From alan.bateman at oracle.com Tue May 1 03:19:40 2012 From: alan.bateman at oracle.com (alan.bateman at oracle.com) Date: Tue, 01 May 2012 10:19:40 +0000 Subject: hg: jdk8/tl/jdk: 7164570: (fs) WatchService queues CREATE event but not DELETE event for very short lived files [sol11] Message-ID: <20120501102003.7E06F470B3@hg.openjdk.java.net> Changeset: c22b2f9066dd Author: alanb Date: 2012-05-01 11:17 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c22b2f9066dd 7164570: (fs) WatchService queues CREATE event but not DELETE event for very short lived files [sol11] Reviewed-by: chegar ! src/solaris/classes/sun/nio/fs/SolarisWatchService.java + test/java/nio/file/WatchService/MayFlies.java From xuelei.fan at oracle.com Tue May 1 03:53:55 2012 From: xuelei.fan at oracle.com (xuelei.fan at oracle.com) Date: Tue, 01 May 2012 10:53:55 +0000 Subject: hg: jdk8/tl/jdk: 7158688: Typo in SSLContext Spec Message-ID: <20120501105406.79860470B4@hg.openjdk.java.net> Changeset: 71fdf32fdc65 Author: xuelei Date: 2012-05-01 03:48 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/71fdf32fdc65 7158688: Typo in SSLContext Spec Reviewed-by: weijun, wetmore ! src/share/classes/javax/net/ssl/SSLContext.java From lana.steuck at oracle.com Tue May 1 11:44:05 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Tue, 01 May 2012 18:44:05 +0000 Subject: hg: jdk8/tl: Added tag jdk8-b36 for changeset 6a6ba0a07f33 Message-ID: <20120501184406.02FD6470BA@hg.openjdk.java.net> Changeset: 47aa0ddc9126 Author: katleman Date: 2012-04-26 14:04 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/47aa0ddc9126 Added tag jdk8-b36 for changeset 6a6ba0a07f33 ! .hgtags From lana.steuck at oracle.com Tue May 1 11:44:07 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Tue, 01 May 2012 18:44:07 +0000 Subject: hg: jdk8/tl/corba: 2 new changesets Message-ID: <20120501184410.489D0470BB@hg.openjdk.java.net> Changeset: 83fac66442cf Author: katleman Date: 2012-04-26 14:05 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/83fac66442cf Added tag jdk8-b36 for changeset a5a61f259961 ! .hgtags Changeset: 4a653e435441 Author: lana Date: 2012-05-01 11:29 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/4a653e435441 Merge From lana.steuck at oracle.com Tue May 1 11:44:09 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Tue, 01 May 2012 18:44:09 +0000 Subject: hg: jdk8/tl/jaxws: Added tag jdk8-b36 for changeset 89b36c658e39 Message-ID: <20120501184414.AD2B9470BC@hg.openjdk.java.net> Changeset: b05a948db1b6 Author: katleman Date: 2012-04-26 14:06 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/b05a948db1b6 Added tag jdk8-b36 for changeset 89b36c658e39 ! .hgtags From lana.steuck at oracle.com Tue May 1 11:44:10 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Tue, 01 May 2012 18:44:10 +0000 Subject: hg: jdk8/tl/hotspot: Added tag jdk8-b36 for changeset 50b4400ca1ec Message-ID: <20120501184416.9C575470BD@hg.openjdk.java.net> Changeset: bfcf92bfefb8 Author: katleman Date: 2012-04-26 14:05 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/bfcf92bfefb8 Added tag jdk8-b36 for changeset 50b4400ca1ec ! .hgtags From lana.steuck at oracle.com Tue May 1 11:44:11 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Tue, 01 May 2012 18:44:11 +0000 Subject: hg: jdk8/tl/jaxp: Added tag jdk8-b36 for changeset cfd288fe1d3e Message-ID: <20120501184416.9FA7C470BE@hg.openjdk.java.net> Changeset: c388369cf4da Author: katleman Date: 2012-04-26 14:06 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/c388369cf4da Added tag jdk8-b36 for changeset cfd288fe1d3e ! .hgtags From lana.steuck at oracle.com Tue May 1 11:44:14 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Tue, 01 May 2012 18:44:14 +0000 Subject: hg: jdk8/tl/langtools: Added tag jdk8-b36 for changeset 94bbaa67686f Message-ID: <20120501184417.45665470C1@hg.openjdk.java.net> Changeset: 5891b38985e8 Author: katleman Date: 2012-04-26 14:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/5891b38985e8 Added tag jdk8-b36 for changeset 94bbaa67686f ! .hgtags From lana.steuck at oracle.com Tue May 1 11:44:17 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Tue, 01 May 2012 18:44:17 +0000 Subject: hg: jdk8/tl/jdk: 2 new changesets Message-ID: <20120501184444.65216470C2@hg.openjdk.java.net> Changeset: 9e82ac15ab80 Author: katleman Date: 2012-04-26 14:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9e82ac15ab80 Added tag jdk8-b36 for changeset 45da9cb055ee ! .hgtags Changeset: 6c9c3d7ce9e2 Author: lana Date: 2012-05-01 11:30 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6c9c3d7ce9e2 Merge From mandy.chung at oracle.com Tue May 1 19:47:40 2012 From: mandy.chung at oracle.com (mandy.chung at oracle.com) Date: Wed, 02 May 2012 02:47:40 +0000 Subject: hg: jdk8/tl/jdk: 7164376: Replace use of sun.security.action.LoadLibraryAction with System.loadLibrary Message-ID: <20120502024757.A5CE9470D8@hg.openjdk.java.net> Changeset: 46e0bd218fcc Author: mchung Date: 2012-05-01 19:45 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46e0bd218fcc 7164376: Replace use of sun.security.action.LoadLibraryAction with System.loadLibrary Reviewed-by: alanb, mullan, prr ! src/macosx/classes/apple/launcher/JavaAppLauncher.java ! src/macosx/classes/apple/security/KeychainStore.java ! src/macosx/classes/com/apple/concurrent/LibDispatchNative.java ! src/macosx/classes/com/apple/eawt/Application.java ! src/macosx/classes/com/apple/eio/FileManager.java ! src/macosx/classes/com/apple/laf/AquaFileView.java ! src/macosx/classes/com/apple/laf/AquaLookAndFeel.java ! src/macosx/classes/com/apple/laf/AquaNativeResources.java ! src/macosx/classes/com/apple/laf/ScreenMenu.java ! src/macosx/classes/com/apple/laf/ScreenPopupFactory.java ! src/macosx/classes/java/util/prefs/MacOSXPreferencesFile.java ! src/macosx/classes/sun/awt/CGraphicsEnvironment.java ! src/macosx/classes/sun/lwawt/macosx/CAccessibility.java ! src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java ! src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java ! src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java ! src/share/classes/java/awt/SplashScreen.java ! src/share/classes/java/awt/Toolkit.java ! src/share/classes/java/awt/event/NativeLibLoader.java ! src/share/classes/java/awt/image/ColorModel.java ! src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java ! src/share/classes/java/net/AbstractPlainSocketImpl.java ! src/share/classes/java/net/DatagramPacket.java ! src/share/classes/java/net/InetAddress.java ! src/share/classes/java/net/NetworkInterface.java ! src/share/classes/sun/awt/NativeLibLoader.java ! src/share/classes/sun/awt/image/JPEGImageDecoder.java ! src/share/classes/sun/awt/image/NativeLibLoader.java ! src/share/classes/sun/java2d/Disposer.java ! src/share/classes/sun/management/ManagementFactoryHelper.java ! src/share/classes/sun/net/sdp/SdpSupport.java ! src/share/classes/sun/net/spi/DefaultProxySelector.java ! src/share/classes/sun/nio/ch/Util.java - src/share/classes/sun/security/action/LoadLibraryAction.java ! src/share/classes/sun/security/krb5/SCDynamicStoreConfig.java ! src/share/classes/sun/security/smartcardio/PCSC.java ! src/share/classes/sun/tracing/dtrace/JVM.java ! src/solaris/classes/sun/management/FileSystemImpl.java ! src/solaris/classes/sun/net/dns/ResolverConfigurationImpl.java ! src/solaris/classes/sun/nio/ch/sctp/SctpChannelImpl.java ! src/solaris/classes/sun/nio/ch/sctp/SctpMultiChannelImpl.java ! src/solaris/classes/sun/nio/ch/sctp/SctpServerChannelImpl.java ! src/solaris/classes/sun/print/CUPSPrinter.java ! src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java ! src/windows/classes/sun/awt/windows/WToolkit.java ! src/windows/classes/sun/management/FileSystemImpl.java ! src/windows/classes/sun/net/dns/ResolverConfigurationImpl.java ! src/windows/classes/sun/print/Win32PrintServiceLookup.java ! src/windows/classes/sun/security/smartcardio/PlatformPCSC.java From vincent.x.ryan at oracle.com Wed May 2 06:51:19 2012 From: vincent.x.ryan at oracle.com (vincent.x.ryan at oracle.com) Date: Wed, 02 May 2012 13:51:19 +0000 Subject: hg: jdk8/tl/jdk: 7087021: TEST: com/sun/crypto/provider/Mac/MacClone.java failed on Solaris sparc 5.10 Message-ID: <20120502135137.7263B470E8@hg.openjdk.java.net> Changeset: d78c6095dc98 Author: vinnie Date: 2012-05-02 14:50 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d78c6095dc98 7087021: TEST: com/sun/crypto/provider/Mac/MacClone.java failed on Solaris sparc 5.10 Reviewed-by: mullan ! test/com/sun/crypto/provider/Mac/MacClone.java From artem.ananiev at oracle.com Wed May 2 11:09:00 2012 From: artem.ananiev at oracle.com (Artem Ananiev) Date: Wed, 02 May 2012 22:09:00 +0400 Subject: Review Request: 7164376 Replace use of sun.security.action.LoadLibraryAction In-Reply-To: <4F9998CF.9000308@oracle.com> References: <4F9998CF.9000308@oracle.com> Message-ID: <4FA1783C.7030809@oracle.com> Hi, Mandy, the client part of the fix looks fine. Let me ask a naive question, though. From your explanation, I see that System.loadLibrary() is now aware of modules. What prevents us to change LoadLibraryAction the same way? "FROM" code looks much more elegant than the new (the old?) "TO" one. Thanks, Artem On 4/26/2012 10:49 PM, Mandy Chung wrote: > 7164376 Replace use of sun.security.action.LoadLibraryAction > with direct call of System.loadLibrary > > Webrev: > http://cr.openjdk.java.net/~mchung/jdk8/webrevs/7164376/webrev.00/ > > This change is required for jdk modularization. High level summary: > it replaces the use of LoadLibraryAction: > > FROM: > java.security.AccessController.doPrivileged(new LoadLibraryAction("net")); > > TO: > AccessController.doPrivileged( > new java.security.PrivilegedAction() { > public Void run() { > System.loadLibrary("net"); > return null; > } > }); > > It touches files in awt, security and serviceability area (cc'ed). > For this type of simple change, I think 1-2 reviewers can > review all files (simpler to review jdk.patch) and no need > for all teams to do the reviews. > > System.loadLibrary and Runtime.loadLibrary loads a system library of the > given > library name that requires RuntimePermission("loadLibrary."+lib) > permission. > Many places in the JDK code loading a system native library is using the > sun.security.action.LoadLibraryAction convenient class that will load the > system library as a privileged action: > java.security.AccessController.doPrivileged(new LoadLibraryAction("net")); > > The search path of native libraries are coupled with an associated class > loader. > For example, the application class loader uses the path specified in the > "java.library.path" system property for native library lookup. The > loadLibrary > implementation uses the caller's class loader for finding the native > library being > requested. For system libraries, the class loader is null and the system > library > lookup is handled as a special case. When the > sun.security.action.LoadLibraryAction > class is used that is the caller of System.loadLibrary, the caller's > class loader > in this case is "null" loader and thus it always finds the native > library from > the system library path. > > In a modular world, JDK modules may be loaded by multiple different > module class > loader. The following code would not work if it is expected to load a > native > library from a module which is not the module where the > sun.security.action.LoadLibraryAction lives. > > For example, the management module is trying to load libmanagement.so. > Calling > the following will fail to find libmanagement.so because the caller of > System.loadLibrary is the LoadLibraryAction which is in the base module > and search the library from the base module only. To prepare for jdk > modularization, the use of LoadLibraryAction should be replaced with > a direct call of System.loadLibrary. > > This patch also removes sun.security.action.LoadLibraryAction > class to avoid regression. > > Thanks > Mandy > From mandy.chung at oracle.com Wed May 2 11:30:30 2012 From: mandy.chung at oracle.com (Mandy Chung) Date: Wed, 02 May 2012 11:30:30 -0700 Subject: Review Request: 7164376 Replace use of sun.security.action.LoadLibraryAction In-Reply-To: <4FA1783C.7030809@oracle.com> References: <4F9998CF.9000308@oracle.com> <4FA1783C.7030809@oracle.com> Message-ID: <4FA17D46.1070805@oracle.com> On 5/2/2012 11:09 AM, Artem Ananiev wrote: > Hi, Mandy, > > the client part of the fix looks fine. Thanks for the review. I have pushed the changeset and hope you don't mind I couldn't fix the changeset comment to add you as a reviewer. > Let me ask a naive question, though. > > From your explanation, I see that System.loadLibrary() is now aware of > modules. What prevents us to change LoadLibraryAction the same way? > "FROM" code looks much more elegant than the new (the old?) "TO" one. > I would say the old code is little compact than the new one and both versions look elegant to me. The fix here is to get the caller of System.loadLibrary be in the same class loader as the native library being loaded (see ClassLoader.findLibrary). Another alternative is that each component can have its own copy of LoadLibraryAction (e.g. sun.awt.LoadLibraryAction) and so you can modify the old code like this: java.security.AccessController.doPrivileged(new sun.awt.LoadLibraryAction("awt")); provided that sun.awt.LoadLibraryAction is loaded by the same class loader with whom awt.dll is associated. Adding one copy of this simple LoadLibraryAction utility class for each component seems overkill and also error-prone e.g. refactoring a module into two modules require adding another copy of this per-module utility class if both have native libraries. This is certainly an option if the component team prefers to use the utility class. Mandy > Thanks, > > Artem > > On 4/26/2012 10:49 PM, Mandy Chung wrote: >> 7164376 Replace use of sun.security.action.LoadLibraryAction >> with direct call of System.loadLibrary >> >> Webrev: >> http://cr.openjdk.java.net/~mchung/jdk8/webrevs/7164376/webrev.00/ >> >> This change is required for jdk modularization. High level summary: >> it replaces the use of LoadLibraryAction: >> >> FROM: >> java.security.AccessController.doPrivileged(new >> LoadLibraryAction("net")); >> >> TO: >> AccessController.doPrivileged( >> new java.security.PrivilegedAction() { >> public Void run() { >> System.loadLibrary("net"); >> return null; >> } >> }); >> >> It touches files in awt, security and serviceability area (cc'ed). >> For this type of simple change, I think 1-2 reviewers can >> review all files (simpler to review jdk.patch) and no need >> for all teams to do the reviews. >> >> System.loadLibrary and Runtime.loadLibrary loads a system library of the >> given >> library name that requires RuntimePermission("loadLibrary."+lib) >> permission. >> Many places in the JDK code loading a system native library is using the >> sun.security.action.LoadLibraryAction convenient class that will load >> the >> system library as a privileged action: >> java.security.AccessController.doPrivileged(new >> LoadLibraryAction("net")); >> >> The search path of native libraries are coupled with an associated class >> loader. >> For example, the application class loader uses the path specified in the >> "java.library.path" system property for native library lookup. The >> loadLibrary >> implementation uses the caller's class loader for finding the native >> library being >> requested. For system libraries, the class loader is null and the system >> library >> lookup is handled as a special case. When the >> sun.security.action.LoadLibraryAction >> class is used that is the caller of System.loadLibrary, the caller's >> class loader >> in this case is "null" loader and thus it always finds the native >> library from >> the system library path. >> >> In a modular world, JDK modules may be loaded by multiple different >> module class >> loader. The following code would not work if it is expected to load a >> native >> library from a module which is not the module where the >> sun.security.action.LoadLibraryAction lives. >> >> For example, the management module is trying to load libmanagement.so. >> Calling >> the following will fail to find libmanagement.so because the caller of >> System.loadLibrary is the LoadLibraryAction which is in the base module >> and search the library from the base module only. To prepare for jdk >> modularization, the use of LoadLibraryAction should be replaced with >> a direct call of System.loadLibrary. >> >> This patch also removes sun.security.action.LoadLibraryAction >> class to avoid regression. >> >> Thanks >> Mandy >> From alan.bateman at oracle.com Wed May 2 12:15:24 2012 From: alan.bateman at oracle.com (alan.bateman at oracle.com) Date: Wed, 02 May 2012 19:15:24 +0000 Subject: hg: jdk8/tl/jdk: 7165102: Only run assertion on Integer autoboxing cache size once Message-ID: <20120502191548.7B127470F1@hg.openjdk.java.net> Changeset: bb2cefc89bc0 Author: forax Date: 2012-05-02 20:01 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/bb2cefc89bc0 7165102: Only run assertion on Integer autoboxing cache size once Reviewed-by: darcy, alanb ! src/share/classes/java/lang/Integer.java From alan.bateman at oracle.com Wed May 2 13:47:22 2012 From: alan.bateman at oracle.com (alan.bateman at oracle.com) Date: Wed, 02 May 2012 20:47:22 +0000 Subject: hg: jdk8/tl/jdk: 7160714: Strange or obsolete @see tags in some exception java.util javadoc Message-ID: <20120502204733.6B314470F7@hg.openjdk.java.net> Changeset: 531ebfd8eb65 Author: jgish Date: 2012-05-02 21:46 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/531ebfd8eb65 7160714: Strange or obsolete @see tags in some exception java.util javadoc Reviewed-by: mduigou, dholmes, alanb ! src/share/classes/java/util/NoSuchElementException.java From luchsh at linux.vnet.ibm.com Thu May 3 01:26:08 2012 From: luchsh at linux.vnet.ibm.com (Jonathan Lu) Date: Thu, 03 May 2012 16:26:08 +0800 Subject: Behavior difference when open file dialog from applet In-Reply-To: <4F952B84.2030601@linux.vnet.ibm.com> References: <4F83AAD1.7030800@linux.vnet.ibm.com> <4F857ADF.6040607@linux.vnet.ibm.com> <4F8E66F0.1050309@linux.vnet.ibm.com> <4F903DCF.5030807@oracle.com> <4F915784.3010705@oracle.com> <4F952B84.2030601@linux.vnet.ibm.com> Message-ID: <4FA24120.8070409@linux.vnet.ibm.com> Hello, how about just change the code like following patch by adding a security check point before invoking the native dialog. http://cr.openjdk.java.net/~luchsh/webrev_gtk_file_dialog/ Best regards! - Jonathan On 04/23/2012 06:14 PM, Jonathan Lu wrote: > Basically the existance checking of files and directory without > explicitly granted permissions do not look very friendly to me > especially for applet code from the web. This might be a helpful way > for hackers to infer OS version, user habit or software config from > the directory layout retrieved by a file dialog. > > Any comments from the security list? > > best regards! > -Jonathan > > On 04/20/2012 08:33 PM, Anthony Petrov wrote: >> OTOH, using a file dialog may allow one (with a little help from a >> user) to check a file or a directory for existence which may be >> considered a security vulnerability. This is actually the reason the >> exception is thrown by XFileDialogPeer in the first place: it gets >> thrown when the code calls File.isDirectory() when setting the >> initial directory for the dialog. >> >> Not sure if this ability is much useful by itself, or if this >> vulnerability is "convenient" for hackers to use since it involves >> the user, but still this doesn't feel like a benign thing to me. >> >> What do security experts think about that? >> >> -- >> best regards, >> Anthony >> >> On 4/19/2012 8:31 PM, Artem Ananiev wrote: >>> Hi, Jonathan, >>> >>> you're right, GTK and X file dialogs behave differently when >>> SecurityManager is installed. However, instead of changing GTK >>> dialogs, I propose to correct X dialogs, so they don't throw >>> security exceptions. >>> >>> Indeed, application may create arbitrary java.io.File objects >>> without any permissions. File permissions are only checked when >>> application tries to read from, or write into, or just open the >>> file. AWT file dialogs are about getting File objects, they don't >>> provide access to File content (be it a regular file or a >>> directory), so I don't see any reasons to throw exceptions. >>> >>> What do you think about it? >>> >>> Thanks, >>> >>> Artem >>> >>> On 4/18/2012 11:02 AM, Jonathan Lu wrote: >>>> Hello, is anybody interested in this problem? >>>> >>>> it seems to be a generic question of how to control security access in >>>> JNI native implementation of JDK. >>>> And consider the behavior differences, is it neccessary to reimplement >>>> Gtk file dialog in the same way as X dialog? >>>> >>>> Regards >>>> - Jonathan >>>> >>>> On 04/11/2012 08:36 PM, Jonathan Lu wrote: >>>>> >>>>> Hi awt-dev, >>>>> >>>>> I found a behavior difference when open file dialog from an >>>>> applet, bug >>>>> 7160238 has been created for this issue. >>>>> Here's the tiny test case to helping reproduce the problem, >>>>> >>>>> /* >>>>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights >>>>> reserved. >>>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. >>>>> * >>>>> * This code is free software; you can redistribute it and/or >>>>> modify it >>>>> * under the terms of the GNU General Public License version 2 >>>>> only, as >>>>> * published by the Free Software Foundation. >>>>> * >>>>> * This code is distributed in the hope that it will be useful, but >>>>> WITHOUT >>>>> * ANY WARRANTY; without even the implied warranty of >>>>> MERCHANTABILITY or >>>>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public >>>>> License >>>>> * version 2 for more details (a copy is included in the LICENSE >>>>> file that >>>>> * accompanied this code). >>>>> * >>>>> * You should have received a copy of the GNU General Public License >>>>> version >>>>> * 2 along with this work; if not, write to the Free Software >>>>> Foundation, >>>>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. >>>>> * >>>>> * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA >>>>> 94065 USA >>>>> * or visit www.oracle.com if you need additional information or >>>>> have any >>>>> * questions. >>>>> */ >>>>> >>>>> /* >>>>> * Portions Copyright (c) 2012 IBM Corporation >>>>> */ >>>>> >>>>> import java.applet.Applet; >>>>> import java.awt.Button; >>>>> import java.awt.FileDialog; >>>>> import java.awt.Frame; >>>>> import java.awt.event.ActionEvent; >>>>> import java.awt.event.ActionListener; >>>>> >>>>> public class FileDialogTest extends Applet { >>>>> @Override >>>>> public void init() { >>>>> Button button = new Button("Open FileDialog"); >>>>> add(button); >>>>> button.addActionListener(new ActionListener() { >>>>> @Override >>>>> public void actionPerformed(ActionEvent event) { >>>>> Frame f = new Frame(); >>>>> FileDialog dialog = new FileDialog(f, "FileDialog"); >>>>> dialog.show(); >>>>> } >>>>> }); >>>>> } >>>>> } >>>>> >>>>> Embeded it into an HTML document, test.html, then run appletviewer >>>>> with >>>>> following two commands, >>>>> appletviewer -J-Dsun.awt.disableGtkFileDialogs=true test.html >>>>> appletviewer -J-Dsun.awt.disableGtkFileDialogs=false test.html >>>>> >>>>> The result will be different, -J-Dsun.awt.disableGtkFileDialogs=true >>>>> will throw AccessControlException, but >>>>> -J-Dsun.awt.disableGtkFileDialogs=false will continue to open a file >>>>> dialog. >>>>> >>>>> According to the specification: >>>>> The basic applet security model is an all or nothing proposition. >>>>> If you >>>>> get a security certificate, you can give the applet full access to >>>>> the >>>>> user's system. Without it, the applet has virtually no access at all. >>>>> >>>>> Since file dialog displays the content of user's file system, so it >>>>> absolutely needs file system read permmission, right? but for Gtk >>>>> File >>>>> Dialog, it just works fine without exceptions. I don't think this >>>>> behavior is following the spec here, right? In OpenJDK's source code, >>>>> GtkFileDialogPeer will create a native GTK file chooser widget and >>>>> keep >>>>> a native pointer, does this leave a breach to Java applet's security >>>>> model? >>>>> >>>>> Cheers! >>>>> - Jonathan >>>>> >>>>> >>>> > From xuelei.fan at oracle.com Thu May 3 21:37:35 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Fri, 04 May 2012 12:37:35 +0800 Subject: Code review request, CR 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites Message-ID: <4FA35D0F.5040704@oracle.com> Hi, Please review the synchronization issue in SSLContextImpl. bug detail: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7153184 webrev: http://cr.openjdk.java.net/~xuelei/7153184/webrev.00/ No new regression test, simple fix and hard to reproduce the issue. Thanks, Xuelei From weijun.wang at oracle.com Fri May 4 00:31:50 2012 From: weijun.wang at oracle.com (Weijun Wang) Date: Fri, 04 May 2012 15:31:50 +0800 Subject: Code review request, CR 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites In-Reply-To: <4FA35D0F.5040704@oracle.com> References: <4FA35D0F.5040704@oracle.com> Message-ID: <4FA385E6.3080909@oracle.com> The fix is good, but I think you are over-commenting. Everyone seeing the synchronized keyword knows what it means. You can keep the new lines at 380-381. Thanks Max On 05/04/2012 12:37 PM, Xuelei Fan wrote: > Hi, > > Please review the synchronization issue in SSLContextImpl. > > bug detail: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7153184 > webrev: http://cr.openjdk.java.net/~xuelei/7153184/webrev.00/ > > No new regression test, simple fix and hard to reproduce the issue. > > Thanks, > Xuelei From Xuelei.Fan at Oracle.Com Fri May 4 01:24:07 2012 From: Xuelei.Fan at Oracle.Com (Xuelei Fan) Date: Fri, 4 May 2012 16:24:07 +0800 Subject: Code review request, CR 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites In-Reply-To: <4FA385E6.3080909@oracle.com> References: <4FA35D0F.5040704@oracle.com> <4FA385E6.3080909@oracle.com> Message-ID: On May 4, 2012, at 3:31 PM, Weijun Wang wrote: > The fix is good, but I think you are over-commenting. Everyone seeing the synchronized keyword knows what it means. You can keep the new lines at 380-381. > Thanks for the review. The purpose of the over-commenting is to avoid to use synchronized methods instead of synchronized block in the future. Thanks, Xuelei > Thanks > Max > > On 05/04/2012 12:37 PM, Xuelei Fan wrote: >> Hi, >> >> Please review the synchronization issue in SSLContextImpl. >> >> bug detail: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7153184 >> webrev: http://cr.openjdk.java.net/~xuelei/7153184/webrev.00/ >> >> No new regression test, simple fix and hard to reproduce the issue. >> >> Thanks, >> Xuelei From weijun.wang at oracle.com Fri May 4 01:39:17 2012 From: weijun.wang at oracle.com (Weijun Wang) Date: Fri, 04 May 2012 16:39:17 +0800 Subject: Code review request, CR 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites In-Reply-To: References: <4FA35D0F.5040704@oracle.com> <4FA385E6.3080909@oracle.com> Message-ID: <4FA395B5.2070208@oracle.com> On 05/04/2012 04:24 PM, Xuelei Fan wrote: > On May 4, 2012, at 3:31 PM, Weijun Wang wrote: > >> The fix is good, but I think you are over-commenting. Everyone seeing the synchronized keyword knows what it means. You can keep the new lines at 380-381. >> > Thanks for the review. The purpose of the over-commenting is to avoid to use synchronized methods instead of synchronized block in the future. You mean you are afraid that someone will add the synchronized keyword to the clearAvailableCache method again? You can keep 380-381. -Max > > Thanks, > Xuelei > >> Thanks >> Max >> >> On 05/04/2012 12:37 PM, Xuelei Fan wrote: >>> Hi, >>> >>> Please review the synchronization issue in SSLContextImpl. >>> >>> bug detail: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7153184 >>> webrev: http://cr.openjdk.java.net/~xuelei/7153184/webrev.00/ >>> >>> No new regression test, simple fix and hard to reproduce the issue. >>> >>> Thanks, >>> Xuelei From xuelei.fan at oracle.com Fri May 4 01:51:13 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Fri, 04 May 2012 16:51:13 +0800 Subject: Code review request, CR 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites In-Reply-To: <4FA395B5.2070208@oracle.com> References: <4FA35D0F.5040704@oracle.com> <4FA385E6.3080909@oracle.com> <4FA395B5.2070208@oracle.com> Message-ID: <4FA39881.3040703@oracle.com> On 5/4/2012 4:39 PM, Weijun Wang wrote: > > > On 05/04/2012 04:24 PM, Xuelei Fan wrote: >> On May 4, 2012, at 3:31 PM, Weijun Wang wrote: >> >>> The fix is good, but I think you are over-commenting. Everyone seeing >>> the synchronized keyword knows what it means. You can keep the new >>> lines at 380-381. >>> >> Thanks for the review. The purpose of the over-commenting is to avoid >> to use synchronized methods instead of synchronized block in the future. > > You mean you are afraid that someone will add the synchronized keyword > to the clearAvailableCache method again? You can keep 380-381. > I'm afraid some one move the synchronized keyword to getSuportedCipherSuiteList method or getDefaultCipherSuiteList method as: synchronized CipherSuiteList getSuportedCipherSuiteList(); synchronized CipherSuiteList getDefaultCipherSuiteList(boolean); The above two methods cannot be called at the same time in different threads. Thanks, Xuelei > -Max > >> >> Thanks, >> Xuelei >> >>> Thanks >>> Max >>> >>> On 05/04/2012 12:37 PM, Xuelei Fan wrote: >>>> Hi, >>>> >>>> Please review the synchronization issue in SSLContextImpl. >>>> >>>> bug detail: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7153184 >>>> webrev: http://cr.openjdk.java.net/~xuelei/7153184/webrev.00/ >>>> >>>> No new regression test, simple fix and hard to reproduce the issue. >>>> >>>> Thanks, >>>> Xuelei From weijun.wang at oracle.com Fri May 4 04:40:00 2012 From: weijun.wang at oracle.com (Weijun Wang) Date: Fri, 04 May 2012 19:40:00 +0800 Subject: Code review request, CR 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites In-Reply-To: <4FA39881.3040703@oracle.com> References: <4FA35D0F.5040704@oracle.com> <4FA385E6.3080909@oracle.com> <4FA395B5.2070208@oracle.com> <4FA39881.3040703@oracle.com> Message-ID: <4FA3C010.80501@oracle.com> OK, go on with your code changes, I just think that writing "// The maintenance of ciphet suites needs to be synchronized." before a synchronized keyword is a little redundant. BTW, the line above has a typo, s/ciphet/cipher/. -Max On 05/04/2012 04:51 PM, Xuelei Fan wrote: > On 5/4/2012 4:39 PM, Weijun Wang wrote: >> >> >> On 05/04/2012 04:24 PM, Xuelei Fan wrote: >>> On May 4, 2012, at 3:31 PM, Weijun Wang