changeset 7687:9d36c3e8428a

Merge
author asaha
date Thu, 28 Aug 2014 15:14:04 -0700
parents 828c4fedd29f a31fe5329a50
children 00cdd87c5752
files .hgtags src/macosx/classes/sun/lwawt/LWWindowPeer.java src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java src/macosx/classes/sun/lwawt/macosx/LWCToolkit.java src/macosx/native/sun/awt/AWTWindow.m src/share/classes/sun/awt/AppContext.java src/share/classes/sun/awt/image/BytePackedRaster.java src/windows/classes/sun/awt/windows/WToolkit.java test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOldOrder.java
diffstat 65 files changed, 1443 insertions(+), 201 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Wed Aug 20 12:13:00 2014 -0700
+++ b/.hgtags	Thu Aug 28 15:14:04 2014 -0700
@@ -408,6 +408,9 @@
 88f1bf248cc520e0bf7ef17bc862f87aab958373 jdk7u55-b31
 b83f5194edf23b752fe2c0a9be361455f87196df jdk7u55-b32
 01a4cd03a6c85abb62eb5d1c2b5bf7d2f544c04e jdk7u55-b33
+3f54f8a387c1a908c07106b685183b19a5fc1064 jdk7u55-b34
+2cdc52ec4813abe38b4e52ae9c9f0ff5dcc87faa jdk7u55-b35
+6845d311ff990d422f9376d37e3e82d5d06bff3f jdk7u55-b36
 db5a29c812ee25c34ce9cd97de6e0dae284a4e34 jdk7u60-b00
 def34c4a798678c424786a8f0d0508e90185958d jdk7u60-b01
 ff67c89658525e8903fb870861ed3645befd6bc5 jdk7u60-b02
@@ -429,6 +432,10 @@
 e484202d9a4104840d758a21b2bba1250e766343 jdk7u60-b18
 c220d329a78161f79df73048ed55db91f538e3b7 jdk7u65-b01
 7190843ddaf4f3ad158c3071be0f4ca42a5802dc jdk7u60-b19
+8dc56d0f3e860658619eaa57d10fb1a4182d71cd jdk7u60-b30
+feac9624a1e1ffebe09a19ae351d88e3ef98c441 jdk7u60-b31
+fb40615ef352e03ee94c0682a6ca0a0e6a33a70b jdk7u60-b32
+9cfcdeeecfac66004cb5bbb2c5bba5c57e170539 jdk7u60-b33
 a42a3bb22f6991d8f6a30e4f1782ad620c40eb65 jdk7u65-b02
 756071871d61e1ca410c63a3f1c4dabcc51a90df jdk7u65-b03
 bac16c82c14a35d1e9d3c4d0bd317dbbb296f34e jdk7u65-b04
@@ -449,6 +456,45 @@
 7f7430459adfe7b7fb65da8c3fac2ac5e3495ea1 jdk7u65-b18
 ba6cef21c369076be97dd8133fd4a158cd486bd8 jdk7u65-b19
 c3a56021fc22f886106f123d4f25b385ac6b79d7 jdk7u65-b32
+8b9d926bd35adceb99f244b7b068fedb0f220f03 jdk7u65-b20
+5cf343beab2ce73d299d4f1a8f3b95892f9fd818 jdk7u67-b01
+ba6cef21c369076be97dd8133fd4a158cd486bd8 jdk7u65-b40
+7b47a34063e94e1ab5636b11231d33fae92754c9 jdk7u65-b31
+4cb63f8ca9ee8c60d6f3d0051b69acc8392bd8de jdk7u65-b33
+9ccfe70cee626ac7831cfa7b7a7eb7a88fe1cd42 jdk7u66-b00
+fc87b55d62fc1e81aaf61ff21175129b8ccc302e jdk7u66-b01
+c67e394e49429565540f04c5c2a5544f750658bb jdk7u66-b09
+257fd79cdef52511db18e1bab8967d94a03920bc jdk7u66-b10
+6f38c929df1b9d6df7760b2eb9bf3e4681a27c56 jdk7u66-b11
+d4f0008cdf6d3ec8e8e210c03e55aaa751647e8d jdk7u66-b12
+24b7c3d0942766af3415dd6125b9b8da059dbccc jdk7u66-b13
+74d01c3385b915490255cd7467a3740aa3dce310 jdk7u66-b14
+07fc91c550da6ba689e3abc9e688edcb73f9c95c jdk7u66-b15
+d4814cafa25f5b076be9e99be2a8c0d98929476d jdk7u66-b16
+69adfb3ccee5373438a6c394646c2c5ab93c89ee jdk7u66-b17
+ee0cedc50d3250edf24e96aecc785580dd61944f jdk7u71-b00
+6c865d8ab14093e4ef95e7c548c432e4bf887760 jdk7u71-b01
+829ca47df2ced2d0dc330391bf7578363369b92b jdk7u71-b02
+5b9e9506bd57763c958ea6fcff99b03d47942b9d jdk7u71-b03
+347bc2b7831097ea373ef7be72bfbf0ba3de4b7f jdk7u71-b04
+3019595da91688c79f617cf737431a2acee3ef71 jdk7u71-b05
+0a05fabc719fe6c1ed02678d255f1250b32c30ed jdk7u71-b06
+48db48aab05e47cafc37b277f68a0e2ff5f1f0b6 jdk7u71-b07
+9ff013674339cb269280bfb4eaba40bba0584c40 jdk7u71-b08
+7e47a971eff7d78a459c23ee0d44b8f6c6c4c812 jdk7u71-b09
+919e84964279a058da2c8d4088c570c19543979f jdk7u71-b10
+1108ab8e3dce0318529b4bcda46ce895659bb09b jdk7u71-b11
+c76a5b2876b98194ccbeffeab76a0326bf163ba2 jdk7u72-b01
+b02c1a8b10cd7338eb808ebfaa5a74b4997fdc8f jdk7u72-b02
+bc98cecdab4cd4a97316a5407c91bdedc92d4bb5 jdk7u72-b03
+b227c93ab2c91ce4b412d1cfb4f7649bff30677b jdk7u72-b04
+dd7983c1586dd9e6e6d53bfa05d7e164329979b0 jdk7u72-b05
+b57a21af9f6d3cd9498099c329063a671b39e3c4 jdk7u72-b06
+9d53e2319954cc1479e190e26b110168c7073b0a jdk7u72-b07
+584b227e8efe21dd47a616afdb4f1f2a2fd630cf jdk7u72-b08
+2ee54b1c7203b9973e0b2ab06cf73e98886ee099 jdk7u72-b09
+d3257f2beb42163afe64adea65b53a18d039eb0d jdk7u72-b10
+4946dc66a0c77133a0a6e3198bd9bd1ec5ef0344 jdk7u72-b11
 efc8886310cbccb941f826acfad2ad51a2891be5 jdk7u80-b00
 bc7f9d966c1df3748ef9c148eab25976cd065963 jdk7u80-b01
 2590a9c18fdba19086712bb91a28352e9239a2be jdk7u80-b02
--- a/make/java/net/FILES_c.gmk	Wed Aug 20 12:13:00 2014 -0700
+++ b/make/java/net/FILES_c.gmk	Thu Aug 28 15:14:04 2014 -0700
@@ -24,6 +24,7 @@
 #
 
 FILES_c = \
+        AbstractPlainDatagramSocketImpl.c \
         DatagramPacket.c \
         InetAddress.c \
         Inet4Address.c \
--- a/make/java/net/mapfile-vers	Wed Aug 20 12:13:00 2014 -0700
+++ b/make/java/net/mapfile-vers	Thu Aug 28 15:14:04 2014 -0700
@@ -28,6 +28,8 @@
 SUNWprivate_1.1 {
         global:
                 JNI_OnLoad;
+                Java_java_net_AbstractPlainDatagramSocketImpl_init;
+                Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable;
                 Java_java_net_PlainSocketImpl_socketListen;
                 Java_java_net_PlainDatagramSocketImpl_getTTL;
                 Java_java_net_PlainDatagramSocketImpl_init;
--- a/src/share/classes/com/sun/accessibility/internal/resources/accessibility_zh_TW.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/accessibility/internal/resources/accessibility_zh_TW.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -44,7 +44,7 @@
 popupmenu=\u5373\u73FE\u5F0F\u529F\u80FD\u8868
 progressbar=\u9032\u5EA6\u5217
 pushbutton=\u4E0B\u58D3\u6309\u9215
-radiobutton=\u55AE\u9078\u9215
+radiobutton=\u5713\u9215
 rootpane=root \u7A97\u683C
 rowheader=\u5217\u6A19\u984C
 scrollbar=\u6372\u8EF8
--- a/src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_sv.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_sv.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -22,7 +22,7 @@
 FileChooser.saveInLabel.textAndMnemonic=Spara i:
 FileChooser.fileNameLabel.textAndMnemonic=Fil&namn:
 FileChooser.folderNameLabel.textAndMnemonic=Mapp&namn:
-FileChooser.filesOfTypeLabel.textAndMnemonic=Filer av &typ:
+FileChooser.filesOfTypeLabel.textAndMnemonic=Filer av &typen:
 FileChooser.upFolderToolTip.textAndMnemonic=Upp en niv\u00E5
 FileChooser.upFolderAccessibleName=Upp
 FileChooser.homeFolderToolTip.textAndMnemonic=Hem
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java	Thu Aug 28 15:14:04 2014 -0700
@@ -25,6 +25,8 @@
 import java.io.InputStream;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -35,6 +37,7 @@
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
+import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver;
 import com.sun.org.apache.xml.internal.security.transforms.Transform;
 import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
@@ -118,43 +121,50 @@
             log.log(java.util.logging.Level.FINE, "Registering default algorithms");
         }
         try {
-            //
-            // Bind the default prefixes
-            //
-            ElementProxy.registerDefaultPrefixes();
+            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>(){
+                @Override public Void run() throws XMLSecurityException {
+                    //
+                    // Bind the default prefixes
+                    //
+                    ElementProxy.registerDefaultPrefixes();
 
-            //
-            // Set the default Transforms
-            //
-            Transform.registerDefaultAlgorithms();
+                    //
+                    // Set the default Transforms
+                    //
+                    Transform.registerDefaultAlgorithms();
 
-            //
-            // Set the default signature algorithms
-            //
-            SignatureAlgorithm.registerDefaultAlgorithms();
+                    //
+                    // Set the default signature algorithms
+                    //
+                    SignatureAlgorithm.registerDefaultAlgorithms();
 
-            //
-            // Set the default JCE algorithms
-            //
-            JCEMapper.registerDefaultAlgorithms();
+                    //
+                    // Set the default JCE algorithms
+                    //
+                    JCEMapper.registerDefaultAlgorithms();
 
-            //
-            // Set the default c14n algorithms
-            //
-            Canonicalizer.registerDefaultAlgorithms();
+                    //
+                    // Set the default c14n algorithms
+                    //
+                    Canonicalizer.registerDefaultAlgorithms();
 
-            //
-            // Register the default resolvers
-            //
-            ResourceResolver.registerDefaultResolvers();
+                    //
+                    // Register the default resolvers
+                    //
+                    ResourceResolver.registerDefaultResolvers();
 
-            //
-            // Register the default key resolvers
-            //
-            KeyResolver.registerDefaultResolvers();
-        } catch (Exception ex) {
-            log.log(java.util.logging.Level.SEVERE, ex.getMessage(), ex);
-            ex.printStackTrace();
+                    //
+                    // Register the default key resolvers
+                    //
+                    KeyResolver.registerDefaultResolvers();
+
+                    return null;
+                }
+           });
+        } catch (PrivilegedActionException ex) {
+            XMLSecurityException xse = (XMLSecurityException)ex.getException();
+            log.log(java.util.logging.Level.SEVERE, xse.getMessage(), xse);
+            xse.printStackTrace();
         }
     }
 
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java	Thu Aug 28 15:14:04 2014 -0700
@@ -27,6 +27,7 @@
 
 import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Element;
 
 
@@ -49,8 +50,11 @@
      *
      * @param id
      * @param algorithm
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the JCE algorithm
      */
     public static void register(String id, Algorithm algorithm) {
+        JavaUtils.checkRegisterPermission();
         algorithmsMap.put(id, algorithm);
     }
 
@@ -264,8 +268,11 @@
     /**
      * Sets the default Provider for obtaining the security algorithms
      * @param provider the default providerId.
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the JCE provider
      */
     public static void setProviderId(String provider) {
+        JavaUtils.checkRegisterPermission();
         providerName = provider;
     }
 
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java	Thu Aug 28 15:14:04 2014 -0700
@@ -37,6 +37,7 @@
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -314,18 +315,21 @@
     }
 
     /**
-     * Registers implementing class of the Transform algorithm with algorithmURI
+     * Registers implementing class of the SignatureAlgorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
+     * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
      * @param implementingClass <code>implementingClass</code> the implementing class of
      * {@link SignatureAlgorithmSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
      * @throws XMLSignatureException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the signature algorithm
      */
     @SuppressWarnings("unchecked")
     public static void register(String algorithmURI, String implementingClass)
        throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
            XMLSignatureException {
+        JavaUtils.checkRegisterPermission();
         if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
         }
@@ -352,15 +356,18 @@
     /**
      * Registers implementing class of the Transform algorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
+     * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
      * @param implementingClass <code>implementingClass</code> the implementing class of
      * {@link SignatureAlgorithmSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
      * @throws XMLSignatureException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the signature algorithm
      */
     public static void register(String algorithmURI, Class<? extends SignatureAlgorithmSpi> implementingClass)
        throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
            XMLSignatureException {
+        JavaUtils.checkRegisterPermission();
         if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
         }
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java	Thu Aug 28 15:14:04 2014 -0700
@@ -40,6 +40,7 @@
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315OmitComments;
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315WithComments;
 import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
@@ -136,10 +137,13 @@
      * @param algorithmURI
      * @param implementingClass
      * @throws AlgorithmAlreadyRegisteredException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the canonicalizer
      */
     @SuppressWarnings("unchecked")
     public static void register(String algorithmURI, String implementingClass)
         throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
+        JavaUtils.checkRegisterPermission();
         // check whether URI is already registered
         Class<? extends CanonicalizerSpi> registeredClass =
             canonicalizerHash.get(algorithmURI);
@@ -160,9 +164,12 @@
      * @param algorithmURI
      * @param implementingClass
      * @throws AlgorithmAlreadyRegisteredException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the canonicalizer
      */
-    public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass)
+    public static void register(String algorithmURI, Class<? extends CanonicalizerSpi> implementingClass)
         throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
+        JavaUtils.checkRegisterPermission();
         // check whether URI is already registered
         Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
 
