changeset 5809:0c1d463a0406

Merge
author chegar
date Fri, 01 Mar 2013 15:28:53 +0000
parents 6f2aac9b0471 380a8da01aac
children c0815331901f
files
diffstat 44 files changed, 1619 insertions(+), 342 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Fri Mar 01 14:41:39 2013 +0000
+++ b/.hgtags	Fri Mar 01 15:28:53 2013 +0000
@@ -232,6 +232,8 @@
 1d14a3d7bac870423e52a889d2f5f60ee76ddc6a jdk7u11-b07
 ee61b528b3f866b20095f5e9593896d4ea4be468 jdk7u11-b08
 0b9564dab118d40bc5edc60269f736f97ab6f385 jdk7u13-b09
+cbbb166b38eb15f5d5c68e913ee18f6f352b7af0 jdk7u13-b10
+28700a56b69d80e70aecf230ab7f9ad4bb5acf23 jdk7u13-b30
 8eb180a284b0911b2645d5cbdff5be499a75d6b2 jdk7u13-b20
 df945ef30444adf08f3ef14b0c49c8bda6dda587 jdk7u8-b01
 dd1e513c05b8b8c8402e9ecf9c0d5bdbebb1a089 jdk7u8-b02
@@ -254,3 +256,6 @@
 e012aace90500a88f51ce83fcd27791f5dbf493f jdk7u14-b10
 9eb82fb221f3b34a5df97e7db3c949fdb0b6fee0 jdk7u14-b11
 ee3ab2ed2371dd72ad5a75ebb6b6b69071e29390 jdk7u14-b12
+7c0d4bfd9d2c183ebf8566013af5111927b472f6 jdk7u14-b13
+835448d525a10bb826f4f7ebe272fc410bdb0f5d jdk7u15-b01
+0443fe2d8023111b52f4c8db32e038f4a5a9f373 jdk7u15-b02
--- a/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java	Fri Mar 01 15:28:53 2013 +0000
@@ -36,6 +36,7 @@
 
 import javax.management.ObjectName;
 import javax.management.loading.PrivateClassLoader;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * This class keeps the list of Class Loaders registered in the MBean Server.
@@ -192,6 +193,7 @@
                                final ClassLoader without,
                                final ClassLoader stop)
             throws ClassNotFoundException {
+        ReflectUtil.checkPackageAccess(className);
         final int size = list.length;
         for(int i=0; i<size; i++) {
             try {
--- a/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java	Fri Mar 01 15:28:53 2013 +0000
@@ -51,6 +51,7 @@
 import javax.management.MBeanRegistrationException;
 import javax.management.MBeanServer;
 import javax.management.MBeanServerDelegate;
+import javax.management.MBeanServerPermission;
 import javax.management.NotCompliantMBeanException;
 import javax.management.NotificationFilter;
 import javax.management.NotificationListener;
@@ -1409,6 +1410,8 @@
         // Default is true.
         final boolean fairLock = DEFAULT_FAIR_LOCK_POLICY;
 
+        checkNewMBeanServerPermission();
+
         // This constructor happens to disregard the value of the interceptors
         // flag - that is, it always uses the default value - false.
         // This is admitedly a bug, but we chose not to fix it for now
@@ -1494,4 +1497,11 @@
         }
     }
 
+    private static void checkNewMBeanServerPermission() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            Permission perm = new MBeanServerPermission("newMBeanServer");
+            sm.checkPermission(perm);
+        }
+    }
 }
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java	Fri Mar 01 15:28:53 2013 +0000
@@ -32,11 +32,13 @@
 import java.io.ObjectInputStream;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.security.Permission;
 import java.util.Map;
 import java.util.logging.Level;
 
 import javax.management.InstanceNotFoundException;
 import javax.management.MBeanException;
+import javax.management.MBeanPermission;
 import javax.management.NotCompliantMBeanException;
 import javax.management.ObjectName;
 import javax.management.OperationsException;
@@ -44,7 +46,7 @@
 import javax.management.RuntimeErrorException;
 import javax.management.RuntimeMBeanException;
 import javax.management.RuntimeOperationsException;
-
+import sun.reflect.misc.ConstructorUtil;
 import sun.reflect.misc.ReflectUtil;
 
 /**
@@ -56,7 +58,6 @@
  * @since 1.5
  */
 public class MBeanInstantiator {
-
     private final ModifiableClassLoaderRepository clr;
     //    private MetaData meta = null;
 
@@ -88,6 +89,7 @@
                              "Exception occurred during object instantiation");
         }
 
+        ReflectUtil.checkPackageAccess(className);
         try {
             if (clr == null) throw new ClassNotFoundException(className);
             theClass = clr.loadClass(className);
@@ -162,6 +164,7 @@
                     continue;
                 }
 
+                ReflectUtil.checkPackageAccess(signature[i]);
                 // Ok we do not have a primitive type ! We need to build
                 // the signature of the method
                 //
@@ -205,6 +208,9 @@
      */
     public Object instantiate(Class<?> theClass)
         throws ReflectionException, MBeanException {
+
+        checkMBeanPermission(theClass, null, null, "instantiate");
+
         Object moi;
 
 
@@ -260,6 +266,9 @@
     public Object instantiate(Class<?> theClass, Object params[],
                               String signature[], ClassLoader loader)
         throws ReflectionException, MBeanException {
+
+        checkMBeanPermission(theClass, null, null, "instantiate");
+
         // Instantiate the new object
 
         // ------------------------------
@@ -407,6 +416,8 @@
             throw new  RuntimeOperationsException(new
              IllegalArgumentException(), "Null className passed in parameter");
         }
+
+        ReflectUtil.checkPackageAccess(className);
         Class<?> theClass;
         if (loaderName == null) {
             // Load the class using the agent class loader
@@ -619,13 +630,13 @@
      **/
     static Class<?> loadClass(String className, ClassLoader loader)
         throws ReflectionException {
-
         Class<?> theClass;
         if (className == null) {
             throw new RuntimeOperationsException(new
                 IllegalArgumentException("The class name cannot be null"),
                               "Exception occurred during object instantiation");
         }
+        ReflectUtil.checkPackageAccess(className);
         try {
             if (loader == null)
                 loader = MBeanInstantiator.class.getClassLoader();
@@ -676,6 +687,7 @@
                 // We need to load the class through the class
                 // loader of the target object.
                 //
+                ReflectUtil.checkPackageAccess(signature[i]);
                 tab[i] = Class.forName(signature[i], false, aLoader);
             }
         } catch (ClassNotFoundException e) {
@@ -701,7 +713,7 @@
 
     private Constructor<?> findConstructor(Class<?> c, Class<?>[] params) {
         try {
-            return c.getConstructor(params);
+            return ConstructorUtil.getConstructor(c, params);
         } catch (Exception e) {
             return null;
         }
@@ -715,4 +727,18 @@
                                           char.class, boolean.class})
             primitiveClasses.put(c.getName(), c);
     }
+
+    private static void checkMBeanPermission(Class<?> clazz,
+                                             String member,
+                                             ObjectName objectName,
+                                             String actions) {
+        SecurityManager sm = System.getSecurityManager();
+        if (clazz != null && sm != null) {
+            Permission perm = new MBeanPermission(clazz.getName(),
+                                                  member,
+                                                  objectName,
+                                                  actions);
+            sm.checkPermission(perm);
+        }
+    }
 }
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java	Fri Mar 01 15:28:53 2013 +0000
@@ -38,6 +38,7 @@
 import javax.management.ObjectName;
 import javax.management.ReflectionException;
 import com.sun.jmx.mbeanserver.MXBeanMappingFactory;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * Base class for MBeans.  There is one instance of this class for
@@ -131,6 +132,7 @@
                 " is not an instance of " + mbeanInterfaceType.getName();
             throw new NotCompliantMBeanException(msg);
         }
+        ReflectUtil.checkPackageAccess(mbeanInterfaceType);
         this.resource = resource;
         MBeanIntrospector<M> introspector = getMBeanIntrospector();
         this.perInterface = introspector.getPerInterface(mbeanInterfaceType);
--- a/src/share/classes/java/lang/invoke/DirectMethodHandle.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/java/lang/invoke/DirectMethodHandle.java	Fri Mar 01 15:28:53 2013 +0000
@@ -50,7 +50,18 @@
     // Constructors and factory methods in this class *must* be package scoped or private.
     private DirectMethodHandle(MethodType mtype, LambdaForm form, MemberName member) {
         super(mtype, form);
-        if (!member.isResolved())  throw new InternalError();
+        if (!member.isResolved())
+            throw new InternalError();
+
+        if (member.getDeclaringClass().isInterface() && !member.isAbstract()) {
+           // Check for corner case: invokeinterface of Object method
+            MemberName m = new MemberName(Object.class, member.getName(), member.getMethodType(), member.getReferenceKind());
+            m = MemberName.getFactory().resolveOrNull(m.getReferenceKind(), m, null);
+            if (m != null && m.isPublic()) {
+                member = m;
+            }
+        }
+
         this.member = member;
     }
 
--- a/src/share/classes/java/lang/invoke/MethodHandleImpl.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleImpl.java	Fri Mar 01 15:28:53 2013 +0000
@@ -802,12 +802,11 @@
         static
         MethodHandle bindCaller(MethodHandle mh, Class<?> hostClass) {
             // Do not use this function to inject calls into system classes.
-            if (hostClass == null) {
-                hostClass = C_Trampoline;
-            } else if (hostClass.isArray() ||
+            if (hostClass == null
+                ||    (hostClass.isArray() ||
                        hostClass.isPrimitive() ||
                        hostClass.getName().startsWith("java.") ||
-                       hostClass.getName().startsWith("sun.")) {
+                       hostClass.getName().startsWith("sun."))) {
                 throw new InternalError();  // does not happen, and should not anyway
             }
             // For simplicity, convert mh to a varargs-like method.
@@ -817,23 +816,6 @@
             return restoreToType(bccInvoker.bindTo(vamh), mh.type());
         }
 
-        // This class ("Trampoline") is known to be inside a dead-end class loader.
-        // Inject all doubtful calls into this class.
-        private static Class<?> C_Trampoline;
-        static {
-            Class<?> tramp = null;
-            try {
-                final int FRAME_COUNT_ARG = 1;  // [0] Reflection [1] Trampoline
-                java.lang.reflect.Method gcc = sun.reflect.Reflection.class.getMethod("getCallerClass", int.class);
-                tramp = (Class<?>) sun.reflect.misc.MethodUtil.invoke(gcc, null, new Object[]{ FRAME_COUNT_ARG });
-                if (tramp.getClassLoader() == BindCaller.class.getClassLoader())
-                    throw new RuntimeException(tramp.getName()+" class loader");
-            } catch (Throwable ex) {
-                throw newInternalError(ex);
-            }
-            C_Trampoline = tramp;
-        }
-
         private static final Unsafe UNSAFE = Unsafe.getUnsafe();
 
         private static MethodHandle makeInjectedInvoker(Class<?> hostClass) {
--- a/src/share/classes/java/lang/invoke/MethodHandleNatives.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleNatives.java	Fri Mar 01 15:28:53 2013 +0000
@@ -393,11 +393,14 @@
      */
     // FIXME: Replace this pattern match by an annotation @sun.reflect.CallerSensitive.
     static boolean isCallerSensitive(MemberName mem) {
-        assert(mem.isInvocable());
+        if (!mem.isInvocable())  return false;  // fields are not caller sensitive
         Class<?> defc = mem.getDeclaringClass();
         switch (mem.getName()) {
         case "doPrivileged":
+        case "doPrivilegedWithCombiner":
             return defc == java.security.AccessController.class;
+        case "checkMemberAccess":
+            return canBeCalledVirtual(mem, java.lang.SecurityManager.class);
         case "getUnsafe":
             return defc == sun.misc.Unsafe.class;
         case "lookup":
@@ -470,7 +473,7 @@
             if (defc == java.util.concurrent.atomic.AtomicReferenceFieldUpdater.class)  return true;
             break;
         case "getContextClassLoader":
-            return defc == java.lang.Thread.class;
+            return canBeCalledVirtual(mem, java.lang.Thread.class);
         case "getPackage":
         case "getPackages":
             return defc == java.lang.Package.class;
@@ -488,13 +491,24 @@
             break;
         case "getCallerClassLoader":
             return defc == java.lang.ClassLoader.class;
+        case "registerAsParallelCapable":
+            return canBeCalledVirtual(mem, java.lang.ClassLoader.class);
         case "getProxyClass":
         case "newProxyInstance":
             return defc == java.lang.reflect.Proxy.class;
+        case "asInterfaceInstance":
+            return defc == java.lang.invoke.MethodHandleProxies.class;
         case "getBundle":
         case "clearCache":
             return defc == java.util.ResourceBundle.class;
         }
         return false;
     }
+    static boolean canBeCalledVirtual(MemberName symbolicRef, Class<?> definingClass) {
+        Class<?> symbolicRefClass = symbolicRef.getDeclaringClass();
+        if (symbolicRefClass == definingClass)  return true;
+        if (symbolicRef.isStatic() || symbolicRef.isPrivate())  return false;
+        return (definingClass.isAssignableFrom(symbolicRefClass) ||  // Msym overrides Mdef
+                symbolicRefClass.isInterface());                     // Mdef implements Msym
+    }
 }
--- a/src/share/classes/java/lang/invoke/MethodHandleProxies.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleProxies.java	Fri Mar 01 15:28:53 2013 +0000
@@ -141,12 +141,15 @@
     <T> T asInterfaceInstance(final Class<T> intfc, final MethodHandle target) {
         if (!intfc.isInterface() || !Modifier.isPublic(intfc.getModifiers()))
             throw new IllegalArgumentException("not a public interface: "+intfc.getName());
-        SecurityManager smgr = System.getSecurityManager();
-        if (smgr != null) {
+        final MethodHandle mh;
+        if (System.getSecurityManager() != null) {
             final int CALLER_FRAME = 2; // 0: Reflection, 1: asInterfaceInstance, 2: caller
             final Class<?> caller = Reflection.getCallerClass(CALLER_FRAME);
-            final ClassLoader ccl = caller.getClassLoader();
+            final ClassLoader ccl = (caller != null) ? caller.getClassLoader() : null;
             ReflectUtil.checkProxyPackageAccess(ccl, intfc);
+            mh = maybeBindCaller(target, caller);
+        } else {
+            mh = target;
         }
         ClassLoader proxyLoader = intfc.getClassLoader();
         if (proxyLoader == null) {
@@ -160,7 +163,7 @@
         for (int i = 0; i < methods.length; i++) {
             Method sm = methods[i];
             MethodType smMT = MethodType.methodType(sm.getReturnType(), sm.getParameterTypes());
-            MethodHandle checkTarget = target.asType(smMT);  // make throw WMT
+            MethodHandle checkTarget = mh.asType(smMT);  // make throw WMT
             checkTarget = checkTarget.asType(checkTarget.type().changeReturnType(Object.class));
             vaTargets[i] = checkTarget.asSpreader(Object[].class, smMT.parameterCount());
         }
@@ -183,8 +186,8 @@
                 }
             };
 