wrote: >>> >>>> The fix is good, but I think you are over-commenting. Everyone seeing >>>> the synchronized keyword knows what it means. You can keep the new >>>> lines at 380-381. >>>> >>> Thanks for the review. The purpose of the over-commenting is to avoid >>> to use synchronized methods instead of synchronized block in the future. >> >> You mean you are afraid that someone will add the synchronized keyword >> to the clearAvailableCache method again? You can keep 380-381. >> > I'm afraid some one move the synchronized keyword to > getSuportedCipherSuiteList method or getDefaultCipherSuiteList method as: > > synchronized CipherSuiteList getSuportedCipherSuiteList(); > synchronized CipherSuiteList getDefaultCipherSuiteList(boolean); > > The above two methods cannot be called at the same time in different > threads. > > Thanks, > Xuelei > >> -Max >> >>> >>> Thanks, >>> Xuelei >>> >>>> Thanks >>>> Max >>>> >>>> On 05/04/2012 12:37 PM, Xuelei Fan wrote: >>>>> Hi, >>>>> >>>>> Please review the synchronization issue in SSLContextImpl. >>>>> >>>>> bug detail: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7153184 >>>>> webrev: http://cr.openjdk.java.net/~xuelei/7153184/webrev.00/ >>>>> >>>>> No new regression test, simple fix and hard to reproduce the issue. >>>>> >>>>> Thanks, >>>>> Xuelei > From kumar.x.srinivasan at oracle.com Fri May 4 09:00:57 2012 From: kumar.x.srinivasan at oracle.com (kumar.x.srinivasan at oracle.com) Date: Fri, 04 May 2012 16:00:57 +0000 Subject: hg: jdk8/tl/langtools: 7166010: (javac) JavacMessager incorrectly restores log source file Message-ID: <20120504160059.9C88647156@hg.openjdk.java.net> Changeset: d10db3576c08 Author: ksrini Date: 2012-05-04 07:55 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/d10db3576c08 7166010: (javac) JavacMessager incorrectly restores log source file Reviewed-by: jjg Contributed-by: jan.lahoda at oracle.com ! src/share/classes/com/sun/tools/javac/processing/JavacMessager.java + test/tools/javac/processing/messager/MessagerDiags.java From lance.andersen at oracle.com Fri May 4 13:02:17 2012 From: lance.andersen at oracle.com (lance.andersen at oracle.com) Date: Fri, 04 May 2012 20:02:17 +0000 Subject: hg: jdk8/tl/jdk: 7166598: FilteredRowSetImpl can result in Invalid Cursor Position Message-ID: <20120504200228.53CE747161@hg.openjdk.java.net> Changeset: 4580652d9828 Author: lancea Date: 2012-05-04 16:00 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4580652d9828 7166598: FilteredRowSetImpl can result in Invalid Cursor Position Reviewed-by: lancea Contributed-by: Knut Anders Hatlen ! src/share/classes/com/sun/rowset/FilteredRowSetImpl.java From sean.mullan at oracle.com Fri May 4 13:19:29 2012 From: sean.mullan at oracle.com (Sean Mullan) Date: Fri, 04 May 2012 16:19:29 -0400 Subject: Proposed API Changes for JEP 124: Enhance the Certificate Revocation-Checking API Message-ID: <4FA439D1.2070504@oracle.com> Hi, As part of JEP 124 [1] I have been working on a few API changes for JDK 8 that will help improve the API for validating and checking revocation status of certificates in a certificate chain. I have posted a README and a specdiff of my proposed API changes for review: http://cr.openjdk.java.net/~mullan/jeps/124/api/draft.03/README.html The README gives a couple of examples and the specdiff shows the API changes in javadoc compared against the latest JDK 8 sources. Please review the API changes and send any comments to the list. I would prefer to get any comments by the end of next week, if possible. Thanks, Sean [1] http://openjdk.java.net/jeps/124 From xuelei.fan at oracle.com Fri May 4 17:31:24 2012 From: xuelei.fan at oracle.com (xuelei.fan at oracle.com) Date: Sat, 05 May 2012 00:31:24 +0000 Subject: hg: jdk8/tl/jdk: 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites Message-ID: <20120505003134.C962847165@hg.openjdk.java.net> Changeset: 41d3f7509e00 Author: xuelei Date: 2012-05-04 17:28 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/41d3f7509e00 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites Reviewed-by: weijun ! src/share/classes/sun/security/ssl/SSLContextImpl.java From xuelei.fan at oracle.com Fri May 4 17:33:44 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Sat, 05 May 2012 08:33:44 +0800 Subject: Code review request, CR 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites In-Reply-To: <4FA3C010.80501@oracle.com> References: <4FA35D0F.5040704@oracle.com> <4FA385E6.3080909@oracle.com> <4FA395B5.2070208@oracle.com> <4FA39881.3040703@oracle.com> <4FA3C010.80501@oracle.com> Message-ID: <4FA47568.80307@oracle.com> Thanks for the review. The changeset is integrated as: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/41d3f7509e00 Thanks, Xuelei On 5/4/2012 7:40 PM, Weijun Wang wrote: > OK, go on with your code changes, I just think that writing "// The > maintenance of ciphet suites needs to be synchronized." before a > synchronized keyword is a little redundant. > > BTW, the line above has a typo, s/ciphet/cipher/. > > -Max > > > On 05/04/2012 04:51 PM, Xuelei Fan wrote: >> On 5/4/2012 4:39 PM, Weijun Wang wrote: >>> >>> >>> On 05/04/2012 04:24 PM, Xuelei Fan wrote: >>>> On May 4, 2012, at 3:31 PM, Weijun Wang >>>> wrote: >>>> >>>>> The fix is good, but I think you are over-commenting. Everyone seeing >>>>> the synchronized keyword knows what it means. You can keep the new >>>>> lines at 380-381. >>>>> >>>> Thanks for the review. The purpose of the over-commenting is to avoid >>>> to use synchronized methods instead of synchronized block in the >>>> future. >>> >>> You mean you are afraid that someone will add the synchronized keyword >>> to the clearAvailableCache method again? You can keep 380-381. >>> >> I'm afraid some one move the synchronized keyword to >> getSuportedCipherSuiteList method or getDefaultCipherSuiteList method as: >> >> synchronized CipherSuiteList getSuportedCipherSuiteList(); >> synchronized CipherSuiteList getDefaultCipherSuiteList(boolean); >> >> The above two methods cannot be called at the same time in different >> threads. >> >> Thanks, >> Xuelei >> >>> -Max >>> >>>> >>>> Thanks, >>>> Xuelei >>>> >>>>> Thanks >>>>> Max >>>>> >>>>> On 05/04/2012 12:37 PM, Xuelei Fan wrote: >>>>>> Hi, >>>>>> >>>>>> Please review the synchronization issue in SSLContextImpl. >>>>>> >>>>>> bug detail: >>>>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7153184 >>>>>> webrev: http://cr.openjdk.java.net/~xuelei/7153184/webrev.00/ >>>>>> >>>>>> No new regression test, simple fix and hard to reproduce the issue. >>>>>> >>>>>> Thanks, >>>>>> Xuelei >> From xuelei.fan at oracle.com Sat May 5 06:38:10 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Sat, 05 May 2012 21:38:10 +0800 Subject: code review request, CR 7166570: JSSE certificate validation has started to fail for certificate chains Message-ID: <4FA52D42.2010702@oracle.com> Hi, Please review the fix for JSSE certification path validation issue. webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev/ Cause of the issue: in SimpleValiadtor, the count pathLenConstraint was not calculated properly, the non-intermediate certificate (end-entity certificate) was count in. Thanks, Xuelei From xuelei.fan at oracle.com Sat May 5 08:06:05 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Sat, 05 May 2012 23:06:05 +0800 Subject: code review request, CR 7166487 checkSequenceNumber method never called within readRecord of SSLEngineImpl Message-ID: <4FA541DD.5090800@oracle.com> Hi, Please review the fix for JSSE TLS/SSL records' sequence number wrap issue. webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166487/webrev.00/ Cause of the issue: did not update the handshaking status before the sequence number checking. Thanks, Xuelei From xuelei.fan at oracle.com Sat May 5 08:06:51 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Sat, 05 May 2012 23:06:51 +0800 Subject: code review request, CR 7166570: JSSE certificate validation has started to fail for certificate chains In-Reply-To: <4FA52D42.2010702@oracle.com> References: <4FA52D42.2010702@oracle.com> Message-ID: <4FA5420B.5080806@oracle.com> The webrev URL should be: http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev.00/ Xuelei On 5/5/2012 9:38 PM, Xuelei Fan wrote: > Hi, > > Please review the fix for JSSE certification path validation issue. > > webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev/ > > Cause of the issue: in SimpleValiadtor, the count pathLenConstraint was > not calculated properly, the non-intermediate certificate (end-entity > certificate) was count in. > > Thanks, > Xuelei From schlosna at gmail.com Sat May 5 10:10:41 2012 From: schlosna at gmail.com (David Schlosnagle) Date: Sat, 5 May 2012 13:10:41 -0400 Subject: code review request, CR 7166487 checkSequenceNumber method never called within readRecord of SSLEngineImpl In-Reply-To: <4FA541DD.5090800@oracle.com> References: <4FA541DD.5090800@oracle.com> Message-ID: On Sat, May 5, 2012 at 11:06 AM, Xuelei Fan wrote: > Please review the fix for JSSE TLS/SSL records' sequence number wrap issue. > > webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166487/webrev.00/ Xuelei, do you happen to have an internet facing site for this code review as http://javaweb.us.oracle.com does not seem to be available? Thanks, Dave From bradford.wetmore at oracle.com Sat May 5 22:32:27 2012 From: bradford.wetmore at oracle.com (Bradford Wetmore) Date: Sat, 05 May 2012 22:32:27 -0700 Subject: code review request, CR 7166570: JSSE certificate validation has started to fail for certificate chains In-Reply-To: <4FA5420B.5080806@oracle.com> References: <4FA52D42.2010702@oracle.com> <4FA5420B.5080806@oracle.com> Message-ID: <4FA60CEB.5050104@oracle.com> Hi Xuelei, Can you put these CR requests on cr.openjdk.java.net? I can't see them from home. Brad On 5/5/2012 8:06 AM, Xuelei Fan wrote: > The webrev URL should be: > http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev.00/ > > Xuelei > > On 5/5/2012 9:38 PM, Xuelei Fan wrote: >> Hi, >> >> Please review the fix for JSSE certification path validation issue. >> >> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev/ >> >> Cause of the issue: in SimpleValiadtor, the count pathLenConstraint was >> not calculated properly, the non-intermediate certificate (end-entity >> certificate) was count in. >> >> Thanks, >> Xuelei > From xuelei.fan at oracle.com Sun May 6 07:37:28 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Sun, 06 May 2012 22:37:28 +0800 Subject: code review request, CR 7166487 checkSequenceNumber method never called within readRecord of SSLEngineImpl In-Reply-To: References: <4FA541DD.5090800@oracle.com> Message-ID: <4FA68CA8.4090409@oracle.com> On 5/6/2012 1:10 AM, David Schlosnagle wrote: > On Sat, May 5, 2012 at 11:06 AM, Xuelei Fan wrote: >> Please review the fix for JSSE TLS/SSL records' sequence number wrap issue. >> >> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166487/webrev.00/ > > Xuelei, do you happen to have an internet facing site for this code > review as http://javaweb.us.oracle.com does not seem to be available? > Dave, thanks for the remind. The URL should be: http://cr.openjdk.java.net/~xuelei/7166487/webrev.00/ Thanks, Xuelei > Thanks, > Dave From xuelei.fan at oracle.com Sun May 6 07:38:58 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Sun, 06 May 2012 22:38:58 +0800 Subject: code review request, CR 7166570: JSSE certificate validation has started to fail for certificate chains In-Reply-To: <4FA60CEB.5050104@oracle.com> References: <4FA52D42.2010702@oracle.com> <4FA5420B.5080806@oracle.com> <4FA60CEB.5050104@oracle.com> Message-ID: <4FA68D02.6050108@oracle.com> Brad, thanks for the correct. The URL should be: http://cr.openjdk.java.net/~xuelei/7166570/webrev.00/ Thanks, Xuelei On 5/6/2012 1:32 PM, Bradford Wetmore wrote: > Hi Xuelei, > > Can you put these CR requests on cr.openjdk.java.net? I can't see them > from home. > > Brad > > On 5/5/2012 8:06 AM, Xuelei Fan wrote: >> The webrev URL should be: >> http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev.00/ >> >> Xuelei >> >> On 5/5/2012 9:38 PM, Xuelei Fan wrote: >>> Hi, >>> >>> Please review the fix for JSSE certification path validation issue. >>> >>> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev/ >>> >>> Cause of the issue: in SimpleValiadtor, the count pathLenConstraint was >>> not calculated properly, the non-intermediate certificate (end-entity >>> certificate) was count in. >>> >>> Thanks, >>> Xuelei >> From littlee at linux.vnet.ibm.com Mon May 7 01:43:51 2012 From: littlee at linux.vnet.ibm.com (littlee at linux.vnet.ibm.com) Date: Mon, 07 May 2012 08:43:51 +0000 Subject: hg: jdk8/tl/jdk: 7166048: Remove the embeded epoll data structure. Message-ID: <20120507084420.528C94718B@hg.openjdk.java.net> Changeset: 62557a1336c0 Author: zhouyx Date: 2012-05-07 16:43 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/62557a1336c0 7166048: Remove the embeded epoll data structure. Reviewed-by: alanb ! src/solaris/native/sun/nio/ch/EPollArrayWrapper.c From rob.mckenna at oracle.com Mon May 7 05:33:32 2012 From: rob.mckenna at oracle.com (rob.mckenna at oracle.com) Date: Mon, 07 May 2012 12:33:32 +0000 Subject: hg: jdk8/tl/jdk: 7166687: InetAddress.getLocalHost().getHostName() returns FQDN Message-ID: <20120507123402.865554718C@hg.openjdk.java.net> Changeset: b26c04717735 Author: robm Date: 2012-05-07 13:34 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b26c04717735 7166687: InetAddress.getLocalHost().getHostName() returns FQDN Reviewed-by: chegar ! src/solaris/native/java/net/Inet6AddressImpl.c From david.holmes at oracle.com Tue May 8 00:36:44 2012 From: david.holmes at oracle.com (david.holmes at oracle.com) Date: Tue, 08 May 2012 07:36:44 +0000 Subject: hg: jdk8/tl/jdk: 7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed Message-ID: <20120508073706.E5A36471B4@hg.openjdk.java.net> Changeset: 48513d156965 Author: dholmes Date: 2012-05-08 02:59 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/48513d156965 7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed Summary: Perform class.getField inside a doPrivileged block Reviewed-by: chegar, psandoz ! src/share/classes/java/util/concurrent/atomic/AtomicIntegerFieldUpdater.java ! src/share/classes/java/util/concurrent/atomic/AtomicLongFieldUpdater.java ! src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java + test/java/util/concurrent/atomic/AtomicUpdaters.java From Ulf.Zibis at gmx.de Tue May 8 03:02:51 2012 From: Ulf.Zibis at gmx.de (Ulf Zibis) Date: Tue, 08 May 2012 12:02:51 +0200 Subject: hg: jdk8/tl/jdk: 7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed In-Reply-To: <20120508073706.E5A36471B4@hg.openjdk.java.net> References: <20120508073706.E5A36471B4@hg.openjdk.java.net> Message-ID: <4FA8EF4B.5070508@gmx.de> Hi all, I'm a little bit late, but I just have seen: (1) some indentations in the patch are broken (2) following code snipped is repeated many times: + ClassLoader cl = tclass.getClassLoader(); + ClassLoader ccl = caller.getClassLoader(); + if ((ccl != null) && (ccl != cl) && + ((cl == null) || !isAncestor(cl, ccl))) { + sun.reflect.misc.ReflectUtil.checkPackageAccess(tclass); + } Wouldn't it be better, to move it in a method, maybe in sun.reflect.misc.ReflectUtil ? -Ulf Am 08.05.2012 09:36, schrieb david.holmes at oracle.com: > Changeset: 48513d156965 > Author: dholmes > Date: 2012-05-08 02:59 -0400 > URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/48513d156965 > > 7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed > Summary: Perform class.getField inside a doPrivileged block > Reviewed-by: chegar, psandoz > > ! src/share/classes/java/util/concurrent/atomic/AtomicIntegerFieldUpdater.java > ! src/share/classes/java/util/concurrent/atomic/AtomicLongFieldUpdater.java > ! src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java > + test/java/util/concurrent/atomic/AtomicUpdaters.java > > From xuelei.fan at oracle.com Tue May 8 07:45:59 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Tue, 08 May 2012 22:45:59 +0800 Subject: code review request, CR 7167092 Need to put the return clause in the synchronized block Message-ID: <4FA931A7.50707@oracle.com> Hi, Please review the fix for a synchronization issue of JSSE. webrev: http://cr.openjdk.java.net/~xuelei/7167092/webrev.00/ Cause of the issue: need to put the return clause in the synchronized block. It is a regression of CR 7153184. Thanks, Xuelei From bradford.wetmore at oracle.com Tue May 8 10:25:09 2012 From: bradford.wetmore at oracle.com (Brad Wetmore) Date: Tue, 08 May 2012 10:25:09 -0700 Subject: code review request, CR 7167092 Need to put the return clause in the synchronized block In-Reply-To: <4FA931A7.50707@oracle.com> References: <4FA931A7.50707@oracle.com> Message-ID: <4FA956F5.3080602@oracle.com> Looks fine. Thanks. Brad On 5/8/2012 7:45 AM, Xuelei Fan wrote: > Hi, > > Please review the fix for a synchronization issue of JSSE. > > webrev: http://cr.openjdk.java.net/~xuelei/7167092/webrev.00/ > > Cause of the issue: need to put the return clause in the synchronized > block. It is a regression of CR 7153184. > > Thanks, > Xuelei From xueming.shen at oracle.com Tue May 8 10:55:29 2012 From: xueming.shen at oracle.com (xueming.shen at oracle.com) Date: Tue, 08 May 2012 17:55:29 +0000 Subject: hg: jdk8/tl/jdk: 7014640: To add a metachar \R for line ending and character classes for vertical/horizontal ws \v \V \h \H Message-ID: <20120508175547.56E86471C5@hg.openjdk.java.net> Changeset: af209a223b6b Author: sherman Date: 2012-05-08 10:57 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/af209a223b6b 7014640: To add a metachar \R for line ending and character classes for vertical/horizontal ws \v \V \h \H Summary: added propsoed constructs Reviewed-by: alanb ! src/share/classes/java/util/regex/Pattern.java ! test/java/util/regex/RegExTest.java From xueming.shen at oracle.com Tue May 8 11:14:46 2012 From: xueming.shen at oracle.com (xueming.shen at oracle.com) Date: Tue, 08 May 2012 18:14:46 +0000 Subject: hg: jdk8/tl/jdk: 7157656: (zipfs) SeekableByteChannel to entry in zip file always reports its position as 0 Message-ID: <20120508181456.B16E4471C6@hg.openjdk.java.net> Changeset: 1ece20885be4 Author: sherman Date: 2012-05-08 11:16 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1ece20885be4 7157656: (zipfs) SeekableByteChannel to entry in zip file always reports its position as 0 Summary: updated SeekableByteChannel.read() to count the bytes read correctly Reviewed-by: sherman Contributed-by: paul.sandoz at oracle.com ! src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java ! test/demo/zipfs/ZipFSTester.java ! test/demo/zipfs/basic.sh From bradford.wetmore at oracle.com Tue May 8 11:48:59 2012 From: bradford.wetmore at oracle.com (Brad Wetmore) Date: Tue, 08 May 2012 11:48:59 -0700 Subject: code review request, CR 7166570: JSSE certificate validation has started to fail for certificate chains In-Reply-To: <4FA5420B.5080806@oracle.com> References: <4FA52D42.2010702@oracle.com> <4FA5420B.5080806@oracle.com> Message-ID: <4FA96A9B.1090706@oracle.com> Hi Xuelei, I walked through the code in the debugger, it looks good. Just a comment for the regression test, it might have been easier and likely faster performance-wise to simply create Simple and PKIX trustmanagers, and then directly call checkClientTrusted and passing a predefined chain, rather than incurring the overhead of SSL, much of what we cover in many other tests. Brad On 5/5/2012 8:06 AM, Xuelei Fan wrote: > The webrev URL should be: > http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev.00/ > > Xuelei > > On 5/5/2012 9:38 PM, Xuelei Fan wrote: >> Hi, >> >> Please review the fix for JSSE certification path validation issue. >> >> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev/ >> >> Cause of the issue: in SimpleValiadtor, the count pathLenConstraint was >> not calculated properly, the non-intermediate certificate (end-entity >> certificate) was count in. >> >> Thanks, >> Xuelei > From xuelei.fan at oracle.com Tue May 8 17:57:37 2012 From: xuelei.fan at oracle.com (xuelei.fan at oracle.com) Date: Wed, 09 May 2012 00:57:37 +0000 Subject: hg: jdk8/tl/jdk: 7167092: Need to put the return clause in the synchronized block Message-ID: <20120509005747.AADC5471D5@hg.openjdk.java.net> Changeset: fbf98cbd2e6b Author: xuelei Date: 2012-05-08 17:56 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fbf98cbd2e6b 7167092: Need to put the return clause in the synchronized block Summary: a regression fix for bug 7153184 Reviewed-by: wetmore ! src/share/classes/sun/security/ssl/SSLContextImpl.java From xuelei.fan at oracle.com Tue May 8 18:09:36 2012 From: xuelei.fan at oracle.com (xuelei.fan at oracle.com) Date: Wed, 09 May 2012 01:09:36 +0000 Subject: hg: jdk8/tl/jdk: 7166570: JSSE certificate validation has started to fail for certificate chains Message-ID: <20120509010947.4AC6B471D8@hg.openjdk.java.net> Changeset: 0f63f3390ac9 Author: xuelei Date: 2012-05-08 18:08 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0f63f3390ac9 7166570: JSSE certificate validation has started to fail for certificate chains Reviewed-by: wetmore ! src/share/classes/sun/security/validator/SimpleValidator.java + test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java From xuelei.fan at oracle.com Tue May 8 18:49:26 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Wed, 09 May 2012 09:49:26 +0800 Subject: code review request, CR 7166487 checkSequenceNumber method never called within readRecord of SSLEngineImpl In-Reply-To: <4FA68CA8.4090409@oracle.com> References: <4FA541DD.5090800@oracle.com> <4FA68CA8.4090409@oracle.com> Message-ID: <4FA9CD26.3060708@oracle.com> http://cr.openjdk.java.net/~xuelei/7166487/webrev.00/ Is anyone available to review the fix? Thanks, Xuelei On 5/6/2012 10:37 PM, Xuelei Fan wrote: > On 5/6/2012 1:10 AM, David Schlosnagle wrote: >> On Sat, May 5, 2012 at 11:06 AM, Xuelei Fan wrote: >>> Please review the fix for JSSE TLS/SSL records' sequence number wrap issue. >>> >>> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166487/webrev.00/ >> >> Xuelei, do you happen to have an internet facing site for this code >> review as http://javaweb.us.oracle.com does not seem to be available? >> > Dave, thanks for the remind. The URL should be: > http://cr.openjdk.java.net/~xuelei/7166487/webrev.00/ > > Thanks, > Xuelei > >> Thanks, >> Dave > From littlee at linux.vnet.ibm.com Tue May 8 20:21:27 2012 From: littlee at linux.vnet.ibm.com (littlee at linux.vnet.ibm.com) Date: Wed, 09 May 2012 03:21:27 +0000 Subject: hg: jdk8/tl/jdk: 7165722: Invalid path in MemoryMonitor demo's README.txt Message-ID: <20120509032146.D6D62471DD@hg.openjdk.java.net> Changeset: abb63b7357a1 Author: luchsh Date: 2012-05-09 11:19 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/abb63b7357a1 7165722: Invalid path in MemoryMonitor demo's README.txt Reviewed-by: alanb, sla ! src/share/demo/management/MemoryMonitor/README.txt From sean.coffey at oracle.com Wed May 9 07:03:55 2012 From: sean.coffey at oracle.com (=?ISO-8859-1?Q?Se=E1n_Coffey?=) Date: Wed, 09 May 2012 15:03:55 +0100 Subject: RFR : 7163470 : Build fails if javax.crypto src files not present. Message-ID: <4FAA794B.5080503@oracle.com> The JDK has historically allowed builds without the javax.crypto package src. Bug fix 7058133 altered the bootclasspath for security library builds. This fix simply allows the builds to continue if javax.crypto package is not present. In such cases we append the jce.jar to bootclasspath. I've also patched up the new files in makefiles directory which seem to have been missing the recent 7130959 fix. bug : http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7163470 (bug not visible yet) webrev : http://cr.openjdk.java.net/~coffeys/webrev.7163470.jdk8/ regards, Sean. From kumar.x.srinivasan at oracle.com Wed May 9 09:29:07 2012 From: kumar.x.srinivasan at oracle.com (kumar.x.srinivasan at oracle.com) Date: Wed, 09 May 2012 16:29:07 +0000 Subject: hg: jdk8/tl/jdk: 7166955: (pack200) JNI_GetCreatedJavaVMs needs additional checking Message-ID: <20120509162917.E58A2471F0@hg.openjdk.java.net> Changeset: 5e8caf6984f5 Author: ksrini Date: 2012-05-09 07:28 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5e8caf6984f5 7166955: (pack200) JNI_GetCreatedJavaVMs needs additional checking Reviewed-by: alanb, dholmes, ksrini Contributed-by: youdwei at linux.vnet.ibm.com ! src/share/native/com/sun/java/util/jar/pack/jni.cpp From kurchi.subhra.hazra at oracle.com Wed May 9 11:15:02 2012 From: kurchi.subhra.hazra at oracle.com (kurchi.subhra.hazra at oracle.com) Date: Wed, 09 May 2012 18:15:02 +0000 Subject: hg: jdk8/tl/jdk: 7165118: (prefs) AbstractPreferences.remove(null) does not throw NPE Message-ID: <20120509181511.CE5FB471F8@hg.openjdk.java.net> Changeset: 59121a4c71c6 Author: khazra Date: 2012-05-09 11:14 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/59121a4c71c6 7165118: (prefs) AbstractPreferences.remove(null) does not throw NPE Summary: Insert null argument check in AbstractPreferences.remove() Reviewed-by: dholmes, chegar, alanb ! src/share/classes/java/util/prefs/AbstractPreferences.java ! test/java/util/prefs/RemoveNullKeyCheck.java From valerie.peng at oracle.com Wed May 9 11:33:19 2012 From: valerie.peng at oracle.com (Valerie (Yu-Ching) Peng) Date: Wed, 09 May 2012 11:33:19 -0700 Subject: RFR : 7163470 : Build fails if javax.crypto src files not present. In-Reply-To: <4FAA794B.5080503@oracle.com> References: <4FAA794B.5080503@oracle.com> Message-ID: <4FAAB86F.50902@oracle.com> On 05/09/12 07:03, Se?n Coffey wrote: > The JDK has historically allowed builds without the javax.crypto > package src. > > Bug fix 7058133 altered the bootclasspath for security library builds. > This fix simply allows the builds to continue if javax.crypto package > is not present. In such cases we append the jce.jar to bootclasspath. > > I've also patched up the new files in makefiles directory which seem > to have been missing the recent 7130959 fix. Good catch. Judging from the history, 7130959 is putback'ed right before the files of "makefiles" directory are created/integrated. So, the RE for 7074397 may have picked up the older copy of the security makefiles when creating the "makefiles" ones. > bug : http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7163470 (bug > not visible yet) > webrev : http://cr.openjdk.java.net/~coffeys/webrev.7163470.jdk8/ Looks good to me, same as the fixes that we previously discussed. You will do the putback to JDK8? Valerie > > regards, > Sean. From bradford.wetmore at oracle.com Wed May 9 12:46:50 2012 From: bradford.wetmore at oracle.com (Brad Wetmore) Date: Wed, 09 May 2012 12:46:50 -0700 Subject: Minor Codereview. Message-ID: <4FAAC9AA.8090802@oracle.com> Sherman, Can you please review: http://cr.openjdk.java.net/~wetmore/7167362/ This is for: 7167362: SecureRandom.init should be converted, amendment to 7084245 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7084245 This is the bug where there were an instance of exception chaining that got missed in one spot in: 7084245: Update usages of InternalError to use exception chaining http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7084245 I was down in this code for something related and noticed it. Thanks, Brad From xueming.shen at oracle.com Wed May 9 14:08:24 2012 From: xueming.shen at oracle.com (Xueming Shen) Date: Wed, 09 May 2012 14:08:24 -0700 Subject: Minor Codereview. In-Reply-To: <4FAAC9AA.8090802@oracle.com> References: <4FAAC9AA.8090802@oracle.com> Message-ID: <4FAADCC8.3020306@oracle.com> looks good. -Sherman On 5/9/2012 12:46 PM, Brad Wetmore wrote: > Sherman, > > Can you please review: > > http://cr.openjdk.java.net/~wetmore/7167362/ > > This is for: > > 7167362: SecureRandom.init should be converted, amendment to 7084245 > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7084245 > > This is the bug where there were an instance of exception chaining > that got missed in one spot in: > > 7084245: Update usages of InternalError to use exception chaining > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7084245 > > I was down in this code for something related and noticed it. > > Thanks, > > Brad > From bradford.wetmore at oracle.com Wed May 9 16:34:25 2012 From: bradford.wetmore at oracle.com (bradford.wetmore at oracle.com) Date: Wed, 09 May 2012 23:34:25 +0000 Subject: hg: jdk8/tl/jdk: 7167362: SecureRandom.init should be converted, amendment to 7084245 Message-ID: <20120509233435.8C5CB47206@hg.openjdk.java.net> Changeset: 6438f1277df6 Author: wetmore Date: 2012-05-09 16:33 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6438f1277df6 7167362: SecureRandom.init should be converted, amendment to 7084245 Reviewed-by: sherman ! src/share/classes/sun/security/provider/SecureRandom.java From kurchi.subhra.hazra at oracle.com Wed May 9 16:57:06 2012 From: kurchi.subhra.hazra at oracle.com (kurchi.subhra.hazra at oracle.com) Date: Wed, 09 May 2012 23:57:06 +0000 Subject: hg: jdk8/tl/jdk: 7096436: (sc) SocketChannel.connect fails on Windows 8 when channel configured non-blocking Message-ID: <20120509235717.1BB084720C@hg.openjdk.java.net> Changeset: 5152c832745a Author: khazra Date: 2012-05-09 16:55 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5152c832745a 7096436: (sc) SocketChannel.connect fails on Windows 8 when channel configured non-blocking Summary: Set localAddress only when connection is established Reviewed-by: alanb ! src/share/classes/sun/nio/ch/SocketChannelImpl.java From xuelei.fan at oracle.com Wed May 9 20:49:57 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Thu, 10 May 2012 11:49:57 +0800 Subject: code review request, CR 7166885 X509CRLEntryImpl does not handle CRLs with no extension properly Message-ID: <4FAB3AE5.3020109@oracle.com> Hi, Please review the fix for a synchronization issue of JSSE. webrev: http://cr.openjdk.java.net./~xuelei/7166885/webrev.00/ Cause of the issue: the extensions filed in a X509 CRL may be empty. For such cases, the X509CRLEntryImpl.getExtensions() should return empty map instead of throwing NullPointerException. Thanks, Xuelei From xuelei.fan at oracle.com Thu May 10 02:30:50 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Thu, 10 May 2012 17:30:50 +0800 Subject: code review request, CR 7166885 X509CRLEntryImpl does not handle CRLs with no extension properly In-Reply-To: <4FAB3AE5.3020109@oracle.com> References: <4FAB3AE5.3020109@oracle.com> Message-ID: <4FAB8ACA.9010203@oracle.com> Revoke the code review request. The bug will be addresses in another CR. Thanks, Xuelei On 5/10/2012 11:49 AM, Xuelei Fan wrote: > Hi, > > Please review the fix for a synchronization issue of JSSE. > > webrev: http://cr.openjdk.java.net./~xuelei/7166885/webrev.00/ > > Cause of the issue: the extensions filed in a X509 CRL may be empty. For > such cases, the X509CRLEntryImpl.getExtensions() should return empty map > instead of throwing NullPointerException. > > Thanks, > Xuelei From sean.coffey at oracle.com Thu May 10 02:43:45 2012 From: sean.coffey at oracle.com (sean.coffey at oracle.com) Date: Thu, 10 May 2012 09:43:45 +0000 Subject: hg: jdk8/tl/jdk: 7163470: Build fails if javax.crypto src files not present Message-ID: <20120510094414.56FE047220@hg.openjdk.java.net> Changeset: fdf5e15293e6 Author: coffeys Date: 2012-05-10 10:45 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fdf5e15293e6 7163470: Build fails if javax.crypto src files not present Reviewed-by: valeriep ! make/com/oracle/security/ucrypto/Makefile ! make/common/shared/Defs-java.gmk ! make/sun/security/ec/Makefile ! make/sun/security/mscapi/Makefile ! make/sun/security/pkcs11/Makefile ! makefiles/com/oracle/security/ucrypto/Makefile ! makefiles/common/shared/Defs-java.gmk ! makefiles/sun/security/ec/Makefile ! makefiles/sun/security/mscapi/Makefile ! makefiles/sun/security/pkcs11/Makefile From valerie.peng at oracle.com Thu May 10 11:40:00 2012 From: valerie.peng at oracle.com (valerie.peng at oracle.com) Date: Thu, 10 May 2012 18:40:00 +0000 Subject: hg: jdk8/tl/jdk: 3 new changesets Message-ID: <20120510184042.669D047234@hg.openjdk.java.net> Changeset: 3e3017eba8ac Author: valeriep Date: 2012-05-08 17:57 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3e3017eba8ac 4963723: Implement SHA-224 Summary: Add support for SHA-224, SHA224withRSA, SHA224withECDSA, HmacSHA224 and OAEPwithSHA-224AndMGF1Padding. Reviewed-by: vinnie ! src/share/classes/com/sun/crypto/provider/HmacCore.java ! src/share/classes/com/sun/crypto/provider/HmacMD5.java ! src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java ! src/share/classes/com/sun/crypto/provider/HmacSHA1.java ! src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java ! src/share/classes/com/sun/crypto/provider/OAEPParameters.java ! src/share/classes/com/sun/crypto/provider/SunJCE.java ! src/share/classes/java/security/spec/MGF1ParameterSpec.java ! src/share/classes/java/security/spec/PSSParameterSpec.java ! src/share/classes/sun/security/ec/ECDSASignature.java ! src/share/classes/sun/security/ec/SunECEntries.java ! src/share/classes/sun/security/pkcs11/P11Digest.java ! src/share/classes/sun/security/pkcs11/P11Mac.java ! src/share/classes/sun/security/pkcs11/P11Signature.java ! src/share/classes/sun/security/pkcs11/SunPKCS11.java ! src/share/classes/sun/security/pkcs11/wrapper/Functions.java ! src/share/classes/sun/security/provider/DigestBase.java ! src/share/classes/sun/security/provider/MD2.java ! src/share/classes/sun/security/provider/MD4.java ! src/share/classes/sun/security/provider/MD5.java ! src/share/classes/sun/security/provider/SHA.java ! src/share/classes/sun/security/provider/SHA2.java ! src/share/classes/sun/security/provider/SHA5.java ! src/share/classes/sun/security/provider/SunEntries.java ! src/share/classes/sun/security/rsa/RSASignature.java ! src/share/classes/sun/security/rsa/SunRsaSignEntries.java ! src/share/classes/sun/security/x509/AlgorithmId.java ! src/windows/classes/sun/security/mscapi/RSASignature.java ! src/windows/classes/sun/security/mscapi/SunMSCAPI.java ! test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java ! test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java ! test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java ! test/com/sun/crypto/provider/KeyGenerator/Test4628062.java ! test/com/sun/crypto/provider/Mac/MacClone.java ! test/com/sun/crypto/provider/Mac/MacKAT.java ! test/sun/security/mscapi/SignUsingNONEwithRSA.java ! test/sun/security/mscapi/SignUsingSHA2withRSA.java ! test/sun/security/pkcs11/MessageDigest/DigestKAT.java ! test/sun/security/pkcs11/MessageDigest/TestCloning.java ! test/sun/security/pkcs11/Signature/TestRSAKeyLength.java ! test/sun/security/pkcs11/ec/TestCurves.java ! test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java ! test/sun/security/pkcs11/rsa/TestSignatures.java ! test/sun/security/provider/MessageDigest/DigestKAT.java ! test/sun/security/provider/MessageDigest/Offsets.java ! test/sun/security/provider/MessageDigest/TestSHAClone.java ! test/sun/security/rsa/TestKeyPairGenerator.java ! test/sun/security/rsa/TestSignatures.java Changeset: dfce31760a2f Author: valeriep Date: 2012-05-08 18:57 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/dfce31760a2f Merge Changeset: 9f8210f23773 Author: valeriep Date: 2012-05-10 11:19 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9f8210f23773 Merge From kumar.x.srinivasan at oracle.com Thu May 10 13:53:31 2012 From: kumar.x.srinivasan at oracle.com (kumar.x.srinivasan at oracle.com) Date: Thu, 10 May 2012 20:53:31 +0000 Subject: hg: jdk8/tl/langtools: 7159445: (javac) emits inaccurate diagnostics for enhanced for-loops Message-ID: <20120510205333.D760047244@hg.openjdk.java.net> Changeset: 833bab705918 Author: ksrini Date: 2012-05-10 12:32 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/833bab705918 7159445: (javac) emits inaccurate diagnostics for enhanced for-loops Reviewed-by: jjg Contributed-by: jan.lahoda at oracle.com ! src/share/classes/com/sun/tools/javac/parser/JavacParser.java ! src/share/classes/com/sun/tools/javac/resources/compiler.properties + test/tools/javac/diags/examples/ForeachBadInitialization.java ! test/tools/javac/parser/JavacParserTest.java From littlee at linux.vnet.ibm.com Fri May 11 01:22:15 2012 From: littlee at linux.vnet.ibm.com (littlee at linux.vnet.ibm.com) Date: Fri, 11 May 2012 08:22:15 +0000 Subject: hg: jdk8/tl/jdk: 7163874: InetAddress.isReachable should support pinging 0.0.0.0 Message-ID: <20120511082234.A2A0F47277@hg.openjdk.java.net> Changeset: c5a07e3dca63 Author: youdwei Date: 2012-05-11 16:20 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c5a07e3dca63 7163874: InetAddress.isReachable should support pinging 0.0.0.0 Reviewed-by: alanb, chegar ! src/share/native/java/net/net_util.h ! src/solaris/native/java/net/Inet4AddressImpl.c ! src/solaris/native/java/net/Inet6AddressImpl.c ! src/solaris/native/java/net/net_util_md.c + test/java/net/Inet4Address/PingThis.java From sean.coffey at oracle.com Fri May 11 02:09:22 2012 From: sean.coffey at oracle.com (sean.coffey at oracle.com) Date: Fri, 11 May 2012 09:09:22 +0000 Subject: hg: jdk8/tl/jdk: 7167359: (tz) SEGV on solaris if TZ variable not set Message-ID: <20120511090932.BD28847278@hg.openjdk.java.net> Changeset: 3e83229a3779 Author: coffeys Date: 2012-05-11 10:09 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3e83229a3779 7167359: (tz) SEGV on solaris if TZ variable not set Reviewed-by: okutsu ! src/solaris/native/java/util/TimeZone_md.c From sundararajan.athijegannathan at oracle.com Fri May 11 07:34:46 2012 From: sundararajan.athijegannathan at oracle.com (sundararajan.athijegannathan at oracle.com) Date: Fri, 11 May 2012 14:34:46 +0000 Subject: hg: jdk8/tl/langtools: 7166990: java/compiler Inherited interfaces using generics sometimes looses the generic type Message-ID: <20120511143449.B11294728C@hg.openjdk.java.net> Changeset: 96a8278e323c Author: sundar Date: 2012-05-11 20:06 +0530 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/96a8278e323c 7166990: java/compiler Inherited interfaces using generics sometimes looses the generic type Reviewed-by: mcimadamore ! src/share/classes/com/sun/tools/javac/comp/Lower.java + test/tools/javac/TryWithResources/T7164542.java From mike.duigou at oracle.com Fri May 11 11:33:09 2012 From: mike.duigou at oracle.com (mike.duigou at oracle.com) Date: Fri, 11 May 2012 18:33:09 +0000 Subject: hg: jdk8/tl/jdk: 7071826: Avoid benign race condition in initialization of UUID Message-ID: <20120511183329.C6DDD47296@hg.openjdk.java.net> Changeset: 944676ef3c58 Author: mduigou Date: 2012-05-11 11:31 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/944676ef3c58 7071826: Avoid benign race condition in initialization of UUID Summary: Avoids mostly benign but sometimes expensive race condition on initialization of UUID.numberGenerator which is used by UUID.randomUUID() Reviewed-by: alanb, chegar ! src/share/classes/java/util/UUID.java ! test/java/util/UUID/UUIDTest.java From lana.steuck at oracle.com Fri May 11 13:24:19 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Fri, 11 May 2012 20:24:19 +0000 Subject: hg: jdk8/tl: 6 new changesets Message-ID: <20120511202419.87820472A2@hg.openjdk.java.net> Changeset: afeeed8e5f8c Author: ihse Date: 2012-04-30 12:13 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/afeeed8e5f8c 7165277: Fix missing execute permission issue running logger.sh Reviewed-by: ohair ! common/autoconf/configure ! common/autoconf/configure.ac Changeset: b2972095a4b1 Author: katleman Date: 2012-05-02 15:46 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/b2972095a4b1 Merge Changeset: 2eeb9fac7dfc Author: katleman Date: 2012-05-09 13:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/2eeb9fac7dfc Added tag jdk8-b37 for changeset b2972095a4b1 ! .hgtags Changeset: 2f06b15e2439 Author: ewendeli Date: 2012-05-03 14:17 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/rev/2f06b15e2439 7154130: Add Mac OS X Instructions to README-builds.html Reviewed-by: ohair Contributed-by: edvard.wendelin at oracle.com ! README-builds.html Changeset: d939bd0ab13c Author: katleman Date: 2012-05-09 16:12 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/d939bd0ab13c Merge Changeset: b67bdaca36c2 Author: katleman Date: 2012-05-10 10:24 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/b67bdaca36c2 Added tag jdk8-b38 for changeset d939bd0ab13c ! .hgtags From lana.steuck at oracle.com Fri May 11 13:24:17 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Fri, 11 May 2012 20:24:17 +0000 Subject: hg: jdk8/tl/corba: 3 new changesets Message-ID: <20120511202421.7AE32472A3@hg.openjdk.java.net> Changeset: 2d2f6b0f855b Author: katleman Date: 2012-05-09 13:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/2d2f6b0f855b Added tag jdk8-b37 for changeset 83fac66442cf ! .hgtags Changeset: b8cbfb31139f Author: katleman Date: 2012-05-09 13:11 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/b8cbfb31139f Merge Changeset: 785af00e2827 Author: katleman Date: 2012-05-10 10:24 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/785af00e2827 Added tag jdk8-b38 for changeset b8cbfb31139f ! .hgtags From lana.steuck at oracle.com Fri May 11 13:24:24 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Fri, 11 May 2012 20:24:24 +0000 Subject: hg: jdk8/tl/jaxws: 2 new changesets Message-ID: <20120511202431.A4534472A4@hg.openjdk.java.net> Changeset: ac1ba3b56775 Author: katleman Date: 2012-05-09 13:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/ac1ba3b56775 Added tag jdk8-b37 for changeset b05a948db1b6 ! .hgtags Changeset: 7f6b44fd3034 Author: katleman Date: 2012-05-10 10:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/7f6b44fd3034 Added tag jdk8-b38 for changeset ac1ba3b56775 ! .hgtags From lana.steuck at oracle.com Fri May 11 13:24:28 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Fri, 11 May 2012 20:24:28 +0000 Subject: hg: jdk8/tl/langtools: 3 new changesets Message-ID: <20120511202437.85022472A5@hg.openjdk.java.net> Changeset: 1f224f160aa8 Author: katleman Date: 2012-05-09 13:08 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/1f224f160aa8 Added tag jdk8-b37 for changeset 5891b38985e8 ! .hgtags Changeset: a9f547c218d9 Author: katleman Date: 2012-05-10 10:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/a9f547c218d9 Added tag jdk8-b38 for changeset 1f224f160aa8 ! .hgtags Changeset: 885806e74240 Author: lana Date: 2012-05-11 12:53 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/885806e74240 Merge From lana.steuck at oracle.com Fri May 11 13:24:27 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Fri, 11 May 2012 20:24:27 +0000 Subject: hg: jdk8/tl/jaxp: 4 new changesets Message-ID: <20120511202441.17C96472A6@hg.openjdk.java.net> Changeset: aabc08ea546f Author: ohair Date: 2012-04-30 16:03 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/aabc08ea546f 7165312: Fix jaxp source movement for new build-infra Reviewed-by: ohrstrom ! makefiles/Makefile Changeset: 90204bfab4e2 Author: katleman Date: 2012-05-02 15:47 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/90204bfab4e2 Merge Changeset: 5bbe0cb6f2f2 Author: katleman Date: 2012-05-09 13:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/5bbe0cb6f2f2 Added tag jdk8-b37 for changeset 90204bfab4e2 ! .hgtags Changeset: f95fdbe525c8 Author: katleman Date: 2012-05-10 10:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/f95fdbe525c8 Added tag jdk8-b38 for changeset 5bbe0cb6f2f2 ! .hgtags From lana.steuck at oracle.com Fri May 11 13:24:32 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Fri, 11 May 2012 20:24:32 +0000 Subject: hg: jdk8/tl/hotspot: 21 new changesets Message-ID: <20120511202518.77CC9472A7@hg.openjdk.java.net> Changeset: 4ee58fcab520 Author: katleman Date: 2012-05-09 13:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/4ee58fcab520 Added tag jdk8-b37 for changeset bfcf92bfefb8 ! .hgtags Changeset: 3c91f2c9fd21 Author: amurillo Date: 2012-04-20 17:13 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/3c91f2c9fd21 7163193: new hotspot build - hs24-b09 Reviewed-by: jcoomes ! make/hotspot_version Changeset: f3a4ee95783b Author: kevinw Date: 2012-04-20 14:55 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/f3a4ee95783b 7162488: VM not printing unknown -XX options Reviewed-by: dholmes, kamg ! src/share/vm/runtime/arguments.cpp + test/runtime/7162488/Test7162488.sh Changeset: 29ee40a082d3 Author: sla Date: 2012-04-23 13:30 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/29ee40a082d3 7162063: libsaproc debug print should format size_t correctly on 64bit platform Reviewed-by: rbackman, mgronlun, dholmes ! agent/src/os/linux/ps_core.c Changeset: f33c4d0f4c9e Author: dcubed Date: 2012-04-23 11:03 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/f33c4d0f4c9e Merge Changeset: d652a62d6e03 Author: dcubed Date: 2012-03-23 11:50 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/d652a62d6e03 7102323: RFE: enable Full Debug Symbols Phase 1 on Solaris Summary: Add support for ENABLE_FULL_DEBUG_SYMBOLS and ZIP_DEBUGINFO_FILES build flags. Add support for .diz files. Reviewed-by: dholmes, ohair, sspitsyn ! make/Makefile ! make/linux/Makefile ! make/linux/makefiles/buildtree.make ! make/linux/makefiles/defs.make ! make/linux/makefiles/gcc.make ! make/linux/makefiles/jsig.make ! make/linux/makefiles/saproc.make ! make/linux/makefiles/vm.make ! make/solaris/Makefile ! make/solaris/makefiles/buildtree.make ! make/solaris/makefiles/defs.make ! make/solaris/makefiles/dtrace.make ! make/solaris/makefiles/jsig.make ! make/solaris/makefiles/saproc.make ! make/solaris/makefiles/sparcWorks.make ! make/solaris/makefiles/vm.make ! make/windows/build.make ! make/windows/makefiles/compile.make ! make/windows/makefiles/debug.make ! make/windows/makefiles/defs.make ! make/windows/makefiles/fastdebug.make ! make/windows/makefiles/product.make ! make/windows/makefiles/sa.make Changeset: 744728c16316 Author: dcubed Date: 2012-04-03 09:48 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/744728c16316 7158067: FDS: ENABLE_FULL_DEBUG_SYMBOLS flag should only affect product builds Summary: Build option FULL_DEBUG_SYMBOLS=0 only affects product builds. Reviewed-by: ohair, jmelvin, sspitsyn ! make/Makefile ! make/linux/Makefile ! make/linux/makefiles/defs.make ! make/solaris/Makefile ! make/solaris/makefiles/defs.make ! make/windows/makefiles/defs.make Changeset: 74c359c4a9e5 Author: dcubed Date: 2012-04-24 15:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/74c359c4a9e5 Merge ! make/Makefile ! make/linux/Makefile ! make/linux/makefiles/buildtree.make ! make/linux/makefiles/defs.make ! make/linux/makefiles/gcc.make ! make/linux/makefiles/vm.make ! make/solaris/makefiles/buildtree.make ! make/solaris/makefiles/defs.make ! make/solaris/makefiles/sparcWorks.make ! make/solaris/makefiles/vm.make ! make/windows/build.make ! make/windows/makefiles/compile.make ! make/windows/makefiles/debug.make ! make/windows/makefiles/defs.make ! make/windows/makefiles/fastdebug.make ! make/windows/makefiles/product.make Changeset: d6c393b0164b Author: dcubed Date: 2012-04-25 15:06 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/d6c393b0164b 7164344: enabling ZIP_DEBUGINFO_FILES causes unexpected test failures on Solaris and Windows Summary: Disable FDS by default on Solaris; disable ZIP_DEBUGINFO_FILES by default on Windows. Reviewed-by: acorn, sspitsyn ! make/solaris/makefiles/defs.make ! make/windows/makefiles/defs.make Changeset: 973046802b6f Author: dlong Date: 2012-04-26 16:24 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/973046802b6f 7162955: Attach api on Solaris, too many open files Summary: Release server-side socket after client receives it. Reviewed-by: sla, dsamersoff, dcubed, acorn Contributed-by: dean.long at oracle.com ! src/os/solaris/vm/attachListener_solaris.cpp Changeset: 6f0612ea55ce Author: jprovino Date: 2012-05-02 15:47 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/6f0612ea55ce Merge Changeset: 9f059abe8cf2 Author: jmasa Date: 2012-03-29 19:46 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/9f059abe8cf2 7131629: Generalize the CMS free list code Summary: Make the FreeChunk, FreeList, TreeList, and BinaryTreeDictionary classes usable outside CMS. Reviewed-by: brutisso, johnc, jwilhelm Contributed-by: coleen.phillimore at oracle.com - src/share/vm/gc_implementation/concurrentMarkSweep/binaryTreeDictionary.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/binaryTreeDictionary.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/cmsPermGen.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/cmsPermGen.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeBlockDictionary.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeBlockDictionary.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/freeChunk.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeList.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeList.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/vmStructs_cms.hpp + src/share/vm/memory/binaryTreeDictionary.cpp + src/share/vm/memory/binaryTreeDictionary.hpp + src/share/vm/memory/freeBlockDictionary.cpp + src/share/vm/memory/freeBlockDictionary.hpp + src/share/vm/memory/freeList.cpp + src/share/vm/memory/freeList.hpp ! src/share/vm/memory/generationSpec.cpp ! src/share/vm/precompiled/precompiled.hpp ! src/share/vm/runtime/vmStructs.cpp Changeset: 8a2e5a6a19a4 Author: johnc Date: 2012-04-25 10:23 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/8a2e5a6a19a4 7143490: G1: Remove HeapRegion::_top_at_conc_mark_count Summary: Removed the HeapRegion::_top_at_conc_mark_count field. It is no longer needed as a result of the changes for 6888336 and 7127706. Refactored the closures that finalize and verify the liveness counting data so that common functionality was placed into a base class. Reviewed-by: brutisso, tonyp ! src/share/vm/gc_implementation/g1/concurrentMark.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp ! src/share/vm/gc_implementation/g1/heapRegion.cpp ! src/share/vm/gc_implementation/g1/heapRegion.hpp ! src/share/vm/gc_implementation/g1/heapRegion.inline.hpp Changeset: f69a5d43dc19 Author: jmasa Date: 2012-04-25 09:55 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/f69a5d43dc19 7164144: Fix variable naming style in freeBlockDictionary.* and binaryTreeDictionary* Summary: Fix naming style to be consistent with the predominant hotspot style. Reviewed-by: ysr, brutisso ! src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/freeChunk.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/promotionInfo.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/promotionInfo.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/vmStructs_cms.hpp ! src/share/vm/gc_implementation/shared/allocationStats.hpp ! src/share/vm/memory/binaryTreeDictionary.cpp ! src/share/vm/memory/binaryTreeDictionary.hpp ! src/share/vm/memory/freeBlockDictionary.cpp ! src/share/vm/memory/freeBlockDictionary.hpp ! src/share/vm/memory/freeList.cpp ! src/share/vm/memory/freeList.hpp Changeset: ee89f2110312 Author: jmasa Date: 2012-04-25 15:51 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ee89f2110312 Merge Changeset: 48fac5d60c3c Author: brutisso Date: 2012-04-25 12:36 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/48fac5d60c3c 7163848: G1: Log GC Cause for a GC Reviewed-by: johnc, jwilhelm, jmasa ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp Changeset: bb18e8eecb7e Author: jcoomes Date: 2012-05-04 10:46 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/bb18e8eecb7e Merge - src/share/vm/gc_implementation/concurrentMarkSweep/binaryTreeDictionary.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/binaryTreeDictionary.hpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeBlockDictionary.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeBlockDictionary.hpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeList.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeList.hpp Changeset: 7d5ec8bf38d1 Author: amurillo Date: 2012-05-04 14:10 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/7d5ec8bf38d1 Merge - src/share/vm/gc_implementation/concurrentMarkSweep/binaryTreeDictionary.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/binaryTreeDictionary.hpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeBlockDictionary.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeBlockDictionary.hpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeList.cpp - src/share/vm/gc_implementation/concurrentMarkSweep/freeList.hpp Changeset: 4e6554041847 Author: amurillo Date: 2012-05-04 14:10 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/4e6554041847 Added tag hs24-b09 for changeset 7d5ec8bf38d1 ! .hgtags Changeset: 637c3f5f068f Author: amurillo Date: 2012-05-09 14:06 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/637c3f5f068f Merge ! .hgtags Changeset: 3c394919ca69 Author: katleman Date: 2012-05-10 10:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/3c394919ca69 Added tag jdk8-b38 for changeset 637c3f5f068f ! .hgtags From lana.steuck at oracle.com Fri May 11 13:26:12 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Fri, 11 May 2012 20:26:12 +0000 Subject: hg: jdk8/tl/jdk: 26 new changesets Message-ID: <20120511203038.395E8472A8@hg.openjdk.java.net> Changeset: 8e3fb7dd21cd Author: skovatch Date: 2012-04-25 12:18 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8e3fb7dd21cd 7128699: Fix bundle name so it contains the bugfix number in the name. Reviewed-by: robilad ! make/common/Release-macosx.gmk Changeset: 919be2f7fd6e Author: cgruszka Date: 2012-04-27 14:37 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/919be2f7fd6e Merge Changeset: 762661efef30 Author: jgodinez Date: 2012-04-24 13:29 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/762661efef30 7157659: [macosx] Landscape Printing orientation doesn't work Reviewed-by: bae, prr ! src/macosx/native/sun/awt/PrinterView.m Changeset: cdaadcc2c6a4 Author: jgodinez Date: 2012-04-26 13:16 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cdaadcc2c6a4 7013850: Please change the mnemonic assignment system to avoid translation issue Reviewed-by: prr, mfang ! src/share/classes/sun/print/ServiceDialog.java ! src/share/classes/sun/print/resources/serviceui.properties ! src/share/classes/sun/print/resources/serviceui_de.properties ! src/share/classes/sun/print/resources/serviceui_es.properties ! src/share/classes/sun/print/resources/serviceui_fr.properties ! src/share/classes/sun/print/resources/serviceui_it.properties ! src/share/classes/sun/print/resources/serviceui_ja.properties ! src/share/classes/sun/print/resources/serviceui_ko.properties ! src/share/classes/sun/print/resources/serviceui_pt_BR.properties ! src/share/classes/sun/print/resources/serviceui_sv.properties ! src/share/classes/sun/print/resources/serviceui_zh_CN.properties ! src/share/classes/sun/print/resources/serviceui_zh_TW.properties Changeset: c2d29a375871 Author: lana Date: 2012-04-26 18:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c2d29a375871 Merge Changeset: 4a19075bb989 Author: lana Date: 2012-05-02 09:53 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4a19075bb989 Merge Changeset: 44beb8a52aec Author: zhouyx Date: 2012-04-20 10:34 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/44beb8a52aec 7129742: Unable to view focus in Non-Editable TextArea Summary: Make sure the cursor is visible by setVisible(true) Reviewed-by: rupashka, alexp ! src/solaris/classes/sun/awt/X11/XTextAreaPeer.java ! src/solaris/classes/sun/awt/X11/XTextFieldPeer.java + test/java/awt/TextArea/TextAreaCaretVisibilityTest/bug7129742.java Changeset: dfa2ea47257d Author: luchsh Date: 2012-04-20 13:13 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/dfa2ea47257d 7055065: NullPointerException when sorting JTable with empty cell Reviewed-by: rupashka ! src/share/classes/javax/swing/JTable.java + test/javax/swing/JTable/7055065/bug7055065.java Changeset: 738b32fc3ef1 Author: anthony Date: 2012-04-24 17:47 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/738b32fc3ef1 7150109: [macosx] the Frame showed incomplete. Summary: Open-source the tests Reviewed-by: art + test/java/awt/Frame/FrameStateTest/FrameStateTest.html + test/java/awt/Frame/FrameStateTest/FrameStateTest.java Changeset: 9ed029a0326d Author: anthony Date: 2012-04-24 19:12 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9ed029a0326d 7163898: add isLoggable() check to doLog() Summary: Add the check and return immediately if it's false Reviewed-by: anthony, mchung, sla Contributed-by: Nicolas Carranza ! src/share/classes/sun/util/logging/PlatformLogger.java Changeset: 4a0f6ef43a09 Author: anthony Date: 2012-04-24 20:39 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4a0f6ef43a09 7131021: [macosx] Consider using system properties to pass arguments from the launcher to AWT/SplashScreen Summary: Document the environment variables and add tests Reviewed-by: ksrini ! src/macosx/bin/java_md_macosx.c + test/tools/launcher/EnvironmentVariables.java ! test/tools/launcher/TestHelper.java + test/tools/launcher/TestSpecialArgs.java Changeset: 36fd5078198b Author: alexsch Date: 2012-04-25 16:48 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/36fd5078198b 7163482: [macosx] Regtest closed/javax/swing/JTree/4908142/bug4908142.java intermittent failure Reviewed-by: rupashka + test/javax/swing/JTree/4908142/bug4908142.java Changeset: f1d1dab11a06 Author: leonidr Date: 2012-04-25 18:15 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f1d1dab11a06 7154480: [macosx] Not all popup menu items are visible Reviewed-by: art ! src/macosx/classes/sun/lwawt/macosx/LWCToolkit.java ! src/share/classes/javax/swing/JPopupMenu.java ! src/share/classes/sun/awt/SunToolkit.java Changeset: 340cda7e1430 Author: luchsh Date: 2012-04-26 12:39 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/340cda7e1430 7154030: java.awt.Component.hide() does not repaint parent component Reviewed-by: rupashka ! src/share/classes/javax/swing/JComponent.java + test/javax/swing/JComponent/7154030/bug7154030.java Changeset: 6314933aeaa9 Author: alexp Date: 2012-04-26 21:16 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6314933aeaa9 7124210: [macosx] Replacing text in a TextField does generate an extra TextEvent Reviewed-by: serb ! src/macosx/classes/sun/lwawt/LWTextAreaPeer.java ! src/macosx/classes/sun/lwawt/LWTextComponentPeer.java ! src/macosx/classes/sun/lwawt/LWTextFieldPeer.java Changeset: 4184e5cbf46e Author: alexp Date: 2012-04-26 21:25 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4184e5cbf46e 7124328: [macosx] javax.swing.JDesktopPane.getAllFramesInLayer returns unexpected value Reviewed-by: anthony ! src/share/classes/javax/swing/JDesktopPane.java Changeset: d148d3d194af Author: lana Date: 2012-04-26 18:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d148d3d194af Merge Changeset: bbbf4e63562b Author: dcherepanov Date: 2012-05-02 13:53 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/bbbf4e63562b 7154062: [macosx] Mouse cursor isn't updated in applets Reviewed-by: anthony, art ! src/macosx/classes/sun/lwawt/macosx/CCursorManager.java ! src/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java ! src/macosx/native/sun/awt/CCursorManager.m Changeset: 0fad89bd606b Author: alexsch Date: 2012-05-02 17:54 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0fad89bd606b 7154048: [macosx] At least drag twice, the toolbar can be dragged to the left side Reviewed-by: anthony, leonidr ! src/macosx/classes/sun/lwawt/LWWindowPeer.java ! src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java ! src/macosx/native/sun/awt/AWTView.h ! src/macosx/native/sun/awt/AWTView.m ! src/macosx/native/sun/awt/AWTWindow.h ! src/macosx/native/sun/awt/AWTWindow.m + test/java/awt/Mouse/EnterExitEvents/DragWindowOutOfFrameTest.java + test/java/awt/Mouse/EnterExitEvents/DragWindowTest.java + test/java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java ! test/java/awt/regtesthelpers/Util.java Changeset: f906d6068b43 Author: lana Date: 2012-05-02 09:54 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f906d6068b43 Merge Changeset: 717582c056f3 Author: lana Date: 2012-05-02 10:17 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/717582c056f3 Merge - src/macosx/bin/amd64/jvm.cfg - src/share/classes/sun/security/action/LoadLibraryAction.java ! test/tools/launcher/TestHelper.java - test/tools/pack200/dyn.jar - test/tools/pack200/pack200-verifier/src/xmlkit/ClassSyntax.java - test/tools/pack200/pack200-verifier/src/xmlkit/ClassWriter.java - test/tools/pack200/pack200-verifier/src/xmlkit/InstructionAssembler.java - test/tools/pack200/pack200-verifier/src/xmlkit/InstructionSyntax.java Changeset: bc0f9e693620 Author: lana Date: 2012-05-08 13:08 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/bc0f9e693620 Merge - src/macosx/bin/amd64/jvm.cfg - src/share/classes/sun/security/action/LoadLibraryAction.java - test/tools/pack200/dyn.jar - test/tools/pack200/pack200-verifier/src/xmlkit/ClassSyntax.java - test/tools/pack200/pack200-verifier/src/xmlkit/ClassWriter.java - test/tools/pack200/pack200-verifier/src/xmlkit/InstructionAssembler.java - test/tools/pack200/pack200-verifier/src/xmlkit/InstructionSyntax.java Changeset: 185821106403 Author: katleman Date: 2012-05-09 13:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/185821106403 Added tag jdk8-b37 for changeset 9e82ac15ab80 ! .hgtags Changeset: c45f3509a707 Author: katleman Date: 2012-05-09 13:13 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c45f3509a707 Merge - src/macosx/bin/amd64/jvm.cfg - src/share/classes/sun/security/action/LoadLibraryAction.java - test/tools/pack200/dyn.jar - test/tools/pack200/pack200-verifier/src/xmlkit/ClassSyntax.java - test/tools/pack200/pack200-verifier/src/xmlkit/ClassWriter.java - test/tools/pack200/pack200-verifier/src/xmlkit/InstructionAssembler.java - test/tools/pack200/pack200-verifier/src/xmlkit/InstructionSyntax.java Changeset: b5726775b0d8 Author: katleman Date: 2012-05-10 10:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b5726775b0d8 Added tag jdk8-b38 for changeset c45f3509a707 ! .hgtags Changeset: 85d7677a75bf Author: lana Date: 2012-05-11 12:53 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/85d7677a75bf Merge From stuart.marks at oracle.com Fri May 11 14:26:25 2012 From: stuart.marks at oracle.com (stuart.marks at oracle.com) Date: Fri, 11 May 2012 21:26:25 +0000 Subject: hg: jdk8/tl/jdk: 7144861: speed up RMI activation tests Message-ID: <20120511212644.C182F472AA@hg.openjdk.java.net> Changeset: f131d4361faf Author: olagneau Date: 2012-05-11 14:13 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f131d4361faf 7144861: speed up RMI activation tests Reviewed-by: alanb, smarks, dholmes, dmocek ! test/java/rmi/activation/checkusage/CheckUsage.java ! test/java/rmi/testlibrary/ActivationLibrary.java ! test/java/rmi/testlibrary/JavaVM.java ! test/java/rmi/testlibrary/RMID.java ! test/java/rmi/testlibrary/StreamPipe.java ! test/sun/rmi/runtime/Log/6409194/NoConsoleOutput.java From xuelei.fan at oracle.com Mon May 14 03:24:53 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Mon, 14 May 2012 18:24:53 +0800 Subject: code review request, CR 7167988 PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified Message-ID: <4FB0DD75.6040504@oracle.com> Hi, Please review the fix for a synchronization issue of JSSE. webrev: http://cr.openjdk.java.net./~xuelei/7167988/webrev.00/ Cause of the issue: the reverse build did not check for the next trust anchor even if the certificate path is not complete. Thanks, Xuelei From sean.mullan at oracle.com Mon May 14 04:31:47 2012 From: sean.mullan at oracle.com (Sean Mullan) Date: Mon, 14 May 2012 07:31:47 -0400 Subject: code review request, CR 7167988 PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified In-Reply-To: <4FB0DD75.6040504@oracle.com> References: <4FB0DD75.6040504@oracle.com> Message-ID: <4FB0ED23.80601@oracle.com> Looks good. --Sean On 5/14/12 6:24 AM, Xuelei Fan wrote: > Hi, > > Please review the fix for a synchronization issue of JSSE. > > webrev: http://cr.openjdk.java.net./~xuelei/7167988/webrev.00/ > > Cause of the issue: the reverse build did not check for the next trust > anchor even if the certificate path is not complete. > > Thanks, > Xuelei From xuelei.fan at oracle.com Mon May 14 07:27:51 2012 From: xuelei.fan at oracle.com (xuelei.fan at oracle.com) Date: Mon, 14 May 2012 14:27:51 +0000 Subject: hg: jdk8/tl/jdk: 7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified Message-ID: <20120514142802.3D861472EA@hg.openjdk.java.net> Changeset: df3152beef2f Author: xuelei Date: 2012-05-14 07:26 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/df3152beef2f 7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified Reviewed-by: mullan ! src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java + test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java From kurchi.subhra.hazra at oracle.com Tue May 15 11:52:37 2012 From: kurchi.subhra.hazra at oracle.com (kurchi.subhra.hazra at oracle.com) Date: Tue, 15 May 2012 18:52:37 +0000 Subject: hg: jdk8/tl/jdk: 7164636: (prefs) Cleanup src/macosx/classes/java/util/prefs Message-ID: <20120515185255.5F19F47323@hg.openjdk.java.net> Changeset: 9a18e318f95a Author: khazra Date: 2012-05-15 11:51 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9a18e318f95a 7164636: (prefs) Cleanup src/macosx/classes/java/util/prefs Summary: Remove rawtype usages and other code cleanup Reviewed-by: chegar, briangoetz ! src/macosx/classes/java/util/prefs/MacOSXPreferences.java ! src/macosx/classes/java/util/prefs/MacOSXPreferencesFactory.java ! src/macosx/classes/java/util/prefs/MacOSXPreferencesFile.java From alan.bateman at oracle.com Wed May 16 04:45:16 2012 From: alan.bateman at oracle.com (alan.bateman at oracle.com) Date: Wed, 16 May 2012 11:45:16 +0000 Subject: hg: jdk8/tl/jdk: 7168505: (bf) MappedByteBuffer.load does not load buffer's content into memory Message-ID: <20120516114536.A425D4734C@hg.openjdk.java.net> Changeset: 332bebb463d1 Author: alanb Date: 2012-05-16 12:43 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/332bebb463d1 7168505: (bf) MappedByteBuffer.load does not load buffer's content into memory Reviewed-by: mduigou, forax ! src/share/classes/java/nio/MappedByteBuffer.java From dmitriy.samersoff at oracle.com Tue May 15 05:49:20 2012 From: dmitriy.samersoff at oracle.com (dmitriy.samersoff at oracle.com) Date: Tue, 15 May 2012 12:49:20 +0000 Subject: hg: jdk8/tl/jdk: 7164191: properties.putAll API may fail with ConcurrentModifcationException on multi-thread scenario Message-ID: <20120515124941.2EF834731A@hg.openjdk.java.net> Changeset: df33f5f750ec Author: dsamersoff Date: 2012-05-15 16:46 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/df33f5f750ec 7164191: properties.putAll API may fail with ConcurrentModifcationException on multi-thread scenario Reviewed-by: dholmes, sla Contributed-by: Deven You ! src/share/classes/sun/management/Agent.java + test/sun/management/AgentCMETest.java From xuelei.fan at oracle.com Thu May 17 05:54:46 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Thu, 17 May 2012 20:54:46 +0800 Subject: Code review request, 7145960 sun/security/mscapi/ShortRSAKey1024.sh failing on windows Message-ID: <4FB4F516.5070206@oracle.com> Hi, Please review the fix of test cases in Windows. webrev: http://cr.openjdk.java.net./~xuelei/7145960/webrev.00/ Cause of the issue: when keytool cannot generate key pairs in Windows system, we should exit the testing. Thanks, Xuelei From vincent.x.ryan at oracle.com Thu May 17 06:24:45 2012 From: vincent.x.ryan at oracle.com (Vincent Ryan) Date: Thu, 17 May 2012 14:24:45 +0100 Subject: Code review request, 7145960 sun/security/mscapi/ShortRSAKey1024.sh failing on windows In-Reply-To: <4FB4F516.5070206@oracle.com> References: <4FB4F516.5070206@oracle.com> Message-ID: <4FB4FC1D.8030303@oracle.com> Your fix looks fine. However you don't need to modify the file-separator on Windows - both forms are supported in pathnames. On 05/17/12 01:54 PM, Xuelei Fan wrote: > Hi, > > Please review the fix of test cases in Windows. > > webrev: http://cr.openjdk.java.net./~xuelei/7145960/webrev.00/ > > Cause of the issue: when keytool cannot generate key pairs in Windows > system, we should exit the testing. > > Thanks, > Xuelei From daniel.daugherty at oracle.com Thu May 17 07:59:51 2012 From: daniel.daugherty at oracle.com (daniel.daugherty at oracle.com) Date: Thu, 17 May 2012 14:59:51 +0000 Subject: hg: jdk8/tl/jdk: 7168520: No jdk8 TL Nightly linux builds due to broken link in b39-2012-05-13_231 Message-ID: <20120517150002.474624738B@hg.openjdk.java.net> Changeset: ce165aa48dcb Author: dcubed Date: 2012-05-17 06:26 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ce165aa48dcb 7168520: No jdk8 TL Nightly linux builds due to broken link in b39-2012-05-13_231 Summary: ZIP libjsig.debuginfo links into libjsig.diz files since aurora doesn't like dangling symlinks Reviewed-by: katleman ! make/java/redist/Makefile From bradford.wetmore at oracle.com Thu May 17 10:02:04 2012 From: bradford.wetmore at oracle.com (Bradford Wetmore) Date: Thu, 17 May 2012 10:02:04 -0700 Subject: Code review request, 7145960 sun/security/mscapi/ShortRSAKey1024.sh failing on windows In-Reply-To: <4FB4FC1D.8030303@oracle.com> References: <4FB4F516.5070206@oracle.com> <4FB4FC1D.8030303@oracle.com> Message-ID: <4FB52F0C.4080707@oracle.com> Looks good to me also. Brad On 5/17/2012 6:24 AM, Vincent Ryan wrote: > Your fix looks fine. However you don't need to modify the file-separator > on Windows - both forms are supported in pathnames. > > > On 05/17/12 01:54 PM, Xuelei Fan wrote: >> Hi, >> >> Please review the fix of test cases in Windows. >> >> webrev: http://cr.openjdk.java.net./~xuelei/7145960/webrev.00/ >> >> Cause of the issue: when keytool cannot generate key pairs in Windows >> system, we should exit the testing. >> >> Thanks, >> Xuelei > From valerie.peng at oracle.com Thu May 17 11:51:06 2012 From: valerie.peng at oracle.com (Valerie (Yu-Ching) Peng) Date: Thu, 17 May 2012 11:51:06 -0700 Subject: Code Review Request for 7169496 Message-ID: <4FB5489A.2000308@oracle.com> Vinnie, Can you please review this? http://cr.openjdk.java.net./~valeriep/7169496/webrev.00/ The changes are quite straight forward - remove SHA224withRSA sig due to the lack of window alg id. Thanks, Valerie From rob.mckenna at oracle.com Thu May 17 14:40:58 2012 From: rob.mckenna at oracle.com (rob.mckenna at oracle.com) Date: Thu, 17 May 2012 21:40:58 +0000 Subject: hg: jdk8/tl/jdk: 7168110: Misleading jstack error message Message-ID: <20120517214108.601F94739F@hg.openjdk.java.net> Changeset: 178c480998b1 Author: robm Date: 2012-05-17 22:42 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/178c480998b1 7168110: Misleading jstack error message Reviewed-by: alanb, dsamersoff ! src/windows/native/sun/tools/attach/WindowsVirtualMachine.c From vincent.x.ryan at oracle.com Thu May 17 16:03:27 2012 From: vincent.x.ryan at oracle.com (Vincent Ryan) Date: Fri, 18 May 2012 00:03:27 +0100 Subject: Code Review Request for 7169496 In-Reply-To: <4FB5489A.2000308@oracle.com> References: <4FB5489A.2000308@oracle.com> Message-ID: <4FB583BF.102@oracle.com> Those changes look fine. Thanks. On 17/05/2012 19:51, Valerie (Yu-Ching) Peng wrote: > Vinnie, > > Can you please review this? > http://cr.openjdk.java.net./~valeriep/7169496/webrev.00/ > > The changes are quite straight forward - remove SHA224withRSA sig due to > the lack of window alg id. > Thanks, > Valerie From xuelei.fan at oracle.com Thu May 17 22:00:42 2012 From: xuelei.fan at oracle.com (xuelei.fan at oracle.com) Date: Fri, 18 May 2012 05:00:42 +0000 Subject: hg: jdk8/tl/jdk: 7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows Message-ID: <20120518050052.B838E473D0@hg.openjdk.java.net> Changeset: 9fe6ebbe5895 Author: xuelei Date: 2012-05-17 21:59 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9fe6ebbe5895 7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows Reviewed-by: vinnie, wetmore ! test/sun/security/mscapi/ShortRSAKey1024.sh ! test/sun/security/mscapi/ShortRSAKey512.sh ! test/sun/security/mscapi/ShortRSAKey768.sh From weijun.wang at oracle.com Fri May 18 03:08:27 2012 From: weijun.wang at oracle.com (Weijun Wang) Date: Fri, 18 May 2012 18:08:27 +0800 Subject: code review request: 7162687: enhance KDC server availability detection In-Reply-To: <4F8F849F.3050602@oracle.com> References: <4F8F849F.3050602@oracle.com> Message-ID: <4FB61F9B.5090000@oracle.com> Hi Valerie Webrev updated: http://cr.openjdk.java.net/~weijun/7162687/webrev.01/ Summary: KdcComm.java and NetClient.java 1. Make NetClient AutoCloseable, use try-with-resources. 2. Add a connect() after UDP socket is created, this ensures an immediate PortUnreachableException if the server is not on. When this exception is seen, we won't try the same KDC again. 3. Now we have try { dgSocket.receive(dgPacketIn); } catch (SocketException e) { + if (e instanceof PortUnreachableException) { + throw e; + } dgSocket.receive(dgPacketIn); } Here I have no idea what benefit the original code gets by retrying receive(). This code has been there at the very beginning. I simply add a new exception check. test/sun/security/krb5/auto/Unreachable.java test/sun/security/krb5/auto/unreachable.krb5.conf New test. With PortUnreachableException, the test should finish in a very short time without waiting for 3 timeouts. Hopefully no process is waiting on those 3 ports I hard code. test/ProblemList.txt PortUnreachableException is not available on Mac, new test won't work there. test/sun/security/krb5/auto/BadKdc.java test/sun/security/krb5/auto/MaxRetries.java Old tests need to be updated. Start a dummy DatagramSocket to trigger the TimeoutException. test/sun/security/krb5/auto/TcpTimeout.java The test checks for time elapse but quite a lot of our test machines are virtual machines and Windows guests always get timing wrong. Remove that check. Thanks Max On 04/19/2012 11:21 AM, Weijun Wang wrote: > Hi Valerie > > Please take a review at > > http://cr.openjdk.java.net/~weijun/7162687/webrev.00/ > > Basically I add a connect() before send/receive and if a KDC UDP server > is not on, an ICMP Port Unreachable message will be received > immediately, and there will be no more retry on the same KDC. > > In the tests, an idle DatagramSocket must be created to avoid the ICMP > message being sent. I also enhance the BadKdc tests to check the new > behavior: When no idle DatagramSocket is created, there are no more > retries on the same KDC, but you can still see krb5.kdc.bad.policy working. > > Thanks > Max > > > -------- Original Message -------- > *Change Request ID*: 7162687 > *Synopsis*: enhance KDC server availability detection > > Product: java > Category: java > Subcategory: classes_security > Type: RFE > > === *Description* > ============================================================ > Currently if there are multiple KDCs defined for a realm, we send UDP > request to each one and wait for reply, when no reply is received, we > retry. After several unsuccessful retries, we go on to the next KDC. The > timeout for the wait is normally 30 seconds. If the KDCs defined are not > all turned on, the time spent to finally get a response might be very > long. This is especially true for customers having a main KDC and > several slave KDCs and the main KDC is in maintenance. > > In fact, there is a better way to detect if the KDC server is on by > connect() to it first. In this way, an IMCP PortUnreachableException > will be thrown in a later send/receive method immediately. Also, when > this exception is thrown, we can be sure that the KDC server is off and > there is no need to retry this one. > > Please note that if a KDC is on but for various reasons it cannot reply > in a timely manner, we will still wait for the timeout and do a retry. > > *** (#1 of 1): 2012-04-19 02:56:04 GMT+00:00 weijun.wang at oracle.com > *** Last Edit: 2012-04-19 02:57:44 GMT+00:00 weijun.wang at oracle.com > From valerie.peng at oracle.com Fri May 18 12:49:05 2012 From: valerie.peng at oracle.com (valerie.peng at oracle.com) Date: Fri, 18 May 2012 19:49:05 +0000 Subject: hg: jdk8/tl/jdk: 7169496: Problem with the SHA-224 support for SunMSCAPI provider Message-ID: <20120518194916.6B505473ED@hg.openjdk.java.net> Changeset: af1030be726a Author: valeriep Date: 2012-05-18 12:29 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/af1030be726a 7169496: Problem with the SHA-224 support for SunMSCAPI provider Summary: Remove SHA224withRSA signature from SunMSCAPI provider due to lack of windows support. Reviewed-by: vinnie ! src/windows/classes/sun/security/mscapi/RSASignature.java ! src/windows/classes/sun/security/mscapi/SunMSCAPI.java ! test/sun/security/mscapi/SignUsingNONEwithRSA.java ! test/sun/security/mscapi/SignUsingSHA2withRSA.java From weijun.wang at oracle.com Sun May 20 19:52:26 2012 From: weijun.wang at oracle.com (Weijun Wang) Date: Mon, 21 May 2012 10:52:26 +0800 Subject: code review request: 7170308: timing error in the krb5 test SSL.java In-Reply-To: <19587772.1337566459078.JavaMail.sbladm@swsblss4-new.central.sun.com> References: <19587772.1337566459078.JavaMail.sbladm@swsblss4-new.central.sun.com> Message-ID: <4FB9ADEA.6070504@oracle.com> Hi Xuelei I've adopted your style of synchronizing the SSL client and server. Please take a review at http://cr.openjdk.java.net/~weijun/7170308/webrev.00/ Noreg-self. Thanks Max On 05/21/2012 10:14 AM, weijun.wang at oracle.com wrote: > *Change Request ID*: 7170308 > *Synopsis*: timing error in the krb5 test SSL.java > > === *Description* ============================================================ > In the test the client side waits 2 seconds for the server to start, but on some machines this is still not enough. We should using a flag to synchronize their actions. > From xuelei.fan at oracle.com Sun May 20 20:23:07 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Mon, 21 May 2012 11:23:07 +0800 Subject: code review request: 7170308: timing error in the krb5 test SSL.java In-Reply-To: <4FB9ADEA.6070504@oracle.com> References: <19587772.1337566459078.JavaMail.sbladm@swsblss4-new.central.sun.com> <4FB9ADEA.6070504@oracle.com> Message-ID: <4FB9B51B.6030707@oracle.com> A minor comment. There may be a potential dead loop in client/main block. If the server runs into exception before set the serverReady, the client will deadly wait for the setting. I think it may be a little safer to have the set of serverReady in a final clause. try { SSLServerSocketFactory sslssf = ... } finally { serverReady = true; } Xuelei On 5/21/2012 10:52 AM, Weijun Wang wrote: > Hi Xuelei > > I've adopted your style of synchronizing the SSL client and server. > Please take a review at > > http://cr.openjdk.java.net/~weijun/7170308/webrev.00/ > > Noreg-self. > > Thanks > Max > > On 05/21/2012 10:14 AM, weijun.wang at oracle.com wrote: >> *Change Request ID*: 7170308 >> *Synopsis*: timing error in the krb5 test SSL.java >> >> === *Description* >> ============================================================ >> In the test the client side waits 2 seconds for the server to start, >> but on some machines this is still not enough. We should using a flag >> to synchronize their actions. >> From weijun.wang at oracle.com Sun May 20 22:43:00 2012 From: weijun.wang at oracle.com (Weijun Wang) Date: Mon, 21 May 2012 13:43:00 +0800 Subject: code review request: 7170308: timing error in the krb5 test SSL.java In-Reply-To: <4FB9B51B.6030707@oracle.com> References: <19587772.1337566459078.JavaMail.sbladm@swsblss4-new.central.sun.com> <4FB9ADEA.6070504@oracle.com> <4FB9B51B.6030707@oracle.com> Message-ID: <4FB9D5E4.2020303@oracle.com> How about this? http://cr.openjdk.java.net/~weijun/7170308/webrev.01/ The flag is now a state. Thanks Max On 05/21/2012 11:23 AM, Xuelei Fan wrote: > A minor comment. > > There may be a potential dead loop in client/main block. If the server > runs into exception before set the serverReady, the client will deadly > wait for the setting. > > I think it may be a little safer to have the set of serverReady in a > final clause. > > try { > SSLServerSocketFactory sslssf = > ... > } finally { > serverReady = true; > } > > Xuelei > > On 5/21/2012 10:52 AM, Weijun Wang wrote: >> Hi Xuelei >> >> I've adopted your style of synchronizing the SSL client and server. >> Please take a review at >> >> http://cr.openjdk.java.net/~weijun/7170308/webrev.00/ >> >> Noreg-self. >> >> Thanks >> Max >> >> On 05/21/2012 10:14 AM, weijun.wang at oracle.com wrote: >>> *Change Request ID*: 7170308 >>> *Synopsis*: timing error in the krb5 test SSL.java >>> >>> === *Description* >>> ============================================================ >>> In the test the client side waits 2 seconds for the server to start, >>> but on some machines this is still not enough. We should using a flag >>> to synchronize their actions. >>> > From xuelei.fan at oracle.com Sun May 20 23:02:50 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Mon, 21 May 2012 14:02:50 +0800 Subject: code review request: 7170308: timing error in the krb5 test SSL.java In-Reply-To: <4FB9D5E4.2020303@oracle.com> References: <19587772.1337566459078.JavaMail.sbladm@swsblss4-new.central.sun.com> <4FB9ADEA.6070504@oracle.com> <4FB9B51B.6030707@oracle.com> <4FB9D5E4.2020303@oracle.com> Message-ID: <4FB9DA8A.7040304@oracle.com> Looks fine to me. Xuelei On 5/21/2012 1:43 PM, Weijun Wang wrote: > How about this? > > http://cr.openjdk.java.net/~weijun/7170308/webrev.01/ > > The flag is now a state. > > Thanks > Max > > On 05/21/2012 11:23 AM, Xuelei Fan wrote: >> A minor comment. >> >> There may be a potential dead loop in client/main block. If the server >> runs into exception before set the serverReady, the client will deadly >> wait for the setting. >> >> I think it may be a little safer to have the set of serverReady in a >> final clause. >> >> try { >> SSLServerSocketFactory sslssf = >> ... >> } finally { >> serverReady = true; >> } >> >> Xuelei >> >> On 5/21/2012 10:52 AM, Weijun Wang wrote: >>> Hi Xuelei >>> >>> I've adopted your style of synchronizing the SSL client and server. >>> Please take a review at >>> >>> http://cr.openjdk.java.net/~weijun/7170308/webrev.00/ >>> >>> Noreg-self. >>> >>> Thanks >>> Max >>> >>> On 05/21/2012 10:14 AM, weijun.wang at oracle.com wrote: >>>> *Change Request ID*: 7170308 >>>> *Synopsis*: timing error in the krb5 test SSL.java >>>> >>>> === *Description* >>>> ============================================================ >>>> In the test the client side waits 2 seconds for the server to start, >>>> but on some machines this is still not enough. We should using a flag >>>> to synchronize their actions. >>>> >> From weijun.wang at oracle.com Mon May 21 00:41:17 2012 From: weijun.wang at oracle.com (weijun.wang at oracle.com) Date: Mon, 21 May 2012 07:41:17 +0000 Subject: hg: jdk8/tl/jdk: 7170308: timing error in the krb5 test SSL.java Message-ID: <20120521074127.D574B47424@hg.openjdk.java.net> Changeset: 72af24348b2b Author: weijun Date: 2012-05-21 15:40 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/72af24348b2b 7170308: timing error in the krb5 test SSL.java Reviewed-by: xuelei ! test/sun/security/krb5/auto/SSL.java From alan.bateman at oracle.com Mon May 21 02:42:42 2012 From: alan.bateman at oracle.com (alan.bateman at oracle.com) Date: Mon, 21 May 2012 09:42:42 +0000 Subject: hg: jdk8/tl/jdk: 7170203: TEST_BUG: test/java/nio/MappedByteBuffer/Truncate.java failing intermittently Message-ID: <20120521094309.40EA347426@hg.openjdk.java.net> Changeset: 9cb304dd71d4 Author: alanb Date: 2012-05-21 10:41 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9cb304dd71d4 7170203: TEST_BUG: test/java/nio/MappedByteBuffer/Truncate.java failing intermittently Reviewed-by: chegar ! test/java/nio/MappedByteBuffer/Truncate.java From sean.coffey at oracle.com Mon May 21 03:25:03 2012 From: sean.coffey at oracle.com (=?ISO-8859-1?Q?Se=E1n_Coffey?=) Date: Mon, 21 May 2012 11:25:03 +0100 Subject: RFR: 7169257: Fix for 6424631 only partially ported to JDK 7 & JDK 8 Message-ID: <4FBA17FF.1070803@oracle.com> Recently noticed that the 6424631 fix was not fully ported to the JDK 7 workspace. Porting the changes (to 8 & 7) so that no regression is seen for users migrating to latest JDK families. bug report : http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7169257 webrev : http://cr.openjdk.java.net/~coffeys/webrev.7169257.jdk8/ regards, Sean. From sean.mullan at oracle.com Mon May 21 05:37:08 2012 From: sean.mullan at oracle.com (Sean Mullan) Date: Mon, 21 May 2012 08:37:08 -0400 Subject: RFR: 7169257: Fix for 6424631 only partially ported to JDK 7 & JDK 8 In-Reply-To: <4FBA17FF.1070803@oracle.com> References: <4FBA17FF.1070803@oracle.com> Message-ID: <4FBA36F4.8080407@oracle.com> The changes look good. --Sean On 5/21/12 6:25 AM, Se?n Coffey wrote: > > Recently noticed that the 6424631 fix was not fully ported to the JDK 7 > workspace. Porting the changes (to 8 & 7) so that no regression is seen > for users migrating to latest JDK families. > > bug report : http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7169257 > webrev : http://cr.openjdk.java.net/~coffeys/webrev.7169257.jdk8/ > > regards, > Sean. From sean.coffey at oracle.com Mon May 21 09:04:01 2012 From: sean.coffey at oracle.com (=?ISO-8859-1?Q?Se=E1n_Coffey?=) Date: Mon, 21 May 2012 17:04:01 +0100 Subject: RFR: 7169257: Fix for 6424631 only partially ported to JDK 7 & JDK 8 In-Reply-To: <4FBA36F4.8080407@oracle.com> References: <4FBA17FF.1070803@oracle.com> <4FBA36F4.8080407@oracle.com> Message-ID: <4FBA6771.4060901@oracle.com> Thanks Sean, Further testing has thrown up a testcase failure. (recursion in Policy setup) - This one skipped by me prior to logging RFR. Let me look into it and get back with an updated webrev. Regards, Sean. On 21/05/12 13:37, Sean Mullan wrote: > The changes look good. > > --Sean > > On 5/21/12 6:25 AM, Se?n Coffey wrote: >> Recently noticed that the 6424631 fix was not fully ported to the JDK 7 >> workspace. Porting the changes (to 8& 7) so that no regression is seen >> for users migrating to latest JDK families. >> >> bug report : http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7169257 >> webrev : http://cr.openjdk.java.net/~coffeys/webrev.7169257.jdk8/ >> >> regards, >> Sean. From kumar.x.srinivasan at oracle.com Mon May 21 09:41:15 2012 From: kumar.x.srinivasan at oracle.com (kumar.x.srinivasan at oracle.com) Date: Mon, 21 May 2012 16:41:15 +0000 Subject: hg: jdk8/tl/jdk: 7170087: tools/launcher/Arrghs.java test has wrong bugID for 7151434 Message-ID: <20120521164139.5E9C747444@hg.openjdk.java.net> Changeset: f109feb13698 Author: ksrini Date: 2012-05-21 09:40 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f109feb13698 7170087: tools/launcher/Arrghs.java test has wrong bugID for 7151434 Reviewed-by: ohair ! test/tools/launcher/Arrrghs.java From staffan.larsen at oracle.com Mon May 21 10:29:21 2012 From: staffan.larsen at oracle.com (staffan.larsen at oracle.com) Date: Mon, 21 May 2012 17:29:21 +0000 Subject: hg: jdk8/tl/jdk: 7167157: jcmd command file parsing does not respect the "stop" command Message-ID: <20120521172931.4584047447@hg.openjdk.java.net> Changeset: 0a1ef7e07e01 Author: sla Date: 2012-05-21 19:28 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0a1ef7e07e01 7167157: jcmd command file parsing does not respect the "stop" command Reviewed-by: alanb, dsamersoff, nloodin ! src/share/classes/sun/tools/jcmd/JCmd.java From sean.mullan at oracle.com Tue May 22 09:09:03 2012 From: sean.mullan at oracle.com (Sean Mullan) Date: Tue, 22 May 2012 12:09:03 -0400 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 Message-ID: <4FBBBA1F.1090605@oracle.com> Vinnie, Can you please review my changes for 6854712 (JEP 124). It also includes fixes for a couple of other CRs: 6637288 and 7126011. Other reviewers are welcome too. The webrev: http://cr.openjdk.java.net/~mullan/webrevs/6854712_6637288_7126011/webrev.00/ The CRs: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6854712 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6637288 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7126011 There are a large number of changes, so please let me know if you need additional time, but I would like to push the changes by early next week, if possible. Thanks, Sean From sean.coffey at oracle.com Tue May 22 09:19:37 2012 From: sean.coffey at oracle.com (=?ISO-8859-1?Q?Se=E1n_Coffey?=) Date: Tue, 22 May 2012 17:19:37 +0100 Subject: RFR: 7169257: Fix for 6424631 only partially ported to JDK 7 & JDK 8 In-Reply-To: <4FBA6771.4060901@oracle.com> References: <4FBA17FF.1070803@oracle.com> <4FBA36F4.8080407@oracle.com> <4FBA6771.4060901@oracle.com> Message-ID: <4FBBBC99.7020407@oracle.com> Ok, so I went off today to set up the initial manual unit testcase supplied with 6424631 report. It turns out that 6424631 should no longer be reproducible in 7u or later due to CR 7093090 changes (Reduce synchronization in java.security.Policy.getPolicyNoCheck) The 7093090 changes which went into 7u4 have redesigned the getPolicyNoCheck() method and recursion should no longer be possible there given that we always exit getPolicyNoCheck() with a PolicyInfo with Policy!