changeset 26186:dc0034c79fa4

Merge
author lana
date Fri, 29 Aug 2014 11:57:22 -0700
parents f179c0827318 6ee101c1180e
children b50907e0a329
files jdk/make/src/classes/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java jdk/src/demo/share/jfc/Font2DTest/resources/TextResources.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_de.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_en.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_en_GB.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_ja.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_ko.properties jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_zh_CN.properties jdk/src/demo/share/jfc/Font2DTest/resources/resource.data jdk/src/java.base/share/conf/security/java.security-aix jdk/src/java.base/share/conf/security/java.security-linux jdk/src/java.base/share/conf/security/java.security-macosx jdk/src/java.base/share/conf/security/java.security-solaris jdk/src/java.base/share/conf/security/java.security-windows jdk/test/sun/tools/jps/jps-Defaults.sh jdk/test/sun/tools/jps/jps-V_2.sh jdk/test/sun/tools/jps/jps-V_Output2.awk jdk/test/sun/tools/jps/jps-Vm_2.sh jdk/test/sun/tools/jps/jps-Vm_Output2.awk jdk/test/sun/tools/jps/jps-Vvm.sh jdk/test/sun/tools/jps/jps-Vvm_Output1.awk jdk/test/sun/tools/jps/jps-Vvml.sh jdk/test/sun/tools/jps/jps-Vvml_2.sh jdk/test/sun/tools/jps/jps-Vvml_Output1.awk jdk/test/sun/tools/jps/jps-Vvml_Output2.awk jdk/test/sun/tools/jps/jps-help.sh jdk/test/sun/tools/jps/jps-l_1.sh jdk/test/sun/tools/jps/jps-l_2.sh jdk/test/sun/tools/jps/jps-l_Output1.awk jdk/test/sun/tools/jps/jps-l_Output2.awk jdk/test/sun/tools/jps/jps-lm.sh jdk/test/sun/tools/jps/jps-lm_Output1.awk jdk/test/sun/tools/jps/jps-m.sh jdk/test/sun/tools/jps/jps-m_2.sh jdk/test/sun/tools/jps/jps-m_Output1.awk jdk/test/sun/tools/jps/jps-m_Output2.awk jdk/test/sun/tools/jps/jps-q.sh jdk/test/sun/tools/jps/jps-q_Output1.awk jdk/test/sun/tools/jps/jps-v_1.sh jdk/test/sun/tools/jps/jps-v_Output1.awk jdk/test/sun/tools/jps/jps-vm_1.sh jdk/test/sun/tools/jps/jps-vm_Output1.awk jdk/test/sun/tools/jps/jps_Output1.awk jdk/test/sun/tools/jps/vmflags langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/comp/JavacServiceImpl.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/CompilerPool.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/CompilerThread.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/JavacServer.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/JavacService.java langtools/src/jdk.compiler/share/classes/com/sun/tools/sjavac/server/JavacServiceClient.java langtools/test/tools/javac/lib/ToolBox.java nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/CompiledFunctions.java nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/CompiledScript.java
diffstat 785 files changed, 25742 insertions(+), 15559 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Fri Aug 22 09:55:49 2014 -0700
+++ b/.hgtags	Fri Aug 29 11:57:22 2014 -0700
@@ -269,3 +269,4 @@
 d9ce05f36ffec3e5e8af62a92455c1c66a63c320 jdk9-b24
 13a5c76976fe48e55c9727c25fae2d2ce7c05da0 jdk9-b25
 cd6f4557e7fea5799ff3762ed7a80a743e75d5fd jdk9-b26
+d06a6d3c66c08293b2a9650f3cc01fd55c620e65 jdk9-b27
--- a/.hgtags-top-repo	Fri Aug 22 09:55:49 2014 -0700
+++ b/.hgtags-top-repo	Fri Aug 29 11:57:22 2014 -0700
@@ -269,3 +269,4 @@
 1d4a293fbec19dc2d5790bbb2c7dd0ed8f265484 jdk9-b24
 aefd8899a8d6615fb34ba99b2e38996a7145baa8 jdk9-b25
 d3ec8d048e6c3c46b6e0ee011cc551ad386dfba5 jdk9-b26
+ba5645f2735b41ed085d07ba20fa7b322afff318 jdk9-b27
--- a/common/autoconf/basics.m4	Fri Aug 22 09:55:49 2014 -0700
+++ b/common/autoconf/basics.m4	Fri Aug 29 11:57:22 2014 -0700
@@ -377,7 +377,6 @@
   BASIC_REQUIRE_PROGS(CMP, cmp)
   BASIC_REQUIRE_PROGS(COMM, comm)
   BASIC_REQUIRE_PROGS(CP, cp)
-  BASIC_REQUIRE_PROGS(CPIO, cpio)
   BASIC_REQUIRE_PROGS(CUT, cut)
   BASIC_REQUIRE_PROGS(DATE, date)
   BASIC_REQUIRE_PROGS(DIFF, [gdiff diff])
@@ -427,6 +426,7 @@
   BASIC_PATH_PROGS(READLINK, [greadlink readlink])
   BASIC_PATH_PROGS(DF, df)
   BASIC_PATH_PROGS(SETFILE, SetFile)
+  BASIC_PATH_PROGS(CPIO, [cpio bsdcpio])
 ])
 
 # Setup basic configuration paths, and platform-specific stuff related to PATHs.
@@ -954,7 +954,7 @@
 # not be the case in cygwin in certain conditions.
 AC_DEFUN_ONCE([BASIC_CHECK_SRC_PERMS],
 [
-  if test x"$OPENJDK_BUILD_OS" = xwindows; then
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
     file_to_test="$SRC_ROOT/LICENSE"
     if test `$STAT -c '%a' "$file_to_test"` -lt 400; then
       AC_MSG_ERROR([Bad file permissions on src files. This is usually caused by cloning the repositories with a non cygwin hg in a directory not created in cygwin.])
--- a/common/autoconf/basics_windows.m4	Fri Aug 22 09:55:49 2014 -0700
+++ b/common/autoconf/basics_windows.m4	Fri Aug 29 11:57:22 2014 -0700
@@ -266,6 +266,14 @@
     BASIC_WINDOWS_REWRITE_AS_UNIX_PATH(new_path)
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+      BASIC_WINDOWS_REWRITE_AS_UNIX_PATH(new_path)
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
--- a/common/autoconf/flags.m4	Fri Aug 22 09:55:49 2014 -0700
+++ b/common/autoconf/flags.m4	Fri Aug 29 11:57:22 2014 -0700
@@ -900,7 +900,7 @@
 
   case "${TOOLCHAIN_TYPE}" in
     microsoft)
-      CFLAGS_WARNINGS_ARE_ERRORS="/WX"
+      CFLAGS_WARNINGS_ARE_ERRORS="-WX"
       ;;
     solstudio)
       CFLAGS_WARNINGS_ARE_ERRORS="-errtags -errwarn=%all"
--- a/common/autoconf/generated-configure.sh	Fri Aug 22 09:55:49 2014 -0700
+++ b/common/autoconf/generated-configure.sh	Fri Aug 29 11:57:22 2014 -0700
@@ -920,12 +920,14 @@
 OPENJDK_TARGET_CPU_BITS
 OPENJDK_TARGET_CPU_ARCH
 OPENJDK_TARGET_CPU
+OPENJDK_TARGET_OS_ENV
 OPENJDK_TARGET_OS_API
 OPENJDK_TARGET_OS
 OPENJDK_BUILD_CPU_ENDIAN
 OPENJDK_BUILD_CPU_BITS
 OPENJDK_BUILD_CPU_ARCH
 OPENJDK_BUILD_CPU
+OPENJDK_BUILD_OS_ENV
 OPENJDK_BUILD_OS_API
 OPENJDK_BUILD_OS
 OPENJDK_BUILD_AUTOCONF_NAME
@@ -942,6 +944,7 @@
 build_vendor
 build_cpu
 build
+CPIO
 SETFILE
 DF
 READLINK
@@ -980,7 +983,6 @@
 DIFF
 DATE
 CUT
-CPIO
 CP
 COMM
 CMP
@@ -1120,7 +1122,6 @@
 CMP
 COMM
 CP
-CPIO
 CUT
 DATE
 DIFF
@@ -1159,6 +1160,7 @@
 READLINK
 DF
 SETFILE
+CPIO
 UNZIP
 ZIP
 LDD
@@ -1990,7 +1992,6 @@
   CMP         Override default value for CMP
   COMM        Override default value for COMM
   CP          Override default value for CP
-  CPIO        Override default value for CPIO
   CUT         Override default value for CUT
   DATE        Override default value for DATE
   DIFF        Override default value for DIFF
@@ -2029,6 +2030,7 @@
   READLINK    Override default value for READLINK
   DF          Override default value for DF
   SETFILE     Override default value for SETFILE
+  CPIO        Override default value for CPIO
   UNZIP       Override default value for UNZIP
   ZIP         Override default value for ZIP
   LDD         Override default value for LDD
@@ -4319,7 +4321,7 @@
 #CUSTOM_AUTOCONF_INCLUDE
 
 # Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1407143049
+DATE_WHEN_GENERATED=1408448519
 
 ###############################################################################
 #
@@ -5724,199 +5726,6 @@
   # Publish this variable in the help.
 
 
-  if test "x$CPIO" = x; then
-    # The variable is not set by user, try to locate tool using the code snippet
-    for ac_prog in cpio
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_CPIO+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $CPIO in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-CPIO=$ac_cv_path_CPIO
-if test -n "$CPIO"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5
-$as_echo "$CPIO" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-  test -n "$CPIO" && break
-done
-
-  else
-    # The variable is set, but is it from the command line or the environment?
-
-    # Try to remove the string !CPIO! from our list.
-    try_remove_var=${CONFIGURE_OVERRIDDEN_VARIABLES//!CPIO!/}
-    if test "x$try_remove_var" = "x$CONFIGURE_OVERRIDDEN_VARIABLES"; then
-      # If it failed, the variable was not from the command line. Ignore it,
-      # but warn the user (except for BASH, which is always set by the calling BASH).
-      if test "xCPIO" != xBASH; then
-        { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring value of CPIO from the environment. Use command line variables instead." >&5
-$as_echo "$as_me: WARNING: Ignoring value of CPIO from the environment. Use command line variables instead." >&2;}
-      fi
-      # Try to locate tool using the code snippet
-      for ac_prog in cpio
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_CPIO+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $CPIO in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-CPIO=$ac_cv_path_CPIO
-if test -n "$CPIO"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5
-$as_echo "$CPIO" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-  test -n "$CPIO" && break
-done
-
-    else
-      # If it succeeded, then it was overridden by the user. We will use it
-      # for the tool.
-
-      # First remove it from the list of overridden variables, so we can test
-      # for unknown variables in the end.
-      CONFIGURE_OVERRIDDEN_VARIABLES="$try_remove_var"
-
-      # Check if the provided tool contains a complete path.
-      tool_specified="$CPIO"
-      tool_basename="${tool_specified##*/}"
-      if test "x$tool_basename" = "x$tool_specified"; then
-        # A command without a complete path is provided, search $PATH.
-        { $as_echo "$as_me:${as_lineno-$LINENO}: Will search for user supplied tool CPIO=$tool_basename" >&5
-$as_echo "$as_me: Will search for user supplied tool CPIO=$tool_basename" >&6;}
-        # Extract the first word of "$tool_basename", so it can be a program name with args.
-set dummy $tool_basename; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_CPIO+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $CPIO in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-CPIO=$ac_cv_path_CPIO
-if test -n "$CPIO"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5
-$as_echo "$CPIO" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-        if test "x$CPIO" = x; then
-          as_fn_error $? "User supplied tool $tool_basename could not be found" "$LINENO" 5
-        fi
-      else
-        # Otherwise we believe it is a complete path. Use it as it is.
-        { $as_echo "$as_me:${as_lineno-$LINENO}: Will use user supplied tool CPIO=$tool_specified" >&5
-$as_echo "$as_me: Will use user supplied tool CPIO=$tool_specified" >&6;}
-        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CPIO" >&5
-$as_echo_n "checking for CPIO... " >&6; }
-        if test ! -x "$tool_specified"; then
-          { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
-$as_echo "not found" >&6; }
-          as_fn_error $? "User supplied tool CPIO=$tool_specified does not exist or is not executable" "$LINENO" 5
-        fi
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tool_specified" >&5
-$as_echo "$tool_specified" >&6; }
-      fi
-    fi
-  fi
-
-
-
-  if test "x$CPIO" = x; then
-    as_fn_error $? "Could not find required tool for CPIO" "$LINENO" 5
-  fi
-
-
-
-
-
-  # Publish this variable in the help.
-
-
   if test "x$CUT" = x; then
     # The variable is not set by user, try to locate tool using the code snippet
     for ac_prog in cut
@@ -13386,6 +13195,192 @@
 
 
 
+  # Publish this variable in the help.
+
+
+  if test "x$CPIO" = x; then
+    # The variable is not set by user, try to locate tool using the code snippet
+    for ac_prog in cpio bsdcpio
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_CPIO+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $CPIO in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+CPIO=$ac_cv_path_CPIO
+if test -n "$CPIO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5
+$as_echo "$CPIO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$CPIO" && break
+done
+
+  else
+    # The variable is set, but is it from the command line or the environment?
+
+    # Try to remove the string !CPIO! from our list.
+    try_remove_var=${CONFIGURE_OVERRIDDEN_VARIABLES//!CPIO!/}
+    if test "x$try_remove_var" = "x$CONFIGURE_OVERRIDDEN_VARIABLES"; then
+      # If it failed, the variable was not from the command line. Ignore it,
+      # but warn the user (except for BASH, which is always set by the calling BASH).
+      if test "xCPIO" != xBASH; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring value of CPIO from the environment. Use command line variables instead." >&5
+$as_echo "$as_me: WARNING: Ignoring value of CPIO from the environment. Use command line variables instead." >&2;}
+      fi
+      # Try to locate tool using the code snippet
+      for ac_prog in cpio bsdcpio
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_CPIO+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $CPIO in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+CPIO=$ac_cv_path_CPIO
+if test -n "$CPIO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5
+$as_echo "$CPIO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$CPIO" && break
+done
+
+    else
+      # If it succeeded, then it was overridden by the user. We will use it
+      # for the tool.
+
+      # First remove it from the list of overridden variables, so we can test
+      # for unknown variables in the end.
+      CONFIGURE_OVERRIDDEN_VARIABLES="$try_remove_var"
+
+      # Check if the provided tool contains a complete path.
+      tool_specified="$CPIO"
+      tool_basename="${tool_specified##*/}"
+      if test "x$tool_basename" = "x$tool_specified"; then
+        # A command without a complete path is provided, search $PATH.
+        { $as_echo "$as_me:${as_lineno-$LINENO}: Will search for user supplied tool CPIO=$tool_basename" >&5
+$as_echo "$as_me: Will search for user supplied tool CPIO=$tool_basename" >&6;}
+        # Extract the first word of "$tool_basename", so it can be a program name with args.
+set dummy $tool_basename; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_CPIO+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $CPIO in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_CPIO="$CPIO" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_CPIO="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+CPIO=$ac_cv_path_CPIO
+if test -n "$CPIO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPIO" >&5
+$as_echo "$CPIO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+        if test "x$CPIO" = x; then
+          as_fn_error $? "User supplied tool $tool_basename could not be found" "$LINENO" 5
+        fi
+      else
+        # Otherwise we believe it is a complete path. Use it as it is.
+        { $as_echo "$as_me:${as_lineno-$LINENO}: Will use user supplied tool CPIO=$tool_specified" >&5
+$as_echo "$as_me: Will use user supplied tool CPIO=$tool_specified" >&6;}
+        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CPIO" >&5
+$as_echo_n "checking for CPIO... " >&6; }
+        if test ! -x "$tool_specified"; then
+          { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+          as_fn_error $? "User supplied tool CPIO=$tool_specified does not exist or is not executable" "$LINENO" 5
+        fi
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tool_specified" >&5
+$as_echo "$tool_specified" >&6; }
+      fi
+    fi
+  fi
+
+
+
+
 # Now we can determine OpenJDK build and target platforms. This is required to
 # have early on.
 # Make sure we can run config.sub.
@@ -13644,6 +13639,7 @@
 
 
 
+
   { $as_echo "$as_me:${as_lineno-$LINENO}: checking openjdk-build os-cpu" >&5
 $as_echo_n "checking openjdk-build os-cpu... " >&6; }
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OPENJDK_BUILD_OS-$OPENJDK_BUILD_CPU" >&5
@@ -13775,6 +13771,7 @@
 
 
 
