changeset 11884:8cdadb2cd458

Merge
author asaha
date Tue, 05 Jul 2016 15:30:38 -0700
parents 4c3025443a71 f483834549f3
children 1af2eacbc174
files .hgtags src/share/classes/com/sun/crypto/provider/CipherCore.java src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java src/share/classes/java/lang/invoke/MethodHandles.java src/share/classes/java/security/ProtectionDomain.java
diffstat 24 files changed, 303 insertions(+), 148 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Mon Jul 04 14:30:09 2016 -0700
+++ b/.hgtags	Tue Jul 05 15:30:38 2016 -0700
@@ -389,6 +389,7 @@
 d4453d784fb6c52e4ed998b167588551e2fd43c5 jdk8u40-b27
 5a45234e0fc14ff943e13dc1f8966818acaeb4de jdk8u40-b31
 d8ac13c5eafe422d3425dc1aebebfcdf8ca67e2d jdk8u40-b32
+c7fbbf6133c339fb56f03241de28666774023d5d jdk8u40-b33
 1ecc234bd38950a2bc047aa253a5e803f0836a4e jdk8u45-b00
 e0c7864bbca3f76cde680722f2ae58dff2bff61d jdk8u45-b01
 9505c0392cddbfb905401e9fccc23262edc3254f jdk8u45-b02
@@ -534,17 +535,26 @@
 d841d3fdae44f120883dab0a3a809a054cd0274b jdk8u72-b13
 f6d24d424cd2af4d2612f7737d3d9a25f58b882d jdk8u72-b14
 f3e86cc607260bae368b52d88d7bc8883ee767e3 jdk8u72-b15
+1d4b343084874b1afa1cdd504b9b1e50bab7f121 jdk8u72-b31
 892eb9ab179650b89b7bab6bc42f079391c98624 jdk8u73-b00
 9b77d3ca0d66a117c3cc0e0a74b8059545b22f0e jdk8u73-b01
 2ab13901d6f14bab0dcf4823d5e378a421fba7e2 jdk8u73-b02
 9a843dc6f959f62c61014a3a71ec9aa329f1daf1 jdk8u74-b00
 e829ab80dfd828803aa8837411900faeaa1254a5 jdk8u74-b01
 32c49f4a16599e376e4e46bb33c7bcc486e52ff3 jdk8u74-b02
+9c828e688240362b6f1b761b619cdaa070462c4e jdk8u74-b31
+6968ca30f8fdc9429fcd56187e16f46b215b474b jdk8u74-b32
+02e1209648050922a5a9f2789d9d359795f6f834 jdk8u77-b00
+f08584a0fde9344b0aa4766984266ca68b9a5018 jdk8u77-b01
+1a3e81c05703bb36def80a57681e1692c866f621 jdk8u77-b02
+c44179bce874a97e93ffd7b76a226af417e017a4 jdk8u77-b03
+8c3f4e540348daed7263bae092b0e5f212478b00 jdk8u77-b31
 1d4b343084874b1afa1cdd504b9b1e50bab7f121 jdk8u72-b31
 7cfd2c51c501df909833aa0fb6e40c50c61621ed jdk8u75-b00
 9e00a43602f87930c2318b2567002871ad9c59dd jdk8u75-b01
 9de301db625bb1b462aad3ebd8347118b94bb728 jdk8u75-b02
 dcacefa73649a2d821267b6bff1d70aa10a06801 jdk8u75-b03
+f6cc9dbb5db5883385c91bb71ca02081220aaf3d jdk8u101-b00
 de91f05824c5398cb2d2f666ff404aaa165498de jdk8u75-b04
 4138b3f27ffea524185a604c3f4f149c7e5ba780 jdk8u75-b05
 32f64c19b5fba8beeae5236ca6e480bd8e99698a jdk8u75-b06
@@ -557,9 +567,11 @@
 f08584a0fde9344b0aa4766984266ca68b9a5018 jdk8u77-b01
 1a3e81c05703bb36def80a57681e1692c866f621 jdk8u77-b02
 c44179bce874a97e93ffd7b76a226af417e017a4 jdk8u77-b03
+8c3f4e540348daed7263bae092b0e5f212478b00 jdk8u77-b31
 71f59a00df6c8f3bd5c6d6631a4988a431adab56 jdk8u91-b00
 7ade7a1ab10ff893f62cce9440b4a839aa19c250 jdk8u91-b13
 f8725698a870b6be82fad578e78a55910b259975 jdk8u91-b14
+29380f4d81bd92a6a7aa7a984ca4541ff3ac3a67 jdk8u91-b15
 39baa472e20c13c0eb1243eb5dce589e82f78143 jdk8u76-b00
 6ea3aea950d19d803475b3f4d704a2942e71b302 jdk8u76-b01
 4de4cffb5988cd68959ce4bbd14c6d4547078c91 jdk8u76-b02
@@ -576,6 +588,21 @@
 ea965fea71f612d65013192aa637d88e05915b10 jdk8u92-b00
 cc8d0d6c6f9543120836e70e0aa3fa9c9b6fe0f3 jdk8u92-b13
 4f06a20cdc59ce9742e6538ff4b9040baba0778a jdk8u92-b14
+5875e297cfcf18304b4b062dc44fa9be312ad6e8 jdk8u92-b31
+f6cc9dbb5db5883385c91bb71ca02081220aaf3d jdk8u81-b00
+00f8f39308687cde45f23282871c46cc6c2f10b3 jdk8u101-b01
+6042757c329b1b96fa6bc931e09306794f5c50c0 jdk8u101-b02
+25934d0d38fe10383ff22eb3f39bf5e8b9e73ac9 jdk8u101-b03
+ebc56c2e803597ef409a5296addc986b390d934d jdk8u101-b04
+c387bd2fb7db40467bd9aa803c8510a04ca32bae jdk8u101-b05
+a15cdf2e91e7c2d71510280b31ae11048fb2f31e jdk8u101-b06
+fdc0b30af431e17ffaed24ef5d545ae4cf7ddf6d jdk8u101-b07
+4dc4099e933a6f4584b51305b26b5798f042699b jdk8u101-b08
+5e7489ac05f0001e234e6d1c8730b465e74c9626 jdk8u101-b09
+9486707c119ab3940f7ea06c1af23a4f6367c77b jdk8u101-b10
+a9136f8d24d9ed01009df847176e0be67b354d15 jdk8u101-b11
+3eab3ce82c31d1332bc383a1a3201eaee220c001 jdk8u101-b12
+827b2350d7f8a96160aa820200a7bf6358b51450 jdk8u101-b13
 39baa472e20c13c0eb1243eb5dce589e82f78143 jdk8u76-b00
 6ea3aea950d19d803475b3f4d704a2942e71b302 jdk8u76-b01
 4de4cffb5988cd68959ce4bbd14c6d4547078c91 jdk8u76-b02
@@ -587,6 +614,16 @@
 5d5b55014d0da5bafb42366dc6d668ced4b8dec4 jdk8u102-b02
 abab8d5270997ad25e0699151eed48ce8db40787 jdk8u102-b03
 50809de3dcc24eb8cf86b8518cf0cc0423b61f4b jdk8u102-b04
+cdfb600c2dce889af220ebb6c4b0764066baa741 jdk8u102-b05
+59698da7972e97f4a18845b9c879f165b3c52e98 jdk8u102-b06
+725b400c93e0209c64f36f6191b8d1fd3ef9ed30 jdk8u102-b07
+c260a0aab5bff09f439914829b81f037715029bb jdk8u102-b08
+605340e782425b68342c1bc6485b747708de6101 jdk8u102-b09
+b64716a25e409798fcd7ed6143d55681ee4a4baa jdk8u102-b10
+e915a408ebf7ba05b36d1b714e166a1d9e5c7edd jdk8u102-b11
+8e12cb096db33b525ec010de5e857ef1cc985ddd jdk8u102-b12
+901ecf04370c7c03c61e22ab87a266c355baff54 jdk8u102-b13
+48c99b42383912886c005891c04b5f599adf6722 jdk8u102-b14
 47e20a90bdbb2327289e330606b73a9fe4dc857e jdk8u112-b00
 96393e490afd4acba5b92c5ede68dc9bbb60a38e jdk8u112-b01
 b44d695f738baba091370828b84ae2c4cd715c1b jdk8u112-b02
--- a/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties	Tue Jul 05 15:30:38 2016 -0700
@@ -15,13 +15,13 @@
 #
 alert=\uACBD\uBCF4
 awtcomponent=AWT \uAD6C\uC131 \uC694\uC18C
-checkbox=\uCCB4\uD06C \uBC15\uC2A4
+checkbox=\uCCB4\uD06C\uBC15\uC2A4
 colorchooser=\uC0C9\uC0C1 \uC120\uD0DD\uAE30
 columnheader=\uC5F4 \uBA38\uB9AC\uAE00
 combobox=\uCF64\uBCF4 \uC0C1\uC790
 canvas=\uCE94\uBC84\uC2A4
-desktopicon=\uBC14\uD0D5 \uD654\uBA74 \uC544\uC774\uCF58
-desktoppane=\uBC14\uD0D5 \uD654\uBA74 \uCC3D
+desktopicon=\uBC14\uD0D5\uD654\uBA74 \uC544\uC774\uCF58
+desktoppane=\uBC14\uD0D5\uD654\uBA74 \uCC3D
 dialog=\uB300\uD654\uC0C1\uC790
 directorypane=\uB514\uB809\uD1A0\uB9AC \uCC3D
 glasspane=\uAE00\uB798\uC2A4 \uCC3D
--- a/src/share/classes/com/sun/crypto/provider/AESCipher.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/AESCipher.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -172,6 +172,11 @@
      */
     private final int fixedKeySize; // in bytes, -1 if no restriction
 