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java	Thu Aug 28 15:14:04 2014 -0700
@@ -39,6 +39,7 @@
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SKIResolver;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SubjectNameResolver;
 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
@@ -172,9 +173,12 @@
      * @throws InstantiationException
      * @throws IllegalAccessException
      * @throws ClassNotFoundException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the key resolver
      */
     public static void register(String className, boolean globalResolver)
         throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+        JavaUtils.checkRegisterPermission();
         KeyResolverSpi keyResolverSpi =
             (KeyResolverSpi) Class.forName(className).newInstance();
         keyResolverSpi.setGlobalResolver(globalResolver);
@@ -192,8 +196,11 @@
      *
      * @param className
      * @param globalResolver Whether the KeyResolverSpi is a global resolver or not
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the key resolver
      */
     public static void registerAtStart(String className, boolean globalResolver) {
+        JavaUtils.checkRegisterPermission();
         KeyResolverSpi keyResolverSpi = null;
         Exception ex = null;
         try {
@@ -225,11 +232,14 @@
      *
      * @param keyResolverSpi a KeyResolverSpi instance to register
      * @param start whether to register the KeyResolverSpi at the start of the list or not
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the key resolver
      */
     public static void register(
         KeyResolverSpi keyResolverSpi,
         boolean start
     ) {
+        JavaUtils.checkRegisterPermission();
         KeyResolver resolver = new KeyResolver(keyResolverSpi);
         if (start) {
             resolverVector.add(0, resolver);
@@ -251,9 +261,12 @@
      * @throws InstantiationException
      * @throws IllegalAccessException
      * @throws ClassNotFoundException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the key resolver
      */
     public static void registerClassNames(List<String> classNames)
         throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+        JavaUtils.checkRegisterPermission();
         List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>(classNames.size());
         for (String className : classNames) {
             KeyResolverSpi keyResolverSpi =
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java	Thu Aug 28 15:14:04 2014 -0700
@@ -46,6 +46,7 @@
 import com.sun.org.apache.xml.internal.security.transforms.implementations.TransformXSLT;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.HelperNodeList;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
@@ -181,11 +182,14 @@
      * class of {@link TransformSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
      * is already registered
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the transform
      */
     @SuppressWarnings("unchecked")
     public static void register(String algorithmURI, String implementingClass)
         throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
             InvalidTransformException {
+        JavaUtils.checkRegisterPermission();
         // are we already registered?
         Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
         if (transformSpi != null) {
@@ -206,9 +210,12 @@
      * class of {@link TransformSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
      * is already registered
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the transform
      */
     public static void register(String algorithmURI, Class<? extends TransformSpi> implementingClass)
         throws AlgorithmAlreadyRegisteredException {
+        JavaUtils.checkRegisterPermission();
         // are we already registered?
         Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
         if (transformSpi != null) {
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java	Thu Aug 28 15:14:04 2014 -0700
@@ -468,9 +468,12 @@
      * @param namespace
      * @param prefix
      * @throws XMLSecurityException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the default prefix
      */
     public static void setDefaultPrefix(String namespace, String prefix)
         throws XMLSecurityException {
+        JavaUtils.checkRegisterPermission();
         if (prefixMappings.containsValue(prefix)) {
             String storedPrefix = prefixMappings.get(namespace);
             if (!storedPrefix.equals(prefix)) {
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java	Thu Aug 28 15:14:04 2014 -0700
@@ -26,6 +26,7 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.SecurityPermission;
 
 /**
  * A collection of different, general-purpose methods for JAVA-specific things
@@ -37,6 +38,10 @@
     static java.util.logging.Logger log =
         java.util.logging.Logger.getLogger(JavaUtils.class.getName());
 
+    private static final SecurityPermission REGISTER_PERMISSION =
+        new SecurityPermission(
+            "com.sun.org.apache.xml.internal.security.register");
+
     private JavaUtils() {
         // we don't allow instantiation
     }
@@ -128,4 +133,21 @@
         refBytes = baos.toByteArray();
         return refBytes;
     }
+
+    /**
+     * Throws a {@code SecurityException} if a security manager is installed
+     * and the caller is not allowed to register an implementation of an
+     * algorithm, transform, or other security sensitive XML Signature function.
+     *
+     * @throws SecurityException if a security manager is installed and the
+     *    caller has not been granted the
+     *    {@literal "com.sun.org.apache.xml.internal.security.register"}
+     *    {@code SecurityPermission}
+     */
+    public static void checkRegisterPermission() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(REGISTER_PERMISSION);
+        }
+    }
 }
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java	Thu Aug 28 15:14:04 2014 -0700
@@ -79,16 +79,22 @@
     /**
      * Set the prefix for the digital signature namespace
      * @param prefix the new prefix for the digital signature namespace
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the prefix
      */
     public static void setDsPrefix(String prefix) {
+        JavaUtils.checkRegisterPermission();
         dsPrefix = prefix;
     }
 
     /**
      * Set the prefix for the encryption namespace
      * @param prefix the new prefix for the encryption namespace
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the prefix
      */
     public static void setXencPrefix(String prefix) {
+        JavaUtils.checkRegisterPermission();
         xencPrefix = prefix;
     }
 
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java	Thu Aug 28 15:14:04 2014 -0700
@@ -27,6 +27,7 @@
 import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP;
 import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment;
 import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverLocalFilesystem;
@@ -192,9 +193,12 @@
      * the class cannot be registered.
      *
      * @param className the name of the ResourceResolverSpi class to be registered
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register a resource resolver
      */
     @SuppressWarnings("unchecked")
     public static void register(String className) {
+        JavaUtils.checkRegisterPermission();
         try {
             Class<ResourceResolverSpi> resourceResolverClass =
                 (Class<ResourceResolverSpi>) Class.forName(className);
@@ -209,9 +213,12 @@
      * list. This method logs a warning if the class cannot be registered.
      *
      * @param className the name of the ResourceResolverSpi class to be registered
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register a resource resolver
      */
     @SuppressWarnings("unchecked")
     public static void registerAtStart(String className) {
+        JavaUtils.checkRegisterPermission();
         try {
             Class<ResourceResolverSpi> resourceResolverClass =
                 (Class<ResourceResolverSpi>) Class.forName(className);
@@ -226,8 +233,11 @@
      * cannot be registered.
      * @param className
      * @param start
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register a resource resolver
      */
     public static void register(Class<? extends ResourceResolverSpi> className, boolean start) {
+        JavaUtils.checkRegisterPermission();
         try {
             ResourceResolverSpi resourceResolverSpi = className.newInstance();
             register(resourceResolverSpi, start);
@@ -243,8 +253,11 @@
      * cannot be registered.
      * @param resourceResolverSpi
      * @param start
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register a resource resolver
      */
     public static void register(ResourceResolverSpi resourceResolverSpi, boolean start) {
+        JavaUtils.checkRegisterPermission();
         synchronized(resolverList) {
             if (start) {
                 resolverList.add(0, new ResourceResolver(resourceResolverSpi));
--- a/src/share/classes/com/sun/rowset/RowSetResourceBundle_pt_BR.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/rowset/RowSetResourceBundle_pt_BR.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -153,7 +153,7 @@
 xmlrch.errmetadata = Erro ao definir metadados : {0}
 xmlrch.errinsertval = Erro ao inserir valores : {0}
 xmlrch.errconstr = Erro ao construir a linha : {0}
-xmlrch.errdel = Erro ao deletar a linha : {0}
+xmlrch.errdel = Erro ao excluir a linha : {0}
 xmlrch.errinsert = Erro ao construir a linha de inser\u00E7\u00E3o : {0}
 xmlrch.errinsdel = Erro ao construir a linha insdel : {0}
 xmlrch.errupdate = Erro ao construir a linha de atualiza\u00E7\u00E3o : {0}
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_sv.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_sv.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -22,7 +22,7 @@
 FileChooser.saveInLabel.textAndMnemonic=Spara i:
 FileChooser.fileNameLabel.textAndMnemonic=&Fil:
 FileChooser.folderNameLabel.textAndMnemonic=&Mapp:
-FileChooser.filesOfTypeLabel.textAndMnemonic=Mapp&namn:
+FileChooser.filesOfTypeLabel.textAndMnemonic=Filer av &typen:
 FileChooser.upFolderToolTip.textAndMnemonic=Upp en niv\u00E5
 FileChooser.upFolderAccessibleName=Upp
 FileChooser.homeFolderToolTip.textAndMnemonic=Hem
--- a/src/share/classes/com/sun/swing/internal/plaf/synth/resources/synth_sv.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/swing/internal/plaf/synth/resources/synth_sv.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -22,7 +22,7 @@
 FileChooser.saveInLabel.textAndMnemonic=Spara i:
 FileChooser.fileNameLabel.textAndMnemonic=Fil&namn:
 FileChooser.folderNameLabel.textAndMnemonic=Mapp&namn:
-FileChooser.filesOfTypeLabel.textAndMnemonic=Filer av &typ:
+FileChooser.filesOfTypeLabel.textAndMnemonic=Filer av &typen:
 FileChooser.upFolderToolTip.textAndMnemonic=Upp en niv\u00E5
 FileChooser.upFolderAccessibleName=Upp
 FileChooser.homeFolderToolTip.textAndMnemonic=Hem
--- a/src/share/classes/com/sun/tools/example/debug/tty/TTYResources_ja.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/tools/example/debug/tty/TTYResources_ja.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -82,7 +82,7 @@
         {"Can only trace", "'methods'\u3001'method exit'\u307E\u305F\u306F'method exits'\u306E\u307F\u30C8\u30EC\u30FC\u30B9\u3067\u304D\u307E\u3059"},
         {"cannot redefine existing connection", "{0}\u306F\u65E2\u5B58\u306E\u63A5\u7D9A\u3092\u518D\u5B9A\u7FA9\u3067\u304D\u307E\u305B\u3093"},
         {"Cannot assign to a method invocation", "\u30E1\u30BD\u30C3\u30C9\u547C\u51FA\u3057\u306B\u5272\u5F53\u3066\u3067\u304D\u307E\u305B\u3093"},
-        {"Cannot specify command line with connector:", "\u30B3\u30CD\u30AF\u30BF\u3067\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u30F3\u3092\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093: {0}"},
+        {"Cannot specify command line with connector:", "\u30B3\u30CD\u30AF\u30BF\u3067\u30B3\u30DE\u30F3\u30C9\u884C\u3092\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093: {0}"},
         {"Cannot specify target vm arguments with connector:", "\u30B3\u30CD\u30AF\u30BF\u3067\u30BF\u30FC\u30B2\u30C3\u30C8VM\u5F15\u6570\u3092\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093: {0}"},
         {"Class containing field must be specified.", "\u30D5\u30A3\u30FC\u30EB\u30C9\u3092\u542B\u3080\u30AF\u30E9\u30B9\u3092\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"},
         {"Class:", "\u30AF\u30E9\u30B9: {0}"},
--- a/src/share/classes/com/sun/tools/jdi/resources/jdi_ja.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/com/sun/tools/jdi/resources/jdi_ja.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -5,9 +5,9 @@
 raw.command.label = \u30B3\u30DE\u30F3\u30C9
 raw.address = raw\u30B3\u30DE\u30F3\u30C9\u5B9F\u884C\u5F8C\u306B\u63A5\u7D9A\u3092\u30EA\u30B9\u30CB\u30F3\u30B0\u3059\u308B\u30A2\u30C9\u30EC\u30B9
 raw.address.label = \u30A2\u30C9\u30EC\u30B9
-raw.quote = \u5358\u4E00\u306E\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u30F3\u5F15\u6570\u5185\u306B\u30B9\u30DA\u30FC\u30B9\u3067\u533A\u5207\u3089\u308C\u305F\u30C6\u30AD\u30B9\u30C8\u3092\u7D50\u3073\u4ED8\u3051\u308B\u305F\u3081\u306B\u4F7F\u7528\u3055\u308C\u308B\u6587\u5B57
+raw.quote = \u5358\u4E00\u306E\u30B3\u30DE\u30F3\u30C9\u884C\u5F15\u6570\u5185\u306B\u30B9\u30DA\u30FC\u30B9\u3067\u533A\u5207\u3089\u308C\u305F\u30C6\u30AD\u30B9\u30C8\u3092\u7D50\u3073\u4ED8\u3051\u308B\u305F\u3081\u306B\u4F7F\u7528\u3055\u308C\u308B\u6587\u5B57
 raw.quote.label = \u5F15\u7528\u7B26
-raw.description = \u30E6\u30FC\u30B6\u30FC\u304C\u6307\u5B9A\u3057\u305F\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u30F3\u3092\u4F7F\u7528\u3057\u3066\u30BF\u30FC\u30B2\u30C3\u30C8\u3092\u8D77\u52D5\u3057\u3001\u63A5\u7D9A\u3057\u307E\u3059
+raw.description = \u30E6\u30FC\u30B6\u30FC\u304C\u6307\u5B9A\u3057\u305F\u30B3\u30DE\u30F3\u30C9\u884C\u3092\u4F7F\u7528\u3057\u3066\u30BF\u30FC\u30B2\u30C3\u30C8\u3092\u8D77\u52D5\u3057\u3001\u63A5\u7D9A\u3057\u307E\u3059
 sun.home = SDK\u306E\u30DB\u30FC\u30E0\u30FB\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u307E\u305F\u306F\u3001\u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u306E\u8D77\u52D5\u306B\u4F7F\u7528\u3055\u308C\u308B\u5B9F\u884C\u74B0\u5883
 sun.home.label = \u30DB\u30FC\u30E0 
 sun.options = \u8D77\u52D5\u3059\u308BVM\u306E\u30AA\u30D7\u30B7\u30E7\u30F3
@@ -16,11 +16,11 @@
 sun.main.label = \u30E1\u30A4\u30F3
 sun.init_suspend = \u30E1\u30A4\u30F3\u306E\u5B9F\u884C\u524D\u306B\u3059\u3079\u3066\u306E\u30B9\u30EC\u30C3\u30C9\u304C\u4E2D\u65AD\u3055\u308C\u307E\u3059\u3002
 sun.init_suspend.label = \u4E2D\u65AD
-sun.quote = \u5358\u4E00\u306E\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u30F3\u5F15\u6570\u5185\u306B\u30B9\u30DA\u30FC\u30B9\u3067\u533A\u5207\u3089\u308C\u305F\u30C6\u30AD\u30B9\u30C8\u3092\u7D50\u3073\u4ED8\u3051\u308B\u305F\u3081\u306B\u4F7F\u7528\u3055\u308C\u308B\u6587\u5B57
+sun.quote = \u5358\u4E00\u306E\u30B3\u30DE\u30F3\u30C9\u884C\u5F15\u6570\u5185\u306B\u30B9\u30DA\u30FC\u30B9\u3067\u533A\u5207\u3089\u308C\u305F\u30C6\u30AD\u30B9\u30C8\u3092\u7D50\u3073\u4ED8\u3051\u308B\u305F\u3081\u306B\u4F7F\u7528\u3055\u308C\u308B\u6587\u5B57
 sun.quote.label = \u5F15\u7528\u7B26
 sun.vm_exec = Java VM\u8D77\u52D5\u30C4\u30FC\u30EB\u540D
 sun.vm_exec.label = \u8D77\u52D5\u30C4\u30FC\u30EB
-sun.description = Sun\u306EJava VM\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u30F3\u3092\u4F7F\u7528\u3057\u3066\u30BF\u30FC\u30B2\u30C3\u30C8\u3092\u8D77\u52D5\u3057\u3001\u63A5\u7D9A\u3057\u307E\u3059
+sun.description = Sun\u306EJava VM\u30B3\u30DE\u30F3\u30C9\u884C\u3092\u4F7F\u7528\u3057\u3066\u30BF\u30FC\u30B2\u30C3\u30C8\u3092\u8D77\u52D5\u3057\u3001\u63A5\u7D9A\u3057\u307E\u3059
 generic_attaching.address = VM\u306B\u63A5\u7D9A\u3059\u308B\u30A2\u30C9\u30EC\u30B9
 generic_attaching.address.label = \u30A2\u30C9\u30EC\u30B9
 generic_attaching.timeout = \u63A5\u7D9A\u3092\u5F85\u3064\u9593\u306E\u30BF\u30A4\u30E0\u30A2\u30A6\u30C8 
--- a/src/share/classes/java/lang/Class.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/lang/Class.java	Thu Aug 28 15:14:04 2014 -0700
@@ -187,8 +187,8 @@
     @CallerSensitive
     public static Class<?> forName(String className)
                 throws ClassNotFoundException {
-        return forName0(className, true,
-                        ClassLoader.getClassLoader(Reflection.getCallerClass()));
+        Class<?> caller = Reflection.getCallerClass();
+        return forName0(className, true, ClassLoader.getClassLoader(caller), caller);
     }
 