+
   { $as_echo "$as_me:${as_lineno-$LINENO}: checking openjdk-target os-cpu" >&5
 $as_echo_n "checking openjdk-target os-cpu... " >&6; }
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OPENJDK_TARGET_OS-$OPENJDK_TARGET_CPU" >&5
@@ -15611,6 +15608,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -15967,6 +15981,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -16320,6 +16351,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -16678,6 +16726,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -17030,6 +17095,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -27493,6 +27575,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -28136,6 +28235,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -28576,6 +28692,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -29842,6 +29975,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -30282,6 +30432,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -31127,6 +31294,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -31525,6 +31709,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -31852,6 +32053,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -32330,6 +32548,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -32941,6 +33176,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -33460,6 +33712,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -33911,6 +34180,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -34235,6 +34521,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -34555,6 +34858,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -34857,6 +35177,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -35311,6 +35648,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -35762,6 +36116,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -36213,6 +36584,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -36665,6 +37053,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -37228,6 +37633,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -37789,6 +38211,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -38359,6 +38798,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -38926,6 +39382,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -39402,6 +39875,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -39853,6 +40343,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -40304,6 +40811,23 @@
 
 
     new_path=`$WHICH "$new_path" 2> /dev/null`
+    # bat and cmd files are not always considered executable in MSYS causing which
+    # to not find them
+    if test "x$new_path" = x \
+        && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \
+        && test "x`$LS \"$path\" 2>/dev/null`" != x; then
+      new_path="$path"
+
+  windows_path="$new_path"
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+    unix_path=`$CYGPATH -u "$windows_path"`
+    new_path="$unix_path"
+  elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+    unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'`
+    new_path="$unix_path"
+  fi
+
+    fi
 
     if test "x$new_path" = x; then
       # It's still not found. Now this is an unrecoverable error.
@@ -42629,7 +43153,7 @@
 
   case "${TOOLCHAIN_TYPE}" in
     microsoft)
-      CFLAGS_WARNINGS_ARE_ERRORS="/WX"
+      CFLAGS_WARNINGS_ARE_ERRORS="-WX"
       ;;
     solstudio)
       CFLAGS_WARNINGS_ARE_ERRORS="-errtags -errwarn=%all"
@@ -48711,12 +49235,22 @@
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5
 $as_echo_n "checking found msvcr100.dll architecture... " >&6; }
     MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"`
-    if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
-      CORRECT_MSVCR_ARCH=386
-    else
-      CORRECT_MSVCR_ARCH=x86-64
-    fi
-    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then
+    if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+      # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit"
+      # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems.
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH="PE32 executable"
+      else
+        CORRECT_MSVCR_ARCH="PE32+ executable"
+      fi
+    else
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH=386
+      else
+        CORRECT_MSVCR_ARCH=x86-64
+      fi
+    fi
+    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then
       { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
 $as_echo "ok" >&6; }
       MSVCR_DLL="$POSSIBLE_MSVCR_DLL"
@@ -48767,12 +49301,22 @@
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5
 $as_echo_n "checking found msvcr100.dll architecture... " >&6; }
     MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"`
-    if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
-      CORRECT_MSVCR_ARCH=386
-    else
-      CORRECT_MSVCR_ARCH=x86-64
-    fi
-    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then
+    if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+      # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit"
+      # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems.
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH="PE32 executable"
+      else
+        CORRECT_MSVCR_ARCH="PE32+ executable"
+      fi
+    else
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH=386
+      else
+        CORRECT_MSVCR_ARCH=x86-64
+      fi
+    fi
+    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then
       { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
 $as_echo "ok" >&6; }
       MSVCR_DLL="$POSSIBLE_MSVCR_DLL"
@@ -48805,12 +49349,22 @@
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5
 $as_echo_n "checking found msvcr100.dll architecture... " >&6; }
     MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"`
-    if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
-      CORRECT_MSVCR_ARCH=386
-    else
-      CORRECT_MSVCR_ARCH=x86-64
-    fi
-    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then
+    if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+      # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit"
+      # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems.
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH="PE32 executable"
+      else
+        CORRECT_MSVCR_ARCH="PE32+ executable"
+      fi
+    else
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH=386
+      else
+        CORRECT_MSVCR_ARCH=x86-64
+      fi
+    fi
+    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then
       { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
 $as_echo "ok" >&6; }
       MSVCR_DLL="$POSSIBLE_MSVCR_DLL"
@@ -48853,12 +49407,22 @@
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5
 $as_echo_n "checking found msvcr100.dll architecture... " >&6; }
     MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"`
-    if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
-      CORRECT_MSVCR_ARCH=386
-    else
-      CORRECT_MSVCR_ARCH=x86-64
-    fi
-    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then
+    if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+      # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit"
+      # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems.
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH="PE32 executable"
+      else
+        CORRECT_MSVCR_ARCH="PE32+ executable"
+      fi
+    else
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH=386
+      else
+        CORRECT_MSVCR_ARCH=x86-64
+      fi
+    fi
+    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then
       { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
 $as_echo "ok" >&6; }
       MSVCR_DLL="$POSSIBLE_MSVCR_DLL"
@@ -48906,12 +49470,22 @@
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5
 $as_echo_n "checking found msvcr100.dll architecture... " >&6; }
     MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"`
-    if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
-      CORRECT_MSVCR_ARCH=386
-    else
-      CORRECT_MSVCR_ARCH=x86-64
-    fi
-    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then
+    if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+      # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit"
+      # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems.
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH="PE32 executable"
+      else
+        CORRECT_MSVCR_ARCH="PE32+ executable"
+      fi
+    else
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH=386
+      else
+        CORRECT_MSVCR_ARCH=x86-64
+      fi
+    fi
+    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then
       { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
 $as_echo "ok" >&6; }
       MSVCR_DLL="$POSSIBLE_MSVCR_DLL"
@@ -48955,12 +49529,22 @@
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking found msvcr100.dll architecture" >&5
 $as_echo_n "checking found msvcr100.dll architecture... " >&6; }
     MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"`
-    if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
-      CORRECT_MSVCR_ARCH=386
-    else
-      CORRECT_MSVCR_ARCH=x86-64
-    fi
-    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then
+    if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+      # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit"
+      # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems.
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH="PE32 executable"
+      else
+        CORRECT_MSVCR_ARCH="PE32+ executable"
+      fi
+    else
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH=386
+      else
+        CORRECT_MSVCR_ARCH=x86-64
+      fi
+    fi
+    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then
       { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
 $as_echo "ok" >&6; }
       MSVCR_DLL="$POSSIBLE_MSVCR_DLL"
@@ -49903,7 +50487,7 @@
 
 # Check for some common pitfalls
 
-  if test x"$OPENJDK_BUILD_OS" = xwindows; then
+  if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
     file_to_test="$SRC_ROOT/LICENSE"
     if test `$STAT -c '%a' "$file_to_test"` -lt 400; then
       as_fn_error $? "Bad file permissions on src files. This is usually caused by cloning the repositories with a non cygwin hg in a directory not created in cygwin." "$LINENO" 5
--- a/common/autoconf/platform.m4	Fri Aug 22 09:55:49 2014 -0700
+++ b/common/autoconf/platform.m4	Fri Aug 29 11:57:22 2014 -0700
@@ -173,6 +173,7 @@
   OPENJDK_BUILD_CPU_ENDIAN="$VAR_CPU_ENDIAN"
   AC_SUBST(OPENJDK_BUILD_OS)
   AC_SUBST(OPENJDK_BUILD_OS_API)
+  AC_SUBST(OPENJDK_BUILD_OS_ENV)
   AC_SUBST(OPENJDK_BUILD_CPU)
   AC_SUBST(OPENJDK_BUILD_CPU_ARCH)
   AC_SUBST(OPENJDK_BUILD_CPU_BITS)
@@ -194,6 +195,7 @@
   OPENJDK_TARGET_CPU_ENDIAN="$VAR_CPU_ENDIAN"
   AC_SUBST(OPENJDK_TARGET_OS)
   AC_SUBST(OPENJDK_TARGET_OS_API)
+  AC_SUBST(OPENJDK_TARGET_OS_ENV)
   AC_SUBST(OPENJDK_TARGET_CPU)
   AC_SUBST(OPENJDK_TARGET_CPU_ARCH)
   AC_SUBST(OPENJDK_TARGET_CPU_BITS)
--- a/common/autoconf/spec.gmk.in	Fri Aug 22 09:55:49 2014 -0700
+++ b/common/autoconf/spec.gmk.in	Fri Aug 29 11:57:22 2014 -0700
@@ -106,6 +106,7 @@
 # When not cross-compiling, it is the same as the target.
 OPENJDK_BUILD_OS:=@OPENJDK_BUILD_OS@
 OPENJDK_BUILD_OS_API:=@OPENJDK_BUILD_OS_API@
+OPENJDK_BUILD_OS_ENV:=@OPENJDK_BUILD_OS_ENV@
 
 OPENJDK_BUILD_CPU:=@OPENJDK_BUILD_CPU@
 OPENJDK_BUILD_CPU_ARCH:=@OPENJDK_BUILD_CPU_ARCH@
--- a/common/autoconf/toolchain_windows.m4	Fri Aug 22 09:55:49 2014 -0700
+++ b/common/autoconf/toolchain_windows.m4	Fri Aug 29 11:57:22 2014 -0700
@@ -244,12 +244,22 @@
     # Need to check if the found msvcr is correct architecture
     AC_MSG_CHECKING([found msvcr100.dll architecture])
     MSVCR_DLL_FILETYPE=`$FILE -b "$POSSIBLE_MSVCR_DLL"`
-    if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
-      CORRECT_MSVCR_ARCH=386
+    if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+      # The MSYS 'file' command returns "PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit"
+      # on x32 and "PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly" on x64 systems.
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH="PE32 executable"
+      else
+        CORRECT_MSVCR_ARCH="PE32+ executable"
+      fi
     else
-      CORRECT_MSVCR_ARCH=x86-64
+      if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then
+        CORRECT_MSVCR_ARCH=386
+      else
+        CORRECT_MSVCR_ARCH=x86-64
+      fi
     fi
-    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP $CORRECT_MSVCR_ARCH 2>&1 > /dev/null; then
+    if $ECHO "$MSVCR_DLL_FILETYPE" | $GREP "$CORRECT_MSVCR_ARCH" 2>&1 > /dev/null; then
       AC_MSG_RESULT([ok])
       MSVCR_DLL="$POSSIBLE_MSVCR_DLL"
       AC_MSG_CHECKING([for msvcr100.dll])
--- a/corba/.hgtags	Fri Aug 22 09:55:49 2014 -0700
+++ b/corba/.hgtags	Fri Aug 29 11:57:22 2014 -0700
@@ -269,3 +269,4 @@
 8a44142bb7fc8118f70f91a1b97c12dfc50563ee jdk9-b24
 da08cca6b97f41b7081a3e176dcb400af6e4bb26 jdk9-b25
 6c777df597bbf5abba3488d44c401edfe73c74af jdk9-b26
+7e06bf1dcb0907b80ddf59315426ce9ce775e56d jdk9-b27
--- a/corba/src/java.corba/share/classes/org/omg/CORBA/FloatSeqHelper.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/corba/src/java.corba/share/classes/org/omg/CORBA/FloatSeqHelper.java	Fri Aug 29 11:57:22 2014 -0700
@@ -38,11 +38,11 @@
 * OMG specifications :
 *   <ul>
 *       <li> ORB core as defined by CORBA 2.3.1
-*       (<a href="http://cgi.omg.org/cgi-bin/doc?formal/99-10-07">formal/99-10-07</a>)
+*       (<a href="http://www.omg.org/cgi-bin/doc?formal/99-10-07">formal/99-10-07</a>)
 *       </li>
 *
 *       <li> IDL/Java Language Mapping as defined in
-*       <a href="http://cgi.omg.org/cgi-bin/doc?ptc/00-01-08">ptc/00-01-08</a>
+*       <a href="http://www.omg.org/cgi-bin/doc?ptc/00-01-08">ptc/00-01-08</a>
 *       </li>
 *   </ul>
 */
--- a/hotspot/.hgtags	Fri Aug 22 09:55:49 2014 -0700
+++ b/hotspot/.hgtags	Fri Aug 29 11:57:22 2014 -0700
@@ -429,3 +429,5 @@
 dde2d03b0ea46a27650839e3a1d212c7c1f7b4c8 jdk9-b24
 6de94e8693240cec8aae11f6b42f43433456a733 jdk9-b25
 48b95a073d752d6891cc0d1d2836b321ecf3ce0c jdk9-b26
+f95347244306affc32ce3056f27ceff7b2100810 jdk9-b27
+657294869d7ff063e055f5492cab7ce5612ca851 jdk9-b28
--- a/jaxp/.hgtags	Fri Aug 22 09:55:49 2014 -0700
+++ b/jaxp/.hgtags	Fri Aug 29 11:57:22 2014 -0700
@@ -269,3 +269,4 @@
 345af113f57206711f75089c3ebf84a36a789122 jdk9-b24
 73757f4b8aa353ca8937abc07e79e7ece4c011a1 jdk9-b25
 a5aea8318ae4a9c2105228568688875142d70344 jdk9-b26
+2bfaf29cc90b19948938e3ef1a0983eee68806c7 jdk9-b27
--- a/jaxws/.hgtags	Fri Aug 22 09:55:49 2014 -0700
+++ b/jaxws/.hgtags	Fri Aug 29 11:57:22 2014 -0700
@@ -272,3 +272,4 @@
 0b35542d6bf32af23a9fc59a37c52aa091fee388 jdk9-b24
 ab8726a0fcde897e4cfd1ea581ed90b0d8a7cbb7 jdk9-b25
 9b43f3993b96c2213428e95127a2d3fd0e709d3a jdk9-b26
+dcaa586ab756420e9a62643793bacef2c84bf637 jdk9-b27
--- a/jdk/.hgtags	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/.hgtags	Fri Aug 29 11:57:22 2014 -0700
@@ -269,3 +269,4 @@
 875450e7ef8dde8f59db662ec1351ea30b8cb35d jdk9-b24
 a31efe49556a7c12f9ea2c9ee8b4fae8aa67723a jdk9-b25
 dde9f5cfde5f46e62ceb5fab81151578e5277aef jdk9-b26
+f0870554049807d3392bd7976ab114f7f2b7bafa jdk9-b27
--- a/jdk/make/CopyIntoClasses.gmk	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/make/CopyIntoClasses.gmk	Fri Aug 29 11:57:22 2014 -0700
@@ -164,15 +164,15 @@
 ################################################################################
 
 ifneq ($(OPENJDK_TARGET_OS), macosx)
-  OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes/sun/awt/datatransfer/flavormap.properties
+  OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/java.desktop/$(OPENJDK_TARGET_OS_API_DIR)/classes/sun/datatransfer/resources/flavormap.properties
 else
-  OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/macosx/classes/sun/awt/datatransfer/flavormap.properties
+  OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/java.desktop/macosx/classes/sun/datatransfer/resources/flavormap.properties
 endif
 
-$(JDK_OUTPUTDIR)/classes/sun/awt/datatransfer/flavormap.properties: $(OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES)
+$(JDK_OUTPUTDIR)/classes/sun/datatransfer/resources/flavormap.properties: $(OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES)
 	$(install-file)
 
-COPY_EXTRA += $(JDK_OUTPUTDIR)/classes/sun/awt/datatransfer/flavormap.properties
+COPY_EXTRA += $(JDK_OUTPUTDIR)/classes/sun/datatransfer/resources/flavormap.properties
 
 ################################################################################
 
--- a/jdk/make/Tools.gmk	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/make/Tools.gmk	Fri Aug 29 11:57:22 2014 -0700
@@ -101,6 +101,9 @@
 TOOL_BLACKLISTED_CERTS = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \
     build.tools.blacklistedcertsconverter.BlacklistedCertsConverter
 
+TOOL_MAKEJAVASECURITY = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \
+    build.tools.makejavasecurity.MakeJavaSecurity
+
 
 # TODO: There are references to the jdwpgen.jar in jdk/make/netbeans/jdwpgen/build.xml
 # and nbproject/project.properties in the same dir. Needs to be looked at.
@@ -136,9 +139,6 @@
     -cp "$(JDK_OUTPUTDIR)/btclasses$(PATH_SEP)$(JDK_OUTPUTDIR)" \
     build.tools.module.GenerateModulesXml
 
-TOOL_ADDTORESTRICTEDPKGS = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \
-    build.tools.addtorestrictedpkgs.AddToRestrictedPkgs
-
 ##########################################################################################
 
 # Tools needed on solaris because OBJCOPY is broken.
--- a/jdk/make/gendata/Gendata-java.base.gmk	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/make/gendata/Gendata-java.base.gmk	Fri Aug 29 11:57:22 2014 -0700
@@ -62,25 +62,18 @@
 
 ##########################################################################################
 
-PROPS_SRC := $(JDK_TOPDIR)/src/java.base/share/conf/security/java.security-$(OPENJDK_TARGET_OS)
-PROPS_DST := $(JDK_OUTPUTDIR)/lib/security/java.security
-
-# Optionally set this variable to a file to add extra restricted packages.
-ifneq ($(RESTRICTED_PKGS_SRC), )
-
-  $(PROPS_DST): $(PROPS_SRC) $(RESTRICTED_PKGS_SRC)
+GENDATA_JAVA_SECURITY_SRC := $(JDK_TOPDIR)/src/java.base/share/conf/security/java.security
+GENDATA_JAVA_SECURITY := $(JDK_OUTPUTDIR)/lib/security/java.security
+ 
+# RESTRICTED_PKGS_SRC is optionally set in custom extension for this makefile
+ 
+$(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS) $(GENDATA_JAVA_SECURITY_SRC) $(RESTRICTED_PKGS_SRC)
+	$(ECHO) "Generating java.security"
 	$(MKDIR) -p $(@D)
-	$(TOOL_ADDTORESTRICTEDPKGS) $(PROPS_SRC) $@.tmp `$(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " "`
-	$(MV) $@.tmp $@
-
-else
-
-  $(PROPS_DST): $(PROPS_SRC)
-	$(call install-file)
-
-endif
-
-GENDATA += $(PROPS_DST)
+	$(TOOL_MAKEJAVASECURITY) $(GENDATA_JAVA_SECURITY_SRC) $@ $(OPENJDK_TARGET_OS) \
+		$(RESTRICTED_PKGS_SRC) || exit 1
+ 
+GENDATA += $(GENDATA_JAVA_SECURITY)
 
