. Instead, the native code in this patch retrieves error messages by invoking the Krb5.getErrorMessage method that is part of the JDK.
>
> Thanks,
> Elliott
From magnus.ihse.bursie at oracle.com Wed Jan 15 11:08:16 2014
From: magnus.ihse.bursie at oracle.com (Magnus Ihse Bursie)
Date: Wed, 15 Jan 2014 12:08:16 +0100
Subject: [PATCH] Handle alternative Kerberos credential cache locations
In-Reply-To: <4EF99A01-884D-44CE-A258-94BA1D9B0F15@oracle.com>
References: <523B9089.3040208@redhat.com> <523B9B6A.8010705@oracle.com>
<52D5C1DB.20901@redhat.com>
<4EF99A01-884D-44CE-A258-94BA1D9B0F15@oracle.com>
Message-ID: <52D66C20.2000903@oracle.com>
On 2014-01-15 03:38, Wang Weijun wrote:
> Hi Elliott
>
> Great to see this again. I?ll come back to this later. There are some urgent issues I have to deal with at this moment. I?ll also need to get those legal advices regarding pkg.m4 etc.
I see some issues and questions about this patch.
First of all, and I believe this was discussed the last time this patch
was around, is that there might be legal question marks about including
build-aux/krb5.m4. This code is written by someone who has not, to my
knowledge, signed the OCA. Unfortunately, legal issues tend to shadow
all technical issues, so you might want to start by getting this one solved.
On the technical level, given that the krb5.m4 legality is cleared, I see:
* The patch does not seem to be updated to the removed old build system.
make/sun/security is no more.
* Whitespace and indentation seems to be incorrect in several places in
help.m4, libraries.m4 and SecurityLibraries.gmk. Please check
surrounding code, or look at the guidelines here:
http://mail.openjdk.java.net/pipermail/build-dev/2013-October/010477.html
I have only looked at the build part of the patch.
/Magnus
From eric.mccorkle at oracle.com Wed Jan 15 17:47:32 2014
From: eric.mccorkle at oracle.com (eric.mccorkle at oracle.com)
Date: Wed, 15 Jan 2014 17:47:32 +0000
Subject: hg: jdk8/tl/jdk: 8031502: JSR292: IncompatibleClassChangeError in
LambdaForm for CharSequence.toString() method handle type converter
Message-ID: <20140115174752.A89E762486@hg.openjdk.java.net>
Changeset: 9e91793fd516
Author: vlivanov
Date: 2014-01-15 20:48 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9e91793fd516
8031502: JSR292: IncompatibleClassChangeError in LambdaForm for CharSequence.toString() method handle type converter
Reviewed-by: sundar, lagergren, drchase
! src/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java
+ test/java/lang/invoke/ObjectMethodInInterfaceTest.java
From java3 at segal.org Thu Jan 16 17:42:46 2014
From: java3 at segal.org (Mickey Segal)
Date: Thu, 16 Jan 2014 12:42:46 -0500
Subject: Java 7u51 / Windows 8.1 / IE11 combination doesn't work
Message-ID: <000701cf12e2$5e757aa0$1b606fe0$@segal.org>
It seems that one of the new security features in Java 7 update 51 is
messing up the Java / Internet Explorer 11 / Windows 8.1 combination, but
other combinations OK.
During installation of Java 7u51, a security dialog pops up: "Do you want to
allow the following program to make changes to your computer? Java SE
Runtime environment 7 Update 51". Agreeing to this is of course needed to
install Java. However, after installation, the same dialog pops up. Until
you agree to the dialog, Java runs fine (e.g., using
http://www.java.com/en/download/installed.jsp). Once you agree to the
dialog, Java doesn't work.
I don't see any settings that can fix that problem. It doesn't make a
difference whether Internet Options | Security | "Enable protected mode" is
checked during or after installation.
The problem depends on having each of these 3 components:
* Windows 8.1
* Internet Explorer
* Java 7u51
Swapping out any one of these components fixes the problem. For example,
all is fine if instead you use Windows 7. All is fine if instead you use
Firefox or Chrome. All is fine if instead you use Java 8 build 111.
Does anyone have a workaround for this?
Bugs that involve 3 components are often difficult to get fixed because each
programming group blames the others. Does anyone have suggestions as the
best way to navigate the process of getting this fixed?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From xondrejlukas at gmail.com Fri Jan 17 08:39:17 2014
From: xondrejlukas at gmail.com (=?ISO-8859-2?B?T25k+GVqIEx1a+G5?=)
Date: Fri, 17 Jan 2014 09:39:17 +0100
Subject: Security Policy with denying rules
Message-ID:
Hi,
I've implemented Java Security Manager and Policy for using denying rules
and I think that maybe someone will be interested in it. Standard Java
Policy [1] uses only granting permissions and there are cases when denying
rules are more comfortable than granting rules. I would like to know your
opinion and get some feedback if you'll be interested. Project is called
Prograde (Policy Rules Of GRanting And DEnying) and you can use it as maven
artifact:
net.sourceforge.pro-grade
pro-grade
1.0
Project is also available through github [2] and some tests are in
progradeTests project [3].
In the README files of these two github projects is some information about
using policy with denying rules. Usage is similar as with standard policy,
but you can write also deny entry (keyword "deny") instead of grant. There
is a new entry named "priority" which is set to grant or deny value - it
says whether grant or deny rule is used if they are in conflict. Some
examples of policy files are used in [3].
I think that the main advantage of this type of policy rules and Prograde
project is simplification of testing. Sometimes you want to know what
behavior will your application have in case that some specific permission
isn't granted. In this case you need to grant everything except that
permission, so a denying rule is the best option.
There are also some imperfections, but I think that they are not so
important:
- Prograde is not able to work with general expansion [4]. (property
expansion works fine)
- Path used in codebase entry must contain only a-z, A-Z, 0-9 and some
symbols defined in encodeSpecialCharacters protected method of
net.sourceforge.prograde.policy.ProgradePolicyFile class.
I am planning to fix it in future releases.
I hope Prograde will be helpful for somebody and I'll be happy for every
feedback.
Best regards,
Ondrej Lukas
[1]
http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html
[2] https://github.com/olukas/pro-grade
[3] https://github.com/olukas/progradeTests
[4]
http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#GeneralExp
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From xerxes at zafena.se Fri Jan 17 13:44:22 2014
From: xerxes at zafena.se (=?windows-1252?Q?Xerxes_R=E5nby?=)
Date: Fri, 17 Jan 2014 14:44:22 +0100
Subject: Java 7u51 / Windows 8.1 / IE11 combination doesn't work
In-Reply-To: <000701cf12e2$5e757aa0$1b606fe0$@segal.org>
References: <000701cf12e2$5e757aa0$1b606fe0$@segal.org>
Message-ID: <52D933B6.4020105@zafena.se>
2014-01-16 18:42, Mickey Segal skrev:> It seems that one of the new security features in Java 7 update 51 is messing up the Java / Internet Explorer 11 / Windows 8.1 combination, but other combinations OK.
>
> During installation of Java 7u51, a security dialog pops up: ?Do you want to allow the following program to make changes to your computer? Java SE Runtime environment 7 Update 51?. Agreeing to this is of course needed to install Java. However, after installation, the same dialog pops up. Until you agree to the dialog, Java runs fine (e.g., using http://www.java.com/en/download/installed.jsp). Once you agree to the dialog, Java doesn?t work.
>
> I don?t see any settings that can fix that problem. It doesn?t make a difference whether Internet Options | Security | ?Enable protected mode? is checked during or after installation.
>
> The problem depends on having each of these 3 components:
> ? Windows 8.1
> ? Internet Explorer
> ? Java 7u51
>
> Swapping out any */one/* of these components fixes the problem. For example, all is fine if instead you use Windows 7. All is fine if instead you use Firefox or Chrome. All is fine if instead you use Java 8 build 111.
>
> Does anyone have a workaround for this?
>
> Bugs that involve 3 components are often difficult to get fixed because each programming group blames the others. Does anyone have suggestions as the best way to navigate the process of getting this fixed?
>
OpenJDK do not contain any of the code used by the closed-source java plugin to diplay the problematic popups.
The openJDK community is unable to help you unless Oracle decide to opensource its deployment code and plugin.
I suggest you to file a bug in the Oracle bugtracker.
http://bugreport.sun.com/bugreport/
Cheers
Xerxes
From sean.mullan at oracle.com Fri Jan 17 18:41:42 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Fri, 17 Jan 2014 13:41:42 -0500
Subject: JDK 8 Review Request for 8031825: OCSP client can't find responder
cert if it uses a different subject key id algorithm than responderID
Message-ID: <52D97966.8090906@oracle.com>
Please review the following fix for a serious issue found while testing
interoperability with an OCSP responder:
JBS: https://bugs.openjdk.java.net/browse/JDK-8031825
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8031825/webrev.00/
The regression test depends on proprietary certs, so it will be put in
the closed area.
Thanks,
Sean
From java3 at segal.org Fri Jan 17 23:09:35 2014
From: java3 at segal.org (Mickey Segal)
Date: Fri, 17 Jan 2014 18:09:35 -0500
Subject: Java 7u51 / Windows 8.1 / IE11 combination doesn't work
In-Reply-To: <52D933B6.4020105@zafena.se>
References: <000701cf12e2$5e757aa0$1b606fe0$@segal.org>
<52D933B6.4020105@zafena.se>
Message-ID: <000001cf13d9$314acb50$93e061f0$@segal.org>
I reported this as a bug. For completeness, I will mention here that I got
feedback within minutes that " We have determined that this report is a new
bug and have entered the bug into our bug tracking system". Unfortunately
since the bug reporter hung for a minute and I pressed submit again I ended
up with two Bug Ids: 9009752 and 9009753. My experience is that these
instant approvals don't really mean that the bug was accepted and the bug
number gets changed once the bug gets a real human acceptance.
It is odd that the latest version of Java should fail on the latest version
of the most commonly used browser on the latest version of the most commonly
used operating system. I would have guessed that would have been a
combination that someone would have tried. I documented in my report that
various steps such as disabling NOD32 didn't fix the problem.
If anyone has further suggestions please let me know. Java not working on a
key environment is a problem for all of us, and since it appears to be a
security issue, someone here might have an insight.
Xerxes R?nby [mailto:xerxes at zafena.se] wrote:
OpenJDK do not contain any of the code used by the closed-source java plugin
to diplay the problematic popups.
The openJDK community is unable to help you unless Oracle decide to
opensource its deployment code and plugin.
I suggest you to file a bug in the Oracle bugtracker.
http://bugreport.sun.com/bugreport/
From Xuelei.Fan at Oracle.COM Sat Jan 18 02:14:36 2014
From: Xuelei.Fan at Oracle.COM (Xuelei Fan)
Date: Sat, 18 Jan 2014 10:14:36 +0800
Subject: JDK 8 Review Request for 8031825: OCSP client can't find responder
cert if it uses a different subject key id algorithm than responderID
In-Reply-To: <52D97966.8090906@oracle.com>
References: <52D97966.8090906@oracle.com>
Message-ID: <52D9E38C.4040701@Oracle.COM>
looks fine to me.
Xuelei
On 1/18/2014 2:41 AM, Sean Mullan wrote:
> Please review the following fix for a serious issue found while testing
> interoperability with an OCSP responder:
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8031825
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8031825/webrev.00/
>
> The regression test depends on proprietary certs, so it will be put in
> the closed area.
>
> Thanks,
> Sean
From vincent.x.ryan at oracle.com Mon Jan 20 12:11:42 2014
From: vincent.x.ryan at oracle.com (Vincent Ryan)
Date: Mon, 20 Jan 2014 12:11:42 +0000
Subject: JDK 8 Review Request for 8031825: OCSP client can't find
responder cert if it uses a different subject key id algorithm
than responderID
In-Reply-To: <52D97966.8090906@oracle.com>
References: <52D97966.8090906@oracle.com>
Message-ID: <89545E25-BC07-4B12-BEDF-4A1C0EA3BA5C@oracle.com>
Looks good to me.
Thanks.
On 17 Jan 2014, at 18:41, Sean Mullan wrote:
> Please review the following fix for a serious issue found while testing interoperability with an OCSP responder:
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8031825
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8031825/webrev.00/
>
> The regression test depends on proprietary certs, so it will be put in the closed area.
