changeset 5471:cb7176d0e597

Merge
author asaha
date Thu, 18 Oct 2012 23:19:48 -0700
parents 8fab77c17bfb 3b1a395f1948
children c24b39419c35
files .hgtags src/macosx/classes/sun/lwawt/macosx/LWCToolkit.java
diffstat 76 files changed, 1194 insertions(+), 436 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Fri Oct 05 14:58:35 2012 +0400
+++ b/.hgtags	Thu Oct 18 23:19:48 2012 -0700
@@ -199,8 +199,20 @@
 0ae89e53f5300da1961984a7d81c220c7cf717d7 jdk7u6-b23
 1c775da998735711853cfe1ae1d6baddc5f12a66 jdk7u6-b24
 4bd0528374971157afd6372890f4250e1cf712d9 jdk7u6-b30
+8c2c5d63a17ee5aa85face026d6f60fb7d34aded jdk7u6-b31
 78e01a6ca8d30e8fc4eb297d297a098edfb3fec6 jdk7u7-b10
 9666d4e4bbf3f80614e246d5c15df86154544013 jdk7u7-b30
+94154c14973aee7c5ff4846af7bcb71fe7a82fa5 jdk7u7-b11
+f93d2e3b2610b612401c95dd56d1a1122d35f676 jdk7u7-b31
+94a7d51992ae6fd31f9adc15c4976d6354dca14d jdk7u7-b01
+901c290c9c8b495a2696f10a87523363239d001b jdk7u7-b02
+0e2200a8762c1fdbd1ea812ba3f6535245372c81 jdk7u9-b03
+0000000000000000000000000000000000000000 jdk7u7-b01
+94a7d51992ae6fd31f9adc15c4976d6354dca14d jdk7u9-b01
+0000000000000000000000000000000000000000 jdk7u7-b02
+901c290c9c8b495a2696f10a87523363239d001b jdk7u9-b02
+7302c386ca9c6cd20c27d0a2adb0b142f679d6b3 jdk7u9-b04
+ffad06d7009576c3098705e05452ebc309a59e56 jdk7u9-b05
 df945ef30444adf08f3ef14b0c49c8bda6dda587 jdk7u8-b01
 dd1e513c05b8b8c8402e9ecf9c0d5bdbebb1a089 jdk7u8-b02
 355cf1937d0824b54ac38ee5a5496197647840f9 jdk7u8-b03
--- a/make/com/oracle/security/ucrypto/Makefile	Fri Oct 05 14:58:35 2012 +0400
+++ b/make/com/oracle/security/ucrypto/Makefile	Thu Oct 18 23:19:48 2012 -0700
@@ -198,9 +198,9 @@
   #
   # Build ucrypto.jar.
   #
-  $(UNSIGNED_DIR)/ucrypto.jar: build
+  $(UNSIGNED_DIR)/ucrypto.jar: build $(JCE_MANIFEST_FILE)
 	$(prep-target)
-	$(BOOT_JAR_CMD) cf $@ $(JAR_DIRS) \
+	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ $(JAR_DIRS) \
 	    $(BOOT_JAR_JFLAGS)
 	@$(java-vm-cleanup)
 
--- a/make/common/Release.gmk	Fri Oct 05 14:58:35 2012 +0400
+++ b/make/common/Release.gmk	Thu Oct 18 23:19:48 2012 -0700
@@ -399,10 +399,29 @@
 	sun/tools/jinfo         \
 	sun/tools/jmap
 
+JFR_SRCDIRS_EXIST := $(shell \
+  if [ -d $(CLOSED_SHARE_SRC)/classes/com/oracle/jrockit/jfr ] ; then \
+   echo true; \
+  else \
+   echo false; \
+  fi)
+
+BUILD_JFR=
+ifndef OPENJDK
+ifndef JAVASE_EMBEDDED
+ifeq ($(JFR_SRCDIRS_EXIST), true)
+BUILD_JFR=true
+endif
+endif
+endif
+
 # classes that go into jfr.jar
+JFR_CLASSES_DIRS=
+ifdef BUILD_JFR
 JFR_CLASSES_DIRS= \
 	com/oracle/jrockit/jfr \
 	oracle/jrockit/jfr
+endif
 
 # classes that go into jsse.jar
 JSSE_CLASSES_DIRS = \
@@ -606,8 +625,7 @@
 	$(ECHO) "sun/tools/jstack/" >> $@
 	$(ECHO) "sun/tools/jinfo/" >> $@
 	$(ECHO) "sun/tools/jmap/" >> $@
-ifndef OPENJDK
-ifndef JAVASE_EMBEDDED
+ifdef BUILD_JFR
 	$(ECHO) "com/oracle/jrockit/jfr/" >> $@
 	$(ECHO) "com/oracle/jrockit/jfr/client/" >> $@
 	$(ECHO) "com/oracle/jrockit/jfr/management/" >> $@
@@ -618,7 +636,7 @@
 	$(ECHO) "oracle/jrockit/jfr/settings/" >> $@
 	$(ECHO) "oracle/jrockit/jfr/tools/" >> $@
 endif
-endif
+
 
 
 # File order list for rt.jar
@@ -645,8 +663,7 @@
 
 # Create jfr.jar
 JFR_JAR=
-ifndef OPENJDK
-ifndef JAVASE_EMBEDDED
+ifdef BUILD_JFR
 JFR_JAR=$(ABS_TEMPDIR)/jfr-orig.jar
 $(JFR_JAR): $(OTHER_JAR_MANIFEST_FILE)
 	$(prep-target)
@@ -655,7 +672,6 @@
 		$(JFR_CLASSES_DIRS) $(BOOT_JAR_JFLAGS)
 	@$(CD) $(CLASSBINDIR) && $(java-vm-cleanup)
 endif
-endif
 
 # Create the rt.jar file list & non-class files list
 
--- a/make/java/java/FILES_java.gmk	Fri Oct 05 14:58:35 2012 +0400
+++ b/make/java/java/FILES_java.gmk	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -476,6 +476,7 @@
     sun/misc/MessageUtils.java \
     sun/misc/GC.java \
     sun/misc/Service.java \
+    sun/misc/JavaAWTAccess.java \
     sun/misc/JavaLangAccess.java \
     sun/misc/JavaIOAccess.java \
     sun/misc/JavaIOFileDescriptorAccess.java \
--- a/make/javax/crypto/Defs-jce.gmk	Fri Oct 05 14:58:35 2012 +0400
+++ b/make/javax/crypto/Defs-jce.gmk	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,7 @@
 JCE_MANIFEST_FILE    = $(TEMPDIR)/manifest.mf
 $(JCE_MANIFEST_FILE): $(MAINMANIFEST)
 	$(prep-target)
-	$(SED) -e "s#@@RELEASE@@#$(RELEASE)#"           \
+	$(SED) -e "s#@@RELEASE@@#$(JDK_VERSION)#"       \
                -e "s#@@COMPANY_NAME@@#$(COMPANY_NAME)#" \
                $(MAINMANIFEST) >> $@
 	$(ECHO) "Extension-Name: javax.crypto" >> $@
--- a/make/sun/security/ec/Makefile	Fri Oct 05 14:58:35 2012 +0400
+++ b/make/sun/security/ec/Makefile	Thu Oct 18 23:19:48 2012 -0700
@@ -245,9 +245,9 @@
 #
 # Build sunec.jar.
 #
-$(UNSIGNED_DIR)/sunec.jar: build
+$(UNSIGNED_DIR)/sunec.jar: build $(JCE_MANIFEST_FILE)
 	$(prep-target)
-	$(BOOT_JAR_CMD) cf $@ $(JAR_DIRS) \
+	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ $(JAR_DIRS) \
 	    $(BOOT_JAR_JFLAGS)
 	@$(java-vm-cleanup)
 
--- a/make/sun/security/mscapi/Makefile	Fri Oct 05 14:58:35 2012 +0400
+++ b/make/sun/security/mscapi/Makefile	Thu Oct 18 23:19:48 2012 -0700
@@ -210,9 +210,9 @@
 #
 # Build sunmscapi.jar.
 #
-$(UNSIGNED_DIR)/sunmscapi.jar: build
+$(UNSIGNED_DIR)/sunmscapi.jar: build $(JCE_MANIFEST_FILE)
 	$(prep-target)
-	$(BOOT_JAR_CMD) cf $@ $(JAR_DIRS) \
+	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ $(JAR_DIRS) \
 	    $(BOOT_JAR_JFLAGS)
 	@$(java-vm-cleanup)
 
--- a/make/sun/security/pkcs11/Makefile	Fri Oct 05 14:58:35 2012 +0400
+++ b/make/sun/security/pkcs11/Makefile	Thu Oct 18 23:19:48 2012 -0700
@@ -224,9 +224,9 @@
 #
 # Build sunpkcs11.jar.
 #
-$(UNSIGNED_DIR)/sunpkcs11.jar: build
+$(UNSIGNED_DIR)/sunpkcs11.jar: build $(JCE_MANIFEST_FILE)
 	$(prep-target)
-	$(BOOT_JAR_CMD) cf $@ $(JAR_DIRS) \
+	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ $(JAR_DIRS) \
 	    $(BOOT_JAR_JFLAGS)
 	@$(java-vm-cleanup)
 
--- a/src/share/classes/com/sun/beans/decoder/DocumentHandler.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/beans/decoder/DocumentHandler.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,9 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParserFactory;
@@ -46,6 +49,8 @@
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
+import sun.misc.SharedSecrets;
+
 /**
  * The main class to parse JavaBeans XML archive.
  *
@@ -56,11 +61,10 @@
  * @see ElementHandler
  */
 public final class DocumentHandler extends DefaultHandler {
-    private final Map<String, Class<? extends ElementHandler>> handlers = new HashMap<String, Class<? extends ElementHandler>>();
-
-    private final Map<String, Object> environment = new HashMap<String, Object>();
-
-    private final List<Object> objects = new ArrayList<Object>();
+    private final AccessControlContext acc = AccessController.getContext();
+    private final Map<String, Class<? extends ElementHandler>> handlers = new HashMap<>();
+    private final Map<String, Object> environment = new HashMap<>();
+    private final List<Object> objects = new ArrayList<>();
 
     private Reference<ClassLoader> loader;
     private ExceptionListener listener;
@@ -351,23 +355,32 @@
      *
      * @param input  the input source to parse
      */
-    public void parse(InputSource input) {
-        try {
-            SAXParserFactory.newInstance().newSAXParser().parse(input, this);
+    public void parse(final InputSource input) {
+        if ((this.acc == null) && (null != System.getSecurityManager())) {
+            throw new SecurityException("AccessControlContext is not set");
         }
-        catch (ParserConfigurationException exception) {
-            handleException(exception);
-        }
-        catch (SAXException wrapper) {
-            Exception exception = wrapper.getException();
-            if (exception == null) {
-                exception = wrapper;
+        AccessControlContext stack = AccessController.getContext();
+        SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction<Void>() {
+            public Void run() {
+                try {
+                    SAXParserFactory.newInstance().newSAXParser().parse(input, DocumentHandler.this);
+                }
+                catch (ParserConfigurationException exception) {
+                    handleException(exception);
+                }
+                catch (SAXException wrapper) {
+                    Exception exception = wrapper.getException();
+                    if (exception == null) {
+                        exception = wrapper;
+                    }
+                    handleException(exception);
+                }
+                catch (IOException exception) {
+                    handleException(exception);
+                }
+                return null;
             }
-            handleException(exception);
-        }
-        catch (IOException exception) {
-            handleException(exception);
-        }
+        }, stack, this.acc);
     }
 
     /**
--- a/src/share/classes/com/sun/beans/decoder/PropertyElementHandler.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/beans/decoder/PropertyElementHandler.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,8 @@
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 
+import sun.reflect.misc.MethodUtil;
+
 /**
  * This class is intended to handle &lt;property&gt; element.
  * This element simplifies access to the properties.
@@ -168,11 +170,11 @@
     private static Object getPropertyValue(Object bean, String name, Integer index) throws IllegalAccessException, IntrospectionException, InvocationTargetException, NoSuchMethodException {
         Class<?> type = bean.getClass();
         if (index == null) {
-            return findGetter(type, name).invoke(bean);
+            return MethodUtil.invoke(findGetter(type, name), bean, new Object[] {});
         } else if (type.isArray() && (name == null)) {
             return Array.get(bean, index);
         } else {
-            return findGetter(type, name, int.class).invoke(bean, index);
+            return MethodUtil.invoke(findGetter(type, name, int.class), bean, new Object[] {index});
         }
     }
 
@@ -197,11 +199,11 @@
                 : null;
 
         if (index == null) {
-            findSetter(type, name, param).invoke(bean, value);
+            MethodUtil.invoke(findSetter(type, name, param), bean, new Object[] {value});
         } else if (type.isArray() && (name == null)) {
             Array.set(bean, index, value);
         } else {
-            findSetter(type, name, int.class, param).invoke(bean, index, value);
+            MethodUtil.invoke(findSetter(type, name, int.class, param), bean, new Object[] {index, value});
         }
     }
 