+    /*
+     * needed to enforce ISE thrown when updateAAD is called after update for GCM mode.
+     */
+    private boolean updateCalled;
+
     /**
      * Creates an instance of AES cipher with default ECB mode and
      * PKCS5Padding.
@@ -304,6 +309,7 @@
     protected void engineInit(int opmode, Key key, SecureRandom random)
         throws InvalidKeyException {
         checkKeySize(key, fixedKeySize);
+        updateCalled = false;
         core.init(opmode, key, random);
     }
 
@@ -336,6 +342,7 @@
                               SecureRandom random)
         throws InvalidKeyException, InvalidAlgorithmParameterException {
         checkKeySize(key, fixedKeySize);
+        updateCalled = false;
         core.init(opmode, key, params, random);
     }
 
@@ -344,6 +351,7 @@
                               SecureRandom random)
         throws InvalidKeyException, InvalidAlgorithmParameterException {
         checkKeySize(key, fixedKeySize);
+        updateCalled = false;
         core.init(opmode, key, params, random);
     }
 
@@ -368,6 +376,7 @@
      */
     protected byte[] engineUpdate(byte[] input, int inputOffset,
                                   int inputLen) {
+        updateCalled = true;
         return core.update(input, inputOffset, inputLen);
     }
 
@@ -397,6 +406,7 @@
     protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
                                byte[] output, int outputOffset)
         throws ShortBufferException {
+        updateCalled = true;
         return core.update(input, inputOffset, inputLen, output,
                            outputOffset);
     }
@@ -433,7 +443,9 @@
      */
     protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
         throws IllegalBlockSizeException, BadPaddingException {
-        return core.doFinal(input, inputOffset, inputLen);
+        byte[] out = core.doFinal(input, inputOffset, inputLen);
+        updateCalled = false;
+        return out;
     }
 
     /**
@@ -476,8 +488,10 @@
                                 byte[] output, int outputOffset)
         throws IllegalBlockSizeException, ShortBufferException,
                BadPaddingException {
-        return core.doFinal(input, inputOffset, inputLen, output,
-                            outputOffset);
+        int outLen = core.doFinal(input, inputOffset, inputLen, output,
+                                  outputOffset);
+        updateCalled = false;
+        return outLen;
     }
 
     /**
@@ -574,6 +588,9 @@
      */
     @Override
     protected void engineUpdateAAD(byte[] src, int offset, int len) {
+        if (core.getMode() == CipherCore.GCM_MODE && updateCalled) {
+            throw new IllegalStateException("AAD must be supplied before encryption/decryption starts");
+        }
         core.updateAAD(src, offset, len);
     }
 