 
@@ -257,22 +257,27 @@
                                    ClassLoader loader)
         throws ClassNotFoundException
     {
-        if (loader == null) {
-            SecurityManager sm = System.getSecurityManager();
-            if (sm != null) {
-                ClassLoader ccl = ClassLoader.getClassLoader(Reflection.getCallerClass());
+        Class<?> caller = null;
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            // Reflective call to get caller class is only needed if a security manager
+            // is present.  Avoid the overhead of making this call otherwise.
+            caller = Reflection.getCallerClass();
+            if (loader == null) {
+                ClassLoader ccl = ClassLoader.getClassLoader(caller);
                 if (ccl != null) {
                     sm.checkPermission(
                         SecurityConstants.GET_CLASSLOADER_PERMISSION);
                 }
             }
         }
-        return forName0(name, initialize, loader);
+        return forName0(name, initialize, loader, caller);
     }
 
-    /** Called after security checks have been made. */
+    /** Called after security check for system loader access checks have been made. */
     private static native Class<?> forName0(String name, boolean initialize,
-                                            ClassLoader loader)
+                                            ClassLoader loader,
+                                            Class<?> caller)
         throws ClassNotFoundException;
 
     /**
--- a/src/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Thu Aug 28 15:14:04 2014 -0700
@@ -661,6 +661,12 @@
             refKind = REF_invokeVirtual;
         }
 
+        if (member.getDeclaringClass().isInterface() && refKind == REF_invokeVirtual) {
+            // Methods from Object declared in an interface can be resolved by JVM to invokevirtual kind.
+            // Need to convert it back to invokeinterface to pass verification and make the invocation works as expected.
+            refKind = REF_invokeInterface;
+        }
+
         // push arguments
         for (int i = 0; i < name.arguments.length; i++) {
             emitPushArgument(name, i);
--- a/src/share/classes/java/lang/invoke/MethodHandle.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/lang/invoke/MethodHandle.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1260,8 +1260,6 @@
     /*non-public*/
     MethodHandle viewAsType(MethodType newType) {
         // No actual conversions, just a new view of the same method.
-        if (!type.isViewableAs(newType))
-            throw new InternalError();
         return MethodHandleImpl.makePairwiseConvert(this, newType, 0);
     }
 
--- a/src/share/classes/java/lang/invoke/MethodHandles.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/lang/invoke/MethodHandles.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1268,9 +1268,30 @@
             int allowedModes = this.allowedModes;
             if (allowedModes == TRUSTED)  return;
             int mods = m.getModifiers();
-            if (Modifier.isProtected(mods) && refKind == REF_newInvokeSpecial) {
-                // cannot "new" a protected ctor in a different package
-                mods ^= Modifier.PROTECTED;
+            if (Modifier.isProtected(mods)) {
+                if (refKind == REF_invokeVirtual &&
+                        m.getDeclaringClass() == Object.class &&
+                        m.getName().equals("clone") &&
+                        refc.isArray()) {
+                    // The JVM does this hack also.
+                    // (See ClassVerifier::verify_invoke_instructions
+                    // and LinkResolver::check_method_accessability.)
+                    // Because the JVM does not allow separate methods on array types,
+                    // there is no separate method for int[].clone.
+                    // All arrays simply inherit Object.clone.
+                    // But for access checking logic, we make Object.clone
+                    // (normally protected) appear to be public.
+                    // Later on, when the DirectMethodHandle is created,
+                    // its leading argument will be restricted to the
+                    // requested array type.
+                    // N.B. The return type is not adjusted, because
+                    // that is *not* the bytecode behavior.
+                    mods ^= Modifier.PROTECTED | Modifier.PUBLIC;
+                }
+                if (refKind == REF_newInvokeSpecial) {
+                    // cannot "new" a protected ctor in a different package
+                    mods ^= Modifier.PROTECTED;
+                }
             }
             if (Modifier.isFinal(mods) &&
                     MethodHandleNatives.refKindIsSetter(refKind))
--- a/src/share/classes/java/lang/invoke/MethodType.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/lang/invoke/MethodType.java	Thu Aug 28 15:14:04 2014 -0700
@@ -628,7 +628,7 @@
      * @return the parameter types (as an immutable list)
      */
     public List<Class<?>> parameterList() {
-        return Collections.unmodifiableList(Arrays.asList(ptypes));
+        return Collections.unmodifiableList(Arrays.asList(ptypes.clone()));
     }
 
     /*non-public*/ Class<?> lastParameterType() {
--- a/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java	Thu Aug 28 15:14:04 2014 -0700
@@ -70,6 +70,7 @@
     static {
         java.security.AccessController.doPrivileged(
                   new sun.security.action.LoadLibraryAction("net"));
+        init();
     }
 
     /**
@@ -362,4 +363,7 @@
     protected boolean nativeConnectDisabled() {
         return connectDisabled;
     }
+
+    native int dataAvailable();
+    private static native void init();
 }
--- a/src/share/classes/java/net/DatagramSocket.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/net/DatagramSocket.java	Thu Aug 28 15:14:04 2014 -0700
@@ -85,6 +85,17 @@
      */
     boolean oldImpl = false;
 
+    /**
+     * Set when a socket is ST_CONNECTED until we are certain
+     * that any packets which might have been received prior
+     * to calling connect() but not read by the application
+     * have been read. During this time we check the source
+     * address of all packets received to be sure they are from
+     * the connected destination. Other packets are read but
+     * silently dropped.
+     */
+    private boolean explicitFilter = false;
+    private int bytesLeftToFilter;
     /*
      * Connection state:
      * ST_NOT_CONNECTED = socket not connected
@@ -144,6 +155,15 @@
 
                 // socket is now connected by the impl
                 connectState = ST_CONNECTED;
+                // Do we need to filter some packets?
+                int avail = getImpl().dataAvailable();
+                if (avail == -1) {
+                    throw new SocketException();
+                }
+                explicitFilter = avail > 0;
+                if (explicitFilter) {
+                    bytesLeftToFilter = getReceiveBufferSize();
+                }
             } catch (SocketException se) {
 
                 // connection will be emulated by DatagramSocket
@@ -494,6 +514,7 @@
             connectedAddress = null;
             connectedPort = -1;
             connectState = ST_NOT_CONNECTED;
+            explicitFilter = false;
         }
     }
 
@@ -752,10 +773,13 @@
                     } // end of while
                 }
             }
-            if (connectState == ST_CONNECTED_NO_IMPL) {
+            DatagramPacket tmp = null;
+            if ((connectState == ST_CONNECTED_NO_IMPL) || explicitFilter) {
                 // We have to do the filtering the old fashioned way since
                 // the native impl doesn't support connect or the connect
-                // via the impl failed.
+                // via the impl failed, or .. "explicitFilter" may be set when
+                // a socket is connected via the impl, for a period of time
+                // when packets from other sources might be queued on socket.
                 boolean stop = false;
                 while (!stop) {
                     InetAddress peekAddress = null;
@@ -774,8 +798,14 @@
                     if ((!connectedAddress.equals(peekAddress)) ||
                         (connectedPort != peekPort)) {
                         // throw the packet away and silently continue
-                        DatagramPacket tmp = new DatagramPacket(new byte[1], 1);
+                        tmp = new DatagramPacket(
+                                                new byte[1024], 1024);
                         getImpl().receive(tmp);
+                        if (explicitFilter) {
+                            if (checkFiltering(tmp)) {
+                                stop = true;
+                            }
+                        }
                     } else {
                         stop = true;
                     }
@@ -784,9 +814,23 @@
             // If the security check succeeds, or the datagram is
             // connected then receive the packet
             getImpl().receive(p);
+            if (explicitFilter && tmp == null) {
+                // packet was not filtered, account for it here
+                checkFiltering(p);
+            }
         }
     }
 
+    // Update the filter information and return true if finished
+    private boolean checkFiltering(DatagramPacket p) throws SocketException {
+        bytesLeftToFilter -= p.getLength();
+        if (bytesLeftToFilter <= 0 || getImpl().dataAvailable() <= 0) {
+            explicitFilter = false;
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Gets the local address to which the socket is bound.
      *
--- a/src/share/classes/java/net/DatagramSocketImpl.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/net/DatagramSocketImpl.java	Thu Aug 28 15:14:04 2014 -0700
@@ -47,6 +47,12 @@
      */
     protected FileDescriptor fd;
 
+    int dataAvailable() {
+        // default impl returns zero, which disables the calling
+        // functionality
+        return 0;
+    }
+
     /**
      * Creates a datagram socket.
      * @exception SocketException if there is an error in the
--- a/src/share/classes/java/security/DigestOutputStream.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/security/DigestOutputStream.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -112,10 +112,10 @@
      * @see MessageDigest#update(byte)
      */
     public void write(int b) throws IOException {
+        out.write(b);
         if (on) {
             digest.update((byte)b);
         }
-        out.write(b);
     }
 
     /**
@@ -142,10 +142,10 @@
      * @see MessageDigest#update(byte[], int, int)
      */
     public void write(byte[] b, int off, int len) throws IOException {
+        out.write(b, off, len);
         if (on) {
             digest.update(b, off, len);
         }
-        out.write(b, off, len);
     }
 
     /**
--- a/src/share/classes/java/security/Signature.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/security/Signature.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -589,6 +589,9 @@
         if (outbuf == null) {
             throw new IllegalArgumentException("No output buffer given");
         }
+        if (offset < 0 || len < 0) {
+            throw new IllegalArgumentException("offset or len is less than 0");
+        }
         if (outbuf.length - offset < len) {
             throw new IllegalArgumentException
                 ("Output buffer too small for specified offset and length");
@@ -657,9 +660,16 @@
     public final boolean verify(byte[] signature, int offset, int length)
         throws SignatureException {
         if (state == VERIFY) {
-            if ((signature == null) || (offset < 0) || (length < 0) ||
-                (length > signature.length - offset)) {
-                throw new IllegalArgumentException("Bad arguments");
+            if (signature == null) {
+                throw new IllegalArgumentException("signature is null");
+            }
+            if (offset < 0 || length < 0) {
+                throw new IllegalArgumentException
+                    ("offset or length is less than 0");
+            }
+            if (signature.length - offset < length) {
+                throw new IllegalArgumentException
+                    ("signature too small for specified offset and length");
             }
 
             return engineVerify(signature, offset, length);
@@ -712,6 +722,16 @@
     public final void update(byte[] data, int off, int len)
             throws SignatureException {
         if (state == SIGN || state == VERIFY) {
+            if (data == null) {
+                throw new IllegalArgumentException("data is null");
+            }
+            if (off < 0 || len < 0) {
+                throw new IllegalArgumentException("off or len is less than 0");
+            }
+            if (data.length - off < len) {
+                throw new IllegalArgumentException
+                    ("data too small for specified offset and length");
+            }
             engineUpdate(data, off, len);
         } else {
             throw new SignatureException("object not initialized for "
--- a/src/share/classes/java/security/cert/CertificateRevokedException.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/security/cert/CertificateRevokedException.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -95,7 +95,10 @@
         this.revocationDate = new Date(revocationDate.getTime());
         this.reason = reason;
         this.authority = authority;
-        this.extensions = new HashMap(extensions);
+        // make sure Map only contains correct types
+        this.extensions = Collections.checkedMap(new HashMap<String, Extension>(),
+                                                 String.class, Extension.class);
+        this.extensions.putAll(extensions);
     }
 
     /**
@@ -174,7 +177,8 @@
     public String getMessage() {
         return "Certificate has been revoked, reason: "
                + reason + ", revocation date: " + revocationDate
-               + ", authority: " + authority + ", extensions: " + extensions;
+               + ", authority: " + authority + ", extension OIDs: "
+               + extensions.keySet();
     }
 