=null and an initialized value of true. I'm closing 7169257 as not reproducible then. regards, Sean. On 21/05/2012 17:04, Se?n Coffey wrote: > Thanks Sean, > > Further testing has thrown up a testcase failure. (recursion in Policy > setup) - This one skipped by me prior to logging RFR. Let me look into > it and get back with an updated webrev. > > Regards, > Sean. > > > On 21/05/12 13:37, Sean Mullan wrote: >> The changes look good. >> >> --Sean >> >> On 5/21/12 6:25 AM, Se?n Coffey wrote: >>> Recently noticed that the 6424631 fix was not fully ported to the JDK 7 >>> workspace. Porting the changes (to 8& 7) so that no regression is seen >>> for users migrating to latest JDK families. >>> >>> bug report : http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7169257 >>> webrev : http://cr.openjdk.java.net/~coffeys/webrev.7169257.jdk8/ >>> >>> regards, >>> Sean. From james.holmlund at oracle.com Mon May 21 16:16:39 2012 From: james.holmlund at oracle.com (james.holmlund at oracle.com) Date: Mon, 21 May 2012 23:16:39 +0000 Subject: hg: jdk8/tl/langtools: 7157798: Add 6 test scenarios for testing inheritance of multiple same-name methods from mulitple interfaces Message-ID: <20120521231643.477004744C@hg.openjdk.java.net> Changeset: f5dbd6895994 Author: jjh Date: 2012-05-21 16:10 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/f5dbd6895994 7157798: Add 6 test scenarios for testing inheritance of multiple same-name methods from mulitple interfaces Reviewed-by: mcimadamore Contributed-by: sue.wei at oracle.com + test/tools/javac/generics/rawOverride/7157798/Test1.java + test/tools/javac/generics/rawOverride/7157798/Test2.java + test/tools/javac/generics/rawOverride/7157798/Test3.java + test/tools/javac/generics/rawOverride/7157798/Test3.out + test/tools/javac/generics/rawOverride/7157798/Test4.java + test/tools/javac/generics/rawOverride/7157798/Test4.out From schlosna at gmail.com Tue May 22 14:20:54 2012 From: schlosna at gmail.com (David Schlosnagle) Date: Tue, 22 May 2012 17:20:54 -0400 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: <4FBBBA1F.1090605@oracle.com> References: <4FBBBA1F.1090605@oracle.com> Message-ID: On Tue, May 22, 2012 at 12:09 PM, Sean Mullan wrote: > Can you please review my changes for 6854712 (JEP 124). It also includes > fixes for a couple of other CRs: 6637288 and 7126011. Other reviewers are > welcome too. > > The webrev: > http://cr.openjdk.java.net/~mullan/webrevs/6854712_6637288_7126011/webrev.00/ Sean, I had a few random questions and minor comments on this change set. Have you considered any changes to the APIs to add a public boolean isRevocationCheckingSupported() like method that indicates whether use of getRevocationChecker() is supported so that a caller doesn't need to catch the UnsupportedOperationException? src/share/classes/sun/security/provider/certpath/AdjacencyList.java src/share/classes/sun/security/provider/certpath/ForwardState.java src/share/classes/sun/security/provider/certpath/ReverseState.java src/share/classes/sun/security/provider/certpath/Vertex.java src/share/classes/sun/security/provider/certpath/X509CertificatePair.java The toString() methods could benefit from converting string concatenation to StringBuilder.append to avoid unnecessary additional StringBuilders (-XX:+OptimizeStringConcat might take care of these as well). src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java src/share/classes/sun/security/provider/certpath/KeyChecker.java src/share/classes/sun/security/provider/certpath/PolicyChecker.java Are these classes intended to be thread safe? If so, then getSupportedExtensions() has a race on supportedExts instance field and should probably be volatile with double checked lock or thread safe holder idiom. It also seems like the mutable supportedExts could potentially escape under the race, so it might be worth building the supported extensions in a local set and then assigning to this.supportedExts. If they are not expected to be thread safe, you're probably fine although you might still want to avoid escaping mutable state and add JavaDoc similar to what you put in the PKIXRevocationChecker class docs. src/share/classes/sun/security/provider/certpath/OCSPRequest.java Is it worth defining/using a constant for the OCSP OID "1.3.6.1.5.5.7.48.1.2" and using it on line 120 of encodeBytes()? OCSPResponse has a private constant ObjectIdentifier OCSP_NONCE_EXTENSION_OID that could possibly be reused within the package: 136 private static final ObjectIdentifier OCSP_NONCE_EXTENSION_OID = 137 ObjectIdentifier.newInternal(new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 2}); src/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java Stylistic nit - toString could use for-each: 183 for (PolicyNodeImpl node : getChildren()) { 184 buffer.append(node); 185 } src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java In depthFirstSearchForward, the finalCert logic could be optimized to avoid traversing the entire linked list, possibly twice: 559 if (cpList.isEmpty()) { 560 finalCert = builder.trustAnchor.getTrustedCert(); 561 } else { 562 finalCert = cpList.getLast(); 563 } Thanks, Dave From valerie.peng at oracle.com Tue May 22 18:25:13 2012 From: valerie.peng at oracle.com (Valerie (Yu-Ching) Peng) Date: Tue, 22 May 2012 18:25:13 -0700 Subject: code review request: 7162687: enhance KDC server availability detection In-Reply-To: <4FB61F9B.5090000@oracle.com> References: <4F8F849F.3050602@oracle.com> <4FB61F9B.5090000@oracle.com> Message-ID: <4FBC3C79.10502@oracle.com> The source changes look fine. The re-trying receive() part seems not useful, but if you want to be conservative, that's fine with me too. What is the following change for? @compile -XDignore.symbol.file MaxRetries.java BTW, there is typo on line 43, "tp" should be "to" > PortUnreachableException is not available on Mac, new test won't > work there. So, what is the behavior on Mac then? Is it a different type of SocketException or else? Thanks, Valerie On 05/18/12 03:08, Weijun Wang wrote: > Hi Valerie > > Webrev updated: > > http://cr.openjdk.java.net/~weijun/7162687/webrev.01/ > > Summary: > > KdcComm.java and NetClient.java > > 1. Make NetClient AutoCloseable, use try-with-resources. > > 2. Add a connect() after UDP socket is created, this ensures an > immediate PortUnreachableException if the server is not on. When this > exception is seen, we won't try the same KDC again. > > 3. Now we have > > try { > dgSocket.receive(dgPacketIn); > } > catch (SocketException e) { > + if (e instanceof PortUnreachableException) { > + throw e; > + } > dgSocket.receive(dgPacketIn); > } > > Here I have no idea what benefit the original code gets by retrying > receive(). This code has been there at the very beginning. I simply > add a new exception check. > > test/sun/security/krb5/auto/Unreachable.java > test/sun/security/krb5/auto/unreachable.krb5.conf > > New test. With PortUnreachableException, the test should finish in > a very short time without waiting for 3 timeouts. Hopefully no process > is waiting on those 3 ports I hard code. > > test/ProblemList.txt > > PortUnreachableException is not available on Mac, new test won't > work there. > > test/sun/security/krb5/auto/BadKdc.java > test/sun/security/krb5/auto/MaxRetries.java > > Old tests need to be updated. Start a dummy DatagramSocket to > trigger the TimeoutException. > > test/sun/security/krb5/auto/TcpTimeout.java > > The test checks for time elapse but quite a lot of our test > machines are virtual machines and Windows guests always get timing > wrong. Remove that check. > > Thanks > Max > > > On 04/19/2012 11:21 AM, Weijun Wang wrote: >> Hi Valerie >> >> Please take a review at >> >> http://cr.openjdk.java.net/~weijun/7162687/webrev.00/ >> >> Basically I add a connect() before send/receive and if a KDC UDP server >> is not on, an ICMP Port Unreachable message will be received >> immediately, and there will be no more retry on the same KDC. >> >> In the tests, an idle DatagramSocket must be created to avoid the ICMP >> message being sent. I also enhance the BadKdc tests to check the new >> behavior: When no idle DatagramSocket is created, there are no more >> retries on the same KDC, but you can still see krb5.kdc.bad.policy >> working. >> >> Thanks >> Max >> >> >> -------- Original Message -------- >> *Change Request ID*: 7162687 >> *Synopsis*: enhance KDC server availability detection >> >> Product: java >> Category: java >> Subcategory: classes_security >> Type: RFE >> >> === *Description* >> ============================================================ >> Currently if there are multiple KDCs defined for a realm, we send UDP >> request to each one and wait for reply, when no reply is received, we >> retry. After several unsuccessful retries, we go on to the next KDC. The >> timeout for the wait is normally 30 seconds. If the KDCs defined are not >> all turned on, the time spent to finally get a response might be very >> long. This is especially true for customers having a main KDC and >> several slave KDCs and the main KDC is in maintenance. >> >> In fact, there is a better way to detect if the KDC server is on by >> connect() to it first. In this way, an IMCP PortUnreachableException >> will be thrown in a later send/receive method immediately. Also, when >> this exception is thrown, we can be sure that the KDC server is off and >> there is no need to retry this one. >> >> Please note that if a KDC is on but for various reasons it cannot reply >> in a timely manner, we will still wait for the timeout and do a retry. >> >> *** (#1 of 1): 2012-04-19 02:56:04 GMT+00:00 weijun.wang at oracle.com >> *** Last Edit: 2012-04-19 02:57:44 GMT+00:00 weijun.wang at oracle.com >> From weijun.wang at oracle.com Tue May 22 18:46:31 2012 From: weijun.wang at oracle.com (Weijun Wang) Date: Wed, 23 May 2012 09:46:31 +0800 Subject: code review request: 7162687: enhance KDC server availability detection In-Reply-To: <4FBC3C79.10502@oracle.com> References: <4F8F849F.3050602@oracle.com> <4FB61F9B.5090000@oracle.com> <4FBC3C79.10502@oracle.com> Message-ID: <4FBC4177.90707@oracle.com> On 05/23/2012 09:25 AM, Valerie (Yu-Ching) Peng wrote: > > The source changes look fine. The re-trying receive() part seems not > useful, but if you want to be conservative, that's fine with me too. > > What is the following change for? > > @compile -XDignore.symbol.file MaxRetries.java With this line, the compile won't show so many warnings on sun.* class reference. It's not really necessary, but I want to jtr to be cleaner. > > BTW, there is typo on line 43, "tp" should be "to" Oh. > >> PortUnreachableException is not available on Mac, new test won't work >> there. > So, what is the behavior on Mac then? Is it a different type of > SocketException or else? On Mac, connect() does not call the native connect so PUE is not thrown. It simply waits until a SocketTimeoutException is thrown. The reason is 7122794. Thanks Max > > Thanks, > Valerie > > On 05/18/12 03:08, Weijun Wang wrote: >> Hi Valerie >> >> Webrev updated: >> >> http://cr.openjdk.java.net/~weijun/7162687/webrev.01/ >> >> Summary: >> >> KdcComm.java and NetClient.java >> >> 1. Make NetClient AutoCloseable, use try-with-resources. >> >> 2. Add a connect() after UDP socket is created, this ensures an >> immediate PortUnreachableException if the server is not on. When this >> exception is seen, we won't try the same KDC again. >> >> 3. Now we have >> >> try { >> dgSocket.receive(dgPacketIn); >> } >> catch (SocketException e) { >> + if (e instanceof PortUnreachableException) { >> + throw e; >> + } >> dgSocket.receive(dgPacketIn); >> } >> >> Here I have no idea what benefit the original code gets by retrying >> receive(). This code has been there at the very beginning. I simply >> add a new exception check. >> >> test/sun/security/krb5/auto/Unreachable.java >> test/sun/security/krb5/auto/unreachable.krb5.conf >> >> New test. With PortUnreachableException, the test should finish in a >> very short time without waiting for 3 timeouts. Hopefully no process >> is waiting on those 3 ports I hard code. >> >> test/ProblemList.txt >> >> PortUnreachableException is not available on Mac, new test won't work >> there. >> >> test/sun/security/krb5/auto/BadKdc.java >> test/sun/security/krb5/auto/MaxRetries.java >> >> Old tests need to be updated. Start a dummy DatagramSocket to trigger >> the TimeoutException. >> >> test/sun/security/krb5/auto/TcpTimeout.java >> >> The test checks for time elapse but quite a lot of our test machines >> are virtual machines and Windows guests always get timing wrong. >> Remove that check. >> >> Thanks >> Max >> >> >> On 04/19/2012 11:21 AM, Weijun Wang wrote: >>> Hi Valerie >>> >>> Please take a review at >>> >>> http://cr.openjdk.java.net/~weijun/7162687/webrev.00/ >>> >>> Basically I add a connect() before send/receive and if a KDC UDP server >>> is not on, an ICMP Port Unreachable message will be received >>> immediately, and there will be no more retry on the same KDC. >>> >>> In the tests, an idle DatagramSocket must be created to avoid the ICMP >>> message being sent. I also enhance the BadKdc tests to check the new >>> behavior: When no idle DatagramSocket is created, there are no more >>> retries on the same KDC, but you can still see krb5.kdc.bad.policy >>> working. >>> >>> Thanks >>> Max >>> >>> >>> -------- Original Message -------- >>> *Change Request ID*: 7162687 >>> *Synopsis*: enhance KDC server availability detection >>> >>> Product: java >>> Category: java >>> Subcategory: classes_security >>> Type: RFE >>> >>> === *Description* >>> ============================================================ >>> Currently if there are multiple KDCs defined for a realm, we send UDP >>> request to each one and wait for reply, when no reply is received, we >>> retry. After several unsuccessful retries, we go on to the next KDC. The >>> timeout for the wait is normally 30 seconds. If the KDCs defined are not >>> all turned on, the time spent to finally get a response might be very >>> long. This is especially true for customers having a main KDC and >>> several slave KDCs and the main KDC is in maintenance. >>> >>> In fact, there is a better way to detect if the KDC server is on by >>> connect() to it first. In this way, an IMCP PortUnreachableException >>> will be thrown in a later send/receive method immediately. Also, when >>> this exception is thrown, we can be sure that the KDC server is off and >>> there is no need to retry this one. >>> >>> Please note that if a KDC is on but for various reasons it cannot reply >>> in a timely manner, we will still wait for the timeout and do a retry. >>> >>> *** (#1 of 1): 2012-04-19 02:56:04 GMT+00:00 weijun.wang at oracle.com >>> *** Last Edit: 2012-04-19 02:57:44 GMT+00:00 weijun.wang at oracle.com >>> > From xuelei.fan at oracle.com Tue May 22 23:13:28 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Wed, 23 May 2012 14:13:28 +0800 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: <4FBBBA1F.1090605@oracle.com> References: <4FBBBA1F.1090605@oracle.com> Message-ID: <4FBC8008.4000408@oracle.com> C1. flexibility of the API, maybe too later It may be too later, but I was wondering we may be able to consider the CertPathBuilder/CertPathValidator spec changes a little more. There are two types of cert path checker, one is specified by PKIXParameters.addCertPathChecker() explicit; the other one is enabled by the provider implicit, as the pre-defined checkers, including the revocation checker, the certificate basic constraints checker, the algorithm constraints checker in PKIX provider, etc. Except the revocation checker, we may want to expose other pre-defined checker in the future. For example, expose the algorithm constraints checker. So I was wondering, maybe it is more flexible to change the new API of CertPathBuilder from public final CertPathChecker getRevocationChecker() to public final List getDefaultCheckers() At present we only support PKIXRevocationChecker. But once in the future we want to expose more provider implicit checkers, we may not have to define new CertPathBuilder APIs (such as getAlgorithmConstraintsChecker()) any more. Then the new example would look like: CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); List checkers = cpb.getDefaultCheckers(); for (CertPathChecker checker : checkers) { if (checker instanceof PKIXRevocationChecker) { PKIXRevocationChecker rc = (PKIXRevocationChecker)checker; rc.setOptions(EnumSet.of(Option.PREFER_CRLS)); params.addCertPathChecker(rc); } } CertPathBuilderResult cpbr = cpb.build(params); We may need a better name than "getDefaultCheckers". C2. stateless or not? For the new API, public final CertPathChecker getRevocationChecker() It is not defined whether the update on the return value will impact the behaviors of CertPathBuilder/CertPathValidator. In another words, is the return value a reference or a cloned object? I think it is a cloned (or new) object but not a reference. it would be better to describe it in the spec. C3. Minor comments on PKIXCertPathChecker.java It would be nice to add @Override to init(), isForwardCheckingSupported() and check(Certificate, Collection) so that the compilers will help to check the declaration. C4. Very minor comments on package.html Do you want to add OCSP RFC to the "Related Documentation" section? C5. the interactions between PKIXRevocationChecker and PKIXParameters.isRevocationEnabled(). We may have two types of PKIXRevocationChecker instances. One is the default revocation checker, which may be got from CertPathBuilder.getRevocationChecker() (just a maybe, may be not retrievable) . Another one is the non-default revocation checker, which is set by PKIXParameters.addCertPathChecker(). According to the spec, PKIXParameters.isRevocationEnabled() should only impact the default revocation checker, but not the non-default revocation checker. PKIXParameters.isRevocationEnabled() ------------------------------------------------------------- | true | false ------------------------------------------------------------- default revo checker | enabled | disabled ------------------------------------------------------------- non-default revo checker | enabled | enabled ------------------------------------------------------------- That's OK. From the implementation, it seems that the non-default revocation checker will override the default revocation checker. I think we may need a description about the behavior. Otherwise, we may need to use both PKIXParameters.isRevocationEnabled() and the non-default revocation checker. In the class spec of PKIXRevocationChecker, it says, "When supplying a revocation checker in this manner, do not enable the default revocation checking mechanism (by calling {@link PKIXParameters#setRevocationEnabled}." But it does not define the behaviors about what happen if the default revocation checking mechanism is enabled. As the default revocation checking mechanism is enabled by default (see PKIXParameters.setRevocationEnabled(boolean)), if we do not want to define the above behaviors, we must call the following two methods in couple: PKIXParameters.setRevocationEnabled(false); PKIXParameters.addCertPathChecker(PKIXRevocationChecker); Otherwise, the behaviors are not defined. I will try to look into other update tomorrow. Xuelei On 5/23/2012 12:09 AM, Sean Mullan wrote: > Vinnie, > > Can you please review my changes for 6854712 (JEP 124). It also includes > fixes for a couple of other CRs: 6637288 and 7126011. Other reviewers > are welcome too. > > The webrev: > http://cr.openjdk.java.net/~mullan/webrevs/6854712_6637288_7126011/webrev.00/ > > > The CRs: > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6854712 > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6637288 > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7126011 > > There are a large number of changes, so please let me know if you need > additional time, but I would like to push the changes by early next > week, if possible. > > Thanks, > Sean > From weijun.wang at oracle.com Wed May 23 00:52:32 2012 From: weijun.wang at oracle.com (weijun.wang at oracle.com) Date: Wed, 23 May 2012 07:52:32 +0000 Subject: hg: jdk8/tl/jdk: 7162687: enhance KDC server availability detection Message-ID: <20120523075252.C982747490@hg.openjdk.java.net> Changeset: a2fc04c2dfc8 Author: weijun Date: 2012-05-23 15:51 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a2fc04c2dfc8 7162687: enhance KDC server availability detection Reviewed-by: valeriep ! src/share/classes/sun/security/krb5/KdcComm.java ! src/share/classes/sun/security/krb5/internal/NetClient.java ! test/ProblemList.txt ! test/sun/security/krb5/auto/BadKdc.java ! test/sun/security/krb5/auto/MaxRetries.java ! test/sun/security/krb5/auto/TcpTimeout.java + test/sun/security/krb5/auto/Unreachable.java + test/sun/security/krb5/auto/unreachable.krb5.conf From kurchi.subhra.hazra at oracle.com Wed May 23 10:42:35 2012 From: kurchi.subhra.hazra at oracle.com (kurchi.subhra.hazra at oracle.com) Date: Wed, 23 May 2012 17:42:35 +0000 Subject: hg: jdk8/tl/jdk: 7170169: (props) System.getProperty("os.name") should return "Windows 8" when run on Windows 8 Message-ID: <20120523174245.9C036474A0@hg.openjdk.java.net> Changeset: 0c3d9050c918 Author: khazra Date: 2012-05-23 10:41 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0c3d9050c918 7170169: (props) System.getProperty("os.name") should return "Windows 8" when run on Windows 8 Summary: Enable Windows Version 6.2 to be recognized as Windows 8 Reviewed-by: darcy, dholmes, alanb, chegar ! src/windows/native/java/lang/java_props_md.c From sean.mullan at oracle.com Wed May 23 12:03:59 2012 From: sean.mullan at oracle.com (Sean Mullan) Date: Wed, 23 May 2012 15:03:59 -0400 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: References: <4FBBBA1F.1090605@oracle.com> Message-ID: <4FBD349F.7060807@oracle.com> On 5/22/12 5:20 PM, David Schlosnagle wrote: > On Tue, May 22, 2012 at 12:09 PM, Sean Mullan wrote: >> Can you please review my changes for 6854712 (JEP 124). It also includes >> fixes for a couple of other CRs: 6637288 and 7126011. Other reviewers are >> welcome too. >> >> The webrev: >> http://cr.openjdk.java.net/~mullan/webrevs/6854712_6637288_7126011/webrev.00/ > > Sean, > > I had a few random questions and minor comments on this change set. Great. Thanks for taking the time to look them over. > Have you considered any changes to the APIs to add a public boolean > isRevocationCheckingSupported() like method that indicates whether use of > getRevocationChecker() is supported so that a caller doesn't need to catch the > UnsupportedOperationException? I did not -- instead I followed our current practice when adding new methods to the *Spi abstract classes that don't have a reasonable default implementation. See, for example CertificateFactorySpi.engineGenerateCertPath. Let me think about this some more. It might be worth considering something like that but I probably won't make any changes for this current revision. > src/share/classes/sun/security/provider/certpath/AdjacencyList.java > src/share/classes/sun/security/provider/certpath/ForwardState.java > src/share/classes/sun/security/provider/certpath/ReverseState.java > src/share/classes/sun/security/provider/certpath/Vertex.java > src/share/classes/sun/security/provider/certpath/X509CertificatePair.java > The toString() methods could benefit from converting string concatenation > to StringBuilder.append to avoid unnecessary additional StringBuilders > (-XX:+OptimizeStringConcat might take care of these as well). Good point. Will fix. > src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java > src/share/classes/sun/security/provider/certpath/KeyChecker.java > src/share/classes/sun/security/provider/certpath/PolicyChecker.java > Are these classes intended to be thread safe? If so, then > getSupportedExtensions() has a race on supportedExts instance field and > should probably be volatile with double checked lock or thread safe holder > idiom. It also seems like the mutable supportedExts could potentially > escape under the race, so it might be worth building the supported > extensions in a local set and then assigning to this.supportedExts. If they > are not expected to be thread safe, you're probably fine although you might > still want to avoid escaping mutable state and add JavaDoc similar to what > you put in the PKIXRevocationChecker class docs. They are not intended to be thread safe. These are internal classes of the PKIX CertPathBuilder and CertPathValidator implementation. The javadocs document the thread-safeness in the class summary, ex for CertPathValidator: "The static methods of this class are guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects. However, this is not true for the non-static methods defined by this class. Unless otherwise documented by a specific provider, threads that need to access a single CertPathValidator instance concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating a different CertPathValidator instance need not synchronize." These *Checker classes are package-private, so I think the code is ok to leave as-is. If we were to make them public and make them available to applications, then I agree we should fix the escaped mutable state issue you pointed out. > src/share/classes/sun/security/provider/certpath/OCSPRequest.java > Is it worth defining/using a constant for the OCSP OID > "1.3.6.1.5.5.7.48.1.2" and using it on line 120 of encodeBytes()? > OCSPResponse has a > private constant ObjectIdentifier OCSP_NONCE_EXTENSION_OID that could > possibly be reused within the package: > 136 private static final ObjectIdentifier OCSP_NONCE_EXTENSION_OID = > 137 ObjectIdentifier.newInternal(new int[] { 1, 3, 6, 1, 5, > 5, 7, 48, 1, 2}); Good point, will fix. > src/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java > Stylistic nit - toString could use for-each: > 183 for (PolicyNodeImpl node : getChildren()) { > 184 buffer.append(node); > 185 } Good point, will fix. > > src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java > In depthFirstSearchForward, the finalCert logic could be optimized to avoid > traversing the entire linked list, possibly twice: > 559 if (cpList.isEmpty()) { > 560 finalCert = builder.trustAnchor.getTrustedCert(); > 561 } else { > 562 finalCert = cpList.getLast(); > 563 } Thanks, will fix. --Sean From sean.mullan at oracle.com Wed May 23 12:26:02 2012 From: sean.mullan at oracle.com (Sean Mullan) Date: Wed, 23 May 2012 15:26:02 -0400 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: <4FBC8008.4000408@oracle.com> References: <4FBBBA1F.1090605@oracle.com> <4FBC8008.4000408@oracle.com> Message-ID: <4FBD39CA.6060205@oracle.com> Xuelei, Thanks for the comments. On 5/23/12 2:13 AM, Xuelei Fan wrote: > C1. flexibility of the API, maybe too later > > It may be too later, but I was wondering we may be able to consider the > CertPathBuilder/CertPathValidator spec changes a little more. > > There are two types of cert path checker, one is specified by > PKIXParameters.addCertPathChecker() explicit; the other one is enabled > by the provider implicit, as the pre-defined checkers, including the > revocation checker, the certificate basic constraints checker, the > algorithm constraints checker in PKIX provider, etc. > > Except the revocation checker, we may want to expose other pre-defined > checker in the future. For example, expose the algorithm constraints > checker. > > So I was wondering, maybe it is more flexible to change the new API of > CertPathBuilder from > public final CertPathChecker getRevocationChecker() > > to > public final List getDefaultCheckers() I did consider something like this during development: public CertPathChecker getCertPathChecker(String type) where "type" would indicate what type of checker you wanted, ex: "Revocation", "AlgorithmConstraints". In the end I decided not to do that. If we find that it is desirable in the future to expose more CertPathCheckers, then we could easily add a method like the above -- but I don't feel it is necessary yet. > C2. stateless or not? > > For the new API, > public final CertPathChecker getRevocationChecker() > > It is not defined whether the update on the return value will impact the > behaviors of CertPathBuilder/CertPathValidator. In another words, is > the return value a reference or a cloned object? > > I think it is a cloned (or new) object but not a reference. it would be > better to describe it in the spec. It should always be a new object I think. Let me think about it a bit more and I will make that clarification. > C3. Minor comments on PKIXCertPathChecker.java > > It would be nice to add @Override to init(), > isForwardCheckingSupported() and check(Certificate, Collection) > so that the compilers will help to check the declaration. Good point, will fix. It does not apply to check(Certificate, Collection) though, since that is not a method of CertPathChecker. > C4. Very minor comments on package.html > Do you want to add OCSP RFC to the "Related Documentation" section? I don't think it's necessary since it is already referenced in the package specification. I actually think the reference to 5280 is redundant but I'll leave it alone. > C5. the interactions between PKIXRevocationChecker and > PKIXParameters.isRevocationEnabled(). > > We may have two types of PKIXRevocationChecker instances. One is the > default revocation checker, which may be got from > CertPathBuilder.getRevocationChecker() (just a maybe, may be not > retrievable) . Another one is the non-default revocation checker, which > is set by PKIXParameters.addCertPathChecker(). > > According to the spec, PKIXParameters.isRevocationEnabled() should only > impact the default revocation checker, but not the non-default > revocation checker. > > PKIXParameters.isRevocationEnabled() > ------------------------------------------------------------- > | true | false > ------------------------------------------------------------- > default revo checker | enabled | disabled > ------------------------------------------------------------- > non-default revo checker | enabled | enabled > ------------------------------------------------------------- > > That's OK. From the implementation, it seems that the non-default > revocation checker will override the default revocation checker. I think > we may need a description about the behavior. Otherwise, we may need to > use both PKIXParameters.isRevocationEnabled() and the non-default > revocation checker. > > In the class spec of PKIXRevocationChecker, it says, "When supplying a > revocation checker in this manner, do not enable the default revocation > checking mechanism (by calling {@link > PKIXParameters#setRevocationEnabled}." Oops, good catch. That sentence is no longer correct. If you add a PKIXRevocationChecker to your PKIXParameters, that's what is going to be used to check revocation, regardless of the setting of the PKIXParameters.isRevocationEnabled flag. > But it does not define the > behaviors about what happen if the default revocation checking mechanism > is enabled. As the default revocation checking mechanism is enabled by > default (see PKIXParameters.setRevocationEnabled(boolean)), if we do not > want to define the above behaviors, we must call the following two > methods in couple: > PKIXParameters.setRevocationEnabled(false); > PKIXParameters.addCertPathChecker(PKIXRevocationChecker); > > Otherwise, the behaviors are not defined. Right, I did not want the caller to have to call PKIXParameters.setRevocationEnabled(false); - it is too confusing. Some clarifications are in order - will work on that. > I will try to look into other update tomorrow. Ok, thanks. --Sean From alan.bateman at oracle.com Thu May 24 05:44:52 2012 From: alan.bateman at oracle.com (alan.bateman at oracle.com) Date: Thu, 24 May 2012 12:44:52 +0000 Subject: hg: jdk8/tl/jdk: 7169050: (se) Selector.select slow on Solaris due to insertion of POLLREMOVE and 0 events Message-ID: <20120524124502.74760474C1@hg.openjdk.java.net> Changeset: 21703d431217 Author: alanb Date: 2012-05-24 10:57 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/21703d431217 7169050: (se) Selector.select slow on Solaris due to insertion of POLLREMOVE and 0 events Reviewed-by: chegar, coffeys ! src/solaris/classes/sun/nio/ch/DevPollArrayWrapper.java ! src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c From alan.bateman at oracle.com Thu May 24 06:45:35 2012 From: alan.bateman at oracle.com (alan.bateman at oracle.com) Date: Thu, 24 May 2012 13:45:35 +0000 Subject: hg: jdk8/tl/jdk: 7160725: Strange or obsolete @see tags in some exception java.lang javadoc Message-ID: <20120524134553.D7082474C5@hg.openjdk.java.net> Changeset: a11c964d1319 Author: jgish Date: 2012-05-24 14:44 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a11c964d1319 7160725: Strange or obsolete @see tags in some exception java.lang javadoc Summary: update javadoc for IllegalArgumentException and NumberFormatException Reviewed-by: alanb ! src/share/classes/java/lang/IllegalArgumentException.java From nils.loodin at oracle.com Thu May 24 07:21:40 2012 From: nils.loodin at oracle.com (nils.loodin at oracle.com) Date: Thu, 24 May 2012 14:21:40 +0000 Subject: hg: jdk8/tl/jdk: 2 new changesets Message-ID: <20120524142201.04CAA474C6@hg.openjdk.java.net> Changeset: 5ec5588c733d Author: nloodin Date: 2012-05-24 09:32 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5ec5588c733d 7143353: -Xrunhprof fails in Java 7 due to bad switch Reviewed-by: jrose, sspitsyn ! src/share/demo/jvmti/java_crw_demo/java_crw_demo.c ! src/share/javavm/export/classfile_constants.h Changeset: 1c869c799ef9 Author: nloodin Date: 2012-05-24 10:20 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1c869c799ef9 Merge From xuelei.fan at oracle.com Thu May 24 18:05:44 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Fri, 25 May 2012 09:05:44 +0800 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: <4FBD39CA.6060205@oracle.com> References: <4FBBBA1F.1090605@oracle.com> <4FBC8008.4000408@oracle.com> <4FBD39CA.6060205@oracle.com> Message-ID: <4FBEDAE8.5060203@oracle.com> On 5/24/2012 3:26 AM, Sean Mullan wrote: >> I will try to look into other update tomorrow. A. Can I extend a PKIXRevocationChecker? Both the cert path builder and validator depends on CertPathParameters. CertPathBuilder.build(CertPathParameters params) CertPathValidator.validate(CertPath, CertPathParameters params) However, the checker is independent from CertPathParameters. The check method only has one parameter, the certificate to be checked. CertPathChecker.check(Certificate) When I want to implement a customized checker by extending PKIXRevocationChecker, the impl of check() may need to access the CRLs in the cert store specified by CertPathParameters. I was wondering we may need to add a new method to have the checker know the CertPathParameters. CertPathChecker.check(Certificate, CertPathParameters) B. Can I extend a PKIXRevocationChecker (another aspect)? In the implementation of PKIXCertPathValidator, when the revocation checker in CertPathParameters is instance of *PKIXRevocationChecker*, the checker will be cast to RevocationChecker, and the default revocation checking mechanisms will not be used any more. if (checker instanceof PKIXRevocationChecker) { // initialize it ((RevocationChecker)checker).init(anchor, params); revCheckerAdded = true; } In the implementation of SunCertPathBuilder, when the revocation checker in CertPathParameters is instance of *RevocationChecker*, the checker will be used to replace of the default revocation checking mechanisms. if (ckr instanceof RevocationChecker) { // initialize it ((RevocationChecker)ckr).init(builder.trustAnchor, buildParams); revCheckerAdded = true; } I don't see the reason why one checks the instance of PKIXRevocationChecker, while another one of RevocationChecker. Maybe a typo. I think the user may extend PKIXRevocationChecker as: public class MyPKIXRevocationChecker extends PKIXRevocationChecker { ... } I think there may be two problems here. The 1st one is that the object of the extended class cannot be cast to RevocationChecker. The 2nd problem is the question whether the extended checker should override the default revocation checking mechanisms, or not. C. PKIXRevocationChecker.java //@@@ FIXME need to deep-copy the extensions I think you may want to fix it before integration the code. That's my comment on specification. I may look into the implementation update next Monday. Thanks, Xuelei From stuart.marks at oracle.com Thu May 24 19:28:41 2012 From: stuart.marks at oracle.com (stuart.marks at oracle.com) Date: Fri, 25 May 2012 02:28:41 +0000 Subject: hg: jdk8/tl/jdk: 7117230: clean up warnings in java.text Message-ID: <20120525022852.9EB87474E4@hg.openjdk.java.net> Changeset: e309917fb9af Author: dbhole Date: 2012-05-24 19:00 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e309917fb9af 7117230: clean up warnings in java.text Reviewed-by: jrose, smarks ! src/share/classes/java/text/AttributedCharacterIterator.java ! src/share/classes/java/text/AttributedString.java ! src/share/classes/java/text/BreakDictionary.java ! src/share/classes/java/text/BreakIterator.java ! src/share/classes/java/text/CharacterIteratorFieldDelegate.java ! src/share/classes/java/text/ChoiceFormat.java ! src/share/classes/java/text/CollationElementIterator.java ! src/share/classes/java/text/DateFormat.java ! src/share/classes/java/text/DecimalFormat.java ! src/share/classes/java/text/DictionaryBasedBreakIterator.java ! src/share/classes/java/text/MergeCollation.java ! src/share/classes/java/text/MessageFormat.java ! src/share/classes/java/text/NumberFormat.java ! src/share/classes/java/text/ParseException.java ! src/share/classes/java/text/RBCollationTables.java ! src/share/classes/java/text/RBTableBuilder.java ! src/share/classes/java/text/RuleBasedBreakIterator.java From littlee at linux.vnet.ibm.com Thu May 24 22:31:53 2012 From: littlee at linux.vnet.ibm.com (littlee at linux.vnet.ibm.com) Date: Fri, 25 May 2012 05:31:53 +0000 Subject: hg: jdk8/tl/jdk: 7094176: (tz) Incorrect TimeZone display name when DST not applicable / disabled Message-ID: <20120525053212.D046D47505@hg.openjdk.java.net> Changeset: 71cf74329a9e Author: youdwei Date: 2012-05-25 13:28 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/71cf74329a9e 7094176: (tz) Incorrect TimeZone display name when DST not applicable / disabled Reviewed-by: okutsu ! src/windows/native/java/util/TimeZone_md.c + test/java/util/TimeZone/DstTzTest.java From littlee at linux.vnet.ibm.com Thu May 24 23:34:09 2012 From: littlee at linux.vnet.ibm.com (littlee at linux.vnet.ibm.com) Date: Fri, 25 May 2012 06:34:09 +0000 Subject: hg: jdk8/tl/jdk: 7171028: dots are missed in the datetime for Slovanian Message-ID: <20120525063429.F2FEF47507@hg.openjdk.java.net> Changeset: 85696e57d447 Author: youdwei Date: 2012-05-25 14:32 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/85696e57d447 7171028: dots are missed in the datetime for Slovanian Reviewed-by: yhuang ! src/share/classes/sun/text/resources/FormatData_sl.java ! test/sun/text/resources/LocaleData ! test/sun/text/resources/LocaleDataTest.java From nils.loodin at oracle.com Fri May 25 05:57:17 2012 From: nils.loodin at oracle.com (nils.loodin at oracle.com) Date: Fri, 25 May 2012 12:57:17 +0000 Subject: hg: jdk8/tl/jdk: 7017818: NLS: JConsoleResources.java cannot be handled by translation team Message-ID: <20120525125738.14B7647513@hg.openjdk.java.net> Changeset: 1def6b6bfbd9 Author: egahlin Date: 2012-05-25 12:24 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1def6b6bfbd9 7017818: NLS: JConsoleResources.java cannot be handled by translation team Reviewed-by: mchung, mfang ! make/netbeans/jconsole/build.xml ! make/sun/jconsole/FILES.gmk ! make/sun/jconsole/Makefile ! src/share/classes/sun/tools/jconsole/AboutDialog.java ! src/share/classes/sun/tools/jconsole/BorderedComponent.java ! src/share/classes/sun/tools/jconsole/ClassTab.java ! src/share/classes/sun/tools/jconsole/ConnectDialog.java ! src/share/classes/sun/tools/jconsole/CreateMBeanDialog.java ! src/share/classes/sun/tools/jconsole/Formatter.java ! src/share/classes/sun/tools/jconsole/HTMLPane.java ! src/share/classes/sun/tools/jconsole/InternalDialog.java ! src/share/classes/sun/tools/jconsole/JConsole.java ! src/share/classes/sun/tools/jconsole/LabeledComponent.java ! src/share/classes/sun/tools/jconsole/LocalVirtualMachine.java ! src/share/classes/sun/tools/jconsole/MBeansTab.java ! src/share/classes/sun/tools/jconsole/MaximizableInternalFrame.java ! src/share/classes/sun/tools/jconsole/MemoryPoolProxy.java ! src/share/classes/sun/tools/jconsole/MemoryPoolStat.java ! src/share/classes/sun/tools/jconsole/MemoryTab.java + src/share/classes/sun/tools/jconsole/Messages.java ! src/share/classes/sun/tools/jconsole/OverviewPanel.java ! src/share/classes/sun/tools/jconsole/OverviewTab.java ! src/share/classes/sun/tools/jconsole/Plotter.java ! src/share/classes/sun/tools/jconsole/PlotterPanel.java ! src/share/classes/sun/tools/jconsole/ProxyClient.java ! src/share/classes/sun/tools/jconsole/Resources.java ! src/share/classes/sun/tools/jconsole/SummaryTab.java ! src/share/classes/sun/tools/jconsole/Tab.java ! src/share/classes/sun/tools/jconsole/ThreadTab.java ! src/share/classes/sun/tools/jconsole/VMInternalFrame.java ! src/share/classes/sun/tools/jconsole/VMPanel.java ! src/share/classes/sun/tools/jconsole/VariableGridLayout.java ! src/share/classes/sun/tools/jconsole/Version.java.template ! src/share/classes/sun/tools/jconsole/inspector/OperationEntry.java ! src/share/classes/sun/tools/jconsole/inspector/TableSorter.java ! src/share/classes/sun/tools/jconsole/inspector/ThreadDialog.java ! src/share/classes/sun/tools/jconsole/inspector/Utils.java ! src/share/classes/sun/tools/jconsole/inspector/XArrayDataViewer.java ! src/share/classes/sun/tools/jconsole/inspector/XDataViewer.java ! src/share/classes/sun/tools/jconsole/inspector/XMBeanAttributes.java ! src/share/classes/sun/tools/jconsole/inspector/XMBeanInfo.java ! src/share/classes/sun/tools/jconsole/inspector/XMBeanNotifications.java ! src/share/classes/sun/tools/jconsole/inspector/XObject.java ! src/share/classes/sun/tools/jconsole/inspector/XOpenTypeViewer.java ! src/share/classes/sun/tools/jconsole/inspector/XOperations.java ! src/share/classes/sun/tools/jconsole/inspector/XPlotter.java ! src/share/classes/sun/tools/jconsole/inspector/XPlottingViewer.java ! src/share/classes/sun/tools/jconsole/inspector/XSheet.java ! src/share/classes/sun/tools/jconsole/inspector/XTable.java ! src/share/classes/sun/tools/jconsole/inspector/XTextField.java ! src/share/classes/sun/tools/jconsole/inspector/XTree.java ! src/share/classes/sun/tools/jconsole/inspector/XTreeRenderer.java - src/share/classes/sun/tools/jconsole/resources/JConsoleResources.java - src/share/classes/sun/tools/jconsole/resources/JConsoleResources_ja.java - src/share/classes/sun/tools/jconsole/resources/JConsoleResources_zh_CN.java + src/share/classes/sun/tools/jconsole/resources/messages.properties + src/share/classes/sun/tools/jconsole/resources/messages_ja.properties + src/share/classes/sun/tools/jconsole/resources/messages_zh_CN.properties From alan.bateman at oracle.com Fri May 25 06:56:22 2012 From: alan.bateman at oracle.com (alan.bateman at oracle.com) Date: Fri, 25 May 2012 13:56:22 +0000 Subject: hg: jdk8/tl/jdk: 7171474: Incorrect @see tags in java.lang.NumberFormatException javadoc Message-ID: <20120525135643.C02C047518@hg.openjdk.java.net> Changeset: f92325f12654 Author: jgish Date: 2012-05-24 11:11 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f92325f12654 7171474: Incorrect @see tags in java.lang.NumberFormatException javadoc Summary: update javadoc for NumberFormatException Reviewed-by: alanb ! src/share/classes/java/lang/NumberFormatException.java From sean.mullan at oracle.com Fri May 25 10:11:17 2012 From: sean.mullan at oracle.com (Sean Mullan) Date: Fri, 25 May 2012 13:11:17 -0400 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: <4FBEDAE8.5060203@oracle.com> References: <4FBBBA1F.1090605@oracle.com> <4FBC8008.4000408@oracle.com> <4FBD39CA.6060205@oracle.com> <4FBEDAE8.5060203@oracle.com> Message-ID: <4FBFBD35.2070600@oracle.com> On 5/24/12 9:05 PM, Xuelei Fan wrote: > On 5/24/2012 3:26 AM, Sean Mullan wrote: >>> I will try to look into other update tomorrow. > A. Can I extend a PKIXRevocationChecker? > Both the cert path builder and validator depends on CertPathParameters. > CertPathBuilder.build(CertPathParameters params) > CertPathValidator.validate(CertPath, CertPathParameters params) > > However, the checker is independent from CertPathParameters. The > check method only has one parameter, the certificate to be checked. > CertPathChecker.check(Certificate) > > When I want to implement a customized checker by extending > PKIXRevocationChecker, the impl of check() may need to access the CRLs > in the cert store specified by CertPathParameters. I was wondering we > may need to add a new method to have the checker know the > CertPathParameters. > CertPathChecker.check(Certificate, CertPathParameters) Right. I see your point. A custom RevocationChecker should ideally have access to the CertStores in the CertPathParameters that may contain CRLs. As a workaround, if you are creating a custom checker that requires additional parameters, these can be specified as parameters of the constructor, ex: MyPKIXRevocationChecker extends PKIXRevocationChecker { MyPKIXRevocationChecker(CertStore crlStore) ... } I actually think that is an acceptable workaround. But I will think about this some more. Instead of your suggestion, I would consider adding an overloaded init method that takes a CertPathParameters object. So, something like: void init(boolean forward, CertPathParameters params) ... > B. Can I extend a PKIXRevocationChecker (another aspect)? > > In the implementation of PKIXCertPathValidator, when the revocation > checker in CertPathParameters is instance of *PKIXRevocationChecker*, > the checker will be cast to RevocationChecker, and the default > revocation checking mechanisms will not be used any more. > > if (checker instanceof PKIXRevocationChecker) { > // initialize it > ((RevocationChecker)checker).init(anchor, params); > revCheckerAdded = true; > } > > In the implementation of SunCertPathBuilder, when the revocation > checker in CertPathParameters is instance of *RevocationChecker*, the > checker will be used to replace of the default revocation checking > mechanisms. > > if (ckr instanceof RevocationChecker) { > // initialize it > ((RevocationChecker)ckr).init(builder.trustAnchor, buildParams); > revCheckerAdded = true; > } > > I don't see the reason why one checks the instance of > PKIXRevocationChecker, while another one of RevocationChecker. Maybe a typo. > > I think the user may extend PKIXRevocationChecker as: > public class MyPKIXRevocationChecker extends PKIXRevocationChecker { > ... > } > > I think there may be two problems here. The 1st one is that the > object of the extended class cannot be cast to RevocationChecker. The > 2nd problem is the question whether the extended checker should override > the default revocation checking mechanisms, or not. It should. This is related to your prior email where I said that if you add a PKIXRevocationChecker it should override the default checker and be used, regardless of the PKIXParameters.isRevocationEnabled value. The code has a bug and is a good catch on your part. The code should be (for both Builder and Validator): if (checker instanceof PKIXRevocationChecker) { revCheckerAdded = true; // if it's our own, initialize it if (checker instanceof RevocationChecker) ((RevocationChecker)checker).init(anchor, params); } > C. PKIXRevocationChecker.java > //@@@ FIXME need to deep-copy the extensions > I think you may want to fix it before integration the code. Yes, will fix. > That's my comment on specification. I may look into the implementation > update next Monday. Thanks, great comments. --Sean From daniel.daugherty at oracle.com Fri May 25 10:38:51 2012 From: daniel.daugherty at oracle.com (daniel.daugherty at oracle.com) Date: Fri, 25 May 2012 17:38:51 +0000 Subject: hg: jdk8/tl/jdk: 7170449: Management is completely broken at least on Solaris 11 X86 Message-ID: <20120525173901.EA8F14751F@hg.openjdk.java.net> Changeset: 82134992123c Author: dcubed Date: 2012-05-25 08:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/82134992123c 7170449: Management is completely broken at least on Solaris 11 X86 Summary: Work around 'gobjcopy' failures on Solaris by adding temporary tools to add the '.gnu_debuglink' section and remove the SHF_ALLOC flag from "empty" section headers. Reviewed-by: sspitsyn, acorn ! make/common/Defs-solaris.gmk ! make/common/Defs.gmk ! make/common/Library.gmk ! make/common/Program.gmk ! make/tools/Makefile + make/tools/add_gnu_debuglink/Makefile + make/tools/add_gnu_debuglink/add_gnu_debuglink.c + make/tools/fix_empty_sec_hdr_flags/Makefile + make/tools/fix_empty_sec_hdr_flags/fix_empty_sec_hdr_flags.c From lana.steuck at oracle.com Fri May 25 19:13:27 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Sat, 26 May 2012 02:13:27 +0000 Subject: hg: jdk8/tl: 5 new changesets Message-ID: <20120526021328.54F6347537@hg.openjdk.java.net> Changeset: 955a3e8ed4f0 Author: ohair Date: 2012-05-10 08:26 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/955a3e8ed4f0 7167593: Changed get_source.sh to allow for getting full oracle jdk repo forest Reviewed-by: erikj, asaha, chegar, sla, dholmes, mbykov, coleenp ! get_source.sh ! make/scripts/hgforest.sh Changeset: 8a4e92c10a9a Author: ohair Date: 2012-05-11 17:52 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/8a4e92c10a9a 7167976: Fix broken get_source.sh script Reviewed-by: tbell ! make/scripts/hgforest.sh Changeset: 8927dd68aee3 Author: katleman Date: 2012-05-16 22:06 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/8927dd68aee3 Merge Changeset: a2b2d435f1d2 Author: katleman Date: 2012-05-17 06:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/a2b2d435f1d2 Added tag jdk8-b39 for changeset 8927dd68aee3 ! .hgtags Changeset: 1a8c7c530f8a Author: katleman Date: 2012-05-24 16:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/rev/1a8c7c530f8a Added tag jdk8-b40 for changeset a2b2d435f1d2 ! .hgtags From lana.steuck at oracle.com Fri May 25 19:13:25 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Sat, 26 May 2012 02:13:25 +0000 Subject: hg: jdk8/tl/corba: 2 new changesets Message-ID: <20120526021328.2A6F647536@hg.openjdk.java.net> Changeset: 56d030e5035f Author: katleman Date: 2012-05-17 06:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/56d030e5035f Added tag jdk8-b39 for changeset 785af00e2827 ! .hgtags Changeset: 113f0d5f0a08 Author: katleman Date: 2012-05-24 16:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/corba/rev/113f0d5f0a08 Added tag jdk8-b40 for changeset 56d030e5035f ! .hgtags From lana.steuck at oracle.com Fri May 25 19:13:28 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Sat, 26 May 2012 02:13:28 +0000 Subject: hg: jdk8/tl/jaxws: 2 new changesets Message-ID: <20120526021336.2978F47538@hg.openjdk.java.net> Changeset: 09a0ddda03cb Author: katleman Date: 2012-05-17 06:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/09a0ddda03cb Added tag jdk8-b39 for changeset 7f6b44fd3034 ! .hgtags Changeset: f2072b164b05 Author: katleman Date: 2012-05-24 16:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxws/rev/f2072b164b05 Added tag jdk8-b40 for changeset 09a0ddda03cb ! .hgtags From lana.steuck at oracle.com Fri May 25 19:13:39 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Sat, 26 May 2012 02:13:39 +0000 Subject: hg: jdk8/tl/jaxp: 2 new changesets Message-ID: <20120526021344.6E9DA47539@hg.openjdk.java.net> Changeset: 9ecfdbd6aed4 Author: katleman Date: 2012-05-17 06:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/9ecfdbd6aed4 Added tag jdk8-b39 for changeset f95fdbe525c8 ! .hgtags Changeset: 6f5c0e17415d Author: katleman Date: 2012-05-24 16:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jaxp/rev/6f5c0e17415d Added tag jdk8-b40 for changeset 9ecfdbd6aed4 ! .hgtags From lana.steuck at oracle.com Fri May 25 19:13:39 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Sat, 26 May 2012 02:13:39 +0000 Subject: hg: jdk8/tl/langtools: 4 new changesets Message-ID: <20120526021348.100DA4753A@hg.openjdk.java.net> Changeset: 8b869afd2eb4 Author: katleman Date: 2012-05-17 06:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/8b869afd2eb4 Added tag jdk8-b39 for changeset a9f547c218d9 ! .hgtags Changeset: 86e0dad6aadf Author: lana Date: 2012-05-21 11:44 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/86e0dad6aadf Merge Changeset: 179fa85aeefa Author: katleman Date: 2012-05-24 16:16 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/179fa85aeefa Added tag jdk8-b40 for changeset 86e0dad6aadf ! .hgtags Changeset: f43aded513e7 Author: lana Date: 2012-05-25 16:32 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/f43aded513e7 Merge From lana.steuck at oracle.com Fri May 25 19:13:35 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Sat, 26 May 2012 02:13:35 +0000 Subject: hg: jdk8/tl/hotspot: 32 new changesets Message-ID: <20120526021441.28B774753B@hg.openjdk.java.net> Changeset: 36538fd1225e Author: amurillo Date: 2012-05-04 15:26 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/36538fd1225e 7166615: new hotspot build - hs24-b10 Reviewed-by: jcoomes ! make/hotspot_version Changeset: 8bafad97cd26 Author: jiangli Date: 2012-05-02 13:21 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/8bafad97cd26 7158552: The instanceKlsss::_host_klass is only needed for anonymous class for JSR 292 support. Summary: Change the _host_klass to be conditionally created embedded instanceKlass field. Reviewed-by: jrose, coleenp, dholmes ! src/share/vm/classfile/classFileParser.cpp ! src/share/vm/memory/oopFactory.cpp ! src/share/vm/memory/oopFactory.hpp ! src/share/vm/oops/instanceKlass.cpp ! src/share/vm/oops/instanceKlass.hpp ! src/share/vm/oops/instanceKlassKlass.cpp ! src/share/vm/oops/instanceKlassKlass.hpp Changeset: 38b4116b6766 Author: jprovino Date: 2012-05-05 10:24 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/38b4116b6766 Merge Changeset: c7ed11779ce8 Author: jiangli Date: 2012-04-10 09:31 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/c7ed11779ce8 7159772: instanceKlass::all_fields_count() returns incorrect total field count Summary: Fix instanceKlass::all_fields_count() bug. Reviewed-by: kvn, never Contributed-by: Jiangli Zhou ! src/share/vm/oops/instanceKlass.hpp Changeset: 3576af4cb939 Author: iveresov Date: 2012-04-11 19:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/3576af4cb939 7160539: JDeveloper crashes on 64-bit Windows Summary: x64 C1 needs to zero upper 32bits when doing l2i conversion Reviewed-by: never, kvn ! src/cpu/x86/vm/c1_LIRAssembler_x86.cpp Changeset: 847da049d62f Author: never Date: 2012-04-17 11:04 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/847da049d62f 7162094: LateInlineCallGenerator::do_late_inline crashed on uninitialized _call_node Reviewed-by: never, twisti Contributed-by: nils.eliasson at oracle.com ! src/share/vm/opto/callGenerator.cpp Changeset: df3d4a91f7f6 Author: never Date: 2012-04-18 16:08 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/df3d4a91f7f6 7161796: PhaseStringOpts::fetch_static_field tries to fetch field from the Klass instead of the mirror Reviewed-by: twisti ! src/share/vm/opto/stringopts.cpp Changeset: ec15e8f6e4f1 Author: twisti Date: 2012-04-24 12:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ec15e8f6e4f1 7157695: Add windows implementation of socket interface Reviewed-by: kvn, dholmes, twisti Contributed-by: Nils Eliasson ! src/os/windows/vm/jvm_windows.h ! src/os/windows/vm/os_windows.cpp Changeset: dc682d9431f3 Author: kvn Date: 2012-05-07 12:37 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/dc682d9431f3 7160610: Unknown Native Code compilation issue Summary: When constructing input vector use type of vector's operation which use it since element's sizes should match. Reviewed-by: never, twisti ! src/share/vm/opto/superword.cpp + test/compiler/7160610/Test7160610.java Changeset: 3a97daec1b34 Author: kvn Date: 2012-05-08 15:47 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/3a97daec1b34 7167266: missing copyright notes in 3rd party code Summary: add missing copyright notes to the regression test file. Reviewed-by: twisti, johnc ! test/compiler/7070134/Stemmer.java Changeset: 2766551175a0 Author: kvn Date: 2012-05-09 10:54 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/2766551175a0 Merge ! src/share/vm/oops/instanceKlass.hpp Changeset: a05a695ea044 Author: stefank Date: 2012-05-10 11:27 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/a05a695ea044 7167437: Can't build on linux without precompiled headers Reviewed-by: brutisso, mgerdin ! src/share/vm/memory/space.hpp ! src/share/vm/memory/space.inline.hpp Changeset: f47478089efc Author: brutisso Date: 2012-05-10 14:16 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/f47478089efc 7167069: 6 VM flags crash the VM when queried via jinfo Summary: Added missing double format to Flag::print_as_flag() Reviewed-by: dholmes, stefank, coleenp ! src/share/vm/runtime/globals.cpp + test/runtime/7167069/PrintAsFlag.java Changeset: 5799726c54d7 Author: jcoomes Date: 2012-05-11 06:37 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/5799726c54d7 Merge Changeset: 73147e6c4881 Author: amurillo Date: 2012-05-11 14:47 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/73147e6c4881 Merge Changeset: 96a403721094 Author: amurillo Date: 2012-05-11 14:47 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/96a403721094 Added tag hs24-b10 for changeset 73147e6c4881 ! .hgtags Changeset: 26423ef693ac Author: katleman Date: 2012-05-17 06:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/26423ef693ac Added tag jdk8-b39 for changeset 96a403721094 ! .hgtags Changeset: 56d1af561395 Author: amurillo Date: 2012-05-11 14:54 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/56d1af561395 7168247: new hotspot build - hs24-b11 Reviewed-by: jcoomes ! make/hotspot_version Changeset: 35e504cb49a6 Author: collins Date: 2012-05-11 11:30 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/35e504cb49a6 7167625: Adjustments for SE-Embedded build process Summary: Simple change to the SE-Embedded build rules that should not affect any other OpenJDK users. Reviewed-by: kvn, dholmes ! make/linux/makefiles/vm.make ! src/share/vm/runtime/arguments.cpp Changeset: fada85d11d92 Author: jprovino Date: 2012-05-16 13:33 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/fada85d11d92 Merge Changeset: 8f972594effc Author: kvn Date: 2012-05-14 09:36 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/8f972594effc 6924259: Remove String.count/String.offset Summary: Allow a version of String class that doesn't have count and offset fields. Reviewed-by: never, coleenp ! src/cpu/sparc/vm/c1_LIRAssembler_sparc.cpp ! src/cpu/x86/vm/c1_LIRAssembler_x86.cpp ! src/share/vm/classfile/javaClasses.cpp ! src/share/vm/classfile/javaClasses.hpp ! src/share/vm/classfile/systemDictionary.cpp ! src/share/vm/classfile/vmSymbols.hpp ! src/share/vm/memory/dump.cpp ! src/share/vm/opto/graphKit.cpp ! src/share/vm/opto/graphKit.hpp ! src/share/vm/opto/library_call.cpp ! src/share/vm/opto/stringopts.cpp ! src/share/vm/opto/stringopts.hpp Changeset: de0cc3dd9f10 Author: kvn Date: 2012-05-17 09:50 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/de0cc3dd9f10 Merge Changeset: 3a22b77e755a Author: brutisso Date: 2012-05-14 17:32 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/3a22b77e755a 7161545: G1: Minor cleanups to the G1 logging Summary: Rename "to-space-overflow" to "to-space-exhausted", Introduce one decimal point in the size format, Add Sum to the aggregate and re-order the entries, Add number of GC workers to the log output Reviewed-by: johnc, jwilhelm ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.hpp ! src/share/vm/utilities/globalDefinitions.hpp Changeset: 78a1b285cda8 Author: mikael Date: 2012-05-15 00:56 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/78a1b285cda8 7158457: division by zero in adaptiveweightedaverage Summary: Add ceiling to AdaptiveWeightedAverage Reviewed-by: ysr, iveresov ! src/share/vm/gc_implementation/shared/gcUtil.cpp ! src/share/vm/gc_implementation/shared/gcUtil.hpp Changeset: 33e366609904 Author: johnc Date: 2012-05-14 21:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/33e366609904 Merge Changeset: 1096fc5a52eb Author: johnc Date: 2012-05-15 09:49 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/1096fc5a52eb 7168294: G1: Some Full GCs incorrectly report GC cause as "No GC" Summary: GC cause was not being set by the VM_G1CollectForAllocation VM operation. Reviewed-by: jmasa, ysr, brutisso ! src/share/vm/gc_implementation/g1/vm_operations_g1.cpp Changeset: cdfa5139bd58 Author: brutisso Date: 2012-05-15 22:26 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/cdfa5139bd58 7169056: Add gigabyte unit to proper_unit_for_byte_size() and byte_size_in_proper_unit() Reviewed-by: jwilhelm, johnc, dholmes ! src/share/vm/utilities/globalDefinitions.hpp Changeset: 9d679effd28c Author: brutisso Date: 2012-05-15 10:25 +0200 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/9d679effd28c 7166894: Add gc cause to GC logging for all collectors Reviewed-by: mgerdin, johnc ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ! src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp ! src/share/vm/gc_implementation/concurrentMarkSweep/vmCMSOperations.cpp ! src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ! src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp ! src/share/vm/gc_implementation/parNew/parNewGeneration.cpp ! src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.cpp ! src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp ! src/share/vm/gc_implementation/parallelScavenge/psScavenge.cpp ! src/share/vm/gc_interface/gcCause.hpp ! src/share/vm/memory/defNewGeneration.cpp ! src/share/vm/memory/genCollectedHeap.cpp ! src/share/vm/memory/genMarkSweep.cpp ! src/share/vm/runtime/arguments.cpp ! src/share/vm/runtime/globals.hpp ! src/share/vm/runtime/java.hpp Changeset: cdeda3fd141e Author: jcoomes Date: 2012-05-18 10:27 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/cdeda3fd141e Merge ! src/share/vm/runtime/arguments.cpp Changeset: 14b0e07ab9a6 Author: amurillo Date: 2012-05-18 14:50 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/14b0e07ab9a6 Merge Changeset: ff9decc8235d Author: amurillo Date: 2012-05-18 14:50 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/ff9decc8235d Added tag hs24-b11 for changeset 14b0e07ab9a6 ! .hgtags Changeset: 48064e53e997 Author: katleman Date: 2012-05-24 16:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/hotspot/rev/48064e53e997 Added tag jdk8-b40 for changeset ff9decc8235d ! .hgtags From lana.steuck at oracle.com Fri May 25 19:14:31 2012 From: lana.steuck at oracle.com (lana.steuck at oracle.com) Date: Sat, 26 May 2012 02:14:31 +0000 Subject: hg: jdk8/tl/jdk: 39 new changesets Message-ID: <20120526022105.9185D4753C@hg.openjdk.java.net> Changeset: c2d9166f3284 Author: ihse Date: 2012-05-11 08:21 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c2d9166f3284 7168208: Change use of @ in one sed command involving paths to different character Reviewed-by: ohair ! make/common/Release.gmk Changeset: 8d665b69ebf1 Author: mfang Date: 2012-05-15 11:46 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8d665b69ebf1 7157855: jvisualvm.1 not included in binaries Reviewed-by: katleman, thurka ! make/common/Release.gmk Changeset: b6f529117521 Author: katleman Date: 2012-05-16 22:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b6f529117521 Merge Changeset: 47cd90bf0f66 Author: katleman Date: 2012-05-17 06:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/47cd90bf0f66 Added tag jdk8-b39 for changeset b6f529117521 ! .hgtags Changeset: 7c4eed4b6c19 Author: bae Date: 2012-05-21 14:04 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7c4eed4b6c19 7124400: [macosx] CGraphicsDevice.getConfigurations() returns reference to member (does not copy