--- a/src/share/classes/com/sun/jmx/remote/internal/ServerNotifForwarder.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/jmx/remote/internal/ServerNotifForwarder.java	Thu Oct 18 23:19:48 2012 -0700
@@ -68,9 +68,9 @@
         this.notifBuffer = notifBuffer;
         this.connectionId = connectionId;
         connectionTimeout = EnvHelp.getServerConnectionTimeout(env);
-        checkNotificationEmission = EnvHelp.computeBooleanFromString(
-            env,
-            "jmx.remote.x.check.notification.emission",false);
+
+        String stringBoolean = (String) env.get("jmx.remote.x.check.notification.emission");
+        checkNotificationEmission = EnvHelp.computeBooleanFromString( stringBoolean );
         notificationAccessController =
                 EnvHelp.getNotificationAccessController(env);
     }
--- a/src/share/classes/com/sun/jmx/remote/util/EnvHelp.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/jmx/remote/util/EnvHelp.java	Thu Oct 18 23:19:48 2012 -0700
@@ -665,97 +665,57 @@
      * Computes a boolean value from a string value retrieved from a
      * property in the given map.
      *
-     * @param env the environment map.
-     * @param prop the name of the property in the environment map whose
-     * returned string value must be converted into a boolean value.
-     * @param systemProperty if true, consult a system property of the
-     * same name if there is no entry in the environment map.
+     * @param stringBoolean the string value that must be converted
+     * into a boolean value.
      *
      * @return
      *   <ul>
-     *   <li>{@code false} if {@code env.get(prop)} is {@code null}</li>
+     *   <li>{@code false} if {@code stringBoolean} is {@code null}</li>
      *   <li>{@code false} if
-     *       {@code ((String)env.get(prop)).equalsIgnoreCase("false")}
+     *       {@code stringBoolean.equalsIgnoreCase("false")}
      *       is {@code true}</li>
      *   <li>{@code true} if
-     *       {@code ((String)env.get(prop)).equalsIgnoreCase("true")}
+     *       {@code stringBoolean.equalsIgnoreCase("true")}
      *       is {@code true}</li>
      *   </ul>
      *
-     * @throws IllegalArgumentException if {@code env} is {@code null} or
-     * {@code env.get(prop)} is not {@code null} and
+     * @throws IllegalArgumentException if
      * {@code ((String)env.get(prop)).equalsIgnoreCase("false")} and
      * {@code ((String)env.get(prop)).equalsIgnoreCase("true")} are
      * {@code false}.
-     * @throws ClassCastException if {@code env.get(prop)} cannot be cast
-     * to {@code String}.
      */
-    public static boolean computeBooleanFromString(
-            Map<String, ?> env, String prop, boolean systemProperty) {
-
-        if (env == null)
-            throw new IllegalArgumentException("env map cannot be null");
-
+    public static boolean computeBooleanFromString(String stringBoolean) {
         // returns a default value of 'false' if no property is found...
-        return computeBooleanFromString(env,prop,systemProperty,false);
+        return computeBooleanFromString(stringBoolean,false);
     }
 
     /**
      * Computes a boolean value from a string value retrieved from a
      * property in the given map.
      *
-     * @param env the environment map.
-     * @param prop the name of the property in the environment map whose
-     * returned string value must be converted into a boolean value.
-     * @param systemProperty if true, consult a system property of the
-     * same name if there is no entry in the environment map.
+     * @param stringBoolean the string value that must be converted
+     * into a boolean value.
      * @param defaultValue a default value to return in case no property
      *        was defined.
      *
      * @return
      *   <ul>
-     *   <li>{@code defaultValue} if {@code env.get(prop)} is {@code null}
-     *       and {@code systemProperty} is {@code false}</li>
-     *   <li>{@code defaultValue} if {@code env.get(prop)} is {@code null}
-     *       and {@code systemProperty} is {@code true} and
-     *       {@code System.getProperty(prop)} is {@code null}</li>
-     *   <li>{@code false} if {@code env.get(prop)} is {@code null}
-     *       and {@code systemProperty} is {@code true} and
-     *       {@code System.getProperty(prop).equalsIgnoreCase("false")}
-     *       is {@code true}</li>
-     *   <li>{@code true} if {@code env.get(prop)} is {@code null}
-     *       and {@code systemProperty} is {@code true} and
-     *       {@code System.getProperty(prop).equalsIgnoreCase("true")}
-     *       is {@code true}</li>
+     *   <li>{@code defaultValue} if {@code stringBoolean}
+     *   is {@code null}</li>
      *   <li>{@code false} if
-     *       {@code ((String)env.get(prop)).equalsIgnoreCase("false")}
+     *       {@code stringBoolean.equalsIgnoreCase("false")}
      *       is {@code true}</li>
      *   <li>{@code true} if
-     *       {@code ((String)env.get(prop)).equalsIgnoreCase("true")}
+     *       {@code stringBoolean.equalsIgnoreCase("true")}
      *       is {@code true}</li>
      *   </ul>
      *
-     * @throws IllegalArgumentException if {@code env} is {@code null} or
-     * {@code env.get(prop)} is not {@code null} and
+     * @throws IllegalArgumentException if
      * {@code ((String)env.get(prop)).equalsIgnoreCase("false")} and
      * {@code ((String)env.get(prop)).equalsIgnoreCase("true")} are
      * {@code false}.
-     * @throws ClassCastException if {@code env.get(prop)} cannot be cast
-     * to {@code String}.
      */
-    public static boolean computeBooleanFromString(
-            Map<String, ?> env, String prop,
-            boolean systemProperty, boolean defaultValue) {
-
-        if (env == null)
-            throw new IllegalArgumentException("env map cannot be null");
-
-        String stringBoolean = (String) env.get(prop);
-        if (stringBoolean == null && systemProperty) {
-            stringBoolean =
-                    AccessController.doPrivileged(new GetPropertyAction(prop));
-        }
-
+    public static boolean computeBooleanFromString( String stringBoolean, boolean defaultValue) {
         if (stringBoolean == null)
             return defaultValue;
         else if (stringBoolean.equalsIgnoreCase("true"))
@@ -763,8 +723,8 @@
         else if (stringBoolean.equalsIgnoreCase("false"))
             return false;
         else
-            throw new IllegalArgumentException(prop +
-                " must be \"true\" or \"false\" instead of \"" +
+            throw new IllegalArgumentException(
+                "Property value must be \"true\" or \"false\" instead of \"" +
                 stringBoolean + "\"");
     }
 
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java	Thu Oct 18 23:19:48 2012 -0700
@@ -154,7 +154,7 @@
                 }
             }
                         for (Node el=config.getFirstChild();el!=null;el=el.getNextSibling()) {
-                if (!(el instanceof Element)) {
+                if (el.getNodeType() != Node.ELEMENT_NODE) {
                         continue;
                 }
                 String tag=el.getLocalName();
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java	Thu Oct 18 23:19:48 2012 -0700
@@ -202,7 +202,7 @@
         try {
          NameSpaceSymbTable ns=new NameSpaceSymbTable();
          int nodeLevel=NODE_BEFORE_DOCUMENT_ELEMENT;
-         if (rootNode instanceof Element) {
+         if (rootNode != null && rootNode.getNodeType() == Node.ELEMENT_NODE) {
                 //Fills the nssymbtable with the definitions of the parent of the root subnode
                 getParentNameSpaces((Element)rootNode,ns);
                 nodeLevel=NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
@@ -332,7 +332,7 @@
                                 return;
                         sibling=parentNode.getNextSibling();
                         parentNode=parentNode.getParentNode();
-                        if (!(parentNode instanceof Element)) {
+                        if (parentNode !=null && parentNode.getNodeType() != Node.ELEMENT_NODE) {
                                 documentLevel=NODE_AFTER_DOCUMENT_ELEMENT;
                                 parentNode=null;
                         }
@@ -388,7 +388,7 @@
                 return;
         boolean currentNodeIsVisible = false;
         NameSpaceSymbTable ns=new  NameSpaceSymbTable();
-        if (currentNode instanceof Element)
+        if (currentNode != null && currentNode.getNodeType() == Node.ELEMENT_NODE)
                 getParentNameSpaces((Element)currentNode,ns);
         Node sibling=null;
         Node parentNode=null;
@@ -509,7 +509,7 @@
                                 return;
                         sibling=parentNode.getNextSibling();
                         parentNode=parentNode.getParentNode();
-                        if (!(parentNode instanceof Element)) {
+                        if (parentNode != null && parentNode.getNodeType() != Node.ELEMENT_NODE) {
                                 parentNode=null;
                                 documentLevel=NODE_AFTER_DOCUMENT_ELEMENT;
                         }
@@ -591,18 +591,14 @@
         final void getParentNameSpaces(Element el,NameSpaceSymbTable ns)  {
                 List parents=new ArrayList(10);
                 Node n1=el.getParentNode();
-                if (!(n1 instanceof Element)) {
+                if (n1 == null || n1.getNodeType() != Node.ELEMENT_NODE) {
                         return;
                 }
                 //Obtain all the parents of the elemnt
-                Element parent=(Element) n1;
-                while (parent!=null) {
-                        parents.add(parent);
-                        Node n=parent.getParentNode();
-                        if (!(n instanceof Element )) {
-                                break;
-                        }
-                        parent=(Element)n;
+                Node parent = n1;
+                while (parent!=null && parent.getNodeType() == Node.ELEMENT_NODE) {
+                        parents.add((Element)parent);
+                        parent = parent.getParentNode();
                 }
                 //Visit them in reverse order.
                 ListIterator it=parents.listIterator(parents.size());
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1445,7 +1445,7 @@
                 // The de-serialiser returns a fragment whose children we need to
                 // take on.
 
-                if (sourceParent instanceof Document) {
+                if (sourceParent != null && sourceParent.getNodeType() == Node.DOCUMENT_NODE) {
 
                     // If this is a content decryption, this may have problems
 
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java	Thu Oct 18 23:19:48 2012 -0700
@@ -283,7 +283,7 @@
            Element e=null;
            while (it.hasNext()) {
                    Node currentNode=(Node)it.next();
-                   if (currentNode instanceof Element) {
+                   if (currentNode != null && currentNode.getNodeType() == Node.ELEMENT_NODE) {
                            e=(Element)currentNode;
                            break;
                    }
@@ -292,14 +292,14 @@
            List parents=new ArrayList(10);
 
                 //Obtain all the parents of the elemnt
-                do {
+                while (e != null) {
                         parents.add(e);
                         Node n=e.getParentNode();
-                        if (!(n instanceof Element )) {
+                        if (n == null || n.getNodeType() != Node.ELEMENT_NODE) {
                                 break;
                         }
                         e=(Element)n;
-                } while (e!=null);
+                }
                 //Visit them in reverse order.
                 ListIterator it2=parents.listIterator(parents.size()-1);
                 Element ele=null;
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/IdResolver.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/IdResolver.java	Thu Oct 18 23:19:48 2012 -0700
@@ -223,7 +223,7 @@
         } while (sibling==null  && parentNode!=null) {
                         sibling=parentNode.getNextSibling();
                         parentNode=parentNode.getParentNode();
-                        if (!(parentNode instanceof Element)) {
+                        if (parentNode != null && parentNode.getNodeType() != Node.ELEMENT_NODE) {
                                 parentNode=null;
                         }
                 }
--- a/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	Thu Oct 18 23:19:48 2012 -0700
@@ -146,7 +146,11 @@
      */
     public RhinoScriptEngine() {
         if (System.getSecurityManager() != null) {
-            accCtxt = AccessController.getContext();
+            try {
+                AccessController.checkPermission(new AllPermission());
+            } catch (AccessControlException ace) {
+                accCtxt = AccessController.getContext();
+            }
         }
 
         Context cx = enterContext();
--- a/src/share/classes/java/beans/XMLDecoder.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/beans/XMLDecoder.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,9 @@
 import java.io.Closeable;
 import java.io.InputStream;
 import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 import org.xml.sax.InputSource;
 import org.xml.sax.helpers.DefaultHandler;
@@ -61,6 +64,7 @@
  * @author Philip Milne
  */
 public class XMLDecoder implements AutoCloseable {
+    private final AccessControlContext acc = AccessController.getContext();
     private final DocumentHandler handler = new DocumentHandler();
     private final InputSource input;
     private Object owner;
@@ -189,7 +193,15 @@
             return false;
         }
         if (this.array == null) {
-            this.handler.parse(this.input);
+            if ((this.acc == null) && (null != System.getSecurityManager())) {
+                throw new SecurityException("AccessControlContext is not set");
+            }
+            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                public Void run() {
+                    XMLDecoder.this.handler.parse(XMLDecoder.this.input);
+                    return null;
+                }
+            }, this.acc);
             this.array = this.handler.getObjects();
         }
         return true;
--- a/src/share/classes/java/io/FilePermission.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/io/FilePermission.java	Thu Oct 18 23:19:48 2012 -0700
@@ -418,7 +418,7 @@
      */
 
     public int hashCode() {
-        return this.cpath.hashCode();
+        return 0;
     }
 