-        Object proxy;
-        if (smgr != null) {
+        final Object proxy;
+        if (System.getSecurityManager() != null) {
             // sun.invoke.WrapperInstance is a restricted interface not accessible
             // by any non-null class loader.
             final ClassLoader loader = proxyLoader;
@@ -204,6 +207,19 @@
         return intfc.cast(proxy);
     }
 
+    private static MethodHandle maybeBindCaller(MethodHandle target, Class<?> hostClass) {
+        if (hostClass == null || hostClass.getClassLoader() == null)
+            return target;
+
+        MethodHandle cbmh = MethodHandleImpl.bindCaller(target, hostClass);
+        if (target.isVarargsCollector()) {
+            MethodType type = cbmh.type();
+            int arity = type.parameterCount();
+            return cbmh.asVarargsCollector(type.parameterType(arity-1));
+        }
+        return cbmh;
+    }
+
     /**
      * Determines if the given object was produced by a call to {@link #asInterfaceInstance asInterfaceInstance}.
      * @param x any reference
--- a/src/share/classes/java/lang/invoke/MethodHandles.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandles.java	Fri Mar 01 15:28:53 2013 +0000
@@ -597,7 +597,8 @@
         MethodHandle findStatic(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
             MemberName method = resolveOrFail(REF_invokeStatic, refc, name, type);
             checkSecurityManager(refc, method);  // stack walk magic: do not refactor
-            return getDirectMethod(REF_invokeStatic, refc, method);
+            Class<?> callerClass = findBoundCallerClass(method);  // stack walk magic: do not refactor
+            return getDirectMethod(REF_invokeStatic, refc, method, callerClass);
         }
 
         /**
@@ -651,7 +652,8 @@
             byte refKind = (refc.isInterface() ? REF_invokeInterface : REF_invokeVirtual);
             MemberName method = resolveOrFail(refKind, refc, name, type);
             checkSecurityManager(refc, method);  // stack walk magic: do not refactor
-            return getDirectMethod(refKind, refc, method);
+            Class<?> callerClass = findBoundCallerClass(method);
+            return getDirectMethod(refKind, refc, method, callerClass);
         }
         private MethodHandle findVirtualForMH(String name, MethodType type) {
             // these names require special lookups because of the implicit MethodType argument
@@ -735,7 +737,8 @@
             Lookup specialLookup = this.in(specialCaller);
             MemberName method = specialLookup.resolveOrFail(REF_invokeSpecial, refc, name, type);
             checkSecurityManager(refc, method);  // stack walk magic: do not refactor
-            return specialLookup.getDirectMethod(REF_invokeSpecial, refc, method);
+            Class<?> callerClass = findBoundCallerClass(method);
+            return specialLookup.getDirectMethod(REF_invokeSpecial, refc, method, callerClass);
         }
 
         /**
@@ -878,7 +881,8 @@
             Class<? extends Object> refc = receiver.getClass(); // may get NPE
             MemberName method = resolveOrFail(REF_invokeSpecial, refc, name, type);
             checkSecurityManager(refc, method);  // stack walk magic: do not refactor
-            MethodHandle mh = getDirectMethodNoRestrict(REF_invokeSpecial, refc, method);
+            Class<?> callerClass = findBoundCallerClass(method);  // stack walk magic: do not refactor
+            MethodHandle mh = getDirectMethodNoRestrict(REF_invokeSpecial, refc, method, callerClass);
             return mh.bindReceiver(receiver).setVarargs(method);
         }
 
@@ -909,8 +913,9 @@
             if (refKind == REF_invokeSpecial)
                 refKind = REF_invokeVirtual;
             assert(method.isMethod());
+            Class<?> callerClass = findBoundCallerClass(method);  // stack walk magic: do not refactor
             Lookup lookup = m.isAccessible() ? IMPL_LOOKUP : this;
-            return lookup.getDirectMethod(refKind, method.getDeclaringClass(), method);
+            return lookup.getDirectMethod(refKind, method.getDeclaringClass(), method, callerClass);
         }
 
         /**
@@ -939,8 +944,9 @@
             Lookup specialLookup = this.in(specialCaller);
             MemberName method = new MemberName(m, true);
             assert(method.isMethod());
+            Class<?> callerClass = findBoundCallerClass(method);  // stack walk magic: do not refactor
             // ignore m.isAccessible:  this is a new kind of access
-            return specialLookup.getDirectMethod(REF_invokeSpecial, method.getDeclaringClass(), method);
+            return specialLookup.getDirectMethod(REF_invokeSpecial, method.getDeclaringClass(), method, callerClass);
         }
 
         /**
@@ -1039,7 +1045,29 @@
         }
 
         /**
+         * Find my trustable caller class if m is a caller sensitive method.
+         * If this lookup object has private access, then the caller class is the lookupClass.
+         * Otherwise, it is the caller of the currently executing public API method (e.g., findVirtual).
+         * This is the same caller class as is used by checkSecurityManager.
+         * This function performs stack walk magic: do not refactor it.
+         */
+        Class<?> findBoundCallerClass(MemberName m) {
+            Class<?> callerClass = null;
+            if (MethodHandleNatives.isCallerSensitive(m)) {
+                // Do not refactor this to a more "logical" place, since it is stack walk magic.
+                // Note that this is the same expression as in Step 2 below in checkSecurityManager.
+                callerClass = ((allowedModes & PRIVATE) != 0
+                               ? lookupClass  // for strong access modes, no extra check
+                               // next line does stack walk magic; do not refactor:
+                               : getCallerClassAtEntryPoint(true));
+            }
+            return callerClass;
+        }
+        /**
          * Perform necessary <a href="MethodHandles.Lookup.html#secmgr">access checks</a>.
+         * Determines a trustable caller class to compare with refc, the symbolic reference class.
+         * If this lookup object has private access, then the caller class is the lookupClass.
+         * Otherwise, it is the caller of the currently executing public API method (e.g., findVirtual).
          * This function performs stack walk magic: do not refactor it.
          */
         void checkSecurityManager(Class<?> refc, MemberName m) {
@@ -1194,22 +1222,22 @@
             return mh.viewAsType(narrowType);
         }
 
-        private MethodHandle getDirectMethod(byte refKind, Class<?> refc, MemberName method) throws IllegalAccessException {
+        private MethodHandle getDirectMethod(byte refKind, Class<?> refc, MemberName method, Class<?> callerClass) throws IllegalAccessException {
             return getDirectMethodCommon(refKind, refc, method,
                     (refKind == REF_invokeSpecial ||
                         (MethodHandleNatives.refKindHasReceiver(refKind) &&
-                            restrictProtectedReceiver(method))));
+                            restrictProtectedReceiver(method))), callerClass);
         }
-        private MethodHandle getDirectMethodNoRestrict(byte refKind, Class<?> refc, MemberName method) throws IllegalAccessException {
-            return getDirectMethodCommon(refKind, refc, method, false);
+        private MethodHandle getDirectMethodNoRestrict(byte refKind, Class<?> refc, MemberName method, Class<?> callerClass) throws IllegalAccessException {
+            return getDirectMethodCommon(refKind, refc, method, false, callerClass);
         }
         private MethodHandle getDirectMethodCommon(byte refKind, Class<?> refc, MemberName method,
-                                                   boolean doRestrict) throws IllegalAccessException {
+                                                   boolean doRestrict, Class<?> callerClass) throws IllegalAccessException {
             checkMethod(refKind, refc, method);
             if (method.isMethodHandleInvoke())
                 return fakeMethodHandleInvoke(method);
             MethodHandle mh = DirectMethodHandle.make(refc, method);
-            mh = maybeBindCaller(method, mh);
+            mh = maybeBindCaller(method, mh, callerClass);
             mh = mh.setVarargs(method);
             if (doRestrict)
                 mh = restrictReceiver(method, mh, lookupClass());
@@ -1218,12 +1246,14 @@
         private MethodHandle fakeMethodHandleInvoke(MemberName method) {
             return throwException(method.getReturnType(), UnsupportedOperationException.class);
         }
-        private MethodHandle maybeBindCaller(MemberName method, MethodHandle mh) throws IllegalAccessException {
+        private MethodHandle maybeBindCaller(MemberName method, MethodHandle mh,
+                                             Class<?> callerClass)
+                                             throws IllegalAccessException {
             if (allowedModes == TRUSTED || !MethodHandleNatives.isCallerSensitive(method))
                 return mh;
             Class<?> hostClass = lookupClass;
             if ((allowedModes & PRIVATE) == 0)  // caller must use full-power lookup
-                hostClass = null;
+                hostClass = callerClass;  // callerClass came from a security manager style stack walk
             MethodHandle cbmh = MethodHandleImpl.bindCaller(mh, hostClass);
             // Note: caller will apply varargs after this step happens.
             return cbmh;
@@ -1261,7 +1291,7 @@
             } else if (MethodHandleNatives.refKindIsMethod(refKind)) {
                 MemberName method = (resolved != null) ? resolved
                         : resolveOrFail(refKind, defc, name, (MethodType) type);
-                return getDirectMethod(refKind, defc, method);
+                return getDirectMethod(refKind, defc, method, lookupClass);
             } else if (refKind == REF_newInvokeSpecial) {
                 assert(name == null || name.equals("<init>"));
                 MemberName ctor = (resolved != null) ? resolved
--- a/src/share/classes/java/lang/management/ManagementFactory.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/java/lang/management/ManagementFactory.java	Fri Mar 01 15:28:53 2013 +0000
@@ -802,20 +802,20 @@
      */
     private static void addMXBean(final MBeanServer mbs, final PlatformManagedObject pmo) {
         // Make DynamicMBean out of MXBean by wrapping it with a StandardMBean
-        final DynamicMBean dmbean;
-        if (pmo instanceof DynamicMBean) {
-            dmbean = DynamicMBean.class.cast(pmo);
-        } else if (pmo instanceof NotificationEmitter) {
-            dmbean = new StandardEmitterMBean(pmo, null, true, (NotificationEmitter) pmo);
-        } else {
-            dmbean = new StandardMBean(pmo, null, true);
-        }
-
         try {
             AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
                 public Void run() throws InstanceAlreadyExistsException,
                                          MBeanRegistrationException,
                                          NotCompliantMBeanException {
+                    final DynamicMBean dmbean;
+                    if (pmo instanceof DynamicMBean) {
+                        dmbean = DynamicMBean.class.cast(pmo);
+                    } else if (pmo instanceof NotificationEmitter) {
+                        dmbean = new StandardEmitterMBean(pmo, null, true, (NotificationEmitter) pmo);
+                    } else {
+                        dmbean = new StandardMBean(pmo, null, true);
+                    }
+
                     mbs.registerMBean(dmbean, pmo.getObjectName());
                     return null;
                 }
--- a/src/share/classes/java/lang/reflect/Proxy.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/java/lang/reflect/Proxy.java	Fri Mar 01 15:28:53 2013 +0000
@@ -609,7 +609,7 @@
             }
 
             if (proxyPkg == null) {
-                // if no non-public proxy interfaces, use sun.proxy package
+                // if no non-public proxy interfaces, use com.sun.proxy package
                 proxyPkg = ReflectUtil.PROXY_PACKAGE + ".";
             }
 
--- a/src/share/classes/java/util/logging/LogManager.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/java/util/logging/LogManager.java	Fri Mar 01 15:28:53 2013 +0000
@@ -363,7 +363,10 @@
                         context = userContext;
                     } else {
                         context = new LoggerContext();
-                        context.addLocalLogger(manager.rootLogger);
+                        // during initialization, rootLogger is null when
+                        // instantiating itself RootLogger
+                        if (manager.rootLogger != null)
+                            context.addLocalLogger(manager.rootLogger);
                     }
                     javaAwtAccess.put(ecx, LoggerContext.class, context);
                 }
@@ -423,7 +426,40 @@
     }
 