configs) Reviewed-by: anthony, kizune ! src/macosx/classes/sun/awt/CGraphicsDevice.java ! test/java/awt/GraphicsDevice/CloneConfigsTest.java Changeset: 416b3a498e71 Author: bae Date: 2012-05-21 14:53 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/416b3a498e71 7154088: [macosx] Regression: Component.createImage do not inherits component attributes Reviewed-by: art, kizune ! src/macosx/classes/sun/lwawt/LWComponentPeer.java Changeset: 1b90a0113359 Author: lana Date: 2012-05-21 11:20 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1b90a0113359 Merge Changeset: c31eeeda3ed1 Author: serb Date: 2012-05-03 18:29 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c31eeeda3ed1 7160623: [macosx] Editable TextArea/TextField are blocking GUI applications from exit Reviewed-by: anthony, art ! src/macosx/classes/sun/lwawt/LWComponentPeer.java ! src/macosx/classes/sun/lwawt/LWTextComponentPeer.java Changeset: a420895ee2c3 Author: leonidr Date: 2012-05-03 19:22 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a420895ee2c3 7124376: [macosx] Modal dialog lost focus Reviewed-by: anthony ! src/macosx/classes/sun/lwawt/LWWindowPeer.java ! src/macosx/classes/sun/lwawt/PlatformWindow.java ! src/macosx/classes/sun/lwawt/macosx/CPlatformEmbeddedFrame.java ! src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java ! src/macosx/native/sun/awt/AWTView.m ! src/macosx/native/sun/awt/AWTWindow.h ! src/macosx/native/sun/awt/AWTWindow.m Changeset: 95c8b63a3c47 Author: kizune Date: 2012-05-03 21:54 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/95c8b63a3c47 7148289: [macosx] Deadlock in sun.lwawt.macosx.CWrapper$NSScreen.visibleFrame Reviewed-by: leonidr ! src/macosx/classes/sun/lwawt/macosx/CToolkitThreadBlockedHandler.java ! src/macosx/classes/sun/lwawt/macosx/LWCToolkit.java ! src/macosx/native/sun/awt/LWCToolkit.m Changeset: a714e2e2b257 Author: alexsch Date: 2012-05-04 13:15 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a714e2e2b257 7024963: Notepad demo: remove non-translatable resources from Notepad.properties file Reviewed-by: rupashka ! src/share/demo/jfc/Notepad/Notepad.java ! src/share/demo/jfc/Notepad/resources/Notepad.properties + src/share/demo/jfc/Notepad/resources/system.properties Changeset: 4cc873e28c78 Author: bagiras Date: 2012-05-04 18:42 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4cc873e28c78 7146237: closed/java/awt/Focus/SetFocusTraversalKeysTest/SetFocusTraversalTest.html failed since 1.8.0b19 Reviewed-by: art, anthony ! src/share/classes/java/awt/Component.java ! src/share/classes/java/awt/Container.java ! src/share/classes/java/awt/KeyboardFocusManager.java ! src/share/classes/javax/swing/JComponent.java Changeset: 0feee4541f67 Author: serb Date: 2012-05-04 21:25 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0feee4541f67 7147055: [macosx] Cursors are changing over a blocked window; also blinking Reviewed-by: art, kizune ! src/macosx/classes/sun/lwawt/LWCursorManager.java Changeset: 912e666b4e1d Author: serb Date: 2012-05-10 20:05 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/912e666b4e1d 7080109: Dialog.show() lacks doPrivileged() to access system event queue Reviewed-by: art, anthony ! src/share/classes/java/awt/Dialog.java + test/java/awt/Dialog/ModalDialogPermission/ModalDialogPermission.java + test/java/awt/Dialog/ModalDialogPermission/java.policy Changeset: 18842bb6676a Author: lana Date: 2012-05-10 11:47 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/18842bb6676a Merge - src/macosx/bin/amd64/jvm.cfg - src/share/classes/sun/security/action/LoadLibraryAction.java - test/tools/pack200/dyn.jar - test/tools/pack200/pack200-verifier/src/xmlkit/ClassSyntax.java - test/tools/pack200/pack200-verifier/src/xmlkit/ClassWriter.java - test/tools/pack200/pack200-verifier/src/xmlkit/InstructionAssembler.java - test/tools/pack200/pack200-verifier/src/xmlkit/InstructionSyntax.java Changeset: 4f39a13e74c6 Author: anthony Date: 2012-05-11 16:11 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4f39a13e74c6 7166437: [macosx] Support for Window.Type.UTILITY on the Mac Summary: Apply the native UTILITY style for UTILITY Java windows Reviewed-by: art ! src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java Changeset: 689c0cd214e8 Author: anthony Date: 2012-05-11 20:37 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/689c0cd214e8 7149062: [macosx] dock menu don't show available frames Summary: Inherit from either NSWindow for normal windows or NSPanel for utility windows Reviewed-by: skovatch, swingler ! src/macosx/native/sun/awt/AWTView.m ! src/macosx/native/sun/awt/AWTWindow.h ! src/macosx/native/sun/awt/AWTWindow.m Changeset: 3b8635e357e9 Author: alexsch Date: 2012-05-12 12:01 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3b8635e357e9 7024965: Stylepad demo: remove non-translatable resources from Stylepad.properties file Reviewed-by: alexp ! src/share/demo/jfc/Notepad/Notepad.java + src/share/demo/jfc/Notepad/resources/NotepadSystem.properties - src/share/demo/jfc/Notepad/resources/system.properties Changeset: cc8d1cc533bf Author: alexp Date: 2012-05-12 17:46 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cc8d1cc533bf 7149005: [macosx] Java Control Panel's UI controls are distorted when draging scroll bar. Reviewed-by: serb ! src/macosx/classes/com/apple/laf/AquaButtonLabeledUI.java Changeset: 69301efaac91 Author: ant Date: 2012-05-12 18:50 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/69301efaac91 7110683: Issues with some KeyboardFocusManager method Reviewed-by: ahgross ! src/share/classes/java/awt/Component.java ! src/share/classes/java/awt/DefaultKeyboardFocusManager.java ! src/share/classes/java/awt/KeyboardFocusManager.java ! src/share/classes/java/awt/Window.java Changeset: 28ec5b811aa2 Author: dcherepanov Date: 2012-05-15 15:04 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/28ec5b811aa2 7168550: [macosx] duplicate OGL context state changes related to vertex cache Reviewed-by: bae, swingler ! src/macosx/native/sun/java2d/opengl/CGLSurfaceData.m ! src/share/native/sun/java2d/opengl/OGLContext.h ! src/share/native/sun/java2d/opengl/OGLTextRenderer.c ! src/share/native/sun/java2d/opengl/OGLVertexCache.c ! src/share/native/sun/java2d/opengl/OGLVertexCache.h Changeset: cad0bb1a9bdb Author: dcherepanov Date: 2012-05-16 13:15 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cad0bb1a9bdb 7124337: [macosx] FileDialog fails to select multiple files Reviewed-by: anthony, swingler ! src/macosx/classes/sun/lwawt/macosx/CFileDialog.java ! src/macosx/native/sun/awt/CFileDialog.h ! src/macosx/native/sun/awt/CFileDialog.m ! src/share/classes/java/awt/FileDialog.java ! src/share/classes/sun/awt/AWTAccessor.java ! src/solaris/classes/sun/awt/X11/GtkFileDialogPeer.java ! src/solaris/classes/sun/awt/X11/XFileDialogPeer.java ! src/windows/classes/sun/awt/windows/WFileDialogPeer.java Changeset: 7c0b390ab5f9 Author: anthony Date: 2012-05-16 14:28 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7c0b390ab5f9 7168851: [macosx] Netbeans crashes in CImage.nativeCreateNSImageFromArray Summary: Eliminate unnecessary -release call Reviewed-by: dcherepanov ! src/macosx/native/sun/awt/CImage.m Changeset: 3c819d638e36 Author: alexsch Date: 2012-05-16 16:27 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3c819d638e36 7169226: NLS: Please change the mnemonic assignment system for windows and motif properties Reviewed-by: rupashka ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_de.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_es.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_fr.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_it.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_ja.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_ko.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_pt_BR.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_sv.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_zh_CN.properties ! src/share/classes/com/sun/java/swing/plaf/motif/resources/motif_zh_TW.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_de.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_es.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_fr.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_it.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_ja.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_ko.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_pt_BR.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_sv.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_zh_CN.properties ! src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_zh_TW.properties Changeset: 19edcc438203 Author: alexsch Date: 2012-05-16 18:11 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/19edcc438203 7158928: [macosx] NLS: Please change the mnemonic assignment system Reviewed-by: rupashka, serb ! make/com/apple/osxui/Makefile ! make/common/internal/Resources.gmk ! src/macosx/classes/com/apple/laf/AquaLookAndFeel.java ! src/macosx/classes/com/apple/laf/resources/aqua.properties Changeset: 731ee59c6ba2 Author: alexsch Date: 2012-05-17 14:27 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/731ee59c6ba2 7148281: [macosx] JTabbedPane tabs with HTML text do not render correctly Reviewed-by: kizune ! src/macosx/classes/com/apple/laf/AquaTabbedPaneUI.java Changeset: f9217bd87199 Author: rupashka Date: 2012-05-17 15:41 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f9217bd87199 7166322: closed/javax/swing/text/html/HTMLEditorKit/4242228/bug4242228.java failed since 1.8.0b36 Reviewed-by: alexsch + test/javax/swing/text/html/HTMLEditorKit/4242228/bug4242228.java Changeset: c00d6508afce Author: ant Date: 2012-05-17 21:27 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c00d6508afce 7142565: [macosx] Many special keys processed twice in text fields Summary: forward port from 7u4 Reviewed-by: anthony ! src/macosx/native/sun/awt/AWTView.m Changeset: 17c5e1a12965 Author: ant Date: 2012-05-17 21:31 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/17c5e1a12965 7154072: [macosx] swallowing key events Summary: forward posrt from 7u4 Reviewed-by: anthony ! src/macosx/native/sun/awt/AWTView.m Changeset: ef77fa799b34 Author: ant Date: 2012-05-17 21:48 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ef77fa799b34 7125044: [macosx] Test failure because Component.transferFocus() works differently in applet and application. Summary: forward port from 7u4 Reviewed-by: art ! src/share/classes/java/awt/Dialog.java ! src/share/classes/java/awt/Frame.java ! src/share/classes/java/awt/Window.java ! src/share/classes/javax/swing/JApplet.java ! src/share/classes/javax/swing/JDialog.java ! src/share/classes/javax/swing/JFrame.java ! src/share/classes/javax/swing/JInternalFrame.java ! src/share/classes/javax/swing/JWindow.java ! src/share/classes/javax/swing/UIManager.java ! src/share/classes/sun/awt/SunToolkit.java + test/java/awt/Focus/FocusTraversalPolicy/InitialFTP.java + test/java/awt/Focus/FocusTraversalPolicy/InitialFTP_AWT.java + test/java/awt/Focus/FocusTraversalPolicy/InitialFTP_Swing.java + test/java/awt/event/KeyEvent/SwallowKeyEvents/SwallowKeyEvents.java Changeset: 5976b5848554 Author: ant Date: 2012-05-17 22:10 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5976b5848554 7145768: [macosx] Regression: failure in b11 of ModalDialogInFocusEventTest Summary: forward port from 7u4 Reviewed-by: art ! src/macosx/classes/sun/lwawt/LWComponentPeer.java ! src/macosx/classes/sun/lwawt/LWWindowPeer.java Changeset: 1d75ff45586e Author: ant Date: 2012-05-17 22:21 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1d75ff45586e 7145827: [macosx] JCK failure in b11: FocusableWindow3 Summary: forward posrt from 7u4 Reviewed-by: art ! src/macosx/classes/sun/lwawt/LWWindowPeer.java Changeset: 2eca75e0a063 Author: dcherepanov Date: 2012-05-18 19:39 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2eca75e0a063 7156191: [macosx] Can't type into applet demos in Pivot Reviewed-by: art ! src/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java ! src/macosx/classes/sun/lwawt/macosx/CPlatformResponder.java ! src/macosx/classes/sun/lwawt/macosx/CPlatformView.java ! src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java Changeset: 1ee12bca4823 Author: rupashka Date: 2012-05-21 18:55 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1ee12bca4823 7168144: No appropriate CCC request for changes introduced by 7154030 Reviewed-by: alexsch ! src/share/classes/javax/swing/JComponent.java Changeset: 967b38bfd5c1 Author: ant Date: 2012-05-22 01:12 +0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/967b38bfd5c1 7170427: setGlobalCurrentFocusCycleRoot unexpectedly throws SecurityException Reviewed-by: art ! src/share/classes/java/awt/Component.java ! src/share/classes/java/awt/Container.java ! src/share/classes/java/awt/KeyboardFocusManager.java Changeset: 5b2095d7a60b Author: lana Date: 2012-05-21 11:41 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5b2095d7a60b Merge ! src/macosx/classes/sun/lwawt/LWComponentPeer.java Changeset: b88fc3359dc7 Author: lana Date: 2012-05-21 11:44 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b88fc3359dc7 Merge Changeset: 7def50698e78 Author: katleman Date: 2012-05-24 16:15 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7def50698e78 Added tag jdk8-b40 for changeset b88fc3359dc7 ! .hgtags Changeset: 7abdd3cb14ed Author: lana Date: 2012-05-25 16:32 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7abdd3cb14ed Merge From littlee at linux.vnet.ibm.com Mon May 28 18:43:59 2012 From: littlee at linux.vnet.ibm.com (littlee at linux.vnet.ibm.com) Date: Tue, 29 May 2012 01:43:59 +0000 Subject: hg: jdk8/tl/jdk: 7172177: test/java/util/TimeZone/DstTzTest.java failing on all platforms Message-ID: <20120529014409.398D14757F@hg.openjdk.java.net> Changeset: 60033ab79213 Author: littlee Date: 2012-05-29 09:42 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/60033ab79213 7172177: test/java/util/TimeZone/DstTzTest.java failing on all platforms Reviewed-by: alanb, okutsu - test/java/util/TimeZone/DstTzTest.java From luchsh at linux.vnet.ibm.com Mon May 28 22:53:11 2012 From: luchsh at linux.vnet.ibm.com (Jonathan Lu) Date: Tue, 29 May 2012 13:53:11 +0800 Subject: Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify Message-ID: <4FC46447.5080802@linux.vnet.ibm.com> Hi Security-dev, Here's a patch for bug7172149, could anybody please help to take a look? http://cr.openjdk.java.net/~luchsh/7172149/ The problem is that the range check in Signature.verify(byte[], int, int) uses integer value to check whether (offset + length) is greater than signature.length, but if (offset + length) overflows the check will fail and ArrayIndexOutOfBoundsException will be thrown instead of IllegalArgumentException.My proposed solution is to make a conversion to long in the if block. Thanks! - Jonathan From xuelei.fan at oracle.com Mon May 28 23:02:28 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Tue, 29 May 2012 14:02:28 +0800 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: <4FBFBD35.2070600@oracle.com> References: <4FBBBA1F.1090605@oracle.com> <4FBC8008.4000408@oracle.com> <4FBD39CA.6060205@oracle.com> <4FBEDAE8.5060203@oracle.com> <4FBFBD35.2070600@oracle.com> Message-ID: <4FC46674.3030607@oracle.com> On 5/26/2012 1:11 AM, Sean Mullan wrote: >> That's my comment on specification. I may look into the implementation >> update next Monday. # KeyChecker.java, ConstraintsChecker.java # PolicyChecker.java, ConstraintsChecker.java, minor comment: public void check(Certificate cert, Collection unresCritExts) - if (unresCritExts != null && !unresCritExts.isEmpty()) { + if (!unresCritExts.isEmpty()) { This change may throw NPE when the unresCritExts argument is null. We used to allow null unresCritExts. This change may not cause compatibility issue because it is an internal class. But as might be confusing for the caller because it is not follow the spec strictly, it may be regard as null-argument-safe before reading into the implementation. Just my very personal opinion. # SunCertPathBuilder.java public CertPathBuilderResult engineBuild(CertPathParameters params) private PKIXCertPathBuilderResult build() - result = buildCertPath(buildForward, true, adjList); + result = buildCertPath(true, adjList); This update disables reverse building. The reverse building can only be set by SunCertPathBuilderParameters. It seems that this class is never used except the testing cases. It's OK to disable it. I was just wondering we may be also want to delete the SunCertPathBuilderParameters.java file, related test cases, and update the comment of SunCertPathBuilder.engineBuild(). In the comment, it is talked that SunCertPathBuilderParameters can be used for reverse building. Please also refer to my previous comments. Otherwise, looks fine to me so far. Thanks, Xuelei From xuelei.fan at oracle.com Mon May 28 23:45:23 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Tue, 29 May 2012 14:45:23 +0800 Subject: Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify In-Reply-To: <4FC46447.5080802@linux.vnet.ibm.com> References: <4FC46447.5080802@linux.vnet.ibm.com> Message-ID: <4FC47083.40004@oracle.com> That's an interesting topic. From my understand, the length of an array is of type "int". So normally, the (offset + length) should not be great than integer.max_value. Of course, Hostile or improper code are not of the case. What's interesting to me is that may be when we do additive operation for two "int" values, we may have to convert it to "long" in case of any overflow strictly. We are luck here because we have "long" type. But what about the additive operation for two "long" values? Jonathan, do you run into the problem in real world? Thanks & Regards, Xuelei On 5/29/2012 1:53 PM, Jonathan Lu wrote: > Hi Security-dev, > > Here's a patch for bug7172149, could anybody please help to take a look? > http://cr.openjdk.java.net/~luchsh/7172149/ > > The problem is that the range check in Signature.verify(byte[], int, > int) uses integer value to check whether (offset + length) is greater > than signature.length, but if (offset + length) overflows the check will > fail and ArrayIndexOutOfBoundsException will be thrown instead of > IllegalArgumentException.My proposed solution is to make a conversion > to long in the if block. > > Thanks! > - Jonathan > From luchsh at linux.vnet.ibm.com Tue May 29 00:11:21 2012 From: luchsh at linux.vnet.ibm.com (Jonathan Lu) Date: Tue, 29 May 2012 15:11:21 +0800 Subject: Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify In-Reply-To: <4FC47083.40004@oracle.com> References: <4FC46447.5080802@linux.vnet.ibm.com> <4FC47083.40004@oracle.com> Message-ID: <4FC47699.8090302@linux.vnet.ibm.com> Hi Xuelei, Thanks for review! On 05/29/2012 02:45 PM, Xuelei Fan wrote: > That's an interesting topic. From my understand, the length of an array > is of type "int". So normally, the (offset + length) should not be > great than integer.max_value. Of course, Hostile or improper code are > not of the case. > > What's interesting to me is that may be when we do additive operation > for two "int" values, we may have to convert it to "long" in case of any > overflow strictly. We are luck here because we have "long" type. But > what about the additive operation for two "long" values I think this issue is special, since it is about index value of Java arrays, which is limited to smaller than Integer.MAX_VALUE according to Java language specification, not other general conditions of comparing integer or long values. > > Jonathan, do you run into the problem in real world? For now I am not quiet sure of whether it is from a real world problem, but this problem does exhibit some weakness or behavior differences, right? Thanks & regards -Jonathan > > Thanks& Regards, > Xuelei > > On 5/29/2012 1:53 PM, Jonathan Lu wrote: >> Hi Security-dev, >> >> Here's a patch for bug7172149, could anybody please help to take a look? >> http://cr.openjdk.java.net/~luchsh/7172149/ >> >> The problem is that the range check in Signature.verify(byte[], int, >> int) uses integer value to check whether (offset + length) is greater >> than signature.length, but if (offset + length) overflows the check will >> fail and ArrayIndexOutOfBoundsException will be thrown instead of >> IllegalArgumentException.My proposed solution is to make a conversion >> to long in the if block. >> >> Thanks! >> - Jonathan >> From christopher.meyer at rub.de Tue May 29 06:42:54 2012 From: christopher.meyer at rub.de (Christopher Meyer) Date: 29 May 2012 15:42:54 +0200 Subject: JSSE TlsPrfGenerator ArrayIndexOutOfBoundsException Message-ID: <6169394.QvYJ4iH04G@bender> Hi, during some research we noticed an interesting implementation bug inside the com.sun.crypto.provider.TlsPrfGenerator.expand(..) function. The problem is that an internal for loop das some XOR magic on passed arrays: for (int i = 0; i < secLen; i++) { pad1[i] ^= secret[i + secOff]; pad2[i] ^= secret[i + secOff]; } But nowhere is checked if the passed arrays are of a suitable length (at least == secLen). We were able to get into a state where secLen is greather than pad1.length and thus leading to an ArrayIndexOutOfBoundsException while iterating. This caused the SSLSocket to terminate (which is ok), but finally sending a TLSv1 FATAL ALERT: internal_error where instead a TLSv1 FATAL ALERT: handshake_failure should be returned. >From developers point of view this seems to be a careless mistake, but from cryptographers point of view these different error messages may give some valuable hints on how the message was decrypted (chosen-ciphertext attacks). The problem was found during research on Bleichenbacher's attack on SSL. A non-conforming PKCS message with two 0x0 separation bytes in combination with 2048/4096 bit RSA keys will reproduce this scenario. StackTraces (good/bad case) follow below: how it should look like (1024 bit RSA keys): -------------------------------------------- *** ClientKeyExchange, RSA PreMasterSecret, TLSv1 SESSION KEYGEN: PreMaster Secret: 0000: 29 1B DD F3 23 2D 59 1F 65 17 93 EF 85 F3 1F 7F )...#-Y.e....... 0010: 69 BB FF C9 57 0B 67 4B 41 69 F9 CB 85 D9 71 D7 i...W.gKAi....q. 0020: 8F 63 71 C9 8D AB 00 03 01 E5 A5 8B BD 45 C4 99 .cq..........E.. 0030: FF 5B F5 D2 DB A1 59 21 30 37 94 7C 2E 48 6A 8D .[....Y!07...Hj. 0040: 08 9B 5F 91 2E 1C 49 8E FD 6B E8 A2 56 8F 81 A7 .._...I..k..V... 0050: CD CD 10 4C 03 28 6B ...L.(k RSA PreMasterSecret version error: expectedTLSv1 or TLSv1, decrypted: Unknown-41.27 Generating new random premaster secret SESSION KEYGEN: PreMaster Secret: 0000: 03 01 E0 75 34 84 96 F2 CB 65 3E 09 C8 82 E3 38 ...u4....e>....8 0010: CA 1B 0E 85 6B 8A E5 BA 7F C5 51 ED F1 ED 4F 8F ....k.....Q...O. 0020: BFinalizer, called close() 3 59Finalizer, called closeInternal(true) C3 C7 72 B2 17 53 55 F3 40 3B A9 4C 16 42 .Y..r..SU.@;.L.B CONNECTION KEYGEN: Client Nonce: 0000: 00 00 01 37 28 27 B6 E0 3E D5 6F 8D 3D D6 B0 D8 ...7('..>.o.=... 0010: 13 D2 62 75 2F 21 0C 6E 3D 76 B1 86 12 18 81 55 ..bu/!.n=v.....U Server Nonce: 0000: 4F C4 CF B6 42 29 3C CD 97 44 C1 66 1A 5F 3B 5A O...B)<..D.f._;Z 0010: 3A EF 06 08 8A 48 E2 39 A8 42 0C 96 52 1F 7F 4F :....H.9.B..R..O Master Secret: 0000: C3 8F 4D 51 9D 20 BB 17 42 0F 70 E2 C2 5E BB AA ..MQ. ..B.p..^.. 0010: E2 55 45 BE D6 3D D3 11 B5 E7 59 E3 A1 26 EB 14 .UE..=....Y..&.. 0020: FE 07 AF 80 6D 5A EC FB 11 12 CD EF 08 ED 31 7E ....mZ........1. Client MAC write Secret: 0000: F6 0B 0B 73 6E FC CE 0A F3 64 F2 6C 5E D9 DF F2 ...sn....d.l^... 0010: A8 A4 98 22 ..." Server MAC write Secret: 0000: D8 AC 63 54 F3 EA F6 55 C7 FE 08 70 FA 7D B8 32 ..cT...U...p...2 0010: 7A 21 4E 1B z!N. Client write key: 0000: 43 22 FA 3A B2 80 CE 5E 37 41 8C 23 7D 40 28 5C C".:...^7A.#.@(\ Server write key: 0000: DF CF 6F CD 1F FD F4 37 E1 93 DE BF 89 16 6E 5F ..o....7......n_ Client write IV: 0000: DC 57 88 79 7B 78 B2 30 29 D4 3C 3F BF CB 01 57 .W.y.x.0). ========> ========> Thread-2, SEND TLSv1 ALERT: fatal, description = handshake_failure ========> ========> Thread-2, WRITE: TLSv1 Alert, length = 2 Thread-2, called closeSocket() Thread-2, handling exception: javax.net.ssl.SSLHandshakeException: Invalid padding javax.net.ssl.SSLHandshakeException: Invalid padding at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1697) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:657) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:108) at java.io.OutputStream.write(OutputStream.java:75) at de.rub.nds.research.ssl.stack.tests.common.SSLServer.run(SSLServer.java:86) at java.lang.Thread.run(Thread.java:679) Caused by: javax.crypto.BadPaddingException: Padding length invalid: 55 at sun.security.ssl.CipherBox.removePadding(CipherBox.java:423) at sun.security.ssl.CipherBox.decrypt(CipherBox.java:271) at sun.security.ssl.InputRecord.decrypt(InputRecord.java:172) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:892) ... 6 more how it looks when dealing with 2048, 4096 bit RSA keys: ------------------------------------------------------- *** ClientKeyExchange, RSA PreMasterSecret, TLSv1 SESSION KEYGEN: PreMaster Secret: 0000: 2B 05 89 91 6F F5 87 35 B9 8B 77 69 CF 83 8F CF +...o..5..wi.... 0010: 6F 23 37 C9 E3 2F A9 51 C7 9D 3B 81 37 CB 61 F3 o#7../.Q..;.7.a. 0020: CB 29 21 E9 05 B7 73 8B 7F 6D 69 91 51 31 35 33 .)!...s..mi.Q153 0030: E5 03 A9 69 D3 23 9B 13 F3 4B 67 89 FD C9 9B 4D ...i.#...Kg....M 0040: A3 BB E5 AB 5D 85 D7 1D 79 8F 45 17 17 93 55 15 ....]...y.E...U. 0050: AD B7 17 33 CD 39 83 F7 6F 1F 4D EF A7 DD A5 55 ...3.9..o.M....U 0060: 0B A7 FB 99 33 09 00 03 01 1F EE 99 A8 6F C9 51 ....3........o.Q 0070: 7B 06 28 ED ED 34 84 65Finalizer, called close() Finalizer, called closeInternal(true) 8B 7E 0A D3 05 57 1B E7 ..(..4.e.....W.. 0080: CA 80 FC 34 6D A4 3D 9D B4 49 DB 85 24 71 3F CF ...4m.=..I..$q?. 0090: 8C E6 CA 63 1F 01 2A ...c..* Thread-2, handling exception: java.lang.ArrayIndexOutOfBoundsException: 64 ========> ========> ========> Thread-2, SEND TLSv1 ALERT: fatal, description = internal_error ========> ========> Thread-2, WRITE: TLSv1 Alert, length = 2 Thread-2, called closeSocket() javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1697) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1660) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1643) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1569) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:113) at java.io.OutputStream.write(OutputStream.java:75) at de.rub.nds.research.ssl.stack.tests.common.SSLServer.run(SSLServer.java:86) at java.lang.Thread.run(Thread.java:679) Caused by: java.lang.ArrayIndexOutOfBoundsException: 64 at com.sun.crypto.provider.TlsPrfGenerator.expand(TlsPrfGenerator.java:216) at com.sun.crypto.provider.TlsPrfGenerator.doPRF(TlsPrfGenerator.java:187) at com.sun.crypto.provider.TlsPrfGenerator.doPRF(TlsPrfGenerator.java:159) at com.sun.crypto.provider.TlsMasterSecretGenerator.engineGenerateKey(TlsMasterSecretGenerator.java:107) at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:516) at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:769) at sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:732) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:235) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609) at sun.security.ssl.Handshaker.process_record(Handshaker.java:545) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:945) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:657) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:108) ... 3 more We only tested this with 1024, 2048, 4096 bit keys. Maybe a simple length check inside the expand function could solve the issue. Regards, Chris ______________________________________ Dipl.-Ing. Christopher Meyer Horst G?rtz Institute for IT-Security Chair for Network and Data Security Ruhr-University Bochum, Germany Universit?tsstr. 