Changeset 390 for trunk/openjdk/jdk/src

Timestamp:

Jul 2, 2012, 3:05:26 PM (13 years ago)

Author:

dmik

Message:

trunk: Merged in openjdk6 b25 from branches/vendor/oracle.

This accompanies an incomplete r389.

Location:

trunk/openjdk/jdk/src

Files:

• share/bin/java.c (modified) (1 diff)
• share/bin/java.h (modified) (1 diff)
• share/classes/com/sun/media/sound/DirectAudioDevice.java (modified) (2 diffs)
• share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java (modified) (1 diff)
• share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java (modified) (1 diff)
• share/classes/com/sun/security/auth/LdapPrincipal.java (modified) (3 diffs)
• share/classes/com/sun/security/sasl/CramMD5Client.java (modified) (2 diffs)
• share/classes/com/sun/security/sasl/CramMD5Server.java (modified) (2 diffs)
• share/classes/com/sun/security/sasl/ExternalClient.java (modified) (2 diffs)
• share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java (modified) (2 diffs)
• share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java (modified) (2 diffs)
• share/classes/java/awt/AWTKeyStroke.java (modified) (1 diff)
• share/classes/java/awt/KeyboardFocusManager.java (modified) (13 diffs)
• share/classes/java/io/ObjectStreamClass.java (modified) (4 diffs)
• share/classes/java/net/NetworkInterface.java (modified) (1 diff)
• share/classes/java/net/URI.java (modified) (2 diffs)
• share/classes/java/nio/charset/package.html (modified) (2 diffs)
• share/classes/java/sql/Timestamp.java (modified) (1 diff)
• share/classes/java/util/TimeZone.java (modified) (5 diffs)
• share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java (modified) (11 diffs)
• share/classes/javax/management/remote/JMXServiceURL.java (modified) (2 diffs)
• share/classes/javax/naming/ldap/LdapName.java (modified) (4 diffs)
• share/classes/javax/naming/ldap/Rdn.java (modified) (9 diffs)
• share/classes/javax/net/ssl/SSLContext.java (modified) (2 diffs)
• share/classes/javax/print/DocFlavor.java (modified) (2 diffs)
• share/classes/javax/swing/ImageIcon.java (modified) (1 diff)
• share/classes/sun/awt/AppContext.java (modified) (2 diffs)
• share/classes/sun/awt/SunToolkit.java (modified) (1 diff)
• share/classes/sun/awt/image/PNGImageDecoder.java (modified) (2 diffs)
• share/classes/sun/font/FileFontStrike.java (modified) (4 diffs)
• share/classes/sun/java2d/pipe/DrawImage.java (modified) (1 diff)
• share/classes/sun/misc/JavaAWTAccess.java (copied) (copied from branches/vendor/oracle/openjdk6/b25/jdk/src/share/classes/sun/misc/JavaAWTAccess.java )
• share/classes/sun/misc/SharedSecrets.java (modified) (2 diffs)
• share/classes/sun/net/httpserver/Request.java (modified) (2 diffs)
• share/classes/sun/net/httpserver/ServerConfig.java (modified) (5 diffs)
• share/classes/sun/rmi/registry/RegistryImpl.java (modified) (14 diffs)
• share/classes/sun/rmi/server/LoaderHandler.java (modified) (1 diff)
• share/classes/sun/security/jgss/krb5/InitialToken.java (modified) (2 diffs)
• share/classes/sun/security/provider/certpath/ForwardBuilder.java (modified) (2 diffs)
• share/classes/sun/security/provider/certpath/ForwardState.java (modified) (2 diffs)
• share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java (modified) (2 diffs)
• share/classes/sun/security/provider/certpath/ReverseBuilder.java (modified) (2 diffs)
• share/classes/sun/security/provider/certpath/ReverseState.java (modified) (2 diffs)
• share/classes/sun/security/provider/certpath/SunCertPathBuilder.java (modified) (4 diffs)
• share/classes/sun/security/provider/certpath/UntrustedChecker.java (copied) (copied from branches/vendor/oracle/openjdk6/b25/jdk/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java )
• share/classes/sun/security/ssl/AppOutputStream.java (modified) (1 diff)
• share/classes/sun/security/ssl/EngineArgs.java (modified) (4 diffs)
• share/classes/sun/security/ssl/SSLEngineImpl.java (modified) (2 diffs)
• share/classes/sun/security/util/UntrustedCertificates.java (copied) (copied from branches/vendor/oracle/openjdk6/b25/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java )
• share/classes/sun/security/validator/SimpleValidator.java (modified) (4 diffs)
• share/classes/sun/security/validator/ValidatorException.java (modified) (2 diffs)
• share/native/java/util/zip/zip_util.c (modified) (2 diffs)
• share/native/sun/awt/image/jpeg/imageioJPEG.c (modified) (1 diff)
• solaris/bin/java_md.c (modified) (1 diff)
• windows/bin/java_md.c (modified) (1 diff)
• windows/classes/java/net/TwoStacksPlainDatagramSocketImpl.java (modified) (1 diff)
• windows/native/sun/windows/awt_FileDialog.cpp (modified) (1 diff)

trunk/openjdk/jdk/src/share/bin/java.c

@@ -1 +1 @@
 /*
- * Copyright (c) 1995, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/share/bin/java.h

@@ -1 +1 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java

@@ -772 +772 @@
                 throw new ArrayIndexOutOfBoundsException(off);
             }
-            if (off + len > b.length) {
+            if ((long)off + (long)len > (long)b.length) {
                 throw new ArrayIndexOutOfBoundsException(b.length);
             }
@@ -1001 +1001 @@
                 throw new ArrayIndexOutOfBoundsException(off);
             }
-            if (off + len > b.length) {
+            if ((long)off + (long)len > (long)b.length) {
                 throw new ArrayIndexOutOfBoundsException(b.length);
             }

trunk/openjdk/jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java

@@ -131 +131 @@
             throw new IllegalArgumentException(
                     "Number of bytes does not represent an integral number of sample frames.");
+        if (off < 0) {
+            throw new ArrayIndexOutOfBoundsException(off);
+        }
+        if ((long)off + (long)len > (long)b.length) {
+            throw new ArrayIndexOutOfBoundsException(b.length);
+        }
 