 ##########################################################################################
 
--- a/jdk/make/gensrc/GensrcLocaleDataMetaInfo.gmk	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/make/gensrc/GensrcLocaleDataMetaInfo.gmk	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -34,7 +34,8 @@
     -name "TimeZoneNames_*.java" -o -name "TimeZoneNames_*.properties" -o \
     -name "LocaleNames_*.java" -o -name "LocaleNames_*.properties" -o \
     -name "CurrencyNames_*.java" -o -name "CurrencyNames_*.properties" -o \
-    -name "CalendarData_*.java" -o -name "CalendarData_*.properties")
+    -name "CalendarData_*.java" -o -name "CalendarData_*.properties" -o \
+    -name "BreakIteratorInfo_*.java" -o -name "BreakIteratorRules_*.java")
 
 # Then translate the locale files into for example: FormatData_sv
 LOCALE_RESOURCES := $(sort $(subst .properties,,$(subst .java,,$(notdir $(LOCALE_FILES)))))
@@ -86,6 +87,12 @@
 #sun.text.resources.CollationData
 $(eval $(call CaptureLocale,CollationData))
 
+#sun.text.resources.BreakIteratorInfo
+$(eval $(call CaptureLocale,BreakIteratorInfo))
+
+#sun.text.resources.BreakIteratorRules
+$(eval $(call CaptureLocale,BreakIteratorRules))
+
 #sun.util.resources.TimeZoneNames
 $(eval $(call CaptureLocale,TimeZoneNames))
 
--- a/jdk/make/lib/Awt2dLibraries.gmk	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/make/lib/Awt2dLibraries.gmk	Fri Aug 29 11:57:22 2014 -0700
@@ -973,7 +973,6 @@
       #
 
   ifeq ($(OPENJDK_TARGET_OS), macosx)
-    LIBSPLASHSCREEN_CFLAGS += -F/System/Library/Frameworks/JavaVM.framework/Frameworks
     LIBSPLASHSCREEN_CFLAGS += -DWITH_MACOSX
     LIBSPLASHSCREEN_CFLAGS += -I$(JDK_TOPDIR)/src/java.desktop/macosx/native/libosxapp
 
--- a/jdk/make/src/classes/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,105 +0,0 @@
-/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package build.tools.addtorestrictedpkgs;
-
-import java.io.*;
-
-/**
- * Adds additional packages to the package.access and package.definition
- * security properties.
- */
-public class AddToRestrictedPkgs {
-
-    private static final String PKG_ACC = "package.access";
-    private static final String PKG_DEF = "package.definition";
-    private static final int PKG_ACC_INDENT = 15;
-    private static final int PKG_DEF_INDENT = 19;
-
-    public static void main(String[] args) throws Exception {
-
-        if (args.length < 3) {
-            System.err.println("Usage: java AddToRestrictedPkgs " +
-                               "[input java.security file name] " +
-                               "[output java.security file name] " +
-                               "[packages ...]");
-            System.exit(1);
-        }
-
-        try (FileReader fr = new FileReader(args[0]);
-             BufferedReader br = new BufferedReader(fr);
-             FileWriter fw = new FileWriter(args[1]);
-             BufferedWriter bw = new BufferedWriter(fw))
-        {
-            // parse the file line-by-line, looking for pkg access properties
-            String line = br.readLine();
-            while (line != null) {
-                if (line.startsWith(PKG_ACC)) {
-                    writePackages(br, bw, line, PKG_ACC_INDENT, args);
-                } else if (line.startsWith(PKG_DEF)) {
-                    writePackages(br, bw, line, PKG_DEF_INDENT, args);
-                } else {
-                    writeLine(bw, line);
-                }
-                line = br.readLine();
-            }
-            bw.flush();
-        }
-    }
-
-    private static void writePackages(BufferedReader br, BufferedWriter bw,
-                                      String line, int numSpaces,
-                                      String[] args) throws IOException {
-        // parse property until EOL, not including line breaks
-        while (line.endsWith("\\")) {
-            writeLine(bw, line);
-            line = br.readLine();
-        }
-        // append comma and line-break to last package
-        writeLine(bw, line + ",\\");
-        // add new packages, one per line
-        for (int i = 2; i < args.length - 1; i++) {
-            indent(bw, numSpaces);
-            writeLine(bw, args[i] + ",\\");
-        }
-        indent(bw, numSpaces);
-        writeLine(bw, args[args.length - 1]);
-    }
-
-    private static void writeLine(BufferedWriter bw, String line)
-        throws IOException
-    {
-        bw.write(line);
-        bw.newLine();
-    }
-
-    private static void indent(BufferedWriter bw, int numSpaces)
-        throws IOException
-    {
-        for (int i = 0; i < numSpaces; i++) {
-            bw.append(' ');
-        }
-    }
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java	Fri Aug 29 11:57:22 2014 -0700
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package build.tools.makejavasecurity;
+
+import java.io.*;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.*;
+
+/**
+ * Builds the java.security file, including
+ *
+ * 1. Adds additional packages to the package.access and
+ *    package.definition security properties.
+ * 2. Filter out platform-unrelated parts
+ *
+ * In order to easily maintain platform-related entries, every item
+ * (including the last line) in package.access and package.definition
+ * MUST end with ',\'. A blank line MUST exist after the last line.
+ */
+public class MakeJavaSecurity {
+
+    private static final String PKG_ACC = "package.access";
+    private static final String PKG_DEF = "package.definition";
+    private static final int PKG_ACC_INDENT = 15;
+    private static final int PKG_DEF_INDENT = 19;
+
+    public static void main(String[] args) throws Exception {
+
+        if (args.length < 3) {
+            System.err.println("Usage: java MakeJavaSecurity " +
+                               "[input java.security file name] " +
+                               "[output java.security file name] " +
+                               "[openjdk target os] " +
+                               "[more restricted packages file name?]");
+            System.exit(1);
+        }
+
+        // more restricted packages
+        List<String> extraLines;
+        if (args.length == 4) {
+            extraLines = Files.readAllLines(Paths.get(args[3]));
+        } else {
+            extraLines = Collections.emptyList();
+        }
+
+        List<String> lines = new ArrayList<>();
+
+        // read raw java.security and add more restricted packages
+        try (FileReader fr = new FileReader(args[0]);
+                BufferedReader br = new BufferedReader(fr)) {
+            // looking for pkg access properties
+            String line = br.readLine();
+            while (line != null) {
+                if (line.startsWith(PKG_ACC)) {
+                    addPackages(br, lines, line, PKG_ACC_INDENT, extraLines);
+                } else if (line.startsWith(PKG_DEF)) {
+                    addPackages(br, lines, line, PKG_DEF_INDENT, extraLines);
+                } else {
+                    lines.add(line);
+                }
+                line = br.readLine();
+            }
+        }
+
+        // Filter out platform-unrelated ones. We only support
+        // #ifdef, #ifndef, and #endif.
+        int mode = 0;   // 0: out of block, 1: in match, 2: in non-match
+        Iterator<String> iter = lines.iterator();
+        while (iter.hasNext()) {
+            String line = iter.next();
+            if (line.startsWith("#endif")) {
+                mode = 0;
+                iter.remove();
+            } else if (line.startsWith("#ifdef ")) {
+                mode = line.endsWith(args[2])?1:2;
+                iter.remove();
+            } else if (line.startsWith("#ifndef ")) {
+                mode = line.endsWith(args[2])?2:1;
+                iter.remove();
+            } else {
+                if (mode == 2) iter.remove();
+            }
+        }
+
+        // Update .tbd to .1, .2, etc.
+        Map<String,Integer> count = new HashMap<>();
+        for (int i=0; i<lines.size(); i++) {
+            String line = lines.get(i);
+            int index = line.indexOf(".tbd");
+            if (index >= 0) {
+                String prefix = line.substring(0, index);
+                int n = count.getOrDefault(prefix, 1);
+                count.put(prefix, n+1);
+                lines.set(i, prefix + "." + n + line.substring(index+4));
+            }
+        }
+
+        // Clean up the last line of PKG_ACC and PKG_DEF blocks.
+        // Not really necessary since a blank line follows.
+        boolean inBlock = false;
+        for (int i=0; i<lines.size(); i++) {
+            String line = lines.get(i);
+            if (line.startsWith(PKG_ACC) || line.startsWith(PKG_DEF)) {
+                inBlock = true;
+            }
+            if (inBlock) {
+                if (line.isEmpty()) {
+                    String lastLine = lines.get(i-1);
+                    lines.set(i-1, lastLine.substring(0, lastLine.length()-2));
+                    inBlock = false;
+                }
+            }
+        }
+
+        Files.write(Paths.get(args[1]), lines);
+    }
+
+    private static void addPackages(BufferedReader br, List<String> lines,
+                                    String line, int numSpaces,
+                                    List<String> args) throws IOException {
+        // parse property until EOL, not including line breaks
+        boolean first = true;
+        while (!line.isEmpty()) {
+            if (!line.startsWith("#")) {
+                if (!line.endsWith(",\\") ||
+                        (!first && line.contains("="))) {
+                    throw new IOException("Invalid line: " + line);
+                }
+            }
+            lines.add(line);
+            line = br.readLine();
+            first = false;
+        }
+        // add new packages, one per line
+        for (String arg: args) {
+            if (arg.startsWith("#")) {
+                lines.add(arg);
+            } else {
+                lines.add(String.format("%"+numSpaces+"s", "") + arg + ",\\");
+            }
+        }
+        lines.add(line);
+    }
+}
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources.properties	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (Default)
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_de.properties	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (German) \u00f6 \u00df \u00dc
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_en.properties	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (English) A B C
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_en_GB.properties	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (English in Great Britain) \u0075 \u006b Z
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_ja.properties	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=Java 2D\u3067\u3059\u3002(\u30C7\u30D5\u30A9\u30EB\u30C8)
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_ko.properties	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (Korean)
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/TextResources_zh_CN.properties	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=\u8FD9\u662F Java 2D! (\u9ED8\u8BA4\u503C)
--- a/jdk/src/demo/share/jfc/Font2DTest/resources/resource.data	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-en US
-en GB
-ko KO
-ab KO
-de DE
--- a/jdk/src/java.base/share/classes/java/lang/Class.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/Class.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1322,7 +1322,7 @@
         // (for anonymous classes): 1 or more digits.
 
         // Since getSimpleBinaryName() will strip the binary name of
-        // the immediatly enclosing class, we are now looking at a
+        // the immediately enclosing class, we are now looking at a
         // string that matches the regular expression "\$[0-9]*"
         // followed by a simple name (considering the simple of an
         // anonymous class to be the empty string).
--- a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java	Fri Aug 29 11:57:22 2014 -0700
@@ -205,7 +205,7 @@
         }
 
         /**
-         * Registers the given class loader type as parallel capabale.
+         * Registers the given class loader type as parallel capable.
          * Returns {@code true} is successfully registered; {@code false} if
          * loader's super class is not registered.
          */
@@ -832,7 +832,7 @@
     {
         int len = b.remaining();
 
-        // Use byte[] if not a direct ByteBufer:
+        // Use byte[] if not a direct ByteBuffer:
         if (!b.isDirect()) {
             if (b.hasArray()) {
                 return defineClass(name, b.array(),
--- a/jdk/src/java.base/share/classes/java/lang/StringCoding.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/StringCoding.java	Fri Aug 29 11:57:22 2014 -0700
@@ -196,19 +196,19 @@
     static char[] decode(Charset cs, byte[] ba, int off, int len) {
         // (1)We never cache the "external" cs, the only benefit of creating
         // an additional StringDe/Encoder object to wrap it is to share the
-        // de/encode() method. These SD/E objects are short-lifed, the young-gen
-        // gc should be able to take care of them well. But the best approash
+        // de/encode() method. These SD/E objects are short-lived, the young-gen
+        // gc should be able to take care of them well. But the best approach
         // is still not to generate them if not really necessary.
         // (2)The defensive copy of the input byte/char[] has a big performance
         // impact, as well as the outgoing result byte/char[]. Need to do the
         // optimization check of (sm==null && classLoader0==null) for both.
         // (3)getClass().getClassLoader0() is expensive
         // (4)There might be a timing gap in isTrusted setting. getClassLoader0()
-        // is only chcked (and then isTrusted gets set) when (SM==null). It is
+        // is only checked (and then isTrusted gets set) when (SM==null). It is
         // possible that the SM==null for now but then SM is NOT null later
         // when safeTrim() is invoked...the "safe" way to do is to redundant
         // check (... && (isTrusted || SM == null || getClassLoader0())) in trim
-        // but it then can be argued that the SM is null when the opertaion
+        // but it then can be argued that the SM is null when the operation
         // is started...
         CharsetDecoder cd = cs.newDecoder();
         int en = scale(len, cd.maxCharsPerByte());
--- a/jdk/src/java.base/share/classes/java/lang/System.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/System.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1193,7 +1193,7 @@
         // Setup Java signal handlers for HUP, TERM, and INT (where available).
         Terminator.setup();
 
-        // Initialize any miscellenous operating system settings that need to be
+        // Initialize any miscellaneous operating system settings that need to be
         // set for the class libraries. Currently this is no-op everywhere except
         // for Windows where the process-wide error mode is set before the java.io
         // classes are used.
--- a/jdk/src/java.base/share/classes/java/lang/Throwable.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/Throwable.java	Fri Aug 29 11:57:22 2014 -0700
@@ -139,7 +139,7 @@
          * {@linkplain #setStackTrace(StackTraceElement[]) Setting the
          * stack trace} to a one-element array containing this sentinel
          * value indicates future attempts to set the stack trace will be
-         * ignored.  The sentinal is equal to the result of calling:<br>
+         * ignored.  The sentinel is equal to the result of calling:<br>
          * {@code new StackTraceElement("", "", null, Integer.MIN_VALUE)}
          */
         public static final StackTraceElement STACK_TRACE_ELEMENT_SENTINEL =
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java	Fri Aug 29 11:57:22 2014 -0700
@@ -98,7 +98,7 @@
     private final String implMethodClassName;        // Name of type containing implementation "CC"
     private final String implMethodName;             // Name of implementation method "impl"
     private final String implMethodDesc;             // Type descriptor for implementation methods "(I)Ljava/lang/String;"
-    private final Class<?> implMethodReturnClass;    // class for implementaion method return type "Ljava/lang/String;"
+    private final Class<?> implMethodReturnClass;    // class for implementation method return type "Ljava/lang/String;"
     private final MethodType constructorType;        // Generated class constructor type "(CC)void"
     private final ClassWriter cw;                    // ASM class writer
     private final String[] argNames;                 // Generated names for the constructor arguments
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Fri Aug 29 11:57:22 2014 -0700
@@ -209,7 +209,7 @@
             throw new InternalError("observed CP placeholder twice: " + cpPlaceholder);
         }
         // insert placeholder in CP and remember the patch
-        int index = cw.newConst((Object) cpPlaceholder);  // TODO check if aready in the constant pool
+        int index = cw.newConst((Object) cpPlaceholder);  // TODO check if already in the constant pool
         cpPatches.put(cpPlaceholder, new CpPatch(index, cpPlaceholder, arg));
         return cpPlaceholder;
     }
--- a/jdk/src/java.base/share/classes/java/lang/invoke/Invokers.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/Invokers.java	Fri Aug 29 11:57:22 2014 -0700
@@ -37,7 +37,7 @@
  * @author jrose
  */
 class Invokers {
-    // exact type (sans leading taget MH) for the outgoing call
+    // exact type (sans leading target MH) for the outgoing call
     private final MethodType targetType;
 
     // FIXME: Get rid of the invokers that are not useful.
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java	Fri Aug 29 11:57:22 2014 -0700
@@ -59,7 +59,7 @@
  * and properly use the named member.
  * <p>
  * When resolved, a member name's internal implementation may include references to JVM metadata.
- * This representation is stateless and only decriptive.
+ * This representation is stateless and only descriptive.
  * It provides no private information and no capability to use the member.
  * <p>
  * By contrast, a {@linkplain java.lang.reflect.Method} contains fuller information
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandle.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandle.java	Fri Aug 29 11:57:22 2014 -0700
@@ -679,7 +679,7 @@
      * This method provides the crucial behavioral difference between
      * {@link #invokeExact invokeExact} and plain, inexact {@link #invoke invoke}.
      * The two methods
-     * perform the same steps when the caller's type descriptor exactly m atches
+     * perform the same steps when the caller's type descriptor exactly matches
      * the callee's, but when the types differ, plain {@link #invoke invoke}
      * also calls {@code asType} (or some internal equivalent) in order
      * to match up the caller's and callee's types.
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java	Fri Aug 29 11:57:22 2014 -0700
@@ -621,7 +621,7 @@
     }
 
     /**
-     * The LambaForm shape for catchException combinator is the following:
+     * The LambdaForm shape for catchException combinator is the following:
      * <blockquote><pre>{@code
      *  guardWithCatch=Lambda(a0:L,a1:L,a2:L)=>{
      *    t3:L=BoundMethodHandle$Species_LLLLL.argL0(a0:L);
@@ -702,7 +702,7 @@
         MethodType type = target.type();
         LambdaForm form = makeGuardWithCatchForm(type.basicType());
 