>
> Thanks,
> Sean
From lana.steuck at oracle.com Tue Jan 21 19:03:11 2014
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Tue, 21 Jan 2014 19:03:11 +0000
Subject: hg: jdk8/tl: 5 new changesets
Message-ID: <20140121190312.C650E625FA@hg.openjdk.java.net>
Changeset: ca4612164195
Author: lana
Date: 2014-01-08 11:36 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/rev/ca4612164195
Merge
Changeset: b5e1dad69605
Author: jeff
Date: 2014-01-13 14:41 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/rev/b5e1dad69605
7129980: Third Party License Readme update for JDK8
Reviewed-by: lana, tbell
! THIRD_PARTY_README
Changeset: 6ac7d4011e8a
Author: lana
Date: 2014-01-13 22:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/rev/6ac7d4011e8a
Merge
Changeset: 790bbd46b201
Author: lana
Date: 2014-01-15 10:45 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/rev/790bbd46b201
Merge
Changeset: 0623ae55afff
Author: katleman
Date: 2014-01-17 15:52 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/rev/0623ae55afff
Added tag jdk8-b124 for changeset 790bbd46b201
! .hgtags
From lana.steuck at oracle.com Tue Jan 21 19:03:15 2014
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Tue, 21 Jan 2014 19:03:15 +0000
Subject: hg: jdk8/tl/langtools: 6 new changesets
Message-ID: <20140121190344.1A946625FF@hg.openjdk.java.net>
Changeset: d5aab8300d3b
Author: katleman
Date: 2014-01-10 08:32 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/d5aab8300d3b
Added tag jdk8-b123 for changeset a345cf28faca
! .hgtags
Changeset: 4a5e16002234
Author: lana
Date: 2014-01-08 11:39 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/4a5e16002234
Merge
Changeset: e90611913bb1
Author: jeff
Date: 2014-01-13 14:44 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/e90611913bb1
7129980: Third Party License Readme update for JDK8
Reviewed-by: lana, tbell
! THIRD_PARTY_README
Changeset: 91e6cd536c34
Author: lana
Date: 2014-01-13 22:33 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/91e6cd536c34
Merge
Changeset: 436176151e85
Author: lana
Date: 2014-01-15 10:59 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/436176151e85
Merge
Changeset: 9e35f82eec22
Author: katleman
Date: 2014-01-17 15:53 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/9e35f82eec22
Added tag jdk8-b124 for changeset 436176151e85
! .hgtags
From lana.steuck at oracle.com Tue Jan 21 19:03:11 2014
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Tue, 21 Jan 2014 19:03:11 +0000
Subject: hg: jdk8/tl/corba: 5 new changesets
Message-ID: <20140121190318.21207625FB@hg.openjdk.java.net>
Changeset: afecd2878aee
Author: katleman
Date: 2014-01-10 08:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/afecd2878aee
Added tag jdk8-b123 for changeset 1ecd4619f60c
! .hgtags
Changeset: b509e2e0fc41
Author: jeff
Date: 2014-01-13 14:42 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/b509e2e0fc41
7129980: Third Party License Readme update for JDK8
Reviewed-by: lana, tbell
! THIRD_PARTY_README
Changeset: 33e3d3425095
Author: lana
Date: 2014-01-13 22:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/33e3d3425095
Merge
Changeset: 7b45151c7a05
Author: lana
Date: 2014-01-15 10:45 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/7b45151c7a05
Merge
Changeset: 6b66ffd36885
Author: katleman
Date: 2014-01-17 15:52 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/6b66ffd36885
Added tag jdk8-b124 for changeset 7b45151c7a05
! .hgtags
From lana.steuck at oracle.com Tue Jan 21 19:03:11 2014
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Tue, 21 Jan 2014 19:03:11 +0000
Subject: hg: jdk8/tl/nashorn: 4 new changesets
Message-ID: <20140121190322.3C85A625FC@hg.openjdk.java.net>
Changeset: 3356919b1639
Author: jeff
Date: 2014-01-13 14:45 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/3356919b1639
7129980: Third Party License Readme update for JDK8
Reviewed-by: lana, tbell
! THIRD_PARTY_README
Changeset: aefba9e5e35c
Author: lana
Date: 2014-01-13 22:33 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/aefba9e5e35c
Merge
Changeset: 7346abe2ea03
Author: lana
Date: 2014-01-15 10:59 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/7346abe2ea03
Merge
Changeset: 40192ec6af87
Author: katleman
Date: 2014-01-17 15:53 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/40192ec6af87
Added tag jdk8-b124 for changeset 7346abe2ea03
! .hgtags
From lana.steuck at oracle.com Tue Jan 21 19:03:17 2014
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Tue, 21 Jan 2014 19:03:17 +0000
Subject: hg: jdk8/tl/jaxws: 5 new changesets
Message-ID: <20140121190335.DFCF8625FE@hg.openjdk.java.net>
Changeset: 241e4effed6d
Author: katleman
Date: 2014-01-10 08:32 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/241e4effed6d
Added tag jdk8-b123 for changeset 91f5c542ccad
! .hgtags
Changeset: c71b6b41a2a1
Author: jeff
Date: 2014-01-13 14:43 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/c71b6b41a2a1
7129980: Third Party License Readme update for JDK8
Reviewed-by: lana, tbell
! THIRD_PARTY_README
Changeset: 9ed8a0577511
Author: lana
Date: 2014-01-13 22:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/9ed8a0577511
Merge
Changeset: ef71ecbcd7bc
Author: lana
Date: 2014-01-15 10:49 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/ef71ecbcd7bc
Merge
Changeset: b14885a461b3
Author: katleman
Date: 2014-01-17 15:53 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/b14885a461b3
Added tag jdk8-b124 for changeset ef71ecbcd7bc
! .hgtags
From lana.steuck at oracle.com Tue Jan 21 19:03:11 2014
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Tue, 21 Jan 2014 19:03:11 +0000
Subject: hg: jdk8/tl/jaxp: 5 new changesets
Message-ID: <20140121190335.3FF2F625FD@hg.openjdk.java.net>
Changeset: 1a28f773c894
Author: katleman
Date: 2014-01-10 08:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/1a28f773c894
Added tag jdk8-b123 for changeset 4e35b5b6d2e5
! .hgtags
Changeset: d906d69e24a3
Author: jeff
Date: 2014-01-13 14:43 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/d906d69e24a3
7129980: Third Party License Readme update for JDK8
Reviewed-by: lana, tbell
! THIRD_PARTY_README
Changeset: a7c0452ab987
Author: lana
Date: 2014-01-13 22:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/a7c0452ab987
Merge
Changeset: 83bb924238f8
Author: lana
Date: 2014-01-15 10:49 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/83bb924238f8
Merge
Changeset: 5a4e9ef8673d
Author: katleman
Date: 2014-01-17 15:53 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/5a4e9ef8673d
Added tag jdk8-b124 for changeset 83bb924238f8
! .hgtags
From lana.steuck at oracle.com Tue Jan 21 19:03:12 2014
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Tue, 21 Jan 2014 19:03:12 +0000
Subject: hg: jdk8/tl/hotspot: 10 new changesets
Message-ID: <20140121190346.1F25862600@hg.openjdk.java.net>
Changeset: c89630a122b4
Author: katleman
Date: 2014-01-10 08:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/c89630a122b4
Added tag jdk8-b123 for changeset 591135a7d6f9
! .hgtags
Changeset: f898fdfc08a5
Author: jeff
Date: 2014-01-13 14:42 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/f898fdfc08a5
7129980: Third Party License Readme update for JDK8
Reviewed-by: lana, tbell
! THIRD_PARTY_README
Changeset: b99955ea4b91
Author: lana
Date: 2014-01-13 22:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/b99955ea4b91
Merge
Changeset: 9d39e8a8ff61
Author: amurillo
Date: 2013-12-27 07:51 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/9d39e8a8ff61
8031060: new hotspot build - hs25-b66
Reviewed-by: jcoomes
! make/hotspot_version
Changeset: c3f3cfd39184
Author: hseigel
Date: 2014-01-10 12:11 -0500
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/c3f3cfd39184
8031059: invokestatic: ICCE trying to invoke static method when it clashes with an abstract method inherited from an interface
Summary: Do not create AME overpass if there is a matching static method
Reviewed-by: lfoltan, coleenp, kamg
! src/share/vm/classfile/defaultMethods.cpp
Changeset: 9b9816164447
Author: amurillo
Date: 2014-01-13 15:52 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/9b9816164447
Merge
Changeset: ac902fca803b
Author: amurillo
Date: 2014-01-13 15:52 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ac902fca803b
Added tag hs25-b66 for changeset 9b9816164447
! .hgtags
Changeset: 2c3130311ffa
Author: amurillo
Date: 2014-01-14 11:22 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/2c3130311ffa
Merge
Changeset: df333ee12bba
Author: lana
Date: 2014-01-15 10:48 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/df333ee12bba
Merge
Changeset: e2e6ca7e0ea6
Author: katleman
Date: 2014-01-17 15:52 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/e2e6ca7e0ea6
Added tag jdk8-b124 for changeset df333ee12bba
! .hgtags
From lana.steuck at oracle.com Tue Jan 21 19:04:00 2014
From: lana.steuck at oracle.com (lana.steuck at oracle.com)
Date: Tue, 21 Jan 2014 19:04:00 +0000
Subject: hg: jdk8/tl/jdk: 8 new changesets
Message-ID: <20140121190556.93AC862601@hg.openjdk.java.net>
Changeset: 9683419eddef
Author: lana
Date: 2014-01-08 11:39 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9683419eddef
Merge
Changeset: 2551e7290450
Author: jeff
Date: 2014-01-13 14:44 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2551e7290450
7129980: Third Party License Readme update for JDK8
Reviewed-by: lana, tbell
! THIRD_PARTY_README
Changeset: 01a6b4654550
Author: lana
Date: 2014-01-13 22:32 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/01a6b4654550
Merge
Changeset: 2a3afe1ec514
Author: rgallard
Date: 2014-01-09 16:10 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2a3afe1ec514
8026909: Retire Some Rarely Used GC Combintations
Summary: Fix only affects java command, nroff page, OpenJDK
Reviewed-by: maxelsso
! src/bsd/doc/man/java.1
! src/linux/doc/man/java.1
! src/solaris/doc/sun/man/man1/java.1
Changeset: acc59aae7992
Author: katleman
Date: 2014-01-14 11:56 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/acc59aae7992
Merge
Changeset: f1f3596239a4
Author: lana
Date: 2014-01-15 10:57 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f1f3596239a4
Merge
- src/bsd/doc/man/ja/kinit.1
- src/bsd/doc/man/ja/klist.1
- src/bsd/doc/man/ja/ktab.1
Changeset: ae303640bc1c
Author: lana
Date: 2014-01-16 10:16 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ae303640bc1c
Merge
- src/bsd/doc/man/ja/kinit.1
- src/bsd/doc/man/ja/klist.1
- src/bsd/doc/man/ja/ktab.1
Changeset: 3e9b46280c16
Author: katleman
Date: 2014-01-17 15:53 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3e9b46280c16
Added tag jdk8-b124 for changeset ae303640bc1c
! .hgtags
From weijun.wang at oracle.com Wed Jan 22 07:01:18 2014
From: weijun.wang at oracle.com (Wang Weijun)
Date: Wed, 22 Jan 2014 15:01:18 +0800
Subject: RFR: 8031572: jarsigner -verify exits with 0 when a jar file is not
properly signed
Message-ID:
Hi All
Please take a look at the webrev at
http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/
JarVerifier has a flag that separates parsing signatures and verifying other entries. The fix makes sure only signature-related files are processed in the beginning so JarVerifier does not enter the second stage prematurely. Please note that JarInputStream always feeds JarVerifier by natural order so once a non-signatued-related file is processed it goes into verification stage and will not parse a signature anymore.
Maybe a smarter solution is to be *always on alert*, which means at anytime an incoming entry can be anything, so that even if signature-related files appear at the middle of a file, at least those come after them can be treated as signed when opening with a JarInputStream. This will be a huge change to the JarVerifier class and IMHO does not really help much. Also I don?t want to consider it at this final time of JDK 8.
You can also find webrevs for jdk9 and jdk7u at
http://cr.openjdk.java.net/~weijun/8031572/webrev.00/
and
http://cr.openjdk.java.net/~weijun/8031572/7/webrev.00/
There are some tiny differences. For 9, the JarVerifier fix needs to be rebased on a language style changeset. For 7u, there are some differences in the test because of class name change, implicit final, and default method.
Thanks
Max
From erik.joelsson at oracle.com Wed Jan 22 11:13:55 2014
From: erik.joelsson at oracle.com (erik.joelsson at oracle.com)
Date: Wed, 22 Jan 2014 11:13:55 +0000
Subject: hg: jdk8/tl/jdk: 8032217: failure in man page processing
Message-ID: <20140122111510.5171762655@hg.openjdk.java.net>
Changeset: ff56039c4870
Author: erikj
Date: 2014-01-22 12:13 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ff56039c4870
8032217: failure in man page processing
Reviewed-by: dholmes, tbell
! make/Images.gmk
From sean.mullan at oracle.com Thu Jan 23 00:12:58 2014
From: sean.mullan at oracle.com (sean.mullan at oracle.com)
Date: Thu, 23 Jan 2014 00:12:58 +0000
Subject: hg: jdk8/tl/jdk: 8031825: OCSP client can't find responder cert if it
uses a different subject key id algorithm than responderID
Message-ID: <20140123001311.1048B6269C@hg.openjdk.java.net>
Changeset: 57c26829deb6
Author: mullan
Date: 2014-01-22 19:06 -0500
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/57c26829deb6
8031825: OCSP client can't find responder cert if it uses a different subject key id algorithm than responderID
Reviewed-by: vinnie, xuelei
! src/share/classes/sun/security/provider/certpath/OCSPResponse.java
From weijun.wang at oracle.com Thu Jan 23 01:57:27 2014
From: weijun.wang at oracle.com (Wang Weijun)
Date: Thu, 23 Jan 2014 09:57:27 +0800
Subject: RFR: 8031572: jarsigner -verify exits with 0 when a jar file is
not properly signed
In-Reply-To:
References:
Message-ID:
More explanations:
JarVerifier works in 2 stages: parsing signatures and verifying entries. There are 2 ways to enter the 2nd stage: 1) Someone else call JarEntry::doneWithMeta() directly, 2) JarVerfier itself sees an incoming JarEntry and decides to enter. Before JDK-8021788 (that triggers the regression as described in 8031572), we have:
- JarVerifier: when incoming JarEntry is not in META-INF, automatically enters the 2nd stage
- JarFile: feed JarVerifier with all META-INF entries when initializing verifier, and then force JarVerifier into 2nd stage
- JarInputStream: feed JarVerifier in natural order
So JarFile and JarVerifier are a perfect match, but when using JarInputStream and there are files in META-INF but not signature-related, JarVerifier cannot enter 2nd stage and these entries are treated as unsigned.
After JDK-8021788, there is one change:
- JarVerifier: when incoming JarEntry is not in signature-related, automatically enters the 2nd stage
This fixes the JarInputStream issue (of course, we still need signature files at the beginning). But if a non-signature META-INF file appears before a signature, during the JarFile?s initializing process it could make JarVerifier entering the 2nd stage prematurely and thus ignore later coming signature files.
This fix change JarFile behavior:
- JarFile: feed JarVerifier with all signature-related META-INF entries when initializing verifier, and then force JarVerifier into 2nd stage
so JarFile and JarVerifier work fine together again.
As you can see, the 2 ways JarVerifier entering the 2nd stage should have been used by JarFile and JarInputStream separately, so when opened with JarFile it need not enter itself. I would like to make some enhancement in JDK 9 to make the logic more simple and intuitive.
Please note that when using a JarFile, the initializing process is before the first getInpuStream(JarEntry) is returned. Therefore you can getJarEntry() on anything (including those non-signatures in META-INF) and call getInputStream() on it and it will be verified.
Thanks
Max
On Jan 22, 2014, at 15:01, Wang Weijun wrote:
> Hi All
>
> Please take a look at the webrev at
>
> http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/
>
> JarVerifier has a flag that separates parsing signatures and verifying other entries. The fix makes sure only signature-related files are processed in the beginning so JarVerifier does not enter the second stage prematurely. Please note that JarInputStream always feeds JarVerifier by natural order so once a non-signatued-related file is processed it goes into verification stage and will not parse a signature anymore.
>
> Maybe a smarter solution is to be *always on alert*, which means at anytime an incoming entry can be anything, so that even if signature-related files appear at the middle of a file, at least those come after them can be treated as signed when opening with a JarInputStream. This will be a huge change to the JarVerifier class and IMHO does not really help much. Also I don?t want to consider it at this final time of JDK 8.
>
> You can also find webrevs for jdk9 and jdk7u at
>
> http://cr.openjdk.java.net/~weijun/8031572/webrev.00/
>
> and
>
> http://cr.openjdk.java.net/~weijun/8031572/7/webrev.00/
>
> There are some tiny differences. For 9, the JarVerifier fix needs to be rebased on a language style changeset. For 7u, there are some differences in the test because of class name change, implicit final, and default method.
>
> Thanks
> Max
>
From paul.sandoz at oracle.com Thu Jan 23 10:08:33 2014
From: paul.sandoz at oracle.com (paul.sandoz at oracle.com)
Date: Thu, 23 Jan 2014 10:08:33 +0000
Subject: hg: jdk8/tl/jdk: 8032190: Specifications of stream flatMap methods
should require mapped streams to be closed
Message-ID: <20140123100901.4C12D626BF@hg.openjdk.java.net>
Changeset: 68eb0c55a8c0
Author: psandoz
Date: 2014-01-21 10:49 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/68eb0c55a8c0
8032190: Specifications of stream flatMap methods should require mapped streams to be closed
Reviewed-by: chegar, alanb
! src/share/classes/java/util/stream/DoubleStream.java
! src/share/classes/java/util/stream/IntStream.java
! src/share/classes/java/util/stream/LongStream.java
! src/share/classes/java/util/stream/Stream.java
From erik.joelsson at oracle.com Fri Jan 24 09:40:30 2014
From: erik.joelsson at oracle.com (erik.joelsson at oracle.com)
Date: Fri, 24 Jan 2014 09:40:30 +0000
Subject: hg: jdk8/tl: 8032632: Wrong version for the first jdk8 fcs build
Message-ID: <20140124094031.71A1062744@hg.openjdk.java.net>
Changeset: 7238a870ddb7
Author: erikj
Date: 2014-01-24 10:39 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/rev/7238a870ddb7
8032632: Wrong version for the first jdk8 fcs build
Reviewed-by: katleman
! common/autoconf/spec.gmk.in
From sean.mullan at oracle.com Fri Jan 24 15:55:00 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Fri, 24 Jan 2014 10:55:00 -0500
Subject: RFR: 8031572: jarsigner -verify exits with 0 when a jar file
is not properly signed
In-Reply-To:
References:
Message-ID: <52E28CD4.2020101@oracle.com>
In JarFile, I think you should also upper-case the entry names before
passing to SignatureFileVerifier.isBlockOrSF, as all other calls to this
method in the JDK do that. The jar specification says that these
filenames are case-insensitive, so a file named "*.rsa" should also be
treated as a signature file.
Looks good otherwise, although I couldn't see any difference between the
8 and 9 fix.
--Sean
On 01/22/2014 02:01 AM, Wang Weijun wrote:
> Hi All
>
> Please take a look at the webrev at
>
> http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/
>
> JarVerifier has a flag that separates parsing signatures and verifying other entries. The fix makes sure only signature-related files are processed in the beginning so JarVerifier does not enter the second stage prematurely. Please note that JarInputStream always feeds JarVerifier by natural order so once a non-signatued-related file is processed it goes into verification stage and will not parse a signature anymore.
>
> Maybe a smarter solution is to be *always on alert*, which means at anytime an incoming entry can be anything, so that even if signature-related files appear at the middle of a file, at least those come after them can be treated as signed when opening with a JarInputStream. This will be a huge change to the JarVerifier class and IMHO does not really help much. Also I don?t want to consider it at this final time of JDK 8.
>
> You can also find webrevs for jdk9 and jdk7u at
>
> http://cr.openjdk.java.net/~weijun/8031572/webrev.00/
>
> and
>
> http://cr.openjdk.java.net/~weijun/8031572/7/webrev.00/
>
> There are some tiny differences. For 9, the JarVerifier fix needs to be rebased on a language style changeset. For 7u, there are some differences in the test because of class name change, implicit final, and default method.
>
> Thanks
> Max
>
From weijun.wang at oracle.com Fri Jan 24 23:19:41 2014
From: weijun.wang at oracle.com (Wang Weijun)
Date: Sat, 25 Jan 2014 07:19:41 +0800
Subject: RFR: 8031572: jarsigner -verify exits with 0 when a jar file is
not properly signed
In-Reply-To: <52E28CD4.2020101@oracle.com>
References:
<52E28CD4.2020101@oracle.com>
Message-ID: <010E01FD-B84A-48F3-87AA-00DA1C03514F@oracle.com>
On Jan 24, 2014, at 23:55, Sean Mullan wrote:
> In JarFile, I think you should also upper-case the entry names before passing to SignatureFileVerifier.isBlockOrSF, as all other calls to this method in the JDK do that. The jar specification says that these filenames are case-insensitive, so a file named "*.rsa" should also be treated as a signature file.
Good.
>
> Looks good otherwise, although I couldn't see any difference between the 8 and 9 fix.