         byte[] buff = cycling_buffer;

trunk/openjdk/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java

@@ -49 +49 @@
  * @author Anli Shundi
  * @author Christian Geuer-Pollmann
- * @see <A HREF="ftp://ftp.isi.edu/in-notes/rfc2045.txt">RFC 2045</A>
+ * @see <A HREF="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</A>
  * @see com.sun.org.apache.xml.internal.security.transforms.implementations.TransformBase64Decode
  */

trunk/openjdk/jdk/src/share/classes/com/sun/security/auth/LdapPrincipal.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -32 +32 @@
 /**
  * A principal identified by a distinguished name as specified by
- * <a href="http://ietf.org//rfc/rfc2253.txt">RFC 2253</a>.
+ * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
  *
  * <p>
@@ -123 +123 @@
     /**
      * Creates a string representation of this principal's name in the format
-     * defined by <a href="http://ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
+     * defined by <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
      * If the name has zero components an empty string is returned.
      *

trunk/openjdk/jdk/src/share/classes/com/sun/security/sasl/CramMD5Client.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1999, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -34 +34 @@
 /**
   * Implements the CRAM-MD5 SASL client-side mechanism.
-  * (<A HREF="ftp://ftp.isi.edu/in-notes/rfc2195.txt">RFC 2195</A>).
+  * (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
   * CRAM-MD5 has no initial response. It receives bytes from
   * the server as a challenge, which it hashes by using MD5 and the password.

trunk/openjdk/jdk/src/share/classes/com/sun/security/sasl/CramMD5Server.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -39 +39 @@
 /**
   * Implements the CRAM-MD5 SASL server-side mechanism.
-  * (<A HREF="ftp://ftp.isi.edu/in-notes/rfc2195.txt">RFC 2195</A>).
+  * (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
   * CRAM-MD5 has no initial response.
   *

trunk/openjdk/jdk/src/share/classes/com/sun/security/sasl/ExternalClient.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1999, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -30 +30 @@
 /**
   * Implements the EXTERNAL SASL client mechanism.
-  * (<A HREF="ftp://ftp.isi.edu/in-notes/rfc2222.txt">RFC 2222</A>).
+  * (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
   * The EXTERNAL mechanism returns the optional authorization ID as
   * the initial response. It processes no challenges.

trunk/openjdk/jdk/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -40 +40 @@
 /**
   * Implements the GSSAPI SASL client mechanism for Kerberos V5.
-  * (<A HREF="ftp://ftp.isi.edu/in-notes/rfc2222.txt">RFC 2222</A>,
+  * (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>,
   * <a HREF="http://www.ietf.org/internet-drafts/draft-ietf-cat-sasl-gssapi-04.txt">draft-ietf-cat-sasl-gssapi-04.txt</a>).
   * It uses the Java Bindings for GSSAPI
-  * (<A HREF="ftp://ftp.isi.edu/in-notes/rfc2853.txt">RFC 2853</A>)
+  * (<A HREF="http://www.ietf.org/rfc/rfc2853.txt">RFC 2853</A>)
   * for getting GSSAPI/Kerberos V5 support.
   *

trunk/openjdk/jdk/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -40 +40 @@
 /**
   * Implements the GSSAPI SASL server mechanism for Kerberos V5.
-  * (<A HREF="ftp://ftp.isi.edu/in-notes/rfc2222.txt">RFC 2222</A>,
+  * (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>,
   * <a HREF="http://www.ietf.org/internet-drafts/draft-ietf-cat-sasl-gssapi-00.txt">draft-ietf-cat-sasl-gssapi-00.txt</a>).
   *

trunk/openjdk/jdk/src/share/classes/java/awt/AWTKeyStroke.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/share/classes/java/awt/KeyboardFocusManager.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -477 +477 @@
     protected Component getGlobalFocusOwner() throws SecurityException {
         synchronized (KeyboardFocusManager.class) {
-            if (this == getCurrentKeyboardFocusManager()) {
-                return focusOwner;
-            } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
-                }
-                throw new SecurityException(notPrivileged);
-            }
+            checkCurrentKFMSecurity();
+            return focusOwner;
         }
     }
@@ -518 +512 @@
         if (focusOwner == null || focusOwner.isFocusable()) {
             synchronized (KeyboardFocusManager.class) {
+                checkCurrentKFMSecurity();
                 oldFocusOwner = getFocusOwner();
 
@@ -567 +562 @@
      */
     public void clearGlobalFocusOwner() {
+        synchronized (KeyboardFocusManager.class) {
+             checkCurrentKFMSecurity();
+        } 
+
         if (!GraphicsEnvironment.isHeadless()) {
             // Toolkit must be fully initialized, otherwise
@@ -646 +645 @@
     {
         synchronized (KeyboardFocusManager.class) {
-            if (this == getCurrentKeyboardFocusManager()) {
-                return permanentFocusOwner;
-            } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
-                }
-                throw new SecurityException(notPrivileged);
-            }
+            checkCurrentKFMSecurity();
+            return permanentFocusOwner;
         }
     }
@@ -689 +682 @@
         if (permanentFocusOwner == null || permanentFocusOwner.isFocusable()) {
             synchronized (KeyboardFocusManager.class) {
+                checkCurrentKFMSecurity();
                 oldPermanentFocusOwner = getPermanentFocusOwner();
 
@@ -754 +748 @@
     protected Window getGlobalFocusedWindow() throws SecurityException {
         synchronized (KeyboardFocusManager.class) {
-            if (this == getCurrentKeyboardFocusManager()) {
-               return focusedWindow;
-            } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
-                }
-                throw new SecurityException(notPrivileged);
-            }
+            checkCurrentKFMSecurity();
+            return focusedWindow;
         }
     }
@@ -792 +780 @@
         if (focusedWindow == null || focusedWindow.isFocusableWindow()) {
             synchronized (KeyboardFocusManager.class) {
+                checkCurrentKFMSecurity();
                 oldFocusedWindow = getFocusedWindow();
 