     Logger demandSystemLogger(String name, String resourceBundleName) {
-        return systemContext.demandLogger(name, resourceBundleName);
+        // Add a system logger in the system context's namespace
+        final Logger sysLogger = systemContext.demandLogger(name, resourceBundleName);
+
+        // Add the system logger to the LogManager's namespace if not exist
+        // so that there is only one single logger of the given name.
+        // System loggers are visible to applications unless a logger of
+        // the same name has been added.
+        Logger logger;
+        do {
+            // First attempt to call addLogger instead of getLogger
+            // This would avoid potential bug in custom LogManager.getLogger
+            // implementation that adds a logger if does not exist
+            if (addLogger(sysLogger)) {
+                // successfully added the new system logger
+                logger = sysLogger;
+            } else {
+                logger = getLogger(name);
+            }
+        } while (logger == null);
+
+        // LogManager will set the sysLogger's handlers via LogManager.addLogger method.
+        if (logger != sysLogger && sysLogger.getHandlers().length == 0) {
+            // if logger already exists but handlers not set
+            final Logger l = logger;
+            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                public Void run() {
+                    for (Handler hdl : l.getHandlers()) {
+                        sysLogger.addHandler(hdl);
+                    }
+                    return null;
+                }
+            });
+        }
+        return sysLogger;
     }
 
     // LoggerContext maintains the logger namespace per context.
@@ -628,21 +664,6 @@
                     }
                 } while (result == null);
             }
-            // Add the system logger to the LogManager's namespace if not exists
-            // The LogManager will set its handlers via the LogManager.addLogger method.
-            if (!manager.addLogger(result) && result.getHandlers().length == 0) {
-                // if logger already exists but handlers not set
-                final Logger l = manager.getLogger(name);
-                final Logger logger = result;
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
-                    public Void run() {
-                        for (Handler hdl : l.getHandlers()) {
-                            logger.addHandler(hdl);
-                        }
-                        return null;
-                    }
-                });
-            }
             return result;
         }
     }
--- a/src/share/classes/sun/management/LockDataConverter.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/management/LockDataConverter.java	Fri Mar 01 15:28:53 2013 +0000
@@ -27,6 +27,8 @@
 
 import java.lang.management.LockInfo;
 import java.lang.management.ThreadInfo;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import javax.management.Attribute;
 import javax.management.StandardMBean;
 import javax.management.openmbean.CompositeData;
@@ -40,13 +42,13 @@
     private LockInfo      lockInfo;
     private LockInfo[]    lockedSyncs;
 
-    LockDataConverter() {
+    private LockDataConverter() {
         super(LockDataConverterMXBean.class, true);
         this.lockInfo = null;
         this.lockedSyncs = null;
     }
 
-    LockDataConverter(ThreadInfo ti) {
+    private LockDataConverter(ThreadInfo ti) {
         super(LockDataConverterMXBean.class, true);
         this.lockInfo = ti.getLockInfo();
         this.lockedSyncs = ti.getLockedSynchronizers();
@@ -104,8 +106,24 @@
     }
 
     static CompositeData toLockInfoCompositeData(LockInfo l) {
-        LockDataConverter ldc = new LockDataConverter();
+        LockDataConverter ldc = newLockDataConverter();
         ldc.setLockInfo(l);
         return ldc.toLockInfoCompositeData();
     }
+
+   static LockDataConverter newLockDataConverter() {
+        return AccessController.doPrivileged(new PrivilegedAction<LockDataConverter>() {
+               public LockDataConverter run() {
+                   return new LockDataConverter();
+               }
+        });
+   }
+
+   static LockDataConverter newLockDataConverter(final ThreadInfo ti) {
+        LockDataConverter result = newLockDataConverter();
+        result.lockInfo = ti.getLockInfo();
+        result.lockedSyncs = ti.getLockedSynchronizers();
+        return result;
+   }
 }
+
--- a/src/share/classes/sun/management/ThreadInfoCompositeData.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/management/ThreadInfoCompositeData.java	Fri Mar 01 15:28:53 2013 +0000
@@ -85,7 +85,7 @@
         }
 
         // Convert MonitorInfo[] and LockInfo[] to CompositeData[]
-        LockDataConverter converter = new LockDataConverter(threadInfo);
+        LockDataConverter converter = LockDataConverter.newLockDataConverter(threadInfo);
         CompositeData lockInfoData = converter.toLockInfoCompositeData();
         CompositeData[] lockedSyncsData = converter.toLockedSynchronizersCompositeData();
 
@@ -315,7 +315,7 @@
 
     // 6.0 new attributes
     public LockInfo lockInfo() {
-        LockDataConverter converter = new LockDataConverter();
+        LockDataConverter converter = LockDataConverter.newLockDataConverter();
         CompositeData lockInfoData = (CompositeData) cdata.get(LOCK_INFO);
         return converter.toLockInfo(lockInfoData);
     }
@@ -336,7 +336,7 @@
     }
 
     public LockInfo[] lockedSynchronizers() {
-        LockDataConverter converter = new LockDataConverter();
+        LockDataConverter converter = LockDataConverter.newLockDataConverter();
         CompositeData[] lockedSyncsData =
             (CompositeData[]) cdata.get(LOCKED_SYNCS);
 
--- a/src/share/classes/sun/reflect/misc/ReflectUtil.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/reflect/misc/ReflectUtil.java	Fri Mar 01 15:28:53 2013 +0000
@@ -202,5 +202,5 @@
         }
     }
 
-    public static final String PROXY_PACKAGE = "sun.proxy";
+    public static final String PROXY_PACKAGE = "com.sun.proxy";
 }
--- a/src/share/classes/sun/security/ssl/CipherBox.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/CipherBox.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -393,7 +393,8 @@
      * uniformly use the bad_record_mac alert to hide the specific type of
      * the error.
      */
-    int decrypt(byte[] buf, int offset, int len) throws BadPaddingException {
+    int decrypt(byte[] buf, int offset, int len,
+            int tagLen) throws BadPaddingException {
         if (cipher == null) {
             return len;
         }
@@ -417,9 +418,10 @@
                         System.out);
                 } catch (IOException e) { }
             }
+
             if (blockSize != 0) {
-                newLen = removePadding(buf, offset, newLen,
-                             blockSize, protocolVersion);
+                newLen = removePadding(
+                    buf, offset, newLen, tagLen, blockSize, protocolVersion);
 
                 if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
                     if (newLen < blockSize) {
@@ -449,7 +451,7 @@
      *
      *  @see decrypt(byte[], int, int)
      */
-    int decrypt(ByteBuffer bb) throws BadPaddingException {
+    int decrypt(ByteBuffer bb, int tagLen) throws BadPaddingException {
 
         int len = bb.remaining();
 
@@ -472,7 +474,6 @@
             }
 
             if (debug != null && Debug.isOn("plaintext")) {
-                bb.position(pos);
                 try {
                     HexDumpEncoder hd = new HexDumpEncoder();
 
@@ -480,7 +481,8 @@
                         "Padded plaintext after DECRYPTION:  len = "
                         + newLen);
 
-                    hd.encodeBuffer(bb, System.out);
+                    hd.encodeBuffer(
+                        (ByteBuffer)bb.duplicate().position(pos), System.out);
                 } catch (IOException e) { }
             }
 
@@ -489,7 +491,8 @@
              */
             if (blockSize != 0) {
                 bb.position(pos);
-                newLen = removePadding(bb, blockSize, protocolVersion);
+                newLen = removePadding(
+                    bb, tagLen, blockSize, protocolVersion);
 
                 if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
                     if (newLen < blockSize) {
@@ -591,6 +594,65 @@
         return newlen;
     }
 
+    /*
+     * A constant-time check of the padding.
+     *
+     * NOTE that we are checking both the padding and the padLen bytes here.
+     *
+     * The caller MUST ensure that the len parameter is a positive number.
+     */
+    private static int[] checkPadding(
+            byte[] buf, int offset, int len, byte pad) {
+
+        if (len <= 0) {
+            throw new RuntimeException("padding len must be positive");
+        }
+
+        // An array of hits is used to prevent Hotspot optimization for
+        // the purpose of a constant-time check.
+        int[] results = {0, 0};    // {missed #, matched #}
+        for (int i = 0; i <= 256;) {
+            for (int j = 0; j < len && i <= 256; j++, i++) {     // j <= i
+                if (buf[offset + j] != pad) {
+                    results[0]++;       // mismatched padding data
+                } else {
+                    results[1]++;       // matched padding data
+                }
+            }
+        }
+
+        return results;
+    }
+
+    /*
+     * A constant-time check of the padding.
+     *
+     * NOTE that we are checking both the padding and the padLen bytes here.
+     *
+     * The caller MUST ensure that the bb parameter has remaining.
+     */
+    private static int[] checkPadding(ByteBuffer bb, byte pad) {
+
+        if (!bb.hasRemaining()) {
+            throw new RuntimeException("hasRemaining() must be positive");
+        }
+
+        // An array of hits is used to prevent Hotspot optimization for
+        // the purpose of a constant-time check.
+        int[] results = {0, 0};    // {missed #, matched #}
+        bb.mark();
+        for (int i = 0; i <= 256; bb.reset()) {
+            for (; bb.hasRemaining() && i <= 256; i++) {
+                if (bb.get() != pad) {
+                    results[0]++;       // mismatched padding data
+                } else {
+                    results[1]++;       // matched padding data
+                }
+            }
+        }
+
+        return results;
+    }
 
     /*
      * Typical TLS padding format for a 64 bit block cipher is as follows:
@@ -603,86 +665,95 @@
      * as it makes the data a multiple of the block size
      */
     private static int removePadding(byte[] buf, int offset, int len,
-            int blockSize, ProtocolVersion protocolVersion)
-            throws BadPaddingException {
+            int tagLen, int blockSize,
+            ProtocolVersion protocolVersion) throws BadPaddingException {
+
         // last byte is length byte (i.e. actual padding length - 1)
         int padOffset = offset + len - 1;
-        int pad = buf[padOffset] & 0x0ff;
+        int padLen = buf[padOffset] & 0xFF;
 
-        int newlen = len - (pad + 1);
-        if (newlen < 0) {
-            throw new BadPaddingException("Padding length invalid: " + pad);
+        int newLen = len - (padLen + 1);
+        if ((newLen - tagLen) < 0) {
+            // If the buffer is not long enough to contain the padding plus
+            // a MAC tag, do a dummy constant-time padding check.
+            //
+            // Note that it is a dummy check, so we won't care about what is
+            // the actual padding data.
+            checkPadding(buf, offset, len, (byte)(padLen & 0xFF));
+
+            throw new BadPaddingException("Invalid Padding length: " + padLen);
         }
 
+        // The padding data should be filled with the padding length value.
+        int[] results = checkPadding(buf, offset + newLen,
+                        padLen + 1, (byte)(padLen & 0xFF));
         if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
-            for (int i = 1; i <= pad; i++) {
-                int val = buf[padOffset - i] & 0xff;
-                if (val != pad) {
-                    throw new BadPaddingException
-                                        ("Invalid TLS padding: " + val);
-                }
+            if (results[0] != 0) {          // padding data has invalid bytes
+                throw new BadPaddingException("Invalid TLS padding data");
             }
         } else { // SSLv3
             // SSLv3 requires 0 <= length byte < block size
             // some implementations do 1 <= length byte <= block size,
             // so accept that as well
             // v3 does not require any particular value for the other bytes
-            if (pad > blockSize) {
-                throw new BadPaddingException("Invalid SSLv3 padding: " + pad);
+            if (padLen > blockSize) {
+                throw new BadPaddingException("Invalid SSLv3 padding");
             }
         }
-        return newlen;
+        return newLen;
     }
 
     /*
      * Position/limit is equal the removed padding.
      */
     private static int removePadding(ByteBuffer bb,
-            int blockSize, ProtocolVersion protocolVersion)
-            throws BadPaddingException {
+            int tagLen, int blockSize,
+            ProtocolVersion protocolVersion) throws BadPaddingException {
 
         int len = bb.remaining();
         int offset = bb.position();
 
         // last byte is length byte (i.e. actual padding length - 1)
         int padOffset = offset + len - 1;
-        int pad = bb.get(padOffset) & 0x0ff;
+        int padLen = bb.get(padOffset) & 0xFF;
 
-        int newlen = len - (pad + 1);
-        if (newlen < 0) {
-            throw new BadPaddingException("Padding length invalid: " + pad);
+        int newLen = len - (padLen + 1);
+        if ((newLen - tagLen) < 0) {
+            // If the buffer is not long enough to contain the padding plus
+            // a MAC tag, do a dummy constant-time padding check.
+            //
+            // Note that it is a dummy check, so we won't care about what is
+            // the actual padding data.
+            checkPadding(bb.duplicate(), (byte)(padLen & 0xFF));
+
+            throw new BadPaddingException("Invalid Padding length: " + padLen);
         }
 
-        /*
-         * We could zero the padding area, but not much useful
-         * information there.
-         */
+        // The padding data should be filled with the padding length value.
+        int[] results = checkPadding(
+                (ByteBuffer)bb.duplicate().position(offset + newLen),
+                (byte)(padLen & 0xFF));
         if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
-            bb.put(padOffset, (byte)0);         // zero the padding.
-            for (int i = 1; i <= pad; i++) {
-                int val = bb.get(padOffset - i) & 0xff;
-                if (val != pad) {
-                    throw new BadPaddingException
-                                        ("Invalid TLS padding: " + val);
-                }
+            if (results[0] != 0) {          // padding data has invalid bytes
+                throw new BadPaddingException("Invalid TLS padding data");
             }
         } else { // SSLv3
             // SSLv3 requires 0 <= length byte < block size
             // some implementations do 1 <= length byte <= block size,
             // so accept that as well
             // v3 does not require any particular value for the other bytes
-            if (pad > blockSize) {
-                throw new BadPaddingException("Invalid SSLv3 padding: " + pad);
+            if (padLen > blockSize) {
+                throw new BadPaddingException("Invalid SSLv3 padding");
             }
         }
 