@@ -606,6 +623,9 @@
      */
     @Override
     protected void engineUpdateAAD(ByteBuffer src) {
+        if (core.getMode() == CipherCore.GCM_MODE && updateCalled) {
+            throw new IllegalStateException("AAD must be supplied before encryption/decryption starts");
+        }
         if (src != null) {
             int aadLen = src.limit() - src.position();
             if (aadLen != 0) {
--- a/src/share/classes/com/sun/crypto/provider/CipherCore.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/CipherCore.java	Tue Jul 05 15:30:38 2016 -0700
@@ -124,7 +124,7 @@
     private static final int PCBC_MODE = 4;
     private static final int CTR_MODE = 5;
     private static final int CTS_MODE = 6;
-    private static final int GCM_MODE = 7;
+    static final int GCM_MODE = 7;
 
     /*
      * variables used for performing the GCM (key+iv) uniqueness check.
@@ -196,7 +196,7 @@
             cipher = new CounterMode(rawImpl);
             unitBytes = 1;
             padding = null;
-        }  else if (modeUpperCase.startsWith("GCM")) {
+        }  else if (modeUpperCase.equals("GCM")) {
             // can only be used for block ciphers w/ 128-bit block size
             if (blockSize != 16) {
                 throw new NoSuchAlgorithmException
@@ -223,6 +223,15 @@
         }
     }
 
+    /**
+     * Returns the mode of this cipher.
+     *
+     * @return the parsed cipher mode
+     */
+    int getMode() {
+        return cipherMode;
+    }
+
     private static int getNumOfUnit(String mode, int offset, int blockSize)
         throws NoSuchAlgorithmException {
         int result = blockSize; // use blockSize as default value
--- a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,16 @@
     static int DEFAULT_TAG_LEN = AES_BLOCK_SIZE;
     static int DEFAULT_IV_LEN = 12; // in bytes
 
+    // In NIST SP 800-38D, GCM input size is limited to be no longer
+    // than (2^36 - 32) bytes. Otherwise, the counter will wrap
+    // around and lead to a leak of plaintext.
+    // However, given the current GCM spec requirement that recovered
+    // text can only be returned after successful tag verification,
+    // we are bound by limiting the data size to the size limit of
+    // java byte array, e.g. Integer.MAX_VALUE, since all data
+    // can only be returned by the doFinal(...) call.
+    private static final int MAX_BUF_SIZE = Integer.MAX_VALUE;
+
     // buffer for AAD data; if null, meaning update has been called
     private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream();
     private int sizeOfAAD = 0;
@@ -89,9 +99,13 @@
         }
     }
 
-    // ivLen in bits
-    private static byte[] getLengthBlock(int ivLen) {
+    private static byte[] getLengthBlock(int ivLenInBytes) {
+        long ivLen = ((long)ivLenInBytes) << 3;
         byte[] out = new byte[AES_BLOCK_SIZE];
+        out[8] = (byte)(ivLen >>> 56);
+        out[9] = (byte)(ivLen >>> 48);
+        out[10] = (byte)(ivLen >>> 40);
+        out[11] = (byte)(ivLen >>> 32);
         out[12] = (byte)(ivLen >>> 24);
         out[13] = (byte)(ivLen >>> 16);
         out[14] = (byte)(ivLen >>> 8);
@@ -99,13 +113,22 @@
         return out;
     }
 
-    // aLen and cLen both in bits
-    private static byte[] getLengthBlock(int aLen, int cLen) {
+    private static byte[] getLengthBlock(int aLenInBytes, int cLenInBytes) {
+        long aLen = ((long)aLenInBytes) << 3;
+        long cLen = ((long)cLenInBytes) << 3;
         byte[] out = new byte[AES_BLOCK_SIZE];
+        out[0] = (byte)(aLen >>> 56);
+        out[1] = (byte)(aLen >>> 48);
+        out[2] = (byte)(aLen >>> 40);
+        out[3] = (byte)(aLen >>> 32);
         out[4] = (byte)(aLen >>> 24);
         out[5] = (byte)(aLen >>> 16);
         out[6] = (byte)(aLen >>> 8);
         out[7] = (byte)aLen;
+        out[8] = (byte)(cLen >>> 56);
+        out[9] = (byte)(cLen >>> 48);
+        out[10] = (byte)(cLen >>> 40);
+        out[11] = (byte)(cLen >>> 32);
         out[12] = (byte)(cLen >>> 24);
         out[13] = (byte)(cLen >>> 16);
         out[14] = (byte)(cLen >>> 8);
@@ -142,13 +165,20 @@
             } else {
                 g.update(iv);
             }
-            byte[] lengthBlock = getLengthBlock(iv.length*8);
+            byte[] lengthBlock = getLengthBlock(iv.length);
             g.update(lengthBlock);
             j0 = g.digest();
         }
         return j0;
     }
 
+    private static void checkDataLength(int processed, int len) {
+        if (processed > MAX_BUF_SIZE - len) {
+            throw new ProviderException("SunJCE provider only supports " +
+                "input size up to " + MAX_BUF_SIZE + " bytes");
+        }
+    }
+
     GaloisCounterMode(SymmetricCipher embeddedCipher) {
         super(embeddedCipher);
         aadBuffer = new ByteArrayOutputStream();
@@ -319,20 +349,22 @@
 
     // Feed the AAD data to GHASH, pad if necessary
     void processAAD() {
-        if (aadBuffer != null && aadBuffer.size() > 0) {
-            byte[] aad = aadBuffer.toByteArray();
-            sizeOfAAD = aad.length;
+        if (aadBuffer != null) {
+            if (aadBuffer.size() > 0) {
+                byte[] aad = aadBuffer.toByteArray();
+                sizeOfAAD = aad.length;
+
+                int lastLen = aad.length % AES_BLOCK_SIZE;
+                if (lastLen != 0) {
+                    ghashAllToS.update(aad, 0, aad.length - lastLen);
+                    byte[] padded = expandToOneBlock(aad, aad.length - lastLen,
+                                                     lastLen);
+                    ghashAllToS.update(padded);
+                } else {
+                    ghashAllToS.update(aad);
+                }
+            }
             aadBuffer = null;
-
-            int lastLen = aad.length % AES_BLOCK_SIZE;
-            if (lastLen != 0) {
-                ghashAllToS.update(aad, 0, aad.length - lastLen);
-                byte[] padded = expandToOneBlock(aad, aad.length - lastLen,
-                                                 lastLen);
-                ghashAllToS.update(padded);
-            } else {
-                ghashAllToS.update(aad);
-            }
         }
     }
 