     /**
--- a/src/share/classes/java/lang/invoke/MethodHandleImpl.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/lang/invoke/MethodHandleImpl.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package java.lang.invoke;
 
-import sun.invoke.util.VerifyType;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
@@ -35,6 +34,7 @@
 import java.util.List;
 import sun.invoke.empty.Empty;
 import sun.invoke.util.ValueConversions;
+import sun.invoke.util.VerifyType;
 import sun.invoke.util.Wrapper;
 import sun.misc.Unsafe;
 import static java.lang.invoke.MethodHandleStatics.*;
@@ -1258,4 +1258,169 @@
         return THROW_EXCEPTION;
     }
     static <T extends Throwable> Empty throwException(T t) throws T { throw t; }
+
+    /**
+     * Create an alias for the method handle which, when called,
+     * appears to be called from the same class loader and protection domain
+     * as hostClass.
+     * This is an expensive no-op unless the method which is called
+     * is sensitive to its caller.  A small number of system methods
+     * are in this category, including Class.forName and Method.invoke.
+     */
+    static
+    MethodHandle bindCaller(MethodHandle mh, Class<?> hostClass) {
+        return BindCaller.bindCaller(mh, hostClass);
+    }
+
+    // Put the whole mess into its own nested class.
+    // That way we can lazily load the code and set up the constants.
+    private static class BindCaller {
+        static
+        MethodHandle bindCaller(MethodHandle mh, Class<?> hostClass) {
+            // Do not use this function to inject calls into system classes.
+            if (hostClass == null) {
+                hostClass = C_Trampoline;
+            } else if (hostClass.isArray() ||
+                       hostClass.isPrimitive() ||
+                       hostClass.getName().startsWith("java.") ||
+                       hostClass.getName().startsWith("sun.")) {
+                throw new InternalError();  // does not happen, and should not anyway
+            }
+            // For simplicity, convert mh to a varargs-like method.
+            MethodHandle vamh = prepareForInvoker(mh);
+            // Cache the result of makeInjectedInvoker once per argument class.
+            MethodHandle bccInvoker = CV_makeInjectedInvoker.get(hostClass);
+            return restoreToType(bccInvoker.bindTo(vamh), mh.type());
+        }
+
+        // This class ("Trampoline") is known to be inside a dead-end class loader.
+        // Inject all doubtful calls into this class.
+        private static Class<?> C_Trampoline;
+        static {
+            Class<?> tramp = null;
+            try {
+                final int FRAME_COUNT_ARG = 1;  // [0] Reflection [1] Trampoline
+                java.lang.reflect.Method gcc = sun.reflect.Reflection.class.getMethod("getCallerClass", int.class);
+                tramp = (Class<?>) sun.reflect.misc.MethodUtil.invoke(gcc, null, new Object[]{ FRAME_COUNT_ARG });
+                if (tramp.getClassLoader() == BindCaller.class.getClassLoader())
+                    throw new RuntimeException(tramp.getName()+" class loader");
+            } catch (Throwable ex) {
+                throw new InternalError(ex.toString());
+            }
+            C_Trampoline = tramp;
+        }
+
+        private static final Unsafe UNSAFE = Unsafe.getUnsafe();
+
+        private static MethodHandle makeInjectedInvoker(Class<?> hostClass) {
+            Class<?> bcc = UNSAFE.defineAnonymousClass(hostClass, T_BYTES, null);
+            if (hostClass.getClassLoader() != bcc.getClassLoader())
+                throw new InternalError(hostClass.getName()+" (CL)");
+            try {
+                if (hostClass.getProtectionDomain() != bcc.getProtectionDomain())
+                    throw new InternalError(hostClass.getName()+" (PD)");
+            } catch (SecurityException ex) {
+                // Self-check was blocked by security manager.  This is OK.
+                // In fact the whole try body could be turned into an assertion.
+            }
+            try {
+                MethodHandle init = IMPL_LOOKUP.findStatic(bcc, "init", MethodType.methodType(void.class));
+                init.invokeExact();  // force initialization of the class
+            } catch (Throwable ex) {
+                throw uncaughtException(ex);
+            }
+            MethodHandle bccInvoker;
+            try {
+                MethodType invokerMT = MethodType.methodType(Object.class, MethodHandle.class, Object[].class);
+                bccInvoker = IMPL_LOOKUP.findStatic(bcc, "invoke_V", invokerMT);
+            } catch (ReflectiveOperationException ex) {
+                throw uncaughtException(ex);
+            }
+            // Test the invoker, to ensure that it really injects into the right place.
+            try {
+                MethodHandle vamh = prepareForInvoker(MH_checkCallerClass);
+                Object ok = bccInvoker.invokeExact(vamh, new Object[]{hostClass, bcc});
+            } catch (Throwable ex) {
+                throw new InternalError(ex.toString());
+            }
+            return bccInvoker;
+        }
+        private static ClassValue<MethodHandle> CV_makeInjectedInvoker = new ClassValue<MethodHandle>() {
+            @Override protected MethodHandle computeValue(Class<?> hostClass) {
+                return makeInjectedInvoker(hostClass);
+            }
+        };
+
+        // Adapt mh so that it can be called directly from an injected invoker:
+        private static MethodHandle prepareForInvoker(MethodHandle mh) {
+            mh = mh.asFixedArity();
+            MethodType mt = mh.type();
+            int arity = mt.parameterCount();
+            MethodHandle vamh = mh.asType(mt.generic());
+            vamh = vamh.asSpreader(Object[].class, arity);
+            return vamh;
+        }
+
+        // Undo the adapter effect of prepareForInvoker:
+        private static MethodHandle restoreToType(MethodHandle vamh, MethodType type) {
+            return vamh.asCollector(Object[].class, type.parameterCount()).asType(type);
+        }
+
+        private static final MethodHandle MH_checkCallerClass;
+        static {
+            final Class<?> THIS_CLASS = BindCaller.class;
+            assert(checkCallerClass(THIS_CLASS, THIS_CLASS));
+            try {
+                MH_checkCallerClass = IMPL_LOOKUP
+                    .findStatic(THIS_CLASS, "checkCallerClass",
+                                MethodType.methodType(boolean.class, Class.class, Class.class));
+                assert((boolean) MH_checkCallerClass.invokeExact(THIS_CLASS, THIS_CLASS));
+            } catch (Throwable ex) {
+                throw new InternalError(ex.toString());
+            }
+        }
+
+        private static boolean checkCallerClass(Class<?> expected, Class<?> expected2) {
+            final int FRAME_COUNT_ARG = 2;  // [0] Reflection [1] BindCaller [2] Expected
+            Class<?> actual = sun.reflect.Reflection.getCallerClass(FRAME_COUNT_ARG);
+            if (actual != expected && actual != expected2)
+                throw new InternalError("found "+actual.getName()+", expected "+expected.getName()
+                                        +(expected == expected2 ? "" : ", or else "+expected2.getName()));
+            return true;
+        }
+
+        private static final byte[] T_BYTES;
+        static {
+            final Object[] values = {null};
+            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                    public Void run() {
+                        try {
+                            Class<T> tClass = T.class;
+                            String tName = tClass.getName();
+                            String tResource = tName.substring(tName.lastIndexOf('.')+1)+".class";
+                            java.net.URLConnection uconn = tClass.getResource(tResource).openConnection();
+                            int len = uconn.getContentLength();
+                            byte[] bytes = new byte[len];
+                            try (java.io.InputStream str = uconn.getInputStream()) {
+                                int nr = str.read(bytes);
+                                if (nr != len)  throw new java.io.IOException(tResource);
+                            }
+                            values[0] = bytes;
+                        } catch (java.io.IOException ex) {
+                            throw new InternalError(ex.toString());
+                        }
+                        return null;
+                    }
+                });
+            T_BYTES = (byte[]) values[0];
+        }
+
+        // The following class is used as a template for Unsafe.defineAnonymousClass:
+        private static class T {
+            static void init() { }  // side effect: initializes this class
+            static Object invoke_V(MethodHandle vamh, Object[] args) throws Throwable {
+                return vamh.invokeExact(args);
+            }
+        }
+    }
 }
--- a/src/share/classes/java/lang/invoke/MethodHandleNatives.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/lang/invoke/MethodHandleNatives.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -401,4 +401,101 @@
         assert(!HAVE_RICOCHET_FRAMES) : "this code should not be executed if `-XX:+UseRicochetFrames is enabled";
         return true;
     }
+
+    /**
+     * Is this method a caller-sensitive method?
+     * I.e., does it call Reflection.getCallerClass or a similer method
+     * to ask about the identity of its caller?
+     */
+    // FIXME: Replace this pattern match by an annotation @sun.reflect.CallerSensitive.
+    static boolean isCallerSensitive(MemberName mem) {
+        assert(mem.isInvocable());
+        Class<?> defc = mem.getDeclaringClass();
+        switch (mem.getName()) {
+        case "doPrivileged":
+            return defc == java.security.AccessController.class;
+        case "getUnsafe":
+            return defc == sun.misc.Unsafe.class;
+        case "lookup":
+            return defc == java.lang.invoke.MethodHandles.class;
+        case "invoke":
+            return defc == java.lang.reflect.Method.class;
+        case "get":
+        case "getBoolean":
+        case "getByte":
+        case "getChar":
+        case "getShort":
+        case "getInt":
+        case "getLong":
+        case "getFloat":
+        case "getDouble":
+        case "set":
+        case "setBoolean":
+        case "setByte":
+        case "setChar":
+        case "setShort":
+        case "setInt":
+        case "setLong":
+        case "setFloat":
+        case "setDouble":
+            return defc == java.lang.reflect.Field.class;
+        case "newInstance":
+            if (defc == java.lang.reflect.Constructor.class)  return true;
+            if (defc == java.lang.Class.class)  return true;
+            break;
+        case "forName":
+        case "getClassLoader":
+        case "getClasses":
+        case "getFields":
+        case "getMethods":
+        case "getConstructors":
+        case "getDeclaredClasses":
+        case "getDeclaredFields":
+        case "getDeclaredMethods":
+        case "getDeclaredConstructors":
+        case "getField":
+        case "getMethod":
+        case "getConstructor":
+        case "getDeclaredField":
+        case "getDeclaredMethod":
+        case "getDeclaredConstructor":
+            return defc == java.lang.Class.class;
+        case "getConnection":
+        case "getDriver":
+        case "getDrivers":
+        case "deregisterDriver":
+            return defc == java.sql.DriverManager.class;
+        case "newUpdater":
+            if (defc == java.util.concurrent.atomic.AtomicIntegerFieldUpdater.class)  return true;
+            if (defc == java.util.concurrent.atomic.AtomicLongFieldUpdater.class)  return true;
+            if (defc == java.util.concurrent.atomic.AtomicReferenceFieldUpdater.class)  return true;
+            break;
+        case "getContextClassLoader":
+            return defc == java.lang.Thread.class;
+        case "getPackage":
+        case "getPackages":
+            return defc == java.lang.Package.class;
+        case "getParent":
+        case "getSystemClassLoader":
+            return defc == java.lang.ClassLoader.class;
+        case "load":
+        case "loadLibrary":
+            if (defc == java.lang.Runtime.class)  return true;
+            if (defc == java.lang.System.class)  return true;
+            break;
+        case "getCallerClass":
+            if (defc == sun.reflect.Reflection.class)  return true;
+            if (defc == java.lang.System.class)  return true;
+            break;
+        case "getCallerClassLoader":
+            return defc == java.lang.ClassLoader.class;
+        case "getProxyClass":
+        case "newProxyInstance":
+            return defc == java.lang.reflect.Proxy.class;
+        case "getBundle":
+        case "clearCache":
+            return defc == java.util.ResourceBundle.class;
+        }
+        return false;
+    }
 }
--- a/src/share/classes/java/lang/invoke/MethodHandleStatics.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/lang/invoke/MethodHandleStatics.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -107,7 +107,7 @@
     /*non-public*/ static RuntimeException newIllegalArgumentException(String message, Object obj, Object obj2) {
         return new IllegalArgumentException(message(message, obj, obj2));
     }
-    /*non-public*/ static Error uncaughtException(Exception ex) {
+    /*non-public*/ static Error uncaughtException(Throwable ex) {
         Error err = new InternalError("uncaught exception");
         err.initCause(ex);
         return err;
--- a/src/share/classes/java/lang/invoke/MethodHandles.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/lang/invoke/MethodHandles.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -589,7 +589,9 @@
         private
         MethodHandle accessStatic(Class<?> refc, MemberName method) throws IllegalAccessException {
             checkMethod(refc, method, true);
-            return MethodHandleImpl.findMethod(method, false, lookupClassOrNull());
+            MethodHandle mh = MethodHandleImpl.findMethod(method, false, lookupClassOrNull());
+            mh = maybeBindCaller(method, mh);
+            return mh;
         }
         private
         MethodHandle resolveStatic(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
@@ -647,6 +649,7 @@
         private MethodHandle accessVirtual(Class<?> refc, MemberName method) throws IllegalAccessException {
             checkMethod(refc, method, false);
             MethodHandle mh = MethodHandleImpl.findMethod(method, true, lookupClassOrNull());
+            mh = maybeBindCaller(method, mh);
             return restrictProtectedReceiver(method, mh);
         }
 