         /*
          * Reset buffer limit to remove padding.
          */
-        bb.position(offset + newlen);
-        bb.limit(offset + newlen);
+        bb.position(offset + newLen);
+        bb.limit(offset + newLen);
 
-        return newlen;
+        return newLen;
     }
 
     /*
@@ -709,4 +780,45 @@
     boolean isCBCMode() {
         return isCBCMode;
     }
+
+    /**
+     * Is the cipher null?
+     *
+     * @return true if the cipher is null, false otherwise.
+     */
+    boolean isNullCipher() {
+        return cipher == null;
+    }
+
+    /**
+     * Sanity check the length of a fragment before decryption.
+     *
+     * In CBC mode, check that the fragment length is one or multiple times
+     * of the block size of the cipher suite, and is at least one (one is the
+     * smallest size of padding in CBC mode) bigger than the tag size of the
+     * MAC algorithm except the explicit IV size for TLS 1.1 or later.
+     *
+     * In non-CBC mode, check that the fragment length is not less than the
+     * tag size of the MAC algorithm.
+     *
+     * @return true if the length of a fragment matches above requirements
+     */
+    boolean sanityCheck(int tagLen, int fragmentLen) {
+        if (!isCBCMode) {
+            return fragmentLen >= tagLen;
+        }
+
+        if ((fragmentLen % blockSize) == 0) {
+            int minimal = tagLen + 1;
+            minimal = (minimal >= blockSize) ? minimal : blockSize;
+            if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
+                minimal += blockSize;   // plus the size of the explicit IV
+            }
+
+            return (fragmentLen >= minimal);
+        }
+
+        return false;
+    }
+
 }
--- a/src/share/classes/sun/security/ssl/CipherSuite.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/CipherSuite.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -534,9 +534,18 @@
         // size of the MAC value (and MAC key) in bytes
         final int size;
 
-        MacAlg(String name, int size) {
+        // block size of the underlying hash algorithm
+        final int hashBlockSize;
+
+        // minimal padding size of the underlying hash algorithm
+        final int minimalPaddingSize;
+
+        MacAlg(String name, int size,
+                int hashBlockSize, int minimalPaddingSize) {
             this.name = name;
             this.size = size;
+            this.hashBlockSize = hashBlockSize;
+            this.minimalPaddingSize = minimalPaddingSize;
         }
 
         /**
@@ -580,11 +589,11 @@
                         new BulkCipher(CIPHER_AES,     32, 16, true);
 
     // MACs
-    final static MacAlg M_NULL = new MacAlg("NULL", 0);
-    final static MacAlg M_MD5  = new MacAlg("MD5", 16);
-    final static MacAlg M_SHA  = new MacAlg("SHA", 20);
-    final static MacAlg M_SHA256  = new MacAlg("SHA256", 32);
-    final static MacAlg M_SHA384  = new MacAlg("SHA384", 48);
+    final static MacAlg M_NULL    = new MacAlg("NULL",     0,   0,   0);
+    final static MacAlg M_MD5     = new MacAlg("MD5",     16,  64,   9);
+    final static MacAlg M_SHA     = new MacAlg("SHA",     20,  64,   9);
+    final static MacAlg M_SHA256  = new MacAlg("SHA256",  32,  64,   9);
+    final static MacAlg M_SHA384  = new MacAlg("SHA384",  48, 128,  17);
 
     /**
      * PRFs (PseudoRandom Function) from TLS specifications.
--- a/src/share/classes/sun/security/ssl/EngineInputRecord.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/EngineInputRecord.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -177,71 +177,6 @@
     }
 
     /*
-     * Verifies and removes the MAC value.  Returns true if
-     * the MAC checks out OK.
-     *
-     * On entry:
-     *     position = beginning of app/MAC data
-     *     limit = end of MAC data.
-     *
-     * On return:
-     *     position = beginning of app data
-     *     limit = end of app data
-     */
-    boolean checkMAC(MAC signer, ByteBuffer bb) {
-        if (internalData) {
-            return checkMAC(signer);
-        }
-
-        int len = signer.MAClen();
-        if (len == 0) { // no mac
-            return true;
-        }
-
-        /*
-         * Grab the original limit
-         */
-        int lim = bb.limit();
-
-        /*
-         * Delineate the area to apply a MAC on.
-         */
-        int macData = lim - len;
-        bb.limit(macData);
-
-        byte[] mac = signer.compute(contentType(), bb);
-
-        if (len != mac.length) {
-            throw new RuntimeException("Internal MAC error");
-        }
-
-        /*
-         * Delineate the MAC values, position was already set
-         * by doing the compute above.
-         *
-         * We could zero the MAC area, but not much useful information
-         * there anyway.
-         */
-        bb.position(macData);
-        bb.limit(lim);
-
-        try {
-            for (int i = 0; i < len; i++) {
-                if (bb.get() != mac[i]) {  // No BB.equals(byte []); !
-                    return false;
-                }
-            }
-            return true;
-        } finally {
-            /*
-             * Position to the data.
-             */
-            bb.rewind();
-            bb.limit(macData);
-        }
-    }
-
-    /*
      * Pass the data down if it's internally cached, otherwise
      * do it here.
      *
@@ -250,21 +185,164 @@
      * If external data(app), return a new ByteBuffer with data to
      * process.
      */
-    ByteBuffer decrypt(CipherBox box, ByteBuffer bb)
-            throws BadPaddingException {
+    ByteBuffer decrypt(MAC signer,
+            CipherBox box, ByteBuffer bb) throws BadPaddingException {
 
         if (internalData) {
-            decrypt(box);
+            decrypt(signer, box);   // MAC is checked during decryption
             return tmpBB;
         }
 
-        box.decrypt(bb);
-        bb.rewind();
+        BadPaddingException reservedBPE = null;
+        int tagLen = signer.MAClen();
+        int cipheredLength = bb.remaining();
+
+        if (!box.isNullCipher()) {
+            // sanity check length of the ciphertext
+            if (!box.sanityCheck(tagLen, cipheredLength)) {
+                throw new BadPaddingException(
+                    "ciphertext sanity check failed");
+            }
+
+            try {
+                // Note that the CipherBox.decrypt() does not change
+                // the capacity of the buffer.
+                box.decrypt(bb, tagLen);
+            } catch (BadPaddingException bpe) {
+                // RFC 2246 states that decryption_failed should be used
+                // for this purpose. However, that allows certain attacks,
+                // so we just send bad record MAC. We also need to make
+                // sure to always check the MAC to avoid a timing attack
+                // for the same issue. See paper by Vaudenay et al and the
+                // update in RFC 4346/5246.
+                //
+                // Failover to message authentication code checking.
+                reservedBPE = bpe;
+            } finally {
+                bb.rewind();
+            }
+        }
+
+        if (tagLen != 0) {
+            int macOffset = bb.limit() - tagLen;
+
+            // Note that although it is not necessary, we run the same MAC
+            // computation and comparison on the payload for both stream
+            // cipher and CBC block cipher.
+            if (bb.remaining() < tagLen) {
+                // negative data length, something is wrong
+                if (reservedBPE == null) {
+                    reservedBPE = new BadPaddingException("bad record");
+                }
+
+                // set offset of the dummy MAC
+                macOffset = cipheredLength - tagLen;
+                bb.limit(cipheredLength);
+            }
+
+            // Run MAC computation and comparison on the payload.
+            if (checkMacTags(contentType(), bb, signer, false)) {
+                if (reservedBPE == null) {
+                    reservedBPE = new BadPaddingException("bad record MAC");
+                }
+            }
+
+            // Run MAC computation and comparison on the remainder.
+            //
+            // It is only necessary for CBC block cipher.  It is used to get a
+            // constant time of MAC computation and comparison on each record.
+            if (box.isCBCMode()) {
+                int remainingLen = calculateRemainingLen(
+                                        signer, cipheredLength, macOffset);
+
+                // NOTE: here we use the InputRecord.buf because I did not find
+                // an effective way to work on ByteBuffer when its capacity is
+                // less than remainingLen.
+
+                // NOTE: remainingLen may be bigger (less than 1 block of the
+                // hash algorithm of the MAC) than the cipheredLength. However,
+                // We won't need to worry about it because we always use a
+                // maximum buffer for every record.  We need a change here if
+                // we use small buffer size in the future.
+                if (remainingLen > buf.length) {
+                    // unlikely to happen, just a placehold
+                    throw new RuntimeException(
+                        "Internal buffer capacity error");
+                }
+
+                // Won't need to worry about the result on the remainder. And
+                // then we won't need to worry about what's actual data to
+                // check MAC tag on.  We start the check from the header of the
+                // buffer so that we don't need to construct a new byte buffer.
+                checkMacTags(contentType(), buf, 0, remainingLen, signer, true);
+            }
+
+            bb.limit(macOffset);
+        }
+
+        // Is it a failover?
+        if (reservedBPE != null) {
+            throw reservedBPE;
+        }
 
         return bb.slice();
     }
 
     /*
+     * Run MAC computation and comparison
+     *
+     * Please DON'T change the content of the ByteBuffer parameter!
+     */
+    private static boolean checkMacTags(byte contentType, ByteBuffer bb,
+            MAC signer, boolean isSimulated) {
+
+        int tagLen = signer.MAClen();
+        int lim = bb.limit();
+        int macData = lim - tagLen;
+
+        bb.limit(macData);
+        byte[] hash = signer.compute(contentType, bb, isSimulated);
+        if (hash == null || tagLen != hash.length) {
+            // Something is wrong with MAC implementation.
+            throw new RuntimeException("Internal MAC error");
+        }
+
+        bb.position(macData);
+        bb.limit(lim);
+        try {
+            int[] results = compareMacTags(bb, hash);
+            return (results[0] != 0);
+        } finally {
+            bb.rewind();
+            bb.limit(macData);
+        }
+    }
+
+    /*
+     * A constant-time comparison of the MAC tags.
+     *
+     * Please DON'T change the content of the ByteBuffer parameter!
+     */
+    private static int[] compareMacTags(ByteBuffer bb, byte[] tag) {
+
+        // An array of hits is used to prevent Hotspot optimization for
+        // the purpose of a constant-time check.
+        int[] results = {0, 0};     // {missed #, matched #}
+
+        // The caller ensures there are enough bytes available in the buffer.
+        // So we won't need to check the remaining of the buffer.
+        for (int i = 0; i < tag.length; i++) {
+            if (bb.get() != tag[i]) {
+                results[0]++;       // mismatched bytes
+            } else {
+                results[1]++;       // matched bytes
+            }
+        }
+
+        return results;
+    }
+
+    /*
      * Override the actual write below.  We do things this way to be
      * consistent with InputRecord.  InputRecord may try to write out
      * data to the peer, and *then* throw an Exception.  This forces
--- a/src/share/classes/sun/security/ssl/EngineOutputRecord.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/EngineOutputRecord.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -120,7 +120,7 @@
             throws IOException {
 
         if (signer.MAClen() != 0) {
-            byte[] hash = signer.compute(contentType(), bb);
+            byte[] hash = signer.compute(contentType(), bb, false);
 
             /*
              * position was advanced to limit in compute above.
--- a/src/share/classes/sun/security/ssl/InputRecord.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/InputRecord.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -135,44 +135,174 @@
         return handshakeHash;
     }
 
-    /*
-     * Verify and remove the MAC ... used for all records.
-     */
-    boolean checkMAC(MAC signer) {
-        int len = signer.MAClen();
-        if (len == 0) { // no mac
-            return true;
+    void decrypt(MAC signer, CipherBox box) throws BadPaddingException {
+
+        BadPaddingException reservedBPE = null;
+        int tagLen = signer.MAClen();
+        int cipheredLength = count - headerSize;
+
+        if (!box.isNullCipher()) {
+            // sanity check length of the ciphertext
+            if (!box.sanityCheck(tagLen, cipheredLength)) {
+                throw new BadPaddingException(
+                    "ciphertext sanity check failed");
+            }
+
+            try {
+                // Note that the CipherBox.decrypt() does not change
+                // the capacity of the buffer.
+                count = headerSize +
+                        box.decrypt(buf, headerSize, cipheredLength, tagLen);
+            } catch (BadPaddingException bpe) {
+                // RFC 2246 states that decryption_failed should be used
+                // for this purpose. However, that allows certain attacks,
+                // so we just send bad record MAC. We also need to make
+                // sure to always check the MAC to avoid a timing attack
+                // for the same issue. See paper by Vaudenay et al and the
+                // update in RFC 4346/5246.
+                //
+                // Failover to message authentication code checking.
+                reservedBPE = bpe;
+            }
         }
 
-        int offset = count - len;
+        if (tagLen != 0) {
+            int macOffset = count - tagLen;
+            int contentLen = macOffset - headerSize;
 