@@ -381,6 +413,8 @@
      * @return the number of bytes placed into the <code>out</code> buffer
      */
     int encrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
+        checkDataLength(processed, len);
+
         if ((len % blockSize) != 0) {
              throw new ProviderException("Internal error in input buffering");
         }
@@ -405,17 +439,23 @@
      */
     int encryptFinal(byte[] in, int inOfs, int len, byte[] out, int outOfs)
         throws IllegalBlockSizeException, ShortBufferException {
+        if (len > MAX_BUF_SIZE - tagLenBytes) {
+            throw new ShortBufferException
+                ("Can't fit both data and tag into one buffer");
+        }
         if (out.length - outOfs < (len + tagLenBytes)) {
             throw new ShortBufferException("Output buffer too small");
         }
 
+        checkDataLength(processed, len);
+
         processAAD();
         if (len > 0) {
             doLastBlock(in, inOfs, len, out, outOfs, true);
         }
 
         byte[] lengthBlock =
-            getLengthBlock(sizeOfAAD*8, processed*8);
+            getLengthBlock(sizeOfAAD, processed);
         ghashAllToS.update(lengthBlock);
         byte[] s = ghashAllToS.digest();
         byte[] sOut = new byte[s.length];
@@ -444,6 +484,8 @@
      * @return the number of bytes placed into the <code>out</code> buffer
      */
     int decrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
+        checkDataLength(ibuffer.size(), len);
+
         if ((len % blockSize) != 0) {
              throw new ProviderException("Internal error in input buffering");
         }
@@ -481,10 +523,21 @@
         if (len < tagLenBytes) {
             throw new AEADBadTagException("Input too short - need tag");
         }
+        // do this check here can also catch the potential integer overflow
+        // scenario for the subsequent output buffer capacity check.
+        checkDataLength(ibuffer.size(), (len - tagLenBytes));
+
         if (out.length - outOfs < ((ibuffer.size() + len) - tagLenBytes)) {
             throw new ShortBufferException("Output buffer too small");
         }
+
         processAAD();
+
+        // get the trailing tag bytes from 'in'
+        byte[] tag = new byte[tagLenBytes];
+        System.arraycopy(in, inOfs + len - tagLenBytes, tag, 0, tagLenBytes);
+        len -= tagLenBytes;
+
         if (len != 0) {
             ibuffer.write(in, inOfs, len);
         }
@@ -495,17 +548,12 @@
         len = in.length;
         ibuffer.reset();
 
-        byte[] tag = new byte[tagLenBytes];
-        // get the trailing tag bytes from 'in'
-        System.arraycopy(in, len - tagLenBytes, tag, 0, tagLenBytes);
-        len -= tagLenBytes;
-
         if (len > 0) {
             doLastBlock(in, inOfs, len, out, outOfs, false);
         }
 
         byte[] lengthBlock =
-            getLengthBlock(sizeOfAAD*8, processed*8);
+            getLengthBlock(sizeOfAAD, processed);
         ghashAllToS.update(lengthBlock);
 
         byte[] s = ghashAllToS.digest();
--- a/src/share/classes/com/sun/jmx/remote/security/JMXSubjectDomainCombiner.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/com/sun/jmx/remote/security/JMXSubjectDomainCombiner.java	Tue Jul 05 15:30:38 2016 -0700
@@ -81,7 +81,7 @@
      * A ProtectionDomain with a null CodeSource and an empty permission set.
      */
     private static final ProtectionDomain pdNoPerms =
-        new ProtectionDomain(nullCodeSource, new Permissions());
+        new ProtectionDomain(nullCodeSource, new Permissions(), null, null);
 
     /**
      * Get the current AccessControlContext combined with the supplied subject.
--- a/src/share/classes/java/lang/invoke/DirectMethodHandle.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/java/lang/invoke/DirectMethodHandle.java	Tue Jul 05 15:30:38 2016 -0700
@@ -158,7 +158,7 @@
     private static LambdaForm preparedLambdaForm(MemberName m) {
         assert(m.isInvocable()) : m;  // call preparedFieldLambdaForm instead
         MethodType mtype = m.getInvocationType().basicType();
-        assert(!m.isMethodHandleInvoke() || "invokeBasic".equals(m.getName())) : m;
+        assert(!m.isMethodHandleInvoke()) : m;
         int which;
         switch (m.getReferenceKind()) {
         case REF_invokeVirtual:    which = LF_INVVIRTUAL;    break;
--- a/src/share/classes/java/lang/invoke/LambdaForm.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/java/lang/invoke/LambdaForm.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1034,7 +1034,7 @@
             this.member = member;
             this.resolvedHandle = resolvedHandle;
              // The following assert is almost always correct, but will fail for corner cases, such as PrivateInvokeTest.
-             //assert(!isInvokeBasic());
+             //assert(!isInvokeBasic(member));
         }
         NamedFunction(MethodType basicInvokerType) {
             assert(basicInvokerType == basicInvokerType.basicType()) : basicInvokerType;
@@ -1045,13 +1045,13 @@
                 // necessary to pass BigArityTest
                 this.member = Invokers.invokeBasicMethod(basicInvokerType);
             }
-            assert(isInvokeBasic());
+            assert(isInvokeBasic(member));
         }
 
-        private boolean isInvokeBasic() {
+        private static boolean isInvokeBasic(MemberName member) {
             return member != null &&
-                   member.isMethodHandleInvoke() &&
-                   "invokeBasic".equals(member.getName());
+                   member.getDeclaringClass() == MethodHandle.class &&
+                  "invokeBasic".equals(member.getName());
         }
 
         // The next 3 constructors are used to break circular dependencies on MH.invokeStatic, etc.
@@ -1191,7 +1191,7 @@
             assert(mh.type().basicType() == MethodType.genericMethodType(arity).changeReturnType(rtype))
                     : Arrays.asList(mh, rtype, arity);
             MemberName member = mh.internalMemberName();
-            if (member != null && member.getName().equals("invokeBasic") && member.isMethodHandleInvoke()) {
+            if (isInvokeBasic(member)) {
                 assert(arity > 0);
                 assert(a[0] instanceof MethodHandle);
                 MethodHandle mh2 = (MethodHandle) a[0];
--- a/src/share/classes/java/lang/invoke/MemberName.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/java/lang/invoke/MemberName.java	Tue Jul 05 15:30:38 2016 -0700
@@ -341,7 +341,6 @@
     }
 