150, ID 2/415 D-44801 Bochum, Germany http:// www.nds.rub.de Phone: (+49) (0)234 / 32 - 29815 Fax: (+49) (0)234 / 32 - 14347 From sean.mullan at oracle.com Tue May 29 10:25:47 2012 From: sean.mullan at oracle.com (Sean Mullan) Date: Tue, 29 May 2012 13:25:47 -0400 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: <4FC46674.3030607@oracle.com> References: <4FBBBA1F.1090605@oracle.com> <4FBC8008.4000408@oracle.com> <4FBD39CA.6060205@oracle.com> <4FBEDAE8.5060203@oracle.com> <4FBFBD35.2070600@oracle.com> <4FC46674.3030607@oracle.com> Message-ID: <4FC5069B.9070202@oracle.com> On 5/29/12 2:02 AM, Xuelei Fan wrote: > On 5/26/2012 1:11 AM, Sean Mullan wrote: >>> That's my comment on specification. I may look into the implementation >>> update next Monday. > > # KeyChecker.java, ConstraintsChecker.java > # PolicyChecker.java, ConstraintsChecker.java, minor comment: > > public void check(Certificate cert, Collection unresCritExts) > - if (unresCritExts != null && !unresCritExts.isEmpty()) { > + if (!unresCritExts.isEmpty()) { > > This change may throw NPE when the unresCritExts argument is null. We > used to allow null unresCritExts. This change may not cause > compatibility issue because it is an internal class. But as might be > confusing for the caller because it is not follow the spec strictly, it > may be regard as null-argument-safe before reading into the > implementation. Just my very personal opinion. You're right. I have restored the prior code. > # SunCertPathBuilder.java > > public CertPathBuilderResult engineBuild(CertPathParameters params) > private PKIXCertPathBuilderResult build() > - result = buildCertPath(buildForward, true, adjList); > + result = buildCertPath(true, adjList); > > This update disables reverse building. The reverse building can only be > set by SunCertPathBuilderParameters. I'm not sure I understand this comment. Reverse building could only be set by SunCertPathBuilderParameters before my changes, so I haven't changed anything. See lines 140-144 of the previous version of SunCertPathBuilder. > It seems that this class is never > used except the testing cases. It's OK to disable it. I was just > wondering we may be also want to delete the > SunCertPathBuilderParameters.java file, related test cases, and update > the comment of SunCertPathBuilder.engineBuild(). In the comment, it is > talked that SunCertPathBuilderParameters can be used for reverse building. > > > Please also refer to my previous comments. Otherwise, looks fine to me > so far. Great, I'll plan on posting a 2nd webrev later today. Since most of the comments were minor, I'll plan on pushing my changes in the next day or so unless I get more comments. Thanks, Sean From kurchi.subhra.hazra at oracle.com Tue May 29 13:17:07 2012 From: kurchi.subhra.hazra at oracle.com (kurchi.subhra.hazra at oracle.com) Date: Tue, 29 May 2012 20:17:07 +0000 Subject: hg: jdk8/tl/jdk: 7171591: getDefaultScopeID() in src/solaris/native/java/net/net_util_md.c should return a value Message-ID: <20120529201726.3F0474759D@hg.openjdk.java.net> Changeset: eb441933f6fe Author: khazra Date: 2012-05-29 13:16 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/eb441933f6fe 7171591: getDefaultScopeID() in src/solaris/native/java/net/net_util_md.c should return a value Summary: Use CHECK_NULL_RETURN instead of CHECK_NULL Reviewed-by: alanb ! src/solaris/native/java/net/net_util_md.c From xuelei.fan at oracle.com Tue May 29 16:15:15 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Wed, 30 May 2012 07:15:15 +0800 Subject: JDK 8 Review Request for 6854712 (JEP 124), 6637288 and 7126011 In-Reply-To: <4FC5069B.9070202@oracle.com> References: <4FBBBA1F.1090605@oracle.com> <4FBC8008.4000408@oracle.com> <4FBD39CA.6060205@oracle.com> <4FBEDAE8.5060203@oracle.com> <4FBFBD35.2070600@oracle.com> <4FC46674.3030607@oracle.com> <4FC5069B.9070202@oracle.com> Message-ID: <4FC55883.5060602@oracle.com> >> # SunCertPathBuilder.java >> >> public CertPathBuilderResult engineBuild(CertPathParameters params) >> private PKIXCertPathBuilderResult build() >> - result = buildCertPath(buildForward, true, adjList); >> + result = buildCertPath(true, adjList); >> >> This update disables reverse building. The reverse building can only be >> set by SunCertPathBuilderParameters. > > I'm not sure I understand this comment. Reverse building could only be set by > SunCertPathBuilderParameters before my changes, so I haven't changed anything. > See lines 140-144 of the previous version of SunCertPathBuilder. > You are right. It's my miss-understand the code. Xuelei From xuelei.fan at oracle.com Tue May 29 16:26:55 2012 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Wed, 30 May 2012 07:26:55 +0800 Subject: Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify In-Reply-To: <4FC47699.8090302@linux.vnet.ibm.com> References: <4FC46447.5080802@linux.vnet.ibm.com> <4FC47083.40004@oracle.com> <4FC47699.8090302@linux.vnet.ibm.com> Message-ID: <4FC55B3F.2010306@oracle.com> On 5/29/2012 3:11 PM, Jonathan Lu wrote: > Hi Xuelei, > > Thanks for review! > > On 05/29/2012 02:45 PM, Xuelei Fan wrote: >> That's an interesting topic. From my understand, the length of an array >> is of type "int". So normally, the (offset + length) should not be >> great than integer.max_value. Of course, Hostile or improper code are >> not of the case. >> >> What's interesting to me is that may be when we do additive operation >> for two "int" values, we may have to convert it to "long" in case of any >> overflow strictly. We are luck here because we have "long" type. But >> what about the additive operation for two "long" values > > I think this issue is special, since it is about index value of Java > arrays, which is limited to smaller than Integer.MAX_VALUE according to > Java language specification, not other general conditions of comparing > integer or long values. > >> >> Jonathan, do you run into the problem in real world? > For now I am not quiet sure of whether it is from a real world problem, > but this problem does exhibit some weakness or behavior differences, right? > Yes, it is an improvement. Would you please add a comment about why convert it to "long", and update the copyright year to 2012? Otherwise, looks fine to me for JDK 8. Thanks& Regards, Xuelei > Thanks & regards > -Jonathan > >> >> Thanks& Regards, >> Xuelei >> >> On 5/29/2012 1:53 PM, Jonathan Lu wrote: >>> Hi Security-dev, >>> >>> Here's a patch for bug7172149, could anybody please help to take a look? >>> http://cr.openjdk.java.net/~luchsh/7172149/ >>> >>> The problem is that the range check in Signature.verify(byte[], int, >>> int) uses integer value to check whether (offset + length) is greater >>> than signature.length, but if (offset + length) overflows the check will >>> fail and ArrayIndexOutOfBoundsException will be thrown instead of >>> IllegalArgumentException.My proposed solution is to make a conversion >>> to long in the if block. >>> >>> Thanks! >>> - Jonathan >>> > From bradford.wetmore at oracle.com Tue May 29 17:54:22 2012 From: bradford.wetmore at oracle.com (Brad Wetmore) Date: Tue, 29 May 2012 17:54:22 -0700 Subject: Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify In-Reply-To: <4FC55B3F.2010306@oracle.com> References: <4FC46447.5080802@linux.vnet.ibm.com> <4FC47083.40004@oracle.com> <4FC47699.8090302@linux.vnet.ibm.com> <4FC55B3F.2010306@oracle.com> Message-ID: <4FC56FBE.10902@oracle.com> I think it is worth exploring what other parts of the code do in this case. It seems to me this is going to be a lot more involved than just Signatures. (InputStreams, etc) Brad On 5/29/2012 4:26 PM, Xuelei Fan wrote: > On 5/29/2012 3:11 PM, Jonathan Lu wrote: >> Hi Xuelei, >> >> Thanks for review! >> >> On 05/29/2012 02:45 PM, Xuelei Fan wrote: >>> That's an interesting topic. From my understand, the length of an array >>> is of type "int". So normally, the (offset + length) should not be >>> great than integer.max_value. Of course, Hostile or improper code are >>> not of the case. >>> >>> What's interesting to me is that may be when we do additive operation >>> for two "int" values, we may have to convert it to "long" in case of any >>> overflow strictly. We are luck here because we have "long" type. But >>> what about the additive operation for two "long" values >> >> I think this issue is special, since it is about index value of Java >> arrays, which is limited to smaller than Integer.MAX_VALUE according to >> Java language specification, not other general conditions of comparing >> integer or long values. >> >>> >>> Jonathan, do you run into the problem in real world? >> For now I am not quiet sure of whether it is from a real world problem, >> but this problem does exhibit some weakness or behavior differences, right? >> > Yes, it is an improvement. Would you please add a comment about why > convert it to "long", and update the copyright year to 2012? Otherwise, > looks fine to me for JDK 8. > > Thanks& Regards, > Xuelei > >> Thanks& regards >> -Jonathan >> >>> >>> Thanks& Regards, >>> Xuelei >>> >>> On 5/29/2012 1:53 PM, Jonathan Lu wrote: >>>> Hi Security-dev, >>>> >>>> Here's a patch for bug7172149, could anybody please help to take a look? >>>> http://cr.openjdk.java.net/~luchsh/7172149/ >>>> >>>> The problem is that the range check in Signature.verify(byte[], int, >>>> int) uses integer value to check whether (offset + length) is greater >>>> than signature.length, but if (offset + length) overflows the check will >>>> fail and ArrayIndexOutOfBoundsException will be thrown instead of >>>> IllegalArgumentException.My proposed solution is to make a conversion >>>> to long in the if block. >>>> >>>> Thanks! >>>> - Jonathan >>>> >> > From luchsh at linux.vnet.ibm.com Wed May 30 00:37:23 2012 From: luchsh at linux.vnet.ibm.com (Jonathan Lu) Date: Wed, 30 May 2012 15:37:23 +0800 Subject: Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify In-Reply-To: <4FC56FBE.10902@oracle.com> References: <4FC46447.5080802@linux.vnet.ibm.com> <4FC47083.40004@oracle.com> <4FC47699.8090302@linux.vnet.ibm.com> <4FC55B3F.2010306@oracle.com> <4FC56FBE.10902@oracle.com> Message-ID: <4FC5CE33.5040800@linux.vnet.ibm.com> Hi Brad, I think I've found a better solution after reading into other modules, here's the refined patch http://cr.openjdk.java.net/~luchsh/7172149_2/ On 05/30/2012 08:54 AM, Brad Wetmore wrote: > I think it is worth exploring what other parts of the code do in this > case. It seems to me this is going to be a lot more involved than > just Signatures. (InputStreams, etc) > > Brad > > > > On 5/29/2012 4:26 PM, Xuelei Fan wrote: >> On 5/29/2012 3:11 PM, Jonathan Lu wrote: >>> Hi Xuelei, >>> >>> Thanks for review! >>> >>> On 05/29/2012 02:45 PM, Xuelei Fan wrote: >>>> That's an interesting topic. From my understand, the length of an >>>> array >>>> is of type "int". So normally, the (offset + length) should not be >>>> great than integer.max_value. Of course, Hostile or improper code are >>>> not of the case. >>>> >>>> What's interesting to me is that may be when we do additive operation >>>> for two "int" values, we may have to convert it to "long" in case >>>> of any >>>> overflow strictly. We are luck here because we have "long" type. But >>>> what about the additive operation for two "long" values >>> >>> I think this issue is special, since it is about index value of Java >>> arrays, which is limited to smaller than Integer.MAX_VALUE according to >>> Java language specification, not other general conditions of comparing >>> integer or long values. >>> >>>> >>>> Jonathan, do you run into the problem in real world? >>> For now I am not quiet sure of whether it is from a real world problem, >>> but this problem does exhibit some weakness or behavior differences, >>> right? >>> >> Yes, it is an improvement. Would you please add a comment about why >> convert it to "long", and update the copyright year to 2012? Otherwise, >> looks fine to me for JDK 8. The new patch is quite straightforward, I do not there is any requirement for a comment now :) Does it make sense? >> >> Thanks& Regards, >> Xuelei >> >>> Thanks& regards >>> -Jonathan >>> >>>> >>>> Thanks& Regards, >>>> Xuelei >>>> >>>> On 5/29/2012 1:53 PM, Jonathan Lu wrote: >>>>> Hi Security-dev, >>>>> >>>>> Here's a patch for bug7172149, could anybody please help to take a >>>>> look? >>>>> http://cr.openjdk.java.net/~luchsh/7172149/ >>>>> >>>>> The problem is that the range check in Signature.verify(byte[], int, >>>>> int) uses integer value to check whether (offset + length) is greater >>>>> than signature.length, but if (offset + length) overflows the >>>>> check will >>>>> fail and ArrayIndexOutOfBoundsException will be thrown instead of >>>>> IllegalArgumentException.My proposed solution is to make a >>>>> conversion >>>>> to long in the if block. >>>>> >>>>> Thanks! >>>>> - Jonathan >>>>> >>> >> Thanks! - Jonathan From littlee at linux.vnet.ibm.com Wed May 30 01:57:40 2012 From: littlee at linux.vnet.ibm.com (Charles Lee) Date: Wed, 30 May 2012 16:57:40 +0800 Subject: Behavior difference when open file dialog from applet In-Reply-To: <4FA24120.8070409@linux.vnet.ibm.com> References: <4F83AAD1.7030800@linux.vnet.ibm.com> <4F857ADF.6040607@linux.vnet.ibm.com> <4F8E66F0.1050309@linux.vnet.ibm.com> <4F903DCF.5030807@oracle.com> <4F915784.3010705@oracle.com> <4F952B84.2030601@linux.vnet.ibm.com> <4FA24120.8070409@linux.vnet.ibm.com> Message-ID: <4FC5E104.8060802@linux.vnet.ibm.com> Hi security-devs, I'd like to sponsor this patch. Would any security guys please have some time to review this patch? On 05/03/2012 04:26 PM, Jonathan Lu wrote: > Hello, how about just change the code like following patch by adding a > security check point before invoking the native dialog. > > http://cr.openjdk.java.net/~luchsh/webrev_gtk_file_dialog/ > > Best regards! > > - Jonathan > > On 04/23/2012 06:14 PM, Jonathan Lu wrote: >> Basically the existance checking of files and directory without >> explicitly granted permissions do not look very friendly to me >> especially for applet code from the web. This might be a helpful way >> for hackers to infer OS version, user habit or software config from >> the directory layout retrieved by a file dialog. >> >> Any comments from the security list? >> >> best regards! >> -Jonathan >> >> On 04/20/2012 08:33 PM, Anthony Petrov wrote: >>> OTOH, using a file dialog may allow one (with a little help from a >>> user) to check a file or a directory for existence which may be >>> considered a security vulnerability. This is actually the reason the >>> exception is thrown by XFileDialogPeer in the first place: it gets >>> thrown when the code calls File.isDirectory() when setting the >>> initial directory for the dialog. >>> >>> Not sure if this ability is much useful by itself, or if this >>> vulnerability is "convenient" for hackers to use since it involves >>> the user, but still this doesn't feel like a benign thing to me. >>> >>> What do security experts think about that? >>> >>> -- >>> best regards, >>> Anthony >>> >>> On 4/19/2012 8:31 PM, Artem Ananiev wrote: >>>> Hi, Jonathan, >>>> >>>> you're right, GTK and X file dialogs behave differently when >>>> SecurityManager is installed. However, instead of changing GTK >>>> dialogs, I propose to correct X dialogs, so they don't throw >>>> security exceptions. >>>> >>>> Indeed, application may create arbitrary java.io.File objects >>>> without any permissions. File permissions are only checked when >>>> application tries to read from, or write into, or just open the >>>> file. AWT file dialogs are about getting File objects, they don't >>>> provide access to File content (be it a regular file or a >>>> directory), so I don't see any reasons to throw exceptions. >>>> >>>> What do you think about it? >>>> >>>> Thanks, >>>> >>>> Artem >>>> >>>> On 4/18/2012 11:02 AM, Jonathan Lu wrote: >>>>> Hello, is anybody interested in this problem? >>>>> >>>>> it seems to be a generic question of how to control security >>>>> access in >>>>> JNI native implementation of JDK. >>>>> And consider the behavior differences, is it neccessary to >>>>> reimplement >>>>> Gtk file dialog in the same way as X dialog? >>>>> >>>>> Regards >>>>> - Jonathan >>>>> >>>>> On 04/11/2012 08:36 PM, Jonathan Lu wrote: >>>>>> >>>>>> Hi awt-dev, >>>>>> >>>>>> I found a behavior difference when open file dialog from an >>>>>> applet, bug >>>>>> 7160238 has been created for this issue. >>>>>> Here's the tiny test case to helping reproduce the problem, >>>>>> >>>>>> /* >>>>>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights >>>>>> reserved. >>>>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. >>>>>> * >>>>>> * This code is free software; you can redistribute it and/or >>>>>> modify it >>>>>> * under the terms of the GNU General Public License version 2 >>>>>> only, as >>>>>> * published by the Free Software Foundation. >>>>>> * >>>>>> * This code is distributed in the hope that it will be useful, but >>>>>> WITHOUT >>>>>> * ANY WARRANTY; without even the implied warranty of >>>>>> MERCHANTABILITY or >>>>>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public >>>>>> License >>>>>> * version 2 for more details (a copy is included in the LICENSE >>>>>> file that >>>>>> * accompanied this code). >>>>>> * >>>>>> * You should have received a copy of the GNU General Public License >>>>>> version >>>>>> * 2 along with this work; if not, write to the Free Software >>>>>> Foundation, >>>>>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. >>>>>> * >>>>>> * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA >>>>>> 94065 USA >>>>>> * or visit www.oracle.com if you need additional information or >>>>>> have any >>>>>> * questions. >>>>>> */ >>>>>> >>>>>> /* >>>>>> * Portions Copyright (c) 2012 IBM Corporation >>>>>> */ >>>>>> >>>>>> import java.applet.Applet; >>>>>> import java.awt.Button; >>>>>> import java.awt.FileDialog; >>>>>> import java.awt.Frame; >>>>>> import java.awt.event.ActionEvent; >>>>>> import java.awt.event.ActionListener; >>>>>> >>>>>> public class FileDialogTest extends Applet { >>>>>> @Override >>>>>> public void init() { >>>>>> Button button = new Button("Open FileDialog"); >>>>>> add(button); >>>>>> button.addActionListener(new ActionListener() { >>>>>> @Override >>>>>> public void actionPerformed(ActionEvent event) { >>>>>> Frame f = new Frame(); >>>>>> FileDialog dialog = new FileDialog(f, "FileDialog"); >>>>>> dialog.show(); >>>>>> } >>>>>> }); >>>>>> } >>>>>> } >>>>>> >>>>>> Embeded it into an HTML document, test.html, then run >>>>>> appletviewer with >>>>>> following two commands, >>>>>> appletviewer -J-Dsun.awt.disableGtkFileDialogs=true test.html >>>>>> appletviewer -J-Dsun.awt.disableGtkFileDialogs=false test.html >>>>>> >>>>>> The result will be different, -J-Dsun.awt.disableGtkFileDialogs=true >>>>>> will throw AccessControlException, but >>>>>> -J-Dsun.awt.disableGtkFileDialogs=false will continue to open a file >>>>>> dialog. >>>>>> >>>>>> According to the specification: >>>>>> The basic applet security model is an all or nothing proposition. >>>>>> If you >>>>>> get a security certificate, you can give the applet full access >>>>>> to the >>>>>> user's system. Without it, the applet has virtually no access at >>>>>> all. >>>>>> >>>>>> Since file dialog displays the content of user's file system, so it >>>>>> absolutely needs file system read permmission, right? but for Gtk >>>>>> File >>>>>> Dialog, it just works fine without exceptions. I don't think this >>>>>> behavior is following the spec here, right? In OpenJDK's source >>>>>> code, >>>>>> GtkFileDialogPeer will create a native GTK file chooser widget >>>>>> and keep >>>>>> a native pointer, does this leave a breach to Java applet's security >>>>>> model? >>>>>> >>>>>> Cheers! >>>>>> - Jonathan >>>>>> >>>>>> >>>>> >> > -- Yours Charles From kumar.x.srinivasan at oracle.com Wed May 30 09:42:50 2012 From: kumar.x.srinivasan at oracle.com (kumar.x.srinivasan at oracle.com) Date: Wed, 30 May 2012 16:42:50 +0000 Subject: hg: jdk8/tl/jdk: 7168401: pack200 does not produce a compatible pack file for JDK7 classes if indy is not present Message-ID: <20120530164309.E6A5D475C4@hg.openjdk.java.net> Changeset: 41dcfdbf8f07 Author: ksrini Date: 2012-05-29 14:56 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/41dcfdbf8f07 7168401: pack200 does not produce a compatible pack file for JDK7 classes if indy is not present Reviewed-by: jrose ! src/share/classes/com/sun/java/util/jar/pack/Attribute.java ! src/share/classes/com/sun/java/util/jar/pack/BandStructure.java ! src/share/classes/com/sun/java/util/jar/pack/ClassReader.java ! src/share/classes/com/sun/java/util/jar/pack/ClassWriter.java ! src/share/classes/com/sun/java/util/jar/pack/Constants.java ! src/share/classes/com/sun/java/util/jar/pack/Package.java ! src/share/classes/com/sun/java/util/jar/pack/PackageReader.java ! src/share/classes/com/sun/java/util/jar/pack/PackageWriter.java ! src/share/classes/com/sun/java/util/jar/pack/PackerImpl.java ! src/share/classes/com/sun/java/util/jar/pack/PropMap.java ! src/share/classes/com/sun/java/util/jar/pack/Utils.java ! test/tools/pack200/PackageVersionTest.java From maurizio.cimadamore at oracle.com Thu May 31 09:53:34 2012 From: maurizio.cimadamore at oracle.com (maurizio.cimadamore at oracle.com) Date: Thu, 31 May 2012 16:53:34 +0000 Subject: hg: jdk8/tl/langtools: 2 new changesets Message-ID: <20120531165338.65BF84764F@hg.openjdk.java.net> Changeset: af6a4c24f4e3 Author: mcimadamore Date: 2012-05-31 17:42 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/af6a4c24f4e3 7166552: Inference: cleanup usage of Type.ForAll Summary: Remove hack to callback into type-inference from assignment context Reviewed-by: dlsmith, jjg ! src/share/classes/com/sun/tools/javac/code/Type.java ! src/share/classes/com/sun/tools/javac/comp/Attr.java ! src/share/classes/com/sun/tools/javac/comp/AttrContext.java ! src/share/classes/com/sun/tools/javac/comp/Check.java ! src/share/classes/com/sun/tools/javac/comp/Infer.java ! src/share/classes/com/sun/tools/javac/comp/Resolve.java ! src/share/classes/com/sun/tools/javac/resources/compiler.properties ! test/tools/javac/6758789/T6758789b.out ! test/tools/javac/diags/examples.not-yet.txt ! test/tools/javac/diags/examples/ApplicableMethodFound1.java ! test/tools/javac/diags/examples/CantApplyDiamond1.java - test/tools/javac/diags/examples/FullInstSig.java ! test/tools/javac/diags/examples/IncompatibleTypes1.java ! test/tools/javac/diags/examples/InferredDoNotConformToLower.java - test/tools/javac/diags/examples/InvalidInferredTypes.java + test/tools/javac/diags/examples/NoUniqueMaximalInstance.java - test/tools/javac/diags/examples/UndeterminedType1.java ! test/tools/javac/diags/examples/WhereFreshTvar.java ! test/tools/javac/generics/7015430/T7015430.out ! test/tools/javac/generics/7151802/T7151802.out ! test/tools/javac/generics/inference/6315770/T6315770.out ! test/tools/javac/generics/inference/6638712/T6638712b.out ! test/tools/javac/generics/inference/6638712/T6638712e.out ! test/tools/javac/generics/inference/6650759/T6650759m.out ! test/tools/javac/generics/inference/7154127/T7154127.out ! test/tools/javac/varargs/6313164/T6313164.out Changeset: 37dc15c68760 Author: mcimadamore Date: 2012-05-31 17:44 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/37dc15c68760 7160084: javac fails to compile an apparently valid class/interface combination Summary: javac generates wrong syntetized trees for nested enum constants Reviewed-by: dlsmith, jjg ! src/share/classes/com/sun/tools/javac/comp/Attr.java ! src/share/classes/com/sun/tools/javac/comp/MemberEnter.java ! src/share/classes/com/sun/tools/javac/tree/TreeInfo.java + test/tools/javac/enum/7160084/T7160084a.java + test/tools/javac/enum/7160084/T7160084b.java From sean.mullan at oracle.com Thu May 31 14:10:51 2012 From: sean.mullan at oracle.com (sean.mullan at oracle.com) Date: Thu, 31 May 2012 21:10:51 +0000 Subject: hg: jdk8/tl/jdk: 3 new changesets Message-ID: <20120531211128.69A6447659@hg.openjdk.java.net> Changeset: 0c6830e7241f Author: mullan Date: 2012-05-30 17:19 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0c6830e7241f 6854712: Revocation checking enhancements (JEP-124) 6637288: Add OCSP support to PKIX CertPathBuilder implementation 7126011: ReverseBuilder.getMatchingCACerts may throws NPE Reviewed-by: xuelei ! src/share/classes/java/security/cert/CertPathBuilder.java ! src/share/classes/java/security/cert/CertPathBuilderSpi.java + src/share/classes/java/security/cert/CertPathChecker.java ! src/share/classes/java/security/cert/CertPathValidator.java ! src/share/classes/java/security/cert/CertPathValidatorSpi.java ! src/share/classes/java/security/cert/PKIXCertPathChecker.java + src/share/classes/java/security/cert/PKIXRevocationChecker.java ! src/share/classes/java/security/cert/package.html ! src/share/classes/sun/security/provider/certpath/AdjacencyList.java ! src/share/classes/sun/security/provider/certpath/BasicChecker.java ! src/share/classes/sun/security/provider/certpath/BuildStep.java ! src/share/classes/sun/security/provider/certpath/Builder.java ! src/share/classes/sun/security/provider/certpath/CertStoreHelper.java ! src/share/classes/sun/security/provider/certpath/CollectionCertStore.java ! src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java - src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java ! src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java ! src/share/classes/sun/security/provider/certpath/ForwardBuilder.java ! src/share/classes/sun/security/provider/certpath/ForwardState.java ! src/share/classes/sun/security/provider/certpath/IndexedCollectionCertStore.java ! src/share/classes/sun/security/provider/certpath/KeyChecker.java ! src/share/classes/sun/security/provider/certpath/OCSP.java - src/share/classes/sun/security/provider/certpath/OCSPChecker.java ! src/share/classes/sun/security/provider/certpath/OCSPRequest.java ! src/share/classes/sun/security/provider/certpath/OCSPResponse.java + src/share/classes/sun/security/provider/certpath/PKIX.java ! src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java ! src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java ! src/share/classes/sun/security/provider/certpath/PolicyChecker.java ! src/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java ! src/share/classes/sun/security/provider/certpath/ReverseBuilder.java ! src/share/classes/sun/security/provider/certpath/ReverseState.java + src/share/classes/sun/security/provider/certpath/RevocationChecker.java ! src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java ! src/share/classes/sun/security/provider/certpath/SunCertPathBuilderParameters.java ! src/share/classes/sun/security/provider/certpath/URICertStore.java ! src/share/classes/sun/security/provider/certpath/Vertex.java ! src/share/classes/sun/security/provider/certpath/X509CertPath.java ! src/share/classes/sun/security/provider/certpath/X509CertificatePair.java ! src/share/classes/sun/security/x509/X509CRLEntryImpl.java + test/java/security/cert/PKIXRevocationChecker/UnitTest.java Changeset: 3192e73394fe Author: mullan Date: 2012-05-31 17:07 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3192e73394fe Merge - src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java ! src/share/classes/sun/security/provider/certpath/ForwardBuilder.java ! src/share/classes/sun/security/provider/certpath/ForwardState.java - src/share/classes/sun/security/provider/certpath/OCSPChecker.java ! src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java ! src/share/classes/sun/security/provider/certpath/ReverseBuilder.java ! src/share/classes/sun/security/provider/certpath/ReverseState.java ! src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Changeset: 48dfc0df61d0 Author: mullan Date: 2012-05-31 17:10 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/48dfc0df61d0 Merge From mike.duigou at oracle.com Wed May 30 20:22:35 2012 From: mike.duigou at oracle.com (mike.duigou at oracle.com) Date: Thu, 31 May 2012 03:22:35 +0000 Subject: hg: jdk8/tl/jdk: 6924259: Remove offset and count fields from java.lang.String Message-ID: <20120531032252.A69774763C@hg.openjdk.java.net> Changeset: 2c773daa825d Author: mduigou Date: 2012-05-17 10:06 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2c773daa825d 6924259: Remove offset and count fields from java.lang.String Summary: Removes the use of shared character array buffers by String along with the two fields needed to support the use of shared buffers. Reviewed-by: alanb, mduigou, forax, briangoetz Contributed-by: brian.doherty at oracle.com ! src/share/classes/java/lang/Integer.java ! src/share/classes/java/lang/Long.java ! src/share/classes/java/lang/String.java ! src/share/classes/java/lang/StringCoding.java From mike.duigou at oracle.com Wed May 30 22:19:10 2012 From: mike.duigou at oracle.com (mike.duigou at oracle.com) Date: Thu, 31 May 2012 05:19:10 +0000 Subject: hg: jdk8/tl/jdk: 7126277: Alternative String hashing implementation Message-ID: <20120531051930.AA11E47640@hg.openjdk.java.net> Changeset: 43bd5ee0205e Author: mduigou Date: 2012-05-30 22:18 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/43bd5ee0205e 7126277: Alternative String hashing implementation Summary: All of the hashing based Map implementations: HashMap, Hashtable, LinkedHashMap, WeakHashMap and ConcurrentHashMap are modified to use an enhanced hashing algorithm for string keys when the capacity of the hash table has ever grown beyond 512 entries. The enhanced hashing implementation uses the murmur3 hashing algorithm along with random hash seeds and index masks. These enhancements mitigate cases where colliding String hash values could result in a performance bottleneck. Reviewed-by: alanb, forax, dl ! make/java/java/FILES_java.gmk ! src/share/classes/java/lang/String.java ! src/share/classes/java/util/HashMap.java ! src/share/classes/java/util/Hashtable.java ! src/share/classes/java/util/LinkedHashMap.java ! src/share/classes/java/util/WeakHashMap.java ! src/share/classes/java/util/concurrent/ConcurrentHashMap.java + src/share/classes/sun/misc/Hashing.java ! test/java/util/Collection/BiggernYours.java ! test/java/util/Hashtable/HashCode.java ! test/java/util/Hashtable/SimpleSerialization.java + test/java/util/Map/Collisions.java ! test/java/util/Map/Get.java + test/sun/misc/Hashing.java From james.holmlund at oracle.com Thu May 31 15:08:26 2012 From: james.holmlund at oracle.com (james.holmlund at oracle.com) Date: Thu, 31 May 2012 22:08:26 +0000 Subject: hg: jdk8/tl/langtools: 7159016: Static import of member in processor-generated class fails in JDK 7 Message-ID: <20120531220829.D825B4766E@hg.openjdk.java.net> Changeset: 844478076c25 Author: jjh Date: 2012-05-31 15:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/844478076c25 7159016: Static import of member in processor-generated class fails in JDK 7 Reviewed-by: jjg ! src/share/classes/com/sun/tools/javac/comp/MemberEnter.java + test/tools/javac/T7159016.java From luchsh at linux.vnet.ibm.com Thu May 31 23:25:38 2012 From: luchsh at linux.vnet.ibm.com (Jonathan Lu) Date: Fri, 01 Jun 2012 14:25:38 +0800 Subject: Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify In-Reply-To: <4FC55B3F.2010306@oracle.com> References: <4FC46447.5080802@linux.vnet.ibm.com> <4FC47083.40004@oracle.com> <4FC47699.8090302@linux.vnet.ibm.com> <4FC55B3F.2010306@oracle.com> Message-ID: <4FC86062.2050804@linux.vnet.ibm.com> Hello Xuelei, What do you think of the updated patch? any comments? http://cr.openjdk.java.net/~luchsh/7172149_2/ Thanks - Jonathan On 05/30/2012 07:26 AM, Xuelei Fan wrote: > On 5/29/2012 3:11 PM, Jonathan Lu wrote: >> Hi Xuelei, >> >> Thanks for review! >> >> On 05/29/2012 02:45 PM, Xuelei Fan wrote: >>> That's an interesting topic. From my understand, the length of an array >>> is of type "int". So normally, the (offset + length) should not be >>> great than integer.max_value. Of course, Hostile or improper code are >>> not of the case. >>> >>> What's interesting to me is that may be when we do additive operation >>> for two "int" values, we may have to convert it to "long" in case of any >>> overflow strictly. We are luck here because we have "long" type. But >>> what about the additive operation for two "long" values >> I think this issue is special, since it is about index value of Java >> arrays, which is limited to smaller than Integer.MAX_VALUE according to >> Java language specification, not other general conditions of comparing >> integer or long values. >> >>> Jonathan, do you run into the problem in real world? >> For now I am not quiet sure of whether it is from a real world problem, >> but this problem does exhibit some weakness or behavior differences, right? >> > Yes, it is an improvement. Would you please add a comment about why > convert it to "long", and update the copyright year to 2012? Otherwise, > looks fine to me for JDK 8. > > Thanks& Regards, > Xuelei > >> Thanks& regards >> -Jonathan >> >>> Thanks& Regards, >>> Xuelei >>> >>> On 5/29/2012 1:53 PM, Jonathan Lu wrote: >>>> Hi Security-dev, >>>> >>>> Here's a patch for bug7172149, could anybody please help to take a look? >>>> http://cr.openjdk.java.net/~luchsh/7172149/ >>>> >>>> The problem is that the range check in Signature.verify(byte[], int, >>>> int) uses integer value to check whether (offset + length) is greater >>>> than signature.length, but if (offset + length) overflows the check will >>>> fail and ArrayIndexOutOfBoundsException will be thrown instead of >>>> IllegalArgumentException.My proposed solution is to make a conversion >>>> to long in the if block. >>>> >>>> Thanks! >>>> - Jonathan >>>>