@@ -858 +847 @@
     protected Window getGlobalActiveWindow() throws SecurityException {
         synchronized (KeyboardFocusManager.class) {
-            if (this == getCurrentKeyboardFocusManager()) {
-               return activeWindow;
-            } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
-                }
-                throw new SecurityException(notPrivileged);
-            }
+            checkCurrentKFMSecurity();
+            return activeWindow;
         }
     }
@@ -894 +877 @@
         Window oldActiveWindow;
         synchronized (KeyboardFocusManager.class) {
+            checkCurrentKFMSecurity();
             oldActiveWindow = getActiveWindow();
             if (focusLog.isLoggable(Level.FINER)) {
@@ -1188 +1172 @@
     {
         synchronized (KeyboardFocusManager.class) {
-            if (this == getCurrentKeyboardFocusManager()) {
-                return currentFocusCycleRoot;
-            } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
-                }
-                throw new SecurityException(notPrivileged);
-            }
+            checkCurrentKFMSecurity();
+            return currentFocusCycleRoot;
         }
     }
@@ -1219 +1197 @@
 
         synchronized (KeyboardFocusManager.class) {
+            checkCurrentKFMSecurity();
             oldFocusCycleRoot  = getCurrentFocusCycleRoot();
             currentFocusCycleRoot = newFocusCycleRoot;
@@ -3103 +3082 @@
         }
     }
+
+     private void checkCurrentKFMSecurity() {
+         if (this != getCurrentKeyboardFocusManager()) {
+             if (focusLog.isLoggable(Level.FINER)) {
+                 focusLog.finer("This manager is " + this +
+                                ", current is " + getCurrentKeyboardFocusManager());
+             }
+             throw new SecurityException(notPrivileged);
+         }
+     }
 }

trunk/openjdk/jdk/src/share/classes/java/io/ObjectStreamClass.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -731 +731 @@
                 new InvalidClassException(deserializeEx.classname,
                                           deserializeEx.getMessage());
-            ice.initCause(deserializeEx);
             throw ice;
         }
@@ -746 +745 @@
                 new InvalidClassException(serializeEx.classname,
                                           serializeEx.getMessage());
-            ice.initCause(serializeEx);
             throw ice;
         }
@@ -763 +761 @@
                 new InvalidClassException(defaultSerializeEx.classname,
                                           defaultSerializeEx.getMessage());
-            ice.initCause(defaultSerializeEx);
             throw ice;
         }

trunk/openjdk/jdk/src/share/classes/java/net/NetworkInterface.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/share/classes/java/net/URI.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -458 +458 @@
  * @since 1.4
  *
- * @see <a href="http://ietf.org/rfc/rfc2279.txt"><i>RFC&nbsp;2279: UTF-8, a
+ * @see <a href="http://www.ietf.org/rfc/rfc2279.txt"><i>RFC&nbsp;2279: UTF-8, a
  * transformation format of ISO 10646</i></a>, <br><a
  * href="http://www.ietf.org/rfc/rfc2373.txt"><i>RFC&nbsp;2373: IPv6 Addressing

trunk/openjdk/jdk/src/share/classes/java/nio/charset/package.html

@@ -1 +1 @@
 <!--
- Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
@@ -49 +49 @@
 <p> A <i>charset</i> is named mapping between sequences of sixteen-bit Unicode
 characters and sequences of bytes, in the sense defined in <a
-href="http://ietf.org/rfc/rfc2278.txt"><i>RFC&nbsp;2278</i></a>.  A
+href="http://www.ietf.org/rfc/rfc2278.txt"><i>RFC&nbsp;2278</i></a>.  A
 <i>decoder</i> is an engine which transforms bytes in a specific charset into
 characters, and an <i>encoder</i> is an engine which transforms characters into

trunk/openjdk/jdk/src/share/classes/java/sql/Timestamp.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/share/classes/java/util/TimeZone.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -44 +44 @@
 import java.security.PrivilegedAction;
 import java.util.concurrent.ConcurrentHashMap;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaAWTAccess;
 import sun.security.action.GetPropertyAction;
 import sun.util.TimeZoneNameUtility;
@@ -543 +545 @@
      */
     static TimeZone getDefaultRef() {
-        TimeZone defaultZone = defaultZoneTL.get();
+        TimeZone defaultZone = getDefaultInAppContext();
         if (defaultZone == null) {
             defaultZone = defaultTimeZone;
@@ -634 +636 @@
             synchronized (TimeZone.class) {
                 defaultTimeZone = zone;
-                defaultZoneTL.set(null);
+                setDefaultInAppContext(null);
             }
         } else {
-            defaultZoneTL.set(zone);
+            setDefaultInAppContext(zone);
+        }
+    }
+
+    /**
+     * Returns the default TimeZone in an AppContext if any AppContext
+     * has ever used. null is returned if any AppContext hasn't been
+     * used or if the AppContext doesn't have the default TimeZone.
+     */
+    private synchronized static TimeZone getDefaultInAppContext() {
+        javaAWTAccess = SharedSecrets.getJavaAWTAccess();
+        if (javaAWTAccess == null) {
+            return mainAppContextDefault;
+        } else {
+            if (!javaAWTAccess.isDisposed()) {
+                TimeZone tz = (TimeZone)
+                    javaAWTAccess.get(TimeZone.class);
+                if (tz == null && javaAWTAccess.isMainAppContext()) {
+                    return mainAppContextDefault;
+                } else {
+                    return tz;
+                }
+            }
+        }
+        return null;
+    }
+
+    /**
+     * Sets the default TimeZone in the AppContext to the given
+     * tz. null is handled special: do nothing if any AppContext
+     * hasn't been used, remove the default TimeZone in the
+     * AppContext otherwise.
+     */
+    private synchronized static void setDefaultInAppContext(TimeZone tz) {
+        javaAWTAccess = SharedSecrets.getJavaAWTAccess();
+        if (javaAWTAccess == null) {
+            mainAppContextDefault = tz;
+        } else {
+            if (!javaAWTAccess.isDisposed()) {
+                javaAWTAccess.put(TimeZone.class, tz);
+                if (javaAWTAccess.isMainAppContext()) {
+                    mainAppContextDefault = null;
+                }
+            }
         }
     }
@@ -688 +733 @@
     private String           ID;
     private static volatile TimeZone defaultTimeZone;
-    private static final InheritableThreadLocal<TimeZone> defaultZoneTL
-                                        = new InheritableThreadLocal<TimeZone>();
 
     static final String         GMT_ID        = "GMT";
     private static final int    GMT_ID_LENGTH = 3;
+
+    /*
+     * Provides access implementation-private methods without using reflection
+     *
+     * Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't
+     * been loaded. If so, it implies that AWTSecurityManager is not our
+     * SecurityManager and we can use a local static variable.
+     * This works around a build time issue.
+     */
+    private static JavaAWTAccess javaAWTAccess;
+
+    // a static TimeZone we can reference if no AppContext is in place
+    private static TimeZone mainAppContextDefault;
+
 