     /** Utility method to query if this member is a method handle invocation (invoke or invokeExact).
-     *  Also returns true for the non-public MH.invokeBasic.
      */
     public boolean isMethodHandleInvoke() {
         final int bits = MH_INVOKE_MODS &~ Modifier.PUBLIC;
@@ -356,7 +355,6 @@
         switch (name) {
         case "invoke":
         case "invokeExact":
-        case "invokeBasic":  // internal sig-poly method
             return true;
         default:
             return false;
--- a/src/share/classes/java/lang/invoke/MethodHandles.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/java/lang/invoke/MethodHandles.java	Tue Jul 05 15:30:38 2016 -0700
@@ -28,6 +28,7 @@
 import java.lang.reflect.*;
 import java.util.BitSet;
 import java.util.List;
+import java.util.ArrayList;
 import java.util.Arrays;
 
 import sun.invoke.util.ValueConversions;
@@ -864,8 +865,6 @@
                 return invoker(type);
             if ("invokeExact".equals(name))
                 return exactInvoker(type);
-            if ("invokeBasic".equals(name))
-                return basicInvoker(type);
             assert(!MemberName.isMethodHandleInvokeName(name));
             return null;
         }
@@ -2450,6 +2449,7 @@
      */
     public static
     MethodHandle dropArguments(MethodHandle target, int pos, List<Class<?>> valueTypes) {
+        valueTypes = copyTypes(valueTypes);
         MethodType oldType = target.type();  // get NPE
         int dropped = dropArgumentChecks(oldType, pos, valueTypes);
         MethodType newType = oldType.insertParameterTypes(pos, valueTypes);
@@ -2464,6 +2464,11 @@
         return result;
     }
 
+    private static List<Class<?>> copyTypes(List<Class<?>> types) {
+        Object[] a = types.toArray();
+        return Arrays.asList(Arrays.copyOf(a, a.length, Class[].class));
+    }
+
     private static int dropArgumentChecks(MethodType oldType, int pos, List<Class<?>> valueTypes) {
         int dropped = valueTypes.size();
         MethodType.checkSlotCount(dropped);
@@ -2845,7 +2850,7 @@
         int filterValues = filterType.parameterCount();
         if (filterValues == 0
                 ? (rtype != void.class)
-                : (rtype != filterType.parameterType(0)))
+                : (rtype != filterType.parameterType(0) || filterValues != 1))
             throw newIllegalArgumentException("target and filter types do not match", targetType, filterType);
     }
 
--- a/src/share/classes/java/security/ProtectionDomain.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/java/security/ProtectionDomain.java	Tue Jul 05 15:30:38 2016 -0700
@@ -469,6 +469,11 @@
                 public ProtectionDomainCache getProtectionDomainCache() {
                     return new PDCache();
                 }
+
+                @Override
+                public boolean getStaticPermissionsField(ProtectionDomain pd) {
+                    return pd.staticPermissions;
+                }
             });
     }
 
--- a/src/share/classes/javax/security/auth/SubjectDomainCombiner.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/javax/security/auth/SubjectDomainCombiner.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,8 @@
 import java.util.Set;
 import java.util.WeakHashMap;
 import java.lang.ref.WeakReference;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecurityProtectionDomainAccess;
 
 /**
  * A {@code SubjectDomainCombiner} updates ProtectionDomains
@@ -65,6 +67,9 @@
     private static final boolean allowCaching =
                                         (useJavaxPolicy && cachePolicy());
 
+    private static final JavaSecurityProtectionDomainAccess pdAccess =
+        SharedSecrets.getJavaSecurityProtectionDomainAccess();
+
     /**
      * Associate the provided {@code Subject} with this
      * {@code SubjectDomainCombiner}.
@@ -239,10 +244,16 @@
                 subjectPd = cachedPDs.getValue(pd);
 
                 if (subjectPd == null) {
-                    subjectPd = new ProtectionDomain(pd.getCodeSource(),
+                    if (pdAccess.getStaticPermissionsField(pd)) {
+                        // Need to keep static ProtectionDomain objects static
+                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
+                                                pd.getPermissions());
+                    } else {
+                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
                                                 pd.getPermissions(),
                                                 pd.getClassLoader(),
                                                 principals);
+                    }
                     cachedPDs.putValue(pd, subjectPd);
                 } else {
                     allNew = false;
@@ -341,60 +352,63 @@
                 ProtectionDomain subjectPd = cachedPDs.getValue(pd);
 
                 if (subjectPd == null) {
+                    if (pdAccess.getStaticPermissionsField(pd)) {
+                        // keep static ProtectionDomain objects static
+                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
+                                                pd.getPermissions());
+                    } else {
+                        // XXX
+                        // we must first add the original permissions.
+                        // that way when we later add the new JAAS permissions,
+                        // any unresolved JAAS-related permissions will
+                        // automatically get resolved.
 
-                    // XXX
-                    // we must first add the original permissions.
-                    // that way when we later add the new JAAS permissions,
-                    // any unresolved JAAS-related permissions will
-                    // automatically get resolved.
-
-                    // get the original perms
-                    Permissions perms = new Permissions();
-                    PermissionCollection coll = pd.getPermissions();
-                    java.util.Enumeration<Permission> e;
-                    if (coll != null) {
-                        synchronized (coll) {
-                            e = coll.elements();
-                            while (e.hasMoreElements()) {
-                                Permission newPerm =
+                        // get the original perms
+                        Permissions perms = new Permissions();
+                        PermissionCollection coll = pd.getPermissions();
+                        java.util.Enumeration<Permission> e;
+                        if (coll != null) {
+                            synchronized (coll) {
+                                e = coll.elements();
+                                while (e.hasMoreElements()) {
+                                    Permission newPerm =
                                         e.nextElement();
-                                 perms.add(newPerm);
+                                    perms.add(newPerm);
+                                }
                             }
                         }
-                    }
 
-                    // get perms from the policy
+                        // get perms from the policy
+                        final java.security.CodeSource finalCs = pd.getCodeSource();
+                        final Subject finalS = subject;
+                        PermissionCollection newPerms =
+                            java.security.AccessController.doPrivileged
+                            (new PrivilegedAction<PermissionCollection>() {
+                            @SuppressWarnings("deprecation")
+                            public PermissionCollection run() {
+                                return
+                                    javax.security.auth.Policy.getPolicy().getPermissions
+                                    (finalS, finalCs);
+                            }
+                        });
 