     /**
--- a/src/share/classes/java/util/ResourceBundle.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/util/ResourceBundle.java	Thu Aug 28 15:14:04 2014 -0700
@@ -2577,7 +2577,10 @@
                 } catch (ClassNotFoundException e) {
                 }
             } else if (format.equals("java.properties")) {
-                final String resourceName = toResourceName(bundleName, "properties");
+                final String resourceName = toResourceName0(bundleName, "properties");
+                if (resourceName == null) {
+                    return bundle;
+                }
                 final ClassLoader classLoader = loader;
                 final boolean reloadFlag = reload;
                 InputStream stream = null;
@@ -2731,7 +2734,10 @@
             }
             boolean result = false;
             try {
-                String resourceName = toResourceName(toBundleName(baseName, locale), format);
+                String resourceName = toResourceName0(toBundleName(baseName, locale), format);
+                if (resourceName == null) {
+                    return result;
+                }
                 URL url = loader.getResource(resourceName);
                 if (url != null) {
                     long lastModified = 0;
@@ -2865,6 +2871,15 @@
             sb.append(bundleName.replace('.', '/')).append('.').append(suffix);
             return sb.toString();
         }
+
+        private String toResourceName0(String bundleName, String suffix) {
+            // application protocol check
+            if (bundleName.contains("://")) {
+                return null;
+            } else {
+                return toResourceName(bundleName, suffix);
+            }
+        }
     }
 
     private static class SingleFormatControl extends Control {
--- a/src/share/classes/java/util/logging/LogRecord.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/util/logging/LogRecord.java	Thu Aug 28 15:14:04 2014 -0700
@@ -510,7 +510,13 @@
         // If necessary, try to regenerate the resource bundle.
         if (resourceBundleName != null) {
             try {
-                resourceBundle = ResourceBundle.getBundle(resourceBundleName);
+                // use system class loader to ensure the ResourceBundle
+                // instance is a different instance than null loader uses
+                final ResourceBundle bundle =
+                        ResourceBundle.getBundle(resourceBundleName,
+                                Locale.getDefault(),
+                                ClassLoader.getSystemClassLoader());
+                resourceBundle = bundle;
             } catch (MissingResourceException ex) {
                 // This is not a good place to throw an exception,
                 // so we simply leave the resourceBundle null.
--- a/src/share/classes/java/util/logging/Logger.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/java/util/logging/Logger.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1526,6 +1526,9 @@
         }
 
         setCallersClassLoaderRef(callersClass);
+        if (isSystemLogger && getCallersClassLoader() != null) {
+            checkPermission();
+        }
         if (findResourceBundle(name, true) == null) {
             // We've failed to find an expected ResourceBundle.
             // unset the caller's ClassLoader since we were unable to find the
@@ -1689,7 +1692,9 @@
         Logger target = this;
         while (target != null) {
             final String rbn = isSystemLogger
-                ? target.resourceBundleName
+                // ancestor of a system logger is expected to be a system logger.
+                // ignore resource bundle name if it's not.
+                ? (target.isSystemLogger ? target.resourceBundleName : null)
                 : target.getResourceBundleName();
             if (rbn != null) {
                 return rbn;
--- a/src/share/classes/javax/crypto/CipherInputStream.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/javax/crypto/CipherInputStream.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -86,6 +86,10 @@
     private int ostart = 0;
     // the offset pointing to the last "new" byte
     private int ofinish = 0;
+    // stream status
+    private boolean closed = false;
+    // The stream has been read from.  False if the stream has never been read.
+    private boolean read = false;
 
     /**
      * private convenience function.
@@ -101,13 +105,15 @@
     private int getMoreData() throws IOException {
         if (done) return -1;
         int readin = input.read(ibuffer);
+        read = true;
         if (readin == -1) {
             done = true;
             try {
                 obuffer = cipher.doFinal();
+            } catch (IllegalBlockSizeException | BadPaddingException e) {
+                obuffer = null;
+                throw new IOException(e);
             }
-            catch (IllegalBlockSizeException e) {obuffer = null;}
-            catch (BadPaddingException e) {obuffer = null;}
             if (obuffer == null)
                 return -1;
             else {
@@ -118,7 +124,10 @@
         }
         try {
             obuffer = cipher.update(ibuffer, 0, readin);
-        } catch (IllegalStateException e) {obuffer = null;};
+        } catch (IllegalStateException e) {
+            obuffer = null;
+            throw e;
+        }
         ostart = 0;
         if (obuffer == null)
             ofinish = 0;
@@ -293,14 +302,24 @@
      * @since JCE1.2
      */
     public void close() throws IOException {
+        if (closed) {
+            return;
+        }
+
+        closed = true;
         input.close();
         try {
             // throw away the unprocessed data
-            cipher.doFinal();
+            if (!done) {
+                cipher.doFinal();
+            }
         }
-        catch (BadPaddingException ex) {
-        }
-        catch (IllegalBlockSizeException ex) {
+        catch (BadPaddingException | IllegalBlockSizeException ex) {
+            /* If no data has been read from the stream to be en/decrypted,
+               we supress any exceptions, and close quietly. */
+            if (read) {
+                throw new IOException(ex);
+            }
         }
         ostart = 0;
         ofinish = 0;
--- a/src/share/classes/javax/crypto/CipherOutputStream.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/javax/crypto/CipherOutputStream.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -74,6 +74,9 @@
     // the buffer holding data ready to be written out
     private byte[] obuffer;
 
+    // stream status
+    private boolean closed = false;
+
     /**
      *
      * Constructs a CipherOutputStream from an OutputStream and a
@@ -198,11 +201,14 @@
      * @since      JCE1.2
      */
     public void close() throws IOException {
+        if (closed) {
+            return;
+        }
+
+        closed = true;
         try {
             obuffer = cipher.doFinal();
-        } catch (IllegalBlockSizeException e) {
-            obuffer = null;
-        } catch (BadPaddingException e) {
+        } catch (IllegalBlockSizeException | BadPaddingException e) {
             obuffer = null;
         }
         try {
--- a/src/share/classes/sun/awt/resources/awt_pt_BR.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/awt/resources/awt_pt_BR.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -44,7 +44,7 @@
 AWT.subtract=Teclado Num\u00E9rico -
 AWT.decimal=Teclado Num\u00E9rico .
 AWT.divide=Teclado Num\u00E9rico /
-AWT.delete=Deletar
+AWT.delete=Excluir
 AWT.numLock=Num Lock
 AWT.scrollLock=Scroll Lock
 AWT.f1=F1
--- a/src/share/classes/sun/nio/ch/DatagramChannelImpl.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/nio/ch/DatagramChannelImpl.java	Thu Aug 28 15:14:04 2014 -0700
@@ -751,6 +751,26 @@
 
                     // set or refresh local address
                     localAddress = Net.localAddress(fd);
+
+                    // flush any packets already received.
+                    boolean blocking = false;
+                    synchronized (blockingLock()) {
+                        try {
+                            blocking = isBlocking();
+                            // remainder of each packet thrown away
+                            ByteBuffer tmpBuf = ByteBuffer.allocate(1);
+                            if (blocking) {
+                                configureBlocking(false);
+                            }
+                            do {
+                                tmpBuf.clear();
+                            } while (receive(tmpBuf) != null);
+                        } finally {
+                            if (blocking) {
+                                configureBlocking(true);
+                            }
+                        }
+                    }
                 }
             }
         }
--- a/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,6 @@
 import java.lang.reflect.*;
 import java.io.Serializable;
 import java.util.*;
-import java.lang.annotation.*;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 
@@ -45,6 +44,11 @@
     private final Map<String, Object> memberValues;
 
     AnnotationInvocationHandler(Class<? extends Annotation> type, Map<String, Object> memberValues) {
+        Class<?>[] superInterfaces = type.getInterfaces();
+        if (!type.isAnnotation() ||
+            superInterfaces.length != 1 ||
+            superInterfaces[0] != java.lang.annotation.Annotation.class)
+            throw new AnnotationFormatError("Attempt to create proxy for a non-annotation type.");
         this.type = type;
         this.memberValues = memberValues;
     }
@@ -57,13 +61,17 @@
         if (member.equals("equals") && paramTypes.length == 1 &&
             paramTypes[0] == Object.class)
             return equalsImpl(args[0]);
-        assert paramTypes.length == 0;
-        if (member.equals("toString"))
+        if (paramTypes.length != 0)
+            throw new AssertionError("Too many parameters for an annotation method");
+
+        switch(member) {
+        case "toString":
             return toStringImpl();
-        if (member.equals("hashCode"))
+        case "hashCode":
             return hashCodeImpl();
-        if (member.equals("annotationType"))
+        case "annotationType":
             return type;
+        }
 
         // Handle annotation member accessors
         Object result = memberValues.get(member);
@@ -129,7 +137,7 @@
      * Implementation of dynamicProxy.toString()
      */
     private String toStringImpl() {
-        StringBuffer result = new StringBuffer(128);
+        StringBuilder result = new StringBuilder(128);
         result.append('@');
         result.append(type.getName());
         result.append('(');
@@ -277,6 +285,7 @@
                 new PrivilegedAction<Method[]>() {
                     public Method[] run() {
                         final Method[] mm = type.getDeclaredMethods();
+                        validateAnnotationMethods(mm);
                         AccessibleObject.setAccessible(mm, true);
                         return mm;
                     }
@@ -287,6 +296,93 @@
     private transient volatile Method[] memberMethods = null;
 
     /**
+     * Validates that a method is structurally appropriate for an
+     * annotation type. As of Java SE 7, annotation types cannot
+     * contain static methods and the declared methods of an
+     * annotation type must take zero arguments and there are
+     * restrictions on the return type.
+     */
+    private void validateAnnotationMethods(Method[] memberMethods) {
+        /*
+         * Specification citations below are from JLS
+         * 9.6.1. Annotation Type Elements
+         */
+        boolean valid = true;
+        for(Method method : memberMethods) {
+            /*
+             * "By virtue of the AnnotationTypeElementDeclaration
+             * production, a method declaration in an annotation type
+             * declaration cannot have formal parameters, type
+             * parameters, or a throws clause.
+             *
+             * "By virtue of the AnnotationTypeElementModifier
+             * production, a method declaration in an annotation type
+             * declaration cannot be default or static."
+             */
+            if (method.getModifiers() != (Modifier.PUBLIC | Modifier.ABSTRACT) ||
+                method.getParameterTypes().length != 0 ||
+                method.getExceptionTypes().length != 0) {
+                valid = false;
+                break;
+            }
+
+            /*
+             * "It is a compile-time error if the return type of a
+             * method declared in an annotation type is not one of the
+             * following: a primitive type, String, Class, any
+             * parameterized invocation of Class, an enum type
+             * (section 8.9), an annotation type, or an array type
+             * (chapter 10) whose element type is one of the preceding
+             * types."
+             */
+            Class<?> returnType = method.getReturnType();
+            if (returnType.isArray()) {
+                returnType = returnType.getComponentType();
+                if (returnType.isArray()) { // Only single dimensional arrays
+                    valid = false;
+                    break;
+                }
+            }
+
+            if (!((returnType.isPrimitive() && returnType != void.class) ||
+                  returnType == java.lang.String.class ||
+                  returnType == java.lang.Class.class ||
+                  returnType.isEnum() ||
+                  returnType.isAnnotation())) {
+                valid = false;
+                break;
+            }
+
+            /*
+             * "It is a compile-time error if any method declared in an
+             * annotation type has a signature that is
+             * override-equivalent to that of any public or protected
+             * method declared in class Object or in the interface
+             * java.lang.annotation.Annotation."
+             *
+             * The methods in Object or Annotation meeting the other
+             * criteria (no arguments, contrained return type, etc.)
+             * above are:
+             *
+             * String toString()
+             * int hashCode()
+             * Class<? extends Annotation> annotationType()
+             */
+            String methodName = method.getName();
+            if ((methodName.equals("toString") && returnType == java.lang.String.class) ||
+                (methodName.equals("hashCode") && returnType == int.class) ||
+                (methodName.equals("annotationType") && returnType == java.lang.Class.class)) {
+                valid = false;
+                break;
+            }
+        }
+        if (valid)
+            return;
+        else
+            throw new AnnotationFormatError("Malformed method on an annotation type");
+    }
+
+    /**
      * Implementation of dynamicProxy.hashCode()
      */
     private int hashCodeImpl() {
@@ -330,7 +426,6 @@
         throws java.io.IOException, ClassNotFoundException {
         s.defaultReadObject();
 
-
         // Check to make sure that types have not evolved incompatibly
 
         AnnotationType annotationType = null;
@@ -343,7 +438,6 @@
 
         Map<String, Class<?>> memberTypes = annotationType.memberTypes();
 
-
         // If there are annotation members without values, that
         // situation is handled by the invoke method.
         for (Map.Entry<String, Object> memberValue : memberValues.entrySet()) {
--- a/src/share/classes/sun/rmi/rmic/resources/rmic_ja.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/rmi/rmic/resources/rmic_ja.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -1,6 +1,6 @@
 #
 #
-# Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -91,8 +91,8 @@
 rmic.warnings=\u8B66\u544A{0}\u500B
 rmic.1warning=\u8B66\u544A1\u500B
 rmic.done_in=[{0}\u30DF\u30EA\u79D2\u3067\u5B8C\u4E86]
-rmic.no.memory=\u30B3\u30F3\u30D1\u30A4\u30E9\u306B\u30E1\u30E2\u30EA\u30FC\u304C\u4E0D\u8DB3\u3057\u3066\u3044\u307E\u3059\u3002"-J-Xmx<size>"\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u30F3\u30FB\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u3001\u6700\u5927\u30D2\u30FC\u30D7\u30FB\u30B5\u30A4\u30BA\u3092\u5897\u3084\u3057\u3066\u304F\u3060\u3055\u3044\u3002
-rmic.stack.overflow=\u30B3\u30F3\u30D1\u30A4\u30E9\u306B\u30B9\u30BF\u30C3\u30AF\u7A7A\u9593\u304C\u4E0D\u8DB3\u3057\u3066\u3044\u307E\u3059\u3002"-J-Xss<size>"\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u30F3\u30FB\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u3001Java\u30B9\u30BF\u30C3\u30AF\u306B\u5272\u308A\u5F53\u3066\u308B\u30E1\u30E2\u30EA\u30FC\u3092\u5897\u3084\u3057\u3066\u304F\u3060\u3055\u3044\u3002
+rmic.no.memory=\u30B3\u30F3\u30D1\u30A4\u30E9\u306B\u30E1\u30E2\u30EA\u30FC\u304C\u4E0D\u8DB3\u3057\u3066\u3044\u307E\u3059\u3002"-J-Xmx<size>"\u30B3\u30DE\u30F3\u30C9\u884C\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u3001\u6700\u5927\u30D2\u30FC\u30D7\u30FB\u30B5\u30A4\u30BA\u3092\u5897\u3084\u3057\u3066\u304F\u3060\u3055\u3044\u3002
+rmic.stack.overflow=\u30B3\u30F3\u30D1\u30A4\u30E9\u306B\u30B9\u30BF\u30C3\u30AF\u7A7A\u9593\u304C\u4E0D\u8DB3\u3057\u3066\u3044\u307E\u3059\u3002"-J-Xss<size>"\u30B3\u30DE\u30F3\u30C9\u884C\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u3001Java\u30B9\u30BF\u30C3\u30AF\u306B\u5272\u308A\u5F53\u3066\u308B\u30E1\u30E2\u30EA\u30FC\u3092\u5897\u3084\u3057\u3066\u304F\u3060\u3055\u3044\u3002
 rmic.class.not.found=\u30AF\u30E9\u30B9{0}\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3002
 rmic.missing.property=\u30D7\u30ED\u30D1\u30C6\u30A3generator.class.{0}\u304C\u3042\u308A\u307E\u305B\u3093
 rmic.cannot.instantiate=\u30AF\u30E9\u30B9{0}\u306E\u30A4\u30F3\u30B9\u30BF\u30F3\u30B9\u3092\u751F\u6210\u3067\u304D\u307E\u305B\u3093
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,8 @@
 
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateParsingException;
+import javax.security.auth.x500.X500Principal;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -93,6 +95,60 @@
             Debug.getBooleanProperty("jsse.enableSNIExtension", true);
 