@@ -687,6 +690,7 @@
             checkAccess(refc, ctor);
             MethodHandle rawMH = MethodHandleImpl.findMethod(ctor, false, lookupClassOrNull());
             MethodHandle allocMH = MethodHandleImpl.makeAllocator(rawMH);
+            assert(!MethodHandleNatives.isCallerSensitive(ctor));  // maybeBindCaller not relevant here
             return fixVarargs(allocMH, rawMH);
         }
         private MethodHandle resolveConstructor(Class<?> refc, MethodType type) throws NoSuchMethodException, IllegalAccessException {
@@ -755,6 +759,7 @@
                                            Class<?> specialCaller) throws NoSuchMethodException, IllegalAccessException {
             checkMethod(refc, method, false);
             MethodHandle mh = MethodHandleImpl.findMethod(method, false, specialCaller);
+            mh = maybeBindCaller(method, mh);
             return restrictReceiver(method, mh, specialCaller);
         }
         private MethodHandle resolveSpecial(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
@@ -922,6 +927,8 @@
             checkSecurityManager(refc, method);  // stack walk magic: do not refactor
             checkMethod(refc, method, false);
             MethodHandle dmh = MethodHandleImpl.findMethod(method, true, lookupClassOrNull());
+            MethodHandle bcmh = maybeBindCaller(method, dmh);
+            if (bcmh != dmh)  return fixVarargs(bcmh.bindTo(receiver), dmh);
             MethodHandle bmh = MethodHandleImpl.bindReceiver(dmh, receiver);
             if (bmh == null)
                 throw method.makeAccessException("no access", this);
@@ -956,6 +963,7 @@
                 return MethodHandleImpl.findMethod(method, true, /*no lookupClass*/ null);
             checkMethod(method.getDeclaringClass(), method, method.isStatic());
             MethodHandle mh = MethodHandleImpl.findMethod(method, true, lookupClassOrNull());
+            mh = maybeBindCaller(method, mh);
             return restrictProtectedReceiver(method, mh);
         }
 
@@ -987,6 +995,7 @@
             // ignore m.isAccessible:  this is a new kind of access
             checkMethod(m.getDeclaringClass(), method, false);
             MethodHandle mh = MethodHandleImpl.findMethod(method, false, lookupClassOrNull());
+            mh = maybeBindCaller(method, mh);
             return restrictReceiver(method, mh, specialCaller);
         }
 
@@ -1021,6 +1030,7 @@
                 checkAccess(c.getDeclaringClass(), ctor);
                 rawCtor = MethodHandleImpl.findMethod(ctor, false, lookupClassOrNull());
             }
+            assert(!MethodHandleNatives.isCallerSensitive(ctor));  // maybeBindCaller not relevant here
             MethodHandle allocator = MethodHandleImpl.makeAllocator(rawCtor);
             return fixVarargs(allocator, rawCtor);
         }
@@ -1232,6 +1242,16 @@
             MethodHandle narrowMH = MethodHandleImpl.convertArguments(mh, narrowType, rawType, 0);
             return fixVarargs(narrowMH, mh);
         }
+        private MethodHandle maybeBindCaller(MemberName method, MethodHandle mh) throws IllegalAccessException {
+            if (allowedModes == TRUSTED || !MethodHandleNatives.isCallerSensitive(method))
+                return mh;
+            Class<?> hostClass = lookupClass;
+            if ((allowedModes & PRIVATE) == 0)  // caller must use full-power lookup
+                hostClass = null;
+            MethodHandle cbmh = MethodHandleImpl.bindCaller(mh, hostClass);
+            cbmh = fixVarargs(cbmh, mh);  // in JDK 7 version, varargs happens earlier and must be repaired
+            return cbmh;
+        }
 
         MethodHandle makeAccessor(Class<?> refc, MemberName field,
                                   boolean trusted, boolean isSetter,
--- a/src/share/classes/java/net/URL.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/net/URL.java	Thu Oct 18 23:19:48 2012 -0700
@@ -28,6 +28,8 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
 import sun.security.util.SecurityConstants;
@@ -1116,6 +1118,22 @@
     static Hashtable handlers = new Hashtable();
     private static Object streamHandlerLock = new Object();
 
+    // special case the gopher protocol, disabled by default
+    private static final String GOPHER = "gopher";
+    private static final String ENABLE_GOPHER_PROP = "jdk.net.registerGopherProtocol";
+    private static final boolean enableGopher = AccessController.doPrivileged(
+                new PrivilegedAction<Boolean>() {
+                    @Override
+                    public Boolean run() {
+                        String prop = System.getProperty(ENABLE_GOPHER_PROP);
+                        return prop == null ? false :
+                                   (prop.equalsIgnoreCase("false") ? false : true);
+                    }
+                });
+
+    // package name of the JDK implementation protocol handlers
+    private static final String JDK_PACKAGE_PREFIX =  "sun.net.www.protocol";
+
     /**
      * Returns the Stream Handler.
      * @param protocol the protocol to use
@@ -1147,7 +1165,7 @@
 
                 // REMIND: decide whether to allow the "null" class prefix
                 // or not.
-                packagePrefixList += "sun.net.www.protocol";
+                packagePrefixList += JDK_PACKAGE_PREFIX;
 
                 StringTokenizer packagePrefixIter =
                     new StringTokenizer(packagePrefixList, "|");
@@ -1157,6 +1175,14 @@
 
                     String packagePrefix =
                       packagePrefixIter.nextToken().trim();
+
+                    // do not try to instantiate the JDK gopher handler
+                    // unless the system property had been explicitly set
+                    if (protocol.equalsIgnoreCase(GOPHER) &&
+                        packagePrefix.equals(JDK_PACKAGE_PREFIX) &&
+                        !enableGopher) {
+                            continue;
+                    }
                     try {
                         String clsName = packagePrefix + "." + protocol +
                           ".Handler";
--- a/src/share/classes/java/security/AccessController.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/security/AccessController.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -290,11 +290,11 @@
      */
     public static <T> T doPrivilegedWithCombiner(PrivilegedAction<T> action) {
 
-        DomainCombiner dc = null;
         AccessControlContext acc = getStackAccessControlContext();
-        if (acc == null || (dc = acc.getAssignedCombiner()) == null) {
+        if (acc == null) {
             return AccessController.doPrivileged(action);
         }
+        DomainCombiner dc = acc.getAssignedCombiner();
         return AccessController.doPrivileged(action, preserveCombiner(dc));
     }
 
@@ -386,11 +386,11 @@
     public static <T> T doPrivilegedWithCombiner
         (PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
 
-        DomainCombiner dc = null;
         AccessControlContext acc = getStackAccessControlContext();
-        if (acc == null || (dc = acc.getAssignedCombiner()) == null) {
+        if (acc == null) {
             return AccessController.doPrivileged(action);
         }
+        DomainCombiner dc = acc.getAssignedCombiner();
         return AccessController.doPrivileged(action, preserveCombiner(dc));
     }
 
@@ -417,7 +417,12 @@
         // perform 'combine' on the caller of doPrivileged,
         // even if the caller is from the bootclasspath
         ProtectionDomain[] pds = new ProtectionDomain[] {callerPd};
-        return new AccessControlContext(combiner.combine(pds, null), combiner);
+        if (combiner == null) {
+            return new AccessControlContext(pds);
+        } else {
+            return new AccessControlContext(combiner.combine(pds, null),
+                                            combiner);
+        }
     }
 
 
--- a/src/share/classes/java/util/ServiceLoader.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/ServiceLoader.java	Thu Oct 18 23:19:48 2012 -0700
@@ -358,14 +358,21 @@
             }
             String cn = nextName;
             nextName = null;
+            Class<?> c = null;
             try {
-                S p = service.cast(Class.forName(cn, true, loader)
-                                   .newInstance());
-                providers.put(cn, p);
-                return p;
+                c = Class.forName(cn, false, loader);
             } catch (ClassNotFoundException x) {
                 fail(service,
                      "Provider " + cn + " not found");
+            }
+            if (!service.isAssignableFrom(c)) {
+                fail(service,
+                     "Provider " + cn  + " not a subtype");
+            }
+            try {
+                S p = service.cast(c.newInstance());
+                providers.put(cn, p);
+                return p;
             } catch (Throwable x) {
                 fail(service,
                      "Provider " + cn + " could not be instantiated: " + x,
--- a/src/share/classes/java/util/TimeZone.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/TimeZone.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,7 +43,8 @@
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.concurrent.ConcurrentHashMap;
-import sun.awt.AppContext;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaAWTAccess;
 import sun.security.action.GetPropertyAction;
 import sun.util.TimeZoneNameUtility;
 import sun.util.calendar.ZoneInfo;
@@ -161,6 +162,16 @@
     private static final int ONE_HOUR   = 60*ONE_MINUTE;
     private static final int ONE_DAY    = 24*ONE_HOUR;
 
+    /*
+     * Provides access implementation-private methods without using reflection
+     *
+     * Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't
+     * been loaded. If so, it implies that AWTSecurityManager is not our
+     * SecurityManager and we can use a local static variable.
+     * This works around a build time issue.
+     */
+    private static JavaAWTAccess javaAWTAccess;
+
     // Proclaim serialization compatibility with JDK 1.1
     static final long serialVersionUID = 3581463369166924961L;
 
@@ -720,13 +731,19 @@
      * used or if the AppContext doesn't have the default TimeZone.
      */
     private synchronized static TimeZone getDefaultInAppContext() {
-        if (!hasSetInAppContext) {
-            return null;
-        }
-
-        AppContext ac = AppContext.getAppContext();
-        if (ac != null && !ac.isDisposed()) {
-            return (TimeZone) ac.get(TimeZone.class);
+        javaAWTAccess = SharedSecrets.getJavaAWTAccess();
+        if (javaAWTAccess == null) {
+            return mainAppContextDefault;
+        } else {
+            if (!javaAWTAccess.isDisposed()) {
+                TimeZone tz = (TimeZone)
+                    javaAWTAccess.get(TimeZone.class);
+                if (tz == null && javaAWTAccess.isMainAppContext()) {
+                    return mainAppContextDefault;
+                } else {
+                    return tz;
+                }
+            }
         }
         return null;
     }
@@ -738,17 +755,15 @@
      * AppContext otherwise.
      */
     private synchronized static void setDefaultInAppContext(TimeZone tz) {
-        if (!hasSetInAppContext && tz == null) {
-            return;
-        }
-
-        AppContext ac = AppContext.getAppContext();
-        if (ac != null && !ac.isDisposed()) {
-            if (tz != null) {
-                ac.put(TimeZone.class, tz);
-                hasSetInAppContext = true;
-            } else {
-                ac.remove(TimeZone.class);
+        javaAWTAccess = SharedSecrets.getJavaAWTAccess();
+        if (javaAWTAccess == null) {
+            mainAppContextDefault = tz;
+        } else {
+            if (!javaAWTAccess.isDisposed()) {
+                javaAWTAccess.put(TimeZone.class, tz);
+                if (javaAWTAccess.isMainAppContext()) {
+                    mainAppContextDefault = null;
+                }
             }
         }
     }
@@ -804,8 +819,8 @@
     static final String         GMT_ID        = "GMT";
     private static final int    GMT_ID_LENGTH = 3;
 
-    // true if the default TimeZone has been set in any AppContext
-    private static boolean hasSetInAppContext;
+    // a static TimeZone we can reference if no AppContext is in place
+    private static TimeZone mainAppContextDefault;
 