-        if (offset < headerSize) {
-            // data length would be negative, something is wrong
-            return false;
+            // Note that although it is not necessary, we run the same MAC
+            // computation and comparison on the payload for both stream
+            // cipher and CBC block cipher.
+            if (contentLen < 0) {
+                // negative data length, something is wrong
+                if (reservedBPE == null) {
+                    reservedBPE = new BadPaddingException("bad record");
+                }
+
+                // set offset of the dummy MAC
+                macOffset = headerSize + cipheredLength - tagLen;
+                contentLen = macOffset - headerSize;
+            }
+
+            count -= tagLen;  // Set the count before any MAC checking
+                              // exception occurs, so that the following
+                              // process can read the actual decrypted
+                              // content (minus the MAC) in the fragment
+                              // if necessary.
+
+            // Run MAC computation and comparison on the payload.
+            if (checkMacTags(contentType(),
+                    buf, headerSize, contentLen, signer, false)) {
+                if (reservedBPE == null) {
+                    reservedBPE = new BadPaddingException("bad record MAC");
+                }
+            }
+
+            // Run MAC computation and comparison on the remainder.
+            //
+            // It is only necessary for CBC block cipher.  It is used to get a
+            // constant time of MAC computation and comparison on each record.
+            if (box.isCBCMode()) {
+                int remainingLen = calculateRemainingLen(
+                                        signer, cipheredLength, contentLen);
+
+                // NOTE: remainingLen may be bigger (less than 1 block of the
+                // hash algorithm of the MAC) than the cipheredLength. However,
+                // We won't need to worry about it because we always use a
+                // maximum buffer for every record.  We need a change here if
+                // we use small buffer size in the future.
+                if (remainingLen > buf.length) {
+                    // unlikely to happen, just a placehold
+                    throw new RuntimeException(
+                        "Internal buffer capacity error");
+                }
+
+                // Won't need to worry about the result on the remainder. And
+                // then we won't need to worry about what's actual data to
+                // check MAC tag on.  We start the check from the header of the
+                // buffer so that we don't need to construct a new byte buffer.
+                checkMacTags(contentType(), buf, 0, remainingLen, signer, true);
+            }
         }
 
-        byte[] mac = signer.compute(contentType(), buf,
-            headerSize, offset - headerSize);
+        // Is it a failover?
+        if (reservedBPE != null) {
+            throw reservedBPE;
+        }
+    }
 
-        if (len != mac.length) {
+    /*
+     * Run MAC computation and comparison
+     *
+     * Please DON'T change the content of the byte buffer parameter!
+     */
+    static boolean checkMacTags(byte contentType, byte[] buffer,
+            int offset, int contentLen, MAC signer, boolean isSimulated) {
+
+        int tagLen = signer.MAClen();
+        byte[] hash = signer.compute(
+                contentType, buffer, offset, contentLen, isSimulated);
+        if (hash == null || tagLen != hash.length) {
+            // Something is wrong with MAC implementation.
             throw new RuntimeException("Internal MAC error");
         }
 
-        for (int i = 0; i < len; i++) {
-            if (buf[offset + i] != mac[i]) {
-                return false;
+        int[] results = compareMacTags(buffer, offset + contentLen, hash);
+        return (results[0] != 0);
+    }
+
+    /*
+     * A constant-time comparison of the MAC tags.
+     *
+     * Please DON'T change the content of the byte buffer parameter!
+     */
+    private static int[] compareMacTags(
+            byte[] buffer, int offset, byte[] tag) {
+
+        // An array of hits is used to prevent Hotspot optimization for
+        // the purpose of a constant-time check.
+        int[] results = {0, 0};    // {missed #, matched #}
+
+        // The caller ensures there are enough bytes available in the buffer.
+        // So we won't need to check the length of the buffer.
+        for (int i = 0; i < tag.length; i++) {
+            if (buffer[offset + i] != tag[i]) {
+                results[0]++;       // mismatched bytes
+            } else {
+                results[1]++;       // matched bytes
             }
         }
-        count -= len;
-        return true;
+
+        return results;
     }
 
-    void decrypt(CipherBox box) throws BadPaddingException {
-        int len = count - headerSize;
-        count = headerSize + box.decrypt(buf, headerSize, len);
+    /*
+     * Calculate the length of a dummy buffer to run MAC computation
+     * and comparison on the remainder.
+     *
+     * The caller MUST ensure that the fullLen is not less than usedLen.
+     */
+    static int calculateRemainingLen(
+            MAC signer, int fullLen, int usedLen) {
+
+        int blockLen = signer.hashBlockLen();
+        int minimalPaddingLen = signer.minimalPaddingLen();
+
+        // (blockLen - minimalPaddingLen) is the maximum message size of
+        // the last block of hash function operation. See FIPS 180-4, or
+        // MD5 specification.
+        fullLen += 13 - (blockLen - minimalPaddingLen);
+        usedLen += 13 - (blockLen - minimalPaddingLen);
+
+        // Note: fullLen is always not less than usedLen, and blockLen
+        // is always bigger than minimalPaddingLen, so we don't worry
+        // about negative values. 0x01 is added to the result to ensure
+        // that the return value is positive.  The extra one byte does
+        // not impact the overall MAC compression function evaluations.
+        return 0x01 + (int)(Math.ceil(fullLen/(1.0d * blockLen)) -
+                Math.ceil(usedLen/(1.0d * blockLen))) * signer.hashBlockLen();
     }
 
-
     /*
      * Well ... hello_request messages are _never_ hashed since we can't
      * know when they'd appear in the sequence.
--- a/src/share/classes/sun/security/ssl/MAC.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/MAC.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,8 +43,8 @@
  * provide integrity protection for SSL messages.  The MAC is actually
  * one of several keyed hashes, as associated with the cipher suite and
  * protocol version.  (SSL v3.0 uses one construct, TLS uses another.)
- *
- * <P>NOTE: MAC computation is the only place in the SSL protocol that the
+ * <P>
+ * NOTE: MAC computation is the only place in the SSL protocol that the
  * sequence number is used.  It's also reset to zero with each change of
  * a cipher spec, so this is the only place this state is needed.
  *
@@ -133,15 +133,31 @@
     }
 
     /**
+     * Returns the hash function block length of the MAC alorithm.
+     */
+    int hashBlockLen() {
+        return macAlg.hashBlockSize;
+    }
+
+    /**
+     * Returns the hash function minimal padding length of the MAC alorithm.
+     */
+    int minimalPaddingLen() {
+        return macAlg.minimalPaddingSize;
+    }
+
+    /**
      * Computes and returns the MAC for the data in this byte array.
      *
      * @param type record type
      * @param buf compressed record on which the MAC is computed
      * @param offset start of compressed record data
      * @param len the size of the compressed record
+     * @param isSimulated if true, simulate the the MAC computation
      */
-    final byte[] compute(byte type, byte buf[], int offset, int len) {
-        return compute(type, null, buf, offset, len);
+    final byte[] compute(byte type, byte buf[],
+            int offset, int len, boolean isSimulated) {
+        return compute(type, null, buf, offset, len, isSimulated);
     }
 
     /**
@@ -154,9 +170,10 @@
      * @param type record type
      * @param bb a ByteBuffer in which the position and limit
      *          demarcate the data to be MAC'd.
+     * @param isSimulated if true, simulate the the MAC computation
      */
-    final byte[] compute(byte type, ByteBuffer bb) {
-        return compute(type, bb, null, 0, bb.remaining());
+    final byte[] compute(byte type, ByteBuffer bb, boolean isSimulated) {
+        return compute(type, bb, null, 0, bb.remaining(), isSimulated);
     }
 
     /**
@@ -209,18 +226,21 @@
      * or buf/offset/len.
      */
     private byte[] compute(byte type, ByteBuffer bb, byte[] buf,
-            int offset, int len) {
+            int offset, int len, boolean isSimulated) {
 
         if (macSize == 0) {
             return nullMAC;
         }
 
-        block[BLOCK_OFFSET_TYPE] = type;
-        block[block.length - 2]  = (byte)(len >> 8);
-        block[block.length - 1]  = (byte)(len     );
+        // MUST NOT increase the sequence number for a simulated computation.
+        if (!isSimulated) {
+            block[BLOCK_OFFSET_TYPE] = type;
+            block[block.length - 2]  = (byte)(len >> 8);
+            block[block.length - 1]  = (byte)(len     );
 
-        mac.update(block);
-        incrementSequenceNumber();
+            mac.update(block);
+            incrementSequenceNumber();
+        }
 
         // content
         if (bb != null) {
--- a/src/share/classes/sun/security/ssl/OutputRecord.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/OutputRecord.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -204,7 +204,7 @@
         }
         if (signer.MAClen() != 0) {
             byte[] hash = signer.compute(contentType, buf,
-                    headerSize, count - headerSize);
+                    headerSize, count - headerSize, false);
             write(hash);
         }
     }
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -950,35 +950,15 @@
              * throw a fatal alert if the integrity check fails.
              */
             try {
-                decryptedBB = inputRecord.decrypt(readCipher, readBB);
+                decryptedBB = inputRecord.decrypt(readMAC, readCipher, readBB);
             } catch (BadPaddingException e) {
-                // RFC 2246 states that decryption_failed should be used
-                // for this purpose. However, that allows certain attacks,
-                // so we just send bad record MAC. We also need to make
-                // sure to always check the MAC to avoid a timing attack
-                // for the same issue. See paper by Vaudenay et al.
-                //
-                // rewind the BB if necessary.
-                readBB.rewind();
-
-                inputRecord.checkMAC(readMAC, readBB);
-
-                // use the same alert types as for MAC failure below
                 byte alertType = (inputRecord.contentType() ==
                     Record.ct_handshake) ?
                         Alerts.alert_handshake_failure :
                         Alerts.alert_bad_record_mac;
-                fatal(alertType, "Invalid padding", e);
+                fatal(alertType, e.getMessage(), e);
             }
 
-            if (!inputRecord.checkMAC(readMAC, decryptedBB)) {
-                if (inputRecord.contentType() == Record.ct_handshake) {
-                    fatal(Alerts.alert_handshake_failure,
-                        "bad handshake record MAC");
-                } else {
-                    fatal(Alerts.alert_bad_record_mac, "bad record MAC");
-                }
-            }
 
             // if (!inputRecord.decompress(c))
             //     fatal(Alerts.alert_decompression_failure,
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -966,29 +966,13 @@
              * throw a fatal alert if the integrity check fails.
              */
             try {
-                r.decrypt(readCipher);
+                r.decrypt(readMAC, readCipher);
             } catch (BadPaddingException e) {
-                // RFC 2246 states that decryption_failed should be used
-                // for this purpose. However, that allows certain attacks,
-                // so we just send bad record MAC. We also need to make
-                // sure to always check the MAC to avoid a timing attack
-                // for the same issue. See paper by Vaudenay et al.
-                r.checkMAC(readMAC);
-                // use the same alert types as for MAC failure below
                 byte alertType = (r.contentType() == Record.ct_handshake)
                                         ? Alerts.alert_handshake_failure
                                         : Alerts.alert_bad_record_mac;
-                fatal(alertType, "Invalid padding", e);
+                fatal(alertType, e.getMessage(), e);
             }
-            if (!r.checkMAC(readMAC)) {
-                if (r.contentType() == Record.ct_handshake) {
-                    fatal(Alerts.alert_handshake_failure,
-                        "bad handshake record MAC");
-                } else {
-                    fatal(Alerts.alert_bad_record_mac, "bad record MAC");
-                }
-            }
-
 
             // if (!r.decompress(c))
             //     fatal(Alerts.alert_decompression_failure,
--- a/src/share/classes/sun/security/util/UntrustedCertificates.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/classes/sun/security/util/UntrustedCertificates.java	Fri Mar 01 15:28:53 2013 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -737,5 +737,111 @@
         "B8WfedLHjFW/TMcnXlEWKz4=\n" +
         "-----END CERTIFICATE-----");
 