-        // Prepare auxiliary method handles used during LambdaForm interpreation.
+        // Prepare auxiliary method handles used during LambdaForm interpretation.
         // Box arguments and wrap them into Object[]: ValueConversions.array().
         MethodType varargsType = type.changeReturnType(Object[].class);
         MethodHandle collectArgs = ValueConversions.varargsArray(type.parameterCount())
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java	Fri Aug 29 11:57:22 2014 -0700
@@ -509,7 +509,7 @@
 
     /**
      * Is this method a caller-sensitive method?
-     * I.e., does it call Reflection.getCallerClass or a similer method
+     * I.e., does it call Reflection.getCallerClass or a similar method
      * to ask about the identity of its caller?
      */
     static boolean isCallerSensitive(MemberName mem) {
--- a/jdk/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java	Fri Aug 29 11:57:22 2014 -0700
@@ -78,7 +78,7 @@
      * object is a {@link Constructor} object for the class {@link
      * java.lang.Class}).  In the event of such a SecurityException, the
      * accessibility of objects is set to {@code flag} for array elements
-     * upto (and excluding) the element for which the exception occurred; the
+     * up to (and excluding) the element for which the exception occurred; the
      * accessibility of elements beyond (and including) the element for which
      * the exception occurred is unchanged.
      *
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Constructor.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/reflect/Constructor.java	Fri Aug 29 11:57:22 2014 -0700
@@ -544,15 +544,33 @@
      */
     @Override
     public AnnotatedType getAnnotatedReceiverType() {
-        if (getDeclaringClass().getEnclosingClass() == null)
-            return super.getAnnotatedReceiverType();
+        Class<?> thisDeclClass = getDeclaringClass();
+        Class<?> enclosingClass = thisDeclClass.getEnclosingClass();
 
+        if (enclosingClass == null) {
+            // A Constructor for a top-level class
+            return null;
+        }
+
+        Class<?> outerDeclaringClass = thisDeclClass.getDeclaringClass();
+        if (outerDeclaringClass == null) {
+            // A constructor for a local or anonymous class
+            return null;
+        }
+
+        // Either static nested or inner class
+        if (Modifier.isStatic(thisDeclClass.getModifiers())) {
+            // static nested
+            return null;
+        }
+
+        // A Constructor for an inner class
         return TypeAnnotationParser.buildAnnotatedType(getTypeAnnotationBytes0(),
                 sun.misc.SharedSecrets.getJavaLangAccess().
-                        getConstantPool(getDeclaringClass()),
+                    getConstantPool(thisDeclClass),
                 this,
-                getDeclaringClass(),
-                getDeclaringClass().getEnclosingClass(),
+                thisDeclClass,
+                enclosingClass,
                 TypeAnnotation.TypeAnnotationTarget.METHOD_RECEIVER);
     }
 }
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Executable.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/reflect/Executable.java	Fri Aug 29 11:57:22 2014 -0700
@@ -585,21 +585,24 @@
     /**
      * Returns an {@code AnnotatedType} object that represents the use of a
      * type to specify the receiver type of the method/constructor represented
-     * by this Executable object. The receiver type of a method/constructor is
-     * available only if the method/constructor has a <em>receiver
-     * parameter</em> (JLS 8.4.1).
+     * by this {@code Executable} object.
      *
-     * If this {@code Executable} object represents a constructor or instance
-     * method that does not have a receiver parameter, or has a receiver
-     * parameter with no annotations on its type, then the return value is an
-     * {@code AnnotatedType} object representing an element with no
+     * The receiver type of a method/constructor is available only if the
+     * method/constructor has a receiver parameter (JLS 8.4.1). If this {@code
+     * Executable} object <em>represents an instance method or represents a
+     * constructor of an inner member class</em>, and the
+     * method/constructor <em>either</em> has no receiver parameter or has a
+     * receiver parameter with no annotations on its type, then the return
+     * value is an {@code AnnotatedType} object representing an element with no
      * annotations.
      *
-     * If this {@code Executable} object represents a static method, then the
-     * return value is null.
+     * If this {@code Executable} object represents a static method or
+     * represents a constructor of a top level, static member, local, or
+     * anoymous class, then the return value is null.
      *
      * @return an object representing the receiver type of the method or
-     * constructor represented by this {@code Executable}
+     * constructor represented by this {@code Executable} or {@code null} if
+     * this {@code Executable} can not have a receiver parameter
      */
     public AnnotatedType getAnnotatedReceiverType() {
         if (Modifier.isStatic(this.getModifiers()))
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Parameter.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/reflect/Parameter.java	Fri Aug 29 11:57:22 2014 -0700
@@ -173,7 +173,7 @@
      *         a name.
      */
     public String getName() {
-        // Note: empty strings as paramete names are now outlawed.
+        // Note: empty strings as parameter names are now outlawed.
         // The .equals("") is for compatibility with current JVM
         // behavior.  It may be removed at some point.
         if(name == null || name.equals(""))
--- a/jdk/src/java.base/share/classes/java/security/SecureRandom.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/SecureRandom.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,15 +39,16 @@
  *
  * <p>A cryptographically strong random number
  * minimally complies with the statistical random number generator tests
- * specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+ * specified in
+ * <a href="http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf">
  * <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>,
  * section 4.9.1.
  * Additionally, SecureRandom must produce non-deterministic output.
  * Therefore any seed material passed to a SecureRandom object must be
  * unpredictable, and all SecureRandom output sequences must be
  * cryptographically strong, as described in
- * <a href="http://www.ietf.org/rfc/rfc1750.txt">
- * <i>RFC 1750: Randomness Recommendations for Security</i></a>.
+ * <a href="http://tools.ietf.org/html/rfc4086">
+ * <i>RFC 4086: Randomness Requirements for Security</i></a>.
  *
  * <p>A caller obtains a SecureRandom instance via the
  * no-argument constructor or one of the {@code getInstance} methods:
--- a/jdk/src/java.base/share/classes/java/time/Duration.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/time/Duration.java	Fri Aug 29 11:57:22 2014 -0700
@@ -388,19 +388,21 @@
         Matcher matcher = PATTERN.matcher(text);
         if (matcher.matches()) {
             // check for letter T but no time sections
-            if ("T".equals(matcher.group(3)) == false) {
-                boolean negate = "-".equals(matcher.group(1));
-                String dayMatch = matcher.group(2);
-                String hourMatch = matcher.group(4);
-                String minuteMatch = matcher.group(5);
-                String secondMatch = matcher.group(6);
-                String fractionMatch = matcher.group(7);
-                if (dayMatch != null || hourMatch != null || minuteMatch != null || secondMatch != null) {
-                    long daysAsSecs = parseNumber(text, dayMatch, SECONDS_PER_DAY, "days");
-                    long hoursAsSecs = parseNumber(text, hourMatch, SECONDS_PER_HOUR, "hours");
-                    long minsAsSecs = parseNumber(text, minuteMatch, SECONDS_PER_MINUTE, "minutes");
-                    long seconds = parseNumber(text, secondMatch, 1, "seconds");
-                    int nanos = parseFraction(text,  fractionMatch, seconds < 0 ? -1 : 1);
+            if (!charMatch(text, matcher.start(3), matcher.end(3), 'T')) {
+                boolean negate = charMatch(text, matcher.start(1), matcher.end(1), '-');
+
+                int dayStart = matcher.start(2), dayEnd = matcher.end(2);
+                int hourStart = matcher.start(4), hourEnd = matcher.end(4);
+                int minuteStart = matcher.start(5), minuteEnd = matcher.end(5);
+                int secondStart = matcher.start(6), secondEnd = matcher.end(6);
+                int fractionStart = matcher.start(7), fractionEnd = matcher.end(7);
+
+                if (dayStart >= 0 || hourStart >= 0 || minuteStart >= 0 || secondStart >= 0) {
+                    long daysAsSecs = parseNumber(text, dayStart, dayEnd, SECONDS_PER_DAY, "days");
+                    long hoursAsSecs = parseNumber(text, hourStart, hourEnd, SECONDS_PER_HOUR, "hours");
+                    long minsAsSecs = parseNumber(text, minuteStart, minuteEnd, SECONDS_PER_MINUTE, "minutes");
+                    long seconds = parseNumber(text, secondStart, secondEnd, 1, "seconds");
+                    int nanos = parseFraction(text, fractionStart, fractionEnd, seconds < 0 ? -1 : 1);
                     try {
                         return create(negate, daysAsSecs, hoursAsSecs, minsAsSecs, seconds, nanos);
                     } catch (ArithmeticException ex) {
@@ -412,27 +414,37 @@
         throw new DateTimeParseException("Text cannot be parsed to a Duration", text, 0);
     }
 
-    private static long parseNumber(CharSequence text, String parsed, int multiplier, String errorText) {
+    private static boolean charMatch(CharSequence text, int start, int end, char c) {
+        return (start >= 0 && end == start + 1 && text.charAt(start) == c);
+    }
+
+    private static long parseNumber(CharSequence text, int start, int end, int multiplier, String errorText) {
         // regex limits to [-+]?[0-9]+
-        if (parsed == null) {
+        if (start < 0 || end < 0) {
             return 0;
         }
         try {
-            long val = Long.parseLong(parsed);
+            long val = Long.parseLong(text, 10, start, end);
             return Math.multiplyExact(val, multiplier);
         } catch (NumberFormatException | ArithmeticException ex) {
             throw (DateTimeParseException) new DateTimeParseException("Text cannot be parsed to a Duration: " + errorText, text, 0).initCause(ex);
         }
     }
 
-    private static int parseFraction(CharSequence text, String parsed, int negate) {
+    private static int parseFraction(CharSequence text, int start, int end, int negate) {
         // regex limits to [0-9]{0,9}
-        if (parsed == null || parsed.length() == 0) {
+        if (start < 0 || end < 0 || end - start == 0) {
             return 0;
         }
         try {
-            parsed = (parsed + "000000000").substring(0, 9);
-            return Integer.parseInt(parsed) * negate;
+            int fraction = Integer.parseInt(text, 10, start, end);
+
+            // for number strings smaller than 9 digits, interpret as if there
+            // were trailing zeros
+            for (int i = end - start; i < 9; i++) {
+                fraction *= 10;
+            }
+            return fraction * negate;
         } catch (NumberFormatException | ArithmeticException ex) {
             throw (DateTimeParseException) new DateTimeParseException("Text cannot be parsed to a Duration: fraction", text, 0).initCause(ex);
         }
--- a/jdk/src/java.base/share/classes/java/time/Period.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/time/Period.java	Fri Aug 29 11:57:22 2014 -0700
@@ -329,17 +329,17 @@
         Objects.requireNonNull(text, "text");
         Matcher matcher = PATTERN.matcher(text);
         if (matcher.matches()) {
-            int negate = ("-".equals(matcher.group(1)) ? -1 : 1);
-            String yearMatch = matcher.group(2);
-            String monthMatch = matcher.group(3);
-            String weekMatch = matcher.group(4);
-            String dayMatch = matcher.group(5);
-            if (yearMatch != null || monthMatch != null || dayMatch != null || weekMatch != null) {
+            int negate = (charMatch(text, matcher.start(1), matcher.end(1), '-') ? -1 : 1);
+            int yearStart = matcher.start(2), yearEnd = matcher.end(2);
+            int monthStart = matcher.start(3), monthEnd = matcher.end(3);
+            int weekStart = matcher.start(4), weekEnd = matcher.end(4);
+            int dayStart = matcher.start(5), dayEnd = matcher.end(5);
+            if (yearStart >= 0 || monthStart >= 0 || weekStart >= 0 || dayStart >= 0) {
                 try {
-                    int years = parseNumber(text, yearMatch, negate);
-                    int months = parseNumber(text, monthMatch, negate);
-                    int weeks = parseNumber(text, weekMatch, negate);
-                    int days = parseNumber(text, dayMatch, negate);
+                    int years = parseNumber(text, yearStart, yearEnd, negate);
+                    int months = parseNumber(text, monthStart, monthEnd, negate);
+                    int weeks = parseNumber(text, weekStart, weekEnd, negate);
+                    int days = parseNumber(text, dayStart, dayEnd, negate);
                     days = Math.addExact(days, Math.multiplyExact(weeks, 7));
                     return create(years, months, days);
                 } catch (NumberFormatException ex) {
@@ -350,11 +350,15 @@
         throw new DateTimeParseException("Text cannot be parsed to a Period", text, 0);
     }
 
-    private static int parseNumber(CharSequence text, String str, int negate) {
-        if (str == null) {
+    private static boolean charMatch(CharSequence text, int start, int end, char c) {
+        return (start >= 0 && end == start + 1 && text.charAt(start) == c);
+    }
+
+    private static int parseNumber(CharSequence text, int start, int end, int negate) {
+        if (start < 0 || end < 0) {
             return 0;
         }
-        int val = Integer.parseInt(str);
+        int val = Integer.parseInt(text, 10, start, end);
         try {
             return Math.multiplyExact(val, negate);
         } catch (ArithmeticException ex) {
--- a/jdk/src/java.base/share/classes/java/util/JapaneseImperialCalendar.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/util/JapaneseImperialCalendar.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,20 +38,20 @@
 import sun.util.calendar.ZoneInfo;
 
 /**
- * <code>JapaneseImperialCalendar</code> implements a Japanese
+ * {@code JapaneseImperialCalendar} implements a Japanese
  * calendar system in which the imperial era-based year numbering is
  * supported from the Meiji era. The following are the eras supported
  * by this calendar system.
- * <pre><tt>
+ * <pre>{@code
  * ERA value   Era name    Since (in Gregorian)
  * ------------------------------------------------------
  *     0       N/A         N/A
- *     1       Meiji       1868-01-01 midnight local time
- *     2       Taisho      1912-07-30 midnight local time
- *     3       Showa       1926-12-25 midnight local time
- *     4       Heisei      1989-01-08 midnight local time
+ *     1       Meiji       1868-01-01T00:00:00 local time
+ *     2       Taisho      1912-07-30T00:00:00 local time
+ *     3       Showa       1926-12-25T00:00:00 local time
+ *     4       Heisei      1989-01-08T00:00:00 local time
  * ------------------------------------------------------
- * </tt></pre>
+ * }</pre>
  *
  * <p><code>ERA</code> value 0 specifies the years before Meiji and
  * the Gregorian year values are used. Unlike {@link
@@ -63,6 +63,31 @@
  * with time differences for applying the era transitions. This
  * calendar implementation assumes local time for all transitions.
  *
+ * <p>A new era can be specified using property
+ * jdk.calendar.japanese.supplemental.era. The new era is added to the
+ * predefined eras. The syntax of the property is as follows.
+ * <p><pre>
+ *   {@code name=<name>,abbr=<abbr>,since=<time['u']>}
+ * </pre>
+ * where
+ * <dl>
+ * <dt>{@code <name>:}<dd>the full name of the new era (non-ASCII characters allowed)
+ * <dt>{@code <abbr>:}<dd>the abbreviation of the new era (non-ASCII characters allowed)
+ * <dt>{@code <time['u']>:}<dd>the start time of the new era represented by
+ * milliseconds from 1970-01-01T00:00:00 local time or UTC if {@code 'u'} is
+ * appended to the milliseconds value. (ASCII digits only)
+ * </dl>
+ *
+ * <p>If the given era is invalid, such as the since value before the
+ * beginning of the last predefined era, the given era will be
+ * ignored.
+ *
+ * <p>The following is an example of the property usage.
+ * <p><pre>
+ *   java -Djdk.calendar.japanese.supplemental.era="name=NewEra,abbr=N,since=253374307200000"
+ * </pre>
+ * The property specifies an era change to NewEra at 9999-02-11T00:00:00 local time.
+ *
  * @author Masayoshi Okutsu
  * @since 1.6
  */
@@ -102,7 +127,6 @@
     public static final int HEISEI = 4;
 
     private static final int EPOCH_OFFSET   = 719163; // Fixed date of January 1, 1970 (Gregorian)
-    private static final int EPOCH_YEAR     = 1970;
 
     // Useful millisecond constants.  Although ONE_DAY and ONE_WEEK can fit
     // into ints, they must be longs in order to prevent arithmetic overflow
@@ -111,7 +135,6 @@
     private static final int  ONE_MINUTE = 60*ONE_SECOND;
     private static final int  ONE_HOUR   = 60*ONE_MINUTE;
     private static final long ONE_DAY    = 24*ONE_HOUR;
-    private static final long ONE_WEEK   = 7*ONE_DAY;
 
     // Reference to the sun.util.calendar.LocalGregorianCalendar instance (singleton).
     private static final LocalGregorianCalendar jcal
@@ -217,6 +240,7 @@
     };
 
     // Proclaim serialization compatibility with JDK 1.6
+    @SuppressWarnings("FieldNameHidesFieldInSuperclass")
     private static final long serialVersionUID = -3364572813905467929L;
 
     static {
@@ -340,6 +364,7 @@
      * <code>false</code> otherwise.
      * @see Calendar#compareTo(Calendar)
      */
+    @Override
     public boolean equals(Object obj) {
         return obj instanceof JapaneseImperialCalendar &&
             super.equals(obj);
@@ -349,6 +374,7 @@
      * Generates the hash code for this
      * <code>JapaneseImperialCalendar</code> object.
      */
+    @Override
     public int hashCode() {
         return super.hashCode() ^ jdate.hashCode();
     }
@@ -381,6 +407,7 @@
      * or if any calendar fields have out-of-range values in
      * non-lenient mode.
      */
+    @Override
     public void add(int field, int amount) {
         // If amount == 0, do nothing even the given field is out of
         // range. This is tested by JCK.
@@ -509,6 +536,7 @@
         }
     }
 