-                    final java.security.CodeSource finalCs = pd.getCodeSource();
-                    final Subject finalS = subject;
-                    PermissionCollection newPerms =
-                        java.security.AccessController.doPrivileged
-                        (new PrivilegedAction<PermissionCollection>() {
-                        @SuppressWarnings("deprecation")
-                        public PermissionCollection run() {
-                          return
-                          javax.security.auth.Policy.getPolicy().getPermissions
-                                (finalS, finalCs);
-                        }
-                    });
-
-                    // add the newly granted perms,
-                    // avoiding duplicates
-                    synchronized (newPerms) {
-                        e = newPerms.elements();
-                        while (e.hasMoreElements()) {
-                            Permission newPerm = e.nextElement();
-                            if (!perms.implies(newPerm)) {
-                                perms.add(newPerm);
-                                if (debug != null)
-                                    debug.println (
-                                        "Adding perm " + newPerm + "\n");
+                        // add the newly granted perms,
+                        // avoiding duplicates
+                        synchronized (newPerms) {
+                            e = newPerms.elements();
+                            while (e.hasMoreElements()) {
+                                Permission newPerm = e.nextElement();
+                                if (!perms.implies(newPerm)) {
+                                    perms.add(newPerm);
+                                    if (debug != null)
+                                        debug.println (
+                                            "Adding perm " + newPerm + "\n");
+                                }
                             }
                         }
+                        subjectPd = new ProtectionDomain
+                            (finalCs, perms, pd.getClassLoader(), principals);
                     }
-                    subjectPd = new ProtectionDomain
-                        (finalCs, perms, pd.getClassLoader(), principals);
-
                     if (allowCaching)
                         cachedPDs.putValue(pd, subjectPd);
                 }
--- a/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -44,7 +44,7 @@
 
 java.launcher.cls.error1=\u932F\u8AA4: \u627E\u4E0D\u5230\u6216\u7121\u6CD5\u8F09\u5165\u4E3B\u8981\u985E\u5225 {0}
 java.launcher.cls.error2=\u932F\u8AA4: \u4E3B\u8981\u65B9\u6CD5\u4E0D\u662F\u985E\u5225 {1} \u4E2D\u7684 {0}\uFF0C\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n   public static void main(String[] args)
-java.launcher.cls.error3=\u932F\u8AA4: \u4E3B\u8981\u65B9\u6CD5\u5FC5\u9808\u50B3\u56DE\u985E\u5225 {0} \u4E2D void \u985E\u578B\u7684\u503C\uFF0C \n\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n   public static void main(String[] args)
+java.launcher.cls.error3=\u932F\u8AA4: \u4E3B\u8981\u65B9\u6CD5\u5FC5\u9808\u50B3\u56DE\u985E\u5225 {0} \u4E2D void \u985E\u578B\u7684\u503C\uFF0C\n\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n   public static void main(String[] args)
 java.launcher.cls.error4=\u932F\u8AA4: \u5728\u985E\u5225 {0} \u4E2D\u627E\u4E0D\u5230\u4E3B\u8981\u65B9\u6CD5\uFF0C\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n   public static void main(String[] args)\n\u6216\u8005 JavaFX \u61C9\u7528\u7A0B\u5F0F\u985E\u5225\u5FC5\u9808\u64F4\u5145 {1}
 java.launcher.cls.error5=\u932F\u8AA4: \u907A\u6F0F\u57F7\u884C\u6B64\u61C9\u7528\u7A0B\u5F0F\u6240\u9700\u7684 JavaFX \u7A0B\u5F0F\u5BE6\u969B\u57F7\u884C\u5143\u4EF6
 java.launcher.jar.error1=\u932F\u8AA4: \u5617\u8A66\u958B\u555F\u6A94\u6848 {0} \u6642\u767C\u751F\u672A\u9810\u671F\u7684\u932F\u8AA4
--- a/src/share/classes/sun/management/resources/agent_zh_TW.properties	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/management/resources/agent_zh_TW.properties	Tue Jul 05 15:30:38 2016 -0700
@@ -1,6 +1,6 @@
 #
 #
-# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -31,10 +31,10 @@
 agent.err.exception                = \u4EE3\u7406\u7A0B\u5F0F\u767C\u751F\u7570\u5E38 
 agent.err.warning		   = \u8B66\u544A
 
-agent.err.configfile.notfound      = \u627E\u4E0D\u5230\u914D\u7F6E\u6A94\u6848
-agent.err.configfile.failed        = \u7121\u6CD5\u8B80\u53D6\u914D\u7F6E\u6A94\u6848
-agent.err.configfile.closed.failed = \u7121\u6CD5\u95DC\u9589\u914D\u7F6E\u6A94\u6848
-agent.err.configfile.access.denied = \u5B58\u53D6\u914D\u7F6E\u6A94\u6848\u906D\u5230\u62D2\u7D55
+agent.err.configfile.notfound      = \u627E\u4E0D\u5230\u7D44\u614B\u6A94\u6848
+agent.err.configfile.failed        = \u7121\u6CD5\u8B80\u53D6\u7D44\u614B\u6A94\u6848
+agent.err.configfile.closed.failed = \u7121\u6CD5\u95DC\u9589\u7D44\u614B\u6A94\u6848
+agent.err.configfile.access.denied = \u5B58\u53D6\u7D44\u614B\u6A94\u6848\u906D\u5230\u62D2\u7D55
 
 agent.err.exportaddress.failed	   = \u5C07 JMX \u9023\u63A5\u5668\u4F4D\u5740\u532F\u51FA\u81F3\u8A2D\u5099\u7DE9\u885D\u5340\u5931\u6557
 