     /*
+     * Allow unsafe server certificate change?
+     *
+     * Server certificate change during SSL/TLS renegotiation may be considered
+     * unsafe, as described in the Triple Handshake attacks:
+     *
+     *    https://secure-resumption.com/tlsauth.pdf
+     *
+     * Endpoint identification (See
+     * SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice
+     * guarantee that the server certificate change in the renegotiation is legal.
+     * However, endpoint identification is only enabled for HTTPS and LDAP
+     * over SSL/TLS by default. It is not enough to protect SSL/TLS
+     * connections other than HTTPS and LDAP.
+     *
+     * The renegotiation indication extension (See RFC 5764) is a pretty
+     * strong guarantee that the endpoints on both client and server sides
+     * are identical on the same connection. However, the Triple Handshake
+     * attacks can bypass this guarantee if there is a session-resumption
+     * handshake between the initial full handshake and the renegotiation
+     * full handshake.
+     *
+     * Server certificate change may be unsafe and should be restricted if
+     * endpoint identification is not enabled and the previous handshake is
+     * a session-resumption abbreviated initial handshake, unless the
+     * identities reproesented by both certificates can be regraded as the
+     * same (See isIdentityEquivalent()).
+     *
+     * Considering the compatibility impact and the actual requirements to
+     * support server certificate change in practice, the system property,
+     * jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe
+     * server certificate change in renegotiation is allowed or not. The
+     * default value of the system property is "false". To mitigate the
+     * compatibility impact, applications may want to set the system
+     * property to "true" at their own risk.
+     *
+     * If the value of the system property is "false", server certificate
+     * change in renegotiation after a session-resumption abbreviated initial
+     * handshake is restricted (See isIdentityEuivalent()).
+     *
+     * If the system property is set to "truie" explicitly, the restriction on
+     * server certificate change in renegotiation is disabled.
+     */
+    private final static boolean allowUnsafeServerCertChange =
+        Debug.getBooleanProperty("jdk.tls.allowUnsafeServerCertChange", false);
+
+    /*
+     * the reserved server certificate chain in previous handshaking
+     *
+     * The server certificate chain is only reserved if the previous
+     * handshake is a session-resumption abbreviated initial handshake.
+     */
+    private X509Certificate[] reservedServerCerts = null;
+
+    /*
      * Constructors
      */
     ClientHandshaker(SSLSocketImpl socket, SSLContextImpl context,
@@ -551,8 +607,7 @@
                 // we wanted to resume, but the server refused
                 session = null;
                 if (!enableNewSession) {
-                    throw new SSLException
-                        ("New session creation is disabled");
+                    throw new SSLException("New session creation is disabled");
                 }
             }
         }
@@ -563,6 +618,11 @@
             }
 
             setHandshakeSessionSE(session);
+            // Reserve the handshake state if this is a session-resumption
+            // abbreviated initial handshake.
+            if (isInitialHandshake) {
+                session.setAsSessionResumption(true);
+            }
             return;
         }
 
@@ -1035,6 +1095,13 @@
         }
 
         /*
+         * Reset the handshake state if this is not an initial handshake.
+         */
+        if (!isInitialHandshake) {
+            session.setAsSessionResumption(false);
+        }
+
+        /*
          * OK, it verified.  If we're doing the fast handshake, add that
          * "Finished" message to the hash of handshake messages, then send
          * our own change_cipher_spec and Finished message for the server
@@ -1131,8 +1198,22 @@
                 System.out.println("%% No cached client session");
             }
         }
-        if ((session != null) && (session.isRejoinable() == false)) {
-            session = null;
+        if (session != null) {
+            // If unsafe server certificate change is not allowed, reserve
+            // current server certificates if the preious handshake is a
+            // session-resumption abbreviated initial handshake.
+            if (!allowUnsafeServerCertChange && session.isSessionResumption()) {
+                try {
+                    // If existing, peer certificate chain cannot be null.
+                    reservedServerCerts =
+                        (X509Certificate[])session.getPeerCertificates();
+                } catch (SSLPeerUnverifiedException puve) {
+                    // Maybe not certificate-based, ignore the exception.
+                }
+            }
+            if (!session.isRejoinable()) {
+                session = null;
+            }
         }
 
         if (session != null) {
@@ -1303,8 +1384,25 @@
         }
         X509Certificate[] peerCerts = mesg.getCertificateChain();
         if (peerCerts.length == 0) {
-            fatalSE(Alerts.alert_bad_certificate,
-                "empty certificate chain");
+            fatalSE(Alerts.alert_bad_certificate, "empty certificate chain");
+        }
+
+        // Allow server certificate change in client side during renegotiation
+        // after session-resumption abbreviated initial handshake ?
+        //
+        // DO NOT need to check allowUnsafeServerCertChange here. We only
+        // reserve server certificates when allowUnsafeServerCertChange is
+        // false.
+        if (reservedServerCerts != null) {
+            // It is not necessary to check the certificate update if endpoint
+            // identification is enabled.
+            String identityAlg = getEndpointIdentificationAlgorithmSE();
+            if ((identityAlg == null || identityAlg.length() == 0) &&
+                !isIdentityEquivalent(peerCerts[0], reservedServerCerts[0])) {
+                fatalSE(Alerts.alert_bad_certificate,
+                        "server certificate change is restricted" +
+                        "during renegotiation");
+            }
         }
         // ask the trust manager to verify the chain
         X509TrustManager tm = sslContext.getX509TrustManager();
@@ -1342,4 +1440,82 @@
         }
         session.setPeerCertificates(peerCerts);
     }
+
+    /*
+     * Whether the certificates can represent the same identity?
+     *
+     * The certificates can be used to represent the same identity:
+     *     1. If the subject alternative names of IP address are present in
+     *        both certificates, they should be identical; otherwise,
+     *     2. if the subject alternative names of DNS name are present in
+     *        both certificates, they should be identical; otherwise,
+     *     3. if the subject fields are present in both certificates, the
+     *        certificate subjects and issuers should be identical.
+     */
+
+    private static boolean isIdentityEquivalent(X509Certificate thisCert,
+            X509Certificate prevCert) {
+        if (thisCert.equals(prevCert)) {
+            return true;
+        }
+
+        // check the iPAddress field in subjectAltName extension
+        Object thisIPAddress = getSubjectAltName(thisCert, 7);  // 7: iPAddress
+        Object prevIPAddress = getSubjectAltName(prevCert, 7);
+        if (thisIPAddress != null && prevIPAddress!= null) {
+            // only allow the exactly match
+            return Objects.equals(thisIPAddress, prevIPAddress);
+        }
+
+        // check the dNSName field in subjectAltName extension
+        Object thisDNSName = getSubjectAltName(thisCert, 2);    // 2: dNSName
+        Object prevDNSName = getSubjectAltName(prevCert, 2);
+        if (thisDNSName != null && prevDNSName!= null) {
+            // only allow the exactly match
+            return Objects.equals(thisDNSName, prevDNSName);
+        }
+
+        // check the certificate subject and issuer
+        X500Principal thisSubject = thisCert.getSubjectX500Principal();
+        X500Principal prevSubject = prevCert.getSubjectX500Principal();
+        X500Principal thisIssuer = thisCert.getIssuerX500Principal();
+        X500Principal prevIssuer = prevCert.getIssuerX500Principal();
+        if (!thisSubject.getName().isEmpty() &&
+                !prevSubject.getName().isEmpty() &&
+                thisSubject.equals(prevSubject) &&
+                thisIssuer.equals(prevIssuer)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /*
+     * Returns the subject alternative name of the specified type in the
+     * subjectAltNames extension of a certificate.
+     */
+    private static Object getSubjectAltName(X509Certificate cert, int type) {
+        Collection<List<?>> subjectAltNames;
+
+        try {
+            subjectAltNames = cert.getSubjectAlternativeNames();
+        } catch (CertificateParsingException cpe) {
+            if (debug != null && Debug.isOn("handshake")) {
+                System.out.println(
+                        "Attempt to obtain subjectAltNames extension failed!");
+            }
+            return null;
+        }
+
+        if (subjectAltNames != null) {
+            for (List<?> subjectAltName : subjectAltNames) {
+                int subjectAltNameType = (Integer)subjectAltName.get(0);
+                if (subjectAltNameType == type) {
+                    return subjectAltName.get(1);
+                }
+            }
+        }
+
+        return null;
+    }
 }
--- a/src/share/classes/sun/security/ssl/Handshaker.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/security/ssl/Handshaker.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -348,6 +348,16 @@
         }
     }
 
+    String getEndpointIdentificationAlgorithmSE() {
+        SSLParameters paras;
+        if (conn != null) {
+            paras = conn.getSSLParameters();
+        } else {
+            paras = engine.getSSLParameters();
+        }
+        return paras.getEndpointIdentificationAlgorithm();
+    }
+
     private void setVersionSE(ProtocolVersion protocolVersion) {
         if (conn != null) {
             conn.setVersion(protocolVersion);
--- a/src/share/classes/sun/security/ssl/SSLSessionImpl.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/security/ssl/SSLSessionImpl.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,6 +117,14 @@
     private Principal localPrincipal;
 
     /*
+     * Is the session currently re-established with a session-resumption
+     * abbreviated initial handshake?
+     *
+     * Note that currently we only set this variable in client side.
+     */
+    private boolean isSessionResumption = false;
+
+    /*
      * We count session creations, eventually for statistical data but
      * also since counters make shorter debugging IDs than the big ones
      * we use in the protocol for uniqueness-over-time.
@@ -320,6 +328,22 @@
     }
 
     /**
+     * Return true if the session is currently re-established with a
+     * session-resumption abreviated initial handshake.
+     */
+    boolean isSessionResumption() {
+        return isSessionResumption;
+    }
+
+    /**
+     * Resets whether the session is re-established with a session-resumption
+     * abbreviated initial handshake.
+     */
+    void setAsSessionResumption(boolean flag) {
+        isSessionResumption = flag;
+    }
+
+    /**
      * Returns the name of the cipher suite in use on this session
      */
     public String getCipherSuite() {
--- a/src/share/classes/sun/security/util/Resources_de.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/security/util/Resources_de.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -75,7 +75,7 @@
         {"Imports.entries.from.a.JDK.1.1.x.style.identity.database",
                 "Importiert Eintr\u00E4ge aus einer Identity-Datenbank im JDK 1.1.x-Stil"}, //-identitydb
         {"Imports.a.certificate.or.a.certificate.chain",
-                "Importiert ein Zertifikat oder eine Zertifikatkette"}, //-importcert
+                "Importiert ein Zertifikat oder eine Zertifikatskette"}, //-importcert
         {"Imports.one.or.all.entries.from.another.keystore",
                 "Importiert einen oder alle Eintr\u00E4ge aus einem anderen Keystore"}, //-importkeystore
         {"Clones.a.key.entry",
@@ -301,7 +301,7 @@
                 "{0}, {1,date}, "},
         {"alias.", "{0}, "},
         {"Entry.type.type.", "Eintragstyp: {0}"},
-        {"Certificate.chain.length.", "Zertifikatkettenl\u00E4nge: "},
+        {"Certificate.chain.length.", "Zertifikatskettenl\u00E4nge: "},
         {"Certificate.i.1.", "Zertifikat[{0,number,integer}]:"},
         {"Certificate.fingerprint.SHA1.", "Zertifikat-Fingerprint (SHA1): "},
         {"Keystore.type.", "Keystore-Typ: "},
@@ -384,9 +384,9 @@
         {"Certificate.reply.does.not.contain.public.key.for.alias.",
                 "Zertifikatantwort enth\u00E4lt keinen Public Key f\u00FCr <{0}>"},
         {"Incomplete.certificate.chain.in.reply",
-                "Unvollst\u00E4ndige Zertifikatkette in Antwort"},
+                "Unvollst\u00E4ndige Zertifikatskette in Antwort"},
         {"Certificate.chain.in.reply.does.not.verify.",
-                "Zertifikatkette in Antwort verifiziert nicht: "},
+                "Zertifikatskette in Antwort verifiziert nicht: "},
         {"Top.level.certificate.in.reply.",
                 "Zertifikat der obersten Ebene in Antwort:\n"},
         {".is.not.trusted.", "... ist nicht vertrauensw\u00FCrdig. "},
--- a/src/share/classes/sun/security/util/Resources_fr.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/security/util/Resources_fr.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -444,7 +444,7 @@
         {"Retain", "Conserver"},
 
         {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes",
-            "Avertissement : il se peut que le nom de fichier contienne des barres obliques inverses avec caract\u00E8re d'\u00E9chappement. Il n'est pas n\u00E9cessaire d'ajouter un caract\u00E8re d'\u00E9chappement aux barres obliques inverses. L'outil proc\u00E8de \u00E0 l'\u00E9chappement si n\u00E9cessaire lorsqu'il \u00E9crit le contenu des r\u00E8gles dans la zone de stockage persistant).\n\nCliquez sur Conserver pour garder le nom saisi ou sur Modifier pour le remplacer."},
+            "Avertissement : il se peut que le nom de fichier contienne des barres obliques inverses avec caract\u00E8re d'\u00E9chappement. Il n'est pas n\u00E9cessaire d'ajouter un caract\u00E8re d'\u00E9chappement aux barres obliques inverses. (L'outil proc\u00E8de \u00E0 l'\u00E9chappement si n\u00E9cessaire lorsqu'il \u00E9crit le contenu des r\u00E8gles dans la zone de stockage persistant).\n\nCliquez sur Conserver pour garder le nom saisi ou sur Modifier pour le remplacer."},
 