+    @Override
     public void roll(int field, boolean up) {
         roll(field, up ? +1 : -1);
     }
@@ -533,6 +561,7 @@
      * @see #add(int,int)
      * @see #set(int,int)
      */
+    @Override
     public void roll(int field, int amount) {
         // If amount == 0, do nothing even the given field is out of
         // range. This is tested by JCK.
--- a/jdk/src/java.base/share/classes/java/util/StringJoiner.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/util/StringJoiner.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,9 @@
  */
 package java.util;
 
+import sun.misc.JavaLangAccess;
+import sun.misc.SharedSecrets;
+
 /**
  * {@code StringJoiner} is used to construct a sequence of characters separated
  * by a delimiter and optionally starting with a supplied prefix
@@ -67,22 +70,24 @@
     private final String delimiter;
     private final String suffix;
 
-    /*
-     * StringBuilder value -- at any time, the characters constructed from the
-     * prefix, the added element separated by the delimiter, but without the
-     * suffix, so that we can more easily add elements without having to jigger
-     * the suffix each time.
-     */
-    private StringBuilder value;
+    /** Contains all the string components added so far. */
+    private String[] elts;
 
-    /*
-     * By default, the string consisting of prefix+suffix, returned by
-     * toString(), or properties of value, when no elements have yet been added,
-     * i.e. when it is empty.  This may be overridden by the user to be some
-     * other value including the empty String.
+    /** The number of string components added so far. */
+    private int size;
+
+    /** Total length in chars so far, excluding prefix and suffix. */
+    private int len;
+
+    /**
+     * When overriden by the user to be non-null via {@link setEmptyValue}, the
+     * string returned by toString() when no elements have yet been added.
+     * When null, prefix + suffix is used as the empty value.
      */
     private String emptyValue;
 
+    private static final JavaLangAccess jla = SharedSecrets.getJavaLangAccess();
+
     /**
      * Constructs a {@code StringJoiner} with no characters in it, with no
      * {@code prefix} or {@code suffix}, and a copy of the supplied
@@ -125,7 +130,6 @@
         this.prefix = prefix.toString();
         this.delimiter = delimiter.toString();
         this.suffix = suffix.toString();
-        this.emptyValue = this.prefix + this.suffix;
     }
 
     /**
@@ -148,29 +152,44 @@
         return this;
     }
 
+    private static int getChars(String s, char[] chars, int start) {
+        int len = s.length();
+        s.getChars(0, len, chars, start);
+        return len;
+    }
+
     /**
      * Returns the current value, consisting of the {@code prefix}, the values
      * added so far separated by the {@code delimiter}, and the {@code suffix},
      * unless no elements have been added in which case, the
-     * {@code prefix + suffix} or the {@code emptyValue} characters are returned
+     * {@code prefix + suffix} or the {@code emptyValue} characters are returned.
      *
      * @return the string representation of this {@code StringJoiner}
      */
     @Override
     public String toString() {
-        if (value == null) {
+        final String[] elts = this.elts;
+        if (elts == null && emptyValue != null) {
             return emptyValue;
-        } else {
-            if (suffix.equals("")) {
-                return value.toString();
-            } else {
-                int initialLength = value.length();
-                String result = value.append(suffix).toString();
-                // reset value to pre-append initialLength
-                value.setLength(initialLength);
-                return result;
+        }
+        final int size = this.size;
+        final int addLen = prefix.length() + suffix.length();
+        if (addLen == 0) {
+            compactElts();
+            return size == 0 ? "" : elts[0];
+        }
+        final String delimiter = this.delimiter;
+        final char[] chars = new char[len + addLen];
+        int k = getChars(prefix, chars, 0);
+        if (size > 0) {
+            k += getChars(elts[0], chars, k);
+            for (int i = 1; i < size; i++) {
+                k += getChars(delimiter, chars, k);
+                k += getChars(elts[i], chars, k);
             }
         }
+        k += getChars(suffix, chars, k);
+        return jla.newStringUnsafe(chars);
     }
 
     /**
@@ -182,7 +201,16 @@
      * @return a reference to this {@code StringJoiner}
      */
     public StringJoiner add(CharSequence newElement) {
-        prepareBuilder().append(newElement);
+        final String elt = String.valueOf(newElement);
+        if (elts == null) {
+            elts = new String[8];
+        } else {
+            if (size == elts.length)
+                elts = Arrays.copyOf(elts, 2 * size);
+            len += delimiter.length();
+        }
+        len += elt.length();
+        elts[size++] = elt;
         return this;
     }
 
@@ -207,24 +235,25 @@
      */
     public StringJoiner merge(StringJoiner other) {
         Objects.requireNonNull(other);
-        if (other.value != null) {
-            final int length = other.value.length();
-            // lock the length so that we can seize the data to be appended
-            // before initiate copying to avoid interference, especially when
-            // merge 'this'
-            StringBuilder builder = prepareBuilder();
-            builder.append(other.value, other.prefix.length(), length);
+        if (other.elts == null) {
+            return this;
         }
-        return this;
+        other.compactElts();
+        return add(other.elts[0]);
     }
 
-    private StringBuilder prepareBuilder() {
-        if (value != null) {
-            value.append(delimiter);
-        } else {
-            value = new StringBuilder().append(prefix);
+    private void compactElts() {
+        if (size > 1) {
+            final char[] chars = new char[len];
+            int i = 1, k = getChars(elts[0], chars, 0);
+            do {
+                k += getChars(delimiter, chars, k);
+                k += getChars(elts[i], chars, k);
+                elts[i] = null;
+            } while (++i < size);
+            size = 1;
+            elts[0] = jla.newStringUnsafe(chars);
         }
-        return value;
     }
 
     /**
@@ -238,10 +267,7 @@
      * @return the length of the current value of {@code StringJoiner}
      */
     public int length() {
-        // Remember that we never actually append the suffix unless we return
-        // the full (present) value or some sub-string or length of it, so that
-        // we can add on more if we need to.
-        return (value != null ? value.length() + suffix.length() :
-                emptyValue.length());
+        return (size == 0 && emptyValue != null) ? emptyValue.length() :
+            len + prefix.length() + suffix.length();
     }
 }
--- a/jdk/src/java.base/share/classes/javax/security/auth/Subject.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/javax/security/auth/Subject.java	Fri Aug 29 11:57:22 2014 -0700
@@ -182,21 +182,20 @@
      * {@code AuthPermission("modifyPublicCredentials")}.
      * To modify the private credential Set, the caller must have
      * {@code AuthPermission("modifyPrivateCredentials")}.
-     * <p>
      *
      * @param readOnly true if the {@code Subject} is to be read-only,
-     *          and false otherwise. <p>
+     *          and false otherwise.
      *
      * @param principals the {@code Set} of Principals
-     *          to be associated with this {@code Subject}. <p>
+     *          to be associated with this {@code Subject}.
      *
      * @param pubCredentials the {@code Set} of public credentials
-     *          to be associated with this {@code Subject}. <p>
+     *          to be associated with this {@code Subject}.
      *
      * @param privCredentials the {@code Set} of private credentials
      *          to be associated with this {@code Subject}.
      *
-     * @exception NullPointerException if the specified
+     * @throws NullPointerException if the specified
      *          {@code principals}, {@code pubCredentials},
      *          or {@code privCredentials} are {@code null},
      *          or a null value exists within any of these three
@@ -233,10 +232,11 @@
      * Also, once a {@code Subject} is read-only,
      * it can not be reset to being writable again.
      *
-     * <p>
-     *
-     * @exception SecurityException if the caller does not have permission
-     *          to set this {@code Subject} to be read-only.
+     * @throws SecurityException if a security manager is installed and the
+     *         caller does not have an
+     *         {@link AuthPermission#AuthPermission(String)
+     *         AuthPermission("setReadOnly")} permission to set this
+     *         {@code Subject} to be read-only.
      */
     public void setReadOnly() {
         java.lang.SecurityManager sm = System.getSecurityManager();
@@ -250,8 +250,6 @@
     /**
      * Query whether this {@code Subject} is read-only.
      *
-     * <p>
-     *
      * @return true if this {@code Subject} is read-only, false otherwise.
      */
     public boolean isReadOnly() {
@@ -267,8 +265,6 @@
      * In this situation, the most recent {@code Subject} associated
      * with the {@code AccessControlContext} is returned.
      *
-     * <p>
-     *
      * @param  acc the {@code AccessControlContext} from which to retrieve
      *          the {@code Subject}.
      *
@@ -277,10 +273,13 @@
      *          if no {@code Subject} is associated
      *          with the provided {@code AccessControlContext}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to get the {@code Subject}. <p>
+     * @throws SecurityException if a security manager is installed and the
+     *          caller does not have an
+     *          {@link AuthPermission#AuthPermission(String)
+     *          AuthPermission("getSubject")} permission to get the
+     *          {@code Subject}.
      *
-     * @exception NullPointerException if the provided
+     * @throws NullPointerException if the provided
      *          {@code AccessControlContext} is {@code null}.
      */
     public static Subject getSubject(final AccessControlContext acc) {
@@ -321,26 +320,27 @@
      * passing it the provided {@code PrivilegedAction},
      * as well as the newly constructed {@code AccessControlContext}.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} that the specified
      *                  {@code action} will run as.  This parameter
-     *                  may be {@code null}. <p>
+     *                  may be {@code null}.
      *
      * @param <T> the type of the value returned by the PrivilegedAction's
      *                  {@code run} method.
      *
      * @param action the code to be run as the specified
-     *                  {@code Subject}. <p>
+     *                  {@code Subject}.
      *
      * @return the value returned by the PrivilegedAction's
      *                  {@code run} method.
      *
-     * @exception NullPointerException if the {@code PrivilegedAction}
-     *                  is {@code null}. <p>
+     * @throws NullPointerException if the {@code PrivilegedAction}
+     *                  is {@code null}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *                  to invoke this method.
+     * @throws SecurityException if a security manager is installed and the
+     *                  caller does not have an
+     *                  {@link AuthPermission#AuthPermission(String)
+     *                  AuthPermission("doAs")} permission to invoke this
+     *                  method.
      */
     public static <T> T doAs(final Subject subject,
                         final java.security.PrivilegedAction<T> action) {
@@ -377,31 +377,32 @@
      * passing it the provided {@code PrivilegedExceptionAction},
      * as well as the newly constructed {@code AccessControlContext}.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} that the specified
      *                  {@code action} will run as.  This parameter
-     *                  may be {@code null}. <p>
+     *                  may be {@code null}.
      *
      * @param <T> the type of the value returned by the
      *                  PrivilegedExceptionAction's {@code run} method.
      *
      * @param action the code to be run as the specified
-     *                  {@code Subject}. <p>
+     *                  {@code Subject}.
      *
      * @return the value returned by the
      *                  PrivilegedExceptionAction's {@code run} method.
      *
-     * @exception PrivilegedActionException if the
+     * @throws PrivilegedActionException if the
      *                  {@code PrivilegedExceptionAction.run}
-     *                  method throws a checked exception. <p>
+     *                  method throws a checked exception.
      *
-     * @exception NullPointerException if the specified
+     * @throws NullPointerException if the specified
      *                  {@code PrivilegedExceptionAction} is
-     *                  {@code null}. <p>
+     *                  {@code null}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *                  to invoke this method.
+     * @throws SecurityException if a security manager is installed and the
+     *                  caller does not have an
+     *                  {@link AuthPermission#AuthPermission(String)
+     *                  AuthPermission("doAs")} permission to invoke this
+     *                  method.
      */
     public static <T> T doAs(final Subject subject,
                         final java.security.PrivilegedExceptionAction<T> action)
@@ -435,29 +436,30 @@
      * this method instantiates a new {@code AccessControlContext}
      * with an empty collection of ProtectionDomains.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} that the specified
      *                  {@code action} will run as.  This parameter
-     *                  may be {@code null}. <p>
+     *                  may be {@code null}.
      *
      * @param <T> the type of the value returned by the PrivilegedAction's
      *                  {@code run} method.
      *
      * @param action the code to be run as the specified
-     *                  {@code Subject}. <p>
+     *                  {@code Subject}.
      *
      * @param acc the {@code AccessControlContext} to be tied to the
-     *                  specified <i>subject</i> and <i>action</i>. <p>
+     *                  specified <i>subject</i> and <i>action</i>.
      *
      * @return the value returned by the PrivilegedAction's
      *                  {@code run} method.
      *
-     * @exception NullPointerException if the {@code PrivilegedAction}
-     *                  is {@code null}. <p>
+     * @throws NullPointerException if the {@code PrivilegedAction}
+     *                  is {@code null}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *                  to invoke this method.
+     * @throws SecurityException if a security manager is installed and the
+     *                  caller does not have a
+     *                  {@link AuthPermission#AuthPermission(String)
+     *                  AuthPermission("doAsPrivileged")} permission to invoke
+     *                  this method.
      */
     public static <T> T doAsPrivileged(final Subject subject,
                         final java.security.PrivilegedAction<T> action,
@@ -495,34 +497,35 @@
      * this method instantiates a new {@code AccessControlContext}
      * with an empty collection of ProtectionDomains.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} that the specified
      *                  {@code action} will run as.  This parameter
-     *                  may be {@code null}. <p>
+     *                  may be {@code null}.
      *
      * @param <T> the type of the value returned by the
      *                  PrivilegedExceptionAction's {@code run} method.
      *
      * @param action the code to be run as the specified
-     *                  {@code Subject}. <p>
+     *                  {@code Subject}.
      *
      * @param acc the {@code AccessControlContext} to be tied to the
-     *                  specified <i>subject</i> and <i>action</i>. <p>
+     *                  specified <i>subject</i> and <i>action</i>.
      *
      * @return the value returned by the
      *                  PrivilegedExceptionAction's {@code run} method.
      *
-     * @exception PrivilegedActionException if the
+     * @throws PrivilegedActionException if the
      *                  {@code PrivilegedExceptionAction.run}
-     *                  method throws a checked exception. <p>
+     *                  method throws a checked exception.
      *
-     * @exception NullPointerException if the specified
+     * @throws NullPointerException if the specified
      *                  {@code PrivilegedExceptionAction} is
-     *                  {@code null}. <p>
+     *                  {@code null}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *                  to invoke this method.
+     * @throws SecurityException if a security manager is installed and the
+     *                  caller does not have a
+     *                  {@link AuthPermission#AuthPermission(String)
+     *                  AuthPermission("doAsPrivileged")} permission to invoke
+     *                  this method.
      */
     public static <T> T doAsPrivileged(final Subject subject,
                         final java.security.PrivilegedExceptionAction<T> action,
@@ -577,9 +580,12 @@
      * to the returned {@code Set} affects the internal
      * {@code Principal} {@code Set} as well.
      *
-     * <p>
+     * <p> If a security manager is installed, the caller must have a
+     * {@link AuthPermission#AuthPermission(String)
+     * AuthPermission("modifyPrincipals")} permission to modify
+     * the returned set, or a {@code SecurityException} will be thrown.
      *
-     * @return  The {@code Set} of Principals associated with this
+     * @return  the {@code Set} of Principals associated with this
      *          {@code Subject}.
      */
     public Set<Principal> getPrincipals() {
@@ -600,8 +606,6 @@
      * Modifications to the returned {@code Set}
      * will not affect the internal {@code Principal} {@code Set}.
      *
-     * <p>
-     *
      * @param <T> the type of the class modeled by {@code c}
      *
      * @param c the returned {@code Set} of Principals will all be
@@ -610,8 +614,8 @@
      * @return a {@code Set} of Principals that are instances of the
      *          specified {@code Class}.
      *
-     * @exception NullPointerException if the specified {@code Class}
-     *                  is {@code null}.
+     * @throws NullPointerException if the specified {@code Class}
+     *          is {@code null}.
      */
     public <T extends Principal> Set<T> getPrincipals(Class<T> c) {
 