+        //
+        // Revoked DigiCert code signing certificates used to sign malware
+        //
+
+        // Subject: CN=Buster Paper Comercial Ltda,
+        //          O=Buster Paper Comercial Ltda,
+        //          L=S?o Jos? Dos Campos,
+        //          ST=S?o Paulo,
+        //          C=BR
+        // Issuer:  CN=DigiCert Assured ID Code Signing CA-1,
+        //          OU=www.digicert.com,
+        //          O=DigiCert Inc,
+        //          C=US
+        // Serial:  07:b4:4c:db:ff:fb:78:de:05:f4:26:16:72:a6:73:12
+        add("buster-paper-comercial-ltda-72A67312",
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIGwzCCBaugAwIBAgIQB7RM2//7eN4F9CYWcqZzEjANBgkqhkiG9w0BAQUFADBv\n" +
+        "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" +
+        "d3cuZGlnaWNlcnQuY29tMS4wLAYDVQQDEyVEaWdpQ2VydCBBc3N1cmVkIElEIENv\n" +
+        "ZGUgU2lnbmluZyBDQS0xMB4XDTEzMDExNzAwMDAwMFoXDTE0MDEyMjEyMDAwMFow\n" +
+        "gY4xCzAJBgNVBAYTAkJSMRMwEQYDVQQIDApTw6NvIFBhdWxvMR4wHAYDVQQHDBVT\n" +
+        "w6NvIEpvc8OpIERvcyBDYW1wb3MxJDAiBgNVBAoTG0J1c3RlciBQYXBlciBDb21l\n" +
+        "cmNpYWwgTHRkYTEkMCIGA1UEAxMbQnVzdGVyIFBhcGVyIENvbWVyY2lhbCBMdGRh\n" +
+        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO0l6jWIpEfO2oUpVHpL\n" +
+        "HETj5lzivNb0S9jKHgGJax917czh81PnGTxwxFXd6gLJuy/XFHvmiSi8g8jzlymn\n" +
+        "2Ji5zQ3CPaz7nomJokSUDlMVJ2qYWtctw4jrdjuI4qtn+koXXUFkWjkf8h8251I4\n" +
+        "tUs7S49HE2Go5owCYP3byajj7fsFAYR/Xb7TdVtndkZsUB/YgOjHovyACjouaNCi\n" +
+        "mDiRyQ6zLLjZGiyeD65Yiseuhp5b8/BL5h1p7w76QYMYMVQNAdtDKut2R8MBpuWf\n" +
+        "Ny7Eoi0x/gm1p9X5Rcl5aN7K0G4UtTAJKbkuUfXddsyFoM0Nx8uo8SgNQ8Y/X5Jx\n" +
+        "BwIDAQABo4IDOTCCAzUwHwYDVR0jBBgwFoAUe2jOKarAF75JeuHlP9an90WPNTIw\n" +
+        "HQYDVR0OBBYEFFLZ3n5nt/Eer7n1bvtOqMb1qKO5MA4GA1UdDwEB/wQEAwIHgDAT\n" +
+        "BgNVHSUEDDAKBggrBgEFBQcDAzBzBgNVHR8EbDBqMDOgMaAvhi1odHRwOi8vY3Js\n" +
+        "My5kaWdpY2VydC5jb20vYXNzdXJlZC1jcy0yMDExYS5jcmwwM6AxoC+GLWh0dHA6\n" +
+        "Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9hc3N1cmVkLWNzLTIwMTFhLmNybDCCAcQGA1Ud\n" +
+        "IASCAbswggG3MIIBswYJYIZIAYb9bAMBMIIBpDA6BggrBgEFBQcCARYuaHR0cDov\n" +
+        "L3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsG\n" +
+        "AQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABD\n" +
+        "AGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABh\n" +
+        "AGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQBy\n" +
+        "AHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBn\n" +
+        "ACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABs\n" +
+        "AGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABp\n" +
+        "AG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgAZQByAGUAaQBuACAAYgB5ACAAcgBl\n" +
+        "AGYAZQByAGUAbgBjAGUALjCBggYIKwYBBQUHAQEEdjB0MCQGCCsGAQUFBzABhhho\n" +
+        "dHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTAYIKwYBBQUHMAKGQGh0dHA6Ly9jYWNl\n" +
+        "cnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRENvZGVTaWduaW5nQ0Et\n" +
+        "MS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAPTTQvpOIikXI\n" +
+        "hTLnNbajaFRR5GhQpTzUNgBfF9VYSlNw/wMjpGsrh5RxaJCip52jbehmTgjMRhft\n" +
+        "jRYyml44PAVsCcR9uEoDpCZYpI1fHI1R+F8jd1C9rqprbSwwOG4xlg4SmvTHYs6e\n" +
+        "gBItQ/1p9XY+Sf4Wv1qOuOFL1qvV/5VyR2zdlOQCmKCeMgxt6a/tHLBDiAA67D44\n" +
+        "/vfdoNJl0CU2It0PO60jdCPFNWIRcxL+OSDqAoePeUC7xQ+JsTEIxuUE8+d6w6fc\n" +
+        "BV2mYb1flh22t46GLjh4gyo7xw3aL6L0L0jzlTT6IcEw6NIbaPbIKj/npQnHobYj\n" +
+        "XMuKLxbh7g==\n" +
+        "-----END CERTIFICATE-----");
+
+        // Subject: CN=BUSTER ASSISTENCIA TECNICA ELETRONICA LTDA - ME,
+        //          O=BUSTER ASSISTENCIA TECNICA ELETRONICA LTDA - ME,
+        //          L=S?o Paulo,
+        //          ST=S?o Paulo,
+        //          C=BR
+        // Issuer:  CN=DigiCert Assured ID Code Signing CA-1,
+        //          OU=www.digicert.com,
+        //          O=DigiCert Inc,
+        //          C=US
+        // Serial:  0a:38:9b:95:ee:73:6d:d1:3b:c0:ed:74:3f:d7:4d:2f
+        add("buster-assistencia-tecnica-electronica-ltda-3FD74D2F",
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIG4DCCBcigAwIBAgIQCjible5zbdE7wO10P9dNLzANBgkqhkiG9w0BAQUFADBv\n" +
+        "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" +
+        "d3cuZGlnaWNlcnQuY29tMS4wLAYDVQQDEyVEaWdpQ2VydCBBc3N1cmVkIElEIENv\n" +
+        "ZGUgU2lnbmluZyBDQS0xMB4XDTEyMTEwOTAwMDAwMFoXDTEzMTExNDEyMDAwMFow\n" +
+        "gasxCzAJBgNVBAYTAkJSMRMwEQYDVQQIDApTw6NvIFBhdWxvMRMwEQYDVQQHDApT\n" +
+        "w6NvIFBhdWxvMTgwNgYDVQQKEy9CVVNURVIgQVNTSVNURU5DSUEgVEVDTklDQSBF\n" +
+        "TEVUUk9OSUNBIExUREEgLSBNRTE4MDYGA1UEAxMvQlVTVEVSIEFTU0lTVEVOQ0lB\n" +
+        "IFRFQ05JQ0EgRUxFVFJPTklDQSBMVERBIC0gTUUwggEiMA0GCSqGSIb3DQEBAQUA\n" +
+        "A4IBDwAwggEKAoIBAQDAqNeEs5/B2CTXGjTOkUIdu6jV6qulOZwdw4sefHWYj1UR\n" +
+        "4z6zPk9kjpUgbnb402RFq88QtfInwddZ/wXn9OxMtDd/3TnC7HrhNS7ga79ZFL2V\n" +
+        "JnmzKHum2Yvh0q82QEJ9tHBR2X9VdKpUIH08Zs3k6cWWM1H0YX0cxA/HohhesQJW\n" +
+        "kwJ3urOIJiH/HeByDk8a1NS8safcCxk5vxvW4WvCg43iT09LeHY5Aa8abKw8lqVb\n" +
+        "0tD5ZSIjdmdj3TT1U37iAHLLRM2DXbxfdbhouUX1c5U1ZHAMA67HwjKiseOiDaHj\n" +
+        "NUGbC37C+cgbc9VVM/cURD8WvS0Kj6fQv7F2QtJDAgMBAAGjggM5MIIDNTAfBgNV\n" +
+        "HSMEGDAWgBR7aM4pqsAXvkl64eU/1qf3RY81MjAdBgNVHQ4EFgQU88EXKAyDsh30\n" +
+        "o9+Gu9a4xUy+FSMwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMD\n" +
+        "MHMGA1UdHwRsMGowM6AxoC+GLWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9hc3N1\n" +
+        "cmVkLWNzLTIwMTFhLmNybDAzoDGgL4YtaHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" +
+        "L2Fzc3VyZWQtY3MtMjAxMWEuY3JsMIIBxAYDVR0gBIIBuzCCAbcwggGzBglghkgB\n" +
+        "hv1sAwEwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9z\n" +
+        "c2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4A\n" +
+        "eQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQA\n" +
+        "ZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUA\n" +
+        "IABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAA\n" +
+        "YQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcA\n" +
+        "cgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIA\n" +
+        "aQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQA\n" +
+        "ZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMIGC\n" +
+        "BggrBgEFBQcBAQR2MHQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0\n" +
+        "LmNvbTBMBggrBgEFBQcwAoZAaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp\n" +
+        "Z2lDZXJ0QXNzdXJlZElEQ29kZVNpZ25pbmdDQS0xLmNydDAMBgNVHRMBAf8EAjAA\n" +
+        "MA0GCSqGSIb3DQEBBQUAA4IBAQAei1QmiXepje8OIfo/WonD4MIXgpPr2dfRaquQ\n" +
+        "A8q63OpTRSveyqdQDCSPpDRF/nvO1Y30yksZvIH1tNBsW5LBdxAKN3lFdBlqBwtE\n" +
+        "Q3jHc0KVVYRJ0FBaGE/PJHmRajscdAhYIcMPhTga0u0tDK+wOHEq3993dfl6yHjA\n" +
+        "XHU2iW5pnk75ZoE39zALD5eKXT8ZXrET5c3XUFJKWA+XuGmdmyzqo0Au49PanBv9\n" +
+        "UlZnabYfqoMArqMS0tGSX4cGgi9/2E+pHG9BX4sFW+ZDumroOA2pxyMWEKjxePEL\n" +
+        "zCOfhbsRWdMLYepauaNZOIMZXmFwcrIl0TGMkTAtATz+XmZc\n" +
+        "-----END CERTIFICATE-----");
+
     }
 }
--- a/src/share/lib/security/java.security-linux	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/lib/security/java.security-linux	Fri Mar 01 15:28:53 2013 +0000
@@ -129,8 +129,8 @@
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
+               com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
                com.sun.org.glassfish.external.,\
@@ -153,8 +153,8 @@
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
+                   com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\
                    com.sun.org.glassfish.external.,\
--- a/src/share/lib/security/java.security-macosx	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/lib/security/java.security-macosx	Fri Mar 01 15:28:53 2013 +0000
@@ -130,8 +130,8 @@
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
+               com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
                com.sun.org.glassfish.external.,\
@@ -155,8 +155,8 @@
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
+                   com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\
                    com.sun.org.glassfish.external.,\
--- a/src/share/lib/security/java.security-solaris	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/lib/security/java.security-solaris	Fri Mar 01 15:28:53 2013 +0000
@@ -131,8 +131,8 @@
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
+               com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
                com.sun.org.glassfish.external.,\
@@ -155,8 +155,8 @@
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
+                   com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\
                    com.sun.org.glassfish.external.,\
--- a/src/share/lib/security/java.security-windows	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/share/lib/security/java.security-windows	Fri Mar 01 15:28:53 2013 +0000
@@ -130,8 +130,8 @@
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
+               com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
                com.sun.org.glassfish.external.,\
@@ -154,8 +154,8 @@
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
+                   com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\
                    com.sun.org.glassfish.external.,\
--- a/src/solaris/classes/sun/nio/fs/SolarisAclFileAttributeView.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/src/solaris/classes/sun/nio/fs/SolarisAclFileAttributeView.java	Fri Mar 01 15:28:53 2013 +0000
@@ -52,10 +52,10 @@
     /**
      * typedef struct ace {
      *     uid_t        a_who;
-     *     uitn32_t     a_access_mark;
+     *     uint32_t     a_access_mask;
      *     uint16_t     a_flags;
      *     uint16_t     a_type;
-     * } act_t;
+     * } ace_t;
      */
     private static final short SIZEOF_ACE_T     = 12;
     private static final short OFFSETOF_UID     = 0;
@@ -209,21 +209,16 @@
 
             // map uid and flags to UserPrincipal
             UnixUserPrincipals.User who = null;
-            if (uid == -1) {
-                if ((flags & ACE_OWNER) > 0)
-                    who = UnixUserPrincipals.SPECIAL_OWNER;
-                if ((flags & ACE_GROUP) > 0)
-                    who = UnixUserPrincipals.SPECIAL_GROUP;
-                if ((flags & ACE_EVERYONE) > 0)
-                    who = UnixUserPrincipals.SPECIAL_EVERYONE;
-                if (who == null)
-                    throw new AssertionError("ACE who not handled");
+            if ((flags & ACE_OWNER) > 0) {
+                who = UnixUserPrincipals.SPECIAL_OWNER;
+            } else if ((flags & ACE_GROUP) > 0) {
+                who = UnixUserPrincipals.SPECIAL_GROUP;
+            } else if ((flags & ACE_EVERYONE) > 0) {
+                who = UnixUserPrincipals.SPECIAL_EVERYONE;
+            } else if ((flags & ACE_IDENTIFIER_GROUP) > 0) {
+                who = UnixUserPrincipals.fromGid(uid);
             } else {
-                // can be gid
-                if ((flags & ACE_IDENTIFIER_GROUP) > 0)
-                    who = UnixUserPrincipals.fromGid(uid);
-                else
-                    who = UnixUserPrincipals.fromUid(uid);
+                who = UnixUserPrincipals.fromUid(uid);
             }
 