     /**

trunk/openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java

@@ -35 +35 @@
 
 package java.util.concurrent.atomic;
+import java.lang.reflect.Array;
+import java.util.Arrays;
 import sun.misc.Unsafe;
-import java.util.*;
 
 /**
@@ -50 +51 @@
     private static final long serialVersionUID = -6209656149925076980L;
 
-    private static final Unsafe unsafe = Unsafe.getUnsafe();
-    private static final int base = unsafe.arrayBaseOffset(Object[].class);
-    private static final int scale = unsafe.arrayIndexScale(Object[].class);
-    private final Object[] array;
-
-    private long rawIndex(int i) {
+    private static final Unsafe unsafe;
+    private static final int base;
+    private static final int shift;
+    private static final long arrayFieldOffset;
+    private final Object[] array; // must have exact type Object[]
+
+    static {
+        int scale;
+        try {
+            unsafe = Unsafe.getUnsafe();
+            arrayFieldOffset = unsafe.objectFieldOffset
+                (AtomicReferenceArray.class.getDeclaredField("array"));
+            base = unsafe.arrayBaseOffset(Object[].class);
+            scale = unsafe.arrayIndexScale(Object[].class);
+        } catch (Exception e) {
+            throw new Error(e);
+        }
+        if ((scale & (scale - 1)) != 0)
+            throw new Error("data type scale not a power of two");
+        shift = 31 - Integer.numberOfLeadingZeros(scale);
+    }
+
+    private long checkedByteOffset(int i) {
         if (i < 0 || i >= array.length)
             throw new IndexOutOfBoundsException("index " + i);
-        return base + (long) i * scale;
+
+        return byteOffset(i);
+    }
+
+    private static long byteOffset(int i) {
+        return ((long) i << shift) + base;
     }
 
@@ -67 +90 @@
     public AtomicReferenceArray(int length) {
         array = new Object[length];
-        // must perform at least one volatile write to conform to JMM
-        if (length > 0)
-            unsafe.putObjectVolatile(array, rawIndex(0), null);
     }
 
@@ -80 +100 @@
      */
     public AtomicReferenceArray(E[] array) {
-        if (array == null)
-            throw new NullPointerException();
-        int length = array.length;
-        this.array = new Object[length];
-        if (length > 0) {
-            int last = length-1;
-            for (int i = 0; i < last; ++i)
-                this.array[i] = array[i];
-            // Do the last write as volatile
-            E e = array[last];
-            unsafe.putObjectVolatile(this.array, rawIndex(last), e);
-        }
+        // Visibility guaranteed by final field guarantees
+        this.array = Arrays.copyOf(array, array.length, Object[].class);
     }
 
@@ -110 +120 @@
      */
     public final E get(int i) {
-        return (E) unsafe.getObjectVolatile(array, rawIndex(i));
+        return getRaw(checkedByteOffset(i));
+    }
+
+    private E getRaw(long offset) {
+        return (E) unsafe.getObjectVolatile(array, offset);
     }
 
@@ -120 +134 @@
      */
     public final void set(int i, E newValue) {
-        unsafe.putObjectVolatile(array, rawIndex(i), newValue);
+        unsafe.putObjectVolatile(array, checkedByteOffset(i), newValue);
     }
 
@@ -131 +145 @@
      */
     public final void lazySet(int i, E newValue) {
-        unsafe.putOrderedObject(array, rawIndex(i), newValue);
+        unsafe.putOrderedObject(array, checkedByteOffset(i), newValue);
     }
 
@@ -144 +158 @@
      */
     public final E getAndSet(int i, E newValue) {
+        long offset = checkedByteOffset(i);
         while (true) {
-            E current = get(i);
-            if (compareAndSet(i, current, newValue))
+            E current = getRaw(offset);
+            if (compareAndSetRaw(offset, current, newValue))
                 return current;
         }
@@ -154 +169 @@
      * Atomically sets the element at position {@code i} to the given
      * updated value if the current value {@code ==} the expected value.
+     *
      * @param i the index
      * @param expect the expected value
@@ -161 +177 @@
      */
     public final boolean compareAndSet(int i, E expect, E update) {
-        return unsafe.compareAndSwapObject(array, rawIndex(i),
-                                         expect, update);
+        return compareAndSetRaw(checkedByteOffset(i), expect, update);
+    }
+
+    private boolean compareAndSetRaw(long offset, E expect, E update) {
+        return unsafe.compareAndSwapObject(array, offset, expect, update);
     }
 
@@ -187 +206 @@
      */
     public String toString() {
-        if (array.length > 0) // force volatile read
-            get(0);
-        return Arrays.toString(array);
+        int iMax = array.length - 1;
+        if (iMax == -1)
+            return "[]";
+
+        StringBuilder b = new StringBuilder();
+        b.append('[');
+        for (int i = 0; ; i++) {
+            b.append(getRaw(byteOffset(i)));
+            if (i == iMax)
+                return b.append(']').toString();
+            b.append(',').append(' ');
+        }
+    }
+
+    /**
+     * Reconstitutes the instance from a stream (that is, deserializes it).
+     * @param s the stream
+     */
+    private void readObject(java.io.ObjectInputStream s)
+        throws java.io.IOException, ClassNotFoundException {
+        // Note: This must be changed if any additional fields are defined
+        Object a = s.readFields().get("array", null);
+        if (a == null || !a.getClass().isArray())
+            throw new java.io.InvalidObjectException("Not array type");
+        if (a.getClass() != Object[].class)
+            a = Arrays.copyOf((Object[])a, Array.getLength(a), Object[].class);
+        unsafe.putObjectVolatile(this, arrayFieldOffset, a);
     }
 