--- a/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java	Tue Jul 05 15:30:38 2016 -0700
@@ -36,4 +36,9 @@
      * Returns the ProtectionDomainCache.
      */
     ProtectionDomainCache getProtectionDomainCache();
+
+    /**
+     * Returns the staticPermissions field of the specified object
+     */
+    boolean getStaticPermissionsField(ProtectionDomain pd);
 }
--- a/src/share/classes/sun/rmi/server/resources/rmid_zh_TW.properties	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/rmi/server/resources/rmid_zh_TW.properties	Tue Jul 05 15:30:38 2016 -0700
@@ -1,6 +1,6 @@
 #
 #
-# Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -71,7 +71,7 @@
 # "Activation.main", "sun.rmi.activation.execPolicy", "ExecPermission" and 
 # "ExecOptionPermission" should not be translated, since they refer to
 # class/permission names.
-rmid.exec.perms.inadequate=Activation.main: \u8B66\u544A: sun.rmi.activation.execPolicy \u7CFB\u7D71\n\u5C6C\u6027\u672A\u6307\u5B9A\uFF0C\u4E26\u4E14\u672A\u6388\u4E88 ExecPermissions/ExecOptionPermissions; \n\u5F8C\u7E8C\u7684\u555F\u52D5\u5617\u8A66\u53EF\u80FD\u6703\u56E0\u70BA\u672A\u6210\u529F\u7684\nExecPermission/ExecOptionPermission \u6B0A\u9650\u6AA2\u67E5\u800C\u5931\u6557\u3002\u5982\u9700\n\u95DC\u65BC\u5982\u4F55\u914D\u7F6E rmid \u5B89\u5168\u7684\u8AAA\u660E\u6587\u4EF6\uFF0C\u8ACB\u53C3\u8003:\n\nhttp://java.sun.com/j2se/1.4/docs/tooldocs/solaris/rmid.html\nhttp://java.sun.com/j2se/1.4/docs/tooldocs/win32/rmid.html\n
+rmid.exec.perms.inadequate=Activation.main: \u8B66\u544A: sun.rmi.activation.execPolicy \u7CFB\u7D71\n\u5C6C\u6027\u672A\u6307\u5B9A\uFF0C\u4E26\u4E14\u672A\u6388\u4E88 ExecPermissions/ExecOptionPermissions; \n\u5F8C\u7E8C\u7684\u555F\u52D5\u5617\u8A66\u53EF\u80FD\u6703\u56E0\u70BA\u672A\u6210\u529F\u7684\nExecPermission/ExecOptionPermission \u6B0A\u9650\u6AA2\u67E5\u800C\u5931\u6557\u3002\u5982\u9700\n\u95DC\u65BC\u5982\u4F55\u8A2D\u5B9A rmid \u5B89\u5168\u7684\u8AAA\u660E\u6587\u4EF6\uFF0C\u8ACB\u53C3\u8003:\n\nhttp://java.sun.com/j2se/1.4/docs/tooldocs/solaris/rmid.html\nhttp://java.sun.com/j2se/1.4/docs/tooldocs/win32/rmid.html\n
 
 # "rmid", "-port", "-log", "-stop", "-C" and "-J" should not be translated,
 # because they are syntax
--- a/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,6 +88,8 @@
                 "[-tsacert <alias>]          \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u516C\u958B\u9375\u8A3C\u660E\u66F8"},
         {".tsapolicyid.tsapolicyid.for.Timestamping.Authority",
                 "[-tsapolicyid <oid>]        \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306ETSAPolicyID"},
+        {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
+                "[-tsadigestalg <algorithm>] \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u30FB\u30EA\u30AF\u30A8\u30B9\u30C8\u306E\u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30C7\u30FC\u30BF\u306E\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0"},
         {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
                 "[-altsigner <class>]        \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u30AF\u30E9\u30B9\u540D"},
         {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
--- a/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,6 +88,8 @@
                 "[-tsacert <\u522B\u540D>]           \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684\u516C\u5171\u5BC6\u94A5\u8BC1\u4E66"},
         {".tsapolicyid.tsapolicyid.for.Timestamping.Authority",
                 "[-tsapolicyid <oid>]        \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684 TSAPolicyID"},
+        {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
+                "[-tsadigestalg <\u7B97\u6CD5>]      \u65F6\u95F4\u6233\u8BF7\u6C42\u4E2D\u7684\u6458\u8981\u6570\u636E\u7684\u7B97\u6CD5"},
         {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
                 "[-altsigner <\u7C7B>]           \u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236\u7684\u7C7B\u540D"},
         {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
--- a/src/share/classes/sun/security/tools/keytool/Resources_zh_TW.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/security/tools/keytool/Resources_zh_TW.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -381,9 +381,9 @@
                 "\u6C92\u6709\u4F86\u81EA SSL \u4F3A\u670D\u5668\u7684\u6191\u8B49"},
 
         {".The.integrity.of.the.information.stored.in.your.keystore.",
-            "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u8CC7\u8A0A  *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C*\n* \u60A8\u5FC5\u9808\u63D0\u4F9B\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u3002                  *"},
+            "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u8CC7\u8A0A  *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C    *\n* \u60A8\u5FC5\u9808\u63D0\u4F9B\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u3002  *"},
         {".The.integrity.of.the.information.stored.in.the.srckeystore.",
-            "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC srckeystore \u4E2D\u8CC7\u8A0A*\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C\u60A8\u5FC5\u9808 *\n* \u63D0\u4F9B srckeystore \u5BC6\u78BC\u3002          *"},
+            "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC srckeystore \u4E2D\u8CC7\u8A0A  *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C\u60A8\u5FC5\u9808 *\n* \u63D0\u4F9B srckeystore \u5BC6\u78BC\u3002            *"},
 
         {"Certificate.reply.does.not.contain.public.key.for.alias.",
                 "\u6191\u8B49\u56DE\u8986\u4E26\u672A\u5305\u542B <{0}> \u7684\u516C\u958B\u91D1\u9470"},
--- a/src/share/classes/sun/security/tools/policytool/Resources_zh_TW.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/security/tools/policytool/Resources_zh_TW.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,7 +35,7 @@
     private static final Object[][] contents = {
         {"NEWLINE", "\n"},
         {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.",
-                "\u8B66\u544A: \u5225\u540D {0} \u7684\u516C\u958B\u91D1\u9470\u4E0D\u5B58\u5728\u3002\u8ACB\u78BA\u5B9A\u91D1\u9470\u5132\u5B58\u5EAB\u914D\u7F6E\u6B63\u78BA\u3002"},
+                "\u8B66\u544A: \u5225\u540D {0} \u7684\u516C\u958B\u91D1\u9470\u4E0D\u5B58\u5728\u3002\u8ACB\u78BA\u5B9A\u91D1\u9470\u5132\u5B58\u5EAB\u8A2D\u5B9A\u6B63\u78BA\u3002"},
         {"Warning.Class.not.found.class", "\u8B66\u544A: \u627E\u4E0D\u5230\u985E\u5225 {0}"},
         {"Warning.Invalid.argument.s.for.constructor.arg",
                 "\u8B66\u544A: \u7121\u6548\u7684\u5EFA\u69CB\u5B50\u5F15\u6578: {0}"},
--- a/src/share/classes/sun/security/util/Resources_zh_TW.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/share/classes/sun/security/util/Resources_zh_TW.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -83,7 +83,7 @@
         // javax.security.auth.login.LoginContext
         {"Invalid.null.input.name", "\u7121\u6548\u7A7A\u503C\u8F38\u5165: \u540D\u7A31"},
         {"No.LoginModules.configured.for.name",
-         "\u7121\u91DD\u5C0D {0} \u914D\u7F6E\u7684 LoginModules"},
+         "\u7121\u91DD\u5C0D {0} \u8A2D\u5B9A\u7684 LoginModules"},
         {"invalid.null.Subject.provided", "\u63D0\u4F9B\u7121\u6548\u7A7A\u503C\u4E3B\u984C"},
         {"invalid.null.CallbackHandler.provided",
                 "\u63D0\u4F9B\u7121\u6548\u7A7A\u503C CallbackHandler"},
--- a/src/windows/classes/sun/nio/ch/PipeImpl.java	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/windows/classes/sun/nio/ch/PipeImpl.java	Tue Jul 05 15:30:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,7 @@
 import java.security.AccessController;
 import java.security.PrivilegedExceptionAction;
 import java.security.PrivilegedActionException;
+import java.security.SecureRandom;
 import java.util.Random;
 