             AclEntryType aceType = null;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/List/MouseDraggedOutCauseScrollingTest/MouseDraggedOutCauseScrollingTest.html	Fri Mar 01 15:28:53 2013 +0000
@@ -0,0 +1,43 @@
+<html>
+<!--
+  Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+
+  This code is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License version 2 only, as
+  published by the Free Software Foundation.
+
+  This code is distributed in the hope that it will be useful, but WITHOUT
+  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+  version 2 for more details (a copy is included in the LICENSE file that
+  accompanied this code).
+
+  You should have received a copy of the GNU General Public License version
+  2 along with this work; if not, write to the Free Software Foundation,
+  Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+  or visit www.oracle.com if you need additional information or have any
+  questions.
+  -->
+
+<!--  
+  @test
+  @bug 6243382 8006070
+  @summary Dragging of mouse outside of a List and Choice area don't work properly on XAWT
+  @author Dmitry.Cherepanov@SUN.COM area=awt.list
+  @run applet/manual=yesno MouseDraggedOutCauseScrollingTest.html
+  -->
+<head>
+<title> ManualYesNoTest </title>
+</head>
+<body>
+
+<h1>ManualYesNoTest<br>Bug ID: </h1>
+
+<p> See the dialog box (usually in upper left corner) for instructions</p>
+
+<APPLET CODE="MouseDraggedOutCauseScrollingTest.class" WIDTH=200 HEIGHT=200></APPLET>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/List/MouseDraggedOutCauseScrollingTest/MouseDraggedOutCauseScrollingTest.java	Fri Mar 01 15:28:53 2013 +0000
@@ -0,0 +1,246 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+  test
+  @bug 6243382 8006070
+  @summary Dragging of mouse outside of a List and Choice area don't work properly on XAWT
+  @author Dmitry.Cherepanov@SUN.COM area=awt.list
+  @run applet/manual=yesno MouseDraggedOutCauseScrollingTest.html
+*/
+
+import java.applet.Applet;
+import java.awt.*;
+
+public class MouseDraggedOutCauseScrollingTest extends Applet
+{
+    Choice choice;
+    List singleList;
+    List multipleList;
+
+    public void init()
+    {
+        this.setLayout (new GridLayout (1, 3));
+
+        choice = new Choice();
+        singleList = new List(3, false);
+        multipleList = new List(3, true);
+
+        choice.add("Choice");
+        for (int i = 1; i < 100; i++){
+            choice.add(""+i);
+        }
+
+        singleList.add("Single list");
+        for (int i = 1; i < 100; i++)
+            singleList.add(""+i);
+
+        multipleList.add("Multiple list");
+        for (int i = 1; i < 100; i++)
+            multipleList.add(""+i);
+
+        this.add(choice);
+        this.add(singleList);
+        this.add(multipleList);
+
+        String toolkitName = Toolkit.getDefaultToolkit().getClass().getName();
+        if (!toolkitName.equals("sun.awt.X11.XToolkit")) {
+            String[] instructions =
+            {
+                "This test is not applicable to the current platform. Press PASS"
+            };
+            Sysout.createDialogWithInstructions( instructions );
+        } else {
+            String[] instructions =
+            {
+                "0) Please note, that this is only Motif/XAWT test. At first, make the applet active",
+                "1.1) Click on the choice",
+                "1.2) Press the left button of the mouse and keep on any item of the choice, for example 5",
+                "1.3) Drag mouse out of the area of the unfurled list, at the same time hold the X coordinate of the mouse position about the same",
+                "1.4) To make sure, that when the Y coordinate of the mouse position higher of the upper bound of the list then scrolling UP of the list and selected item changes on the upper. If not, the test failed",
+                "1.5) To make sure, that when the Y coordinate of the mouse position under of the lower bound of the list then scrolling DOWN of the list and selected item changes on the lower. If not, the test failed",
+                "-----------------------------------",
+                "2.1) Click on the single list",
+                "2.2) Press the left button of the mouse and keep on any item of the list, for example 5",
+                "2.3) Drag mouse out of the area of the unfurled list, at the same time hold the X coordinate of the mouse position about the same",
+                "2.4) To make sure, that when the Y coordinate of the mouse position higher of the upper bound of the list then scrolling UP of the list and selected item changes on the upper. If not, the test failed",
+                "2.5) To make sure, that when the Y coordinate of the mouse position under of the lower bound of the list then scrolling DOWN of the list and selected item changes on the lower. If not, the test failed",
+                "-----------------------------------",
+                "3.1) Click on the multiple list",
+                "3.2) Press the left button of the mouse and keep on any item of the list, for example 5",
+                "3.3) Drag mouse out of the area of the unfurled list, at the same time hold the X coordinate of the mouse position about the same",
+                "3.4) To make sure, that when the Y coordinate of the mouse position higher of the upper bound of the list then scrolling of the list NO OCCURED and selected item NO CHANGES on the upper. If not, the test failed",
+                "3.5) To make sure, that when the Y coordinate of the mouse position under of the lower bound of the list then scrolling of the list NO OCCURED and selected item NO CHANGES on the lower. If not, the test failed",
+                "4) Test passed."
+            };
+            Sysout.createDialogWithInstructions( instructions );
+        }
+
+    }//End  init()
+
+    public void start ()
+    {
+        setSize (400,100);
+        setVisible(true);
+        validate();
+
+    }// start()
+
+}// class ManualYesNoTest
+
+/****************************************************
+ Standard Test Machinery
+ DO NOT modify anything below -- it's a standard
+  chunk of code whose purpose is to make user
+  interaction uniform, and thereby make it simpler
+  to read and understand someone else's test.
+ ****************************************************/
+
+/**
+ This is part of the standard test machinery.
+ It creates a dialog (with the instructions), and is the interface
+  for sending text messages to the user.
+ To print the instructions, send an array of strings to Sysout.createDialog
+  WithInstructions method.  Put one line of instructions per array entry.
+ To display a message for the tester to see, simply call Sysout.println
+  with the string to be displayed.
+ This mimics System.out.println but works within the test harness as well
+  as standalone.
+ */
+
+class Sysout
+{
+    private static TestDialog dialog;
+
+    public static void createDialogWithInstructions( String[] instructions )
+    {
+        dialog = new TestDialog( new Frame(), "Instructions" );
+        dialog.printInstructions( instructions );
+        dialog.setVisible(true);
+        println( "Any messages for the tester will display here." );
+    }
+
+    public static void createDialog( )
+    {
+        dialog = new TestDialog( new Frame(), "Instructions" );
+        String[] defInstr = { "Instructions will appear here. ", "" } ;
+        dialog.printInstructions( defInstr );
+        dialog.setVisible(true);
+        println( "Any messages for the tester will display here." );
+    }
+
+
+    public static void printInstructions( String[] instructions )
+    {
+        dialog.printInstructions( instructions );
+    }
+
+
+    public static void println( String messageIn )
+    {
+        dialog.displayMessage( messageIn );
+    }
+
+}// Sysout  class
+
+/**
+  This is part of the standard test machinery.  It provides a place for the
+   test instructions to be displayed, and a place for interactive messages
+   to the user to be displayed.
+  To have the test instructions displayed, see Sysout.
+  To have a message to the user be displayed, see Sysout.
+  Do not call anything in this dialog directly.
+  */
+class TestDialog extends Dialog
+{
+
+    TextArea instructionsText;
+    TextArea messageText;
+    int maxStringLength = 80;
+
+    //DO NOT call this directly, go through Sysout
+    public TestDialog( Frame frame, String name )
+    {
+        super( frame, name );
+        int scrollBoth = TextArea.SCROLLBARS_BOTH;
+        instructionsText = new TextArea( "", 15, maxStringLength, scrollBoth );
+        add( "North", instructionsText );
+
+        messageText = new TextArea( "", 5, maxStringLength, scrollBoth );
+        add("Center", messageText);
+
+        pack();
+
+        setVisible(true);
+    }// TestDialog()
+
+    //DO NOT call this directly, go through Sysout
+    public void printInstructions( String[] instructions )
+    {
+        //Clear out any current instructions
+        instructionsText.setText( "" );
+
+        //Go down array of instruction strings
+
+        String printStr, remainingStr;
+        for( int i=0; i < instructions.length; i++ )
+        {
+            //chop up each into pieces maxSringLength long
+            remainingStr = instructions[ i ];
+            while( remainingStr.length() > 0 )
+            {
+                //if longer than max then chop off first max chars to print
+                if( remainingStr.length() >= maxStringLength )
+                {
+                    //Try to chop on a word boundary
+                    int posOfSpace = remainingStr.
+                        lastIndexOf( ' ', maxStringLength - 1 );
+
+                    if( posOfSpace <= 0 ) posOfSpace = maxStringLength - 1;
+
+                    printStr = remainingStr.substring( 0, posOfSpace + 1 );
+                    remainingStr = remainingStr.substring( posOfSpace + 1 );
+                }
+                //else just print
+                else
+                {
+                    printStr = remainingStr;
+                    remainingStr = "";
+                }
+
+                instructionsText.append( printStr + "\n" );
+
+            }// while
+
+        }// for
+
+    }//printInstructions()
+
+    //DO NOT call this directly, go through Sysout
+    public void displayMessage( String messageIn )
+    {
+        messageText.append( messageIn + "\n" );
+        System.out.println(messageIn);
+    }
+
+}// TestDialog  class
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/Modal/ModalDialogMultiscreenTest/ModalDialogMultiscreenTest.java	Fri Mar 01 15:28:53 2013 +0000
@@ -0,0 +1,441 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+  @test
+  @bug 6430802 8008379
+  @summary WM should not hang after show()/close()
+  @author anthony.petrov@sun.com: area=awt.modal
+  @run main/manual ModalDialogMultiscreenTest
+*/
+
+
+/**
+ * ModalDialogMultiscreenTest.java
+ *
+ * summary: Tests whether a WM will hang on show()/close() a modal dialog in multiscreen mode
+ */
+
+import java.awt.*;
+import java.awt.event.*;
+import javax.swing.*;
+
+
+public class ModalDialogMultiscreenTest
+{
+
+    private static class ButtonActionListener implements ActionListener {
+        JFrame frame;
+        JDialog dialog;
+        public ButtonActionListener(JFrame frame, JDialog dialog) {
+            this.frame = frame;
+            this.dialog = dialog;
+        }
+        public void actionPerformed(ActionEvent e) {
+            dialog.setLocationRelativeTo(frame);
+            dialog.setVisible(true);
+        }
+    }
+    public static class TestDialog extends JDialog {
+        public TestDialog(Frame owner, String title, boolean modal, GraphicsConfiguration gc) {
+            super(owner, title, modal, gc);
+            setSize(200, 100);
+            JButton button = new JButton("Close");
+            button.addActionListener(new ActionListener() {
+                public void actionPerformed(ActionEvent e) {
+                    dispose();
+                }
+            });
+            getContentPane().add(button);
+        }
+    }
+
+    private static void init()
+    {
+        GraphicsEnvironment ge = GraphicsEnvironment.getLocalGraphicsEnvironment();
+        GraphicsDevice[] gs = ge.getScreenDevices();
+
+        Sysout.createDialog( );
+
+        if (gs.length < 2) {
+            System.out.println("Not multi-head environment, test not valid!");
+            ModalDialogMultiscreenTest.pass( );
+        }
+
+        String[] instructions =
+        {
+            "The test should be run on a multi-head X (non-xinerama) systems.",
+            "Otherwise click the Pass button right now.",
+            "You will see an open Frame on each screen your system has.",
+            "The frame has an 'Open dialog' button.",
+            "Clicking the button opens a modal dialog with a Close button.",
+            "The test procedure:",
+            "1. Open a dialog and close it with appropriate buttons.",
+            "2. Switch to another screen ($ DISPLAY=X.Y xprop)",
+            "3. Repeat steps 1-2 several times (about 3*<number-of-screens>)",
+            "If the test doesn't cause the window manager to hang, it's passed."
+        };
+        Sysout.printInstructions( instructions );
+
+
+        for (int i = 0; i < gs.length; i++) {
+            JFrame frame = new JFrame("Frame "+i,gs[i].getDefaultConfiguration());
+            JButton button = new JButton("Open Dialog");
+            button.setMinimumSize(new Dimension(200, 100));
+            button.setPreferredSize(new Dimension(200, 100));
+            button.setSize(new Dimension(200, 100));
+            button.addActionListener(new ButtonActionListener(frame, new TestDialog(frame, "Dialog #"+i, true, gs[i].getDefaultConfiguration())));
+            frame.getContentPane().add(button);
+            frame.pack();
+            frame.setVisible(true);
+        }
+
+    }//End  init()
+
+
+    //ap203012: NO MORE CHANGES BELOW THIS LINE
+
+
+
+    /*****************************************************
+     * Standard Test Machinery Section
+     * DO NOT modify anything in this section -- it's a
+     * standard chunk of code which has all of the
+     * synchronisation necessary for the test harness.
+     * By keeping it the same in all tests, it is easier
+     * to read and understand someone else's test, as
+     * well as insuring that all tests behave correctly
+     * with the test harness.
+     * There is a section following this for test-defined
+     * classes
+     ******************************************************/
+    private static boolean theTestPassed = false;
+    private static boolean testGeneratedInterrupt = false;
+    private static String failureMessage = "";
+
+    private static Thread mainThread = null;
+
+    private static int sleepTime = 300000;
+
+    public static void main( String args[] ) throws InterruptedException
+    {
+        mainThread = Thread.currentThread();
+        try
+        {
+            init();
+        }
+        catch( TestPassedException e )
+        {
+            //The test passed, so just return from main and harness will
+            // interepret this return as a pass
+            return;
+        }
+        //At this point, neither test passed nor test failed has been
+        // called -- either would have thrown an exception and ended the
+        // test, so we know we have multiple threads.
+
+        //Test involves other threads, so sleep and wait for them to
+        // called pass() or fail()
+        try
+        {
+            Thread.sleep( sleepTime );
+            //Timed out, so fail the test
+            throw new RuntimeException( "Timed out after " + sleepTime/1000 + " seconds" );
+        }
+        catch (InterruptedException e)
+        {
+            if( ! testGeneratedInterrupt ) throw e;
+
+            //reset flag in case hit this code more than once for some reason (just safety)
+            testGeneratedInterrupt = false;
+            if ( theTestPassed == false )
+            {
+                throw new RuntimeException( failureMessage );
+            }
+        }
+
+    }//main
+
+    public static synchronized void setTimeoutTo( int seconds )
+    {
+        sleepTime = seconds * 1000;
+    }
+
+    public static synchronized void pass()
+    {
+        Sysout.println( "The test passed." );
+        Sysout.println( "The test is over, hit  Ctl-C to stop Java VM" );
+        //first check if this is executing in main thread
+        if ( mainThread == Thread.currentThread() )
+        {
+            //Still in the main thread, so set the flag just for kicks,
+            // and throw a test passed exception which will be caught
+            // and end the test.
+            theTestPassed = true;
+            throw new TestPassedException();
+        }
+        //pass was called from a different thread, so set the flag and interrupt
+        // the main thead.
+        theTestPassed = true;
+        testGeneratedInterrupt = true;
+        mainThread.interrupt();
+    }//pass()
+
+    public static synchronized void fail()
+    {
+        //test writer didn't specify why test failed, so give generic
+        fail( "it just plain failed! :-)" );
+    }
+
+    public static synchronized void fail( String whyFailed )
+    {
+        Sysout.println( "The test failed: " + whyFailed );
+        Sysout.println( "The test is over, hit  Ctl-C to stop Java VM" );
+        //check if this called from main thread
+        if ( mainThread == Thread.currentThread() )
+        {
+            //If main thread, fail now 'cause not sleeping
+            throw new RuntimeException( whyFailed );
+        }
+        theTestPassed = false;
+        testGeneratedInterrupt = true;
+        failureMessage = whyFailed;
+        mainThread.interrupt();
+    }//fail()
+
+}// class ModalDialogMultiscreenTest
+
+//This exception is used to exit from any level of call nesting
+// when it's determined that the test has passed, and immediately
+// end the test.
+class TestPassedException extends RuntimeException
+{
+}
+
+//*********** End Standard Test Machinery Section **********
+
+
+//************ Begin classes defined for the test ****************
+
+// make listeners in a class defined here, and instantiate them in init()
+
+/* Example of a class which may be written as part of a test
+class NewClass implements anInterface
+ {
+   static int newVar = 0;
+
+   public void eventDispatched(AWTEvent e)
+    {
+      //Counting events to see if we get enough
+      eventCount++;
+
+      if( eventCount == 20 )
+       {
+         //got enough events, so pass
+
+         ModalDialogMultiscreenTest.pass();
+       }
+      else if( tries == 20 )
+       {
+         //tried too many times without getting enough events so fail
+
+         ModalDialogMultiscreenTest.fail();
+       }
+
+    }// eventDispatched()
+
+ }// NewClass class
+
+*/
+
+
+//************** End classes defined for the test *******************
+
+
+
+
+/****************************************************
+ Standard Test Machinery
+ DO NOT modify anything below -- it's a standard
+  chunk of code whose purpose is to make user
+  interaction uniform, and thereby make it simpler
+  to read and understand someone else's test.
+ ****************************************************/
+
+/**
+ This is part of the standard test machinery.
+ It creates a dialog (with the instructions), and is the interface
+  for sending text messages to the user.
+ To print the instructions, send an array of strings to Sysout.createDialog
+  WithInstructions method.  Put one line of instructions per array entry.
+ To display a message for the tester to see, simply call Sysout.println
+  with the string to be displayed.
+ This mimics System.out.println but works within the test harness as well
+  as standalone.
+ */
+
+class Sysout
+{
+    private static TestDialog dialog;
+
+    public static void createDialogWithInstructions( String[] instructions )
+    {
+        dialog = new TestDialog( new Frame(), "Instructions" );
+        dialog.printInstructions( instructions );
+        dialog.setVisible(true);
+        println( "Any messages for the tester will display here." );
+    }
+
+    public static void createDialog( )
+    {
+        dialog = new TestDialog( new Frame(), "Instructions" );
+        String[] defInstr = { "Instructions will appear here. ", "" } ;
+        dialog.printInstructions( defInstr );
+        dialog.setVisible(true);
+        println( "Any messages for the tester will display here." );
+    }
+
+
+    public static void printInstructions( String[] instructions )
+    {
+        dialog.printInstructions( instructions );
+    }
+
+
+    public static void println( String messageIn )
+    {
+        dialog.displayMessage( messageIn );
+    }
+
+}// Sysout  class
+
+/**
+  This is part of the standard test machinery.  It provides a place for the
+   test instructions to be displayed, and a place for interactive messages
+   to the user to be displayed.
+  To have the test instructions displayed, see Sysout.
+  To have a message to the user be displayed, see Sysout.
+  Do not call anything in this dialog directly.
+  */
+class TestDialog extends Dialog implements ActionListener
+{
+
+    TextArea instructionsText;
+    TextArea messageText;
+    int maxStringLength = 80;
+    Panel  buttonP = new Panel();
+    Button passB = new Button( "pass" );
+    Button failB = new Button( "fail" );
+
+    //DO NOT call this directly, go through Sysout
+    public TestDialog( Frame frame, String name )
+    {
+        super( frame, name );
+        int scrollBoth = TextArea.SCROLLBARS_BOTH;
+        instructionsText = new TextArea( "", 15, maxStringLength, scrollBoth );
+        add( "North", instructionsText );
+
+        messageText = new TextArea( "", 5, maxStringLength, scrollBoth );
+        add("Center", messageText);
+
+        passB = new Button( "pass" );
+        passB.setActionCommand( "pass" );
+        passB.addActionListener( this );
+        buttonP.add( "East", passB );
+
+        failB = new Button( "fail" );
+        failB.setActionCommand( "fail" );
+        failB.addActionListener( this );
+        buttonP.add( "West", failB );
+
+        add( "South", buttonP );
+        pack();
+
+        setVisible(true);
+    }// TestDialog()
+
+    //DO NOT call this directly, go through Sysout
+    public void printInstructions( String[] instructions )
+    {
+        //Clear out any current instructions
+        instructionsText.setText( "" );
+
+        //Go down array of instruction strings
+
+        String printStr, remainingStr;
+        for( int i=0; i < instructions.length; i++ )
+        {
+            //chop up each into pieces maxSringLength long
+            remainingStr = instructions[ i ];
+            while( remainingStr.length() > 0 )
+            {
+                //if longer than max then chop off first max chars to print
+                if( remainingStr.length() >= maxStringLength )
+                {
+                    //Try to chop on a word boundary
+                    int posOfSpace = remainingStr.
+                        lastIndexOf( ' ', maxStringLength - 1 );
+
+                    if( posOfSpace <= 0 ) posOfSpace = maxStringLength - 1;
+
+                    printStr = remainingStr.substring( 0, posOfSpace + 1 );
+                    remainingStr = remainingStr.substring( posOfSpace + 1 );
+                }
+                //else just print
+                else
+                {
+                    printStr = remainingStr;
+                    remainingStr = "";
+                }
+
+                instructionsText.append( printStr + "\n" );
+
+            }// while
+
+        }// for
+
+    }//printInstructions()
+
+    //DO NOT call this directly, go through Sysout
+    public void displayMessage( String messageIn )
+    {
+        messageText.append( messageIn + "\n" );
+        System.out.println(messageIn);
+    }
+
+    //catch presses of the passed and failed buttons.
+    //simply call the standard pass() or fail() static methods of
+    //ModalDialogMultiscreenTest
+    public void actionPerformed( ActionEvent e )
+    {
+        if( e.getActionCommand() == "pass" )
+        {
+            ModalDialogMultiscreenTest.pass();
+        }
+        else
+        {
+            ModalDialogMultiscreenTest.fail();
+        }
+    }
+
+}// TestDialog  class
--- a/test/java/nio/file/Files/Misc.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/java/nio/file/Files/Misc.java	Fri Mar 01 15:28:53 2013 +0000
@@ -22,7 +22,7 @@
  */
 