     /**
      * Parses a custom time zone identifier and returns a corresponding zone.
--- a/src/share/classes/java/util/concurrent/Executors.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/concurrent/Executors.java	Thu Oct 18 23:19:48 2012 -0700
@@ -530,18 +530,17 @@
                 return AccessController.doPrivileged(
                     new PrivilegedExceptionAction<T>() {
                         public T run() throws Exception {
-                            ClassLoader savedcl = null;
                             Thread t = Thread.currentThread();
-                            try {
-                                ClassLoader cl = t.getContextClassLoader();
-                                if (ccl != cl) {
-                                    t.setContextClassLoader(ccl);
-                                    savedcl = cl;
+                            ClassLoader cl = t.getContextClassLoader();
+                            if (ccl == cl) {
+                                return task.call();
+                            } else {
+                                t.setContextClassLoader(ccl);
+                                try {
+                                    return task.call();
+                                } finally {
+                                    t.setContextClassLoader(cl);
                                 }
-                                return task.call();
-                            } finally {
-                                if (savedcl != null)
-                                    t.setContextClassLoader(savedcl);
                             }
                         }
                     }, acc);
--- a/src/share/classes/java/util/logging/FileHandler.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/logging/FileHandler.java	Thu Oct 18 23:19:48 2012 -0700
@@ -220,7 +220,7 @@
      * @exception  NullPointerException if pattern property is an empty String.
      */
     public FileHandler() throws IOException, SecurityException {
-        checkAccess();
+        checkPermission();
         configure();
         openFiles();
     }
@@ -246,7 +246,7 @@
         if (pattern.length() < 1 ) {
             throw new IllegalArgumentException();
         }
-        checkAccess();
+        checkPermission();
         configure();
         this.pattern = pattern;
         this.limit = 0;
@@ -278,7 +278,7 @@
         if (pattern.length() < 1 ) {
             throw new IllegalArgumentException();
         }
-        checkAccess();
+        checkPermission();
         configure();
         this.pattern = pattern;
         this.limit = 0;
@@ -315,7 +315,7 @@
         if (limit < 0 || count < 1 || pattern.length() < 1) {
             throw new IllegalArgumentException();
         }
-        checkAccess();
+        checkPermission();
         configure();
         this.pattern = pattern;
         this.limit = limit;
@@ -354,7 +354,7 @@
         if (limit < 0 || count < 1 || pattern.length() < 1) {
             throw new IllegalArgumentException();
         }
-        checkAccess();
+        checkPermission();
         configure();
         this.pattern = pattern;
         this.limit = limit;
@@ -367,7 +367,7 @@
     // configured instance variables.
     private void openFiles() throws IOException {
         LogManager manager = LogManager.getLogManager();
-        manager.checkAccess();
+        manager.checkPermission();
         if (count < 1) {
            throw new IllegalArgumentException("file count = " + count);
         }
--- a/src/share/classes/java/util/logging/Handler.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/logging/Handler.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@
      *             the caller does not have <tt>LoggingPermission("control")</tt>.
      */
     public void setFormatter(Formatter newFormatter) throws SecurityException {
-        checkAccess();
+        checkPermission();
         // Check for a null pointer:
         newFormatter.getClass();
         formatter = newFormatter;
@@ -140,7 +140,7 @@
      */
     public void setEncoding(String encoding)
                         throws SecurityException, java.io.UnsupportedEncodingException {
-        checkAccess();
+        checkPermission();
         if (encoding != null) {
             try {
                 if(!java.nio.charset.Charset.isSupported(encoding)) {
@@ -175,7 +175,7 @@
      *             the caller does not have <tt>LoggingPermission("control")</tt>.
      */
     public void setFilter(Filter newFilter) throws SecurityException {
-        checkAccess();
+        checkPermission();
         filter = newFilter;
     }
 
@@ -199,7 +199,7 @@
      *             the caller does not have <tt>LoggingPermission("control")</tt>.
      */
     public void setErrorManager(ErrorManager em) {
-        checkAccess();
+        checkPermission();
         if (em == null) {
            throw new NullPointerException();
         }
@@ -213,7 +213,7 @@
      *             the caller does not have <tt>LoggingPermission("control")</tt>.
      */
     public ErrorManager getErrorManager() {
-        checkAccess();
+        checkPermission();
         return errorManager;
     }
 
@@ -253,7 +253,7 @@
         if (newLevel == null) {
             throw new NullPointerException();
         }
-        checkAccess();
+        checkPermission();
         logLevel = newLevel;
     }
 
@@ -296,9 +296,9 @@
     // If "sealed" is true, we check that the caller has
     // appropriate security privileges to update Handler
     // state and if not throw a SecurityException.
-    void checkAccess() throws SecurityException {
+    void checkPermission() throws SecurityException {
         if (sealed) {
-            manager.checkAccess();
+            manager.checkPermission();
         }
     }
 }
--- a/src/share/classes/java/util/logging/LogManager.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/logging/LogManager.java	Thu Oct 18 23:19:48 2012 -0700
@@ -314,7 +314,7 @@
         if (l == null) {
             throw new NullPointerException();
         }
-        checkAccess();
+        checkPermission();
         changes.addPropertyChangeListener(l);
     }
 
@@ -333,7 +333,7 @@
      *             the caller does not have LoggingPermission("control").
      */
     public void removePropertyChangeListener(PropertyChangeListener l) throws SecurityException {
-        checkAccess();
+        checkPermission();
         changes.removePropertyChangeListener(l);
     }
 
@@ -772,7 +772,7 @@
      * @exception  IOException if there are IO problems reading the configuration.
      */
     public void readConfiguration() throws IOException, SecurityException {
-        checkAccess();
+        checkPermission();
 
         // if a configuration class is specified, load it and use it.
         String cname = System.getProperty("java.util.logging.config.class");
@@ -830,7 +830,7 @@
      */
 
     public void reset() throws SecurityException {
-        checkAccess();
+        checkPermission();
         synchronized (this) {
             props = new Properties();
             // Since we are doing a reset we no longer want to initialize
@@ -915,7 +915,7 @@
      * @exception  IOException if there are problems reading from the stream.
      */
     public void readConfiguration(InputStream ins) throws IOException, SecurityException {
-        checkAccess();
+        checkPermission();
         reset();
 
         // Load the properties
@@ -1077,7 +1077,13 @@
     }
 
 
-    private Permission ourPermission = new LoggingPermission("control", null);
+    private final Permission controlPermission = new LoggingPermission("control", null);
+
+    void checkPermission() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null)
+            sm.checkPermission(controlPermission);
+    }
 
     /**
      * Check that the current context is trusted to modify the logging
@@ -1090,11 +1096,7 @@
      *             the caller does not have LoggingPermission("control").
      */
     public void checkAccess() throws SecurityException {
-        SecurityManager sm = System.getSecurityManager();
-        if (sm == null) {
-            return;
-        }
-        sm.checkPermission(ourPermission);
+        checkPermission();
     }
 
     // Nested class to represent a node in our tree of named loggers.
--- a/src/share/classes/java/util/logging/Logger.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/logging/Logger.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -273,13 +273,13 @@
         this.manager = manager;
     }
 
-    private void checkAccess() throws SecurityException {
+    private void checkPermission() throws SecurityException {
         if (!anonymous) {
             if (manager == null) {
                 // Complete initialization of the global Logger.
                 manager = LogManager.getLogManager();
             }
-            manager.checkAccess();
+            manager.checkPermission();
         }
     }
 
@@ -482,7 +482,7 @@
      *             the caller does not have LoggingPermission("control").
      */
     public void setFilter(Filter newFilter) throws SecurityException {
-        checkAccess();
+        checkPermission();
         filter = newFilter;
     }
 
@@ -1168,7 +1168,7 @@
      *             the caller does not have LoggingPermission("control").
      */
     public void setLevel(Level newLevel) throws SecurityException {
-        checkAccess();
+        checkPermission();
         synchronized (treeLock) {
             levelObject = newLevel;
             updateEffectiveLevel();
@@ -1223,7 +1223,7 @@
     public void addHandler(Handler handler) throws SecurityException {
         // Check for null handler
         handler.getClass();
-        checkAccess();
+        checkPermission();
         handlers.add(handler);
     }
 
@@ -1237,7 +1237,7 @@
      *             the caller does not have LoggingPermission("control").
      */
     public void removeHandler(Handler handler) throws SecurityException {
-        checkAccess();
+        checkPermission();
         if (handler == null) {
             return;
         }
@@ -1265,7 +1265,7 @@
      *             the caller does not have LoggingPermission("control").
      */
     public void setUseParentHandlers(boolean useParentHandlers) {
-        checkAccess();
+        checkPermission();
         this.useParentHandlers = useParentHandlers;
     }
 
@@ -1405,7 +1405,7 @@
         if (parent == null) {
             throw new NullPointerException();
         }
-        manager.checkAccess();
+        manager.checkPermission();
         doSetParent(parent);
     }
 
--- a/src/share/classes/java/util/logging/MemoryHandler.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/logging/MemoryHandler.java	Thu Oct 18 23:19:48 2012 -0700
@@ -238,7 +238,7 @@
             throw new NullPointerException();
         }
         LogManager manager = LogManager.getLogManager();
-        checkAccess();
+        checkPermission();
         pushLevel = newLevel;
     }
 
--- a/src/share/classes/java/util/logging/StreamHandler.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/java/util/logging/StreamHandler.java	Thu Oct 18 23:19:48 2012 -0700
@@ -249,7 +249,7 @@
     }
 
     private synchronized void flushAndClose() throws SecurityException {
-        checkAccess();
+        checkPermission();
         if (writer != null) {
             try {
                 if (!doneHeader) {
--- a/src/share/classes/javax/management/modelmbean/DescriptorSupport.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/javax/management/modelmbean/DescriptorSupport.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1245,13 +1245,12 @@
             return s.substring(1, s.length() - 1);
         }
         final String className = s.substring(1, slash);
+
         final Constructor<?> constr;
         try {
+            ReflectUtil.checkPackageAccess(className);
             final ClassLoader contextClassLoader =
                 Thread.currentThread().getContextClassLoader();
-            if (contextClassLoader == null) {
-                ReflectUtil.checkPackageAccess(className);
-            }
             final Class<?> c =
                 Class.forName(className, false, contextClassLoader);
             constr = c.getConstructor(new Class<?>[] {String.class});
--- a/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,11 +39,17 @@
 import java.rmi.MarshalledObject;
 import java.rmi.UnmarshalException;
 import java.rmi.server.Unreferenced;
+
 import java.security.AccessControlContext;
 import java.security.AccessController;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
+
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Map;
@@ -60,6 +66,7 @@
 import javax.management.MBeanException;
 import javax.management.MBeanInfo;
 import javax.management.MBeanRegistrationException;
+import javax.management.MBeanPermission;
 import javax.management.MBeanServer;
 import javax.management.NotCompliantMBeanException;
 import javax.management.NotificationFilter;
@@ -143,6 +150,7 @@
         this.mbeanServer = rmiServer.getMBeanServer();
 
         final ClassLoader dcl = defaultClassLoader;
+
         this.classLoaderWithRepository =
             AccessController.doPrivileged(
                 new PrivilegedAction<ClassLoaderWithRepository>() {
@@ -151,13 +159,40 @@
                                       mbeanServer.getClassLoaderRepository(),
                                       dcl);
                     }
+                },
+
+                withPermissions( new MBeanPermission("*", "getClassLoaderRepository"),
+                                 new RuntimePermission("createClassLoader"))
+            );
+
+
+        this.defaultContextClassLoader =
+            AccessController.doPrivileged(
+                new PrivilegedAction<ClassLoader>() {
+            @Override
+                    public ClassLoader run() {
+                        return new CombinedClassLoader(Thread.currentThread().getContextClassLoader(),
+                                dcl);
+                    }
                 });
+
         serverCommunicatorAdmin = new
           RMIServerCommunicatorAdmin(EnvHelp.getServerConnectionTimeout(env));
 
         this.env = env;
     }
 
+    private static AccessControlContext withPermissions(Permission ... perms){
+        Permissions col = new Permissions();
+
+        for (Permission thePerm : perms ) {
+            col.add(thePerm);
+        }
+
+        final ProtectionDomain pd = new ProtectionDomain(null, col);
+        return new AccessControlContext( new ProtectionDomain[] { pd });
+    }
+
     private synchronized ServerNotifForwarder getServerNotifFwd() {
         // Lazily created when first use. Mainly when
         // addNotificationListener is first called.
@@ -507,7 +542,7 @@
                  "connectionId=" + connectionId
                  +" unwrapping query with defaultClassLoader.");
 
-        queryValue = unwrap(query, defaultClassLoader, QueryExp.class);
+        queryValue = unwrap(query, defaultContextClassLoader, QueryExp.class);
 
         try {
             final Object params[] = new Object[] { name, queryValue };
@@ -542,7 +577,7 @@
                  "connectionId=" + connectionId
                  +" unwrapping query with defaultClassLoader.");
 