 
@@ -47,24 +48,16 @@
 class PipeImpl
     extends Pipe
 {
+    // Number of bytes in the secret handshake.
+    private static final int NUM_SECRET_BYTES = 16;
+
+    // Random object for handshake values
+    private static final Random RANDOM_NUMBER_GENERATOR = new SecureRandom();
 
     // Source and sink channels
     private SourceChannel source;
     private SinkChannel sink;
 
-    // Random object for handshake values
-    private static final Random rnd;
-
-    static {
-        byte[] someBytes = new byte[8];
-        boolean resultOK = IOUtil.randomBytes(someBytes);
-        if (resultOK) {
-            rnd = new Random(ByteBuffer.wrap(someBytes).getLong());
-        } else {
-            rnd = new Random();
-        }
-    }
-
     private class Initializer
         implements PrivilegedExceptionAction<Void>
     {
@@ -112,6 +105,10 @@
                 SocketChannel sc2 = null;
 
                 try {
+                    // Create secret with a backing array.
+                    ByteBuffer secret = ByteBuffer.allocate(NUM_SECRET_BYTES);
+                    ByteBuffer bb = ByteBuffer.allocate(NUM_SECRET_BYTES);
+
                     // Loopback address
                     InetAddress lb = InetAddress.getByName("127.0.0.1");
                     assert(lb.isLoopbackAddress());
@@ -128,18 +125,22 @@
                         // Establish connection (assume connections are eagerly
                         // accepted)
                         sc1 = SocketChannel.open(sa);
-                        ByteBuffer bb = ByteBuffer.allocate(8);
-                        long secret = rnd.nextLong();
-                        bb.putLong(secret).flip();
-                        sc1.write(bb);
+                        RANDOM_NUMBER_GENERATOR.nextBytes(secret.array());
+                        do {
+                            sc1.write(secret);
+                        } while (secret.hasRemaining());
+                        secret.rewind();
 
                         // Get a connection and verify it is legitimate
                         sc2 = ssc.accept();
-                        bb.clear();
-                        sc2.read(bb);
+                        do {
+                            sc2.read(bb);
+                        } while (bb.hasRemaining());
                         bb.rewind();
-                        if (bb.getLong() == secret)
+
+                        if (bb.equals(secret))
                             break;
+
                         sc2.close();
                         sc1.close();
                     }
--- a/src/windows/native/sun/windows/awt_Font.cpp	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/windows/native/sun/windows/awt_Font.cpp	Tue Jul 05 15:30:38 2016 -0700
@@ -256,7 +256,7 @@
 
     AwtFont* awtFont = NULL;
     jobjectArray compFont = NULL;
-    int cfnum;
+    int cfnum = 0;
 
     try {
         if (env->EnsureLocalCapacity(3) < 0)
@@ -264,7 +264,9 @@
 
         if (IsMultiFont(env, font)) {
             compFont = GetComponentFonts(env, font);
-            cfnum = env->GetArrayLength(compFont);
+            if (compFont != NULL) {
+                cfnum = env->GetArrayLength(compFont);
+            }
         } else {
             compFont = NULL;
             cfnum = 0;
@@ -614,7 +616,9 @@
 
     if (IsMultiFont(env, font)) {
         array = GetComponentFonts(env, font);
-        num = env->GetArrayLength(array);
+        if (array != NULL) {
+            num = env->GetArrayLength(array);
+        }
     } else {
         array = NULL;
         num = 0;
@@ -672,14 +676,16 @@
 
     if (IsMultiFont(env, font)) {
         jobject peer = env->CallObjectMethod(font, AwtFont::peerMID);
-        array =  (jobjectArray)(env->CallObjectMethod(
-        peer, AwtFont::makeConvertedMultiFontStringMID, str));
-        DASSERT(!safe_ExceptionOccurred(env));
+        if (peer != NULL) {
+            array = (jobjectArray)(env->CallObjectMethod(
+            peer, AwtFont::makeConvertedMultiFontStringMID, str));
+            DASSERT(!safe_ExceptionOccurred(env));
 
-        if (array != NULL) {
-            arrayLength = env->GetArrayLength(array);
+            if (array != NULL) {
+                arrayLength = env->GetArrayLength(array);
+            }
+            env->DeleteLocalRef(peer);
         }
-        env->DeleteLocalRef(peer);
     } else {
         array = NULL;
         arrayLength = 0;
--- a/src/windows/native/sun/windows/awt_Font.h	Mon Jul 04 14:30:09 2016 -0700
+++ b/src/windows/native/sun/windows/awt_Font.h	Tue Jul 05 15:30:38 2016 -0700
@@ -230,11 +230,14 @@
     INLINE static jobjectArray GetComponentFonts(JNIEnv *env,
                                                      jobject font) {
       jobject platformFont = env->CallObjectMethod(font, AwtFont::peerMID);
-      jobjectArray result =
-          (jobjectArray)(env->GetObjectField(platformFont,
-                                             AwtFont::componentFontsID));
-      env->DeleteLocalRef(platformFont);
-      return result;
+      if (platformFont != NULL) {
+          jobjectArray result =
+              (jobjectArray)(env->GetObjectField(platformFont,
+                                                 AwtFont::componentFontsID));
+          env->DeleteLocalRef(platformFont);
+          return result;
+      }
+      return NULL;
     }
 
    /*