trunk/openjdk/jdk/src/share/classes/javax/management/remote/JMXServiceURL.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -108 +108 @@
  *
  * @see <a
- * href="ftp://ftp.rfc-editor.org/in-notes/rfc2609.txt">RFC 2609,
+ * href="http://www.ietf.org/rfc/rfc2609.txt">RFC 2609,
  * "Service Templates and <code>Service:</code> Schemes"</a>
  * @see <a
- * href="ftp://ftp.rfc-editor.org/in-notes/rfc3111.txt">RFC 3111,
+ * href="http://www.ietf.org/rfc/rfc3111.txt">RFC 3111,
  * "Service Location Protocol Modifications for IPv6"</a>
  *

trunk/openjdk/jdk/src/share/classes/javax/naming/ldap/LdapName.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -43 +43 @@
 /**
  * This class represents a distinguished name as specified by
- * <a href="http://ietf.org//rfc/rfc2253.txt">RFC 2253</a>.
+ * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
  * A distinguished name, or DN, is composed of an ordered list of
  * components called <em>relative distinguished name</em>s, or RDNs.
@@ -116 +116 @@
      * @param name  This is a non-null distinguished name formatted
      * according to the rules defined in
-     * <a href="http://ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
+     * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
      *
      * @throws InvalidNameException if a syntax violation is detected.
@@ -615 +615 @@
     /**
      * Returns a string representation of this LDAP name in a format
-     * defined by <a href="http://ietf.org/rfc/rfc2253.txt">RFC 2253</a>
+     * defined by <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>
      * and described in the class description. If the name has zero
      * components an empty string is returned.

trunk/openjdk/jdk/src/share/classes/javax/naming/ldap/Rdn.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -46 +46 @@
  * This class represents a relative distinguished name, or RDN, which is a
  * component of a distinguished name as specified by
- * <a href="http://ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
+ * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
  * An example of an RDN is "OU=Sales+CN=J.Smith". In this example,
  * the RDN consist of multiple attribute type/value pairs. The
@@ -118 +118 @@
      * <p>
      * The string attribute values are not interpretted as
-     * <a href="http://ietf.org/rfc/rfc2253.txt">RFC 2253</a>
+     * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>
      * formatted RDN strings. That is, the values are used
      * literally (not parsed) and assumed to be unescaped.
@@ -153 +153 @@
      * Constructs an Rdn from the given string.
      * This constructor takes a string formatted according to the rules
-     * defined in <a href="http://ietf.org//rfc/rfc2253.txt">RFC 2253</a>
+     * defined in <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>
      * and described in the class description for
      * {@link javax.naming.ldap.LdapName}.
@@ -181 +181 @@
      * value.
      * The string attribute values are not interpretted as
-     * <a href="http://ietf.org/rfc/rfc2253.txt">RFC 2253</a>
+     * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>
      * formatted RDN strings. That is, the values are used
      * literally (not parsed) and assumed to be unescaped.
@@ -217 +217 @@
      * Adds the given attribute type and value to this Rdn.
      * The string attribute values are not interpretted as
-     * <a href="http://ietf.org/rfc/rfc2253.txt">RFC 2253</a>
+     * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>
      * formatted RDN strings. That is the values are used
      * literally (not parsed) and assumed to be unescaped.
@@ -281 +281 @@
     /**
      * Returns this Rdn as a string represented in a format defined by
-     * <a href="http://ietf.org//rfc/rfc2253.txt">RFC 2253</a> and described
+     * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> and described
      * in the class description for {@link javax.naming.ldap.LdapName LdapName}.
      *
@@ -504 +504 @@
      * Given the value of an attribute, returns a string escaped according
      * to the rules specified in
-     * <a href="http://ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
+     * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
      * <p>
      * For example, if the val is "Sue, Grabbit and Runn", the escaped
@@ -583 +583 @@
      * Given an attribute value string formated according to the rules
      * specified in
-     * <a href="http://ietf.org//rfc/rfc2253.txt">RFC 2253</a>,
+     * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>,
      * returns the unformated value.  Escapes and quotes are
      * stripped away, and hex-encoded UTF-8 is converted to equivalent

trunk/openjdk/jdk/src/share/classes/javax/net/ssl/SSLContext.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -160 +160 @@
      * @param protocol the standard name of the requested protocol.
      *          See Appendix A in the <a href=
-     *  "{@docRoot}/../technotes/guides//security/jsse/JSSERefGuide.html#AppA">
+     *  "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html#AppA">
      *          Java Secure Socket Extension Reference Guide </a>
      *          for information about standard protocol names.

trunk/openjdk/jdk/src/share/classes/javax/print/DocFlavor.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -452 +452 @@
      * A String representing the host operating system encoding.
      * This will follow the conventions documented in
-     * <a href="http://ietf.org/rfc/rfc2278.txt">
+     * <a href="http://www.ietf.org/rfc/rfc2278.txt">
      * <i>RFC&nbsp;2278:&nbsp;IANA Charset Registration Procedures</i></a>
      * except where historical names are returned for compatibility with

trunk/openjdk/jdk/src/share/classes/javax/swing/ImageIcon.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/share/classes/sun/awt/AppContext.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -768 +768 @@
         return changeSupport.getPropertyChangeListeners(propertyName);
     }
+
+    // Set up JavaAWTAccess in SharedSecrets
+    static {
+        sun.misc.SharedSecrets.setJavaAWTAccess(new sun.misc.JavaAWTAccess() {
+            public Object get(Object key) {
+                return getAppContext().get(key);
+            }
+            public void put(Object key, Object value) {
+                getAppContext().put(key, value);
+            }
+            public void remove(Object key) {
+                getAppContext().remove(key);
+            }
+            public boolean isDisposed() {
+                return getAppContext().isDisposed();
+            }
+            public boolean isMainAppContext() {
+                return (numAppContexts == 1);
+            }
+        });
+    }
 }
 

trunk/openjdk/jdk/src/share/classes/sun/awt/SunToolkit.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/share/classes/sun/awt/image/PNGImageDecoder.java

@@ -1 +1 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -33 +33 @@
 
 /** PNG - Portable Network Graphics - image file reader.
-    See <a href=ftp://ds.internic.net/rfc/rfc2083.txt>RFC2083</a> for details. */
+    See <a href=http://www.ietf.org/rfc/rfc2083.txt>RFC2083</a> for details. */
 