-        queryValue = unwrap(query, defaultClassLoader, QueryExp.class);
+        queryValue = unwrap(query, defaultContextClassLoader, QueryExp.class);
 
         try {
             final Object params[] = new Object[] { name, queryValue };
@@ -1330,7 +1365,9 @@
                         public ClassLoader run() throws InstanceNotFoundException {
                             return mbeanServer.getClassLoader(name);
                         }
-                    });
+                    },
+                    withPermissions(new MBeanPermission("*", "getClassLoader"))
+            );
         } catch (PrivilegedActionException pe) {
             throw (InstanceNotFoundException) extractException(pe);
         }
@@ -1345,7 +1382,9 @@
                         public Object run() throws InstanceNotFoundException {
                             return mbeanServer.getClassLoaderFor(name);
                         }
-                    });
+                    },
+                    withPermissions(new MBeanPermission("*", "getClassLoaderFor"))
+            );
         } catch (PrivilegedActionException pe) {
             throw (InstanceNotFoundException) extractException(pe);
         }
@@ -1572,7 +1611,8 @@
             ClassLoader orderCL = AccessController.doPrivileged(
                 new PrivilegedExceptionAction<ClassLoader>() {
                     public ClassLoader run() throws Exception {
-                        return new OrderClassLoaders(cl1, cl2);
+                        return new CombinedClassLoader(Thread.currentThread().getContextClassLoader(),
+                                new OrderClassLoaders(cl1, cl2));
                     }
                 }
             );
@@ -1664,6 +1704,8 @@
 
     private final ClassLoader defaultClassLoader;
 
+    private final ClassLoader defaultContextClassLoader;
+
     private final ClassLoaderWithRepository classLoaderWithRepository;
 
     private boolean terminated = false;
@@ -1746,4 +1788,43 @@
 
     private static final ClassLogger logger =
         new ClassLogger("javax.management.remote.rmi", "RMIConnectionImpl");
+
+    private static final class CombinedClassLoader extends ClassLoader {
+
+        private final static class ClassLoaderWrapper extends ClassLoader {
+            ClassLoaderWrapper(ClassLoader cl) {
+                super(cl);
+            }
+
+            @Override
+            protected Class<?> loadClass(String name, boolean resolve)
+                    throws ClassNotFoundException {
+                return super.loadClass(name, resolve);
+            }
+        };
+
+        final ClassLoaderWrapper defaultCL;
+
+        private CombinedClassLoader(ClassLoader parent, ClassLoader defaultCL) {
+            super(parent);
+            this.defaultCL = new ClassLoaderWrapper(defaultCL);
+        }
+
+        @Override
+        protected Class<?> loadClass(String name, boolean resolve)
+        throws ClassNotFoundException {
+            try {
+                super.loadClass(name, resolve);
+            } catch(Exception e) {
+                for(Throwable t = e; t != null; t = t.getCause()) {
+                    if(t instanceof SecurityException) {
+                        throw t==e?(SecurityException)t:new SecurityException(t.getMessage(), e);
+                    }
+                }
+            }
+            final Class<?> cl = defaultCL.loadClass(name, resolve);
+            return cl;
+        }
+
+    }
 }
--- a/src/share/classes/javax/management/remote/rmi/RMIConnector.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/javax/management/remote/rmi/RMIConnector.java	Thu Oct 18 23:19:48 2012 -0700
@@ -277,9 +277,9 @@
             // Check for secure RMIServer stub if the corresponding
             // client-side environment property is set to "true".
             //
-            boolean checkStub = EnvHelp.computeBooleanFromString(
-                    usemap,
-                    "jmx.remote.x.check.stub",false);
+            String stringBoolean =  (String) usemap.get("jmx.remote.x.check.stub");
+            boolean checkStub = EnvHelp.computeBooleanFromString(stringBoolean);
+
             if (checkStub) checkStub(stub, rmiServerImplStubClass);
 
             // Connect IIOP Stub if needed.
--- a/src/share/classes/javax/management/remote/rmi/RMIConnectorServer.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/javax/management/remote/rmi/RMIConnectorServer.java	Thu Oct 18 23:19:48 2012 -0700
@@ -412,9 +412,8 @@
                 if (tracing)
                     logger.trace("start", "Using external directory: " + jndiUrl);
 
-                final boolean rebind = EnvHelp.computeBooleanFromString(
-                    attributes,
-                    JNDI_REBIND_ATTRIBUTE,false);
+                String stringBoolean = (String) attributes.get(JNDI_REBIND_ATTRIBUTE);
+                final boolean rebind = EnvHelp.computeBooleanFromString( stringBoolean );
 
                 if (tracing)
                     logger.trace("start", JNDI_REBIND_ATTRIBUTE + "=" + rebind);
--- a/src/share/classes/javax/swing/text/DefaultFormatter.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/javax/swing/text/DefaultFormatter.java	Thu Oct 18 23:19:48 2012 -0700
@@ -24,6 +24,8 @@
  */
 package javax.swing.text;
 
+import sun.reflect.misc.ConstructorUtil;
+
 import java.io.Serializable;
 import java.lang.reflect.*;
 import java.text.ParseException;
@@ -245,7 +247,7 @@
             Constructor cons;
 
             try {
-                cons = vc.getConstructor(new Class[] { String.class });
+                cons = ConstructorUtil.getConstructor(vc, new Class[]{String.class});
 
             } catch (NoSuchMethodException nsme) {
                 cons = null;
--- a/src/share/classes/sun/awt/AppContext.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/awt/AppContext.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -787,6 +787,27 @@
         }
         return changeSupport.getPropertyChangeListeners(propertyName);
     }
+
+    // Set up JavaAWTAccess in SharedSecrets
+    static {
+        sun.misc.SharedSecrets.setJavaAWTAccess(new sun.misc.JavaAWTAccess() {
+            public Object get(Object key) {
+                return getAppContext().get(key);
+            }
+            public void put(Object key, Object value) {
+                getAppContext().put(key, value);
+            }
+            public void remove(Object key) {
+                getAppContext().remove(key);
+            }
+            public boolean isDisposed() {
+                return getAppContext().isDisposed();
+            }
+            public boolean isMainAppContext() {
+                return (numAppContexts == 1);
+            }
+        });
+    }
 }
 
 final class MostRecentKeyValue {
--- a/src/share/classes/sun/invoke/anon/AnonymousClassLoader.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/invoke/anon/AnonymousClassLoader.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -73,74 +73,14 @@
 public class AnonymousClassLoader {
     final Class<?> hostClass;
 
-    // Note: Do not refactor the calls to checkHostClass unless you
-    //       also adjust this constant:
-    private static int CHC_CALLERS = 3;
-
-    public AnonymousClassLoader() {
-        this.hostClass = checkHostClass(null);
-    }
-    public AnonymousClassLoader(Class<?> hostClass) {
-        this.hostClass = checkHostClass(hostClass);
+    // Privileged constructor.
+    private AnonymousClassLoader(Class<?> hostClass) {
+        this.hostClass = hostClass;
     }
 
-    private static Class<?> getTopLevelClass(Class<?> clazz) {
-      for(Class<?> outer = clazz.getDeclaringClass(); outer != null;
-          outer = outer.getDeclaringClass()) {
-        clazz = outer;
-      }
-      return clazz;
-    }
-
-    private static Class<?> checkHostClass(Class<?> hostClass) {
-        // called only from the constructor
-        // does a context-sensitive check on caller class
-        // CC[0..3] = {Reflection, this.checkHostClass, this.<init>, caller}
-        Class<?> caller = sun.reflect.Reflection.getCallerClass(CHC_CALLERS);
-
-        if (caller == null) {
-            // called from the JVM directly
-            if (hostClass == null)
-                return AnonymousClassLoader.class; // anything central will do
-            return hostClass;
-        }
-
-        if (hostClass == null)
-            hostClass = caller; // default value is caller itself
-
-        // anonymous class will access hostClass on behalf of caller
-        Class<?> callee = hostClass;
-
-        if (caller == callee)
-            // caller can always nominate itself to grant caller's own access rights
-            return hostClass;
-
-        // normalize caller and callee to their top-level classes:
-        caller = getTopLevelClass(caller);
-        callee = getTopLevelClass(callee);
-        if (caller == callee)
-            return caller;
-
-        ClassLoader callerCL = caller.getClassLoader();
-        if (callerCL == null) {
-            // caller is trusted code, so accept the proposed hostClass
-            return hostClass;
-        }
-
-        // %%% should do something with doPrivileged, because trusted
-        // code should have a way to execute on behalf of
-        // partially-trusted clients
-
-        // Does the caller have the right to access the private
-        // members of the callee?  If not, raise an error.
-        final int ACC_PRIVATE = 2;
-        try {
-            sun.reflect.Reflection.ensureMemberAccess(caller, callee, null, ACC_PRIVATE);
-        } catch (IllegalAccessException ee) {
-            throw new IllegalArgumentException(ee);
-        }
-
-        return hostClass;
+    public static AnonymousClassLoader make(sun.misc.Unsafe unsafe, Class<?> hostClass) {
+        if (unsafe == null)  throw new NullPointerException();
+        return new AnonymousClassLoader(hostClass);
     }
 
     public Class<?> loadClass(byte[] classFile) {
@@ -249,7 +189,7 @@
     private static int fakeNameCounter = 99999;
 
     // ignore two warnings on this line:
-    static sun.misc.Unsafe unsafe = sun.misc.Unsafe.getUnsafe();
+    private static sun.misc.Unsafe unsafe = sun.misc.Unsafe.getUnsafe();
     // preceding line requires that this class be on the boot class path
 
     static private final Method defineAnonymousClass;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/misc/JavaAWTAccess.java	Thu Oct 18 23:19:48 2012 -0700
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.misc;
+
+public interface JavaAWTAccess {
+    public Object get(Object key);
+    public void put(Object key, Object value);
+    public void remove(Object key);
+    public boolean isDisposed();
+    public boolean isMainAppContext();
+}
--- a/src/share/classes/sun/misc/Service.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/misc/Service.java	Thu Oct 18 23:19:48 2012 -0700
@@ -284,12 +284,20 @@
             }
             String cn = nextName;
             nextName = null;
+            Class<?> c = null;
             try {
-                return Class.forName(cn, true, loader).newInstance();
+                c = Class.forName(cn, false, loader);
             } catch (ClassNotFoundException x) {
                 fail(service,
                      "Provider " + cn + " not found");
-            } catch (Exception x) {
+            }
+            if (!service.isAssignableFrom(c)) {
+                fail(service,
+                     "Provider " + cn  + " not a subtype");
+            }
+            try {
+                return service.cast(c.newInstance());
+            } catch (Throwable x) {
                 fail(service,
                      "Provider " + cn + " could not be instantiated: " + x,
                      x);
--- a/src/share/classes/sun/misc/SharedSecrets.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/misc/SharedSecrets.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,6 +56,7 @@
     private static JavaSecurityAccess javaSecurityAccess;
     private static JavaxSecurityAuthKerberosAccess javaxSecurityAuthKerberosAccess;
     private static JavaUtilZipAccess javaUtilZipAccess;
+    private static JavaAWTAccess javaAWTAccess;
 
     public static JavaUtilJarAccess javaUtilJarAccess() {
         if (javaUtilJarAccess == null) {
@@ -177,4 +178,14 @@
         }
         return javaUtilZipAccess;
     }
+
+    public static void setJavaAWTAccess(JavaAWTAccess jaa) {
+        javaAWTAccess = jaa;
+    }
+
+    public static JavaAWTAccess getJavaAWTAccess() {
+        // this may return null in which case calling code needs to
+        // provision for.
+        return javaAWTAccess;
+    }
 }
--- a/src/share/classes/sun/rmi/registry/RegistryImpl.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/rmi/registry/RegistryImpl.java	Thu Oct 18 23:19:48 2012 -0700
@@ -405,7 +405,8 @@
          */
         perms.add(new SocketPermission("*", "connect,accept"));
 
-        perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
+        perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
+        perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
 
         perms.add(new FilePermission("<<ALL FILES>>", "read"));
 
--- a/src/share/classes/sun/security/provider/SecureRandom.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/security/provider/SecureRandom.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,6 @@
 
     private static final long serialVersionUID = 3581829991155417889L;
 
-    /**
-     * This static object will be seeded by SeedGenerator, and used
-     * to seed future instances of SecureRandom
-     */
-    private static SecureRandom seeder;
-
     private static final int DIGEST_SIZE = 20;
     private transient MessageDigest digest;
     private byte[] state;
@@ -173,6 +167,28 @@
     }
 
     /**
+     * This static object will be seeded by SeedGenerator, and used
+     * to seed future instances of SHA1PRNG SecureRandoms.
+     *
+     * Bloch, Effective Java Second Edition: Item 71
+     */
+    private static class SeederHolder {
+
+        private static final SecureRandom seeder;
+
+        static {
+            /*
+             * Call to SeedGenerator.generateSeed() to add additional
+             * seed material (likely from the Native implementation).
+             */
+            seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
+            byte [] b = new byte[DIGEST_SIZE];
+            SeedGenerator.generateSeed(b);
+            seeder.engineSetSeed(b);
+        }
+    }
+
+    /**
      * Generates a user-specified number of random bytes.
      *
      * @param bytes the array to be filled in with random bytes.
@@ -183,13 +199,8 @@
         byte[] output = remainder;
 
         if (state == null) {
-            if (seeder == null) {
-                seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
-                seeder.engineSetSeed(engineGenerateSeed(DIGEST_SIZE));
-            }
-
             byte[] seed = new byte[DIGEST_SIZE];
-            seeder.engineNextBytes(seed);
+            SeederHolder.seeder.engineNextBytes(seed);
             state = digest.digest(seed);
         }
 
--- a/src/share/classes/sun/security/ssl/HandshakeInStream.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/security/ssl/HandshakeInStream.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -190,6 +190,7 @@
 
     byte[] getBytes8() throws IOException {
         int len = getInt8();
+        verifyLength(len);
         byte b[] = new byte[len];
 
         read(b, 0, len);
@@ -198,6 +199,7 @@
 
     public byte[] getBytes16() throws IOException {
         int len = getInt16();
+        verifyLength(len);
         byte b[] = new byte[len];
 
         read(b, 0, len);
@@ -206,10 +208,19 @@
 
     byte[] getBytes24() throws IOException {
         int len = getInt24();
+        verifyLength(len);
         byte b[] = new byte[len];
 
         read(b, 0, len);
         return b;
     }
 
+    // Is a length greater than available bytes in the record?
+    private void verifyLength(int len) throws SSLException {
+        if (len > available()) {
+            throw new SSLException(
+                        "Not enough data to fill declared vector size");
+        }
+    }
+
 }
--- a/src/share/classes/sun/security/ssl/Handshaker.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/security/ssl/Handshaker.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1063,7 +1063,6 @@
             if (debug != null && Debug.isOn("handshake")) {
                 System.out.println("RSA master secret generation error:");
                 e.printStackTrace(System.out);
-                System.out.println("Generating new random premaster secret");
             }
 
             if (requestedVersion != null) {
@@ -1130,7 +1129,6 @@
             System.out.println("RSA PreMasterSecret version error: expected"
                 + protocolVersion + " or " + requestedVersion + ", decrypted: "
                 + premasterVersion);
-            System.out.println("Generating new random premaster secret");
         }
         preMasterSecret =
             RSAClientKeyExchange.generateDummySecret(requestedVersion);
--- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
 import javax.net.ssl.*;
 
 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+import sun.security.util.KeyLength;
 
 /**
  * This is the client key exchange message (CLIENT --> SERVER) used with
@@ -192,26 +193,38 @@
                         "unable to get the plaintext of the premaster secret");
                 }
 
-                // We are not always able to get the encoded key of the
-                // premaster secret. Pass the cheking to master secret
+                int keySize = KeyLength.getKeySize(secretKey);
+                if (keySize > 0 && keySize != 384) {       // 384 = 48 * 8
+                    if (debug != null && Debug.isOn("handshake")) {
+                        System.out.println(
+                            "incorrect length of premaster secret: " +
+                            (keySize/8));
+                    }
+
+                    return generateDummySecret(clientHelloVersion);
+                }
+
+                // The key size is exactly 48 bytes or not accessible.
+                //
+                // Conservatively, pass the checking to master secret
                 // calculation.
                 return secretKey;
             } else if (encoded.length == 48) {
                 // check the version
                 if (clientHelloVersion.major == encoded[0] &&
                     clientHelloVersion.minor == encoded[1]) {
+
                     return secretKey;
-                } else if (clientHelloVersion.v <= ProtocolVersion.TLS10.v) {
+                } else if (clientHelloVersion.v <= ProtocolVersion.TLS10.v &&
+                           currentVersion.major == encoded[0] &&
+                           currentVersion.minor == encoded[1]) {
                     /*
-                     * we never checked the client_version in server side
-                     * for TLS v1.0 and SSL v3.0. For compatibility, we
-                     * maintain this behavior.
+                     * For compatibility, we maintain the behavior that the
+                     * version in pre_master_secret can be the negotiated
+                     * version for TLS v1.0 and SSL v3.0.
                      */
-                    if (currentVersion.major == encoded[0] &&
-                        currentVersion.minor == encoded[1]) {
-                        this.protocolVersion = currentVersion;
-                        return secretKey;
-                    }
+                    this.protocolVersion = currentVersion;
+                    return secretKey;
                 }
 
                 if (debug != null && Debug.isOn("handshake")) {
@@ -220,22 +233,23 @@
                         ", while PreMasterSecret.client_version is " +
                         ProtocolVersion.valueOf(encoded[0], encoded[1]));
                 }
+
+                return generateDummySecret(clientHelloVersion);
             } else {
                 if (debug != null && Debug.isOn("handshake")) {
                     System.out.println(
                         "incorrect length of premaster secret: " +
                         encoded.length);
                 }
+
+                return generateDummySecret(clientHelloVersion);
             }
         }
 
-        if (debug != null && Debug.isOn("handshake")) {
-            if (failoverException != null) {
-                System.out.println("Error decrypting premaster secret:");
-                failoverException.printStackTrace(System.out);
-            }
-
-            System.out.println("Generating random secret");
+        if (debug != null && Debug.isOn("handshake") &&
+                    failoverException != null) {
+            System.out.println("Error decrypting premaster secret:");
+            failoverException.printStackTrace(System.out);
         }
 
         return generateDummySecret(clientHelloVersion);
@@ -243,6 +257,10 @@
 
     // generate a premaster secret with the specified version number
     static SecretKey generateDummySecret(ProtocolVersion version) {
+        if (debug != null && Debug.isOn("handshake")) {
+            System.out.println("Generating a random fake premaster secret");
+        }
+
         try {
             String s = ((version.v >= ProtocolVersion.TLS12.v) ?
                 "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
--- a/src/share/lib/security/java.security	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/lib/security/java.security	Thu Oct 18 23:19:48 2012 -0700
@@ -123,7 +123,7 @@
 # passed to checkPackageAccess unless the
 # corresponding RuntimePermission ("accessClassInPackage."+package) has
 # been granted.
-package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
+package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.
 
 #
 # List of comma-separated packages that start with or equal this string
@@ -135,7 +135,7 @@
 # by default, none of the class loaders supplied with the JDK call
 # checkPackageDefinition.
 #
-package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.
 
 #
 # Determines whether this properties file can be appended to
--- a/src/share/lib/security/java.security-macosx	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/lib/security/java.security-macosx	Thu Oct 18 23:19:48 2012 -0700
@@ -124,7 +124,7 @@
 # passed to checkPackageAccess unless the
 # corresponding RuntimePermission ("accessClassInPackage."+package) has
 # been granted.
-package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,apple.
+package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.
 
 #
 # List of comma-separated packages that start with or equal this string
@@ -136,7 +136,7 @@
 # by default, none of the class loaders supplied with the JDK call
 # checkPackageDefinition.
 #
-package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,apple.
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.
 
 #
 # Determines whether this properties file can be appended to
--- a/src/share/lib/security/java.security-solaris	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/lib/security/java.security-solaris	Thu Oct 18 23:19:48 2012 -0700
@@ -125,7 +125,7 @@
 # passed to checkPackageAccess unless the
 # corresponding RuntimePermission ("accessClassInPackage."+package) has
 # been granted.
-package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
+package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.
 
 #
 # List of comma-separated packages that start with or equal this string
@@ -137,7 +137,7 @@
 # by default, none of the class loaders supplied with the JDK call
 # checkPackageDefinition.
 #
-package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.
 
 #
 # Determines whether this properties file can be appended to
--- a/src/share/lib/security/java.security-windows	Fri Oct 05 14:58:35 2012 +0400
+++ b/src/share/lib/security/java.security-windows	Thu Oct 18 23:19:48 2012 -0700
@@ -124,7 +124,7 @@
 # passed to checkPackageAccess unless the
 # corresponding RuntimePermission ("accessClassInPackage."+package) has
 # been granted.
-package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
+package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.
 
 #
 # List of comma-separated packages that start with or equal this string
@@ -136,7 +136,7 @@
 # by default, none of the class loaders supplied with the JDK call
 # checkPackageDefinition.
 #
-package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.
 
 #
 # Determines whether this properties file can be appended to
--- a/test/java/awt/Frame/7024749/bug7024749.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/java/awt/Frame/7024749/bug7024749.java	Thu Oct 18 23:19:48 2012 -0700
@@ -23,9 +23,9 @@
 
 /*
  * @test
- * @bug 7024749
+ * @bug 7024749 7184326
  * @summary JDK7 b131---a crash in: Java_sun_awt_windows_ThemeReader_isGetThemeTransitionDurationDefined+0x75
- * @library ../../../regtesthelpers
+ * @library ../../regtesthelpers
  * @build Util
  * @author Oleg Pekhovskiy: area=awt.toplevel
    @run main bug7024749
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/net/URL/Gopher.java	Thu Oct 18 23:19:48 2012 -0700
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2012 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7189567
+ * @summary java net obselete protocol
+ * @run main Gopher
+ * @run main/othervm -Djdk.net.registerGopherProtocol Gopher enabled
+ * @run main/othervm -Djdk.net.registerGopherProtocol=false Gopher
+ */
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+public class Gopher {
+    static final String GOPHER_PROP = "jdk.net.registerGopherProtocol";
+
+    public static void main(String[] args) throws Exception {
+        boolean expectEnabled = false;
+        if (args.length >= 1 && args[0].equals("enabled"))
+            expectEnabled = true;
+
+        String prop = System.getProperty(GOPHER_PROP);
+        boolean gopherEnabled = prop == null ? false :
+                                   (prop.equalsIgnoreCase("false") ? false : true);
+
+        // Validate system property reading
+        if (expectEnabled && !gopherEnabled) {
+            System.err.println(GOPHER_PROP + ": " + gopherEnabled);
+            throw new RuntimeException(
+                    "Failed: expected system property to be enabled, but it is not");
+        }
+        if (!expectEnabled && gopherEnabled) {
+            System.err.println(GOPHER_PROP + ": " + gopherEnabled);
+            throw new RuntimeException(
+                    "Failed: expected system property to be disabled, but it is not");
+        }
+
+        try {
+            new URL("gopher://anyhost:70/[anydata]");
+            if (!gopherEnabled) {
+                System.err.println(GOPHER_PROP + ": " + gopherEnabled);
+                throw new RuntimeException("Failed: gopher should NOT be enabled");
+            }
+        } catch (MalformedURLException x) {
+            if (gopherEnabled) {
+                System.err.println(GOPHER_PROP + ": " + gopherEnabled);
+                x.printStackTrace();
+                throw new RuntimeException("Failed: gopher should be enabled");
+            }
+        }
+    }
+}
--- a/test/java/net/URL/Test.java	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/java/net/URL/Test.java	Thu Oct 18 23:19:48 2012 -0700
@@ -322,10 +322,6 @@
         test("ftp://ftp.is.co.za/rfc/rfc1808.txt")
             .s("ftp").h("ftp.is.co.za").p("/rfc/rfc1808.txt").z();
 
-        test("gopher://spinaltap.micro.umn.edu/00/Weather/California/Los%20Angeles")
-            .s("gopher").h("spinaltap.micro.umn.edu")
-            .p("/00/Weather/California/Los%20Angeles").z();
-
         test("http://www.math.uio.no/faq/compression-faq/part1.html")
             .s("http").h("www.math.uio.no").p("/faq/compression-faq/part1.html").z();
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/crypto/sanity/CheckManifestForRelease.java	Thu Oct 18 23:19:48 2012 -0700
@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7195931 7197071 7198146
+ * @summary UnsatisfiedLinkError on PKCS11.C_GetOperationState while
+ *          using NSS from jre7u6+
+ */
+import java.net.*;
+import java.io.*;
+import java.security.*;
+import java.lang.reflect.*;
+
+/**
+ * When the Java specification version is incremented, all of the providers
+ * must be recompiled with the proper implementation version to match.
+ */
+public class CheckManifestForRelease {
+
+    /**
+     * @param args the command line arguments
+     */
+    public static void main(String[] args) throws Exception {
+        checkP11MessageDigestClone();
+        checkFileManifests();
+    }
+
+    /*
+     * Iterate over the files of interest: JCE framework and providers
+     */
+    static private void checkFileManifests() throws Exception {
+        System.out.println("=============");
+        String libDirName = System.getProperty("java.home", ".") + "/lib";
+        String extDirName = libDirName + "/ext";
+
+        System.out.println("Checking Manifest in directory: \n    " +
+            extDirName);
+
+        /*
+         * Current list of JCE providers, all of which currently live in
+         * the extensions directory.  Add if more are created.
+         */
+        String[] providers = new String[]{
+            "sunjce_provider.jar",
+            "sunec.jar",
+            "sunmscapi.jar",
+            "sunpkcs11.jar",
+            "ucrypto.jar"
+        };
+
+        checkManifest(libDirName, "jce.jar");
+        for (String provider : providers) {
+            checkManifest(extDirName, provider);
+        }
+        System.out.println("Passed.");
+    }
+
+    // Helper method to format the URL properly.
+    static private String formatURL(String dir, String file) {
+        return "jar:file:///" + dir + "/" + file + "!/";
+    }
+
+    static private String specVersion =
+        System.getProperty("java.specification.version");
+
+    /*
+     * Test the root cause, which is that there were no manifest values
+     * for many of the providers, and for those that had them, there was
+     * no test to make sure that the impl version was appropriate for
+     * the spec version.
+     */
+    static private void checkManifest(String dir, String file)
+            throws Exception {
+
+        System.out.println("Checking: " + file);
+
+        String url = formatURL(dir, file);
+        JarURLConnection urlc =
+            (JarURLConnection) (new URL(url).openConnection());
+
+        String implVersion;
+        try {
+            implVersion = urlc.getManifest().getMainAttributes().getValue(
+                "Implementation-Version");
+        } catch (FileNotFoundException e) {
+            /*
+             * If the file doesn't exist (e.g. mscapi on solaris),
+             * skip it. If there are other problems, fail out.
+             */
+            System.out.println("    " + file + " not found, skipping...");
+            return;
+        }
+
+        if (implVersion == null) {
+            throw new Exception(
+                "Implementation-Version not found in Manifest");
+        }
+
+        if (!implVersion.startsWith(specVersion)) {
+            throw new Exception(
+                "Implementation-Version does not match " +
+                "Specification-Version");
+        }
+    }
+
+    /*
+     * Workaround for unfortunately generified forName() API
+     */
+    @SuppressWarnings("unchecked")
+    static private Class<Provider> getProviderClass(String name)
+            throws Exception {
+        return (Class<Provider>)Class.forName(name);
+    }
+
+    /*
+     * Check the symptom, an UnsatisfiedLinkError in MessageDigests.
+     */
+    static private void checkP11MessageDigestClone() throws Exception {
+
+        System.out.println("=============");
+        System.out.println("Checking for UnsatisfiedLinkError");
+        String os = System.getProperty("os.name");
+        // Only run on Solaris
+        if (!os.equals("SunOS")) {
+            return;
+        }
+
+        /*
+         * We have to do some gyrations here, since the code to exercise
+         * this is in the P11 MessageDigests, and most of those mechanisms
+         * are disabled by default.
+         */
+        String customP11File =
+            System.getProperty("TESTSRC", ".") + "/p11-solaris.txt";
+
+        /*
+         * In 7u, we don't have a 64 PKCS11 windows build yet, so we
+         * have to do some dynamic checking to determine if there is
+         * a PKCS11 library available to test against.  Otherwise, the
+         * windows 64 bit will throw a compilation error before the
+         * test is even run.
+         */
+        Constructor<Provider> cons;
+        Provider provider;
+        try {
+            Class<Provider> clazz =
+                getProviderClass("sun.security.pkcs11.SunPKCS11");
+            cons = clazz.getConstructor(new Class[]{String.class});
+            provider = cons.newInstance(new Object[]{customP11File});
+        } catch (Exception ex) {
+            System.out.println("Skipping test - no PKCS11 provider available");
+            return;
+        }
+
+        try {
+            MessageDigest md = MessageDigest.getInstance("SHA1", provider);
+            md.update((byte) 0x01);
+            System.out.println(md.getProvider());
+            md.clone();
+        } catch (Exception e) {
+            // These kinds of failure are ok.  We're testing the
+            // UnsatisfiedLinkError here.
+        }
+        System.out.println("Passed.");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/crypto/sanity/p11-solaris.txt	Thu Oct 18 23:19:48 2012 -0700
@@ -0,0 +1,21 @@
+#
+# Configuration file to allow the SunPKCS11 provider to utilize
+# the Solaris Cryptographic Framework, if it is available
+#
+# This is a temporary file only for testing.  It does not contain the
+# normal disabled PKCS11 mechanisms that we will use for this test.
+#
+
+name = MyProvider
+
+description = SunPKCS11 accessing Solaris Cryptographic Framework
+
+library = /usr/lib/$ISA/libpkcs11.so
+
+handleStartupErrors = ignoreAll
+
+attributes = compatibility
+
+disabledMechanisms = {
+  CKM_MD2
+}
--- a/test/lib/security/java.policy/Ext_AllPolicy.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/lib/security/java.policy/Ext_AllPolicy.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1999, 2004, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4215035
+# @bug 4215035 7083664
 # @summary standard extensions path is hard-coded in default system policy file
 #
 # @build Ext_AllPolicy
@@ -54,19 +54,16 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
-    TMP=/tmp
     ;;
   Windows_95 | Windows_98 | Windows_NT )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"
--- a/test/sun/security/tools/jarsigner/AlgOptions.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/jarsigner/AlgOptions.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 5094028 6219522
+# @bug 5094028 6219522 7083664
 # @summary test new jarsigner -sigalg and -digestalg options
 # @author Sean Mullan
 #
@@ -51,21 +51,18 @@
     PS=":"
     FS="/"
     CP="${FS}bin${FS}cp -f"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
     CP="cp -f"
-    TMP=/tmp
     ;;
   Windows_* )
     NULL=NUL
     PS=";"
     FS="\\"
     CP="cp -f"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized operating system!"
--- a/test/sun/security/tools/jarsigner/PercentSign.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/jarsigner/PercentSign.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 6522933
+# @bug 6522933 7083664
 # @summary jarsigner fails in a directory with a path contianing a % sign
 # @author Wang Weijun
 #
@@ -51,21 +51,18 @@
     PS=":"
     FS="/"
     CP="${FS}bin${FS}cp -f"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
     CP="cp -f"
-    TMP=/tmp
     ;;
   Windows_* )
     NULL=NUL
     PS=";"
     FS="\\"
     CP="cp -f"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized operating system!"
--- a/test/sun/security/tools/jarsigner/diffend.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/jarsigner/diffend.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 6948909
+# @bug 6948909 7083664
 # @summary Jarsigner removes MANIFEST.MF info for badly packages jar's
 #
 
@@ -46,21 +46,18 @@
     PS=":"
     FS="/"
     CP="${FS}bin${FS}cp -f"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
     CP="cp -f"
-    TMP=/tmp
     ;;
   Windows_* )
     NULL=NUL
     PS=";"
     FS="\\"
     CP="cp -f"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized operating system!"
--- a/test/sun/security/tools/jarsigner/oldsig.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/jarsigner/oldsig.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 6543940 6868865
+# @bug 6543940 6868865 7083664
 # @summary Exception thrown when signing a jarfile in java 1.5
 #
 # @run shell oldsig.sh
@@ -47,21 +47,18 @@
     PS=":"
     FS="/"
     CP="${FS}bin${FS}cp -f"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
     CP="cp -f"
-    TMP=/tmp
     ;;
   Windows_* )
     NULL=NUL
     PS=";"
     FS="\\"
     CP="cp -f"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized operating system!"
--- a/test/sun/security/tools/keytool/AltProviderPath.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/keytool/AltProviderPath.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2004, 2005, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4906940
+# @bug 4906940 7083664
 # @summary Add -providerPath option for keytool allowing one to specify
 #          an additional classpath to search for providers.
 # @author Andrew Fan
@@ -50,19 +50,16 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
-    TMP=/tmp
     ;;
   Windows_* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized operating system!"
--- a/test/sun/security/tools/keytool/SecretKeyKS.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/keytool/SecretKeyKS.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4694076
+# @bug 4694076 7083664
 # @summary KeyTool throws ArrayIndexOutOfBoundsException for listing
 #          SecretKey entries in non-verbose mode.
 # @author Valerie Peng
@@ -49,19 +49,16 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
-    TMP=/tmp
     ;;
   Windows_* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized operating system!"
--- a/test/sun/security/tools/keytool/StandardAlgName.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/keytool/StandardAlgName.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2004, 2005, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test 1.1 04/11/12
-# @bug 4909889
+# @bug 4909889 7083664
 # @summary KeyTool accepts any input that user make as long as we can make some
 #          sense out of it, but when comes to present the info the user, it
 #          promotes a standard look.
@@ -50,19 +50,16 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
-    TMP=/tmp
     ;;
   Windows_* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized operating system!"
--- a/test/sun/security/tools/keytool/i18n.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/keytool/i18n.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4348369
+# @bug 4348369 7083664
 # @summary keytool not i18n compliant
 # @author charlie lai
 #
@@ -50,19 +50,16 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     PS=";"
     FS="/"
-    TMP=/tmp
     ;;
   Windows* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"
--- a/test/sun/security/tools/keytool/resource.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/keytool/resource.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 6239297
+# @bug 6239297 7083664
 # @summary keytool usage is broken after changing Resources.java
 # @author Max Wang
 #
@@ -46,17 +46,14 @@
   SunOS | Linux | Darwin )
     NULL=/dev/null
     FS="/"
-    TMP=/tmp
     ;;
   CYGWIN* )
     NULL=/dev/null
     FS="/"
-    TMP=/tmp
     ;;
   Windows_* )
     NULL=NUL
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized operating system!"
@@ -65,13 +62,11 @@
 esac
 
 # the test code
-${TESTJAVA}${FS}bin${FS}keytool > ${TMP}${FS}temp_file_40875602475 2> ${NULL}
-grep MissingResourceException ${TMP}${FS}temp_file_40875602475
+${TESTJAVA}${FS}bin${FS}keytool > temp_file_40875602475 2> ${NULL}
+grep MissingResourceException temp_file_40875602475
 
 if [ $? -eq 0 ]; then
-    rm ${TMP}${FS}temp_file_40875602475
     exit 1
 fi
 
-rm ${TMP}${FS}temp_file_40875602475
 exit 0
--- a/test/sun/security/tools/policytool/Alias.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/policytool/Alias.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4449491
+# @bug 4449491 7083664
 # @summary policytool should allow principal type to be empty
 #               (keystore alias substitution)
 #
@@ -51,13 +51,16 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
     ;;
+  CYGWIN* )
+    NULL=/dev/null
+    PS=";"
+    FS="/"
+    ;;	
   Windows* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"
--- a/test/sun/security/tools/policytool/ChangeUI.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/policytool/ChangeUI.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug  6296772 6293981 6290216
+# @bug  6296772 6293981 6290216 7083664
 # @summary FilePermission and DelegationPermission, and cancel button
 #
 # @run applet/manual=done ChangeUI.html
@@ -50,13 +50,16 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
+    ;;
+  CYGWIN* )
+    NULL=/dev/null
+    PS=";"
+    FS="/"
     ;;
   Windows* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"
--- a/test/sun/security/tools/policytool/OpenPolicy.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/policytool/OpenPolicy.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4224186
+# @bug 4224186 7083664
 # @summary missing File.separatorChar when initially opening policy file
 #
 # @run applet/manual=done OpenPolicy.html
@@ -50,13 +50,17 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
+    ;;
+  CYGWIN* )
+    NULL=/dev/null
+    PS=";"
+    FS="/"
+    CP="cp -f"
     ;;
   Windows* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"
--- a/test/sun/security/tools/policytool/SaveAs.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/policytool/SaveAs.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4252583
+# @bug 4252583 7083664
 # @summary policytool throws FileNotFoundException when user tries to
 #               save new policy file
 #
@@ -51,13 +51,17 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
+    ;;
+  CYGWIN* )
+    NULL=/dev/null
+    PS=";"
+    FS="/"
+    CP="cp -f"
     ;;
   Windows* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"
--- a/test/sun/security/tools/policytool/UpdatePermissions.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/policytool/UpdatePermissions.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4218206
+# @bug 4218206 7083664
 # @summary missing or invalid permission target names in policy tool
 #
 # @run applet/manual=done UpdatePermissions.html
@@ -50,13 +50,17 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
+    ;;
+  CYGWIN* )
+    NULL=/dev/null
+    PS=";"
+    FS="/"
+    CP="cp -f"
     ;;
   Windows* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"
--- a/test/sun/security/tools/policytool/UsePolicy.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/policytool/UsePolicy.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4273771
+# @bug 4273771 7083664
 # @summary Need to add "usePolicy" RuntimePermission to policytool
 #
 # @run applet/manual=done UsePolicy.html
@@ -50,13 +50,17 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
+    ;;
+  CYGWIN* )
+    NULL=/dev/null
+    PS=";"
+    FS="/"
+    CP="cp -f"
     ;;
   Windows* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"
--- a/test/sun/security/tools/policytool/i18n.sh	Fri Oct 05 14:58:35 2012 +0400
+++ b/test/sun/security/tools/policytool/i18n.sh	Thu Oct 18 23:19:48 2012 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #
 
 # @test
-# @bug 4348370
+# @bug 4348370 7083664
 # @summary policytool not i18n compliant
 #
 # @run applet/manual=done i18n.html
@@ -50,13 +50,17 @@
     NULL=/dev/null
     PS=":"
     FS="/"
-    TMP=/tmp
+    ;;
+  CYGWIN* )
+    NULL=/dev/null
+    PS=";"
+    FS="/"
+    CP="cp -f"
     ;;
   Windows* )
     NULL=NUL
     PS=";"
     FS="\\"
-    TMP="c:/temp"
     ;;
   * )
     echo "Unrecognized system!"