 /* @test
- * @bug 4313887 6838333
+ * @bug 4313887 6838333 8005566
  * @summary Unit test for miscellenous methods in java.nio.file.Files
  * @library ..
  */
--- a/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java	Fri Mar 01 15:28:53 2013 +0000
@@ -119,9 +119,6 @@
             System.out.println("Create SimpleStandard MBean");
             SimpleStandard s = new SimpleStandard("monitorRole");
             mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
-            // Set Security Manager
-            //
-            System.setSecurityManager(new SecurityManager());
             // Create Properties containing the username/password entries
             //
             Properties props = new Properties();
@@ -132,6 +129,9 @@
             HashMap env = new HashMap();
             env.put("jmx.remote.authenticator",
                     new JMXPluggableAuthenticator(props));
+            // Set Security Manager
+            //
+            System.setSecurityManager(new SecurityManager());
             // Create an RMI connector server
             //
             System.out.println("Create an RMI connector server");
--- a/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java	Fri Mar 01 15:28:53 2013 +0000
@@ -120,9 +120,6 @@
             System.out.println("Create SimpleStandard MBean");
             SimpleStandard s = new SimpleStandard("delegate");
             mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
-            // Set Security Manager
-            //
-            System.setSecurityManager(new SecurityManager());
             // Create Properties containing the username/password entries
             //
             Properties props = new Properties();
@@ -133,6 +130,9 @@
             HashMap env = new HashMap();
             env.put("jmx.remote.authenticator",
                     new JMXPluggableAuthenticator(props));
+            // Set Security Manager
+            //
+            System.setSecurityManager(new SecurityManager());
             // Create an RMI connector server
             //
             System.out.println("Create an RMI connector server");
--- a/test/lib/testlibrary/jdk/testlibrary/JdkFinder.java	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/lib/testlibrary/jdk/testlibrary/JdkFinder.java	Fri Mar 01 15:28:53 2013 +0000
@@ -38,10 +38,6 @@
         }
 
         binPath += File.separatorChar + "bin" + File.separatorChar + executable;
-        File toolFile = new File(binPath);
-        if (!toolFile.exists()) {
-            throw new RuntimeException(binPath + " does not exist");
-        }
 
         return binPath;
     }
--- a/test/sun/tools/jcmd/jcmd-Defaults.sh	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/sun/tools/jcmd/jcmd-Defaults.sh	Fri Mar 01 15:28:53 2013 +0000
@@ -28,6 +28,6 @@
 
 JCMD="${TESTJAVA}/bin/jcmd"
 
-${JCMD} 2>&1 | awk -f ${TESTSRC}/jcmd_Output1.awk
+${JCMD} -J-XX:+UsePerfData 2>&1 | awk -f ${TESTSRC}/jcmd_Output1.awk
 
-${JCMD} -l 2>&1 | awk -f ${TESTSRC}/jcmd_Output1.awk
+${JCMD} -J-XX:+UsePerfData -l 2>&1 | awk -f ${TESTSRC}/jcmd_Output1.awk
--- a/test/sun/tools/jcmd/jcmd-f.sh	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/sun/tools/jcmd/jcmd-f.sh	Fri Mar 01 15:28:53 2013 +0000
@@ -46,7 +46,7 @@
 
 # -f <script>
 rm -f jcmd.out 2>/dev/null
-${JCMD} $appJavaPid -f ${TESTSRC}/dcmd-script.txt | awk '{ if (NR>1) print $0;}' > jcmd.out 2>&1
+${JCMD} -J-XX:+UsePerfData $appJavaPid -f ${TESTSRC}/dcmd-script.txt | awk '{ if (NR>1) print $0;}' > jcmd.out 2>&1
 echo jcmd.out
 diff -w jcmd.out ${TESTSRC}/help_help.out
 if [ $? != 0 ]; then
--- a/test/sun/tools/jcmd/jcmd-help-help.sh	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/sun/tools/jcmd/jcmd-help-help.sh	Fri Mar 01 15:28:53 2013 +0000
@@ -46,7 +46,7 @@
 
 # help help
 rm -f jcmd.out 2>/dev/null
-${JCMD} $appJavaPid help help | awk '{ if (NR>1) print $0;}' > jcmd.out 2>&1
+${JCMD} -J-XX:+UsePerfData $appJavaPid help help | awk '{ if (NR>1) print $0;}' > jcmd.out 2>&1
 echo jcmd.out
 diff -w jcmd.out ${TESTSRC}/help_help.out
 if [ $? != 0 ]; then
--- a/test/sun/tools/jcmd/jcmd-help.sh	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/sun/tools/jcmd/jcmd-help.sh	Fri Mar 01 15:28:53 2013 +0000
@@ -29,7 +29,7 @@
 JCMD="${TESTJAVA}/bin/jcmd"
 
 rm -f jcmd.out 2>/dev/null
-${JCMD} -h > jcmd.out 2>&1
+${JCMD} -J-XX:+UsePerfData -h > jcmd.out 2>&1
 
 diff -w jcmd.out ${TESTSRC}/usage.out
 if [ $? != 0 ]
@@ -40,7 +40,7 @@
 fi
 
 rm -f jcmd.out 2>/dev/null
-${JCMD} -help > jcmd.out 2>&1
+${JCMD} -J-XX:+UsePerfData -help > jcmd.out 2>&1
 
 diff -w jcmd.out ${TESTSRC}/usage.out
 if [ $? != 0 ]
--- a/test/sun/tools/jcmd/jcmd-pid.sh	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/sun/tools/jcmd/jcmd-pid.sh	Fri Mar 01 15:28:53 2013 +0000
@@ -45,11 +45,11 @@
 failed=0
 
 # help command 
-${JCMD} $appJavaPid help 2>&1 | awk -f ${TESTSRC}/jcmd_pid_Output1.awk
+${JCMD} -J-XX:+UsePerfData $appJavaPid help 2>&1 | awk -f ${TESTSRC}/jcmd_pid_Output1.awk
 if [ $? != 0 ]; then failed=1; fi
 
 # PerfCounter.list option
-${JCMD} $appJavaPid PerfCounter.print 2>&1 | awk -f ${TESTSRC}/jcmd_pid_Output2.awk
+${JCMD} -J-XX:+UsePerfData $appJavaPid PerfCounter.print 2>&1 | awk -f ${TESTSRC}/jcmd_pid_Output2.awk
 if [ $? != 0 ]; then failed=1; fi
 
 set -e
--- a/test/sun/tools/jstatd/jpsOutput1.awk	Fri Mar 01 14:41:39 2013 +0000
+++ b/test/sun/tools/jstatd/jpsOutput1.awk	Fri Mar 01 15:28:53 2013 +0000
@@ -7,7 +7,7 @@
 	    matched++;
 	}
 
-/^[0-9]+ -- process information unavailable$/	{
+/^[0-9]+ -- .*$/	{
 	    matched++;
 	}