 /* this is changed

trunk/openjdk/jdk/src/share/classes/sun/font/FileFontStrike.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -57 +57 @@
     private static final int SEGLONGARRAY  = 4;
 
-    private int glyphCacheFormat = UNINITIALISED;
+    private volatile int glyphCacheFormat = UNINITIALISED;
 
     /* segmented arrays are blocks of 256 */
@@ -427 +427 @@
 
     /* Called only from synchronized code or constructor */
-    private void initGlyphCache() {
+    private synchronized void initGlyphCache() {
 
         int numGlyphs = mapper.getNumGlyphs();
+        int tmpFormat = UNINITIALISED;
 
         if (segmentedCache) {
             int numSegments = (numGlyphs + SEGSIZE-1)/SEGSIZE;
             if (FontManager.longAddresses) {
-                glyphCacheFormat = SEGLONGARRAY;
+                tmpFormat = SEGLONGARRAY;
                 segLongGlyphImages = new long[numSegments][];
                 this.disposer.segLongGlyphImages = segLongGlyphImages;
              } else {
-                 glyphCacheFormat = SEGINTARRAY;
+                 tmpFormat = SEGINTARRAY;
                  segIntGlyphImages = new int[numSegments][];
                  this.disposer.segIntGlyphImages = segIntGlyphImages;
@@ -444 +445 @@
         } else {
             if (FontManager.longAddresses) {
-                glyphCacheFormat = LONGARRAY;
+                tmpFormat = LONGARRAY;
                 longGlyphImages = new long[numGlyphs];
                 this.disposer.longGlyphImages = longGlyphImages;
             } else {
-                glyphCacheFormat = INTARRAY;
+                tmpFormat = INTARRAY;
                 intGlyphImages = new int[numGlyphs];
                 this.disposer.intGlyphImages = intGlyphImages;
             }
         }
+        glyphCacheFormat = tmpFormat;
     }
 

trunk/openjdk/jdk/src/share/classes/sun/java2d/pipe/DrawImage.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java

@@ -53 +53 @@
     private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
     private static JavaSecurityAccess javaSecurityAccess;
+    private static JavaAWTAccess javaAWTAccess;
 
     public static JavaUtilJarAccess javaUtilJarAccess() {
@@ -139 +140 @@
         return javaSecurityAccess;
     }
+
+    public static void setJavaAWTAccess(JavaAWTAccess jaa) {
+        javaAWTAccess = jaa;
+    }
+
+    public static JavaAWTAccess getJavaAWTAccess() {
+        // this may return null in which case calling code needs to 
+        // provision for.
+        return javaAWTAccess;
+    }
 }

trunk/openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -191 +191 @@
             else
                 v = String.copyValueOf(s, keyend, len - keyend);
+
+            if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
+                throw new IOException("Maximum number of request headers (" +
+                        "sun.net.httpserver.maxReqHeaders) exceeded, " +
+                        ServerConfig.getMaxReqHeaders() + ".");
+            }
+
             hdrs.add (k,v);
         }

trunk/openjdk/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -46 +46 @@
     static long defaultSelCacheTimeout = 120 ;  // seconds
     static int defaultMaxIdleConnections = 200 ;
+    static int defaultMaxReqHeaders = 200 ;
+
 
     static long defaultDrainAmount = 64 * 1024;
@@ -55 +57 @@
     static long drainAmount;    // max # of bytes to drain from an inputstream
     static int maxIdleConnections;
+    // The maximum number of request headers allowable
+    private static int maxReqHeaders;
+
     static boolean debug = false;
 
@@ -94 +99 @@
                 defaultDrainAmount))).longValue();
 
+        maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged(
+                new sun.security.action.GetIntegerAction(
+                "sun.net.httpserver.maxReqHeaders",
+                defaultMaxReqHeaders))).intValue();
+
         debug = ((Boolean)java.security.AccessController.doPrivileged(
                 new sun.security.action.GetBooleanAction(
@@ -130 +140 @@
         return drainAmount;
     }
+
+    static int getMaxReqHeaders() {
+        return maxReqHeaders;
+    }
 }

trunk/openjdk/jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java

@@ -30 +30 @@
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
+import java.io.FilePermission;
 import java.io.IOException;
 import java.net.*;
@@ -42 +43 @@
 import java.security.AccessController;
 import java.security.CodeSource;
-import java.security.Policy; 
+import java.security.Policy;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.security.PermissionCollection;
 import java.security.Permissions;
-import java.security.ProtectionDomain; 
+import java.security.ProtectionDomain;
 import java.text.MessageFormat;
 import sun.rmi.server.LoaderHandler;
@@ -55 +56 @@
 import sun.rmi.transport.ObjectTable;
 import sun.rmi.transport.Target;
-import sun.security.action.GetPropertyAction;
 
 /**
@@ -77 +77 @@
     /* indicate compatibility with JDK 1.1.x version of class */
     private static final long serialVersionUID = 4666870661827494597L;
-    private Hashtable bindings = new Hashtable(101);
-    private static Hashtable allowedAccessCache = new Hashtable(3);
+    private Hashtable<String, Remote> bindings
+        = new Hashtable<String, Remote>(101);
+    private static Hashtable<InetAddress, InetAddress> allowedAccessCache
+        = new Hashtable<InetAddress, InetAddress>(3);
     private static RegistryImpl registry;
     private static ObjID id = new ObjID(ObjID.REGISTRY_ID);
@@ -130 +132 @@
     {
         synchronized (bindings) {
-            Remote obj = (Remote)bindings.get(name);
+            Remote obj = bindings.get(name);
             if (obj == null)
                 throw new NotBoundException(name);
@@ -147 +149 @@
         checkAccess("Registry.bind");
         synchronized (bindings) {
-            Remote curr = (Remote)bindings.get(name);
+            Remote curr = bindings.get(name);
             if (curr != null)
                 throw new AlreadyBoundException(name);
@@ -164 +166 @@
         checkAccess("Registry.unbind");
         synchronized (bindings) {
-            Remote obj = (Remote)bindings.get(name);
+            Remote obj = bindings.get(name);
             if (obj == null)
                 throw new NotBoundException(name);
@@ -214 +216 @@
 
             try {
-                clientHost = (InetAddress)
-                    java.security.AccessController.doPrivileged(
-                        new java.security.PrivilegedExceptionAction() {
-                        public Object run()
+                clientHost = java.security.AccessController.doPrivileged(
+                    new java.security.PrivilegedExceptionAction<InetAddress>() {
+                        public InetAddress run()
                             throws java.net.UnknownHostException
                         {
@@ -239 +240 @@
 
                     java.security.AccessController.doPrivileged(
-                        new java.security.PrivilegedExceptionAction() {
-                            public Object run() throws java.io.IOException {
+                        new java.security.PrivilegedExceptionAction<Void>() {
+                            public Void run() throws java.io.IOException {
                                 /*
                                  * if a ServerSocket can be bound to the client's
@@ -335 +336 @@
             ClassLoader cl = new URLClassLoader(urls);
 