@@ -632,9 +636,12 @@
      * to the returned {@code Set} affects the internal public
      * Credential {@code Set} as well.
      *
-     * <p>
+     * <p> If a security manager is installed, the caller must have a
+     * {@link AuthPermission#AuthPermission(String)
+     * AuthPermission("modifyPublicCredentials")} permission to modify
+     * the returned set, or a {@code SecurityException} will be thrown.
      *
-     * @return  A {@code Set} of public credentials held by this
+     * @return  a {@code Set} of public credentials held by this
      *          {@code Subject}.
      */
     public Set<Object> getPublicCredentials() {
@@ -653,20 +660,18 @@
      * to the returned {@code Set} affects the internal private
      * Credential {@code Set} as well.
      *
-     * <p> A caller requires permissions to access the Credentials
-     * in the returned {@code Set}, or to modify the
-     * {@code Set} itself.  A {@code SecurityException}
-     * is thrown if the caller does not have the proper permissions.
+     * <p> If a security manager is installed, the caller must have a
+     * {@link AuthPermission#AuthPermission(String)
+     * AuthPermission("modifyPrivateCredentials")} permission to modify
+     * the returned set, or a {@code SecurityException} will be thrown.
      *
      * <p> While iterating through the {@code Set},
-     * a {@code SecurityException} is thrown
-     * if the caller does not have permission to access a
-     * particular Credential.  The {@code Iterator}
-     * is nevertheless advanced to next element in the {@code Set}.
+     * a {@code SecurityException} is thrown if a security manager is installed
+     * and the caller does not have a {@link PrivateCredentialPermission}
+     * to access a particular Credential.  The {@code Iterator}
+     * is nevertheless advanced to the next element in the {@code Set}.
      *
-     * <p>
-     *
-     * @return  A {@code Set} of private credentials held by this
+     * @return  a {@code Set} of private credentials held by this
      *          {@code Subject}.
      */
     public Set<Object> getPrivateCredentials() {
@@ -695,8 +700,6 @@
      * Modifications to the returned {@code Set}
      * will not affect the internal public Credential {@code Set}.
      *
-     * <p>
-     *
      * @param <T> the type of the class modeled by {@code c}
      *
      * @param c the returned {@code Set} of public credentials will all be
@@ -705,7 +708,7 @@
      * @return a {@code Set} of public credentials that are instances
      *          of the  specified {@code Class}.
      *
-     * @exception NullPointerException if the specified {@code Class}
+     * @throws NullPointerException if the specified {@code Class}
      *          is {@code null}.
      */
     public <T> Set<T> getPublicCredentials(Class<T> c) {
@@ -723,9 +726,9 @@
      * {@code Subject} that are instances or subclasses of the specified
      * {@code Class}.
      *
-     * <p> The caller must have permission to access all of the
-     * requested Credentials, or a {@code SecurityException}
-     * will be thrown.
+     * <p> If a security manager is installed, the caller must have a
+     * {@link PrivateCredentialPermission} to access all of the requested
+     * Credentials, or a {@code SecurityException} will be thrown.
      *
      * <p> The returned {@code Set} is not backed by this Subject's
      * internal private Credential {@code Set}.  A new
@@ -733,8 +736,6 @@
      * Modifications to the returned {@code Set}
      * will not affect the internal private Credential {@code Set}.
      *
-     * <p>
-     *
      * @param <T> the type of the class modeled by {@code c}
      *
      * @param c the returned {@code Set} of private credentials will all be
@@ -743,7 +744,7 @@
      * @return a {@code Set} of private credentials that are instances
      *          of the  specified {@code Class}.
      *
-     * @exception NullPointerException if the specified {@code Class}
+     * @throws NullPointerException if the specified {@code Class}
      *          is {@code null}.
      */
     public <T> Set<T> getPrivateCredentials(Class<T> c) {
@@ -772,19 +773,18 @@
      * equal if their {@code Principal} and {@code Credential}
      * Sets are equal.
      *
-     * <p>
-     *
      * @param o Object to be compared for equality with this
      *          {@code Subject}.
      *
      * @return true if the specified Object is equal to this
      *          {@code Subject}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to access the private credentials for this {@code Subject},
-     *          or if the caller does not have permission to access the
-     *          private credentials for the provided {@code Subject}.
+     * @throws SecurityException if a security manager is installed and the
+     *         caller does not have a {@link PrivateCredentialPermission}
+     *         permission to access the private credentials for this
+     *         {@code Subject} or the provided {@code Subject}.
      */
+    @Override
     public boolean equals(Object o) {
 
         if (o == null) {
@@ -834,10 +834,9 @@
     /**
      * Return the String representation of this {@code Subject}.
      *
-     * <p>
-     *
      * @return the String representation of this {@code Subject}.
      */
+    @Override
     public String toString() {
         return toString(true);
     }
@@ -895,13 +894,13 @@
     /**
      * Returns a hashcode for this {@code Subject}.
      *
-     * <p>
-     *
      * @return a hashcode for this {@code Subject}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to access this Subject's private credentials.
+     * @throws SecurityException if a security manager is installed and the
+     *         caller does not have a {@link PrivateCredentialPermission}
+     *         permission to access this Subject's private credentials.
      */
+    @Override
     public int hashCode() {
 
         /**
@@ -996,7 +995,7 @@
      *
      * @param coll A {@code Collection} to be tested for null references
      *
-     * @exception NullPointerException if the specified collection is either
+     * @throws NullPointerException if the specified collection is either
      *            {@code null} or contains a {@code null} element
      */
     private static void collectionNullClean(Collection<?> coll) {
@@ -1546,7 +1545,7 @@
         }
     }
 
-    static class AuthPermissionHolder {
+    static final class AuthPermissionHolder {
         static final AuthPermission DO_AS_PERMISSION =
             new AuthPermission("doAs");
 
--- a/jdk/src/java.base/share/classes/sun/util/calendar/Era.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/calendar/Era.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,20 +41,15 @@
  * <code>CalendarDate</code>.
  *
  * <p>The following era names are defined in this release.
- * <!-- TODO: use HTML table -->
- * <pre><tt>
+ * <pre>{@code
  *   Calendar system         Era name         Since (in Gregorian)
  *   -----------------------------------------------------------------------
- *   Japanese calendar       Meiji            1868-01-01 midnight local time
- *                           Taisho           1912-07-30 midnight local time
- *                           Showa            1926-12-26 midnight local time
- *                           Heisei           1989-01-08 midnight local time
- *   Julian calendar         BeforeCommonEra  -292275055-05-16T16:47:04.192Z
- *                           CommonEra        0000-12-30 midnight local time
- *   Taiwanese calendar      MinGuo           1911-01-01 midnight local time
- *   Thai Buddhist calendar  BuddhistEra      -543-01-01 midnight local time
+ *   Japanese calendar       Meiji            1868-01-01T00:00:00 local time
+ *                           Taisho           1912-07-30T00:00:00 local time
+ *                           Showa            1926-12-25T00:00:00 local time
+ *                           Heisei           1989-01-08T00:00:00 local time
  *   -----------------------------------------------------------------------
- * </tt></pre>
+ * }</pre>
  *
  * @author Masayoshi Okutsu
  * @since 1.5
--- a/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,11 +25,7 @@
 
 package sun.util.calendar;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Properties;
-import java.util.StringTokenizer;
+import java.security.AccessController;
 import java.util.TimeZone;
 
 /**
@@ -39,6 +35,28 @@
  */
 
 public class LocalGregorianCalendar extends BaseCalendar {
+    private static final Era[] JAPANESE_ERAS = {
+        new Era("Meiji",  "M", -3218832000000L, true),
+        new Era("Taisho", "T", -1812153600000L, true),
+        new Era("Showa",  "S", -1357603200000L, true),
+        new Era("Heisei", "H",   600220800000L, true),
+    };
+
+    private static boolean isValidEra(Era newEra, Era[] eras) {
+        Era last = eras[eras.length - 1];
+        if (last.getSinceDate().getYear() >= newEra.getSinceDate().getYear()) {
+            return false;
+        }
+        // The new era name should be unique. Its abbr may not.
+        String newName = newEra.getName();
+        for (Era era : eras) {
+            if (era.getName().equals(newName)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
     private String name;
     private Era[] eras;
 
@@ -118,58 +136,70 @@
     }
 
     static LocalGregorianCalendar getLocalGregorianCalendar(String name) {
-        Properties calendarProps;
-        try {
-            calendarProps = CalendarSystem.getCalendarProperties();
-        } catch (IOException | IllegalArgumentException e) {
-            throw new InternalError(e);
-        }
-        // Parse calendar.*.eras
-        String props = calendarProps.getProperty("calendar." + name + ".eras");
-        if (props == null) {
+        // Only the Japanese calendar is supported.
+        if (!"japanese".equals(name)) {
             return null;
         }
-        List<Era> eras = new ArrayList<>();
-        StringTokenizer eraTokens = new StringTokenizer(props, ";");
-        while (eraTokens.hasMoreTokens()) {
-            String items = eraTokens.nextToken().trim();
-            StringTokenizer itemTokens = new StringTokenizer(items, ",");
-            String eraName = null;
-            boolean localTime = true;
-            long since = 0;
-            String abbr = null;
 
-            while (itemTokens.hasMoreTokens()) {
-                String item = itemTokens.nextToken();
-                int index = item.indexOf('=');
-                // it must be in the key=value form.
-                if (index == -1) {
+        // Append an era to the predefined eras if it's given by the property.
+        String prop = AccessController.doPrivileged(
+                new sun.security.action.GetPropertyAction("jdk.calendar.japanese.supplemental.era"));
+        if (prop != null) {
+            Era era = parseEraEntry(prop);
+            if (era != null) {
+                if (isValidEra(era, JAPANESE_ERAS)) {
+                    int length = JAPANESE_ERAS.length;
+                    Era[] eras = new Era[length + 1];
+                    System.arraycopy(JAPANESE_ERAS, 0, eras, 0, length);
+                    eras[length] = era;
+                    return new LocalGregorianCalendar(name, eras);
+                }
+            }
+        }
+        return new LocalGregorianCalendar(name, JAPANESE_ERAS);
+    }
+
+    private static Era parseEraEntry(String entry) {
+        String[] keyValuePairs = entry.split(",");
+        String eraName = null;
+        boolean localTime = true;
+        long since = 0;
+        String abbr = null;
+
+        for (String item : keyValuePairs) {
+            String[] keyvalue = item.split("=");
+            if (keyvalue.length != 2) {
+                return null;
+            }
+            String key = keyvalue[0].trim();
+            String value = keyvalue[1].trim();
+            switch (key) {
+            case "name":
+                eraName = value;
+                break;
+            case "since":
+                if (value.endsWith("u")) {
+                    localTime = false;
+                    value = value.substring(0, value.length() - 1);
+                }
+                try {
+                    since = Long.parseLong(value);
+                } catch (NumberFormatException e) {
                     return null;
                 }
-                String key = item.substring(0, index);
-                String value = item.substring(index + 1);
-                if ("name".equals(key)) {
-                    eraName = value;
-                } else if ("since".equals(key)) {
-                    if (value.endsWith("u")) {
-                        localTime = false;
-                        since = Long.parseLong(value.substring(0, value.length() - 1));
-                    } else {
-                        since = Long.parseLong(value);
-                    }
-                } else if ("abbr".equals(key)) {
-                    abbr = value;
-                } else {
-                    throw new RuntimeException("Unknown key word: " + key);
-                }
+                break;
+            case "abbr":
+                abbr = value;
+                break;
+            default:
+                return null;
             }
-            Era era = new Era(eraName, abbr, since, localTime);
-            eras.add(era);
         }
-        Era[] eraArray = new Era[eras.size()];
-        eras.toArray(eraArray);
-
-        return new LocalGregorianCalendar(name, eraArray);
+        if (eraName == null || eraName.isEmpty()
+                || abbr == null || abbr.isEmpty()) {
+            return null;
+        }
+        return new Era(eraName, abbr, since, localTime);
     }
 
     private LocalGregorianCalendar(String name, Era[] eras) {
@@ -262,9 +292,8 @@
     }
 
     private boolean validateEra(Era era) {
-        // Validate the era
-        for (int i = 0; i < eras.length; i++) {
-            if (era == eras[i]) {
+        for (Era era1 : eras) {
+            if (era == era1) {
                 return true;
             }
         }
@@ -333,6 +362,7 @@
         }
         if (i >= 0) {
             ldate.setLocalEra(era);
+            @SuppressWarnings("null")
             int y = ldate.getNormalizedYear() - era.getSinceDate().getYear() + 1;
             ldate.setLocalYear(y);
         } else {
--- a/jdk/src/java.base/share/classes/sun/util/cldr/CLDRLocaleProviderAdapter.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/cldr/CLDRLocaleProviderAdapter.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
 import java.security.PrivilegedAction;
 import java.text.spi.BreakIteratorProvider;
 import java.text.spi.CollatorProvider;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Locale;
 import java.util.ResourceBundle;
@@ -102,6 +103,9 @@
     @Override
     protected Set<String> createLanguageTagSet(String category) {
         ResourceBundle rb = ResourceBundle.getBundle("sun.util.cldr.CLDRLocaleDataMetaInfo", Locale.ROOT);
+        if (rb.containsKey(category)) {
+            return Collections.emptySet();
+        }
         String supportedLocaleString = rb.getString(category);
         Set<String> tagset = new HashSet<>();
         StringTokenizer tokens = new StringTokenizer(supportedLocaleString);
--- a/jdk/src/java.base/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,7 @@
 import java.text.spi.DateFormatSymbolsProvider;
 import java.text.spi.DecimalFormatSymbolsProvider;
 import java.text.spi.NumberFormatProvider;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Locale;
 import java.util.Set;
@@ -356,6 +357,9 @@
 
     protected Set<String> createLanguageTagSet(String category) {
         String supportedLocaleString = LocaleDataMetaInfo.getSupportedLocaleString(category);
+        if (supportedLocaleString == null) {
+            return Collections.emptySet();
+        }
         Set<String> tagset = new HashSet<>();
         StringTokenizer tokens = new StringTokenizer(supportedLocaleString);
         while (tokens.hasMoreTokens()) {
--- a/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleDataMetaInfo-XLocales.java.template	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleDataMetaInfo-XLocales.java.template	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,12 @@
         resourceNameToLocales.put("CollationData",
                                   " #CollationData_ENLocales# | #CollationData_NonENLocales# ");
 
+        resourceNameToLocales.put("BreakIteratorInfo",
+                                  " #BreakIteratorInfo_ENLocales# | #BreakIteratorInfo_NonENLocales# ");
+
+        resourceNameToLocales.put("BreakIteratorRules",
+                                  " #BreakIteratorRules_ENLocales# | #BreakIteratorRules_NonENLocales# ");
+
         resourceNameToLocales.put("TimeZoneNames",
                                   " #TimeZoneNames_ENLocales# | #TimeZoneNames_NonENLocales# ");
 
--- a/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleProviderAdapter.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleProviderAdapter.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -295,7 +295,7 @@
      * A utility method for implementing the default LocaleServiceProvider.isSupportedLocale
      * for the JRE, CLDR, and FALLBACK adapters.
      */
-    static boolean isSupportedLocale(Locale locale, LocaleProviderAdapter.Type type, Set<String> langtags) {
+    public static boolean isSupportedLocale(Locale locale, LocaleProviderAdapter.Type type, Set<String> langtags) {
         assert type == Type.JRE || type == Type.CLDR || type == Type.FALLBACK;
         if (Locale.ROOT.equals(locale)) {
             return true;
--- a/jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,8 +48,11 @@
 import java.util.Locale;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
+import java.util.Set;
+import sun.util.locale.provider.JRELocaleProviderAdapter;
 import sun.util.locale.provider.LocaleDataMetaInfo;
 import sun.util.locale.provider.LocaleProviderAdapter;
+import static sun.util.locale.provider.LocaleProviderAdapter.Type.CLDR;
 import static sun.util.locale.provider.LocaleProviderAdapter.Type.JRE;
 
 /**
@@ -204,35 +207,23 @@
         @Override
          public List<Locale> getCandidateLocales(String baseName, Locale locale) {
             List<Locale> candidates = super.getCandidateLocales(baseName, locale);
-            /* Get the locale string list from LocaleDataMetaInfo class. */
-            String localeString = LocaleDataMetaInfo.getSupportedLocaleString(baseName);
-
-            if (localeString != null && localeString.length() != 0) {
-                for (Iterator<Locale> l = candidates.iterator(); l.hasNext();) {
-                    Locale loc = l.next();
-                    String lstr;
-                    if (loc.getScript().length() > 0) {
-                        lstr = loc.toLanguageTag().replace('-', '_');
-                    } else {
-                        lstr = loc.toString();
-                        int idx = lstr.indexOf("_#");
-                        if (idx >= 0) {
-                            lstr = lstr.substring(0, idx);
-                        }
-                    }
-                    /* Every locale string in the locale string list returned from
-                     the above getSupportedLocaleString is enclosed
-                     within two white spaces so that we could check some locale
-                     such as "en".
-                     */
-                    if (lstr.length() != 0 && localeString.indexOf(" " + lstr + " ") == -1) {
-                        l.remove();
+            // Weed out Locales which are known to have no resource bundles
+            int lastDot = baseName.lastIndexOf('.');
+            String category = (lastDot >= 0) ? baseName.substring(lastDot + 1) : baseName;
+            LocaleProviderAdapter.Type type = baseName.contains(DOTCLDR) ? CLDR : JRE;
+            LocaleProviderAdapter adapter = LocaleProviderAdapter.forType(type);
+            Set<String> langtags = ((JRELocaleProviderAdapter)adapter).getLanguageTagSet(category);
+            if (!langtags.isEmpty()) {
+                for (Iterator<Locale> itr = candidates.iterator(); itr.hasNext();) {
+                    if (!LocaleProviderAdapter.isSupportedLocale(itr.next(), type, langtags)) {
+                        itr.remove();
                     }
                 }
             }
+
             // Force fallback to Locale.ENGLISH for CLDR time zone names support
             if (locale.getLanguage() != "en"
-                    && baseName.contains(CLDR) && baseName.endsWith("TimeZoneNames")) {
+                    && type == CLDR && category.equals("TimeZoneNames")) {
                 candidates.add(candidates.size() - 1, Locale.ENGLISH);
             }
             return candidates;
@@ -254,7 +245,7 @@
             return null;
         }
 
-        private static final String CLDR      = ".cldr";
+        private static final String DOTCLDR      = ".cldr";
 
         /**
          * Changes baseName to its per-language package name and
@@ -275,8 +266,8 @@
                     assert JRE.getUtilResourcesPackage().length()
                         == JRE.getTextResourcesPackage().length();
                     int index = JRE.getUtilResourcesPackage().length();
-                    if (baseName.indexOf(CLDR, index) > 0) {
-                        index += CLDR.length();
+                    if (baseName.indexOf(DOTCLDR, index) > 0) {
+                        index += DOTCLDR.length();
                     }
                     newBaseName = baseName.substring(0, index + 1) + lang
                                       + baseName.substring(index);
--- a/jdk/src/java.base/share/conf/calendars.properties	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/share/conf/calendars.properties	Fri Aug 29 11:57:22 2014 -0700
@@ -1,4 +1,4 @@
-# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -23,37 +23,6 @@
 #
 
 #
-# Japanese imperial calendar
-#
-#   Meiji  since 1868-01-01 00:00:00 local time (Gregorian)
-#   Taisho since 1912-07-30 00:00:00 local time (Gregorian)
-#   Showa  since 1926-12-25 00:00:00 local time (Gregorian)
-#   Heisei since 1989-01-08 00:00:00 local time (Gregorian)
-calendar.japanese.type: LocalGregorianCalendar
-calendar.japanese.eras: \
-	name=Meiji,abbr=M,since=-3218832000000;  \
-	name=Taisho,abbr=T,since=-1812153600000; \
-	name=Showa,abbr=S,since=-1357603200000;  \
-	name=Heisei,abbr=H,since=600220800000
-
-#
-# Taiwanese calendar
-#   Minguo since 1911-01-01 00:00:00 local time (Gregorian)
-calendar.taiwanese.type: LocalGregorianCalendar
-calendar.taiwanese.eras: \
-	name=MinGuo,since=-1830384000000
-
-#
-# Thai Buddhist calendar
-#   Buddhist Era since -542-01-01 00:00:00 local time (Gregorian)
-calendar.thai-buddhist.type: LocalGregorianCalendar
-calendar.thai-buddhist.eras: \
-	name=BuddhistEra,abbr=B.E.,since=-79302585600000
-calendar.thai-buddhist.year-boundary: \
-	day1=4-1,since=-79302585600000; \
-	day1=1-1,since=-915148800000
-
-#
 # Hijrah calendars
 #
 calendar.hijrah.Hijrah-umalqura: hijrah-config-umalqura.properties
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/conf/security/java.security	Fri Aug 29 11:57:22 2014 -0700
@@ -0,0 +1,517 @@
+#
+# This is the "master security properties file".
+#
+# An alternate java.security properties file may be specified
+# from the command line via the system property
+#
+#    -Djava.security.properties=<URL>
+#
+# This properties file appends to the master security properties file.
+# If both properties files specify values for the same key, the value
+# from the command-line properties file is selected, as it is the last
+# one loaded.
+#
+# Also, if you specify
+#
+#    -Djava.security.properties==<URL> (2 equals),
+#
+# then that properties file completely overrides the master security
+# properties file.
+#
+# To disable the ability to specify an additional properties file from
+# the command line, set the key security.overridePropertiesFile
+# to false in the master security properties file. It is set to true
+# by default.
+
+# In this file, various security properties are set for use by
+# java.security classes. This is where users can statically register
+# Cryptography Package Providers ("providers" for short). The term
+# "provider" refers to a package or set of packages that supply a
+# concrete implementation of a subset of the cryptography aspects of
+# the Java Security API. A provider may, for example, implement one or
+# more digital signature algorithms or message digest algorithms.
+#
+# Each provider must implement a subclass of the Provider class.
+# To register a provider in this master security properties file,
+# specify the Provider subclass name and priority in the format
+#
+#    security.provider.<n>=<className>
+#
+# This declares a provider, and specifies its preference
+# order n. The preference order is the order in which providers are
+# searched for requested algorithms (when no specific provider is
+# requested). The order is 1-based; 1 is the most preferred, followed
+# by 2, and so on.
+#
+# <className> must specify the subclass of the Provider class whose
+# constructor sets the values of various properties that are required
+# for the Java Security API to look up the algorithms or other
+# facilities implemented by the provider.
+#
+# There must be at least one provider specification in java.security.
+# There is a default provider that comes standard with the JDK. It
+# is called the "SUN" provider, and its Provider subclass
+# named Sun appears in the sun.security.provider package. Thus, the
+# "SUN" provider is registered via the following:
+#
+#    security.provider.1=sun.security.provider.Sun
+#
+# (The number 1 is used for the default provider.)
+#
+# Note: Providers can be dynamically registered instead by calls to
+# either the addProvider or insertProviderAt method in the Security
+# class.
+
+#
+# List of providers and their preference orders (see above):
+#
+#ifdef solaris
+security.provider.tbd=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
+security.provider.tbd=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
+#endif
+security.provider.tbd=sun.security.provider.Sun
+security.provider.tbd=sun.security.rsa.SunRsaSign
+security.provider.tbd=sun.security.ec.SunEC
+security.provider.tbd=com.sun.net.ssl.internal.ssl.Provider
+security.provider.tbd=com.sun.crypto.provider.SunJCE
+security.provider.tbd=sun.security.jgss.SunProvider
+security.provider.tbd=com.sun.security.sasl.Provider
+security.provider.tbd=org.jcp.xml.dsig.internal.dom.XMLDSigRI
+security.provider.tbd=sun.security.smartcardio.SunPCSC
+#ifdef windows
+security.provider.tbd=sun.security.mscapi.SunMSCAPI
+#endif
+#ifdef macosx
+security.provider.tbd=apple.security.AppleProvider
+#endif
+
+#
+# Sun Provider SecureRandom seed source.
+#
+# Select the primary source of seed data for the "SHA1PRNG" and
+# "NativePRNG" SecureRandom implementations in the "Sun" provider.
+# (Other SecureRandom implementations might also use this property.)
+#
+# On Unix-like systems (for example, Solaris/Linux/MacOS), the
+# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
+# special device files such as file:/dev/random.
+#
+# On Windows systems, specifying the URLs "file:/dev/random" or
+# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
+# mechanism for SHA1PRNG.
+#
+# By default, an attempt is made to use the entropy gathering device
+# specified by the "securerandom.source" Security property.  If an
+# exception occurs while accessing the specified URL:
+#
+#     SHA1PRNG:
+#         the traditional system/thread activity algorithm will be used.
+#
+#     NativePRNG:
+#         a default value of /dev/random will be used.  If neither
+#         are available, the implementation will be disabled.
+#         "file" is the only currently supported protocol type.
+#
+# The entropy gathering device can also be specified with the System
+# property "java.security.egd". For example:
+#
+#   % java -Djava.security.egd=file:/dev/random MainClass
+#
+# Specifying this System property will override the
+# "securerandom.source" Security property.
+#
+# In addition, if "file:/dev/random" or "file:/dev/urandom" is
+# specified, the "NativePRNG" implementation will be more preferred than
+# SHA1PRNG in the Sun provider.
+#
+securerandom.source=file:/dev/random
+
+#
+# A list of known strong SecureRandom implementations.
+#
+# To help guide applications in selecting a suitable strong
+# java.security.SecureRandom implementation, Java distributions should
+# indicate a list of known strong implementations using the property.
+#
+# This is a comma-separated list of algorithm and/or algorithm:provider
+# entries.
+#
+#ifdef windows
+securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN
+#endif
+#ifndef windows
+securerandom.strongAlgorithms=NativePRNGBlocking:SUN
+#endif
+
+#
+# Class to instantiate as the javax.security.auth.login.Configuration
+# provider.
+#
+login.configuration.provider=sun.security.provider.ConfigFile
+
+#
+# Default login configuration file
+#
+#login.config.url.1=file:${user.home}/.java.login.config
+
+#
+# Class to instantiate as the system Policy. This is the name of the class
+# that will be used as the Policy object.
+#
+policy.provider=sun.security.provider.PolicyFile
+
+# The default is to have a single system-wide policy file,
+# and a policy file in the user's home directory.
+policy.url.1=file:${java.home}/lib/security/java.policy
+policy.url.2=file:${user.home}/.java.policy
+
+# whether or not we expand properties in the policy file
+# if this is set to false, properties (${...}) will not be expanded in policy
+# files.
+policy.expandProperties=true
+
+# whether or not we allow an extra policy to be passed on the command line
+# with -Djava.security.policy=somefile. Comment out this line to disable
+# this feature.
+policy.allowSystemProperty=true
+
+# whether or not we look into the IdentityScope for trusted Identities
+# when encountering a 1.1 signed JAR file. If the identity is found
+# and is trusted, we grant it AllPermission.
+policy.ignoreIdentityScope=false
+
+#
+# Default keystore type.
+#
+keystore.type=jks
+
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageAccess unless the
+# corresponding RuntimePermission ("accessClassInPackage."+package) has
+# been granted.
+package.access=sun.,\
+               com.sun.xml.internal.,\
+               com.sun.imageio.,\
+               com.sun.istack.internal.,\
+               com.sun.jmx.,\
+               com.sun.media.sound.,\
+               com.sun.naming.internal.,\
+               com.sun.proxy.,\
+               com.sun.corba.se.,\
+               com.sun.org.apache.bcel.internal.,\
+               com.sun.org.apache.regexp.internal.,\
+               com.sun.org.apache.xerces.internal.,\
+               com.sun.org.apache.xpath.internal.,\
+               com.sun.org.apache.xalan.internal.extensions.,\
+               com.sun.org.apache.xalan.internal.lib.,\
+               com.sun.org.apache.xalan.internal.res.,\
+               com.sun.org.apache.xalan.internal.templates.,\
+               com.sun.org.apache.xalan.internal.utils.,\
+               com.sun.org.apache.xalan.internal.xslt.,\
+               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
+               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
+               com.sun.org.apache.xalan.internal.xsltc.trax.,\
+               com.sun.org.apache.xalan.internal.xsltc.util.,\
+               com.sun.org.apache.xml.internal.res.,\
+               com.sun.org.apache.xml.internal.security.,\
+               com.sun.org.apache.xml.internal.serializer.utils.,\
+               com.sun.org.apache.xml.internal.utils.,\
+               com.sun.org.glassfish.,\
+               com.oracle.xmlns.internal.,\
+               com.oracle.webservices.internal.,\
+               org.jcp.xml.dsig.internal.,\
+               jdk.internal.,\
+               jdk.nashorn.internal.,\
+               jdk.nashorn.tools.,\
+               com.sun.activation.registries.,\
+#ifdef macosx
+               apple.,\
+#endif
+
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageDefinition unless the
+# corresponding RuntimePermission ("defineClassInPackage."+package) has
+# been granted.
+#
+# by default, none of the class loaders supplied with the JDK call
+# checkPackageDefinition.
+#
+package.definition=sun.,\
+                   com.sun.xml.internal.,\
+                   com.sun.imageio.,\
+                   com.sun.istack.internal.,\
+                   com.sun.jmx.,\
+                   com.sun.media.sound.,\
+                   com.sun.naming.internal.,\
+                   com.sun.proxy.,\
+                   com.sun.corba.se.,\
+                   com.sun.org.apache.bcel.internal.,\
+                   com.sun.org.apache.regexp.internal.,\
+                   com.sun.org.apache.xerces.internal.,\
+                   com.sun.org.apache.xpath.internal.,\
+                   com.sun.org.apache.xalan.internal.extensions.,\
+                   com.sun.org.apache.xalan.internal.lib.,\
+                   com.sun.org.apache.xalan.internal.res.,\
+                   com.sun.org.apache.xalan.internal.templates.,\
+                   com.sun.org.apache.xalan.internal.utils.,\
+                   com.sun.org.apache.xalan.internal.xslt.,\
+                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
+                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
+                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
+                   com.sun.org.apache.xalan.internal.xsltc.util.,\
+                   com.sun.org.apache.xml.internal.res.,\
+                   com.sun.org.apache.xml.internal.security.,\
+                   com.sun.org.apache.xml.internal.serializer.utils.,\
+                   com.sun.org.apache.xml.internal.utils.,\
+                   com.sun.org.glassfish.,\
+                   com.oracle.xmlns.internal.,\
+                   com.oracle.webservices.internal.,\
+                   org.jcp.xml.dsig.internal.,\
+                   jdk.internal.,\
+                   jdk.nashorn.internal.,\
+                   jdk.nashorn.tools.,\
+                   com.sun.activation.registries.,\
+#ifdef macosx
+                   apple.,\
+#endif
+
+#
+# Determines whether this properties file can be appended to
+# or overridden on the command line via -Djava.security.properties
+#
+security.overridePropertiesFile=true
+
+#
+# Determines the default key and trust manager factory algorithms for
+# the javax.net.ssl package.
+#
+ssl.KeyManagerFactory.algorithm=SunX509
+ssl.TrustManagerFactory.algorithm=PKIX
+
+#
+# The Java-level namelookup cache policy for successful lookups:
+#
+# any negative value: caching forever
+# any positive value: the number of seconds to cache an address for
+# zero: do not cache
+#
+# default value is forever (FOREVER). For security reasons, this
+# caching is made forever when a security manager is set. When a security
+# manager is not set, the default behavior in this implementation
+# is to cache for 30 seconds.
+#
+# NOTE: setting this to anything other than the default value can have
+#       serious security implications. Do not set it unless
+#       you are sure you are not exposed to DNS spoofing attack.
+#
+#networkaddress.cache.ttl=-1
+
+# The Java-level namelookup cache policy for failed lookups:
+#
+# any negative value: cache forever
+# any positive value: the number of seconds to cache negative lookup results
+# zero: do not cache
+#
+# In some Microsoft Windows networking environments that employ
+# the WINS name service in addition to DNS, name service lookups
+# that fail may take a noticeably long time to return (approx. 5 seconds).
+# For this reason the default caching policy is to maintain these
+# results for 10 seconds.
+#
+#
+networkaddress.cache.negative.ttl=10
+
+#
+# Properties to configure OCSP for certificate revocation checking
+#
+
+# Enable OCSP
+#
+# By default, OCSP is not used for certificate revocation checking.
+# This property enables the use of OCSP when set to the value "true".
+#
+# NOTE: SocketPermission is required to connect to an OCSP responder.
+#
+# Example,
+#   ocsp.enable=true
+
+#
+# Location of the OCSP responder
+#
+# By default, the location of the OCSP responder is determined implicitly
+# from the certificate being validated. This property explicitly specifies
+# the location of the OCSP responder. The property is used when the
+# Authority Information Access extension (defined in RFC 3280) is absent
+# from the certificate or when it requires overriding.
+#
+# Example,
+#   ocsp.responderURL=http://ocsp.example.net:80
+
+#
+# Subject name of the OCSP responder's certificate
+#
+# By default, the certificate of the OCSP responder is that of the issuer
+# of the certificate being validated. This property identifies the certificate
+# of the OCSP responder when the default does not apply. Its value is a string
+# distinguished name (defined in RFC 2253) which identifies a certificate in
+# the set of certificates supplied during cert path validation. In cases where
+# the subject name alone is not sufficient to uniquely identify the certificate
+# then both the "ocsp.responderCertIssuerName" and
+# "ocsp.responderCertSerialNumber" properties must be used instead. When this
+# property is set then those two properties are ignored.
+#
+# Example,
+#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
+
+#
+# Issuer name of the OCSP responder's certificate
+#
+# By default, the certificate of the OCSP responder is that of the issuer
+# of the certificate being validated. This property identifies the certificate
+# of the OCSP responder when the default does not apply. Its value is a string
+# distinguished name (defined in RFC 2253) which identifies a certificate in
+# the set of certificates supplied during cert path validation. When this
+# property is set then the "ocsp.responderCertSerialNumber" property must also
+# be set. When the "ocsp.responderCertSubjectName" property is set then this
+# property is ignored.
+#
+# Example,
+#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
+
+#
+# Serial number of the OCSP responder's certificate
+#
+# By default, the certificate of the OCSP responder is that of the issuer
+# of the certificate being validated. This property identifies the certificate
+# of the OCSP responder when the default does not apply. Its value is a string
+# of hexadecimal digits (colon or space separators may be present) which
+# identifies a certificate in the set of certificates supplied during cert path
+# validation. When this property is set then the "ocsp.responderCertIssuerName"
+# property must also be set. When the "ocsp.responderCertSubjectName" property
+# is set then this property is ignored.
+#
+# Example,
+#   ocsp.responderCertSerialNumber=2A:FF:00
+
+#
+# Policy for failed Kerberos KDC lookups:
+#
+# When a KDC is unavailable (network error, service failure, etc), it is
+# put inside a blacklist and accessed less often for future requests. The
+# value (case-insensitive) for this policy can be:
+#
+# tryLast
+#    KDCs in the blacklist are always tried after those not on the list.
+#
+# tryLess[:max_retries,timeout]
+#    KDCs in the blacklist are still tried by their order in the configuration,
+#    but with smaller max_retries and timeout values. max_retries and timeout
+#    are optional numerical parameters (default 1 and 5000, which means once
+#    and 5 seconds). Please notes that if any of the values defined here is
+#    more than what is defined in krb5.conf, it will be ignored.
+#
+# Whenever a KDC is detected as available, it is removed from the blacklist.
+# The blacklist is reset when krb5.conf is reloaded. You can add
+# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
+# reloaded whenever a JAAS authentication is attempted.
+#
+# Example,
+#   krb5.kdc.bad.policy = tryLast
+#   krb5.kdc.bad.policy = tryLess:2,2000
+krb5.kdc.bad.policy = tryLast
+
+# Algorithm restrictions for certification path (CertPath) processing
+#
+# In some environments, certain algorithms or key lengths may be undesirable
+# for certification path building and validation.  For example, "MD2" is
+# generally no longer considered to be a secure hash algorithm.  This section
+# describes the mechanism for disabling algorithms based on algorithm name
+# and/or key length.  This includes algorithms used in certificates, as well
+# as revocation information such as CRLs and signed OCSP Responses.
+#
+# The syntax of the disabled algorithm string is described as this Java
+# BNF-style:
+#   DisabledAlgorithms:
+#       " DisabledAlgorithm { , DisabledAlgorithm } "
+#
+#   DisabledAlgorithm:
+#       AlgorithmName [Constraint]
+#
+#   AlgorithmName:
+#       (see below)
+#
+#   Constraint:
+#       KeySizeConstraint
+#
+#   KeySizeConstraint:
+#       keySize Operator DecimalInteger
+#
+#   Operator:
+#       <= | < | == | != | >= | >
+#
+#   DecimalInteger:
+#       DecimalDigits
+#
+#   DecimalDigits:
+#       DecimalDigit {DecimalDigit}
+#
+#   DecimalDigit: one of
+#       1 2 3 4 5 6 7 8 9 0
+#
+# The "AlgorithmName" is the standard algorithm name of the disabled
+# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
+# Documentation" for information about Standard Algorithm Names.  Matching
+# is performed using a case-insensitive sub-element matching rule.  (For
+# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
+# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
+# sub-element of the certificate algorithm name, the algorithm will be
+# rejected during certification path building and validation.  For example,
+# the assertion algorithm name "DSA" will disable all certificate algorithms
+# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
+# will not disable algorithms related to "ECDSA".
+#
+# A "Constraint" provides further guidance for the algorithm being specified.
+# The "KeySizeConstraint" requires a key of a valid size range if the
+# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
+# key size specified in number of bits.  For example, "RSA keySize <= 1024"
+# indicates that any RSA key with key size less than or equal to 1024 bits
+# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
+# that any RSA key with key size less than 1024 or greater than 2048 should
+# be disabled. Note that the "KeySizeConstraint" only makes sense to key
+# algorithms.
+#
+# Note: This property is currently used by Oracle's PKIX implementation. It
+# is not guaranteed to be examined and used by other implementations.
+#
+# Example:
+#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
+#
+#
+jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+
+# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
+# (SSL/TLS) processing
+#
+# In some environments, certain algorithms or key lengths may be undesirable
+# when using SSL/TLS.  This section describes the mechanism for disabling
+# algorithms during SSL/TLS security parameters negotiation, including cipher
+# suites selection, peer authentication and key exchange mechanisms.
+#
+# For PKI-based peer authentication and key exchange mechanisms, this list
+# of disabled algorithms will also be checked during certification path
+# building and validation, including algorithms used in certificates, as
+# well as revocation information such as CRLs and signed OCSP Responses.
+# This is in addition to the jdk.certpath.disabledAlgorithms property above.
+#
+# See the specification of "jdk.certpath.disabledAlgorithms" for the
+# syntax of the disabled algorithm string.
+#
+# Note: This property is currently used by Oracle's JSSE implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+# Example:
+#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-aix	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,496 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=sun.security.provider.Sun
-security.provider.2=sun.security.rsa.SunRsaSign
-security.provider.3=sun.security.ec.SunEC
-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
-security.provider.5=com.sun.crypto.provider.SunJCE
-security.provider.6=sun.security.jgss.SunProvider
-security.provider.7=com.sun.security.sasl.Provider
-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.9=sun.security.smartcardio.SunPCSC
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=NativePRNGBlocking:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.
-
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.
-
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-linux	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,496 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=sun.security.provider.Sun
-security.provider.2=sun.security.rsa.SunRsaSign
-security.provider.3=sun.security.ec.SunEC
-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
-security.provider.5=com.sun.crypto.provider.SunJCE
-security.provider.6=sun.security.jgss.SunProvider
-security.provider.7=com.sun.security.sasl.Provider
-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.9=sun.security.smartcardio.SunPCSC
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=NativePRNGBlocking:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.,\
-               com.sun.activation.registries.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.,\
-                   com.sun.activation.registries.
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-macosx	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,499 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=sun.security.provider.Sun
-security.provider.2=sun.security.rsa.SunRsaSign
-security.provider.3=sun.security.ec.SunEC
-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
-security.provider.5=com.sun.crypto.provider.SunJCE
-security.provider.6=sun.security.jgss.SunProvider
-security.provider.7=com.sun.security.sasl.Provider
-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.9=sun.security.smartcardio.SunPCSC
-security.provider.10=apple.security.AppleProvider
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=NativePRNGBlocking:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.,\
-               com.sun.activation.registries.,\
-               apple.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.,\
-                   com.sun.activation.registries.,\
-                   apple.
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-solaris	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,498 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
-security.provider.2=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
-security.provider.3=sun.security.provider.Sun
-security.provider.4=sun.security.rsa.SunRsaSign
-security.provider.5=sun.security.ec.SunEC
-security.provider.6=com.sun.net.ssl.internal.ssl.Provider
-security.provider.7=com.sun.crypto.provider.SunJCE
-security.provider.8=sun.security.jgss.SunProvider
-security.provider.9=com.sun.security.sasl.Provider
-security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.11=sun.security.smartcardio.SunPCSC
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=NativePRNGBlocking:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.,\
-               com.sun.activation.registries.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.,\
-                   com.sun.activation.registries.
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/share/conf/security/java.security-windows	Fri Aug 22 09:55:49 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,499 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=sun.security.provider.Sun
-security.provider.2=sun.security.rsa.SunRsaSign
-security.provider.3=sun.security.ec.SunEC
-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
-security.provider.5=com.sun.crypto.provider.SunJCE
-security.provider.6=sun.security.jgss.SunProvider
-security.provider.7=com.sun.security.sasl.Provider
-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.9=sun.security.smartcardio.SunPCSC
-security.provider.10=sun.security.mscapi.SunMSCAPI
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.,\
-               com.sun.activation.registries.,\
-               com.sun.java.accessibility.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.,\
-                   com.sun.activation.registries.,\
-                   com.sun.java.accessibility.
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/jdk/src/java.base/unix/native/libjava/UNIXProcess_md.c	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.base/unix/native/libjava/UNIXProcess_md.c	Fri Aug 29 11:57:22 2014 -0700
@@ -599,9 +599,9 @@
      */
     assert(prog != NULL && argBlock != NULL);
     if ((phelperpath = getBytes(env, helperpath))   == NULL) goto Catch;
-    if ((pprog     = getBytes(env, prog))       == NULL) goto Catch;
-    if ((pargBlock = getBytes(env, argBlock))   == NULL) goto Catch;
-    if ((c->argv = NEW(const char *, argc + 3)) == NULL) goto Catch;
+    if ((pprog       = getBytes(env, prog))         == NULL) goto Catch;
+    if ((pargBlock   = getBytes(env, argBlock))     == NULL) goto Catch;
+    if ((c->argv     = NEW(const char *, argc + 3)) == NULL) goto Catch;
     c->argv[0] = pprog;
     c->argc = argc + 2;
     initVectorFromBlock(c->argv+1, pargBlock, argc);
@@ -690,10 +690,11 @@
     closeSafely(childenv[0]);
     closeSafely(childenv[1]);
 
-    releaseBytes(env, prog,     pprog);
-    releaseBytes(env, argBlock, pargBlock);
-    releaseBytes(env, envBlock, penvBlock);
-    releaseBytes(env, dir,      c->pdir);
+    releaseBytes(env, helperpath, phelperpath);
+    releaseBytes(env, prog,       pprog);
+    releaseBytes(env, argBlock,   pargBlock);
+    releaseBytes(env, envBlock,   penvBlock);
+    releaseBytes(env, dir,        c->pdir);
 
     free(c->argv);
     free(c->envv);
--- a/jdk/src/java.desktop/macosx/classes/apple/laf/JRSUIControl.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.desktop/macosx/classes/apple/laf/JRSUIControl.java	Fri Aug 29 11:57:22 2014 -0700
@@ -114,7 +114,7 @@
         changes.putAll(other.changes);
     }
 
-    protected synchronized final void finalize() throws Throwable {
+    protected synchronized void finalize() throws Throwable {
         if (cfDictionaryPtr == 0) return;
         disposeCFDictionary(cfDictionaryPtr);
         cfDictionaryPtr = 0;
--- a/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaInternalFrameUI.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaInternalFrameUI.java	Fri Aug 29 11:57:22 2014 -0700
@@ -938,7 +938,11 @@
             final Point pt = new Point();
             final Component c = getComponentToForwardTo(e, pt);
             if (c == null) return;
-            c.dispatchEvent(new MouseWheelEvent(c, e.getID(), e.getWhen(), e.getModifiers(), pt.x, pt.y, e.getClickCount(), e.isPopupTrigger(), e.getScrollType(), e.getScrollAmount(), e.getWheelRotation()));
+            c.dispatchEvent(new MouseWheelEvent(c, e.getID(), e.getWhen(),
+                    e.getModifiers(), pt.x, pt.y, e.getXOnScreen(), e.getYOnScreen(),
+                    e.getClickCount(), e.isPopupTrigger(), e.getScrollType(),
+                    e.getScrollAmount(), e.getWheelRotation(),
+                    e.getPreciseWheelRotation()));
         }
 
         public void componentResized(final ComponentEvent e) {
--- a/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java	Fri Aug 29 11:57:22 2014 -0700
@@ -3307,7 +3307,7 @@
                 pane.repaint();
             } else if (name == "indexForTitle") {
                 calculatedBaseline = false;
-                updateHtmlViews((Integer) e.getNewValue());
+                updateHtmlViews((Integer) e.getNewValue(), false);
             } else if (name == "tabLayoutPolicy") {
                 AquaTabbedPaneCopyFromBasicUI.this.uninstallUI(pane);
                 AquaTabbedPaneCopyFromBasicUI.this.installUI(pane);
@@ -3345,7 +3345,7 @@
                 calculatedBaseline = false;
             } else if (name == "indexForNullComponent") {
                 isRunsDirty = true;
-                updateHtmlViews((Integer) e.getNewValue());
+                updateHtmlViews((Integer) e.getNewValue(), true);
             } else if (name == "font") {
                 calculatedBaseline = false;
             }
@@ -3464,10 +3464,10 @@
                 return;
             }
             isRunsDirty = true;
-            updateHtmlViews(tp.indexOfComponent(child));
+            updateHtmlViews(tp.indexOfComponent(child), true);
         }
 
-        private void updateHtmlViews(int index) {
+        private void updateHtmlViews(int index, boolean inserted) {
             final String title = tabPane.getTitleAt(index);
             final boolean isHTML = BasicHTML.isHTMLString(title);
             if (isHTML) {
@@ -3475,16 +3475,24 @@
                     htmlViews = createHTMLVector();
                 } else { // Vector already exists
                     final View v = BasicHTML.createHTMLView(tabPane, title);
-                    htmlViews.insertElementAt(v, index);
+                    setHtmlView(v, inserted, index);
                 }
             } else { // Not HTML
                 if (htmlViews != null) { // Add placeholder
-                    htmlViews.insertElementAt(null, index);
+                    setHtmlView(null, inserted, index);
                 } // else nada!
             }
             updateMnemonics();
         }
 
+        private void setHtmlView(View v, boolean inserted, int index) {
+            if (inserted || index >= htmlViews.size()) {
+                htmlViews.insertElementAt(v, index);
+            } else {
+                htmlViews.setElementAt(v, index);
+            }
+        }
+
         public void componentRemoved(final ContainerEvent e) {
             final JTabbedPane tp = (JTabbedPane)e.getContainer();
             final Component child = e.getChild();
--- a/jdk/src/java.desktop/macosx/classes/sun/font/CFontManager.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.desktop/macosx/classes/sun/font/CFontManager.java	Fri Aug 29 11:57:22 2014 -0700
@@ -43,7 +43,7 @@
 import sun.awt.util.ThreadGroupUtils;
 import sun.lwawt.macosx.*;
 
-public class CFontManager extends SunFontManager {
+public final class CFontManager extends SunFontManager {
     private FontConfigManager fcManager = null;
     private static Hashtable<String, Font2D> genericFonts = new Hashtable<String, Font2D>();
 
@@ -61,20 +61,14 @@
         return new CFontConfiguration(this, preferLocaleFonts, preferPropFonts);
     }
 
-    private static String[] defaultPlatformFont = null;
-
     /*
      * Returns an array of two strings. The first element is the
      * name of the font. The second element is the file name.
      */
     @Override
-    public synchronized String[] getDefaultPlatformFont() {
-        if (defaultPlatformFont == null) {
-            defaultPlatformFont = new String[2];
-            defaultPlatformFont[0] = "Lucida Grande";
-            defaultPlatformFont[1] = "/System/Library/Fonts/LucidaGrande.ttc";
-        }
-        return defaultPlatformFont;
+    protected String[] getDefaultPlatformFont() {
+        return new String[]{"Lucida Grande",
+                            "/System/Library/Fonts/LucidaGrande.ttc"};
     }
 
     // This is a way to register any kind of Font2D, not just files and composites.
--- a/jdk/src/java.desktop/macosx/classes/sun/lwawt/LWComponentPeer.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.desktop/macosx/classes/sun/lwawt/LWComponentPeer.java	Fri Aug 29 11:57:22 2014 -0700
@@ -1233,11 +1233,13 @@
                     delegate, me.getID(), me.getWhen(),
                     me.getModifiers(),
                     me.getX(), me.getY(),
+                    me.getXOnScreen(), me.getYOnScreen(),
                     me.getClickCount(),
                     me.isPopupTrigger(),
                     me.getScrollType(),
                     me.getScrollAmount(),
-                    me.getWheelRotation());
+                    me.getWheelRotation(),
+                    me.getPreciseWheelRotation());
         } else if (e instanceof MouseEvent) {
             MouseEvent me = (MouseEvent) e;
 
--- a/jdk/src/java.desktop/macosx/classes/sun/lwawt/LWWindowPeer.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.desktop/macosx/classes/sun/lwawt/LWWindowPeer.java	Fri Aug 29 11:57:22 2014 -0700
@@ -105,6 +105,8 @@
 
     private final SecurityWarningWindow warningWindow;
 
+    private volatile boolean targetFocusable;
+
     /**
      * Current modal blocker or null.
      *
@@ -240,13 +242,12 @@
         if (!visible && warningWindow != null) {
             warningWindow.setVisible(false, false);
         }
-
+        updateFocusableWindowState();
         super.setVisibleImpl(visible);
         // TODO: update graphicsConfig, see 4868278
         platformWindow.setVisible(visible);
         if (isSimpleWindow()) {
             KeyboardFocusManagerPeer kfmPeer = LWKeyboardFocusManagerPeer.getInstance();
-
             if (visible) {
                 if (!getTarget().isAutoRequestFocus()) {
                     return;
@@ -397,6 +398,7 @@
 
     @Override
     public void updateFocusableWindowState() {
+        targetFocusable = getTarget().isFocusableWindow();
         platformWindow.updateFocusableWindowState();
     }
 
@@ -1220,13 +1222,13 @@
     }
 
     private boolean isFocusableWindow() {
-        boolean focusable = getTarget().isFocusableWindow();
+        boolean focusable  = targetFocusable;
         if (isSimpleWindow()) {
             LWWindowPeer ownerPeer = getOwnerFrameDialog(this);
             if (ownerPeer == null) {
                 return false;
             }
-            return focusable && ownerPeer.getTarget().isFocusableWindow();
+            return focusable && ownerPeer.targetFocusable;
         }
         return focusable;
     }
--- a/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java	Fri Aug 22 09:55:49 2014 -0700
+++ b/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java	Fri Aug 29 11:57:22 2014 -0700
@@ -38,7 +38,8 @@
 
     private CPlatformResponder responder;
     private static final Object classLock = new Object();
-    private static volatile CEmbeddedFrame focusedWindow;
+    private static volatile CEmbeddedFrame globalFocusedWindow;
+    private CEmbeddedFrame browserWindowFocusedApplet;
     private boolean parentWindowActive = true;
 
     public CEmbeddedFrame() {
@@ -111,10 +112,10 @@
         synchronized (classLock) {
             // In some cases an applet may not receive the focus lost event
             // from the parent window (see 8012330)
-            focusedWindow = (focused) ? this
-                    : ((focusedWindow == this) ? null : focusedWindow);
+            globalFocusedWindow = (focused) ? this
+                    : ((globalFocusedWindow == this) ? null : globalFocusedWindow);
         }
-        if (focusedWindow == this) {
+        if (globalFocusedWindow == this) {
             // see bug 8010925
             // we can't put this to handleWindowFocusEvent because
             // it won't be invoced if focuse is moved to a html element
@@ -145,9 +146,23 @@
     // non-focused applet. This method can be called from different threads.
     public void handleWindowFocusEvent(boolean parentWindowActive) {
         this.parentWindowActive = parentWindowActive;
+        // If several applets are running in different browser's windows, it is necessary to
+        // detect the switching between the parent windows and update globalFocusedWindow accordingly.
+        synchronized (classLock) {
+            if (!parentWindowActive) {
+                this.browserWindowFocusedApplet = globalFocusedWindow;
+            }
+            if (parentWindow