In 9, there is a new code change (8030851: Update code in java.util to use newer language features)
@@ -356,8 +356,8 @@
try {
String[] names = getMetaInfEntryNames();
if (names != null) {
- for (int i = 0; i < names.length; i++) {
- JarEntry e = getJarEntry(names[i]);
+ for (String name : names) {
+ JarEntry e = getJarEntry(name);
if (e == null) {
throw new JarException("corrupted jar file");
}
so all names[i] become name.
Thanks
Max
> --Sean
>
> On 01/22/2014 02:01 AM, Wang Weijun wrote:
>> Hi All
>>
>> Please take a look at the webrev at
>>
>> http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/
>>
>> JarVerifier has a flag that separates parsing signatures and verifying other entries. The fix makes sure only signature-related files are processed in the beginning so JarVerifier does not enter the second stage prematurely. Please note that JarInputStream always feeds JarVerifier by natural order so once a non-signatued-related file is processed it goes into verification stage and will not parse a signature anymore.
>>
>> Maybe a smarter solution is to be *always on alert*, which means at anytime an incoming entry can be anything, so that even if signature-related files appear at the middle of a file, at least those come after them can be treated as signed when opening with a JarInputStream. This will be a huge change to the JarVerifier class and IMHO does not really help much. Also I don?t want to consider it at this final time of JDK 8.
>>
>> You can also find webrevs for jdk9 and jdk7u at
>>
>> http://cr.openjdk.java.net/~weijun/8031572/webrev.00/
>>
>> and
>>
>> http://cr.openjdk.java.net/~weijun/8031572/7/webrev.00/
>>
>> There are some tiny differences. For 9, the JarVerifier fix needs to be rebased on a language style changeset. For 7u, there are some differences in the test because of class name change, implicit final, and default method.
>>
>> Thanks
>> Max
>>
>
From weijun.wang at oracle.com Sat Jan 25 13:32:19 2014
From: weijun.wang at oracle.com (weijun.wang at oracle.com)
Date: Sat, 25 Jan 2014 13:32:19 +0000
Subject: hg: jdk8/tl/jdk: 8031572: jarsigner -verify exits with 0 when a jar
file is not properly signed
Message-ID: <20140125133414.AA45C62795@hg.openjdk.java.net>
Changeset: 4d891c8db5c1
Author: weijun
Date: 2014-01-21 12:08 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4d891c8db5c1
8031572: jarsigner -verify exits with 0 when a jar file is not properly signed
Reviewed-by: mullan
! src/share/classes/java/util/jar/JarFile.java
+ test/sun/security/tools/jarsigner/EntriesOrder.java
From alan.bateman at oracle.com Sat Jan 25 20:05:49 2014
From: alan.bateman at oracle.com (alan.bateman at oracle.com)
Date: Sat, 25 Jan 2014 20:05:49 +0000
Subject: hg: jdk8/tl/jdk: 8032456:
vm/jni/Miscellaneous/misc001/misc00101m1/misc00101m1.html
failing on OS X
Message-ID: <20140125200603.4D4F962798@hg.openjdk.java.net>
Changeset: b56ff7d30a72
Author: alanb
Date: 2014-01-24 11:50 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b56ff7d30a72
8032456: vm/jni/Miscellaneous/misc001/misc00101m1/misc00101m1.html failing on OS X
Reviewed-by: sla, chegar, psandoz
! src/solaris/native/common/jni_util_md.c
From chris.hegarty at oracle.com Mon Jan 27 09:34:50 2014
From: chris.hegarty at oracle.com (Chris Hegarty)
Date: Mon, 27 Jan 2014 09:34:50 +0000
Subject: AES GCM slow
In-Reply-To:
References:
Message-ID: <52E6283A.7000401@oracle.com>
Cross posting to security-dev, since the question cipher related.
-Chris.
On 27/01/14 09:28, Mark Christiaens wrote:
> I wrote a little test client/server setup that transfers 100 MB of data
> over an SSL socket configured to use TLS 1.2 AES GCM
> (TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256). On my i7-4770 CPU @ 3.40GHz
> with OpenJDK 1.8.0-ea-b124 I get a transfer rate of around 5.2
> MiB/second. I expected a higher speed. Using
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 I reach 100 MiB/s. Is this to
> be expected?
>
> For reference, here is my code:
>
> ///// Client.java
>
> package ssl;
>
> import javax.net.ssl.*;
> import java.io.*;
> import java.util.Arrays;
>
> public class Client {
>
> public static void main(String[] arstring) {
> try {
> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
> SSLSocketFactory.getDefault();
> SSLSocket sslsocket = (SSLSocket)
> sslsocketfactory.createSocket("localhost", 9999);
> Helper.requireAESCipherSuites(sslsocket);
> sslsocket.setEnabledProtocols(new String[]{"TLSv1.2"});
>
> try (OutputStream outputstream = sslsocket.getOutputStream()) {
> byte[] buf = new byte[Helper.BUF_SIZE];
> Arrays.fill(buf, (byte) 1);
> for (int i = 0; i < Helper.BUF_COUNT; ++i) {
> outputstream.write(buf);
> }
>
> System.out.println("Using cipher suite: " +
> (sslsocket.getSession()).getCipherSuite());
>
> outputstream.flush();
> }
>
> } catch (IOException exception) {
> exception.printStackTrace();
> }
> }
> }
>
> ///// Server.java
>
> package ssl;
>
> import javax.net.ssl.*;
> import java.io.*;
>
> public class Server {
>
> public static void main(String[] arstring) {
> try {
> SSLServerSocketFactory sslserversocketfactory =
> (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
> SSLServerSocket sslserversocket = (SSLServerSocket)
> sslserversocketfactory.createServerSocket(9999);
> SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
>
> InputStream inputstream = sslsocket.getInputStream();
>
> byte[] buf = new byte[Helper.BUF_SIZE];
> long bytesToRead = BYTES_TO_READ;
>
> long startTime = System.currentTimeMillis();
>
> while (bytesToRead > 0) {
> bytesToRead -= inputstream.read(buf);
> }
>
> long stopTime = System.currentTimeMillis();
> long totalTimeMs = stopTime - startTime;
> double mbRead = BYTES_TO_READ / (1024.0 * 1024);
> double totalTimeSeconds = totalTimeMs / 1000.0;
> double mibPerSecond = mbRead / totalTimeSeconds;
>
> System.out.println("Using cipher suite: " +
> (sslsocket.getSession()).getCipherSuite());
> System.out.println("Read " + mbRead + "MiB in " +
> totalTimeSeconds + "s");
> System.out.println("Bandwidth: " + mibPerSecond + "MiB/s");
>
> } catch (IOException exception) {
> exception.printStackTrace();
> }
> }
>
> private static final int BYTES_TO_READ = Helper.BUF_COUNT *
> Helper.BUF_SIZE;
> }
>
> ///// Helper.java
>
> package ssl;
>
> import java.util.*;
> import java.util.regex.*;
> import javax.net.ssl.*;
>
> public class Helper {
>
> static int BUF_SIZE = 1024 * 1024;
> static int BUF_COUNT = 100;
>
> static SSLSocket requireAESCipherSuites(SSLSocket socket) {
> String supportedCipherSuites[] = socket.getSupportedCipherSuites();
>
> System.out.println("Supported cipher suite: " +
> Arrays.toString(supportedCipherSuites));
>
> List selectedCipherSuites = new ArrayList<>();
>
> // String patternString = ".*";
> String patternString = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
> // String patternString = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
>
> Pattern pattern = Pattern.compile(patternString);
>
> for (String cipherSuite : supportedCipherSuites) {
> Matcher matcher = pattern.matcher(cipherSuite);
> if (matcher.find()) {
> selectedCipherSuites.add(cipherSuite);
> }
> }
>
> System.out.println("Selected cipher suites: " +
> selectedCipherSuites);
>
> socket.setEnabledCipherSuites(selectedCipherSuites.toArray(new
> String[0]));
>
> return socket;
> }
> }
>
From xuelei.fan at oracle.com Mon Jan 27 14:19:17 2014
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Mon, 27 Jan 2014 22:19:17 +0800
Subject: AES GCM slow
In-Reply-To: <52E6283A.7000401@oracle.com>
References:
<52E6283A.7000401@oracle.com>
Message-ID: <52E66AE5.5050303@oracle.com>
What's the platform are you using for the testing? Windows, Linux,
Solaris or Mac OS? GCM are now only implemented in SunJCE provider. I
want to make sure the crypto provider for AES-CBC, which is different
for different platforms by default, is not the major cause of the
performance impact.
Thanks for the performance measure.
Regards,
Xuelei
On 1/27/2014 5:34 PM, Chris Hegarty wrote:
> Cross posting to security-dev, since the question cipher related.
>
> -Chris.
>
> On 27/01/14 09:28, Mark Christiaens wrote:
>> I wrote a little test client/server setup that transfers 100 MB of data
>> over an SSL socket configured to use TLS 1.2 AES GCM
>> (TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256). On my i7-4770 CPU @ 3.40GHz
>> with OpenJDK 1.8.0-ea-b124 I get a transfer rate of around 5.2
>> MiB/second. I expected a higher speed. Using
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 I reach 100 MiB/s. Is this to
>> be expected?
>>
>> For reference, here is my code:
>>
>> ///// Client.java
>>
>> package ssl;
>>
>> import javax.net.ssl.*;
>> import java.io.*;
>> import java.util.Arrays;
>>
>> public class Client {
>>
>> public static void main(String[] arstring) {
>> try {
>> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
>> SSLSocketFactory.getDefault();
>> SSLSocket sslsocket = (SSLSocket)
>> sslsocketfactory.createSocket("localhost", 9999);
>> Helper.requireAESCipherSuites(sslsocket);
>> sslsocket.setEnabledProtocols(new String[]{"TLSv1.2"});
>>
>> try (OutputStream outputstream =
>> sslsocket.getOutputStream()) {
>> byte[] buf = new byte[Helper.BUF_SIZE];
>> Arrays.fill(buf, (byte) 1);
>> for (int i = 0; i < Helper.BUF_COUNT; ++i) {
>> outputstream.write(buf);
>> }
>>
>> System.out.println("Using cipher suite: " +
>> (sslsocket.getSession()).getCipherSuite());
>>
>> outputstream.flush();
>> }
>>
>> } catch (IOException exception) {
>> exception.printStackTrace();
>> }
>> }
>> }
>>
>> ///// Server.java
>>
>> package ssl;
>>
>> import javax.net.ssl.*;
>> import java.io.*;
>>
>> public class Server {
>>
>> public static void main(String[] arstring) {
>> try {
>> SSLServerSocketFactory sslserversocketfactory =
>> (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
>> SSLServerSocket sslserversocket = (SSLServerSocket)
>> sslserversocketfactory.createServerSocket(9999);
>> SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
>>
>> InputStream inputstream = sslsocket.getInputStream();
>>
>> byte[] buf = new byte[Helper.BUF_SIZE];
>> long bytesToRead = BYTES_TO_READ;
>>
>> long startTime = System.currentTimeMillis();
>>
>> while (bytesToRead > 0) {
>> bytesToRead -= inputstream.read(buf);
>> }
>>
>> long stopTime = System.currentTimeMillis();
>> long totalTimeMs = stopTime - startTime;
>> double mbRead = BYTES_TO_READ / (1024.0 * 1024);
>> double totalTimeSeconds = totalTimeMs / 1000.0;
>> double mibPerSecond = mbRead / totalTimeSeconds;
>>
>> System.out.println("Using cipher suite: " +
>> (sslsocket.getSession()).getCipherSuite());
>> System.out.println("Read " + mbRead + "MiB in " +
>> totalTimeSeconds + "s");
>> System.out.println("Bandwidth: " + mibPerSecond + "MiB/s");
>>
>> } catch (IOException exception) {
>> exception.printStackTrace();
>> }
>> }
>>
>> private static final int BYTES_TO_READ = Helper.BUF_COUNT *
>> Helper.BUF_SIZE;
>> }
>>
>> ///// Helper.java
>>
>> package ssl;
>>
>> import java.util.*;
>> import java.util.regex.*;
>> import javax.net.ssl.*;
>>
>> public class Helper {
>>
>> static int BUF_SIZE = 1024 * 1024;
>> static int BUF_COUNT = 100;
>>
>> static SSLSocket requireAESCipherSuites(SSLSocket socket) {
>> String supportedCipherSuites[] =
>> socket.getSupportedCipherSuites();
>>
>> System.out.println("Supported cipher suite: " +
>> Arrays.toString(supportedCipherSuites));
>>
>> List selectedCipherSuites = new ArrayList<>();
>>
>> // String patternString = ".*";
>> String patternString = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
>> // String patternString =
>> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
>>
>> Pattern pattern = Pattern.compile(patternString);
>>
>> for (String cipherSuite : supportedCipherSuites) {
>> Matcher matcher = pattern.matcher(cipherSuite);
>> if (matcher.find()) {
>> selectedCipherSuites.add(cipherSuite);
>> }
>> }
>>
>> System.out.println("Selected cipher suites: " +
>> selectedCipherSuites);
>>
>> socket.setEnabledCipherSuites(selectedCipherSuites.toArray(new
>> String[0]));
>>
>> return socket;
>> }
>> }
>>
From mark.g.j.christiaens at gmail.com Mon Jan 27 14:23:54 2014
From: mark.g.j.christiaens at gmail.com (Mark Christiaens)
Date: Mon, 27 Jan 2014 15:23:54 +0100
Subject: AES GCM slow
In-Reply-To: <52E66AE5.5050303@oracle.com>
References:
<52E6283A.7000401@oracle.com> <52E66AE5.5050303@oracle.com>
Message-ID:
Silly me, forgot to mention that I'm working on Ubuntu, 64 bit, 13.10.
So, AES-CBC seems to be reasonably fast (100 MiB/s) but AES-GCM is slow
(5.2 MiB/s). I'm particularly curious about the GCM one because I get the
impression that OpenSSL should be able to reach in the GB/s for AES-GCM
encryption/authentication.
Mark
On Mon, Jan 27, 2014 at 3:19 PM, Xuelei Fan wrote:
> What's the platform are you using for the testing? Windows, Linux,
> Solaris or Mac OS? GCM are now only implemented in SunJCE provider. I
> want to make sure the crypto provider for AES-CBC, which is different
> for different platforms by default, is not the major cause of the
> performance impact.
>
> Thanks for the performance measure.
>
> Regards,
> Xuelei
>
> On 1/27/2014 5:34 PM, Chris Hegarty wrote:
> > Cross posting to security-dev, since the question cipher related.
> >
> > -Chris.
> >
> > On 27/01/14 09:28, Mark Christiaens wrote:
> >> I wrote a little test client/server setup that transfers 100 MB of data
> >> over an SSL socket configured to use TLS 1.2 AES GCM
> >> (TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256). On my i7-4770 CPU @ 3.40GHz
> >> with OpenJDK 1.8.0-ea-b124 I get a transfer rate of around 5.2
> >> MiB/second. I expected a higher speed. Using
> >> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 I reach 100 MiB/s. Is this to
> >> be expected?
> >>
> >> For reference, here is my code:
> >>
> >> ///// Client.java
> >>
> >> package ssl;
> >>
> >> import javax.net.ssl.*;
> >> import java.io.*;
> >> import java.util.Arrays;
> >>
> >> public class Client {
> >>
> >> public static void main(String[] arstring) {
> >> try {
> >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
> >> SSLSocketFactory.getDefault();
> >> SSLSocket sslsocket = (SSLSocket)
> >> sslsocketfactory.createSocket("localhost", 9999);
> >> Helper.requireAESCipherSuites(sslsocket);
> >> sslsocket.setEnabledProtocols(new String[]{"TLSv1.2"});
> >>
> >> try (OutputStream outputstream =
> >> sslsocket.getOutputStream()) {
> >> byte[] buf = new byte[Helper.BUF_SIZE];
> >> Arrays.fill(buf, (byte) 1);
> >> for (int i = 0; i < Helper.BUF_COUNT; ++i) {
> >> outputstream.write(buf);
> >> }
> >>
> >> System.out.println("Using cipher suite: " +
> >> (sslsocket.getSession()).getCipherSuite());
> >>
> >> outputstream.flush();
> >> }
> >>
> >> } catch (IOException exception) {
> >> exception.printStackTrace();
> >> }
> >> }
> >> }
> >>
> >> ///// Server.java
> >>
> >> package ssl;
> >>
> >> import javax.net.ssl.*;
> >> import java.io.*;
> >>
> >> public class Server {
> >>
> >> public static void main(String[] arstring) {
> >> try {
> >> SSLServerSocketFactory sslserversocketfactory =
> >> (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
> >> SSLServerSocket sslserversocket = (SSLServerSocket)
> >> sslserversocketfactory.createServerSocket(9999);
> >> SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
> >>
> >> InputStream inputstream = sslsocket.getInputStream();
> >>
> >> byte[] buf = new byte[Helper.BUF_SIZE];
> >> long bytesToRead = BYTES_TO_READ;
> >>
> >> long startTime = System.currentTimeMillis();
> >>
> >> while (bytesToRead > 0) {
> >> bytesToRead -= inputstream.read(buf);
> >> }
> >>
> >> long stopTime = System.currentTimeMillis();
> >> long totalTimeMs = stopTime - startTime;
> >> double mbRead = BYTES_TO_READ / (1024.0 * 1024);
> >> double totalTimeSeconds = totalTimeMs / 1000.0;
> >> double mibPerSecond = mbRead / totalTimeSeconds;
> >>
> >> System.out.println("Using cipher suite: " +
> >> (sslsocket.getSession()).getCipherSuite());
> >> System.out.println("Read " + mbRead + "MiB in " +
> >> totalTimeSeconds + "s");
> >> System.out.println("Bandwidth: " + mibPerSecond + "MiB/s");
> >>
> >> } catch (IOException exception) {
> >> exception.printStackTrace();
> >> }
> >> }
> >>
> >> private static final int BYTES_TO_READ = Helper.BUF_COUNT *
> >> Helper.BUF_SIZE;
> >> }
> >>
> >> ///// Helper.java
> >>
> >> package ssl;
> >>
> >> import java.util.*;
> >> import java.util.regex.*;
> >> import javax.net.ssl.*;
> >>
> >> public class Helper {
> >>
> >> static int BUF_SIZE = 1024 * 1024;
> >> static int BUF_COUNT = 100;
> >>
> >> static SSLSocket requireAESCipherSuites(SSLSocket socket) {
> >> String supportedCipherSuites[] =
> >> socket.getSupportedCipherSuites();
> >>
> >> System.out.println("Supported cipher suite: " +
> >> Arrays.toString(supportedCipherSuites));
> >>
> >> List selectedCipherSuites = new ArrayList<>();
> >>
> >> // String patternString = ".*";
> >> String patternString =
> "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
> >> // String patternString =
> >> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
> >>
> >> Pattern pattern = Pattern.compile(patternString);
> >>
> >> for (String cipherSuite : supportedCipherSuites) {
> >> Matcher matcher = pattern.matcher(cipherSuite);
> >> if (matcher.find()) {
> >> selectedCipherSuites.add(cipherSuite);
> >> }
> >> }
> >>
> >> System.out.println("Selected cipher suites: " +
> >> selectedCipherSuites);
> >>
> >> socket.setEnabledCipherSuites(selectedCipherSuites.toArray(new
> >> String[0]));
> >>
> >> return socket;
> >> }
> >> }
> >>
>
>
--
Mark Christiaens
Ganzeplas 23
9880 Aalter
09 / 325 07 40
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From mstjohns at comcast.net Mon Jan 27 16:46:45 2014
From: mstjohns at comcast.net (Michael StJohns)
Date: Mon, 27 Jan 2014 11:46:45 -0500
Subject: AES GCM slow
In-Reply-To:
References:
<52E6283A.7000401@oracle.com> <52E66AE5.5050303@oracle.com>
Message-ID: <20140127164647.AD74D64D2@mail.openjdk.java.net>
At 09:23 AM 1/27/2014, Mark Christiaens wrote:
>Silly me, forgot to mention that I'm working on Ubuntu, 64 bit, 13.10.
>
>So, AES-CBC seems to be reasonably fast (100 MiB/s) but AES-GCM is slow (5.2 MiB/s). ? I'm particularly curious about the GCM one because I get the impression that OpenSSL should be able to reach in the GB/s for AES-GCM encryption/authentication.?
>
>Mark
GCM uses a GF2 multiply as part of the integrity calculation. That operation is pretty expensive. My guess is that if the code was profiled, you'd find a lot of time being spent in com.sun.crypto.provider.GHASH.
The more recent intel processors have a set of instructions that substantially improve this performance - http://en.wikipedia.org/wiki/CLMUL_instruction_set - but the code in the standard provider is all pure java and doesn't take advantage of this as far as I can tell. I believe that the more recent versions of OpenSSL *have* been updated to take advantage of the new instructions which explains their performance.
The same processors generally also support an AES instruction set so if someone were to build a native version of this it might be useful to also replace/augment the default AES block cipher implementation.
Also see http://software.intel.com/en-us/articles/intel-aes-ni-performance-testing-on-linuxjava-stack
Mike
>On Mon, Jan 27, 2014 at 3:19 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>What's the platform are you using for the testing? ? Windows, Linux,
>Solaris or Mac OS? ? GCM are now only implemented in SunJCE provider. ? I
>want to make sure the crypto provider for AES-CBC, which is different
>for different platforms by default, is not the major cause of the
>performance impact.
>
>Thanks for the performance measure.
>
>Regards,
>Xuelei
>
>On 1/27/2014 5:34 PM, Chris Hegarty wrote:
>> Cross posting to security-dev, since the question cipher related.
>>
>> -Chris.
>>
>> On 27/01/14 09:28, Mark Christiaens wrote:
>>> I wrote ? a little test client/server setup that transfers 100 MB of data
>>> over an SSL socket configured to use TLS 1.2 AES GCM
>>> (TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256). ? On my i7-4770 CPU @ 3.40GHz
>>> with OpenJDK 1.8.0-ea-b124 I get a transfer rate of around 5.2
>>> MiB/second. ? I expected a higher speed. ? Using
>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 I reach 100 MiB/s. ? Is this to
>>> be expected?
>>>
>>> For reference, here is my code:
>>>
>>> ///// Client.java
>>>
>>> package ssl;
>>>
>>> import javax.net.ssl.*;
>>> import java.io.*;
>>> import java.util.Arrays;
>>>
>>> public class Client {
>>>
>>> ? ? ? public static void main(String[] arstring) {
>>> ? ? ? ? ? try {
>>> ? ? ? ? ? ? ? SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
>>> SSLSocketFactory.getDefault();
>>> ? ? ? ? ? ? ? SSLSocket sslsocket = (SSLSocket)
>>> sslsocketfactory.createSocket("localhost", 9999);
>>> ? ? ? ? ? ? ? Helper.requireAESCipherSuites(sslsocket);
>>> ? ? ? ? ? ? ? sslsocket.setEnabledProtocols(new String[]{"TLSv1.2"});
>>>
>>> ? ? ? ? ? ? ? try (OutputStream outputstream =
>>> sslsocket.getOutputStream()) {
>>> ? ? ? ? ? ? ? ? ? byte[] buf = new byte[Helper.BUF_SIZE];
>>> ? ? ? ? ? ? ? ? ? Arrays.fill(buf, (byte) 1);
>>> ? ? ? ? ? ? ? ? ? for (int i = 0; i < Helper.BUF_COUNT; ++i) {
>>> ? ? ? ? ? ? ? ? ? ? ? outputstream.write(buf);
>>> ? ? ? ? ? ? ? ? ? }
>>>
>>> ? ? ? ? ? ? ? ? ? System.out.println("Using cipher suite: " +
>>> (sslsocket.getSession()).getCipherSuite());
>>>
>>> ? ? ? ? ? ? ? ? ? outputstream.flush();
>>> ? ? ? ? ? ? ? }
>>>
>>> ? ? ? ? ? } catch (IOException exception) {
>>> ? ? ? ? ? ? ? exception.printStackTrace();
>>> ? ? ? ? ? }
>>> ? ? ? }
>>> }
>>>
>>> ///// Server.java
>>>
>>> package ssl;
>>>
>>> import javax.net.ssl.*;
>>> import java.io.*;
>>>
>>> public class Server {
>>>
>>> ? ? ? public static void main(String[] arstring) {
>>> ? ? ? ? ? try {
>>> ? ? ? ? ? ? ? SSLServerSocketFactory sslserversocketfactory =
>>> (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
>>> ? ? ? ? ? ? ? SSLServerSocket sslserversocket = (SSLServerSocket)
>>> sslserversocketfactory.createServerSocket(9999);
>>> ? ? ? ? ? ? ? SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
>>>
>>> ? ? ? ? ? ? ? InputStream inputstream = sslsocket.getInputStream();
>>>
>>> ? ? ? ? ? ? ? byte[] buf = new byte[Helper.BUF_SIZE];
>>> ? ? ? ? ? ? ? long bytesToRead = BYTES_TO_READ;
>>>
>>> ? ? ? ? ? ? ? long startTime = System.currentTimeMillis();
>>>
>>> ? ? ? ? ? ? ? while (bytesToRead > 0) {
>>> ? ? ? ? ? ? ? ? ? bytesToRead -= inputstream.read(buf);
>>> ? ? ? ? ? ? ? }
>>>
>>> ? ? ? ? ? ? ? long stopTime = System.currentTimeMillis();
>>> ? ? ? ? ? ? ? long totalTimeMs = stopTime - startTime;
>>> ? ? ? ? ? ? ? double mbRead = BYTES_TO_READ / (1024.0 * 1024);
>>> ? ? ? ? ? ? ? double totalTimeSeconds = totalTimeMs / 1000.0;
>>> ? ? ? ? ? ? ? double mibPerSecond = mbRead / totalTimeSeconds;
>>>
>>> ? ? ? ? ? ? ? System.out.println("Using cipher suite: " +
>>> (sslsocket.getSession()).getCipherSuite());
>>> ? ? ? ? ? ? ? System.out.println("Read " + mbRead + "MiB in " +
>>> totalTimeSeconds + "s");
>>> ? ? ? ? ? ? ? System.out.println("Bandwidth: " + mibPerSecond + "MiB/s");
>>>
>>> ? ? ? ? ? } catch (IOException exception) {
>>> ? ? ? ? ? ? ? exception.printStackTrace();
>>> ? ? ? ? ? }
>>> ? ? ? }
>>>
>>> ? ? ? private static final int BYTES_TO_READ = Helper.BUF_COUNT *
>>> Helper.BUF_SIZE;
>>> }
>>>
>>> ///// Helper.java
>>>
>>> package ssl;
>>>
>>> import java.util.*;
>>> import java.util.regex.*;
>>> import javax.net.ssl.*;
>>>
>>> public class Helper {
>>>
>>> ? ? ? static int BUF_SIZE = 1024 * 1024;
>>> ? ? ? static int BUF_COUNT = 100;
>>>
>>> ? ? ? static SSLSocket requireAESCipherSuites(SSLSocket socket) {
>>> ? ? ? ? ? String supportedCipherSuites[] =
>>> socket.getSupportedCipherSuites();
>>>
>>> ? ? ? ? ? System.out.println("Supported cipher suite: " +
>>> Arrays.toString(supportedCipherSuites));
>>>
>>> ? ? ? ? ? List selectedCipherSuites = new ArrayList<>();
>>>
>>> // ? ? ? ? String patternString = ".*";
>>> ? ? ? ? ? String patternString = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
>>> // ? ? ? ? String patternString =
>>> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
>>>
>>> ? ? ? ? ? Pattern pattern = Pattern.compile(patternString);
>>>
>>> ? ? ? ? ? for (String cipherSuite : supportedCipherSuites) {
>>> ? ? ? ? ? ? ? Matcher matcher = pattern.matcher(cipherSuite);
>>> ? ? ? ? ? ? ? if (matcher.find()) {
>>> ? ? ? ? ? ? ? ? ? selectedCipherSuites.add(cipherSuite);
>>> ? ? ? ? ? ? ? }
>>> ? ? ? ? ? }
>>>
>>> ? ? ? ? ? System.out.println("Selected cipher suites: " +
>>> selectedCipherSuites);
>>>
>>> ? ? ? ? ? socket.setEnabledCipherSuites(selectedCipherSuites.toArray(new
>>> String[0]));
>>>
>>> ? ? ? ? ? return socket;
>>> ? ? ? }
>>> }
>>>
>
>
>
>
>--
>Mark Christiaens
>Ganzeplas 23
>9880 Aalter
>09 / 325 07 40
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From mhall at mhcomputing.net Mon Jan 27 17:17:15 2014
From: mhall at mhcomputing.net (Matthew Hall)
Date: Mon, 27 Jan 2014 09:17:15 -0800
Subject: AES GCM slow
In-Reply-To: <20140127164647.AD74D64D2@mail.openjdk.java.net>
References:
<52E6283A.7000401@oracle.com> <52E66AE5.5050303@oracle.com>
<20140127164647.AD74D64D2@mail.openjdk.java.net>
Message-ID:
I have often had good luck accelerating such operations using the PKCS #11 provider with a recent copy of libnss to get the native crypto. And the things needed for this are built into Java already.
--
Sent from my mobile device.
Michael StJohns wrote:
>At 09:23 AM 1/27/2014, Mark Christiaens wrote:
>>Silly me, forgot to mention that I'm working on Ubuntu, 64 bit, 13.10.
>>
>>So, AES-CBC seems to be reasonably fast (100 MiB/s) but AES-GCM is
>slow (5.2 MiB/s). ? I'm particularly curious about the GCM one because
>I get the impression that OpenSSL should be able to reach in the GB/s
>for AES-GCM encryption/authentication.?
>>
>>Mark
>
>
>GCM uses a GF2 multiply as part of the integrity calculation. That
>operation is pretty expensive. My guess is that if the code was
>profiled, you'd find a lot of time being spent in
>com.sun.crypto.provider.GHASH.
>
>The more recent intel processors have a set of instructions that
>substantially improve this performance -
>http://en.wikipedia.org/wiki/CLMUL_instruction_set - but the code in
>the standard provider is all pure java and doesn't take advantage of
>this as far as I can tell. I believe that the more recent versions of
>OpenSSL *have* been updated to take advantage of the new instructions
>which explains their performance.
>
>The same processors generally also support an AES instruction set so if
>someone were to build a native version of this it might be useful to
>also replace/augment the default AES block cipher implementation.
>
>Also see
>http://software.intel.com/en-us/articles/intel-aes-ni-performance-testing-on-linuxjava-stack
>
>Mike
>
>
>
>>On Mon, Jan 27, 2014 at 3:19 PM, Xuelei Fan
><xuelei.fan at oracle.com> wrote:
>>What's the platform are you using for the testing? ? Windows, Linux,
>>Solaris or Mac OS? ? GCM are now only implemented in SunJCE provider.
>? I
>>want to make sure the crypto provider for AES-CBC, which is different
>>for different platforms by default, is not the major cause of the
>>performance impact.
>>
>>Thanks for the performance measure.
>>
>>Regards,
>>Xuelei
>>
>>On 1/27/2014 5:34 PM, Chris Hegarty wrote:
>>> Cross posting to security-dev, since the question cipher related.
>>>
>>> -Chris.
>>>
>>> On 27/01/14 09:28, Mark Christiaens wrote:
>>>> I wrote ? a little test client/server setup that transfers 100 MB
>of data
>>>> over an SSL socket configured to use TLS 1.2 AES GCM
>>>> (TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256). ? On my i7-4770 CPU @
>3.40GHz
>>>> with OpenJDK 1.8.0-ea-b124 I get a transfer rate of around 5.2
>>>> MiB/second. ? I expected a higher speed. ? Using
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 I reach 100 MiB/s. ? Is
>this to
>>>> be expected?
>>>>
>>>> For reference, here is my code:
>>>>
>>>> ///// Client.java
>>>>
>>>> package ssl;
>>>>
>>>> import javax.net.ssl.*;
>>>> import java.io.*;
>>>> import java.util.Arrays;
>>>>
>>>> public class Client {
>>>>
>>>> ? ? ? public static void main(String[] arstring) {
>>>> ? ? ? ? ? try {
>>>> ? ? ? ? ? ? ? SSLSocketFactory sslsocketfactory =
>(SSLSocketFactory)
>>>> SSLSocketFactory.getDefault();
>>>> ? ? ? ? ? ? ? SSLSocket sslsocket = (SSLSocket)
>>>> sslsocketfactory.createSocket("localhost", 9999);
>>>> ? ? ? ? ? ? ? Helper.requireAESCipherSuites(sslsocket);
>>>> ? ? ? ? ? ? ? sslsocket.setEnabledProtocols(new
>String[]{"TLSv1.2"});
>>>>
>>>> ? ? ? ? ? ? ? try (OutputStream outputstream =
>>>> sslsocket.getOutputStream()) {
>>>> ? ? ? ? ? ? ? ? ? byte[] buf = new byte[Helper.BUF_SIZE];
>>>> ? ? ? ? ? ? ? ? ? Arrays.fill(buf, (byte) 1);
>>>> ? ? ? ? ? ? ? ? ? for (int i = 0; i < Helper.BUF_COUNT;
>++i) {
>>>> ? ? ? ? ? ? ? ? ? ? ? outputstream.write(buf);
>>>> ? ? ? ? ? ? ? ? ? }
>>>>
>>>> ? ? ? ? ? ? ? ? ? System.out.println("Using cipher suite: "
>+
>>>> (sslsocket.getSession()).getCipherSuite());
>>>>
>>>> ? ? ? ? ? ? ? ? ? outputstream.flush();
>>>> ? ? ? ? ? ? ? }
>>>>
>>>> ? ? ? ? ? } catch (IOException exception) {
>>>> ? ? ? ? ? ? ? exception.printStackTrace();
>>>> ? ? ? ? ? }
>>>> ? ? ? }
>>>> }
>>>>
>>>> ///// Server.java
>>>>
>>>> package ssl;
>>>>
>>>> import javax.net.ssl.*;
>>>> import java.io.*;
>>>>
>>>> public class Server {
>>>>
>>>> ? ? ? public static void main(String[] arstring) {
>>>> ? ? ? ? ? try {
>>>> ? ? ? ? ? ? ? SSLServerSocketFactory sslserversocketfactory =
>>>> (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
>>>> ? ? ? ? ? ? ? SSLServerSocket sslserversocket =
>(SSLServerSocket)
>>>> sslserversocketfactory.createServerSocket(9999);
>>>> ? ? ? ? ? ? ? SSLSocket sslsocket = (SSLSocket)
>sslserversocket.accept();
>>>>
>>>> ? ? ? ? ? ? ? InputStream inputstream =
>sslsocket.getInputStream();
>>>>
>>>> ? ? ? ? ? ? ? byte[] buf = new byte[Helper.BUF_SIZE];
>>>> ? ? ? ? ? ? ? long bytesToRead = BYTES_TO_READ;
>>>>
>>>> ? ? ? ? ? ? ? long startTime = System.currentTimeMillis();
>>>>
>>>> ? ? ? ? ? ? ? while (bytesToRead > 0) {
>>>> ? ? ? ? ? ? ? ? ? bytesToRead -= inputstream.read(buf);
>>>> ? ? ? ? ? ? ? }
>>>>
>>>> ? ? ? ? ? ? ? long stopTime = System.currentTimeMillis();
>>>> ? ? ? ? ? ? ? long totalTimeMs = stopTime - startTime;
>>>> ? ? ? ? ? ? ? double mbRead = BYTES_TO_READ / (1024.0 *
>1024);
>>>> ? ? ? ? ? ? ? double totalTimeSeconds = totalTimeMs / 1000.0;
>>>> ? ? ? ? ? ? ? double mibPerSecond = mbRead /
>totalTimeSeconds;
>>>>
>>>> ? ? ? ? ? ? ? System.out.println("Using cipher suite: " +
>>>> (sslsocket.getSession()).getCipherSuite());
>>>> ? ? ? ? ? ? ? System.out.println("Read " + mbRead + "MiB in "
>+
>>>> totalTimeSeconds + "s");
>>>> ? ? ? ? ? ? ? System.out.println("Bandwidth: " + mibPerSecond
>+ "MiB/s");
>>>>
>>>> ? ? ? ? ? } catch (IOException exception) {
>>>> ? ? ? ? ? ? ? exception.printStackTrace();
>>>> ? ? ? ? ? }
>>>> ? ? ? }
>>>>
>>>> ? ? ? private static final int BYTES_TO_READ = Helper.BUF_COUNT *
>>>> Helper.BUF_SIZE;
>>>> }
>>>>
>>>> ///// Helper.java
>>>>
>>>> package ssl;
>>>>
>>>> import java.util.*;
>>>> import java.util.regex.*;
>>>> import javax.net.ssl.*;
>>>>
>>>> public class Helper {
>>>>
>>>> ? ? ? static int BUF_SIZE = 1024 * 1024;
>>>> ? ? ? static int BUF_COUNT = 100;
>>>>
>>>> ? ? ? static SSLSocket requireAESCipherSuites(SSLSocket socket) {
>>>> ? ? ? ? ? String supportedCipherSuites[] =
>>>> socket.getSupportedCipherSuites();
>>>>
>>>> ? ? ? ? ? System.out.println("Supported cipher suite: " +
>>>> Arrays.toString(supportedCipherSuites));
>>>>
>>>> ? ? ? ? ? List selectedCipherSuites = new
>ArrayList<>();
>>>>
>>>> // ? ? ? ? String patternString = ".*";
>>>> ? ? ? ? ? String patternString =
>"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
>>>> // ? ? ? ? String patternString =
>>>> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
>>>>
>>>> ? ? ? ? ? Pattern pattern = Pattern.compile(patternString);
>>>>
>>>> ? ? ? ? ? for (String cipherSuite : supportedCipherSuites) {
>>>> ? ? ? ? ? ? ? Matcher matcher = pattern.matcher(cipherSuite);
>>>> ? ? ? ? ? ? ? if (matcher.find()) {
>>>> ? ? ? ? ? ? ? ? ? selectedCipherSuites.add(cipherSuite);
>>>> ? ? ? ? ? ? ? }
>>>> ? ? ? ? ? }
>>>>
>>>> ? ? ? ? ? System.out.println("Selected cipher suites: " +
>>>> selectedCipherSuites);
>>>>
>>>> ? ? ? ? ?
>socket.setEnabledCipherSuites(selectedCipherSuites.toArray(new
>>>> String[0]));
>>>>
>>>> ? ? ? ? ? return socket;
>>>> ? ? ? }
>>>> }
>>>>
>>
>>
>>
>>
>>--
>>Mark Christiaens
>>Ganzeplas 23
>>9880 Aalter
>>09 / 325 07 40
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From mstjohns at comcast.net Mon Jan 27 18:16:42 2014
From: mstjohns at comcast.net (Michael StJohns)
Date: Mon, 27 Jan 2014 13:16:42 -0500
Subject: AES GCM slow
In-Reply-To:
References:
<52E6283A.7000401@oracle.com> <52E66AE5.5050303@oracle.com>
<20140127164647.AD74D64D2@mail.openjdk.java.net>
Message-ID: <20140127181644.25D28655F@mail.openjdk.java.net>
At 12:17 PM 1/27/2014, Matthew Hall wrote:
>I have often had good luck accelerating such operations using the PKCS #11 provider with a recent copy of libnss to get the native crypto. And the things needed for this are built into Java already.
Yup. https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14.2_release_notes
>--
>Sent from my mobile device.
>
>Michael StJohns wrote:
>At 09:23 AM 1/27/2014, Mark Christiaens wrote:
>>Silly me, forgot to mention that I'm working on Ubuntu, 64 bit, 13.10.
>>
>>So, AES-CBC seems to be reasonably fast (100 MiB/s) but AES-GCM is slow (5.2 MiB/s). ?? I'm particularly curious about the GCM one because I get the impression that OpenSSL should be able to reach in the GB/s for AES-GCM encryption/authentication.??
>>
>>Mark
>
>
>GCM uses a GF2 multiply as part of the integrity calculation. That operation is pretty expensive. My guess is that if the code was profiled, you'd find a lot of time being spent in com.sun.crypto.provider.GHASH.
>
>The more recent intel processors have a set of instructions that substantially improve this performance - http://en.wikipedia.org/wiki/CLMUL_instruction_set - but the code in the standard provider is all pure java and doesn't take advantage of this as far as I can tell. I believe that the more recent versions of OpenSSL *have* been updated to take advantage of the new instructions which explains their performance.
>
>The same processors generally also support an AES instruction set so if someone were to build a native version of this it might be useful to also replace/augment the default AES block cipher implementation.
>
>Also see http://software.intel.com/en-us/articles/intel-aes-ni-performance-testing-on-linuxjava-stack
>
>Mike
>
>
>
>>On Mon, Jan 27, 2014 at 3:19 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>What's the platform are you using for the testing? ?? Windows, Linux,
>>Solaris or Mac OS? ?? GCM are now only implemented in SunJCE provider. ?? I
>>want to make sure the crypto provider for AES-CBC, which is different
>>for different platforms by default, is not the major cause of the
>>performance impact.
>>Thanks for the performance measure.
>>Regards,
>>Xuelei
>>On 1/27/2014 5:34 PM, Chris Hegarty wrote:
>>> Cross posting to security-dev, since the question cipher related.
>>>
>>> -Chris.
>>>
>>> On 27/01/14 09:28, Mark Christiaens wrote:
>>>> I wrote ?? a little test client/server setup that transfers 100 MB of data
>>>> over an SSL socket configured to use TLS 1.2 AES GCM
>>>> (TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256). ?? On my i7-4770 CPU @ 3.40GHz
>>>> with OpenJDK 1.8.0-ea-b124 I get a transfer rate of around 5.2
>>>> MiB/second. ?? I expected a higher speed. ?? Using
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 I reach 100 MiB/s. ?? Is this to
>>>> be expected?
>>>>
>>>> For reference, here is my code:
>>>>
>>>> ///// Client.java
>>>>
>>>> package ssl;
>>>>
>>>> import javax.net.ssl.*;
>>>> import java.io.*;
>>>> import java.util.Arrays;
>>>>
>>>> public class Client {
>>>>
>>>> ?? ?? ?? public static void main(String[] arstring) {
>>>> ?? ?? ?? ?? ?? try {
>>>> ?? ?? ?? ?? ?? ?? ?? SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
>>>> SSLSocketFactory.getDefault();
>>>> ?? ?? ?? ?? ?? ?? ?? SSLSocket sslsocket = (SSLSocket)
>>>> sslsocketfactory.createSocket("localhost", 9999);
>>>> ?? ?? ?? ?? ?? ?? ?? Helper.requireAESCipherSuites(sslsocket);
>>>> ?? ?? ?? ?? ?? ?? ?? sslsocket.setEnabledProtocols(new String[]{"TLSv1.2"});
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? try (OutputStream outputstream =
>>>> sslsocket.getOutputStream()) {
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? byte[] buf = new byte[Helper.BUF_SIZE];
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? Arrays.fill(buf, (byte) 1);
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? for (int i = 0; i < Helper.BUF_COUNT; ++i) {
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? outputstream.write(buf);
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? }
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? System.out.println("Using cipher suite: " +
>>>> (sslsocket.getSession()).getCipherSuite());
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? outputstream.flush();
>>>> ?? ?? ?? ?? ?? ?? ?? }
>>>>
>>>> ?? ?? ?? ?? ?? } catch (IOException exception) {
>>>> ?? ?? ?? ?? ?? ?? ?? exception.printStackTrace();
>>>> ?? ?? ?? ?? ?? }
>>>> ?? ?? ?? }
>>>> }
>>>>
>>>> ///// Server.java
>>>>
>>>> package ssl;
>>>>
>>>> import javax.net.ssl.*;
>>>> import java.io.*;
>>>>
>>>> public class Server {
>>>>
>>>> ?? ?? ?? public static void main(String[] arstring) {
>>>> ?? ?? ?? ?? ?? try {
>>>> ?? ?? ?? ?? ?? ?? ?? SSLServerSocketFactory sslserversocketfactory =
>>>> (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
>>>> ?? ?? ?? ?? ?? ?? ?? SSLServerSocket sslserversocket = (SSLServerSocket)
>>>> sslserversocketfactory.createServerSocket(9999);
>>>> ?? ?? ?? ?? ?? ?? ?? SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? InputStream inputstream = sslsocket.getInputStream();
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? byte[] buf = new byte[Helper.BUF_SIZE];
>>>> ?? ?? ?? ?? ?? ?? ?? long bytesToRead = BYTES_TO_READ;
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? long startTime = System.currentTimeMillis();
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? while (bytesToRead > 0) {
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? bytesToRead -= inputstream.read(buf);
>>>> ?? ?? ?? ?? ?? ?? ?? }
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? long stopTime = System.currentTimeMillis();
>>>> ?? ?? ?? ?? ?? ?? ?? long totalTimeMs = stopTime - startTime;
>>>> ?? ?? ?? ?? ?? ?? ?? double mbRead = BYTES_TO_READ / (1024.0 * 1024);
>>>> ?? ?? ?? ?? ?? ?? ?? double totalTimeSeconds = totalTimeMs / 1000.0;
>>>> ?? ?? ?? ?? ?? ?? ?? double mibPerSecond = mbRead / totalTimeSeconds;
>>>>
>>>> ?? ?? ?? ?? ?? ?? ?? System.out.println("Using cipher suite: " +
>>>> (sslsocket.getSession()).getCipherSuite());
>>>> ?? ?? ?? ?? ?? ?? ?? System.out.println("Read " + mbRead + "MiB in " +
>>>> totalTimeSeconds + "s");
>>>> ?? ?? ?? ?? ?? ?? ?? System.out.println("Bandwidth: " + mibPerSecond + "MiB/s");
>>>>
>>>> ?? ?? ?? ?? ?? } catch (IOException exception) {
>>>> ?? ?? ?? ?? ?? ?? ?? exception.printStackTrace();
>>>> ?? ?? ?? ?? ?? }
>>>> ?? ?? ?? }
>>>>
>>>> ?? ?? ?? private static final int BYTES_TO_READ = Helper.BUF_COUNT *
>>>> Helper.BUF_SIZE;
>>>> }
>>>>
>>>> ///// Helper.java
>>>>
>>>> package ssl;
>>>>
>>>> import java.util.*;
>>>> import java.util.regex.*;
>>>> import javax.net.ssl.*;
>>>>
>>>> public class Helper {
>>>>
>>>> ?? ?? ?? static int BUF_SIZE = 1024 * 1024;
>>>> ?? ?? ?? static int BUF_COUNT = 100;
>>>>
>>>> ?? ?? ?? static SSLSocket requireAESCipherSuites(SSLSocket socket) {
>>>> ?? ?? ?? ?? ?? String supportedCipherSuites[] =
>>>> socket.getSupportedCipherSuites();
>>>>
>>>> ?? ?? ?? ?? ?? System.out.println("Supported cipher suite: " +
>>>> Arrays.toString(supportedCipherSuites));
>>>>
>>>> ?? ?? ?? ?? ?? List selectedCipherSuites = new ArrayList<>();
>>>>
>>>> // ?? ?? ?? ?? String patternString = ".*";
>>>> ?? ?? ?? ?? ?? String patternString = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
>>>> // ?? ?? ?? ?? String patternString =
>>>> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
>>>>
>>>> ?? ?? ?? ?? ?? Pattern pattern = Pattern.compile(patternString);
>>>>
>>>> ?? ?? ?? ?? ?? for (String cipherSuite : supportedCipherSuites) {
>>>> ?? ?? ?? ?? ?? ?? ?? Matcher matcher = pattern.matcher(cipherSuite);
>>>> ?? ?? ?? ?? ?? ?? ?? if (matcher.find()) {
>>>> ?? ?? ?? ?? ?? ?? ?? ?? ?? selectedCipherSuites.add(cipherSuite);
>>>> ?? ?? ?? ?? ?? ?? ?? }
>>>> ?? ?? ?? ?? ?? }
>>>>
>>>> ?? ?? ?? ?? ?? System.out.println("Selected cipher suites: " +
>>>> selectedCipherSuites);
>>>>
>>>> ?? ?? ?? ?? ?? socket.setEnabledCipherSuites(selectedCipherSuites.toArray(new
>>>> String[0]));
>>>>
>>>> ?? ?? ?? ?? ?? return socket;
>>>> ?? ?? ?? }
>>>> }
>>>>
>>
>>
>>
>>
>>--
>>Mark Christiaens
>>Ganzeplas 23
>>9880 Aalter
>>09 / 325 07 40
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From vicente.romero at oracle.com Mon Jan 27 18:17:43 2014
From: vicente.romero at oracle.com (Vicente-Arturo Romero-Zaldivar)
Date: Mon, 27 Jan 2014 18:17:43 +0000
Subject: question about restricted packages
Message-ID: <52E6A2C7.9010304@oracle.com>
Hi,
Is there a list of restricted packages in JDK 8? Sorry if this isn't the
right place to ask for this.
Thanks,
Vicente
From chris.hegarty at oracle.com Mon Jan 27 18:34:18 2014
From: chris.hegarty at oracle.com (Chris Hegarty)
Date: Mon, 27 Jan 2014 18:34:18 +0000
Subject: question about restricted packages
In-Reply-To: <52E6A2C7.9010304@oracle.com>
References: <52E6A2C7.9010304@oracle.com>
Message-ID: <4F271B24-B7D9-4393-BDC5-D087E6BD67D5@oracle.com>
Take a look at the java.security-XXX files in
http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/tip/src/share/lib/security/
-Chris.
On 27 Jan 2014, at 18:17, Vicente-Arturo Romero-Zaldivar wrote:
> Hi,
>
> Is there a list of restricted packages in JDK 8? Sorry if this isn't the right place to ask for this.
>
> Thanks,
> Vicente
From jeffrey.nisewanger at oracle.com Mon Jan 27 18:56:54 2014
From: jeffrey.nisewanger at oracle.com (Jeff Nisewanger)
Date: Mon, 27 Jan 2014 10:56:54 -0800
Subject: question about restricted packages
In-Reply-To: <4F271B24-B7D9-4393-BDC5-D087E6BD67D5@oracle.com>
References: <52E6A2C7.9010304@oracle.com>
<4F271B24-B7D9-4393-BDC5-D087E6BD67D5@oracle.com>
Message-ID:
But be aware that this isn't a static list -- applications or middleware can extend it at runtime (generally when they start up).
Jeff
> On Jan 27, 2014, at 10:34 AM, Chris Hegarty wrote:
>
> Take a look at the java.security-XXX files in
> http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/tip/src/share/lib/security/
>
> -Chris.
>
>> On 27 Jan 2014, at 18:17, Vicente-Arturo Romero-Zaldivar wrote:
>>
>> Hi,
>>
>> Is there a list of restricted packages in JDK 8? Sorry if this isn't the right place to ask for this.
>>
>> Thanks,
>> Vicente
>
From vicente.romero at oracle.com Mon Jan 27 18:59:01 2014
From: vicente.romero at oracle.com (Vicente-Arturo Romero-Zaldivar)
Date: Mon, 27 Jan 2014 18:59:01 +0000
Subject: question about restricted packages
In-Reply-To: <4F271B24-B7D9-4393-BDC5-D087E6BD67D5@oracle.com>
References: <52E6A2C7.9010304@oracle.com>
<4F271B24-B7D9-4393-BDC5-D087E6BD67D5@oracle.com>
Message-ID: <52E6AC75.7010809@oracle.com>
Hi Chris,
Thanks for your answer, now I have another question :)
Is there any idiom (method) to check if a package is restricted?
probably checkPackageAccess()?
Thanks,
Vicente
On 27/01/14 18:34, Chris Hegarty wrote:
> Take a look at the java.security-XXX files in
> http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/tip/src/share/lib/security/
>
> -Chris.
>
> On 27 Jan 2014, at 18:17, Vicente-Arturo Romero-Zaldivar wrote:
>
>> Hi,
>>
>> Is there a list of restricted packages in JDK 8? Sorry if this isn't the right place to ask for this.
>>
>> Thanks,
>> Vicente
From ebaron at redhat.com Mon Jan 27 21:48:24 2014
From: ebaron at redhat.com (Elliott Baron)
Date: Mon, 27 Jan 2014 16:48:24 -0500
Subject: [PATCH] Handle alternative Kerberos credential cache locations
In-Reply-To: <52D66C20.2000903@oracle.com>
References: <523B9089.3040208@redhat.com> <523B9B6A.8010705@oracle.com>
<52D5C1DB.20901@redhat.com>
<4EF99A01-884D-44CE-A258-94BA1D9B0F15@oracle.com>
<52D66C20.2000903@oracle.com>
Message-ID: <52E6D428.5000902@redhat.com>
Hi Magnus,
On 01/15/2014 06:08 AM, Magnus Ihse Bursie wrote:
> On 2014-01-15 03:38, Wang Weijun wrote:
>> Hi Elliott
>>
>> Great to see this again. I?ll come back to this later. There are some
>> urgent issues I have to deal with at this moment. I?ll also need to
>> get those legal advices regarding pkg.m4 etc.
>
> I see some issues and questions about this patch.
>
> First of all, and I believe this was discussed the last time this
> patch was around, is that there might be legal question marks about
> including build-aux/krb5.m4. This code is written by someone who has
> not, to my knowledge, signed the OCA. Unfortunately, legal issues tend
> to shadow all technical issues, so you might want to start by getting
> this one solved.
>
> On the technical level, given that the krb5.m4 legality is cleared, I
> see:
> * The patch does not seem to be updated to the removed old build
> system. make/sun/security is no more.
> * Whitespace and indentation seems to be incorrect in several places
> in help.m4, libraries.m4 and SecurityLibraries.gmk. Please check
> surrounding code, or look at the guidelines here:
> http://mail.openjdk.java.net/pipermail/build-dev/2013-October/010477.html
>
> I have only looked at the build part of the patch.
How does this revised webrev look [1]? I have fixed indentation and
removed remnants of the old build system. I have also fixed the test's
Makefile, which no longer worked due to the removal of the old build
system. I would like to point out that like the inheritedChannel test
which this test is derived from, this test expects pre-built libraries
to be checked into version control. I understand this is required due to
test systems not necessarily having the required build environment.
Thanks,
Elliott
[1] http://icedtea.classpath.org/~ebaron/webrevs/krb5-default-ccache/02/
From weijun.wang at oracle.com Tue Jan 28 08:53:08 2014
From: weijun.wang at oracle.com (Wang Weijun)
Date: Tue, 28 Jan 2014 16:53:08 +0800
Subject: RFR 8029995: accept yes/no for boolean krb5.conf settings
Message-ID: <87A22155-BEB1-467C-82F2-A7E179115311@oracle.com>
Please review the fix at
http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
The supported boolean values in this fix cover what MIT krb5 does and we also added 'f'.
The old getBooleanValue() method returns true for ?true? and false otherwise but the new method returns null if the value is not supported. I?ve carefully changed how the method is called to ensure maximum compatibility, but there is still one left:
We support DNS lookup for realm name by default, which means we do it if dns_lookup_realm is not set to false, or when unset, if dns_fallback is not set to false. Before this change, when dns_lookup_realm is set to ?unknown?, it means false so DNS lookup is not performed. After this change, it?s equivalent to dns_lookup_realm unset, and dns_fallback is used. I think the current behavior is better than the old one.
Thanks
Max
From vicente.romero at oracle.com Tue Jan 28 11:36:31 2014
From: vicente.romero at oracle.com (Vicente-Arturo Romero-Zaldivar)
Date: Tue, 28 Jan 2014 11:36:31 +0000
Subject: question about restricted packages
In-Reply-To:
References: <52E6A2C7.9010304@oracle.com>
<4F271B24-B7D9-4393-BDC5-D087E6BD67D5@oracle.com>
Message-ID: <52E7963F.8000301@oracle.com>
Hi Jeff,
On 27/01/14 18:56, Jeff Nisewanger wrote:
> But be aware that this isn't a static list -- applications or middleware can extend it at runtime (generally when they start up).
So this means that it's better to use a method to check if a package is
restricted or not. Do you know if there is any?
Thanks,
Vicente
>
>
> Jeff
>
>> On Jan 27, 2014, at 10:34 AM, Chris Hegarty wrote:
>>
>> Take a look at the java.security-XXX files in
>> http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/tip/src/share/lib/security/
>>
>> -Chris.
>>
>>> On 27 Jan 2014, at 18:17, Vicente-Arturo Romero-Zaldivar wrote:
>>>
>>> Hi,
>>>
>>> Is there a list of restricted packages in JDK 8? Sorry if this isn't the right place to ask for this.
>>>
>>> Thanks,
>>> Vicente
From sean.mullan at oracle.com Tue Jan 28 13:18:38 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Tue, 28 Jan 2014 08:18:38 -0500
Subject: question about restricted packages
In-Reply-To: <52E7963F.8000301@oracle.com>
References: <52E6A2C7.9010304@oracle.com> <4F271B24-B7D9-4393-BDC5-D087E6BD67D5@oracle.com>
<52E7963F.8000301@oracle.com>
Message-ID: <52E7AE2E.4020107@oracle.com>
On 01/28/2014 06:36 AM, Vicente-Arturo Romero-Zaldivar wrote:
> Hi Jeff,
>
> On 27/01/14 18:56, Jeff Nisewanger wrote:
>> But be aware that this isn't a static list -- applications or
>> middleware can extend it at runtime (generally when they start up).
>
> So this means that it's better to use a method to check if a package is
> restricted or not. Do you know if there is any?
Security.getProperty("package.access");
This returns the value of the property (including any subsequent
modifications). The return value is a String containing the packages
separated by commas, so you will have to write a bit of additional code
to parse this into a list of packages.
--Sean
From sean.mullan at oracle.com Tue Jan 28 13:27:22 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Tue, 28 Jan 2014 08:27:22 -0500
Subject: CFV: New Security Group Member: Jason Uh
Message-ID: <52E7B03A.5060803@oracle.com>
I hereby nominate Jason Uh to Membership in the Security Group.
Jason Uh is a member of the Java security libraries team at Oracle and
has been an active contributor to the OpenJDK security group for almost
2 years. Jason was voted in as a JDK 8 committer in February, 2013.
Jason has integrated many significant bug fixes, helped reduce the
number of compiler warnings and improved overall test stability in the
security libraries area.
Votes are due by February 11, 2014, 06:00 PST.
Only current Members of the Security Group [1] are eligible to vote on
this nomination. Votes must be cast in the open by replying to this
mailing list.
For Lazy Consensus voting instructions, see [2].
Sean Mullan
[1] http://openjdk.java.net/census#security
[2] http://openjdk.java.net/groups/#member-vote
From sean.mullan at oracle.com Tue Jan 28 13:34:47 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Tue, 28 Jan 2014 08:34:47 -0500
Subject: CFV: New Security Group Member: Jason Uh
In-Reply-To: <52E7B03A.5060803@oracle.com>
References: <52E7B03A.5060803@oracle.com>
Message-ID: <52E7B1F7.9060009@oracle.com>
Vote: yes
On 01/28/2014 08:27 AM, Sean Mullan wrote:
> I hereby nominate Jason Uh to Membership in the Security Group.
>
> Jason Uh is a member of the Java security libraries team at Oracle and
> has been an active contributor to the OpenJDK security group for almost
> 2 years. Jason was voted in as a JDK 8 committer in February, 2013.
> Jason has integrated many significant bug fixes, helped reduce the
> number of compiler warnings and improved overall test stability in the
> security libraries area.
>
> Votes are due by February 11, 2014, 06:00 PST.
>
> Only current Members of the Security Group [1] are eligible to vote on
> this nomination. Votes must be cast in the open by replying to this
> mailing list.
>
> For Lazy Consensus voting instructions, see [2].
>
> Sean Mullan
>
> [1] http://openjdk.java.net/census#security
> [2] http://openjdk.java.net/groups/#member-vote
From weijun.wang at oracle.com Tue Jan 28 13:52:47 2014
From: weijun.wang at oracle.com (Weijun Wang)
Date: Tue, 28 Jan 2014 21:52:47 +0800
Subject: CFV: New Security Group Member: Jason Uh
In-Reply-To: <52E7B03A.5060803@oracle.com>
References: <52E7B03A.5060803@oracle.com>
Message-ID: <52E7B62F.8040403@oracle.com>
Vote? yes
--Max
On 1/28/2014 21:27, Sean Mullan wrote:
> I hereby nominate Jason Uh to Membership in the Security Group.
>
> Jason Uh is a member of the Java security libraries team at Oracle and
> has been an active contributor to the OpenJDK security group for almost
> 2 years. Jason was voted in as a JDK 8 committer in February, 2013.
> Jason has integrated many significant bug fixes, helped reduce the
> number of compiler warnings and improved overall test stability in the
> security libraries area.
>
> Votes are due by February 11, 2014, 06:00 PST.
>
> Only current Members of the Security Group [1] are eligible to vote on
> this nomination. Votes must be cast in the open by replying to this
> mailing list.
>
> For Lazy Consensus voting instructions, see [2].
>
> Sean Mullan
>
> [1] http://openjdk.java.net/census#security
> [2] http://openjdk.java.net/groups/#member-vote
From Xuelei.Fan at Oracle.Com Tue Jan 28 13:54:18 2014
From: Xuelei.Fan at Oracle.Com (Xuelei Fan)
Date: Tue, 28 Jan 2014 21:54:18 +0800
Subject: CFV: New Security Group Member: Jason Uh
In-Reply-To: <52E7B03A.5060803@oracle.com>
References: <52E7B03A.5060803@oracle.com>
Message-ID:
Vote: yes
Xuelei
> On Jan 28, 2014, at 9:27 PM, Sean Mullan wrote:
>
> I hereby nominate Jason Uh to Membership in the Security Group.
>
> Jason Uh is a member of the Java security libraries team at Oracle and has been an active contributor to the OpenJDK security group for almost 2 years. Jason was voted in as a JDK 8 committer in February, 2013. Jason has integrated many significant bug fixes, helped reduce the number of compiler warnings and improved overall test stability in the security libraries area.
>
> Votes are due by February 11, 2014, 06:00 PST.
>
> Only current Members of the Security Group [1] are eligible to vote on this nomination. Votes must be cast in the open by replying to this mailing list.
>
> For Lazy Consensus voting instructions, see [2].
>
> Sean Mullan
>
> [1] http://openjdk.java.net/census#security
> [2] http://openjdk.java.net/groups/#member-vote
From eric.mccorkle at oracle.com Tue Jan 28 13:53:05 2014
From: eric.mccorkle at oracle.com (eric.mccorkle at oracle.com)
Date: Tue, 28 Jan 2014 13:53:05 +0000
Subject: hg: jdk8/tl/jdk: 8032585: JSR292: IllegalAccessError when attempting
to invoke protected method from different package
Message-ID: <20140128135328.E3A1662802@hg.openjdk.java.net>
Changeset: 56d05f260123
Author: vlivanov
Date: 2014-01-28 13:46 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/56d05f260123
8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package
Reviewed-by: twisti, jrose
! src/share/classes/sun/invoke/util/VerifyAccess.java
+ test/java/lang/invoke/ProtectedMemberDifferentPackage/Test.java
+ test/java/lang/invoke/ProtectedMemberDifferentPackage/p1/T2.java
+ test/java/lang/invoke/ProtectedMemberDifferentPackage/p2/T3.java
From vicente.romero at oracle.com Tue Jan 28 14:15:23 2014
From: vicente.romero at oracle.com (Vicente-Arturo Romero-Zaldivar)
Date: Tue, 28 Jan 2014 14:15:23 +0000
Subject: question about restricted packages
In-Reply-To: <52E7AE2E.4020107@oracle.com>
References: <52E6A2C7.9010304@oracle.com> <4F271B24-B7D9-4393-BDC5-D087E6BD67D5@oracle.com>
<52E7963F.8000301@oracle.com> <52E7AE2E.4020107@oracle.com>
Message-ID: <52E7BB7B.9000100@oracle.com>
Hi Sean,
Thanks I will try this.
Vicente.
On 28/01/14 13:18, Sean Mullan wrote:
> On 01/28/2014 06:36 AM, Vicente-Arturo Romero-Zaldivar wrote:
>> Hi Jeff,
>>
>> On 27/01/14 18:56, Jeff Nisewanger wrote:
>>> But be aware that this isn't a static list -- applications or
>>> middleware can extend it at runtime (generally when they start up).
>>
>> So this means that it's better to use a method to check if a package is
>> restricted or not. Do you know if there is any?
>
> Security.getProperty("package.access");
>
> This returns the value of the property (including any subsequent
> modifications). The return value is a String containing the packages
> separated by commas, so you will have to write a bit of additional
> code to parse this into a list of packages.
>
> --Sean
From magnus.ihse.bursie at oracle.com Tue Jan 28 17:55:12 2014
From: magnus.ihse.bursie at oracle.com (Magnus Ihse Bursie)
Date: Tue, 28 Jan 2014 18:55:12 +0100
Subject: [PATCH] Handle alternative Kerberos credential cache locations
In-Reply-To: <52E6D428.5000902@redhat.com>
References: <523B9089.3040208@redhat.com> <523B9B6A.8010705@oracle.com>
<52D5C1DB.20901@redhat.com>
<4EF99A01-884D-44CE-A258-94BA1D9B0F15@oracle.com>
<52D66C20.2000903@oracle.com> <52E6D428.5000902@redhat.com>
Message-ID: <098BB37B-94E6-4862-A409-F166BD5AF8EC@oracle.com>
The technical part of the patch looks good (as previously, I've only checked the build system).
The overshadowing issue is still legal, though. I can't see how this patch can be accepted without legal clearance.
/Magnus
27 jan 2014 kl. 22:48 skrev Elliott Baron :
> Hi Magnus,
>
> On 01/15/2014 06:08 AM, Magnus Ihse Bursie wrote:
>> On 2014-01-15 03:38, Wang Weijun wrote:
>>> Hi Elliott
>>>
>>> Great to see this again. I?ll come back to this later. There are some urgent issues I have to deal with at this moment. I?ll also need to get those legal advices regarding pkg.m4 etc.
>>
>> I see some issues and questions about this patch.
>>
>> First of all, and I believe this was discussed the last time this patch was around, is that there might be legal question marks about including build-aux/krb5.m4. This code is written by someone who has not, to my knowledge, signed the OCA. Unfortunately, legal issues tend to shadow all technical issues, so you might want to start by getting this one solved.
>>
>> On the technical level, given that the krb5.m4 legality is cleared, I see:
>> * The patch does not seem to be updated to the removed old build system. make/sun/security is no more.
>> * Whitespace and indentation seems to be incorrect in several places in help.m4, libraries.m4 and SecurityLibraries.gmk. Please check surrounding code, or look at the guidelines here: http://mail.openjdk.java.net/pipermail/build-dev/2013-October/010477.html
>>
>> I have only looked at the build part of the patch.
>
> How does this revised webrev look [1]? I have fixed indentation and removed remnants of the old build system. I have also fixed the test's Makefile, which no longer worked due to the removal of the old build system. I would like to point out that like the inheritedChannel test which this test is derived from, this test expects pre-built libraries to be checked into version control. I understand this is required due to test systems not necessarily having the required build environment.
>
> Thanks,
> Elliott
>
> [1] http://icedtea.classpath.org/~ebaron/webrevs/krb5-default-ccache/02/
From jeff.dinkins at oracle.com Tue Jan 28 20:40:59 2014
From: jeff.dinkins at oracle.com (jeff.dinkins at oracle.com)
Date: Tue, 28 Jan 2014 20:40:59 +0000
Subject: hg: jdk8/tl/hotspot: 8032816: THIRDPARTYREADME LittleCMS preamble
missing JRE 8 & JDK 8
Message-ID: <20140128204101.F2B7262824@hg.openjdk.java.net>
Changeset: ce0320cdb075
Author: jeff
Date: 2014-01-28 20:09 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ce0320cdb075
8032816: THIRDPARTYREADME LittleCMS preamble missing JRE 8 & JDK 8
Reviewed-by: lana
! THIRD_PARTY_README
From jeff.dinkins at oracle.com Tue Jan 28 20:40:07 2014
From: jeff.dinkins at oracle.com (jeff.dinkins at oracle.com)
Date: Tue, 28 Jan 2014 20:40:07 +0000
Subject: hg: jdk8/tl/corba: 8032816: THIRDPARTYREADME LittleCMS preamble
missing JRE 8 & JDK 8
Message-ID: <20140128204007.AA92D62823@hg.openjdk.java.net>
Changeset: 6d40c0d49c7a
Author: jeff
Date: 2014-01-28 20:09 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/6d40c0d49c7a
8032816: THIRDPARTYREADME LittleCMS preamble missing JRE 8 & JDK 8
Reviewed-by: lana
! THIRD_PARTY_README
From jeff.dinkins at oracle.com Tue Jan 28 20:41:28 2014
From: jeff.dinkins at oracle.com (jeff.dinkins at oracle.com)
Date: Tue, 28 Jan 2014 20:41:28 +0000
Subject: hg: jdk8/tl/jaxp: 8032816: THIRDPARTYREADME LittleCMS preamble
missing JRE 8 & JDK 8
Message-ID: <20140128204131.5EC6762825@hg.openjdk.java.net>
Changeset: 60c2c003fa11
Author: jeff
Date: 2014-01-28 20:09 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/60c2c003fa11
8032816: THIRDPARTYREADME LittleCMS preamble missing JRE 8 & JDK 8
Reviewed-by: lana
! THIRD_PARTY_README
From jeff.dinkins at oracle.com Tue Jan 28 20:41:46 2014
From: jeff.dinkins at oracle.com (jeff.dinkins at oracle.com)
Date: Tue, 28 Jan 2014 20:41:46 +0000
Subject: hg: jdk8/tl/jaxws: 8032816: THIRDPARTYREADME LittleCMS preamble
missing JRE 8 & JDK 8
Message-ID: <20140128204148.F3F7962826@hg.openjdk.java.net>
Changeset: 2b44c111e153
Author: jeff
Date: 2014-01-28 20:09 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/2b44c111e153
8032816: THIRDPARTYREADME LittleCMS preamble missing JRE 8 & JDK 8
Reviewed-by: lana
! THIRD_PARTY_README
From jeff.dinkins at oracle.com Tue Jan 28 20:42:29 2014
From: jeff.dinkins at oracle.com (jeff.dinkins at oracle.com)
Date: Tue, 28 Jan 2014 20:42:29 +0000
Subject: hg: jdk8/tl/jdk: 8032816: THIRDPARTYREADME LittleCMS preamble missing
JRE 8 & JDK 8
Message-ID: <20140128204248.3844C62827@hg.openjdk.java.net>
Changeset: 72d0cc723560
Author: jeff
Date: 2014-01-28 20:10 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/72d0cc723560
8032816: THIRDPARTYREADME LittleCMS preamble missing JRE 8 & JDK 8
Reviewed-by: lana
! THIRD_PARTY_README
From jeff.dinkins at oracle.com Tue Jan 28 20:44:50 2014
From: jeff.dinkins at oracle.com (jeff.dinkins at oracle.com)
Date: Tue, 28 Jan 2014 20:44:50 +0000
Subject: hg: jdk8/tl/langtools: 8032816: THIRDPARTYREADME LittleCMS preamble
missing JRE 8 & JDK 8
Message-ID: <20140128204454.0BE4B62828@hg.openjdk.java.net>
Changeset: afa91c54ff00
Author: jeff
Date: 2014-01-28 20:10 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/afa91c54ff00
8032816: THIRDPARTYREADME LittleCMS preamble missing JRE 8 & JDK 8
Reviewed-by: lana
! THIRD_PARTY_README
From jeff.dinkins at oracle.com Tue Jan 28 20:45:07 2014
From: jeff.dinkins at oracle.com (jeff.dinkins at oracle.com)
Date: Tue, 28 Jan 2014 20:45:07 +0000
Subject: hg: jdk8/tl/nashorn: 8032816: THIRDPARTYREADME LittleCMS preamble
missing JRE 8 & JDK 8
Message-ID: <20140128204508.980F662829@hg.openjdk.java.net>
Changeset: d3b293a4d554
Author: jeff
Date: 2014-01-28 20:10 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/d3b293a4d554
8032816: THIRDPARTYREADME LittleCMS preamble missing JRE 8 & JDK 8
Reviewed-by: lana
! THIRD_PARTY_README
From robert.field at oracle.com Tue Jan 28 21:03:07 2014
From: robert.field at oracle.com (robert.field at oracle.com)
Date: Tue, 28 Jan 2014 21:03:07 +0000
Subject: hg: jdk8/tl/jdk: 8032711: Issue with Lambda in handling; ...
Message-ID: <20140128210319.AFAB66282B@hg.openjdk.java.net>
Changeset: c8d9cdc6445c
Author: rfield
Date: 2014-01-28 13:02 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c8d9cdc6445c
8032711: Issue with Lambda in handling
8032704: Issues with lib perm in Lambda
Reviewed-by: jrose, ahgross, briangoetz
! src/share/classes/java/lang/invoke/AbstractValidatingLambdaMetafactory.java
+ test/java/lang/invoke/lambda/T8032704.java
+ test/java/lang/invoke/lambda/T8032711.java
From jeff.dinkins at oracle.com Tue Jan 28 20:39:31 2014
From: jeff.dinkins at oracle.com (jeff.dinkins at oracle.com)
Date: Tue, 28 Jan 2014 20:39:31 +0000
Subject: hg: jdk8/tl: 8032816: THIRDPARTYREADME LittleCMS preamble missing JRE
8 & JDK 8
Message-ID: <20140128203931.DC82E62821@hg.openjdk.java.net>
Changeset: 4f590c2cec75
Author: jeff
Date: 2014-01-28 20:09 +0000
URL: http://hg.openjdk.java.net/jdk8/tl/rev/4f590c2cec75
8032816: THIRDPARTYREADME LittleCMS preamble missing JRE 8 & JDK 8
Reviewed-by: lana
! THIRD_PARTY_README
From sean.mullan at oracle.com Tue Jan 28 21:46:49 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Tue, 28 Jan 2014 16:46:49 -0500
Subject: RFR 8029995: accept yes/no for boolean krb5.conf settings
In-Reply-To: <87A22155-BEB1-467C-82F2-A7E179115311@oracle.com>
References: <87A22155-BEB1-467C-82F2-A7E179115311@oracle.com>
Message-ID: <52E82549.7090705@oracle.com>
On 01/28/2014 03:53 AM, Wang Weijun wrote:
> Please review the fix at
>
> http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
>
> The supported boolean values in this fix cover what MIT krb5 does and
> we also added 'f'.
>
> The old getBooleanValue() method returns true for ?true? and false
> otherwise but the new method returns null if the value is not
> supported. I?ve carefully changed how the method is called to ensure
> maximum compatibility, but there is still one left:
>
> We support DNS lookup for realm name by default, which means we do it
> if dns_lookup_realm is not set to false, or when unset, if
> dns_fallback is not set to false. Before this change, when
> dns_lookup_realm is set to ?unknown?, it means false so DNS lookup is
> not performed. After this change, it?s equivalent to dns_lookup_realm
> unset, and dns_fallback is used. I think the current behavior is
> better than the old one.
I agree, but since it is a behavior change, it should be specified in
the CCC and release notes.
Fix looks fine otherwise.
--Sean
From bradford.wetmore at oracle.com Tue Jan 28 22:06:04 2014
From: bradford.wetmore at oracle.com (Bradford Wetmore)
Date: Tue, 28 Jan 2014 14:06:04 -0800
Subject: CFV: New Security Group Member: Jason Uh
In-Reply-To: <52E7B03A.5060803@oracle.com>
References: <52E7B03A.5060803@oracle.com>
Message-ID: <52E829CC.2090400@oracle.com>
Vote: Yes
Brad
On 1/28/2014 5:27 AM, Sean Mullan wrote:
> I hereby nominate Jason Uh to Membership in the Security Group.
>
> Jason Uh is a member of the Java security libraries team at Oracle and
> has been an active contributor to the OpenJDK security group for almost
> 2 years. Jason was voted in as a JDK 8 committer in February, 2013.
> Jason has integrated many significant bug fixes, helped reduce the
> number of compiler warnings and improved overall test stability in the
> security libraries area.
>
> Votes are due by February 11, 2014, 06:00 PST.
>
> Only current Members of the Security Group [1] are eligible to vote on
> this nomination. Votes must be cast in the open by replying to this
> mailing list.
>
> For Lazy Consensus voting instructions, see [2].
>
> Sean Mullan
>
> [1] http://openjdk.java.net/census#security
> [2] http://openjdk.java.net/groups/#member-vote
From robert.field at oracle.com Wed Jan 29 01:25:00 2014
From: robert.field at oracle.com (robert.field at oracle.com)
Date: Wed, 29 Jan 2014 01:25:00 +0000
Subject: hg: jdk8/tl/jdk: 8032697: Issues with Lambda
Message-ID: <20140129012512.8FE0E62837@hg.openjdk.java.net>
Changeset: e385bd6f7338
Author: rfield
Date: 2014-01-28 17:23 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e385bd6f7338
8032697: Issues with Lambda
Reviewed-by: ahgross, briangoetz, dlsmith, rfield
Contributed-by: daniel.smith at oracle.com
! src/share/classes/java/lang/invoke/AbstractValidatingLambdaMetafactory.java
+ test/java/lang/invoke/lambda/T8032697.java
+ test/java/lang/invoke/lambda/T8032697_anotherpkg/T8032697_A.java
From weijun.wang at oracle.com Wed Jan 29 03:41:54 2014
From: weijun.wang at oracle.com (Wang Weijun)
Date: Wed, 29 Jan 2014 11:41:54 +0800
Subject: RFR 8029995: accept yes/no for boolean krb5.conf settings
In-Reply-To: <52E82549.7090705@oracle.com>
References: <87A22155-BEB1-467C-82F2-A7E179115311@oracle.com>
<52E82549.7090705@oracle.com>
Message-ID: <9FAFA6DF-F128-4880-82A3-FCA5B8652A0E@oracle.com>
In fact, I had thought about throwing an exception when the value is not a supported one, but decided not to do that for compatibility reasons. The old Config::getBooleanValue() has never thrown an exception. We have other methods doing similarly (say, getIntValue()r returns Integer.MIN_VALUE is there is a NumberFormatException).
--Max
On Jan 29, 2014, at 5:46, Sean Mullan wrote:
> On 01/28/2014 03:53 AM, Wang Weijun wrote:
>> Please review the fix at
>>
>> http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
>>
>> The supported boolean values in this fix cover what MIT krb5 does and
>> we also added 'f'.
>>
>> The old getBooleanValue() method returns true for ?true? and false
>> otherwise but the new method returns null if the value is not
>> supported. I?ve carefully changed how the method is called to ensure
>> maximum compatibility, but there is still one left:
>>
>> We support DNS lookup for realm name by default, which means we do it
>> if dns_lookup_realm is not set to false, or when unset, if
>> dns_fallback is not set to false. Before this change, when
>> dns_lookup_realm is set to ?unknown?, it means false so DNS lookup is
>> not performed. After this change, it?s equivalent to dns_lookup_realm
>> unset, and dns_fallback is used. I think the current behavior is
>> better than the old one.
>
> I agree, but since it is a behavior change, it should be specified in the CCC and release notes.
>
> Fix looks fine otherwise.
>
> --Sean
From vincent.x.ryan at oracle.com Wed Jan 29 10:26:02 2014
From: vincent.x.ryan at oracle.com (Vincent Ryan)
Date: Wed, 29 Jan 2014 10:26:02 +0000
Subject: CFV: New Security Group Member: Jason Uh
In-Reply-To: <52E7B03A.5060803@oracle.com>
References: <52E7B03A.5060803@oracle.com>
Message-ID: <22FF03F5-FE9F-4409-A600-E58FF4AB0276@oracle.com>
Vote: yes
On 28 Jan 2014, at 13:27, Sean Mullan wrote:
> I hereby nominate Jason Uh to Membership in the Security Group.
>
> Jason Uh is a member of the Java security libraries team at Oracle and has been an active contributor to the OpenJDK security group for almost 2 years. Jason was voted in as a JDK 8 committer in February, 2013. Jason has integrated many significant bug fixes, helped reduce the number of compiler warnings and improved overall test stability in the security libraries area.
>
> Votes are due by February 11, 2014, 06:00 PST.
>
> Only current Members of the Security Group [1] are eligible to vote on this nomination. Votes must be cast in the open by replying to this mailing list.
>
> For Lazy Consensus voting instructions, see [2].
>
> Sean Mullan
>
> [1] http://openjdk.java.net/census#security
> [2] http://openjdk.java.net/groups/#member-vote
From Alan.Bateman at oracle.com Wed Jan 29 19:32:19 2014
From: Alan.Bateman at oracle.com (Alan Bateman)
Date: Wed, 29 Jan 2014 19:32:19 +0000
Subject: RFR(S): 8033154: PPC64: Fix AIX build after integration into
jdk9/dev
In-Reply-To:
References:
Message-ID: <52E95743.7050708@oracle.com>
On 29/01/2014 17:59, Volker Simonis wrote:
> Hi,
>
> please review the following small change:
>
> http://cr.openjdk.java.net/~simonis/webrevs/8033154/
>
> which fixes the AIX build after the integration of
> ppc-aix-port/stage-9/jdk to jdk9/dev/jdk.
>
> I would ideally like to push this change to jdk9/hs-comp/jdk because
> that's the only repository where there's currently a complete AIX
> port. However if that is not possible, I'll push it to jdk9/dev/jdk
> and wait until it gets synced with jdk9/hs-comp again.
>
The changes look okay to me. An alternative to introducing
AixNativeThread.c would be to just put an ifdef AIX in NativeThread.c to
defined INTERRUPT_SIGNAL.
I don't see any issue with this being pushed to jdk9/hs-comp.
-Alan
From sean.mullan at oracle.com Wed Jan 29 19:52:08 2014
From: sean.mullan at oracle.com (Sean Mullan)
Date: Wed, 29 Jan 2014 14:52:08 -0500
Subject: RFR(S): 8033154: PPC64: Fix AIX build after integration into
jdk9/dev
In-Reply-To:
References:
Message-ID: <52E95BE8.1020806@oracle.com>
The java.security-aix file looks fine to me.
--Sean
On 01/29/2014 12:59 PM, Volker Simonis wrote:
> Hi,
>
> please review the following small change:
>
> http://cr.openjdk.java.net/~simonis/webrevs/8033154/
>
> which fixes the AIX build after the integration of
> ppc-aix-port/stage-9/jdk to jdk9/dev/jdk.
>
> I would ideally like to push this change to jdk9/hs-comp/jdk because
> that's the only repository where there's currently a complete AIX
> port. However if that is not possible, I'll push it to jdk9/dev/jdk
> and wait until it gets synced with jdk9/hs-comp again.
>
> Please notice that this change is also intended for downport into 8u,
> but I don't expect this to be a problem because it only contains
> AIX-specific coding.
>
> The main problem with the integration was caused by change "8032451:
> (dc) DatagramChannel.join should support include-mode filtering on OS
> X" which was already in jdk9/dev/jdk but not in
> ppc-aix-port/stage-9/jdk. It caused some issues which will be solved
> with this change:
>
>
> make/lib/NioLibraries.gmk
> src/aix/native/sun/nio/ch/AixNativeThread.c
>
> 8032451 did some changes to NativeThread.c. Instead of adding another
> platform specific section to that file I've moved the AIX
> implementation to it's own file which will only be used during the AIX
> port. Notice that the changes in the makefile are in a AIX-specific
> section and won't affect any other platform.
>
>
> src/solaris/native/sun/nio/ch/Net.c
>
> 8032451 removed some specific coding which was used by AIX as well. To
> re-enable the build on AIX 5.3 we have to define the two structures
> 'ip_mreq_source' and 'group_source_req' on that platform.
>
>
> src/solaris/classes/sun/net/PortConfig.java
>
> This is another file which wasn't present in our stage-9/jdk
> repository but in the new jdk9/dev/jdk. Just added the required,
> AIX-specific section to the file.
>
>
> src/share/lib/security/java.security-aix
>
> Recent changes have updated the various
> src/share/lib/security/java.security* files. Without these changes,
> the JDK failes to pass the
> java/lang/SecurityManager/CheckPackageAccess.java jtreg regression
> test. I've just updated java.security-aix to be the same like the
> corresponding Linux version (as this was done - and agreed upon that
> it is OK - in the initial AIX change).
>
> Regards,
> Volker
>
From volker.simonis at gmail.com Wed Jan 29 17:59:27 2014
From: volker.simonis at gmail.com (Volker Simonis)
Date: Wed, 29 Jan 2014 18:59:27 +0100
Subject: RFR(S): 8033154: PPC64: Fix AIX build after integration into jdk9/dev
Message-ID:
Hi,
please review the following small change:
http://cr.openjdk.java.net/~simonis/webrevs/8033154/
which fixes the AIX build after the integration of
ppc-aix-port/stage-9/jdk to jdk9/dev/jdk.
I would ideally like to push this change to jdk9/hs-comp/jdk because
that's the only repository where there's currently a complete AIX
port. However if that is not possible, I'll push it to jdk9/dev/jdk
and wait until it gets synced with jdk9/hs-comp again.
Please notice that this change is also intended for downport into 8u,
but I don't expect this to be a problem because it only contains
AIX-specific coding.
The main problem with the integration was caused by change "8032451:
(dc) DatagramChannel.join should support include-mode filtering on OS
X" which was already in jdk9/dev/jdk but not in
ppc-aix-port/stage-9/jdk. It caused some issues which will be solved
with this change:
make/lib/NioLibraries.gmk
src/aix/native/sun/nio/ch/AixNativeThread.c
8032451 did some changes to NativeThread.c. Instead of adding another
platform specific section to that file I've moved the AIX
implementation to it's own file which will only be used during the AIX
port. Notice that the changes in the makefile are in a AIX-specific
section and won't affect any other platform.
src/solaris/native/sun/nio/ch/Net.c
8032451 removed some specific coding which was used by AIX as well. To
re-enable the build on AIX 5.3 we have to define the two structures
'ip_mreq_source' and 'group_source_req' on that platform.
src/solaris/classes/sun/net/PortConfig.java
This is another file which wasn't present in our stage-9/jdk
repository but in the new jdk9/dev/jdk. Just added the required,
AIX-specific section to the file.
src/share/lib/security/java.security-aix
Recent changes have updated the various
src/share/lib/security/java.security* files. Without these changes,
the JDK failes to pass the
java/lang/SecurityManager/CheckPackageAccess.java jtreg regression
test. I've just updated java.security-aix to be the same like the
corresponding Linux version (as this was done - and agreed upon that
it is OK - in the initial AIX change).
Regards,
Volker
From vladimir.kozlov at oracle.com Wed Jan 29 18:10:11 2014
From: vladimir.kozlov at oracle.com (Vladimir Kozlov)
Date: Wed, 29 Jan 2014 10:10:11 -0800
Subject: RFR(S): 8033154: PPC64: Fix AIX build after integration into
jdk9/dev
In-Reply-To:
References:
Message-ID: <52E94403.60704@oracle.com>
On 1/29/14 9:59 AM, Volker Simonis wrote:
> Hi,
>
> please review the following small change:
>
> http://cr.openjdk.java.net/~simonis/webrevs/8033154/
>
> which fixes the AIX build after the integration of
> ppc-aix-port/stage-9/jdk to jdk9/dev/jdk.
>
> I would ideally like to push this change to jdk9/hs-comp/jdk because
> that's the only repository where there's currently a complete AIX
> port. However if that is not possible, I'll push it to jdk9/dev/jdk
> and wait until it gets synced with jdk9/hs-comp again.
I don't see a problem to push into jdk9/hs-comp/jdk. It is even better
for me since I have to prepare new control builds of whole forest for
testing and I can get sources for that from one place.
The only reason to push fix into jdk9/dev/jdk if something breaks builds
on our platforms, I think.
You can pushed into jdk9/hs-comp/jdk after reviews.
Thanks,
Vladimir
>
> Please notice that this change is also intended for downport into 8u,
> but I don't expect this to be a problem because it only contains
> AIX-specific coding.
>
> The main problem with the integration was caused by change "8032451:
> (dc) DatagramChannel.join should support include-mode filtering on OS
> X" which was already in jdk9/dev/jdk but not in
> ppc-aix-port/stage-9/jdk. It caused some issues which will be solved
> with this change:
>
>
> make/lib/NioLibraries.gmk
> src/aix/native/sun/nio/ch/AixNativeThread.c
>
> 8032451 did some changes to NativeThread.c. Instead of adding another
> platform specific section to that file I've moved the AIX
> implementation to it's own file which will only be used during the AIX
> port. Notice that the changes in the makefile are in a AIX-specific
> section and won't affect any other platform.
>
>
> src/solaris/native/sun/nio/ch/Net.c
>
> 8032451 removed some specific coding which was used by AIX as well. To
> re-enable the build on AIX 5.3 we have to define the two structures
> 'ip_mreq_source' and 'group_source_req' on that platform.
>
>
> src/solaris/classes/sun/net/PortConfig.java
>
> This is another file which wasn't present in our stage-9/jdk
> repository but in the new jdk9/dev/jdk. Just added the required,
> AIX-specific section to the file.
>
>
> src/share/lib/security/java.security-aix
>
> Recent changes have updated the various
> src/share/lib/security/java.security* files. Without these changes,
> the JDK failes to pass the
> java/lang/SecurityManager/CheckPackageAccess.java jtreg regression
> test. I've just updated java.security-aix to be the same like the
> corresponding Linux version (as this was done - and agreed upon that
> it is OK - in the initial AIX change).
>
> Regards,
> Volker
>
From artem.smotrakov at oracle.com Thu Jan 30 08:47:18 2014
From: artem.smotrakov at oracle.com (Artem Smotrakov)
Date: Thu, 30 Jan 2014 12:47:18 +0400
Subject: Code Review request: 8028591: NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString()
Message-ID: <52EA1196.4080702@oracle.com>
Please review this fix for 9:
https://bugs.openjdk.java.net/browse/JDK-8028591
http://cr.openjdk.java.net/~asmotrak/8028591/webrev.00/
getLength() method is used to get a length of bit string. The method can
return a negative value that means indefinite-length encoding that is
not allowed in DER. Currently a negative value is not checked. As a
result, NegativeArraySizeException can occur.
I added the following checks in
sun.security.util.DerInputStream.getUnalignedBitString() method:
1. IOException is thrown if getLength() method returns a negative value.
2. Empty BitArray is returned if getLength() method returns zero.
I think that an empty bit string should be encoded as "03 01 00" in DER.
I am not sure, but probably "03 00" is valid one as well. I tried both
ones with OpenSSL asn1parse, and both ones were parsed successfully:
hexdump -C emtpy_bit_string_1
00000000 03 01 00 |...|
00000003
openssl asn1parse -inform der -in emtpy_bit_string_1
0:d=0 hl=2 l= 1 prim: BIT STRING
hexdump -C emtpy_bit_string_2
00000000 03 00 |..|
00000002
openssl asn1parse -inform der -in emtpy_bit_string_2
0:d=0 hl=2 l= 0 prim: BIT STRING
3. IOException is thrown if number of calculated valid bits is negative.
Added a test case for
test/java/security/cert/X509Certificate/X509BadCertificate.java
(bad-cert-2.pem is corrupted self-signed certificate). Tested with
available regression, SQE and JCK tests.
Artem
From sundararajan.athijegannathan at oracle.com Thu Jan 30 13:04:53 2014
From: sundararajan.athijegannathan at oracle.com (sundararajan.athijegannathan at oracle.com)
Date: Thu, 30 Jan 2014 13:04:53 +0000
Subject: hg: jdk8/tl/nashorn: 8032944: Improve reflection in Nashorn
Message-ID: <20140130130504.4BA5D628AC@hg.openjdk.java.net>
Changeset: a43c125b03dc
Author: sundar
Date: 2014-01-30 18:34 +0530
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/a43c125b03dc
8032944: Improve reflection in Nashorn
Reviewed-by: jlaskey, attila, ahgross
! src/jdk/nashorn/internal/objects/NativeObject.java
+ test/script/sandbox/classbind.js
From sundararajan.athijegannathan at oracle.com Thu Jan 30 13:34:14 2014
From: sundararajan.athijegannathan at oracle.com (sundararajan.athijegannathan at oracle.com)
Date: Thu, 30 Jan 2014 13:34:14 +0000
Subject: hg: jdk8/tl/nashorn: 8032954: Nashorn: extend Java.extend
Message-ID: <20140130133415.A25F4628B0@hg.openjdk.java.net>
Changeset: eca774d33fa4
Author: sundar
Date: 2014-01-30 19:04 +0530
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/eca774d33fa4
8032954: Nashorn: extend Java.extend
Reviewed-by: attila, jlaskey, ahgross
! src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java
! test/script/sandbox/classbind.js
! test/script/sandbox/classloader.js
! test/script/sandbox/classloader.js.EXPECTED
From sundararajan.athijegannathan at oracle.com Thu Jan 30 14:15:53 2014
From: sundararajan.athijegannathan at oracle.com (sundararajan.athijegannathan at oracle.com)
Date: Thu, 30 Jan 2014 14:15:53 +0000
Subject: hg: jdk8/tl/nashorn: 8032949: Nashorn linkages awry
Message-ID: <20140130141554.BFDAE628B3@hg.openjdk.java.net>
Changeset: c59fb10cb0b5
Author: sundar
Date: 2014-01-30 19:45 +0530
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/c59fb10cb0b5
8032949: Nashorn linkages awry
Reviewed-by: jlaskey, attila, ahgross
! src/jdk/nashorn/internal/objects/NativeObject.java
! src/jdk/nashorn/internal/runtime/linker/Bootstrap.java
! src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java
! src/jdk/nashorn/internal/runtime/linker/NashornStaticClassLinker.java
! src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java
! test/src/jdk/nashorn/api/scripting/ScriptEngineSecurityTest.java
! test/src/jdk/nashorn/api/scripting/ScriptEngineTest.java
From eric.mccorkle at oracle.com Thu Jan 30 19:28:02 2014
From: eric.mccorkle at oracle.com (eric.mccorkle at oracle.com)
Date: Thu, 30 Jan 2014 19:28:02 +0000
Subject: hg: jdk8/tl/nashorn: 8032681: Issues with Nashorn
Message-ID: <20140130192804.0C5A1628D4@hg.openjdk.java.net>
Changeset: 11b83c913cca
Author: attila
Date: 2014-01-30 20:14 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/nashorn/rev/11b83c913cca
8032681: Issues with Nashorn
Reviewed-by: ahgross, jlaskey, sundar
+ src/jdk/internal/dynalink/linker/GuardedTypeConversion.java
! src/jdk/internal/dynalink/linker/GuardingTypeConverterFactory.java
! src/jdk/internal/dynalink/support/LinkerServicesImpl.java
! src/jdk/internal/dynalink/support/TypeConverterFactory.java
! src/jdk/nashorn/api/scripting/NashornScriptEngine.java
! src/jdk/nashorn/internal/objects/NativeJava.java
! src/jdk/nashorn/internal/objects/NativeJavaImporter.java
! src/jdk/nashorn/internal/runtime/Context.java
! src/jdk/nashorn/internal/runtime/NativeJavaPackage.java
! src/jdk/nashorn/internal/runtime/ScriptFunction.java
! src/jdk/nashorn/internal/runtime/linker/AdaptationResult.java
! src/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java
! src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java
! src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java
! src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java
! src/jdk/nashorn/internal/runtime/linker/JavaAdapterServices.java
! src/jdk/nashorn/internal/runtime/linker/NashornBottomLinker.java
! src/jdk/nashorn/internal/runtime/linker/NashornLinker.java
! src/jdk/nashorn/internal/runtime/linker/NashornPrimitiveLinker.java
! src/jdk/nashorn/internal/runtime/linker/NashornStaticClassLinker.java
! src/jdk/nashorn/internal/runtime/resources/Messages.properties
! test/script/basic/JDK-8014647.js
! test/script/basic/JDK-8014647.js.EXPECTED
! test/script/basic/javaclassoverrides.js
! test/script/basic/javaclassoverrides.js.EXPECTED
! test/script/sandbox/javaextend.js
! test/script/sandbox/javaextend.js.EXPECTED
! test/src/jdk/nashorn/api/scripting/ScriptEngineSecurityTest.java
+ test/src/jdk/nashorn/test/models/ClassWithFinalFinalizer.java
+ test/src/jdk/nashorn/test/models/ClassWithInheritedFinalFinalizer.java
From paul.sandoz at oracle.com Fri Jan 31 11:24:09 2014
From: paul.sandoz at oracle.com (paul.sandoz at oracle.com)
Date: Fri, 31 Jan 2014 11:24:09 +0000
Subject: hg: jdk8/tl/jdk: 4 new changesets
Message-ID: <20140131112700.AFEF362911@hg.openjdk.java.net>
Changeset: 9f098aed44c0
Author: anazarov
Date: 2014-01-31 12:01 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9f098aed44c0
8032025: Update repeating annotations demo
Reviewed-by: jfranck
+ src/share/sample/annotations/DependencyChecker/PluginChecker/src/checker/Device.java
+ src/share/sample/annotations/DependencyChecker/PluginChecker/src/checker/Kettle.xml
+ src/share/sample/annotations/DependencyChecker/PluginChecker/src/checker/Module.java
+ src/share/sample/annotations/DependencyChecker/PluginChecker/src/checker/PluginChecker.java
+ src/share/sample/annotations/DependencyChecker/PluginChecker/src/checker/Require.java
+ src/share/sample/annotations/DependencyChecker/PluginChecker/src/checker/RequireContainer.java
+ src/share/sample/annotations/DependencyChecker/Plugins/src/plugins/BoilerPlugin.java
+ src/share/sample/annotations/DependencyChecker/Plugins/src/plugins/ExtendedBoilerPlugin.java
+ src/share/sample/annotations/DependencyChecker/Plugins/src/plugins/TimerPlugin.java
+ src/share/sample/annotations/Validator/src/PositiveIntegerSupplier.java
+ src/share/sample/annotations/Validator/src/SupplierValidator.java
+ src/share/sample/annotations/Validator/src/Validate.java
+ src/share/sample/annotations/Validator/src/Validator.java
+ src/share/sample/annotations/index.html
Changeset: f72a8df6a2ed
Author: anazarov
Date: 2014-01-31 12:01 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f72a8df6a2ed
8031650: Update bulk operation demo
Reviewed-by: psandoz, mduigou
+ src/share/sample/lambda/BulkDataOperations/index.html
+ src/share/sample/lambda/BulkDataOperations/src/CSVProcessor.java
+ src/share/sample/lambda/BulkDataOperations/src/Grep.java
+ src/share/sample/lambda/BulkDataOperations/src/PasswordGenerator.java
+ src/share/sample/lambda/BulkDataOperations/src/WC.java
Changeset: 4574011c1689
Author: anazarov
Date: 2014-01-31 12:01 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4574011c1689
8032020: Update try-with-resources demo
Reviewed-by: darcy, alanb, smarks
+ src/share/sample/try-with-resources/index.html
+ src/share/sample/try-with-resources/src/CustomAutoCloseableSample.java
+ src/share/sample/try-with-resources/src/Unzip.java
+ src/share/sample/try-with-resources/src/ZipCat.java
Changeset: a4f68fc5f353
Author: psandoz
Date: 2014-01-31 12:01 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a4f68fc5f353
8032056: Create demo to illustrate new practices of the default methods usage
Reviewed-by: briangoetz, rfield, psandoz
Contributed-by: taras.ledkov at oracle.com
+ src/share/sample/lambda/DefaultMethods/ArrayIterator.java
+ src/share/sample/lambda/DefaultMethods/DiamondInheritance.java
+ src/share/sample/lambda/DefaultMethods/Inheritance.java
+ src/share/sample/lambda/DefaultMethods/MixIn.java
+ src/share/sample/lambda/DefaultMethods/Reflection.java
+ src/share/sample/lambda/DefaultMethods/SimplestUsage.java
From eric.mccorkle at oracle.com Fri Jan 31 17:13:33 2014
From: eric.mccorkle at oracle.com (eric.mccorkle at oracle.com)
Date: Fri, 31 Jan 2014 17:13:33 +0000
Subject: hg: jdk8/tl/jdk: 8033278: Missed access checks for Lookup.unreflect*
after 8032585
Message-ID: <20140131171358.56F0A62926@hg.openjdk.java.net>
Changeset: f684c9773858
Author: vlivanov
Date: 2014-01-31 21:07 +0400
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f684c9773858
8033278: Missed access checks for Lookup.unreflect* after 8032585
Reviewed-by: jrose, twisti
! src/share/classes/sun/invoke/util/VerifyAccess.java
! test/java/lang/invoke/ProtectedMemberDifferentPackage/Test.java
! test/java/lang/invoke/ProtectedMemberDifferentPackage/p1/T2.java
! test/java/lang/invoke/ProtectedMemberDifferentPackage/p2/T3.java