-            String codebaseProperty = null;
-            String prop = java.security.AccessController.doPrivileged(
-                new GetPropertyAction("java.rmi.server.codebase"));
-                if (prop != null && prop.trim().length() > 0) {
-                    codebaseProperty = prop;
-                }
-            URL[] codebaseURLs = null;
-            if (codebaseProperty != null) {
-                codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty);
-            } else {
-                codebaseURLs = new URL[0];
-            }
-
             /*
              * Fix bugid 4242317: Classes defined by this class loader should
@@ -365 +353 @@
                             return new RegistryImpl(regPort);
                         }
-                    }, getAccessControlContext(codebaseURLs));
+                    }, getAccessControlContext());
             } catch (PrivilegedActionException ex) {
                 throw (RemoteException) ex.getException();
@@ -391 +379 @@
 
     /**
-     * Generates an AccessControlContext from several URLs.
+     * Generates an AccessControlContext with minimal permissions.
      * The approach used here is taken from the similar method
      * getAccessControlContext() in the sun.applet.AppletPanel class.
      */
-    private static AccessControlContext getAccessControlContext(URL[] urls) {
+    private static AccessControlContext getAccessControlContext() {
         // begin with permissions granted to all code in current policy
         PermissionCollection perms = AccessController.doPrivileged(
@@ -420 +408 @@
         perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
 
-        // add permissions required to load from codebase URL path
-        LoaderHandler.addPermissionsForURLs(urls, perms, false);
+        perms.add(new FilePermission("<<ALL FILES>>", "read"));
 
         /*
@@ -428 +415 @@
          */
         ProtectionDomain pd = new ProtectionDomain(
-            new CodeSource((urls.length > 0 ? urls[0] : null),
-                (java.security.cert.Certificate[]) null),
-            perms);
+            new CodeSource(null,
+                (java.security.cert.Certificate[]) null), perms);
         return new AccessControlContext(new ProtectionDomain[] { pd });
     }

trunk/openjdk/jdk/src/share/classes/sun/rmi/server/LoaderHandler.java

@@ -1029 +1029 @@
      * it is not already implied by the collection.
      */
-    public static void addPermissionsForURLs(URL[] urls,
+    private static void addPermissionsForURLs(URL[] urls,
                                               PermissionCollection perms,
                                               boolean forLoader)

trunk/openjdk/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java

@@ -34 +34 @@
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
 import sun.security.krb5.*;
 import sun.security.jgss.GSSUtil;
@@ -226 +227 @@
             }
 
-            byte[] remoteBindingBytes = new byte[CHECKSUM_BINDINGS_SIZE];
-            System.arraycopy(checksumBytes, 4, remoteBindingBytes, 0,
-                             CHECKSUM_BINDINGS_SIZE);
-
-            byte[] noBindings = new byte[CHECKSUM_BINDINGS_SIZE];
-            boolean tokenContainsBindings =
-                (!java.util.Arrays.equals(noBindings, remoteBindingBytes));
-
             ChannelBinding localBindings = context.getChannelBinding();
 
-            if (tokenContainsBindings ||
-                localBindings != null) {
-
-                boolean badBindings = false;
-                String errorMessage = null;
-
-                if (tokenContainsBindings &&
-                    localBindings != null) {
+            // Ignore remote channel binding info when not requested at
+            // local side (RFC 4121 4.1.1.2: the acceptor MAY ignore...).
+            //
+            // All major krb5 implementors implement this "MAY",
+            // and some applications depend on it as a workaround
+            // for not having a way to negotiate the use of channel
+            // binding -- the initiator application always uses CB
+            // and hopes the acceptor will ignore the CB if the
+            // acceptor doesn't support CB.
+            if (localBindings != null) {
+                byte[] remoteBindingBytes = new byte[CHECKSUM_BINDINGS_SIZE];
+                System.arraycopy(checksumBytes, 4, remoteBindingBytes, 0,
+                                 CHECKSUM_BINDINGS_SIZE);
+
+                byte[] noBindings = new byte[CHECKSUM_BINDINGS_SIZE];
+                if (!Arrays.equals(noBindings, remoteBindingBytes)) {
                     byte[] localBindingsBytes =
                         computeChannelBinding(localBindings);
-                    //              System.out.println("ChannelBinding hash: "
-                    //         + getHexBytes(localBindingsBytes));
-                    badBindings =
-                        (!java.util.Arrays.equals(localBindingsBytes,
-                                                remoteBindingBytes));
-                    errorMessage = "Bytes mismatch!";
-                } else if (localBindings == null) {
-                    errorMessage = "ChannelBinding not provided!";
-                    badBindings = true;
+                    if (!Arrays.equals(localBindingsBytes,
+                                                remoteBindingBytes)) {
+                        throw new GSSException(GSSException.BAD_BINDINGS, -1,
+                                               "Bytes mismatch!");
+                    }
                 } else {
-                    errorMessage = "Token missing ChannelBinding!";
-                    badBindings = true;
+                    throw new GSSException(GSSException.BAD_BINDINGS, -1,
+                                           "Token missing ChannelBinding!");
                 }
-
-                if (badBindings)
-                    throw new GSSException(GSSException.BAD_BINDINGS, -1,
-                                           errorMessage);
             }
 

trunk/openjdk/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -641 +641 @@
         }
 