         {"Add.Public.Key.Alias", "Ajouter un alias de cl\u00E9 publique"},
         {"Remove.Public.Key.Alias", "Enlever un alias de cl\u00E9 publique"},
--- a/src/share/classes/sun/security/util/Resources_it.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/security/util/Resources_it.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -340,7 +340,7 @@
                  "Immettere un nuovo nome alias\t(premere INVIO per annullare l'importazione della voce):  "},
         {"Enter.alias.name.", "Immettere nome alias:  "},
         {".RETURN.if.same.as.for.otherAlias.",
-                "\t(INVIO se corrisponde al nome di <{0}>"},
+                "\t(INVIO se corrisponde al nome di <{0}>)"},
         {".PATTERN.printX509Cert",
                 "Proprietario: {0}\nAutorit\u00E0 emittente: {1}\nNumero di serie: {2}\nValido da: {3} a: {4}\nImpronte digitali certificato:\n\t MD5:  {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Nome algoritmo firma: {8}\n\t Versione: {9}"},
         {"What.is.your.first.and.last.name.",
--- a/src/share/classes/sun/security/util/Resources_pt_BR.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/security/util/Resources_pt_BR.java	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -62,7 +62,7 @@
         {"Changes.an.entry.s.alias",
                 "Altera um alias de entrada"}, //-changealias
         {"Deletes.an.entry",
-                "Deleta uma entrada"}, //-delete
+                "Exclui uma entrada"}, //-delete
         {"Exports.certificate",
                 "Exporta o certificado"}, //-exportcert
         {"Generates.a.key.pair",
--- a/src/share/classes/sun/tools/jconsole/resources/messages_ja.properties	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/tools/jconsole/resources/messages_ja.properties	Thu Aug 28 15:14:04 2014 -0700
@@ -31,7 +31,7 @@
 CPU_USAGE=CPU\u4F7F\u7528\u7387
 CPU_USAGE_FORMAT=CPU\u4F7F\u7528\u7387: {0}%
 CANCEL=\u53D6\u6D88
-CASCADE=\u91CD\u306D\u3066\u8868\u793A(&C)
+CASCADE=\u30AB\u30B9\u30B1\u30FC\u30C9\u8868\u793A(&C)
 CHART_COLON=\u30C1\u30E3\u30FC\u30C8(&C):
 CLASS_PATH=\u30AF\u30E9\u30B9\u30D1\u30B9
 CLASS_NAME=ClassName
@@ -227,7 +227,7 @@
 THREAD_TAB_THREAD_INFO_ACCESSIBLE_NAME=\u30B9\u30EC\u30C3\u30C9\u60C5\u5831
 THREAD_TAB_THREAD_PLOTTER_ACCESSIBLE_NAME=\u30B9\u30EC\u30C3\u30C9\u6570\u306E\u30C1\u30E3\u30FC\u30C8\u3002
 THRESHOLD=\u3057\u304D\u3044\u5024
-TILE=\u4E26\u3079\u3066\u8868\u793A(&T)
+TILE=\u30BF\u30A4\u30EB\u8868\u793A(&T)
 TIME_RANGE_COLON=\u6642\u9593\u7BC4\u56F2(&T):
 TIME=\u6642\u9593
 TIME_STAMP=TimeStamp
@@ -252,7 +252,7 @@
 USER_DATA=UserData
 VIRTUAL_MACHINE=\u4EEE\u60F3\u30DE\u30B7\u30F3
 VM_ARGUMENTS=VM\u5F15\u6570
-VMINTERNAL_FRAME_ACCESSIBLE_DESCRIPTION=Java\u4EEE\u60F3\u30DE\u30B7\u30F3\u306E\u30E2\u30CB\u30BF\u30FC\u7528\u306E\u5185\u90E8\u30D5\u30EC\u30FC\u30E0
+VMINTERNAL_FRAME_ACCESSIBLE_DESCRIPTION=Java\u4EEE\u60F3\u30DE\u30B7\u30F3\u306E\u30E2\u30CB\u30BF\u30EA\u30F3\u30B0\u7528\u306E\u5185\u90E8\u30D5\u30EC\u30FC\u30E0
 VALUE=\u5024
 VENDOR=\u30D9\u30F3\u30C0\u30FC
 VERBOSE_OUTPUT=\u8A73\u7D30\u51FA\u529B
@@ -274,4 +274,4 @@
 KBYTES={0} KB
 PLOT=\u30D7\u30ED\u30C3\u30C8
 VISUALIZE=\u8996\u899A\u5316
-ZZ_USAGE_TEXT=\u4F7F\u7528\u65B9\u6CD5: {0} [ -interval=n ] [ -notile ] [ -pluginpath <path> ] [ -version ] [ connection ... ]\n\n  -interval   \u66F4\u65B0\u9593\u9694\u3092n\u79D2\u306B\u8A2D\u5B9A\u3059\u308B(\u30C7\u30D5\u30A9\u30EB\u30C8\u306F4\u79D2)\n  -notile     \u30A6\u30A3\u30F3\u30C9\u30A6\u3092\u6700\u521D\u306B\u4E26\u3079\u3066\u8868\u793A\u3057\u306A\u3044(2\u3064\u4EE5\u4E0A\u306E\u63A5\u7D9A\u306B\u3064\u3044\u3066)\n  -pluginpath JConsole\u304C\u30D7\u30E9\u30B0\u30A4\u30F3\u3092\u53C2\u7167\u3059\u308B\u305F\u3081\u306B\u4F7F\u7528\u3059\u308B\u30D1\u30B9\u3092\u6307\u5B9A\u3059\u308B\n  -version    \u30D7\u30ED\u30B0\u30E9\u30E0\u30FB\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u51FA\u529B\u3059\u308B\n\n  connection = pid || host:port || JMX URL (service:jmx:<protocol>://...)\n  pid         \u30BF\u30FC\u30B2\u30C3\u30C8\u30FB\u30D7\u30ED\u30BB\u30B9\u306E\u30D7\u30ED\u30BB\u30B9ID\n  host        \u30EA\u30E2\u30FC\u30C8\u30FB\u30DB\u30B9\u30C8\u540D\u307E\u305F\u306FIP\u30A2\u30C9\u30EC\u30B9\n  port        \u30EA\u30E2\u30FC\u30C8\u63A5\u7D9A\u7528\u306E\u30DD\u30FC\u30C8\u756A\u53F7\n\n  -J          JConsole\u304C\u5B9F\u884C\u4E2D\u306EJava\u4EEE\u60F3\u30DE\u30B7\u30F3\u3078\u306E\n              \u5165\u529B\u5F15\u6570\u3092\u6307\u5B9A\u3059\u308B
+ZZ_USAGE_TEXT=\u4F7F\u7528\u65B9\u6CD5: {0} [ -interval=n ] [ -notile ] [ -pluginpath <path> ] [ -version ] [ connection ... ]\n\n  -interval   \u66F4\u65B0\u9593\u9694\u3092n\u79D2\u306B\u8A2D\u5B9A\u3059\u308B(\u30C7\u30D5\u30A9\u30EB\u30C8\u306F4\u79D2)\n  -notile     \u30A6\u30A3\u30F3\u30C9\u30A6\u3092\u6700\u521D\u306B\u30BF\u30A4\u30EB\u8868\u793A\u3057\u306A\u3044(2\u3064\u4EE5\u4E0A\u306E\u63A5\u7D9A\u306B\u3064\u3044\u3066)\n  -pluginpath JConsole\u304C\u30D7\u30E9\u30B0\u30A4\u30F3\u3092\u53C2\u7167\u3059\u308B\u305F\u3081\u306B\u4F7F\u7528\u3059\u308B\u30D1\u30B9\u3092\u6307\u5B9A\u3059\u308B\n  -version    \u30D7\u30ED\u30B0\u30E9\u30E0\u30FB\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u51FA\u529B\u3059\u308B\n\n  connection = pid || host:port || JMX URL (service:jmx:<protocol>://...)\n  pid         \u30BF\u30FC\u30B2\u30C3\u30C8\u30FB\u30D7\u30ED\u30BB\u30B9\u306E\u30D7\u30ED\u30BB\u30B9ID\n  host        \u30EA\u30E2\u30FC\u30C8\u30FB\u30DB\u30B9\u30C8\u540D\u307E\u305F\u306FIP\u30A2\u30C9\u30EC\u30B9\n  port        \u30EA\u30E2\u30FC\u30C8\u63A5\u7D9A\u7528\u306E\u30DD\u30FC\u30C8\u756A\u53F7\n\n  -J          JConsole\u304C\u5B9F\u884C\u4E2D\u306EJava\u4EEE\u60F3\u30DE\u30B7\u30F3\u3078\u306E\n              \u5165\u529B\u5F15\u6570\u3092\u6307\u5B9A\u3059\u308B
--- a/src/share/classes/sun/util/locale/BaseLocale.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/util/locale/BaseLocale.java	Thu Aug 28 15:14:04 2014 -0700
@@ -31,6 +31,7 @@
  */
 
 package sun.util.locale;
+import java.lang.ref.SoftReference;
 
 
 public final class BaseLocale {
@@ -163,11 +164,11 @@
         return h;
     }
 
-    private static final class Key implements Comparable<Key> {
-        private final String lang;
-        private final String scrt;
-        private final String regn;
-        private final String vart;
+    private static final class Key {
+        private final SoftReference<String> lang;
+        private final SoftReference<String> scrt;
+        private final SoftReference<String> regn;
+        private final SoftReference<String> vart;
         private final boolean normalized;
         private final int hash;
 
@@ -179,10 +180,10 @@
             assert language.intern() == language
                    && region.intern() == region;
 
-            lang = language;
-            scrt = "";
-            regn = region;
-            vart = "";
+            lang = new SoftReference(language);
+            scrt = new SoftReference("");
+            regn = new SoftReference(region);
+            vart = new SoftReference("");
             this.normalized = true;
 
             int h = language.hashCode();
@@ -203,40 +204,40 @@
                     String variant, boolean normalized) {
             int h = 0;
             if (language != null) {
-                lang = language;
+                lang = new SoftReference(language);
                 int len = language.length();
                 for (int i = 0; i < len; i++) {
                     h = 31*h + LocaleUtils.toLower(language.charAt(i));
                 }
             } else {
-                lang = "";
+                lang = new SoftReference("");
             }
             if (script != null) {
-                scrt = script;
+                scrt = new SoftReference(script);
                 int len = script.length();
                 for (int i = 0; i < len; i++) {
                     h = 31*h + LocaleUtils.toLower(script.charAt(i));
                 }
             } else {
-                scrt = "";
+                scrt = new SoftReference("");
             }
             if (region != null) {
-                regn = region;
+                regn = new SoftReference(region);
                 int len = region.length();
                 for (int i = 0; i < len; i++) {
                     h = 31*h + LocaleUtils.toLower(region.charAt(i));
                 }
             } else {
-                regn = "";
+                regn = new SoftReference("");
             }
             if (variant != null) {
-                vart = variant;
+                vart = new SoftReference(variant);
                 int len = variant.length();
                 for (int i = 0; i < len; i++) {
                     h = 31*h + variant.charAt(i);
                 }
             } else {
-                vart = "";
+                vart = new SoftReference("");
             }
             hash = h;
             this.normalized = normalized;
@@ -244,28 +245,31 @@
 
         @Override
         public boolean equals(Object obj) {
-            return (this == obj) ||
-                    (obj instanceof Key)
-                    && this.hash == ((Key)obj).hash
-                    && LocaleUtils.caseIgnoreMatch(((Key)obj).lang, this.lang)
-                    && LocaleUtils.caseIgnoreMatch(((Key)obj).scrt, this.scrt)
-                    && LocaleUtils.caseIgnoreMatch(((Key)obj).regn, this.regn)
-                    && ((Key)obj).vart.equals(vart); // variant is case sensitive in JDK!
+            if (this == obj) {
+                return true;
         }
 
-        @Override
-        public int compareTo(Key other) {
-            int res = LocaleUtils.caseIgnoreCompare(this.lang, other.lang);
-            if (res == 0) {
-                res = LocaleUtils.caseIgnoreCompare(this.scrt, other.scrt);
-                if (res == 0) {
-                    res = LocaleUtils.caseIgnoreCompare(this.regn, other.regn);
-                    if (res == 0) {
-                        res = this.vart.compareTo(other.vart);
+            if (obj instanceof Key && this.hash == ((Key)obj).hash) {
+                String tl = this.lang.get();
+                String ol = ((Key)obj).lang.get();
+                if (tl != null && ol != null &&
+                    LocaleUtils.caseIgnoreMatch(ol, tl)) {
+                    String ts = this.scrt.get();
+                    String os = ((Key)obj).scrt.get();
+                    if (ts != null && os != null &&
+                        LocaleUtils.caseIgnoreMatch(os, ts)) {
+                        String tr = this.regn.get();
+                        String or = ((Key)obj).regn.get();
+                        if (tr != null && or != null &&
+                            LocaleUtils.caseIgnoreMatch(or, tr)) {
+                            String tv = this.vart.get();
+                            String ov = ((Key)obj).vart.get();
+                            return (ov != null && ov.equals(tv));
                     }
                 }
             }
-            return res;
+            }
+            return false;
         }
 
         @Override
@@ -278,10 +282,10 @@
                 return key;
             }
 
-            String lang = LocaleUtils.toLowerString(key.lang).intern();
-            String scrt = LocaleUtils.toTitleString(key.scrt).intern();
-            String regn = LocaleUtils.toUpperString(key.regn).intern();
-            String vart = key.vart.intern(); // preserve upper/lower cases
+            String lang = LocaleUtils.toLowerString(key.lang.get()).intern();
+            String scrt = LocaleUtils.toTitleString(key.scrt.get()).intern();
+            String regn = LocaleUtils.toUpperString(key.regn.get()).intern();
+            String vart = key.vart.get().intern(); // preserve upper/lower cases
 
             return new Key(lang, scrt, regn, vart, true);
         }
@@ -294,12 +298,18 @@
 
         @Override
         protected Key normalizeKey(Key key) {
+            assert key.lang.get() != null &&
+                   key.scrt.get() != null &&
+                   key.regn.get() != null &&
+                   key.vart.get() != null;
+
             return Key.normalize(key);
         }
 
         @Override
         protected BaseLocale createObject(Key key) {
-            return new BaseLocale(key.lang, key.scrt, key.regn, key.vart);
+            return new BaseLocale(key.lang.get(), key.scrt.get(),
+                                  key.regn.get(), key.vart.get());
         }
     }
 }
--- a/src/share/classes/sun/util/locale/LocaleObjectCache.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/classes/sun/util/locale/LocaleObjectCache.java	Thu Aug 28 15:14:04 2014 -0700
@@ -57,8 +57,10 @@
             value = entry.get();
         }
         if (value == null) {
+            V newVal = createObject(key);
+            // make sure key is normalized *after* the object creation
+            // so that newVal is assured to be created from a valid key.
             key = normalizeKey(key);
-            V newVal = createObject(key);
             if (key == null || newVal == null) {
                 // subclass must return non-null key/value object
                 return null;
--- a/src/share/javavm/export/jvm.h	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/javavm/export/jvm.h	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -384,6 +384,19 @@
 JVM_FindClassFromBootLoader(JNIEnv *env, const char *name);
 
 /*
+ * Find a class from a given class loader.  Throws ClassNotFoundException.
+ *  name:   name of class
+ *  init:   whether initialization is done
+ *  loader: class loader to look up the class. This may not be the same as the caller's
+ *          class loader.
+ *  caller: initiating class. The initiating class may be null when a security
+ *          manager is not installed.
+ */
+JNIEXPORT jclass JNICALL
+JVM_FindClassFromCaller(JNIEnv *env, const char *name, jboolean init,
+                        jobject loader, jclass caller);
+
+/*
  * Find a class from a given class loader. Throw ClassNotFoundException
  * or NoClassDefFoundError depending on the value of the last
  * argument.
--- a/src/share/native/java/lang/Class.c	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/native/java/lang/Class.c	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -97,7 +97,7 @@
 
 JNIEXPORT jclass JNICALL
 Java_java_lang_Class_forName0(JNIEnv *env, jclass this, jstring classname,
-                              jboolean initialize, jobject loader)
+                              jboolean initialize, jobject loader, jclass caller)
 {
     char *clname;
     jclass cls = 0;
@@ -135,8 +135,7 @@
         goto done;
     }
 
-    cls = JVM_FindClassFromClassLoader(env, clname, initialize,
-                                       loader, JNI_FALSE);
+    cls = JVM_FindClassFromCaller(env, clname, initialize, loader, caller);
 
  done:
     if (clname != buf) {
--- a/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp	Thu Aug 28 15:14:04 2014 -0700
@@ -243,12 +243,22 @@
         le_uint16 srSetCount = SWAPW(subRuleSetCount);
 
         if (coverageIndex < srSetCount) {
+            LEReferenceToArrayOf<Offset> subRuleSetTableOffsetArrayRef(base, success,
+                    &subRuleSetTableOffsetArray[coverageIndex], 1);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             Offset subRuleSetTableOffset = SWAPW(subRuleSetTableOffsetArray[coverageIndex]);
             LEReferenceTo<SubRuleSetTable>
                  subRuleSetTable(base, success, (const SubRuleSetTable *) ((char *) this + subRuleSetTableOffset));
             le_uint16 subRuleCount = SWAPW(subRuleSetTable->subRuleCount);
             le_int32 position = glyphIterator->getCurrStreamPosition();
 
+            LEReferenceToArrayOf<Offset> subRuleTableOffsetArrayRef(base, success,
+                    subRuleSetTable->subRuleTableOffsetArray, subRuleCount);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             for (le_uint16 subRule = 0; subRule < subRuleCount; subRule += 1) {
                 Offset subRuleTableOffset =
                     SWAPW(subRuleSetTable->subRuleTableOffsetArray[subRule]);
@@ -301,13 +311,22 @@
                                                                 glyphIterator->getCurrGlyphID(),
                                                                 success);
 
-        if (setClass < scSetCount && subClassSetTableOffsetArray[setClass] != 0) {
+        if (setClass < scSetCount) {
+            LEReferenceToArrayOf<Offset>
+                 subClassSetTableOffsetArrayRef(base, success, subClassSetTableOffsetArray, setClass);
+            if (LE_FAILURE(success)) { return 0; }
+            if (subClassSetTableOffsetArray[setClass] != 0) {
+
             Offset subClassSetTableOffset = SWAPW(subClassSetTableOffsetArray[setClass]);
             LEReferenceTo<SubClassSetTable>
                  subClassSetTable(base, success, (const SubClassSetTable *) ((char *) this + subClassSetTableOffset));
             le_uint16 subClassRuleCount = SWAPW(subClassSetTable->subClassRuleCount);
             le_int32 position = glyphIterator->getCurrStreamPosition();
-
+                LEReferenceToArrayOf<Offset>
+                    subClassRuleTableOffsetArrayRef(base, success, subClassSetTable->subClassRuleTableOffsetArray, subClassRuleCount);
+                if (LE_FAILURE(success)) {
+                    return 0;
+                }
             for (le_uint16 scRule = 0; scRule < subClassRuleCount; scRule += 1) {
                 Offset subClassRuleTableOffset =
                     SWAPW(subClassSetTable->subClassRuleTableOffsetArray[scRule]);
@@ -331,6 +350,7 @@
                 glyphIterator->setCurrStreamPosition(position);
             }
         }
+        }
 
         // XXX If we get here, the table is mal-formed...
     }
@@ -442,13 +462,22 @@
         le_uint16 srSetCount = SWAPW(chainSubRuleSetCount);
 
         if (coverageIndex < srSetCount) {
+            LEReferenceToArrayOf<Offset>
+                chainSubRuleSetTableOffsetArrayRef(base, success, chainSubRuleSetTableOffsetArray, coverageIndex);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             Offset chainSubRuleSetTableOffset = SWAPW(chainSubRuleSetTableOffsetArray[coverageIndex]);
             LEReferenceTo<ChainSubRuleSetTable>
                  chainSubRuleSetTable(base, success, (const ChainSubRuleSetTable *) ((char *) this + chainSubRuleSetTableOffset));
             le_uint16 chainSubRuleCount = SWAPW(chainSubRuleSetTable->chainSubRuleCount);
             le_int32 position = glyphIterator->getCurrStreamPosition();
             GlyphIterator tempIterator(*glyphIterator, emptyFeatureList);
-
+            LEReferenceToArrayOf<Offset>
+                chainSubRuleTableOffsetArrayRef(base, success, chainSubRuleSetTable->chainSubRuleTableOffsetArray, chainSubRuleCount);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             for (le_uint16 subRule = 0; subRule < chainSubRuleCount; subRule += 1) {
                 Offset chainSubRuleTableOffset =
                     SWAPW(chainSubRuleSetTable->chainSubRuleTableOffsetArray[subRule]);
@@ -530,6 +559,11 @@
         le_int32 setClass = inputClassDefinitionTable->getGlyphClass(inputClassDefinitionTable,
                                                                      glyphIterator->getCurrGlyphID(),
                                                                      success);
+        LEReferenceToArrayOf<Offset>
+            chainSubClassSetTableOffsetArrayRef(base, success, chainSubClassSetTableOffsetArray, setClass);
+        if (LE_FAILURE(success)) {
+            return 0;
+        }
 
         if (setClass < scSetCount && chainSubClassSetTableOffsetArray[setClass] != 0) {
             Offset chainSubClassSetTableOffset = SWAPW(chainSubClassSetTableOffsetArray[setClass]);
@@ -538,7 +572,11 @@
             le_uint16 chainSubClassRuleCount = SWAPW(chainSubClassSetTable->chainSubClassRuleCount);
             le_int32 position = glyphIterator->getCurrStreamPosition();
             GlyphIterator tempIterator(*glyphIterator, emptyFeatureList);
-
+            LEReferenceToArrayOf<Offset>
+                chainSubClassRuleTableOffsetArrayRef(base, success, chainSubClassSetTable->chainSubClassRuleTableOffsetArray, chainSubClassRuleCount);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             for (le_uint16 scRule = 0; scRule < chainSubClassRuleCount; scRule += 1) {
                 Offset chainSubClassRuleTableOffset =
                     SWAPW(chainSubClassSetTable->chainSubClassRuleTableOffsetArray[scRule]);
@@ -603,12 +641,14 @@
     }
 
     le_uint16 backtrkGlyphCount = SWAPW(backtrackGlyphCount);
+    LEReferenceToArrayOf<Offset> backtrackGlyphArrayRef(base, success, backtrackCoverageTableOffsetArray, backtrkGlyphCount);
+    if (LE_FAILURE(success)) {
+        return 0;
+    }
     le_uint16 inputGlyphCount = (le_uint16) SWAPW(backtrackCoverageTableOffsetArray[backtrkGlyphCount]);
     LEReferenceToArrayOf<Offset>   inputCoverageTableOffsetArray(base, success, &backtrackCoverageTableOffsetArray[backtrkGlyphCount + 1], inputGlyphCount+2); // offset
     if (LE_FAILURE(success)) { return 0; }
     const le_uint16 lookaheadGlyphCount = (le_uint16) SWAPW(inputCoverageTableOffsetArray[inputGlyphCount]);
-
-    if( LE_FAILURE(success) ) { return 0; }
     LEReferenceToArrayOf<Offset>   lookaheadCoverageTableOffsetArray(base, success, inputCoverageTableOffsetArray.getAlias(inputGlyphCount + 1, success), lookaheadGlyphCount+2);
 
     if( LE_FAILURE(success) ) { return 0; }
--- a/src/share/native/sun/font/layout/LEScripts.h	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/share/native/sun/font/layout/LEScripts.h	Thu Aug 28 15:14:04 2014 -0700
@@ -263,12 +263,6 @@
     tirhScriptCode = 158,
 
 /**
- * @stable ICU 52
- */
-    aghbScriptCode = 159,
-    mahjScriptCode = 160,
-
-/**
  * @stable ICU 2.2
  */
     scriptCodeCount
--- a/src/solaris/classes/sun/awt/X11/XWindow.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/solaris/classes/sun/awt/X11/XWindow.java	Thu Aug 28 15:14:04 2014 -0700
@@ -455,6 +455,7 @@
             ColorModel cm = getColorModel();
             int pixel = PixelConverter.instance.rgbToPixel(c.getRGB(), cm);
             XlibWrapper.XSetWindowBackground(XToolkit.getDisplay(), getContentWindow(), pixel);
+            XlibWrapper.XClearWindow(XToolkit.getDisplay(), getContentWindow());
         }
         finally {
             XToolkit.awtUnlock();
--- a/src/solaris/classes/sun/print/CUPSPrinter.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/solaris/classes/sun/print/CUPSPrinter.java	Thu Aug 28 15:14:04 2014 -0700
@@ -121,7 +121,7 @@
     /**
      * Returns array of MediaSizeNames derived from PPD.
      */
-    public MediaSizeName[] getMediaSizeNames() {
+    MediaSizeName[] getMediaSizeNames() {
         initMedia();
         return cupsMediaSNames;
     }
@@ -130,7 +130,7 @@
     /**
      * Returns array of Custom MediaSizeNames derived from PPD.
      */
-    public CustomMediaSizeName[] getCustomMediaSizeNames() {
+    CustomMediaSizeName[] getCustomMediaSizeNames() {
         initMedia();
         return cupsCustomMediaSNames;
     }
@@ -139,7 +139,7 @@
     /**
      * Returns array of MediaPrintableArea derived from PPD.
      */
-    public MediaPrintableArea[] getMediaPrintableArea() {
+    MediaPrintableArea[] getMediaPrintableArea() {
         initMedia();
         return cupsMediaPrintables;
     }
@@ -147,7 +147,7 @@
     /**
      * Returns array of MediaTrays derived from PPD.
      */
-    public MediaTray[] getMediaTrays() {
+    MediaTray[] getMediaTrays() {
         initMedia();
         return cupsMediaTrays;
     }
--- a/src/solaris/classes/sun/print/IPPPrintService.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/solaris/classes/sun/print/IPPPrintService.java	Thu Aug 28 15:14:04 2014 -0700
@@ -991,7 +991,9 @@
 
     public synchronized Class[] getSupportedAttributeCategories() {
         if (supportedCats != null) {
-            return supportedCats;
+            Class<?> [] copyCats = new Class<?>[supportedCats.length];
+            System.arraycopy(supportedCats, 0, copyCats, 0, copyCats.length);
+            return copyCats;
         }
 
         initAttributes();
@@ -1048,7 +1050,9 @@
         }
         supportedCats = new Class[catList.size()];
         catList.toArray(supportedCats);
-        return supportedCats;
+        Class<?>[] copyCats = new Class<?>[supportedCats.length];
+        System.arraycopy(supportedCats, 0, copyCats, 0, copyCats.length);
+        return copyCats;
     }
 
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/solaris/native/java/net/AbstractPlainDatagramSocketImpl.c	Thu Aug 28 15:14:04 2014 -0700
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#ifdef __solaris__
+#include <unistd.h>
+#include <stropts.h>
+
+#ifndef BSD_COMP
+#define BSD_COMP
+#endif
+
+#endif
+
+#include <sys/ioctl.h>
+
+#include "jvm.h"
+#include "jni_util.h"
+#include "net_util.h"
+
+#include "java_net_AbstractPlainDatagramSocketImpl.h"
+
+static jfieldID IO_fd_fdID;
+
+static jfieldID apdsi_fdID;
+
+
+/*
+ * Class:     java_net_AbstractPlainDatagramSocketImpl
+ * Method:    init
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_java_net_AbstractPlainDatagramSocketImpl_init(JNIEnv *env, jclass cls) {
+
+    apdsi_fdID = (*env)->GetFieldID(env, cls, "fd",
+                                   "Ljava/io/FileDescriptor;");
+    CHECK_NULL(apdsi_fdID);
+
+    IO_fd_fdID = NET_GetFileDescriptorID(env);
+}
+
+/*
+ * Class:     java_net_AbstractPlainDatagramSocketImpl
+ * Method:    dataAvailable
+ * Signature: ()I
+ */
+JNIEXPORT jint JNICALL Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable
+(JNIEnv *env, jobject this) {
+    int fd, retval;
+
+    jobject fdObj = (*env)->GetObjectField(env, this, apdsi_fdID);
+
+    if (IS_NULL(fdObj)) {
+        JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException",
+                        "Socket closed");
+        return -1;
+    }
+    fd = (*env)->GetIntField(env, fdObj, IO_fd_fdID);
+
+    if (ioctl(fd, FIONREAD, &retval) < 0) {
+        return -1;
+    }
+    return retval;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/windows/native/java/net/AbstractPlainDatagramSocketImpl.c	Thu Aug 28 15:14:04 2014 -0700
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <windows.h>
+#include <winsock2.h>
+
+#include "jvm.h"
+#include "jni_util.h"
+#include "net_util.h"
+
+#include "java_net_AbstractPlainDatagramSocketImpl.h"
+
+static jfieldID IO_fd_fdID = NULL;
+static jfieldID apdsi_fdID = NULL;
+
+static jfieldID apdsi_fd1ID = NULL;
+static jclass two_stacks_clazz = NULL;
+
+
+/*
+ * Class:     java_net_AbstractPlainDatagramSocketImpl
+ * Method:    init
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_java_net_AbstractPlainDatagramSocketImpl_init(JNIEnv *env, jclass cls) {
+
+    apdsi_fdID = (*env)->GetFieldID(env, cls, "fd",
+                                   "Ljava/io/FileDescriptor;");
+    CHECK_NULL(apdsi_fdID);
+    IO_fd_fdID = NET_GetFileDescriptorID(env);
+    CHECK_NULL(IO_fd_fdID);
+
+    two_stacks_clazz = (*env)->FindClass(env, "java/net/TwoStacksPlainDatagramSocketImpl");
+    CHECK_NULL(two_stacks_clazz);
+
+    /* Handle both TwoStacks and DualStack here */
+
+    if (JNU_Equals(env, cls, two_stacks_clazz)) {
+        /* fd1 present only in TwoStack.. */
+        apdsi_fd1ID = (*env)->GetFieldID(env, cls, "fd1",
+                                   "Ljava/io/FileDescriptor;");
+        CHECK_NULL(apdsi_fd1ID);
+    }
+}
+
+/*
+ * Class:     java_net_AbstractPlainDatagramSocketImpl
+ * Method:    dataAvailable
+ * Signature: ()I
+ */
+JNIEXPORT jint JNICALL Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable
+(JNIEnv *env, jobject this) {
+    SOCKET fd;
+    SOCKET fd1;
+    int  rv = -1, rv1 = -1;
+    jobject fdObj = (*env)->GetObjectField(env, this, apdsi_fdID);
+
+    if (!IS_NULL(fdObj)) {
+        int retval = 0;
+        fd = (SOCKET)(*env)->GetIntField(env, fdObj, IO_fd_fdID);
+        rv = ioctlsocket(fd, FIONREAD, &retval);
+        if (retval > 0) {
+            return retval;
+        }
+    }
+
+    if (!IS_NULL(apdsi_fd1ID)) {
+        /* TwoStacks */
+        jobject fd1Obj = (*env)->GetObjectField(env, this, apdsi_fd1ID);
+        if (!IS_NULL(fd1Obj)) {
+            int retval = 0;
+            fd1 = (SOCKET)(*env)->GetIntField(env, fd1Obj, IO_fd_fdID);
+            rv1 = ioctlsocket(fd1, FIONREAD, &retval);
+            if (retval > 0) {
+                return retval;
+            }
+        }
+    }
+
+    if (rv < 0 && rv1 < 0) {
+        JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException",
+                            "Socket closed");
+        return -1;
+    }
+
+    return 0;
+}
+
--- a/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c	Wed Aug 20 12:13:00 2014 -0700
+++ b/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c	Thu Aug 28 15:14:04 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -213,6 +213,14 @@
 void
 SplashRedrawWindow(Splash * splash)
 {
+    if (!SplashIsStillLooping(splash)) {
+        KillTimer(splash->hWnd, 0);
+    }
+
+    if (splash->currentFrame < 0) {
+        return;
+    }
+
     SplashUpdateScreenData(splash);
     if (splash->isLayered) {
         BLENDFUNCTION bf;
@@ -303,9 +311,6 @@
             time = 0;
         SetTimer(splash->hWnd, 0, time, NULL);
     }
-    else {
-        KillTimer(splash->hWnd, 0);
-    }
 }
 
 void SplashReconfigureNow(Splash * splash) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/Window/BackgroundIsNotUpdated/BackgroundIsNotUpdated.java	Thu Aug 28 15:14:04 2014 -0700
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.AWTException;
+import java.awt.Color;
+import java.awt.Frame;
+import java.awt.Graphics;
+import java.awt.Point;
+import java.awt.Robot;
+import java.awt.Toolkit;
+import java.awt.Window;
+
+import sun.awt.SunToolkit;
+
+/**
+ * @test
+ * @bug 8001472
+ * @summary Background of the window should not depend from the paint()/update()
+ * @author Sergey Bylokhov
+ */
+public final class BackgroundIsNotUpdated extends Window {
+
+    public BackgroundIsNotUpdated(final Frame owner) {
+        super(owner);
+    }
+
+    @Override
+    public void paint(final Graphics ignored) {
+        // Intentionally left blank
+    }
+
+    @Override
+    public void update(final Graphics ignored) {
+        // Intentionally left blank
+    }
+
+    public static void main(final String[] args) throws AWTException {
+        final Window window = new BackgroundIsNotUpdated(null);
+        window.setSize(300, 300);
+        window.setLocationRelativeTo(null);
+        window.setVisible(true);
+        sleep();
+        window.setBackground(Color.GREEN);
+        sleep();
+        final Robot robot = new Robot();
+        robot.setAutoDelay(200);
+        Point point = window.getLocationOnScreen();
+        Color color = robot.getPixelColor(point.x + window.getWidth() / 2,
+                                          point.y + window.getHeight() / 2);
+        window.dispose();
+        if (!color.equals(Color.GREEN)) {
+            throw new RuntimeException(
+                    "Expected: " + Color.GREEN + " , Actual: " + color);
+        }
+    }
+
+    private static void sleep() {
+        try {
+            ((SunToolkit) Toolkit.getDefaultToolkit()).realSync();
+            Thread.sleep(1000);
+        } catch (InterruptedException ignored) {
+        }
+    }
+}
--- a/test/java/lang/invoke/MethodHandlesTest.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/test/java/lang/invoke/MethodHandlesTest.java	Thu Aug 28 15:14:04 2014 -0700
@@ -140,7 +140,7 @@
         Object actual   = calledLog.get(calledLog.size() - 1);
         if (expected.equals(actual) && verbosity < 9)  return;
         System.out.println("assertCalled "+name+":");
-        System.out.println("expected:   "+expected);
+        System.out.println("expected:   "+deepToString(expected));
         System.out.println("actual:     "+actual);
         System.out.println("ex. types:  "+getClasses(expected));
         System.out.println("act. types: "+getClasses(actual));
@@ -148,7 +148,25 @@
     }
     static void printCalled(MethodHandle target, String name, Object... args) {
         if (verbosity >= 3)
-            System.out.println("calling MH="+target+" to "+name+Arrays.toString(args));
+            System.out.println("calling MH="+target+" to "+name+deepToString(args));
+    }
+    static String deepToString(Object x) {
+        if (x == null)  return "null";
+        if (x instanceof Collection)
+            x = ((Collection)x).toArray();
+        if (x instanceof Object[]) {
+            Object[] ax = (Object[]) x;
+            ax = Arrays.copyOf(ax, ax.length, Object[].class);
+            for (int i = 0; i < ax.length; i++)
+                ax[i] = deepToString(ax[i]);
+            x = Arrays.deepToString(ax);
+        }
+        if (x.getClass().isArray())
+            try {
+                x = Arrays.class.getMethod("toString", x.getClass()).invoke(null, x);
+            } catch (ReflectiveOperationException ex) { throw new Error(ex); }
+        assert(!(x instanceof Object[]));
+        return x.toString();
     }
 
     static Object castToWrapper(Object value, Class<?> dst) {
@@ -230,6 +248,12 @@
                     { param = c; break; }
             }
         }
+        if (param.isArray()) {
+            Class<?> ctype = param.getComponentType();
+            Object arg = Array.newInstance(ctype, 2);
+            Array.set(arg, 0, randomArg(ctype));
+            return arg;
+        }
         if (param.isInterface() && param.isAssignableFrom(List.class))
             return Arrays.asList("#"+nextArg());
         if (param.isInterface() || param.isAssignableFrom(String.class))
@@ -584,6 +608,16 @@
         testFindVirtual(IntExample.Impl.class, IntExample.class, void.class, "Int/v0");
     }
 
+    @Test
+    public void testFindVirtualClone() throws Throwable {
+        // test some ad hoc system methods
+        testFindVirtual(false, PUBLIC, Object.class, Object.class, "clone");
+        testFindVirtual(true, PUBLIC, Object[].class, Object.class, "clone");
+        testFindVirtual(true, PUBLIC, int[].class, Object.class, "clone");
+        for (Class<?> cls : new Class<?>[]{ boolean[].class, long[].class, float[].class, char[].class })
+            testFindVirtual(true, PUBLIC, cls, Object.class, "clone");
+    }
+
     void testFindVirtual(Class<?> defc, Class<?> ret, String name, Class<?>... params) throws Throwable {
         Class<?> rcvc = defc;
         testFindVirtual(rcvc, defc, ret, name, params);
@@ -596,6 +630,9 @@
     void testFindVirtual(Lookup lookup, Class<?> rcvc, Class<?> defc, Class<?> ret, String name, Class<?>... params) throws Throwable {
         testFindVirtual(true, lookup, rcvc, defc, ret, name, params);
     }
+    void testFindVirtual(boolean positive, Lookup lookup, Class<?> defc, Class<?> ret, String name, Class<?>... params) throws Throwable {
+        testFindVirtual(positive, lookup, defc, defc, ret, name, params);
+    }
     void testFindVirtual(boolean positive, Lookup lookup, Class<?> rcvc, Class<?> defc, Class<?> ret, String name, Class<?>... params) throws Throwable {
         countTest(positive);
         String methodName = name.substring(1 + name.indexOf('/'));  // foo/bar => foo
@@ -635,8 +672,21 @@
         Object[] argsWithSelf = randomArgs(paramsWithSelf);
         if (selfc.isAssignableFrom(rcvc) && rcvc != selfc)  argsWithSelf[0] = randomArg(rcvc);
         printCalled(target, name, argsWithSelf);
-        target.invokeWithArguments(argsWithSelf);
-        assertCalled(name, argsWithSelf);
+        Object res = target.invokeWithArguments(argsWithSelf);
+        if (Example.class.isAssignableFrom(defc) || IntExample.class.isAssignableFrom(defc)) {
+            assertCalled(name, argsWithSelf);
+        } else if (name.equals("clone")) {
+            // Ad hoc method call outside Example.  For Object[].clone.
+            printCalled(target, name, argsWithSelf);
+            assertEquals(MethodType.methodType(Object.class, rcvc), target.type());
+            Object orig = argsWithSelf[0];
+            assertEquals(orig.getClass(), res.getClass());
+            if (res instanceof Object[])
+                assertArrayEquals((Object[])res, (Object[])argsWithSelf[0]);
+            assert(Arrays.deepEquals(new Object[]{res}, new Object[]{argsWithSelf[0]}));
+        } else {
+            assert(false) : Arrays.asList(positive, lookup, rcvc, defc, ret, name, deepToString(params));
+        }
         if (verbosity >= 1)
             System.out.print(':');
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/lang/invoke/ObjectMethodInInterfaceTest.java	Thu Aug 28 15:14:04 2014 -0700
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @bug 8031502
+ * @summary JSR292: IncompatibleClassChangeError in LambdaForm for CharSequence.toString() method handle type converter
+ * @compile ObjectMethodInInterfaceTest.java
+ * @run main/othervm -Djava.lang.invoke.MethodHandle.COMPILE_THRESHOLD=0 test.java.lang.invoke.ObjectMethodInInterfaceTest
+ */
+package test.java.lang.invoke;
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+
+public class ObjectMethodInInterfaceTest {
+    public static void main(String[] args) throws Throwable {
+        MethodHandle mh = MethodHandles.lookup().findVirtual(CharSequence.class, "toString", MethodType.methodType(String.class));
+        MethodType mt = MethodType.methodType(Object.class, CharSequence.class);
+        mh = mh.asType(mt);
+
+        Object res = mh.invokeExact((CharSequence)"123");
+
+        System.out.println("TEST PASSED");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/crypto/Cipher/CipherStreamClose.java	Thu Aug 28 15:14:04 2014 -0700
@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7160837
+ * @summary Make sure Cipher IO streams doesn't call extra doFinal if close()
+ * is called multiple times.  Additionally, verify the input and output streams
+ * match with encryption and decryption with non-stream crypto.
+ */
+
+import java.io.*;
+import java.security.DigestOutputStream;
+import java.security.DigestInputStream;
+import java.security.MessageDigest;
+import java.util.Arrays;
+
+import javax.crypto.Cipher;
+import javax.crypto.CipherOutputStream;
+import javax.crypto.CipherInputStream;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.bind.DatatypeConverter;
+
+public class CipherStreamClose {
+    private static final String message = "This is the sample message";
+    static boolean debug = false;
+
+    /*
+     * This method does encryption by cipher.doFinal(), and not with
+     * CipherOutputStream
+     */
+    public static byte[] blockEncrypt(String message, SecretKey key)
+        throws Exception {
+
+        byte[] data;
+        Cipher encCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
+        encCipher.init(Cipher.ENCRYPT_MODE, key);
+        try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+            try (ObjectOutputStream oos = new ObjectOutputStream(bos)) {
+                oos.writeObject(message);
+            }
+            data = bos.toByteArray();
+        }
+
+        if (debug) {
+            System.out.println(DatatypeConverter.printHexBinary(data));
+        }
+        return encCipher.doFinal(data);
+
+    }
+
+    /*
+     * This method does decryption by cipher.doFinal(), and not with
+     * CipherIntputStream
+     */
+    public static Object blockDecrypt(byte[] data, SecretKey key)
+        throws Exception {
+
+        Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding");
+        c.init(Cipher.DECRYPT_MODE, key);
+        data = c.doFinal(data);
+        try (ByteArrayInputStream bis = new ByteArrayInputStream(data)) {
+            try (ObjectInputStream ois = new ObjectInputStream(bis)) {
+                return ois.readObject();
+            }
+        }
+    }
+
+    public static byte[] streamEncrypt(String message, SecretKey key,
+        MessageDigest digest)
+        throws Exception {
+
+        byte[] data;
+        Cipher encCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
+        encCipher.init(Cipher.ENCRYPT_MODE, key);
+        try (ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            DigestOutputStream dos = new DigestOutputStream(bos, digest);
+            CipherOutputStream cos = new CipherOutputStream(dos, encCipher)) {
+            try (ObjectOutputStream oos = new ObjectOutputStream(cos)) {
+                oos.writeObject(message);
+            }
+            data = bos.toByteArray();
+        }
+
+        if (debug) {
+            System.out.println(DatatypeConverter.printHexBinary(data));
+        }
+        return data;
+    }
+
+    public static Object streamDecrypt(byte[] data, SecretKey key,
+        MessageDigest digest) throws Exception {
+
+        Cipher decCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
+        decCipher.init(Cipher.DECRYPT_MODE, key);
+        digest.reset();
+        try (ByteArrayInputStream bis = new ByteArrayInputStream(data);
+            DigestInputStream dis = new DigestInputStream(bis, digest);
+            CipherInputStream cis = new CipherInputStream(dis, decCipher)) {
+
+            try (ObjectInputStream ois = new ObjectInputStream(cis)) {
+                return ois.readObject();
+            }
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        MessageDigest digest = MessageDigest.getInstance("SHA1");
+        SecretKeySpec key = new SecretKeySpec(
+            DatatypeConverter.parseHexBinary(
+            "12345678123456781234567812345678"), "AES");
+
+        // Run 'message' through streamEncrypt
+        byte[] se = streamEncrypt(message, key, digest);
+        // 'digest' already has the value from the stream, just finish the op
+        byte[] sd = digest.digest();
+        digest.reset();
+        // Run 'message' through blockEncrypt
+        byte[] be = blockEncrypt(message, key);
+        // Take digest of encrypted blockEncrypt result
+        byte[] bd = digest.digest(be);
+        // Verify both returned the same value
+        if (!Arrays.equals(sd, bd)) {
+            System.err.println("Stream: "+DatatypeConverter.printHexBinary(se)+
+                "\t Digest: "+DatatypeConverter.printHexBinary(sd));
+            System.err.println("Block : "+DatatypeConverter.printHexBinary(be)+
+                "\t Digest: "+DatatypeConverter.printHexBinary(bd));
+            throw new Exception("stream & block encryption does not match");
+        }
+
+        digest.reset();
+        // Sanity check: Decrypt separately from stream to verify operations
+        String bm = (String) blockDecrypt(be, key);
+        if (message.compareTo(bm) != 0) {
+            System.err.println("Expected: "+message+"\nBlock:    "+bm);
+            throw new Exception("Block decryption does not match expected");
+        }
+
+        // Have decryption and digest included in the object stream
+        String sm = (String) streamDecrypt(se, key, digest);
+        if (message.compareTo(sm) != 0) {
+            System.err.println("Expected: "+message+"\nStream:   "+sm);
+            throw new Exception("Stream decryption does not match expected.");
+        }
+    }
+}
--- a/test/sun/java2d/cmm/ColorConvertOp/ColConvCCMTest.java	Wed Aug 20 12:13:00 2014 -0700
+++ b/test/sun/java2d/cmm/ColorConvertOp/ColConvCCMTest.java	Thu Aug 28 15:14:04 2014 -0700
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 6476665 7033534
+ * @bug 6476665 7033534 8052162
  * @summary Verifies color conversion of Component Color Model based images
  * @run main ColConvCCMTest
  */