-        ForwardState currState = (ForwardState) currentState;
+        ForwardState currState = (ForwardState)currentState;
+    
+        // Don't bother to verify untrusted certificate.
+        currState.untrustedChecker.check(cert, Collections.<String>emptySet());
 
         /*

trunk/openjdk/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -79 +79 @@
     /* the checker used for revocation status */
     public CrlRevocationChecker crlChecker;
+    
+    /* the untrusted certificates checker */
+    UntrustedChecker untrustedChecker;
 
     /* The list of user-defined checkers that support forward checking */

trunk/openjdk/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -293 +293 @@
                               pkixParam.getPolicyQualifiersRejected(),
                               rootNode);
+        UntrustedChecker untrustedChecker = new UntrustedChecker();
 
         // add standard checkers that we will be using
+        certPathCheckers.add(untrustedChecker);
         certPathCheckers.add(algorithmChecker);
         certPathCheckers.add(keyChecker);

trunk/openjdk/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -346 +346 @@
             return;
         }
+        
+        // Don't bother to verify untrusted certificate.
+        currentState.untrustedChecker.check(cert,
+                                    Collections.<String>emptySet());
 
         /* check that the signature algorithm is not disabled. */

trunk/openjdk/jdk/src/share/classes/sun/security/provider/certpath/ReverseState.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -96 +96 @@
     /* the checker used for revocation status */
     public CrlRevocationChecker crlChecker;
+    
+    /* the untrusted certificates checker */
+    UntrustedChecker untrustedChecker;
 
     /* the trust anchor used to validate the path */

trunk/openjdk/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -305 +305 @@
             currentState.crlChecker =
                 new CrlRevocationChecker(null, buildParams, null, onlyEECert);
+            currentState.untrustedChecker = new UntrustedChecker();
             try {
                 depthFirstSearchReverse(null, currentState,
@@ -351 +352 @@
         currentState.crlChecker
             = new CrlRevocationChecker(null, buildParams, null, onlyEECert);
+        currentState.untrustedChecker = new UntrustedChecker();
 
         depthFirstSearchForward(targetSubjectDN, currentState,
@@ -626 +628 @@
 
             /* recursively search for matching certs at next dN */
-            depthFirstSearchForward(cert.getIssuerX500Principal(), nextState, builder,
-                adjList, certPathList);
+            depthFirstSearchForward(cert.getIssuerX500Principal(),
+                nextState, builder, adjList, certPathList);
 
             /*

trunk/openjdk/jdk/src/share/classes/sun/security/ssl/AppOutputStream.java

@@ -91 +91 @@
                 int howmuch;
                 if (isFirstRecordOfThePayload && c.needToSplitPayload()) {
-                    howmuch = Math.min(0x01, r.availableDataBytes());
+                    howmuch = (len == 0) ? 0 : Math.min(
+                        0x01, r.availableDataBytes());
                 } else {
                     howmuch = Math.min(len, r.availableDataBytes());

trunk/openjdk/jdk/src/share/classes/sun/security/ssl/EngineArgs.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2004, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -26 +26 @@
 package sun.security.ssl;
 
-import javax.net.ssl.*;
 import java.nio.*;
 
@@ -158 +157 @@
             appData[i].limit(appData[i].position() + amount);
             netData.put(appData[i]);
+            appRemaining -= amount;
             spaceLeft -= amount;
         }
@@ -210 +210 @@
      * In the case of Exception, we want to reset the positions
      * to appear as though no data has been consumed or produced.
+     *
+     * Currently, this method is only called as we are preparing to
+     * fail out, and thus we don't need to actually recalculate
+     * appRemaining.  If that assumption changes, that variable should
+     * be updated here.
      */
     void resetPos() {
         netData.position(netPos);
         for (int i = offset; i < offset + len; i++) {
+            // See comment above about recalculating appRemaining.
             appData[i].position(appPoss[i]);
         }

trunk/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -735 +735 @@
              */
             fatal(Alerts.alert_internal_error,
-                "problem unwrapping net record", e);
+                "problem wrapping app data", e);
             return null;  // make compiler happy
         } finally {

trunk/openjdk/jdk/src/share/classes/sun/security/validator/SimpleValidator.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -42 +42 @@
 
 import sun.security.provider.certpath.AlgorithmChecker;
+import sun.security.provider.certpath.UntrustedChecker;
 
 /**
@@ -130 +131 @@
             date = new Date();
         }
+        
+        // create distrusted certificates checker
+        UntrustedChecker untrustedChecker = new UntrustedChecker();
+
         // verify top down, starting at the certificate issued by
         // the trust anchor
@@ -135 +140 @@
             X509Certificate issuerCert = chain[i + 1];
             X509Certificate cert = chain[i];
+            
+            // check untrusted certificate
+            try {
+                // Untrusted checker does not care about the unresolved
+                // critical extensions.
+                untrustedChecker.check(cert, Collections.<String>emptySet());
+            } catch (CertPathValidatorException cpve) {
+                throw new ValidatorException(
+                    "Untrusted certificate: " + cert.getSubjectX500Principal(),
+                    ValidatorException.T_UNTRUSTED_CERT, cert, cpve);
+            }
 
             // check certificate algorithm

trunk/openjdk/jdk/src/share/classes/sun/security/validator/ValidatorException.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -59 +59 @@
         "Certificate signature algorithm disabled";
 
+    public final static Object T_UNTRUSTED_CERT =
+        "Untrusted certificate";
+
     private Object type;
     private X509Certificate cert;

trunk/openjdk/jdk/src/share/native/java/util/zip/zip_util.c

@@ -1 +1 @@
 /*
- * Copyright (c) 1995, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -451 +451 @@
     jint count = 0;
     ptrdiff_t i;
-    for (i = 0; i + CENHDR < end - beg; i += CENSIZE(beg + i))
+    for (i = 0; i + CENHDR <= end - beg; i += CENSIZE(beg + i))
         count++;
     return count;

trunk/openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c

@@ -1 +1 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/solaris/bin/java_md.c

@@ -1 +1 @@
 /*
- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/windows/bin/java_md.c

@@ -1 +1 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/windows/classes/java/net/TwoStacksPlainDatagramSocketImpl.java

@@ -1 +1 @@
 /*
- * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

trunk/openjdk/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp

@@ -1 +1 @@
 /*
- * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *